Add helpers mptcp_lib_ns_init() and mptcp_lib_ns_exit() in mptcp_lib.sh
to initialize and delete the given namespaces. Then every test script
can invoke these helpers and use all namespaces.
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
Reviewed-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Link: https://lore.kernel.org/r/20240306-upstream-net-next-20240304-selftests-mptcp-shared-code-shellcheck-v2-4-bc79e6e5e6a0@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
This patch adds local variables rndh in do_transfer() functions both in
mptcp_connect.sh and simult_flows.sh, setting it with ${ns1:4}, not the
global variable rndh. The global one is hidden in the next commit.
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
Reviewed-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Link: https://lore.kernel.org/r/20240306-upstream-net-next-20240304-selftests-mptcp-shared-code-shellcheck-v2-3-bc79e6e5e6a0@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
This patch exports check_tools() helper from mptcp_join.sh into
mptcp_lib.sh as a public one mptcp_lib_check_tools(). The arguments
"ip", "ss", "iptables" and "ip6tables" are passed into this helper
to indicate whether to check ip tool, ss tool, iptables and ip6tables
tools.
This helper can be used in every scripts.
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
Reviewed-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Link: https://lore.kernel.org/r/20240306-upstream-net-next-20240304-selftests-mptcp-shared-code-shellcheck-v2-2-bc79e6e5e6a0@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Commit 0c4cd3f86a ("selftests: mptcp: join: use 'iptables-legacy' if
available") and commit a5a5990c09 ("selftests: mptcp: sockopt: use
'iptables-legacy' if available") forced using iptables-legacy if
available.
This was needed because of some issues that were visible when testing
the kselftests on a v5.15.x with iptables-nft as default backend. It
looks like these errors are no longer present. As mentioned by Pablo [1],
the errors were maybe due to missing kernel config. We can then use
iptables-nft if it is the default one, instead of using a legacy tool.
We can then check the variables iptables and ip6tables are valid. We can
keep the variables to easily change it later or add options.
Link: https://lore.kernel.org/netdev/ZbFiixyMFpQnxzCH@calendula/ [1]
Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org>
Reviewed-by: Mat Martineau <martineau@kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Link: https://lore.kernel.org/r/20240306-upstream-net-next-20240304-selftests-mptcp-shared-code-shellcheck-v2-1-bc79e6e5e6a0@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEqG5UsNXhtOCrfGQP+7dXa6fLC2sFAmXnrwoACgkQ+7dXa6fL
C2vtoA//UstImRxievynpzfaFy14vCY+qVgW3n88sDT9ITP/jCQH/hMorIft7B2K
W7xN15OrWJ7SmfSSiWgZRTPgc0y5J/25woinZk9zSrFyOPfYXEJUy/Rw2VpQQ1eU
lN1ArHvSzj/wWYZjb5FfzNds2mO9dpSvgP8gsBPaN/49OX4ZDpfwQO0ho20c8qE3
VEUAoEPSYFd9EUJ4NBvXhn5q0Z1dp/tl3sQZdOFIN3EZnQBloPFFkvBbDTuX2jtK
Q7F6cgPc/BWfQ+U4OwyPOA3QBrTPMmWCUtM1QCvYV+cj1O7xGaof372Fqin0E7z9
NVIN4fVk3SIW/LRLhpyHoVOc0jHIona9gAsawfRzSIz7sPdeoXy0oOFHyKWrf3dH
TdrdnPPkUaGLPbTv2/l6lzz+uCkMlQ6BOZV+y6gm1+OcM7BEvYBeA6RShPKEk0vo
XsCwn6Pl9y8TZTOpcjal0b+M6mR5Nz0hYzcdCjmBc3lY8ueURPdvaNyLgmAtMu5c
udsq8yMxaXyc3BblrtTTdV+sqdycTfU6/CoNY44uS4X9H+MsFYBgoba+HSvekUWj
b/DCE2YfjQXdRmdlfGhyHSjnvOZohd8wq7i9TEOc8PSNXHo0CV/U8Q6pgsRrwSpG
7DecipkrdFPYqzOl8PRIwWg/VwNGEI5ESzDD9Svs+cODSYJXJjE=
=Egry
-----END PGP SIGNATURE-----
Merge tag 'rxrpc-iothread-20240305' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs
David Howells says:
====================
Here are some changes to AF_RXRPC:
(1) Cache the transmission serial number of ACK and DATA packets in the
rxrpc_txbuf struct and log this in the retransmit tracepoint.
(2) Don't use atomics on rxrpc_txbuf::flags[*] and cache the intended wire
header flags there too to avoid duplication.
(3) Cache the wire checksum in rxrpc_txbuf to make it easier to create
jumbo packets in future (which will require altering the wire header
to a jumbo header and restoring it back again for retransmission).
(4) Fix the protocol names in the wire ACK trailer struct.
(5) Strip all the barriers and atomics out of the call timer tracking[*].
(6) Remove atomic handling from call->tx_transmitted and
call->acks_prev_seq[*].
(7) Don't bother resetting the DF flag after UDP packet transmission. To
change it, we now call directly into UDP code, so it's quick just to
set it every time.
(8) Merge together the DF/non-DF branches of the DATA transmission to
reduce duplication in the code.
(9) Add a kvec array into rxrpc_txbuf and start moving things over to it.
This paves the way for using page frags.
(10) Split (sub)packet preparation and timestamping out of the DATA
transmission function. This helps pave the way for future jumbo
packet generation.
(11) In rxkad, don't pick values out of the wire header stored in
rxrpc_txbuf, buf rather find them elsewhere so we can remove the wire
header from there.
(12) Move rxrpc_send_ACK() to output.c so that it can be merged with
rxrpc_send_ack_packet().
(13) Use rxrpc_txbuf::kvec[0] to access the wire header for the packet
rather than directly accessing the copy in rxrpc_txbuf. This will
allow that to be removed to a page frag.
(14) Switch from keeping the transmission buffers in rxrpc_txbuf allocated
in the slab to allocating them using page fragment allocators. There
are separate allocators for DATA packets (which persist for a while)
and control packets (which are discarded immediately).
We can then turn on MSG_SPLICE_PAGES when transmitting DATA and ACK
packets.
We can also get rid of the RCU cleanup on rxrpc_txbufs, preferring
instead to release the page frags as soon as possible.
(15) Parse received packets before handling timeouts as the former may
reset the latter.
(16) Make sure we don't retransmit DATA packets after all the packets have
been ACK'd.
(17) Differentiate traces for PING ACK transmission.
(18) Switch to keeping timeouts as ktime_t rather than a number of jiffies
as the latter is too coarse a granularity. Only set the call timer at
the end of the call event function from the aggregate of all the
timeouts, thereby reducing the number of timer calls made. In future,
it might be possible to reduce the number of timers from one per call
to one per I/O thread and to use a high-precision timer.
(19) Record RTT probes after successful transmission rather than recording
it before and then cancelling it after if unsuccessful[*]. This
allows a number of calls to get the current time to be removed.
(20) Clean up the resend algorithm as there's now no need to walk the
transmission buffer under lock[*]. DATA packets can be retransmitted
as soon as they're found rather than being queued up and transmitted
when the locked is dropped.
(21) When initially parsing a received ACK packet, extract some of the
fields from the ack info to the skbuff private data. This makes it
easier to do path MTU discovery in the future when the call to which a
PING RESPONSE ACK refers has been deallocated.
[*] Possible with the move of almost all code from softirq context to the
I/O thread.
Link: https://lore.kernel.org/r/20240301163807.385573-1-dhowells@redhat.com/ # v1
Link: https://lore.kernel.org/r/20240304084322.705539-1-dhowells@redhat.com/ # v2
* tag 'rxrpc-iothread-20240305' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs: (21 commits)
rxrpc: Extract useful fields from a received ACK to skb priv data
rxrpc: Clean up the resend algorithm
rxrpc: Record probes after transmission and reduce number of time-gets
rxrpc: Use ktimes for call timeout tracking and set the timer lazily
rxrpc: Differentiate PING ACK transmission traces.
rxrpc: Don't permit resending after all Tx packets acked
rxrpc: Parse received packets before dealing with timeouts
rxrpc: Do zerocopy using MSG_SPLICE_PAGES and page frags
rxrpc: Use rxrpc_txbuf::kvec[0] instead of rxrpc_txbuf::wire
rxrpc: Move rxrpc_send_ACK() to output.c with rxrpc_send_ack_packet()
rxrpc: Don't pick values out of the wire header when setting up security
rxrpc: Split up the DATA packet transmission function
rxrpc: Add a kvec[] to the rxrpc_txbuf struct
rxrpc: Merge together DF/non-DF branches of data Tx function
rxrpc: Do lazy DF flag resetting
rxrpc: Remove atomic handling on some fields only used in I/O thread
rxrpc: Strip barriers and atomics off of timer tracking
rxrpc: Fix the names of the fields in the ACK trailer struct
rxrpc: Note cksum in txbuf
rxrpc: Convert rxrpc_txbuf::flags into a mask and don't use atomics
...
====================
Link: https://lore.kernel.org/r/
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Commit 3e2f544dd8 ("net: get stats64 if device if driver is
configured") moved the callback to dev_get_tstats64() to net core, so,
unless the driver is doing some custom stats collection, it does not
need to set .ndo_get_stats64.
Since this driver is now relying in NETDEV_PCPU_STAT_TSTATS, then, it
doesn't need to set the dev_get_tstats64() generic .ndo_get_stats64
function pointer.
Signed-off-by: Breno Leitao <leitao@debian.org>
Acked-by: Oliver Neukum <oneukum@suse.com>
Link: https://lore.kernel.org/r/20240306142643.2429409-2-leitao@debian.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
With commit 34d21de99c ("net: Move {l,t,d}stats allocation to core and
convert veth & vrf"), stats allocation could be done on net core
instead of in this driver.
With this new approach, the driver doesn't have to bother with error
handling (allocation failure checking, making sure free happens in the
right spot, etc). This is core responsibility now.
Remove the allocation in the usbnet driver and leverage the network
core allocation instead.
Signed-off-by: Breno Leitao <leitao@debian.org>
Acked-by: Oliver Neukum <oneukum@suse.com>
Link: https://lore.kernel.org/r/20240306142643.2429409-1-leitao@debian.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Update the Marvell 88e6185 PCS driver to use neg_mode rather than the
mode argument to match the other updated PCS drivers.
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Reviewed-by: Florian Fainelli <florian.fainelli@broadcom.com>
Link: https://lore.kernel.org/r/E1rhosE-003yuc-FM@rmk-PC.armlinux.org.uk
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Update the RZN1-MIIC PCS driver to use neg_mode rather than the mode
argument to match the other updated PCS drivers.
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Link: https://lore.kernel.org/r/E1rhos9-003yuW-Az@rmk-PC.armlinux.org.uk
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
The comment in m88e1111_config_init_1000basex() is wrong - it claims
that Autoneg will be enabled, but this doesn't actually happen.
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Link: https://lore.kernel.org/r/E1rhos4-003yuQ-5p@rmk-PC.armlinux.org.uk
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
After commit b5a899154a ("netlink: handle EMSGSIZE errors
in the core"), we can remove some code that was not 100 % correct
anyway.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://lore.kernel.org/r/20240306102426.245689-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
ipv6_gc fails occasionally. According to the study, fib6_run_gc() using
jiffies_round() to round the GC interval could increase the waiting time up
to 750ms (3/4 seconds). The timer has a granularity of 512ms at the range
4s to 32s. That means a route with an expiration time E seconds can wait
for more than E * 2 + 1 seconds if the GC interval is also E seconds.
E * 2 + 2 seconds should be enough for waiting for removing routes.
Also remove a check immediately after replacing 5 routes since it is very
likely to remove some of routes before completing the last route with a
slow environment.
Signed-off-by: Kui-Feng Lee <thinker.li@gmail.com>
Link: https://lore.kernel.org/r/20240305183949.258473-1-thinker.li@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
We observed that TCP-pacing was falling back to the TCP-layer pacing
instead of utilizing sch_fq for the pacing. This causes significant
CPU-usage due to the hrtimer running on a per-TCP-connection basis.
The issue is that mpls_xmit() calls skb_orphan() and thus sets
skb->sk to NULL. Which implies that many of the goodies of TCP won't
work. Pacing falls back to TCP-layer pacing. TCP Small Queues does not
work, ...
It is safe to remove this call to skb_orphan() in mpls_xmit() as there
really is not reason for it to be there. It appears that this call to
skb_orphan comes from the very initial implementation of MPLS.
Cc: Roopa Prabhu <roopa@nvidia.com>
Reported-by: Craig Taylor <cmtaylor@apple.com>
Signed-off-by: Christoph Paasch <cpaasch@apple.com>
Link: https://lore.kernel.org/r/20240306181117.77419-1-cpaasch@apple.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
With commit 34d21de99c ("net: Move {l,t,d}stats allocation to core
and convert veth & vrf"), stats allocation could be done on net core
instead of in this driver.
With this new approach, the driver doesn't have to bother with error
handling (allocation failure checking, making sure free happens in the
right spot, etc). This is core responsibility now.
Remove the allocation in the DSA user network device code and leverage
the network core allocation instead.
Signed-off-by: Florian Fainelli <florian.fainelli@broadcom.com>
Reviewed-by: Breno Leitao <leitao@debian.org>
Link: https://lore.kernel.org/r/20240306200416.2973179-1-florian.fainelli@broadcom.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
The .remove() callback for a platform driver returns an int which makes
many driver authors wrongly assume it's possible to do error handling by
returning an error code. However the value returned is ignored (apart
from emitting a warning) and this typically results in resource leaks.
To improve here there is a quest to make the remove callback return
void. In the first step of this quest all drivers are converted to
.remove_new(), which already returns void. Eventually after all drivers
are converted, .remove_new() will be renamed to .remove().
Trivially convert this driver from always returning zero in the remove
callback to the void returning variant.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://lore.kernel.org/r/20240306212344.97985-2-u.kleine-koenig@pengutronix.de
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Donald Hunter says:
====================
tools/net/ynl: Add support for nlctrl netlink family
This series adds a new YNL spec for the nlctrl family, plus some fixes
and enhancements for ynl.
Patch 1 fixes an extack decoding bug
Patch 2 gives cleaner netlink error reporting
Patch 3 fixes an array-nest codegen bug
Patch 4 adds nest-type-value support to ynl
Patch 5 fixes the ynl schemas to allow empty enum-name attrs
Patch 6 contains the nlctrl spec
====================
Link: https://lore.kernel.org/r/20240306231046.97158-1-donald.hunter@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
The nlctrl genetlink-legacy family uses nest-type-value encoding as
described in Documentation/userspace-api/netlink/genetlink-legacy.rst
Add nest-type-value decoding to ynl.
Signed-off-by: Donald Hunter <donald.hunter@gmail.com>
Link: https://lore.kernel.org/r/20240306231046.97158-5-donald.hunter@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
ynl-gen-c generates e.g. 'calloc(mcast_groups, sizeof(*dst->mcast_groups))'
for array-nest attrs when it should be 'n_mcast_groups'.
Add a 'n_' prefix in the generated code for array-nests.
Signed-off-by: Donald Hunter <donald.hunter@gmail.com>
Link: https://lore.kernel.org/r/20240306231046.97158-4-donald.hunter@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
ynl does not handle NlError exceptions so they get reported like program
failures. Handle the NlError exceptions and report the netlink errors
more cleanly.
Example now:
Netlink error: No such file or directory
nl_len = 44 (28) nl_flags = 0x300 nl_type = 2
error: -2 extack: {'bad-attr': '.op'}
Example before:
Traceback (most recent call last):
File "/home/donaldh/net-next/./tools/net/ynl/cli.py", line 81, in <module>
main()
File "/home/donaldh/net-next/./tools/net/ynl/cli.py", line 69, in main
reply = ynl.dump(args.dump, attrs)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/donaldh/net-next/tools/net/ynl/lib/ynl.py", line 906, in dump
return self._op(method, vals, [], dump=True)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/donaldh/net-next/tools/net/ynl/lib/ynl.py", line 872, in _op
raise NlError(nl_msg)
lib.ynl.NlError: Netlink error: No such file or directory
nl_len = 44 (28) nl_flags = 0x300 nl_type = 2
error: -2 extack: {'bad-attr': '.op'}
Signed-off-by: Donald Hunter <donald.hunter@gmail.com>
Link: https://lore.kernel.org/r/20240306231046.97158-3-donald.hunter@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Extack decoding was using a hard-coded msg header size of 20 but
netlink-raw has a header size of 16.
Use a protocol specific msghdr_size() when decoding the attr offssets.
Signed-off-by: Donald Hunter <donald.hunter@gmail.com>
Link: https://lore.kernel.org/r/20240306231046.97158-2-donald.hunter@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Since commit 43a7206b09 ("driver core: class: make class_register() take
a const *"), the driver core allows for struct class to be in read-only
memory, so move the capi_class structure to be declared at build time
placing it into read-only memory, instead of having to be dynamically
allocated at boot time.
Suggested-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Ricardo B. Marliere <ricardo@marliere.net>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://lore.kernel.org/r/20240305-class_cleanup-isdn-v1-2-6f0edca75b61@marliere.net
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Since commit 43a7206b09 ("driver core: class: make class_register() take
a const *"), the driver core allows for struct class to be in read-only
memory, so move the elements_class structure to be declared at build time
placing it into read-only memory, instead of having to be dynamically
allocated at boot time.
Suggested-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Ricardo B. Marliere <ricardo@marliere.net>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://lore.kernel.org/r/20240305-class_cleanup-isdn-v1-1-6f0edca75b61@marliere.net
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Drop reference to the 25MHz clock as it has nothing to do with connecting
the PHY and the MAC.
Add info about the reference clock direction between the PHY and the MAC
as it depends on the selected rmii mode.
Suggested-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Jérémie Dautheribes <jeremie.dautheribes@bootlin.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Acked-by: Conor Dooley <conor.dooley@microchip.com>
Link: https://lore.kernel.org/r/20240305141309.127669-1-jeremie.dautheribes@bootlin.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
This driver has two separate reset sequence in different places:
- gpio/HW reset on start of ksz_switch_register()
- SW reset on start of ksz_setup()
The second one will overwrite drive strength configuration made in the
ksz_switch_register().
To fix it, move ksz_parse_drive_strength() from ksz_switch_register() to
ksz_setup().
Fixes: d67d7247f6 ("net: dsa: microchip: Add drive strength configuration")
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
Link: https://lore.kernel.org/r/20240304135612.814404-1-o.rempel@pengutronix.de
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Toke Høiland-Jørgensen says:
====================
Fix hash bucket overflow checks for 32-bit arches
Syzbot managed to trigger a crash by creating a DEVMAP_HASH map with a
large number of buckets because the overflow check relies on
well-defined behaviour that is only correct on 64-bit arches.
Fix the overflow checks to happen before values are rounded up in all
the affected map types.
v3:
- Keep the htab->n_buckets > U32_MAX / sizeof(struct bucket) check
- Use 1UL << 31 instead of U32_MAX / 2 + 1 as the constant to check
against
- Add patch to fix stackmap.c
v2:
- Fix off-by-one error in overflow check
- Apply the same fix to hashtab, where the devmap_hash code was copied
from (John)
Toke Høiland-Jørgensen (3):
bpf: Fix DEVMAP_HASH overflow check on 32-bit arches
bpf: Fix hashtab overflow check on 32-bit arches
bpf: Fix stackmap overflow check on 32-bit arches
kernel/bpf/devmap.c | 11 ++++++-----
kernel/bpf/hashtab.c | 14 +++++++++-----
kernel/bpf/stackmap.c | 9 ++++++---
3 files changed, 21 insertions(+), 13 deletions(-)
====================
Link: https://lore.kernel.org/r/20240307120340.99577-1-toke@redhat.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
The stackmap code relies on roundup_pow_of_two() to compute the number
of hash buckets, and contains an overflow check by checking if the
resulting value is 0. However, on 32-bit arches, the roundup code itself
can overflow by doing a 32-bit left-shift of an unsigned long value,
which is undefined behaviour, so it is not guaranteed to truncate
neatly. This was triggered by syzbot on the DEVMAP_HASH type, which
contains the same check, copied from the hashtab code.
The commit in the fixes tag actually attempted to fix this, but the fix
did not account for the UB, so the fix only works on CPUs where an
overflow does result in a neat truncation to zero, which is not
guaranteed. Checking the value before rounding does not have this
problem.
Fixes: 6183f4d3a0 ("bpf: Check for integer overflow when using roundup_pow_of_two()")
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Reviewed-by: Bui Quang Minh <minhquangbui99@gmail.com>
Message-ID: <20240307120340.99577-4-toke@redhat.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
The hashtab code relies on roundup_pow_of_two() to compute the number of
hash buckets, and contains an overflow check by checking if the
resulting value is 0. However, on 32-bit arches, the roundup code itself
can overflow by doing a 32-bit left-shift of an unsigned long value,
which is undefined behaviour, so it is not guaranteed to truncate
neatly. This was triggered by syzbot on the DEVMAP_HASH type, which
contains the same check, copied from the hashtab code. So apply the same
fix to hashtab, by moving the overflow check to before the roundup.
Fixes: daaf427c6a ("bpf: fix arraymap NULL deref and missing overflow and zero size checks")
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Message-ID: <20240307120340.99577-3-toke@redhat.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
The devmap code allocates a number hash buckets equal to the next power
of two of the max_entries value provided when creating the map. When
rounding up to the next power of two, the 32-bit variable storing the
number of buckets can overflow, and the code checks for overflow by
checking if the truncated 32-bit value is equal to 0. However, on 32-bit
arches the rounding up itself can overflow mid-way through, because it
ends up doing a left-shift of 32 bits on an unsigned long value. If the
size of an unsigned long is four bytes, this is undefined behaviour, so
there is no guarantee that we'll end up with a nice and tidy 0-value at
the end.
Syzbot managed to turn this into a crash on arm32 by creating a
DEVMAP_HASH with max_entries > 0x80000000 and then trying to update it.
Fix this by moving the overflow check to before the rounding up
operation.
Fixes: 6f9d451ab1 ("xdp: Add devmap_hash map type for looking up devices by hashed index")
Link: https://lore.kernel.org/r/000000000000ed666a0611af6818@google.com
Reported-and-tested-by: syzbot+8cd36f6b65f3cafd400a@syzkaller.appspotmail.com
Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com>
Message-ID: <20240307120340.99577-2-toke@redhat.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
panel, a deadlock fix for nouveau, A controversial format fix for udl
that got reverted to allow further discussion, and a build fix for the
drm/buddy kunit tests.
-----BEGIN PGP SIGNATURE-----
iHUEABYKAB0WIQRcEzekXsqa64kGDp7j7w1vZxhRxQUCZel+awAKCRDj7w1vZxhR
xXS0AQDu37APL6isTd1JlhCNfDArtiGXSQrLMsaIkwcJzMHzKgD/T/G1P8BgjM51
VyHajnBH/8LyIyBLv92QRcf25Lu8+Ac=
=k5hs
-----END PGP SIGNATURE-----
Merge tag 'drm-misc-fixes-2024-03-07' of https://anongit.freedesktop.org/git/drm/drm-misc into drm-fixes
A connector status polling fix, a timings fix for the Himax83102-j02
panel, a deadlock fix for nouveau, A controversial format fix for udl
that got reverted to allow further discussion, and a build fix for the
drm/buddy kunit tests.
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Maxime Ripard <mripard@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240307-quizzical-auburn-starling-0ade8f@houat
- enhancements for NPU and MRT support
-----BEGIN PGP SIGNATURE-----
iQFLBAABCAA1FiEEz9DmVLy+XdLQMNIiz8wpfG0KEgsFAmXpksIXHGwuc3RhY2hA
cGVuZ3V0cm9uaXguZGUACgkQz8wpfG0KEgterAgAnvMM2QRG0qUXHmUJAqwQorU0
tErsfxsGrSnsQU2sCqN+D1GUqbIwvNUXX3xvj8r7LKCxkFzC+c7/rcKOHUHDsgOU
WvsDkJOJkx7In2NsiPSYOzUiyRpMwKa2MdFq6GdLB6ZT63GomK+rwL5/9+b23z8P
NbvI0zNMbZnWDpGnHcdTWCmkVd/sLtAnOa7MMqwR9r2RzdsP9ssDpSFXDPfViVxp
c8E6a11mhW+rI3KDRvGpQDRhd+7pDYS9+75aeAsDOhhiJCNVEUGnIyL71fb1FzDJ
oFypU2lNKEdLPUcdSOJSyhC98yupcmQ1j9lWzfqcGcpt8kfl1MlWTwj98hiRfw==
=3Frs
-----END PGP SIGNATURE-----
Merge tag 'drm-etnaviv-next-2024-03-07' of https://git.pengutronix.de/git/lst/linux into drm-next
- various code cleanups
- enhancements for NPU and MRT support
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Lucas Stach <l.stach@pengutronix.de>
Link: https://patchwork.freedesktop.org/patch/msgid/72a783cd98d60f6ebb43b90a6b453eea87224409.camel@pengutronix.de
- Fix kunit link failure with built-in xe
- Fix one more 32-bit build failure with ARM compiler
- Fix initialization order of topology struct
- Cleanup unused fields in struct xe_vm
- Fix xe_vm leak when handling page fault on a VM not in fault mode
- Drop use of "grouped target" feature in Makefile since that's
only available in make >= 4.3
-----BEGIN PGP SIGNATURE-----
iQJNBAABCAA3FiEE6rM8lpABPHM5FqyDm6KlpjDL6lMFAmXl7zsZHGx1Y2FzLmRl
bWFyY2hpQGludGVsLmNvbQAKCRCboqWmMMvqU9ZDD/9zNsw9pRwDsxZraKJJuQJy
Vnn+mTcGwxqxrym/x85eERkETYQ13ChPxMwOjwjVOp6A9OqidusdCD2BL0MReXSI
NpugpJUzPVgXIGdm3lPlr+UHbQar1IvK5NAES8WAQzGgOpp4IY0RCko+HjKOD9jC
sCn5PGKwCOGb98Bsgw23sNtJq0Tjgl3cNslkKPfYwgMOTDu+OPsIdRE7Sk1gWTW4
v+siH9A2PaaGghWZB2sYw12+Ur2RDoHIfQctc9vvu0OrKNJjAkHp8va9SGaFtI1D
NhkE2iHAiLjMc216GSOAimTCQmQ7081Kjx3JtN7uNg7vKhUI2gVWND+zWDUV+umm
8+lzF/SBBrkUYh5WBOF49b2j4WndyPsEVMTmDm40YPNfDNUcl4WRdNASiva7yj10
HV7GkIImjsIkWlSK9NGO8N3JzHtDvraTOTLHqjdRU5xA9mB+DdnWRCjTyJlMhPel
nmjKWpKeRE+WW/5BEqnkXg4HuhykJOF2fsxoarhE+F/omNKnjmk5d/g0bOJMCgwy
3MSDeSaclQggiIh4mU/NAI/LeruETHzcVw6cArwQRJmvEiE9gEsOT/2uxOVodHvt
C+GZ4Br3eOXw/prwNTk15CZkzEV6zqKgrn70//Fu1siNWkEUvkiKXBwMOajZdckB
jXy7E6MxNsoQ5qvq4oowEw==
=Cbn5
-----END PGP SIGNATURE-----
Merge tag 'drm-xe-next-fixes-2024-03-04' of ssh://gitlab.freedesktop.org/drm/xe/kernel into drm-next
Driver Changes:
- Fix kunit link failure with built-in xe
- Fix one more 32-bit build failure with ARM compiler
- Fix initialization order of topology struct
- Cleanup unused fields in struct xe_vm
- Fix xe_vm leak when handling page fault on a VM not in fault mode
- Drop use of "grouped target" feature in Makefile since that's
only available in make >= 4.3
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Lucas De Marchi <lucas.demarchi@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/kaypobelrl7u7rtnu6hg5czs3vptbhs4rp24vnwuo2ajoxysto@l5u7377hz4es
issues or aren't considered to be needed in earlier kernel versions.
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQTTMBEPP41GrTpTJgfdBJ7gKXxAjgUCZepZNgAKCRDdBJ7gKXxA
jpEWAQC8ThQlyArXO8uXHwa8MDYgUKj02CIQE+jZ3pXIdL8w8gD/UGQQod+DBr3l
zK3AljRd4hfrKVJB7H1+Zx/6PlH7Bgg=
=DG4B
-----END PGP SIGNATURE-----
Merge tag 'mm-hotfixes-stable-2024-03-07-16-17' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Pull misc fixes from Andrew Morton:
"6 hotfixes. 4 are cc:stable and the remainder pertain to post-6.7
issues or aren't considered to be needed in earlier kernel versions"
* tag 'mm-hotfixes-stable-2024-03-07-16-17' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm:
scripts/gdb/symbols: fix invalid escape sequence warning
mailmap: fix Kishon's email
init/Kconfig: lower GCC version check for -Warray-bounds
mm, mmap: fix vma_merge() case 7 with vma_ops->close
mm: userfaultfd: fix unexpected change to src_folio when UFFDIO_MOVE fails
mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations
If we loop for multishot receive on the initial attempt, and then abort
later on to wait for more, we miss a case where we should be copying the
io_async_msghdr from the stack to stable storage. This leads to the next
retry potentially failing, if the application had the msghdr on the
stack.
Cc: stable@vger.kernel.org
Fixes: 9bb66906f2 ("io_uring: support multishot in recvmsg")
Signed-off-by: Jens Axboe <axboe@kernel.dk>
PM runtime can be done simultaneously with AER error handling. Avoid that
by using pm_runtime_get_sync() before and pm_runtime_put() after reset in
pcie_do_recovery() for all recovering devices.
pm_runtime_get_sync() will increase dev->power.usage_count counter to
prevent any possible future request to runtime suspend a device. It will
also resume a device, if it was previously in D3hot state.
I tested with igc device by doing simultaneous aer_inject and rpm
suspend/resume via /sys/bus/pci/devices/PCI_ID/power/control and can
reproduce:
igc 0000:02:00.0: not ready 65535ms after bus reset; giving up
pcieport 0000:00:1c.2: AER: Root Port link has been reset (-25)
pcieport 0000:00:1c.2: AER: subordinate device reset failed
pcieport 0000:00:1c.2: AER: device recovery failed
igc 0000:02:00.0: Unable to change power state from D3hot to D0, device inaccessible
The problem disappears when this patch is applied.
Link: https://lore.kernel.org/r/20240212120135.146068-1-stanislaw.gruszka@linux.intel.com
Signed-off-by: Stanislaw Gruszka <stanislaw.gruszka@linux.intel.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
Acked-by: Rafael J. Wysocki <rafael@kernel.org>
Cc: <stable@vger.kernel.org>
Calling irq_domain_remove() will lead to freeing the IRQ domain
prematurely. The domain is still referenced and will be attempted to get
used via rmi_free_function_list() -> rmi_unregister_function() ->
irq_dispose_mapping() -> irq_get_irq_data()'s ->domain pointer.
With PaX's MEMORY_SANITIZE this will lead to an access fault when
attempting to dereference embedded pointers, as in Torsten's report that
was faulting on the 'domain->ops->unmap' test.
Fix this by releasing the IRQ domain only after all related IRQs have
been deactivated.
Fixes: 24d28e4f12 ("Input: synaptics-rmi4 - convert irq distribution to irq_domain")
Reported-by: Torsten Hilbrich <torsten.hilbrich@secunet.com>
Signed-off-by: Mathias Krause <minipli@grsecurity.net>
Link: https://lore.kernel.org/r/20240222142654.856566-1-minipli@grsecurity.net
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
