* [PATCH AUTOSEL 4.14 017/127] mwifiex: fix potential NULL dereference and use after free
[not found] <20191122055544.3299-1-sashal@kernel.org>
@ 2019-11-22 5:53 ` Sasha Levin
2019-11-22 5:53 ` [PATCH AUTOSEL 4.14 018/127] mwifiex: debugfs: correct histogram spacing, formatting Sasha Levin
` (32 subsequent siblings)
33 siblings, 0 replies; 34+ messages in thread
From: Sasha Levin @ 2019-11-22 5:53 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Pan Bian, Kalle Valo, Sasha Levin, linux-wireless, netdev
From: Pan Bian <bianpan2016@163.com>
[ Upstream commit 1dcd9429212b98bea87fc6ec92fb50bf5953eb47 ]
There are two defects: (1) passing a NULL bss to
mwifiex_save_hidden_ssid_channels will result in NULL dereference,
(2) using bss after dropping the reference to it via cfg80211_put_bss.
To fix them, the patch moves the buggy code to the branch that bss is
not NULL and puts it before cfg80211_put_bss.
Signed-off-by: Pan Bian <bianpan2016@163.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/marvell/mwifiex/scan.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/drivers/net/wireless/marvell/mwifiex/scan.c b/drivers/net/wireless/marvell/mwifiex/scan.c
index 67c3342210777..c013c94fbf15f 100644
--- a/drivers/net/wireless/marvell/mwifiex/scan.c
+++ b/drivers/net/wireless/marvell/mwifiex/scan.c
@@ -1901,15 +1901,17 @@ mwifiex_parse_single_response_buf(struct mwifiex_private *priv, u8 **bss_info,
ETH_ALEN))
mwifiex_update_curr_bss_params(priv,
bss);
- cfg80211_put_bss(priv->wdev.wiphy, bss);
- }
- if ((chan->flags & IEEE80211_CHAN_RADAR) ||
- (chan->flags & IEEE80211_CHAN_NO_IR)) {
- mwifiex_dbg(adapter, INFO,
- "radar or passive channel %d\n",
- channel);
- mwifiex_save_hidden_ssid_channels(priv, bss);
+ if ((chan->flags & IEEE80211_CHAN_RADAR) ||
+ (chan->flags & IEEE80211_CHAN_NO_IR)) {
+ mwifiex_dbg(adapter, INFO,
+ "radar or passive channel %d\n",
+ channel);
+ mwifiex_save_hidden_ssid_channels(priv,
+ bss);
+ }
+
+ cfg80211_put_bss(priv->wdev.wiphy, bss);
}
}
} else {
--
2.20.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH AUTOSEL 4.14 018/127] mwifiex: debugfs: correct histogram spacing, formatting
[not found] <20191122055544.3299-1-sashal@kernel.org>
2019-11-22 5:53 ` [PATCH AUTOSEL 4.14 017/127] mwifiex: fix potential NULL dereference and use after free Sasha Levin
@ 2019-11-22 5:53 ` Sasha Levin
2019-11-22 5:53 ` [PATCH AUTOSEL 4.14 019/127] rtl818x: fix potential use after free Sasha Levin
` (31 subsequent siblings)
33 siblings, 0 replies; 34+ messages in thread
From: Sasha Levin @ 2019-11-22 5:53 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Brian Norris, Kalle Valo, Sasha Levin, linux-wireless, netdev
From: Brian Norris <briannorris@chromium.org>
[ Upstream commit 4cb777c64e030778c569f605398d7604d8aabc0f ]
Currently, snippets of this file look like:
rx rates (in Mbps): 0=1M 1=2M2=5.5M 3=11M 4=6M 5=9M 6=12M
7=18M 8=24M 9=36M 10=48M 11=54M12-27=MCS0-15(BW20) 28-43=MCS0-15(BW40)
44-53=MCS0-9(VHT:BW20)54-63=MCS0-9(VHT:BW40)64-73=MCS0-9(VHT:BW80)
...
noise_flr[--96dBm] = 22
noise_flr[--95dBm] = 149
noise_flr[--94dBm] = 9
noise_flr[--93dBm] = 2
We're missing some spaces, and we're adding a minus sign ('-') on values
that are already negative signed integers.
Signed-off-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/marvell/mwifiex/debugfs.c | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/drivers/net/wireless/marvell/mwifiex/debugfs.c b/drivers/net/wireless/marvell/mwifiex/debugfs.c
index 6f4239be609d0..49ca84ef1a992 100644
--- a/drivers/net/wireless/marvell/mwifiex/debugfs.c
+++ b/drivers/net/wireless/marvell/mwifiex/debugfs.c
@@ -296,15 +296,13 @@ mwifiex_histogram_read(struct file *file, char __user *ubuf,
"total samples = %d\n",
atomic_read(&phist_data->num_samples));
- p += sprintf(p, "rx rates (in Mbps): 0=1M 1=2M");
- p += sprintf(p, "2=5.5M 3=11M 4=6M 5=9M 6=12M\n");
- p += sprintf(p, "7=18M 8=24M 9=36M 10=48M 11=54M");
- p += sprintf(p, "12-27=MCS0-15(BW20) 28-43=MCS0-15(BW40)\n");
+ p += sprintf(p,
+ "rx rates (in Mbps): 0=1M 1=2M 2=5.5M 3=11M 4=6M 5=9M 6=12M\n"
+ "7=18M 8=24M 9=36M 10=48M 11=54M 12-27=MCS0-15(BW20) 28-43=MCS0-15(BW40)\n");
if (ISSUPP_11ACENABLED(priv->adapter->fw_cap_info)) {
- p += sprintf(p, "44-53=MCS0-9(VHT:BW20)");
- p += sprintf(p, "54-63=MCS0-9(VHT:BW40)");
- p += sprintf(p, "64-73=MCS0-9(VHT:BW80)\n\n");
+ p += sprintf(p,
+ "44-53=MCS0-9(VHT:BW20) 54-63=MCS0-9(VHT:BW40) 64-73=MCS0-9(VHT:BW80)\n\n");
} else {
p += sprintf(p, "\n");
}
@@ -333,7 +331,7 @@ mwifiex_histogram_read(struct file *file, char __user *ubuf,
for (i = 0; i < MWIFIEX_MAX_NOISE_FLR; i++) {
value = atomic_read(&phist_data->noise_flr[i]);
if (value)
- p += sprintf(p, "noise_flr[-%02ddBm] = %d\n",
+ p += sprintf(p, "noise_flr[%02ddBm] = %d\n",
(int)(i-128), value);
}
for (i = 0; i < MWIFIEX_MAX_SIG_STRENGTH; i++) {
--
2.20.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH AUTOSEL 4.14 019/127] rtl818x: fix potential use after free
[not found] <20191122055544.3299-1-sashal@kernel.org>
2019-11-22 5:53 ` [PATCH AUTOSEL 4.14 017/127] mwifiex: fix potential NULL dereference and use after free Sasha Levin
2019-11-22 5:53 ` [PATCH AUTOSEL 4.14 018/127] mwifiex: debugfs: correct histogram spacing, formatting Sasha Levin
@ 2019-11-22 5:53 ` Sasha Levin
2019-11-22 5:54 ` [PATCH AUTOSEL 4.14 025/127] iwlwifi: move iwl_nvm_check_version() into dvm Sasha Levin
` (30 subsequent siblings)
33 siblings, 0 replies; 34+ messages in thread
From: Sasha Levin @ 2019-11-22 5:53 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Pan Bian, Larry Finger, Kalle Valo, Sasha Levin, linux-wireless, netdev
From: Pan Bian <bianpan2016@163.com>
[ Upstream commit afbb1947db94eacc5a13302eee88a9772fb78935 ]
entry is released via usb_put_urb just after calling usb_submit_urb.
However, entry is used if the submission fails, resulting in a use after
free bug. The patch fixes this.
Signed-off-by: Pan Bian <bianpan2016@163.com>
ACKed-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c b/drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c
index 9a1d15b3ce453..518caaaf8a987 100644
--- a/drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c
+++ b/drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c
@@ -444,12 +444,13 @@ static int rtl8187_init_urbs(struct ieee80211_hw *dev)
skb_queue_tail(&priv->rx_queue, skb);
usb_anchor_urb(entry, &priv->anchored);
ret = usb_submit_urb(entry, GFP_KERNEL);
- usb_put_urb(entry);
if (ret) {
skb_unlink(skb, &priv->rx_queue);
usb_unanchor_urb(entry);
+ usb_put_urb(entry);
goto err;
}
+ usb_put_urb(entry);
}
return ret;
--
2.20.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH AUTOSEL 4.14 025/127] iwlwifi: move iwl_nvm_check_version() into dvm
[not found] <20191122055544.3299-1-sashal@kernel.org>
` (2 preceding siblings ...)
2019-11-22 5:53 ` [PATCH AUTOSEL 4.14 019/127] rtl818x: fix potential use after free Sasha Levin
@ 2019-11-22 5:54 ` Sasha Levin
2019-11-22 5:54 ` [PATCH AUTOSEL 4.14 028/127] VSOCK: bind to random port for VMADDR_PORT_ANY Sasha Levin
` (29 subsequent siblings)
33 siblings, 0 replies; 34+ messages in thread
From: Sasha Levin @ 2019-11-22 5:54 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: Luca Coelho, Sasha Levin, linux-wireless, netdev
From: Luca Coelho <luciano.coelho@intel.com>
[ Upstream commit 64866e5da1eabd0c52ff45029b245f5465920031 ]
This function is only half-used by mvm (i.e. only the nvm_version part
matters, since the calibration version is irrelevant), so it's
pointless to export it from iwlwifi. If mvm uses this function, it
has the additional complexity of setting the calib version to a bogus
value on all cfg structs.
To avoid this, move the function to dvm and make a simple comparison
of the nvm_version in mvm instead.
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intel/iwlwifi/dvm/main.c | 17 +++++++++++++++++
.../wireless/intel/iwlwifi/iwl-eeprom-parse.c | 19 -------------------
.../wireless/intel/iwlwifi/iwl-eeprom-parse.h | 5 ++---
drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 4 +++-
4 files changed, 22 insertions(+), 23 deletions(-)
diff --git a/drivers/net/wireless/intel/iwlwifi/dvm/main.c b/drivers/net/wireless/intel/iwlwifi/dvm/main.c
index 2acd94da9efeb..051a2fea95724 100644
--- a/drivers/net/wireless/intel/iwlwifi/dvm/main.c
+++ b/drivers/net/wireless/intel/iwlwifi/dvm/main.c
@@ -1229,6 +1229,23 @@ static int iwl_eeprom_init_hw_params(struct iwl_priv *priv)
return 0;
}
+static int iwl_nvm_check_version(struct iwl_nvm_data *data,
+ struct iwl_trans *trans)
+{
+ if (data->nvm_version >= trans->cfg->nvm_ver ||
+ data->calib_version >= trans->cfg->nvm_calib_ver) {
+ IWL_DEBUG_INFO(trans, "device EEPROM VER=0x%x, CALIB=0x%x\n",
+ data->nvm_version, data->calib_version);
+ return 0;
+ }
+
+ IWL_ERR(trans,
+ "Unsupported (too old) EEPROM VER=0x%x < 0x%x CALIB=0x%x < 0x%x\n",
+ data->nvm_version, trans->cfg->nvm_ver,
+ data->calib_version, trans->cfg->nvm_calib_ver);
+ return -EINVAL;
+}
+
static struct iwl_op_mode *iwl_op_mode_dvm_start(struct iwl_trans *trans,
const struct iwl_cfg *cfg,
const struct iwl_fw *fw,
diff --git a/drivers/net/wireless/intel/iwlwifi/iwl-eeprom-parse.c b/drivers/net/wireless/intel/iwlwifi/iwl-eeprom-parse.c
index 3199d345b4274..92727f7e42db7 100644
--- a/drivers/net/wireless/intel/iwlwifi/iwl-eeprom-parse.c
+++ b/drivers/net/wireless/intel/iwlwifi/iwl-eeprom-parse.c
@@ -928,22 +928,3 @@ iwl_parse_eeprom_data(struct device *dev, const struct iwl_cfg *cfg,
return NULL;
}
IWL_EXPORT_SYMBOL(iwl_parse_eeprom_data);
-
-/* helper functions */
-int iwl_nvm_check_version(struct iwl_nvm_data *data,
- struct iwl_trans *trans)
-{
- if (data->nvm_version >= trans->cfg->nvm_ver ||
- data->calib_version >= trans->cfg->nvm_calib_ver) {
- IWL_DEBUG_INFO(trans, "device EEPROM VER=0x%x, CALIB=0x%x\n",
- data->nvm_version, data->calib_version);
- return 0;
- }
-
- IWL_ERR(trans,
- "Unsupported (too old) EEPROM VER=0x%x < 0x%x CALIB=0x%x < 0x%x\n",
- data->nvm_version, trans->cfg->nvm_ver,
- data->calib_version, trans->cfg->nvm_calib_ver);
- return -EINVAL;
-}
-IWL_EXPORT_SYMBOL(iwl_nvm_check_version);
diff --git a/drivers/net/wireless/intel/iwlwifi/iwl-eeprom-parse.h b/drivers/net/wireless/intel/iwlwifi/iwl-eeprom-parse.h
index b33888991b946..5545210151cd9 100644
--- a/drivers/net/wireless/intel/iwlwifi/iwl-eeprom-parse.h
+++ b/drivers/net/wireless/intel/iwlwifi/iwl-eeprom-parse.h
@@ -7,6 +7,7 @@
*
* Copyright(c) 2008 - 2014 Intel Corporation. All rights reserved.
* Copyright(c) 2015 Intel Mobile Communications GmbH
+ * Copyright (C) 2018 Intel Corporation
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of version 2 of the GNU General Public License as
@@ -33,6 +34,7 @@
*
* Copyright(c) 2005 - 2014 Intel Corporation. All rights reserved.
* Copyright(c) 2015 Intel Mobile Communications GmbH
+ * Copyright (C) 2018 Intel Corporation
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -121,9 +123,6 @@ struct iwl_nvm_data *
iwl_parse_eeprom_data(struct device *dev, const struct iwl_cfg *cfg,
const u8 *eeprom, size_t eeprom_size);
-int iwl_nvm_check_version(struct iwl_nvm_data *data,
- struct iwl_trans *trans);
-
int iwl_init_sband_channels(struct iwl_nvm_data *data,
struct ieee80211_supported_band *sband,
int n_channels, enum nl80211_band band);
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/fw.c b/drivers/net/wireless/intel/iwlwifi/mvm/fw.c
index 534c0ea7b232e..78228f870f8f5 100644
--- a/drivers/net/wireless/intel/iwlwifi/mvm/fw.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/fw.c
@@ -501,7 +501,9 @@ int iwl_run_init_mvm_ucode(struct iwl_mvm *mvm, bool read_nvm)
if (mvm->nvm_file_name)
iwl_mvm_load_nvm_to_nic(mvm);
- WARN_ON(iwl_nvm_check_version(mvm->nvm_data, mvm->trans));
+ WARN_ONCE(mvm->nvm_data->nvm_version < mvm->trans->cfg->nvm_ver,
+ "Too old NVM version (0x%0x, required = 0x%0x)",
+ mvm->nvm_data->nvm_version, mvm->trans->cfg->nvm_ver);
/*
* abort after reading the nvm in case RF Kill is on, we will complete
--
2.20.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH AUTOSEL 4.14 028/127] VSOCK: bind to random port for VMADDR_PORT_ANY
[not found] <20191122055544.3299-1-sashal@kernel.org>
` (3 preceding siblings ...)
2019-11-22 5:54 ` [PATCH AUTOSEL 4.14 025/127] iwlwifi: move iwl_nvm_check_version() into dvm Sasha Levin
@ 2019-11-22 5:54 ` Sasha Levin
2019-11-22 5:54 ` [PATCH AUTOSEL 4.14 038/127] net/mlx5: Continue driver initialization despite debugfs failure Sasha Levin
` (28 subsequent siblings)
33 siblings, 0 replies; 34+ messages in thread
From: Sasha Levin @ 2019-11-22 5:54 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Lepton Wu, Jorgen Hansen, David S . Miller, Sasha Levin, netdev
From: Lepton Wu <ytht.net@gmail.com>
[ Upstream commit 8236b08cf50f85bbfaf48910a0b3ee68318b7c4b ]
The old code always starts from fixed port for VMADDR_PORT_ANY. Sometimes
when VMM crashed, there is still orphaned vsock which is waiting for
close timer, then it could cause connection time out for new started VM
if they are trying to connect to same port with same guest cid since the
new packets could hit that orphaned vsock. We could also fix this by doing
more in vhost_vsock_reset_orphans, but any way, it should be better to start
from a random local port instead of a fixed one.
Signed-off-by: Lepton Wu <ytht.net@gmail.com>
Reviewed-by: Jorgen Hansen <jhansen@vmware.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/vmw_vsock/af_vsock.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c
index 1939b77e98b72..73eac97e19fb1 100644
--- a/net/vmw_vsock/af_vsock.c
+++ b/net/vmw_vsock/af_vsock.c
@@ -107,6 +107,7 @@
#include <linux/mutex.h>
#include <linux/net.h>
#include <linux/poll.h>
+#include <linux/random.h>
#include <linux/skbuff.h>
#include <linux/smp.h>
#include <linux/socket.h>
@@ -487,9 +488,13 @@ static void vsock_pending_work(struct work_struct *work)
static int __vsock_bind_stream(struct vsock_sock *vsk,
struct sockaddr_vm *addr)
{
- static u32 port = LAST_RESERVED_PORT + 1;
+ static u32 port = 0;
struct sockaddr_vm new_addr;
+ if (!port)
+ port = LAST_RESERVED_PORT + 1 +
+ prandom_u32_max(U32_MAX - LAST_RESERVED_PORT);
+
vsock_addr_init(&new_addr, addr->svm_cid, addr->svm_port);
if (addr->svm_port == VMADDR_PORT_ANY) {
--
2.20.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH AUTOSEL 4.14 038/127] net/mlx5: Continue driver initialization despite debugfs failure
[not found] <20191122055544.3299-1-sashal@kernel.org>
` (4 preceding siblings ...)
2019-11-22 5:54 ` [PATCH AUTOSEL 4.14 028/127] VSOCK: bind to random port for VMADDR_PORT_ANY Sasha Levin
@ 2019-11-22 5:54 ` Sasha Levin
2019-11-22 5:54 ` [PATCH AUTOSEL 4.14 040/127] bnxt_en: Return linux standard errors in bnxt_ethtool.c Sasha Levin
` (27 subsequent siblings)
33 siblings, 0 replies; 34+ messages in thread
From: Sasha Levin @ 2019-11-22 5:54 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Leon Romanovsky, Saeed Mahameed, Sasha Levin, netdev, linux-rdma
From: Leon Romanovsky <leonro@mellanox.com>
[ Upstream commit 199fa087dc6b503baad06712716fac645a983e8a ]
The failure to create debugfs entry is unpleasant event, but not enough
to abort drier initialization. Align the mlx5_core code to debugfs design
and continue execution whenever debugfs_create_dir() successes or not.
Fixes: e126ba97dba9 ("mlx5: Add driver for Mellanox Connect-IB adapters")
Reviewed-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx5/core/main.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/main.c b/drivers/net/ethernet/mellanox/mlx5/core/main.c
index 97874c2568fc9..1ac0e173da12c 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/main.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/main.c
@@ -838,11 +838,9 @@ static int mlx5_pci_init(struct mlx5_core_dev *dev, struct mlx5_priv *priv)
priv->numa_node = dev_to_node(&dev->pdev->dev);
- priv->dbg_root = debugfs_create_dir(dev_name(&pdev->dev), mlx5_debugfs_root);
- if (!priv->dbg_root) {
- dev_err(&pdev->dev, "Cannot create debugfs dir, aborting\n");
- return -ENOMEM;
- }
+ if (mlx5_debugfs_root)
+ priv->dbg_root =
+ debugfs_create_dir(pci_name(pdev), mlx5_debugfs_root);
err = mlx5_pci_enable_device(dev);
if (err) {
--
2.20.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH AUTOSEL 4.14 040/127] bnxt_en: Return linux standard errors in bnxt_ethtool.c
[not found] <20191122055544.3299-1-sashal@kernel.org>
` (5 preceding siblings ...)
2019-11-22 5:54 ` [PATCH AUTOSEL 4.14 038/127] net/mlx5: Continue driver initialization despite debugfs failure Sasha Levin
@ 2019-11-22 5:54 ` Sasha Levin
2019-11-22 5:54 ` [PATCH AUTOSEL 4.14 041/127] bnxt_en: query force speeds before disabling autoneg mode Sasha Levin
` (26 subsequent siblings)
33 siblings, 0 replies; 34+ messages in thread
From: Sasha Levin @ 2019-11-22 5:54 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Vasundhara Volam, Michael Chan, David S . Miller, Sasha Levin, netdev
From: Vasundhara Volam <vasundhara-v.volam@broadcom.com>
[ Upstream commit 7c675421afef18253a86ffc383f57bc15ef32ea8 ]
Currently firmware specific errors are returned directly in flash_device
and reset ethtool hooks. Modify it to return linux standard errors
to userspace when flashing operations fail.
Signed-off-by: Vasundhara Volam <vasundhara-v.volam@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 56 +++++++++++++------
1 file changed, 39 insertions(+), 17 deletions(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
index a22336fef66b2..4879371ad0c75 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
@@ -1339,14 +1339,22 @@ static int bnxt_flash_nvram(struct net_device *dev,
rc = hwrm_send_message(bp, &req, sizeof(req), FLASH_NVRAM_TIMEOUT);
dma_free_coherent(&bp->pdev->dev, data_len, kmem, dma_handle);
+ if (rc == HWRM_ERR_CODE_RESOURCE_ACCESS_DENIED) {
+ netdev_info(dev,
+ "PF does not have admin privileges to flash the device\n");
+ rc = -EACCES;
+ } else if (rc) {
+ rc = -EIO;
+ }
return rc;
}
static int bnxt_firmware_reset(struct net_device *dev,
u16 dir_type)
{
- struct bnxt *bp = netdev_priv(dev);
struct hwrm_fw_reset_input req = {0};
+ struct bnxt *bp = netdev_priv(dev);
+ int rc;
bnxt_hwrm_cmd_hdr_init(bp, &req, HWRM_FW_RESET, -1, -1);
@@ -1380,7 +1388,15 @@ static int bnxt_firmware_reset(struct net_device *dev,
return -EINVAL;
}
- return hwrm_send_message(bp, &req, sizeof(req), HWRM_CMD_TIMEOUT);
+ rc = hwrm_send_message(bp, &req, sizeof(req), HWRM_CMD_TIMEOUT);
+ if (rc == HWRM_ERR_CODE_RESOURCE_ACCESS_DENIED) {
+ netdev_info(dev,
+ "PF does not have admin privileges to reset the device\n");
+ rc = -EACCES;
+ } else if (rc) {
+ rc = -EIO;
+ }
+ return rc;
}
static int bnxt_flash_firmware(struct net_device *dev,
@@ -1587,9 +1603,9 @@ static int bnxt_flash_package_from_file(struct net_device *dev,
struct hwrm_nvm_install_update_output *resp = bp->hwrm_cmd_resp_addr;
struct hwrm_nvm_install_update_input install = {0};
const struct firmware *fw;
+ int rc, hwrm_err = 0;
u32 item_len;
u16 index;
- int rc;
bnxt_hwrm_fw_set_time(bp);
@@ -1632,15 +1648,16 @@ static int bnxt_flash_package_from_file(struct net_device *dev,
memcpy(kmem, fw->data, fw->size);
modify.host_src_addr = cpu_to_le64(dma_handle);
- rc = hwrm_send_message(bp, &modify, sizeof(modify),
- FLASH_PACKAGE_TIMEOUT);
+ hwrm_err = hwrm_send_message(bp, &modify,
+ sizeof(modify),
+ FLASH_PACKAGE_TIMEOUT);
dma_free_coherent(&bp->pdev->dev, fw->size, kmem,
dma_handle);
}
}
release_firmware(fw);
- if (rc)
- return rc;
+ if (rc || hwrm_err)
+ goto err_exit;
if ((install_type & 0xffff) == 0)
install_type >>= 16;
@@ -1648,12 +1665,10 @@ static int bnxt_flash_package_from_file(struct net_device *dev,
install.install_type = cpu_to_le32(install_type);
mutex_lock(&bp->hwrm_cmd_lock);
- rc = _hwrm_send_message(bp, &install, sizeof(install),
- INSTALL_PACKAGE_TIMEOUT);
- if (rc) {
- rc = -EOPNOTSUPP;
+ hwrm_err = _hwrm_send_message(bp, &install, sizeof(install),
+ INSTALL_PACKAGE_TIMEOUT);
+ if (hwrm_err)
goto flash_pkg_exit;
- }
if (resp->error_code) {
u8 error_code = ((struct hwrm_err_output *)resp)->cmd_err;
@@ -1661,12 +1676,11 @@ static int bnxt_flash_package_from_file(struct net_device *dev,
if (error_code == NVM_INSTALL_UPDATE_CMD_ERR_CODE_FRAG_ERR) {
install.flags |= cpu_to_le16(
NVM_INSTALL_UPDATE_REQ_FLAGS_ALLOWED_TO_DEFRAG);
- rc = _hwrm_send_message(bp, &install, sizeof(install),
- INSTALL_PACKAGE_TIMEOUT);
- if (rc) {
- rc = -EOPNOTSUPP;
+ hwrm_err = _hwrm_send_message(bp, &install,
+ sizeof(install),
+ INSTALL_PACKAGE_TIMEOUT);
+ if (hwrm_err)
goto flash_pkg_exit;
- }
}
}
@@ -1677,6 +1691,14 @@ static int bnxt_flash_package_from_file(struct net_device *dev,
}
flash_pkg_exit:
mutex_unlock(&bp->hwrm_cmd_lock);
+err_exit:
+ if (hwrm_err == HWRM_ERR_CODE_RESOURCE_ACCESS_DENIED) {
+ netdev_info(dev,
+ "PF does not have admin privileges to flash the device\n");
+ rc = -EACCES;
+ } else if (hwrm_err) {
+ rc = -EOPNOTSUPP;
+ }
return rc;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH AUTOSEL 4.14 041/127] bnxt_en: query force speeds before disabling autoneg mode.
[not found] <20191122055544.3299-1-sashal@kernel.org>
` (6 preceding siblings ...)
2019-11-22 5:54 ` [PATCH AUTOSEL 4.14 040/127] bnxt_en: Return linux standard errors in bnxt_ethtool.c Sasha Levin
@ 2019-11-22 5:54 ` Sasha Levin
2019-11-22 5:54 ` [PATCH AUTOSEL 4.14 052/127] vxlan: Fix error path in __vxlan_dev_create() Sasha Levin
` (25 subsequent siblings)
33 siblings, 0 replies; 34+ messages in thread
From: Sasha Levin @ 2019-11-22 5:54 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Vasundhara Volam, Michael Chan, David S . Miller, Sasha Levin, netdev
From: Vasundhara Volam <vasundhara-v.volam@broadcom.com>
[ Upstream commit 56d374624778652d2a999e18c87a25338b127b41 ]
With autoneg enabled, PHY loopback test fails. To disable autoneg,
driver needs to send a valid forced speed to FW. FW is not sending
async event for invalid speeds. To fix this, query forced speeds
and send the correct speed when disabling autoneg mode.
Signed-off-by: Vasundhara Volam <vasundhara-v.volam@broadcom.com>
Signed-off-by: Michael Chan <michael.chan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 22 ++++++++++++++++++-
1 file changed, 21 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
index 4879371ad0c75..fc8e185718a1d 100644
--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
+++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c
@@ -2258,17 +2258,37 @@ static int bnxt_hwrm_mac_loopback(struct bnxt *bp, bool enable)
return hwrm_send_message(bp, &req, sizeof(req), HWRM_CMD_TIMEOUT);
}
+static int bnxt_query_force_speeds(struct bnxt *bp, u16 *force_speeds)
+{
+ struct hwrm_port_phy_qcaps_output *resp = bp->hwrm_cmd_resp_addr;
+ struct hwrm_port_phy_qcaps_input req = {0};
+ int rc;
+
+ bnxt_hwrm_cmd_hdr_init(bp, &req, HWRM_PORT_PHY_QCAPS, -1, -1);
+ mutex_lock(&bp->hwrm_cmd_lock);
+ rc = _hwrm_send_message(bp, &req, sizeof(req), HWRM_CMD_TIMEOUT);
+ if (!rc)
+ *force_speeds = le16_to_cpu(resp->supported_speeds_force_mode);
+
+ mutex_unlock(&bp->hwrm_cmd_lock);
+ return rc;
+}
+
static int bnxt_disable_an_for_lpbk(struct bnxt *bp,
struct hwrm_port_phy_cfg_input *req)
{
struct bnxt_link_info *link_info = &bp->link_info;
- u16 fw_advertising = link_info->advertising;
+ u16 fw_advertising;
u16 fw_speed;
int rc;
if (!link_info->autoneg)
return 0;
+ rc = bnxt_query_force_speeds(bp, &fw_advertising);
+ if (rc)
+ return rc;
+
fw_speed = PORT_PHY_CFG_REQ_FORCE_LINK_SPEED_1GB;
if (netif_carrier_ok(bp->dev))
fw_speed = bp->link_info.link_speed;
--
2.20.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH AUTOSEL 4.14 052/127] vxlan: Fix error path in __vxlan_dev_create()
[not found] <20191122055544.3299-1-sashal@kernel.org>
` (7 preceding siblings ...)
2019-11-22 5:54 ` [PATCH AUTOSEL 4.14 041/127] bnxt_en: query force speeds before disabling autoneg mode Sasha Levin
@ 2019-11-22 5:54 ` Sasha Levin
2019-11-22 5:54 ` [PATCH AUTOSEL 4.14 062/127] ath6kl: Only use match sets when firmware supports it Sasha Levin
` (24 subsequent siblings)
33 siblings, 0 replies; 34+ messages in thread
From: Sasha Levin @ 2019-11-22 5:54 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: Petr Machata, David S . Miller, Sasha Levin, netdev
From: Petr Machata <petrm@mellanox.com>
[ Upstream commit 6db9246871394b3a136cd52001a0763676563840 ]
When a failure occurs in rtnl_configure_link(), the current code
calls unregister_netdevice() to roll back the earlier call to
register_netdevice(), and jumps to errout, which calls
vxlan_fdb_destroy().
However unregister_netdevice() calls transitively ndo_uninit, which is
vxlan_uninit(), and that already takes care of deleting the default FDB
entry by calling vxlan_fdb_delete_default(). Since the entry added
earlier in __vxlan_dev_create() is exactly the default entry, the
cleanup code in the errout block always leads to double free and thus a
panic.
Besides, since vxlan_fdb_delete_default() always destroys the FDB entry
with notification enabled, the deletion of the default entry is notified
even before the addition was notified.
Instead, move the unregister_netdevice() call after the manual destroy,
which solves both problems.
Fixes: 0241b836732f ("vxlan: fix default fdb entry netlink notify ordering during netdev create")
Signed-off-by: Petr Machata <petrm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/vxlan.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
index 6d26bbd190dd6..153a81ece9fe4 100644
--- a/drivers/net/vxlan.c
+++ b/drivers/net/vxlan.c
@@ -3217,6 +3217,7 @@ static int __vxlan_dev_create(struct net *net, struct net_device *dev,
struct vxlan_net *vn = net_generic(net, vxlan_net_id);
struct vxlan_dev *vxlan = netdev_priv(dev);
struct vxlan_fdb *f = NULL;
+ bool unregister = false;
int err;
err = vxlan_dev_configure(net, dev, conf, false, extack);
@@ -3242,12 +3243,11 @@ static int __vxlan_dev_create(struct net *net, struct net_device *dev,
err = register_netdevice(dev);
if (err)
goto errout;
+ unregister = true;
err = rtnl_configure_link(dev, NULL);
- if (err) {
- unregister_netdevice(dev);
+ if (err)
goto errout;
- }
/* notify default fdb entry */
if (f)
@@ -3255,9 +3255,16 @@ static int __vxlan_dev_create(struct net *net, struct net_device *dev,
list_add(&vxlan->next, &vn->vxlan_list);
return 0;
+
errout:
+ /* unregister_netdevice() destroys the default FDB entry with deletion
+ * notification. But the addition notification was not sent yet, so
+ * destroy the entry by hand here.
+ */
if (f)
vxlan_fdb_destroy(vxlan, f, false);
+ if (unregister)
+ unregister_netdevice(dev);
return err;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH AUTOSEL 4.14 062/127] ath6kl: Only use match sets when firmware supports it
[not found] <20191122055544.3299-1-sashal@kernel.org>
` (8 preceding siblings ...)
2019-11-22 5:54 ` [PATCH AUTOSEL 4.14 052/127] vxlan: Fix error path in __vxlan_dev_create() Sasha Levin
@ 2019-11-22 5:54 ` Sasha Levin
2019-11-22 5:54 ` [PATCH AUTOSEL 4.14 063/127] ath6kl: Fix off by one error in scan completion Sasha Levin
` (23 subsequent siblings)
33 siblings, 0 replies; 34+ messages in thread
From: Sasha Levin @ 2019-11-22 5:54 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Kyle Roeschley, Kalle Valo, Sasha Levin, linux-wireless, netdev
From: Kyle Roeschley <kyle.roeschley@ni.com>
[ Upstream commit fb376a495fbdb886f38cfaf5a3805401b9e46f13 ]
Commit dd45b7598f1c ("ath6kl: Include match ssid list in scheduled scan")
merged the probed and matched SSID lists before sending them to the
firmware. In the process, it assumed match set support is always available
in ath6kl_set_probed_ssids, which breaks scans for hidden SSIDs. Now, check
that the firmware supports matching SSIDs in scheduled scans before setting
MATCH_SSID_FLAG.
Fixes: dd45b7598f1c ("ath6kl: Include match ssid list in scheduled scan")
Signed-off-by: Kyle Roeschley <kyle.roeschley@ni.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath6kl/cfg80211.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/ath6kl/cfg80211.c b/drivers/net/wireless/ath/ath6kl/cfg80211.c
index 414b5b596efcd..f790d8021fa17 100644
--- a/drivers/net/wireless/ath/ath6kl/cfg80211.c
+++ b/drivers/net/wireless/ath/ath6kl/cfg80211.c
@@ -939,7 +939,7 @@ static int ath6kl_set_probed_ssids(struct ath6kl *ar,
else
ssid_list[i].flag = ANY_SSID_FLAG;
- if (n_match_ssid == 0)
+ if (ar->wiphy->max_match_sets != 0 && n_match_ssid == 0)
ssid_list[i].flag |= MATCH_SSID_FLAG;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH AUTOSEL 4.14 063/127] ath6kl: Fix off by one error in scan completion
[not found] <20191122055544.3299-1-sashal@kernel.org>
` (9 preceding siblings ...)
2019-11-22 5:54 ` [PATCH AUTOSEL 4.14 062/127] ath6kl: Only use match sets when firmware supports it Sasha Levin
@ 2019-11-22 5:54 ` Sasha Levin
2019-11-22 5:54 ` [PATCH AUTOSEL 4.14 081/127] net/netlink_compat: Fix a missing check of nla_parse_nested Sasha Levin
` (22 subsequent siblings)
33 siblings, 0 replies; 34+ messages in thread
From: Sasha Levin @ 2019-11-22 5:54 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Kyle Roeschley, Kalle Valo, Sasha Levin, linux-wireless, netdev
From: Kyle Roeschley <kyle.roeschley@ni.com>
[ Upstream commit 5803c12816c43bd09e5f4247dd9313c2d9a2c41b ]
When ath6kl was reworked to share code between regular and scheduled scans
in commit 3b8ffc6a22ba ("ath6kl: Configure probed SSID list consistently"),
probed SSID entry changed from 1-index to 0-indexed. However,
ath6kl_cfg80211_scan_complete_event() was missed in that change. Fix its
indexing so that we correctly clear out the probed SSID list.
Signed-off-by: Kyle Roeschley <kyle.roeschley@ni.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/ath/ath6kl/cfg80211.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/ath/ath6kl/cfg80211.c b/drivers/net/wireless/ath/ath6kl/cfg80211.c
index f790d8021fa17..37deb9bae3643 100644
--- a/drivers/net/wireless/ath/ath6kl/cfg80211.c
+++ b/drivers/net/wireless/ath/ath6kl/cfg80211.c
@@ -1093,7 +1093,7 @@ void ath6kl_cfg80211_scan_complete_event(struct ath6kl_vif *vif, bool aborted)
if (vif->scan_req->n_ssids && vif->scan_req->ssids[0].ssid_len) {
for (i = 0; i < vif->scan_req->n_ssids; i++) {
ath6kl_wmi_probedssid_cmd(ar->wmi, vif->fw_vif_idx,
- i + 1, DISABLE_SSID_FLAG,
+ i, DISABLE_SSID_FLAG,
0, NULL);
}
}
--
2.20.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH AUTOSEL 4.14 081/127] net/netlink_compat: Fix a missing check of nla_parse_nested
[not found] <20191122055544.3299-1-sashal@kernel.org>
` (10 preceding siblings ...)
2019-11-22 5:54 ` [PATCH AUTOSEL 4.14 063/127] ath6kl: Fix off by one error in scan completion Sasha Levin
@ 2019-11-22 5:54 ` Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 082/127] net/net_namespace: Check the return value of register_pernet_subsys() Sasha Levin
` (21 subsequent siblings)
33 siblings, 0 replies; 34+ messages in thread
From: Sasha Levin @ 2019-11-22 5:54 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Aditya Pakki, David S . Miller, Sasha Levin, netdev, tipc-discussion
From: Aditya Pakki <pakki001@umn.edu>
[ Upstream commit 89dfd0083751d00d5d7ead36f6d8b045bf89c5e1 ]
In tipc_nl_compat_sk_dump(), if nla_parse_nested() fails, it could return
an error. To be consistent with other invocations of the function call,
on error, the fix passes the return value upstream.
Signed-off-by: Aditya Pakki <pakki001@umn.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/tipc/netlink_compat.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/net/tipc/netlink_compat.c b/net/tipc/netlink_compat.c
index ad4dcc663c6de..1c8ac0c11008c 100644
--- a/net/tipc/netlink_compat.c
+++ b/net/tipc/netlink_compat.c
@@ -1021,8 +1021,11 @@ static int tipc_nl_compat_sk_dump(struct tipc_nl_compat_msg *msg,
u32 node;
struct nlattr *con[TIPC_NLA_CON_MAX + 1];
- nla_parse_nested(con, TIPC_NLA_CON_MAX,
- sock[TIPC_NLA_SOCK_CON], NULL, NULL);
+ err = nla_parse_nested(con, TIPC_NLA_CON_MAX,
+ sock[TIPC_NLA_SOCK_CON], NULL, NULL);
+
+ if (err)
+ return err;
node = nla_get_u32(con[TIPC_NLA_CON_NODE]);
tipc_tlv_sprintf(msg->rep, " connected to <%u.%u.%u:%u>",
--
2.20.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH AUTOSEL 4.14 082/127] net/net_namespace: Check the return value of register_pernet_subsys()
[not found] <20191122055544.3299-1-sashal@kernel.org>
` (11 preceding siblings ...)
2019-11-22 5:54 ` [PATCH AUTOSEL 4.14 081/127] net/netlink_compat: Fix a missing check of nla_parse_nested Sasha Levin
@ 2019-11-22 5:55 ` Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 085/127] net: (cpts) fix a missing check of clk_prepare Sasha Levin
` (20 subsequent siblings)
33 siblings, 0 replies; 34+ messages in thread
From: Sasha Levin @ 2019-11-22 5:55 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Aditya Pakki, Kirill Tkhai, David S . Miller, Sasha Levin, netdev
From: Aditya Pakki <pakki001@umn.edu>
[ Upstream commit 0eb987c874dc93f9c9d85a6465dbde20fdd3884c ]
In net_ns_init(), register_pernet_subsys() could fail while registering
network namespace subsystems. The fix checks the return value and
sends a panic() on failure.
Signed-off-by: Aditya Pakki <pakki001@umn.edu>
Reviewed-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/net_namespace.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
index 60b88718b1d48..1af25d53f63ca 100644
--- a/net/core/net_namespace.c
+++ b/net/core/net_namespace.c
@@ -854,7 +854,8 @@ static int __init net_ns_init(void)
mutex_unlock(&net_mutex);
- register_pernet_subsys(&net_ns_ops);
+ if (register_pernet_subsys(&net_ns_ops))
+ panic("Could not register network namespace subsystems");
rtnl_register(PF_UNSPEC, RTM_NEWNSID, rtnl_net_newid, NULL,
RTNL_FLAG_DOIT_UNLOCKED);
--
2.20.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH AUTOSEL 4.14 085/127] net: (cpts) fix a missing check of clk_prepare
[not found] <20191122055544.3299-1-sashal@kernel.org>
` (12 preceding siblings ...)
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 082/127] net/net_namespace: Check the return value of register_pernet_subsys() Sasha Levin
@ 2019-11-22 5:55 ` Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 086/127] net: stmicro: " Sasha Levin
` (19 subsequent siblings)
33 siblings, 0 replies; 34+ messages in thread
From: Sasha Levin @ 2019-11-22 5:55 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: Kangjie Lu, David S . Miller, Sasha Levin, netdev
From: Kangjie Lu <kjlu@umn.edu>
[ Upstream commit 2d822f2dbab7f4c820f72eb8570aacf3f35855bd ]
clk_prepare() could fail, so let's check its status, and if it fails,
return its error code upstream.
Signed-off-by: Kangjie Lu <kjlu@umn.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/ti/cpts.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/ti/cpts.c b/drivers/net/ethernet/ti/cpts.c
index e7b76f6b4f67e..7d1281d812480 100644
--- a/drivers/net/ethernet/ti/cpts.c
+++ b/drivers/net/ethernet/ti/cpts.c
@@ -567,7 +567,9 @@ struct cpts *cpts_create(struct device *dev, void __iomem *regs,
return ERR_PTR(PTR_ERR(cpts->refclk));
}
- clk_prepare(cpts->refclk);
+ ret = clk_prepare(cpts->refclk);
+ if (ret)
+ return ERR_PTR(ret);
cpts->cc.read = cpts_systim_read;
cpts->cc.mask = CLOCKSOURCE_MASK(32);
--
2.20.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH AUTOSEL 4.14 086/127] net: stmicro: fix a missing check of clk_prepare
[not found] <20191122055544.3299-1-sashal@kernel.org>
` (13 preceding siblings ...)
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 085/127] net: (cpts) fix a missing check of clk_prepare Sasha Levin
@ 2019-11-22 5:55 ` Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 087/127] net: dsa: bcm_sf2: Propagate error value from mdio_write Sasha Levin
` (18 subsequent siblings)
33 siblings, 0 replies; 34+ messages in thread
From: Sasha Levin @ 2019-11-22 5:55 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Kangjie Lu, David S . Miller, Sasha Levin, netdev,
linux-arm-kernel, linux-stm32
From: Kangjie Lu <kjlu@umn.edu>
[ Upstream commit f86a3b83833e7cfe558ca4d70b64ebc48903efec ]
clk_prepare() could fail, so let's check its status, and if it fails,
return its error code upstream.
Signed-off-by: Kangjie Lu <kjlu@umn.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/stmicro/stmmac/dwmac-sunxi.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-sunxi.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-sunxi.c
index d07520fb969e6..62ccbd47c1db2 100644
--- a/drivers/net/ethernet/stmicro/stmmac/dwmac-sunxi.c
+++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-sunxi.c
@@ -59,7 +59,9 @@ static int sun7i_gmac_init(struct platform_device *pdev, void *priv)
gmac->clk_enabled = 1;
} else {
clk_set_rate(gmac->tx_clk, SUN7I_GMAC_MII_RATE);
- clk_prepare(gmac->tx_clk);
+ ret = clk_prepare(gmac->tx_clk);
+ if (ret)
+ return ret;
}
return 0;
--
2.20.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH AUTOSEL 4.14 087/127] net: dsa: bcm_sf2: Propagate error value from mdio_write
[not found] <20191122055544.3299-1-sashal@kernel.org>
` (14 preceding siblings ...)
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 086/127] net: stmicro: " Sasha Levin
@ 2019-11-22 5:55 ` Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 088/127] atl1e: checking the status of atl1e_write_phy_reg Sasha Levin
` (17 subsequent siblings)
33 siblings, 0 replies; 34+ messages in thread
From: Sasha Levin @ 2019-11-22 5:55 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: Kangjie Lu, David S . Miller, Sasha Levin, netdev
From: Kangjie Lu <kjlu@umn.edu>
[ Upstream commit e49505f7255be8ced695919c08a29bf2c3d79616 ]
Both bcm_sf2_sw_indir_rw and mdiobus_write_nested could fail, so let's
return their error codes upstream.
Signed-off-by: Kangjie Lu <kjlu@umn.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/dsa/bcm_sf2.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/net/dsa/bcm_sf2.c b/drivers/net/dsa/bcm_sf2.c
index 604c5abc08eb8..c6e154698c741 100644
--- a/drivers/net/dsa/bcm_sf2.c
+++ b/drivers/net/dsa/bcm_sf2.c
@@ -432,11 +432,10 @@ static int bcm_sf2_sw_mdio_write(struct mii_bus *bus, int addr, int regnum,
* send them to our master MDIO bus controller
*/
if (addr == BRCM_PSEUDO_PHY_ADDR && priv->indir_phy_mask & BIT(addr))
- bcm_sf2_sw_indir_rw(priv, 0, addr, regnum, val);
+ return bcm_sf2_sw_indir_rw(priv, 0, addr, regnum, val);
else
- mdiobus_write_nested(priv->master_mii_bus, addr, regnum, val);
-
- return 0;
+ return mdiobus_write_nested(priv->master_mii_bus, addr,
+ regnum, val);
}
static irqreturn_t bcm_sf2_switch_0_isr(int irq, void *dev_id)
--
2.20.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH AUTOSEL 4.14 088/127] atl1e: checking the status of atl1e_write_phy_reg
[not found] <20191122055544.3299-1-sashal@kernel.org>
` (15 preceding siblings ...)
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 087/127] net: dsa: bcm_sf2: Propagate error value from mdio_write Sasha Levin
@ 2019-11-22 5:55 ` Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 089/127] tipc: fix a missing check of genlmsg_put Sasha Levin
` (16 subsequent siblings)
33 siblings, 0 replies; 34+ messages in thread
From: Sasha Levin @ 2019-11-22 5:55 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: Kangjie Lu, David S . Miller, Sasha Levin, netdev
From: Kangjie Lu <kjlu@umn.edu>
[ Upstream commit ff07d48d7bc0974d4f96a85a4df14564fb09f1ef ]
atl1e_write_phy_reg() could fail. The fix issues an error message when
it fails.
Signed-off-by: Kangjie Lu <kjlu@umn.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/atheros/atl1e/atl1e_main.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
index 4f7e195af0bc6..0d08039981b54 100644
--- a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
+++ b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
@@ -472,7 +472,9 @@ static void atl1e_mdio_write(struct net_device *netdev, int phy_id,
{
struct atl1e_adapter *adapter = netdev_priv(netdev);
- atl1e_write_phy_reg(&adapter->hw, reg_num & MDIO_REG_ADDR_MASK, val);
+ if (atl1e_write_phy_reg(&adapter->hw,
+ reg_num & MDIO_REG_ADDR_MASK, val))
+ netdev_err(netdev, "write phy register failed\n");
}
static int atl1e_mii_ioctl(struct net_device *netdev,
--
2.20.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH AUTOSEL 4.14 089/127] tipc: fix a missing check of genlmsg_put
[not found] <20191122055544.3299-1-sashal@kernel.org>
` (16 preceding siblings ...)
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 088/127] atl1e: checking the status of atl1e_write_phy_reg Sasha Levin
@ 2019-11-22 5:55 ` Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 090/127] net/wan/fsl_ucc_hdlc: Avoid double free in ucc_hdlc_probe() Sasha Levin
` (15 subsequent siblings)
33 siblings, 0 replies; 34+ messages in thread
From: Sasha Levin @ 2019-11-22 5:55 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Kangjie Lu, David S . Miller, Sasha Levin, netdev, tipc-discussion
From: Kangjie Lu <kjlu@umn.edu>
[ Upstream commit 46273cf7e009231d2b6bc10a926e82b8928a9fb2 ]
genlmsg_put could fail. The fix inserts a check of its return value, and
if it fails, returns -EMSGSIZE.
Signed-off-by: Kangjie Lu <kjlu@umn.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/tipc/netlink_compat.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/tipc/netlink_compat.c b/net/tipc/netlink_compat.c
index 1c8ac0c11008c..91d51a595ac23 100644
--- a/net/tipc/netlink_compat.c
+++ b/net/tipc/netlink_compat.c
@@ -974,6 +974,8 @@ static int tipc_nl_compat_publ_dump(struct tipc_nl_compat_msg *msg, u32 sock)
hdr = genlmsg_put(args, 0, 0, &tipc_genl_family, NLM_F_MULTI,
TIPC_NL_PUBL_GET);
+ if (!hdr)
+ return -EMSGSIZE;
nest = nla_nest_start(args, TIPC_NLA_SOCK);
if (!nest) {
--
2.20.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH AUTOSEL 4.14 090/127] net/wan/fsl_ucc_hdlc: Avoid double free in ucc_hdlc_probe()
[not found] <20191122055544.3299-1-sashal@kernel.org>
` (17 preceding siblings ...)
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 089/127] tipc: fix a missing check of genlmsg_put Sasha Levin
@ 2019-11-22 5:55 ` Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 099/127] tipc: fix memory leak in tipc_nl_compat_publ_dump Sasha Levin
` (14 subsequent siblings)
33 siblings, 0 replies; 34+ messages in thread
From: Sasha Levin @ 2019-11-22 5:55 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Wen Yang, Peng Hao, Zhao Qiang, David S. Miller, netdev,
linuxppc-dev, Sasha Levin
From: Wen Yang <wen.yang99@zte.com.cn>
[ Upstream commit 40752b3eae29f8ca2378e978a02bd6dbeeb06d16 ]
This patch fixes potential double frees if register_hdlc_device() fails.
Signed-off-by: Wen Yang <wen.yang99@zte.com.cn>
Reviewed-by: Peng Hao <peng.hao2@zte.com.cn>
CC: Zhao Qiang <qiang.zhao@nxp.com>
CC: "David S. Miller" <davem@davemloft.net>
CC: netdev@vger.kernel.org
CC: linuxppc-dev@lists.ozlabs.org
CC: linux-kernel@vger.kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wan/fsl_ucc_hdlc.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/net/wan/fsl_ucc_hdlc.c b/drivers/net/wan/fsl_ucc_hdlc.c
index 18b648648adb2..289dff262948d 100644
--- a/drivers/net/wan/fsl_ucc_hdlc.c
+++ b/drivers/net/wan/fsl_ucc_hdlc.c
@@ -1114,7 +1114,6 @@ static int ucc_hdlc_probe(struct platform_device *pdev)
if (register_hdlc_device(dev)) {
ret = -ENOBUFS;
pr_err("ucc_hdlc: unable to register hdlc device\n");
- free_netdev(dev);
goto free_dev;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH AUTOSEL 4.14 099/127] tipc: fix memory leak in tipc_nl_compat_publ_dump
[not found] <20191122055544.3299-1-sashal@kernel.org>
` (18 preceding siblings ...)
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 090/127] net/wan/fsl_ucc_hdlc: Avoid double free in ucc_hdlc_probe() Sasha Levin
@ 2019-11-22 5:55 ` Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 100/127] net/core/neighbour: tell kmemleak about hash tables Sasha Levin
` (13 subsequent siblings)
33 siblings, 0 replies; 34+ messages in thread
From: Sasha Levin @ 2019-11-22 5:55 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Gustavo A. R. Silva, Ying Xue, David S . Miller, Sasha Levin,
netdev, tipc-discussion
From: "Gustavo A. R. Silva" <gustavo@embeddedor.com>
[ Upstream commit f87d8ad9233f115db92c6c087d58403b0009ed36 ]
There is a memory leak in case genlmsg_put fails.
Fix this by freeing *args* before return.
Addresses-Coverity-ID: 1476406 ("Resource leak")
Fixes: 46273cf7e009 ("tipc: fix a missing check of genlmsg_put")
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Acked-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/tipc/netlink_compat.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/tipc/netlink_compat.c b/net/tipc/netlink_compat.c
index 91d51a595ac23..bbd05707c4e07 100644
--- a/net/tipc/netlink_compat.c
+++ b/net/tipc/netlink_compat.c
@@ -974,8 +974,10 @@ static int tipc_nl_compat_publ_dump(struct tipc_nl_compat_msg *msg, u32 sock)
hdr = genlmsg_put(args, 0, 0, &tipc_genl_family, NLM_F_MULTI,
TIPC_NL_PUBL_GET);
- if (!hdr)
+ if (!hdr) {
+ kfree_skb(args);
return -EMSGSIZE;
+ }
nest = nla_nest_start(args, TIPC_NLA_SOCK);
if (!nest) {
--
2.20.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH AUTOSEL 4.14 100/127] net/core/neighbour: tell kmemleak about hash tables
[not found] <20191122055544.3299-1-sashal@kernel.org>
` (19 preceding siblings ...)
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 099/127] tipc: fix memory leak in tipc_nl_compat_publ_dump Sasha Levin
@ 2019-11-22 5:55 ` Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 102/127] net/core/neighbour: fix kmemleak minimal reference count for " Sasha Levin
` (12 subsequent siblings)
33 siblings, 0 replies; 34+ messages in thread
From: Sasha Levin @ 2019-11-22 5:55 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Konstantin Khlebnikov, David S . Miller, Sasha Levin, netdev
From: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
[ Upstream commit 85704cb8dcfd88d351bfc87faaeba1c8214f3177 ]
This fixes false-positive kmemleak reports about leaked neighbour entries:
unreferenced object 0xffff8885c6e4d0a8 (size 1024):
comm "softirq", pid 0, jiffies 4294922664 (age 167640.804s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 20 2c f3 83 ff ff ff ff ........ ,......
08 c0 ef 5f 84 88 ff ff 01 8c 7d 02 01 00 00 00 ..._......}.....
backtrace:
[<00000000748509fe>] ip6_finish_output2+0x887/0x1e40
[<0000000036d7a0d8>] ip6_output+0x1ba/0x600
[<0000000027ea7dba>] ip6_send_skb+0x92/0x2f0
[<00000000d6e2111d>] udp_v6_send_skb.isra.24+0x680/0x15e0
[<000000000668a8be>] udpv6_sendmsg+0x18c9/0x27a0
[<000000004bd5fa90>] sock_sendmsg+0xb3/0xf0
[<000000008227b29f>] ___sys_sendmsg+0x745/0x8f0
[<000000008698009d>] __sys_sendmsg+0xde/0x170
[<00000000889dacf1>] do_syscall_64+0x9b/0x400
[<0000000081cdb353>] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[<000000005767ed39>] 0xffffffffffffffff
Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/neighbour.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index eb3efeabac91d..9a28a21a51f05 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -18,6 +18,7 @@
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/slab.h>
+#include <linux/kmemleak.h>
#include <linux/types.h>
#include <linux/kernel.h>
#include <linux/module.h>
@@ -361,12 +362,14 @@ static struct neigh_hash_table *neigh_hash_alloc(unsigned int shift)
ret = kmalloc(sizeof(*ret), GFP_ATOMIC);
if (!ret)
return NULL;
- if (size <= PAGE_SIZE)
+ if (size <= PAGE_SIZE) {
buckets = kzalloc(size, GFP_ATOMIC);
- else
+ } else {
buckets = (struct neighbour __rcu **)
__get_free_pages(GFP_ATOMIC | __GFP_ZERO,
get_order(size));
+ kmemleak_alloc(buckets, size, 0, GFP_ATOMIC);
+ }
if (!buckets) {
kfree(ret);
return NULL;
@@ -386,10 +389,12 @@ static void neigh_hash_free_rcu(struct rcu_head *head)
size_t size = (1 << nht->hash_shift) * sizeof(struct neighbour *);
struct neighbour __rcu **buckets = nht->hash_buckets;
- if (size <= PAGE_SIZE)
+ if (size <= PAGE_SIZE) {
kfree(buckets);
- else
+ } else {
+ kmemleak_free(buckets);
free_pages((unsigned long)buckets, get_order(size));
+ }
kfree(nht);
}
--
2.20.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH AUTOSEL 4.14 102/127] net/core/neighbour: fix kmemleak minimal reference count for hash tables
[not found] <20191122055544.3299-1-sashal@kernel.org>
` (20 preceding siblings ...)
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 100/127] net/core/neighbour: tell kmemleak about hash tables Sasha Levin
@ 2019-11-22 5:55 ` Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 105/127] sfc: suppress duplicate nvmem partition types in efx_ef10_mtd_probe Sasha Levin
` (11 subsequent siblings)
33 siblings, 0 replies; 34+ messages in thread
From: Sasha Levin @ 2019-11-22 5:55 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Konstantin Khlebnikov, Cong Wang, David S . Miller, Sasha Levin, netdev
From: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
[ Upstream commit 01b833ab44c9e484060aad72267fc7e71beb559b ]
This should be 1 for normal allocations, 0 disables leak reporting.
Signed-off-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Reported-by: Cong Wang <xiyou.wangcong@gmail.com>
Fixes: 85704cb8dcfd ("net/core/neighbour: tell kmemleak about hash tables")
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/neighbour.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index 9a28a21a51f05..2664ad58e5c01 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -368,7 +368,7 @@ static struct neigh_hash_table *neigh_hash_alloc(unsigned int shift)
buckets = (struct neighbour __rcu **)
__get_free_pages(GFP_ATOMIC | __GFP_ZERO,
get_order(size));
- kmemleak_alloc(buckets, size, 0, GFP_ATOMIC);
+ kmemleak_alloc(buckets, size, 1, GFP_ATOMIC);
}
if (!buckets) {
kfree(ret);
--
2.20.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH AUTOSEL 4.14 105/127] sfc: suppress duplicate nvmem partition types in efx_ef10_mtd_probe
[not found] <20191122055544.3299-1-sashal@kernel.org>
` (21 preceding siblings ...)
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 102/127] net/core/neighbour: fix kmemleak minimal reference count for " Sasha Levin
@ 2019-11-22 5:55 ` Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 106/127] ip_tunnel: Make none-tunnel-dst tunnel port work with lwtunnel Sasha Levin
` (10 subsequent siblings)
33 siblings, 0 replies; 34+ messages in thread
From: Sasha Levin @ 2019-11-22 5:55 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: Edward Cree, David S . Miller, Sasha Levin, netdev
From: Edward Cree <ecree@solarflare.com>
[ Upstream commit 3366463513f544c12c6b88c13da4462ee9e7a1a1 ]
Use a bitmap to keep track of which partition types we've already seen;
for duplicates, return -EEXIST from efx_ef10_mtd_probe_partition() and
thus skip adding that partition.
Duplicate partitions occur because of the A/B backup scheme used by newer
sfc NICs. Prior to this patch they cause sysfs_warn_dup errors because
they have the same name, causing us not to expose any MTDs at all.
Signed-off-by: Edward Cree <ecree@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/sfc/ef10.c | 29 +++++++++++++++++++++--------
1 file changed, 21 insertions(+), 8 deletions(-)
diff --git a/drivers/net/ethernet/sfc/ef10.c b/drivers/net/ethernet/sfc/ef10.c
index 09352ee43b55c..cc3be94d05622 100644
--- a/drivers/net/ethernet/sfc/ef10.c
+++ b/drivers/net/ethernet/sfc/ef10.c
@@ -5852,22 +5852,25 @@ static const struct efx_ef10_nvram_type_info efx_ef10_nvram_types[] = {
{ NVRAM_PARTITION_TYPE_LICENSE, 0, 0, "sfc_license" },
{ NVRAM_PARTITION_TYPE_PHY_MIN, 0xff, 0, "sfc_phy_fw" },
};
+#define EF10_NVRAM_PARTITION_COUNT ARRAY_SIZE(efx_ef10_nvram_types)
static int efx_ef10_mtd_probe_partition(struct efx_nic *efx,
struct efx_mcdi_mtd_partition *part,
- unsigned int type)
+ unsigned int type,
+ unsigned long *found)
{
MCDI_DECLARE_BUF(inbuf, MC_CMD_NVRAM_METADATA_IN_LEN);
MCDI_DECLARE_BUF(outbuf, MC_CMD_NVRAM_METADATA_OUT_LENMAX);
const struct efx_ef10_nvram_type_info *info;
size_t size, erase_size, outlen;
+ int type_idx = 0;
bool protected;
int rc;
- for (info = efx_ef10_nvram_types; ; info++) {
- if (info ==
- efx_ef10_nvram_types + ARRAY_SIZE(efx_ef10_nvram_types))
+ for (type_idx = 0; ; type_idx++) {
+ if (type_idx == EF10_NVRAM_PARTITION_COUNT)
return -ENODEV;
+ info = efx_ef10_nvram_types + type_idx;
if ((type & ~info->type_mask) == info->type)
break;
}
@@ -5880,6 +5883,13 @@ static int efx_ef10_mtd_probe_partition(struct efx_nic *efx,
if (protected)
return -ENODEV; /* hide it */
+ /* If we've already exposed a partition of this type, hide this
+ * duplicate. All operations on MTDs are keyed by the type anyway,
+ * so we can't act on the duplicate.
+ */
+ if (__test_and_set_bit(type_idx, found))
+ return -EEXIST;
+
part->nvram_type = type;
MCDI_SET_DWORD(inbuf, NVRAM_METADATA_IN_TYPE, type);
@@ -5908,6 +5918,7 @@ static int efx_ef10_mtd_probe_partition(struct efx_nic *efx,
static int efx_ef10_mtd_probe(struct efx_nic *efx)
{
MCDI_DECLARE_BUF(outbuf, MC_CMD_NVRAM_PARTITIONS_OUT_LENMAX);
+ DECLARE_BITMAP(found, EF10_NVRAM_PARTITION_COUNT);
struct efx_mcdi_mtd_partition *parts;
size_t outlen, n_parts_total, i, n_parts;
unsigned int type;
@@ -5936,11 +5947,13 @@ static int efx_ef10_mtd_probe(struct efx_nic *efx)
for (i = 0; i < n_parts_total; i++) {
type = MCDI_ARRAY_DWORD(outbuf, NVRAM_PARTITIONS_OUT_TYPE_ID,
i);
- rc = efx_ef10_mtd_probe_partition(efx, &parts[n_parts], type);
- if (rc == 0)
- n_parts++;
- else if (rc != -ENODEV)
+ rc = efx_ef10_mtd_probe_partition(efx, &parts[n_parts], type,
+ found);
+ if (rc == -EEXIST || rc == -ENODEV)
+ continue;
+ if (rc)
goto fail;
+ n_parts++;
}
rc = efx_mtd_add(efx, &parts[0].common, n_parts, sizeof(*parts));
--
2.20.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH AUTOSEL 4.14 106/127] ip_tunnel: Make none-tunnel-dst tunnel port work with lwtunnel
[not found] <20191122055544.3299-1-sashal@kernel.org>
` (22 preceding siblings ...)
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 105/127] sfc: suppress duplicate nvmem partition types in efx_ef10_mtd_probe Sasha Levin
@ 2019-11-22 5:55 ` Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 107/127] decnet: fix DN_IFREQ_SIZE Sasha Levin
` (9 subsequent siblings)
33 siblings, 0 replies; 34+ messages in thread
From: Sasha Levin @ 2019-11-22 5:55 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: wenxu, David S . Miller, Sasha Levin, netdev
From: wenxu <wenxu@ucloud.cn>
[ Upstream commit d71b57532d70c03f4671dd04e84157ac6bf021b0 ]
ip l add dev tun type gretap key 1000
ip a a dev tun 10.0.0.1/24
Packets with tun-id 1000 can be recived by tun dev. But packet can't
be sent through dev tun for non-tunnel-dst
With this patch: tunnel-dst can be get through lwtunnel like beflow:
ip r a 10.0.0.7 encap ip dst 172.168.0.11 dev tun
Signed-off-by: wenxu <wenxu@ucloud.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/ip_tunnel.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c
index fabc299cb875f..7a31287ff1232 100644
--- a/net/ipv4/ip_tunnel.c
+++ b/net/ipv4/ip_tunnel.c
@@ -661,13 +661,19 @@ void ip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev,
dst = tnl_params->daddr;
if (dst == 0) {
/* NBMA tunnel */
+ struct ip_tunnel_info *tun_info;
if (!skb_dst(skb)) {
dev->stats.tx_fifo_errors++;
goto tx_error;
}
- if (skb->protocol == htons(ETH_P_IP)) {
+ tun_info = skb_tunnel_info(skb);
+ if (tun_info && (tun_info->mode & IP_TUNNEL_INFO_TX) &&
+ ip_tunnel_info_af(tun_info) == AF_INET &&
+ tun_info->key.u.ipv4.dst)
+ dst = tun_info->key.u.ipv4.dst;
+ else if (skb->protocol == htons(ETH_P_IP)) {
rt = skb_rtable(skb);
dst = rt_nexthop(rt, inner_iph->daddr);
}
--
2.20.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH AUTOSEL 4.14 107/127] decnet: fix DN_IFREQ_SIZE
[not found] <20191122055544.3299-1-sashal@kernel.org>
` (23 preceding siblings ...)
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 106/127] ip_tunnel: Make none-tunnel-dst tunnel port work with lwtunnel Sasha Levin
@ 2019-11-22 5:55 ` Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 108/127] net/smc: prevent races between smc_lgr_terminate() and smc_conn_free() Sasha Levin
` (8 subsequent siblings)
33 siblings, 0 replies; 34+ messages in thread
From: Sasha Levin @ 2019-11-22 5:55 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Johannes Berg, David S . Miller, Sasha Levin, linux-decnet-user, netdev
From: Johannes Berg <johannes.berg@intel.com>
[ Upstream commit 50c2936634bcb1db78a8ca63249236810c11a80f ]
Digging through the ioctls with Al because of the previous
patches, we found that on 64-bit decnet's dn_dev_ioctl()
is wrong, because struct ifreq::ifr_ifru is actually 24
bytes (not 16 as expected from struct sockaddr) due to the
ifru_map and ifru_settings members.
Clearly, decnet expects the ioctl to be called with a struct
like
struct ifreq_dn {
char ifr_name[IFNAMSIZ];
struct sockaddr_dn ifr_addr;
};
since it does
struct ifreq *ifr = ...;
struct sockaddr_dn *sdn = (struct sockaddr_dn *)&ifr->ifr_addr;
This means that DN_IFREQ_SIZE is too big for what it wants on
64-bit, as it is
sizeof(struct ifreq) - sizeof(struct sockaddr) +
sizeof(struct sockaddr_dn)
This assumes that sizeof(struct sockaddr) is the size of ifr_ifru
but that isn't true.
Fix this to use offsetof(struct ifreq, ifr_ifru).
This indeed doesn't really matter much - the result is that we
copy in/out 8 bytes more than we should on 64-bit platforms. In
case the "struct ifreq_dn" lands just on the end of a page though
it might lead to faults.
As far as I can tell, it has been like this forever, so it seems
very likely that nobody cares.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/decnet/dn_dev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/decnet/dn_dev.c b/net/decnet/dn_dev.c
index df042b6d80b83..22876a197ebec 100644
--- a/net/decnet/dn_dev.c
+++ b/net/decnet/dn_dev.c
@@ -56,7 +56,7 @@
#include <net/dn_neigh.h>
#include <net/dn_fib.h>
-#define DN_IFREQ_SIZE (sizeof(struct ifreq) - sizeof(struct sockaddr) + sizeof(struct sockaddr_dn))
+#define DN_IFREQ_SIZE (offsetof(struct ifreq, ifr_ifru) + sizeof(struct sockaddr_dn))
static char dn_rt_all_end_mcast[ETH_ALEN] = {0xAB,0x00,0x00,0x04,0x00,0x00};
static char dn_rt_all_rt_mcast[ETH_ALEN] = {0xAB,0x00,0x00,0x03,0x00,0x00};
--
2.20.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH AUTOSEL 4.14 108/127] net/smc: prevent races between smc_lgr_terminate() and smc_conn_free()
[not found] <20191122055544.3299-1-sashal@kernel.org>
` (24 preceding siblings ...)
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 107/127] decnet: fix DN_IFREQ_SIZE Sasha Levin
@ 2019-11-22 5:55 ` Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 110/127] tipc: fix skb may be leaky in tipc_link_input Sasha Levin
` (7 subsequent siblings)
33 siblings, 0 replies; 34+ messages in thread
From: Sasha Levin @ 2019-11-22 5:55 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Karsten Graul, Ursula Braun, David S . Miller, Sasha Levin,
linux-s390, netdev
From: Karsten Graul <kgraul@linux.ibm.com>
[ Upstream commit 77f838ace755d2f466536c44dac6c856f62cd901 ]
To prevent races between smc_lgr_terminate() and smc_conn_free() add an
extra check of the lgr field before accessing it, and cancel a delayed
free_work when a new smc connection is created.
This fixes the problem that free_work cleared the lgr variable but
smc_lgr_terminate() or smc_conn_free() still access it in parallel.
Signed-off-by: Karsten Graul <kgraul@linux.ibm.com>
Signed-off-by: Ursula Braun <ubraun@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/smc/smc_core.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/net/smc/smc_core.c b/net/smc/smc_core.c
index f04a037dc9677..0de788fa43e95 100644
--- a/net/smc/smc_core.c
+++ b/net/smc/smc_core.c
@@ -103,6 +103,8 @@ static void smc_lgr_unregister_conn(struct smc_connection *conn)
struct smc_link_group *lgr = conn->lgr;
int reduced = 0;
+ if (!lgr)
+ return;
write_lock_bh(&lgr->conns_lock);
if (conn->alert_token_local) {
reduced = 1;
@@ -431,6 +433,8 @@ int smc_conn_create(struct smc_sock *smc, __be32 peer_in_addr,
local_contact = SMC_REUSE_CONTACT;
conn->lgr = lgr;
smc_lgr_register_conn(conn); /* add smc conn to lgr */
+ if (delayed_work_pending(&lgr->free_work))
+ cancel_delayed_work(&lgr->free_work);
write_unlock_bh(&lgr->conns_lock);
break;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH AUTOSEL 4.14 110/127] tipc: fix skb may be leaky in tipc_link_input
[not found] <20191122055544.3299-1-sashal@kernel.org>
` (25 preceding siblings ...)
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 108/127] net/smc: prevent races between smc_lgr_terminate() and smc_conn_free() Sasha Levin
@ 2019-11-22 5:55 ` Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 111/127] sfc: initialise found bitmap in efx_ef10_mtd_probe Sasha Levin
` (6 subsequent siblings)
33 siblings, 0 replies; 34+ messages in thread
From: Sasha Levin @ 2019-11-22 5:55 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Hoang Le, Ying Xue, Jon Maloy, David S . Miller, Sasha Levin,
netdev, tipc-discussion
From: Hoang Le <hoang.h.le@dektech.com.au>
[ Upstream commit 7384b538d3aed2ed49d3575483d17aeee790fb06 ]
When we free skb at tipc_data_input, we return a 'false' boolean.
Then, skb passed to subcalling tipc_link_input in tipc_link_rcv,
<snip>
1303 int tipc_link_rcv:
...
1354 if (!tipc_data_input(l, skb, l->inputq))
1355 rc |= tipc_link_input(l, skb, l->inputq);
</snip>
Fix it by simple changing to a 'true' boolean when skb is being free-ed.
Then, tipc_link_rcv will bypassed to subcalling tipc_link_input as above
condition.
Acked-by: Ying Xue <ying.xue@windriver.com>
Acked-by: Jon Maloy <maloy@donjonn.com>
Signed-off-by: Hoang Le <hoang.h.le@dektech.com.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/tipc/link.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/tipc/link.c b/net/tipc/link.c
index 631bfc7e9127e..da749916faac4 100644
--- a/net/tipc/link.c
+++ b/net/tipc/link.c
@@ -1073,7 +1073,7 @@ static bool tipc_data_input(struct tipc_link *l, struct sk_buff *skb,
default:
pr_warn("Dropping received illegal msg type\n");
kfree_skb(skb);
- return false;
+ return true;
};
}
--
2.20.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH AUTOSEL 4.14 111/127] sfc: initialise found bitmap in efx_ef10_mtd_probe
[not found] <20191122055544.3299-1-sashal@kernel.org>
` (26 preceding siblings ...)
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 110/127] tipc: fix skb may be leaky in tipc_link_input Sasha Levin
@ 2019-11-22 5:55 ` Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 112/127] net: fix possible overflow in __sk_mem_raise_allocated() Sasha Levin
` (5 subsequent siblings)
33 siblings, 0 replies; 34+ messages in thread
From: Sasha Levin @ 2019-11-22 5:55 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: Bert Kenward, David S . Miller, Sasha Levin, netdev
From: Bert Kenward <bkenward@solarflare.com>
[ Upstream commit c65285428b6e7797f1bb063f33b0ae7e93397b7b ]
The bitmap of found partitions in efx_ef10_mtd_probe was not
initialised, causing partitions to be suppressed based off whatever
value was in the bitmap at the start.
Fixes: 3366463513f5 ("sfc: suppress duplicate nvmem partition types in efx_ef10_mtd_probe")
Signed-off-by: Bert Kenward <bkenward@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/sfc/ef10.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/sfc/ef10.c b/drivers/net/ethernet/sfc/ef10.c
index cc3be94d05622..2d92a9fe4606c 100644
--- a/drivers/net/ethernet/sfc/ef10.c
+++ b/drivers/net/ethernet/sfc/ef10.c
@@ -5918,7 +5918,7 @@ static int efx_ef10_mtd_probe_partition(struct efx_nic *efx,
static int efx_ef10_mtd_probe(struct efx_nic *efx)
{
MCDI_DECLARE_BUF(outbuf, MC_CMD_NVRAM_PARTITIONS_OUT_LENMAX);
- DECLARE_BITMAP(found, EF10_NVRAM_PARTITION_COUNT);
+ DECLARE_BITMAP(found, EF10_NVRAM_PARTITION_COUNT) = { 0 };
struct efx_mcdi_mtd_partition *parts;
size_t outlen, n_parts_total, i, n_parts;
unsigned int type;
--
2.20.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH AUTOSEL 4.14 112/127] net: fix possible overflow in __sk_mem_raise_allocated()
[not found] <20191122055544.3299-1-sashal@kernel.org>
` (27 preceding siblings ...)
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 111/127] sfc: initialise found bitmap in efx_ef10_mtd_probe Sasha Levin
@ 2019-11-22 5:55 ` Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 113/127] sctp: don't compare hb_timer expire date before starting it Sasha Levin
` (4 subsequent siblings)
33 siblings, 0 replies; 34+ messages in thread
From: Sasha Levin @ 2019-11-22 5:55 UTC (permalink / raw)
To: linux-kernel, stable; +Cc: Eric Dumazet, David S . Miller, Sasha Levin, netdev
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 5bf325a53202b8728cf7013b72688c46071e212e ]
With many active TCP sockets, fat TCP sockets could fool
__sk_mem_raise_allocated() thanks to an overflow.
They would increase their share of the memory, instead
of decreasing it.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/sock.h | 2 +-
net/core/sock.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/net/sock.h b/include/net/sock.h
index 780c6c0a86f04..0af46cbd3649c 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -1232,7 +1232,7 @@ static inline void sk_sockets_allocated_inc(struct sock *sk)
percpu_counter_inc(sk->sk_prot->sockets_allocated);
}
-static inline int
+static inline u64
sk_sockets_allocated_read_positive(struct sock *sk)
{
return percpu_counter_read_positive(sk->sk_prot->sockets_allocated);
diff --git a/net/core/sock.c b/net/core/sock.c
index 7ccbcd853cbce..90ccbbf9e6b00 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -2357,7 +2357,7 @@ int __sk_mem_raise_allocated(struct sock *sk, int size, int amt, int kind)
}
if (sk_has_memory_pressure(sk)) {
- int alloc;
+ u64 alloc;
if (!sk_under_memory_pressure(sk))
return 1;
--
2.20.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH AUTOSEL 4.14 113/127] sctp: don't compare hb_timer expire date before starting it
[not found] <20191122055544.3299-1-sashal@kernel.org>
` (28 preceding siblings ...)
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 112/127] net: fix possible overflow in __sk_mem_raise_allocated() Sasha Levin
@ 2019-11-22 5:55 ` Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 114/127] bpf: decrease usercnt if bpf_map_new_fd() fails in bpf_map_get_fd_by_id() Sasha Levin
` (3 subsequent siblings)
33 siblings, 0 replies; 34+ messages in thread
From: Sasha Levin @ 2019-11-22 5:55 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Maciej Kwiecien, Marcin Stojek, Alexander Sverdlin,
Marcelo Ricardo Leitner, David S . Miller, Sasha Levin,
linux-sctp, netdev
From: Maciej Kwiecien <maciej.kwiecien@nokia.com>
[ Upstream commit d1f20c03f48102e52eb98b8651d129b83134cae4 ]
hb_timer might not start at all for a particular transport because its
start is conditional. In a result a node is not sending heartbeats.
Function sctp_transport_reset_hb_timer has two roles:
- initial start of hb_timer for a given transport,
- update expire date of hb_timer for a given transport.
The function is optimized to update timer's expire only if it is before
a new calculated one but this comparison is invalid for a timer which
has not yet started. Such a timer has expire == 0 and if a new expire
value is bigger than (MAX_JIFFIES / 2 + 2) then "time_before" macro will
fail and timer will not start resulting in no heartbeat packets send by
the node.
This was found when association was initialized within first 5 mins
after system boot due to jiffies init value which is near to MAX_JIFFIES.
Test kernel version: 4.9.154 (ARCH=arm)
hb_timer.expire = 0; //initialized, not started timer
new_expire = MAX_JIFFIES / 2 + 2; //or more
time_before(hb_timer.expire, new_expire) == false
Fixes: ba6f5e33bdbb ("sctp: avoid refreshing heartbeat timer too often")
Reported-by: Marcin Stojek <marcin.stojek@nokia.com>
Tested-by: Marcin Stojek <marcin.stojek@nokia.com>
Signed-off-by: Maciej Kwiecien <maciej.kwiecien@nokia.com>
Reviewed-by: Alexander Sverdlin <alexander.sverdlin@nokia.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sctp/transport.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/sctp/transport.c b/net/sctp/transport.c
index 43105cf04bc45..274df899e7bfa 100644
--- a/net/sctp/transport.c
+++ b/net/sctp/transport.c
@@ -210,7 +210,8 @@ void sctp_transport_reset_hb_timer(struct sctp_transport *transport)
/* When a data chunk is sent, reset the heartbeat interval. */
expires = jiffies + sctp_transport_timeout(transport);
- if (time_before(transport->hb_timer.expires, expires) &&
+ if ((time_before(transport->hb_timer.expires, expires) ||
+ !timer_pending(&transport->hb_timer)) &&
!mod_timer(&transport->hb_timer,
expires + prandom_u32_max(transport->rto)))
sctp_transport_hold(transport);
--
2.20.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH AUTOSEL 4.14 114/127] bpf: decrease usercnt if bpf_map_new_fd() fails in bpf_map_get_fd_by_id()
[not found] <20191122055544.3299-1-sashal@kernel.org>
` (29 preceding siblings ...)
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 113/127] sctp: don't compare hb_timer expire date before starting it Sasha Levin
@ 2019-11-22 5:55 ` Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 115/127] net: dev: Use unsigned integer as an argument to left-shift Sasha Levin
` (2 subsequent siblings)
33 siblings, 0 replies; 34+ messages in thread
From: Sasha Levin @ 2019-11-22 5:55 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Peng Sun, Martin KaFai Lau, Daniel Borkmann, Sasha Levin, netdev, bpf
From: Peng Sun <sironhide0null@gmail.com>
[ Upstream commit 781e62823cb81b972dc8652c1827205cda2ac9ac ]
In bpf/syscall.c, bpf_map_get_fd_by_id() use bpf_map_inc_not_zero()
to increase the refcount, both map->refcnt and map->usercnt. Then, if
bpf_map_new_fd() fails, should handle map->usercnt too.
Fixes: bd5f5f4ecb78 ("bpf: Add BPF_MAP_GET_FD_BY_ID")
Signed-off-by: Peng Sun <sironhide0null@gmail.com>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/bpf/syscall.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 59d2e94ecb798..34110450a78f2 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -1354,7 +1354,7 @@ static int bpf_map_get_fd_by_id(const union bpf_attr *attr)
fd = bpf_map_new_fd(map);
if (fd < 0)
- bpf_map_put(map);
+ bpf_map_put_with_uref(map);
return fd;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH AUTOSEL 4.14 115/127] net: dev: Use unsigned integer as an argument to left-shift
[not found] <20191122055544.3299-1-sashal@kernel.org>
` (30 preceding siblings ...)
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 114/127] bpf: decrease usercnt if bpf_map_new_fd() fails in bpf_map_get_fd_by_id() Sasha Levin
@ 2019-11-22 5:55 ` Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 117/127] bpf: drop refcount if bpf_map_new_fd() fails in map_create() Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 118/127] net: hns3: Change fw error code NOT_EXEC to NOT_SUPPORTED Sasha Levin
33 siblings, 0 replies; 34+ messages in thread
From: Sasha Levin @ 2019-11-22 5:55 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Andy Shevchenko, David S . Miller, Sasha Levin, netdev
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[ Upstream commit f4d7b3e23d259c44f1f1c39645450680fcd935d6 ]
1 << 31 is Undefined Behaviour according to the C standard.
Use U type modifier to avoid theoretical overflow.
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/netdevice.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index 40b830d55fe50..4725a9d9597fc 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -3522,7 +3522,7 @@ static inline u32 netif_msg_init(int debug_value, int default_msg_enable_bits)
if (debug_value == 0) /* no output */
return 0;
/* set low N bits */
- return (1 << debug_value) - 1;
+ return (1U << debug_value) - 1;
}
static inline void __netif_tx_lock(struct netdev_queue *txq, int cpu)
--
2.20.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH AUTOSEL 4.14 117/127] bpf: drop refcount if bpf_map_new_fd() fails in map_create()
[not found] <20191122055544.3299-1-sashal@kernel.org>
` (31 preceding siblings ...)
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 115/127] net: dev: Use unsigned integer as an argument to left-shift Sasha Levin
@ 2019-11-22 5:55 ` Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 118/127] net: hns3: Change fw error code NOT_EXEC to NOT_SUPPORTED Sasha Levin
33 siblings, 0 replies; 34+ messages in thread
From: Sasha Levin @ 2019-11-22 5:55 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Peng Sun, Martin KaFai Lau, Alexei Starovoitov, Daniel Borkmann,
Sasha Levin, netdev, bpf
From: Peng Sun <sironhide0null@gmail.com>
[ Upstream commit 352d20d611414715353ee65fc206ee57ab1a6984 ]
In bpf/syscall.c, map_create() first set map->usercnt to 1, a file
descriptor is supposed to return to userspace. When bpf_map_new_fd()
fails, drop the refcount.
Fixes: bd5f5f4ecb78 ("bpf: Add BPF_MAP_GET_FD_BY_ID")
Signed-off-by: Peng Sun <sironhide0null@gmail.com>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/bpf/syscall.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
index 34110450a78f2..f5c1d5479ba3d 100644
--- a/kernel/bpf/syscall.c
+++ b/kernel/bpf/syscall.c
@@ -348,12 +348,12 @@ static int map_create(union bpf_attr *attr)
err = bpf_map_new_fd(map);
if (err < 0) {
/* failed to allocate fd.
- * bpf_map_put() is needed because the above
+ * bpf_map_put_with_uref() is needed because the above
* bpf_map_alloc_id() has published the map
* to the userspace and the userspace may
* have refcnt-ed it through BPF_MAP_GET_FD_BY_ID.
*/
- bpf_map_put(map);
+ bpf_map_put_with_uref(map);
return err;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
* [PATCH AUTOSEL 4.14 118/127] net: hns3: Change fw error code NOT_EXEC to NOT_SUPPORTED
[not found] <20191122055544.3299-1-sashal@kernel.org>
` (32 preceding siblings ...)
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 117/127] bpf: drop refcount if bpf_map_new_fd() fails in map_create() Sasha Levin
@ 2019-11-22 5:55 ` Sasha Levin
33 siblings, 0 replies; 34+ messages in thread
From: Sasha Levin @ 2019-11-22 5:55 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Yunsheng Lin, Peng Li, Huazhong Tan, David S . Miller,
Sasha Levin, netdev
From: Yunsheng Lin <linyunsheng@huawei.com>
[ Upstream commit 4a402f47cfce904051cd8b31bef4fe2910d9dce9 ]
According to firmware error code definition, the error code of 2
means NOT_SUPPORTED, this patch changes it to NOT_SUPPORTED.
Signed-off-by: Yunsheng Lin <linyunsheng@huawei.com>
Signed-off-by: Peng Li <lipeng321@huawei.com>
Signed-off-by: Huazhong Tan <tanhuazhong@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.c | 2 ++
drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.h | 2 +-
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.c b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.c
index 8b511e6e0ce9d..396ea0db71023 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.c
@@ -251,6 +251,8 @@ int hclge_cmd_send(struct hclge_hw *hw, struct hclge_desc *desc, int num)
if ((enum hclge_cmd_return_status)desc_ret ==
HCLGE_CMD_EXEC_SUCCESS)
retval = 0;
+ else if (desc_ret == HCLGE_CMD_NOT_SUPPORTED)
+ retval = -EOPNOTSUPP;
else
retval = -EIO;
hw->cmq.last_status = (enum hclge_cmd_status)desc_ret;
diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.h b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.h
index 758cf39481312..3823ae6303ad6 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.h
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.h
@@ -52,7 +52,7 @@ struct hclge_cmq_ring {
enum hclge_cmd_return_status {
HCLGE_CMD_EXEC_SUCCESS = 0,
HCLGE_CMD_NO_AUTH = 1,
- HCLGE_CMD_NOT_EXEC = 2,
+ HCLGE_CMD_NOT_SUPPORTED = 2,
HCLGE_CMD_QUEUE_FULL = 3,
};
--
2.20.1
^ permalink raw reply related [flat|nested] 34+ messages in thread
end of thread, other threads:[~2019-11-22 6:13 UTC | newest]
Thread overview: 34+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <20191122055544.3299-1-sashal@kernel.org>
2019-11-22 5:53 ` [PATCH AUTOSEL 4.14 017/127] mwifiex: fix potential NULL dereference and use after free Sasha Levin
2019-11-22 5:53 ` [PATCH AUTOSEL 4.14 018/127] mwifiex: debugfs: correct histogram spacing, formatting Sasha Levin
2019-11-22 5:53 ` [PATCH AUTOSEL 4.14 019/127] rtl818x: fix potential use after free Sasha Levin
2019-11-22 5:54 ` [PATCH AUTOSEL 4.14 025/127] iwlwifi: move iwl_nvm_check_version() into dvm Sasha Levin
2019-11-22 5:54 ` [PATCH AUTOSEL 4.14 028/127] VSOCK: bind to random port for VMADDR_PORT_ANY Sasha Levin
2019-11-22 5:54 ` [PATCH AUTOSEL 4.14 038/127] net/mlx5: Continue driver initialization despite debugfs failure Sasha Levin
2019-11-22 5:54 ` [PATCH AUTOSEL 4.14 040/127] bnxt_en: Return linux standard errors in bnxt_ethtool.c Sasha Levin
2019-11-22 5:54 ` [PATCH AUTOSEL 4.14 041/127] bnxt_en: query force speeds before disabling autoneg mode Sasha Levin
2019-11-22 5:54 ` [PATCH AUTOSEL 4.14 052/127] vxlan: Fix error path in __vxlan_dev_create() Sasha Levin
2019-11-22 5:54 ` [PATCH AUTOSEL 4.14 062/127] ath6kl: Only use match sets when firmware supports it Sasha Levin
2019-11-22 5:54 ` [PATCH AUTOSEL 4.14 063/127] ath6kl: Fix off by one error in scan completion Sasha Levin
2019-11-22 5:54 ` [PATCH AUTOSEL 4.14 081/127] net/netlink_compat: Fix a missing check of nla_parse_nested Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 082/127] net/net_namespace: Check the return value of register_pernet_subsys() Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 085/127] net: (cpts) fix a missing check of clk_prepare Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 086/127] net: stmicro: " Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 087/127] net: dsa: bcm_sf2: Propagate error value from mdio_write Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 088/127] atl1e: checking the status of atl1e_write_phy_reg Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 089/127] tipc: fix a missing check of genlmsg_put Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 090/127] net/wan/fsl_ucc_hdlc: Avoid double free in ucc_hdlc_probe() Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 099/127] tipc: fix memory leak in tipc_nl_compat_publ_dump Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 100/127] net/core/neighbour: tell kmemleak about hash tables Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 102/127] net/core/neighbour: fix kmemleak minimal reference count for " Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 105/127] sfc: suppress duplicate nvmem partition types in efx_ef10_mtd_probe Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 106/127] ip_tunnel: Make none-tunnel-dst tunnel port work with lwtunnel Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 107/127] decnet: fix DN_IFREQ_SIZE Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 108/127] net/smc: prevent races between smc_lgr_terminate() and smc_conn_free() Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 110/127] tipc: fix skb may be leaky in tipc_link_input Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 111/127] sfc: initialise found bitmap in efx_ef10_mtd_probe Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 112/127] net: fix possible overflow in __sk_mem_raise_allocated() Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 113/127] sctp: don't compare hb_timer expire date before starting it Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 114/127] bpf: decrease usercnt if bpf_map_new_fd() fails in bpf_map_get_fd_by_id() Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 115/127] net: dev: Use unsigned integer as an argument to left-shift Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 117/127] bpf: drop refcount if bpf_map_new_fd() fails in map_create() Sasha Levin
2019-11-22 5:55 ` [PATCH AUTOSEL 4.14 118/127] net: hns3: Change fw error code NOT_EXEC to NOT_SUPPORTED Sasha Levin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).