* [PATCH AUTOSEL 5.15 05/36] r8169: don't apply UDP padding quirk on RTL8126A
[not found] <20241124135219.3349183-1-sashal@kernel.org>
@ 2024-11-24 13:51 ` Sasha Levin
2024-11-24 13:51 ` [PATCH AUTOSEL 5.15 07/36] net: fec_mpc52xx_phy: Use %pa to format resource_size_t Sasha Levin
` (10 subsequent siblings)
11 siblings, 0 replies; 12+ messages in thread
From: Sasha Levin @ 2024-11-24 13:51 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Heiner Kallweit, Simon Horman, Jakub Kicinski, Sasha Levin,
nic_swsd, andrew+netdev, davem, edumazet, pabeni, netdev
From: Heiner Kallweit <hkallweit1@gmail.com>
[ Upstream commit 87e26448dbda4523b73a894d96f0f788506d3795 ]
Vendor drivers r8125/r8126 indicate that this quirk isn't needed
any longer for RTL8126A. Mimic this in r8169.
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://patch.msgid.link/d1317187-aa81-4a69-b831-678436e4de62@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/realtek/r8169_main.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/drivers/net/ethernet/realtek/r8169_main.c b/drivers/net/ethernet/realtek/r8169_main.c
index 8e910f3349b2a..d9d19ea77d20b 100644
--- a/drivers/net/ethernet/realtek/r8169_main.c
+++ b/drivers/net/ethernet/realtek/r8169_main.c
@@ -4148,8 +4148,8 @@ static unsigned int rtl8125_quirk_udp_padto(struct rtl8169_private *tp,
{
unsigned int padto = 0, len = skb->len;
- if (rtl_is_8125(tp) && len < 128 + RTL_MIN_PATCH_LEN &&
- rtl_skb_is_udp(skb) && skb_transport_header_was_set(skb)) {
+ if (len < 128 + RTL_MIN_PATCH_LEN && rtl_skb_is_udp(skb) &&
+ skb_transport_header_was_set(skb)) {
unsigned int trans_data_len = skb_tail_pointer(skb) -
skb_transport_header(skb);
@@ -4173,9 +4173,15 @@ static unsigned int rtl8125_quirk_udp_padto(struct rtl8169_private *tp,
static unsigned int rtl_quirk_packet_padto(struct rtl8169_private *tp,
struct sk_buff *skb)
{
- unsigned int padto;
+ unsigned int padto = 0;
- padto = rtl8125_quirk_udp_padto(tp, skb);
+ switch (tp->mac_version) {
+ case RTL_GIGA_MAC_VER_61 ... RTL_GIGA_MAC_VER_63:
+ padto = rtl8125_quirk_udp_padto(tp, skb);
+ break;
+ default:
+ break;
+ }
switch (tp->mac_version) {
case RTL_GIGA_MAC_VER_34:
--
2.43.0
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH AUTOSEL 5.15 07/36] net: fec_mpc52xx_phy: Use %pa to format resource_size_t
[not found] <20241124135219.3349183-1-sashal@kernel.org>
2024-11-24 13:51 ` [PATCH AUTOSEL 5.15 05/36] r8169: don't apply UDP padding quirk on RTL8126A Sasha Levin
@ 2024-11-24 13:51 ` Sasha Levin
2024-11-24 13:51 ` [PATCH AUTOSEL 5.15 08/36] net: ethernet: fs_enet: " Sasha Levin
` (9 subsequent siblings)
11 siblings, 0 replies; 12+ messages in thread
From: Sasha Levin @ 2024-11-24 13:51 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Simon Horman, Geert Uytterhoeven, Daniel Machon, Jakub Kicinski,
Sasha Levin, andrew+netdev, davem, edumazet, pabeni,
u.kleine-koenig, netdev
From: Simon Horman <horms@kernel.org>
[ Upstream commit 020bfdc4ed94be472138c891bde4d14241cf00fd ]
The correct format string for resource_size_t is %pa which
acts on the address of the variable to be formatted [1].
[1] https://elixir.bootlin.com/linux/v6.11.3/source/Documentation/core-api/printk-formats.rst#L229
Introduced by commit 9d9326d3bc0e ("phy: Change mii_bus id field to a string")
Flagged by gcc-14 as:
drivers/net/ethernet/freescale/fec_mpc52xx_phy.c: In function 'mpc52xx_fec_mdio_probe':
drivers/net/ethernet/freescale/fec_mpc52xx_phy.c:97:46: warning: format '%x' expects argument of type 'unsigned int', but argument 4 has type 'resource_size_t' {aka 'long long unsigned int'} [-Wformat=]
97 | snprintf(bus->id, MII_BUS_ID_SIZE, "%x", res.start);
| ~^ ~~~~~~~~~
| | |
| | resource_size_t {aka long long unsigned int}
| unsigned int
| %llx
No functional change intended.
Compile tested only.
Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Closes: https://lore.kernel.org/netdev/711d7f6d-b785-7560-f4dc-c6aad2cce99@linux-m68k.org/
Signed-off-by: Simon Horman <horms@kernel.org>
Reviewed-by: Daniel Machon <daniel.machon@microchip.com>
Link: https://patch.msgid.link/20241014-net-pa-fmt-v1-1-dcc9afb8858b@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/freescale/fec_mpc52xx_phy.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/freescale/fec_mpc52xx_phy.c b/drivers/net/ethernet/freescale/fec_mpc52xx_phy.c
index b5497e3083020..7e631e2f710fb 100644
--- a/drivers/net/ethernet/freescale/fec_mpc52xx_phy.c
+++ b/drivers/net/ethernet/freescale/fec_mpc52xx_phy.c
@@ -92,7 +92,7 @@ static int mpc52xx_fec_mdio_probe(struct platform_device *of)
goto out_free;
}
- snprintf(bus->id, MII_BUS_ID_SIZE, "%x", res.start);
+ snprintf(bus->id, MII_BUS_ID_SIZE, "%pa", &res.start);
bus->priv = priv;
bus->parent = dev;
--
2.43.0
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH AUTOSEL 5.15 08/36] net: ethernet: fs_enet: Use %pa to format resource_size_t
[not found] <20241124135219.3349183-1-sashal@kernel.org>
2024-11-24 13:51 ` [PATCH AUTOSEL 5.15 05/36] r8169: don't apply UDP padding quirk on RTL8126A Sasha Levin
2024-11-24 13:51 ` [PATCH AUTOSEL 5.15 07/36] net: fec_mpc52xx_phy: Use %pa to format resource_size_t Sasha Levin
@ 2024-11-24 13:51 ` Sasha Levin
2024-11-24 13:51 ` [PATCH AUTOSEL 5.15 09/36] net/sched: cbs: Fix integer overflow in cbs_set_port_rate() Sasha Levin
` (8 subsequent siblings)
11 siblings, 0 replies; 12+ messages in thread
From: Sasha Levin @ 2024-11-24 13:51 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Simon Horman, Geert Uytterhoeven, Daniel Machon, Jakub Kicinski,
Sasha Levin, pantelis.antoniou, andrew+netdev, davem, edumazet,
pabeni, linuxppc-dev, netdev
From: Simon Horman <horms@kernel.org>
[ Upstream commit 45fe45fada261e1e83fce2a07fa22835aec1cf0a ]
The correct format string for resource_size_t is %pa which
acts on the address of the variable to be formatted [1].
[1] https://elixir.bootlin.com/linux/v6.11.3/source/Documentation/core-api/printk-formats.rst#L229
Introduced by commit 9d9326d3bc0e ("phy: Change mii_bus id field to a string")
Flagged by gcc-14 as:
drivers/net/ethernet/freescale/fs_enet/mii-bitbang.c: In function 'fs_mii_bitbang_init':
drivers/net/ethernet/freescale/fs_enet/mii-bitbang.c:126:46: warning: format '%x' expects argument of type 'unsigned int', but argument 4 has type 'resource_size_t' {aka 'long long unsigned int'} [-Wformat=]
126 | snprintf(bus->id, MII_BUS_ID_SIZE, "%x", res.start);
| ~^ ~~~~~~~~~
| | |
| | resource_size_t {aka long long unsigned int}
| unsigned int
| %llx
No functional change intended.
Compile tested only.
Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Closes: https://lore.kernel.org/netdev/711d7f6d-b785-7560-f4dc-c6aad2cce99@linux-m68k.org/
Signed-off-by: Simon Horman <horms@kernel.org>
Reviewed-by: Daniel Machon <daniel.machon@microchip.com>
Link: https://patch.msgid.link/20241014-net-pa-fmt-v1-2-dcc9afb8858b@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/freescale/fs_enet/mii-bitbang.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/freescale/fs_enet/mii-bitbang.c b/drivers/net/ethernet/freescale/fs_enet/mii-bitbang.c
index 21de56345503f..f743112730194 100644
--- a/drivers/net/ethernet/freescale/fs_enet/mii-bitbang.c
+++ b/drivers/net/ethernet/freescale/fs_enet/mii-bitbang.c
@@ -126,7 +126,7 @@ static int fs_mii_bitbang_init(struct mii_bus *bus, struct device_node *np)
* we get is an int, and the odds of multiple bitbang mdio buses
* is low enough that it's not worth going too crazy.
*/
- snprintf(bus->id, MII_BUS_ID_SIZE, "%x", res.start);
+ snprintf(bus->id, MII_BUS_ID_SIZE, "%pa", &res.start);
data = of_get_property(np, "fsl,mdio-pin", &len);
if (!data || len != 4)
--
2.43.0
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH AUTOSEL 5.15 09/36] net/sched: cbs: Fix integer overflow in cbs_set_port_rate()
[not found] <20241124135219.3349183-1-sashal@kernel.org>
` (2 preceding siblings ...)
2024-11-24 13:51 ` [PATCH AUTOSEL 5.15 08/36] net: ethernet: fs_enet: " Sasha Levin
@ 2024-11-24 13:51 ` Sasha Levin
2024-11-24 13:51 ` [PATCH AUTOSEL 5.15 10/36] af_packet: avoid erroring out after sock_init_data() in packet_create() Sasha Levin
` (7 subsequent siblings)
11 siblings, 0 replies; 12+ messages in thread
From: Sasha Levin @ 2024-11-24 13:51 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Elena Salomatkina, Jakub Kicinski, Sasha Levin, vinicius.gomes,
jhs, xiyou.wangcong, jiri, davem, edumazet, pabeni, netdev
From: Elena Salomatkina <esalomatkina@ispras.ru>
[ Upstream commit 397006ba5d918f9b74e734867e8fddbc36dc2282 ]
The subsequent calculation of port_rate = speed * 1000 * BYTES_PER_KBIT,
where the BYTES_PER_KBIT is of type LL, may cause an overflow.
At least when speed = SPEED_20000, the expression to the left of port_rate
will be greater than INT_MAX.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Elena Salomatkina <esalomatkina@ispras.ru>
Link: https://patch.msgid.link/20241013124529.1043-1-esalomatkina@ispras.ru
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/sched/sch_cbs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/sched/sch_cbs.c b/net/sched/sch_cbs.c
index 459cc240eda9c..e0ced550808a5 100644
--- a/net/sched/sch_cbs.c
+++ b/net/sched/sch_cbs.c
@@ -310,7 +310,7 @@ static void cbs_set_port_rate(struct net_device *dev, struct cbs_sched_data *q)
{
struct ethtool_link_ksettings ecmd;
int speed = SPEED_10;
- int port_rate;
+ s64 port_rate;
int err;
err = __ethtool_get_link_ksettings(dev, &ecmd);
--
2.43.0
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH AUTOSEL 5.15 10/36] af_packet: avoid erroring out after sock_init_data() in packet_create()
[not found] <20241124135219.3349183-1-sashal@kernel.org>
` (3 preceding siblings ...)
2024-11-24 13:51 ` [PATCH AUTOSEL 5.15 09/36] net/sched: cbs: Fix integer overflow in cbs_set_port_rate() Sasha Levin
@ 2024-11-24 13:51 ` Sasha Levin
2024-11-24 13:51 ` [PATCH AUTOSEL 5.15 13/36] net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() Sasha Levin
` (6 subsequent siblings)
11 siblings, 0 replies; 12+ messages in thread
From: Sasha Levin @ 2024-11-24 13:51 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Ignat Korchagin, Eric Dumazet, Kuniyuki Iwashima,
Willem de Bruijn, Jakub Kicinski, Sasha Levin,
willemdebruijn.kernel, davem, pabeni, netdev
From: Ignat Korchagin <ignat@cloudflare.com>
[ Upstream commit 46f2a11cb82b657fd15bab1c47821b635e03838b ]
After sock_init_data() the allocated sk object is attached to the provided
sock object. On error, packet_create() frees the sk object leaving the
dangling pointer in the sock object on return. Some other code may try
to use this pointer and cause use-after-free.
Suggested-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Ignat Korchagin <ignat@cloudflare.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: Willem de Bruijn <willemb@google.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20241014153808.51894-2-ignat@cloudflare.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/packet/af_packet.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index d1ae1d9133d30..dd38cf0c9040d 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -3384,18 +3384,18 @@ static int packet_create(struct net *net, struct socket *sock, int protocol,
if (sock->type == SOCK_PACKET)
sock->ops = &packet_ops_spkt;
+ po = pkt_sk(sk);
+ err = packet_alloc_pending(po);
+ if (err)
+ goto out_sk_free;
+
sock_init_data(sock, sk);
- po = pkt_sk(sk);
init_completion(&po->skb_completion);
sk->sk_family = PF_PACKET;
po->num = proto;
po->xmit = dev_queue_xmit;
- err = packet_alloc_pending(po);
- if (err)
- goto out2;
-
packet_cached_dev_reset(po);
sk->sk_destruct = packet_sock_destruct;
@@ -3428,7 +3428,7 @@ static int packet_create(struct net *net, struct socket *sock, int protocol,
sock_prot_inuse_add(net, &packet_proto, 1);
return 0;
-out2:
+out_sk_free:
sk_free(sk);
out:
return err;
--
2.43.0
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH AUTOSEL 5.15 13/36] net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()
[not found] <20241124135219.3349183-1-sashal@kernel.org>
` (4 preceding siblings ...)
2024-11-24 13:51 ` [PATCH AUTOSEL 5.15 10/36] af_packet: avoid erroring out after sock_init_data() in packet_create() Sasha Levin
@ 2024-11-24 13:51 ` Sasha Levin
2024-11-24 13:51 ` [PATCH AUTOSEL 5.15 14/36] net: inet: do not leave a dangling sk pointer in inet_create() Sasha Levin
` (5 subsequent siblings)
11 siblings, 0 replies; 12+ messages in thread
From: Sasha Levin @ 2024-11-24 13:51 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Ignat Korchagin, Miquel Raynal, Kuniyuki Iwashima, Eric Dumazet,
Jakub Kicinski, Sasha Levin, alex.aring, stefan, davem, pabeni,
linux-wpan, netdev
From: Ignat Korchagin <ignat@cloudflare.com>
[ Upstream commit b4fcd63f6ef79c73cafae8cf4a114def5fc3d80d ]
sock_init_data() attaches the allocated sk object to the provided sock
object. If ieee802154_create() fails later, the allocated sk object is
freed, but the dangling pointer remains in the provided sock object, which
may allow use-after-free.
Clear the sk pointer in the sock object on error.
Signed-off-by: Ignat Korchagin <ignat@cloudflare.com>
Reviewed-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20241014153808.51894-6-ignat@cloudflare.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ieee802154/socket.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/net/ieee802154/socket.c b/net/ieee802154/socket.c
index 586a6c4adf246..d7fa862b81ef5 100644
--- a/net/ieee802154/socket.c
+++ b/net/ieee802154/socket.c
@@ -1046,19 +1046,21 @@ static int ieee802154_create(struct net *net, struct socket *sock,
if (sk->sk_prot->hash) {
rc = sk->sk_prot->hash(sk);
- if (rc) {
- sk_common_release(sk);
- goto out;
- }
+ if (rc)
+ goto out_sk_release;
}
if (sk->sk_prot->init) {
rc = sk->sk_prot->init(sk);
if (rc)
- sk_common_release(sk);
+ goto out_sk_release;
}
out:
return rc;
+out_sk_release:
+ sk_common_release(sk);
+ sock->sk = NULL;
+ goto out;
}
static const struct net_proto_family ieee802154_family_ops = {
--
2.43.0
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH AUTOSEL 5.15 14/36] net: inet: do not leave a dangling sk pointer in inet_create()
[not found] <20241124135219.3349183-1-sashal@kernel.org>
` (5 preceding siblings ...)
2024-11-24 13:51 ` [PATCH AUTOSEL 5.15 13/36] net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() Sasha Levin
@ 2024-11-24 13:51 ` Sasha Levin
2024-11-24 13:51 ` [PATCH AUTOSEL 5.15 15/36] net: inet6: do not leave a dangling sk pointer in inet6_create() Sasha Levin
` (4 subsequent siblings)
11 siblings, 0 replies; 12+ messages in thread
From: Sasha Levin @ 2024-11-24 13:51 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Ignat Korchagin, Kuniyuki Iwashima, Eric Dumazet, Jakub Kicinski,
Sasha Levin, davem, dsahern, pabeni, netdev
From: Ignat Korchagin <ignat@cloudflare.com>
[ Upstream commit 9365fa510c6f82e3aa550a09d0c5c6b44dbc78ff ]
sock_init_data() attaches the allocated sk object to the provided sock
object. If inet_create() fails later, the sk object is freed, but the
sock object retains the dangling pointer, which may create use-after-free
later.
Clear the sk pointer in the sock object on error.
Signed-off-by: Ignat Korchagin <ignat@cloudflare.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20241014153808.51894-7-ignat@cloudflare.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv4/af_inet.c | 22 ++++++++++------------
1 file changed, 10 insertions(+), 12 deletions(-)
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index b225e049daea2..0701de762c4c0 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -373,32 +373,30 @@ static int inet_create(struct net *net, struct socket *sock, int protocol,
inet->inet_sport = htons(inet->inet_num);
/* Add to protocol hash chains. */
err = sk->sk_prot->hash(sk);
- if (err) {
- sk_common_release(sk);
- goto out;
- }
+ if (err)
+ goto out_sk_release;
}
if (sk->sk_prot->init) {
err = sk->sk_prot->init(sk);
- if (err) {
- sk_common_release(sk);
- goto out;
- }
+ if (err)
+ goto out_sk_release;
}
if (!kern) {
err = BPF_CGROUP_RUN_PROG_INET_SOCK(sk);
- if (err) {
- sk_common_release(sk);
- goto out;
- }
+ if (err)
+ goto out_sk_release;
}
out:
return err;
out_rcu_unlock:
rcu_read_unlock();
goto out;
+out_sk_release:
+ sk_common_release(sk);
+ sock->sk = NULL;
+ goto out;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH AUTOSEL 5.15 15/36] net: inet6: do not leave a dangling sk pointer in inet6_create()
[not found] <20241124135219.3349183-1-sashal@kernel.org>
` (6 preceding siblings ...)
2024-11-24 13:51 ` [PATCH AUTOSEL 5.15 14/36] net: inet: do not leave a dangling sk pointer in inet_create() Sasha Levin
@ 2024-11-24 13:51 ` Sasha Levin
2024-11-24 13:51 ` [PATCH AUTOSEL 5.15 27/36] net: enetc: add i.MX95 EMDIO support Sasha Levin
` (3 subsequent siblings)
11 siblings, 0 replies; 12+ messages in thread
From: Sasha Levin @ 2024-11-24 13:51 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Ignat Korchagin, Kuniyuki Iwashima, Eric Dumazet, Jakub Kicinski,
Sasha Levin, davem, dsahern, pabeni, netdev
From: Ignat Korchagin <ignat@cloudflare.com>
[ Upstream commit 9df99c395d0f55fb444ef39f4d6f194ca437d884 ]
sock_init_data() attaches the allocated sk pointer to the provided sock
object. If inet6_create() fails later, the sk object is released, but the
sock object retains the dangling sk pointer, which may cause use-after-free
later.
Clear the sock sk pointer on error.
Signed-off-by: Ignat Korchagin <ignat@cloudflare.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20241014153808.51894-8-ignat@cloudflare.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/ipv6/af_inet6.c | 22 ++++++++++------------
1 file changed, 10 insertions(+), 12 deletions(-)
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index bbfa5d3a16f01..4d5f5f2585da9 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -258,31 +258,29 @@ static int inet6_create(struct net *net, struct socket *sock, int protocol,
*/
inet->inet_sport = htons(inet->inet_num);
err = sk->sk_prot->hash(sk);
- if (err) {
- sk_common_release(sk);
- goto out;
- }
+ if (err)
+ goto out_sk_release;
}
if (sk->sk_prot->init) {
err = sk->sk_prot->init(sk);
- if (err) {
- sk_common_release(sk);
- goto out;
- }
+ if (err)
+ goto out_sk_release;
}
if (!kern) {
err = BPF_CGROUP_RUN_PROG_INET_SOCK(sk);
- if (err) {
- sk_common_release(sk);
- goto out;
- }
+ if (err)
+ goto out_sk_release;
}
out:
return err;
out_rcu_unlock:
rcu_read_unlock();
goto out;
+out_sk_release:
+ sk_common_release(sk);
+ sock->sk = NULL;
+ goto out;
}
static int __inet6_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len,
--
2.43.0
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH AUTOSEL 5.15 27/36] net: enetc: add i.MX95 EMDIO support
[not found] <20241124135219.3349183-1-sashal@kernel.org>
` (7 preceding siblings ...)
2024-11-24 13:51 ` [PATCH AUTOSEL 5.15 15/36] net: inet6: do not leave a dangling sk pointer in inet6_create() Sasha Levin
@ 2024-11-24 13:51 ` Sasha Levin
2024-11-24 13:51 ` [PATCH AUTOSEL 5.15 34/36] rocker: fix link status detection in rocker_carrier_init() Sasha Levin
` (2 subsequent siblings)
11 siblings, 0 replies; 12+ messages in thread
From: Sasha Levin @ 2024-11-24 13:51 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Wei Fang, David S . Miller, Sasha Levin, claudiu.manoil,
vladimir.oltean, xiaoning.wang, andrew+netdev, edumazet, kuba,
pabeni, imx, netdev
From: Wei Fang <wei.fang@nxp.com>
[ Upstream commit a52201fb9caa9b33b4d881725d1ec733438b07f2 ]
The verdor ID and device ID of i.MX95 EMDIO are different from LS1028A
EMDIO, so add new vendor ID and device ID to pci_device_id table to
support i.MX95 EMDIO.
Signed-off-by: Wei Fang <wei.fang@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/freescale/enetc/enetc_pci_mdio.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/ethernet/freescale/enetc/enetc_pci_mdio.c b/drivers/net/ethernet/freescale/enetc/enetc_pci_mdio.c
index 15f37c5b8dc14..ffa7caabd8c99 100644
--- a/drivers/net/ethernet/freescale/enetc/enetc_pci_mdio.c
+++ b/drivers/net/ethernet/freescale/enetc/enetc_pci_mdio.c
@@ -4,6 +4,8 @@
#include <linux/of_mdio.h>
#include "enetc_pf.h"
+#define NETC_EMDIO_VEN_ID 0x1131
+#define NETC_EMDIO_DEV_ID 0xee00
#define ENETC_MDIO_DEV_ID 0xee01
#define ENETC_MDIO_DEV_NAME "FSL PCIe IE Central MDIO"
#define ENETC_MDIO_BUS_NAME ENETC_MDIO_DEV_NAME " Bus"
@@ -94,6 +96,7 @@ static void enetc_pci_mdio_remove(struct pci_dev *pdev)
static const struct pci_device_id enetc_pci_mdio_id_table[] = {
{ PCI_DEVICE(PCI_VENDOR_ID_FREESCALE, ENETC_MDIO_DEV_ID) },
+ { PCI_DEVICE(NETC_EMDIO_VEN_ID, NETC_EMDIO_DEV_ID) },
{ 0, } /* End of table. */
};
MODULE_DEVICE_TABLE(pci, enetc_pci_mdio_id_table);
--
2.43.0
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH AUTOSEL 5.15 34/36] rocker: fix link status detection in rocker_carrier_init()
[not found] <20241124135219.3349183-1-sashal@kernel.org>
` (8 preceding siblings ...)
2024-11-24 13:51 ` [PATCH AUTOSEL 5.15 27/36] net: enetc: add i.MX95 EMDIO support Sasha Levin
@ 2024-11-24 13:51 ` Sasha Levin
2024-11-24 13:51 ` [PATCH AUTOSEL 5.15 35/36] net/neighbor: clear error in case strict check is not set Sasha Levin
2024-11-24 13:51 ` [PATCH AUTOSEL 5.15 36/36] netpoll: Use rcu_access_pointer() in __netpoll_setup Sasha Levin
11 siblings, 0 replies; 12+ messages in thread
From: Sasha Levin @ 2024-11-24 13:51 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Dmitry Antipov, Jakub Kicinski, Sasha Levin, jiri, andrew+netdev,
davem, edumazet, pabeni, netdev
From: Dmitry Antipov <dmantipov@yandex.ru>
[ Upstream commit e64285ff41bb7a934bd815bd38f31119be62ac37 ]
Since '1 << rocker_port->pport' may be undefined for port >= 32,
cast the left operand to 'unsigned long long' like it's done in
'rocker_port_set_enable()' above. Compile tested only.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Link: https://patch.msgid.link/20241114151946.519047-1-dmantipov@yandex.ru
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/rocker/rocker_main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/rocker/rocker_main.c b/drivers/net/ethernet/rocker/rocker_main.c
index 3364b6a56bd1e..e1509becb7536 100644
--- a/drivers/net/ethernet/rocker/rocker_main.c
+++ b/drivers/net/ethernet/rocker/rocker_main.c
@@ -2516,7 +2516,7 @@ static void rocker_carrier_init(const struct rocker_port *rocker_port)
u64 link_status = rocker_read64(rocker, PORT_PHYS_LINK_STATUS);
bool link_up;
- link_up = link_status & (1 << rocker_port->pport);
+ link_up = link_status & (1ULL << rocker_port->pport);
if (link_up)
netif_carrier_on(rocker_port->dev);
else
--
2.43.0
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH AUTOSEL 5.15 35/36] net/neighbor: clear error in case strict check is not set
[not found] <20241124135219.3349183-1-sashal@kernel.org>
` (9 preceding siblings ...)
2024-11-24 13:51 ` [PATCH AUTOSEL 5.15 34/36] rocker: fix link status detection in rocker_carrier_init() Sasha Levin
@ 2024-11-24 13:51 ` Sasha Levin
2024-11-24 13:51 ` [PATCH AUTOSEL 5.15 36/36] netpoll: Use rcu_access_pointer() in __netpoll_setup Sasha Levin
11 siblings, 0 replies; 12+ messages in thread
From: Sasha Levin @ 2024-11-24 13:51 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Jakub Kicinski, Simon Horman, Sasha Levin, davem, edumazet,
pabeni, kuniyu, gnaaman, joel.granados, linux, judyhsiao, netdev
From: Jakub Kicinski <kuba@kernel.org>
[ Upstream commit 0de6a472c3b38432b2f184bd64eb70d9ea36d107 ]
Commit 51183d233b5a ("net/neighbor: Update neigh_dump_info for strict
data checking") added strict checking. The err variable is not cleared,
so if we find no table to dump we will return the validation error even
if user did not want strict checking.
I think the only way to hit this is to send an buggy request, and ask
for a table which doesn't exist, so there's no point treating this
as a real fix. I only noticed it because a syzbot repro depended on it
to trigger another bug.
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://patch.msgid.link/20241115003221.733593-1-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/neighbour.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index 5829477efbba5..6f3bd1a4ec8ca 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -2738,6 +2738,7 @@ static int neigh_dump_info(struct sk_buff *skb, struct netlink_callback *cb)
err = neigh_valid_dump_req(nlh, cb->strict_check, &filter, cb->extack);
if (err < 0 && cb->strict_check)
return err;
+ err = 0;
s_t = cb->args[0];
--
2.43.0
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH AUTOSEL 5.15 36/36] netpoll: Use rcu_access_pointer() in __netpoll_setup
[not found] <20241124135219.3349183-1-sashal@kernel.org>
` (10 preceding siblings ...)
2024-11-24 13:51 ` [PATCH AUTOSEL 5.15 35/36] net/neighbor: clear error in case strict check is not set Sasha Levin
@ 2024-11-24 13:51 ` Sasha Levin
11 siblings, 0 replies; 12+ messages in thread
From: Sasha Levin @ 2024-11-24 13:51 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Breno Leitao, Michal Kubiak, Jakub Kicinski, Sasha Levin, davem,
edumazet, pabeni, horms, viro, netdev
From: Breno Leitao <leitao@debian.org>
[ Upstream commit c69c5e10adb903ae2438d4f9c16eccf43d1fcbc1 ]
The ndev->npinfo pointer in __netpoll_setup() is RCU-protected but is being
accessed directly for a NULL check. While no RCU read lock is held in this
context, we should still use proper RCU primitives for consistency and
correctness.
Replace the direct NULL check with rcu_access_pointer(), which is the
appropriate primitive when only checking for NULL without dereferencing
the pointer. This function provides the necessary ordering guarantees
without requiring RCU read-side protection.
Reviewed-by: Michal Kubiak <michal.kubiak@intel.com>
Signed-off-by: Breno Leitao <leitao@debian.org>
Link: https://patch.msgid.link/20241118-netpoll_rcu-v1-1-a1888dcb4a02@debian.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/netpoll.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/core/netpoll.c b/net/core/netpoll.c
index 2a9d95368d5a2..597e83e2bce86 100644
--- a/net/core/netpoll.c
+++ b/net/core/netpoll.c
@@ -636,7 +636,7 @@ int __netpoll_setup(struct netpoll *np, struct net_device *ndev)
goto out;
}
- if (!ndev->npinfo) {
+ if (!rcu_access_pointer(ndev->npinfo)) {
npinfo = kmalloc(sizeof(*npinfo), GFP_KERNEL);
if (!npinfo) {
err = -ENOMEM;
--
2.43.0
^ permalink raw reply related [flat|nested] 12+ messages in thread
end of thread, other threads:[~2024-11-24 13:53 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20241124135219.3349183-1-sashal@kernel.org>
2024-11-24 13:51 ` [PATCH AUTOSEL 5.15 05/36] r8169: don't apply UDP padding quirk on RTL8126A Sasha Levin
2024-11-24 13:51 ` [PATCH AUTOSEL 5.15 07/36] net: fec_mpc52xx_phy: Use %pa to format resource_size_t Sasha Levin
2024-11-24 13:51 ` [PATCH AUTOSEL 5.15 08/36] net: ethernet: fs_enet: " Sasha Levin
2024-11-24 13:51 ` [PATCH AUTOSEL 5.15 09/36] net/sched: cbs: Fix integer overflow in cbs_set_port_rate() Sasha Levin
2024-11-24 13:51 ` [PATCH AUTOSEL 5.15 10/36] af_packet: avoid erroring out after sock_init_data() in packet_create() Sasha Levin
2024-11-24 13:51 ` [PATCH AUTOSEL 5.15 13/36] net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() Sasha Levin
2024-11-24 13:51 ` [PATCH AUTOSEL 5.15 14/36] net: inet: do not leave a dangling sk pointer in inet_create() Sasha Levin
2024-11-24 13:51 ` [PATCH AUTOSEL 5.15 15/36] net: inet6: do not leave a dangling sk pointer in inet6_create() Sasha Levin
2024-11-24 13:51 ` [PATCH AUTOSEL 5.15 27/36] net: enetc: add i.MX95 EMDIO support Sasha Levin
2024-11-24 13:51 ` [PATCH AUTOSEL 5.15 34/36] rocker: fix link status detection in rocker_carrier_init() Sasha Levin
2024-11-24 13:51 ` [PATCH AUTOSEL 5.15 35/36] net/neighbor: clear error in case strict check is not set Sasha Levin
2024-11-24 13:51 ` [PATCH AUTOSEL 5.15 36/36] netpoll: Use rcu_access_pointer() in __netpoll_setup Sasha Levin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).