NL80211_ATTR_HE_BSS_COLOR attribute can be included in both
NL80211_CMD_START_AP and NL80211_CMD_SET_BEACON commands.
Move he_bss_color from cfg80211_ap_settings to cfg80211_beacon_data
and parse NL80211_ATTR_HE_BSS_COLOR as a part of nl80211_parse_beacon()
to have bss color settings parsed for both start ap and set beacon
commands.
Add a new flag he_bss_color_valid to indicate whether
NL80211_ATTR_HE_BSS_COLOR attribute is included.
Signed-off-by: Rameshkumar Sundaram <quic_ramess@quicinc.com>
Link: https://lore.kernel.org/r/1649867295-7204-2-git-send-email-quic_ramess@quicinc.com
[fix build ...]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Bug: 233160029
(cherry picked from commit 3d48cb74816d8468f0235ce9a867a2d7b9832693)
Change-Id: Iceef7d7927fa3bbb49ced1583461a87b151f20e4
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Add MODULE_FIRMWARE declarations for regulatory.db and
regulatory.db.p7s such that userspace tooling can discover and include
these files.
Cc: stable@vger.kernel.org
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Link: https://lore.kernel.org/r/20220414125004.267819-1-dimitri.ledkov@canonical.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Bug: 233160029
(cherry picked from commit 7bc7981eeebe1b8e603ad2ffc5e84f4df76920dd)
Change-Id: I475dab9c2759f3e9add66352acda7aa75a945f52
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
Since internal_flags is only 8 bits, we can only have one
more internal flag. However, we can obviously never use all
of possible the combinations, in fact, we only use 14 of
them (including no flags).
Since we want more flags for MLO (multi-link operation) in
the future, refactor the code to use a flags selector, so
wrap all of the .internal_flags assignments in a IFLAGS()
macro which selects the combination according to the pre-
defined list of combinations.
When we need a new combination, we'll have to add it, but
again we will never use all possible combinations.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Link: https://lore.kernel.org/r/20220414140402.70ddf8af3eb0.I2cc38cb6a10bb4c3863ec9ee97edbcc70a07aa4b@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Bug: 233160029
(cherry picked from commit 2182db91e0016ca2b451426290c3b368ba9f6fdc)
Change-Id: I6ca31b633ce0af9829d70a377906115d23d1c4ad
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
It's not necessary to hold the RTNL across color change
requests, since all the inner locking needs only the
wiphy mutex which we already hold as well.
Fixes: 0d2ab3aea5 ("nl80211: add support for BSS coloring")
Link: https://lore.kernel.org/r/20220414140402.32e03e8c261b.I5e7dc6bc563a129b938c43298da6bb4e812400a5@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Bug: 233160029
(cherry picked from commit 1b550a0bebfc0b69d6ec08fe6eb58953a8aec48a)
Change-Id: Ic03ef23eb9b1ff97b01a3fb8f227e84004a17d2d
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
We haven't used this function for years, since commit c781944b71
("cfg80211: Remove unused cfg80211_can_use_iftype_chan()") which
itself removed a function unused since commit 97dc94f1d9
("cfg80211: remove channel_switch combination check"), almost eight
years ago.
Also remove the now unused enum cfg80211_chan_mode and some struct
members that were only used for this function.
Link: https://lore.kernel.org/r/20220412220958.1a191dca19d7.Ide4448f02d0e2f1ca2992971421ffc1933a5370a@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Bug: 233160029
(cherry picked from commit 34c9a0e71cbb316f360919353273b185c2780cd7)
Change-Id: I287a54e33da467c5b3a128a7ed6eaade37f456bf
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
This reverts commit 6910f0f08b.
It was originally reverted as it broke the abi but can now be safely
brought back.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I18b7c0231c31517e2108febe00b07b0e661617a7
This reverts commit 8b226103c9.
It was originally reverted as it broke the abi but can now be safely
brought back.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: If91a2ea72060e1cadc14cdb18e5e8a6bfe54a594
This reverts commit e80661dff2.
It was originally reverted as it broke the abi but can now be safely
brought back.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I8cd3d50680e6493d7aa4e714e3b6f343bda2dc9d
This reverts commit 5deab346ca.
It was originally reverted as it broke the abi but can now be safely
brought back.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I1a084a80d2f0c669874468ad897c7d104016f1c6
This reverts commit 02428be2b4.
It was originally reverted as it broke the abi but can now be safely
brought back.
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ic084ca493d3e00c9768afd28322fdbfc012db66a
One may want to have DF set on large packets to support discovering
path mtu and limiting the size of generated packets (hence not
setting the XFRM_STATE_NOPMTUDISC tunnel flag), while still
supporting networks that are incapable of carrying even minimal
sized IPv6 frames (post encapsulation).
Having IPv4 Don't Frag bit set on encapsulated IPv6 frames that
are not larger than the minimum IPv6 mtu of 1280 isn't useful,
because the resulting ICMP Fragmentation Required error isn't
actionable (even assuming you receive it) because IPv6 will not
drop it's path mtu below 1280 anyway. While the IPv4 stack
could prefrag the packets post encap, this requires the ICMP
error to be successfully delivered and causes a loss of the
original IPv6 frame (thus requiring a retransmit and latency
hit). Luckily with IPv4 if we simply don't set the DF flag,
we'll just make further fragmenting the packets some other
router's problems.
We'll still learn the correct IPv4 path mtu through encapsulation
of larger IPv6 frames.
I'm still not convinced this patch is entirely sufficient to make
everything happy... but I don't see how it could possibly
make things worse.
See also recent:
4ff2980b6bd2 'xfrm: fix tunnel model fragmentation behavior'
and friends
Cc: Lorenzo Colitti <lorenzo@google.com>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Lina Wang <lina.wang@mediatek.com>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Maciej Zenczykowski <maze@google.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
(cherry picked from commit 6821ad8770340825f17962cf5ef64ebaffee7fd7 https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec.git master)
Bug: 203183943
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ie7701ebc63b1e2a974114538befd278154eb3bc6
There's no real reason not to send the SSID to userspace
when it requests information about P2P_GO, it is, in that
respect, exactly the same as AP interfaces. Fix that.
Fixes: 44905265bc ("nl80211: don't expose wdev->ssid for most interfaces")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Link: https://lore.kernel.org/r/20220318134656.14354ae223f0.Ia25e85a512281b92e1645d4160766a4b1a471597@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Bug: 233160029
(cherry picked from commit a75971bc2b8453630e9f85e0beaa4da8db8277a3)
Change-Id: Idfa7dcd16317073ce90081b7110bfc0c659898e5
Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmKErdYACgkQONu9yGCS
aT4LIg//bqU/qlVBJq3v3QCfN93SOXwECuPXi0e8p3aG/ptn1pzV0A5+rDD4TXeU
mpw8oWSNQC0Wn8mag9poCvLFaSHuMIo2wPoPOwpRyb0BfhXCaWE4s1HbX49dNi2l
9V76KC4JH69zaHtEmnBy83zzr4nyRG6q3bTd1hD3uJaSg6+2E+DfIK7MUSAyhyPU
DSi2CSHgxZkBEJIVncCPPhz4HX7RJIav51EwAZlnqW6eX3osEe9Qh1b82qcatXIF
rC/w74mQoRnghL0FRwQ5Z4mTEcgBI3lYoKJMkt8iZgOm9nBq1F62gXysKojmjDYc
AvP97Jt+hF9hDFUfR2wW/sA/rsRhw1mx0LoFu96fc15Nxiyh8b/MFD+b3a2CqtN9
szggwoezx90RbGOsc1zNhoX3VmZ2xMeVyAVg4RCscxXiO5FR1DqV4mUlbXoQx9ah
I9+GYtc0vs9BP9pucK2kx7fzJ+eW93jIZVXHuh6mcspu7sdTBQam+ERH1gMIyCki
OXcg0HCTLQi26MNMkrdX+RebwHxB7tbLXUXqYzQKEWjsLtCyv7LYmsRV+RZSyZ1p
vqKs4gTjLPmcINebsT80mYZSH560lXkjl6Z0H5U23NQO8RG3QewrKZkHqwOn5zyQ
aF5fnmVTVcMbT8BK3qCadr00Giz5usnw8R9am5EY1ELzo48207A=
=35Fl
-----END PGP SIGNATURE-----
Merge 5.15.41 into android13-5.15
Changes in 5.15.41
batman-adv: Don't skb_split skbuffs with frag_list
iwlwifi: iwl-dbg: Use del_timer_sync() before freeing
hwmon: (tmp401) Add OF device ID table
mac80211: Reset MBSSID parameters upon connection
net: Fix features skip in for_each_netdev_feature()
net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware when deleted
net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups
net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0
net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP filters
fbdev: simplefb: Cleanup fb_info in .fb_destroy rather than .remove
fbdev: efifb: Cleanup fb_info in .fb_destroy rather than .remove
fbdev: vesafb: Cleanup fb_info in .fb_destroy rather than .remove
platform/surface: aggregator: Fix initialization order when compiling as builtin module
ice: Fix race during aux device (un)plugging
ice: fix PTP stale Tx timestamps cleanup
ipv4: drop dst in multicast routing path
drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name()
netlink: do not reset transport header in netlink_recvmsg()
net: chelsio: cxgb4: Avoid potential negative array offset
fbdev: efifb: Fix a use-after-free due early fb_info cleanup
sfc: Use swap() instead of open coding it
net: sfc: fix memory leak due to ptp channel
mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection
nfs: fix broken handling of the softreval mount option
ionic: fix missing pci_release_regions() on error in ionic_probe()
dim: initialize all struct fields
hwmon: (ltq-cputemp) restrict it to SOC_XWAY
procfs: prevent unprivileged processes accessing fdinfo dir
selftests: vm: Makefile: rename TARGETS to VMTARGETS
arm64: vdso: fix makefile dependency on vdso.so
virtio: fix virtio transitional ids
s390/ctcm: fix variable dereferenced before check
s390/ctcm: fix potential memory leak
s390/lcs: fix variable dereferenced before check
net/sched: act_pedit: really ensure the skb is writable
net: ethernet: mediatek: ppe: fix wrong size passed to memset()
net: bcmgenet: Check for Wake-on-LAN interrupt probe deferral
drm/vc4: hdmi: Fix build error for implicit function declaration
net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down()
net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending
net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe()
tls: Fix context leak on tls_device_down
drm/vmwgfx: Fix fencing on SVGAv3
gfs2: Fix filesystem block deallocation for short writes
hwmon: (f71882fg) Fix negative temperature
RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core()
iommu: arm-smmu: disable large page mappings for Nvidia arm-smmu
ASoC: max98090: Reject invalid values in custom control put()
ASoC: max98090: Generate notifications on changes for custom control
ASoC: ops: Validate input values in snd_soc_put_volsw_range()
s390: disable -Warray-bounds
ASoC: SOF: Fix NULL pointer exception in sof_pci_probe callback
net: emaclite: Don't advertise 1000BASE-T and do auto negotiation
net: sfp: Add tx-fault workaround for Huawei MA5671A SFP ONT
secure_seq: use the 64 bits of the siphash for port offset calculation
tcp: use different parts of the port_offset for index and offset
tcp: resalt the secret every 10 seconds
tcp: add small random increments to the source port
tcp: dynamically allocate the perturb table used by source ports
tcp: increase source port perturb table to 2^16
tcp: drop the hash_32() part from the index calculation
interconnect: Restore sync state by ignoring ipa-virt in provider count
firmware_loader: use kernel credentials when reading firmware
KVM: PPC: Book3S PR: Enable MSR_DR for switch_mmu_context()
usb: xhci-mtk: fix fs isoc's transfer error
x86/mm: Fix marking of unused sub-pmd ranges
tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe()
tty: n_gsm: fix buffer over-read in gsm_dlci_data()
tty: n_gsm: fix mux activation issues in gsm_config()
usb: cdc-wdm: fix reading stuck on device close
usb: typec: tcpci: Don't skip cleanup in .remove() on error
usb: typec: tcpci_mt6360: Update for BMC PHY setting
USB: serial: pl2303: add device id for HP LM930 Display
USB: serial: qcserial: add support for Sierra Wireless EM7590
USB: serial: option: add Fibocom L610 modem
USB: serial: option: add Fibocom MA510 modem
slimbus: qcom: Fix IRQ check in qcom_slim_probe
fsl_lpuart: Don't enable interrupts too early
serial: 8250_mtk: Fix UART_EFR register address
serial: 8250_mtk: Fix register address for XON/XOFF character
ceph: fix setting of xattrs on async created inodes
Revert "mm/memory-failure.c: skip huge_zero_page in memory_failure()"
mm/huge_memory: do not overkill when splitting huge_zero_page
drm/vmwgfx: Disable command buffers on svga3 without gbobjects
drm/nouveau/tegra: Stop using iommu_present()
i40e: i40e_main: fix a missing check on list iterator
net: atlantic: always deep reset on pm op, fixing up my null deref regression
net: phy: Fix race condition on link status change
writeback: Avoid skipping inode writeback
cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp()
arm[64]/memremap: don't abuse pfn_valid() to ensure presence of linear map
net: phy: micrel: Do not use kszphy_suspend/resume for KSZ8061
net: phy: micrel: Pass .probe for KS8737
SUNRPC: Ensure that the gssproxy client can start in a connected state
drm/vmwgfx: Initialize drm_mode_fb_cmd2
Revert "drm/amd/pm: keep the BACO feature enabled for suspend"
dma-buf: call dma_buf_stats_setup after dmabuf is in valid list
mm/hwpoison: use pr_err() instead of dump_page() in get_any_page()
SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
ping: fix address binding wrt vrf
usb: gadget: uvc: rename function to be more consistent
usb: gadget: uvc: allow for application to cleanly shutdown
Linux 5.15.41
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ia65cdbbddf553237d6a3a38efb9bcb2fcc3990ec
commit e1a7ac6f3ba6e157adcd0ca94d92a401f1943f56 upstream.
When ping_group_range is updated, 'ping' uses the DGRAM ICMP socket,
instead of an IP raw socket. In this case, 'ping' is unable to bind its
socket to a local address owned by a vrflite.
Before the patch:
$ sysctl -w net.ipv4.ping_group_range='0 2147483647'
$ ip link add blue type vrf table 10
$ ip link add foo type dummy
$ ip link set foo master blue
$ ip link set foo up
$ ip addr add 192.168.1.1/24 dev foo
$ ip addr add 2001::1/64 dev foo
$ ip vrf exec blue ping -c1 -I 192.168.1.1 192.168.1.2
ping: bind: Cannot assign requested address
$ ip vrf exec blue ping6 -c1 -I 2001::1 2001::2
ping6: bind icmp socket: Cannot assign requested address
CC: stable@vger.kernel.org
Fixes: 1b69c6d0ae ("net: Introduce L3 Master device abstraction")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit f00432063db1a0db484e85193eccc6845435b80e upstream.
We must ensure that all sockets are closed before we call xprt_free()
and release the reference to the net namespace. The problem is that
calling fput() will defer closing the socket until delayed_fput() gets
called.
Let's fix the situation by allowing rpciod and the transport teardown
code (which runs on the system wq) to call __fput_sync(), and directly
close the socket.
Reported-by: Felix Fu <foyjog@gmail.com>
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
Fixes: a73881c96d ("SUNRPC: Fix an Oops in udp_poll()")
Cc: stable@vger.kernel.org # 5.1.x: 3be232f11a3c: SUNRPC: Prevent immediate close+reconnect
Cc: stable@vger.kernel.org # 5.1.x: 89f42494f92f: SUNRPC: Don't call connect() more than once on a TCP socket
Cc: stable@vger.kernel.org # 5.1.x
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Cc: Meena Shanmugam <meenashanmugam@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit fd13359f54ee854f00134abc6be32da94ec53dbf upstream.
Ensure that the gssproxy client connects to the server from the gssproxy
daemon process context so that the AF_LOCAL socket connection is done
using the correct path and namespaces.
Fixes: 1d658336b0 ("SUNRPC: Add RPC based upcall mechanism for RPCGSS auth")
Cc: stable@vger.kernel.org
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit e8161345ddbb66e449abde10d2fdce93f867eba9 ]
In commit 190cc82489 ("tcp: change source port randomizarion at
connect() time"), the table_perturb[] array was introduced and an
index was taken from the port_offset via hash_32(). But it turns
out that hash_32() performs a multiplication while the input here
comes from the output of SipHash in secure_seq, that is well
distributed enough to avoid the need for yet another hash.
Suggested-by: Amit Klein <aksecurity@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 4c2c8f03a5ab7cb04ec64724d7d176d00bcc91e5 ]
Moshe Kol, Amit Klein, and Yossi Gilad reported being able to accurately
identify a client by forcing it to emit only 40 times more connections
than there are entries in the table_perturb[] table. The previous two
improvements consisting in resalting the secret every 10s and adding
randomness to each port selection only slightly improved the situation,
and the current value of 2^8 was too small as it's not very difficult
to make a client emit 10k connections in less than 10 seconds.
Thus we're increasing the perturb table from 2^8 to 2^16 so that the
same precision now requires 2.6M connections, which is more difficult in
this time frame and harder to hide as a background activity. The impact
is that the table now uses 256 kB instead of 1 kB, which could mostly
affect devices making frequent outgoing connections. However such
components usually target a small set of destinations (load balancers,
database clients, perf assessment tools), and in practice only a few
entries will be visited, like before.
A live test at 1 million connections per second showed no performance
difference from the previous value.
Reported-by: Moshe Kol <moshe.kol@mail.huji.ac.il>
Reported-by: Yossi Gilad <yossi.gilad@mail.huji.ac.il>
Reported-by: Amit Klein <aksecurity@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit e9261476184be1abd486c9434164b2acbe0ed6c2 ]
We'll need to further increase the size of this table and it's likely
that at some point its size will not be suitable anymore for a static
table. Let's allocate it on boot from inet_hashinfo2_init(), which is
called from tcp_init().
Cc: Moshe Kol <moshe.kol@mail.huji.ac.il>
Cc: Yossi Gilad <yossi.gilad@mail.huji.ac.il>
Cc: Amit Klein <aksecurity@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit ca7af0402550f9a0b3316d5f1c30904e42ed257d ]
Here we're randomly adding between 0 and 7 random increments to the
selected source port in order to add some noise in the source port
selection that will make the next port less predictable.
With the default port range of 32768-60999 this means a worst case
reuse scenario of 14116/8=1764 connections between two consecutive
uses of the same port, with an average of 14116/4.5=3137. This code
was stressed at more than 800000 connections per second to a fixed
target with all connections closed by the client using RSTs (worst
condition) and only 2 connections failed among 13 billion, despite
the hash being reseeded every 10 seconds, indicating a perfectly
safe situation.
Cc: Moshe Kol <moshe.kol@mail.huji.ac.il>
Cc: Yossi Gilad <yossi.gilad@mail.huji.ac.il>
Cc: Amit Klein <aksecurity@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 4dfa9b438ee34caca4e6a4e5e961641807367f6f ]
In order to limit the ability for an observer to recognize the source
ports sequence used to contact a set of destinations, we should
periodically shuffle the secret. 10 seconds looks effective enough
without causing particular issues.
Cc: Moshe Kol <moshe.kol@mail.huji.ac.il>
Cc: Yossi Gilad <yossi.gilad@mail.huji.ac.il>
Cc: Amit Klein <aksecurity@gmail.com>
Cc: Jason A. Donenfeld <Jason@zx2c4.com>
Tested-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 9e9b70ae923baf2b5e8a0ea4fd0c8451801ac526 ]
Amit Klein suggests that we use different parts of port_offset for the
table's index and the port offset so that there is no direct relation
between them.
Cc: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: Moshe Kol <moshe.kol@mail.huji.ac.il>
Cc: Yossi Gilad <yossi.gilad@mail.huji.ac.il>
Cc: Amit Klein <aksecurity@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit b2d057560b8107c633b39aabe517ff9d93f285e3 ]
SipHash replaced MD5 in secure_ipv{4,6}_port_ephemeral() via commit
7cd23e5300 ("secure_seq: use SipHash in place of MD5"), but the output
remained truncated to 32-bit only. In order to exploit more bits from the
hash, let's make the functions return the full 64-bit of siphash_3u32().
We also make sure the port offset calculation in __inet_hash_connect()
remains done on 32-bit to avoid the need for div_u64_rem() and an extra
cost on 32-bit systems.
Cc: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: Moshe Kol <moshe.kol@mail.huji.ac.il>
Cc: Yossi Gilad <yossi.gilad@mail.huji.ac.il>
Cc: Amit Klein <aksecurity@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 3740651bf7e200109dd42d5b2fb22226b26f960a ]
The commit cited below claims to fix a use-after-free condition after
tls_device_down. Apparently, the description wasn't fully accurate. The
context stayed alive, but ctx->netdev became NULL, and the offload was
torn down without a proper fallback, so a bug was present, but a
different kind of bug.
Due to misunderstanding of the issue, the original patch dropped the
refcount_dec_and_test line for the context to avoid the alleged
premature deallocation. That line has to be restored, because it matches
the refcount_inc_not_zero from the same function, otherwise the contexts
that survived tls_device_down are leaked.
This patch fixes the described issue by restoring refcount_dec_and_test.
After this change, there is no leak anymore, and the fallback to
software kTLS still works.
Fixes: c55dcdd435 ("net/tls: Fix use-after-free after the TLS device goes down and up")
Signed-off-by: Maxim Mikityanskiy <maximmi@nvidia.com>
Reviewed-by: Tariq Toukan <tariqt@nvidia.com>
Link: https://lore.kernel.org/r/20220512091830.678684-1-maximmi@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit f3c46e41b32b6266cf60b0985c61748f53bf1c61 ]
Non blocking sendmsg will return -EAGAIN when any signal pending
and no send space left, while non blocking recvmsg return -EINTR
when signal pending and no data received. This may makes confused.
As TCP returns -EAGAIN in the conditions described above. Align the
behavior of smc with TCP.
Fixes: 846e344eb7 ("net/smc: add receive timeout check")
Signed-off-by: Guangguan Wang <guangguan.wang@linux.alibaba.com>
Reviewed-by: Tony Lu <tonylu@linux.alibaba.com>
Acked-by: Karsten Graul <kgraul@linux.ibm.com>
Link: https://lore.kernel.org/r/20220512030820.73848-1-guangguan.wang@linux.alibaba.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 8b796475fd7882663a870456466a4fb315cc1bd6 ]
Currently pedit tries to ensure that the accessed skb offset
is writable via skb_unclone(). The action potentially allows
touching any skb bytes, so it may end-up modifying shared data.
The above causes some sporadic MPTCP self-test failures, due to
this code:
tc -n $ns2 filter add dev ns2eth$i egress \
protocol ip prio 1000 \
handle 42 fw \
action pedit munge offset 148 u8 invert \
pipe csum tcp \
index 100
The above modifies a data byte outside the skb head and the skb is
a cloned one, carrying a TCP output packet.
This change addresses the issue by keeping track of a rough
over-estimate highest skb offset accessed by the action and ensuring
such offset is really writable.
Note that this may cause performance regressions in some scenarios,
but hopefully pedit is not in the critical path.
Fixes: db2c24175d ("act_pedit: access skb->data safely")
Acked-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Tested-by: Geliang Tang <geliang.tang@suse.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Link: https://lore.kernel.org/r/1fcf78e6679d0a287dd61bb0f04730ce33b3255d.1652194627.git.pabeni@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit d5076fe4049cadef1f040eda4aaa001bb5424225 ]
netlink_recvmsg() does not need to change transport header.
If transport header was needed, it should have been reset
by the producer (netlink_dump()), not the consumer(s).
The following trace probably happened when multiple threads
were using MSG_PEEK.
BUG: KCSAN: data-race in netlink_recvmsg / netlink_recvmsg
write to 0xffff88811e9f15b2 of 2 bytes by task 32012 on cpu 1:
skb_reset_transport_header include/linux/skbuff.h:2760 [inline]
netlink_recvmsg+0x1de/0x790 net/netlink/af_netlink.c:1978
sock_recvmsg_nosec net/socket.c:948 [inline]
sock_recvmsg net/socket.c:966 [inline]
__sys_recvfrom+0x204/0x2c0 net/socket.c:2097
__do_sys_recvfrom net/socket.c:2115 [inline]
__se_sys_recvfrom net/socket.c:2111 [inline]
__x64_sys_recvfrom+0x74/0x90 net/socket.c:2111
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
write to 0xffff88811e9f15b2 of 2 bytes by task 32005 on cpu 0:
skb_reset_transport_header include/linux/skbuff.h:2760 [inline]
netlink_recvmsg+0x1de/0x790 net/netlink/af_netlink.c:1978
____sys_recvmsg+0x162/0x2f0
___sys_recvmsg net/socket.c:2674 [inline]
__sys_recvmsg+0x209/0x3f0 net/socket.c:2704
__do_sys_recvmsg net/socket.c:2714 [inline]
__se_sys_recvmsg net/socket.c:2711 [inline]
__x64_sys_recvmsg+0x42/0x50 net/socket.c:2711
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
value changed: 0xffff -> 0x0000
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 32005 Comm: syz-executor.4 Not tainted 5.18.0-rc1-syzkaller-00328-ge1f700ebd6be-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Link: https://lore.kernel.org/r/20220505161946.2867638-1-eric.dumazet@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 86af062f40a73bf63321694e6bf637144f0383fe ]
Currently MBSSID parameters in struct ieee80211_bss_conf
are not reset upon connection. This could be problematic
with some drivers in a scenario where the device first
connects to a non-transmit BSS and then connects to a
transmit BSS of a Multi BSS AP. The MBSSID parameters
which are set after connecting to a non-transmit BSS will
not be reset and the same parameters will be passed on to
the driver during the subsequent connection to a transmit
BSS of a Multi BSS AP.
For example, firmware running on the ath11k device uses the
Multi BSS data for tracking the beacon of a non-transmit BSS
and reports the driver when there is a beacon miss. If we do
not reset the MBSSID parameters during the subsequent
connection to a transmit BSS, then the driver would have
wrong MBSSID data and FW would be looking for an incorrect
BSSID in the MBSSID beacon of a Multi BSS AP and reports
beacon loss leading to an unstable connection.
Reset the MBSSID parameters upon every connection to solve this
problem.
Fixes: 78ac51f815 ("mac80211: support multi-bssid")
Signed-off-by: Manikanta Pubbisetty <quic_mpubbise@quicinc.com>
Link: https://lore.kernel.org/r/20220428052744.27040-1-quic_mpubbise@quicinc.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit a063f2fba3fa633a599253b62561051ac185fa99 ]
The receiving interface might have used GRO to receive more fragments than
MAX_SKB_FRAGS fragments. In this case, these will not be stored in
skb_shinfo(skb)->frags but merged into the frag list.
batman-adv relies on the function skb_split to split packets up into
multiple smaller packets which are not larger than the MTU on the outgoing
interface. But this function cannot handle frag_list entries and is only
operating on skb_shinfo(skb)->frags. If it is still trying to split such an
skb and xmit'ing it on an interface without support for NETIF_F_FRAGLIST,
then validate_xmit_skb() will try to linearize it. But this fails due to
inconsistent information. And __pskb_pull_tail will trigger a BUG_ON after
skb_copy_bits() returns an error.
In case of entries in frag_list, just linearize the skb before operating on
it with skb_split().
Reported-by: Felix Kaechele <felix@kaechele.ca>
Fixes: c6c8fea297 ("net: Add batman-adv meshing protocol")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Tested-by: Felix Kaechele <felix@kaechele.ca>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Changes in 5.15.39
MIPS: Fix CP0 counter erratum detection for R4k CPUs
parisc: Merge model and model name into one line in /proc/cpuinfo
ALSA: hda/realtek: Add quirk for Yoga Duet 7 13ITL6 speakers
ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes
mmc: sdhci-msm: Reset GCC_SDCC_BCR register for SDHC
mmc: sunxi-mmc: Fix DMA descriptors allocated above 32 bits
mmc: core: Set HS clock speed before sending HS CMD13
gpiolib: of: fix bounds check for 'gpio-reserved-ranges'
x86/fpu: Prevent FPU state corruption
KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id
iommu/vt-d: Calculate mask for non-aligned flushes
iommu/arm-smmu-v3: Fix size calculation in arm_smmu_mm_invalidate_range()
drm/amd/display: Avoid reading audio pattern past AUDIO_CHANNELS_COUNT
drm/amdgpu: do not use passthrough mode in Xen dom0
RISC-V: relocate DTB if it's outside memory region
Revert "SUNRPC: attempt AF_LOCAL connect on setup"
timekeeping: Mark NMI safe time accessors as notrace
firewire: fix potential uaf in outbound_phy_packet_callback()
firewire: remove check of list iterator against head past the loop body
firewire: core: extend card->lock in fw_core_handle_bus_reset
net: stmmac: disable Split Header (SPH) for Intel platforms
genirq: Synchronize interrupt thread startup
ASoC: da7219: Fix change notifications for tone generator frequency
ASoC: wm8958: Fix change notifications for DSP controls
ASoC: meson: Fix event generation for AUI ACODEC mux
ASoC: meson: Fix event generation for G12A tohdmi mux
ASoC: meson: Fix event generation for AUI CODEC mux
s390/dasd: fix data corruption for ESE devices
s390/dasd: prevent double format of tracks for ESE devices
s390/dasd: Fix read for ESE with blksize < 4k
s390/dasd: Fix read inconsistency for ESE DASD devices
can: grcan: grcan_close(): fix deadlock
can: isotp: remove re-binding of bound socket
can: grcan: use ofdev->dev when allocating DMA memory
can: grcan: grcan_probe(): fix broken system id check for errata workaround needs
can: grcan: only use the NAPI poll budget for RX
nfc: replace improper check device_is_registered() in netlink related functions
nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs
NFC: netlink: fix sleep in atomic bug when firmware download timeout
gpio: visconti: Fix fwnode of GPIO IRQ
gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set)
hwmon: (adt7470) Fix warning on module removal
hwmon: (pmbus) disable PEC if not enabled
ASoC: dmaengine: Restore NULL prepare_slave_config() callback
ASoC: soc-ops: fix error handling
iommu/vt-d: Drop stop marker messages
iommu/dart: check return value after calling platform_get_resource()
net/mlx5e: Fix trust state reset in reload
net/mlx5e: Don't match double-vlan packets if cvlan is not set
net/mlx5e: CT: Fix queued up restore put() executing after relevant ft release
net/mlx5e: Fix the calling of update_buffer_lossy() API
net/mlx5: Avoid double clear or set of sync reset requested
net/mlx5: Fix deadlock in sync reset flow
selftests/seccomp: Don't call read() on TTY from background pgrp
SUNRPC release the transport of a relocated task with an assigned transport
RDMA/siw: Fix a condition race issue in MPA request processing
RDMA/irdma: Flush iWARP QP if modified to ERR from RTR state
RDMA/irdma: Reduce iWARP QP destroy time
RDMA/irdma: Fix possible crash due to NULL netdev in notifier
NFSv4: Don't invalidate inode attributes on delegation return
net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init()
net: dsa: mt7530: add missing of_node_put() in mt7530_setup()
net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux()
net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller
net: cpsw: add missing of_node_put() in cpsw_probe_dt()
net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter()
net: emaclite: Add error handling for of_address_to_resource()
selftests/net: so_txtime: fix parsing of start time stamp on 32 bit systems
selftests/net: so_txtime: usage(): fix documentation of default clock
drm/msm/dp: remove fail safe mode related code
btrfs: do not BUG_ON() on failure to update inode when setting xattr
hinic: fix bug of wq out of bound access
mld: respect RCU rules in ip6_mc_source() and ip6_mc_msfilter()
rxrpc: Enable IPv6 checksums on transport socket
selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational
bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag
bnxt_en: Fix unnecessary dropping of RX packets
selftests: ocelot: tc_flower_chains: specify conform-exceed action for policer
smsc911x: allow using IRQ0
btrfs: force v2 space cache usage for subpage mount
btrfs: always log symlinks in full mode
drm/amdgpu: unify BO evicting method in amdgpu_ttm
drm/amdgpu: explicitly check for s0ix when evicting resources
drm/amdgpu: don't set s3 and s0ix at the same time
drm/amdgpu: Ensure HDA function is suspended before ASIC reset
gpio: mvebu: drop pwm base assignment
kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU
fbdev: Make fb_release() return -ENODEV if fbdev was unregistered
net/mlx5: Fix slab-out-of-bounds while reading resource dump menu
net/mlx5e: Lag, Fix use-after-free in fib event handler
net/mlx5e: Lag, Fix fib_info pointer assignment
net/mlx5e: Lag, Don't skip fib events on current dst
iommu/dart: Add missing module owner to ops structure
kvm: selftests: do not use bitfields larger than 32-bits for PTEs
KVM: selftests: Silence compiler warning in the kvm_page_table_test
x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume
KVM: x86: Do not change ICR on write to APIC_SELF_IPI
KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs
KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised
selftest/vm: verify mmap addr in mremap_test
selftest/vm: verify remap destination address in mremap_test
mmc: rtsx: add 74 Clocks in power on flow
Revert "parisc: Mark sched_clock unstable only if clocks are not syncronized"
rcu: Fix callbacks processing time limit retaining cond_resched()
rcu: Apply callbacks processing time limit only on softirq
PCI: pci-bridge-emul: Add description for class_revision field
PCI: pci-bridge-emul: Add definitions for missing capabilities registers
PCI: aardvark: Add support for DEVCAP2, DEVCTL2, LNKCAP2 and LNKCTL2 registers on emulated bridge
PCI: aardvark: Clear all MSIs at setup
PCI: aardvark: Comment actions in driver remove method
PCI: aardvark: Disable bus mastering when unbinding driver
PCI: aardvark: Mask all interrupts when unbinding driver
PCI: aardvark: Fix memory leak in driver unbind
PCI: aardvark: Assert PERST# when unbinding driver
PCI: aardvark: Disable link training when unbinding driver
PCI: aardvark: Disable common PHY when unbinding driver
PCI: aardvark: Replace custom PCIE_CORE_INT_* macros with PCI_INTERRUPT_*
PCI: aardvark: Rewrite IRQ code to chained IRQ handler
PCI: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ
PCI: aardvark: Make MSI irq_chip structures static driver structures
PCI: aardvark: Make msi_domain_info structure a static driver structure
PCI: aardvark: Use dev_fwnode() instead of of_node_to_fwnode(dev->of_node)
PCI: aardvark: Refactor unmasking summary MSI interrupt
PCI: aardvark: Add support for masking MSI interrupts
PCI: aardvark: Fix setting MSI address
PCI: aardvark: Enable MSI-X support
PCI: aardvark: Add support for ERR interrupt on emulated bridge
PCI: aardvark: Optimize writing PCI_EXP_RTCTL_PMEIE and PCI_EXP_RTSTA_PME on emulated bridge
PCI: aardvark: Add support for PME interrupts
PCI: aardvark: Fix support for PME requester on emulated bridge
PCI: aardvark: Use separate INTA interrupt for emulated root bridge
PCI: aardvark: Remove irq_mask_ack() callback for INTx interrupts
PCI: aardvark: Don't mask irq when mapping
PCI: aardvark: Drop __maybe_unused from advk_pcie_disable_phy()
PCI: aardvark: Update comment about link going down after link-up
Linux 5.15.39
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ic51d6d05a0d99156c6fd844786e984aff8e7386a
This reverts commit d632cba7de which is
commit b253a0680ceadc5d7b4acca7aa2d870326cad8ad upstream.
It breaks the abi and is not needed for Android systems, so revert it.
Bug: 161946584
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I6c40e8900bcc80b03e3d5fb2c99c9e95615b81ff
Changes in 5.15.38
usb: mtu3: fix USB 3.0 dual-role-switch from device to host
USB: quirks: add a Realtek card reader
USB: quirks: add STRING quirk for VCOM device
USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS
USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader
USB: serial: option: add support for Cinterion MV32-WA/MV32-WB
USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions
usb: xhci: tegra:Fix PM usage reference leak of tegra_xusb_unpowergate_partitions
xhci: Enable runtime PM on second Alderlake controller
xhci: stop polling roothubs after shutdown
xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms
iio: dac: ad5592r: Fix the missing return value.
iio: dac: ad5446: Fix read_raw not returning set value
iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on()
iio: imu: inv_icm42600: Fix I2C init possible nack
usb: misc: fix improper handling of refcount in uss720_probe()
usb: core: Don't hold the device lock while sleeping in do_proc_control()
usb: typec: ucsi: Fix reuse of completion structure
usb: typec: ucsi: Fix role swapping
usb: gadget: uvc: Fix crash when encoding data for usb request
usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind()
usb: dwc3: Try usb-role-switch first in dwc3_drd_init
usb: dwc3: core: Fix tx/rx threshold settings
usb: dwc3: core: Only handle soft-reset in DCTL
usb: dwc3: gadget: Return proper request status
usb: dwc3: pci: add support for the Intel Meteor Lake-P
usb: cdns3: Fix issue for clear halt endpoint
usb: phy: generic: Get the vbus supply
serial: imx: fix overrun interrupts in DMA mode
serial: amba-pl011: do not time out prematurely when draining tx fifo
serial: 8250: Also set sticky MCR bits in console restoration
serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device
arch_topology: Do not set llc_sibling if llc_id is invalid
ceph: fix possible NULL pointer dereference for req->r_session
bus: mhi: host: pci_generic: Add missing poweroff() PM callback
bus: mhi: host: pci_generic: Flush recovery worker during freeze
arm64: dts: imx8mm-venice: fix spi2 pin configuration
pinctrl: samsung: fix missing GPIOLIB on ARM64 Exynos config
hex2bin: make the function hex_to_bin constant-time
hex2bin: fix access beyond string end
riscv: patch_text: Fixup last cpu should be master
x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests
iocost: don't reset the inuse weight of under-weighted debtors
virtio_net: fix wrong buf address calculation when using xdp
cpufreq: qcom-hw: fix the race between LMH worker and cpuhp
cpufreq: qcom-cpufreq-hw: Fix throttle frequency value on EPSS platforms
video: fbdev: udlfb: properly check endpoint type
arm64: dts: meson: remove CPU opps below 1GHz for G12B boards
arm64: dts: meson: remove CPU opps below 1GHz for SM1 boards
iio:imu:bmi160: disable regulator in error path
mtd: rawnand: fix ecc parameters for mt7622
xsk: Fix l2fwd for copy mode + busy poll combo
arm64: dts: imx8qm: Correct SCU clock controller's compatible property
USB: Fix xhci event ring dequeue pointer ERDP update issue
ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue
arm64: dts: imx8mn: Fix SAI nodes
arm64: dts: meson-sm1-bananapi-m5: fix wrong GPIO pin labeling for CON1
phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe
phy: samsung: exynos5250-sata: fix missing device put in probe error paths
ARM: OMAP2+: Fix refcount leak in omap_gic_of_init
bus: ti-sysc: Make omap3 gpt12 quirk handling SoC specific
ARM: dts: dra7: Fix suspend warning for vpe powerdomain
phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks
ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek
ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name
ARM: dts: at91: fix pinctrl phandles
phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe
phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe
interconnect: qcom: sdx55: Drop IP0 interconnects
ARM: dts: Fix mmc order for omap3-gta04
ARM: dts: am3517-evm: Fix misc pinmuxing
ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35
ipvs: correctly print the memory size of ip_vs_conn_tab
phy: amlogic: fix error path in phy_g12a_usb3_pcie_probe()
pinctrl: mediatek: moore: Fix build error
mtd: rawnand: Fix return value check of wait_for_completion_timeout
mtd: fix 'part' field data corruption in mtd_info
pinctrl: stm32: Do not call stm32_gpio_get() for edge triggered IRQs in EOI
memory: renesas-rpc-if: Fix HF/OSPI data transfer in Manual Mode
net: dsa: Add missing of_node_put() in dsa_port_link_register_of
netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion
bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from bpf_xmit lwt hook
pinctrl: rockchip: fix RK3308 pinmux bits
tcp: md5: incorrect tcp_header_len for incoming connections
pinctrl: stm32: Keep pinctrl block clock enabled when LEVEL IRQ requested
tcp: ensure to use the most recently sent skb when filling the rate sample
wireguard: device: check for metadata_dst with skb_valid_dst()
sctp: check asoc strreset_chunk in sctp_generate_reconf_event
ARM: dts: imx6ull-colibri: fix vqmmc regulator
arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock
pinctrl: pistachio: fix use of irq_of_parse_and_map()
cpufreq: fix memory leak in sun50i_cpufreq_nvmem_probe
net: hns3: clear inited state and stop client after failed to register netdev
net: hns3: modify the return code of hclge_get_ring_chain_from_mbx
net: hns3: add validity check for message data length
net: hns3: add return value for mailbox handling in PF
net/smc: sync err code when tcp connection was refused
ip_gre: Make o_seqno start from 0 in native mode
ip6_gre: Make o_seqno start from 0 in native mode
ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md mode
tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT
tcp: make sure treq->af_specific is initialized
bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create()
clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource()
cpufreq: qcom-cpufreq-hw: Clear dcvs interrupts
net: bcmgenet: hide status block before TX timestamping
net: phy: marvell10g: fix return value on error
net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr
drm/sun4i: Remove obsolete references to PHYS_OFFSET
net: dsa: lantiq_gswip: Don't set GSWIP_MII_CFG_RMII_CLK
io_uring: check reserved fields for send/sendmsg
io_uring: check reserved fields for recv/recvmsg
netfilter: conntrack: fix udp offload timeout sysctl
drm/amdkfd: Fix GWS queue count
drm/amd/display: Fix memory leak in dcn21_clock_source_create
tls: Skip tls_append_frag on zero copy size
bnx2x: fix napi API usage sequence
net: fec: add missing of_node_put() in fec_enet_init_stop_mode()
gfs2: Prevent endless loops in gfs2_file_buffered_write
gfs2: Minor retry logic cleanup
gfs2: Make sure not to return short direct writes
gfs2: No short reads or writes upon glock contention
perf arm-spe: Fix addresses of synthesized SPE events
ixgbe: ensure IPsec VF<->PF compatibility
Revert "ibmvnic: Add ethtool private flag for driver-defined queue limits"
tcp: fix F-RTO may not work correctly when receiving DSACK
ASoC: Intel: soc-acpi: correct device endpoints for max98373
ASoC: wm8731: Disable the regulator when probing fails
ext4: fix bug_on in start_this_handle during umount filesystem
arch: xtensa: platforms: Fix deadlock in rs_close()
ksmbd: increment reference count of parent fp
ksmbd: set fixed sector size to FS_SECTOR_SIZE_INFORMATION
bonding: do not discard lowest hash bit for non layer3+4 hashing
x86: __memcpy_flushcache: fix wrong alignment if size > 2^32
cifs: destage any unwritten data to the server before calling copychunk_write
drivers: net: hippi: Fix deadlock in rr_close()
powerpc/perf: Fix 32bit compile
selftest/vm: verify mmap addr in mremap_test
selftest/vm: verify remap destination address in mremap_test
Revert "ACPI: processor: idle: fix lockup regression on 32-bit ThinkPad T40"
zonefs: Fix management of open zones
zonefs: Clear inode information flags on inode creation
kasan: prevent cpu_quarantine corruption when CPU offline and cache shrink occur at same time
mtd: rawnand: qcom: fix memory corruption that causes panic
netfilter: Update ip6_route_me_harder to consider L3 domain
drm/i915: Check EDID for HDR static metadata when choosing blc
drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses
net: ethernet: stmmac: fix write to sgmii_adapter_base
ACPI: processor: idle: Avoid falling back to C3 type C-states
thermal: int340x: Fix attr.show callback prototype
btrfs: fix leaked plug after failure syncing log on zoned filesystems
ARM: dts: at91: sama7g5ek: enable pull-up on flexcom3 console lines
ARM: dts: imx8mm-venice-gw{71xx,72xx,73xx}: fix OTG controller OC mode
x86/cpu: Load microcode during restore_processor_state()
perf symbol: Pass is_kallsyms to symbols__fixup_end()
perf symbol: Update symbols__fixup_end()
tty: n_gsm: fix restart handling via CLD command
tty: n_gsm: fix decoupled mux resource
tty: n_gsm: fix mux cleanup after unregister tty device
tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2
tty: n_gsm: fix malformed counter for out of frame data
netfilter: nft_socket: only do sk lookups when indev is available
tty: n_gsm: fix insufficient txframe size
tty: n_gsm: fix wrong DLCI release order
tty: n_gsm: fix missing explicit ldisc flush
tty: n_gsm: fix wrong command retry handling
tty: n_gsm: fix wrong command frame length field encoding
tty: n_gsm: fix wrong signal octets encoding in MSC
tty: n_gsm: fix missing tty wakeup in convergence layer type 2
tty: n_gsm: fix reset fifo race condition
tty: n_gsm: fix incorrect UA handling
tty: n_gsm: fix software flow control handling
perf symbol: Remove arch__symbols__fixup_end()
eeprom: at25: Use DMA safe buffers
objtool: Fix code relocs vs weak symbols
objtool: Fix type of reloc::addend
powerpc/64: Add UADDR64 relocation support
Linux 5.15.38
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ic5e398d47dd6240ecde38f635b3085fae7c3c0ab
This reverts the merge of 5.15.37 into the android13-5.15
There are lots of ABI issues, and many of the commits are not needed in
the Android tree at this time. Revert the merge (except for the
Makefile change), so that future merges will continue to work, and the
needed individual changes from this release will be manually added to
the tree at a later point in time.
Fixes: f7dace75d276 ("Merge 5.15.37 into android13-5.15")
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I0632858e5c0fb94fc14c0f4216997330eca260a7
Changes in 5.15.37
floppy: disable FDRAWCMD by default
bpf: Introduce composable reg, ret and arg types.
bpf: Replace ARG_XXX_OR_NULL with ARG_XXX | PTR_MAYBE_NULL
bpf: Replace RET_XXX_OR_NULL with RET_XXX | PTR_MAYBE_NULL
bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL
bpf: Introduce MEM_RDONLY flag
bpf: Convert PTR_TO_MEM_OR_NULL to composable types.
bpf: Make per_cpu_ptr return rdonly PTR_TO_MEM.
bpf: Add MEM_RDONLY for helper args that are pointers to rdonly mem.
bpf/selftests: Test PTR_TO_RDONLY_MEM
bpf: Fix crash due to out of bounds access into reg2btf_ids.
spi: cadence-quadspi: fix write completion support
ARM: dts: socfpga: change qspi to "intel,socfpga-qspi"
mm: kfence: fix objcgs vector allocation
gup: Turn fault_in_pages_{readable,writeable} into fault_in_{readable,writeable}
iov_iter: Turn iov_iter_fault_in_readable into fault_in_iov_iter_readable
iov_iter: Introduce fault_in_iov_iter_writeable
gfs2: Add wrapper for iomap_file_buffered_write
gfs2: Clean up function may_grant
gfs2: Introduce flag for glock holder auto-demotion
gfs2: Move the inode glock locking to gfs2_file_buffered_write
gfs2: Eliminate ip->i_gh
gfs2: Fix mmap + page fault deadlocks for buffered I/O
iomap: Fix iomap_dio_rw return value for user copies
iomap: Support partial direct I/O on user copy failures
iomap: Add done_before argument to iomap_dio_rw
gup: Introduce FOLL_NOFAULT flag to disable page faults
iov_iter: Introduce nofault flag to disable page faults
gfs2: Fix mmap + page fault deadlocks for direct I/O
btrfs: fix deadlock due to page faults during direct IO reads and writes
btrfs: fallback to blocking mode when doing async dio over multiple extents
mm: gup: make fault_in_safe_writeable() use fixup_user_fault()
selftests/bpf: Add test for reg2btf_ids out of bounds access
Linux 5.15.37
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ica39b8856d6e3928a82f4e34f8b401f1a5cba5ee
This reverts commit bcba40bd36.
It breaks the abi and is not really needed for Android systems, so
revert it for now.
Bug: 161946584
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I8768fa3c558d43cbe2005c151c494c9fd6146089
This reverts commit 67e4860eee.
It breaks the abi and is not really needed for Android systems, so
revert it for now.
Bug: 161946584
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ia8363274cf64b68fdbf0653a4e520a5a5a35117f
This reverts commit 2e25c46c6e.
It breaks the abi and is not really needed for Android systems, so
revert it for now.
Bug: 161946584
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I20e6d9e81124122c75289424b8411d85c9047c71
This reverts commit 652a540539.
It breaks the kernel abi so revert it for now. We will add it back
later at the next kabi update.
Bug: 161946584
Fixes: 652a540539 ("ipv6: make ip6_rt_gc_expire an atomic_t")
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ibab89760234525cc5622cd60e61599784fd0f80a
Changes in 5.15.36
fs: remove __sync_filesystem
block: remove __sync_blockdev
block: simplify the block device syncing code
vfs: make sync_filesystem return errors from ->sync_fs
xfs: return errors in xfs_fs_sync_fs
dma-mapping: remove bogus test for pfn_valid from dma_map_resource
arm64/mm: drop HAVE_ARCH_PFN_VALID
etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead
mm: page_alloc: fix building error on -Werror=array-compare
perf tools: Fix segfault accessing sample_id xyarray
mm, kfence: support kmem_dump_obj() for KFENCE objects
gfs2: assign rgrp glock before compute_bitstructs
scsi: ufs: core: scsi_get_lba() error fix
net/sched: cls_u32: fix netns refcount changes in u32_change()
ALSA: usb-audio: Clear MIDI port active flag after draining
ALSA: hda/realtek: Add quirk for Clevo NP70PNP
ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek
ASoC: topology: Correct error handling in soc_tplg_dapm_widget_create()
ASoC: rk817: Use devm_clk_get() in rk817_platform_probe
ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component
ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use
dmaengine: idxd: fix device cleanup on disable
dmaengine: imx-sdma: Fix error checking in sdma_event_remap
dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources
dmaengine: dw-edma: Fix unaligned 64bit access
spi: spi-mtk-nor: initialize spi controller after resume
esp: limit skb_page_frag_refill use to a single page
spi: cadence-quadspi: fix incorrect supports_op() return value
igc: Fix infinite loop in release_swfw_sync
igc: Fix BUG: scheduling while atomic
igc: Fix suspending when PTM is active
ALSA: hda/hdmi: fix warning about PCM count when used with SOF
rxrpc: Restore removed timer deletion
net/smc: Fix sock leak when release after smc_shutdown()
net/packet: fix packet_sock xmit return value checking
ip6_gre: Avoid updating tunnel->tun_hlen in __gre6_xmit()
ip6_gre: Fix skb_under_panic in __gre6_xmit()
net: restore alpha order to Ethernet devices in config
net/sched: cls_u32: fix possible leak in u32_init_knode()
l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu
ipv6: make ip6_rt_gc_expire an atomic_t
can: isotp: stop timeout monitoring when no first frame was sent
net: dsa: hellcreek: Calculate checksums in tagger
net: mscc: ocelot: fix broken IP multicast flooding
netlink: reset network and mac headers in netlink_dump()
drm/i915/display/psr: Unset enable_psr2_sel_fetch if other checks in intel_psr2_config_valid() fails
net: stmmac: Use readl_poll_timeout_atomic() in atomic state
dmaengine: idxd: add RO check for wq max_batch_size write
dmaengine: idxd: add RO check for wq max_transfer_size write
dmaengine: idxd: skip clearing device context when device is read-only
selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets
arm64: mm: fix p?d_leaf()
ARM: vexpress/spc: Avoid negative array index when !SMP
reset: renesas: Check return value of reset_control_deassert()
reset: tegra-bpmp: Restore Handle errors in BPMP response
platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative
ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant
drm/msm/disp: check the return value of kzalloc()
arm64: dts: imx: Fix imx8*-var-som touchscreen property sizes
vxlan: fix error return code in vxlan_fdb_append
cifs: Check the IOCB_DIRECT flag, not O_DIRECT
net: atlantic: Avoid out-of-bounds indexing
mt76: Fix undefined behavior due to shift overflowing the constant
brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant
dpaa_eth: Fix missing of_node_put in dpaa_get_ts_info()
drm/msm/mdp5: check the return of kzalloc()
net: macb: Restart tx only if queue pointer is lagging
scsi: iscsi: Release endpoint ID when its freed
scsi: iscsi: Merge suspend fields
scsi: iscsi: Fix NOP handling during conn recovery
scsi: qedi: Fix failed disconnect handling
stat: fix inconsistency between struct stat and struct compat_stat
VFS: filename_create(): fix incorrect intent.
nvme: add a quirk to disable namespace identifiers
nvme-pci: disable namespace identifiers for the MAXIO MAP1002/1202
nvme-pci: disable namespace identifiers for Qemu controllers
EDAC/synopsys: Read the error count from the correct register
mm/memory-failure.c: skip huge_zero_page in memory_failure()
memcg: sync flush only if periodic flush is delayed
mm, hugetlb: allow for "high" userspace addresses
oom_kill.c: futex: delay the OOM reaper to allow time for proper futex cleanup
mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove()
ata: pata_marvell: Check the 'bmdma_addr' beforing reading
dma: at_xdmac: fix a missing check on list iterator
dmaengine: imx-sdma: fix init of uart scripts
net: atlantic: invert deep par in pm functions, preventing null derefs
Input: omap4-keypad - fix pm_runtime_get_sync() error checking
scsi: sr: Do not leak information in ioctl
sched/pelt: Fix attach_entity_load_avg() corner case
perf/core: Fix perf_mmap fail when CONFIG_PERF_USE_VMALLOC enabled
drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised
drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare
KVM: PPC: Fix TCE handling for VFIO
drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage
powerpc/perf: Fix power9 event alternatives
powerpc/perf: Fix power10 event alternatives
perf script: Always allow field 'data_src' for auxtrace
perf report: Set PERF_SAMPLE_DATA_SRC bit for Arm SPE event
xtensa: patch_text: Fixup last cpu should be master
xtensa: fix a7 clobbering in coprocessor context load/store
openvswitch: fix OOB access in reserve_sfa_size()
gpio: Request interrupts after IRQ is initialized
ASoC: soc-dapm: fix two incorrect uses of list iterator
e1000e: Fix possible overflow in LTR decoding
ARC: entry: fix syscall_trace_exit argument
arm_pmu: Validate single/group leader events
KVM: x86/pmu: Update AMD PMC sample period to fix guest NMI-watchdog
KVM: x86: Pend KVM_REQ_APICV_UPDATE during vCPU creation to fix a race
KVM: nVMX: Defer APICv updates while L2 is active until L1 is active
KVM: SVM: Flush when freeing encrypted pages even on SME_COHERENT CPUs
netfilter: conntrack: convert to refcount_t api
netfilter: conntrack: avoid useless indirection during conntrack destruction
ext4: fix fallocate to use file_modified to update permissions consistently
ext4: fix symlink file size not match to file content
ext4: fix use-after-free in ext4_search_dir
ext4: limit length to bitmap_maxbytes - blocksize in punch_hole
ext4, doc: fix incorrect h_reserved size
ext4: fix overhead calculation to account for the reserved gdt blocks
ext4: force overhead calculation if the s_overhead_cluster makes no sense
netfilter: nft_ct: fix use after free when attaching zone template
jbd2: fix a potential race while discarding reserved buffers after an abort
spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller
block/compat_ioctl: fix range check in BLKGETSIZE
arm64: dts: qcom: add IPA qcom,qmp property
Linux 5.15.36
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I44d3a4de9b6fa1d2016b4e063eb211e8373a1216
commit 103a2f3255a95991252f8f13375c3a96a75011cd upstream.
Set a size limit of 8 bytes of the written buffer to "hdev->name"
including the terminating null byte, as the size of "hdev->name" is 8
bytes. If an id value which is greater than 9999 is allocated,
then the "snprintf(hdev->name, sizeof(hdev->name), "hci%d", id)"
function call would lead to a truncation of the id value in decimal
notation.
Set an explicit maximum id parameter in the id allocation function call.
The id allocation function defines the maximum allocated id value as the
maximum id parameter value minus one. Therefore, HCI_MAX_ID is defined
as 10000.
Signed-off-by: Itay Iellin <ieitayie@gmail.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 39cb9faa5d46d0d0694f4b594ef905f517600c8e upstream.
AF_RXRPC doesn't currently enable IPv6 UDP Tx checksums on the transport
socket it opens and the checksums in the packets it generates end up 0.
It probably should also enable IPv6 UDP Rx checksums and IPv4 UDP
checksums. The latter only seem to be applied if the socket family is
AF_INET and don't seem to apply if it's AF_INET6. IPv4 packets from an
IPv6 socket seem to have checksums anyway.
What seems to have happened is that the inet_inv_convert_csum() call didn't
get converted to the appropriate udp_port_cfg parameters - and
udp_sock_create() disables checksums unless explicitly told not too.
Fix this by enabling the three udp_port_cfg checksum options.
Fixes: 1a9b86c9fd ("rxrpc: use udp tunnel APIs instead of open code in rxrpc_open_socket")
Reported-by: Marc Dionne <marc.dionne@auristor.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Xin Long <lucien.xin@gmail.com>
Reviewed-by: Marc Dionne <marc.dionne@auristor.com>
cc: Vadim Fedorenko <vfedorenko@novek.ru>
cc: David S. Miller <davem@davemloft.net>
cc: linux-afs@lists.infradead.org
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit a9384a4c1d250cb40cebf50e41459426d160b08e upstream.
Whenever RCU protected list replaces an object,
the pointer to the new object needs to be updated
_before_ the call to kfree_rcu() or call_rcu()
Also ip6_mc_msfilter() needs to update the pointer
before releasing the mc_lock mutex.
Note that linux-5.13 was supporting kfree_rcu(NULL, rcu),
so this fix does not need the conditional test I was
forced to use in the equivalent patch for IPv4.
Fixes: 882ba1f73c ("mld: convert ipv6_mc_socklist->sflist to RCU")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit e13433b4416fa31a24e621cbbbb39227a3d651dd upstream.
A relocated task must release its previous transport.
Fixes: 82ee41b85cef1 ("SUNRPC don't resend a task on an offlined transport")
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 4071bf121d59944d5cd2238de0642f3d7995a997 upstream.
There are sleep in atomic bug that could cause kernel panic during
firmware download process. The root cause is that nlmsg_new with
GFP_KERNEL parameter is called in fw_dnld_timeout which is a timer
handler. The call trace is shown below:
BUG: sleeping function called from invalid context at include/linux/sched/mm.h:265
Call Trace:
kmem_cache_alloc_node
__alloc_skb
nfc_genl_fw_download_done
call_timer_fn
__run_timers.part.0
run_timer_softirq
__do_softirq
...
The nlmsg_new with GFP_KERNEL parameter may sleep during memory
allocation process, and the timer handler is run as the result of
a "software interrupt" that should not call any other function
that could sleep.
This patch changes allocation mode of netlink message from GFP_KERNEL
to GFP_ATOMIC in order to prevent sleep in atomic bug. The GFP_ATOMIC
flag makes memory allocation operation could be used in atomic context.
Fixes: 9674da8759 ("NFC: Add firmware upload netlink command")
Fixes: 9ea7187c53 ("NFC: netlink: Rename CMD_FW_UPLOAD to CMD_FW_DOWNLOAD")
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20220504055847.38026-1-duoming@zju.edu.cn
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit da5c0f119203ad9728920456a0f52a6d850c01cd upstream.
The device_is_registered() in nfc core is used to check whether
nfc device is registered in netlink related functions such as
nfc_fw_download(), nfc_dev_up() and so on. Although device_is_registered()
is protected by device_lock, there is still a race condition between
device_del() and device_is_registered(). The root cause is that
kobject_del() in device_del() is not protected by device_lock.
(cleanup task) | (netlink task)
|
nfc_unregister_device | nfc_fw_download
device_del | device_lock
... | if (!device_is_registered)//(1)
kobject_del//(2) | ...
... | device_unlock
The device_is_registered() returns the value of state_in_sysfs and
the state_in_sysfs is set to zero in kobject_del(). If we pass check in
position (1), then set zero in position (2). As a result, the check
in position (1) is useless.
This patch uses bool variable instead of device_is_registered() to judge
whether the nfc device is registered, which is well synchronized.
Fixes: 3e256b8f8d ("NFC: add nfc subsystem core")
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 72ed3ee9fa0b461ad086403a8b5336154bd82234 upstream.
As a carry over from the CAN_RAW socket (which allows to change the CAN
interface while mantaining the filter setup) the re-binding of the
CAN_ISOTP socket needs to take care about CAN ID address information and
subscriptions. It turned out that this feature is so limited (e.g. the
sockopts remain fix) that it finally has never been needed/used.
In opposite to the stateless CAN_RAW socket the switching of the CAN ID
subscriptions might additionally lead to an interrupted ongoing PDU
reception. So better remove this unneeded complexity.
Fixes: e057dd3fc2 ("can: add ISO 15765-2:2016 transport protocol")
Link: https://lore.kernel.org/all/20220422082337.1676-1-socketcan@hartkopp.net
Cc: stable@vger.kernel.org
Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Rameshkumar Sundaram