b3c3fc85c7
1593 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Greg Kroah-Hartman
|
a09603eb2f |
This is the 6.1.36 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmSb+ZMACgkQONu9yGCS
aT7qORAAmbYIAtIdWp+3wAM8g9TihQAeknz6f7Q8sxUB1EkZKJ9TgnFdR1IPPcBI
BWMUNutyUtHY90XTlZbVM04P070FafWjyT23+sdNG+pZGv+sOJkTHO6NgvkFlt0m
doOq9ojOe6hXS5oqK+8grfbwBG0VDUv7HHuUKsGBLhlDAHP58sVqtkrpiK2EiJpx
WGIR1t7gPd7jIxsnWTSurdjGfrAUw3SmE07K6sjwGgHsc2Mvd5vluQ+ljnmlz2qd
3WMyHymIhNP69/HY5Zz6sqCNGJ0eglp6IP8VPw9a7eGDu1UNp2Gu+P5ZB4FR7ABg
Rbsvrkr/08S9on0OSFiYJ11sfbzdIb4AfGdSHnUpeuqBp5ak1JS5jE6eSiy9YZU/
V9wDFdlDDwwORCWTMJzcTvhtlzWI+BkKq0bZEiYSxeCZ6m5RKi0i6X/lOPFt/ihA
PfEHGZVZ12atEEnYm5iich8Frqyp3nOYJKR972/zeKkkcWoYslFA6KuA3PA3eV7S
rdbz3hK6T3kZTe7FUvmghdi1lGgIKYy8IOiqY9tbMHWa3YQ7k5ZA2BZOiCEri0RF
tfzT1wI4DknbEXv5fs5PQ8c8eYMXaFKxdZ4+ndfB7f/jPn6IEK2xb5VtbnLe/NIE
qeRtanzccoKh8P7CmnwWqQ4CaqVeZTFrQ3jiadptSbpTnt3qzlM=
=oSd/
-----END PGP SIGNATURE-----
Merge 6.1.36 into android14-6.1-lts
Changes in 6.1.36
drm/amd/display: Use dc_update_planes_and_stream
drm/amd/display: Add wrapper to call planes and stream update
drm/amd/display: fix the system hang while disable PSR
tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms
tty: serial: fsl_lpuart: reduce RX watermark to 0 on LS1028A
ata: libata-scsi: Avoid deadlock on rescan after device resume
mm: Fix copy_from_user_nofault().
tpm, tpm_tis: Claim locality in interrupt handler
tpm_crb: Add support for CRB devices based on Pluton
ksmbd: validate command payload size
ksmbd: fix out-of-bound read in smb2_write
ksmbd: validate session id and tree id in the compound request
tick/common: Align tick period during sched_timer setup
selftests: mptcp: remove duplicated entries in usage
selftests: mptcp: join: fix ShellCheck warnings
selftests: mptcp: lib: skip if missing symbol
selftests: mptcp: connect: skip transp tests if not supported
selftests: mptcp: connect: skip disconnect tests if not supported
selftests: mptcp: pm nl: remove hardcoded default limits
selftests: mptcp: pm nl: skip fullmesh flag checks if not supported
selftests: mptcp: sockopt: relax expected returned size
selftests: mptcp: sockopt: skip getsockopt checks if not supported
selftests: mptcp: userspace pm: skip if 'ip' tool is unavailable
selftests: mptcp: userspace pm: skip if not supported
selftests: mptcp: lib: skip if not below kernel version
selftests: mptcp: join: use 'iptables-legacy' if available
selftests: mptcp: join: helpers to skip tests
selftests: mptcp: join: skip check if MIB counter not supported
selftests: mptcp: join: support local endpoint being tracked or not
selftests: mptcp: join: skip Fastclose tests if not supported
selftests: mptcp: join: support RM_ADDR for used endpoints or not
selftests: mptcp: join: skip implicit tests if not supported
selftests: mptcp: join: skip backup if set flag on ID not supported
selftests: mptcp: join: skip fullmesh flag tests if not supported
selftests: mptcp: join: skip MPC backups tests if not supported
selftests/mount_setattr: fix redefine struct mount_attr build error
selftests: mptcp: diag: skip listen tests if not supported
selftests: mptcp: sockopt: skip TCP_INQ checks if not supported
selftests: mptcp: join: skip test if iptables/tc cmds fail
selftests: mptcp: join: skip userspace PM tests if not supported
selftests: mptcp: join: skip fail tests if not supported
selftests: mptcp: join: fix "userspace pm add & remove address"
writeback: fix dereferencing NULL mapping->host on writeback_page_template
scripts: fix the gfp flags header path in gfp-translate
nilfs2: fix buffer corruption due to concurrent device reads
ACPI: sleep: Avoid breaking S3 wakeup due to might_sleep()
KVM: Avoid illegal stage2 mapping on invalid memory slot
Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails
Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs
PCI: hv: Fix a race condition bug in hv_pci_query_relations()
Revert "PCI: hv: Fix a timing issue which causes kdump to fail occasionally"
PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev
PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic
PCI: hv: Add a per-bus mutex state_lock
io_uring/net: clear msg_controllen on partial sendmsg retry
io_uring/net: disable partial retries for recvmsg with cmsg
mptcp: handle correctly disconnect() failures
mptcp: fix possible divide by zero in recvmsg()
mptcp: fix possible list corruption on passive MPJ
mptcp: consolidate fallback and non fallback state machine
cgroup: Do not corrupt task iteration when rebinding subsystem
cgroup,freezer: hold cpu_hotplug_lock before freezer_mutex in freezer_css_{online,offline}()
mmc: litex_mmc: set PROBE_PREFER_ASYNCHRONOUS
mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916
mmc: meson-gx: remove redundant mmc_request_done() call from irq context
mmc: mmci: stm32: fix max busy timeout calculation
mmc: sdhci-spear: fix deferred probing
mmc: bcm2835: fix deferred probing
mmc: sunxi: fix deferred probing
bpf: ensure main program has an extable
wifi: iwlwifi: pcie: Handle SO-F device for PCI id 0x7AF0
spi: spi-geni-qcom: correctly handle -EPROBE_DEFER from dma_request_chan()
regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK
regmap: spi-avmm: Fix regmap_bus max_raw_write
arm64: dts: rockchip: Fix rk356x PCIe register and range mappings
io_uring/poll: serialize poll linked timer start with poll removal
nilfs2: prevent general protection fault in nilfs_clear_dirty_page()
x86/mm: Avoid using set_pgd() outside of real PGD pages
memfd: check for non-NULL file_seals in memfd_create() syscall
mmc: meson-gx: fix deferred probing
ieee802154: hwsim: Fix possible memory leaks
xfrm: Treat already-verified secpath entries as optional
xfrm: interface: rename xfrm_interface.c to xfrm_interface_core.c
xfrm: Ensure policies always checked on XFRM-I input path
KVM: arm64: PMU: Restore the host's PMUSERENR_EL0
bpf: track immediate values written to stack by BPF_ST instruction
bpf: Fix verifier id tracking of scalars on spill
xfrm: fix inbound ipv4/udp/esp packets to UDPv6 dualstack sockets
bpf: Fix a bpf_jit_dump issue for x86_64 with sysctl bpf_jit_enable.
selftests: net: tls: check if FIPS mode is enabled
selftests: net: vrf-xfrm-tests: change authentication and encryption algos
selftests: net: fcnal-test: check if FIPS mode is enabled
xfrm: Linearize the skb after offloading if needed.
net/mlx5: DR, Fix wrong action data allocation in decap action
sfc: use budget for TX completions
net: qca_spi: Avoid high load if QCA7000 is not available
mmc: mtk-sd: fix deferred probing
mmc: mvsdio: fix deferred probing
mmc: omap: fix deferred probing
mmc: omap_hsmmc: fix deferred probing
mmc: owl: fix deferred probing
mmc: sdhci-acpi: fix deferred probing
mmc: sh_mmcif: fix deferred probing
mmc: usdhi60rol0: fix deferred probing
ipvs: align inner_mac_header for encapsulation
net: dsa: mt7530: fix trapping frames on non-MT7621 SoC MT7530 switch
net: dsa: mt7530: fix handling of BPDUs on MT7530 switch
net: dsa: mt7530: fix handling of LLDP frames
be2net: Extend xmit workaround to BE3 chip
netfilter: nf_tables: fix chain binding transaction logic
netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain
netfilter: nf_tables: drop map element references from preparation phase
netfilter: nft_set_pipapo: .walk does not deal with generations
netfilter: nf_tables: disallow element updates of bound anonymous sets
netfilter: nf_tables: reject unbound anonymous set before commit phase
netfilter: nf_tables: reject unbound chain set before commit phase
netfilter: nf_tables: disallow updates of anonymous sets
netfilter: nfnetlink_osf: fix module autoload
Revert "net: phy: dp83867: perform soft reset and retain established link"
bpf/btf: Accept function names that contain dots
bpf: Force kprobe multi expected_attach_type for kprobe_multi link
io_uring/net: use the correct msghdr union member in io_sendmsg_copy_hdr
selftests: forwarding: Fix race condition in mirror installation
platform/x86/amd/pmf: Register notify handler only if SPS is enabled
sch_netem: acquire qdisc lock in netem_change()
revert "net: align SO_RCVMARK required privileges with SO_MARK"
arm64: dts: rockchip: Enable GPU on SOQuartz CM4
arm64: dts: rockchip: fix nEXTRST on SOQuartz
gpiolib: Fix GPIO chip IRQ initialization restriction
gpio: sifive: add missing check for platform_get_irq
gpiolib: Fix irq_domain resource tracking for gpiochip_irqchip_add_domain()
scsi: target: iscsi: Prevent login threads from racing between each other
HID: wacom: Add error check to wacom_parse_and_register()
arm64: Add missing Set/Way CMO encodings
smb3: missing null check in SMB2_change_notify
media: cec: core: disable adapter in cec_devnode_unregister
media: cec: core: don't set last_initiator if tx in progress
nfcsim.c: Fix error checking for debugfs_create_dir
btrfs: fix an uninitialized variable warning in btrfs_log_inode
usb: gadget: udc: fix NULL dereference in remove()
nvme: double KA polling frequency to avoid KATO with TBKAS on
nvme: check IO start time when deciding to defer KA
nvme: improve handling of long keep alives
Input: soc_button_array - add invalid acpi_index DMI quirk handling
arm64: dts: qcom: sc7280-idp: drop incorrect dai-cells from WCD938x SDW
arm64: dts: qcom: sc7280-qcard: drop incorrect dai-cells from WCD938x SDW
s390/cio: unregister device when the only path is gone
spi: lpspi: disable lpspi module irq in DMA mode
ASoC: codecs: wcd938x-sdw: do not set can_multi_write flag
ASoC: simple-card: Add missing of_node_put() in case of error
soundwire: dmi-quirks: add new mapping for HP Spectre x360
soundwire: qcom: add proper error paths in qcom_swrm_startup()
ASoC: nau8824: Add quirk to active-high jack-detect
ASoC: amd: yc: Add Thinkpad Neo14 to quirks list for acp6x
gfs2: Don't get stuck writing page onto itself under direct I/O
s390/purgatory: disable branch profiling
ASoC: fsl_sai: Enable BCI bit if SAI works on synchronous mode with BYP asserted
ALSA: hda/realtek: Add "Intel Reference board" and "NUC 13" SSID in the ALC256
i2c: mchp-pci1xxxx: Avoid cast to incompatible function type
ARM: dts: Fix erroneous ADS touchscreen polarities
null_blk: Fix: memory release when memory_backed=1
drm/exynos: vidi: fix a wrong error return
drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl
drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl
vhost_vdpa: tell vqs about the negotiated
vhost_net: revert upend_idx only on retriable error
KVM: arm64: Restore GICv2-on-GICv3 functionality
x86/apic: Fix kernel panic when booting with intremap=off and x2apic_phys
i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle
smb: move client and server files to common directory fs/smb
Linux 6.1.36
Note, this "merges away" commit:
|
||
Benedict Wong
|
c803e91600 |
xfrm: Ensure policies always checked on XFRM-I input path
[ Upstream commit a287f5b0cfc6804c5b12a4be13c7c9fe27869e90 ]
This change adds methods in the XFRM-I input path that ensures that
policies are checked prior to processing of the subsequent decapsulated
packet, after which the relevant policies may no longer be resolvable
(due to changing src/dst/proto/etc).
Notably, raw ESP/AH packets did not perform policy checks inherently,
whereas all other encapsulated packets (UDP, TCP encapsulated) do policy
checks after calling xfrm_input handling in the respective encapsulation
layer.
Fixes: b0355dbbf13c ("Fix XFRM-I support for nested ESP tunnels")
Test: Verified with additional Android Kernel Unit tests
Test: Verified against Android CTS
Signed-off-by: Benedict Wong <benedictwong@google.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
Eyal Birger
|
94e81817f0 |
xfrm: interface: rename xfrm_interface.c to xfrm_interface_core.c
[ Upstream commit ee9a113ab63468137802898bcd2c598998c96938 ] This change allows adding additional files to the xfrm_interface module. Signed-off-by: Eyal Birger <eyal.birger@gmail.com> Link: https://lore.kernel.org/r/20221203084659.1837829-2-eyal.birger@gmail.com Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org> Stable-dep-of: a287f5b0cfc6 ("xfrm: Ensure policies always checked on XFRM-I input path") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Benedict Wong
|
8ea03341f7 |
xfrm: Treat already-verified secpath entries as optional
[ Upstream commit 1f8b6df6a997a430b0c48b504638154b520781ad ]
This change allows inbound traffic through nested IPsec tunnels to
successfully match policies and templates, while retaining the secpath
stack trace as necessary for netfilter policies.
Specifically, this patch marks secpath entries that have already matched
against a relevant policy as having been verified, allowing it to be
treated as optional and skipped after a tunnel decapsulation (during
which the src/dst/proto/etc may have changed, and the correct policy
chain no long be resolvable).
This approach is taken as opposed to the iteration in b0355dbbf13c,
where the secpath was cleared, since that breaks subsequent validations
that rely on the existence of the secpath entries (netfilter policies, or
transport-in-tunnel mode, where policies remain resolvable).
Fixes: b0355dbbf13c ("Fix XFRM-I support for nested ESP tunnels")
Test: Tested against Android Kernel Unit Tests
Test: Tested against Android CTS
Signed-off-by: Benedict Wong <benedictwong@google.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Greg Kroah-Hartman
|
26c1cc6858 |
This is the 6.1.30 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmRuPHsACgkQONu9yGCS
aT6USxAAx2uklTRE3mmIS9qytOjb8Z3gsA8LVaaQ3f25CWNiuverNj0mFyNtI9KX
84ZBS/G8aHA6z0dtdyMupHznHehQp7pVo0LOeVMz2bR+CjkpRQei2NimG8bGRcFK
W6c40w99lD9dYpaal3yajs+k+LF3BktmBNc0SynCjjyEy4YA5RbWOhtGX6P4VRqs
sPXcmmAHsqDPLfqsgsHiBNsiw+dCP7jY1a17rTxz1g49/4zS6BEGtxxpU4UZNbph
rKrX0sgF8UM15IfdFc0CiOXhAcL7QQfUbucJ/94180gclF4j6QqAMueAr6mLWkFd
Pj7vLn/KD2wA2dzTBekHZ9SYp31xcXomkzfdLoMMnazfy3RL4sO7WhJks0k0T2En
3LIlsRZx/C2ztf3SLq2z2Bw/ExaefrydLI9cWJBi7CQ5yUVO15edcv40W4pxoMOL
xFDZhCksC+JNc74HPYKTmg+SJQsxtYeLrwb6zW43aJByY+rls70crfhdS5fORvmH
G8qDS2PCNAqpulxyxQtYxiIcRiM4SqPskves+3nu7gBFGfsv2AJU1gNCorIpZuW8
DS2jrMwPv7gH+eUvqrnrtdA+Vk4TYWslg0mPlVNavX98i9/dC9Vjss3yXCYh7Q6u
0+BpSBLtKM4pahaMgKpYv/V/r+GKvIt7Npki8o/bs1nuykF04aw=
=hAQM
-----END PGP SIGNATURE-----
Merge 6.1.30 into android14-6.1-lts
Changes in 6.1.30
drm/fbdev-generic: prohibit potential out-of-bounds access
drm/mipi-dsi: Set the fwnode for mipi_dsi_device
ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings
net: skb_partial_csum_set() fix against transport header magic value
net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe()
scsi: ufs: core: Fix I/O hang that occurs when BKOPS fails in W-LUN suspend
tick/broadcast: Make broadcast device replacement work correctly
linux/dim: Do nothing if no time delta between samples
net: stmmac: Initialize MAC_ONEUS_TIC_COUNTER register
net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().
net: phy: bcm7xx: Correct read from expansion register
netfilter: nf_tables: always release netdev hooks from notifier
netfilter: conntrack: fix possible bug_on with enable_hooks=1
bonding: fix send_peer_notif overflow
netlink: annotate accesses to nlk->cb_running
net: annotate sk->sk_err write from do_recvmmsg()
net: deal with most data-races in sk_wait_event()
net: add vlan_get_protocol_and_depth() helper
tcp: add annotations around sk->sk_shutdown accesses
gve: Remove the code of clearing PBA bit
ipvlan:Fix out-of-bounds caused by unclear skb->cb
net: mscc: ocelot: fix stat counter register values
net: datagram: fix data-races in datagram_poll()
af_unix: Fix a data race of sk->sk_receive_queue->qlen.
af_unix: Fix data races around sk->sk_shutdown.
drm/i915/guc: Don't capture Gen8 regs on Xe devices
drm/i915: Fix NULL ptr deref by checking new_crtc_state
drm/i915/dp: prevent potential div-by-zero
drm/i915: Expand force_probe to block probe of devices as well.
drm/i915: taint kernel when force probing unsupported devices
fbdev: arcfb: Fix error handling in arcfb_probe()
ext4: reflect error codes from ext4_multi_mount_protect() to its callers
ext4: don't clear SB_RDONLY when remounting r/w until quota is re-enabled
ext4: allow to find by goal if EXT4_MB_HINT_GOAL_ONLY is set
ext4: allow ext4_get_group_info() to fail
refscale: Move shutdown from wait_event() to wait_event_idle()
selftests: cgroup: Add 'malloc' failures checks in test_memcontrol
rcu: Protect rcu_print_task_exp_stall() ->exp_tasks access
open: return EINVAL for O_DIRECTORY | O_CREAT
fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode()
drm/displayid: add displayid_get_header() and check bounds better
drm/amd/display: populate subvp cmd info only for the top pipe
drm/amd/display: Correct DML calculation to align HW formula
platform/x86: x86-android-tablets: Add Acer Iconia One 7 B1-750 data
drm/amd/display: Enable HostVM based on rIOMMU active
drm/amd/display: Use DC_LOG_DC in the trasform pixel function
regmap: cache: Return error in cache sync operations for REGCACHE_NONE
remoteproc: imx_dsp_rproc: Add custom memory copy implementation for i.MX DSP Cores
arm64: dts: qcom: msm8996: Add missing DWC3 quirks
media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish()
media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish
media: pvrusb2: VIDEO_PVRUSB2 depends on DVB_CORE to use dvb_* symbols
ACPI: processor: Check for null return of devm_kzalloc() in fch_misc_setup()
drm/rockchip: dw_hdmi: cleanup drm encoder during unbind
memstick: r592: Fix UAF bug in r592_remove due to race condition
arm64: dts: imx8mq-librem5: Remove dis_u3_susphy_quirk from usb_dwc3_0
firmware: arm_sdei: Fix sleep from invalid context BUG
ACPI: EC: Fix oops when removing custom query handlers
drm/amd/display: fixed dcn30+ underflow issue
remoteproc: stm32_rproc: Add mutex protection for workqueue
drm/tegra: Avoid potential 32-bit integer overflow
drm/msm/dp: Clean up handling of DP AUX interrupts
ACPICA: Avoid undefined behavior: applying zero offset to null pointer
ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects
arm64: dts: qcom: sdm845-polaris: Drop inexistent properties
irqchip/gicv3: Workaround for NVIDIA erratum T241-FABRIC-4
ACPI: video: Remove desktops without backlight DMI quirks
drm/amd/display: Correct DML calculation to follow HW SPEC
drm/amd: Fix an out of bounds error in BIOS parser
drm/amdgpu: Fix sdma v4 sw fini error
media: Prefer designated initializers over memset for subdev pad ops
media: mediatek: vcodec: Fix potential array out-of-bounds in decoder queue_setup
wifi: ath: Silence memcpy run-time false positive warning
bpf: Annotate data races in bpf_local_storage
wifi: brcmfmac: pcie: Provide a buffer of random bytes to the device
wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex
ext2: Check block size validity during mount
scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow
scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery
bnxt: avoid overflow in bnxt_get_nvram_directory()
net: pasemi: Fix return type of pasemi_mac_start_tx()
net: Catch invalid index in XPS mapping
netdev: Enforce index cap in netdev_get_tx_queue
scsi: target: iscsit: Free cmds before session free
lib: cpu_rmap: Avoid use after free on rmap->obj array entries
scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition
gfs2: Fix inode height consistency check
scsi: ufs: ufs-pci: Add support for Intel Lunar Lake
ext4: set goal start correctly in ext4_mb_normalize_request
ext4: Fix best extent lstart adjustment logic in ext4_mb_new_inode_pa()
crypto: jitter - permanent and intermittent health errors
f2fs: Fix system crash due to lack of free space in LFS
f2fs: fix to drop all dirty pages during umount() if cp_error is set
f2fs: fix to check readonly condition correctly
samples/bpf: Fix fout leak in hbm's run_bpf_prog
bpf: Add preempt_count_{sub,add} into btf id deny list
md: fix soft lockup in status_resync
wifi: iwlwifi: pcie: fix possible NULL pointer dereference
wifi: iwlwifi: add a new PCI device ID for BZ device
wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf
wifi: iwlwifi: mvm: fix ptk_pn memory leak
block, bfq: Fix division by zero error on zero wsum
wifi: ath11k: Ignore frags from uninitialized peer in dp.
wifi: iwlwifi: fix iwl_mvm_max_amsdu_size() for MLO
null_blk: Always check queue mode setting from configfs
wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace
wifi: ath11k: Fix SKB corruption in REO destination ring
nbd: fix incomplete validation of ioctl arg
ipvs: Update width of source for ip_vs_sync_conn_options
Bluetooth: btusb: Add new PID/VID 04ca:3801 for MT7663
Bluetooth: Add new quirk for broken local ext features page 2
Bluetooth: btrtl: add support for the RTL8723CS
Bluetooth: Improve support for Actions Semi ATS2851 based devices
Bluetooth: btrtl: check for NULL in btrtl_set_quirks()
Bluetooth: btintel: Add LE States quirk support
Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set
Bluetooth: Add new quirk for broken set random RPA timeout for ATS2851
Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp
Bluetooth: btrtl: Add the support for RTL8851B
staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE
HID: apple: Set the tilde quirk flag on the Geyser 4 and later
staging: axis-fifo: initialize timeouts in init only
ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A42)
HID: logitech-hidpp: Don't use the USB serial for USB devices
HID: logitech-hidpp: Reconcile USB and Unifying serials
spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3
usb: typec: ucsi: acpi: add quirk for ASUS Zenbook UM325
ALSA: hda: LNL: add HD Audio PCI ID
ASoC: amd: Add Dell G15 5525 to quirks list
ASoC: amd: yc: Add ThinkBook 14 G5+ ARP to quirks list for acp6x
HID: apple: Set the tilde quirk flag on the Geyser 3
HID: Ignore battery for ELAN touchscreen on ROG Flow X13 GV301RA
HID: wacom: generic: Set battery quirk only when we see battery data
usb: typec: tcpm: fix multiple times discover svids error
serial: 8250: Reinit port->pm on port specific driver unbind
mcb-pci: Reallocate memory region to avoid memory overlapping
sched: Fix KCSAN noinstr violation
lkdtm/stackleak: Fix noinstr violation
recordmcount: Fix memory leaks in the uwrite function
soundwire: dmi-quirks: add remapping for Intel 'Rooks County' NUC M15
phy: st: miphy28lp: use _poll_timeout functions for waits
soundwire: qcom: gracefully handle too many ports in DT
soundwire: bus: Fix unbalanced pm_runtime_put() causing usage count underflow
mfd: intel_soc_pmic_chtwc: Add Lenovo Yoga Book X90F to intel_cht_wc_models
mfd: dln2: Fix memory leak in dln2_probe()
mfd: intel-lpss: Add Intel Meteor Lake PCH-S LPSS PCI IDs
parisc: Replace regular spinlock with spin_trylock on panic path
platform/x86: Move existing HP drivers to a new hp subdir
platform/x86: hp-wmi: add micmute to hp_wmi_keymap struct
drm/amdgpu: drop gfx_v11_0_cp_ecc_error_irq_funcs
xfrm: don't check the default policy if the policy allows the packet
Revert "Fix XFRM-I support for nested ESP tunnels"
drm/msm/dp: unregister audio driver during unbind
drm/msm/dpu: Assign missing writeback log_mask
drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio header
drm/msm/dpu: Remove duplicate register defines from INTF
dt-bindings: display/msm: dsi-controller-main: Document qcom, master-dsi and qcom, sync-dual-dsi
platform: Provide a remove callback that returns no value
ASoC: fsl_micfil: Fix error handler with pm_runtime_enable
cpupower: Make TSC read per CPU for Mperf monitor
xfrm: Reject optional tunnel/BEET mode templates in outbound policies
af_key: Reject optional tunnel/BEET mode templates in outbound policies
drm/msm: Fix submit error-path leaks
selftests: seg6: disable DAD on IPv6 router cfg for srv6_end_dt4_l3vpn_test
selftets: seg6: disable rp_filter by default in srv6_end_dt4_l3vpn_test
net: fec: Better handle pm_runtime_get() failing in .remove()
net: phy: dp83867: add w/a for packet errors seen with short cables
ALSA: firewire-digi00x: prevent potential use after free
wifi: mt76: connac: fix stats->tx_bytes calculation
ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15
sfc: disable RXFCS and RXALL features by default
vsock: avoid to close connected socket after the timeout
tcp: fix possible sk_priority leak in tcp_v4_send_reset()
serial: arc_uart: fix of_iomap leak in `arc_serial_probe`
serial: 8250_bcm7271: balance clk_enable calls
serial: 8250_bcm7271: fix leak in `brcmuart_probe`
erspan: get the proto with the md version for collect_md
net: dsa: rzn1-a5psw: enable management frames for CPU port
net: dsa: rzn1-a5psw: fix STP states handling
net: dsa: rzn1-a5psw: disable learning for standalone ports
net: hns3: fix output information incomplete for dumping tx queue info with debugfs
net: hns3: fix sending pfc frames after reset issue
net: hns3: fix reset delay time to avoid configuration timeout
net: hns3: fix reset timeout when enable full VF
media: netup_unidvb: fix use-after-free at del_timer()
SUNRPC: double free xprt_ctxt while still in use
SUNRPC: always free ctxt when freeing deferred request
SUNRPC: Fix trace_svc_register() call site
ASoC: mediatek: mt8186: Fix use-after-free in driver remove path
ASoC: SOF: topology: Fix logic for copying tuples
drm/exynos: fix g2d_open/close helper function definitions
net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment()
virtio-net: Maintain reverse cleanup order
virtio_net: Fix error unwinding of XDP initialization
tipc: add tipc_bearer_min_mtu to calculate min mtu
tipc: do not update mtu if msg_max is too small in mtu negotiation
tipc: check the bearer min mtu properly when setting it by netlink
s390/cio: include subchannels without devices also for evaluation
can: dev: fix missing CAN XL support in can_put_echo_skb()
net: bcmgenet: Remove phy_stop() from bcmgenet_netif_stop()
net: bcmgenet: Restore phy_stop() depending upon suspend/close
ice: introduce clear_reset_state operation
ice: Fix ice VF reset during iavf initialization
wifi: cfg80211: Drop entries with invalid BSSIDs in RNR
wifi: mac80211: fortify the spinlock against deadlock by interrupt
wifi: mac80211: fix min center freq offset tracing
wifi: mac80211: Abort running color change when stopping the AP
wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock
wifi: iwlwifi: fw: fix DBGI dump
wifi: iwlwifi: fix OEM's name in the ppag approved list
wifi: iwlwifi: mvm: fix OEM's name in the tas approved list
wifi: iwlwifi: mvm: don't trust firmware n_channels
scsi: storvsc: Don't pass unused PFNs to Hyper-V host
net: tun: rebuild error handling in tun_get_user
tun: Fix memory leak for detached NAPI queue.
cassini: Fix a memory leak in the error handling path of cas_init_one()
net: dsa: mv88e6xxx: Fix mv88e6393x EPC write command offset
igb: fix bit_shift to be in [1..8] range
vlan: fix a potential uninit-value in vlan_dev_hard_start_xmit()
net: wwan: iosm: fix NULL pointer dereference when removing device
net: pcs: xpcs: fix C73 AN not getting enabled
net: selftests: Fix optstring
netfilter: nf_tables: fix nft_trans type confusion
netfilter: nft_set_rbtree: fix null deref on element insertion
bridge: always declare tunnel functions
ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go
USB: usbtmc: Fix direction for 0-length ioctl control messages
usb-storage: fix deadlock when a scsi command timeouts more than once
USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value
usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume()
usb: dwc3: debugfs: Resume dwc3 before accessing registers
usb: gadget: u_ether: Fix host MAC address case
usb: typec: altmodes/displayport: fix pin_assignment_show
Revert "usb: gadget: udc: core: Prevent redundant calls to pullup"
Revert "usb: gadget: udc: core: Invoke usb_gadget_connect only when started"
xhci-pci: Only run d3cold avoidance quirk for s2idle
xhci: Fix incorrect tracking of free space on transfer rings
ALSA: hda: Fix Oops by 9.1 surround channel names
ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table
ALSA: hda/realtek: Add quirk for Clevo L140AU
ALSA: hda/realtek: Add a quirk for HP EliteDesk 805
ALSA: hda/realtek: Add quirk for 2nd ASUS GU603
ALSA: hda/realtek: Add quirk for HP EliteBook G10 laptops
ALSA: hda/realtek: Fix mute and micmute LEDs for yet another HP laptop
can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag
can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag
can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop()
can: kvaser_pciefd: Call request_irq() before enabling interrupts
can: kvaser_pciefd: Empty SRB buffer in probe
can: kvaser_pciefd: Clear listen-only bit if not explicitly requested
can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt
can: kvaser_pciefd: Disable interrupts in probe error path
wifi: rtw88: use work to update rate to avoid RCU warning
SMB3: Close all deferred handles of inode in case of handle lease break
SMB3: drop reference to cfile before sending oplock break
ksmbd: smb2: Allow messages padded to 8byte boundary
ksmbd: allocate one more byte for implied bcc[0]
ksmbd: fix wrong UserName check in session_user
ksmbd: fix global-out-of-bounds in smb2_find_context_vals
KVM: Fix vcpu_array[0] races
statfs: enforce statfs[64] structure initialization
maple_tree: make maple state reusable after mas_empty_area()
mm: fix zswap writeback race condition
serial: Add support for Advantech PCI-1611U card
serial: 8250_exar: Add support for USR298x PCI Modems
serial: qcom-geni: fix enabling deactivated interrupt
thunderbolt: Clear registers properly when auto clear isn't in use
vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF
ceph: force updating the msg pointer in non-split case
drm/amd/pm: fix possible power mode mismatch between driver and PMFW
drm/amdgpu/gmc11: implement get_vbios_fb_size()
drm/amdgpu/gfx10: Disable gfxoff before disabling powergating.
drm/amdgpu/gfx11: Adjust gfxoff before powergating on gfx11 as well
drm/amdgpu: refine get gpu clock counter method
drm/amdgpu/gfx11: update gpu_clock_counter logic
dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries
powerpc/iommu: DMA address offset is incorrectly calculated with 2MB TCEs
powerpc/iommu: Incorrect DDW Table is referenced for SR-IOV device
tpm/tpm_tis: Disable interrupts for more Lenovo devices
powerpc/64s/radix: Fix soft dirty tracking
nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode()
s390/dasd: fix command reject error on ESE devices
s390/crypto: use vector instructions only if available for ChaCha20
s390/qdio: fix do_sqbs() inline assembly constraint
arm64: mte: Do not set PG_mte_tagged if tags were not initialized
rethook: use preempt_{disable, enable}_notrace in rethook_trampoline_handler
rethook, fprobe: do not trace rethook related functions
remoteproc: imx_dsp_rproc: Fix kernel test robot sparse warning
crypto: testmgr - fix RNG performance in fuzz tests
drm/amdgpu: declare firmware for new MES 11.0.4
drm/amd/amdgpu: introduce gc_*_mes_2.bin v2
drm/amdgpu: reserve the old gc_11_0_*_mes.bin
Linux 6.1.30
Change-Id: I411885affcf017410aab34bf3fba2dde96df6593
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Benedict Wong
|
f6d2aa322c |
xfrm: Check if_id in inbound policy/secpath match
[ Upstream commit 8680407b6f8f5fba59e8f1d63c869abc280f04df ] This change ensures that if configured in the policy, the if_id set in the policy and secpath states match during the inbound policy check. Without this, there is potential for ambiguity where entries in the secpath differing by only the if_id could be mismatched. Notably, this is checked in the outbound direction when resolving templates to SAs, but not on the inbound path when matching SAs and policies. Test: Tested against Android kernel unit tests & CTS Signed-off-by: Benedict Wong <benedictwong@google.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Tobias Brunner
|
e5a0b280b0 |
xfrm: Reject optional tunnel/BEET mode templates in outbound policies
[ Upstream commit 3d776e31c841ba2f69895d2255a49320bec7cea6 ]
xfrm_state_find() uses `encap_family` of the current template with
the passed local and remote addresses to find a matching state.
If an optional tunnel or BEET mode template is skipped in a mixed-family
scenario, there could be a mismatch causing an out-of-bounds read as
the addresses were not replaced to match the family of the next template.
While there are theoretical use cases for optional templates in outbound
policies, the only practical one is to skip IPComp states in inbound
policies if uncompressed packets are received that are handled by an
implicitly created IPIP state instead.
Fixes:
|
||
Martin Willi
|
6867c4b5db |
Revert "Fix XFRM-I support for nested ESP tunnels"
[ Upstream commit 5fc46f94219d1d103ffb5f0832be9da674d85a73 ]
This reverts commit b0355dbbf13c0052931dd14c38c789efed64d3de.
The reverted commit clears the secpath on packets received via xfrm interfaces
to support nested IPsec tunnels. This breaks Netfilter policy matching using
xt_policy in the FORWARD chain, as the secpath is missing during forwarding.
Additionally, Benedict Wong reports that it breaks Transport-in-Tunnel mode.
Fix this regression by reverting the commit until we have a better approach
for nested IPsec tunnels.
Fixes: b0355dbbf13c ("Fix XFRM-I support for nested ESP tunnels")
Link: https://lore.kernel.org/netdev/20230412085615.124791-1-martin@strongswan.org/
Signed-off-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
Sabrina Dubroca
|
070d0047c6 |
xfrm: don't check the default policy if the policy allows the packet
[ Upstream commit 430cac487400494c19a8b85299e979bb07b4671f ]
The current code doesn't let a simple "allow" policy counteract a
default policy blocking all incoming packets:
ip x p setdefault in block
ip x p a src 192.168.2.1/32 dst 192.168.2.2/32 dir in action allow
At this stage, we have an allow policy (with or without transforms)
for this packet. It doesn't matter what the default policy says, since
the policy we looked up lets the packet through. The case of a
blocking policy is already handled separately, so we can remove this
check.
Fixes:
|
||
|
Benedict Wong
|
952048f512 |
FROMGIT: xfrm: Check if_id in inbound policy/secpath match
This change ensures that if configured in the policy, the if_id set in the policy and secpath states match during the inbound policy check. Without this, there is potential for ambiguity where entries in the secpath differing by only the if_id could be mismatched. Notably, this is checked in the outbound direction when resolving templates to SAs, but not on the inbound path when matching SAs and policies. Test: Tested against Android kernel unit tests & CTS Signed-off-by: Benedict Wong <benedictwong@google.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Bug: 279217934 (cherry picked from commit 8680407b6f8f5fba59e8f1d63c869abc280f04df https://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec.git master) Change-Id: Ibb97561eaf1a99b7ad239d4d4860bfe5b0ac20ea Signed-off-by: Carlos Llamas <cmllamas@google.com> |
||
|
Benedict Wong
|
a705bf779b |
FROMLIST: xfrm: Skip checking of already-verified secpath entries
This change fixes a bug where inbound packets to nested IPsec tunnels
fails to pass policy checks due to the inner tunnel's policy checks
not having a reference to the outer policy/template. This causes the
policy check to fail, since the first entries in the secpath correlate
to the outer tunnel, while the templates being verified are for the
inner tunnel.
In order to ensure that the appropriate policy and template context is
searchable, the policy checks must be done incrementally between each
decryption step. As such, this marks secpath entries as having been
successfully matched, skipping them (treating as optional) on subsequent
policy checks
By skipping the immediate error return in the case where the secpath
entry had previously been validated, this change allows secpath entries
that matched a policy/template previously, while still requiring that
each searched template find a match in the secpath.
For security:
- All templates must have matching secpath entries
- Unchanged by current patch; templates that do not match any secpath
entry still return -1. This patch simply allows skipping earlier
blocks of verified secpath entries
- All entries (except trailing transport mode entries) must have a
matching template
- Unvalidated entries, including transport-mode entries still return
the errored index if it does not match the correct template.
Bug: 236423446
Bug: 277711867
Test: Tested against Android Kernel Unit Tests
Link: https://lore.kernel.org/netdev/20220824221252.4130836-2-benedictwong@google.com/
[benedictwong: fixed minor style issues]
Signed-off-by: Benedict Wong <benedictwong@google.com>
Change-Id: Ic32831cb00151d0de2e465f18ec37d5f7b680e54
(cherry picked from commit 970e02667c9689f2fe6ceccfd80596c4b8a368a4)
|
||
Kelvin Zhang
|
f2aef35478 |
Revert "Fix XFRM-I support for nested ESP tunnels"
This reverts commit |
||
|
Benedict Wong
|
0ddcb394f5 |
FROMLIST: xfrm: Ensure policy checked for nested ESP tunnels
This change ensures that all nested XFRM packets have their policy checked before decryption of the next layer, so that policies are verified at each intermediate step of the decryption process. Notably, raw ESP/AH packets do not perform policy checks inherently, whereas all other encapsulated packets (UDP, TCP encapsulated) do policy checks after calling xfrm_input handling in the respective encapsulation layer. This is necessary especially for nested tunnels, as the IP addresses, protocol and ports may all change, thus not matching the previous policies. In order to ensure that packets match the relevant inbound templates, the xfrm_policy_check should be done before handing off to the inner XFRM protocol to decrypt and decapsulate. In order to prevent double-checking packets both here and in the encapsulation layers, this check is currently limited to nested tunnel-mode transforms and checked prior to decapsulation of inner tunnel layers (prior to hitting a nested tunnel's xfrm_input, there is no great way to detect a nested tunnel). This is primarily a performance consideration, as a general blanket check at the end of xfrm_input would suffice, but may result in multiple policy checks. Bug: 236423446 Bug: 277711867 Test: Tested against Android Kernel Unit Tests Link: https://lore.kernel.org/netdev/20220824221252.4130836-3-benedictwong@google.com/ Signed-off-by: Benedict Wong <benedictwong@google.com> Change-Id: I20c5abf39512d7f6cf438c0921a78a84e281b4e9 (cherry picked from commit b5bf2997c3438528631ce0e945884927fbe751ae) |
||
|
Greg Kroah-Hartman
|
a0f3313ef9 |
This is the 6.1.23 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmQumsIACgkQONu9yGCS aT4yfBAAwaDPXomEa+DY6pkQEE7WPVtIkeO+sQIo7bWHunTDilTLRFeDUJ4THydT CnhhlGsBUt8KGeWgSR6hHeTl/c+b+AcBan5k5BBufUGrsDn/XV8QIEyKWhbLIEja qWehpogs7BJLg2dFRqTfHQEOhLht1jCmC99tfEozEG4zRudmdS3Z2DbRypfEHshc oGOC1Jzg4MLPfB+lCwKNrVMBlR2n/73P7mTUCu/Dc9+DUbm+GtqvsPuGT2LxVyY7 kkNgGzvdxQQCqtK5X6zyoU61gepsobf6c6kHjBucn8mhaYURT5ndfV9VqLWkDYE7 71iH0oY5fg2NgbMtQpbA10MokjijFp46I4QxzG/RVl2ZN2pbCFNm5aNIBCwBbF2k lN6hwJc1nbTi696o29o1osm+yju3347HCAWC8s+DAszXiquihiUeJBwuCfa1c+Gy GhdATa3nNQ/8D0gWULr/kl7DvlgpSpYrbEQGVG2gH6tdsAZt2iKYUtGLFjvDN+fw CoMpq2OZTX5afM7AxTX00f5lGmbXhD+T9a+pS9AXhPqKcGv1tt0Gso8dn7cpWpj5 LxhIE9dK5F1/tI+wPE+8t80CukqQHfoCQ24YO8mfUKmlInwjGd1Hque+ihKJo7ZW W5CXlZJJVvpVk9BxMNaYHKfSE+U6G7hYabEAzJXR3fz9vGfoTII= =rz/i -----END PGP SIGNATURE----- Merge 6.1.23 into android14-6.1 Changes in 6.1.23 thunderbolt: Limit USB3 bandwidth of certain Intel USB4 host routers cifs: update ip_addr for ses only for primary chan setup cifs: prevent data race in cifs_reconnect_tcon() cifs: avoid race conditions with parallel reconnects zonefs: Reorganize code zonefs: Simplify IO error handling zonefs: Reduce struct zonefs_inode_info size zonefs: Separate zone information from inode information zonefs: Fix error message in zonefs_file_dio_append() fsverity: don't drop pagecache at end of FS_IOC_ENABLE_VERITY kernel: kcsan: kcsan_test: build without structleak plugin kcsan: avoid passing -g for test btrfs: rename BTRFS_FS_NO_OVERCOMMIT to BTRFS_FS_ACTIVE_ZONE_TRACKING btrfs: zoned: count fresh BG region as zone unusable net: ethernet: ti: am65-cpsw/cpts: Fix CPTS release action riscv: ftrace: Fixup panic by disabling preemption ARM: dts: aspeed: p10bmc: Update battery node name drm/msm/dpu: Refactor sc7280_pp location drm/msm/dpu: correct sm8250 and sm8350 scaler drm/msm/disp/dpu: fix sc7280_pp base offset tty: serial: fsl_lpuart: switch to new dmaengine_terminate_* API tty: serial: fsl_lpuart: fix race on RX DMA shutdown tracing: Add .percent suffix option to histogram values tracing: Add .graph suffix option to histogram value tracing: Do not let histogram values have some modifiers net: mscc: ocelot: fix stats region batching arm64: efi: Set NX compat flag in PE/COFF header cifs: fix missing unload_nls() in smb2_reconnect() xfrm: Zero padding when dumping algos and encap ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds ASoC: Intel: avs: max98357a: Explicitly define codec format ASoC: Intel: avs: da7219: Explicitly define codec format ASoC: Intel: avs: ssm4567: Remove nau8825 bits ASoC: Intel: avs: nau8825: Adjust clock control zstd: Fix definition of assert() ACPI: video: Add backlight=native DMI quirk for Dell Vostro 15 3535 ASoC: SOF: ipc3: Check for upper size limit for the received message ASoC: SOF: ipc4-topology: Fix incorrect sample rate print unit ASoC: SOF: Intel: pci-tng: revert invalid bar size setting ASoC: SOF: IPC4: update gain ipc msg definition to align with fw md: avoid signed overflow in slot_store() x86/PVH: obtain VGA console info in Dom0 drm/amdkfd: Fix BO offset for multi-VMA page migration drm/amdkfd: fix a potential double free in pqm_create_queue drm/amdkfd: fix potential kgd_mem UAFs net: hsr: Don't log netdev_err message on unknown prp dst node ALSA: asihpi: check pao in control_message() ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() fbdev: tgafb: Fix potential divide by zero ACPI: tools: pfrut: Check if the input of level and type is in the right numeric range sched_getaffinity: don't assume 'cpumask_size()' is fully initialized nvme-pci: add NVME_QUIRK_BOGUS_NID for Lexar NM620 drm/amdkfd: Fixed kfd_process cleanup on module exit. net/mlx5e: Lower maximum allowed MTU in XSK to match XDP prerequisites fbdev: nvidia: Fix potential divide by zero fbdev: intelfb: Fix potential divide by zero fbdev: lxfb: Fix potential divide by zero fbdev: au1200fb: Fix potential divide by zero tools/power turbostat: Fix /dev/cpu_dma_latency warnings tools/power turbostat: fix decoding of HWP_STATUS tracing: Fix wrong return in kprobe_event_gen_test.c btrfs: fix uninitialized variable warning in btrfs_update_block_group btrfs: use temporary variable for space_info in btrfs_update_block_group mtd: rawnand: meson: initialize struct with zeroes mtd: nand: mxic-ecc: Fix mxic_ecc_data_xfer_wait_for_completion() when irq is used ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() riscv/kvm: Fix VM hang in case of timer delta being zero. mips: bmips: BCM6358: disable RAC flush for TP1 ALSA: usb-audio: Fix recursive locking at XRUN during syncing PCI: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled platform/x86: think-lmi: add missing type attribute platform/x86: think-lmi: use correct possible_values delimiters platform/x86: think-lmi: only display possible_values if available platform/x86: think-lmi: Add possible_values for ThinkStation platform/surface: aggregator: Add missing fwnode_handle_put() mtd: rawnand: meson: invalidate cache on polling ECC bit SUNRPC: fix shutdown of NFS TCP client socket sfc: ef10: don't overwrite offload features at NIC reset scsi: megaraid_sas: Fix crash after a double completion scsi: mpt3sas: Don't print sense pool info twice net: dsa: realtek: fix out-of-bounds access ptp_qoriq: fix memory leak in probe() net: dsa: microchip: ksz8: fix ksz8_fdb_dump() net: dsa: microchip: ksz8: fix ksz8_fdb_dump() to extract all 1024 entries net: dsa: microchip: ksz8: fix offset for the timestamp filed net: dsa: microchip: ksz8: ksz8_fdb_dump: avoid extracting ghost entry from empty dynamic MAC table. net: dsa: microchip: ksz8863_smi: fix bulk access net: dsa: microchip: ksz8: fix MDB configuration with non-zero VID r8169: fix RTL8168H and RTL8107E rx crc error regulator: Handle deferred clk net/net_failover: fix txq exceeding warning net: stmmac: don't reject VLANs when IFF_PROMISC is set drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write s390/vfio-ap: fix memory leak in vfio_ap device driver ACPI: bus: Rework system-level device notification handling loop: LOOP_CONFIGURE: send uevents for partitions net: mvpp2: classifier flow fix fragmentation flags net: mvpp2: parser fix QinQ net: mvpp2: parser fix PPPoE smsc911x: avoid PHY being resumed when interface is not up ice: Fix ice_cfg_rdma_fltr() to only update relevant fields ice: add profile conflict check for AVF FDIR ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() ALSA: ymfpci: Create card with device-managed snd_devm_card_new() ALSA: ymfpci: Fix BUG_ON in probe function net: ipa: compute DMA pool size properly i40e: fix registers dump after run ethtool adapter self test bnxt_en: Fix reporting of test result in ethtool selftest bnxt_en: Fix typo in PCI id to device description string mapping bnxt_en: Add missing 200G link speed reporting net: dsa: mv88e6xxx: Enable IGMP snooping on user ports only net: ethernet: mtk_eth_soc: fix flow block refcounting logic net: ethernet: mtk_eth_soc: add missing ppe cache flush when deleting a flow pinctrl: ocelot: Fix alt mode for ocelot Input: xpad - fix incorrectly applied patch for MAP_PROFILE_BUTTON iommu/vt-d: Allow zero SAGAW if second-stage not supported Input: i8042 - add TUXEDO devices to i8042 quirk tables for partial fix Input: alps - fix compatibility with -funsigned-char Input: focaltech - use explicitly signed char type cifs: prevent infinite recursion in CIFSGetDFSRefer() cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL Input: i8042 - add quirk for Fujitsu Lifebook A574/H Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table btrfs: fix deadlock when aborting transaction during relocation with scrub btrfs: fix race between quota disable and quota assign ioctls btrfs: scan device in non-exclusive mode zonefs: Do not propagate iomap_dio_rw() ENOTBLK error to user space block/io_uring: pass in issue_flags for uring_cmd task_work handling io_uring/poll: clear single/double poll flags on poll arming io_uring/rsrc: fix rogue rsrc node grabbing io_uring: fix poll/netmsg alloc caches vmxnet3: use gro callback when UPT is enabled zonefs: Always invalidate last cached page on append write dm: fix __send_duplicate_bios() to always allow for splitting IO can: j1939: prevent deadlock by moving j1939_sk_errqueue() xen/netback: don't do grant copy across page boundary net: phy: dp83869: fix default value for tx-/rx-internal-delay modpost: Fix processing of CRCs on 32-bit build machines pinctrl: amd: Disable and mask interrupts on resume pinctrl: at91-pio4: fix domain name assignment platform/x86: ideapad-laptop: Stop sending KEY_TOUCHPAD_TOGGLE powerpc: Don't try to copy PPR for task with NULL pt_regs powerpc/pseries/vas: Ignore VAS update for DLPAR if copy/paste is not enabled powerpc/64s: Fix __pte_needs_flush() false positive warning NFSv4: Fix hangs when recovering open state after a server reboot ALSA: hda/conexant: Partial revert of a quirk for Lenovo ALSA: usb-audio: Fix regression on detection of Roland VS-100 ALSA: hda/realtek: Add quirks for some Clevo laptops ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z xtensa: fix KASAN report for show_stack rcu: Fix rcu_torture_read ftrace event dt-bindings: mtd: jedec,spi-nor: Document CPOL/CPHA support s390/uaccess: add missing earlyclobber annotations to __clear_user() s390: reintroduce expoline dependence to scripts drm/etnaviv: fix reference leak when mmaping imported buffer drm/amdgpu: allow more APUs to do mode2 reset when go to S4 drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub drm/amd/display: Take FEC Overhead into Timeslot Calculation drm/i915/gem: Flush lmem contents after construction drm/i915/dpt: Treat the DPT BO as a framebuffer drm/i915: Disable DC states for all commits drm/i915: Move CSC load back into .color_commit_arm() when PSR is enabled on skl/glk KVM: arm64: PMU: Fix GET_ONE_REG for vPMC regs to return the current value KVM: arm64: Disable interrupts while walking userspace PTs net: dsa: mv88e6xxx: read FID when handling ATU violations net: dsa: mv88e6xxx: replace ATU violation prints with trace points net: dsa: mv88e6xxx: replace VTU violation prints with trace points selftests/bpf: Test btf dump for struct with padding only fields libbpf: Fix BTF-to-C converter's padding logic selftests/bpf: Add few corner cases to test padding handling of btf_dump libbpf: Fix btf_dump's packed struct determination usb: ucsi: Fix ucsi->connector race drm/amdkfd: Get prange->offset after svm_range_vram_node_new hsr: ratelimit only when errors are printed x86/PVH: avoid 32-bit build warning when obtaining VGA console info Revert "cpuidle, intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE *again*" Linux 6.1.23 Change-Id: I15af3697170567c4678bcc9c2380d80e7cef5bc9 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Herbert Xu
|
5218af4ad5 |
xfrm: Zero padding when dumping algos and encap
[ Upstream commit 8222d5910dae08213b6d9d4bc9a7f8502855e624 ] When copying data to user-space we should ensure that only valid data is copied over. Padding in structures may be filled with random (possibly sensitve) data and should never be given directly to user-space. This patch fixes the copying of xfrm algorithms and the encap template in xfrm_user so that padding is zeroed. Reported-by: syzbot+fa5414772d5c445dac3c@syzkaller.appspotmail.com Reported-by: Hyunwoo Kim <v4bel@theori.io> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Reviewed-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
d14ac9ddc6 |
Merge 6.1.21 into android14-6.1
Changes in 6.1.21
xfrm: Allow transport-mode states with AF_UNSPEC selector
drm/virtio: Pass correct device to dma_sync_sgtable_for_device()
drm/msm/gem: Prevent blocking within shrinker loop
drm/panfrost: Don't sync rpm suspension after mmu flushing
fbdev: chipsfb: Fix error codes in chipsfb_pci_init()
cifs: Move the in_send statistic to __smb_send_rqst()
drm/meson: fix 1px pink line on GXM when scaling video overlay
clk: HI655X: select REGMAP instead of depending on it
ASoC: SOF: Intel: MTL: Fix the device description
ASoC: SOF: Intel: HDA: Fix device description
ASoC: SOF: Intel: SKL: Fix device description
ASOC: SOF: Intel: pci-tgl: Fix device description
ASoC: SOF: ipc4-topology: set dmic dai index from copier
docs: Correct missing "d_" prefix for dentry_operations member d_weak_revalidate
scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add()
scsi: mpi3mr: Fix throttle_groups memory leak
scsi: mpi3mr: Fix config page DMA memory leak
scsi: mpi3mr: Fix mpi3mr_hba_port memory leak in mpi3mr_remove()
scsi: mpi3mr: Fix sas_hba.phy memory leak in mpi3mr_remove()
scsi: mpi3mr: Return proper values for failures in firmware init path
scsi: mpi3mr: Fix memory leaks in mpi3mr_init_ioc()
scsi: mpi3mr: ioctl timeout when disabling/enabling interrupt
scsi: mpi3mr: Fix expander node leak in mpi3mr_remove()
ALSA: hda: Match only Intel devices with CONTROLLER_IN_GPU()
netfilter: nft_nat: correct length for loading protocol registers
netfilter: nft_masq: correct length for loading protocol registers
netfilter: nft_redir: correct length for loading protocol registers
netfilter: nft_redir: correct value of inet type `.maxattrs`
scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD
scsi: core: Fix a procfs host directory removal regression
ftrace,kcfi: Define ftrace_stub_graph conditionally
tcp: tcp_make_synack() can be called from process context
vdpa/mlx5: should not activate virtq object when suspended
wifi: nl80211: fix NULL-ptr deref in offchan check
wifi: cfg80211: fix MLO connection ownership
selftests: fix LLVM build for i386 and x86_64
nfc: pn533: initialize struct pn533_out_arg properly
ipvlan: Make skb->skb_iif track skb->dev for l3s mode
i40e: Fix kernel crash during reboot when adapter is in recovery mode
vhost-vdpa: free iommu domain after last use during cleanup
vdpa_sim: not reset state in vdpasim_queue_ready
vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready
PCI: s390: Fix use-after-free of PCI resources with per-function hotplug
drm/i915/psr: Use calculated io and fast wake lines
drm/i915/sseu: fix max_subslices array-index-out-of-bounds access
net/smc: fix NULL sndbuf_desc in smc_cdc_tx_handler()
qed/qed_dev: guard against a possible division by zero
net: dsa: mt7530: remove now incorrect comment regarding port 5
net: dsa: mt7530: set PLL frequency and trgmii only when trgmii is used
block: do not reverse request order when flushing plug list
loop: Fix use-after-free issues
net: tunnels: annotate lockless accesses to dev->needed_headroom
net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails
tcp: Fix bind() conflict check for dual-stack wildcard address.
nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition
mlxsw: spectrum: Fix incorrect parsing depth after reload
net/smc: fix deadlock triggered by cancel_delayed_work_syn()
net: usb: smsc75xx: Limit packet length to skb->len
drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts kdoc
powerpc/mm: Fix false detection of read faults
block: null_blk: Fix handling of fake timeout request
nvme: fix handling single range discard request
nvmet: avoid potential UAF in nvmet_req_complete()
block: sunvdc: add check for mdesc_grab() returning NULL
net/mlx5e: Fix macsec ASO context alignment
net/mlx5e: Don't cache tunnel offloads capability
net/mlx5: Fix setting ec_function bit in MANAGE_PAGES
net/mlx5: Disable eswitch before waiting for VF pages
net/mlx5e: Support Geneve and GRE with VF tunnel offload
net/mlx5: E-switch, Fix wrong usage of source port rewrite in split rules
net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port
net/mlx5e: Fix cleanup null-ptr deref on encap lock
net/mlx5: Set BREAK_FW_WAIT flag first when removing driver
veth: Fix use after free in XDP_REDIRECT
ice: xsk: disable txq irq before flushing hw
net: dsa: don't error out when drivers return ETH_DATA_LEN in .port_max_mtu()
net: dsa: mv88e6xxx: fix max_mtu of 1492 on 6165, 6191, 6220, 6250, 6290
ravb: avoid PHY being resumed when interface is not up
sh_eth: avoid PHY being resumed when interface is not up
ipv4: Fix incorrect table ID in IOCTL path
net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull
net: atlantic: Fix crash when XDP is enabled but no program is loaded
net/iucv: Fix size of interrupt data
i825xx: sni_82596: use eth_hw_addr_set()
selftests: net: devlink_port_split.py: skip test if no suitable device available
qed/qed_mng_tlv: correctly zero out ->min instead of ->hour
net: dsa: microchip: fix RGMII delay configuration on KSZ8765/KSZ8794/KSZ8795
ethernet: sun: add check for the mdesc_grab()
bonding: restore IFF_MASTER/SLAVE flags on bond enslave ether type change
bonding: restore bond's IFF_SLAVE flag if a non-eth dev enslave fails
hwmon: (adt7475) Display smoothing attributes in correct order
hwmon: (adt7475) Fix masking of hysteresis registers
hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition
hwmon: (ina3221) return prober error code
hwmon: (ucd90320) Add minimum delay between bus accesses
hwmon: tmp512: drop of_match_ptr for ID table
kconfig: Update config changed flag before calling callback
hwmon: (adm1266) Set `can_sleep` flag for GPIO chip
hwmon: (ltc2992) Set `can_sleep` flag for GPIO chip
media: m5mols: fix off-by-one loop termination error
mmc: atmel-mci: fix race between stop command and start of next command
soc: mediatek: mtk-svs: keep svs alive if CONFIG_DEBUG_FS not supported
jffs2: correct logic when creating a hole in jffs2_write_begin
rust: arch/um: Disable FP/SIMD instruction to match x86
ext4: fail ext4_iget if special inode unallocated
ext4: update s_journal_inum if it changes after journal replay
ext4: fix task hung in ext4_xattr_delete_inode
drm/amdkfd: Fix an illegal memory access
net/9p: fix bug in client create for .L
LoongArch: Only call get_timer_irq() once in constant_clockevent_init()
sh: intc: Avoid spurious sizeof-pointer-div warning
drm/amdgpu: fix ttm_bo calltrace warning in psp_hw_fini
drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes
ext4: fix possible double unlock when moving a directory
Revert "tty: serial: fsl_lpuart: adjust SERIAL_FSL_LPUART_CONSOLE config dependency"
tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted
serial: 8250_em: Fix UART port type
serial: 8250_fsl: fix handle_irq locking
serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it
firmware: xilinx: don't make a sleepable memory allocation from an atomic context
memory: tegra: fix interconnect registration race
memory: tegra20-emc: fix interconnect registration race
memory: tegra124-emc: fix interconnect registration race
memory: tegra30-emc: fix interconnect registration race
drm/ttm: Fix a NULL pointer dereference
s390/ipl: add missing intersection check to ipl_report handling
interconnect: fix icc_provider_del() error handling
interconnect: fix provider registration API
interconnect: imx: fix registration race
interconnect: fix mem leak when freeing nodes
interconnect: qcom: osm-l3: fix registration race
interconnect: qcom: rpm: fix probe child-node error handling
interconnect: qcom: rpm: fix registration race
interconnect: qcom: rpmh: fix probe child-node error handling
interconnect: qcom: rpmh: fix registration race
interconnect: qcom: msm8974: fix registration race
interconnect: exynos: fix node leak in probe PM QoS error path
interconnect: exynos: fix registration race
md: select BLOCK_LEGACY_AUTOLOAD
cifs: generate signkey for the channel that's reconnecting
tracing: Make splice_read available again
tracing: Check field value in hist_field_name()
tracing: Make tracepoint lockdep check actually test something
cifs: Fix smb2_set_path_size()
KVM: SVM: Fix a benign off-by-one bug in AVIC physical table mask
KVM: SVM: Modify AVIC GATag to support max number of 512 vCPUs
KVM: nVMX: add missing consistency checks for CR0 and CR4
ALSA: hda: intel-dsp-config: add MTL PCI id
ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro
ALSA: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform
Revert "riscv: mm: notify remote harts about mmu cache updates"
riscv: asid: Fixup stale TLB entry cause application crash
drm/shmem-helper: Remove another errant put in error path
drm/sun4i: fix missing component unbind on bind errors
drm/i915/active: Fix misuse of non-idle barriers as fence trackers
drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz
drm/amdgpu: Don't resume IOMMU after incomplete init
drm/amd/pm: Fix sienna cichlid incorrect OD volage after resume
drm/amd/pm: bump SMU 13.0.4 driver_if header version
drm/amd/display: Do not set DRR on pipe Commit
drm/amd/display: disconnect MPCC only on OTG change
mptcp: fix possible deadlock in subflow_error_report
mptcp: add ro_after_init for tcp{,v6}_prot_override
mptcp: avoid setting TCP_CLOSE state twice
mptcp: fix lockdep false positive in mptcp_pm_nl_create_listen_socket()
ftrace: Fix invalid address access in lookup_rec() when index is 0
ocfs2: fix data corruption after failed write
nvme-pci: add NVME_QUIRK_BOGUS_NID for Netac NV3000
ice: avoid bonding causing auxiliary plug/unplug under RTNL lock
vp_vdpa: fix the crash in hot unplug with vp_vdpa
mm/userfaultfd: propagate uffd-wp bit when PTE-mapping the huge zeropage
mm: teach mincore_hugetlb about pte markers
powerpc/64: Set default CPU in Kconfig
powerpc/boot: Don't always pass -mcpu=powerpc when building 32-bit uImage
mmc: sdhci_am654: lower power-on failed message severity
fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks
trace/hwlat: Do not wipe the contents of per-cpu thread data
trace/hwlat: Do not start per-cpu thread if it is already running
ACPI: PPTT: Fix to avoid sleep in the atomic context when PPTT is absent
net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit
fbdev: Fix incorrect page mapping clearance at fb_deferred_io_release()
cpuidle: psci: Iterate backwards over list in psci_pd_remove()
ASoC: Intel: soc-acpi: fix copy-paste issue in topology names
ASoC: qcom: q6prm: fix incorrect clk_root passed to ADSP
x86/mce: Make sure logged MCEs are processed after sysfs update
x86/mm: Fix use of uninitialized buffer in sme_enable()
x86/resctrl: Clear staged_config[] before and after it is used
powerpc: Pass correct CPU reference to assembler
virt/coco/sev-guest: Check SEV_SNP attribute at probe time
virt/coco/sev-guest: Simplify extended guest request handling
virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request()
virt/coco/sev-guest: Carve out the request issuing logic into a helper
virt/coco/sev-guest: Do some code style cleanups
virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case
virt/coco/sev-guest: Add throttling awareness
io_uring/msg_ring: let target know allocated index
perf: Fix check before add_event_to_groups() in perf_group_detach()
powerpc: Disable CPU unknown by CLANG when CC_IS_CLANG
powerpc/64: Replace -mcpu=e500mc64 by -mcpu=e5500
Linux 6.1.21
Change-Id: I4b7f6e01381c0c121c9e89e51071ea60f1f7e29a
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Herbert Xu
|
c436a17433 |
xfrm: Allow transport-mode states with AF_UNSPEC selector
[ Upstream commit c276a706ea1f51cf9723ed8484feceaf961b8f89 ]
xfrm state selectors are matched against the inner-most flow
which can be of any address family. Therefore middle states
in nested configurations need to carry a wildcard selector in
order to work at all.
However, this is currently forbidden for transport-mode states.
Fix this by removing the unnecessary check.
Fixes:
|
||
|
Greg Kroah-Hartman
|
e1300f4942 |
This is the 6.1.15 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmQB0YgACgkQONu9yGCS aT4LLg//V4AJCRhMlPEY43EJLsGok/32yuBqgrU774sCQjTKyoR4JCumcTqwbed/ aHRl6gul5dvD6+lnTAFeydu40X28e1uNab9lC++SilILMyR6RddnQVB50uXsFe5C LpjY+7OAQAoyK2+wsiXpeWmYReJbdbfUBKhtEyXnp5LsKYD9JQv0vNws6Wiekz/A 4d7FkK9rnJyzbyS8zv4hjDEz7+KYM02VDYvpr48Rts3m0JzJL7gqzKF3A6n6+ukT y8X5KLIODqhtt0LTt59cDL1mU/z3XDzeeUdL9FPxvk3o0dUvjIay1DQwjL6RyhLC /INUduF0kjbQoC9TdF9g/JJ8oRi05XDQgJCdyDSvFg/2OAJ+gLzrcXfAAdpdAo2v OXooZLk5YhW2F9QKzzK4OBimtvCGEZWl6CwsznQJUGPQxK2emTiTwXYiglj1Engi ROcF3WJAjDj7YfWOtO4U0DRN4NrzUDeYw23JO3DFBDan5eWimuli2rSN9thrYAKa w4HdHwEjGEk4ueZoC7Fv1HKQN90sUjEXtxp+86RBAq63rqeHFZRkdduyk78wBCM0 yu79bKJ5cGeldRTIJYs4tv1uJmE2UJZl+d5fCew1P0grSTYy77/33sWBKT4+OuEz eQ0qWuIBdWCFfnD9HkVii4/LJa21MlGt9H3azI5bJEY22SNuqkM= =u4Aa -----END PGP SIGNATURE----- Merge 6.1.15 into android14-6.1 Changes in 6.1.15 Fix XFRM-I support for nested ESP tunnels arm64: dts: rockchip: reduce thermal limits on rk3399-pinephone-pro arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc ARM: dts: rockchip: add power-domains property to dp node on rk3288 arm64: dts: rockchip: add missing #interrupt-cells to rk356x pcie2x1 arm64: dts: rockchip: fix probe of analog sound card on rock-3a HID: elecom: add support for TrackBall 056E:011C HID: Ignore battery for Elan touchscreen on Asus TP420IA ACPI: NFIT: fix a potential deadlock during NFIT teardown pinctrl: amd: Fix debug output for debounce time btrfs: send: limit number of clones and allocated memory size arm64: dts: rockchip: align rk3399 DMC OPP table with bindings ASoC: rt715-sdca: fix clock stop prepare timeout issue IB/hfi1: Assign npages earlier powerpc: Don't select ARCH_WANTS_NO_INSTR ASoC: SOF: amd: Fix for handling spurious interrupts from DSP ARM: dts: stihxxx-b2120: fix polarity of reset line of tsin0 port neigh: make sure used and confirmed times are valid HID: core: Fix deadloop in hid_apply_multiplier. ASoC: codecs: es8326: Fix DTS properties reading HID: Ignore battery for ELAN touchscreen 29DF on HP selftests: ocelot: tc_flower_chains: make test_vlan_ingress_modify() more comprehensive x86/cpu: Add Lunar Lake M PM: sleep: Avoid using pr_cont() in the tasks freezing code bpf: bpf_fib_lookup should not return neigh in NUD_FAILED state net: Remove WARN_ON_ONCE(sk->sk_forward_alloc) from sk_stream_kill_queues(). vc_screen: don't clobber return value in vcs_read drm/amd/display: Move DCN314 DOMAIN power control to DMCUB drm/amd/display: Fix race condition in DPIA AUX transfer usb: dwc3: pci: add support for the Intel Meteor Lake-M USB: serial: option: add support for VW/Skoda "Carstick LTE" usb: gadget: u_serial: Add null pointer check in gserial_resume arm64: dts: uniphier: Fix property name in PXs3 USB node usb: typec: pd: Remove usb_suspend_supported sysfs from sink PDO drm/amd/display: Properly reuse completion structure attr: add in_group_or_capable() fs: move should_remove_suid() attr: add setattr_should_drop_sgid() attr: use consistent sgid stripping checks fs: use consistent setgid checks in is_sxid() scripts/tags.sh: fix incompatibility with PCRE2 USB: core: Don't hold device lock while reading the "descriptors" sysfs file Linux 6.1.15 Change-Id: I2489d74e0905d26c0afb69f1036cb43890bec060 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Benedict Wong
|
0b892d8fe9 |
Fix XFRM-I support for nested ESP tunnels
[ Upstream commit b0355dbbf13c0052931dd14c38c789efed64d3de ] This change adds support for nested IPsec tunnels by ensuring that XFRM-I verifies existing policies before decapsulating a subsequent policies. Addtionally, this clears the secpath entries after policies are verified, ensuring that previous tunnels with no-longer-valid do not pollute subsequent policy checks. This is necessary especially for nested tunnels, as the IP addresses, protocol and ports may all change, thus not matching the previous policies. In order to ensure that packets match the relevant inbound templates, the xfrm_policy_check should be done before handing off to the inner XFRM protocol to decrypt and decapsulate. Notably, raw ESP/AH packets did not perform policy checks inherently, whereas all other encapsulated packets (UDP, TCP encapsulated) do policy checks after calling xfrm_input handling in the respective encapsulation layer. Test: Verified with additional Android Kernel Unit tests Signed-off-by: Benedict Wong <benedictwong@google.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Howard Chen
|
bf0d1e087b |
ANDROID: revert core of "xfrm: Use actual socket sk instead of skb socket for xfrm_output_resume"
The mentioned CL makes CtsnetTestCases fails on CtsNetTestCases:android.net.cts.IpSecManagerTest#testAesGcm128Tcp6 Bug: 186608065 Bug: 197517655 Test: CtsNetTestCases Change-Id: I65eb4e45623af5d6ff8ec634ac11aa039f5cceef Signed-off-by: Howard Chen <howardsoc@google.com> Signed-off-by: Alistair Delva <adelva@google.com> |
||
|
Greg Kroah-Hartman
|
b6010109cf |
Merge 6.1.12 into android14-6.1
Changes in 6.1.12 hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC btrfs: limit device extents to the device size btrfs: zlib: zero-initialize zlib workspace ALSA: hda/realtek: Add Positivo N14KP6-TG ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control() ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360 ALSA: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9 ALSA: hda/realtek: Add quirk for ASUS UM3402 using CS35L41 ALSA: hda/realtek: fix mute/micmute LEDs don't work for a HP platform. Revert "PCI/ASPM: Save L1 PM Substates Capability for suspend/resume" Revert "PCI/ASPM: Refactor L1 PM Substates Control Register programming" tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw of/address: Return an error when no valid dma-ranges are found can: j1939: do not wait 250 ms if the same addr was already claimed HID: logitech: Disable hi-res scrolling on USB xfrm: compat: change expression for switch in xfrm_xlate64 IB/hfi1: Restore allocated resources on failed copyout xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr() IB/IPoIB: Fix legacy IPoIB due to wrong number of queues xfrm: annotate data-race around use_time RDMA/irdma: Fix potential NULL-ptr-dereference RDMA/usnic: use iommu_map_atomic() under spin_lock() xfrm: fix bug with DSCP copy to v6 from v4 tunnel of: Make OF framebuffer device names unique net: phylink: move phy_device_free() to correctly release phy device bonding: fix error checking in bond_debug_reregister() net: macb: Perform zynqmp dynamic configuration only for SGMII interface net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY ionic: clean interrupt before enabling queue to avoid credit race ionic: refactor use of ionic_rx_fill() ionic: missed doorbell workaround cpufreq: qcom-hw: Fix cpufreq_driver->get() for non-LMH systems uapi: add missing ip/ipv6 header dependencies for linux/stddef.h net: microchip: sparx5: fix PTP init/deinit not checking all ports HID: amd_sfh: if no sensors are enabled, clean up drm/i915: Don't do the WM0->WM1 copy w/a if WM1 is already enabled drm/virtio: exbuf->fence_fd unmodified on interrupted wait cpuset: Call set_cpus_allowed_ptr() with appropriate mask for task nvidiafb: detect the hardware support before removing console. ice: Do not use WQ_MEM_RECLAIM flag for workqueue ice: Fix disabling Rx VLAN filtering with port VLAN enabled ice: switch: fix potential memleak in ice_add_adv_recipe() net: dsa: mt7530: don't change PVC_EG_TAG when CPU port becomes VLAN-aware net: mscc: ocelot: fix VCAP filters not matching on MAC with "protocol 802.1Q" net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change net/mlx5: Bridge, fix ageing of peer FDB entries net/mlx5e: Fix crash unsetting rx-vlan-filter in switchdev mode net/mlx5e: IPoIB, Show unknown speed instead of error net/mlx5: Store page counters in a single array net/mlx5: Expose SF firmware pages counter net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers net/mlx5: fw_tracer, Zero consumer index when reloading the tracer net/mlx5: Serialize module cleanup with reload and remove igc: Add ndo_tx_timeout support net: ethernet: mtk_eth_soc: fix wrong parameters order in __xdp_rxq_info_reg() txhash: fix sk->sk_txrehash default selftests: Fix failing VXLAN VNI filtering test rds: rds_rm_zerocopy_callback() use list_first_entry() net: mscc: ocelot: fix all IPv6 getting trapped to CPU when PTP timestamping is used selftests: forwarding: lib: quote the sysctl values arm64: dts: rockchip: fix input enable pinconf on rk3399 arm64: dts: rockchip: set sdmmc0 speed to sd-uhs-sdr50 on rock-3a ALSA: pci: lx6464es: fix a debug loop riscv: stacktrace: Fix missing the first frame arm64: dts: mediatek: mt8195: Fix vdosys* compatible strings ASoC: tas5805m: rework to avoid scheduling while atomic. ASoC: tas5805m: add missing page switch. ASoC: fsl_sai: fix getting version from VERID ASoC: topology: Return -ENOMEM on memory allocation failure clk: microchip: mpfs-ccc: Use devm_kasprintf() for allocating formatted strings pinctrl: mediatek: Fix the drive register definition of some Pins pinctrl: aspeed: Fix confusing types in return value pinctrl: single: fix potential NULL dereference spi: dw: Fix wrong FIFO level setting for long xfers pinctrl: aspeed: Revert "Force to disable the function's signal" pinctrl: intel: Restore the pins that used to be in Direct IRQ mode cifs: Fix use-after-free in rdata->read_into_pages() net: USB: Fix wrong-direction WARNING in plusb.c mptcp: do not wait for bare sockets' timeout mptcp: be careful on subflow status propagation on errors selftests: mptcp: allow more slack for slow test-case selftests: mptcp: stop tests earlier btrfs: simplify update of last_dir_index_offset when logging a directory btrfs: free device in btrfs_close_devices for a single device filesystem usb: core: add quirk for Alcor Link AK9563 smartcard reader usb: typec: altmodes/displayport: Fix probe pin assign check cxl/region: Fix null pointer dereference for resetting decoder cxl/region: Fix passthrough-decoder detection clk: ingenic: jz4760: Update M/N/OD calculation algorithm pinctrl: qcom: sm8450-lpass-lpi: correct swr_rx_data group drm/amd/pm: add SMU 13.0.7 missing GetPptLimit message mapping ceph: flush cap releases when the session is flushed nvdimm: Support sizeof(struct page) > MAX_STRUCT_PAGE_SIZE riscv: Fixup race condition on PG_dcache_clean in flush_icache_pte riscv: kprobe: Fixup misaligned load text powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch drm/amdgpu: Use the TGID for trace_amdgpu_vm_update_ptes tracing: Fix TASK_COMM_LEN in trace event format file rtmutex: Ensure that the top waiter is always woken up arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive arm64: dts: meson-g12-common: Make mmc host controller interrupts level-sensitive arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive Fix page corruption caused by racy check in __free_pages arm64: efi: Force the use of SetVirtualAddressMap() on eMAG and Altra Max machines drm/amd/pm: bump SMU 13.0.0 driver_if header version drm/amdgpu: Add unique_id support for GC 11.0.1/2 drm/amd/pm: bump SMU 13.0.7 driver_if header version drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini drm/amdgpu/smu: skip pptable init under sriov drm/amd/display: properly handling AGP aperture in vm setup drm/amd/display: fix cursor offset on rotation 180 drm/i915: Move fd_install after last use of fence drm/i915: Initialize the obj flags for shmem objects drm/i915: Fix VBT DSI DVO port handling x86/speculation: Identify processors vulnerable to SMT RSB predictions KVM: x86: Mitigate the cross-thread return address predictions bug Documentation/hw-vuln: Add documentation for Cross-Thread Return Predictions Linux 6.1.12 Change-Id: I4deaf57516f3e7b40e728d473986fa355a11fc37 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Christian Hopps
|
5954eaab6b |
xfrm: fix bug with DSCP copy to v6 from v4 tunnel
[ Upstream commit 6028da3f125fec34425dbd5fec18e85d372b2af6 ]
When copying the DSCP bits for decap-dscp into IPv6 don't assume the
outer encap is always IPv6. Instead, as with the inner IPv4 case, copy
the DSCP bits from the correctly saved "tos" value in the control block.
Fixes:
|
||
Eric Dumazet
|
f6d8b6762b |
xfrm: annotate data-race around use_time
[ Upstream commit 0a9e5794b21e2d1303759ff8fe5f9215db7757ba ]
KCSAN reported multiple cpus can update use_time
at the same time.
Adds READ_ONCE()/WRITE_ONCE() annotations.
Note that 32bit arches are not fully protected,
but they will probably no longer be supported/used in 2106.
BUG: KCSAN: data-race in __xfrm_policy_check / __xfrm_policy_check
write to 0xffff88813e7ec108 of 8 bytes by interrupt on cpu 0:
__xfrm_policy_check+0x6ae/0x17f0 net/xfrm/xfrm_policy.c:3664
__xfrm_policy_check2 include/net/xfrm.h:1174 [inline]
xfrm_policy_check include/net/xfrm.h:1179 [inline]
xfrm6_policy_check+0x2e9/0x320 include/net/xfrm.h:1189
udpv6_queue_rcv_one_skb+0x48/0xa30 net/ipv6/udp.c:703
udpv6_queue_rcv_skb+0x2d6/0x310 net/ipv6/udp.c:792
udp6_unicast_rcv_skb+0x16b/0x190 net/ipv6/udp.c:935
__udp6_lib_rcv+0x84b/0x9b0 net/ipv6/udp.c:1020
udpv6_rcv+0x4b/0x50 net/ipv6/udp.c:1133
ip6_protocol_deliver_rcu+0x99e/0x1020 net/ipv6/ip6_input.c:439
ip6_input_finish net/ipv6/ip6_input.c:484 [inline]
NF_HOOK include/linux/netfilter.h:302 [inline]
ip6_input+0xca/0x180 net/ipv6/ip6_input.c:493
dst_input include/net/dst.h:454 [inline]
ip6_rcv_finish+0x1e9/0x2d0 net/ipv6/ip6_input.c:79
NF_HOOK include/linux/netfilter.h:302 [inline]
ipv6_rcv+0x85/0x140 net/ipv6/ip6_input.c:309
__netif_receive_skb_one_core net/core/dev.c:5482 [inline]
__netif_receive_skb+0x8b/0x1b0 net/core/dev.c:5596
process_backlog+0x23f/0x3b0 net/core/dev.c:5924
__napi_poll+0x65/0x390 net/core/dev.c:6485
napi_poll net/core/dev.c:6552 [inline]
net_rx_action+0x37e/0x730 net/core/dev.c:6663
__do_softirq+0xf2/0x2c7 kernel/softirq.c:571
do_softirq+0xb1/0xf0 kernel/softirq.c:472
__local_bh_enable_ip+0x6f/0x80 kernel/softirq.c:396
__raw_read_unlock_bh include/linux/rwlock_api_smp.h:257 [inline]
_raw_read_unlock_bh+0x17/0x20 kernel/locking/spinlock.c:284
wg_socket_send_skb_to_peer+0x107/0x120 drivers/net/wireguard/socket.c:184
wg_packet_create_data_done drivers/net/wireguard/send.c:251 [inline]
wg_packet_tx_worker+0x142/0x360 drivers/net/wireguard/send.c:276
process_one_work+0x3d3/0x720 kernel/workqueue.c:2289
worker_thread+0x618/0xa70 kernel/workqueue.c:2436
kthread+0x1a9/0x1e0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
write to 0xffff88813e7ec108 of 8 bytes by interrupt on cpu 1:
__xfrm_policy_check+0x6ae/0x17f0 net/xfrm/xfrm_policy.c:3664
__xfrm_policy_check2 include/net/xfrm.h:1174 [inline]
xfrm_policy_check include/net/xfrm.h:1179 [inline]
xfrm6_policy_check+0x2e9/0x320 include/net/xfrm.h:1189
udpv6_queue_rcv_one_skb+0x48/0xa30 net/ipv6/udp.c:703
udpv6_queue_rcv_skb+0x2d6/0x310 net/ipv6/udp.c:792
udp6_unicast_rcv_skb+0x16b/0x190 net/ipv6/udp.c:935
__udp6_lib_rcv+0x84b/0x9b0 net/ipv6/udp.c:1020
udpv6_rcv+0x4b/0x50 net/ipv6/udp.c:1133
ip6_protocol_deliver_rcu+0x99e/0x1020 net/ipv6/ip6_input.c:439
ip6_input_finish net/ipv6/ip6_input.c:484 [inline]
NF_HOOK include/linux/netfilter.h:302 [inline]
ip6_input+0xca/0x180 net/ipv6/ip6_input.c:493
dst_input include/net/dst.h:454 [inline]
ip6_rcv_finish+0x1e9/0x2d0 net/ipv6/ip6_input.c:79
NF_HOOK include/linux/netfilter.h:302 [inline]
ipv6_rcv+0x85/0x140 net/ipv6/ip6_input.c:309
__netif_receive_skb_one_core net/core/dev.c:5482 [inline]
__netif_receive_skb+0x8b/0x1b0 net/core/dev.c:5596
process_backlog+0x23f/0x3b0 net/core/dev.c:5924
__napi_poll+0x65/0x390 net/core/dev.c:6485
napi_poll net/core/dev.c:6552 [inline]
net_rx_action+0x37e/0x730 net/core/dev.c:6663
__do_softirq+0xf2/0x2c7 kernel/softirq.c:571
do_softirq+0xb1/0xf0 kernel/softirq.c:472
__local_bh_enable_ip+0x6f/0x80 kernel/softirq.c:396
__raw_read_unlock_bh include/linux/rwlock_api_smp.h:257 [inline]
_raw_read_unlock_bh+0x17/0x20 kernel/locking/spinlock.c:284
wg_socket_send_skb_to_peer+0x107/0x120 drivers/net/wireguard/socket.c:184
wg_packet_create_data_done drivers/net/wireguard/send.c:251 [inline]
wg_packet_tx_worker+0x142/0x360 drivers/net/wireguard/send.c:276
process_one_work+0x3d3/0x720 kernel/workqueue.c:2289
worker_thread+0x618/0xa70 kernel/workqueue.c:2436
kthread+0x1a9/0x1e0 kernel/kthread.c:376
ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308
value changed: 0x0000000063c62d6f -> 0x0000000063c62d70
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 4185 Comm: kworker/1:2 Tainted: G W 6.2.0-rc4-syzkaller-00009-gd532dd102151-dirty #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Workqueue: wg-crypt-wg0 wg_packet_tx_worker
Fixes:
|
||
|
Eric Dumazet
|
4196742243 |
xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr()
[ Upstream commit b6ee896385380aa621102e8ea402ba12db1cabff ]
int type = nla_type(nla);
if (type > XFRMA_MAX) {
return -EOPNOTSUPP;
}
@type is then used as an array index and can be used
as a Spectre v1 gadget.
if (nla_len(nla) < compat_policy[type].len) {
array_index_nospec() can be used to prevent leaking
content of kernel memory to malicious users.
Fixes:
|
||
Anastasia Belova
|
cf118814ae |
xfrm: compat: change expression for switch in xfrm_xlate64
[ Upstream commit eb6c59b735aa6cca77cdbb59cc69d69a0d63d986 ]
Compare XFRM_MSG_NEWSPDINFO (value from netlink
configuration messages enum) with nlh_src->nlmsg_type
instead of nlh_src->nlmsg_type - XFRM_MSG_BASE.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes:
|
||
|
Greg Kroah-Hartman
|
c747c01851 |
This is the 6.1.11 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmPkywAACgkQONu9yGCS
aT42Kw/9FFrdwv29yND651dPIglYKgO0Oz27/LFNGqst1A/G1ITzfs/94NSRr+9j
uvwmBLbC+n/OXYavliBVWlPaYUCLqoFSfR+q953yz/UT0803E8BUvQ8NN8O7lsg7
hfbWJaASxt5puy2pBFypeWM+OXoVOvUBj3VhbgtUwwcYLPuYafj9rCAytdIIf5fr
RKWBLfx7As4OJ+Hb3KNkolTkFDTfV5+zqCAc9Ko474d1bpRnF15UdQN8Kkinr2+O
YNGTvDT8jR8eAk/9PiCNrG7DEMSKaczP8n/ap6PikD/KnK7ShtCLwZztLnmu65g1
vZG+cnEda8FuY3Ms03UrHhKqzMzBY/vslzBNMBTNmDsr+b7ilhffAYXPKS8s7xrg
bJjmfzfITFAjXrml25enVO0V9RtTxv6E07U7SnDrLsvE2KBFZfUR/3Xl70bVBb0S
db60kmEoq3XHHtoVySOHlfihVHSy02V9dlFcLOYMQsDHsGVsRXOR87g6d7+rJS3h
hYWz5YxMLJUr2qn2836DPBnX9Ix0VjDx+X2fB4bNYzKc1dMlgzbpYrhk9LEOUDsx
emJuqZskjkLby9Bw36N3eHW3fKPOFrwpYwPWYJHdWx1mmFSNdV6MdfEtZXpuEkFJ
iFyJPeeODGadoiznnXTaBFfhozRj+B6FXrY6pkF+WMoSt8ZlZpM=
=vu7j
-----END PGP SIGNATURE-----
Merge 6.1.11 into android14-6.1
Changes in 6.1.11
firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region
bus: sunxi-rsb: Fix error handling in sunxi_rsb_init()
arm64: dts: imx8m-venice: Remove incorrect 'uart-has-rtscts'
arm64: dts: freescale: imx8dxl: fix sc_pwrkey's property name linux,keycode
ASoC: amd: acp-es8336: Drop reference count of ACPI device after use
ASoC: Intel: bytcht_es8316: Drop reference count of ACPI device after use
ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use
ASoC: Intel: bytcr_rt5640: Drop reference count of ACPI device after use
ASoC: Intel: bytcr_wm5102: Drop reference count of ACPI device after use
ASoC: Intel: sof_es8336: Drop reference count of ACPI device after use
ASoC: Intel: avs: Implement PCI shutdown
bpf: Fix off-by-one error in bpf_mem_cache_idx()
bpf: Fix a possible task gone issue with bpf_send_signal[_thread]() helpers
ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()
bpf: Fix to preserve reg parent/live fields when copying range info
selftests/filesystems: grant executable permission to run_fat_tests.sh
ASoC: SOF: ipc4-mtrace: prevent underflow in sof_ipc4_priority_mask_dfs_write()
bpf: Add missing btf_put to register_btf_id_dtor_kfuncs
media: v4l2-ctrls-api.c: move ctrl->is_new = 1 to the correct line
bpf, sockmap: Check for any of tcp_bpf_prots when cloning a listener
arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX
arm64: dts: imx8mm-verdin: Do not power down eth-phy
drm/vc4: hdmi: make CEC adapter name unique
drm/ssd130x: Init display before the SSD130X_DISPLAY_ON command
scsi: Revert "scsi: core: map PQ=1, PDT=other values to SCSI_SCAN_TARGET_PRESENT"
bpf: Fix the kernel crash caused by bpf_setsockopt().
ALSA: memalloc: Workaround for Xen PV
vhost/net: Clear the pending messages when the backend is removed
copy_oldmem_kernel() - WRITE is "data source", not destination
WRITE is "data source", not destination...
READ is "data destination", not source...
zcore: WRITE is "data source", not destination...
memcpy_real(): WRITE is "data source", not destination...
fix iov_iter_bvec() "direction" argument
fix 'direction' argument of iov_iter_{init,bvec}()
fix "direction" argument of iov_iter_kvec()
use less confusing names for iov_iter direction initializers
vhost-scsi: unbreak any layout for response
ice: Prevent set_channel from changing queues while RDMA active
qede: execute xdp_do_flush() before napi_complete_done()
virtio-net: execute xdp_do_flush() before napi_complete_done()
dpaa_eth: execute xdp_do_flush() before napi_complete_done()
dpaa2-eth: execute xdp_do_flush() before napi_complete_done()
skb: Do mix page pool and page referenced frags in GRO
sfc: correctly advertise tunneled IPv6 segmentation
net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices
net: wwan: t7xx: Fix Runtime PM initialization
block, bfq: replace 0/1 with false/true in bic apis
block, bfq: fix uaf for bfqq in bic_set_bfqq()
netrom: Fix use-after-free caused by accept on already connected socket
fscache: Use wait_on_bit() to wait for the freeing of relinquished volume
platform/x86/amd/pmf: update to auto-mode limits only after AMT event
platform/x86/amd/pmf: Add helper routine to update SPS thermals
platform/x86/amd/pmf: Fix to update SPS default pprof thermals
platform/x86/amd/pmf: Add helper routine to check pprof is balanced
platform/x86/amd/pmf: Fix to update SPS thermals when power supply change
platform/x86/amd/pmf: Ensure mutexes are initialized before use
platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255
drm/i915/guc: Fix locking when searching for a hung request
drm/i915: Fix request ref counting during error capture & debugfs dump
drm/i915: Fix up locking around dumping requests lists
drm/i915/adlp: Fix typo for reference clock
net/tls: tls_is_tx_ready() checked list_entry
ALSA: firewire-motu: fix unreleased lock warning in hwdep device
netfilter: br_netfilter: disable sabotage_in hook after first suppression
block: ublk: extending queue_size to fix overflow
kunit: fix kunit_test_init_section_suites(...)
squashfs: harden sanity check in squashfs_read_xattr_id_table
maple_tree: should get pivots boundary by type
sctp: do not check hb_timer.expires when resetting hb_timer
net: phy: meson-gxl: Add generic dummy stubs for MMD register access
drm/panel: boe-tv101wum-nl6: Ensure DSI writes succeed during disable
ip/ip6_gre: Fix changing addr gen mode not generating IPv6 link local address
ip/ip6_gre: Fix non-point-to-point tunnel not generating IPv6 link local address
riscv: kprobe: Fixup kernel panic when probing an illegal position
igc: return an error if the mac type is unknown in igc_ptp_systim_to_hwtstamp()
octeontx2-af: Fix devlink unregister
can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate
can: raw: fix CAN FD frame transmissions over CAN XL devices
can: mcp251xfd: mcp251xfd_ring_set_ringparam(): assign missing tx_obj_num_coalesce_irq
ata: libata: Fix sata_down_spd_limit() when no link speed is reported
selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning
selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided
selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs
selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy benchmarking
virtio-net: Keep stop() to follow mirror sequence of open()
net: openvswitch: fix flow memory leak in ovs_flow_cmd_new
efi: fix potential NULL deref in efi_mem_reserve_persistent
rtc: sunplus: fix format string for printing resource
certs: Fix build error when PKCS#11 URI contains semicolon
kbuild: modinst: Fix build error when CONFIG_MODULE_SIG_KEY is a PKCS#11 URI
i2c: designware-pci: Add new PCI IDs for AMD NAVI GPU
i2c: mxs: suppress probe-deferral error message
scsi: target: core: Fix warning on RT kernels
x86/aperfmperf: Erase stale arch_freq_scale values when disabling frequency invariance readings
perf/x86/intel: Add Emerald Rapids
perf/x86/intel/cstate: Add Emerald Rapids
scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress
scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress
i2c: rk3x: fix a bunch of kernel-doc warnings
Revert "gfs2: stop using generic_writepages in gfs2_ail1_start_one"
x86/build: Move '-mindirect-branch-cs-prefix' out of GCC-only block
platform/x86: dell-wmi: Add a keymap for KEY_MUTE in type 0x0010 table
platform/x86: hp-wmi: Handle Omen Key event
platform/x86: gigabyte-wmi: add support for B450M DS3H WIFI-CF
platform/x86/amd: pmc: Disable IRQ1 wakeup for RN/CZN
net/x25: Fix to not accept on connected socket
drm/amd/display: Fix timing not changning when freesync video is enabled
bcache: Silence memcpy() run-time false positive warnings
iio: adc: stm32-dfsdm: fill module aliases
usb: dwc3: qcom: enable vbus override when in OTG dr-mode
usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait
vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF
fbcon: Check font dimension limits
cgroup/cpuset: Fix wrong check in update_parent_subparts_cpumask()
hv_netvsc: Fix missed pagebuf entries in netvsc_dma_map/unmap()
ARM: dts: imx7d-smegw01: Fix USB host over-current polarity
net: qrtr: free memory on error path in radix_tree_insert()
can: isotp: split tx timer into transmission and timeout
can: isotp: handle wait_event_interruptible() return values
watchdog: diag288_wdt: do not use stack buffers for hardware data
watchdog: diag288_wdt: fix __diag288() inline assembly
ALSA: hda/realtek: Add Acer Predator PH315-54
ALSA: hda/realtek: fix mute/micmute LEDs, speaker don't work for a HP platform
ASoC: codecs: wsa883x: correct playback min/max rates
ASoC: SOF: sof-audio: unprepare when swidget->use_count > 0
ASoC: SOF: sof-audio: skip prepare/unprepare if swidget is NULL
ASoC: SOF: keep prepare/unprepare widgets in sink path
efi: Accept version 2 of memory attributes table
rtc: efi: Enable SET/GET WAKEUP services as optional
iio: hid: fix the retval in accel_3d_capture_sample
iio: hid: fix the retval in gyro_3d_capture_sample
iio: adc: xilinx-ams: fix devm_krealloc() return value check
iio: adc: berlin2-adc: Add missing of_node_put() in error path
iio: imx8qxp-adc: fix irq flood when call imx8qxp_adc_read_raw()
iio:adc:twl6030: Enable measurements of VUSB, VBAT and others
iio: light: cm32181: Fix PM support on system with 2 I2C resources
iio: imu: fxos8700: fix ACCEL measurement range selection
iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels readback
iio: imu: fxos8700: fix IMU data bits returned to user space
iio: imu: fxos8700: fix map label of channel type to MAGN sensor
iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback
iio: imu: fxos8700: fix incorrect ODR mode readback
iio: imu: fxos8700: fix failed initialization ODR mode assignment
iio: imu: fxos8700: remove definition FXOS8700_CTRL_ODR_MIN
iio: imu: fxos8700: fix MAGN sensor scale and unit
nvmem: brcm_nvram: Add check for kzalloc
nvmem: sunxi_sid: Always use 32-bit MMIO reads
nvmem: qcom-spmi-sdam: fix module autoloading
parisc: Fix return code of pdc_iodc_print()
parisc: Replace hardcoded value with PRIV_USER constant in ptrace.c
parisc: Wire up PTRACE_GETREGS/PTRACE_SETREGS for compat case
riscv: disable generation of unwind tables
Revert "mm: kmemleak: alloc gray object for reserved region with direct map"
mm: multi-gen LRU: fix crash during cgroup migration
mm: hugetlb: proc: check for hugetlb shared PMD in /proc/PID/smaps
mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath()
usb: gadget: f_uac2: Fix incorrect increment of bNumEndpoints
usb: typec: ucsi: Don't attempt to resume the ports before they exist
usb: gadget: udc: do not clear gadget driver.bus
kernel/irq/irqdomain.c: fix memory leak with using debugfs_lookup()
HV: hv_balloon: fix memory leak with using debugfs_lookup()
x86/debug: Fix stack recursion caused by wrongly ordered DR7 accesses
fpga: m10bmc-sec: Fix probe rollback
fpga: stratix10-soc: Fix return value check in s10_ops_write_init()
mm/uffd: fix pte marker when fork() without fork event
mm/swapfile: add cond_resched() in get_swap_pages()
mm/khugepaged: fix ->anon_vma race
mm, mremap: fix mremap() expanding for vma's with vm_ops->close()
mm/MADV_COLLAPSE: catch !none !huge !bad pmd lookups
highmem: round down the address passed to kunmap_flush_on_unmap()
ia64: fix build error due to switch case label appearing next to declaration
Squashfs: fix handling and sanity checking of xattr_ids count
maple_tree: fix mas_empty_area_rev() lower bound validation
migrate: hugetlb: check for hugetlb shared PMD in node migration
dma-buf: actually set signaling bit for private stub fences
serial: stm32: Merge hard IRQ and threaded IRQ handling into single IRQ handler
drm/i915: Avoid potential vm use-after-free
drm/i915: Fix potential bit_17 double-free
drm/amd: Fix initialization for nbio 4.3.0
drm/amd/pm: drop unneeded dpm features disablement for SMU 13.0.4/11
drm/amdgpu: update wave data type to 3 for gfx11
nvmem: core: initialise nvmem->id early
nvmem: core: remove nvmem_config wp_gpio
nvmem: core: fix cleanup after dev_set_name()
nvmem: core: fix registration vs use race
nvmem: core: fix device node refcounting
nvmem: core: fix cell removal on error
nvmem: core: fix return value
phy: qcom-qmp-combo: fix runtime suspend
serial: 8250_dma: Fix DMA Rx completion race
serial: 8250_dma: Fix DMA Rx rearm race
platform/x86/amd: pmc: add CONFIG_SERIO dependency
ASoC: SOF: sof-audio: prepare_widgets: Check swidget for NULL on sink failure
iio:adc:twl6030: Enable measurement of VAC
powerpc/64s/radix: Fix crash with unaligned relocated kernel
powerpc/64s: Fix local irq disable when PMIs are disabled
powerpc/imc-pmu: Revert nest_init_lock to being a mutex
fs/ntfs3: Validate attribute data and valid sizes
ovl: Use "buf" flexible array for memcpy() destination
f2fs: initialize locks earlier in f2fs_fill_super()
fbdev: smscufx: fix error handling code in ufx_usb_probe
f2fs: fix to do sanity check on i_extra_isize in is_alive()
wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads
gfs2: Cosmetic gfs2_dinode_{in,out} cleanup
gfs2: Always check inode size of inline inodes
bpf: Skip invalid kfunc call in backtrack_insn
Linux 6.1.11
Change-Id: I69722bc9711b91f2fca18de59746ada373f64c5e
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Al Viro
|
5a19095103 |
use less confusing names for iov_iter direction initializers
[ Upstream commit de4eda9de2d957ef2d6a8365a01e26a435e958cb ]
READ/WRITE proved to be actively confusing - the meanings are
"data destination, as used with read(2)" and "data source, as
used with write(2)", but people keep interpreting those as
"we read data from it" and "we write data to it", i.e. exactly
the wrong way.
Call them ITER_DEST and ITER_SOURCE - at least that is harder
to misinterpret...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Stable-dep-of: 6dd88fd59da8 ("vhost-scsi: unbreak any layout for response")
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Greg Kroah-Hartman
|
2d70b5b774 |
Merge 08ad43d554 ("Merge tag 'net-6.1-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") into android-mainline
Steps on the way to 6.1-rc7 Change-Id: Ia0db5617550f5a1acec28b8fed50c4da779e5371 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Jakub Kicinski
|
06ccc8ec70 |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec
Steffen Klassert says:
====================
ipsec 2022-11-23
1) Fix "disable_policy" on ipv4 early demuxP Packets after
the initial packet in a flow might be incorectly dropped
on early demux if there are no matching policies.
From Eyal Birger.
2) Fix a kernel warning in case XFRM encap type is not
available. From Eyal Birger.
3) Fix ESN wrap around for GSO to avoid a double usage of a
sequence number. From Christian Langrock.
4) Fix a send_acquire race with pfkey_register.
From Herbert Xu.
5) Fix a list corruption panic in __xfrm_state_delete().
Thomas Jarosch.
6) Fix an unchecked return value in xfrm6_init().
Chen Zhongjin.
* 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec:
xfrm: Fix ignored return value in xfrm6_init()
xfrm: Fix oops in __xfrm_state_delete()
af_key: Fix send_acquire race with pfkey_register
xfrm: replay: Fix ESN wrap around for GSO
xfrm: lwtunnel: squelch kernel warning in case XFRM encap type is not available
xfrm: fix "disable_policy" on ipv4 early demux
====================
Link: https://lore.kernel.org/r/20221123093117.434274-1-steffen.klassert@secunet.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
||
|
Greg Kroah-Hartman
|
02de87682c |
Merge f1947d7c8a ("Merge tag 'random-6.1-rc1-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/crng/random") into android-mainline
Steps on the way to 6.1-rc1 Resolves merge conflicts in: block/blk-crypto-fallback.c Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I8bc1919753d4664d1d37df82a6e1b82f7b591192 |
||
Christian Langrock
|
4b549ccce9 |
xfrm: replay: Fix ESN wrap around for GSO
When using GSO it can happen that the wrong seq_hi is used for the last
packets before the wrap around. This can lead to double usage of a
sequence number. To avoid this, we should serialize this last GSO
packet.
Fixes:
|
||
Jason A. Donenfeld
|
81895a65ec |
treewide: use prandom_u32_max() when possible, part 1
Rather than incurring a division or requesting too many random bytes for
the given range, use the prandom_u32_max() function, which only takes
the minimum required bytes from the RNG and avoids divisions. This was
done mechanically with this coccinelle script:
@basic@
expression E;
type T;
identifier get_random_u32 =~ "get_random_int|prandom_u32|get_random_u32";
typedef u64;
@@
(
- ((T)get_random_u32() % (E))
+ prandom_u32_max(E)
|
- ((T)get_random_u32() & ((E) - 1))
+ prandom_u32_max(E * XXX_MAKE_SURE_E_IS_POW2)
|
- ((u64)(E) * get_random_u32() >> 32)
+ prandom_u32_max(E)
|
- ((T)get_random_u32() & ~PAGE_MASK)
+ prandom_u32_max(PAGE_SIZE)
)
@multi_line@
identifier get_random_u32 =~ "get_random_int|prandom_u32|get_random_u32";
identifier RAND;
expression E;
@@
- RAND = get_random_u32();
... when != RAND
- RAND %= (E);
+ RAND = prandom_u32_max(E);
// Find a potential literal
@literal_mask@
expression LITERAL;
type T;
identifier get_random_u32 =~ "get_random_int|prandom_u32|get_random_u32";
position p;
@@
((T)get_random_u32()@p & (LITERAL))
// Add one to the literal.
@script:python add_one@
literal << literal_mask.LITERAL;
RESULT;
@@
value = None
if literal.startswith('0x'):
value = int(literal, 16)
elif literal[0] in '123456789':
value = int(literal, 10)
if value is None:
print("I don't know how to handle %s" % (literal))
cocci.include_match(False)
elif value == 2**32 - 1 or value == 2**31 - 1 or value == 2**24 - 1 or value == 2**16 - 1 or value == 2**8 - 1:
print("Skipping 0x%x for cleanup elsewhere" % (value))
cocci.include_match(False)
elif value & (value + 1) != 0:
print("Skipping 0x%x because it's not a power of two minus one" % (value))
cocci.include_match(False)
elif literal.startswith('0x'):
coccinelle.RESULT = cocci.make_expr("0x%x" % (value + 1))
else:
coccinelle.RESULT = cocci.make_expr("%d" % (value + 1))
// Replace the literal mask with the calculated result.
@plus_one@
expression literal_mask.LITERAL;
position literal_mask.p;
expression add_one.RESULT;
identifier FUNC;
@@
- (FUNC()@p & (LITERAL))
+ prandom_u32_max(RESULT)
@collapse_ret@
type T;
identifier VAR;
expression E;
@@
{
- T VAR;
- VAR = (E);
- return VAR;
+ return E;
}
@drop_var@
type T;
identifier VAR;
@@
{
- T VAR;
... when != VAR
}
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Yury Norov <yury.norov@gmail.com>
Reviewed-by: KP Singh <kpsingh@kernel.org>
Reviewed-by: Jan Kara <jack@suse.cz> # for ext4 and sbitmap
Reviewed-by: Christoph Böhmwalder <christoph.boehmwalder@linbit.com> # for drbd
Acked-by: Jakub Kicinski <kuba@kernel.org>
Acked-by: Heiko Carstens <hca@linux.ibm.com> # for s390
Acked-by: Ulf Hansson <ulf.hansson@linaro.org> # for mmc
Acked-by: Darrick J. Wong <djwong@kernel.org> # for xfs
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
||
Maciej Żenczykowski
|
ccbe77622c |
ANDROID: introduce CONFIG_GKI_NET_XFRM_HACKS
(without this net tests fail, CONFIG_GKI_HACKS_TO_FIX doesn't work, as it causes compilation failures due to enabling tons of other things) Bug: 252915518 Test: TreeHugger, manually with uml net nests Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: I9dae7f6be3828a1bdb71560dd9126ebed5cda9e5 |
||
|
Greg Kroah-Hartman
|
74b50ecaba |
Merge 0326074ff4 ("Merge tag 'net-next-6.1' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next") into android-mainline
Steps on the way to 6.1-rc1 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ie21c0145b7c61e1a57198bfa80586128230dbe51 |
||
|
Jakub Kicinski
|
e52f7c1ddf |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
Merge in the left-over fixes before the net-next pull-request. Conflicts: drivers/net/ethernet/mediatek/mtk_ppe.c |
||
David S. Miller
|
42e8e6d906 |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next
Steffen Klassert says: ==================== 1) Refactor selftests to use an array of structs in xfrm_fill_key(). From Gautam Menghani. 2) Drop an unused argument from xfrm_policy_match. From Hongbin Wang. 3) Support collect metadata mode for xfrm interfaces. From Eyal Birger. 4) Add netlink extack support to xfrm. From Sabrina Dubroca. Please note, there is a merge conflict in: include/net/dst_metadata.h between commit: |
||
Richard Gobert
|
d427c8999b |
net-next: skbuff: refactor pskb_pull
pskb_may_pull already contains all of the checks performed by pskb_pull. Use pskb_may_pull for validation in pskb_pull, eliminating the duplication and making __pskb_pull obsolete. Replace __pskb_pull with pskb_pull where applicable. Signed-off-by: Richard Gobert <richardbgobert@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Sabrina Dubroca
|
6ee5532052 |
xfrm: ipcomp: add extack to ipcomp{4,6}_init_state
And the shared helper ipcomp_init_state. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> |
||
|
Sabrina Dubroca
|
e1e10b44cf |
xfrm: pass extack down to xfrm_type ->init_state
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> |
||
Liu Jian
|
4f4920669d |
xfrm: Reinject transport-mode packets through workqueue
The following warning is displayed when the tcp6-multi-diffip11 stress
test case of the LTP test suite is tested:
watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [ns-tcpserver:48198]
CPU: 0 PID: 48198 Comm: ns-tcpserver Kdump: loaded Not tainted 6.0.0-rc6+ #39
Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : des3_ede_encrypt+0x27c/0x460 [libdes]
lr : 0x3f
sp : ffff80000ceaa1b0
x29: ffff80000ceaa1b0 x28: ffff0000df056100 x27: ffff0000e51e5280
x26: ffff80004df75030 x25: ffff0000e51e4600 x24: 000000000000003b
x23: 0000000000802080 x22: 000000000000003d x21: 0000000000000038
x20: 0000000080000020 x19: 000000000000000a x18: 0000000000000033
x17: ffff0000e51e4780 x16: ffff80004e2d1448 x15: ffff80004e2d1248
x14: ffff0000e51e4680 x13: ffff80004e2d1348 x12: ffff80004e2d1548
x11: ffff80004e2d1848 x10: ffff80004e2d1648 x9 : ffff80004e2d1748
x8 : ffff80004e2d1948 x7 : 000000000bcaf83d x6 : 000000000000001b
x5 : ffff80004e2d1048 x4 : 00000000761bf3bf x3 : 000000007f1dd0a3
x2 : ffff0000e51e4780 x1 : ffff0000e3b9a2f8 x0 : 00000000db44e872
Call trace:
des3_ede_encrypt+0x27c/0x460 [libdes]
crypto_des3_ede_encrypt+0x1c/0x30 [des_generic]
crypto_cbc_encrypt+0x148/0x190
crypto_skcipher_encrypt+0x2c/0x40
crypto_authenc_encrypt+0xc8/0xfc [authenc]
crypto_aead_encrypt+0x2c/0x40
echainiv_encrypt+0x144/0x1a0 [echainiv]
crypto_aead_encrypt+0x2c/0x40
esp6_output_tail+0x1c8/0x5d0 [esp6]
esp6_output+0x120/0x278 [esp6]
xfrm_output_one+0x458/0x4ec
xfrm_output_resume+0x6c/0x1f0
xfrm_output+0xac/0x4ac
__xfrm6_output+0x130/0x270
xfrm6_output+0x60/0xec
ip6_xmit+0x2ec/0x5bc
inet6_csk_xmit+0xbc/0x10c
__tcp_transmit_skb+0x460/0x8c0
tcp_write_xmit+0x348/0x890
__tcp_push_pending_frames+0x44/0x110
tcp_rcv_established+0x3c8/0x720
tcp_v6_do_rcv+0xdc/0x4a0
tcp_v6_rcv+0xc24/0xcb0
ip6_protocol_deliver_rcu+0xf0/0x574
ip6_input_finish+0x48/0x7c
ip6_input+0x48/0xc0
ip6_rcv_finish+0x80/0x9c
xfrm_trans_reinject+0xb0/0xf4
tasklet_action_common.constprop.0+0xf8/0x134
tasklet_action+0x30/0x3c
__do_softirq+0x128/0x368
do_softirq+0xb4/0xc0
__local_bh_enable_ip+0xb0/0xb4
put_cpu_fpsimd_context+0x40/0x70
kernel_neon_end+0x20/0x40
sha1_base_do_update.constprop.0.isra.0+0x11c/0x140 [sha1_ce]
sha1_ce_finup+0x94/0x110 [sha1_ce]
crypto_shash_finup+0x34/0xc0
hmac_finup+0x48/0xe0
crypto_shash_finup+0x34/0xc0
shash_digest_unaligned+0x74/0x90
crypto_shash_digest+0x4c/0x9c
shash_ahash_digest+0xc8/0xf0
shash_async_digest+0x28/0x34
crypto_ahash_digest+0x48/0xcc
crypto_authenc_genicv+0x88/0xcc [authenc]
crypto_authenc_encrypt+0xd8/0xfc [authenc]
crypto_aead_encrypt+0x2c/0x40
echainiv_encrypt+0x144/0x1a0 [echainiv]
crypto_aead_encrypt+0x2c/0x40
esp6_output_tail+0x1c8/0x5d0 [esp6]
esp6_output+0x120/0x278 [esp6]
xfrm_output_one+0x458/0x4ec
xfrm_output_resume+0x6c/0x1f0
xfrm_output+0xac/0x4ac
__xfrm6_output+0x130/0x270
xfrm6_output+0x60/0xec
ip6_xmit+0x2ec/0x5bc
inet6_csk_xmit+0xbc/0x10c
__tcp_transmit_skb+0x460/0x8c0
tcp_write_xmit+0x348/0x890
__tcp_push_pending_frames+0x44/0x110
tcp_push+0xb4/0x14c
tcp_sendmsg_locked+0x71c/0xb64
tcp_sendmsg+0x40/0x6c
inet6_sendmsg+0x4c/0x80
sock_sendmsg+0x5c/0x6c
__sys_sendto+0x128/0x15c
__arm64_sys_sendto+0x30/0x40
invoke_syscall+0x50/0x120
el0_svc_common.constprop.0+0x170/0x194
do_el0_svc+0x38/0x4c
el0_svc+0x28/0xe0
el0t_64_sync_handler+0xbc/0x13c
el0t_64_sync+0x180/0x184
Get softirq info by bcc tool:
./softirqs -NT 10
Tracing soft irq event time... Hit Ctrl-C to end.
15:34:34
SOFTIRQ TOTAL_nsecs
block 158990
timer 20030920
sched 46577080
net_rx 676746820
tasklet 9906067650
15:34:45
SOFTIRQ TOTAL_nsecs
block 86100
sched 38849790
net_rx 676532470
timer 1163848790
tasklet 9409019620
15:34:55
SOFTIRQ TOTAL_nsecs
sched 58078450
net_rx 475156720
timer 533832410
tasklet 9431333300
The tasklet software interrupt takes too much time. Therefore, the
xfrm_trans_reinject executor is changed from tasklet to workqueue. Add add
spin lock to protect the queue. This reduces the processing flow of the
tcp_sendmsg function in this scenario.
Fixes:
|
||
|
Sabrina Dubroca
|
1cf9a3ae3e |
xfrm: add extack support to xfrm_init_replay
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> |
||
|
Sabrina Dubroca
|
741f9a1064 |
xfrm: add extack to __xfrm_init_state
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> |
||
|
Sabrina Dubroca
|
2b9168266d |
xfrm: add extack to attach_*
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> |
||
|
Sabrina Dubroca
|
adb5c33e4d |
xfrm: add extack support to xfrm_dev_state_add
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> |
||
|
Sabrina Dubroca
|
1fc8fde553 |
xfrm: add extack to verify_one_alg, verify_auth_trunc, verify_aead
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> |
||
|
Sabrina Dubroca
|
785b87b220 |
xfrm: add extack to verify_replay
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> |
||
|
Sabrina Dubroca
|
6999aae17a |
xfrm: add extack support to verify_newsa_info
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> |
||
Khalid Masum
|
8a04d2fc70 |
xfrm: Update ipcomp_scratches with NULL when freed
Currently if ipcomp_alloc_scratches() fails to allocate memory
ipcomp_scratches holds obsolete address. So when we try to free the
percpu scratches using ipcomp_free_scratches() it tries to vfree non
existent vm area. Described below:
static void * __percpu *ipcomp_alloc_scratches(void)
{
...
scratches = alloc_percpu(void *);
if (!scratches)
return NULL;
ipcomp_scratches does not know about this allocation failure.
Therefore holding the old obsolete address.
...
}
So when we free,
static void ipcomp_free_scratches(void)
{
...
scratches = ipcomp_scratches;
Assigning obsolete address from ipcomp_scratches
if (!scratches)
return;
for_each_possible_cpu(i)
vfree(*per_cpu_ptr(scratches, i));
Trying to free non existent page, causing warning: trying to vfree
existent vm area.
...
}
Fix this breakage by updating ipcomp_scrtches with NULL when scratches
is freed
Suggested-by: Herbert Xu <herbert@gondor.apana.org.au>
Reported-by: syzbot+5ec9bb042ddfe9644773@syzkaller.appspotmail.com
Tested-by: syzbot+5ec9bb042ddfe9644773@syzkaller.appspotmail.com
Signed-off-by: Khalid Masum <khalid.masum.92@gmail.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
|
||
|
Sabrina Dubroca
|
08a717e480 |
xfrm: add extack to verify_sec_ctx_len
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> |
||
|
Sabrina Dubroca
|
d37bed89f0 |
xfrm: add extack to validate_tmpl
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> |