From: Greg Kroah-Hartman Date: Sat, 24 Oct 2020 08:58:17 +0000 (+0200) Subject: 5.9-stable patches X-Git-Tag: v4.4.241~50 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=48ab7d62a68eb0b30ed44985f85c75896835e0da;p=thirdparty%2Fkernel%2Fstable-queue.git 5.9-stable patches added patches: chelsio-chtls-correct-function-return-and-return-type.patch chelsio-chtls-correct-netdevice-for-vlan-interface.patch chelsio-chtls-fix-panic-when-listen-on-multiadapter.patch chelsio-chtls-fix-panic-when-server-is-on-ipv6.patch chelsio-chtls-fix-socket-lock.patch chelsio-chtls-fix-writing-freed-memory.patch ibmvnic-save-changed-mac-address-to-adapter-mac_addr.patch icmp-randomize-the-global-rate-limiter.patch ixgbe-fix-probing-of-multi-port-devices-with-one-mdio.patch mptcp-initialize-mptcp_options_received-s-ahmac.patch mptcp-mptcp_kunit_tests-should-depend-on-mptcp-instead-of-selecting-it.patch net-ethernet-mtk-star-emac-select-regmap_mmio.patch net-ftgmac100-fix-aspeed-ast2600-tx-hang-issue.patch net-hdlc-in-hdlc_rcv-check-to-make-sure-dev-is-an-hdlc-device.patch net-hdlc_raw_eth-clear-the-iff_tx_skb_sharing-flag-after-calling-ether_setup.patch net-openvswitch-fix-to-make-sure-flow_lookup-is-not-preempted.patch net-properly-typecast-int-values-to-set-sk_max_pacing_rate.patch net-sched-act_ct-fix-adding-udp-port-mangle-operation.patch net-sched-act_gate-unlock-tcfa_lock-in-tc_setup_flow_action.patch net-sched-act_tunnel_key-fix-oob-write-in-case-of-ipv6-erspan-tunnels.patch netsec-ignore-phy-mode-device-property-on-acpi-systems.patch nexthop-fix-performance-regression-in-nexthop-deletion.patch nfc-ensure-presence-of-nfc_attr_firmware_name-attribute-in-nfc_genl_fw_download.patch r8169-fix-operation-under-forced-interrupt-threading.patch selftests-forwarding-add-missing-rp_filter-configuration.patch selftests-rtnetlink-load-fou-module-for-kci_test_encap_fou-test.patch sfc-move-initialisation-of-efx-filter_sem-to-efx_init_struct.patch tcp-fix-to-update-snd_wl1-in-bulk-receiver-fast-path.patch tipc-fix-incorrect-setting-window-for-bcast-link.patch tipc-re-configure-queue-limit-for-broadcast-link.patch --- diff --git a/queue-5.9/chelsio-chtls-correct-function-return-and-return-type.patch b/queue-5.9/chelsio-chtls-correct-function-return-and-return-type.patch new file mode 100644 index 00000000000..d65fd8f7463 --- /dev/null +++ b/queue-5.9/chelsio-chtls-correct-function-return-and-return-type.patch @@ -0,0 +1,34 @@ +From foo@baz Sat Oct 24 10:56:06 AM CEST 2020 +From: Vinay Kumar Yadav +Date: Mon, 19 Oct 2020 17:20:24 +0530 +Subject: [PATCH stable 5.9 07/30] chelsio/chtls: correct function return and return type + +From: Vinay Kumar Yadav + +[ Upstream commit 8580a61aede28d441e1c80588803411ee86aa299 ] + +csk_mem_free() should return true if send buffer is available, +false otherwise. + +Fixes: 3b8305f5c844 ("crypto: chtls - wait for memory sendmsg, sendpage") +Signed-off-by: Vinay Kumar Yadav +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + drivers/crypto/chelsio/chtls/chtls_io.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/crypto/chelsio/chtls/chtls_io.c ++++ b/drivers/crypto/chelsio/chtls/chtls_io.c +@@ -902,9 +902,9 @@ static int chtls_skb_copy_to_page_nocach + return 0; + } + +-static int csk_mem_free(struct chtls_dev *cdev, struct sock *sk) ++static bool csk_mem_free(struct chtls_dev *cdev, struct sock *sk) + { +- return (cdev->max_host_sndbuf - sk->sk_wmem_queued); ++ return (cdev->max_host_sndbuf - sk->sk_wmem_queued > 0); + } + + static int csk_wait_memory(struct chtls_dev *cdev, diff --git a/queue-5.9/chelsio-chtls-correct-netdevice-for-vlan-interface.patch b/queue-5.9/chelsio-chtls-correct-netdevice-for-vlan-interface.patch new file mode 100644 index 00000000000..98783964464 --- /dev/null +++ b/queue-5.9/chelsio-chtls-correct-netdevice-for-vlan-interface.patch @@ -0,0 +1,32 @@ +From foo@baz Sat Oct 24 10:56:06 AM CEST 2020 +From: Vinay Kumar Yadav +Date: Mon, 19 Oct 2020 17:20:21 +0530 +Subject: [PATCH stable 5.9 04/30] chelsio/chtls: correct netdevice for vlan interface + +From: Vinay Kumar Yadav + +[ Upstream commit 81519d1f7df7ed1bd5b1397540c8884438f57ae2 ] + +Check if netdevice is a vlan interface and find real vlan netdevice. + +Fixes: cc35c88ae4db ("crypto : chtls - CPL handler definition") +Signed-off-by: Venkatesh Ellapu +Signed-off-by: Vinay Kumar Yadav +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + drivers/crypto/chelsio/chtls/chtls_cm.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/crypto/chelsio/chtls/chtls_cm.c ++++ b/drivers/crypto/chelsio/chtls/chtls_cm.c +@@ -1157,6 +1157,9 @@ static struct sock *chtls_recv_sock(stru + ndev = n->dev; + if (!ndev) + goto free_dst; ++ if (is_vlan_dev(ndev)) ++ ndev = vlan_dev_real_dev(ndev); ++ + port_id = cxgb4_port_idx(ndev); + + csk = chtls_sock_create(cdev); diff --git a/queue-5.9/chelsio-chtls-fix-panic-when-listen-on-multiadapter.patch b/queue-5.9/chelsio-chtls-fix-panic-when-listen-on-multiadapter.patch new file mode 100644 index 00000000000..c2e48ff85d7 --- /dev/null +++ b/queue-5.9/chelsio-chtls-fix-panic-when-listen-on-multiadapter.patch @@ -0,0 +1,53 @@ +From foo@baz Sat Oct 24 10:56:06 AM CEST 2020 +From: Vinay Kumar Yadav +Date: Mon, 19 Oct 2020 17:20:23 +0530 +Subject: [PATCH stable 5.9 06/30] chelsio/chtls: Fix panic when listen on multiadapter + +From: Vinay Kumar Yadav + +[ Upstream commit 9819f22c410b4bf6589d3126e8bc3952db507cbf ] + +Add the logic to compare net_device returned by ip_dev_find() +with the net_device list in cdev->ports[] array and return +net_device if matched else NULL. + +Fixes: 6abde0b24122 ("crypto/chtls: IPv6 support for inline TLS") +Signed-off-by: Venkatesh Ellapu +Signed-off-by: Vinay Kumar Yadav +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + drivers/crypto/chelsio/chtls/chtls_cm.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +--- a/drivers/crypto/chelsio/chtls/chtls_cm.c ++++ b/drivers/crypto/chelsio/chtls/chtls_cm.c +@@ -92,11 +92,13 @@ static void chtls_sock_release(struct kr + static struct net_device *chtls_find_netdev(struct chtls_dev *cdev, + struct sock *sk) + { ++ struct adapter *adap = pci_get_drvdata(cdev->pdev); + struct net_device *ndev = cdev->ports[0]; + #if IS_ENABLED(CONFIG_IPV6) + struct net_device *temp; + int addr_type; + #endif ++ int i; + + switch (sk->sk_family) { + case PF_INET: +@@ -127,8 +129,12 @@ static struct net_device *chtls_find_net + return NULL; + + if (is_vlan_dev(ndev)) +- return vlan_dev_real_dev(ndev); +- return ndev; ++ ndev = vlan_dev_real_dev(ndev); ++ ++ for_each_port(adap, i) ++ if (cdev->ports[i] == ndev) ++ return ndev; ++ return NULL; + } + + static void assign_rxopt(struct sock *sk, unsigned int opt) diff --git a/queue-5.9/chelsio-chtls-fix-panic-when-server-is-on-ipv6.patch b/queue-5.9/chelsio-chtls-fix-panic-when-server-is-on-ipv6.patch new file mode 100644 index 00000000000..b11b26939c0 --- /dev/null +++ b/queue-5.9/chelsio-chtls-fix-panic-when-server-is-on-ipv6.patch @@ -0,0 +1,42 @@ +From foo@baz Sat Oct 24 10:56:06 AM CEST 2020 +From: Vinay Kumar Yadav +Date: Mon, 19 Oct 2020 17:20:22 +0530 +Subject: [PATCH stable 5.9 05/30] chelsio/chtls: fix panic when server is on ipv6 + +From: Vinay Kumar Yadav + +[ Upstream commit 86cdf9ca4409d997a391103e480b3f77b7ccc19b ] + +Netdev is filled in egress_dev when connection is established, +If connection is closed before establishment, then egress_dev +is NULL, Fix it using ip_dev_find() rather then extracting from +egress_dev. + +Fixes: 6abde0b24122 ("crypto/chtls: IPv6 support for inline TLS") +Signed-off-by: Venkatesh Ellapu +Signed-off-by: Vinay Kumar Yadav +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + drivers/crypto/chelsio/chtls/chtls_cm.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +--- a/drivers/crypto/chelsio/chtls/chtls_cm.c ++++ b/drivers/crypto/chelsio/chtls/chtls_cm.c +@@ -736,14 +736,13 @@ void chtls_listen_stop(struct chtls_dev + + #if IS_ENABLED(CONFIG_IPV6) + if (sk->sk_family == PF_INET6) { +- struct chtls_sock *csk; ++ struct net_device *ndev = chtls_find_netdev(cdev, sk); + int addr_type = 0; + +- csk = rcu_dereference_sk_user_data(sk); + addr_type = ipv6_addr_type((const struct in6_addr *) + &sk->sk_v6_rcv_saddr); + if (addr_type != IPV6_ADDR_ANY) +- cxgb4_clip_release(csk->egress_dev, (const u32 *) ++ cxgb4_clip_release(ndev, (const u32 *) + &sk->sk_v6_rcv_saddr, 1); + } + #endif diff --git a/queue-5.9/chelsio-chtls-fix-socket-lock.patch b/queue-5.9/chelsio-chtls-fix-socket-lock.patch new file mode 100644 index 00000000000..58f9537480c --- /dev/null +++ b/queue-5.9/chelsio-chtls-fix-socket-lock.patch @@ -0,0 +1,30 @@ +From foo@baz Sat Oct 24 10:56:06 AM CEST 2020 +From: Vinay Kumar Yadav +Date: Mon, 19 Oct 2020 17:20:20 +0530 +Subject: [PATCH stable 5.9 03/30] chelsio/chtls: fix socket lock + +From: Vinay Kumar Yadav + +[ Upstream commit 0fb5f0160a36d7acaa8e84ce873af99f94b60484 ] + +In chtls_sendpage() socket lock is released but not acquired, +fix it by taking lock. + +Fixes: 36bedb3f2e5b ("crypto: chtls - Inline TLS record Tx") +Signed-off-by: Vinay Kumar Yadav +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + drivers/crypto/chelsio/chtls/chtls_io.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/crypto/chelsio/chtls/chtls_io.c ++++ b/drivers/crypto/chelsio/chtls/chtls_io.c +@@ -1240,6 +1240,7 @@ int chtls_sendpage(struct sock *sk, stru + copied = 0; + csk = rcu_dereference_sk_user_data(sk); + cdev = csk->cdev; ++ lock_sock(sk); + timeo = sock_sndtimeo(sk, flags & MSG_DONTWAIT); + + err = sk_stream_wait_connect(sk, &timeo); diff --git a/queue-5.9/chelsio-chtls-fix-writing-freed-memory.patch b/queue-5.9/chelsio-chtls-fix-writing-freed-memory.patch new file mode 100644 index 00000000000..69dbb6bcee1 --- /dev/null +++ b/queue-5.9/chelsio-chtls-fix-writing-freed-memory.patch @@ -0,0 +1,33 @@ +From foo@baz Sat Oct 24 10:56:06 AM CEST 2020 +From: Vinay Kumar Yadav +Date: Mon, 19 Oct 2020 17:20:25 +0530 +Subject: [PATCH stable 5.9 08/30] chelsio/chtls: fix writing freed memory + +From: Vinay Kumar Yadav + +[ Upstream commit da1a039bcf293e4699d413c9f65d975da2d7c0bd ] + +When chtls_sock *csk is freed, same memory can be allocated +to different csk in chtls_sock_create(). +csk->cdev = NULL; statement might ends up modifying wrong +csk, eventually causing kernel panic. +removing (csk->cdev = NULL) statement as it is not required. + +Fixes: 3a0a97838923 ("crypto/chtls: Fix chtls crash in connection cleanup") +Signed-off-by: Vinay Kumar Yadav +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + drivers/crypto/chelsio/chtls/chtls_cm.c | 1 - + 1 file changed, 1 deletion(-) + +--- a/drivers/crypto/chelsio/chtls/chtls_cm.c ++++ b/drivers/crypto/chelsio/chtls/chtls_cm.c +@@ -483,7 +483,6 @@ void chtls_destroy_sock(struct sock *sk) + chtls_purge_write_queue(sk); + free_tls_keyid(sk); + kref_put(&csk->kref, chtls_sock_release); +- csk->cdev = NULL; + if (sk->sk_family == AF_INET) + sk->sk_prot = &tcp_prot; + #if IS_ENABLED(CONFIG_IPV6) diff --git a/queue-5.9/ibmvnic-save-changed-mac-address-to-adapter-mac_addr.patch b/queue-5.9/ibmvnic-save-changed-mac-address-to-adapter-mac_addr.patch new file mode 100644 index 00000000000..16d0ede83d9 --- /dev/null +++ b/queue-5.9/ibmvnic-save-changed-mac-address-to-adapter-mac_addr.patch @@ -0,0 +1,39 @@ +From foo@baz Sat Oct 24 10:56:06 AM CEST 2020 +From: Lijun Pan +Date: Tue, 20 Oct 2020 17:39:19 -0500 +Subject: [PATCH stable 5.9 09/30] ibmvnic: save changed mac address to adapter->mac_addr + +From: Lijun Pan + +[ Upstream commit d9b0e599b2b892422f1cbc5d2658049b895b2b58 ] + +After mac address change request completes successfully, the new mac +address need to be saved to adapter->mac_addr as well as +netdev->dev_addr. Otherwise, adapter->mac_addr still holds old +data. + +Fixes: 62740e97881c ("net/ibmvnic: Update MAC address settings after adapter reset") +Signed-off-by: Lijun Pan +Link: https://lore.kernel.org/r/20201020223919.46106-1-ljp@linux.ibm.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/ibm/ibmvnic.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/drivers/net/ethernet/ibm/ibmvnic.c ++++ b/drivers/net/ethernet/ibm/ibmvnic.c +@@ -4194,8 +4194,13 @@ static int handle_change_mac_rsp(union i + dev_err(dev, "Error %ld in CHANGE_MAC_ADDR_RSP\n", rc); + goto out; + } ++ /* crq->change_mac_addr.mac_addr is the requested one ++ * crq->change_mac_addr_rsp.mac_addr is the returned valid one. ++ */ + ether_addr_copy(netdev->dev_addr, + &crq->change_mac_addr_rsp.mac_addr[0]); ++ ether_addr_copy(adapter->mac_addr, ++ &crq->change_mac_addr_rsp.mac_addr[0]); + out: + complete(&adapter->fw_done); + return rc; diff --git a/queue-5.9/icmp-randomize-the-global-rate-limiter.patch b/queue-5.9/icmp-randomize-the-global-rate-limiter.patch new file mode 100644 index 00000000000..d5ba4996358 --- /dev/null +++ b/queue-5.9/icmp-randomize-the-global-rate-limiter.patch @@ -0,0 +1,68 @@ +From foo@baz Sat Oct 24 10:56:06 AM CEST 2020 +From: Eric Dumazet +Date: Thu, 15 Oct 2020 11:42:00 -0700 +Subject: [PATCH stable 5.9 10/30] icmp: randomize the global rate limiter + +From: Eric Dumazet + +[ Upstream commit b38e7819cae946e2edf869e604af1e65a5d241c5 ] + +Keyu Man reported that the ICMP rate limiter could be used +by attackers to get useful signal. Details will be provided +in an upcoming academic publication. + +Our solution is to add some noise, so that the attackers +no longer can get help from the predictable token bucket limiter. + +Fixes: 4cdf507d5452 ("icmp: add a global rate limitation") +Signed-off-by: Eric Dumazet +Reported-by: Keyu Man +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + Documentation/networking/ip-sysctl.rst | 4 +++- + net/ipv4/icmp.c | 7 +++++-- + 2 files changed, 8 insertions(+), 3 deletions(-) + +--- a/Documentation/networking/ip-sysctl.rst ++++ b/Documentation/networking/ip-sysctl.rst +@@ -1142,13 +1142,15 @@ icmp_ratelimit - INTEGER + icmp_msgs_per_sec - INTEGER + Limit maximal number of ICMP packets sent per second from this host. + Only messages whose type matches icmp_ratemask (see below) are +- controlled by this limit. ++ controlled by this limit. For security reasons, the precise count ++ of messages per second is randomized. + + Default: 1000 + + icmp_msgs_burst - INTEGER + icmp_msgs_per_sec controls number of ICMP packets sent per second, + while icmp_msgs_burst controls the burst size of these packets. ++ For security reasons, the precise burst size is randomized. + + Default: 50 + +--- a/net/ipv4/icmp.c ++++ b/net/ipv4/icmp.c +@@ -239,7 +239,7 @@ static struct { + /** + * icmp_global_allow - Are we allowed to send one more ICMP message ? + * +- * Uses a token bucket to limit our ICMP messages to sysctl_icmp_msgs_per_sec. ++ * Uses a token bucket to limit our ICMP messages to ~sysctl_icmp_msgs_per_sec. + * Returns false if we reached the limit and can not send another packet. + * Note: called with BH disabled + */ +@@ -267,7 +267,10 @@ bool icmp_global_allow(void) + } + credit = min_t(u32, icmp_global.credit + incr, sysctl_icmp_msgs_burst); + if (credit) { +- credit--; ++ /* We want to use a credit of one in average, but need to randomize ++ * it for security reasons. ++ */ ++ credit = max_t(int, credit - prandom_u32_max(3), 0); + rc = true; + } + WRITE_ONCE(icmp_global.credit, credit); diff --git a/queue-5.9/ixgbe-fix-probing-of-multi-port-devices-with-one-mdio.patch b/queue-5.9/ixgbe-fix-probing-of-multi-port-devices-with-one-mdio.patch new file mode 100644 index 00000000000..0fb490d1abe --- /dev/null +++ b/queue-5.9/ixgbe-fix-probing-of-multi-port-devices-with-one-mdio.patch @@ -0,0 +1,81 @@ +From foo@baz Sat Oct 24 10:56:06 AM CEST 2020 +From: Jakub Kicinski +Date: Fri, 16 Oct 2020 16:20:06 -0700 +Subject: [PATCH stable 5.9 27/30] ixgbe: fix probing of multi-port devices with one MDIO + +From: Jakub Kicinski + +[ Upstream commit bd7f14df9492e7d3772812a215fca66e6737e598 ] + +Ian reports that after upgrade from v5.8.14 to v5.9 only one +of his 4 ixgbe netdevs appear in the system. + +Quoting the comment on ixgbe_x550em_a_has_mii(): + * Returns true if hw points to lowest numbered PCI B:D.F x550_em_a device in + * the SoC. There are up to 4 MACs sharing a single MDIO bus on the x550em_a, + * but we only want to register one MDIO bus. + +This matches the symptoms, since the return value from +ixgbe_mii_bus_init() is no longer ignored we need to handle +the higher ports of x550em without an error. + +Fixes: 09ef193fef7e ("net: ethernet: ixgbe: check the return value of ixgbe_mii_bus_init()") +Reported-by: Ian Kumlien +Tested-by: Ian Kumlien +Acked-by: Jesse Brandeburg +Link: https://lore.kernel.org/r/20201016232006.3352947-1-kuba@kernel.org +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/intel/ixgbe/ixgbe_phy.c | 23 ++++++++++++++--------- + 1 file changed, 14 insertions(+), 9 deletions(-) + +--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_phy.c ++++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_phy.c +@@ -901,15 +901,13 @@ static bool ixgbe_x550em_a_has_mii(struc + **/ + s32 ixgbe_mii_bus_init(struct ixgbe_hw *hw) + { ++ s32 (*write)(struct mii_bus *bus, int addr, int regnum, u16 val); ++ s32 (*read)(struct mii_bus *bus, int addr, int regnum); + struct ixgbe_adapter *adapter = hw->back; + struct pci_dev *pdev = adapter->pdev; + struct device *dev = &adapter->netdev->dev; + struct mii_bus *bus; + +- bus = devm_mdiobus_alloc(dev); +- if (!bus) +- return -ENOMEM; +- + switch (hw->device_id) { + /* C3000 SoCs */ + case IXGBE_DEV_ID_X550EM_A_KR: +@@ -922,16 +920,23 @@ s32 ixgbe_mii_bus_init(struct ixgbe_hw * + case IXGBE_DEV_ID_X550EM_A_1G_T: + case IXGBE_DEV_ID_X550EM_A_1G_T_L: + if (!ixgbe_x550em_a_has_mii(hw)) +- return -ENODEV; +- bus->read = &ixgbe_x550em_a_mii_bus_read; +- bus->write = &ixgbe_x550em_a_mii_bus_write; ++ return 0; ++ read = &ixgbe_x550em_a_mii_bus_read; ++ write = &ixgbe_x550em_a_mii_bus_write; + break; + default: +- bus->read = &ixgbe_mii_bus_read; +- bus->write = &ixgbe_mii_bus_write; ++ read = &ixgbe_mii_bus_read; ++ write = &ixgbe_mii_bus_write; + break; + } + ++ bus = devm_mdiobus_alloc(dev); ++ if (!bus) ++ return -ENOMEM; ++ ++ bus->read = read; ++ bus->write = write; ++ + /* Use the position of the device in the PCI hierarchy as the id */ + snprintf(bus->id, MII_BUS_ID_SIZE, "%s-mdio-%s", ixgbe_driver_name, + pci_name(pdev)); diff --git a/queue-5.9/mptcp-initialize-mptcp_options_received-s-ahmac.patch b/queue-5.9/mptcp-initialize-mptcp_options_received-s-ahmac.patch new file mode 100644 index 00000000000..eb5c0f537dc --- /dev/null +++ b/queue-5.9/mptcp-initialize-mptcp_options_received-s-ahmac.patch @@ -0,0 +1,31 @@ +From foo@baz Sat Oct 24 10:56:06 AM CEST 2020 +From: Geliang Tang +Date: Mon, 19 Oct 2020 18:23:15 +0800 +Subject: [PATCH stable 5.9 11/30] mptcp: initialize mptcp_options_received's ahmac + +From: Geliang Tang + +[ Upstream commit fe2d9b1a0e7805384770ec0ddd34c9f1e9fe6fa8 ] + +Initialize mptcp_options_received's ahmac to zero, otherwise it +will be a random number when receiving ADD_ADDR suboption with echo-flag=1. + +Fixes: 3df523ab582c5 ("mptcp: Add ADD_ADDR handling") +Signed-off-by: Geliang Tang +Reviewed-by: Matthieu Baerts +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + net/mptcp/options.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/net/mptcp/options.c ++++ b/net/mptcp/options.c +@@ -296,6 +296,7 @@ void mptcp_get_options(const struct sk_b + mp_opt->mp_capable = 0; + mp_opt->mp_join = 0; + mp_opt->add_addr = 0; ++ mp_opt->ahmac = 0; + mp_opt->rm_addr = 0; + mp_opt->dss = 0; + diff --git a/queue-5.9/mptcp-mptcp_kunit_tests-should-depend-on-mptcp-instead-of-selecting-it.patch b/queue-5.9/mptcp-mptcp_kunit_tests-should-depend-on-mptcp-instead-of-selecting-it.patch new file mode 100644 index 00000000000..8b99bdf0e33 --- /dev/null +++ b/queue-5.9/mptcp-mptcp_kunit_tests-should-depend-on-mptcp-instead-of-selecting-it.patch @@ -0,0 +1,42 @@ +From foo@baz Sat Oct 24 10:56:06 AM CEST 2020 +From: Geert Uytterhoeven +Date: Mon, 19 Oct 2020 13:32:40 +0200 +Subject: [PATCH stable 5.9 28/30] mptcp: MPTCP_KUNIT_TESTS should depend on MPTCP instead of selecting it + +From: Geert Uytterhoeven + +[ Upstream commit b142083b585c2c03af24cca4d274f797796a4064 ] + +MPTCP_KUNIT_TESTS selects MPTCP, thus enabling an optional feature the +user may not want to enable. Fix this by making the test depend on +MPTCP instead. + +Fixes: a00a582203dbc43e ("mptcp: move crypto test to KUNIT") +Signed-off-by: Geert Uytterhoeven +Reviewed-by: Matthieu Baerts +Link: https://lore.kernel.org/r/20201019113240.11516-1-geert@linux-m68k.org +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + net/mptcp/Kconfig | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +--- a/net/mptcp/Kconfig ++++ b/net/mptcp/Kconfig +@@ -22,11 +22,8 @@ config MPTCP_IPV6 + select IPV6 + default y + +-endif +- + config MPTCP_KUNIT_TESTS + tristate "This builds the MPTCP KUnit tests" if !KUNIT_ALL_TESTS +- select MPTCP + depends on KUNIT + default KUNIT_ALL_TESTS + help +@@ -39,3 +36,4 @@ config MPTCP_KUNIT_TESTS + + If unsure, say N. + ++endif diff --git a/queue-5.9/net-ethernet-mtk-star-emac-select-regmap_mmio.patch b/queue-5.9/net-ethernet-mtk-star-emac-select-regmap_mmio.patch new file mode 100644 index 00000000000..9b6ed704a4b --- /dev/null +++ b/queue-5.9/net-ethernet-mtk-star-emac-select-regmap_mmio.patch @@ -0,0 +1,31 @@ +From foo@baz Sat Oct 24 10:56:06 AM CEST 2020 +From: Bartosz Golaszewski +Date: Tue, 20 Oct 2020 09:35:15 +0200 +Subject: [PATCH stable 5.9 25/30] net: ethernet: mtk-star-emac: select REGMAP_MMIO + +From: Bartosz Golaszewski + +[ Upstream commit 5403caf21648d739bf2b1266c33e34384c313379 ] + +The driver depends on mmio regmap API but doesn't select the appropriate +Kconfig option. This fixes it. + +Fixes: 8c7bd5a454ff ("net: ethernet: mtk-star-emac: new driver") +Signed-off-by: Bartosz Golaszewski +Link: https://lore.kernel.org/r/20201020073515.22769-1-brgl@bgdev.pl +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/mediatek/Kconfig | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/net/ethernet/mediatek/Kconfig ++++ b/drivers/net/ethernet/mediatek/Kconfig +@@ -17,6 +17,7 @@ config NET_MEDIATEK_SOC + config NET_MEDIATEK_STAR_EMAC + tristate "MediaTek STAR Ethernet MAC support" + select PHYLIB ++ select REGMAP_MMIO + help + This driver supports the ethernet MAC IP first used on + MediaTek MT85** SoCs. diff --git a/queue-5.9/net-ftgmac100-fix-aspeed-ast2600-tx-hang-issue.patch b/queue-5.9/net-ftgmac100-fix-aspeed-ast2600-tx-hang-issue.patch new file mode 100644 index 00000000000..70496025752 --- /dev/null +++ b/queue-5.9/net-ftgmac100-fix-aspeed-ast2600-tx-hang-issue.patch @@ -0,0 +1,54 @@ +From foo@baz Sat Oct 24 10:56:06 AM CEST 2020 +From: Dylan Hung +Date: Wed, 14 Oct 2020 14:06:32 +0800 +Subject: [PATCH stable 5.9 12/30] net: ftgmac100: Fix Aspeed ast2600 TX hang issue + +From: Dylan Hung + +[ Upstream commit 137d23cea1c044b2d4853ac71bc68126b25fdbb2 ] + +The new HW arbitration feature on Aspeed ast2600 will cause MAC TX to +hang when handling scatter-gather DMA. Disable the problematic feature +by setting MAC register 0x58 bit28 and bit27. + +Fixes: 39bfab8844a0 ("net: ftgmac100: Add support for DT phy-handle property") +Signed-off-by: Dylan Hung +Reviewed-by: Joel Stanley +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/faraday/ftgmac100.c | 5 +++++ + drivers/net/ethernet/faraday/ftgmac100.h | 8 ++++++++ + 2 files changed, 13 insertions(+) + +--- a/drivers/net/ethernet/faraday/ftgmac100.c ++++ b/drivers/net/ethernet/faraday/ftgmac100.c +@@ -1817,6 +1817,11 @@ static int ftgmac100_probe(struct platfo + priv->rxdes0_edorr_mask = BIT(30); + priv->txdes0_edotr_mask = BIT(30); + priv->is_aspeed = true; ++ /* Disable ast2600 problematic HW arbitration */ ++ if (of_device_is_compatible(np, "aspeed,ast2600-mac")) { ++ iowrite32(FTGMAC100_TM_DEFAULT, ++ priv->base + FTGMAC100_OFFSET_TM); ++ } + } else { + priv->rxdes0_edorr_mask = BIT(15); + priv->txdes0_edotr_mask = BIT(15); +--- a/drivers/net/ethernet/faraday/ftgmac100.h ++++ b/drivers/net/ethernet/faraday/ftgmac100.h +@@ -170,6 +170,14 @@ + #define FTGMAC100_MACCR_SW_RST (1 << 31) + + /* ++ * test mode control register ++ */ ++#define FTGMAC100_TM_RQ_TX_VALID_DIS (1 << 28) ++#define FTGMAC100_TM_RQ_RR_IDLE_PREV (1 << 27) ++#define FTGMAC100_TM_DEFAULT \ ++ (FTGMAC100_TM_RQ_TX_VALID_DIS | FTGMAC100_TM_RQ_RR_IDLE_PREV) ++ ++/* + * PHY control register + */ + #define FTGMAC100_PHYCR_MDC_CYCTHR_MASK 0x3f diff --git a/queue-5.9/net-hdlc-in-hdlc_rcv-check-to-make-sure-dev-is-an-hdlc-device.patch b/queue-5.9/net-hdlc-in-hdlc_rcv-check-to-make-sure-dev-is-an-hdlc-device.patch new file mode 100644 index 00000000000..0770ac63365 --- /dev/null +++ b/queue-5.9/net-hdlc-in-hdlc_rcv-check-to-make-sure-dev-is-an-hdlc-device.patch @@ -0,0 +1,56 @@ +From foo@baz Sat Oct 24 10:56:06 AM CEST 2020 +From: Xie He +Date: Mon, 19 Oct 2020 18:31:52 -0700 +Subject: [PATCH stable 5.9 13/30] net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device + +From: Xie He + +[ Upstream commit 01c4ceae0a38a0bdbfea6896f41efcd985a9c064 ] + +The hdlc_rcv function is used as hdlc_packet_type.func to process any +skb received in the kernel with skb->protocol == htons(ETH_P_HDLC). +The purpose of this function is to provide second-stage processing for +skbs not assigned a "real" L3 skb->protocol value in the first stage. + +This function assumes the device from which the skb is received is an +HDLC device (a device created by this module). It assumes that +netdev_priv(dev) returns a pointer to "struct hdlc_device". + +However, it is possible that some driver in the kernel (not necessarily +in our control) submits a received skb with skb->protocol == +htons(ETH_P_HDLC), from a non-HDLC device. In this case, the skb would +still be received by hdlc_rcv. This will cause problems. + +hdlc_rcv should be able to recognize and drop invalid skbs. It should +first make sure "dev" is actually an HDLC device, before starting its +processing. This patch adds this check to hdlc_rcv. + +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Cc: Krzysztof Halasa +Signed-off-by: Xie He +Link: https://lore.kernel.org/r/20201020013152.89259-1-xie.he.0141@gmail.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/wan/hdlc.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +--- a/drivers/net/wan/hdlc.c ++++ b/drivers/net/wan/hdlc.c +@@ -46,7 +46,15 @@ static struct hdlc_proto *first_proto; + static int hdlc_rcv(struct sk_buff *skb, struct net_device *dev, + struct packet_type *p, struct net_device *orig_dev) + { +- struct hdlc_device *hdlc = dev_to_hdlc(dev); ++ struct hdlc_device *hdlc; ++ ++ /* First make sure "dev" is an HDLC device */ ++ if (!(dev->priv_flags & IFF_WAN_HDLC)) { ++ kfree_skb(skb); ++ return NET_RX_SUCCESS; ++ } ++ ++ hdlc = dev_to_hdlc(dev); + + if (!net_eq(dev_net(dev), &init_net)) { + kfree_skb(skb); diff --git a/queue-5.9/net-hdlc_raw_eth-clear-the-iff_tx_skb_sharing-flag-after-calling-ether_setup.patch b/queue-5.9/net-hdlc_raw_eth-clear-the-iff_tx_skb_sharing-flag-after-calling-ether_setup.patch new file mode 100644 index 00000000000..27a3efb704d --- /dev/null +++ b/queue-5.9/net-hdlc_raw_eth-clear-the-iff_tx_skb_sharing-flag-after-calling-ether_setup.patch @@ -0,0 +1,38 @@ +From foo@baz Sat Oct 24 10:56:06 AM CEST 2020 +From: Xie He +Date: Mon, 19 Oct 2020 23:34:20 -0700 +Subject: [PATCH stable 5.9 14/30] net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup + +From: Xie He + +[ Upstream commit 5fce1e43e2d5bf2f7e3224d7b99b1c65ab2c26e2 ] + +This driver calls ether_setup to set up the network device. +The ether_setup function would add the IFF_TX_SKB_SHARING flag to the +device. This flag indicates that it is safe to transmit shared skbs to +the device. + +However, this is not true. This driver may pad the frame (in eth_tx) +before transmission, so the skb may be modified. + +Fixes: 550fd08c2ceb ("net: Audit drivers to identify those needing IFF_TX_SKB_SHARING cleared") +Cc: Neil Horman +Cc: Krzysztof Halasa +Signed-off-by: Xie He +Link: https://lore.kernel.org/r/20201020063420.187497-1-xie.he.0141@gmail.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/wan/hdlc_raw_eth.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/net/wan/hdlc_raw_eth.c ++++ b/drivers/net/wan/hdlc_raw_eth.c +@@ -99,6 +99,7 @@ static int raw_eth_ioctl(struct net_devi + old_qlen = dev->tx_queue_len; + ether_setup(dev); + dev->tx_queue_len = old_qlen; ++ dev->priv_flags &= ~IFF_TX_SKB_SHARING; + eth_hw_addr_random(dev); + call_netdevice_notifiers(NETDEV_POST_TYPE_CHANGE, dev); + netif_dormant_off(dev); diff --git a/queue-5.9/net-openvswitch-fix-to-make-sure-flow_lookup-is-not-preempted.patch b/queue-5.9/net-openvswitch-fix-to-make-sure-flow_lookup-is-not-preempted.patch new file mode 100644 index 00000000000..fb02d35f0b9 --- /dev/null +++ b/queue-5.9/net-openvswitch-fix-to-make-sure-flow_lookup-is-not-preempted.patch @@ -0,0 +1,190 @@ +From foo@baz Sat Oct 24 10:56:06 AM CEST 2020 +From: Eelco Chaudron +Date: Sat, 17 Oct 2020 20:24:51 +0200 +Subject: [PATCH stable 5.9 29/30] net: openvswitch: fix to make sure flow_lookup() is not preempted + +From: Eelco Chaudron + +[ Upstream commit f981fc3d515a588c389242b7e3a71487b40571a5 ] + +The flow_lookup() function uses per CPU variables, which must be called +with BH disabled. However, this is fine in the general NAPI use case +where the local BH is disabled. But, it's also called from the netlink +context. The below patch makes sure that even in the netlink path, the +BH is disabled. + +In addition, u64_stats_update_begin() requires a lock to ensure one writer +which is not ensured here. Making it per-CPU and disabling NAPI (softirq) +ensures that there is always only one writer. + +Fixes: eac87c413bf9 ("net: openvswitch: reorder masks array based on usage") +Reported-by: Juri Lelli +Signed-off-by: Eelco Chaudron +Link: https://lore.kernel.org/r/160295903253.7789.826736662555102345.stgit@ebuild +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + net/openvswitch/flow_table.c | 58 +++++++++++++++++++++++++------------------ + net/openvswitch/flow_table.h | 8 ++++- + 2 files changed, 41 insertions(+), 25 deletions(-) + +--- a/net/openvswitch/flow_table.c ++++ b/net/openvswitch/flow_table.c +@@ -172,7 +172,7 @@ static struct table_instance *table_inst + + static void __mask_array_destroy(struct mask_array *ma) + { +- free_percpu(ma->masks_usage_cntr); ++ free_percpu(ma->masks_usage_stats); + kfree(ma); + } + +@@ -196,15 +196,15 @@ static void tbl_mask_array_reset_counter + ma->masks_usage_zero_cntr[i] = 0; + + for_each_possible_cpu(cpu) { +- u64 *usage_counters = per_cpu_ptr(ma->masks_usage_cntr, +- cpu); ++ struct mask_array_stats *stats; + unsigned int start; + u64 counter; + ++ stats = per_cpu_ptr(ma->masks_usage_stats, cpu); + do { +- start = u64_stats_fetch_begin_irq(&ma->syncp); +- counter = usage_counters[i]; +- } while (u64_stats_fetch_retry_irq(&ma->syncp, start)); ++ start = u64_stats_fetch_begin_irq(&stats->syncp); ++ counter = stats->usage_cntrs[i]; ++ } while (u64_stats_fetch_retry_irq(&stats->syncp, start)); + + ma->masks_usage_zero_cntr[i] += counter; + } +@@ -227,9 +227,10 @@ static struct mask_array *tbl_mask_array + sizeof(struct sw_flow_mask *) * + size); + +- new->masks_usage_cntr = __alloc_percpu(sizeof(u64) * size, +- __alignof__(u64)); +- if (!new->masks_usage_cntr) { ++ new->masks_usage_stats = __alloc_percpu(sizeof(struct mask_array_stats) + ++ sizeof(u64) * size, ++ __alignof__(u64)); ++ if (!new->masks_usage_stats) { + kfree(new); + return NULL; + } +@@ -723,6 +724,8 @@ static struct sw_flow *masked_flow_looku + + /* Flow lookup does full lookup on flow table. It starts with + * mask from index passed in *index. ++ * This function MUST be called with BH disabled due to the use ++ * of CPU specific variables. + */ + static struct sw_flow *flow_lookup(struct flow_table *tbl, + struct table_instance *ti, +@@ -732,7 +735,7 @@ static struct sw_flow *flow_lookup(struc + u32 *n_cache_hit, + u32 *index) + { +- u64 *usage_counters = this_cpu_ptr(ma->masks_usage_cntr); ++ struct mask_array_stats *stats = this_cpu_ptr(ma->masks_usage_stats); + struct sw_flow *flow; + struct sw_flow_mask *mask; + int i; +@@ -742,9 +745,9 @@ static struct sw_flow *flow_lookup(struc + if (mask) { + flow = masked_flow_lookup(ti, key, mask, n_mask_hit); + if (flow) { +- u64_stats_update_begin(&ma->syncp); +- usage_counters[*index]++; +- u64_stats_update_end(&ma->syncp); ++ u64_stats_update_begin(&stats->syncp); ++ stats->usage_cntrs[*index]++; ++ u64_stats_update_end(&stats->syncp); + (*n_cache_hit)++; + return flow; + } +@@ -763,9 +766,9 @@ static struct sw_flow *flow_lookup(struc + flow = masked_flow_lookup(ti, key, mask, n_mask_hit); + if (flow) { /* Found */ + *index = i; +- u64_stats_update_begin(&ma->syncp); +- usage_counters[*index]++; +- u64_stats_update_end(&ma->syncp); ++ u64_stats_update_begin(&stats->syncp); ++ stats->usage_cntrs[*index]++; ++ u64_stats_update_end(&stats->syncp); + return flow; + } + } +@@ -851,9 +854,17 @@ struct sw_flow *ovs_flow_tbl_lookup(stru + struct mask_array *ma = rcu_dereference_ovsl(tbl->mask_array); + u32 __always_unused n_mask_hit; + u32 __always_unused n_cache_hit; ++ struct sw_flow *flow; + u32 index = 0; + +- return flow_lookup(tbl, ti, ma, key, &n_mask_hit, &n_cache_hit, &index); ++ /* This function gets called trough the netlink interface and therefore ++ * is preemptible. However, flow_lookup() function needs to be called ++ * with BH disabled due to CPU specific variables. ++ */ ++ local_bh_disable(); ++ flow = flow_lookup(tbl, ti, ma, key, &n_mask_hit, &n_cache_hit, &index); ++ local_bh_enable(); ++ return flow; + } + + struct sw_flow *ovs_flow_tbl_lookup_exact(struct flow_table *tbl, +@@ -1109,7 +1120,6 @@ void ovs_flow_masks_rebalance(struct flo + + for (i = 0; i < ma->max; i++) { + struct sw_flow_mask *mask; +- unsigned int start; + int cpu; + + mask = rcu_dereference_ovsl(ma->masks[i]); +@@ -1120,14 +1130,16 @@ void ovs_flow_masks_rebalance(struct flo + masks_and_count[i].counter = 0; + + for_each_possible_cpu(cpu) { +- u64 *usage_counters = per_cpu_ptr(ma->masks_usage_cntr, +- cpu); ++ struct mask_array_stats *stats; ++ unsigned int start; + u64 counter; + ++ stats = per_cpu_ptr(ma->masks_usage_stats, cpu); + do { +- start = u64_stats_fetch_begin_irq(&ma->syncp); +- counter = usage_counters[i]; +- } while (u64_stats_fetch_retry_irq(&ma->syncp, start)); ++ start = u64_stats_fetch_begin_irq(&stats->syncp); ++ counter = stats->usage_cntrs[i]; ++ } while (u64_stats_fetch_retry_irq(&stats->syncp, ++ start)); + + masks_and_count[i].counter += counter; + } +--- a/net/openvswitch/flow_table.h ++++ b/net/openvswitch/flow_table.h +@@ -38,12 +38,16 @@ struct mask_count { + u64 counter; + }; + ++struct mask_array_stats { ++ struct u64_stats_sync syncp; ++ u64 usage_cntrs[]; ++}; ++ + struct mask_array { + struct rcu_head rcu; + int count, max; +- u64 __percpu *masks_usage_cntr; ++ struct mask_array_stats __percpu *masks_usage_stats; + u64 *masks_usage_zero_cntr; +- struct u64_stats_sync syncp; + struct sw_flow_mask __rcu *masks[]; + }; + diff --git a/queue-5.9/net-properly-typecast-int-values-to-set-sk_max_pacing_rate.patch b/queue-5.9/net-properly-typecast-int-values-to-set-sk_max_pacing_rate.patch new file mode 100644 index 00000000000..fe329d8fe92 --- /dev/null +++ b/queue-5.9/net-properly-typecast-int-values-to-set-sk_max_pacing_rate.patch @@ -0,0 +1,56 @@ +From foo@baz Sat Oct 24 10:56:06 AM CEST 2020 +From: Ke Li +Date: Thu, 22 Oct 2020 02:41:46 -0400 +Subject: [PATCH stable 5.9 15/30] net: Properly typecast int values to set sk_max_pacing_rate + +From: Ke Li + +[ Upstream commit 700465fd338fe5df08a1b2e27fa16981f562547f ] + +In setsockopt(SO_MAX_PACING_RATE) on 64bit systems, sk_max_pacing_rate, +after extended from 'u32' to 'unsigned long', takes unintentionally +hiked value whenever assigned from an 'int' value with MSB=1, due to +binary sign extension in promoting s32 to u64, e.g. 0x80000000 becomes +0xFFFFFFFF80000000. + +Thus inflated sk_max_pacing_rate causes subsequent getsockopt to return +~0U unexpectedly. It may also result in increased pacing rate. + +Fix by explicitly casting the 'int' value to 'unsigned int' before +assigning it to sk_max_pacing_rate, for zero extension to happen. + +Fixes: 76a9ebe811fb ("net: extend sk_pacing_rate to unsigned long") +Signed-off-by: Ji Li +Signed-off-by: Ke Li +Reviewed-by: Eric Dumazet +Link: https://lore.kernel.org/r/20201022064146.79873-1-keli@akamai.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + net/core/filter.c | 3 ++- + net/core/sock.c | 2 +- + 2 files changed, 3 insertions(+), 2 deletions(-) + +--- a/net/core/filter.c ++++ b/net/core/filter.c +@@ -4354,7 +4354,8 @@ static int _bpf_setsockopt(struct sock * + cmpxchg(&sk->sk_pacing_status, + SK_PACING_NONE, + SK_PACING_NEEDED); +- sk->sk_max_pacing_rate = (val == ~0U) ? ~0UL : val; ++ sk->sk_max_pacing_rate = (val == ~0U) ? ++ ~0UL : (unsigned int)val; + sk->sk_pacing_rate = min(sk->sk_pacing_rate, + sk->sk_max_pacing_rate); + break; +--- a/net/core/sock.c ++++ b/net/core/sock.c +@@ -1176,7 +1176,7 @@ set_sndbuf: + + case SO_MAX_PACING_RATE: + { +- unsigned long ulval = (val == ~0U) ? ~0UL : val; ++ unsigned long ulval = (val == ~0U) ? ~0UL : (unsigned int)val; + + if (sizeof(ulval) != sizeof(val) && + optlen >= sizeof(ulval) && diff --git a/queue-5.9/net-sched-act_ct-fix-adding-udp-port-mangle-operation.patch b/queue-5.9/net-sched-act_ct-fix-adding-udp-port-mangle-operation.patch new file mode 100644 index 00000000000..5aee60e0fea --- /dev/null +++ b/queue-5.9/net-sched-act_ct-fix-adding-udp-port-mangle-operation.patch @@ -0,0 +1,37 @@ +From foo@baz Sat Oct 24 10:56:06 AM CEST 2020 +From: Roi Dayan +Date: Mon, 19 Oct 2020 12:02:44 +0300 +Subject: [PATCH stable 5.9 16/30] net/sched: act_ct: Fix adding udp port mangle operation + +From: Roi Dayan + +[ Upstream commit 47b5d2a107396ab05e83a4dfbd30b563ecbc83af ] + +Need to use the udp header type and not tcp. + +Fixes: 9c26ba9b1f45 ("net/sched: act_ct: Instantiate flow table entry actions") +Signed-off-by: Roi Dayan +Reviewed-by: Paul Blakey +Link: https://lore.kernel.org/r/20201019090244.3015186-1-roid@nvidia.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + net/sched/act_ct.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/net/sched/act_ct.c ++++ b/net/sched/act_ct.c +@@ -156,11 +156,11 @@ tcf_ct_flow_table_add_action_nat_udp(con + __be16 target_dst = target.dst.u.udp.port; + + if (target_src != tuple->src.u.udp.port) +- tcf_ct_add_mangle_action(action, FLOW_ACT_MANGLE_HDR_TYPE_TCP, ++ tcf_ct_add_mangle_action(action, FLOW_ACT_MANGLE_HDR_TYPE_UDP, + offsetof(struct udphdr, source), + 0xFFFF, be16_to_cpu(target_src)); + if (target_dst != tuple->dst.u.udp.port) +- tcf_ct_add_mangle_action(action, FLOW_ACT_MANGLE_HDR_TYPE_TCP, ++ tcf_ct_add_mangle_action(action, FLOW_ACT_MANGLE_HDR_TYPE_UDP, + offsetof(struct udphdr, dest), + 0xFFFF, be16_to_cpu(target_dst)); + } diff --git a/queue-5.9/net-sched-act_gate-unlock-tcfa_lock-in-tc_setup_flow_action.patch b/queue-5.9/net-sched-act_gate-unlock-tcfa_lock-in-tc_setup_flow_action.patch new file mode 100644 index 00000000000..966f8159431 --- /dev/null +++ b/queue-5.9/net-sched-act_gate-unlock-tcfa_lock-in-tc_setup_flow_action.patch @@ -0,0 +1,34 @@ +From foo@baz Sat Oct 24 10:56:06 AM CEST 2020 +From: Guillaume Nault +Date: Tue, 20 Oct 2020 17:34:31 +0200 +Subject: [PATCH stable 5.9 26/30] net/sched: act_gate: Unlock ->tcfa_lock in tc_setup_flow_action() + +From: Guillaume Nault + +[ Upstream commit b130762161374b1ef31549bef8ebd4abeb998d94 ] + +We need to jump to the "err_out_locked" label when +tcf_gate_get_entries() fails. Otherwise, tc_setup_flow_action() exits +with ->tcfa_lock still held. + +Fixes: d29bdd69ecdd ("net: schedule: add action gate offloading") +Signed-off-by: Guillaume Nault +Acked-by: Cong Wang +Link: https://lore.kernel.org/r/12f60e385584c52c22863701c0185e40ab08a7a7.1603207948.git.gnault@redhat.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + net/sched/cls_api.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/sched/cls_api.c ++++ b/net/sched/cls_api.c +@@ -3712,7 +3712,7 @@ int tc_setup_flow_action(struct flow_act + entry->gate.num_entries = tcf_gate_num_entries(act); + err = tcf_gate_get_entries(entry, act); + if (err) +- goto err_out; ++ goto err_out_locked; + } else { + err = -EOPNOTSUPP; + goto err_out_locked; diff --git a/queue-5.9/net-sched-act_tunnel_key-fix-oob-write-in-case-of-ipv6-erspan-tunnels.patch b/queue-5.9/net-sched-act_tunnel_key-fix-oob-write-in-case-of-ipv6-erspan-tunnels.patch new file mode 100644 index 00000000000..2e0380d31f8 --- /dev/null +++ b/queue-5.9/net-sched-act_tunnel_key-fix-oob-write-in-case-of-ipv6-erspan-tunnels.patch @@ -0,0 +1,121 @@ +From foo@baz Sat Oct 24 10:56:06 AM CEST 2020 +From: Davide Caratti +Date: Wed, 21 Oct 2020 00:02:40 +0200 +Subject: [PATCH stable 5.9 17/30] net/sched: act_tunnel_key: fix OOB write in case of IPv6 ERSPAN tunnels + +From: Davide Caratti + +[ Upstream commit a7a12b5a0f950bc6b9f7153390634ea798738db9 ] + +the following command + + # tc action add action tunnel_key \ + > set src_ip 2001:db8::1 dst_ip 2001:db8::2 id 10 erspan_opts 1:6789:0:0 + +generates the following splat: + + BUG: KASAN: slab-out-of-bounds in tunnel_key_copy_opts+0xcc9/0x1010 [act_tunnel_key] + Write of size 4 at addr ffff88813f5f1cc8 by task tc/873 + + CPU: 2 PID: 873 Comm: tc Not tainted 5.9.0+ #282 + Hardware name: Red Hat KVM, BIOS 1.11.1-4.module+el8.1.0+4066+0f1aadab 04/01/2014 + Call Trace: + dump_stack+0x99/0xcb + print_address_description.constprop.7+0x1e/0x230 + kasan_report.cold.13+0x37/0x7c + tunnel_key_copy_opts+0xcc9/0x1010 [act_tunnel_key] + tunnel_key_init+0x160c/0x1f40 [act_tunnel_key] + tcf_action_init_1+0x5b5/0x850 + tcf_action_init+0x15d/0x370 + tcf_action_add+0xd9/0x2f0 + tc_ctl_action+0x29b/0x3a0 + rtnetlink_rcv_msg+0x341/0x8d0 + netlink_rcv_skb+0x120/0x380 + netlink_unicast+0x439/0x630 + netlink_sendmsg+0x719/0xbf0 + sock_sendmsg+0xe2/0x110 + ____sys_sendmsg+0x5ba/0x890 + ___sys_sendmsg+0xe9/0x160 + __sys_sendmsg+0xd3/0x170 + do_syscall_64+0x33/0x40 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + RIP: 0033:0x7f872a96b338 + Code: 89 02 48 c7 c0 ff ff ff ff eb b5 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 8d 05 25 43 2c 00 8b 00 85 c0 75 17 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 41 54 41 89 d4 55 + RSP: 002b:00007ffffe367518 EFLAGS: 00000246 ORIG_RAX: 000000000000002e + RAX: ffffffffffffffda RBX: 000000005f8f5aed RCX: 00007f872a96b338 + RDX: 0000000000000000 RSI: 00007ffffe367580 RDI: 0000000000000003 + RBP: 0000000000000000 R08: 0000000000000001 R09: 000000000000001c + R10: 000000000000000b R11: 0000000000000246 R12: 0000000000000001 + R13: 0000000000686760 R14: 0000000000000601 R15: 0000000000000000 + + Allocated by task 873: + kasan_save_stack+0x19/0x40 + __kasan_kmalloc.constprop.7+0xc1/0xd0 + __kmalloc+0x151/0x310 + metadata_dst_alloc+0x20/0x40 + tunnel_key_init+0xfff/0x1f40 [act_tunnel_key] + tcf_action_init_1+0x5b5/0x850 + tcf_action_init+0x15d/0x370 + tcf_action_add+0xd9/0x2f0 + tc_ctl_action+0x29b/0x3a0 + rtnetlink_rcv_msg+0x341/0x8d0 + netlink_rcv_skb+0x120/0x380 + netlink_unicast+0x439/0x630 + netlink_sendmsg+0x719/0xbf0 + sock_sendmsg+0xe2/0x110 + ____sys_sendmsg+0x5ba/0x890 + ___sys_sendmsg+0xe9/0x160 + __sys_sendmsg+0xd3/0x170 + do_syscall_64+0x33/0x40 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + + The buggy address belongs to the object at ffff88813f5f1c00 + which belongs to the cache kmalloc-256 of size 256 + The buggy address is located 200 bytes inside of + 256-byte region [ffff88813f5f1c00, ffff88813f5f1d00) + The buggy address belongs to the page: + page:0000000011b48a19 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x13f5f0 + head:0000000011b48a19 order:1 compound_mapcount:0 + flags: 0x17ffffc0010200(slab|head) + raw: 0017ffffc0010200 0000000000000000 0000000d00000001 ffff888107c43400 + raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 + page dumped because: kasan: bad access detected + + Memory state around the buggy address: + ffff88813f5f1b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc + ffff88813f5f1c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + >ffff88813f5f1c80: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc + ^ + ffff88813f5f1d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc + ffff88813f5f1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc + +using IPv6 tunnels, act_tunnel_key allocates a fixed amount of memory for +the tunnel metadata, but then it expects additional bytes to store tunnel +specific metadata with tunnel_key_copy_opts(). + +Fix the arguments of __ipv6_tun_set_dst(), so that 'md_size' contains the +size previously computed by tunnel_key_get_opts_len(), like it's done for +IPv4 tunnels. + +Fixes: 0ed5269f9e41 ("net/sched: add tunnel option support to act_tunnel_key") +Reported-by: Shuang Li +Signed-off-by: Davide Caratti +Acked-by: Cong Wang +Link: https://lore.kernel.org/r/36ebe969f6d13ff59912d6464a4356fe6f103766.1603231100.git.dcaratti@redhat.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + net/sched/act_tunnel_key.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/sched/act_tunnel_key.c ++++ b/net/sched/act_tunnel_key.c +@@ -459,7 +459,7 @@ static int tunnel_key_init(struct net *n + + metadata = __ipv6_tun_set_dst(&saddr, &daddr, tos, ttl, dst_port, + 0, flags, +- key_id, 0); ++ key_id, opts_len); + } else { + NL_SET_ERR_MSG(extack, "Missing either ipv4 or ipv6 src and dst"); + ret = -EINVAL; diff --git a/queue-5.9/netsec-ignore-phy-mode-device-property-on-acpi-systems.patch b/queue-5.9/netsec-ignore-phy-mode-device-property-on-acpi-systems.patch new file mode 100644 index 00000000000..fd727c7f03f --- /dev/null +++ b/queue-5.9/netsec-ignore-phy-mode-device-property-on-acpi-systems.patch @@ -0,0 +1,114 @@ +From foo@baz Sat Oct 24 10:56:06 AM CEST 2020 +From: Ard Biesheuvel +Date: Sun, 18 Oct 2020 18:36:25 +0200 +Subject: [PATCH stable 5.9 18/30] netsec: ignore 'phy-mode' device property on ACPI systems + +From: Ard Biesheuvel + +[ Upstream commit acd7aaf51b20263a7e62d2a26569988c63bdd3d8 ] + +Since commit bbc4d71d63549bc ("net: phy: realtek: fix rtl8211e rx/tx +delay config"), the Realtek PHY driver will override any TX/RX delay +set by hardware straps if the phy-mode device property does not match. + +This is causing problems on SynQuacer based platforms (the only SoC +that incorporates the netsec hardware), since many were built with +this Realtek PHY, and shipped with firmware that defines the phy-mode +as 'rgmii', even though the PHY is configured for TX and RX delay using +pull-ups. + +>From the driver's perspective, we should not make any assumptions in +the general case that the PHY hardware does not require any initial +configuration. However, the situation is slightly different for ACPI +boot, since it implies rich firmware with AML abstractions to handle +hardware details that are not exposed to the OS. So in the ACPI case, +it is reasonable to assume that the PHY comes up in the right mode, +regardless of whether the mode is set by straps, by boot time firmware +or by AML executed by the ACPI interpreter. + +So let's ignore the 'phy-mode' device property when probing the netsec +driver in ACPI mode, and hardcode the mode to PHY_INTERFACE_MODE_NA, +which should work with any PHY provided that it is configured by the +time the driver attaches to it. While at it, document that omitting +the mode is permitted for DT probing as well, by setting the phy-mode +DT property to the empty string. + +Fixes: 533dd11a12f6 ("net: socionext: Add Synquacer NetSec driver") +Signed-off-by: Ard Biesheuvel +Reviewed-by: Ilias Apalodimas +Reviewed-by: Andrew Lunn +Link: https://lore.kernel.org/r/20201018163625.2392-1-ardb@kernel.org +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + Documentation/devicetree/bindings/net/socionext-netsec.txt | 4 +- + drivers/net/ethernet/socionext/netsec.c | 24 +++++++++---- + 2 files changed, 20 insertions(+), 8 deletions(-) + +--- a/Documentation/devicetree/bindings/net/socionext-netsec.txt ++++ b/Documentation/devicetree/bindings/net/socionext-netsec.txt +@@ -30,7 +30,9 @@ Optional properties: (See ethernet.txt f + - max-frame-size: See ethernet.txt in the same directory. + + The MAC address will be determined using the optional properties +-defined in ethernet.txt. ++defined in ethernet.txt. The 'phy-mode' property is required, but may ++be set to the empty string if the PHY configuration is programmed by ++the firmware or set by hardware straps, and needs to be preserved. + + Example: + eth0: ethernet@522d0000 { +--- a/drivers/net/ethernet/socionext/netsec.c ++++ b/drivers/net/ethernet/socionext/netsec.c +@@ -6,6 +6,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -1833,6 +1834,14 @@ static const struct net_device_ops netse + static int netsec_of_probe(struct platform_device *pdev, + struct netsec_priv *priv, u32 *phy_addr) + { ++ int err; ++ ++ err = of_get_phy_mode(pdev->dev.of_node, &priv->phy_interface); ++ if (err) { ++ dev_err(&pdev->dev, "missing required property 'phy-mode'\n"); ++ return err; ++ } ++ + priv->phy_np = of_parse_phandle(pdev->dev.of_node, "phy-handle", 0); + if (!priv->phy_np) { + dev_err(&pdev->dev, "missing required property 'phy-handle'\n"); +@@ -1859,6 +1868,14 @@ static int netsec_acpi_probe(struct plat + if (!IS_ENABLED(CONFIG_ACPI)) + return -ENODEV; + ++ /* ACPI systems are assumed to configure the PHY in firmware, so ++ * there is really no need to discover the PHY mode from the DSDT. ++ * Since firmware is known to exist in the field that configures the ++ * PHY correctly but passes the wrong mode string in the phy-mode ++ * device property, we have no choice but to ignore it. ++ */ ++ priv->phy_interface = PHY_INTERFACE_MODE_NA; ++ + ret = device_property_read_u32(&pdev->dev, "phy-channel", phy_addr); + if (ret) { + dev_err(&pdev->dev, +@@ -1995,13 +2012,6 @@ static int netsec_probe(struct platform_ + priv->msg_enable = NETIF_MSG_TX_ERR | NETIF_MSG_HW | NETIF_MSG_DRV | + NETIF_MSG_LINK | NETIF_MSG_PROBE; + +- priv->phy_interface = device_get_phy_mode(&pdev->dev); +- if ((int)priv->phy_interface < 0) { +- dev_err(&pdev->dev, "missing required property 'phy-mode'\n"); +- ret = -ENODEV; +- goto free_ndev; +- } +- + priv->ioaddr = devm_ioremap(&pdev->dev, mmio_res->start, + resource_size(mmio_res)); + if (!priv->ioaddr) { diff --git a/queue-5.9/nexthop-fix-performance-regression-in-nexthop-deletion.patch b/queue-5.9/nexthop-fix-performance-regression-in-nexthop-deletion.patch new file mode 100644 index 00000000000..afc70561e28 --- /dev/null +++ b/queue-5.9/nexthop-fix-performance-regression-in-nexthop-deletion.patch @@ -0,0 +1,102 @@ +From foo@baz Sat Oct 24 10:56:06 AM CEST 2020 +From: Ido Schimmel +Date: Fri, 16 Oct 2020 20:29:14 +0300 +Subject: [PATCH stable 5.9 19/30] nexthop: Fix performance regression in nexthop deletion + +From: Ido Schimmel + +[ Upstream commit df6afe2f7c19349de2ee560dc62ea4d9ad3ff889 ] + +While insertion of 16k nexthops all using the same netdev ('dummy10') +takes less than a second, deletion takes about 130 seconds: + +# time -p ip -b nexthop.batch +real 0.29 +user 0.01 +sys 0.15 + +# time -p ip link set dev dummy10 down +real 131.03 +user 0.06 +sys 0.52 + +This is because of repeated calls to synchronize_rcu() whenever a +nexthop is removed from a nexthop group: + +# /usr/share/bcc/tools/offcputime -p `pgrep -nx ip` -K +... + b'finish_task_switch' + b'schedule' + b'schedule_timeout' + b'wait_for_completion' + b'__wait_rcu_gp' + b'synchronize_rcu.part.0' + b'synchronize_rcu' + b'__remove_nexthop' + b'remove_nexthop' + b'nexthop_flush_dev' + b'nh_netdev_event' + b'raw_notifier_call_chain' + b'call_netdevice_notifiers_info' + b'__dev_notify_flags' + b'dev_change_flags' + b'do_setlink' + b'__rtnl_newlink' + b'rtnl_newlink' + b'rtnetlink_rcv_msg' + b'netlink_rcv_skb' + b'rtnetlink_rcv' + b'netlink_unicast' + b'netlink_sendmsg' + b'____sys_sendmsg' + b'___sys_sendmsg' + b'__sys_sendmsg' + b'__x64_sys_sendmsg' + b'do_syscall_64' + b'entry_SYSCALL_64_after_hwframe' + - ip (277) + 126554955 + +Since nexthops are always deleted under RTNL, synchronize_net() can be +used instead. It will call synchronize_rcu_expedited() which only blocks +for several microseconds as opposed to multiple milliseconds like +synchronize_rcu(). + +With this patch deletion of 16k nexthops takes less than a second: + +# time -p ip link set dev dummy10 down +real 0.12 +user 0.00 +sys 0.04 + +Tested with fib_nexthops.sh which includes torture tests that prompted +the initial change: + +# ./fib_nexthops.sh +... +Tests passed: 134 +Tests failed: 0 + +Fixes: 90f33bffa382 ("nexthops: don't modify published nexthop groups") +Signed-off-by: Ido Schimmel +Reviewed-by: Jesse Brandeburg +Reviewed-by: David Ahern +Acked-by: Nikolay Aleksandrov +Link: https://lore.kernel.org/r/20201016172914.643282-1-idosch@idosch.org +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + net/ipv4/nexthop.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/ipv4/nexthop.c ++++ b/net/ipv4/nexthop.c +@@ -842,7 +842,7 @@ static void remove_nexthop_from_groups(s + remove_nh_grp_entry(net, nhge, nlinfo); + + /* make sure all see the newly published array before releasing rtnl */ +- synchronize_rcu(); ++ synchronize_net(); + } + + static void remove_nexthop_group(struct nexthop *nh, struct nl_info *nlinfo) diff --git a/queue-5.9/nfc-ensure-presence-of-nfc_attr_firmware_name-attribute-in-nfc_genl_fw_download.patch b/queue-5.9/nfc-ensure-presence-of-nfc_attr_firmware_name-attribute-in-nfc_genl_fw_download.patch new file mode 100644 index 00000000000..40745dbc195 --- /dev/null +++ b/queue-5.9/nfc-ensure-presence-of-nfc_attr_firmware_name-attribute-in-nfc_genl_fw_download.patch @@ -0,0 +1,37 @@ +From foo@baz Sat Oct 24 10:56:06 AM CEST 2020 +From: Defang Bo +Date: Mon, 19 Oct 2020 19:38:58 +0800 +Subject: [PATCH stable 5.9 20/30] nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download() + +From: Defang Bo + +[ Upstream commit 280e3ebdafb863b3cb50d5842f056267e15bf40c ] + +Check that the NFC_ATTR_FIRMWARE_NAME attributes are provided by +the netlink client prior to accessing them.This prevents potential +unhandled NULL pointer dereference exceptions which can be triggered +by malicious user-mode programs, if they omit one or both of these +attributes. + +Similar to commit a0323b979f81 ("nfc: Ensure presence of required attributes in the activate_target handler"). + +Fixes: 9674da8759df ("NFC: Add firmware upload netlink command") +Signed-off-by: Defang Bo +Link: https://lore.kernel.org/r/1603107538-4744-1-git-send-email-bodefang@126.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + net/nfc/netlink.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/nfc/netlink.c ++++ b/net/nfc/netlink.c +@@ -1217,7 +1217,7 @@ static int nfc_genl_fw_download(struct s + u32 idx; + char firmware_name[NFC_FIRMWARE_NAME_MAXSIZE + 1]; + +- if (!info->attrs[NFC_ATTR_DEVICE_INDEX]) ++ if (!info->attrs[NFC_ATTR_DEVICE_INDEX] || !info->attrs[NFC_ATTR_FIRMWARE_NAME]) + return -EINVAL; + + idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]); diff --git a/queue-5.9/r8169-fix-operation-under-forced-interrupt-threading.patch b/queue-5.9/r8169-fix-operation-under-forced-interrupt-threading.patch new file mode 100644 index 00000000000..e61462301d4 --- /dev/null +++ b/queue-5.9/r8169-fix-operation-under-forced-interrupt-threading.patch @@ -0,0 +1,58 @@ +From foo@baz Sat Oct 24 10:56:06 AM CEST 2020 +From: Heiner Kallweit +Date: Sun, 18 Oct 2020 18:38:59 +0200 +Subject: [PATCH stable 5.9 21/30] r8169: fix operation under forced interrupt threading + +From: Heiner Kallweit + +[ Upstream commit 424a646e072a887aa87283b53aa6f8b19c2a7bef ] + +For several network drivers it was reported that using +__napi_schedule_irqoff() is unsafe with forced threading. One way to +fix this is switching back to __napi_schedule, but then we lose the +benefit of the irqoff version in general. As stated by Eric it doesn't +make sense to make the minimal hard irq handlers in drivers using NAPI +a thread. Therefore ensure that the hard irq handler is never +thread-ified. + +Fixes: 9a899a35b0d6 ("r8169: switch to napi_schedule_irqoff") +Link: https://lkml.org/lkml/2020/10/18/19 +Signed-off-by: Heiner Kallweit +Link: https://lore.kernel.org/r/4d3ef84a-c812-5072-918a-22a6f6468310@gmail.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/realtek/r8169_main.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/drivers/net/ethernet/realtek/r8169_main.c ++++ b/drivers/net/ethernet/realtek/r8169_main.c +@@ -4686,7 +4686,7 @@ static int rtl8169_close(struct net_devi + + phy_disconnect(tp->phydev); + +- pci_free_irq(pdev, 0, tp); ++ free_irq(pci_irq_vector(pdev, 0), tp); + + dma_free_coherent(&pdev->dev, R8169_RX_RING_BYTES, tp->RxDescArray, + tp->RxPhyAddr); +@@ -4737,8 +4737,8 @@ static int rtl_open(struct net_device *d + + rtl_request_firmware(tp); + +- retval = pci_request_irq(pdev, 0, rtl8169_interrupt, NULL, tp, +- dev->name); ++ retval = request_irq(pci_irq_vector(pdev, 0), rtl8169_interrupt, ++ IRQF_NO_THREAD | IRQF_SHARED, dev->name, tp); + if (retval < 0) + goto err_release_fw_2; + +@@ -4755,7 +4755,7 @@ out: + return retval; + + err_free_irq: +- pci_free_irq(pdev, 0, tp); ++ free_irq(pci_irq_vector(pdev, 0), tp); + err_release_fw_2: + rtl_release_firmware(tp); + rtl8169_rx_clear(tp); diff --git a/queue-5.9/selftests-forwarding-add-missing-rp_filter-configuration.patch b/queue-5.9/selftests-forwarding-add-missing-rp_filter-configuration.patch new file mode 100644 index 00000000000..a34860894c3 --- /dev/null +++ b/queue-5.9/selftests-forwarding-add-missing-rp_filter-configuration.patch @@ -0,0 +1,89 @@ +From foo@baz Sat Oct 24 10:56:06 AM CEST 2020 +From: Ido Schimmel +Date: Thu, 15 Oct 2020 11:45:25 +0300 +Subject: [PATCH stable 5.9 22/30] selftests: forwarding: Add missing 'rp_filter' configuration + +From: Ido Schimmel + +[ Upstream commit 71a0e29e99405d89b695882d52eec60844173697 ] + +When 'rp_filter' is configured in strict mode (1) the tests fail because +packets received from the macvlan netdevs would not be forwarded through +them on the reverse path. + +Fix this by disabling the 'rp_filter', meaning no source validation is +performed. + +Fixes: 1538812e0880 ("selftests: forwarding: Add a test for VXLAN asymmetric routing") +Fixes: 438a4f5665b2 ("selftests: forwarding: Add a test for VXLAN symmetric routing") +Signed-off-by: Ido Schimmel +Reported-by: Hangbin Liu +Tested-by: Hangbin Liu +Link: https://lore.kernel.org/r/20201015084525.135121-1-idosch@idosch.org +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + tools/testing/selftests/net/forwarding/vxlan_asymmetric.sh | 10 ++++++++++ + tools/testing/selftests/net/forwarding/vxlan_symmetric.sh | 10 ++++++++++ + 2 files changed, 20 insertions(+) + +--- a/tools/testing/selftests/net/forwarding/vxlan_asymmetric.sh ++++ b/tools/testing/selftests/net/forwarding/vxlan_asymmetric.sh +@@ -215,10 +215,16 @@ switch_create() + + bridge fdb add 00:00:5e:00:01:01 dev br1 self local vlan 10 + bridge fdb add 00:00:5e:00:01:01 dev br1 self local vlan 20 ++ ++ sysctl_set net.ipv4.conf.all.rp_filter 0 ++ sysctl_set net.ipv4.conf.vlan10-v.rp_filter 0 ++ sysctl_set net.ipv4.conf.vlan20-v.rp_filter 0 + } + + switch_destroy() + { ++ sysctl_restore net.ipv4.conf.all.rp_filter ++ + bridge fdb del 00:00:5e:00:01:01 dev br1 self local vlan 20 + bridge fdb del 00:00:5e:00:01:01 dev br1 self local vlan 10 + +@@ -359,6 +365,10 @@ ns_switch_create() + + bridge fdb add 00:00:5e:00:01:01 dev br1 self local vlan 10 + bridge fdb add 00:00:5e:00:01:01 dev br1 self local vlan 20 ++ ++ sysctl_set net.ipv4.conf.all.rp_filter 0 ++ sysctl_set net.ipv4.conf.vlan10-v.rp_filter 0 ++ sysctl_set net.ipv4.conf.vlan20-v.rp_filter 0 + } + export -f ns_switch_create + +--- a/tools/testing/selftests/net/forwarding/vxlan_symmetric.sh ++++ b/tools/testing/selftests/net/forwarding/vxlan_symmetric.sh +@@ -237,10 +237,16 @@ switch_create() + + bridge fdb add 00:00:5e:00:01:01 dev br1 self local vlan 10 + bridge fdb add 00:00:5e:00:01:01 dev br1 self local vlan 20 ++ ++ sysctl_set net.ipv4.conf.all.rp_filter 0 ++ sysctl_set net.ipv4.conf.vlan10-v.rp_filter 0 ++ sysctl_set net.ipv4.conf.vlan20-v.rp_filter 0 + } + + switch_destroy() + { ++ sysctl_restore net.ipv4.conf.all.rp_filter ++ + bridge fdb del 00:00:5e:00:01:01 dev br1 self local vlan 20 + bridge fdb del 00:00:5e:00:01:01 dev br1 self local vlan 10 + +@@ -402,6 +408,10 @@ ns_switch_create() + + bridge fdb add 00:00:5e:00:01:01 dev br1 self local vlan 10 + bridge fdb add 00:00:5e:00:01:01 dev br1 self local vlan 20 ++ ++ sysctl_set net.ipv4.conf.all.rp_filter 0 ++ sysctl_set net.ipv4.conf.vlan10-v.rp_filter 0 ++ sysctl_set net.ipv4.conf.vlan20-v.rp_filter 0 + } + export -f ns_switch_create + diff --git a/queue-5.9/selftests-rtnetlink-load-fou-module-for-kci_test_encap_fou-test.patch b/queue-5.9/selftests-rtnetlink-load-fou-module-for-kci_test_encap_fou-test.patch new file mode 100644 index 00000000000..5b2857119e2 --- /dev/null +++ b/queue-5.9/selftests-rtnetlink-load-fou-module-for-kci_test_encap_fou-test.patch @@ -0,0 +1,50 @@ +From foo@baz Sat Oct 24 10:56:06 AM CEST 2020 +From: Po-Hsu Lin +Date: Mon, 19 Oct 2020 11:09:28 +0800 +Subject: [PATCH stable 5.9 23/30] selftests: rtnetlink: load fou module for kci_test_encap_fou() test + +From: Po-Hsu Lin + +[ Upstream commit 26ebd6fed9bb3aa480c7c0f147ac0e7b11000f65 ] + +The kci_test_encap_fou() test from kci_test_encap() in rtnetlink.sh +needs the fou module to work. Otherwise it will fail with: + + $ ip netns exec "$testns" ip fou add port 7777 ipproto 47 + RTNETLINK answers: No such file or directory + Error talking to the kernel + +Add the CONFIG_NET_FOU into the config file as well. Which needs at +least to be set as a loadable module. + +Fixes: 6227efc1a20b ("selftests: rtnetlink.sh: add vxlan and fou test cases") +Signed-off-by: Po-Hsu Lin +Link: https://lore.kernel.org/r/20201019030928.9859-1-po-hsu.lin@canonical.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + tools/testing/selftests/net/config | 1 + + tools/testing/selftests/net/rtnetlink.sh | 5 +++++ + 2 files changed, 6 insertions(+) + +--- a/tools/testing/selftests/net/config ++++ b/tools/testing/selftests/net/config +@@ -31,3 +31,4 @@ CONFIG_NET_SCH_ETF=m + CONFIG_NET_SCH_NETEM=y + CONFIG_TEST_BLACKHOLE_DEV=m + CONFIG_KALLSYMS=y ++CONFIG_NET_FOU=m +--- a/tools/testing/selftests/net/rtnetlink.sh ++++ b/tools/testing/selftests/net/rtnetlink.sh +@@ -520,6 +520,11 @@ kci_test_encap_fou() + return $ksft_skip + fi + ++ if ! /sbin/modprobe -q -n fou; then ++ echo "SKIP: module fou is not found" ++ return $ksft_skip ++ fi ++ /sbin/modprobe -q fou + ip -netns "$testns" fou add port 7777 ipproto 47 2>/dev/null + if [ $? -ne 0 ];then + echo "FAIL: can't add fou port 7777, skipping test" diff --git a/queue-5.9/series b/queue-5.9/series index a91be119df0..550a93ebe52 100644 --- a/queue-5.9/series +++ b/queue-5.9/series @@ -26,3 +26,33 @@ binder-fix-uaf-when-releasing-todo-list.patch alsa-bebob-potential-info-leak-in-hwdep_read.patch alsa-hda-fix-jack-detection-with-realtek-codecs-when-in-d3.patch alsa-hda-hdmi-fix-incorrect-locking-in-hdmi_pcm_close.patch +tipc-re-configure-queue-limit-for-broadcast-link.patch +tipc-fix-incorrect-setting-window-for-bcast-link.patch +chelsio-chtls-fix-socket-lock.patch +chelsio-chtls-correct-netdevice-for-vlan-interface.patch +chelsio-chtls-fix-panic-when-server-is-on-ipv6.patch +chelsio-chtls-fix-panic-when-listen-on-multiadapter.patch +chelsio-chtls-correct-function-return-and-return-type.patch +chelsio-chtls-fix-writing-freed-memory.patch +ibmvnic-save-changed-mac-address-to-adapter-mac_addr.patch +icmp-randomize-the-global-rate-limiter.patch +mptcp-initialize-mptcp_options_received-s-ahmac.patch +net-ftgmac100-fix-aspeed-ast2600-tx-hang-issue.patch +net-hdlc-in-hdlc_rcv-check-to-make-sure-dev-is-an-hdlc-device.patch +net-hdlc_raw_eth-clear-the-iff_tx_skb_sharing-flag-after-calling-ether_setup.patch +net-properly-typecast-int-values-to-set-sk_max_pacing_rate.patch +net-sched-act_ct-fix-adding-udp-port-mangle-operation.patch +net-sched-act_tunnel_key-fix-oob-write-in-case-of-ipv6-erspan-tunnels.patch +netsec-ignore-phy-mode-device-property-on-acpi-systems.patch +nexthop-fix-performance-regression-in-nexthop-deletion.patch +nfc-ensure-presence-of-nfc_attr_firmware_name-attribute-in-nfc_genl_fw_download.patch +r8169-fix-operation-under-forced-interrupt-threading.patch +selftests-forwarding-add-missing-rp_filter-configuration.patch +selftests-rtnetlink-load-fou-module-for-kci_test_encap_fou-test.patch +tcp-fix-to-update-snd_wl1-in-bulk-receiver-fast-path.patch +net-ethernet-mtk-star-emac-select-regmap_mmio.patch +net-sched-act_gate-unlock-tcfa_lock-in-tc_setup_flow_action.patch +ixgbe-fix-probing-of-multi-port-devices-with-one-mdio.patch +mptcp-mptcp_kunit_tests-should-depend-on-mptcp-instead-of-selecting-it.patch +net-openvswitch-fix-to-make-sure-flow_lookup-is-not-preempted.patch +sfc-move-initialisation-of-efx-filter_sem-to-efx_init_struct.patch diff --git a/queue-5.9/sfc-move-initialisation-of-efx-filter_sem-to-efx_init_struct.patch b/queue-5.9/sfc-move-initialisation-of-efx-filter_sem-to-efx_init_struct.patch new file mode 100644 index 00000000000..e93ebde1e8e --- /dev/null +++ b/queue-5.9/sfc-move-initialisation-of-efx-filter_sem-to-efx_init_struct.patch @@ -0,0 +1,43 @@ +From foo@baz Sat Oct 24 10:56:06 AM CEST 2020 +From: Edward Cree +Date: Tue, 20 Oct 2020 15:35:08 +0100 +Subject: [PATCH stable 5.9 30/30] sfc: move initialisation of efx->filter_sem to efx_init_struct() + +From: Edward Cree + +[ Upstream commit 05f90bf3d5df40e1a705527520e5fd56b2b6f09e ] + +efx_probe_filters() has not been called yet when EF100 calls into + efx_mcdi_filter_table_probe(), for which it wants to take the + filter_sem. + +Fixes: a9dc3d5612ce ("sfc_ef100: RX filter table management and related gubbins") +Signed-off-by: Edward Cree +Link: https://lore.kernel.org/r/24fad43e-887d-051e-25e3-506f23f63abf@solarflare.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/sfc/efx_common.c | 1 + + drivers/net/ethernet/sfc/rx_common.c | 1 - + 2 files changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/net/ethernet/sfc/efx_common.c ++++ b/drivers/net/ethernet/sfc/efx_common.c +@@ -1030,6 +1030,7 @@ int efx_init_struct(struct efx_nic *efx, + efx->num_mac_stats = MC_CMD_MAC_NSTATS; + BUILD_BUG_ON(MC_CMD_MAC_NSTATS - 1 != MC_CMD_MAC_GENERATION_END); + mutex_init(&efx->mac_lock); ++ init_rwsem(&efx->filter_sem); + #ifdef CONFIG_RFS_ACCEL + mutex_init(&efx->rps_mutex); + spin_lock_init(&efx->rps_hash_lock); +--- a/drivers/net/ethernet/sfc/rx_common.c ++++ b/drivers/net/ethernet/sfc/rx_common.c +@@ -797,7 +797,6 @@ int efx_probe_filters(struct efx_nic *ef + { + int rc; + +- init_rwsem(&efx->filter_sem); + mutex_lock(&efx->mac_lock); + down_write(&efx->filter_sem); + rc = efx->type->filter_table_probe(efx); diff --git a/queue-5.9/tcp-fix-to-update-snd_wl1-in-bulk-receiver-fast-path.patch b/queue-5.9/tcp-fix-to-update-snd_wl1-in-bulk-receiver-fast-path.patch new file mode 100644 index 00000000000..7101cd2940d --- /dev/null +++ b/queue-5.9/tcp-fix-to-update-snd_wl1-in-bulk-receiver-fast-path.patch @@ -0,0 +1,65 @@ +From foo@baz Sat Oct 24 10:56:06 AM CEST 2020 +From: Neal Cardwell +Date: Thu, 22 Oct 2020 10:33:31 -0400 +Subject: [PATCH stable 5.9 24/30] tcp: fix to update snd_wl1 in bulk receiver fast path + +From: Neal Cardwell + +[ Upstream commit 18ded910b589839e38a51623a179837ab4cc3789 ] + +In the header prediction fast path for a bulk data receiver, if no +data is newly acknowledged then we do not call tcp_ack() and do not +call tcp_ack_update_window(). This means that a bulk receiver that +receives large amounts of data can have the incoming sequence numbers +wrap, so that the check in tcp_may_update_window fails: + after(ack_seq, tp->snd_wl1) + +If the incoming receive windows are zero in this state, and then the +connection that was a bulk data receiver later wants to send data, +that connection can find itself persistently rejecting the window +updates in incoming ACKs. This means the connection can persistently +fail to discover that the receive window has opened, which in turn +means that the connection is unable to send anything, and the +connection's sending process can get permanently "stuck". + +The fix is to update snd_wl1 in the header prediction fast path for a +bulk data receiver, so that it keeps up and does not see wrapping +problems. + +This fix is based on a very nice and thorough analysis and diagnosis +by Apollon Oikonomopoulos (see link below). + +This is a stable candidate but there is no Fixes tag here since the +bug predates current git history. Just for fun: looks like the bug +dates back to when header prediction was added in Linux v2.1.8 in Nov +1996. In that version tcp_rcv_established() was added, and the code +only updates snd_wl1 in tcp_ack(), and in the new "Bulk data transfer: +receiver" code path it does not call tcp_ack(). This fix seems to +apply cleanly at least as far back as v3.2. + +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Signed-off-by: Neal Cardwell +Reported-by: Apollon Oikonomopoulos +Tested-by: Apollon Oikonomopoulos +Link: https://www.spinics.net/lists/netdev/msg692430.html +Acked-by: Soheil Hassas Yeganeh +Acked-by: Yuchung Cheng +Signed-off-by: Eric Dumazet +Link: https://lore.kernel.org/r/20201022143331.1887495-1-ncardwell.kernel@gmail.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + net/ipv4/tcp_input.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/net/ipv4/tcp_input.c ++++ b/net/ipv4/tcp_input.c +@@ -5766,6 +5766,8 @@ void tcp_rcv_established(struct sock *sk + tcp_data_snd_check(sk); + if (!inet_csk_ack_scheduled(sk)) + goto no_ack; ++ } else { ++ tcp_update_wl(tp, TCP_SKB_CB(skb)->seq); + } + + __tcp_ack_snd_check(sk, 0); diff --git a/queue-5.9/tipc-fix-incorrect-setting-window-for-bcast-link.patch b/queue-5.9/tipc-fix-incorrect-setting-window-for-bcast-link.patch new file mode 100644 index 00000000000..031529b07e7 --- /dev/null +++ b/queue-5.9/tipc-fix-incorrect-setting-window-for-bcast-link.patch @@ -0,0 +1,59 @@ +From foo@baz Sat Oct 24 10:56:06 AM CEST 2020 +From: Hoang Huu Le +Date: Fri, 16 Oct 2020 09:31:19 +0700 +Subject: [PATCH stable 5.9 02/30] tipc: fix incorrect setting window for bcast link + +From: Hoang Huu Le + +[ Upstream commit ec78e31852c9bb7d96b6557468fecb6f6f3b28f3 ] + +In commit 16ad3f4022bb +("tipc: introduce variable window congestion control"), we applied +the algorithm to select window size from minimum window to the +configured maximum window for unicast link, and, besides we chose +to keep the window size for broadcast link unchanged and equal (i.e +fix window 50) + +However, when setting maximum window variable via command, the window +variable was re-initialized to unexpect value (i.e 32). + +We fix this by updating the fix window for broadcast as we stated. + +Fixes: 16ad3f4022bb ("tipc: introduce variable window congestion control") +Acked-by: Jon Maloy +Signed-off-by: Hoang Huu Le +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + net/tipc/bcast.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/net/tipc/bcast.c ++++ b/net/tipc/bcast.c +@@ -109,6 +109,7 @@ static void tipc_bcbase_select_primary(s + struct tipc_bc_base *bb = tipc_bc_base(net); + int all_dests = tipc_link_bc_peers(bb->link); + int max_win = tipc_link_max_win(bb->link); ++ int min_win = tipc_link_min_win(bb->link); + int i, mtu, prim; + + bb->primary_bearer = INVALID_BEARER_ID; +@@ -124,7 +125,8 @@ static void tipc_bcbase_select_primary(s + mtu = tipc_bearer_mtu(net, i); + if (mtu < tipc_link_mtu(bb->link)) { + tipc_link_set_mtu(bb->link, mtu); +- tipc_link_set_queue_limits(bb->link, max_win, ++ tipc_link_set_queue_limits(bb->link, ++ min_win, + max_win); + } + bb->bcast_support &= tipc_bearer_bcast_support(net, i); +@@ -589,7 +591,7 @@ static int tipc_bc_link_set_queue_limits + if (max_win > TIPC_MAX_LINK_WIN) + return -EINVAL; + tipc_bcast_lock(net); +- tipc_link_set_queue_limits(l, BCLINK_WIN_MIN, max_win); ++ tipc_link_set_queue_limits(l, tipc_link_min_win(l), max_win); + tipc_bcast_unlock(net); + return 0; + } diff --git a/queue-5.9/tipc-re-configure-queue-limit-for-broadcast-link.patch b/queue-5.9/tipc-re-configure-queue-limit-for-broadcast-link.patch new file mode 100644 index 00000000000..40dbaa0d259 --- /dev/null +++ b/queue-5.9/tipc-re-configure-queue-limit-for-broadcast-link.patch @@ -0,0 +1,48 @@ +From foo@baz Sat Oct 24 10:56:06 AM CEST 2020 +From: Hoang Huu Le +Date: Fri, 16 Oct 2020 09:31:18 +0700 +Subject: [PATCH stable 5.9 01/30] tipc: re-configure queue limit for broadcast link + +From: Hoang Huu Le + +[ Upstream commit 75cee397ae6f1020fbb75db90aa22a51bc3318ac ] + +The queue limit of the broadcast link is being calculated base on initial +MTU. However, when MTU value changed (e.g manual changing MTU on NIC +device, MTU negotiation etc.,) we do not re-calculate queue limit. +This gives throughput does not reflect with the change. + +So fix it by calling the function to re-calculate queue limit of the +broadcast link. + +Acked-by: Jon Maloy +Signed-off-by: Hoang Huu Le +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + net/tipc/bcast.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/net/tipc/bcast.c ++++ b/net/tipc/bcast.c +@@ -108,6 +108,7 @@ static void tipc_bcbase_select_primary(s + { + struct tipc_bc_base *bb = tipc_bc_base(net); + int all_dests = tipc_link_bc_peers(bb->link); ++ int max_win = tipc_link_max_win(bb->link); + int i, mtu, prim; + + bb->primary_bearer = INVALID_BEARER_ID; +@@ -121,8 +122,11 @@ static void tipc_bcbase_select_primary(s + continue; + + mtu = tipc_bearer_mtu(net, i); +- if (mtu < tipc_link_mtu(bb->link)) ++ if (mtu < tipc_link_mtu(bb->link)) { + tipc_link_set_mtu(bb->link, mtu); ++ tipc_link_set_queue_limits(bb->link, max_win, ++ max_win); ++ } + bb->bcast_support &= tipc_bearer_bcast_support(net, i); + if (bb->dests[i] < all_dests) + continue;