From: Sasha Levin Date: Sun, 19 Dec 2021 03:02:46 +0000 (-0500) Subject: Fixes for 4.14 X-Git-Tag: v4.4.296~53 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b3d8135c2f0e2b5156d3964cb433316612a577c1;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 4.14 Signed-off-by: Sasha Levin --- diff --git a/queue-4.14/arm-socfpga-dts-fix-qspi-node-compatible.patch b/queue-4.14/arm-socfpga-dts-fix-qspi-node-compatible.patch new file mode 100644 index 00000000000..1ada60d4d94 --- /dev/null +++ b/queue-4.14/arm-socfpga-dts-fix-qspi-node-compatible.patch @@ -0,0 +1,128 @@ +From ae56a841fd6c204fc5ac7ff4dfdc46d1861c3bb0 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 1 Nov 2021 19:36:30 -0500 +Subject: ARM: socfpga: dts: fix qspi node compatible + +From: Dinh Nguyen + +[ Upstream commit cb25b11943cbcc5a34531129952870420f8be858 ] + +The QSPI flash node needs to have the required "jedec,spi-nor" in the +compatible string. + +Fixes: 1df99da8953 ("ARM: dts: socfpga: Enable QSPI in Arria10 devkit") +Signed-off-by: Dinh Nguyen +Signed-off-by: Sasha Levin +--- + arch/arm/boot/dts/socfpga_arria10_socdk_qspi.dts | 2 +- + arch/arm/boot/dts/socfpga_arria5_socdk.dts | 2 +- + arch/arm/boot/dts/socfpga_cyclone5_socdk.dts | 2 +- + arch/arm/boot/dts/socfpga_cyclone5_sockit.dts | 2 +- + arch/arm/boot/dts/socfpga_cyclone5_socrates.dts | 2 +- + arch/arm/boot/dts/socfpga_cyclone5_sodia.dts | 2 +- + arch/arm/boot/dts/socfpga_cyclone5_vining_fpga.dts | 4 ++-- + 7 files changed, 8 insertions(+), 8 deletions(-) + +diff --git a/arch/arm/boot/dts/socfpga_arria10_socdk_qspi.dts b/arch/arm/boot/dts/socfpga_arria10_socdk_qspi.dts +index beb2fc6b9eb63..adfdc43ac052f 100644 +--- a/arch/arm/boot/dts/socfpga_arria10_socdk_qspi.dts ++++ b/arch/arm/boot/dts/socfpga_arria10_socdk_qspi.dts +@@ -23,7 +23,7 @@ &qspi { + flash0: n25q00@0 { + #address-cells = <1>; + #size-cells = <1>; +- compatible = "n25q00aa"; ++ compatible = "micron,mt25qu02g", "jedec,spi-nor"; + reg = <0>; + spi-max-frequency = <100000000>; + +diff --git a/arch/arm/boot/dts/socfpga_arria5_socdk.dts b/arch/arm/boot/dts/socfpga_arria5_socdk.dts +index aac4feea86f38..09ffa79240c84 100644 +--- a/arch/arm/boot/dts/socfpga_arria5_socdk.dts ++++ b/arch/arm/boot/dts/socfpga_arria5_socdk.dts +@@ -131,7 +131,7 @@ &qspi { + flash: flash@0 { + #address-cells = <1>; + #size-cells = <1>; +- compatible = "n25q256a"; ++ compatible = "micron,n25q256a", "jedec,spi-nor"; + reg = <0>; + spi-max-frequency = <100000000>; + +diff --git a/arch/arm/boot/dts/socfpga_cyclone5_socdk.dts b/arch/arm/boot/dts/socfpga_cyclone5_socdk.dts +index 155829f9eba16..907d8aa6d9fc8 100644 +--- a/arch/arm/boot/dts/socfpga_cyclone5_socdk.dts ++++ b/arch/arm/boot/dts/socfpga_cyclone5_socdk.dts +@@ -136,7 +136,7 @@ &qspi { + flash0: n25q00@0 { + #address-cells = <1>; + #size-cells = <1>; +- compatible = "n25q00"; ++ compatible = "micron,mt25qu02g", "jedec,spi-nor"; + reg = <0>; /* chip select */ + spi-max-frequency = <100000000>; + +diff --git a/arch/arm/boot/dts/socfpga_cyclone5_sockit.dts b/arch/arm/boot/dts/socfpga_cyclone5_sockit.dts +index a4a555c19d943..fe5fe4559969d 100644 +--- a/arch/arm/boot/dts/socfpga_cyclone5_sockit.dts ++++ b/arch/arm/boot/dts/socfpga_cyclone5_sockit.dts +@@ -181,7 +181,7 @@ &qspi { + flash: flash@0 { + #address-cells = <1>; + #size-cells = <1>; +- compatible = "n25q00"; ++ compatible = "micron,mt25qu02g", "jedec,spi-nor"; + reg = <0>; + spi-max-frequency = <100000000>; + +diff --git a/arch/arm/boot/dts/socfpga_cyclone5_socrates.dts b/arch/arm/boot/dts/socfpga_cyclone5_socrates.dts +index 53bf99eef66de..0992cae3e60ef 100644 +--- a/arch/arm/boot/dts/socfpga_cyclone5_socrates.dts ++++ b/arch/arm/boot/dts/socfpga_cyclone5_socrates.dts +@@ -87,7 +87,7 @@ &qspi { + flash: flash@0 { + #address-cells = <1>; + #size-cells = <1>; +- compatible = "n25q256a"; ++ compatible = "micron,n25q256a", "jedec,spi-nor"; + reg = <0>; + spi-max-frequency = <100000000>; + m25p,fast-read; +diff --git a/arch/arm/boot/dts/socfpga_cyclone5_sodia.dts b/arch/arm/boot/dts/socfpga_cyclone5_sodia.dts +index 8860dd2e242c4..22bfef024913a 100644 +--- a/arch/arm/boot/dts/socfpga_cyclone5_sodia.dts ++++ b/arch/arm/boot/dts/socfpga_cyclone5_sodia.dts +@@ -128,7 +128,7 @@ &qspi { + flash0: n25q512a@0 { + #address-cells = <1>; + #size-cells = <1>; +- compatible = "n25q512a"; ++ compatible = "micron,n25q512a", "jedec,spi-nor"; + reg = <0>; + spi-max-frequency = <100000000>; + +diff --git a/arch/arm/boot/dts/socfpga_cyclone5_vining_fpga.dts b/arch/arm/boot/dts/socfpga_cyclone5_vining_fpga.dts +index 655fe87e272d9..349719a9c1360 100644 +--- a/arch/arm/boot/dts/socfpga_cyclone5_vining_fpga.dts ++++ b/arch/arm/boot/dts/socfpga_cyclone5_vining_fpga.dts +@@ -249,7 +249,7 @@ &qspi { + n25q128@0 { + #address-cells = <1>; + #size-cells = <1>; +- compatible = "n25q128"; ++ compatible = "micron,n25q128", "jedec,spi-nor"; + reg = <0>; /* chip select */ + spi-max-frequency = <100000000>; + m25p,fast-read; +@@ -266,7 +266,7 @@ n25q128@0 { + n25q00@1 { + #address-cells = <1>; + #size-cells = <1>; +- compatible = "n25q00"; ++ compatible = "micron,mt25qu02g", "jedec,spi-nor"; + reg = <1>; /* chip select */ + spi-max-frequency = <100000000>; + m25p,fast-read; +-- +2.33.0 + diff --git a/queue-4.14/dmaengine-st_fdma-fix-module_alias.patch b/queue-4.14/dmaengine-st_fdma-fix-module_alias.patch new file mode 100644 index 00000000000..d9530b82b60 --- /dev/null +++ b/queue-4.14/dmaengine-st_fdma-fix-module_alias.patch @@ -0,0 +1,33 @@ +From a4cb92368cf65e21efccbe6fd5348702d357f3b4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 25 Nov 2021 15:44:38 +0000 +Subject: dmaengine: st_fdma: fix MODULE_ALIAS + +From: Alyssa Ross + +[ Upstream commit 822c9f2b833c53fc67e8adf6f63ecc3ea24d502c ] + +modprobe can't handle spaces in aliases. + +Fixes: 6b4cd727eaf1 ("dmaengine: st_fdma: Add STMicroelectronics FDMA engine driver support") +Signed-off-by: Alyssa Ross +Link: https://lore.kernel.org/r/20211125154441.2626214-1-hi@alyssa.is +Signed-off-by: Vinod Koul +Signed-off-by: Sasha Levin +--- + drivers/dma/st_fdma.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/dma/st_fdma.c b/drivers/dma/st_fdma.c +index bfb79bd0c6de5..087d22ba8a2f6 100644 +--- a/drivers/dma/st_fdma.c ++++ b/drivers/dma/st_fdma.c +@@ -886,4 +886,4 @@ MODULE_LICENSE("GPL v2"); + MODULE_DESCRIPTION("STMicroelectronics FDMA engine driver"); + MODULE_AUTHOR("Ludovic.barre "); + MODULE_AUTHOR("Peter Griffin "); +-MODULE_ALIAS("platform: " DRIVER_NAME); ++MODULE_ALIAS("platform:" DRIVER_NAME); +-- +2.33.0 + diff --git a/queue-4.14/hv-utils-add-ptp_1588_clock-to-kconfig-to-fix-build.patch b/queue-4.14/hv-utils-add-ptp_1588_clock-to-kconfig-to-fix-build.patch new file mode 100644 index 00000000000..65046ca93d2 --- /dev/null +++ b/queue-4.14/hv-utils-add-ptp_1588_clock-to-kconfig-to-fix-build.patch @@ -0,0 +1,54 @@ +From 57110014247dc19c0f81fa0e77e4ff321af434e3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 25 Nov 2021 18:33:16 -0800 +Subject: hv: utils: add PTP_1588_CLOCK to Kconfig to fix build + +From: Randy Dunlap + +[ Upstream commit 1dc2f2b81a6a9895da59f3915760f6c0c3074492 ] + +The hyperv utilities use PTP clock interfaces and should depend a +a kconfig symbol such that they will be built as a loadable module or +builtin so that linker errors do not happen. + +Prevents these build errors: + +ld: drivers/hv/hv_util.o: in function `hv_timesync_deinit': +hv_util.c:(.text+0x37d): undefined reference to `ptp_clock_unregister' +ld: drivers/hv/hv_util.o: in function `hv_timesync_init': +hv_util.c:(.text+0x738): undefined reference to `ptp_clock_register' + +Fixes: 3716a49a81ba ("hv_utils: implement Hyper-V PTP source") +Signed-off-by: Randy Dunlap +Reported-by: kernel test robot +Cc: Arnd Bergmann +Cc: "K. Y. Srinivasan" +Cc: Haiyang Zhang +Cc: Stephen Hemminger +Cc: Wei Liu +Cc: Dexuan Cui +Cc: linux-hyperv@vger.kernel.org +Cc: Greg Kroah-Hartman +Reviewed-by: Michael Kelley +Link: https://lore.kernel.org/r/20211126023316.25184-1-rdunlap@infradead.org +Signed-off-by: Wei Liu +Signed-off-by: Sasha Levin +--- + drivers/hv/Kconfig | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/hv/Kconfig b/drivers/hv/Kconfig +index 247a62604d1f6..23ad80dbe7af0 100644 +--- a/drivers/hv/Kconfig ++++ b/drivers/hv/Kconfig +@@ -14,6 +14,7 @@ config HYPERV_TSCPAGE + config HYPERV_UTILS + tristate "Microsoft Hyper-V Utilities driver" + depends on HYPERV && CONNECTOR && NLS ++ depends on PTP_1588_CLOCK_OPTIONAL + help + Select this option to enable the Hyper-V Utilities. + +-- +2.33.0 + diff --git a/queue-4.14/igbvf-fix-double-free-in-igbvf_probe.patch b/queue-4.14/igbvf-fix-double-free-in-igbvf_probe.patch new file mode 100644 index 00000000000..d6196764290 --- /dev/null +++ b/queue-4.14/igbvf-fix-double-free-in-igbvf_probe.patch @@ -0,0 +1,80 @@ +From 0c5b3d372993138ba7c10f610102e5c4ac37587d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 13 Nov 2021 11:42:34 +0800 +Subject: igbvf: fix double free in `igbvf_probe` + +From: Letu Ren + +[ Upstream commit b6d335a60dc624c0d279333b22c737faa765b028 ] + +In `igbvf_probe`, if register_netdev() fails, the program will go to +label err_hw_init, and then to label err_ioremap. In free_netdev() which +is just below label err_ioremap, there is `list_for_each_entry_safe` and +`netif_napi_del` which aims to delete all entries in `dev->napi_list`. +The program has added an entry `adapter->rx_ring->napi` which is added by +`netif_napi_add` in igbvf_alloc_queues(). However, adapter->rx_ring has +been freed below label err_hw_init. So this a UAF. + +In terms of how to patch the problem, we can refer to igbvf_remove() and +delete the entry before `adapter->rx_ring`. + +The KASAN logs are as follows: + +[ 35.126075] BUG: KASAN: use-after-free in free_netdev+0x1fd/0x450 +[ 35.127170] Read of size 8 at addr ffff88810126d990 by task modprobe/366 +[ 35.128360] +[ 35.128643] CPU: 1 PID: 366 Comm: modprobe Not tainted 5.15.0-rc2+ #14 +[ 35.129789] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 +[ 35.131749] Call Trace: +[ 35.132199] dump_stack_lvl+0x59/0x7b +[ 35.132865] print_address_description+0x7c/0x3b0 +[ 35.133707] ? free_netdev+0x1fd/0x450 +[ 35.134378] __kasan_report+0x160/0x1c0 +[ 35.135063] ? free_netdev+0x1fd/0x450 +[ 35.135738] kasan_report+0x4b/0x70 +[ 35.136367] free_netdev+0x1fd/0x450 +[ 35.137006] igbvf_probe+0x121d/0x1a10 [igbvf] +[ 35.137808] ? igbvf_vlan_rx_add_vid+0x100/0x100 [igbvf] +[ 35.138751] local_pci_probe+0x13c/0x1f0 +[ 35.139461] pci_device_probe+0x37e/0x6c0 +[ 35.165526] +[ 35.165806] Allocated by task 366: +[ 35.166414] ____kasan_kmalloc+0xc4/0xf0 +[ 35.167117] foo_kmem_cache_alloc_trace+0x3c/0x50 [igbvf] +[ 35.168078] igbvf_probe+0x9c5/0x1a10 [igbvf] +[ 35.168866] local_pci_probe+0x13c/0x1f0 +[ 35.169565] pci_device_probe+0x37e/0x6c0 +[ 35.179713] +[ 35.179993] Freed by task 366: +[ 35.180539] kasan_set_track+0x4c/0x80 +[ 35.181211] kasan_set_free_info+0x1f/0x40 +[ 35.181942] ____kasan_slab_free+0x103/0x140 +[ 35.182703] kfree+0xe3/0x250 +[ 35.183239] igbvf_probe+0x1173/0x1a10 [igbvf] +[ 35.184040] local_pci_probe+0x13c/0x1f0 + +Fixes: d4e0fe01a38a0 (igbvf: add new driver to support 82576 virtual functions) +Reported-by: Zheyu Ma +Signed-off-by: Letu Ren +Tested-by: Konrad Jankowski +Signed-off-by: Tony Nguyen +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/intel/igbvf/netdev.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/net/ethernet/intel/igbvf/netdev.c b/drivers/net/ethernet/intel/igbvf/netdev.c +index 6f5888bd91944..98fd214f2c42b 100644 +--- a/drivers/net/ethernet/intel/igbvf/netdev.c ++++ b/drivers/net/ethernet/intel/igbvf/netdev.c +@@ -2911,6 +2911,7 @@ static int igbvf_probe(struct pci_dev *pdev, const struct pci_device_id *ent) + return 0; + + err_hw_init: ++ netif_napi_del(&adapter->rx_ring->napi); + kfree(adapter->tx_ring); + kfree(adapter->rx_ring); + err_sw_init: +-- +2.33.0 + diff --git a/queue-4.14/ixgbe-set-x550-mdio-speed-before-talking-to-phy.patch b/queue-4.14/ixgbe-set-x550-mdio-speed-before-talking-to-phy.patch new file mode 100644 index 00000000000..f8fb32106e3 --- /dev/null +++ b/queue-4.14/ixgbe-set-x550-mdio-speed-before-talking-to-phy.patch @@ -0,0 +1,56 @@ +From b9a02a6b9258676ae812fdb06747247b0df5ad76 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 1 Nov 2021 18:39:36 -0700 +Subject: ixgbe: set X550 MDIO speed before talking to PHY + +From: Cyril Novikov + +[ Upstream commit bf0a375055bd1afbbf02a0ef45f7655da7b71317 ] + +The MDIO bus speed must be initialized before talking to the PHY the first +time in order to avoid talking to it using a speed that the PHY doesn't +support. + +This fixes HW initialization error -17 (IXGBE_ERR_PHY_ADDR_INVALID) on +Denverton CPUs (a.k.a. the Atom C3000 family) on ports with a 10Gb network +plugged in. On those devices, HLREG0[MDCSPD] resets to 1, which combined +with the 10Gb network results in a 24MHz MDIO speed, which is apparently +too fast for the connected PHY. PHY register reads over MDIO bus return +garbage, leading to initialization failure. + +Reproduced with Linux kernel 4.19 and 5.15-rc7. Can be reproduced using +the following setup: + +* Use an Atom C3000 family system with at least one X552 LAN on the SoC +* Disable PXE or other BIOS network initialization if possible + (the interface must not be initialized before Linux boots) +* Connect a live 10Gb Ethernet cable to an X550 port +* Power cycle (not reset, doesn't always work) the system and boot Linux +* Observe: ixgbe interfaces w/ 10GbE cables plugged in fail with error -17 + +Fixes: e84db7272798 ("ixgbe: Introduce function to control MDIO speed") +Signed-off-by: Cyril Novikov +Reviewed-by: Andrew Lunn +Signed-off-by: Tony Nguyen +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c +index a37c951b07530..10fa0e095ec37 100644 +--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c ++++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c +@@ -3397,6 +3397,9 @@ static s32 ixgbe_reset_hw_X550em(struct ixgbe_hw *hw) + /* flush pending Tx transactions */ + ixgbe_clear_tx_pending(hw); + ++ /* set MDIO speed before talking to the PHY in case it's the 1st time */ ++ ixgbe_set_mdio_speed(hw); ++ + /* PHY ops must be identified and initialized prior to reset */ + + /* Identify PHY and related function pointers */ +-- +2.33.0 + diff --git a/queue-4.14/net-packet-rx_owner_map-depends-on-pg_vec.patch b/queue-4.14/net-packet-rx_owner_map-depends-on-pg_vec.patch new file mode 100644 index 00000000000..64ed2d73311 --- /dev/null +++ b/queue-4.14/net-packet-rx_owner_map-depends-on-pg_vec.patch @@ -0,0 +1,46 @@ +From 123267c7d2c88907c1448956b73adbf5f7aba761 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 15 Dec 2021 09:39:37 -0500 +Subject: net/packet: rx_owner_map depends on pg_vec + +From: Willem de Bruijn + +[ Upstream commit ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 ] + +Packet sockets may switch ring versions. Avoid misinterpreting state +between versions, whose fields share a union. rx_owner_map is only +allocated with a packet ring (pg_vec) and both are swapped together. +If pg_vec is NULL, meaning no packet ring was allocated, then neither +was rx_owner_map. And the field may be old state from a tpacket_v3. + +Fixes: 61fad6816fc1 ("net/packet: tpacket_rcv: avoid a producer race condition") +Reported-by: Syzbot +Signed-off-by: Willem de Bruijn +Reviewed-by: Eric Dumazet +Link: https://lore.kernel.org/r/20211215143937.106178-1-willemdebruijn.kernel@gmail.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + net/packet/af_packet.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c +index 50ca70b3c1759..3177b9320c62d 100644 +--- a/net/packet/af_packet.c ++++ b/net/packet/af_packet.c +@@ -4477,9 +4477,10 @@ static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u, + } + + out_free_pg_vec: +- bitmap_free(rx_owner_map); +- if (pg_vec) ++ if (pg_vec) { ++ bitmap_free(rx_owner_map); + free_pg_vec(pg_vec, order, req->tp_block_nr); ++ } + out: + return err; + } +-- +2.33.0 + diff --git a/queue-4.14/series b/queue-4.14/series index f533696aebf..6f06ed9253d 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -14,3 +14,11 @@ audit-improve-robustness-of-the-audit-queue-handling.patch nfsd-fix-use-after-free-due-to-delegation-race.patch x86-make-arch_use_memremap_prot-a-generic-kconfig-symbol.patch x86-sme-explicitly-map-new-efi-memmap-table-as-encrypted.patch +hv-utils-add-ptp_1588_clock-to-kconfig-to-fix-build.patch +arm-socfpga-dts-fix-qspi-node-compatible.patch +dmaengine-st_fdma-fix-module_alias.patch +soc-tegra-fuse-fix-bitwise-vs.-logical-or-warning.patch +igbvf-fix-double-free-in-igbvf_probe.patch +ixgbe-set-x550-mdio-speed-before-talking-to-phy.patch +net-packet-rx_owner_map-depends-on-pg_vec.patch +sit-do-not-call-ipip6_dev_free-from-sit_init_net.patch diff --git a/queue-4.14/sit-do-not-call-ipip6_dev_free-from-sit_init_net.patch b/queue-4.14/sit-do-not-call-ipip6_dev_free-from-sit_init_net.patch new file mode 100644 index 00000000000..e70c523bc45 --- /dev/null +++ b/queue-4.14/sit-do-not-call-ipip6_dev_free-from-sit_init_net.patch @@ -0,0 +1,88 @@ +From 37ccfc36fff80b958155268000a1cdae80f1d310 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 16 Dec 2021 03:17:41 -0800 +Subject: sit: do not call ipip6_dev_free() from sit_init_net() + +From: Eric Dumazet + +[ Upstream commit e28587cc491ef0f3c51258fdc87fbc386b1d4c59 ] + +ipip6_dev_free is sit dev->priv_destructor, already called +by register_netdevice() if something goes wrong. + +Alternative would be to make ipip6_dev_free() robust against +multiple invocations, but other drivers do not implement this +strategy. + +syzbot reported: + +dst_release underflow +WARNING: CPU: 0 PID: 5059 at net/core/dst.c:173 dst_release+0xd8/0xe0 net/core/dst.c:173 +Modules linked in: +CPU: 1 PID: 5059 Comm: syz-executor.4 Not tainted 5.16.0-rc5-syzkaller #0 +Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 +RIP: 0010:dst_release+0xd8/0xe0 net/core/dst.c:173 +Code: 4c 89 f2 89 d9 31 c0 5b 41 5e 5d e9 da d5 44 f9 e8 1d 90 5f f9 c6 05 87 48 c6 05 01 48 c7 c7 80 44 99 8b 31 c0 e8 e8 67 29 f9 <0f> 0b eb 85 0f 1f 40 00 53 48 89 fb e8 f7 8f 5f f9 48 83 c3 a8 48 +RSP: 0018:ffffc9000aa5faa0 EFLAGS: 00010246 +RAX: d6894a925dd15a00 RBX: 00000000ffffffff RCX: 0000000000040000 +RDX: ffffc90005e19000 RSI: 000000000003ffff RDI: 0000000000040000 +RBP: 0000000000000000 R08: ffffffff816a1f42 R09: ffffed1017344f2c +R10: ffffed1017344f2c R11: 0000000000000000 R12: 0000607f462b1358 +R13: 1ffffffff1bfd305 R14: ffffe8ffffcb1358 R15: dffffc0000000000 +FS: 00007f66c71a2700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 +CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +CR2: 00007f88aaed5058 CR3: 0000000023e0f000 CR4: 00000000003506f0 +DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +Call Trace: + + dst_cache_destroy+0x107/0x1e0 net/core/dst_cache.c:160 + ipip6_dev_free net/ipv6/sit.c:1414 [inline] + sit_init_net+0x229/0x550 net/ipv6/sit.c:1936 + ops_init+0x313/0x430 net/core/net_namespace.c:140 + setup_net+0x35b/0x9d0 net/core/net_namespace.c:326 + copy_net_ns+0x359/0x5c0 net/core/net_namespace.c:470 + create_new_namespaces+0x4ce/0xa00 kernel/nsproxy.c:110 + unshare_nsproxy_namespaces+0x11e/0x180 kernel/nsproxy.c:226 + ksys_unshare+0x57d/0xb50 kernel/fork.c:3075 + __do_sys_unshare kernel/fork.c:3146 [inline] + __se_sys_unshare kernel/fork.c:3144 [inline] + __x64_sys_unshare+0x34/0x40 kernel/fork.c:3144 + do_syscall_x64 arch/x86/entry/common.c:50 [inline] + do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80 + entry_SYSCALL_64_after_hwframe+0x44/0xae +RIP: 0033:0x7f66c882ce99 +Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 +RSP: 002b:00007f66c71a2168 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 +RAX: ffffffffffffffda RBX: 00007f66c893ff60 RCX: 00007f66c882ce99 +RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000048040200 +RBP: 00007f66c8886ff1 R08: 0000000000000000 R09: 0000000000000000 +R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 +R13: 00007fff6634832f R14: 00007f66c71a2300 R15: 0000000000022000 + + +Fixes: cf124db566e6 ("net: Fix inconsistent teardown and release of private netdev state.") +Signed-off-by: Eric Dumazet +Reported-by: syzbot +Link: https://lore.kernel.org/r/20211216111741.1387540-1-eric.dumazet@gmail.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + net/ipv6/sit.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c +index 0c71137c5d41b..43fd9cfa7b115 100644 +--- a/net/ipv6/sit.c ++++ b/net/ipv6/sit.c +@@ -1858,7 +1858,6 @@ static int __net_init sit_init_net(struct net *net) + return 0; + + err_reg_dev: +- ipip6_dev_free(sitn->fb_tunnel_dev); + free_netdev(sitn->fb_tunnel_dev); + err_alloc_dev: + return err; +-- +2.33.0 + diff --git a/queue-4.14/soc-tegra-fuse-fix-bitwise-vs.-logical-or-warning.patch b/queue-4.14/soc-tegra-fuse-fix-bitwise-vs.-logical-or-warning.patch new file mode 100644 index 00000000000..25d4badbaf4 --- /dev/null +++ b/queue-4.14/soc-tegra-fuse-fix-bitwise-vs.-logical-or-warning.patch @@ -0,0 +1,76 @@ +From a2f8629fe05f4d7f833778a9ab86e1ac2bf895f3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 10 Dec 2021 09:55:29 -0700 +Subject: soc/tegra: fuse: Fix bitwise vs. logical OR warning +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Nathan Chancellor + +[ Upstream commit a7083763619f7485ccdade160deb81737cf2732f ] + +A new warning in clang points out two instances where boolean +expressions are being used with a bitwise OR instead of logical OR: + +drivers/soc/tegra/fuse/speedo-tegra20.c:72:9: warning: use of bitwise '|' with boolean operands [-Wbitwise-instead-of-logical] + reg = tegra_fuse_read_spare(i) | + ^~~~~~~~~~~~~~~~~~~~~~~~~~ + || +drivers/soc/tegra/fuse/speedo-tegra20.c:72:9: note: cast one or both operands to int to silence this warning +drivers/soc/tegra/fuse/speedo-tegra20.c:87:9: warning: use of bitwise '|' with boolean operands [-Wbitwise-instead-of-logical] + reg = tegra_fuse_read_spare(i) | + ^~~~~~~~~~~~~~~~~~~~~~~~~~ + || +drivers/soc/tegra/fuse/speedo-tegra20.c:87:9: note: cast one or both operands to int to silence this warning +2 warnings generated. + +The motivation for the warning is that logical operations short circuit +while bitwise operations do not. + +In this instance, tegra_fuse_read_spare() is not semantically returning +a boolean, it is returning a bit value. Use u32 for its return type so +that it can be used with either bitwise or boolean operators without any +warnings. + +Fixes: 25cd5a391478 ("ARM: tegra: Add speedo-based process identification") +Link: https://github.com/ClangBuiltLinux/linux/issues/1488 +Suggested-by: Michał Mirosław +Signed-off-by: Nathan Chancellor +Reviewed-by: Nick Desaulniers +Signed-off-by: Thierry Reding +Signed-off-by: Sasha Levin +--- + drivers/soc/tegra/fuse/fuse-tegra.c | 2 +- + drivers/soc/tegra/fuse/fuse.h | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/soc/tegra/fuse/fuse-tegra.c b/drivers/soc/tegra/fuse/fuse-tegra.c +index 37bde5c8268d1..a623e498a97bc 100644 +--- a/drivers/soc/tegra/fuse/fuse-tegra.c ++++ b/drivers/soc/tegra/fuse/fuse-tegra.c +@@ -178,7 +178,7 @@ static struct platform_driver tegra_fuse_driver = { + }; + builtin_platform_driver(tegra_fuse_driver); + +-bool __init tegra_fuse_read_spare(unsigned int spare) ++u32 __init tegra_fuse_read_spare(unsigned int spare) + { + unsigned int offset = fuse->soc->info->spare + spare * 4; + +diff --git a/drivers/soc/tegra/fuse/fuse.h b/drivers/soc/tegra/fuse/fuse.h +index 10c2076d5089a..f368bd5373088 100644 +--- a/drivers/soc/tegra/fuse/fuse.h ++++ b/drivers/soc/tegra/fuse/fuse.h +@@ -62,7 +62,7 @@ struct tegra_fuse { + void tegra_init_revision(void); + void tegra_init_apbmisc(void); + +-bool __init tegra_fuse_read_spare(unsigned int spare); ++u32 __init tegra_fuse_read_spare(unsigned int spare); + u32 __init tegra_fuse_read_early(unsigned int offset); + + #ifdef CONFIG_ARCH_TEGRA_2x_SOC +-- +2.33.0 +