From: Sasha Levin Date: Sun, 18 Feb 2024 16:39:33 +0000 (-0500) Subject: Fixes for 6.7 X-Git-Tag: v4.19.307~141 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a429c630ce515f194a75a4d57498997e0ee68b88;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 6.7 Signed-off-by: Sasha Levin --- diff --git a/queue-6.7/alsa-hda-cs35l56-select-intended-config-fw_cs_dsp.patch b/queue-6.7/alsa-hda-cs35l56-select-intended-config-fw_cs_dsp.patch new file mode 100644 index 00000000000..74c274caede --- /dev/null +++ b/queue-6.7/alsa-hda-cs35l56-select-intended-config-fw_cs_dsp.patch @@ -0,0 +1,58 @@ +From 0dd9dd07cde0644122322599e91bd32bdeb7a078 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 9 Feb 2024 09:20:44 +0100 +Subject: ALSA: hda/cs35l56: select intended config FW_CS_DSP + +From: Lukas Bulwahn + +[ Upstream commit e5aa6d51a2ef8c7ef7e3fe76bebe530fb68e7f08 ] + +Commit 73cfbfa9caea ("ALSA: hda/cs35l56: Add driver for Cirrus Logic +CS35L56 amplifier") adds configs SND_HDA_SCODEC_CS35L56_{I2C,SPI}, +which selects the non-existing config CS_DSP. Note the renaming in +commit d7cfdf17cb9d ("firmware: cs_dsp: Rename KConfig symbol CS_DSP -> +FW_CS_DSP"), though. + +Select the intended config FW_CS_DSP. + +This broken select command probably was not noticed as the configs also +select SND_HDA_CS_DSP_CONTROLS and this then selects FW_CS_DSP. So, the +select FW_CS_DSP could actually be dropped, but we will keep this +redundancy in place as the author originally also intended to have this +redundancy of selects in place. + +Fixes: 73cfbfa9caea ("ALSA: hda/cs35l56: Add driver for Cirrus Logic CS35L56 amplifier") +Signed-off-by: Lukas Bulwahn +Reviewed-by: Simon Trimmer +Link: https://lore.kernel.org/r/20240209082044.3981-1-lukas.bulwahn@gmail.com +Signed-off-by: Takashi Iwai +Signed-off-by: Sasha Levin +--- + sound/pci/hda/Kconfig | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/sound/pci/hda/Kconfig b/sound/pci/hda/Kconfig +index 21a90b3c4cc7..8e0ff70fb610 100644 +--- a/sound/pci/hda/Kconfig ++++ b/sound/pci/hda/Kconfig +@@ -156,7 +156,7 @@ config SND_HDA_SCODEC_CS35L56_I2C + depends on I2C + depends on ACPI || COMPILE_TEST + depends on SND_SOC +- select CS_DSP ++ select FW_CS_DSP + select SND_HDA_GENERIC + select SND_SOC_CS35L56_SHARED + select SND_HDA_SCODEC_CS35L56 +@@ -171,7 +171,7 @@ config SND_HDA_SCODEC_CS35L56_SPI + depends on SPI_MASTER + depends on ACPI || COMPILE_TEST + depends on SND_SOC +- select CS_DSP ++ select FW_CS_DSP + select SND_HDA_GENERIC + select SND_SOC_CS35L56_SHARED + select SND_HDA_SCODEC_CS35L56 +-- +2.43.0 + diff --git a/queue-6.7/asoc-intel-avs-fix-dynamic-port-assignment-when-tdm-.patch b/queue-6.7/asoc-intel-avs-fix-dynamic-port-assignment-when-tdm-.patch new file mode 100644 index 00000000000..6e44601fd38 --- /dev/null +++ b/queue-6.7/asoc-intel-avs-fix-dynamic-port-assignment-when-tdm-.patch @@ -0,0 +1,42 @@ +From f0c9c67b7f256da983bc8a2f678844ca112afe75 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 7 Feb 2024 12:26:24 +0100 +Subject: ASoC: Intel: avs: Fix dynamic port assignment when TDM is set +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Amadeusz Sławiński + +[ Upstream commit 44d3b8a19b91cd2af11f918b2fd05628383172de ] + +In case TDM is set in topology on SSP0, parser will overwrite vindex +value, because it only checks if port is set. Fix this by checking whole +field value. + +Fixes: e6d50e474e45 ("ASoC: Intel: avs: Improve topology parsing of dynamic strings") +Reviewed-by: Cezary Rojewski +Signed-off-by: Amadeusz Sławiński +Link: https://lore.kernel.org/r/20240207112624.2132821-1-amadeuszx.slawinski@linux.intel.com +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + sound/soc/intel/avs/topology.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sound/soc/intel/avs/topology.c b/sound/soc/intel/avs/topology.c +index c74e9d622e4c..41020409ffb6 100644 +--- a/sound/soc/intel/avs/topology.c ++++ b/sound/soc/intel/avs/topology.c +@@ -857,7 +857,7 @@ assign_copier_gtw_instance(struct snd_soc_component *comp, struct avs_tplg_modcf + } + + /* If topology sets value don't overwrite it */ +- if (cfg->copier.vindex.i2s.instance) ++ if (cfg->copier.vindex.val) + return; + + mach = dev_get_platdata(comp->card->dev); +-- +2.43.0 + diff --git a/queue-6.7/asoc-intel-avs-fix-pci_probe-error-path.patch b/queue-6.7/asoc-intel-avs-fix-pci_probe-error-path.patch new file mode 100644 index 00000000000..1f2d9a24de8 --- /dev/null +++ b/queue-6.7/asoc-intel-avs-fix-pci_probe-error-path.patch @@ -0,0 +1,40 @@ +From dfe46caf6f8ebcd6c76c6b4dd7eb618ffae19e31 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 2 Feb 2024 12:49:01 +0100 +Subject: ASoC: Intel: avs: Fix pci_probe() error path + +From: Cezary Rojewski + +[ Upstream commit b5fbde22684af5456d1de60758950944d69d69ad ] + +Recent changes modified operation-order in the probe() function without +updating its error path accordingly. If snd_hdac_i915_init() exists with +status EPROBE_DEFER the error path must cleanup allocated IRQs before +leaving the scope. + +Fixes: 2dddc514b6e4 ("ASoC: Intel: avs: Move snd_hdac_i915_init to before probe_work.") +Signed-off-by: Cezary Rojewski +Link: https://lore.kernel.org/r/20240202114901.1002127-1-cezary.rojewski@intel.com +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + sound/soc/intel/avs/core.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/sound/soc/intel/avs/core.c b/sound/soc/intel/avs/core.c +index 59c3793f65df..db78eb2f0108 100644 +--- a/sound/soc/intel/avs/core.c ++++ b/sound/soc/intel/avs/core.c +@@ -477,6 +477,9 @@ static int avs_pci_probe(struct pci_dev *pci, const struct pci_device_id *id) + return 0; + + err_i915_init: ++ pci_free_irq(pci, 0, adev); ++ pci_free_irq(pci, 0, bus); ++ pci_free_irq_vectors(pci); + pci_clear_master(pci); + pci_set_drvdata(pci, NULL); + err_acquire_irq: +-- +2.43.0 + diff --git a/queue-6.7/asoc-rt5645-fix-deadlock-in-rt5645_jack_detect_work.patch b/queue-6.7/asoc-rt5645-fix-deadlock-in-rt5645_jack_detect_work.patch new file mode 100644 index 00000000000..e542d4ab47a --- /dev/null +++ b/queue-6.7/asoc-rt5645-fix-deadlock-in-rt5645_jack_detect_work.patch @@ -0,0 +1,39 @@ +From 5710e32b7f9546361614ef21525e67f69377c4df Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 11 Feb 2024 12:58:34 +0300 +Subject: ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() + +From: Alexey Khoroshilov + +[ Upstream commit 6ef5d5b92f7117b324efaac72b3db27ae8bb3082 ] + +There is a path in rt5645_jack_detect_work(), where rt5645->jd_mutex +is left locked forever. That may lead to deadlock +when rt5645_jack_detect_work() is called for the second time. + +Found by Linux Verification Center (linuxtesting.org) with SVACE. + +Fixes: cdba4301adda ("ASoC: rt5650: add mutex to avoid the jack detection failure") +Signed-off-by: Alexey Khoroshilov +Link: https://lore.kernel.org/r/1707645514-21196-1-git-send-email-khoroshilov@ispras.ru +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + sound/soc/codecs/rt5645.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/sound/soc/codecs/rt5645.c b/sound/soc/codecs/rt5645.c +index edcb85bd8ea7..ea08b7cfc31d 100644 +--- a/sound/soc/codecs/rt5645.c ++++ b/sound/soc/codecs/rt5645.c +@@ -3314,6 +3314,7 @@ static void rt5645_jack_detect_work(struct work_struct *work) + report, SND_JACK_HEADPHONE); + snd_soc_jack_report(rt5645->mic_jack, + report, SND_JACK_MICROPHONE); ++ mutex_unlock(&rt5645->jd_mutex); + return; + case 4: + val = snd_soc_component_read(rt5645->component, RT5645_A_JD_CTRL1) & 0x0020; +-- +2.43.0 + diff --git a/queue-6.7/asoc-sof-ipc3-topology-fix-pipeline-tear-down-logic.patch b/queue-6.7/asoc-sof-ipc3-topology-fix-pipeline-tear-down-logic.patch new file mode 100644 index 00000000000..7c5a2f0bdeb --- /dev/null +++ b/queue-6.7/asoc-sof-ipc3-topology-fix-pipeline-tear-down-logic.patch @@ -0,0 +1,124 @@ +From 0152a21c8cba06c2ebf6747672fdd7118c46aeaf Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 8 Feb 2024 15:34:32 +0200 +Subject: ASoC: SOF: ipc3-topology: Fix pipeline tear down logic +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Ranjani Sridharan + +[ Upstream commit d7332c4a4f1a7d16f054c6357fb65c597b6a86a7 ] + +With the change in the widget free logic to power down the cores only +when the scheduler widgets are freed, we need to ensure that the +scheduler widget is freed only after all the widgets associated with the +scheduler are freed. This is to ensure that the secondary core that the +scheduler is scheduled to run on is kept powered on until all widgets +that need them are in use. While this works well for dynamic pipelines, +in the case of static pipelines the current logic does not take this into +account and frees all widgets in the order they occur in the +widget_list. So, modify this to ensure that the scheduler widgets are freed +only after all other types of widgets in the widget_list are freed. + +Link: https://github.com/thesofproject/linux/issues/4807 +Fixes: 31ed8da1c8e5 ("ASoC: SOF: sof-audio: Modify logic for enabling/disabling topology cores") +Signed-off-by: Ranjani Sridharan +Reviewed-by: Pierre-Louis Bossart +Reviewed-by: Péter Ujfalusi +Signed-off-by: Peter Ujfalusi +Link: https://lore.kernel.org/r/20240208133432.1688-1-peter.ujfalusi@linux.intel.com +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + sound/soc/sof/ipc3-topology.c | 55 ++++++++++++++++++++++++++--------- + 1 file changed, 41 insertions(+), 14 deletions(-) + +diff --git a/sound/soc/sof/ipc3-topology.c b/sound/soc/sof/ipc3-topology.c +index 2c7a5e7a364c..d96555438c6b 100644 +--- a/sound/soc/sof/ipc3-topology.c ++++ b/sound/soc/sof/ipc3-topology.c +@@ -2309,27 +2309,16 @@ static int sof_tear_down_left_over_pipelines(struct snd_sof_dev *sdev) + return 0; + } + +-/* +- * For older firmware, this function doesn't free widgets for static pipelines during suspend. +- * It only resets use_count for all widgets. +- */ +-static int sof_ipc3_tear_down_all_pipelines(struct snd_sof_dev *sdev, bool verify) ++static int sof_ipc3_free_widgets_in_list(struct snd_sof_dev *sdev, bool include_scheduler, ++ bool *dyn_widgets, bool verify) + { + struct sof_ipc_fw_version *v = &sdev->fw_ready.version; + struct snd_sof_widget *swidget; +- struct snd_sof_route *sroute; +- bool dyn_widgets = false; + int ret; + +- /* +- * This function is called during suspend and for one-time topology verification during +- * first boot. In both cases, there is no need to protect swidget->use_count and +- * sroute->setup because during suspend all running streams are suspended and during +- * topology loading the sound card unavailable to open PCMs. +- */ + list_for_each_entry(swidget, &sdev->widget_list, list) { + if (swidget->dynamic_pipeline_widget) { +- dyn_widgets = true; ++ *dyn_widgets = true; + continue; + } + +@@ -2344,11 +2333,49 @@ static int sof_ipc3_tear_down_all_pipelines(struct snd_sof_dev *sdev, bool verif + continue; + } + ++ if (include_scheduler && swidget->id != snd_soc_dapm_scheduler) ++ continue; ++ ++ if (!include_scheduler && swidget->id == snd_soc_dapm_scheduler) ++ continue; ++ + ret = sof_widget_free(sdev, swidget); + if (ret < 0) + return ret; + } + ++ return 0; ++} ++ ++/* ++ * For older firmware, this function doesn't free widgets for static pipelines during suspend. ++ * It only resets use_count for all widgets. ++ */ ++static int sof_ipc3_tear_down_all_pipelines(struct snd_sof_dev *sdev, bool verify) ++{ ++ struct sof_ipc_fw_version *v = &sdev->fw_ready.version; ++ struct snd_sof_widget *swidget; ++ struct snd_sof_route *sroute; ++ bool dyn_widgets = false; ++ int ret; ++ ++ /* ++ * This function is called during suspend and for one-time topology verification during ++ * first boot. In both cases, there is no need to protect swidget->use_count and ++ * sroute->setup because during suspend all running streams are suspended and during ++ * topology loading the sound card unavailable to open PCMs. Do not free the scheduler ++ * widgets yet so that the secondary cores do not get powered down before all the widgets ++ * associated with the scheduler are freed. ++ */ ++ ret = sof_ipc3_free_widgets_in_list(sdev, false, &dyn_widgets, verify); ++ if (ret < 0) ++ return ret; ++ ++ /* free all the scheduler widgets now */ ++ ret = sof_ipc3_free_widgets_in_list(sdev, true, &dyn_widgets, verify); ++ if (ret < 0) ++ return ret; ++ + /* + * Tear down all pipelines associated with PCMs that did not get suspended + * and unset the prepare flag so that they can be set up again during resume. +-- +2.43.0 + diff --git a/queue-6.7/bonding-do-not-report-netdev_xdp_act_xsk_zerocopy.patch b/queue-6.7/bonding-do-not-report-netdev_xdp_act_xsk_zerocopy.patch new file mode 100644 index 00000000000..67de0871eb8 --- /dev/null +++ b/queue-6.7/bonding-do-not-report-netdev_xdp_act_xsk_zerocopy.patch @@ -0,0 +1,60 @@ +From 4623e7948e1d88b126c46a57695cbb0b069016f3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 7 Feb 2024 09:47:36 +0100 +Subject: bonding: do not report NETDEV_XDP_ACT_XSK_ZEROCOPY +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Magnus Karlsson + +[ Upstream commit 9b0ed890ac2ae233efd8b27d11aee28a19437bb8 ] + +Do not report the XDP capability NETDEV_XDP_ACT_XSK_ZEROCOPY as the +bonding driver does not support XDP and AF_XDP in zero-copy mode even +if the real NIC drivers do. + +Note that the driver used to report everything as supported before a +device was bonded. Instead of just masking out the zero-copy support +from this, have the driver report that no XDP feature is supported +until a real device is bonded. This seems to be more truthful as it is +the real drivers that decide what XDP features are supported. + +Fixes: cb9e6e584d58 ("bonding: add xdp_features support") +Reported-by: Prashant Batra +Link: https://lore.kernel.org/all/CAJ8uoz2ieZCopgqTvQ9ZY6xQgTbujmC6XkMTamhp68O-h_-rLg@mail.gmail.com/T/ +Signed-off-by: Magnus Karlsson +Reviewed-by: Toke Høiland-Jørgensen +Link: https://lore.kernel.org/r/20240207084737.20890-1-magnus.karlsson@gmail.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + drivers/net/bonding/bond_main.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c +index 8e6cc0e133b7..6cf7f364704e 100644 +--- a/drivers/net/bonding/bond_main.c ++++ b/drivers/net/bonding/bond_main.c +@@ -1819,6 +1819,8 @@ void bond_xdp_set_features(struct net_device *bond_dev) + bond_for_each_slave(bond, slave, iter) + val &= slave->dev->xdp_features; + ++ val &= ~NETDEV_XDP_ACT_XSK_ZEROCOPY; ++ + xdp_set_features_flag(bond_dev, val); + } + +@@ -5934,9 +5936,6 @@ void bond_setup(struct net_device *bond_dev) + if (BOND_MODE(bond) == BOND_MODE_ACTIVEBACKUP) + bond_dev->features |= BOND_XFRM_FEATURES; + #endif /* CONFIG_XFRM_OFFLOAD */ +- +- if (bond_xdp_check(bond)) +- bond_dev->xdp_features = NETDEV_XDP_ACT_MASK; + } + + /* Destroy a bonding device. +-- +2.43.0 + diff --git a/queue-6.7/devlink-fix-command-annotation-documentation.patch b/queue-6.7/devlink-fix-command-annotation-documentation.patch new file mode 100644 index 00000000000..023dd6881c6 --- /dev/null +++ b/queue-6.7/devlink-fix-command-annotation-documentation.patch @@ -0,0 +1,39 @@ +From 2820a2517788f91bcc3f22d678f61b70489d4f67 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 6 Feb 2024 18:17:17 +0200 +Subject: devlink: Fix command annotation documentation + +From: Parav Pandit + +[ Upstream commit 4ab18af47a2c2a80ac11674122935700caf80cc6 ] + +Command example string is not read as command. +Fix command annotation. + +Fixes: a8ce7b26a51e ("devlink: Expose port function commands to control migratable") +Signed-off-by: Parav Pandit +Reviewed-by: Jiri Pirko +Reviewed-by: Simon Horman +Link: https://lore.kernel.org/r/20240206161717.466653-1-parav@nvidia.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + Documentation/networking/devlink/devlink-port.rst | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Documentation/networking/devlink/devlink-port.rst b/Documentation/networking/devlink/devlink-port.rst +index e33ad2401ad7..562f46b41274 100644 +--- a/Documentation/networking/devlink/devlink-port.rst ++++ b/Documentation/networking/devlink/devlink-port.rst +@@ -126,7 +126,7 @@ Users may also set the RoCE capability of the function using + `devlink port function set roce` command. + + Users may also set the function as migratable using +-'devlink port function set migratable' command. ++`devlink port function set migratable` command. + + Users may also set the IPsec crypto capability of the function using + `devlink port function set ipsec_crypto` command. +-- +2.43.0 + diff --git a/queue-6.7/dpll-fix-possible-deadlock-during-netlink-dump-opera.patch b/queue-6.7/dpll-fix-possible-deadlock-during-netlink-dump-opera.patch new file mode 100644 index 00000000000..bf9af91aa4d --- /dev/null +++ b/queue-6.7/dpll-fix-possible-deadlock-during-netlink-dump-opera.patch @@ -0,0 +1,219 @@ +From 0a99ce6cf90912a10fb9b90b781459500ad8e468 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 7 Feb 2024 12:59:02 +0100 +Subject: dpll: fix possible deadlock during netlink dump operation + +From: Jiri Pirko + +[ Upstream commit 53c0441dd2c44ee93fddb5473885fd41e4bc2361 ] + +Recently, I've been hitting following deadlock warning during dpll pin +dump: + +[52804.637962] ====================================================== +[52804.638536] WARNING: possible circular locking dependency detected +[52804.639111] 6.8.0-rc2jiri+ #1 Not tainted +[52804.639529] ------------------------------------------------------ +[52804.640104] python3/2984 is trying to acquire lock: +[52804.640581] ffff88810e642678 (nlk_cb_mutex-GENERIC){+.+.}-{3:3}, at: netlink_dump+0xb3/0x780 +[52804.641417] + but task is already holding lock: +[52804.642010] ffffffff83bde4c8 (dpll_lock){+.+.}-{3:3}, at: dpll_lock_dumpit+0x13/0x20 +[52804.642747] + which lock already depends on the new lock. + +[52804.643551] + the existing dependency chain (in reverse order) is: +[52804.644259] + -> #1 (dpll_lock){+.+.}-{3:3}: +[52804.644836] lock_acquire+0x174/0x3e0 +[52804.645271] __mutex_lock+0x119/0x1150 +[52804.645723] dpll_lock_dumpit+0x13/0x20 +[52804.646169] genl_start+0x266/0x320 +[52804.646578] __netlink_dump_start+0x321/0x450 +[52804.647056] genl_family_rcv_msg_dumpit+0x155/0x1e0 +[52804.647575] genl_rcv_msg+0x1ed/0x3b0 +[52804.648001] netlink_rcv_skb+0xdc/0x210 +[52804.648440] genl_rcv+0x24/0x40 +[52804.648831] netlink_unicast+0x2f1/0x490 +[52804.649290] netlink_sendmsg+0x36d/0x660 +[52804.649742] __sock_sendmsg+0x73/0xc0 +[52804.650165] __sys_sendto+0x184/0x210 +[52804.650597] __x64_sys_sendto+0x72/0x80 +[52804.651045] do_syscall_64+0x6f/0x140 +[52804.651474] entry_SYSCALL_64_after_hwframe+0x46/0x4e +[52804.652001] + -> #0 (nlk_cb_mutex-GENERIC){+.+.}-{3:3}: +[52804.652650] check_prev_add+0x1ae/0x1280 +[52804.653107] __lock_acquire+0x1ed3/0x29a0 +[52804.653559] lock_acquire+0x174/0x3e0 +[52804.653984] __mutex_lock+0x119/0x1150 +[52804.654423] netlink_dump+0xb3/0x780 +[52804.654845] __netlink_dump_start+0x389/0x450 +[52804.655321] genl_family_rcv_msg_dumpit+0x155/0x1e0 +[52804.655842] genl_rcv_msg+0x1ed/0x3b0 +[52804.656272] netlink_rcv_skb+0xdc/0x210 +[52804.656721] genl_rcv+0x24/0x40 +[52804.657119] netlink_unicast+0x2f1/0x490 +[52804.657570] netlink_sendmsg+0x36d/0x660 +[52804.658022] __sock_sendmsg+0x73/0xc0 +[52804.658450] __sys_sendto+0x184/0x210 +[52804.658877] __x64_sys_sendto+0x72/0x80 +[52804.659322] do_syscall_64+0x6f/0x140 +[52804.659752] entry_SYSCALL_64_after_hwframe+0x46/0x4e +[52804.660281] + other info that might help us debug this: + +[52804.661077] Possible unsafe locking scenario: + +[52804.661671] CPU0 CPU1 +[52804.662129] ---- ---- +[52804.662577] lock(dpll_lock); +[52804.662924] lock(nlk_cb_mutex-GENERIC); +[52804.663538] lock(dpll_lock); +[52804.664073] lock(nlk_cb_mutex-GENERIC); +[52804.664490] + +The issue as follows: __netlink_dump_start() calls control->start(cb) +with nlk->cb_mutex held. In control->start(cb) the dpll_lock is taken. +Then nlk->cb_mutex is released and taken again in netlink_dump(), while +dpll_lock still being held. That leads to ABBA deadlock when another +CPU races with the same operation. + +Fix this by moving dpll_lock taking into dumpit() callback which ensures +correct lock taking order. + +Fixes: 9d71b54b65b1 ("dpll: netlink: Add DPLL framework base functions") +Signed-off-by: Jiri Pirko +Reviewed-by: Arkadiusz Kubalewski +Link: https://lore.kernel.org/r/20240207115902.371649-1-jiri@resnulli.us +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + Documentation/netlink/specs/dpll.yaml | 4 ---- + drivers/dpll/dpll_netlink.c | 20 ++++++-------------- + drivers/dpll/dpll_nl.c | 4 ---- + drivers/dpll/dpll_nl.h | 2 -- + 4 files changed, 6 insertions(+), 24 deletions(-) + +diff --git a/Documentation/netlink/specs/dpll.yaml b/Documentation/netlink/specs/dpll.yaml +index cf8abe1c0550..2b4c4bcd8361 100644 +--- a/Documentation/netlink/specs/dpll.yaml ++++ b/Documentation/netlink/specs/dpll.yaml +@@ -374,8 +374,6 @@ operations: + - type + + dump: +- pre: dpll-lock-dumpit +- post: dpll-unlock-dumpit + reply: *dev-attrs + + - +@@ -462,8 +460,6 @@ operations: + - phase-adjust + + dump: +- pre: dpll-lock-dumpit +- post: dpll-unlock-dumpit + request: + attributes: + - id +diff --git a/drivers/dpll/dpll_netlink.c b/drivers/dpll/dpll_netlink.c +index 7cc99d627942..c8c2e836193a 100644 +--- a/drivers/dpll/dpll_netlink.c ++++ b/drivers/dpll/dpll_netlink.c +@@ -1171,6 +1171,7 @@ int dpll_nl_pin_get_dumpit(struct sk_buff *skb, struct netlink_callback *cb) + unsigned long i; + int ret = 0; + ++ mutex_lock(&dpll_lock); + xa_for_each_marked_start(&dpll_pin_xa, i, pin, DPLL_REGISTERED, + ctx->idx) { + if (!dpll_pin_available(pin)) +@@ -1190,6 +1191,8 @@ int dpll_nl_pin_get_dumpit(struct sk_buff *skb, struct netlink_callback *cb) + } + genlmsg_end(skb, hdr); + } ++ mutex_unlock(&dpll_lock); ++ + if (ret == -EMSGSIZE) { + ctx->idx = i; + return skb->len; +@@ -1345,6 +1348,7 @@ int dpll_nl_device_get_dumpit(struct sk_buff *skb, struct netlink_callback *cb) + unsigned long i; + int ret = 0; + ++ mutex_lock(&dpll_lock); + xa_for_each_marked_start(&dpll_device_xa, i, dpll, DPLL_REGISTERED, + ctx->idx) { + hdr = genlmsg_put(skb, NETLINK_CB(cb->skb).portid, +@@ -1361,6 +1365,8 @@ int dpll_nl_device_get_dumpit(struct sk_buff *skb, struct netlink_callback *cb) + } + genlmsg_end(skb, hdr); + } ++ mutex_unlock(&dpll_lock); ++ + if (ret == -EMSGSIZE) { + ctx->idx = i; + return skb->len; +@@ -1411,20 +1417,6 @@ dpll_unlock_doit(const struct genl_split_ops *ops, struct sk_buff *skb, + mutex_unlock(&dpll_lock); + } + +-int dpll_lock_dumpit(struct netlink_callback *cb) +-{ +- mutex_lock(&dpll_lock); +- +- return 0; +-} +- +-int dpll_unlock_dumpit(struct netlink_callback *cb) +-{ +- mutex_unlock(&dpll_lock); +- +- return 0; +-} +- + int dpll_pin_pre_doit(const struct genl_split_ops *ops, struct sk_buff *skb, + struct genl_info *info) + { +diff --git a/drivers/dpll/dpll_nl.c b/drivers/dpll/dpll_nl.c +index eaee5be7aa64..1e95f5397cfc 100644 +--- a/drivers/dpll/dpll_nl.c ++++ b/drivers/dpll/dpll_nl.c +@@ -95,9 +95,7 @@ static const struct genl_split_ops dpll_nl_ops[] = { + }, + { + .cmd = DPLL_CMD_DEVICE_GET, +- .start = dpll_lock_dumpit, + .dumpit = dpll_nl_device_get_dumpit, +- .done = dpll_unlock_dumpit, + .flags = GENL_ADMIN_PERM | GENL_CMD_CAP_DUMP, + }, + { +@@ -129,9 +127,7 @@ static const struct genl_split_ops dpll_nl_ops[] = { + }, + { + .cmd = DPLL_CMD_PIN_GET, +- .start = dpll_lock_dumpit, + .dumpit = dpll_nl_pin_get_dumpit, +- .done = dpll_unlock_dumpit, + .policy = dpll_pin_get_dump_nl_policy, + .maxattr = DPLL_A_PIN_ID, + .flags = GENL_ADMIN_PERM | GENL_CMD_CAP_DUMP, +diff --git a/drivers/dpll/dpll_nl.h b/drivers/dpll/dpll_nl.h +index 92d4c9c4f788..f491262bee4f 100644 +--- a/drivers/dpll/dpll_nl.h ++++ b/drivers/dpll/dpll_nl.h +@@ -30,8 +30,6 @@ dpll_post_doit(const struct genl_split_ops *ops, struct sk_buff *skb, + void + dpll_pin_post_doit(const struct genl_split_ops *ops, struct sk_buff *skb, + struct genl_info *info); +-int dpll_lock_dumpit(struct netlink_callback *cb); +-int dpll_unlock_dumpit(struct netlink_callback *cb); + + int dpll_nl_device_id_get_doit(struct sk_buff *skb, struct genl_info *info); + int dpll_nl_device_get_doit(struct sk_buff *skb, struct genl_info *info); +-- +2.43.0 + diff --git a/queue-6.7/drm-i915-dsc-fix-the-macro-that-calculates-dscc_-dsc.patch b/queue-6.7/drm-i915-dsc-fix-the-macro-that-calculates-dscc_-dsc.patch new file mode 100644 index 00000000000..4e7074ed6ef --- /dev/null +++ b/queue-6.7/drm-i915-dsc-fix-the-macro-that-calculates-dscc_-dsc.patch @@ -0,0 +1,67 @@ +From fbb006338ac2465e888a4c11725c5d09bb222260 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 5 Feb 2024 20:46:19 +0000 +Subject: drm/i915/dsc: Fix the macro that calculates DSCC_/DSCA_ PPS reg + address + +From: Manasi Navare + +[ Upstream commit 962ac2dce56bb3aad1f82a4bbe3ada57a020287c ] + +Commit bd077259d0a9 ("drm/i915/vdsc: Add function to read any PPS +register") defines a new macro to calculate the DSC PPS register +addresses with PPS number as an input. This macro correctly calculates +the addresses till PPS 11 since the addresses increment by 4. So in that +case the following macro works correctly to give correct register +address: + +_MMIO(_DSCA_PPS_0 + (pps) * 4) + +However after PPS 11, the register address for PPS 12 increments by 12 +because of RC Buffer memory allocation in between. Because of this +discontinuity in the address space, the macro calculates wrong addresses +for PPS 12 - 16 resulting into incorrect DSC PPS parameter value +read/writes causing DSC corruption. + +This fixes it by correcting this macro to add the offset of 12 for PPS +>=12. + +v3: Add correct paranthesis for pps argument (Jani Nikula) + +Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/10172 +Fixes: bd077259d0a9 ("drm/i915/vdsc: Add function to read any PPS register") +Cc: Suraj Kandpal +Cc: Ankit Nautiyal +Cc: Animesh Manna +Cc: Jani Nikula +Cc: Sean Paul +Cc: Drew Davenport +Signed-off-by: Manasi Navare +Reviewed-by: Jani Nikula +Signed-off-by: Jani Nikula +Link: https://patchwork.freedesktop.org/patch/msgid/20240205204619.1991673-1-navaremanasi@chromium.org +(cherry picked from commit 6074be620c31dc2ae11af96a1a5ea95580976fb5) +Signed-off-by: Joonas Lahtinen +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/i915/display/intel_vdsc_regs.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/gpu/drm/i915/display/intel_vdsc_regs.h b/drivers/gpu/drm/i915/display/intel_vdsc_regs.h +index 64f440fdc22b..8b21dc8e26d5 100644 +--- a/drivers/gpu/drm/i915/display/intel_vdsc_regs.h ++++ b/drivers/gpu/drm/i915/display/intel_vdsc_regs.h +@@ -51,8 +51,8 @@ + #define DSCC_PICTURE_PARAMETER_SET_0 _MMIO(0x6BA00) + #define _DSCA_PPS_0 0x6B200 + #define _DSCC_PPS_0 0x6BA00 +-#define DSCA_PPS(pps) _MMIO(_DSCA_PPS_0 + (pps) * 4) +-#define DSCC_PPS(pps) _MMIO(_DSCC_PPS_0 + (pps) * 4) ++#define DSCA_PPS(pps) _MMIO(_DSCA_PPS_0 + ((pps) < 12 ? (pps) : (pps) + 12) * 4) ++#define DSCC_PPS(pps) _MMIO(_DSCC_PPS_0 + ((pps) < 12 ? (pps) : (pps) + 12) * 4) + #define _ICL_DSC0_PICTURE_PARAMETER_SET_0_PB 0x78270 + #define _ICL_DSC1_PICTURE_PARAMETER_SET_0_PB 0x78370 + #define _ICL_DSC0_PICTURE_PARAMETER_SET_0_PC 0x78470 +-- +2.43.0 + diff --git a/queue-6.7/drm-msm-gem-fix-double-resv-lock-aquire.patch b/queue-6.7/drm-msm-gem-fix-double-resv-lock-aquire.patch new file mode 100644 index 00000000000..722e4456247 --- /dev/null +++ b/queue-6.7/drm-msm-gem-fix-double-resv-lock-aquire.patch @@ -0,0 +1,53 @@ +From c06a2a00da6cf6709823d47737e0d834db63769c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 31 Jan 2024 07:08:54 -0800 +Subject: drm/msm/gem: Fix double resv lock aquire +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Rob Clark + +[ Upstream commit 03facb39d6c6433a78d0f79c7a146b1e6a61943e ] + +Since commit 79e2cf2e7a19 ("drm/gem: Take reservation lock for vmap/vunmap +operations"), the resv lock is already held in the prime vmap path, so +don't try to grab it again. + +v2: This applies to vunmap path as well +v3: Fix fixes commit + +Fixes: 79e2cf2e7a19 ("drm/gem: Take reservation lock for vmap/vunmap operations") +Signed-off-by: Rob Clark +Acked-by: Christian König +Patchwork: https://patchwork.freedesktop.org/patch/576642/ +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/msm/msm_gem_prime.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/gpu/drm/msm/msm_gem_prime.c b/drivers/gpu/drm/msm/msm_gem_prime.c +index 5f68e31a3e4e..0915f3b68752 100644 +--- a/drivers/gpu/drm/msm/msm_gem_prime.c ++++ b/drivers/gpu/drm/msm/msm_gem_prime.c +@@ -26,7 +26,7 @@ int msm_gem_prime_vmap(struct drm_gem_object *obj, struct iosys_map *map) + { + void *vaddr; + +- vaddr = msm_gem_get_vaddr(obj); ++ vaddr = msm_gem_get_vaddr_locked(obj); + if (IS_ERR(vaddr)) + return PTR_ERR(vaddr); + iosys_map_set_vaddr(map, vaddr); +@@ -36,7 +36,7 @@ int msm_gem_prime_vmap(struct drm_gem_object *obj, struct iosys_map *map) + + void msm_gem_prime_vunmap(struct drm_gem_object *obj, struct iosys_map *map) + { +- msm_gem_put_vaddr(obj); ++ msm_gem_put_vaddr_locked(obj); + } + + struct drm_gem_object *msm_gem_prime_import_sg_table(struct drm_device *dev, +-- +2.43.0 + diff --git a/queue-6.7/i40e-do-not-allow-untrusted-vf-to-remove-administrat.patch b/queue-6.7/i40e-do-not-allow-untrusted-vf-to-remove-administrat.patch new file mode 100644 index 00000000000..70b12241160 --- /dev/null +++ b/queue-6.7/i40e-do-not-allow-untrusted-vf-to-remove-administrat.patch @@ -0,0 +1,124 @@ +From d9f1cd2e3556ff6a431a80198e83eec14aa26830 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 8 Feb 2024 10:03:33 -0800 +Subject: i40e: Do not allow untrusted VF to remove administratively set MAC + +From: Ivan Vecera + +[ Upstream commit 73d9629e1c8c1982f13688c4d1019c3994647ccc ] + +Currently when PF administratively sets VF's MAC address and the VF +is put down (VF tries to delete all MACs) then the MAC is removed +from MAC filters and primary VF MAC is zeroed. + +Do not allow untrusted VF to remove primary MAC when it was set +administratively by PF. + +Reproducer: +1) Create VF +2) Set VF interface up +3) Administratively set the VF's MAC +4) Put VF interface down + +[root@host ~]# echo 1 > /sys/class/net/enp2s0f0/device/sriov_numvfs +[root@host ~]# ip link set enp2s0f0v0 up +[root@host ~]# ip link set enp2s0f0 vf 0 mac fe:6c:b5:da:c7:7d +[root@host ~]# ip link show enp2s0f0 +23: enp2s0f0: mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000 + link/ether 3c:ec:ef:b7:dd:04 brd ff:ff:ff:ff:ff:ff + vf 0 link/ether fe:6c:b5:da:c7:7d brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off +[root@host ~]# ip link set enp2s0f0v0 down +[root@host ~]# ip link show enp2s0f0 +23: enp2s0f0: mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000 + link/ether 3c:ec:ef:b7:dd:04 brd ff:ff:ff:ff:ff:ff + vf 0 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off + +Fixes: 700bbf6c1f9e ("i40e: allow VF to remove any MAC filter") +Fixes: ceb29474bbbc ("i40e: Add support for VF to specify its primary MAC address") +Signed-off-by: Ivan Vecera +Reviewed-by: Simon Horman +Tested-by: Rafal Romanowski +Signed-off-by: Tony Nguyen +Link: https://lore.kernel.org/r/20240208180335.1844996-1-anthony.l.nguyen@intel.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + .../ethernet/intel/i40e/i40e_virtchnl_pf.c | 38 ++++++++++++++++--- + 1 file changed, 33 insertions(+), 5 deletions(-) + +diff --git a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c +index 7db89b294510..3d8a23d3352e 100644 +--- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c ++++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c +@@ -2850,6 +2850,24 @@ static int i40e_vc_get_stats_msg(struct i40e_vf *vf, u8 *msg) + (u8 *)&stats, sizeof(stats)); + } + ++/** ++ * i40e_can_vf_change_mac ++ * @vf: pointer to the VF info ++ * ++ * Return true if the VF is allowed to change its MAC filters, false otherwise ++ */ ++static bool i40e_can_vf_change_mac(struct i40e_vf *vf) ++{ ++ /* If the VF MAC address has been set administratively (via the ++ * ndo_set_vf_mac command), then deny permission to the VF to ++ * add/delete unicast MAC addresses, unless the VF is trusted ++ */ ++ if (vf->pf_set_mac && !vf->trusted) ++ return false; ++ ++ return true; ++} ++ + #define I40E_MAX_MACVLAN_PER_HW 3072 + #define I40E_MAX_MACVLAN_PER_PF(num_ports) (I40E_MAX_MACVLAN_PER_HW / \ + (num_ports)) +@@ -2909,8 +2927,8 @@ static inline int i40e_check_vf_permission(struct i40e_vf *vf, + * The VF may request to set the MAC address filter already + * assigned to it so do not return an error in that case. + */ +- if (!test_bit(I40E_VIRTCHNL_VF_CAP_PRIVILEGE, &vf->vf_caps) && +- !is_multicast_ether_addr(addr) && vf->pf_set_mac && ++ if (!i40e_can_vf_change_mac(vf) && ++ !is_multicast_ether_addr(addr) && + !ether_addr_equal(addr, vf->default_lan_addr.addr)) { + dev_err(&pf->pdev->dev, + "VF attempting to override administratively set MAC address, bring down and up the VF interface to resume normal operation\n"); +@@ -3116,19 +3134,29 @@ static int i40e_vc_del_mac_addr_msg(struct i40e_vf *vf, u8 *msg) + ret = -EINVAL; + goto error_param; + } +- if (ether_addr_equal(al->list[i].addr, vf->default_lan_addr.addr)) +- was_unimac_deleted = true; + } + vsi = pf->vsi[vf->lan_vsi_idx]; + + spin_lock_bh(&vsi->mac_filter_hash_lock); + /* delete addresses from the list */ +- for (i = 0; i < al->num_elements; i++) ++ for (i = 0; i < al->num_elements; i++) { ++ const u8 *addr = al->list[i].addr; ++ ++ /* Allow to delete VF primary MAC only if it was not set ++ * administratively by PF or if VF is trusted. ++ */ ++ if (ether_addr_equal(addr, vf->default_lan_addr.addr) && ++ i40e_can_vf_change_mac(vf)) ++ was_unimac_deleted = true; ++ else ++ continue; ++ + if (i40e_del_mac_filter(vsi, al->list[i].addr)) { + ret = -EINVAL; + spin_unlock_bh(&vsi->mac_filter_hash_lock); + goto error_param; + } ++ } + + spin_unlock_bh(&vsi->mac_filter_hash_lock); + +-- +2.43.0 + diff --git a/queue-6.7/i40e-fix-waiting-for-queues-of-all-vsis-to-be-disabl.patch b/queue-6.7/i40e-fix-waiting-for-queues-of-all-vsis-to-be-disabl.patch new file mode 100644 index 00000000000..bc180d2d03f --- /dev/null +++ b/queue-6.7/i40e-fix-waiting-for-queues-of-all-vsis-to-be-disabl.patch @@ -0,0 +1,41 @@ +From cd855b1632b6efef928fb7382d5917846c6b356a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 8 Nov 2023 17:01:03 +0100 +Subject: i40e: Fix waiting for queues of all VSIs to be disabled + +From: Ivan Vecera + +[ Upstream commit c73729b64bb692186da080602cd13612783f52ac ] + +The function i40e_pf_wait_queues_disabled() iterates all PF's VSIs +up to 'pf->hw.func_caps.num_vsis' but this is incorrect because +the real number of VSIs can be up to 'pf->num_alloc_vsi' that +can be higher. Fix this loop. + +Fixes: 69129dc39fac ("i40e: Modify Tx disable wait flow in case of DCB reconfiguration") +Signed-off-by: Ivan Vecera +Reviewed-by: Jacob Keller +Reviewed-by: Wojciech Drewek +Tested-by: Pucha Himasekhar Reddy (A Contingent worker at Intel) +Signed-off-by: Tony Nguyen +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c +index 2bd7b29fb251..d9716bcec81b 100644 +--- a/drivers/net/ethernet/intel/i40e/i40e_main.c ++++ b/drivers/net/ethernet/intel/i40e/i40e_main.c +@@ -5361,7 +5361,7 @@ static int i40e_pf_wait_queues_disabled(struct i40e_pf *pf) + { + int v, ret = 0; + +- for (v = 0; v < pf->hw.func_caps.num_vsis; v++) { ++ for (v = 0; v < pf->num_alloc_vsi; v++) { + if (pf->vsi[v]) { + ret = i40e_vsi_wait_queues_disabled(pf->vsi[v]); + if (ret) +-- +2.43.0 + diff --git a/queue-6.7/kselftest-dt-stop-relying-on-dirname-to-improve-perf.patch b/queue-6.7/kselftest-dt-stop-relying-on-dirname-to-improve-perf.patch new file mode 100644 index 00000000000..dce597f68ed --- /dev/null +++ b/queue-6.7/kselftest-dt-stop-relying-on-dirname-to-improve-perf.patch @@ -0,0 +1,73 @@ +From 911be933e70e5b474859fd0bd7f14542b762419c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 22 Jan 2024 11:29:18 -0300 +Subject: kselftest: dt: Stop relying on dirname to improve performance +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Nícolas F. R. A. Prado + +[ Upstream commit 6154fb9c2134f8d9534b2de10491aa3a22f3c9ff ] + +When walking directory trees, instead of looking for specific files and +running dirname to get the parent folder, traverse all folders and +ignore the ones not containing the desired files. This avoids the need +to call dirname inside the loop, which drastically decreases run time: +Running locally on a mt8192-asurada-spherion, which reports 160 test +cases, has gone from 5.5s to 2.9s, while running remotely with an +nfsroot has gone from 13.5s to 5.5s. + +This change has a side-effect, which is that the root DT node now +also shows in the output, even though it isn't expected to bind to a +driver. However there shouldn't be a matching driver for the board +compatible, so the end result will be just an extra skipped test: + +ok 1 / # SKIP + +Reported-by: Mark Brown +Closes: https://lore.kernel.org/all/310391e8-fdf2-4c2f-a680-7744eb685177@sirena.org.uk +Fixes: 14571ab1ad21 ("kselftest: Add new test for detecting unprobed Devicetree devices") +Tested-by: Mark Brown +Signed-off-by: Nícolas F. R. A. Prado +Link: https://lore.kernel.org/r/20240122-dt-kselftest-dirname-perf-fix-v2-1-f1630532fd38@collabora.com +Signed-off-by: Rob Herring +Signed-off-by: Sasha Levin +--- + tools/testing/selftests/dt/test_unprobed_devices.sh | 13 +++++++------ + 1 file changed, 7 insertions(+), 6 deletions(-) + +diff --git a/tools/testing/selftests/dt/test_unprobed_devices.sh b/tools/testing/selftests/dt/test_unprobed_devices.sh +index b07af2a4c4de..7fae90293a9d 100755 +--- a/tools/testing/selftests/dt/test_unprobed_devices.sh ++++ b/tools/testing/selftests/dt/test_unprobed_devices.sh +@@ -33,8 +33,8 @@ if [[ ! -d "${PDT}" ]]; then + fi + + nodes_compatible=$( +- for node_compat in $(find ${PDT} -name compatible); do +- node=$(dirname "${node_compat}") ++ for node in $(find ${PDT} -type d); do ++ [ ! -f "${node}"/compatible ] && continue + # Check if node is available + if [[ -e "${node}"/status ]]; then + status=$(tr -d '\000' < "${node}"/status) +@@ -46,10 +46,11 @@ nodes_compatible=$( + + nodes_dev_bound=$( + IFS=$'\n' +- for uevent in $(find /sys/devices -name uevent); do +- if [[ -d "$(dirname "${uevent}")"/driver ]]; then +- grep '^OF_FULLNAME=' "${uevent}" | sed -e 's|OF_FULLNAME=||' +- fi ++ for dev_dir in $(find /sys/devices -type d); do ++ [ ! -f "${dev_dir}"/uevent ] && continue ++ [ ! -d "${dev_dir}"/driver ] && continue ++ ++ grep '^OF_FULLNAME=' "${dev_dir}"/uevent | sed -e 's|OF_FULLNAME=||' + done + ) + +-- +2.43.0 + diff --git a/queue-6.7/lan966x-fix-crash-when-adding-interface-under-a-lag.patch b/queue-6.7/lan966x-fix-crash-when-adding-interface-under-a-lag.patch new file mode 100644 index 00000000000..40e950870bc --- /dev/null +++ b/queue-6.7/lan966x-fix-crash-when-adding-interface-under-a-lag.patch @@ -0,0 +1,67 @@ +From 9611cb26f38093050e8ea3fb9b30edc2631d8510 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 6 Feb 2024 13:30:54 +0100 +Subject: lan966x: Fix crash when adding interface under a lag + +From: Horatiu Vultur + +[ Upstream commit 15faa1f67ab405d47789d4702f587ec7df7ef03e ] + +There is a crash when adding one of the lan966x interfaces under a lag +interface. The issue can be reproduced like this: +ip link add name bond0 type bond miimon 100 mode balance-xor +ip link set dev eth0 master bond0 + +The reason is because when adding a interface under the lag it would go +through all the ports and try to figure out which other ports are under +that lag interface. And the issue is that lan966x can have ports that are +NULL pointer as they are not probed. So then iterating over these ports +it would just crash as they are NULL pointers. +The fix consists in actually checking for NULL pointers before accessing +something from the ports. Like we do in other places. + +Fixes: cabc9d49333d ("net: lan966x: Add lag support for lan966x") +Signed-off-by: Horatiu Vultur +Reviewed-by: Michal Swiatkowski +Reviewed-by: Simon Horman +Link: https://lore.kernel.org/r/20240206123054.3052966-1-horatiu.vultur@microchip.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/microchip/lan966x/lan966x_lag.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/drivers/net/ethernet/microchip/lan966x/lan966x_lag.c b/drivers/net/ethernet/microchip/lan966x/lan966x_lag.c +index 41fa2523d91d..5f2cd9a8cf8f 100644 +--- a/drivers/net/ethernet/microchip/lan966x/lan966x_lag.c ++++ b/drivers/net/ethernet/microchip/lan966x/lan966x_lag.c +@@ -37,19 +37,24 @@ static void lan966x_lag_set_aggr_pgids(struct lan966x *lan966x) + + /* Now, set PGIDs for each active LAG */ + for (lag = 0; lag < lan966x->num_phys_ports; ++lag) { +- struct net_device *bond = lan966x->ports[lag]->bond; ++ struct lan966x_port *port = lan966x->ports[lag]; + int num_active_ports = 0; ++ struct net_device *bond; + unsigned long bond_mask; + u8 aggr_idx[16]; + +- if (!bond || (visited & BIT(lag))) ++ if (!port || !port->bond || (visited & BIT(lag))) + continue; + ++ bond = port->bond; + bond_mask = lan966x_lag_get_mask(lan966x, bond); + + for_each_set_bit(p, &bond_mask, lan966x->num_phys_ports) { + struct lan966x_port *port = lan966x->ports[p]; + ++ if (!port) ++ continue; ++ + lan_wr(ANA_PGID_PGID_SET(bond_mask), + lan966x, ANA_PGID(p)); + if (port->lag_tx_active) +-- +2.43.0 + diff --git a/queue-6.7/mips-add-memory-clobber-to-csum_ipv6_magic-inline-as.patch b/queue-6.7/mips-add-memory-clobber-to-csum_ipv6_magic-inline-as.patch new file mode 100644 index 00000000000..52a63280c18 --- /dev/null +++ b/queue-6.7/mips-add-memory-clobber-to-csum_ipv6_magic-inline-as.patch @@ -0,0 +1,54 @@ +From 8732cce8b546317a4ee5aea7e3b5e82302918ff7 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 11 Feb 2024 08:08:37 -0800 +Subject: MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler + +From: Guenter Roeck + +[ Upstream commit d55347bfe4e66dce2e1e7501e5492f4af3e315f8 ] + +After 'lib: checksum: Use aligned accesses for ip_fast_csum and +csum_ipv6_magic tests' was applied, the test_csum_ipv6_magic unit test +started failing for all mips platforms, both little and bit endian. +Oddly enough, adding debug code into test_csum_ipv6_magic() made the +problem disappear. + +The gcc manual says: + +"The "memory" clobber tells the compiler that the assembly code performs + memory reads or writes to items other than those listed in the input + and output operands (for example, accessing the memory pointed to by one + of the input parameters) +" + +This is definitely the case for csum_ipv6_magic(). Indeed, adding the +'memory' clobber fixes the problem. + +Cc: Charlie Jenkins +Cc: Palmer Dabbelt +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Signed-off-by: Guenter Roeck +Reviewed-by: Charlie Jenkins +Signed-off-by: Thomas Bogendoerfer +Signed-off-by: Sasha Levin +--- + arch/mips/include/asm/checksum.h | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/arch/mips/include/asm/checksum.h b/arch/mips/include/asm/checksum.h +index 4044eaf989ac..0921ddda11a4 100644 +--- a/arch/mips/include/asm/checksum.h ++++ b/arch/mips/include/asm/checksum.h +@@ -241,7 +241,8 @@ static __inline__ __sum16 csum_ipv6_magic(const struct in6_addr *saddr, + " .set pop" + : "=&r" (sum), "=&r" (tmp) + : "r" (saddr), "r" (daddr), +- "0" (htonl(len)), "r" (htonl(proto)), "r" (sum)); ++ "0" (htonl(len)), "r" (htonl(proto)), "r" (sum) ++ : "memory"); + + return csum_fold(sum); + } +-- +2.43.0 + diff --git a/queue-6.7/mm-memory-use-exception-ip-to-search-exception-table.patch b/queue-6.7/mm-memory-use-exception-ip-to-search-exception-table.patch new file mode 100644 index 00000000000..61141a2dbec --- /dev/null +++ b/queue-6.7/mm-memory-use-exception-ip-to-search-exception-table.patch @@ -0,0 +1,51 @@ +From 4b17d1b4ad82efdf7ac399920ce67ded22f50c16 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 2 Feb 2024 12:30:28 +0000 +Subject: mm/memory: Use exception ip to search exception tables + +From: Jiaxun Yang + +[ Upstream commit 8fa5070833886268e4fb646daaca99f725b378e9 ] + +On architectures with delay slot, instruction_pointer() may differ +from where exception was triggered. + +Use exception_ip we just introduced to search exception tables to +get rid of the problem. + +Fixes: 4bce37a68ff8 ("mips/mm: Convert to using lock_mm_and_find_vma()") +Reported-by: Xi Ruoyao +Link: https://lore.kernel.org/r/75e9fd7b08562ad9b456a5bdaacb7cc220311cc9.camel@xry111.site/ +Suggested-by: Linus Torvalds +Signed-off-by: Jiaxun Yang +Signed-off-by: Thomas Bogendoerfer +Signed-off-by: Sasha Levin +--- + mm/memory.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/mm/memory.c b/mm/memory.c +index 6e0712d06cd4..f941489d6041 100644 +--- a/mm/memory.c ++++ b/mm/memory.c +@@ -5373,7 +5373,7 @@ static inline bool get_mmap_lock_carefully(struct mm_struct *mm, struct pt_regs + return true; + + if (regs && !user_mode(regs)) { +- unsigned long ip = instruction_pointer(regs); ++ unsigned long ip = exception_ip(regs); + if (!search_exception_tables(ip)) + return false; + } +@@ -5398,7 +5398,7 @@ static inline bool upgrade_mmap_lock_carefully(struct mm_struct *mm, struct pt_r + { + mmap_read_unlock(mm); + if (regs && !user_mode(regs)) { +- unsigned long ip = instruction_pointer(regs); ++ unsigned long ip = exception_ip(regs); + if (!search_exception_tables(ip)) + return false; + } +-- +2.43.0 + diff --git a/queue-6.7/net-handshake-fix-handshake_req_destroy_test1.patch b/queue-6.7/net-handshake-fix-handshake_req_destroy_test1.patch new file mode 100644 index 00000000000..c7469efa183 --- /dev/null +++ b/queue-6.7/net-handshake-fix-handshake_req_destroy_test1.patch @@ -0,0 +1,60 @@ +From ad93997a839e8f172dfafacb7a61fca16f1f164d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 6 Feb 2024 14:16:31 -0500 +Subject: net/handshake: Fix handshake_req_destroy_test1 + +From: Chuck Lever + +[ Upstream commit 4e1d71cabb19ec2586827adfc60d68689c68c194 ] + +Recently, handshake_req_destroy_test1 started failing: + +Expected handshake_req_destroy_test == req, but + handshake_req_destroy_test == 0000000000000000 + req == 0000000060f99b40 +not ok 11 req_destroy works + +This is because "sock_release(sock)" was replaced with "fput(filp)" +to address a memory leak. Note that sock_release() is synchronous +but fput() usually delays the final close and clean-up. + +The delay is not consequential in the other cases that were changed +but handshake_req_destroy_test1 is testing that handshake_req_cancel() +followed by closing the file actually does call the ->hp_destroy +method. Thus the PTR_EQ test at the end has to be sure that the +final close is complete before it checks the pointer. + +We cannot use a completion here because if ->hp_destroy is never +called (ie, there is an API bug) then the test will hang. + +Reported by: Guenter Roeck +Closes: https://lore.kernel.org/netdev/ZcKDd1to4MPANCrn@tissot.1015granger.net/T/#mac5c6299f86799f1c71776f3a07f9c566c7c3c40 +Fixes: 4a0f07d71b04 ("net/handshake: Fix memory leak in __sock_create() and sock_alloc_file()") +Signed-off-by: Chuck Lever +Reviewed-by: Hannes Reinecke +Link: https://lore.kernel.org/r/170724699027.91401.7839730697326806733.stgit@oracle-102.nfsv4bat.org +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + net/handshake/handshake-test.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/net/handshake/handshake-test.c b/net/handshake/handshake-test.c +index 16ed7bfd29e4..34fd1d9b2db8 100644 +--- a/net/handshake/handshake-test.c ++++ b/net/handshake/handshake-test.c +@@ -471,7 +471,10 @@ static void handshake_req_destroy_test1(struct kunit *test) + handshake_req_cancel(sock->sk); + + /* Act */ +- fput(filp); ++ /* Ensure the close/release/put process has run to ++ * completion before checking the result. ++ */ ++ __fput_sync(filp); + + /* Assert */ + KUNIT_EXPECT_PTR_EQ(test, handshake_req_destroy_test, req); +-- +2.43.0 + diff --git a/queue-6.7/net-mlx5-dpll-fix-possible-use-after-free-after-dela.patch b/queue-6.7/net-mlx5-dpll-fix-possible-use-after-free-after-dela.patch new file mode 100644 index 00000000000..c499aa72f61 --- /dev/null +++ b/queue-6.7/net-mlx5-dpll-fix-possible-use-after-free-after-dela.patch @@ -0,0 +1,170 @@ +From 43ade627a4c0a618cbc98d52f1153c24e473e583 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 6 Feb 2024 17:43:28 +0100 +Subject: net/mlx5: DPLL, Fix possible use after free after delayed work timer + triggers + +From: Jiri Pirko + +[ Upstream commit aa1eec2f546f2afa8c98ec41e5d8ee488165d685 ] + +I managed to hit following use after free warning recently: + +[ 2169.711665] ================================================================== +[ 2169.714009] BUG: KASAN: slab-use-after-free in __run_timers.part.0+0x179/0x4c0 +[ 2169.716293] Write of size 8 at addr ffff88812b326a70 by task swapper/4/0 + +[ 2169.719022] CPU: 4 PID: 0 Comm: swapper/4 Not tainted 6.8.0-rc2jiri+ #2 +[ 2169.720974] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 +[ 2169.722457] Call Trace: +[ 2169.722756] +[ 2169.723024] dump_stack_lvl+0x58/0xb0 +[ 2169.723417] print_report+0xc5/0x630 +[ 2169.723807] ? __virt_addr_valid+0x126/0x2b0 +[ 2169.724268] kasan_report+0xbe/0xf0 +[ 2169.724667] ? __run_timers.part.0+0x179/0x4c0 +[ 2169.725116] ? __run_timers.part.0+0x179/0x4c0 +[ 2169.725570] __run_timers.part.0+0x179/0x4c0 +[ 2169.726003] ? call_timer_fn+0x320/0x320 +[ 2169.726404] ? lock_downgrade+0x3a0/0x3a0 +[ 2169.726820] ? kvm_clock_get_cycles+0x14/0x20 +[ 2169.727257] ? ktime_get+0x92/0x150 +[ 2169.727630] ? lapic_next_deadline+0x35/0x60 +[ 2169.728069] run_timer_softirq+0x40/0x80 +[ 2169.728475] __do_softirq+0x1a1/0x509 +[ 2169.728866] irq_exit_rcu+0x95/0xc0 +[ 2169.729241] sysvec_apic_timer_interrupt+0x6b/0x80 +[ 2169.729718] +[ 2169.729993] +[ 2169.730259] asm_sysvec_apic_timer_interrupt+0x16/0x20 +[ 2169.730755] RIP: 0010:default_idle+0x13/0x20 +[ 2169.731190] Code: c0 08 00 00 00 4d 29 c8 4c 01 c7 4c 29 c2 e9 72 ff ff ff cc cc cc cc 8b 05 9a 7f 1f 02 85 c0 7e 07 0f 00 2d cf 69 43 00 fb f4 c3 66 66 2e 0f 1f 84 00 00 00 00 00 65 48 8b 04 25 c0 93 04 00 +[ 2169.732759] RSP: 0018:ffff888100dbfe10 EFLAGS: 00000242 +[ 2169.733264] RAX: 0000000000000001 RBX: ffff888100d9c200 RCX: ffffffff8241bd62 +[ 2169.733925] RDX: ffffed109a848b15 RSI: 0000000000000004 RDI: ffffffff8127ac55 +[ 2169.734566] RBP: 0000000000000004 R08: 0000000000000000 R09: ffffed109a848b14 +[ 2169.735200] R10: ffff8884d42458a3 R11: 000000000000ba7e R12: ffffffff83d7d3a0 +[ 2169.735835] R13: 1ffff110201b7fc6 R14: 0000000000000000 R15: ffff888100d9c200 +[ 2169.736478] ? ct_kernel_exit.constprop.0+0xa2/0xc0 +[ 2169.736954] ? do_idle+0x285/0x290 +[ 2169.737323] default_idle_call+0x63/0x90 +[ 2169.737730] do_idle+0x285/0x290 +[ 2169.738089] ? arch_cpu_idle_exit+0x30/0x30 +[ 2169.738511] ? mark_held_locks+0x1a/0x80 +[ 2169.738917] ? lockdep_hardirqs_on_prepare+0x12e/0x200 +[ 2169.739417] cpu_startup_entry+0x30/0x40 +[ 2169.739825] start_secondary+0x19a/0x1c0 +[ 2169.740229] ? set_cpu_sibling_map+0xbd0/0xbd0 +[ 2169.740673] secondary_startup_64_no_verify+0x15d/0x16b +[ 2169.741179] + +[ 2169.741686] Allocated by task 1098: +[ 2169.742058] kasan_save_stack+0x1c/0x40 +[ 2169.742456] kasan_save_track+0x10/0x30 +[ 2169.742852] __kasan_kmalloc+0x83/0x90 +[ 2169.743246] mlx5_dpll_probe+0xf5/0x3c0 [mlx5_dpll] +[ 2169.743730] auxiliary_bus_probe+0x62/0xb0 +[ 2169.744148] really_probe+0x127/0x590 +[ 2169.744534] __driver_probe_device+0xd2/0x200 +[ 2169.744973] device_driver_attach+0x6b/0xf0 +[ 2169.745402] bind_store+0x90/0xe0 +[ 2169.745761] kernfs_fop_write_iter+0x1df/0x2a0 +[ 2169.746210] vfs_write+0x41f/0x790 +[ 2169.746579] ksys_write+0xc7/0x160 +[ 2169.746947] do_syscall_64+0x6f/0x140 +[ 2169.747333] entry_SYSCALL_64_after_hwframe+0x46/0x4e + +[ 2169.748049] Freed by task 1220: +[ 2169.748393] kasan_save_stack+0x1c/0x40 +[ 2169.748789] kasan_save_track+0x10/0x30 +[ 2169.749188] kasan_save_free_info+0x3b/0x50 +[ 2169.749621] poison_slab_object+0x106/0x180 +[ 2169.750044] __kasan_slab_free+0x14/0x50 +[ 2169.750451] kfree+0x118/0x330 +[ 2169.750792] mlx5_dpll_remove+0xf5/0x110 [mlx5_dpll] +[ 2169.751271] auxiliary_bus_remove+0x2e/0x40 +[ 2169.751694] device_release_driver_internal+0x24b/0x2e0 +[ 2169.752191] unbind_store+0xa6/0xb0 +[ 2169.752563] kernfs_fop_write_iter+0x1df/0x2a0 +[ 2169.753004] vfs_write+0x41f/0x790 +[ 2169.753381] ksys_write+0xc7/0x160 +[ 2169.753750] do_syscall_64+0x6f/0x140 +[ 2169.754132] entry_SYSCALL_64_after_hwframe+0x46/0x4e + +[ 2169.754847] Last potentially related work creation: +[ 2169.755315] kasan_save_stack+0x1c/0x40 +[ 2169.755709] __kasan_record_aux_stack+0x9b/0xf0 +[ 2169.756165] __queue_work+0x382/0x8f0 +[ 2169.756552] call_timer_fn+0x126/0x320 +[ 2169.756941] __run_timers.part.0+0x2ea/0x4c0 +[ 2169.757376] run_timer_softirq+0x40/0x80 +[ 2169.757782] __do_softirq+0x1a1/0x509 + +[ 2169.758387] Second to last potentially related work creation: +[ 2169.758924] kasan_save_stack+0x1c/0x40 +[ 2169.759322] __kasan_record_aux_stack+0x9b/0xf0 +[ 2169.759773] __queue_work+0x382/0x8f0 +[ 2169.760156] call_timer_fn+0x126/0x320 +[ 2169.760550] __run_timers.part.0+0x2ea/0x4c0 +[ 2169.760978] run_timer_softirq+0x40/0x80 +[ 2169.761381] __do_softirq+0x1a1/0x509 + +[ 2169.761998] The buggy address belongs to the object at ffff88812b326a00 + which belongs to the cache kmalloc-256 of size 256 +[ 2169.763061] The buggy address is located 112 bytes inside of + freed 256-byte region [ffff88812b326a00, ffff88812b326b00) + +[ 2169.764346] The buggy address belongs to the physical page: +[ 2169.764866] page:000000000f2b1e89 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12b324 +[ 2169.765731] head:000000000f2b1e89 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 +[ 2169.766484] anon flags: 0x200000000000840(slab|head|node=0|zone=2) +[ 2169.767048] page_type: 0xffffffff() +[ 2169.767422] raw: 0200000000000840 ffff888100042b40 0000000000000000 dead000000000001 +[ 2169.768183] raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000 +[ 2169.768899] page dumped because: kasan: bad access detected + +[ 2169.769649] Memory state around the buggy address: +[ 2169.770116] ffff88812b326900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc +[ 2169.770805] ffff88812b326980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc +[ 2169.771485] >ffff88812b326a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb +[ 2169.772173] ^ +[ 2169.772787] ffff88812b326a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb +[ 2169.773477] ffff88812b326b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc +[ 2169.774160] ================================================================== +[ 2169.774845] ================================================================== + +I didn't manage to reproduce it. Though the issue seems to be obvious. +There is a chance that the mlx5_dpll_remove() calls +cancel_delayed_work() when the work runs and manages to re-arm itself. +In that case, after delay timer triggers next attempt to queue it, +it works with freed memory. + +Fix this by using cancel_delayed_work_sync() instead which makes sure +that work is done when it returns. + +Fixes: 496fd0a26bbf ("mlx5: Implement SyncE support using DPLL infrastructure") +Signed-off-by: Jiri Pirko +Reviewed-by: Simon Horman +Link: https://lore.kernel.org/r/20240206164328.360313-1-jiri@resnulli.us +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/mellanox/mlx5/core/dpll.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/mellanox/mlx5/core/dpll.c b/drivers/net/ethernet/mellanox/mlx5/core/dpll.c +index 2cd81bb32c66..8ce5c8bcda1c 100644 +--- a/drivers/net/ethernet/mellanox/mlx5/core/dpll.c ++++ b/drivers/net/ethernet/mellanox/mlx5/core/dpll.c +@@ -374,7 +374,7 @@ static void mlx5_dpll_remove(struct auxiliary_device *adev) + struct mlx5_dpll *mdpll = auxiliary_get_drvdata(adev); + struct mlx5_core_dev *mdev = mdpll->mdev; + +- cancel_delayed_work(&mdpll->work); ++ cancel_delayed_work_sync(&mdpll->work); + mlx5_dpll_mdev_netdev_untrack(mdpll, mdev); + destroy_workqueue(mdpll->wq); + dpll_pin_unregister(mdpll->dpll, mdpll->dpll_pin, +-- +2.43.0 + diff --git a/queue-6.7/net-openvswitch-limit-the-number-of-recursions-from-.patch b/queue-6.7/net-openvswitch-limit-the-number-of-recursions-from-.patch new file mode 100644 index 00000000000..db42445d0ec --- /dev/null +++ b/queue-6.7/net-openvswitch-limit-the-number-of-recursions-from-.patch @@ -0,0 +1,214 @@ +From 1f45a20e566edd85fd61804b6e807bfdc33f7412 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 7 Feb 2024 08:24:15 -0500 +Subject: net: openvswitch: limit the number of recursions from action sets + +From: Aaron Conole + +[ Upstream commit 6e2f90d31fe09f2b852de25125ca875aabd81367 ] + +The ovs module allows for some actions to recursively contain an action +list for complex scenarios, such as sampling, checking lengths, etc. +When these actions are copied into the internal flow table, they are +evaluated to validate that such actions make sense, and these calls +happen recursively. + +The ovs-vswitchd userspace won't emit more than 16 recursion levels +deep. However, the module has no such limit and will happily accept +limits larger than 16 levels nested. Prevent this by tracking the +number of recursions happening and manually limiting it to 16 levels +nested. + +The initial implementation of the sample action would track this depth +and prevent more than 3 levels of recursion, but this was removed to +support the clone use case, rather than limited at the current userspace +limit. + +Fixes: 798c166173ff ("openvswitch: Optimize sample action for the clone use cases") +Signed-off-by: Aaron Conole +Reviewed-by: Simon Horman +Link: https://lore.kernel.org/r/20240207132416.1488485-2-aconole@redhat.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + net/openvswitch/flow_netlink.c | 49 +++++++++++++++++++++++----------- + 1 file changed, 33 insertions(+), 16 deletions(-) + +diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c +index 88965e2068ac..ebc5728aab4e 100644 +--- a/net/openvswitch/flow_netlink.c ++++ b/net/openvswitch/flow_netlink.c +@@ -48,6 +48,7 @@ struct ovs_len_tbl { + + #define OVS_ATTR_NESTED -1 + #define OVS_ATTR_VARIABLE -2 ++#define OVS_COPY_ACTIONS_MAX_DEPTH 16 + + static bool actions_may_change_flow(const struct nlattr *actions) + { +@@ -2545,13 +2546,15 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr, + const struct sw_flow_key *key, + struct sw_flow_actions **sfa, + __be16 eth_type, __be16 vlan_tci, +- u32 mpls_label_count, bool log); ++ u32 mpls_label_count, bool log, ++ u32 depth); + + static int validate_and_copy_sample(struct net *net, const struct nlattr *attr, + const struct sw_flow_key *key, + struct sw_flow_actions **sfa, + __be16 eth_type, __be16 vlan_tci, +- u32 mpls_label_count, bool log, bool last) ++ u32 mpls_label_count, bool log, bool last, ++ u32 depth) + { + const struct nlattr *attrs[OVS_SAMPLE_ATTR_MAX + 1]; + const struct nlattr *probability, *actions; +@@ -2602,7 +2605,8 @@ static int validate_and_copy_sample(struct net *net, const struct nlattr *attr, + return err; + + err = __ovs_nla_copy_actions(net, actions, key, sfa, +- eth_type, vlan_tci, mpls_label_count, log); ++ eth_type, vlan_tci, mpls_label_count, log, ++ depth + 1); + + if (err) + return err; +@@ -2617,7 +2621,8 @@ static int validate_and_copy_dec_ttl(struct net *net, + const struct sw_flow_key *key, + struct sw_flow_actions **sfa, + __be16 eth_type, __be16 vlan_tci, +- u32 mpls_label_count, bool log) ++ u32 mpls_label_count, bool log, ++ u32 depth) + { + const struct nlattr *attrs[OVS_DEC_TTL_ATTR_MAX + 1]; + int start, action_start, err, rem; +@@ -2660,7 +2665,8 @@ static int validate_and_copy_dec_ttl(struct net *net, + return action_start; + + err = __ovs_nla_copy_actions(net, actions, key, sfa, eth_type, +- vlan_tci, mpls_label_count, log); ++ vlan_tci, mpls_label_count, log, ++ depth + 1); + if (err) + return err; + +@@ -2674,7 +2680,8 @@ static int validate_and_copy_clone(struct net *net, + const struct sw_flow_key *key, + struct sw_flow_actions **sfa, + __be16 eth_type, __be16 vlan_tci, +- u32 mpls_label_count, bool log, bool last) ++ u32 mpls_label_count, bool log, bool last, ++ u32 depth) + { + int start, err; + u32 exec; +@@ -2694,7 +2701,8 @@ static int validate_and_copy_clone(struct net *net, + return err; + + err = __ovs_nla_copy_actions(net, attr, key, sfa, +- eth_type, vlan_tci, mpls_label_count, log); ++ eth_type, vlan_tci, mpls_label_count, log, ++ depth + 1); + if (err) + return err; + +@@ -3063,7 +3071,7 @@ static int validate_and_copy_check_pkt_len(struct net *net, + struct sw_flow_actions **sfa, + __be16 eth_type, __be16 vlan_tci, + u32 mpls_label_count, +- bool log, bool last) ++ bool log, bool last, u32 depth) + { + const struct nlattr *acts_if_greater, *acts_if_lesser_eq; + struct nlattr *a[OVS_CHECK_PKT_LEN_ATTR_MAX + 1]; +@@ -3111,7 +3119,8 @@ static int validate_and_copy_check_pkt_len(struct net *net, + return nested_acts_start; + + err = __ovs_nla_copy_actions(net, acts_if_lesser_eq, key, sfa, +- eth_type, vlan_tci, mpls_label_count, log); ++ eth_type, vlan_tci, mpls_label_count, log, ++ depth + 1); + + if (err) + return err; +@@ -3124,7 +3133,8 @@ static int validate_and_copy_check_pkt_len(struct net *net, + return nested_acts_start; + + err = __ovs_nla_copy_actions(net, acts_if_greater, key, sfa, +- eth_type, vlan_tci, mpls_label_count, log); ++ eth_type, vlan_tci, mpls_label_count, log, ++ depth + 1); + + if (err) + return err; +@@ -3152,12 +3162,16 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr, + const struct sw_flow_key *key, + struct sw_flow_actions **sfa, + __be16 eth_type, __be16 vlan_tci, +- u32 mpls_label_count, bool log) ++ u32 mpls_label_count, bool log, ++ u32 depth) + { + u8 mac_proto = ovs_key_mac_proto(key); + const struct nlattr *a; + int rem, err; + ++ if (depth > OVS_COPY_ACTIONS_MAX_DEPTH) ++ return -EOVERFLOW; ++ + nla_for_each_nested(a, attr, rem) { + /* Expected argument lengths, (u32)-1 for variable length. */ + static const u32 action_lens[OVS_ACTION_ATTR_MAX + 1] = { +@@ -3355,7 +3369,7 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr, + err = validate_and_copy_sample(net, a, key, sfa, + eth_type, vlan_tci, + mpls_label_count, +- log, last); ++ log, last, depth); + if (err) + return err; + skip_copy = true; +@@ -3426,7 +3440,7 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr, + err = validate_and_copy_clone(net, a, key, sfa, + eth_type, vlan_tci, + mpls_label_count, +- log, last); ++ log, last, depth); + if (err) + return err; + skip_copy = true; +@@ -3440,7 +3454,8 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr, + eth_type, + vlan_tci, + mpls_label_count, +- log, last); ++ log, last, ++ depth); + if (err) + return err; + skip_copy = true; +@@ -3450,7 +3465,8 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr, + case OVS_ACTION_ATTR_DEC_TTL: + err = validate_and_copy_dec_ttl(net, a, key, sfa, + eth_type, vlan_tci, +- mpls_label_count, log); ++ mpls_label_count, log, ++ depth); + if (err) + return err; + skip_copy = true; +@@ -3495,7 +3511,8 @@ int ovs_nla_copy_actions(struct net *net, const struct nlattr *attr, + + (*sfa)->orig_len = nla_len(attr); + err = __ovs_nla_copy_actions(net, attr, key, sfa, key->eth.type, +- key->eth.vlan.tci, mpls_label_count, log); ++ key->eth.vlan.tci, mpls_label_count, log, ++ 0); + if (err) + ovs_nla_free_flow_actions(*sfa); + +-- +2.43.0 + diff --git a/queue-6.7/net-sysfs-fix-sys-class-net-iface-path-for-statistic.patch b/queue-6.7/net-sysfs-fix-sys-class-net-iface-path-for-statistic.patch new file mode 100644 index 00000000000..af3c34473e5 --- /dev/null +++ b/queue-6.7/net-sysfs-fix-sys-class-net-iface-path-for-statistic.patch @@ -0,0 +1,244 @@ +From d4889410d6c27e1814908f8506d69dc39dd8c639 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 9 Feb 2024 01:55:18 -0800 +Subject: net: sysfs: Fix /sys/class/net/ path for statistics + +From: Breno Leitao + +[ Upstream commit 5b3fbd61b9d1f4ed2db95aaf03f9adae0373784d ] + +The Documentation/ABI/testing/sysfs-class-net-statistics documentation +is pointing to the wrong path for the interface. Documentation is +pointing to /sys/class/, instead of /sys/class/net/. + +Fix it by adding the `net/` directory before the interface. + +Fixes: 6044f9700645 ("net: sysfs: document /sys/class/net/statistics/*") +Signed-off-by: Breno Leitao +Reviewed-by: Andrew Lunn +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + .../ABI/testing/sysfs-class-net-statistics | 48 +++++++++---------- + 1 file changed, 24 insertions(+), 24 deletions(-) + +diff --git a/Documentation/ABI/testing/sysfs-class-net-statistics b/Documentation/ABI/testing/sysfs-class-net-statistics +index 55db27815361..53e508c6936a 100644 +--- a/Documentation/ABI/testing/sysfs-class-net-statistics ++++ b/Documentation/ABI/testing/sysfs-class-net-statistics +@@ -1,4 +1,4 @@ +-What: /sys/class//statistics/collisions ++What: /sys/class/net//statistics/collisions + Date: April 2005 + KernelVersion: 2.6.12 + Contact: netdev@vger.kernel.org +@@ -6,7 +6,7 @@ Description: + Indicates the number of collisions seen by this network device. + This value might not be relevant with all MAC layers. + +-What: /sys/class//statistics/multicast ++What: /sys/class/net//statistics/multicast + Date: April 2005 + KernelVersion: 2.6.12 + Contact: netdev@vger.kernel.org +@@ -14,7 +14,7 @@ Description: + Indicates the number of multicast packets received by this + network device. + +-What: /sys/class//statistics/rx_bytes ++What: /sys/class/net//statistics/rx_bytes + Date: April 2005 + KernelVersion: 2.6.12 + Contact: netdev@vger.kernel.org +@@ -23,7 +23,7 @@ Description: + See the network driver for the exact meaning of when this + value is incremented. + +-What: /sys/class//statistics/rx_compressed ++What: /sys/class/net//statistics/rx_compressed + Date: April 2005 + KernelVersion: 2.6.12 + Contact: netdev@vger.kernel.org +@@ -32,7 +32,7 @@ Description: + network device. This value might only be relevant for interfaces + that support packet compression (e.g: PPP). + +-What: /sys/class//statistics/rx_crc_errors ++What: /sys/class/net//statistics/rx_crc_errors + Date: April 2005 + KernelVersion: 2.6.12 + Contact: netdev@vger.kernel.org +@@ -41,7 +41,7 @@ Description: + by this network device. Note that the specific meaning might + depend on the MAC layer used by the interface. + +-What: /sys/class//statistics/rx_dropped ++What: /sys/class/net//statistics/rx_dropped + Date: April 2005 + KernelVersion: 2.6.12 + Contact: netdev@vger.kernel.org +@@ -51,7 +51,7 @@ Description: + packet processing. See the network driver for the exact + meaning of this value. + +-What: /sys/class//statistics/rx_errors ++What: /sys/class/net//statistics/rx_errors + Date: April 2005 + KernelVersion: 2.6.12 + Contact: netdev@vger.kernel.org +@@ -59,7 +59,7 @@ Description: + Indicates the number of receive errors on this network device. + See the network driver for the exact meaning of this value. + +-What: /sys/class//statistics/rx_fifo_errors ++What: /sys/class/net//statistics/rx_fifo_errors + Date: April 2005 + KernelVersion: 2.6.12 + Contact: netdev@vger.kernel.org +@@ -68,7 +68,7 @@ Description: + network device. See the network driver for the exact + meaning of this value. + +-What: /sys/class//statistics/rx_frame_errors ++What: /sys/class/net//statistics/rx_frame_errors + Date: April 2005 + KernelVersion: 2.6.12 + Contact: netdev@vger.kernel.org +@@ -78,7 +78,7 @@ Description: + on the MAC layer protocol used. See the network driver for + the exact meaning of this value. + +-What: /sys/class//statistics/rx_length_errors ++What: /sys/class/net//statistics/rx_length_errors + Date: April 2005 + KernelVersion: 2.6.12 + Contact: netdev@vger.kernel.org +@@ -87,7 +87,7 @@ Description: + error, oversized or undersized. See the network driver for the + exact meaning of this value. + +-What: /sys/class//statistics/rx_missed_errors ++What: /sys/class/net//statistics/rx_missed_errors + Date: April 2005 + KernelVersion: 2.6.12 + Contact: netdev@vger.kernel.org +@@ -96,7 +96,7 @@ Description: + due to lack of capacity in the receive side. See the network + driver for the exact meaning of this value. + +-What: /sys/class//statistics/rx_nohandler ++What: /sys/class/net//statistics/rx_nohandler + Date: February 2016 + KernelVersion: 4.6 + Contact: netdev@vger.kernel.org +@@ -104,7 +104,7 @@ Description: + Indicates the number of received packets that were dropped on + an inactive device by the network core. + +-What: /sys/class//statistics/rx_over_errors ++What: /sys/class/net//statistics/rx_over_errors + Date: April 2005 + KernelVersion: 2.6.12 + Contact: netdev@vger.kernel.org +@@ -114,7 +114,7 @@ Description: + (e.g: larger than MTU). See the network driver for the exact + meaning of this value. + +-What: /sys/class//statistics/rx_packets ++What: /sys/class/net//statistics/rx_packets + Date: April 2005 + KernelVersion: 2.6.12 + Contact: netdev@vger.kernel.org +@@ -122,7 +122,7 @@ Description: + Indicates the total number of good packets received by this + network device. + +-What: /sys/class//statistics/tx_aborted_errors ++What: /sys/class/net//statistics/tx_aborted_errors + Date: April 2005 + KernelVersion: 2.6.12 + Contact: netdev@vger.kernel.org +@@ -132,7 +132,7 @@ Description: + a medium collision). See the network driver for the exact + meaning of this value. + +-What: /sys/class//statistics/tx_bytes ++What: /sys/class/net//statistics/tx_bytes + Date: April 2005 + KernelVersion: 2.6.12 + Contact: netdev@vger.kernel.org +@@ -143,7 +143,7 @@ Description: + transmitted packets or all packets that have been queued for + transmission. + +-What: /sys/class//statistics/tx_carrier_errors ++What: /sys/class/net//statistics/tx_carrier_errors + Date: April 2005 + KernelVersion: 2.6.12 + Contact: netdev@vger.kernel.org +@@ -152,7 +152,7 @@ Description: + because of carrier errors (e.g: physical link down). See the + network driver for the exact meaning of this value. + +-What: /sys/class//statistics/tx_compressed ++What: /sys/class/net//statistics/tx_compressed + Date: April 2005 + KernelVersion: 2.6.12 + Contact: netdev@vger.kernel.org +@@ -161,7 +161,7 @@ Description: + this might only be relevant for devices that support + compression (e.g: PPP). + +-What: /sys/class//statistics/tx_dropped ++What: /sys/class/net//statistics/tx_dropped + Date: April 2005 + KernelVersion: 2.6.12 + Contact: netdev@vger.kernel.org +@@ -170,7 +170,7 @@ Description: + See the driver for the exact reasons as to why the packets were + dropped. + +-What: /sys/class//statistics/tx_errors ++What: /sys/class/net//statistics/tx_errors + Date: April 2005 + KernelVersion: 2.6.12 + Contact: netdev@vger.kernel.org +@@ -179,7 +179,7 @@ Description: + a network device. See the driver for the exact reasons as to + why the packets were dropped. + +-What: /sys/class//statistics/tx_fifo_errors ++What: /sys/class/net//statistics/tx_fifo_errors + Date: April 2005 + KernelVersion: 2.6.12 + Contact: netdev@vger.kernel.org +@@ -188,7 +188,7 @@ Description: + FIFO error. See the driver for the exact reasons as to why the + packets were dropped. + +-What: /sys/class//statistics/tx_heartbeat_errors ++What: /sys/class/net//statistics/tx_heartbeat_errors + Date: April 2005 + KernelVersion: 2.6.12 + Contact: netdev@vger.kernel.org +@@ -197,7 +197,7 @@ Description: + reported as heartbeat errors. See the driver for the exact + reasons as to why the packets were dropped. + +-What: /sys/class//statistics/tx_packets ++What: /sys/class/net//statistics/tx_packets + Date: April 2005 + KernelVersion: 2.6.12 + Contact: netdev@vger.kernel.org +@@ -206,7 +206,7 @@ Description: + device. See the driver for whether this reports the number of all + attempted or successful transmissions. + +-What: /sys/class//statistics/tx_window_errors ++What: /sys/class/net//statistics/tx_window_errors + Date: April 2005 + KernelVersion: 2.6.12 + Contact: netdev@vger.kernel.org +-- +2.43.0 + diff --git a/queue-6.7/net-tls-factor-out-tls_-crypt_async_wait.patch b/queue-6.7/net-tls-factor-out-tls_-crypt_async_wait.patch new file mode 100644 index 00000000000..4350fc7ed37 --- /dev/null +++ b/queue-6.7/net-tls-factor-out-tls_-crypt_async_wait.patch @@ -0,0 +1,189 @@ +From 28671fb96af4c24f5ba921f95438d8e087bfa4e6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 6 Feb 2024 17:18:18 -0800 +Subject: net: tls: factor out tls_*crypt_async_wait() + +From: Jakub Kicinski + +[ Upstream commit c57ca512f3b68ddcd62bda9cc24a8f5584ab01b1 ] + +Factor out waiting for async encrypt and decrypt to finish. +There are already multiple copies and a subsequent fix will +need more. No functional changes. + +Note that crypto_wait_req() returns wait->err + +Signed-off-by: Jakub Kicinski +Reviewed-by: Simon Horman +Reviewed-by: Sabrina Dubroca +Signed-off-by: David S. Miller +Stable-dep-of: aec7961916f3 ("tls: fix race between async notify and socket close") +Signed-off-by: Sasha Levin +--- + net/tls/tls_sw.c | 96 +++++++++++++++++++++++------------------------- + 1 file changed, 45 insertions(+), 51 deletions(-) + +diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c +index 31e8a94dfc11..6a73714f34cc 100644 +--- a/net/tls/tls_sw.c ++++ b/net/tls/tls_sw.c +@@ -230,6 +230,20 @@ static void tls_decrypt_done(void *data, int err) + spin_unlock_bh(&ctx->decrypt_compl_lock); + } + ++static int tls_decrypt_async_wait(struct tls_sw_context_rx *ctx) ++{ ++ int pending; ++ ++ spin_lock_bh(&ctx->decrypt_compl_lock); ++ reinit_completion(&ctx->async_wait.completion); ++ pending = atomic_read(&ctx->decrypt_pending); ++ spin_unlock_bh(&ctx->decrypt_compl_lock); ++ if (pending) ++ crypto_wait_req(-EINPROGRESS, &ctx->async_wait); ++ ++ return ctx->async_wait.err; ++} ++ + static int tls_do_decryption(struct sock *sk, + struct scatterlist *sgin, + struct scatterlist *sgout, +@@ -495,6 +509,28 @@ static void tls_encrypt_done(void *data, int err) + schedule_delayed_work(&ctx->tx_work.work, 1); + } + ++static int tls_encrypt_async_wait(struct tls_sw_context_tx *ctx) ++{ ++ int pending; ++ ++ spin_lock_bh(&ctx->encrypt_compl_lock); ++ ctx->async_notify = true; ++ ++ pending = atomic_read(&ctx->encrypt_pending); ++ spin_unlock_bh(&ctx->encrypt_compl_lock); ++ if (pending) ++ crypto_wait_req(-EINPROGRESS, &ctx->async_wait); ++ else ++ reinit_completion(&ctx->async_wait.completion); ++ ++ /* There can be no concurrent accesses, since we have no ++ * pending encrypt operations ++ */ ++ WRITE_ONCE(ctx->async_notify, false); ++ ++ return ctx->async_wait.err; ++} ++ + static int tls_do_encryption(struct sock *sk, + struct tls_context *tls_ctx, + struct tls_sw_context_tx *ctx, +@@ -984,7 +1020,6 @@ static int tls_sw_sendmsg_locked(struct sock *sk, struct msghdr *msg, + int num_zc = 0; + int orig_size; + int ret = 0; +- int pending; + + if (!eor && (msg->msg_flags & MSG_EOR)) + return -EINVAL; +@@ -1163,24 +1198,12 @@ static int tls_sw_sendmsg_locked(struct sock *sk, struct msghdr *msg, + if (!num_async) { + goto send_end; + } else if (num_zc) { +- /* Wait for pending encryptions to get completed */ +- spin_lock_bh(&ctx->encrypt_compl_lock); +- ctx->async_notify = true; +- +- pending = atomic_read(&ctx->encrypt_pending); +- spin_unlock_bh(&ctx->encrypt_compl_lock); +- if (pending) +- crypto_wait_req(-EINPROGRESS, &ctx->async_wait); +- else +- reinit_completion(&ctx->async_wait.completion); +- +- /* There can be no concurrent accesses, since we have no +- * pending encrypt operations +- */ +- WRITE_ONCE(ctx->async_notify, false); ++ int err; + +- if (ctx->async_wait.err) { +- ret = ctx->async_wait.err; ++ /* Wait for pending encryptions to get completed */ ++ err = tls_encrypt_async_wait(ctx); ++ if (err) { ++ ret = err; + copied = 0; + } + } +@@ -1229,7 +1252,6 @@ void tls_sw_splice_eof(struct socket *sock) + ssize_t copied = 0; + bool retrying = false; + int ret = 0; +- int pending; + + if (!ctx->open_rec) + return; +@@ -1264,22 +1286,7 @@ void tls_sw_splice_eof(struct socket *sock) + } + + /* Wait for pending encryptions to get completed */ +- spin_lock_bh(&ctx->encrypt_compl_lock); +- ctx->async_notify = true; +- +- pending = atomic_read(&ctx->encrypt_pending); +- spin_unlock_bh(&ctx->encrypt_compl_lock); +- if (pending) +- crypto_wait_req(-EINPROGRESS, &ctx->async_wait); +- else +- reinit_completion(&ctx->async_wait.completion); +- +- /* There can be no concurrent accesses, since we have no pending +- * encrypt operations +- */ +- WRITE_ONCE(ctx->async_notify, false); +- +- if (ctx->async_wait.err) ++ if (tls_encrypt_async_wait(ctx)) + goto unlock; + + /* Transmit if any encryptions have completed */ +@@ -2109,16 +2116,10 @@ int tls_sw_recvmsg(struct sock *sk, + + recv_end: + if (async) { +- int ret, pending; ++ int ret; + + /* Wait for all previously submitted records to be decrypted */ +- spin_lock_bh(&ctx->decrypt_compl_lock); +- reinit_completion(&ctx->async_wait.completion); +- pending = atomic_read(&ctx->decrypt_pending); +- spin_unlock_bh(&ctx->decrypt_compl_lock); +- ret = 0; +- if (pending) +- ret = crypto_wait_req(-EINPROGRESS, &ctx->async_wait); ++ ret = tls_decrypt_async_wait(ctx); + __skb_queue_purge(&ctx->async_hold); + + if (ret) { +@@ -2435,16 +2436,9 @@ void tls_sw_release_resources_tx(struct sock *sk) + struct tls_context *tls_ctx = tls_get_ctx(sk); + struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx); + struct tls_rec *rec, *tmp; +- int pending; + + /* Wait for any pending async encryptions to complete */ +- spin_lock_bh(&ctx->encrypt_compl_lock); +- ctx->async_notify = true; +- pending = atomic_read(&ctx->encrypt_pending); +- spin_unlock_bh(&ctx->encrypt_compl_lock); +- +- if (pending) +- crypto_wait_req(-EINPROGRESS, &ctx->async_wait); ++ tls_encrypt_async_wait(ctx); + + tls_tx_records(sk, -1); + +-- +2.43.0 + diff --git a/queue-6.7/net-tls-fix-returned-read-length-with-async-decrypt.patch b/queue-6.7/net-tls-fix-returned-read-length-with-async-decrypt.patch new file mode 100644 index 00000000000..4b5d3b8f917 --- /dev/null +++ b/queue-6.7/net-tls-fix-returned-read-length-with-async-decrypt.patch @@ -0,0 +1,40 @@ +From 25e171d48b5abfbcc34d5509589b2a5c5274fdf3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 6 Feb 2024 17:18:24 -0800 +Subject: net: tls: fix returned read length with async decrypt + +From: Jakub Kicinski + +[ Upstream commit ac437a51ce662364062f704e321227f6728e6adc ] + +We double count async, non-zc rx data. The previous fix was +lucky because if we fully zc async_copy_bytes is 0 so we add 0. +Decrypted already has all the bytes we handled, in all cases. +We don't have to adjust anything, delete the erroneous line. + +Fixes: 4d42cd6bc2ac ("tls: rx: fix return value for async crypto") +Co-developed-by: Sabrina Dubroca +Signed-off-by: Sabrina Dubroca +Signed-off-by: Jakub Kicinski +Reviewed-by: Simon Horman +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + net/tls/tls_sw.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c +index a6eff21ade23..9fbc70200cd0 100644 +--- a/net/tls/tls_sw.c ++++ b/net/tls/tls_sw.c +@@ -2132,7 +2132,6 @@ int tls_sw_recvmsg(struct sock *sk, + else + err = process_rx_list(ctx, msg, &control, 0, + async_copy_bytes, is_peek); +- decrypted += max(err, 0); + } + + copied += decrypted; +-- +2.43.0 + diff --git a/queue-6.7/net-tls-fix-use-after-free-with-partial-reads-and-as.patch b/queue-6.7/net-tls-fix-use-after-free-with-partial-reads-and-as.patch new file mode 100644 index 00000000000..cdce4bc9c78 --- /dev/null +++ b/queue-6.7/net-tls-fix-use-after-free-with-partial-reads-and-as.patch @@ -0,0 +1,64 @@ +From e2e33345eb165e122d1d3b4dd1c4ccd46158da1d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 6 Feb 2024 17:18:22 -0800 +Subject: net: tls: fix use-after-free with partial reads and async decrypt + +From: Sabrina Dubroca + +[ Upstream commit 32b55c5ff9103b8508c1e04bfa5a08c64e7a925f ] + +tls_decrypt_sg doesn't take a reference on the pages from clear_skb, +so the put_page() in tls_decrypt_done releases them, and we trigger +a use-after-free in process_rx_list when we try to read from the +partially-read skb. + +Fixes: fd31f3996af2 ("tls: rx: decrypt into a fresh skb") +Signed-off-by: Sabrina Dubroca +Signed-off-by: Jakub Kicinski +Reviewed-by: Simon Horman +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + net/tls/tls_sw.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c +index 63bef5666e36..a6eff21ade23 100644 +--- a/net/tls/tls_sw.c ++++ b/net/tls/tls_sw.c +@@ -63,6 +63,7 @@ struct tls_decrypt_ctx { + u8 iv[TLS_MAX_IV_SIZE]; + u8 aad[TLS_MAX_AAD_SIZE]; + u8 tail; ++ bool free_sgout; + struct scatterlist sg[]; + }; + +@@ -187,7 +188,6 @@ static void tls_decrypt_done(void *data, int err) + struct aead_request *aead_req = data; + struct crypto_aead *aead = crypto_aead_reqtfm(aead_req); + struct scatterlist *sgout = aead_req->dst; +- struct scatterlist *sgin = aead_req->src; + struct tls_sw_context_rx *ctx; + struct tls_decrypt_ctx *dctx; + struct tls_context *tls_ctx; +@@ -224,7 +224,7 @@ static void tls_decrypt_done(void *data, int err) + } + + /* Free the destination pages if skb was not decrypted inplace */ +- if (sgout != sgin) { ++ if (dctx->free_sgout) { + /* Skip the first S/G entry as it points to AAD */ + for_each_sg(sg_next(sgout), sg, UINT_MAX, pages) { + if (!sg) +@@ -1583,6 +1583,7 @@ static int tls_decrypt_sg(struct sock *sk, struct iov_iter *out_iov, + } else if (out_sg) { + memcpy(sgout, out_sg, n_sgout * sizeof(*sgout)); + } ++ dctx->free_sgout = !!pages; + + /* Prepare and submit AEAD request */ + err = tls_do_decryption(sk, sgin, sgout, dctx->iv, +-- +2.43.0 + diff --git a/queue-6.7/net-tls-handle-backlogging-of-crypto-requests.patch b/queue-6.7/net-tls-handle-backlogging-of-crypto-requests.patch new file mode 100644 index 00000000000..4e2498ff561 --- /dev/null +++ b/queue-6.7/net-tls-handle-backlogging-of-crypto-requests.patch @@ -0,0 +1,93 @@ +From ad3b80c305ea221f6b42b7578352f4d58fb34eb0 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 6 Feb 2024 17:18:21 -0800 +Subject: net: tls: handle backlogging of crypto requests + +From: Jakub Kicinski + +[ Upstream commit 8590541473188741055d27b955db0777569438e3 ] + +Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our +requests to the crypto API, crypto_aead_{encrypt,decrypt} can return + -EBUSY instead of -EINPROGRESS in valid situations. For example, when +the cryptd queue for AESNI is full (easy to trigger with an +artificially low cryptd.cryptd_max_cpu_qlen), requests will be enqueued +to the backlog but still processed. In that case, the async callback +will also be called twice: first with err == -EINPROGRESS, which it +seems we can just ignore, then with err == 0. + +Compared to Sabrina's original patch this version uses the new +tls_*crypt_async_wait() helpers and converts the EBUSY to +EINPROGRESS to avoid having to modify all the error handling +paths. The handling is identical. + +Fixes: a54667f6728c ("tls: Add support for encryption using async offload accelerator") +Fixes: 94524d8fc965 ("net/tls: Add support for async decryption of tls records") +Co-developed-by: Sabrina Dubroca +Signed-off-by: Sabrina Dubroca +Link: https://lore.kernel.org/netdev/9681d1febfec295449a62300938ed2ae66983f28.1694018970.git.sd@queasysnail.net/ +Signed-off-by: Jakub Kicinski +Reviewed-by: Simon Horman +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + net/tls/tls_sw.c | 22 ++++++++++++++++++++++ + 1 file changed, 22 insertions(+) + +diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c +index 9374a61cef00..63bef5666e36 100644 +--- a/net/tls/tls_sw.c ++++ b/net/tls/tls_sw.c +@@ -196,6 +196,17 @@ static void tls_decrypt_done(void *data, int err) + struct sock *sk; + int aead_size; + ++ /* If requests get too backlogged crypto API returns -EBUSY and calls ++ * ->complete(-EINPROGRESS) immediately followed by ->complete(0) ++ * to make waiting for backlog to flush with crypto_wait_req() easier. ++ * First wait converts -EBUSY -> -EINPROGRESS, and the second one ++ * -EINPROGRESS -> 0. ++ * We have a single struct crypto_async_request per direction, this ++ * scheme doesn't help us, so just ignore the first ->complete(). ++ */ ++ if (err == -EINPROGRESS) ++ return; ++ + aead_size = sizeof(*aead_req) + crypto_aead_reqsize(aead); + aead_size = ALIGN(aead_size, __alignof__(*dctx)); + dctx = (void *)((u8 *)aead_req + aead_size); +@@ -269,6 +280,10 @@ static int tls_do_decryption(struct sock *sk, + } + + ret = crypto_aead_decrypt(aead_req); ++ if (ret == -EBUSY) { ++ ret = tls_decrypt_async_wait(ctx); ++ ret = ret ?: -EINPROGRESS; ++ } + if (ret == -EINPROGRESS) { + if (darg->async) + return 0; +@@ -449,6 +464,9 @@ static void tls_encrypt_done(void *data, int err) + struct sk_msg *msg_en; + struct sock *sk; + ++ if (err == -EINPROGRESS) /* see the comment in tls_decrypt_done() */ ++ return; ++ + msg_en = &rec->msg_encrypted; + + sk = rec->sk; +@@ -553,6 +571,10 @@ static int tls_do_encryption(struct sock *sk, + atomic_inc(&ctx->encrypt_pending); + + rc = crypto_aead_encrypt(aead_req); ++ if (rc == -EBUSY) { ++ rc = tls_encrypt_async_wait(ctx); ++ rc = rc ?: -EINPROGRESS; ++ } + if (!rc || rc != -EINPROGRESS) { + atomic_dec(&ctx->encrypt_pending); + sge->offset -= prot->prepend_size; +-- +2.43.0 + diff --git a/queue-6.7/nouveau-svm-fix-kvcalloc-argument-order.patch b/queue-6.7/nouveau-svm-fix-kvcalloc-argument-order.patch new file mode 100644 index 00000000000..4a0de7e4609 --- /dev/null +++ b/queue-6.7/nouveau-svm-fix-kvcalloc-argument-order.patch @@ -0,0 +1,46 @@ +From fcff64ce7f508bad5cc5a9da890deee0d103a4e9 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 12 Feb 2024 12:22:17 +0100 +Subject: nouveau/svm: fix kvcalloc() argument order + +From: Arnd Bergmann + +[ Upstream commit 2c80a2b715df75881359d07dbaacff8ad411f40e ] + +The conversion to kvcalloc() mixed up the object size and count +arguments, causing a warning: + +drivers/gpu/drm/nouveau/nouveau_svm.c: In function 'nouveau_svm_fault_buffer_ctor': +drivers/gpu/drm/nouveau/nouveau_svm.c:1010:40: error: 'kvcalloc' sizes specified with 'sizeof' in the earlier argument and not in the later argument [-Werror=calloc-transposed-args] + 1010 | buffer->fault = kvcalloc(sizeof(*buffer->fault), buffer->entries, GFP_KERNEL); + | ^ +drivers/gpu/drm/nouveau/nouveau_svm.c:1010:40: note: earlier argument should specify number of elements, later size of each element + +The behavior is still correct aside from the warning, but fixing it avoids +the warnings and can help the compiler track the individual objects better. + +Fixes: 71e4bbca070e ("nouveau/svm: Use kvcalloc() instead of kvzalloc()") +Signed-off-by: Arnd Bergmann +Signed-off-by: Danilo Krummrich +Link: https://patchwork.freedesktop.org/patch/msgid/20240212112230.1117284-1-arnd@kernel.org +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/nouveau/nouveau_svm.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/nouveau/nouveau_svm.c b/drivers/gpu/drm/nouveau/nouveau_svm.c +index cc03e0c22ff3..5e4565c5011a 100644 +--- a/drivers/gpu/drm/nouveau/nouveau_svm.c ++++ b/drivers/gpu/drm/nouveau/nouveau_svm.c +@@ -1011,7 +1011,7 @@ nouveau_svm_fault_buffer_ctor(struct nouveau_svm *svm, s32 oclass, int id) + if (ret) + return ret; + +- buffer->fault = kvcalloc(sizeof(*buffer->fault), buffer->entries, GFP_KERNEL); ++ buffer->fault = kvcalloc(buffer->entries, sizeof(*buffer->fault), GFP_KERNEL); + if (!buffer->fault) + return -ENOMEM; + +-- +2.43.0 + diff --git a/queue-6.7/of-property-improve-finding-the-consumer-of-a-remote.patch b/queue-6.7/of-property-improve-finding-the-consumer-of-a-remote.patch new file mode 100644 index 00000000000..8517ca0c32d --- /dev/null +++ b/queue-6.7/of-property-improve-finding-the-consumer-of-a-remote.patch @@ -0,0 +1,116 @@ +From e2ca70051bec717b7ab975fbb92eb688e85fa2f1 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 6 Feb 2024 17:18:00 -0800 +Subject: of: property: Improve finding the consumer of a remote-endpoint + property + +From: Saravana Kannan + +[ Upstream commit f4653ec9861cd96a1a6a3258c4a807898ee8cf3c ] + +We have a more accurate function to find the right consumer of a +remote-endpoint property instead of searching for a parent with +compatible string property. So, use that instead. While at it, make the +code to find the consumer a bit more flexible and based on the property +being parsed. + +Fixes: f7514a663016 ("of: property: fw_devlink: Add support for remote-endpoint") +Signed-off-by: Saravana Kannan +Link: https://lore.kernel.org/r/20240207011803.2637531-2-saravanak@google.com +Signed-off-by: Rob Herring +Signed-off-by: Sasha Levin +--- + drivers/of/property.c | 47 +++++++++---------------------------------- + 1 file changed, 10 insertions(+), 37 deletions(-) + +diff --git a/drivers/of/property.c b/drivers/of/property.c +index afdaefbd03f6..41c3da8a54b6 100644 +--- a/drivers/of/property.c ++++ b/drivers/of/property.c +@@ -1062,36 +1062,6 @@ of_fwnode_device_get_match_data(const struct fwnode_handle *fwnode, + return of_device_get_match_data(dev); + } + +-static struct device_node *of_get_compat_node(struct device_node *np) +-{ +- of_node_get(np); +- +- while (np) { +- if (!of_device_is_available(np)) { +- of_node_put(np); +- np = NULL; +- } +- +- if (of_property_present(np, "compatible")) +- break; +- +- np = of_get_next_parent(np); +- } +- +- return np; +-} +- +-static struct device_node *of_get_compat_node_parent(struct device_node *np) +-{ +- struct device_node *parent, *node; +- +- parent = of_get_parent(np); +- node = of_get_compat_node(parent); +- of_node_put(parent); +- +- return node; +-} +- + static void of_link_to_phandle(struct device_node *con_np, + struct device_node *sup_np) + { +@@ -1221,10 +1191,10 @@ static struct device_node *parse_##fname(struct device_node *np, \ + * @parse_prop.prop_name: Name of property holding a phandle value + * @parse_prop.index: For properties holding a list of phandles, this is the + * index into the list ++ * @get_con_dev: If the consumer node containing the property is never converted ++ * to a struct device, implement this ops so fw_devlink can use it ++ * to find the true consumer. + * @optional: Describes whether a supplier is mandatory or not +- * @node_not_dev: The consumer node containing the property is never converted +- * to a struct device. Instead, parse ancestor nodes for the +- * compatible property to find a node corresponding to a device. + * + * Returns: + * parse_prop() return values are +@@ -1235,8 +1205,8 @@ static struct device_node *parse_##fname(struct device_node *np, \ + struct supplier_bindings { + struct device_node *(*parse_prop)(struct device_node *np, + const char *prop_name, int index); ++ struct device_node *(*get_con_dev)(struct device_node *np); + bool optional; +- bool node_not_dev; + }; + + DEFINE_SIMPLE_PROP(clocks, "clocks", "#clock-cells") +@@ -1351,7 +1321,10 @@ static const struct supplier_bindings of_supplier_bindings[] = { + { .parse_prop = parse_pinctrl6, }, + { .parse_prop = parse_pinctrl7, }, + { .parse_prop = parse_pinctrl8, }, +- { .parse_prop = parse_remote_endpoint, .node_not_dev = true, }, ++ { ++ .parse_prop = parse_remote_endpoint, ++ .get_con_dev = of_graph_get_port_parent, ++ }, + { .parse_prop = parse_pwms, }, + { .parse_prop = parse_resets, }, + { .parse_prop = parse_leds, }, +@@ -1402,8 +1375,8 @@ static int of_link_property(struct device_node *con_np, const char *prop_name) + while ((phandle = s->parse_prop(con_np, prop_name, i))) { + struct device_node *con_dev_np; + +- con_dev_np = s->node_not_dev +- ? of_get_compat_node_parent(con_np) ++ con_dev_np = s->get_con_dev ++ ? s->get_con_dev(con_np) + : of_node_get(con_np); + matched = true; + i++; +-- +2.43.0 + diff --git a/queue-6.7/of-property-improve-finding-the-supplier-of-a-remote.patch b/queue-6.7/of-property-improve-finding-the-supplier-of-a-remote.patch new file mode 100644 index 00000000000..6126d6926fc --- /dev/null +++ b/queue-6.7/of-property-improve-finding-the-supplier-of-a-remote.patch @@ -0,0 +1,58 @@ +From 8168201e2e750a1cdd139400a02c993e77b1cced Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 6 Feb 2024 17:18:01 -0800 +Subject: of: property: Improve finding the supplier of a remote-endpoint + property + +From: Saravana Kannan + +[ Upstream commit 782bfd03c3ae2c0e6e01b661b8e18f1de50357be ] + +After commit 4a032827daa8 ("of: property: Simplify of_link_to_phandle()"), +remote-endpoint properties created a fwnode link from the consumer device +to the supplier endpoint. This is a tiny bit inefficient (not buggy) when +trying to create device links or detecting cycles. So, improve this the +same way we improved finding the consumer of a remote-endpoint property. + +Fixes: 4a032827daa8 ("of: property: Simplify of_link_to_phandle()") +Signed-off-by: Saravana Kannan +Link: https://lore.kernel.org/r/20240207011803.2637531-3-saravanak@google.com +Signed-off-by: Rob Herring +Signed-off-by: Sasha Levin +--- + drivers/of/property.c | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/drivers/of/property.c b/drivers/of/property.c +index 41c3da8a54b6..aacedfdfedc6 100644 +--- a/drivers/of/property.c ++++ b/drivers/of/property.c +@@ -1231,7 +1231,6 @@ DEFINE_SIMPLE_PROP(pinctrl5, "pinctrl-5", NULL) + DEFINE_SIMPLE_PROP(pinctrl6, "pinctrl-6", NULL) + DEFINE_SIMPLE_PROP(pinctrl7, "pinctrl-7", NULL) + DEFINE_SIMPLE_PROP(pinctrl8, "pinctrl-8", NULL) +-DEFINE_SIMPLE_PROP(remote_endpoint, "remote-endpoint", NULL) + DEFINE_SIMPLE_PROP(pwms, "pwms", "#pwm-cells") + DEFINE_SIMPLE_PROP(resets, "resets", "#reset-cells") + DEFINE_SIMPLE_PROP(leds, "leds", NULL) +@@ -1297,6 +1296,17 @@ static struct device_node *parse_interrupts(struct device_node *np, + return of_irq_parse_one(np, index, &sup_args) ? NULL : sup_args.np; + } + ++static struct device_node *parse_remote_endpoint(struct device_node *np, ++ const char *prop_name, ++ int index) ++{ ++ /* Return NULL for index > 0 to signify end of remote-endpoints. */ ++ if (!index || strcmp(prop_name, "remote-endpoint")) ++ return NULL; ++ ++ return of_graph_get_remote_port_parent(np); ++} ++ + static const struct supplier_bindings of_supplier_bindings[] = { + { .parse_prop = parse_clocks, }, + { .parse_prop = parse_interconnects, }, +-- +2.43.0 + diff --git a/queue-6.7/of-unittest-fix-compile-in-the-non-dynamic-case.patch b/queue-6.7/of-unittest-fix-compile-in-the-non-dynamic-case.patch new file mode 100644 index 00000000000..f6c4175081a --- /dev/null +++ b/queue-6.7/of-unittest-fix-compile-in-the-non-dynamic-case.patch @@ -0,0 +1,68 @@ +From 40d961eb208b53c412e64799f95d683edf1f239f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 29 Jan 2024 20:25:56 +0100 +Subject: of: unittest: Fix compile in the non-dynamic case + +From: Christian A. Ehrhardt + +[ Upstream commit 607aad1e4356c210dbef9022955a3089377909b2 ] + +If CONFIG_OF_KOBJ is not set, a device_node does not contain a +kobj and attempts to access the embedded kobj via kref_read break +the compile. + +Replace affected kref_read calls with a macro that reads the +refcount if it exists and returns 1 if there is no embedded kobj. + +Reported-by: kernel test robot +Closes: https://lore.kernel.org/oe-kbuild-all/202401291740.VP219WIz-lkp@intel.com/ +Fixes: 4dde83569832 ("of: Fix double free in of_parse_phandle_with_args_map") +Signed-off-by: Christian A. Ehrhardt +Link: https://lore.kernel.org/r/20240129192556.403271-1-lk@c--e.de +Signed-off-by: Rob Herring +Signed-off-by: Sasha Levin +--- + drivers/of/unittest.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/drivers/of/unittest.c b/drivers/of/unittest.c +index cfd60e35a899..d7593bde2d02 100644 +--- a/drivers/of/unittest.c ++++ b/drivers/of/unittest.c +@@ -50,6 +50,12 @@ static struct unittest_results { + failed; \ + }) + ++#ifdef CONFIG_OF_KOBJ ++#define OF_KREF_READ(NODE) kref_read(&(NODE)->kobj.kref) ++#else ++#define OF_KREF_READ(NODE) 1 ++#endif ++ + /* + * Expected message may have a message level other than KERN_INFO. + * Print the expected message only if the current loglevel will allow +@@ -570,7 +576,7 @@ static void __init of_unittest_parse_phandle_with_args_map(void) + pr_err("missing testcase data\n"); + return; + } +- prefs[i] = kref_read(&p[i]->kobj.kref); ++ prefs[i] = OF_KREF_READ(p[i]); + } + + rc = of_count_phandle_with_args(np, "phandle-list", "#phandle-cells"); +@@ -693,9 +699,9 @@ static void __init of_unittest_parse_phandle_with_args_map(void) + unittest(rc == -EINVAL, "expected:%i got:%i\n", -EINVAL, rc); + + for (i = 0; i < ARRAY_SIZE(p); ++i) { +- unittest(prefs[i] == kref_read(&p[i]->kobj.kref), ++ unittest(prefs[i] == OF_KREF_READ(p[i]), + "provider%d: expected:%d got:%d\n", +- i, prefs[i], kref_read(&p[i]->kobj.kref)); ++ i, prefs[i], OF_KREF_READ(p[i])); + of_node_put(p[i]); + } + } +-- +2.43.0 + diff --git a/queue-6.7/perf-cxl-fix-mismatched-cpmu-event-opcode.patch b/queue-6.7/perf-cxl-fix-mismatched-cpmu-event-opcode.patch new file mode 100644 index 00000000000..46cc404f99c --- /dev/null +++ b/queue-6.7/perf-cxl-fix-mismatched-cpmu-event-opcode.patch @@ -0,0 +1,38 @@ +From 91ee9bbc6dee136b05c206416641d0f746671a69 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 8 Feb 2024 10:34:15 +0900 +Subject: perf: CXL: fix mismatched cpmu event opcode + +From: Hojin Nam + +[ Upstream commit 719da04f2d1285922abca72b074fb6fa75d464ea ] + +S2M NDR BI-ConflictAck opcode is described as 4 in the CXL +r3.0 3.3.9 Table 3.43. However, it is defined as 3 in macro definition. + +Fixes: 5d7107c72796 ("perf: CXL Performance Monitoring Unit driver") +Signed-off-by: Hojin Nam +Reviewed-by: Jonathan Cameron +Link: https://lore.kernel.org/r/20240208013415epcms2p2904187c8a863f4d0d2adc980fb91a2dc@epcms2p2 +Signed-off-by: Will Deacon +Signed-off-by: Sasha Levin +--- + drivers/perf/cxl_pmu.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/perf/cxl_pmu.c b/drivers/perf/cxl_pmu.c +index 365d964b0f6a..bc0d414a6aff 100644 +--- a/drivers/perf/cxl_pmu.c ++++ b/drivers/perf/cxl_pmu.c +@@ -419,7 +419,7 @@ static struct attribute *cxl_pmu_event_attrs[] = { + CXL_PMU_EVENT_CXL_ATTR(s2m_ndr_cmp, CXL_PMU_GID_S2M_NDR, BIT(0)), + CXL_PMU_EVENT_CXL_ATTR(s2m_ndr_cmps, CXL_PMU_GID_S2M_NDR, BIT(1)), + CXL_PMU_EVENT_CXL_ATTR(s2m_ndr_cmpe, CXL_PMU_GID_S2M_NDR, BIT(2)), +- CXL_PMU_EVENT_CXL_ATTR(s2m_ndr_biconflictack, CXL_PMU_GID_S2M_NDR, BIT(3)), ++ CXL_PMU_EVENT_CXL_ATTR(s2m_ndr_biconflictack, CXL_PMU_GID_S2M_NDR, BIT(4)), + /* CXL rev 3.0 Table 3-46 S2M DRS opcodes */ + CXL_PMU_EVENT_CXL_ATTR(s2m_drs_memdata, CXL_PMU_GID_S2M_DRS, BIT(0)), + CXL_PMU_EVENT_CXL_ATTR(s2m_drs_memdatanxm, CXL_PMU_GID_S2M_DRS, BIT(1)), +-- +2.43.0 + diff --git a/queue-6.7/ptrace-introduce-exception_ip-arch-hook.patch b/queue-6.7/ptrace-introduce-exception_ip-arch-hook.patch new file mode 100644 index 00000000000..5b6e7bb6cd7 --- /dev/null +++ b/queue-6.7/ptrace-introduce-exception_ip-arch-hook.patch @@ -0,0 +1,83 @@ +From 084b23b3367c7bcfc1e89c51abb708f48c65a10c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 2 Feb 2024 12:30:26 +0000 +Subject: ptrace: Introduce exception_ip arch hook + +From: Jiaxun Yang + +[ Upstream commit 11ba1728be3edb6928791f4c622f154ebe228ae6 ] + +On architectures with delay slot, architecture level instruction +pointer (or program counter) in pt_regs may differ from where +exception was triggered. + +Introduce exception_ip hook to invoke architecture code and determine +actual instruction pointer to the exception. + +Link: https://lore.kernel.org/lkml/00d1b813-c55f-4365-8d81-d70258e10b16@app.fastmail.com/ +Signed-off-by: Jiaxun Yang +Signed-off-by: Thomas Bogendoerfer +Stable-dep-of: 8fa507083388 ("mm/memory: Use exception ip to search exception tables") +Signed-off-by: Sasha Levin +--- + arch/mips/include/asm/ptrace.h | 2 ++ + arch/mips/kernel/ptrace.c | 7 +++++++ + include/linux/ptrace.h | 4 ++++ + 3 files changed, 13 insertions(+) + +diff --git a/arch/mips/include/asm/ptrace.h b/arch/mips/include/asm/ptrace.h +index daf3cf244ea9..701a233583c2 100644 +--- a/arch/mips/include/asm/ptrace.h ++++ b/arch/mips/include/asm/ptrace.h +@@ -154,6 +154,8 @@ static inline long regs_return_value(struct pt_regs *regs) + } + + #define instruction_pointer(regs) ((regs)->cp0_epc) ++extern unsigned long exception_ip(struct pt_regs *regs); ++#define exception_ip(regs) exception_ip(regs) + #define profile_pc(regs) instruction_pointer(regs) + + extern asmlinkage long syscall_trace_enter(struct pt_regs *regs, long syscall); +diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c +index d9df543f7e2c..59288c13b581 100644 +--- a/arch/mips/kernel/ptrace.c ++++ b/arch/mips/kernel/ptrace.c +@@ -31,6 +31,7 @@ + #include + #include + ++#include + #include + #include + #include +@@ -48,6 +49,12 @@ + #define CREATE_TRACE_POINTS + #include + ++unsigned long exception_ip(struct pt_regs *regs) ++{ ++ return exception_epc(regs); ++} ++EXPORT_SYMBOL(exception_ip); ++ + /* + * Called by kernel/ptrace.c when detaching.. + * +diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h +index eaaef3ffec22..90507d4afcd6 100644 +--- a/include/linux/ptrace.h ++++ b/include/linux/ptrace.h +@@ -393,6 +393,10 @@ static inline void user_single_step_report(struct pt_regs *regs) + #define current_user_stack_pointer() user_stack_pointer(current_pt_regs()) + #endif + ++#ifndef exception_ip ++#define exception_ip(x) instruction_pointer(x) ++#endif ++ + extern int task_current_syscall(struct task_struct *target, struct syscall_info *info); + + extern void sigaction_compat_abi(struct k_sigaction *act, struct k_sigaction *oact); +-- +2.43.0 + diff --git a/queue-6.7/selftests-forwarding-fix-bridge-locked-port-test-fla.patch b/queue-6.7/selftests-forwarding-fix-bridge-locked-port-test-fla.patch new file mode 100644 index 00000000000..1753e75dd64 --- /dev/null +++ b/queue-6.7/selftests-forwarding-fix-bridge-locked-port-test-fla.patch @@ -0,0 +1,67 @@ +From 5ecd9fc66608896497ef1e56db2614f7da4ef792 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 8 Feb 2024 17:55:29 +0200 +Subject: selftests: forwarding: Fix bridge locked port test flakiness + +From: Ido Schimmel + +[ Upstream commit f97f1fcc96908c97a240ff6cb4474e155abfa0d7 ] + +The redirection test case fails in the netdev CI on debug kernels +because an FDB entry is learned despite the presence of a tc filter that +redirects incoming traffic [1]. + +I am unable to reproduce the failure locally, but I can see how it can +happen given that learning is first enabled and only then the ingress tc +filter is configured. On debug kernels the time window between these two +operations is longer compared to regular kernels, allowing random +packets to be transmitted and trigger learning. + +Fix by reversing the order and configure the ingress tc filter before +enabling learning. + +[1] +[...] + # TEST: Locked port MAB redirect [FAIL] + # Locked entry created for redirected traffic + +Fixes: 38c43a1ce758 ("selftests: forwarding: Add test case for traffic redirection from a locked port") +Signed-off-by: Ido Schimmel +Reviewed-by: Hangbin Liu +Acked-by: Nikolay Aleksandrov +Link: https://lore.kernel.org/r/20240208155529.1199729-5-idosch@nvidia.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + tools/testing/selftests/net/forwarding/bridge_locked_port.sh | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tools/testing/selftests/net/forwarding/bridge_locked_port.sh b/tools/testing/selftests/net/forwarding/bridge_locked_port.sh +index 9af9f6964808..c62331b2e006 100755 +--- a/tools/testing/selftests/net/forwarding/bridge_locked_port.sh ++++ b/tools/testing/selftests/net/forwarding/bridge_locked_port.sh +@@ -327,10 +327,10 @@ locked_port_mab_redirect() + RET=0 + check_port_mab_support || return 0 + +- bridge link set dev $swp1 learning on locked on mab on + tc qdisc add dev $swp1 clsact + tc filter add dev $swp1 ingress protocol all pref 1 handle 101 flower \ + action mirred egress redirect dev $swp2 ++ bridge link set dev $swp1 learning on locked on mab on + + ping_do $h1 192.0.2.2 + check_err $? "Ping did not work with redirection" +@@ -349,8 +349,8 @@ locked_port_mab_redirect() + check_err $? "Locked entry not created after deleting filter" + + bridge fdb del `mac_get $h1` vlan 1 dev $swp1 master +- tc qdisc del dev $swp1 clsact + bridge link set dev $swp1 learning off locked off mab off ++ tc qdisc del dev $swp1 clsact + + log_test "Locked port MAB redirect" + } +-- +2.43.0 + diff --git a/queue-6.7/selftests-forwarding-fix-bridge-mdb-test-flakiness.patch b/queue-6.7/selftests-forwarding-fix-bridge-mdb-test-flakiness.patch new file mode 100644 index 00000000000..cfd12229b0c --- /dev/null +++ b/queue-6.7/selftests-forwarding-fix-bridge-mdb-test-flakiness.patch @@ -0,0 +1,70 @@ +From c11836ca0284d8e74218cfabb03c035833168e35 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 8 Feb 2024 17:55:27 +0200 +Subject: selftests: forwarding: Fix bridge MDB test flakiness + +From: Ido Schimmel + +[ Upstream commit 7399e2ce4d424f426417496eb289458780eea985 ] + +After enabling a multicast querier on the bridge (like the test is +doing), the bridge will wait for the Max Response Delay before starting +to forward according to its MDB in order to let Membership Reports +enough time to be received and processed. + +Currently, the test is waiting for exactly the default Max Response +Delay (10 seconds) which is racy and leads to failures [1]. + +Fix by reducing the Max Response Delay to 1 second. + +[1] + [...] + # TEST: IPv4 host entries forwarding tests [FAIL] + # Packet locally received after flood + +Fixes: b6d00da08610 ("selftests: forwarding: Add bridge MDB test") +Signed-off-by: Ido Schimmel +Reviewed-by: Hangbin Liu +Acked-by: Nikolay Aleksandrov +Link: https://lore.kernel.org/r/20240208155529.1199729-3-idosch@nvidia.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + tools/testing/selftests/net/forwarding/bridge_mdb.sh | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/tools/testing/selftests/net/forwarding/bridge_mdb.sh b/tools/testing/selftests/net/forwarding/bridge_mdb.sh +index e4e3e9405056..ebeb43f6606c 100755 +--- a/tools/testing/selftests/net/forwarding/bridge_mdb.sh ++++ b/tools/testing/selftests/net/forwarding/bridge_mdb.sh +@@ -1065,14 +1065,17 @@ fwd_test() + echo + log_info "# Forwarding tests" + ++ # Set the Max Response Delay to 100 centiseconds (1 second) so that the ++ # bridge will start forwarding according to its MDB soon after a ++ # multicast querier is enabled. ++ ip link set dev br0 type bridge mcast_query_response_interval 100 ++ + # Forwarding according to MDB entries only takes place when the bridge + # detects that there is a valid querier in the network. Set the bridge + # as the querier and assign it a valid IPv6 link-local address to be + # used as the source address for MLD queries. + ip -6 address add fe80::1/64 nodad dev br0 + ip link set dev br0 type bridge mcast_querier 1 +- # Wait the default Query Response Interval (10 seconds) for the bridge +- # to determine that there are no other queriers in the network. + sleep 10 + + fwd_test_host +@@ -1080,6 +1083,7 @@ fwd_test() + + ip link set dev br0 type bridge mcast_querier 0 + ip -6 address del fe80::1/64 dev br0 ++ ip link set dev br0 type bridge mcast_query_response_interval 1000 + } + + ctrl_igmpv3_is_in_test() +-- +2.43.0 + diff --git a/queue-6.7/selftests-forwarding-fix-layer-2-miss-test-flakiness.patch b/queue-6.7/selftests-forwarding-fix-layer-2-miss-test-flakiness.patch new file mode 100644 index 00000000000..4213c3d2f7c --- /dev/null +++ b/queue-6.7/selftests-forwarding-fix-layer-2-miss-test-flakiness.patch @@ -0,0 +1,70 @@ +From 8c815491e8ac1321483e450822fabdf32750057a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 8 Feb 2024 17:55:26 +0200 +Subject: selftests: forwarding: Fix layer 2 miss test flakiness + +From: Ido Schimmel + +[ Upstream commit 93590849a05edffaefa11695fab98f621259ded2 ] + +After enabling a multicast querier on the bridge (like the test is +doing), the bridge will wait for the Max Response Delay before starting +to forward according to its MDB in order to let Membership Reports +enough time to be received and processed. + +Currently, the test is waiting for exactly the default Max Response +Delay (10 seconds) which is racy and leads to failures [1]. + +Fix by reducing the Max Response Delay to 1 second. + +[1] + [...] + # TEST: L2 miss - Multicast (IPv4) [FAIL] + # Unregistered multicast filter was hit after adding MDB entry + +Fixes: 8c33266ae26a ("selftests: forwarding: Add layer 2 miss test cases") +Signed-off-by: Ido Schimmel +Reviewed-by: Hangbin Liu +Acked-by: Nikolay Aleksandrov +Link: https://lore.kernel.org/r/20240208155529.1199729-2-idosch@nvidia.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + .../testing/selftests/net/forwarding/tc_flower_l2_miss.sh | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/tools/testing/selftests/net/forwarding/tc_flower_l2_miss.sh b/tools/testing/selftests/net/forwarding/tc_flower_l2_miss.sh +index 20a7cb7222b8..c2420bb72c12 100755 +--- a/tools/testing/selftests/net/forwarding/tc_flower_l2_miss.sh ++++ b/tools/testing/selftests/net/forwarding/tc_flower_l2_miss.sh +@@ -209,14 +209,17 @@ test_l2_miss_multicast() + # both registered and unregistered multicast traffic. + bridge link set dev $swp2 mcast_router 2 + ++ # Set the Max Response Delay to 100 centiseconds (1 second) so that the ++ # bridge will start forwarding according to its MDB soon after a ++ # multicast querier is enabled. ++ ip link set dev br1 type bridge mcast_query_response_interval 100 ++ + # Forwarding according to MDB entries only takes place when the bridge + # detects that there is a valid querier in the network. Set the bridge + # as the querier and assign it a valid IPv6 link-local address to be + # used as the source address for MLD queries. + ip link set dev br1 type bridge mcast_querier 1 + ip -6 address add fe80::1/64 nodad dev br1 +- # Wait the default Query Response Interval (10 seconds) for the bridge +- # to determine that there are no other queriers in the network. + sleep 10 + + test_l2_miss_multicast_ipv4 +@@ -224,6 +227,7 @@ test_l2_miss_multicast() + + ip -6 address del fe80::1/64 dev br1 + ip link set dev br1 type bridge mcast_querier 0 ++ ip link set dev br1 type bridge mcast_query_response_interval 1000 + bridge link set dev $swp2 mcast_router 1 + } + +-- +2.43.0 + diff --git a/queue-6.7/selftests-forwarding-suppress-grep-warnings.patch b/queue-6.7/selftests-forwarding-suppress-grep-warnings.patch new file mode 100644 index 00000000000..824328d1007 --- /dev/null +++ b/queue-6.7/selftests-forwarding-suppress-grep-warnings.patch @@ -0,0 +1,72 @@ +From 40c3bd9ce97d69cbbe8a7d9c8e99f0ad96abe917 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 8 Feb 2024 17:55:28 +0200 +Subject: selftests: forwarding: Suppress grep warnings + +From: Ido Schimmel + +[ Upstream commit dd6b34589441f2ad4698dd88a664811550148b41 ] + +Suppress the following grep warnings: + +[...] +INFO: # Port group entries configuration tests - (*, G) +TEST: Common port group entries configuration tests (IPv4 (*, G)) [ OK ] +TEST: Common port group entries configuration tests (IPv6 (*, G)) [ OK ] +grep: warning: stray \ before / +grep: warning: stray \ before / +grep: warning: stray \ before / +TEST: IPv4 (*, G) port group entries configuration tests [ OK ] +grep: warning: stray \ before / +grep: warning: stray \ before / +grep: warning: stray \ before / +TEST: IPv6 (*, G) port group entries configuration tests [ OK ] +[...] + +They do not fail the test, but do clutter the output. + +Fixes: b6d00da08610 ("selftests: forwarding: Add bridge MDB test") +Signed-off-by: Ido Schimmel +Reviewed-by: Hangbin Liu +Acked-by: Nikolay Aleksandrov +Link: https://lore.kernel.org/r/20240208155529.1199729-4-idosch@nvidia.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + tools/testing/selftests/net/forwarding/bridge_mdb.sh | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/tools/testing/selftests/net/forwarding/bridge_mdb.sh b/tools/testing/selftests/net/forwarding/bridge_mdb.sh +index ebeb43f6606c..a3678dfe5848 100755 +--- a/tools/testing/selftests/net/forwarding/bridge_mdb.sh ++++ b/tools/testing/selftests/net/forwarding/bridge_mdb.sh +@@ -329,7 +329,7 @@ __cfg_test_port_ip_star_g() + + bridge -d -s mdb get dev br0 grp $grp vid 10 | grep -q " 0.00" + check_err $? "(*, G) \"permanent\" entry has a pending group timer" +- bridge -d -s mdb get dev br0 grp $grp vid 10 | grep -q "\/0.00" ++ bridge -d -s mdb get dev br0 grp $grp vid 10 | grep -q "/0.00" + check_err $? "\"permanent\" source entry has a pending source timer" + + bridge mdb del dev br0 port $swp1 grp $grp vid 10 +@@ -346,7 +346,7 @@ __cfg_test_port_ip_star_g() + + bridge -d -s mdb get dev br0 grp $grp vid 10 | grep -q " 0.00" + check_fail $? "(*, G) EXCLUDE entry does not have a pending group timer" +- bridge -d -s mdb get dev br0 grp $grp vid 10 | grep -q "\/0.00" ++ bridge -d -s mdb get dev br0 grp $grp vid 10 | grep -q "/0.00" + check_err $? "\"blocked\" source entry has a pending source timer" + + bridge mdb del dev br0 port $swp1 grp $grp vid 10 +@@ -363,7 +363,7 @@ __cfg_test_port_ip_star_g() + + bridge -d -s mdb get dev br0 grp $grp vid 10 | grep -q " 0.00" + check_err $? "(*, G) INCLUDE entry has a pending group timer" +- bridge -d -s mdb get dev br0 grp $grp vid 10 | grep -q "\/0.00" ++ bridge -d -s mdb get dev br0 grp $grp vid 10 | grep -q "/0.00" + check_fail $? "Source entry does not have a pending source timer" + + bridge mdb del dev br0 port $swp1 grp $grp vid 10 +-- +2.43.0 + diff --git a/queue-6.7/selftests-landlock-fix-capability-for-net_test.patch b/queue-6.7/selftests-landlock-fix-capability-for-net_test.patch new file mode 100644 index 00000000000..3648fc8569e --- /dev/null +++ b/queue-6.7/selftests-landlock-fix-capability-for-net_test.patch @@ -0,0 +1,180 @@ +From 42cbfb98b7a11ec84ccf18fdbc4f41726547be11 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 25 Jan 2024 16:32:29 +0100 +Subject: selftests/landlock: Fix capability for net_test +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Mickaël Salaün + +[ Upstream commit bb6f4dbe2639d5b8a9fde4bfb6fefecfd3f18df3 ] + +CAP_NET_ADMIN allows to configure network interfaces, not CAP_SYS_ADMIN +which only allows to call unshare(2). Without this change, running +network tests as a non-root user but with all capabilities would fail at +the setup_loopback() step with "RTNETLINK answers: Operation not +permitted". + +The issue is only visible when running tests with non-root users (i.e. +only relying on ambient capabilities). Indeed, when configuring the +network interface, the "ip" command is called, which may lead to the +special handling of capabilities for the root user by execve(2). If +root is the caller, then the inherited, permitted and effective +capabilities are all reset, which then includes CAP_NET_ADMIN. However, +if a non-root user is the caller, then ambient capabilities are masked +by the inherited ones, which were explicitly dropped. + +To make execution deterministic whatever users are running the tests, +set the noroot secure bit for each test, and set the inheritable and +ambient capabilities to CAP_NET_ADMIN, the only capability that may be +required after an execve(2). + +Factor out _effective_cap() into _change_cap(), and use it to manage +ambient capabilities with the new set_ambient_cap() and +clear_ambient_cap() helpers. + +This makes it possible to run all Landlock tests with check-linux.sh +from https://github.com/landlock-lsm/landlock-test-tools + +Cc: Konstantin Meskhidze +Fixes: a549d055a22e ("selftests/landlock: Add network tests") +Link: https://lore.kernel.org/r/20240125153230.3817165-2-mic@digikod.net +[mic: Make sure SECBIT_NOROOT_LOCKED is set] +Signed-off-by: Mickaël Salaün +Signed-off-by: Sasha Levin +--- + tools/testing/selftests/landlock/common.h | 48 +++++++++++++++++---- + tools/testing/selftests/landlock/net_test.c | 5 ++- + 2 files changed, 44 insertions(+), 9 deletions(-) + +diff --git a/tools/testing/selftests/landlock/common.h b/tools/testing/selftests/landlock/common.h +index 5b79758cae62..e64bbdf0e86e 100644 +--- a/tools/testing/selftests/landlock/common.h ++++ b/tools/testing/selftests/landlock/common.h +@@ -9,6 +9,7 @@ + + #include + #include ++#include + #include + #include + #include +@@ -115,11 +116,16 @@ static void _init_caps(struct __test_metadata *const _metadata, bool drop_all) + /* clang-format off */ + CAP_DAC_OVERRIDE, + CAP_MKNOD, ++ CAP_NET_ADMIN, ++ CAP_NET_BIND_SERVICE, + CAP_SYS_ADMIN, + CAP_SYS_CHROOT, +- CAP_NET_BIND_SERVICE, + /* clang-format on */ + }; ++ const unsigned int noroot = SECBIT_NOROOT | SECBIT_NOROOT_LOCKED; ++ ++ if ((cap_get_secbits() & noroot) != noroot) ++ EXPECT_EQ(0, cap_set_secbits(noroot)); + + cap_p = cap_get_proc(); + EXPECT_NE(NULL, cap_p) +@@ -137,6 +143,8 @@ static void _init_caps(struct __test_metadata *const _metadata, bool drop_all) + TH_LOG("Failed to cap_set_flag: %s", strerror(errno)); + } + } ++ ++ /* Automatically resets ambient capabilities. */ + EXPECT_NE(-1, cap_set_proc(cap_p)) + { + TH_LOG("Failed to cap_set_proc: %s", strerror(errno)); +@@ -145,6 +153,9 @@ static void _init_caps(struct __test_metadata *const _metadata, bool drop_all) + { + TH_LOG("Failed to cap_free: %s", strerror(errno)); + } ++ ++ /* Quickly checks that ambient capabilities are cleared. */ ++ EXPECT_NE(-1, cap_get_ambient(caps[0])); + } + + /* We cannot put such helpers in a library because of kselftest_harness.h . */ +@@ -158,8 +169,9 @@ static void __maybe_unused drop_caps(struct __test_metadata *const _metadata) + _init_caps(_metadata, true); + } + +-static void _effective_cap(struct __test_metadata *const _metadata, +- const cap_value_t caps, const cap_flag_value_t value) ++static void _change_cap(struct __test_metadata *const _metadata, ++ const cap_flag_t flag, const cap_value_t cap, ++ const cap_flag_value_t value) + { + cap_t cap_p; + +@@ -168,7 +180,7 @@ static void _effective_cap(struct __test_metadata *const _metadata, + { + TH_LOG("Failed to cap_get_proc: %s", strerror(errno)); + } +- EXPECT_NE(-1, cap_set_flag(cap_p, CAP_EFFECTIVE, 1, &caps, value)) ++ EXPECT_NE(-1, cap_set_flag(cap_p, flag, 1, &cap, value)) + { + TH_LOG("Failed to cap_set_flag: %s", strerror(errno)); + } +@@ -183,15 +195,35 @@ static void _effective_cap(struct __test_metadata *const _metadata, + } + + static void __maybe_unused set_cap(struct __test_metadata *const _metadata, +- const cap_value_t caps) ++ const cap_value_t cap) + { +- _effective_cap(_metadata, caps, CAP_SET); ++ _change_cap(_metadata, CAP_EFFECTIVE, cap, CAP_SET); + } + + static void __maybe_unused clear_cap(struct __test_metadata *const _metadata, +- const cap_value_t caps) ++ const cap_value_t cap) ++{ ++ _change_cap(_metadata, CAP_EFFECTIVE, cap, CAP_CLEAR); ++} ++ ++static void __maybe_unused ++set_ambient_cap(struct __test_metadata *const _metadata, const cap_value_t cap) ++{ ++ _change_cap(_metadata, CAP_INHERITABLE, cap, CAP_SET); ++ ++ EXPECT_NE(-1, cap_set_ambient(cap, CAP_SET)) ++ { ++ TH_LOG("Failed to set ambient capability %d: %s", cap, ++ strerror(errno)); ++ } ++} ++ ++static void __maybe_unused clear_ambient_cap( ++ struct __test_metadata *const _metadata, const cap_value_t cap) + { +- _effective_cap(_metadata, caps, CAP_CLEAR); ++ EXPECT_EQ(1, cap_get_ambient(cap)); ++ _change_cap(_metadata, CAP_INHERITABLE, cap, CAP_CLEAR); ++ EXPECT_EQ(0, cap_get_ambient(cap)); + } + + /* Receives an FD from a UNIX socket. Returns the received FD, or -errno. */ +diff --git a/tools/testing/selftests/landlock/net_test.c b/tools/testing/selftests/landlock/net_test.c +index e07267acbc9a..4499b2736e1a 100644 +--- a/tools/testing/selftests/landlock/net_test.c ++++ b/tools/testing/selftests/landlock/net_test.c +@@ -107,8 +107,11 @@ static void setup_loopback(struct __test_metadata *const _metadata) + { + set_cap(_metadata, CAP_SYS_ADMIN); + ASSERT_EQ(0, unshare(CLONE_NEWNET)); +- ASSERT_EQ(0, system("ip link set dev lo up")); + clear_cap(_metadata, CAP_SYS_ADMIN); ++ ++ set_ambient_cap(_metadata, CAP_NET_ADMIN); ++ ASSERT_EQ(0, system("ip link set dev lo up")); ++ clear_ambient_cap(_metadata, CAP_NET_ADMIN); + } + + static bool is_restricted(const struct protocol_variant *const prot, +-- +2.43.0 + diff --git a/queue-6.7/selftests-landlock-fix-fs_test-build-with-old-libc.patch b/queue-6.7/selftests-landlock-fix-fs_test-build-with-old-libc.patch new file mode 100644 index 00000000000..1fa246d2348 --- /dev/null +++ b/queue-6.7/selftests-landlock-fix-fs_test-build-with-old-libc.patch @@ -0,0 +1,65 @@ +From 3a70dca5a02a09ceb22fc6b9e60bbbe180ea76d4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 24 Jan 2024 10:29:08 +0800 +Subject: selftests/landlock: Fix fs_test build with old libc +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Hu Yadi + +[ Upstream commit 40b7835e74e0383be308d528c5e0e41b3bf72ade ] + +One issue comes up while building selftest/landlock/fs_test on my side +(gcc 7.3/glibc-2.28/kernel-4.19). + +gcc -Wall -O2 -isystem fs_test.c -lcap -o selftests/landlock/fs_test +fs_test.c:4575:9: error: initializer element is not constant + .mnt = mnt_tmp, + ^~~~~~~ + +Signed-off-by: Hu Yadi +Suggested-by: Jiao +Reviewed-by: Berlin +Link: https://lore.kernel.org/r/20240124022908.42100-1-hu.yadi@h3c.com +Fixes: 04f9070e99a4 ("selftests/landlock: Add tests for pseudo filesystems") +[mic: Factor out mount's data string and make mnt_tmp static] +Signed-off-by: Mickaël Salaün +Signed-off-by: Sasha Levin +--- + tools/testing/selftests/landlock/fs_test.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/tools/testing/selftests/landlock/fs_test.c b/tools/testing/selftests/landlock/fs_test.c +index 18e1f86a6234..fde1a96ef9f4 100644 +--- a/tools/testing/selftests/landlock/fs_test.c ++++ b/tools/testing/selftests/landlock/fs_test.c +@@ -241,9 +241,11 @@ struct mnt_opt { + const char *const data; + }; + +-const struct mnt_opt mnt_tmp = { ++#define MNT_TMP_DATA "size=4m,mode=700" ++ ++static const struct mnt_opt mnt_tmp = { + .type = "tmpfs", +- .data = "size=4m,mode=700", ++ .data = MNT_TMP_DATA, + }; + + static int mount_opt(const struct mnt_opt *const mnt, const char *const target) +@@ -4572,7 +4574,10 @@ FIXTURE_VARIANT(layout3_fs) + /* clang-format off */ + FIXTURE_VARIANT_ADD(layout3_fs, tmpfs) { + /* clang-format on */ +- .mnt = mnt_tmp, ++ .mnt = { ++ .type = "tmpfs", ++ .data = MNT_TMP_DATA, ++ }, + .file_path = file1_s1d1, + }; + +-- +2.43.0 + diff --git a/queue-6.7/selftests-landlock-fix-net_test-build-with-old-libc.patch b/queue-6.7/selftests-landlock-fix-net_test-build-with-old-libc.patch new file mode 100644 index 00000000000..9d030b62382 --- /dev/null +++ b/queue-6.7/selftests-landlock-fix-net_test-build-with-old-libc.patch @@ -0,0 +1,70 @@ +From 4320f193dece95d3923f3a1b95180ef3318fa9cf Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 23 Jan 2024 14:26:21 +0800 +Subject: selftests/landlock: Fix net_test build with old libc +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Hu Yadi + +[ Upstream commit 116099ed345c932a8ae4a0d884a8f6cc54fd5fed ] + +One issue comes up while building selftest/landlock/net_test on my side +(gcc 7.3/glibc-2.28/kernel-4.19). + +net_test.c: In function ‘set_service’: +net_test.c:91:45: warning: implicit declaration of function ‘gettid’; [-Wimplicit-function-declaration] + "_selftests-landlock-net-tid%d-index%d", gettid(), + ^~~~~~ + getgid +net_test.c:(.text+0x4e0): undefined reference to `gettid' + +Signed-off-by: Hu Yadi +Suggested-by: Jiao +Reviewed-by: Berlin +Fixes: a549d055a22e ("selftests/landlock: Add network tests") +Link: https://lore.kernel.org/r/20240123062621.25082-1-hu.yadi@h3c.com +[mic: Cosmetic fixes] +Signed-off-by: Mickaël Salaün +Signed-off-by: Sasha Levin +--- + tools/testing/selftests/landlock/net_test.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/tools/testing/selftests/landlock/net_test.c b/tools/testing/selftests/landlock/net_test.c +index 929e21c4db05..e07267acbc9a 100644 +--- a/tools/testing/selftests/landlock/net_test.c ++++ b/tools/testing/selftests/landlock/net_test.c +@@ -17,6 +17,7 @@ + #include + #include + #include ++#include + #include + + #include "common.h" +@@ -54,6 +55,11 @@ struct service_fixture { + }; + }; + ++static pid_t sys_gettid(void) ++{ ++ return syscall(__NR_gettid); ++} ++ + static int set_service(struct service_fixture *const srv, + const struct protocol_variant prot, + const unsigned short index) +@@ -88,7 +94,7 @@ static int set_service(struct service_fixture *const srv, + case AF_UNIX: + srv->unix_addr.sun_family = prot.domain; + sprintf(srv->unix_addr.sun_path, +- "_selftests-landlock-net-tid%d-index%d", gettid(), ++ "_selftests-landlock-net-tid%d-index%d", sys_gettid(), + index); + srv->unix_addr_len = SUN_LEN(&srv->unix_addr); + srv->unix_addr.sun_path[0] = '\0'; +-- +2.43.0 + diff --git a/queue-6.7/selftests-net-convert-test_bridge_backup_port.sh-to-.patch b/queue-6.7/selftests-net-convert-test_bridge_backup_port.sh-to-.patch new file mode 100644 index 00000000000..66d1835888f --- /dev/null +++ b/queue-6.7/selftests-net-convert-test_bridge_backup_port.sh-to-.patch @@ -0,0 +1,683 @@ +From 184a8413d825f04a9d0c76baf8bf67a6bf94c789 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 6 Dec 2023 15:07:53 +0800 +Subject: selftests/net: convert test_bridge_backup_port.sh to run it in unique + namespace + +From: Hangbin Liu + +[ Upstream commit 4624a78c18c62da815f3253966b7a87995f77e1b ] + +There is no h1 h2 actually. Remove it. Here is the test result after +conversion. + +]# ./test_bridge_backup_port.sh + +Backup port +----------- +TEST: Forwarding out of swp1 [ OK ] +TEST: No forwarding out of vx0 [ OK ] +TEST: swp1 carrier off [ OK ] +TEST: No forwarding out of swp1 [ OK ] +... +Backup nexthop ID - ping +------------------------ +TEST: Ping with backup nexthop ID [ OK ] +TEST: Ping after disabling backup nexthop ID [ OK ] + +Backup nexthop ID - torture test +-------------------------------- +TEST: Torture test [ OK ] + +Tests passed: 83 +Tests failed: 0 + +Acked-by: David Ahern +Signed-off-by: Hangbin Liu +Reviewed-by: Ido Schimmel +Tested-by: Ido Schimmel +Signed-off-by: David S. Miller +Stable-dep-of: 38ee0cb2a2e2 ("selftests: net: Fix bridge backup port test flakiness") +Signed-off-by: Sasha Levin +--- + .../selftests/net/test_bridge_backup_port.sh | 371 +++++++++--------- + 1 file changed, 182 insertions(+), 189 deletions(-) + +diff --git a/tools/testing/selftests/net/test_bridge_backup_port.sh b/tools/testing/selftests/net/test_bridge_backup_port.sh +index 112cfd8a10ad..70a7d87ba2d2 100755 +--- a/tools/testing/selftests/net/test_bridge_backup_port.sh ++++ b/tools/testing/selftests/net/test_bridge_backup_port.sh +@@ -35,9 +35,8 @@ + # | sw1 | | sw2 | + # +------------------------------------+ +------------------------------------+ + ++source lib.sh + ret=0 +-# Kselftest framework requirement - SKIP code is 4. +-ksft_skip=4 + + # All tests in this script. Can be overridden with -t option. + TESTS=" +@@ -132,9 +131,6 @@ setup_topo_ns() + { + local ns=$1; shift + +- ip netns add $ns +- ip -n $ns link set dev lo up +- + ip netns exec $ns sysctl -qw net.ipv6.conf.all.keep_addr_on_down=1 + ip netns exec $ns sysctl -qw net.ipv6.conf.default.ignore_routes_with_linkdown=1 + ip netns exec $ns sysctl -qw net.ipv6.conf.all.accept_dad=0 +@@ -145,13 +141,14 @@ setup_topo() + { + local ns + +- for ns in sw1 sw2; do ++ setup_ns sw1 sw2 ++ for ns in $sw1 $sw2; do + setup_topo_ns $ns + done + + ip link add name veth0 type veth peer name veth1 +- ip link set dev veth0 netns sw1 name veth0 +- ip link set dev veth1 netns sw2 name veth0 ++ ip link set dev veth0 netns $sw1 name veth0 ++ ip link set dev veth1 netns $sw2 name veth0 + } + + setup_sw_common() +@@ -190,7 +187,7 @@ setup_sw_common() + + setup_sw1() + { +- local ns=sw1 ++ local ns=$sw1 + local local_addr=192.0.2.33 + local remote_addr=192.0.2.34 + local veth_addr=192.0.2.49 +@@ -203,7 +200,7 @@ setup_sw1() + + setup_sw2() + { +- local ns=sw2 ++ local ns=$sw2 + local local_addr=192.0.2.34 + local remote_addr=192.0.2.33 + local veth_addr=192.0.2.50 +@@ -229,11 +226,7 @@ setup() + + cleanup() + { +- local ns +- +- for ns in h1 h2 sw1 sw2; do +- ip netns del $ns &> /dev/null +- done ++ cleanup_ns $sw1 $sw2 + } + + ################################################################################ +@@ -248,85 +241,85 @@ backup_port() + echo "Backup port" + echo "-----------" + +- run_cmd "tc -n sw1 qdisc replace dev swp1 clsact" +- run_cmd "tc -n sw1 filter replace dev swp1 egress pref 1 handle 101 proto ip flower src_mac $smac dst_mac $dmac action pass" ++ run_cmd "tc -n $sw1 qdisc replace dev swp1 clsact" ++ run_cmd "tc -n $sw1 filter replace dev swp1 egress pref 1 handle 101 proto ip flower src_mac $smac dst_mac $dmac action pass" + +- run_cmd "tc -n sw1 qdisc replace dev vx0 clsact" +- run_cmd "tc -n sw1 filter replace dev vx0 egress pref 1 handle 101 proto ip flower src_mac $smac dst_mac $dmac action pass" ++ run_cmd "tc -n $sw1 qdisc replace dev vx0 clsact" ++ run_cmd "tc -n $sw1 filter replace dev vx0 egress pref 1 handle 101 proto ip flower src_mac $smac dst_mac $dmac action pass" + +- run_cmd "bridge -n sw1 fdb replace $dmac dev swp1 master static vlan 10" ++ run_cmd "bridge -n $sw1 fdb replace $dmac dev swp1 master static vlan 10" + + # Initial state - check that packets are forwarded out of swp1 when it + # has a carrier and not forwarded out of any port when it does not have + # a carrier. +- run_cmd "ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" +- tc_check_packets sw1 "dev swp1 egress" 101 1 ++ run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" ++ tc_check_packets $sw1 "dev swp1 egress" 101 1 + log_test $? 0 "Forwarding out of swp1" +- tc_check_packets sw1 "dev vx0 egress" 101 0 ++ tc_check_packets $sw1 "dev vx0 egress" 101 0 + log_test $? 0 "No forwarding out of vx0" + +- run_cmd "ip -n sw1 link set dev swp1 carrier off" ++ run_cmd "ip -n $sw1 link set dev swp1 carrier off" + log_test $? 0 "swp1 carrier off" + +- run_cmd "ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" +- tc_check_packets sw1 "dev swp1 egress" 101 1 ++ run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" ++ tc_check_packets $sw1 "dev swp1 egress" 101 1 + log_test $? 0 "No forwarding out of swp1" +- tc_check_packets sw1 "dev vx0 egress" 101 0 ++ tc_check_packets $sw1 "dev vx0 egress" 101 0 + log_test $? 0 "No forwarding out of vx0" + +- run_cmd "ip -n sw1 link set dev swp1 carrier on" ++ run_cmd "ip -n $sw1 link set dev swp1 carrier on" + log_test $? 0 "swp1 carrier on" + + # Configure vx0 as the backup port of swp1 and check that packets are + # forwarded out of swp1 when it has a carrier and out of vx0 when swp1 + # does not have a carrier. +- run_cmd "bridge -n sw1 link set dev swp1 backup_port vx0" +- run_cmd "bridge -n sw1 -d link show dev swp1 | grep \"backup_port vx0\"" ++ run_cmd "bridge -n $sw1 link set dev swp1 backup_port vx0" ++ run_cmd "bridge -n $sw1 -d link show dev swp1 | grep \"backup_port vx0\"" + log_test $? 0 "vx0 configured as backup port of swp1" + +- run_cmd "ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" +- tc_check_packets sw1 "dev swp1 egress" 101 2 ++ run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" ++ tc_check_packets $sw1 "dev swp1 egress" 101 2 + log_test $? 0 "Forwarding out of swp1" +- tc_check_packets sw1 "dev vx0 egress" 101 0 ++ tc_check_packets $sw1 "dev vx0 egress" 101 0 + log_test $? 0 "No forwarding out of vx0" + +- run_cmd "ip -n sw1 link set dev swp1 carrier off" ++ run_cmd "ip -n $sw1 link set dev swp1 carrier off" + log_test $? 0 "swp1 carrier off" + +- run_cmd "ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" +- tc_check_packets sw1 "dev swp1 egress" 101 2 ++ run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" ++ tc_check_packets $sw1 "dev swp1 egress" 101 2 + log_test $? 0 "No forwarding out of swp1" +- tc_check_packets sw1 "dev vx0 egress" 101 1 ++ tc_check_packets $sw1 "dev vx0 egress" 101 1 + log_test $? 0 "Forwarding out of vx0" + +- run_cmd "ip -n sw1 link set dev swp1 carrier on" ++ run_cmd "ip -n $sw1 link set dev swp1 carrier on" + log_test $? 0 "swp1 carrier on" + +- run_cmd "ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" +- tc_check_packets sw1 "dev swp1 egress" 101 3 ++ run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" ++ tc_check_packets $sw1 "dev swp1 egress" 101 3 + log_test $? 0 "Forwarding out of swp1" +- tc_check_packets sw1 "dev vx0 egress" 101 1 ++ tc_check_packets $sw1 "dev vx0 egress" 101 1 + log_test $? 0 "No forwarding out of vx0" + + # Remove vx0 as the backup port of swp1 and check that packets are no + # longer forwarded out of vx0 when swp1 does not have a carrier. +- run_cmd "bridge -n sw1 link set dev swp1 nobackup_port" +- run_cmd "bridge -n sw1 -d link show dev swp1 | grep \"backup_port vx0\"" ++ run_cmd "bridge -n $sw1 link set dev swp1 nobackup_port" ++ run_cmd "bridge -n $sw1 -d link show dev swp1 | grep \"backup_port vx0\"" + log_test $? 1 "vx0 not configured as backup port of swp1" + +- run_cmd "ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" +- tc_check_packets sw1 "dev swp1 egress" 101 4 ++ run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" ++ tc_check_packets $sw1 "dev swp1 egress" 101 4 + log_test $? 0 "Forwarding out of swp1" +- tc_check_packets sw1 "dev vx0 egress" 101 1 ++ tc_check_packets $sw1 "dev vx0 egress" 101 1 + log_test $? 0 "No forwarding out of vx0" + +- run_cmd "ip -n sw1 link set dev swp1 carrier off" ++ run_cmd "ip -n $sw1 link set dev swp1 carrier off" + log_test $? 0 "swp1 carrier off" + +- run_cmd "ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" +- tc_check_packets sw1 "dev swp1 egress" 101 4 ++ run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" ++ tc_check_packets $sw1 "dev swp1 egress" 101 4 + log_test $? 0 "No forwarding out of swp1" +- tc_check_packets sw1 "dev vx0 egress" 101 1 ++ tc_check_packets $sw1 "dev vx0 egress" 101 1 + log_test $? 0 "No forwarding out of vx0" + } + +@@ -339,125 +332,125 @@ backup_nhid() + echo "Backup nexthop ID" + echo "-----------------" + +- run_cmd "tc -n sw1 qdisc replace dev swp1 clsact" +- run_cmd "tc -n sw1 filter replace dev swp1 egress pref 1 handle 101 proto ip flower src_mac $smac dst_mac $dmac action pass" ++ run_cmd "tc -n $sw1 qdisc replace dev swp1 clsact" ++ run_cmd "tc -n $sw1 filter replace dev swp1 egress pref 1 handle 101 proto ip flower src_mac $smac dst_mac $dmac action pass" + +- run_cmd "tc -n sw1 qdisc replace dev vx0 clsact" +- run_cmd "tc -n sw1 filter replace dev vx0 egress pref 1 handle 101 proto ip flower src_mac $smac dst_mac $dmac action pass" ++ run_cmd "tc -n $sw1 qdisc replace dev vx0 clsact" ++ run_cmd "tc -n $sw1 filter replace dev vx0 egress pref 1 handle 101 proto ip flower src_mac $smac dst_mac $dmac action pass" + +- run_cmd "ip -n sw1 nexthop replace id 1 via 192.0.2.34 fdb" +- run_cmd "ip -n sw1 nexthop replace id 2 via 192.0.2.34 fdb" +- run_cmd "ip -n sw1 nexthop replace id 10 group 1/2 fdb" ++ run_cmd "ip -n $sw1 nexthop replace id 1 via 192.0.2.34 fdb" ++ run_cmd "ip -n $sw1 nexthop replace id 2 via 192.0.2.34 fdb" ++ run_cmd "ip -n $sw1 nexthop replace id 10 group 1/2 fdb" + +- run_cmd "bridge -n sw1 fdb replace $dmac dev swp1 master static vlan 10" +- run_cmd "bridge -n sw1 fdb replace $dmac dev vx0 self static dst 192.0.2.36 src_vni 10010" ++ run_cmd "bridge -n $sw1 fdb replace $dmac dev swp1 master static vlan 10" ++ run_cmd "bridge -n $sw1 fdb replace $dmac dev vx0 self static dst 192.0.2.36 src_vni 10010" + +- run_cmd "ip -n sw2 address replace 192.0.2.36/32 dev lo" ++ run_cmd "ip -n $sw2 address replace 192.0.2.36/32 dev lo" + + # The first filter matches on packets forwarded using the backup + # nexthop ID and the second filter matches on packets forwarded using a + # regular VXLAN FDB entry. +- run_cmd "tc -n sw2 qdisc replace dev vx0 clsact" +- run_cmd "tc -n sw2 filter replace dev vx0 ingress pref 1 handle 101 proto ip flower src_mac $smac dst_mac $dmac enc_key_id 10010 enc_dst_ip 192.0.2.34 action pass" +- run_cmd "tc -n sw2 filter replace dev vx0 ingress pref 1 handle 102 proto ip flower src_mac $smac dst_mac $dmac enc_key_id 10010 enc_dst_ip 192.0.2.36 action pass" ++ run_cmd "tc -n $sw2 qdisc replace dev vx0 clsact" ++ run_cmd "tc -n $sw2 filter replace dev vx0 ingress pref 1 handle 101 proto ip flower src_mac $smac dst_mac $dmac enc_key_id 10010 enc_dst_ip 192.0.2.34 action pass" ++ run_cmd "tc -n $sw2 filter replace dev vx0 ingress pref 1 handle 102 proto ip flower src_mac $smac dst_mac $dmac enc_key_id 10010 enc_dst_ip 192.0.2.36 action pass" + + # Configure vx0 as the backup port of swp1 and check that packets are + # forwarded out of swp1 when it has a carrier and out of vx0 when swp1 + # does not have a carrier. When packets are forwarded out of vx0, check + # that they are forwarded by the VXLAN FDB entry. +- run_cmd "bridge -n sw1 link set dev swp1 backup_port vx0" +- run_cmd "bridge -n sw1 -d link show dev swp1 | grep \"backup_port vx0\"" ++ run_cmd "bridge -n $sw1 link set dev swp1 backup_port vx0" ++ run_cmd "bridge -n $sw1 -d link show dev swp1 | grep \"backup_port vx0\"" + log_test $? 0 "vx0 configured as backup port of swp1" + +- run_cmd "ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" +- tc_check_packets sw1 "dev swp1 egress" 101 1 ++ run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" ++ tc_check_packets $sw1 "dev swp1 egress" 101 1 + log_test $? 0 "Forwarding out of swp1" +- tc_check_packets sw1 "dev vx0 egress" 101 0 ++ tc_check_packets $sw1 "dev vx0 egress" 101 0 + log_test $? 0 "No forwarding out of vx0" + +- run_cmd "ip -n sw1 link set dev swp1 carrier off" ++ run_cmd "ip -n $sw1 link set dev swp1 carrier off" + log_test $? 0 "swp1 carrier off" + +- run_cmd "ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" +- tc_check_packets sw1 "dev swp1 egress" 101 1 ++ run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" ++ tc_check_packets $sw1 "dev swp1 egress" 101 1 + log_test $? 0 "No forwarding out of swp1" +- tc_check_packets sw1 "dev vx0 egress" 101 1 ++ tc_check_packets $sw1 "dev vx0 egress" 101 1 + log_test $? 0 "Forwarding out of vx0" +- tc_check_packets sw2 "dev vx0 ingress" 101 0 ++ tc_check_packets $sw2 "dev vx0 ingress" 101 0 + log_test $? 0 "No forwarding using backup nexthop ID" +- tc_check_packets sw2 "dev vx0 ingress" 102 1 ++ tc_check_packets $sw2 "dev vx0 ingress" 102 1 + log_test $? 0 "Forwarding using VXLAN FDB entry" + +- run_cmd "ip -n sw1 link set dev swp1 carrier on" ++ run_cmd "ip -n $sw1 link set dev swp1 carrier on" + log_test $? 0 "swp1 carrier on" + + # Configure nexthop ID 10 as the backup nexthop ID of swp1 and check + # that when packets are forwarded out of vx0, they are forwarded using + # the backup nexthop ID. +- run_cmd "bridge -n sw1 link set dev swp1 backup_nhid 10" +- run_cmd "bridge -n sw1 -d link show dev swp1 | grep \"backup_nhid 10\"" ++ run_cmd "bridge -n $sw1 link set dev swp1 backup_nhid 10" ++ run_cmd "bridge -n $sw1 -d link show dev swp1 | grep \"backup_nhid 10\"" + log_test $? 0 "nexthop ID 10 configured as backup nexthop ID of swp1" + +- run_cmd "ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" +- tc_check_packets sw1 "dev swp1 egress" 101 2 ++ run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" ++ tc_check_packets $sw1 "dev swp1 egress" 101 2 + log_test $? 0 "Forwarding out of swp1" +- tc_check_packets sw1 "dev vx0 egress" 101 1 ++ tc_check_packets $sw1 "dev vx0 egress" 101 1 + log_test $? 0 "No forwarding out of vx0" + +- run_cmd "ip -n sw1 link set dev swp1 carrier off" ++ run_cmd "ip -n $sw1 link set dev swp1 carrier off" + log_test $? 0 "swp1 carrier off" + +- run_cmd "ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" +- tc_check_packets sw1 "dev swp1 egress" 101 2 ++ run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" ++ tc_check_packets $sw1 "dev swp1 egress" 101 2 + log_test $? 0 "No forwarding out of swp1" +- tc_check_packets sw1 "dev vx0 egress" 101 2 ++ tc_check_packets $sw1 "dev vx0 egress" 101 2 + log_test $? 0 "Forwarding out of vx0" +- tc_check_packets sw2 "dev vx0 ingress" 101 1 ++ tc_check_packets $sw2 "dev vx0 ingress" 101 1 + log_test $? 0 "Forwarding using backup nexthop ID" +- tc_check_packets sw2 "dev vx0 ingress" 102 1 ++ tc_check_packets $sw2 "dev vx0 ingress" 102 1 + log_test $? 0 "No forwarding using VXLAN FDB entry" + +- run_cmd "ip -n sw1 link set dev swp1 carrier on" ++ run_cmd "ip -n $sw1 link set dev swp1 carrier on" + log_test $? 0 "swp1 carrier on" + +- run_cmd "ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" +- tc_check_packets sw1 "dev swp1 egress" 101 3 ++ run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" ++ tc_check_packets $sw1 "dev swp1 egress" 101 3 + log_test $? 0 "Forwarding out of swp1" +- tc_check_packets sw1 "dev vx0 egress" 101 2 ++ tc_check_packets $sw1 "dev vx0 egress" 101 2 + log_test $? 0 "No forwarding out of vx0" +- tc_check_packets sw2 "dev vx0 ingress" 101 1 ++ tc_check_packets $sw2 "dev vx0 ingress" 101 1 + log_test $? 0 "No forwarding using backup nexthop ID" +- tc_check_packets sw2 "dev vx0 ingress" 102 1 ++ tc_check_packets $sw2 "dev vx0 ingress" 102 1 + log_test $? 0 "No forwarding using VXLAN FDB entry" + + # Reset the backup nexthop ID to 0 and check that packets are no longer + # forwarded using the backup nexthop ID when swp1 does not have a + # carrier and are instead forwarded by the VXLAN FDB. +- run_cmd "bridge -n sw1 link set dev swp1 backup_nhid 0" +- run_cmd "bridge -n sw1 -d link show dev swp1 | grep \"backup_nhid\"" ++ run_cmd "bridge -n $sw1 link set dev swp1 backup_nhid 0" ++ run_cmd "bridge -n $sw1 -d link show dev swp1 | grep \"backup_nhid\"" + log_test $? 1 "No backup nexthop ID configured for swp1" + +- run_cmd "ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" +- tc_check_packets sw1 "dev swp1 egress" 101 4 ++ run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" ++ tc_check_packets $sw1 "dev swp1 egress" 101 4 + log_test $? 0 "Forwarding out of swp1" +- tc_check_packets sw1 "dev vx0 egress" 101 2 ++ tc_check_packets $sw1 "dev vx0 egress" 101 2 + log_test $? 0 "No forwarding out of vx0" +- tc_check_packets sw2 "dev vx0 ingress" 101 1 ++ tc_check_packets $sw2 "dev vx0 ingress" 101 1 + log_test $? 0 "No forwarding using backup nexthop ID" +- tc_check_packets sw2 "dev vx0 ingress" 102 1 ++ tc_check_packets $sw2 "dev vx0 ingress" 102 1 + log_test $? 0 "No forwarding using VXLAN FDB entry" + +- run_cmd "ip -n sw1 link set dev swp1 carrier off" ++ run_cmd "ip -n $sw1 link set dev swp1 carrier off" + log_test $? 0 "swp1 carrier off" + +- run_cmd "ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" +- tc_check_packets sw1 "dev swp1 egress" 101 4 ++ run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" ++ tc_check_packets $sw1 "dev swp1 egress" 101 4 + log_test $? 0 "No forwarding out of swp1" +- tc_check_packets sw1 "dev vx0 egress" 101 3 ++ tc_check_packets $sw1 "dev vx0 egress" 101 3 + log_test $? 0 "Forwarding out of vx0" +- tc_check_packets sw2 "dev vx0 ingress" 101 1 ++ tc_check_packets $sw2 "dev vx0 ingress" 101 1 + log_test $? 0 "No forwarding using backup nexthop ID" +- tc_check_packets sw2 "dev vx0 ingress" 102 2 ++ tc_check_packets $sw2 "dev vx0 ingress" 102 2 + log_test $? 0 "Forwarding using VXLAN FDB entry" + } + +@@ -475,109 +468,109 @@ backup_nhid_invalid() + # is forwarded out of the VXLAN port, but dropped by the VXLAN driver + # and does not crash the host. + +- run_cmd "tc -n sw1 qdisc replace dev swp1 clsact" +- run_cmd "tc -n sw1 filter replace dev swp1 egress pref 1 handle 101 proto ip flower src_mac $smac dst_mac $dmac action pass" ++ run_cmd "tc -n $sw1 qdisc replace dev swp1 clsact" ++ run_cmd "tc -n $sw1 filter replace dev swp1 egress pref 1 handle 101 proto ip flower src_mac $smac dst_mac $dmac action pass" + +- run_cmd "tc -n sw1 qdisc replace dev vx0 clsact" +- run_cmd "tc -n sw1 filter replace dev vx0 egress pref 1 handle 101 proto ip flower src_mac $smac dst_mac $dmac action pass" ++ run_cmd "tc -n $sw1 qdisc replace dev vx0 clsact" ++ run_cmd "tc -n $sw1 filter replace dev vx0 egress pref 1 handle 101 proto ip flower src_mac $smac dst_mac $dmac action pass" + # Drop all other Tx traffic to avoid changes to Tx drop counter. +- run_cmd "tc -n sw1 filter replace dev vx0 egress pref 2 handle 102 proto all matchall action drop" ++ run_cmd "tc -n $sw1 filter replace dev vx0 egress pref 2 handle 102 proto all matchall action drop" + +- tx_drop=$(ip -n sw1 -s -j link show dev vx0 | jq '.[]["stats64"]["tx"]["dropped"]') ++ tx_drop=$(ip -n $sw1 -s -j link show dev vx0 | jq '.[]["stats64"]["tx"]["dropped"]') + +- run_cmd "ip -n sw1 nexthop replace id 1 via 192.0.2.34 fdb" +- run_cmd "ip -n sw1 nexthop replace id 2 via 192.0.2.34 fdb" +- run_cmd "ip -n sw1 nexthop replace id 10 group 1/2 fdb" ++ run_cmd "ip -n $sw1 nexthop replace id 1 via 192.0.2.34 fdb" ++ run_cmd "ip -n $sw1 nexthop replace id 2 via 192.0.2.34 fdb" ++ run_cmd "ip -n $sw1 nexthop replace id 10 group 1/2 fdb" + +- run_cmd "bridge -n sw1 fdb replace $dmac dev swp1 master static vlan 10" ++ run_cmd "bridge -n $sw1 fdb replace $dmac dev swp1 master static vlan 10" + +- run_cmd "tc -n sw2 qdisc replace dev vx0 clsact" +- run_cmd "tc -n sw2 filter replace dev vx0 ingress pref 1 handle 101 proto ip flower src_mac $smac dst_mac $dmac enc_key_id 10010 enc_dst_ip 192.0.2.34 action pass" ++ run_cmd "tc -n $sw2 qdisc replace dev vx0 clsact" ++ run_cmd "tc -n $sw2 filter replace dev vx0 ingress pref 1 handle 101 proto ip flower src_mac $smac dst_mac $dmac enc_key_id 10010 enc_dst_ip 192.0.2.34 action pass" + + # First, check that redirection works. +- run_cmd "bridge -n sw1 link set dev swp1 backup_port vx0" +- run_cmd "bridge -n sw1 -d link show dev swp1 | grep \"backup_port vx0\"" ++ run_cmd "bridge -n $sw1 link set dev swp1 backup_port vx0" ++ run_cmd "bridge -n $sw1 -d link show dev swp1 | grep \"backup_port vx0\"" + log_test $? 0 "vx0 configured as backup port of swp1" + +- run_cmd "bridge -n sw1 link set dev swp1 backup_nhid 10" +- run_cmd "bridge -n sw1 -d link show dev swp1 | grep \"backup_nhid 10\"" ++ run_cmd "bridge -n $sw1 link set dev swp1 backup_nhid 10" ++ run_cmd "bridge -n $sw1 -d link show dev swp1 | grep \"backup_nhid 10\"" + log_test $? 0 "Valid nexthop as backup nexthop" + +- run_cmd "ip -n sw1 link set dev swp1 carrier off" ++ run_cmd "ip -n $sw1 link set dev swp1 carrier off" + log_test $? 0 "swp1 carrier off" + +- run_cmd "ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" +- tc_check_packets sw1 "dev swp1 egress" 101 0 ++ run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" ++ tc_check_packets $sw1 "dev swp1 egress" 101 0 + log_test $? 0 "No forwarding out of swp1" +- tc_check_packets sw1 "dev vx0 egress" 101 1 ++ tc_check_packets $sw1 "dev vx0 egress" 101 1 + log_test $? 0 "Forwarding out of vx0" +- tc_check_packets sw2 "dev vx0 ingress" 101 1 ++ tc_check_packets $sw2 "dev vx0 ingress" 101 1 + log_test $? 0 "Forwarding using backup nexthop ID" +- run_cmd "ip -n sw1 -s -j link show dev vx0 | jq -e '.[][\"stats64\"][\"tx\"][\"dropped\"] == $tx_drop'" ++ run_cmd "ip -n $sw1 -s -j link show dev vx0 | jq -e '.[][\"stats64\"][\"tx\"][\"dropped\"] == $tx_drop'" + log_test $? 0 "No Tx drop increase" + + # Use a non-existent nexthop ID. +- run_cmd "bridge -n sw1 link set dev swp1 backup_nhid 20" +- run_cmd "bridge -n sw1 -d link show dev swp1 | grep \"backup_nhid 20\"" ++ run_cmd "bridge -n $sw1 link set dev swp1 backup_nhid 20" ++ run_cmd "bridge -n $sw1 -d link show dev swp1 | grep \"backup_nhid 20\"" + log_test $? 0 "Non-existent nexthop as backup nexthop" + +- run_cmd "ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" +- tc_check_packets sw1 "dev swp1 egress" 101 0 ++ run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" ++ tc_check_packets $sw1 "dev swp1 egress" 101 0 + log_test $? 0 "No forwarding out of swp1" +- tc_check_packets sw1 "dev vx0 egress" 101 2 ++ tc_check_packets $sw1 "dev vx0 egress" 101 2 + log_test $? 0 "Forwarding out of vx0" +- tc_check_packets sw2 "dev vx0 ingress" 101 1 ++ tc_check_packets $sw2 "dev vx0 ingress" 101 1 + log_test $? 0 "No forwarding using backup nexthop ID" +- run_cmd "ip -n sw1 -s -j link show dev vx0 | jq -e '.[][\"stats64\"][\"tx\"][\"dropped\"] == $((tx_drop + 1))'" ++ run_cmd "ip -n $sw1 -s -j link show dev vx0 | jq -e '.[][\"stats64\"][\"tx\"][\"dropped\"] == $((tx_drop + 1))'" + log_test $? 0 "Tx drop increased" + + # Use a blckhole nexthop. +- run_cmd "ip -n sw1 nexthop replace id 30 blackhole" +- run_cmd "bridge -n sw1 link set dev swp1 backup_nhid 30" +- run_cmd "bridge -n sw1 -d link show dev swp1 | grep \"backup_nhid 30\"" ++ run_cmd "ip -n $sw1 nexthop replace id 30 blackhole" ++ run_cmd "bridge -n $sw1 link set dev swp1 backup_nhid 30" ++ run_cmd "bridge -n $sw1 -d link show dev swp1 | grep \"backup_nhid 30\"" + log_test $? 0 "Blackhole nexthop as backup nexthop" + +- run_cmd "ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" +- tc_check_packets sw1 "dev swp1 egress" 101 0 ++ run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" ++ tc_check_packets $sw1 "dev swp1 egress" 101 0 + log_test $? 0 "No forwarding out of swp1" +- tc_check_packets sw1 "dev vx0 egress" 101 3 ++ tc_check_packets $sw1 "dev vx0 egress" 101 3 + log_test $? 0 "Forwarding out of vx0" +- tc_check_packets sw2 "dev vx0 ingress" 101 1 ++ tc_check_packets $sw2 "dev vx0 ingress" 101 1 + log_test $? 0 "No forwarding using backup nexthop ID" +- run_cmd "ip -n sw1 -s -j link show dev vx0 | jq -e '.[][\"stats64\"][\"tx\"][\"dropped\"] == $((tx_drop + 2))'" ++ run_cmd "ip -n $sw1 -s -j link show dev vx0 | jq -e '.[][\"stats64\"][\"tx\"][\"dropped\"] == $((tx_drop + 2))'" + log_test $? 0 "Tx drop increased" + + # Non-group FDB nexthop. +- run_cmd "bridge -n sw1 link set dev swp1 backup_nhid 1" +- run_cmd "bridge -n sw1 -d link show dev swp1 | grep \"backup_nhid 1\"" ++ run_cmd "bridge -n $sw1 link set dev swp1 backup_nhid 1" ++ run_cmd "bridge -n $sw1 -d link show dev swp1 | grep \"backup_nhid 1\"" + log_test $? 0 "Non-group FDB nexthop as backup nexthop" + +- run_cmd "ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" +- tc_check_packets sw1 "dev swp1 egress" 101 0 ++ run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" ++ tc_check_packets $sw1 "dev swp1 egress" 101 0 + log_test $? 0 "No forwarding out of swp1" +- tc_check_packets sw1 "dev vx0 egress" 101 4 ++ tc_check_packets $sw1 "dev vx0 egress" 101 4 + log_test $? 0 "Forwarding out of vx0" +- tc_check_packets sw2 "dev vx0 ingress" 101 1 ++ tc_check_packets $sw2 "dev vx0 ingress" 101 1 + log_test $? 0 "No forwarding using backup nexthop ID" +- run_cmd "ip -n sw1 -s -j link show dev vx0 | jq -e '.[][\"stats64\"][\"tx\"][\"dropped\"] == $((tx_drop + 3))'" ++ run_cmd "ip -n $sw1 -s -j link show dev vx0 | jq -e '.[][\"stats64\"][\"tx\"][\"dropped\"] == $((tx_drop + 3))'" + log_test $? 0 "Tx drop increased" + + # IPv6 address family nexthop. +- run_cmd "ip -n sw1 nexthop replace id 100 via 2001:db8:100::1 fdb" +- run_cmd "ip -n sw1 nexthop replace id 200 via 2001:db8:100::1 fdb" +- run_cmd "ip -n sw1 nexthop replace id 300 group 100/200 fdb" +- run_cmd "bridge -n sw1 link set dev swp1 backup_nhid 300" +- run_cmd "bridge -n sw1 -d link show dev swp1 | grep \"backup_nhid 300\"" ++ run_cmd "ip -n $sw1 nexthop replace id 100 via 2001:db8:100::1 fdb" ++ run_cmd "ip -n $sw1 nexthop replace id 200 via 2001:db8:100::1 fdb" ++ run_cmd "ip -n $sw1 nexthop replace id 300 group 100/200 fdb" ++ run_cmd "bridge -n $sw1 link set dev swp1 backup_nhid 300" ++ run_cmd "bridge -n $sw1 -d link show dev swp1 | grep \"backup_nhid 300\"" + log_test $? 0 "IPv6 address family nexthop as backup nexthop" + +- run_cmd "ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" +- tc_check_packets sw1 "dev swp1 egress" 101 0 ++ run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" ++ tc_check_packets $sw1 "dev swp1 egress" 101 0 + log_test $? 0 "No forwarding out of swp1" +- tc_check_packets sw1 "dev vx0 egress" 101 5 ++ tc_check_packets $sw1 "dev vx0 egress" 101 5 + log_test $? 0 "Forwarding out of vx0" +- tc_check_packets sw2 "dev vx0 ingress" 101 1 ++ tc_check_packets $sw2 "dev vx0 ingress" 101 1 + log_test $? 0 "No forwarding using backup nexthop ID" +- run_cmd "ip -n sw1 -s -j link show dev vx0 | jq -e '.[][\"stats64\"][\"tx\"][\"dropped\"] == $((tx_drop + 4))'" ++ run_cmd "ip -n $sw1 -s -j link show dev vx0 | jq -e '.[][\"stats64\"][\"tx\"][\"dropped\"] == $((tx_drop + 4))'" + log_test $? 0 "Tx drop increased" + } + +@@ -591,44 +584,44 @@ backup_nhid_ping() + echo "------------------------" + + # Test bidirectional traffic when traffic is redirected in both VTEPs. +- sw1_mac=$(ip -n sw1 -j -p link show br0.10 | jq -r '.[]["address"]') +- sw2_mac=$(ip -n sw2 -j -p link show br0.10 | jq -r '.[]["address"]') ++ sw1_mac=$(ip -n $sw1 -j -p link show br0.10 | jq -r '.[]["address"]') ++ sw2_mac=$(ip -n $sw2 -j -p link show br0.10 | jq -r '.[]["address"]') + +- run_cmd "bridge -n sw1 fdb replace $sw2_mac dev swp1 master static vlan 10" +- run_cmd "bridge -n sw2 fdb replace $sw1_mac dev swp1 master static vlan 10" ++ run_cmd "bridge -n $sw1 fdb replace $sw2_mac dev swp1 master static vlan 10" ++ run_cmd "bridge -n $sw2 fdb replace $sw1_mac dev swp1 master static vlan 10" + +- run_cmd "ip -n sw1 neigh replace 192.0.2.66 lladdr $sw2_mac nud perm dev br0.10" +- run_cmd "ip -n sw2 neigh replace 192.0.2.65 lladdr $sw1_mac nud perm dev br0.10" ++ run_cmd "ip -n $sw1 neigh replace 192.0.2.66 lladdr $sw2_mac nud perm dev br0.10" ++ run_cmd "ip -n $sw2 neigh replace 192.0.2.65 lladdr $sw1_mac nud perm dev br0.10" + +- run_cmd "ip -n sw1 nexthop replace id 1 via 192.0.2.34 fdb" +- run_cmd "ip -n sw2 nexthop replace id 1 via 192.0.2.33 fdb" +- run_cmd "ip -n sw1 nexthop replace id 10 group 1 fdb" +- run_cmd "ip -n sw2 nexthop replace id 10 group 1 fdb" ++ run_cmd "ip -n $sw1 nexthop replace id 1 via 192.0.2.34 fdb" ++ run_cmd "ip -n $sw2 nexthop replace id 1 via 192.0.2.33 fdb" ++ run_cmd "ip -n $sw1 nexthop replace id 10 group 1 fdb" ++ run_cmd "ip -n $sw2 nexthop replace id 10 group 1 fdb" + +- run_cmd "bridge -n sw1 link set dev swp1 backup_port vx0" +- run_cmd "bridge -n sw2 link set dev swp1 backup_port vx0" +- run_cmd "bridge -n sw1 link set dev swp1 backup_nhid 10" +- run_cmd "bridge -n sw2 link set dev swp1 backup_nhid 10" ++ run_cmd "bridge -n $sw1 link set dev swp1 backup_port vx0" ++ run_cmd "bridge -n $sw2 link set dev swp1 backup_port vx0" ++ run_cmd "bridge -n $sw1 link set dev swp1 backup_nhid 10" ++ run_cmd "bridge -n $sw2 link set dev swp1 backup_nhid 10" + +- run_cmd "ip -n sw1 link set dev swp1 carrier off" +- run_cmd "ip -n sw2 link set dev swp1 carrier off" ++ run_cmd "ip -n $sw1 link set dev swp1 carrier off" ++ run_cmd "ip -n $sw2 link set dev swp1 carrier off" + +- run_cmd "ip netns exec sw1 ping -i 0.1 -c 10 -w $PING_TIMEOUT 192.0.2.66" ++ run_cmd "ip netns exec $sw1 ping -i 0.1 -c 10 -w $PING_TIMEOUT 192.0.2.66" + log_test $? 0 "Ping with backup nexthop ID" + + # Reset the backup nexthop ID to 0 and check that ping fails. +- run_cmd "bridge -n sw1 link set dev swp1 backup_nhid 0" +- run_cmd "bridge -n sw2 link set dev swp1 backup_nhid 0" ++ run_cmd "bridge -n $sw1 link set dev swp1 backup_nhid 0" ++ run_cmd "bridge -n $sw2 link set dev swp1 backup_nhid 0" + +- run_cmd "ip netns exec sw1 ping -i 0.1 -c 10 -w $PING_TIMEOUT 192.0.2.66" ++ run_cmd "ip netns exec $sw1 ping -i 0.1 -c 10 -w $PING_TIMEOUT 192.0.2.66" + log_test $? 1 "Ping after disabling backup nexthop ID" + } + + backup_nhid_add_del_loop() + { + while true; do +- ip -n sw1 nexthop del id 10 +- ip -n sw1 nexthop replace id 10 group 1/2 fdb ++ ip -n $sw1 nexthop del id 10 ++ ip -n $sw1 nexthop replace id 10 group 1/2 fdb + done >/dev/null 2>&1 + } + +@@ -648,19 +641,19 @@ backup_nhid_torture() + # deleting the group. The test is considered successful if nothing + # crashed. + +- run_cmd "ip -n sw1 nexthop replace id 1 via 192.0.2.34 fdb" +- run_cmd "ip -n sw1 nexthop replace id 2 via 192.0.2.34 fdb" +- run_cmd "ip -n sw1 nexthop replace id 10 group 1/2 fdb" ++ run_cmd "ip -n $sw1 nexthop replace id 1 via 192.0.2.34 fdb" ++ run_cmd "ip -n $sw1 nexthop replace id 2 via 192.0.2.34 fdb" ++ run_cmd "ip -n $sw1 nexthop replace id 10 group 1/2 fdb" + +- run_cmd "bridge -n sw1 fdb replace $dmac dev swp1 master static vlan 10" ++ run_cmd "bridge -n $sw1 fdb replace $dmac dev swp1 master static vlan 10" + +- run_cmd "bridge -n sw1 link set dev swp1 backup_port vx0" +- run_cmd "bridge -n sw1 link set dev swp1 backup_nhid 10" +- run_cmd "ip -n sw1 link set dev swp1 carrier off" ++ run_cmd "bridge -n $sw1 link set dev swp1 backup_port vx0" ++ run_cmd "bridge -n $sw1 link set dev swp1 backup_nhid 10" ++ run_cmd "ip -n $sw1 link set dev swp1 carrier off" + + backup_nhid_add_del_loop & + pid1=$! +- ip netns exec sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 0 & ++ ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 0 & + pid2=$! + + sleep 30 +-- +2.43.0 + diff --git a/queue-6.7/selftests-net-fix-bridge-backup-port-test-flakiness.patch b/queue-6.7/selftests-net-fix-bridge-backup-port-test-flakiness.patch new file mode 100644 index 00000000000..234dd7279bc --- /dev/null +++ b/queue-6.7/selftests-net-fix-bridge-backup-port-test-flakiness.patch @@ -0,0 +1,162 @@ +From 43dda1d65b143ece0137d95bd756b5c0296dc6bf Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 8 Feb 2024 14:31:10 +0200 +Subject: selftests: net: Fix bridge backup port test flakiness + +From: Ido Schimmel + +[ Upstream commit 38ee0cb2a2e2ade077442085638eb181b0562971 ] + +The test toggles the carrier of a bridge port in order to test the +bridge backup port feature. + +Due to the linkwatch delayed work the carrier change is not always +reflected fast enough to the bridge driver and packets are not forwarded +as the test expects, resulting in failures [1]. + +Fix by busy waiting on the bridge port state until it changes to the +desired state following the carrier change. + +[1] + # Backup port + # ----------- + [...] + # TEST: swp1 carrier off [ OK ] + # TEST: No forwarding out of swp1 [FAIL] + [ 641.995910] br0: port 1(swp1) entered disabled state + # TEST: No forwarding out of vx0 [ OK ] + +Fixes: b408453053fb ("selftests: net: Add bridge backup port and backup nexthop ID test") +Signed-off-by: Ido Schimmel +Reviewed-by: Petr Machata +Acked-by: Paolo Abeni +Acked-by: Nikolay Aleksandrov +Link: https://lore.kernel.org/r/20240208123110.1063930-1-idosch@nvidia.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + .../selftests/net/test_bridge_backup_port.sh | 23 +++++++++++++++++++ + 1 file changed, 23 insertions(+) + +diff --git a/tools/testing/selftests/net/test_bridge_backup_port.sh b/tools/testing/selftests/net/test_bridge_backup_port.sh +index 70a7d87ba2d2..1b3f89e2b86e 100755 +--- a/tools/testing/selftests/net/test_bridge_backup_port.sh ++++ b/tools/testing/selftests/net/test_bridge_backup_port.sh +@@ -124,6 +124,16 @@ tc_check_packets() + [[ $pkts == $count ]] + } + ++bridge_link_check() ++{ ++ local ns=$1; shift ++ local dev=$1; shift ++ local state=$1; shift ++ ++ bridge -n $ns -d -j link show dev $dev | \ ++ jq -e ".[][\"state\"] == \"$state\"" &> /dev/null ++} ++ + ################################################################################ + # Setup + +@@ -259,6 +269,7 @@ backup_port() + log_test $? 0 "No forwarding out of vx0" + + run_cmd "ip -n $sw1 link set dev swp1 carrier off" ++ busywait $BUSYWAIT_TIMEOUT bridge_link_check $sw1 swp1 disabled + log_test $? 0 "swp1 carrier off" + + run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" +@@ -268,6 +279,7 @@ backup_port() + log_test $? 0 "No forwarding out of vx0" + + run_cmd "ip -n $sw1 link set dev swp1 carrier on" ++ busywait $BUSYWAIT_TIMEOUT bridge_link_check $sw1 swp1 forwarding + log_test $? 0 "swp1 carrier on" + + # Configure vx0 as the backup port of swp1 and check that packets are +@@ -284,6 +296,7 @@ backup_port() + log_test $? 0 "No forwarding out of vx0" + + run_cmd "ip -n $sw1 link set dev swp1 carrier off" ++ busywait $BUSYWAIT_TIMEOUT bridge_link_check $sw1 swp1 disabled + log_test $? 0 "swp1 carrier off" + + run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" +@@ -293,6 +306,7 @@ backup_port() + log_test $? 0 "Forwarding out of vx0" + + run_cmd "ip -n $sw1 link set dev swp1 carrier on" ++ busywait $BUSYWAIT_TIMEOUT bridge_link_check $sw1 swp1 forwarding + log_test $? 0 "swp1 carrier on" + + run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" +@@ -314,6 +328,7 @@ backup_port() + log_test $? 0 "No forwarding out of vx0" + + run_cmd "ip -n $sw1 link set dev swp1 carrier off" ++ busywait $BUSYWAIT_TIMEOUT bridge_link_check $sw1 swp1 disabled + log_test $? 0 "swp1 carrier off" + + run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" +@@ -369,6 +384,7 @@ backup_nhid() + log_test $? 0 "No forwarding out of vx0" + + run_cmd "ip -n $sw1 link set dev swp1 carrier off" ++ busywait $BUSYWAIT_TIMEOUT bridge_link_check $sw1 swp1 disabled + log_test $? 0 "swp1 carrier off" + + run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" +@@ -382,6 +398,7 @@ backup_nhid() + log_test $? 0 "Forwarding using VXLAN FDB entry" + + run_cmd "ip -n $sw1 link set dev swp1 carrier on" ++ busywait $BUSYWAIT_TIMEOUT bridge_link_check $sw1 swp1 forwarding + log_test $? 0 "swp1 carrier on" + + # Configure nexthop ID 10 as the backup nexthop ID of swp1 and check +@@ -398,6 +415,7 @@ backup_nhid() + log_test $? 0 "No forwarding out of vx0" + + run_cmd "ip -n $sw1 link set dev swp1 carrier off" ++ busywait $BUSYWAIT_TIMEOUT bridge_link_check $sw1 swp1 disabled + log_test $? 0 "swp1 carrier off" + + run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" +@@ -411,6 +429,7 @@ backup_nhid() + log_test $? 0 "No forwarding using VXLAN FDB entry" + + run_cmd "ip -n $sw1 link set dev swp1 carrier on" ++ busywait $BUSYWAIT_TIMEOUT bridge_link_check $sw1 swp1 forwarding + log_test $? 0 "swp1 carrier on" + + run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" +@@ -441,6 +460,7 @@ backup_nhid() + log_test $? 0 "No forwarding using VXLAN FDB entry" + + run_cmd "ip -n $sw1 link set dev swp1 carrier off" ++ busywait $BUSYWAIT_TIMEOUT bridge_link_check $sw1 swp1 disabled + log_test $? 0 "swp1 carrier off" + + run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" +@@ -497,6 +517,7 @@ backup_nhid_invalid() + log_test $? 0 "Valid nexthop as backup nexthop" + + run_cmd "ip -n $sw1 link set dev swp1 carrier off" ++ busywait $BUSYWAIT_TIMEOUT bridge_link_check $sw1 swp1 disabled + log_test $? 0 "swp1 carrier off" + + run_cmd "ip netns exec $sw1 mausezahn br0.10 -a $smac -b $dmac -A 198.51.100.1 -B 198.51.100.2 -t ip -p 100 -q -c 1" +@@ -604,7 +625,9 @@ backup_nhid_ping() + run_cmd "bridge -n $sw2 link set dev swp1 backup_nhid 10" + + run_cmd "ip -n $sw1 link set dev swp1 carrier off" ++ busywait $BUSYWAIT_TIMEOUT bridge_link_check $sw1 swp1 disabled + run_cmd "ip -n $sw2 link set dev swp1 carrier off" ++ busywait $BUSYWAIT_TIMEOUT bridge_link_check $sw2 swp1 disabled + + run_cmd "ip netns exec $sw1 ping -i 0.1 -c 10 -w $PING_TIMEOUT 192.0.2.66" + log_test $? 0 "Ping with backup nexthop ID" +-- +2.43.0 + diff --git a/queue-6.7/series b/queue-6.7/series index ea2918bd94f..ea462ef75c7 100644 --- a/queue-6.7/series +++ b/queue-6.7/series @@ -14,3 +14,49 @@ btrfs-don-t-reserve-space-for-checksums-when-writing-to-nocow-files.patch btrfs-reject-encoded-write-if-inode-has-nodatasum-flag-set.patch btrfs-don-t-drop-extent_map-for-free-space-inode-on-write-error.patch driver-core-fix-device_link_flag_is_sync_state_only.patch +kselftest-dt-stop-relying-on-dirname-to-improve-perf.patch +selftests-landlock-fix-net_test-build-with-old-libc.patch +selftests-landlock-fix-fs_test-build-with-old-libc.patch +of-unittest-fix-compile-in-the-non-dynamic-case.patch +drm-msm-gem-fix-double-resv-lock-aquire.patch +selftests-landlock-fix-capability-for-net_test.patch +asoc-intel-avs-fix-pci_probe-error-path.patch +spi-imx-fix-the-burst-length-at-dma-mode-and-cpu-mod.patch +asoc-intel-avs-fix-dynamic-port-assignment-when-tdm-.patch +wifi-iwlwifi-clear-link_id-in-time_event.patch +wifi-iwlwifi-fix-some-error-codes.patch +wifi-iwlwifi-uninitialized-variable-in-iwl_acpi_get_.patch +asoc-sof-ipc3-topology-fix-pipeline-tear-down-logic.patch +dpll-fix-possible-deadlock-during-netlink-dump-opera.patch +net-mlx5-dpll-fix-possible-use-after-free-after-dela.patch +net-handshake-fix-handshake_req_destroy_test1.patch +bonding-do-not-report-netdev_xdp_act_xsk_zerocopy.patch +devlink-fix-command-annotation-documentation.patch +of-property-improve-finding-the-consumer-of-a-remote.patch +of-property-improve-finding-the-supplier-of-a-remote.patch +alsa-hda-cs35l56-select-intended-config-fw_cs_dsp.patch +perf-cxl-fix-mismatched-cpmu-event-opcode.patch +selftests-net-convert-test_bridge_backup_port.sh-to-.patch +selftests-net-fix-bridge-backup-port-test-flakiness.patch +selftests-forwarding-fix-layer-2-miss-test-flakiness.patch +selftests-forwarding-fix-bridge-mdb-test-flakiness.patch +selftests-forwarding-suppress-grep-warnings.patch +selftests-forwarding-fix-bridge-locked-port-test-fla.patch +net-openvswitch-limit-the-number-of-recursions-from-.patch +lan966x-fix-crash-when-adding-interface-under-a-lag.patch +net-tls-factor-out-tls_-crypt_async_wait.patch +tls-fix-race-between-async-notify-and-socket-close.patch +tls-fix-race-between-tx-work-scheduling-and-socket-c.patch +net-tls-handle-backlogging-of-crypto-requests.patch +net-tls-fix-use-after-free-with-partial-reads-and-as.patch +net-tls-fix-returned-read-length-with-async-decrypt.patch +spi-ppc4xx-drop-write-only-variable.patch +asoc-rt5645-fix-deadlock-in-rt5645_jack_detect_work.patch +drm-i915-dsc-fix-the-macro-that-calculates-dscc_-dsc.patch +net-sysfs-fix-sys-class-net-iface-path-for-statistic.patch +nouveau-svm-fix-kvcalloc-argument-order.patch +mips-add-memory-clobber-to-csum_ipv6_magic-inline-as.patch +ptrace-introduce-exception_ip-arch-hook.patch +mm-memory-use-exception-ip-to-search-exception-table.patch +i40e-do-not-allow-untrusted-vf-to-remove-administrat.patch +i40e-fix-waiting-for-queues-of-all-vsis-to-be-disabl.patch diff --git a/queue-6.7/spi-imx-fix-the-burst-length-at-dma-mode-and-cpu-mod.patch b/queue-6.7/spi-imx-fix-the-burst-length-at-dma-mode-and-cpu-mod.patch new file mode 100644 index 00000000000..3e2f5e6b8bc --- /dev/null +++ b/queue-6.7/spi-imx-fix-the-burst-length-at-dma-mode-and-cpu-mod.patch @@ -0,0 +1,62 @@ +From 3d4d4f8c9e7420e585c7cfbdb9dd0c5fa75852c4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 4 Feb 2024 17:19:12 +0800 +Subject: spi: imx: fix the burst length at DMA mode and CPU mode + +From: Carlos Song + +[ Upstream commit c712c05e46c8ce550842951e9e2606e24dbf0475 ] + +For DMA mode, the bus width of the DMA is equal to the size of data +word, so burst length should be configured as bits per word. + +For CPU mode, because of the spi transfer len is in byte, so calculate +the total number of words according to spi transfer len and bits per +word, burst length should be configured as total data bits. + +Signed-off-by: Carlos Song +Reviewed-by: Clark Wang +Fixes: e9b220aeacf1 ("spi: spi-imx: correctly configure burst length when using dma") +Fixes: 5f66db08cbd3 ("spi: imx: Take in account bits per word instead of assuming 8-bits") +Link: https://lore.kernel.org/r/20240204091912.36488-1-carlos.song@nxp.com +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + drivers/spi/spi-imx.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/drivers/spi/spi-imx.c b/drivers/spi/spi-imx.c +index 272bc871a848..e2d3e3ec1378 100644 +--- a/drivers/spi/spi-imx.c ++++ b/drivers/spi/spi-imx.c +@@ -2,6 +2,7 @@ + // Copyright 2004-2007 Freescale Semiconductor, Inc. All Rights Reserved. + // Copyright (C) 2008 Juergen Beisert + ++#include + #include + #include + #include +@@ -660,15 +661,15 @@ static int mx51_ecspi_prepare_transfer(struct spi_imx_data *spi_imx, + << MX51_ECSPI_CTRL_BL_OFFSET; + else { + if (spi_imx->usedma) { +- ctrl |= (spi_imx->bits_per_word * +- spi_imx_bytes_per_word(spi_imx->bits_per_word) - 1) ++ ctrl |= (spi_imx->bits_per_word - 1) + << MX51_ECSPI_CTRL_BL_OFFSET; + } else { + if (spi_imx->count >= MX51_ECSPI_CTRL_MAX_BURST) +- ctrl |= (MX51_ECSPI_CTRL_MAX_BURST - 1) ++ ctrl |= (MX51_ECSPI_CTRL_MAX_BURST * BITS_PER_BYTE - 1) + << MX51_ECSPI_CTRL_BL_OFFSET; + else +- ctrl |= (spi_imx->count * spi_imx->bits_per_word - 1) ++ ctrl |= spi_imx->count / DIV_ROUND_UP(spi_imx->bits_per_word, ++ BITS_PER_BYTE) * spi_imx->bits_per_word + << MX51_ECSPI_CTRL_BL_OFFSET; + } + } +-- +2.43.0 + diff --git a/queue-6.7/spi-ppc4xx-drop-write-only-variable.patch b/queue-6.7/spi-ppc4xx-drop-write-only-variable.patch new file mode 100644 index 00000000000..33ecbe7f76b --- /dev/null +++ b/queue-6.7/spi-ppc4xx-drop-write-only-variable.patch @@ -0,0 +1,55 @@ +From 23292e40f29df7b531e4d5624e377f6447c91642 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 10 Feb 2024 17:40:08 +0100 +Subject: spi: ppc4xx: Drop write-only variable +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Uwe Kleine-König + +[ Upstream commit b3aa619a8b4706f35cb62f780c14e68796b37f3f ] + +Since commit 24778be20f87 ("spi: convert drivers to use +bits_per_word_mask") the bits_per_word variable is only written to. The +check that was there before isn't needed any more as the spi core +ensures that only 8 bit transfers are used, so the variable can go away +together with all assignments to it. + +Fixes: 24778be20f87 ("spi: convert drivers to use bits_per_word_mask") +Signed-off-by: Uwe Kleine-König +Link: https://lore.kernel.org/r/20240210164006.208149-8-u.kleine-koenig@pengutronix.de +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + drivers/spi/spi-ppc4xx.c | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/drivers/spi/spi-ppc4xx.c b/drivers/spi/spi-ppc4xx.c +index 03aab661be9d..e982d3189fdc 100644 +--- a/drivers/spi/spi-ppc4xx.c ++++ b/drivers/spi/spi-ppc4xx.c +@@ -166,10 +166,8 @@ static int spi_ppc4xx_setupxfer(struct spi_device *spi, struct spi_transfer *t) + int scr; + u8 cdm = 0; + u32 speed; +- u8 bits_per_word; + + /* Start with the generic configuration for this device. */ +- bits_per_word = spi->bits_per_word; + speed = spi->max_speed_hz; + + /* +@@ -177,9 +175,6 @@ static int spi_ppc4xx_setupxfer(struct spi_device *spi, struct spi_transfer *t) + * the transfer to overwrite the generic configuration with zeros. + */ + if (t) { +- if (t->bits_per_word) +- bits_per_word = t->bits_per_word; +- + if (t->speed_hz) + speed = min(t->speed_hz, spi->max_speed_hz); + } +-- +2.43.0 + diff --git a/queue-6.7/tls-fix-race-between-async-notify-and-socket-close.patch b/queue-6.7/tls-fix-race-between-async-notify-and-socket-close.patch new file mode 100644 index 00000000000..fa8a048e284 --- /dev/null +++ b/queue-6.7/tls-fix-race-between-async-notify-and-socket-close.patch @@ -0,0 +1,171 @@ +From 65dce2128f1ba9b504252d9a13976f29d08cbfeb Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 6 Feb 2024 17:18:19 -0800 +Subject: tls: fix race between async notify and socket close + +From: Jakub Kicinski + +[ Upstream commit aec7961916f3f9e88766e2688992da6980f11b8d ] + +The submitting thread (one which called recvmsg/sendmsg) +may exit as soon as the async crypto handler calls complete() +so any code past that point risks touching already freed data. + +Try to avoid the locking and extra flags altogether. +Have the main thread hold an extra reference, this way +we can depend solely on the atomic ref counter for +synchronization. + +Don't futz with reiniting the completion, either, we are now +tightly controlling when completion fires. + +Reported-by: valis +Fixes: 0cada33241d9 ("net/tls: fix race condition causing kernel panic") +Signed-off-by: Jakub Kicinski +Reviewed-by: Simon Horman +Reviewed-by: Eric Dumazet +Reviewed-by: Sabrina Dubroca +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + include/net/tls.h | 5 ----- + net/tls/tls_sw.c | 43 ++++++++++--------------------------------- + 2 files changed, 10 insertions(+), 38 deletions(-) + +diff --git a/include/net/tls.h b/include/net/tls.h +index 962f0c501111..340ad43971e4 100644 +--- a/include/net/tls.h ++++ b/include/net/tls.h +@@ -97,9 +97,6 @@ struct tls_sw_context_tx { + struct tls_rec *open_rec; + struct list_head tx_list; + atomic_t encrypt_pending; +- /* protect crypto_wait with encrypt_pending */ +- spinlock_t encrypt_compl_lock; +- int async_notify; + u8 async_capable:1; + + #define BIT_TX_SCHEDULED 0 +@@ -136,8 +133,6 @@ struct tls_sw_context_rx { + struct tls_strparser strp; + + atomic_t decrypt_pending; +- /* protect crypto_wait with decrypt_pending*/ +- spinlock_t decrypt_compl_lock; + struct sk_buff_head async_hold; + struct wait_queue_head wq; + }; +diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c +index 6a73714f34cc..635305bebfef 100644 +--- a/net/tls/tls_sw.c ++++ b/net/tls/tls_sw.c +@@ -224,22 +224,15 @@ static void tls_decrypt_done(void *data, int err) + + kfree(aead_req); + +- spin_lock_bh(&ctx->decrypt_compl_lock); +- if (!atomic_dec_return(&ctx->decrypt_pending)) ++ if (atomic_dec_and_test(&ctx->decrypt_pending)) + complete(&ctx->async_wait.completion); +- spin_unlock_bh(&ctx->decrypt_compl_lock); + } + + static int tls_decrypt_async_wait(struct tls_sw_context_rx *ctx) + { +- int pending; +- +- spin_lock_bh(&ctx->decrypt_compl_lock); +- reinit_completion(&ctx->async_wait.completion); +- pending = atomic_read(&ctx->decrypt_pending); +- spin_unlock_bh(&ctx->decrypt_compl_lock); +- if (pending) ++ if (!atomic_dec_and_test(&ctx->decrypt_pending)) + crypto_wait_req(-EINPROGRESS, &ctx->async_wait); ++ atomic_inc(&ctx->decrypt_pending); + + return ctx->async_wait.err; + } +@@ -267,6 +260,7 @@ static int tls_do_decryption(struct sock *sk, + aead_request_set_callback(aead_req, + CRYPTO_TFM_REQ_MAY_BACKLOG, + tls_decrypt_done, aead_req); ++ DEBUG_NET_WARN_ON_ONCE(atomic_read(&ctx->decrypt_pending) < 1); + atomic_inc(&ctx->decrypt_pending); + } else { + aead_request_set_callback(aead_req, +@@ -455,7 +449,6 @@ static void tls_encrypt_done(void *data, int err) + struct sk_msg *msg_en; + bool ready = false; + struct sock *sk; +- int pending; + + msg_en = &rec->msg_encrypted; + +@@ -494,12 +487,8 @@ static void tls_encrypt_done(void *data, int err) + ready = true; + } + +- spin_lock_bh(&ctx->encrypt_compl_lock); +- pending = atomic_dec_return(&ctx->encrypt_pending); +- +- if (!pending && ctx->async_notify) ++ if (atomic_dec_and_test(&ctx->encrypt_pending)) + complete(&ctx->async_wait.completion); +- spin_unlock_bh(&ctx->encrypt_compl_lock); + + if (!ready) + return; +@@ -511,22 +500,9 @@ static void tls_encrypt_done(void *data, int err) + + static int tls_encrypt_async_wait(struct tls_sw_context_tx *ctx) + { +- int pending; +- +- spin_lock_bh(&ctx->encrypt_compl_lock); +- ctx->async_notify = true; +- +- pending = atomic_read(&ctx->encrypt_pending); +- spin_unlock_bh(&ctx->encrypt_compl_lock); +- if (pending) ++ if (!atomic_dec_and_test(&ctx->encrypt_pending)) + crypto_wait_req(-EINPROGRESS, &ctx->async_wait); +- else +- reinit_completion(&ctx->async_wait.completion); +- +- /* There can be no concurrent accesses, since we have no +- * pending encrypt operations +- */ +- WRITE_ONCE(ctx->async_notify, false); ++ atomic_inc(&ctx->encrypt_pending); + + return ctx->async_wait.err; + } +@@ -577,6 +553,7 @@ static int tls_do_encryption(struct sock *sk, + + /* Add the record in tx_list */ + list_add_tail((struct list_head *)&rec->list, &ctx->tx_list); ++ DEBUG_NET_WARN_ON_ONCE(atomic_read(&ctx->encrypt_pending) < 1); + atomic_inc(&ctx->encrypt_pending); + + rc = crypto_aead_encrypt(aead_req); +@@ -2601,7 +2578,7 @@ static struct tls_sw_context_tx *init_ctx_tx(struct tls_context *ctx, struct soc + } + + crypto_init_wait(&sw_ctx_tx->async_wait); +- spin_lock_init(&sw_ctx_tx->encrypt_compl_lock); ++ atomic_set(&sw_ctx_tx->encrypt_pending, 1); + INIT_LIST_HEAD(&sw_ctx_tx->tx_list); + INIT_DELAYED_WORK(&sw_ctx_tx->tx_work.work, tx_work_handler); + sw_ctx_tx->tx_work.sk = sk; +@@ -2622,7 +2599,7 @@ static struct tls_sw_context_rx *init_ctx_rx(struct tls_context *ctx) + } + + crypto_init_wait(&sw_ctx_rx->async_wait); +- spin_lock_init(&sw_ctx_rx->decrypt_compl_lock); ++ atomic_set(&sw_ctx_rx->decrypt_pending, 1); + init_waitqueue_head(&sw_ctx_rx->wq); + skb_queue_head_init(&sw_ctx_rx->rx_list); + skb_queue_head_init(&sw_ctx_rx->async_hold); +-- +2.43.0 + diff --git a/queue-6.7/tls-fix-race-between-tx-work-scheduling-and-socket-c.patch b/queue-6.7/tls-fix-race-between-tx-work-scheduling-and-socket-c.patch new file mode 100644 index 00000000000..b0fdbdd143d --- /dev/null +++ b/queue-6.7/tls-fix-race-between-tx-work-scheduling-and-socket-c.patch @@ -0,0 +1,67 @@ +From 28a14bb87398b2631ac6e4c4606fc4323c4c884e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 6 Feb 2024 17:18:20 -0800 +Subject: tls: fix race between tx work scheduling and socket close + +From: Jakub Kicinski + +[ Upstream commit e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb ] + +Similarly to previous commit, the submitting thread (recvmsg/sendmsg) +may exit as soon as the async crypto handler calls complete(). +Reorder scheduling the work before calling complete(). +This seems more logical in the first place, as it's +the inverse order of what the submitting thread will do. + +Reported-by: valis +Fixes: a42055e8d2c3 ("net/tls: Add support for async encryption of records for performance") +Signed-off-by: Jakub Kicinski +Reviewed-by: Simon Horman +Reviewed-by: Sabrina Dubroca +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + net/tls/tls_sw.c | 16 ++++++---------- + 1 file changed, 6 insertions(+), 10 deletions(-) + +diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c +index 635305bebfef..9374a61cef00 100644 +--- a/net/tls/tls_sw.c ++++ b/net/tls/tls_sw.c +@@ -447,7 +447,6 @@ static void tls_encrypt_done(void *data, int err) + struct tls_rec *rec = data; + struct scatterlist *sge; + struct sk_msg *msg_en; +- bool ready = false; + struct sock *sk; + + msg_en = &rec->msg_encrypted; +@@ -483,19 +482,16 @@ static void tls_encrypt_done(void *data, int err) + /* If received record is at head of tx_list, schedule tx */ + first_rec = list_first_entry(&ctx->tx_list, + struct tls_rec, list); +- if (rec == first_rec) +- ready = true; ++ if (rec == first_rec) { ++ /* Schedule the transmission */ ++ if (!test_and_set_bit(BIT_TX_SCHEDULED, ++ &ctx->tx_bitmask)) ++ schedule_delayed_work(&ctx->tx_work.work, 1); ++ } + } + + if (atomic_dec_and_test(&ctx->encrypt_pending)) + complete(&ctx->async_wait.completion); +- +- if (!ready) +- return; +- +- /* Schedule the transmission */ +- if (!test_and_set_bit(BIT_TX_SCHEDULED, &ctx->tx_bitmask)) +- schedule_delayed_work(&ctx->tx_work.work, 1); + } + + static int tls_encrypt_async_wait(struct tls_sw_context_tx *ctx) +-- +2.43.0 + diff --git a/queue-6.7/wifi-iwlwifi-clear-link_id-in-time_event.patch b/queue-6.7/wifi-iwlwifi-clear-link_id-in-time_event.patch new file mode 100644 index 00000000000..c56ea74b4bf --- /dev/null +++ b/queue-6.7/wifi-iwlwifi-clear-link_id-in-time_event.patch @@ -0,0 +1,47 @@ +From 7c70e894d12c35d01947e4b6c43db77bb10e123b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 5 Feb 2024 00:06:16 +0200 +Subject: wifi: iwlwifi: clear link_id in time_event + +From: Miri Korenblit + +[ Upstream commit 3012477cd510044d346c5e0465ead4732aef8349 ] + +Before sending a SESSION PROTECTION cmd the driver checks if +the link_id indicated in the time event (and for which the cmd will be +sent) is valid and exists. +Clear the te_data::link_id when FW notifies that a session protection +ended, so the check will actually fail when it should. + +Fixes: 135065837310 ("wifi: iwlwifi: support link_id in SESSION_PROTECTION cmd") +Signed-off-by: Miri Korenblit +Link: https://msgid.link/20240204235836.c64a6b3606c2.I35cdc08e8a3be282563163690f8ca3edb51a3854@changeid +Signed-off-by: Johannes Berg +Signed-off-by: Sasha Levin +--- + drivers/net/wireless/intel/iwlwifi/mvm/time-event.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/time-event.c b/drivers/net/wireless/intel/iwlwifi/mvm/time-event.c +index 218fdf1ed530..2e653a417d62 100644 +--- a/drivers/net/wireless/intel/iwlwifi/mvm/time-event.c ++++ b/drivers/net/wireless/intel/iwlwifi/mvm/time-event.c +@@ -1,6 +1,6 @@ + // SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause + /* +- * Copyright (C) 2012-2014, 2018-2023 Intel Corporation ++ * Copyright (C) 2012-2014, 2018-2024 Intel Corporation + * Copyright (C) 2013-2015 Intel Mobile Communications GmbH + * Copyright (C) 2017 Intel Deutschland GmbH + */ +@@ -972,6 +972,7 @@ void iwl_mvm_rx_session_protect_notif(struct iwl_mvm *mvm, + if (!le32_to_cpu(notif->status) || !le32_to_cpu(notif->start)) { + /* End TE, notify mac80211 */ + mvmvif->time_event_data.id = SESSION_PROTECT_CONF_MAX_ID; ++ mvmvif->time_event_data.link_id = -1; + iwl_mvm_p2p_roc_finished(mvm); + ieee80211_remain_on_channel_expired(mvm->hw); + } else if (le32_to_cpu(notif->start)) { +-- +2.43.0 + diff --git a/queue-6.7/wifi-iwlwifi-fix-some-error-codes.patch b/queue-6.7/wifi-iwlwifi-fix-some-error-codes.patch new file mode 100644 index 00000000000..a59c0e0d0e0 --- /dev/null +++ b/queue-6.7/wifi-iwlwifi-fix-some-error-codes.patch @@ -0,0 +1,83 @@ +From 874d2ed1b12de378085ebbfc6f38e686a22b8353 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 8 Feb 2024 13:17:06 +0300 +Subject: wifi: iwlwifi: Fix some error codes + +From: Dan Carpenter + +[ Upstream commit c6ebb5b67641994de8bc486b33457fe0b681d6fe ] + +This saves the error as PTR_ERR(wifi_pkg). The problem is that +"wifi_pkg" is a valid pointer, not an error pointer. Set the error code +to -EINVAL instead. + +Fixes: 2a8084147bff ("iwlwifi: acpi: support reading and storing WRDS revision 1 and 2") +Signed-off-by: Dan Carpenter +Link: https://msgid.link/9620bb77-2d7c-4d76-b255-ad824ebf8e35@moroto.mountain +Signed-off-by: Johannes Berg +Signed-off-by: Sasha Levin +--- + drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/drivers/net/wireless/intel/iwlwifi/fw/acpi.c b/drivers/net/wireless/intel/iwlwifi/fw/acpi.c +index b96f30d11644..d73d561709d3 100644 +--- a/drivers/net/wireless/intel/iwlwifi/fw/acpi.c ++++ b/drivers/net/wireless/intel/iwlwifi/fw/acpi.c +@@ -618,7 +618,7 @@ int iwl_sar_get_wrds_table(struct iwl_fw_runtime *fwrt) + &tbl_rev); + if (!IS_ERR(wifi_pkg)) { + if (tbl_rev != 2) { +- ret = PTR_ERR(wifi_pkg); ++ ret = -EINVAL; + goto out_free; + } + +@@ -634,7 +634,7 @@ int iwl_sar_get_wrds_table(struct iwl_fw_runtime *fwrt) + &tbl_rev); + if (!IS_ERR(wifi_pkg)) { + if (tbl_rev != 1) { +- ret = PTR_ERR(wifi_pkg); ++ ret = -EINVAL; + goto out_free; + } + +@@ -650,7 +650,7 @@ int iwl_sar_get_wrds_table(struct iwl_fw_runtime *fwrt) + &tbl_rev); + if (!IS_ERR(wifi_pkg)) { + if (tbl_rev != 0) { +- ret = PTR_ERR(wifi_pkg); ++ ret = -EINVAL; + goto out_free; + } + +@@ -707,7 +707,7 @@ int iwl_sar_get_ewrd_table(struct iwl_fw_runtime *fwrt) + &tbl_rev); + if (!IS_ERR(wifi_pkg)) { + if (tbl_rev != 2) { +- ret = PTR_ERR(wifi_pkg); ++ ret = -EINVAL; + goto out_free; + } + +@@ -723,7 +723,7 @@ int iwl_sar_get_ewrd_table(struct iwl_fw_runtime *fwrt) + &tbl_rev); + if (!IS_ERR(wifi_pkg)) { + if (tbl_rev != 1) { +- ret = PTR_ERR(wifi_pkg); ++ ret = -EINVAL; + goto out_free; + } + +@@ -739,7 +739,7 @@ int iwl_sar_get_ewrd_table(struct iwl_fw_runtime *fwrt) + &tbl_rev); + if (!IS_ERR(wifi_pkg)) { + if (tbl_rev != 0) { +- ret = PTR_ERR(wifi_pkg); ++ ret = -EINVAL; + goto out_free; + } + +-- +2.43.0 + diff --git a/queue-6.7/wifi-iwlwifi-uninitialized-variable-in-iwl_acpi_get_.patch b/queue-6.7/wifi-iwlwifi-uninitialized-variable-in-iwl_acpi_get_.patch new file mode 100644 index 00000000000..f2bd3518481 --- /dev/null +++ b/queue-6.7/wifi-iwlwifi-uninitialized-variable-in-iwl_acpi_get_.patch @@ -0,0 +1,40 @@ +From a00ee23b2ac6771a83273c39255f85e12d0232e2 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 8 Feb 2024 13:17:31 +0300 +Subject: wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table() + +From: Dan Carpenter + +[ Upstream commit 65c6ee90455053cfd3067c17aaa4a42b0c766543 ] + +This is an error path and Smatch complains that "tbl_rev" is uninitialized +on this path. All the other functions follow this same patter where they +set the error code and goto out_free so that's probably what was intended +here as well. + +Fixes: e8e10a37c51c ("iwlwifi: acpi: move ppag code from mvm to fw/acpi") +Signed-off-by: Dan Carpenter +Link: https://msgid.link/09900c01-6540-4a32-9451-563da0029cb6@moroto.mountain +Signed-off-by: Johannes Berg +Signed-off-by: Sasha Levin +--- + drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/net/wireless/intel/iwlwifi/fw/acpi.c b/drivers/net/wireless/intel/iwlwifi/fw/acpi.c +index d73d561709d3..dcc4810cb324 100644 +--- a/drivers/net/wireless/intel/iwlwifi/fw/acpi.c ++++ b/drivers/net/wireless/intel/iwlwifi/fw/acpi.c +@@ -1116,6 +1116,9 @@ int iwl_acpi_get_ppag_table(struct iwl_fw_runtime *fwrt) + goto read_table; + } + ++ ret = PTR_ERR(wifi_pkg); ++ goto out_free; ++ + read_table: + fwrt->ppag_ver = tbl_rev; + flags = &wifi_pkg->package.elements[1]; +-- +2.43.0 +