October 2023 - Linux-stable-mirror

by Ranjan Kumar

The loop continues to iterate until the count reaches 30, even after receiving the correct value.That is fixed by breaking when non-zero value is read. Fixes: 4ca10f3e3174 ("mpt3sas: Perform additional retries if doorbell read returns 0") Cc: stable(a)vger.kernel.org Signed-off-by: Ranjan Kumar <ranjan.kumar(a)broadcom.com> --- drivers/scsi/mpt3sas/mpt3sas_base.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/scsi/mpt3sas/mpt3sas_base.c b/drivers/scsi/mpt3sas/mpt3sas_base.c index 61a32bf00747..a75f670bf551 100644 --- a/drivers/scsi/mpt3sas/mpt3sas_base.c +++ b/drivers/scsi/mpt3sas/mpt3sas_base.c @@ -223,8 +223,8 @@ _base_readl_ext_retry(const void __iomem *addr) for (i = 0 ; i < 30 ; i++) { ret_val = readl(addr); - if (ret_val == 0) - continue; + if (ret_val != 0) + break; } return ret_val; -- 2.31.1

1 year, 2 months

2
2
0 0

[RFC bpf 1/2] bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END

by Shung-Hsi Yu

BPF_END and BPF_NEG has a different specification for the source bit in the opcode compared to other ALU/ALU64 instructions, and is either reserved or use to specify the byte swap endianness. In both cases the source bit does not encode source operand location, and src_reg is a reserved field. backtrack_insn() currently does not differentiate BPF_END and BPF_NEG from other ALU/ALU64 instructions, which leads to r0 being incorrectly marked as precise when processing BPF_ALU | BPF_TO_BE | BPF_END instructions. This commit teaches backtrack_insn() to correctly mark precision for such case. While precise tracking of BPF_NEG and other BPF_END instructions are correct and does not need fixing because their source bit are unset and thus treated as the BPF_K case, this commit opt to process all BPF_NEG and BPF_END instructions within the same if-clause so it better aligns with current convention used in the verifier (e.g. check_alu_op). Fixes: b5dc0163d8fd ("bpf: precise scalar_value tracking") Cc: stable(a)vger.kernel.org Reported-by: Mohamed Mahmoud <mmahmoud(a)redhat.com> Tested-by: Toke Høiland-Jørgensen <toke(a)redhat.com> Tested-by: Tao Lyu <tao.lyu(a)epfl.ch> Signed-off-by: Shung-Hsi Yu <shung-hsi.yu(a)suse.com> --- kernel/bpf/verifier.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 873ade146f3d..646dc49263fd 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -3426,7 +3426,12 @@ static int backtrack_insn(struct bpf_verifier_env *env, int idx, int subseq_idx, if (class == BPF_ALU || class == BPF_ALU64) { if (!bt_is_reg_set(bt, dreg)) return 0; - if (opcode == BPF_MOV) { + if (opcode == BPF_END || opcode == BPF_NEG) { + /* sreg is reserved and unused + * dreg still need precision before this insn + */ + return 0; + } else if (opcode == BPF_MOV) { if (BPF_SRC(insn->code) == BPF_X) { /* dreg = sreg or dreg = (s8, s16, s32)sreg * dreg needs precision after this insn -- 2.42.0

1 year, 2 months

2
1
0 0

[PATCH] can: isotp: upgrade 5.15 LTS to latest 6.6 mainline code base

by Oliver Hartkopp

The backport of commit 9c5df2f14ee3 ("can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events") introduced a new regression where the fix could potentially introduce new side effects. To reduce the risk of other unmet dependencies and missing fixes and checks the latest mainline code base is ported back to the 5.15 LTS tree. To meet the former Linux 5.15 API these commits have been reverted: f4b41f062c42 ("net: remove noblock parameter from skb_recv_datagram()") 96a7457a14d9 ("can: skb: unify skb CAN frame identification helpers") dc97391e6610 ("sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES)") 0145462fc802 ("can: isotp: isotp_recvmsg(): use sock_recv_cmsgs() to get SOCK_RXQ_OVFL infos") New features and communication stability measures: 9f39d36530e5 ("can: isotp: add support for transmission without flow control") 96d1c81e6a04 ("can: isotp: add module parameter for maximum pdu size") 4b7fe92c0690 ("can: isotp: add local echo tx processing for consecutive frames") 530e0d46c613 ("can: isotp: set default value for N_As to 50 micro seconds") And various sanity checks, fixes and improved return values. Signed-off-by: Oliver Hartkopp <socketcan(a)hartkopp.net> --- include/uapi/linux/can/isotp.h | 25 +- net/can/isotp.c | 487 ++++++++++++++++++++++----------- 2 files changed, 342 insertions(+), 170 deletions(-) diff --git a/include/uapi/linux/can/isotp.h b/include/uapi/linux/can/isotp.h index 590f8aea2b6d..439c982f7e81 100644 --- a/include/uapi/linux/can/isotp.h +++ b/include/uapi/linux/can/isotp.h @@ -122,22 +122,23 @@ struct can_isotp_ll_options { /* by the CAN netdriver configuration */ }; /* flags for isotp behaviour */ -#define CAN_ISOTP_LISTEN_MODE 0x001 /* listen only (do not send FC) */ -#define CAN_ISOTP_EXTEND_ADDR 0x002 /* enable extended addressing */ -#define CAN_ISOTP_TX_PADDING 0x004 /* enable CAN frame padding tx path */ -#define CAN_ISOTP_RX_PADDING 0x008 /* enable CAN frame padding rx path */ -#define CAN_ISOTP_CHK_PAD_LEN 0x010 /* check received CAN frame padding */ -#define CAN_ISOTP_CHK_PAD_DATA 0x020 /* check received CAN frame padding */ -#define CAN_ISOTP_HALF_DUPLEX 0x040 /* half duplex error state handling */ -#define CAN_ISOTP_FORCE_TXSTMIN 0x080 /* ignore stmin from received FC */ -#define CAN_ISOTP_FORCE_RXSTMIN 0x100 /* ignore CFs depending on rx stmin */ -#define CAN_ISOTP_RX_EXT_ADDR 0x200 /* different rx extended addressing */ -#define CAN_ISOTP_WAIT_TX_DONE 0x400 /* wait for tx completion */ -#define CAN_ISOTP_SF_BROADCAST 0x800 /* 1-to-N functional addressing */ +#define CAN_ISOTP_LISTEN_MODE 0x0001 /* listen only (do not send FC) */ +#define CAN_ISOTP_EXTEND_ADDR 0x0002 /* enable extended addressing */ +#define CAN_ISOTP_TX_PADDING 0x0004 /* enable CAN frame padding tx path */ +#define CAN_ISOTP_RX_PADDING 0x0008 /* enable CAN frame padding rx path */ +#define CAN_ISOTP_CHK_PAD_LEN 0x0010 /* check received CAN frame padding */ +#define CAN_ISOTP_CHK_PAD_DATA 0x0020 /* check received CAN frame padding */ +#define CAN_ISOTP_HALF_DUPLEX 0x0040 /* half duplex error state handling */ +#define CAN_ISOTP_FORCE_TXSTMIN 0x0080 /* ignore stmin from received FC */ +#define CAN_ISOTP_FORCE_RXSTMIN 0x0100 /* ignore CFs depending on rx stmin */ +#define CAN_ISOTP_RX_EXT_ADDR 0x0200 /* different rx extended addressing */ +#define CAN_ISOTP_WAIT_TX_DONE 0x0400 /* wait for tx completion */ +#define CAN_ISOTP_SF_BROADCAST 0x0800 /* 1-to-N functional addressing */ +#define CAN_ISOTP_CF_BROADCAST 0x1000 /* 1-to-N transmission w/o FC */ /* protocol machine default values */ #define CAN_ISOTP_DEFAULT_FLAGS 0 #define CAN_ISOTP_DEFAULT_EXT_ADDRESS 0x00 diff --git a/net/can/isotp.c b/net/can/isotp.c index 4dccf7b4b88d..89fa1ae825a2 100644 --- a/net/can/isotp.c +++ b/net/can/isotp.c @@ -12,11 +12,10 @@ * - TX path flowcontrol reception with wrong layout/padding leads to -EBADMSG * - when a transfer (tx) is on the run the next write() blocks until it's done * - use CAN_ISOTP_WAIT_TX_DONE flag to block the caller until the PDU is sent * - as we have static buffers the check whether the PDU fits into the buffer * is done at FF reception time (no support for sending 'wait frames') - * - take care of the tx-queue-len as traffic shaping is still on the TODO list * * Copyright (c) 2020 Volkswagen Group Electronic Research * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -84,14 +83,25 @@ MODULE_ALIAS("can-proto-6"); (CAN_EFF_MASK | CAN_EFF_FLAG | CAN_RTR_FLAG) : \ (CAN_SFF_MASK | CAN_EFF_FLAG | CAN_RTR_FLAG)) /* ISO 15765-2:2016 supports more than 4095 byte per ISO PDU as the FF_DL can * take full 32 bit values (4 Gbyte). We would need some good concept to handle - * this between user space and kernel space. For now increase the static buffer - * to something about 8 kbyte to be able to test this new functionality. + * this between user space and kernel space. For now set the static buffer to + * something about 8 kbyte to be able to test this new functionality. */ -#define MAX_MSG_LENGTH 8200 +#define DEFAULT_MAX_PDU_SIZE 8300 + +/* maximum PDU size before ISO 15765-2:2016 extension was 4095 */ +#define MAX_12BIT_PDU_SIZE 4095 + +/* limit the isotp pdu size from the optional module parameter to 1MByte */ +#define MAX_PDU_SIZE (1025 * 1024U) + +static unsigned int max_pdu_size __read_mostly = DEFAULT_MAX_PDU_SIZE; +module_param(max_pdu_size, uint, 0444); +MODULE_PARM_DESC(max_pdu_size, "maximum isotp pdu size (default " + __stringify(DEFAULT_MAX_PDU_SIZE) ")"); /* N_PCI type values in bits 7-4 of N_PCI bytes */ #define N_PCI_SF 0x00 /* single frame */ #define N_PCI_FF 0x10 /* first frame */ #define N_PCI_CF 0x20 /* consecutive frame */ @@ -103,49 +113,57 @@ MODULE_ALIAS("can-proto-6"); #define FF_PCI_SZ12 2 /* size of FirstFrame PCI including 12 bit FF_DL */ #define FF_PCI_SZ32 6 /* size of FirstFrame PCI including 32 bit FF_DL */ #define FC_CONTENT_SZ 3 /* flow control content size in byte (FS/BS/STmin) */ #define ISOTP_CHECK_PADDING (CAN_ISOTP_CHK_PAD_LEN | CAN_ISOTP_CHK_PAD_DATA) +#define ISOTP_ALL_BC_FLAGS (CAN_ISOTP_SF_BROADCAST | CAN_ISOTP_CF_BROADCAST) /* Flow Status given in FC frame */ #define ISOTP_FC_CTS 0 /* clear to send */ #define ISOTP_FC_WT 1 /* wait */ #define ISOTP_FC_OVFLW 2 /* overflow */ +#define ISOTP_FC_TIMEOUT 1 /* 1 sec */ +#define ISOTP_ECHO_TIMEOUT 2 /* 2 secs */ + enum { ISOTP_IDLE = 0, ISOTP_WAIT_FIRST_FC, ISOTP_WAIT_FC, ISOTP_WAIT_DATA, - ISOTP_SENDING + ISOTP_SENDING, + ISOTP_SHUTDOWN, }; struct tpcon { - unsigned int idx; + u8 *buf; + unsigned int buflen; unsigned int len; + unsigned int idx; u32 state; u8 bs; u8 sn; u8 ll_dl; - u8 buf[MAX_MSG_LENGTH + 1]; + u8 sbuf[DEFAULT_MAX_PDU_SIZE]; }; struct isotp_sock { struct sock sk; int bound; int ifindex; canid_t txid; canid_t rxid; ktime_t tx_gap; ktime_t lastrxcf_tstamp; - struct hrtimer rxtimer, txtimer; + struct hrtimer rxtimer, txtimer, txfrtimer; struct can_isotp_options opt; struct can_isotp_fc_options rxfc, txfc; struct can_isotp_ll_options ll; u32 frame_txtime; u32 force_tx_stmin; u32 force_rx_stmin; + u32 cfecho; /* consecutive frame echo tag */ struct tpcon rx, tx; struct list_head notifier; wait_queue_head_t wait; spinlock_t rx_lock; /* protect single thread state machine */ }; @@ -157,10 +175,21 @@ static struct isotp_sock *isotp_busy_notifier; static inline struct isotp_sock *isotp_sk(const struct sock *sk) { return (struct isotp_sock *)sk; } +static u32 isotp_bc_flags(struct isotp_sock *so) +{ + return so->opt.flags & ISOTP_ALL_BC_FLAGS; +} + +static bool isotp_register_rxid(struct isotp_sock *so) +{ + /* no broadcast modes => register rx_id for FC frame reception */ + return (isotp_bc_flags(so) == 0); +} + static enum hrtimer_restart isotp_rx_timer_handler(struct hrtimer *hrtimer) { struct isotp_sock *so = container_of(hrtimer, struct isotp_sock, rxtimer); struct sock *sk = &so->sk; @@ -238,11 +267,12 @@ static int isotp_send_fc(struct sock *sk, int ae, u8 flowstatus) /* reset last CF frame rx timestamp for rx stmin enforcement */ so->lastrxcf_tstamp = ktime_set(0, 0); /* start rx timeout watchdog */ - hrtimer_start(&so->rxtimer, ktime_set(1, 0), HRTIMER_MODE_REL_SOFT); + hrtimer_start(&so->rxtimer, ktime_set(ISOTP_FC_TIMEOUT, 0), + HRTIMER_MODE_REL_SOFT); return 0; } static void isotp_rcv_skb(struct sk_buff *skb, struct sock *sk) { @@ -324,10 +354,12 @@ static int check_pad(struct isotp_sock *so, struct canfd_frame *cf, return 1; } return 0; } +static void isotp_send_cframe(struct isotp_sock *so); + static int isotp_rcv_fc(struct isotp_sock *so, struct canfd_frame *cf, int ae) { struct sock *sk = &so->sk; if (so->tx.state != ISOTP_WAIT_FC && @@ -378,18 +410,19 @@ static int isotp_rcv_fc(struct isotp_sock *so, struct canfd_frame *cf, int ae) switch (cf->data[ae] & 0x0F) { case ISOTP_FC_CTS: so->tx.bs = 0; so->tx.state = ISOTP_SENDING; - /* start cyclic timer for sending CF frame */ - hrtimer_start(&so->txtimer, so->tx_gap, + /* send CF frame and enable echo timeout handling */ + hrtimer_start(&so->txtimer, ktime_set(ISOTP_ECHO_TIMEOUT, 0), HRTIMER_MODE_REL_SOFT); + isotp_send_cframe(so); break; case ISOTP_FC_WT: /* start timer to wait for next FC frame */ - hrtimer_start(&so->txtimer, ktime_set(1, 0), + hrtimer_start(&so->txtimer, ktime_set(ISOTP_FC_TIMEOUT, 0), HRTIMER_MODE_REL_SOFT); break; case ISOTP_FC_OVFLW: /* overflow on receiver side - report 'message too long' */ @@ -476,11 +509,21 @@ static int isotp_rcv_ff(struct sock *sk, struct canfd_frame *cf, int ae) off = (so->rx.ll_dl > CAN_MAX_DLEN) ? 1 : 0; if (so->rx.len + ae + off + ff_pci_sz < so->rx.ll_dl) return 1; - if (so->rx.len > MAX_MSG_LENGTH) { + /* PDU size > default => try max_pdu_size */ + if (so->rx.len > so->rx.buflen && so->rx.buflen < max_pdu_size) { + u8 *newbuf = kmalloc(max_pdu_size, GFP_ATOMIC); + + if (newbuf) { + so->rx.buf = newbuf; + so->rx.buflen = max_pdu_size; + } + } + + if (so->rx.len > so->rx.buflen) { /* send FC frame with overflow status */ isotp_send_fc(sk, ae, ISOTP_FC_OVFLW); return 1; } @@ -580,11 +623,11 @@ static int isotp_rcv_cf(struct sock *sk, struct canfd_frame *cf, int ae, } /* perform blocksize handling, if enabled */ if (!so->rxfc.bs || ++so->rx.bs < so->rxfc.bs) { /* start rx timeout watchdog */ - hrtimer_start(&so->rxtimer, ktime_set(1, 0), + hrtimer_start(&so->rxtimer, ktime_set(ISOTP_FC_TIMEOUT, 0), HRTIMER_MODE_REL_SOFT); return 0; } /* no creation of flow control frames */ @@ -711,10 +754,67 @@ static void isotp_fill_dataframe(struct canfd_frame *cf, struct isotp_sock *so, if (ae) cf->data[0] = so->opt.ext_address; } +static void isotp_send_cframe(struct isotp_sock *so) +{ + struct sock *sk = &so->sk; + struct sk_buff *skb; + struct net_device *dev; + struct canfd_frame *cf; + int can_send_ret; + int ae = (so->opt.flags & CAN_ISOTP_EXTEND_ADDR) ? 1 : 0; + + dev = dev_get_by_index(sock_net(sk), so->ifindex); + if (!dev) + return; + + skb = alloc_skb(so->ll.mtu + sizeof(struct can_skb_priv), GFP_ATOMIC); + if (!skb) { + dev_put(dev); + return; + } + + can_skb_reserve(skb); + can_skb_prv(skb)->ifindex = dev->ifindex; + can_skb_prv(skb)->skbcnt = 0; + + cf = (struct canfd_frame *)skb->data; + skb_put_zero(skb, so->ll.mtu); + + /* create consecutive frame */ + isotp_fill_dataframe(cf, so, ae, 0); + + /* place consecutive frame N_PCI in appropriate index */ + cf->data[ae] = N_PCI_CF | so->tx.sn++; + so->tx.sn %= 16; + so->tx.bs++; + + cf->flags = so->ll.tx_flags; + + skb->dev = dev; + can_skb_set_owner(skb, sk); + + /* cfecho should have been zero'ed by init/isotp_rcv_echo() */ + if (so->cfecho) + pr_notice_once("can-isotp: cfecho is %08X != 0\n", so->cfecho); + + /* set consecutive frame echo tag */ + so->cfecho = *(u32 *)cf->data; + + /* send frame with local echo enabled */ + can_send_ret = can_send(skb, 1); + if (can_send_ret) { + pr_notice_once("can-isotp: %s: can_send_ret %pe\n", + __func__, ERR_PTR(can_send_ret)); + if (can_send_ret == -ENOBUFS) + pr_notice_once("can-isotp: tx queue is full\n"); + } + dev_put(dev); +} + static void isotp_create_fframe(struct canfd_frame *cf, struct isotp_sock *so, int ae) { int i; int ff_pci_sz; @@ -723,11 +823,11 @@ static void isotp_create_fframe(struct canfd_frame *cf, struct isotp_sock *so, cf->len = so->tx.ll_dl; if (ae) cf->data[0] = so->opt.ext_address; /* create N_PCI bytes with 12/32 bit FF_DL data length */ - if (so->tx.len > 4095) { + if (so->tx.len > MAX_12BIT_PDU_SIZE) { /* use 32 bit FF_DL notation */ cf->data[ae] = N_PCI_FF; cf->data[ae + 1] = 0; cf->data[ae + 2] = (u8)(so->tx.len >> 24) & 0xFFU; cf->data[ae + 3] = (u8)(so->tx.len >> 16) & 0xFFU; @@ -744,161 +844,146 @@ static void isotp_create_fframe(struct canfd_frame *cf, struct isotp_sock *so, /* add first data bytes depending on ae */ for (i = ae + ff_pci_sz; i < so->tx.ll_dl; i++) cf->data[i] = so->tx.buf[so->tx.idx++]; so->tx.sn = 1; - so->tx.state = ISOTP_WAIT_FIRST_FC; } -static enum hrtimer_restart isotp_tx_timer_handler(struct hrtimer *hrtimer) +static void isotp_rcv_echo(struct sk_buff *skb, void *data) { - struct isotp_sock *so = container_of(hrtimer, struct isotp_sock, - txtimer); - struct sock *sk = &so->sk; - struct sk_buff *skb; - struct net_device *dev; - struct canfd_frame *cf; - enum hrtimer_restart restart = HRTIMER_NORESTART; - int can_send_ret; - int ae = (so->opt.flags & CAN_ISOTP_EXTEND_ADDR) ? 1 : 0; + struct sock *sk = (struct sock *)data; + struct isotp_sock *so = isotp_sk(sk); + struct canfd_frame *cf = (struct canfd_frame *)skb->data; - switch (so->tx.state) { - case ISOTP_WAIT_FC: - case ISOTP_WAIT_FIRST_FC: + /* only handle my own local echo CF/SF skb's (no FF!) */ + if (skb->sk != sk || so->cfecho != *(u32 *)cf->data) + return; - /* we did not get any flow control frame in time */ + /* cancel local echo timeout */ + hrtimer_cancel(&so->txtimer); - /* report 'communication error on send' */ - sk->sk_err = ECOMM; - if (!sock_flag(sk, SOCK_DEAD)) - sk_error_report(sk); + /* local echo skb with consecutive frame has been consumed */ + so->cfecho = 0; - /* reset tx state */ + if (so->tx.idx >= so->tx.len) { + /* we are done */ so->tx.state = ISOTP_IDLE; wake_up_interruptible(&so->wait); - break; - - case ISOTP_SENDING: - - /* push out the next segmented pdu */ - dev = dev_get_by_index(sock_net(sk), so->ifindex); - if (!dev) - break; + return; + } -isotp_tx_burst: - skb = alloc_skb(so->ll.mtu + sizeof(struct can_skb_priv), - GFP_ATOMIC); - if (!skb) { - dev_put(dev); - break; - } + if (so->txfc.bs && so->tx.bs >= so->txfc.bs) { + /* stop and wait for FC with timeout */ + so->tx.state = ISOTP_WAIT_FC; + hrtimer_start(&so->txtimer, ktime_set(ISOTP_FC_TIMEOUT, 0), + HRTIMER_MODE_REL_SOFT); + return; + } - can_skb_reserve(skb); - can_skb_prv(skb)->ifindex = dev->ifindex; - can_skb_prv(skb)->skbcnt = 0; + /* no gap between data frames needed => use burst mode */ + if (!so->tx_gap) { + /* enable echo timeout handling */ + hrtimer_start(&so->txtimer, ktime_set(ISOTP_ECHO_TIMEOUT, 0), + HRTIMER_MODE_REL_SOFT); + isotp_send_cframe(so); + return; + } - cf = (struct canfd_frame *)skb->data; - skb_put_zero(skb, so->ll.mtu); + /* start timer to send next consecutive frame with correct delay */ + hrtimer_start(&so->txfrtimer, so->tx_gap, HRTIMER_MODE_REL_SOFT); +} - /* create consecutive frame */ - isotp_fill_dataframe(cf, so, ae, 0); +static enum hrtimer_restart isotp_tx_timer_handler(struct hrtimer *hrtimer) +{ + struct isotp_sock *so = container_of(hrtimer, struct isotp_sock, + txtimer); + struct sock *sk = &so->sk; - /* place consecutive frame N_PCI in appropriate index */ - cf->data[ae] = N_PCI_CF | so->tx.sn++; - so->tx.sn %= 16; - so->tx.bs++; + /* don't handle timeouts in IDLE or SHUTDOWN state */ + if (so->tx.state == ISOTP_IDLE || so->tx.state == ISOTP_SHUTDOWN) + return HRTIMER_NORESTART; - cf->flags = so->ll.tx_flags; + /* we did not get any flow control or echo frame in time */ - skb->dev = dev; - can_skb_set_owner(skb, sk); + /* report 'communication error on send' */ + sk->sk_err = ECOMM; + if (!sock_flag(sk, SOCK_DEAD)) + sk_error_report(sk); - can_send_ret = can_send(skb, 1); - if (can_send_ret) { - pr_notice_once("can-isotp: %s: can_send_ret %pe\n", - __func__, ERR_PTR(can_send_ret)); - if (can_send_ret == -ENOBUFS) - pr_notice_once("can-isotp: tx queue is full, increasing txqueuelen may prevent this error\n"); - } - if (so->tx.idx >= so->tx.len) { - /* we are done */ - so->tx.state = ISOTP_IDLE; - dev_put(dev); - wake_up_interruptible(&so->wait); - break; - } + /* reset tx state */ + so->tx.state = ISOTP_IDLE; + wake_up_interruptible(&so->wait); - if (so->txfc.bs && so->tx.bs >= so->txfc.bs) { - /* stop and wait for FC */ - so->tx.state = ISOTP_WAIT_FC; - dev_put(dev); - hrtimer_set_expires(&so->txtimer, - ktime_add(ktime_get(), - ktime_set(1, 0))); - restart = HRTIMER_RESTART; - break; - } + return HRTIMER_NORESTART; +} - /* no gap between data frames needed => use burst mode */ - if (!so->tx_gap) - goto isotp_tx_burst; +static enum hrtimer_restart isotp_txfr_timer_handler(struct hrtimer *hrtimer) +{ + struct isotp_sock *so = container_of(hrtimer, struct isotp_sock, + txfrtimer); - /* start timer to send next data frame with correct delay */ - dev_put(dev); - hrtimer_set_expires(&so->txtimer, - ktime_add(ktime_get(), so->tx_gap)); - restart = HRTIMER_RESTART; - break; + /* start echo timeout handling and cover below protocol error */ + hrtimer_start(&so->txtimer, ktime_set(ISOTP_ECHO_TIMEOUT, 0), + HRTIMER_MODE_REL_SOFT); - default: - WARN_ON_ONCE(1); - } + /* cfecho should be consumed by isotp_rcv_echo() here */ + if (so->tx.state == ISOTP_SENDING && !so->cfecho) + isotp_send_cframe(so); - return restart; + return HRTIMER_NORESTART; } static int isotp_sendmsg(struct socket *sock, struct msghdr *msg, size_t size) { struct sock *sk = sock->sk; struct isotp_sock *so = isotp_sk(sk); - u32 old_state = so->tx.state; struct sk_buff *skb; struct net_device *dev; struct canfd_frame *cf; int ae = (so->opt.flags & CAN_ISOTP_EXTEND_ADDR) ? 1 : 0; int wait_tx_done = (so->opt.flags & CAN_ISOTP_WAIT_TX_DONE) ? 1 : 0; - s64 hrtimer_sec = 0; + s64 hrtimer_sec = ISOTP_ECHO_TIMEOUT; int off; int err; - if (!so->bound) + if (!so->bound || so->tx.state == ISOTP_SHUTDOWN) return -EADDRNOTAVAIL; - /* we do not support multiple buffers - for now */ - if (cmpxchg(&so->tx.state, ISOTP_IDLE, ISOTP_SENDING) != ISOTP_IDLE || - wq_has_sleeper(&so->wait)) { - if (msg->msg_flags & MSG_DONTWAIT) { - err = -EAGAIN; - goto err_out; - } + while (cmpxchg(&so->tx.state, ISOTP_IDLE, ISOTP_SENDING) != ISOTP_IDLE) { + /* we do not support multiple buffers - for now */ + if (msg->msg_flags & MSG_DONTWAIT) + return -EAGAIN; + + if (so->tx.state == ISOTP_SHUTDOWN) + return -EADDRNOTAVAIL; /* wait for complete transmission of current pdu */ err = wait_event_interruptible(so->wait, so->tx.state == ISOTP_IDLE); if (err) - goto err_out; + goto err_event_drop; + } + + /* PDU size > default => try max_pdu_size */ + if (size > so->tx.buflen && so->tx.buflen < max_pdu_size) { + u8 *newbuf = kmalloc(max_pdu_size, GFP_KERNEL); + + if (newbuf) { + so->tx.buf = newbuf; + so->tx.buflen = max_pdu_size; + } } - if (!size || size > MAX_MSG_LENGTH) { + if (!size || size > so->tx.buflen) { err = -EINVAL; goto err_out_drop; } /* take care of a potential SF_DL ESC offset for TX_DL > 8 */ off = (so->tx.ll_dl > CAN_MAX_DLEN) ? 1 : 0; /* does the given data fit into a single frame for SF_BROADCAST? */ - if ((so->opt.flags & CAN_ISOTP_SF_BROADCAST) && + if ((isotp_bc_flags(so) == CAN_ISOTP_SF_BROADCAST) && (size > so->tx.ll_dl - SF_PCI_SZ4 - ae - off)) { err = -EINVAL; goto err_out_drop; } @@ -927,10 +1012,14 @@ static int isotp_sendmsg(struct socket *sock, struct msghdr *msg, size_t size) so->tx.idx = 0; cf = (struct canfd_frame *)skb->data; skb_put_zero(skb, so->ll.mtu); + /* cfecho should have been zero'ed by init / former isotp_rcv_echo() */ + if (so->cfecho) + pr_notice_once("can-isotp: uninit cfecho %08X\n", so->cfecho); + /* check for single frame transmission depending on TX_DL */ if (size <= so->tx.ll_dl - SF_PCI_SZ4 - ae - off) { /* The message size generally fits into a SingleFrame - good. * * SF_DL ESC offset optimization: @@ -952,26 +1041,44 @@ static int isotp_sendmsg(struct socket *sock, struct msghdr *msg, size_t size) if (off) cf->data[SF_PCI_SZ4 + ae] = size; else cf->data[ae] |= size; - so->tx.state = ISOTP_IDLE; - wake_up_interruptible(&so->wait); - - /* don't enable wait queue for a single frame transmission */ - wait_tx_done = 0; + /* set CF echo tag for isotp_rcv_echo() (SF-mode) */ + so->cfecho = *(u32 *)cf->data; } else { - /* send first frame and wait for FC */ + /* send first frame */ isotp_create_fframe(cf, so, ae); - /* start timeout for FC */ - hrtimer_sec = 1; - hrtimer_start(&so->txtimer, ktime_set(hrtimer_sec, 0), - HRTIMER_MODE_REL_SOFT); + if (isotp_bc_flags(so) == CAN_ISOTP_CF_BROADCAST) { + /* set timer for FC-less operation (STmin = 0) */ + if (so->opt.flags & CAN_ISOTP_FORCE_TXSTMIN) + so->tx_gap = ktime_set(0, so->force_tx_stmin); + else + so->tx_gap = ktime_set(0, so->frame_txtime); + + /* disable wait for FCs due to activated block size */ + so->txfc.bs = 0; + + /* set CF echo tag for isotp_rcv_echo() (CF-mode) */ + so->cfecho = *(u32 *)cf->data; + } else { + /* standard flow control check */ + so->tx.state = ISOTP_WAIT_FIRST_FC; + + /* start timeout for FC */ + hrtimer_sec = ISOTP_FC_TIMEOUT; + + /* no CF echo tag for isotp_rcv_echo() (FF-mode) */ + so->cfecho = 0; + } } + hrtimer_start(&so->txtimer, ktime_set(hrtimer_sec, 0), + HRTIMER_MODE_REL_SOFT); + /* send the first or only CAN frame */ cf->flags = so->ll.tx_flags; skb->dev = dev; skb->sk = sk; @@ -980,34 +1087,40 @@ static int isotp_sendmsg(struct socket *sock, struct msghdr *msg, size_t size) if (err) { pr_notice_once("can-isotp: %s: can_send_ret %pe\n", __func__, ERR_PTR(err)); /* no transmission -> no timeout monitoring */ - if (hrtimer_sec) - hrtimer_cancel(&so->txtimer); + hrtimer_cancel(&so->txtimer); + + /* reset consecutive frame echo tag */ + so->cfecho = 0; goto err_out_drop; } if (wait_tx_done) { /* wait for complete transmission of current pdu */ - wait_event_interruptible(so->wait, so->tx.state == ISOTP_IDLE); + err = wait_event_interruptible(so->wait, so->tx.state == ISOTP_IDLE); + if (err) + goto err_event_drop; err = sock_error(sk); if (err) return err; } return size; +err_event_drop: + /* got signal: force tx state machine to be idle */ + so->tx.state = ISOTP_IDLE; + hrtimer_cancel(&so->txfrtimer); + hrtimer_cancel(&so->txtimer); err_out_drop: /* drop this PDU and unlock a potential wait queue */ - old_state = ISOTP_IDLE; -err_out: - so->tx.state = old_state; - if (so->tx.state == ISOTP_IDLE) - wake_up_interruptible(&so->wait); + so->tx.state = ISOTP_IDLE; + wake_up_interruptible(&so->wait); return err; } static int isotp_recvmsg(struct socket *sock, struct msghdr *msg, size_t size, @@ -1067,11 +1180,17 @@ static int isotp_release(struct socket *sock) so = isotp_sk(sk); net = sock_net(sk); /* wait for complete transmission of current pdu */ - wait_event_interruptible(so->wait, so->tx.state == ISOTP_IDLE); + while (wait_event_interruptible(so->wait, so->tx.state == ISOTP_IDLE) == 0 && + cmpxchg(&so->tx.state, ISOTP_IDLE, ISOTP_SHUTDOWN) != ISOTP_IDLE) + ; + + /* force state machines to be idle also when a signal occurred */ + so->tx.state = ISOTP_SHUTDOWN; + so->rx.state = ISOTP_IDLE; spin_lock(&isotp_notifier_lock); while (isotp_busy_notifier == so) { spin_unlock(&isotp_notifier_lock); schedule_timeout_uninterruptible(1); @@ -1081,31 +1200,43 @@ static int isotp_release(struct socket *sock) spin_unlock(&isotp_notifier_lock); lock_sock(sk); /* remove current filters & unregister */ - if (so->bound && (!(so->opt.flags & CAN_ISOTP_SF_BROADCAST))) { + if (so->bound) { if (so->ifindex) { struct net_device *dev; dev = dev_get_by_index(net, so->ifindex); if (dev) { - can_rx_unregister(net, dev, so->rxid, - SINGLE_MASK(so->rxid), - isotp_rcv, sk); + if (isotp_register_rxid(so)) + can_rx_unregister(net, dev, so->rxid, + SINGLE_MASK(so->rxid), + isotp_rcv, sk); + + can_rx_unregister(net, dev, so->txid, + SINGLE_MASK(so->txid), + isotp_rcv_echo, sk); dev_put(dev); synchronize_rcu(); } } } + hrtimer_cancel(&so->txfrtimer); hrtimer_cancel(&so->txtimer); hrtimer_cancel(&so->rxtimer); so->ifindex = 0; so->bound = 0; + if (so->rx.buf != so->rx.sbuf) + kfree(so->rx.buf); + + if (so->tx.buf != so->tx.sbuf) + kfree(so->tx.buf); + sock_orphan(sk); sock->sk = NULL; release_sock(sk); sock_put(sk); @@ -1119,30 +1250,42 @@ static int isotp_bind(struct socket *sock, struct sockaddr *uaddr, int len) struct sock *sk = sock->sk; struct isotp_sock *so = isotp_sk(sk); struct net *net = sock_net(sk); int ifindex; struct net_device *dev; - canid_t tx_id, rx_id; + canid_t tx_id = addr->can_addr.tp.tx_id; + canid_t rx_id = addr->can_addr.tp.rx_id; int err = 0; int notify_enetdown = 0; - int do_rx_reg = 1; if (len < ISOTP_MIN_NAMELEN) return -EINVAL; - /* sanitize tx/rx CAN identifiers */ - tx_id = addr->can_addr.tp.tx_id; + if (addr->can_family != AF_CAN) + return -EINVAL; + + /* sanitize tx CAN identifier */ if (tx_id & CAN_EFF_FLAG) tx_id &= (CAN_EFF_FLAG | CAN_EFF_MASK); else tx_id &= CAN_SFF_MASK; - rx_id = addr->can_addr.tp.rx_id; - if (rx_id & CAN_EFF_FLAG) - rx_id &= (CAN_EFF_FLAG | CAN_EFF_MASK); - else - rx_id &= CAN_SFF_MASK; + /* give feedback on wrong CAN-ID value */ + if (tx_id != addr->can_addr.tp.tx_id) + return -EINVAL; + + /* sanitize rx CAN identifier (if needed) */ + if (isotp_register_rxid(so)) { + if (rx_id & CAN_EFF_FLAG) + rx_id &= (CAN_EFF_FLAG | CAN_EFF_MASK); + else + rx_id &= CAN_SFF_MASK; + + /* give feedback on wrong CAN-ID value */ + if (rx_id != addr->can_addr.tp.rx_id) + return -EINVAL; + } if (!addr->can_ifindex) return -ENODEV; lock_sock(sk); @@ -1150,16 +1293,12 @@ static int isotp_bind(struct socket *sock, struct sockaddr *uaddr, int len) if (so->bound) { err = -EINVAL; goto out; } - /* do not register frame reception for functional addressing */ - if (so->opt.flags & CAN_ISOTP_SF_BROADCAST) - do_rx_reg = 0; - - /* do not validate rx address for functional addressing */ - if (do_rx_reg && rx_id == tx_id) { + /* ensure different CAN IDs when the rx_id is to be registered */ + if (isotp_register_rxid(so) && rx_id == tx_id) { err = -EADDRNOTAVAIL; goto out; } dev = dev_get_by_index(net, addr->can_ifindex); @@ -1180,14 +1319,21 @@ static int isotp_bind(struct socket *sock, struct sockaddr *uaddr, int len) if (!(dev->flags & IFF_UP)) notify_enetdown = 1; ifindex = dev->ifindex; - if (do_rx_reg) + if (isotp_register_rxid(so)) can_rx_register(net, dev, rx_id, SINGLE_MASK(rx_id), isotp_rcv, sk, "isotp", sk); + /* no consecutive frame echo skb in flight */ + so->cfecho = 0; + + /* register for echo skb's */ + can_rx_register(net, dev, tx_id, SINGLE_MASK(tx_id), + isotp_rcv_echo, sk, "isotpe", sk); + dev_put(dev); /* switch to new settings */ so->ifindex = ifindex; so->rxid = rx_id; @@ -1244,10 +1390,19 @@ static int isotp_setsockopt_locked(struct socket *sock, int level, int optname, /* no separate rx_ext_address is given => use ext_address */ if (!(so->opt.flags & CAN_ISOTP_RX_EXT_ADDR)) so->opt.rx_ext_address = so->opt.ext_address; + /* these broadcast flags are not allowed together */ + if (isotp_bc_flags(so) == ISOTP_ALL_BC_FLAGS) { + /* CAN_ISOTP_SF_BROADCAST is prioritized */ + so->opt.flags &= ~CAN_ISOTP_CF_BROADCAST; + + /* give user feedback on wrong config attempt */ + ret = -EINVAL; + } + /* check for frame_txtime changes (0 => no changes) */ if (so->opt.frame_txtime) { if (so->opt.frame_txtime == CAN_ISOTP_FRAME_TXTIME_ZERO) so->frame_txtime = 0; else @@ -1394,14 +1549,20 @@ static void isotp_notify(struct isotp_sock *so, unsigned long msg, switch (msg) { case NETDEV_UNREGISTER: lock_sock(sk); /* remove current filters & unregister */ - if (so->bound && (!(so->opt.flags & CAN_ISOTP_SF_BROADCAST))) - can_rx_unregister(dev_net(dev), dev, so->rxid, - SINGLE_MASK(so->rxid), - isotp_rcv, sk); + if (so->bound) { + if (isotp_register_rxid(so)) + can_rx_unregister(dev_net(dev), dev, so->rxid, + SINGLE_MASK(so->rxid), + isotp_rcv, sk); + + can_rx_unregister(dev_net(dev), dev, so->txid, + SINGLE_MASK(so->txid), + isotp_rcv_echo, sk); + } so->ifindex = 0; so->bound = 0; release_sock(sk); @@ -1466,14 +1627,21 @@ static int isotp_init(struct sock *sk) so->tx.ll_dl = so->ll.tx_dl; so->rx.state = ISOTP_IDLE; so->tx.state = ISOTP_IDLE; + so->rx.buf = so->rx.sbuf; + so->tx.buf = so->tx.sbuf; + so->rx.buflen = ARRAY_SIZE(so->rx.sbuf); + so->tx.buflen = ARRAY_SIZE(so->tx.sbuf); + hrtimer_init(&so->rxtimer, CLOCK_MONOTONIC, HRTIMER_MODE_REL_SOFT); so->rxtimer.function = isotp_rx_timer_handler; hrtimer_init(&so->txtimer, CLOCK_MONOTONIC, HRTIMER_MODE_REL_SOFT); so->txtimer.function = isotp_tx_timer_handler; + hrtimer_init(&so->txfrtimer, CLOCK_MONOTONIC, HRTIMER_MODE_REL_SOFT); + so->txfrtimer.function = isotp_txfr_timer_handler; init_waitqueue_head(&so->wait); spin_lock_init(&so->rx_lock); spin_lock(&isotp_notifier_lock); @@ -1546,11 +1714,14 @@ static struct notifier_block canisotp_notifier = { static __init int isotp_module_init(void) { int err; - pr_info("can: isotp protocol\n"); + max_pdu_size = max_t(unsigned int, max_pdu_size, MAX_12BIT_PDU_SIZE); + max_pdu_size = min_t(unsigned int, max_pdu_size, MAX_PDU_SIZE); + + pr_info("can: isotp protocol (max_pdu_size %d)\n", max_pdu_size); err = can_proto_register(&isotp_can_proto); if (err < 0) pr_err("can: registration of isotp protocol failed %pe\n", ERR_PTR(err)); else -- 2.34.1

1 year, 2 months

3
5
0 0

Order Dispatched: Tracking Details Inside

by Gray

Dear stable(a)vger.kernel.org Order Dispatched: Tracking Details Inside ID PFMDLUED7ZYO

1 year, 2 months

1
0
0 0

Purchase Status Update: Check It Out DOU3V7C3N628

by Matthew Stokes

Dear stable(a)vger.kernel.org Purchase Status Update: Check It Out DOU3V7C3N628

1 year, 2 months

1
0
0 0

[PATCH] drm/i915/mtl: Support HBR3 rate with C10 phy and eDP in MTL

by Chaitanya Kumar Borah

eDP specification supports HBR3 link rate since v1.4a. Moreover, C10 phy can support HBR3 link rate for both DP and eDP. Therefore, do not clamp the supported rates for eDP at 6.75Gbps. Cc: <stable(a)vger.kernel.org> BSpec: 70073 74224 Signed-off-by: Chaitanya Kumar Borah <chaitanya.kumar.borah(a)intel.com> --- drivers/gpu/drm/i915/display/intel_dp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/display/intel_dp.c b/drivers/gpu/drm/i915/display/intel_dp.c index 1891c0cc187d..2c1034578984 100644 --- a/drivers/gpu/drm/i915/display/intel_dp.c +++ b/drivers/gpu/drm/i915/display/intel_dp.c @@ -430,7 +430,7 @@ static int mtl_max_source_rate(struct intel_dp *intel_dp) enum phy phy = intel_port_to_phy(i915, dig_port->base.port); if (intel_is_c10phy(i915, phy)) - return intel_dp_is_edp(intel_dp) ? 675000 : 810000; + return 810000; return 2000000; } -- 2.25.1

1 year, 2 months

4
3
0 0

[PATCH] can: isotp: upgrade 5.10 LTS to latest 6.6 mainline code base

by Oliver Hartkopp

The backport of commit 9c5df2f14ee3 ("can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events") introduced a new regression where the fix could potentially introduce new side effects. To reduce the risk of other unmet dependencies and missing fixes and checks the latest mainline code base is ported back to the 5.10 LTS tree. To meet the former Linux 5.10 API these commits have been reverted: e3ae2365efc1 ("net: sock: introduce sk_error_report") f4b41f062c42 ("net: remove noblock parameter from skb_recv_datagram()") 96a7457a14d9 ("can: skb: unify skb CAN frame identification helpers") dc97391e6610 ("sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES)") 0145462fc802 ("can: isotp: isotp_recvmsg(): use sock_recv_cmsgs() to get SOCK_RXQ_OVFL infos") New features and communication stability measures: 9f39d36530e5 ("can: isotp: add support for transmission without flow control") 96d1c81e6a04 ("can: isotp: add module parameter for maximum pdu size") 4b7fe92c0690 ("can: isotp: add local echo tx processing for consecutive frames") 530e0d46c613 ("can: isotp: set default value for N_As to 50 micro seconds") And various sanity checks, fixes and improved return values. Signed-off-by: Oliver Hartkopp <socketcan(a)hartkopp.net> --- include/uapi/linux/can/isotp.h | 25 +- net/can/isotp.c | 495 ++++++++++++++++++++++----------- 2 files changed, 347 insertions(+), 173 deletions(-) diff --git a/include/uapi/linux/can/isotp.h b/include/uapi/linux/can/isotp.h index 590f8aea2b6d..439c982f7e81 100644 --- a/include/uapi/linux/can/isotp.h +++ b/include/uapi/linux/can/isotp.h @@ -122,22 +122,23 @@ struct can_isotp_ll_options { /* by the CAN netdriver configuration */ }; /* flags for isotp behaviour */ -#define CAN_ISOTP_LISTEN_MODE 0x001 /* listen only (do not send FC) */ -#define CAN_ISOTP_EXTEND_ADDR 0x002 /* enable extended addressing */ -#define CAN_ISOTP_TX_PADDING 0x004 /* enable CAN frame padding tx path */ -#define CAN_ISOTP_RX_PADDING 0x008 /* enable CAN frame padding rx path */ -#define CAN_ISOTP_CHK_PAD_LEN 0x010 /* check received CAN frame padding */ -#define CAN_ISOTP_CHK_PAD_DATA 0x020 /* check received CAN frame padding */ -#define CAN_ISOTP_HALF_DUPLEX 0x040 /* half duplex error state handling */ -#define CAN_ISOTP_FORCE_TXSTMIN 0x080 /* ignore stmin from received FC */ -#define CAN_ISOTP_FORCE_RXSTMIN 0x100 /* ignore CFs depending on rx stmin */ -#define CAN_ISOTP_RX_EXT_ADDR 0x200 /* different rx extended addressing */ -#define CAN_ISOTP_WAIT_TX_DONE 0x400 /* wait for tx completion */ -#define CAN_ISOTP_SF_BROADCAST 0x800 /* 1-to-N functional addressing */ +#define CAN_ISOTP_LISTEN_MODE 0x0001 /* listen only (do not send FC) */ +#define CAN_ISOTP_EXTEND_ADDR 0x0002 /* enable extended addressing */ +#define CAN_ISOTP_TX_PADDING 0x0004 /* enable CAN frame padding tx path */ +#define CAN_ISOTP_RX_PADDING 0x0008 /* enable CAN frame padding rx path */ +#define CAN_ISOTP_CHK_PAD_LEN 0x0010 /* check received CAN frame padding */ +#define CAN_ISOTP_CHK_PAD_DATA 0x0020 /* check received CAN frame padding */ +#define CAN_ISOTP_HALF_DUPLEX 0x0040 /* half duplex error state handling */ +#define CAN_ISOTP_FORCE_TXSTMIN 0x0080 /* ignore stmin from received FC */ +#define CAN_ISOTP_FORCE_RXSTMIN 0x0100 /* ignore CFs depending on rx stmin */ +#define CAN_ISOTP_RX_EXT_ADDR 0x0200 /* different rx extended addressing */ +#define CAN_ISOTP_WAIT_TX_DONE 0x0400 /* wait for tx completion */ +#define CAN_ISOTP_SF_BROADCAST 0x0800 /* 1-to-N functional addressing */ +#define CAN_ISOTP_CF_BROADCAST 0x1000 /* 1-to-N transmission w/o FC */ /* protocol machine default values */ #define CAN_ISOTP_DEFAULT_FLAGS 0 #define CAN_ISOTP_DEFAULT_EXT_ADDRESS 0x00 diff --git a/net/can/isotp.c b/net/can/isotp.c index 16ebc187af1c..f30eb5ca307e 100644 --- a/net/can/isotp.c +++ b/net/can/isotp.c @@ -12,11 +12,10 @@ * - TX path flowcontrol reception with wrong layout/padding leads to -EBADMSG * - when a transfer (tx) is on the run the next write() blocks until it's done * - use CAN_ISOTP_WAIT_TX_DONE flag to block the caller until the PDU is sent * - as we have static buffers the check whether the PDU fits into the buffer * is done at FF reception time (no support for sending 'wait frames') - * - take care of the tx-queue-len as traffic shaping is still on the TODO list * * Copyright (c) 2020 Volkswagen Group Electronic Research * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -84,14 +83,25 @@ MODULE_ALIAS("can-proto-6"); (CAN_EFF_MASK | CAN_EFF_FLAG | CAN_RTR_FLAG) : \ (CAN_SFF_MASK | CAN_EFF_FLAG | CAN_RTR_FLAG)) /* ISO 15765-2:2016 supports more than 4095 byte per ISO PDU as the FF_DL can * take full 32 bit values (4 Gbyte). We would need some good concept to handle - * this between user space and kernel space. For now increase the static buffer - * to something about 8 kbyte to be able to test this new functionality. + * this between user space and kernel space. For now set the static buffer to + * something about 8 kbyte to be able to test this new functionality. */ -#define MAX_MSG_LENGTH 8200 +#define DEFAULT_MAX_PDU_SIZE 8300 + +/* maximum PDU size before ISO 15765-2:2016 extension was 4095 */ +#define MAX_12BIT_PDU_SIZE 4095 + +/* limit the isotp pdu size from the optional module parameter to 1MByte */ +#define MAX_PDU_SIZE (1025 * 1024U) + +static unsigned int max_pdu_size __read_mostly = DEFAULT_MAX_PDU_SIZE; +module_param(max_pdu_size, uint, 0444); +MODULE_PARM_DESC(max_pdu_size, "maximum isotp pdu size (default " + __stringify(DEFAULT_MAX_PDU_SIZE) ")"); /* N_PCI type values in bits 7-4 of N_PCI bytes */ #define N_PCI_SF 0x00 /* single frame */ #define N_PCI_FF 0x10 /* first frame */ #define N_PCI_CF 0x20 /* consecutive frame */ @@ -103,49 +113,57 @@ MODULE_ALIAS("can-proto-6"); #define FF_PCI_SZ12 2 /* size of FirstFrame PCI including 12 bit FF_DL */ #define FF_PCI_SZ32 6 /* size of FirstFrame PCI including 32 bit FF_DL */ #define FC_CONTENT_SZ 3 /* flow control content size in byte (FS/BS/STmin) */ #define ISOTP_CHECK_PADDING (CAN_ISOTP_CHK_PAD_LEN | CAN_ISOTP_CHK_PAD_DATA) +#define ISOTP_ALL_BC_FLAGS (CAN_ISOTP_SF_BROADCAST | CAN_ISOTP_CF_BROADCAST) /* Flow Status given in FC frame */ #define ISOTP_FC_CTS 0 /* clear to send */ #define ISOTP_FC_WT 1 /* wait */ #define ISOTP_FC_OVFLW 2 /* overflow */ +#define ISOTP_FC_TIMEOUT 1 /* 1 sec */ +#define ISOTP_ECHO_TIMEOUT 2 /* 2 secs */ + enum { ISOTP_IDLE = 0, ISOTP_WAIT_FIRST_FC, ISOTP_WAIT_FC, ISOTP_WAIT_DATA, - ISOTP_SENDING + ISOTP_SENDING, + ISOTP_SHUTDOWN, }; struct tpcon { - unsigned int idx; + u8 *buf; + unsigned int buflen; unsigned int len; + unsigned int idx; u32 state; u8 bs; u8 sn; u8 ll_dl; - u8 buf[MAX_MSG_LENGTH + 1]; + u8 sbuf[DEFAULT_MAX_PDU_SIZE]; }; struct isotp_sock { struct sock sk; int bound; int ifindex; canid_t txid; canid_t rxid; ktime_t tx_gap; ktime_t lastrxcf_tstamp; - struct hrtimer rxtimer, txtimer; + struct hrtimer rxtimer, txtimer, txfrtimer; struct can_isotp_options opt; struct can_isotp_fc_options rxfc, txfc; struct can_isotp_ll_options ll; u32 frame_txtime; u32 force_tx_stmin; u32 force_rx_stmin; + u32 cfecho; /* consecutive frame echo tag */ struct tpcon rx, tx; struct list_head notifier; wait_queue_head_t wait; spinlock_t rx_lock; /* protect single thread state machine */ }; @@ -157,10 +175,21 @@ static struct isotp_sock *isotp_busy_notifier; static inline struct isotp_sock *isotp_sk(const struct sock *sk) { return (struct isotp_sock *)sk; } +static u32 isotp_bc_flags(struct isotp_sock *so) +{ + return so->opt.flags & ISOTP_ALL_BC_FLAGS; +} + +static bool isotp_register_rxid(struct isotp_sock *so) +{ + /* no broadcast modes => register rx_id for FC frame reception */ + return (isotp_bc_flags(so) == 0); +} + static enum hrtimer_restart isotp_rx_timer_handler(struct hrtimer *hrtimer) { struct isotp_sock *so = container_of(hrtimer, struct isotp_sock, rxtimer); struct sock *sk = &so->sk; @@ -226,23 +255,24 @@ static int isotp_send_fc(struct sock *sk, int ae, u8 flowstatus) ncf->flags = so->ll.tx_flags; can_send_ret = can_send(nskb, 1); if (can_send_ret) - pr_notice_once("can-isotp: %s: can_send_ret %d\n", - __func__, can_send_ret); + pr_notice_once("can-isotp: %s: can_send_ret %pe\n", + __func__, ERR_PTR(can_send_ret)); dev_put(dev); /* reset blocksize counter */ so->rx.bs = 0; /* reset last CF frame rx timestamp for rx stmin enforcement */ so->lastrxcf_tstamp = ktime_set(0, 0); /* start rx timeout watchdog */ - hrtimer_start(&so->rxtimer, ktime_set(1, 0), HRTIMER_MODE_REL_SOFT); + hrtimer_start(&so->rxtimer, ktime_set(ISOTP_FC_TIMEOUT, 0), + HRTIMER_MODE_REL_SOFT); return 0; } static void isotp_rcv_skb(struct sk_buff *skb, struct sock *sk) { @@ -324,10 +354,12 @@ static int check_pad(struct isotp_sock *so, struct canfd_frame *cf, return 1; } return 0; } +static void isotp_send_cframe(struct isotp_sock *so); + static int isotp_rcv_fc(struct isotp_sock *so, struct canfd_frame *cf, int ae) { struct sock *sk = &so->sk; if (so->tx.state != ISOTP_WAIT_FC && @@ -378,18 +410,19 @@ static int isotp_rcv_fc(struct isotp_sock *so, struct canfd_frame *cf, int ae) switch (cf->data[ae] & 0x0F) { case ISOTP_FC_CTS: so->tx.bs = 0; so->tx.state = ISOTP_SENDING; - /* start cyclic timer for sending CF frame */ - hrtimer_start(&so->txtimer, so->tx_gap, + /* send CF frame and enable echo timeout handling */ + hrtimer_start(&so->txtimer, ktime_set(ISOTP_ECHO_TIMEOUT, 0), HRTIMER_MODE_REL_SOFT); + isotp_send_cframe(so); break; case ISOTP_FC_WT: /* start timer to wait for next FC frame */ - hrtimer_start(&so->txtimer, ktime_set(1, 0), + hrtimer_start(&so->txtimer, ktime_set(ISOTP_FC_TIMEOUT, 0), HRTIMER_MODE_REL_SOFT); break; case ISOTP_FC_OVFLW: /* overflow on receiver side - report 'message too long' */ @@ -476,11 +509,21 @@ static int isotp_rcv_ff(struct sock *sk, struct canfd_frame *cf, int ae) off = (so->rx.ll_dl > CAN_MAX_DLEN) ? 1 : 0; if (so->rx.len + ae + off + ff_pci_sz < so->rx.ll_dl) return 1; - if (so->rx.len > MAX_MSG_LENGTH) { + /* PDU size > default => try max_pdu_size */ + if (so->rx.len > so->rx.buflen && so->rx.buflen < max_pdu_size) { + u8 *newbuf = kmalloc(max_pdu_size, GFP_ATOMIC); + + if (newbuf) { + so->rx.buf = newbuf; + so->rx.buflen = max_pdu_size; + } + } + + if (so->rx.len > so->rx.buflen) { /* send FC frame with overflow status */ isotp_send_fc(sk, ae, ISOTP_FC_OVFLW); return 1; } @@ -580,11 +623,11 @@ static int isotp_rcv_cf(struct sock *sk, struct canfd_frame *cf, int ae, } /* perform blocksize handling, if enabled */ if (!so->rxfc.bs || ++so->rx.bs < so->rxfc.bs) { /* start rx timeout watchdog */ - hrtimer_start(&so->rxtimer, ktime_set(1, 0), + hrtimer_start(&so->rxtimer, ktime_set(ISOTP_FC_TIMEOUT, 0), HRTIMER_MODE_REL_SOFT); return 0; } /* no creation of flow control frames */ @@ -711,10 +754,67 @@ static void isotp_fill_dataframe(struct canfd_frame *cf, struct isotp_sock *so, if (ae) cf->data[0] = so->opt.ext_address; } +static void isotp_send_cframe(struct isotp_sock *so) +{ + struct sock *sk = &so->sk; + struct sk_buff *skb; + struct net_device *dev; + struct canfd_frame *cf; + int can_send_ret; + int ae = (so->opt.flags & CAN_ISOTP_EXTEND_ADDR) ? 1 : 0; + + dev = dev_get_by_index(sock_net(sk), so->ifindex); + if (!dev) + return; + + skb = alloc_skb(so->ll.mtu + sizeof(struct can_skb_priv), GFP_ATOMIC); + if (!skb) { + dev_put(dev); + return; + } + + can_skb_reserve(skb); + can_skb_prv(skb)->ifindex = dev->ifindex; + can_skb_prv(skb)->skbcnt = 0; + + cf = (struct canfd_frame *)skb->data; + skb_put_zero(skb, so->ll.mtu); + + /* create consecutive frame */ + isotp_fill_dataframe(cf, so, ae, 0); + + /* place consecutive frame N_PCI in appropriate index */ + cf->data[ae] = N_PCI_CF | so->tx.sn++; + so->tx.sn %= 16; + so->tx.bs++; + + cf->flags = so->ll.tx_flags; + + skb->dev = dev; + can_skb_set_owner(skb, sk); + + /* cfecho should have been zero'ed by init/isotp_rcv_echo() */ + if (so->cfecho) + pr_notice_once("can-isotp: cfecho is %08X != 0\n", so->cfecho); + + /* set consecutive frame echo tag */ + so->cfecho = *(u32 *)cf->data; + + /* send frame with local echo enabled */ + can_send_ret = can_send(skb, 1); + if (can_send_ret) { + pr_notice_once("can-isotp: %s: can_send_ret %pe\n", + __func__, ERR_PTR(can_send_ret)); + if (can_send_ret == -ENOBUFS) + pr_notice_once("can-isotp: tx queue is full\n"); + } + dev_put(dev); +} + static void isotp_create_fframe(struct canfd_frame *cf, struct isotp_sock *so, int ae) { int i; int ff_pci_sz; @@ -723,11 +823,11 @@ static void isotp_create_fframe(struct canfd_frame *cf, struct isotp_sock *so, cf->len = so->tx.ll_dl; if (ae) cf->data[0] = so->opt.ext_address; /* create N_PCI bytes with 12/32 bit FF_DL data length */ - if (so->tx.len > 4095) { + if (so->tx.len > MAX_12BIT_PDU_SIZE) { /* use 32 bit FF_DL notation */ cf->data[ae] = N_PCI_FF; cf->data[ae + 1] = 0; cf->data[ae + 2] = (u8)(so->tx.len >> 24) & 0xFFU; cf->data[ae + 3] = (u8)(so->tx.len >> 16) & 0xFFU; @@ -744,159 +844,146 @@ static void isotp_create_fframe(struct canfd_frame *cf, struct isotp_sock *so, /* add first data bytes depending on ae */ for (i = ae + ff_pci_sz; i < so->tx.ll_dl; i++) cf->data[i] = so->tx.buf[so->tx.idx++]; so->tx.sn = 1; - so->tx.state = ISOTP_WAIT_FIRST_FC; } -static enum hrtimer_restart isotp_tx_timer_handler(struct hrtimer *hrtimer) +static void isotp_rcv_echo(struct sk_buff *skb, void *data) { - struct isotp_sock *so = container_of(hrtimer, struct isotp_sock, - txtimer); - struct sock *sk = &so->sk; - struct sk_buff *skb; - struct net_device *dev; - struct canfd_frame *cf; - enum hrtimer_restart restart = HRTIMER_NORESTART; - int can_send_ret; - int ae = (so->opt.flags & CAN_ISOTP_EXTEND_ADDR) ? 1 : 0; + struct sock *sk = (struct sock *)data; + struct isotp_sock *so = isotp_sk(sk); + struct canfd_frame *cf = (struct canfd_frame *)skb->data; - switch (so->tx.state) { - case ISOTP_WAIT_FC: - case ISOTP_WAIT_FIRST_FC: + /* only handle my own local echo CF/SF skb's (no FF!) */ + if (skb->sk != sk || so->cfecho != *(u32 *)cf->data) + return; - /* we did not get any flow control frame in time */ + /* cancel local echo timeout */ + hrtimer_cancel(&so->txtimer); - /* report 'communication error on send' */ - sk->sk_err = ECOMM; - if (!sock_flag(sk, SOCK_DEAD)) - sk->sk_error_report(sk); + /* local echo skb with consecutive frame has been consumed */ + so->cfecho = 0; - /* reset tx state */ + if (so->tx.idx >= so->tx.len) { + /* we are done */ so->tx.state = ISOTP_IDLE; wake_up_interruptible(&so->wait); - break; - - case ISOTP_SENDING: - - /* push out the next segmented pdu */ - dev = dev_get_by_index(sock_net(sk), so->ifindex); - if (!dev) - break; - -isotp_tx_burst: - skb = alloc_skb(so->ll.mtu + sizeof(struct can_skb_priv), - GFP_ATOMIC); - if (!skb) { - dev_put(dev); - break; - } + return; + } - can_skb_reserve(skb); - can_skb_prv(skb)->ifindex = dev->ifindex; - can_skb_prv(skb)->skbcnt = 0; + if (so->txfc.bs && so->tx.bs >= so->txfc.bs) { + /* stop and wait for FC with timeout */ + so->tx.state = ISOTP_WAIT_FC; + hrtimer_start(&so->txtimer, ktime_set(ISOTP_FC_TIMEOUT, 0), + HRTIMER_MODE_REL_SOFT); + return; + } - cf = (struct canfd_frame *)skb->data; - skb_put_zero(skb, so->ll.mtu); + /* no gap between data frames needed => use burst mode */ + if (!so->tx_gap) { + /* enable echo timeout handling */ + hrtimer_start(&so->txtimer, ktime_set(ISOTP_ECHO_TIMEOUT, 0), + HRTIMER_MODE_REL_SOFT); + isotp_send_cframe(so); + return; + } - /* create consecutive frame */ - isotp_fill_dataframe(cf, so, ae, 0); + /* start timer to send next consecutive frame with correct delay */ + hrtimer_start(&so->txfrtimer, so->tx_gap, HRTIMER_MODE_REL_SOFT); +} - /* place consecutive frame N_PCI in appropriate index */ - cf->data[ae] = N_PCI_CF | so->tx.sn++; - so->tx.sn %= 16; - so->tx.bs++; +static enum hrtimer_restart isotp_tx_timer_handler(struct hrtimer *hrtimer) +{ + struct isotp_sock *so = container_of(hrtimer, struct isotp_sock, + txtimer); + struct sock *sk = &so->sk; - cf->flags = so->ll.tx_flags; + /* don't handle timeouts in IDLE or SHUTDOWN state */ + if (so->tx.state == ISOTP_IDLE || so->tx.state == ISOTP_SHUTDOWN) + return HRTIMER_NORESTART; - skb->dev = dev; - can_skb_set_owner(skb, sk); + /* we did not get any flow control or echo frame in time */ - can_send_ret = can_send(skb, 1); - if (can_send_ret) - pr_notice_once("can-isotp: %s: can_send_ret %d\n", - __func__, can_send_ret); + /* report 'communication error on send' */ + sk->sk_err = ECOMM; + if (!sock_flag(sk, SOCK_DEAD)) + sk->sk_error_report(sk); - if (so->tx.idx >= so->tx.len) { - /* we are done */ - so->tx.state = ISOTP_IDLE; - dev_put(dev); - wake_up_interruptible(&so->wait); - break; - } + /* reset tx state */ + so->tx.state = ISOTP_IDLE; + wake_up_interruptible(&so->wait); - if (so->txfc.bs && so->tx.bs >= so->txfc.bs) { - /* stop and wait for FC */ - so->tx.state = ISOTP_WAIT_FC; - dev_put(dev); - hrtimer_set_expires(&so->txtimer, - ktime_add(ktime_get(), - ktime_set(1, 0))); - restart = HRTIMER_RESTART; - break; - } + return HRTIMER_NORESTART; +} - /* no gap between data frames needed => use burst mode */ - if (!so->tx_gap) - goto isotp_tx_burst; +static enum hrtimer_restart isotp_txfr_timer_handler(struct hrtimer *hrtimer) +{ + struct isotp_sock *so = container_of(hrtimer, struct isotp_sock, + txfrtimer); - /* start timer to send next data frame with correct delay */ - dev_put(dev); - hrtimer_set_expires(&so->txtimer, - ktime_add(ktime_get(), so->tx_gap)); - restart = HRTIMER_RESTART; - break; + /* start echo timeout handling and cover below protocol error */ + hrtimer_start(&so->txtimer, ktime_set(ISOTP_ECHO_TIMEOUT, 0), + HRTIMER_MODE_REL_SOFT); - default: - WARN_ON_ONCE(1); - } + /* cfecho should be consumed by isotp_rcv_echo() here */ + if (so->tx.state == ISOTP_SENDING && !so->cfecho) + isotp_send_cframe(so); - return restart; + return HRTIMER_NORESTART; } static int isotp_sendmsg(struct socket *sock, struct msghdr *msg, size_t size) { struct sock *sk = sock->sk; struct isotp_sock *so = isotp_sk(sk); - u32 old_state = so->tx.state; struct sk_buff *skb; struct net_device *dev; struct canfd_frame *cf; int ae = (so->opt.flags & CAN_ISOTP_EXTEND_ADDR) ? 1 : 0; int wait_tx_done = (so->opt.flags & CAN_ISOTP_WAIT_TX_DONE) ? 1 : 0; - s64 hrtimer_sec = 0; + s64 hrtimer_sec = ISOTP_ECHO_TIMEOUT; int off; int err; - if (!so->bound) + if (!so->bound || so->tx.state == ISOTP_SHUTDOWN) return -EADDRNOTAVAIL; - /* we do not support multiple buffers - for now */ - if (cmpxchg(&so->tx.state, ISOTP_IDLE, ISOTP_SENDING) != ISOTP_IDLE || - wq_has_sleeper(&so->wait)) { - if (msg->msg_flags & MSG_DONTWAIT) { - err = -EAGAIN; - goto err_out; - } + while (cmpxchg(&so->tx.state, ISOTP_IDLE, ISOTP_SENDING) != ISOTP_IDLE) { + /* we do not support multiple buffers - for now */ + if (msg->msg_flags & MSG_DONTWAIT) + return -EAGAIN; + + if (so->tx.state == ISOTP_SHUTDOWN) + return -EADDRNOTAVAIL; /* wait for complete transmission of current pdu */ err = wait_event_interruptible(so->wait, so->tx.state == ISOTP_IDLE); if (err) - goto err_out; + goto err_event_drop; + } + + /* PDU size > default => try max_pdu_size */ + if (size > so->tx.buflen && so->tx.buflen < max_pdu_size) { + u8 *newbuf = kmalloc(max_pdu_size, GFP_KERNEL); + + if (newbuf) { + so->tx.buf = newbuf; + so->tx.buflen = max_pdu_size; + } } - if (!size || size > MAX_MSG_LENGTH) { + if (!size || size > so->tx.buflen) { err = -EINVAL; goto err_out_drop; } /* take care of a potential SF_DL ESC offset for TX_DL > 8 */ off = (so->tx.ll_dl > CAN_MAX_DLEN) ? 1 : 0; /* does the given data fit into a single frame for SF_BROADCAST? */ - if ((so->opt.flags & CAN_ISOTP_SF_BROADCAST) && + if ((isotp_bc_flags(so) == CAN_ISOTP_SF_BROADCAST) && (size > so->tx.ll_dl - SF_PCI_SZ4 - ae - off)) { err = -EINVAL; goto err_out_drop; } @@ -925,10 +1012,14 @@ static int isotp_sendmsg(struct socket *sock, struct msghdr *msg, size_t size) so->tx.idx = 0; cf = (struct canfd_frame *)skb->data; skb_put_zero(skb, so->ll.mtu); + /* cfecho should have been zero'ed by init / former isotp_rcv_echo() */ + if (so->cfecho) + pr_notice_once("can-isotp: uninit cfecho %08X\n", so->cfecho); + /* check for single frame transmission depending on TX_DL */ if (size <= so->tx.ll_dl - SF_PCI_SZ4 - ae - off) { /* The message size generally fits into a SingleFrame - good. * * SF_DL ESC offset optimization: @@ -950,62 +1041,86 @@ static int isotp_sendmsg(struct socket *sock, struct msghdr *msg, size_t size) if (off) cf->data[SF_PCI_SZ4 + ae] = size; else cf->data[ae] |= size; - so->tx.state = ISOTP_IDLE; - wake_up_interruptible(&so->wait); - - /* don't enable wait queue for a single frame transmission */ - wait_tx_done = 0; + /* set CF echo tag for isotp_rcv_echo() (SF-mode) */ + so->cfecho = *(u32 *)cf->data; } else { - /* send first frame and wait for FC */ + /* send first frame */ isotp_create_fframe(cf, so, ae); - /* start timeout for FC */ - hrtimer_sec = 1; - hrtimer_start(&so->txtimer, ktime_set(hrtimer_sec, 0), - HRTIMER_MODE_REL_SOFT); + if (isotp_bc_flags(so) == CAN_ISOTP_CF_BROADCAST) { + /* set timer for FC-less operation (STmin = 0) */ + if (so->opt.flags & CAN_ISOTP_FORCE_TXSTMIN) + so->tx_gap = ktime_set(0, so->force_tx_stmin); + else + so->tx_gap = ktime_set(0, so->frame_txtime); + + /* disable wait for FCs due to activated block size */ + so->txfc.bs = 0; + + /* set CF echo tag for isotp_rcv_echo() (CF-mode) */ + so->cfecho = *(u32 *)cf->data; + } else { + /* standard flow control check */ + so->tx.state = ISOTP_WAIT_FIRST_FC; + + /* start timeout for FC */ + hrtimer_sec = ISOTP_FC_TIMEOUT; + + /* no CF echo tag for isotp_rcv_echo() (FF-mode) */ + so->cfecho = 0; + } } + hrtimer_start(&so->txtimer, ktime_set(hrtimer_sec, 0), + HRTIMER_MODE_REL_SOFT); + /* send the first or only CAN frame */ cf->flags = so->ll.tx_flags; skb->dev = dev; skb->sk = sk; err = can_send(skb, 1); dev_put(dev); if (err) { - pr_notice_once("can-isotp: %s: can_send_ret %d\n", - __func__, err); + pr_notice_once("can-isotp: %s: can_send_ret %pe\n", + __func__, ERR_PTR(err)); /* no transmission -> no timeout monitoring */ - if (hrtimer_sec) - hrtimer_cancel(&so->txtimer); + hrtimer_cancel(&so->txtimer); + + /* reset consecutive frame echo tag */ + so->cfecho = 0; goto err_out_drop; } if (wait_tx_done) { /* wait for complete transmission of current pdu */ - wait_event_interruptible(so->wait, so->tx.state == ISOTP_IDLE); + err = wait_event_interruptible(so->wait, so->tx.state == ISOTP_IDLE); + if (err) + goto err_event_drop; err = sock_error(sk); if (err) return err; } return size; +err_event_drop: + /* got signal: force tx state machine to be idle */ + so->tx.state = ISOTP_IDLE; + hrtimer_cancel(&so->txfrtimer); + hrtimer_cancel(&so->txtimer); err_out_drop: /* drop this PDU and unlock a potential wait queue */ - old_state = ISOTP_IDLE; -err_out: - so->tx.state = old_state; - if (so->tx.state == ISOTP_IDLE) - wake_up_interruptible(&so->wait); + so->tx.state = ISOTP_IDLE; + wake_up_interruptible(&so->wait); return err; } static int isotp_recvmsg(struct socket *sock, struct msghdr *msg, size_t size, @@ -1065,11 +1180,17 @@ static int isotp_release(struct socket *sock) so = isotp_sk(sk); net = sock_net(sk); /* wait for complete transmission of current pdu */ - wait_event_interruptible(so->wait, so->tx.state == ISOTP_IDLE); + while (wait_event_interruptible(so->wait, so->tx.state == ISOTP_IDLE) == 0 && + cmpxchg(&so->tx.state, ISOTP_IDLE, ISOTP_SHUTDOWN) != ISOTP_IDLE) + ; + + /* force state machines to be idle also when a signal occurred */ + so->tx.state = ISOTP_SHUTDOWN; + so->rx.state = ISOTP_IDLE; spin_lock(&isotp_notifier_lock); while (isotp_busy_notifier == so) { spin_unlock(&isotp_notifier_lock); schedule_timeout_uninterruptible(1); @@ -1079,31 +1200,43 @@ static int isotp_release(struct socket *sock) spin_unlock(&isotp_notifier_lock); lock_sock(sk); /* remove current filters & unregister */ - if (so->bound && (!(so->opt.flags & CAN_ISOTP_SF_BROADCAST))) { + if (so->bound) { if (so->ifindex) { struct net_device *dev; dev = dev_get_by_index(net, so->ifindex); if (dev) { - can_rx_unregister(net, dev, so->rxid, - SINGLE_MASK(so->rxid), - isotp_rcv, sk); + if (isotp_register_rxid(so)) + can_rx_unregister(net, dev, so->rxid, + SINGLE_MASK(so->rxid), + isotp_rcv, sk); + + can_rx_unregister(net, dev, so->txid, + SINGLE_MASK(so->txid), + isotp_rcv_echo, sk); dev_put(dev); synchronize_rcu(); } } } + hrtimer_cancel(&so->txfrtimer); hrtimer_cancel(&so->txtimer); hrtimer_cancel(&so->rxtimer); so->ifindex = 0; so->bound = 0; + if (so->rx.buf != so->rx.sbuf) + kfree(so->rx.buf); + + if (so->tx.buf != so->tx.sbuf) + kfree(so->tx.buf); + sock_orphan(sk); sock->sk = NULL; release_sock(sk); sock_put(sk); @@ -1117,30 +1250,42 @@ static int isotp_bind(struct socket *sock, struct sockaddr *uaddr, int len) struct sock *sk = sock->sk; struct isotp_sock *so = isotp_sk(sk); struct net *net = sock_net(sk); int ifindex; struct net_device *dev; - canid_t tx_id, rx_id; + canid_t tx_id = addr->can_addr.tp.tx_id; + canid_t rx_id = addr->can_addr.tp.rx_id; int err = 0; int notify_enetdown = 0; - int do_rx_reg = 1; if (len < ISOTP_MIN_NAMELEN) return -EINVAL; - /* sanitize tx/rx CAN identifiers */ - tx_id = addr->can_addr.tp.tx_id; + if (addr->can_family != AF_CAN) + return -EINVAL; + + /* sanitize tx CAN identifier */ if (tx_id & CAN_EFF_FLAG) tx_id &= (CAN_EFF_FLAG | CAN_EFF_MASK); else tx_id &= CAN_SFF_MASK; - rx_id = addr->can_addr.tp.rx_id; - if (rx_id & CAN_EFF_FLAG) - rx_id &= (CAN_EFF_FLAG | CAN_EFF_MASK); - else - rx_id &= CAN_SFF_MASK; + /* give feedback on wrong CAN-ID value */ + if (tx_id != addr->can_addr.tp.tx_id) + return -EINVAL; + + /* sanitize rx CAN identifier (if needed) */ + if (isotp_register_rxid(so)) { + if (rx_id & CAN_EFF_FLAG) + rx_id &= (CAN_EFF_FLAG | CAN_EFF_MASK); + else + rx_id &= CAN_SFF_MASK; + + /* give feedback on wrong CAN-ID value */ + if (rx_id != addr->can_addr.tp.rx_id) + return -EINVAL; + } if (!addr->can_ifindex) return -ENODEV; lock_sock(sk); @@ -1148,16 +1293,12 @@ static int isotp_bind(struct socket *sock, struct sockaddr *uaddr, int len) if (so->bound) { err = -EINVAL; goto out; } - /* do not register frame reception for functional addressing */ - if (so->opt.flags & CAN_ISOTP_SF_BROADCAST) - do_rx_reg = 0; - - /* do not validate rx address for functional addressing */ - if (do_rx_reg && rx_id == tx_id) { + /* ensure different CAN IDs when the rx_id is to be registered */ + if (isotp_register_rxid(so) && rx_id == tx_id) { err = -EADDRNOTAVAIL; goto out; } dev = dev_get_by_index(net, addr->can_ifindex); @@ -1178,14 +1319,21 @@ static int isotp_bind(struct socket *sock, struct sockaddr *uaddr, int len) if (!(dev->flags & IFF_UP)) notify_enetdown = 1; ifindex = dev->ifindex; - if (do_rx_reg) + if (isotp_register_rxid(so)) can_rx_register(net, dev, rx_id, SINGLE_MASK(rx_id), isotp_rcv, sk, "isotp", sk); + /* no consecutive frame echo skb in flight */ + so->cfecho = 0; + + /* register for echo skb's */ + can_rx_register(net, dev, tx_id, SINGLE_MASK(tx_id), + isotp_rcv_echo, sk, "isotpe", sk); + dev_put(dev); /* switch to new settings */ so->ifindex = ifindex; so->rxid = rx_id; @@ -1242,10 +1390,19 @@ static int isotp_setsockopt_locked(struct socket *sock, int level, int optname, /* no separate rx_ext_address is given => use ext_address */ if (!(so->opt.flags & CAN_ISOTP_RX_EXT_ADDR)) so->opt.rx_ext_address = so->opt.ext_address; + /* these broadcast flags are not allowed together */ + if (isotp_bc_flags(so) == ISOTP_ALL_BC_FLAGS) { + /* CAN_ISOTP_SF_BROADCAST is prioritized */ + so->opt.flags &= ~CAN_ISOTP_CF_BROADCAST; + + /* give user feedback on wrong config attempt */ + ret = -EINVAL; + } + /* check for frame_txtime changes (0 => no changes) */ if (so->opt.frame_txtime) { if (so->opt.frame_txtime == CAN_ISOTP_FRAME_TXTIME_ZERO) so->frame_txtime = 0; else @@ -1392,14 +1549,20 @@ static void isotp_notify(struct isotp_sock *so, unsigned long msg, switch (msg) { case NETDEV_UNREGISTER: lock_sock(sk); /* remove current filters & unregister */ - if (so->bound && (!(so->opt.flags & CAN_ISOTP_SF_BROADCAST))) - can_rx_unregister(dev_net(dev), dev, so->rxid, - SINGLE_MASK(so->rxid), - isotp_rcv, sk); + if (so->bound) { + if (isotp_register_rxid(so)) + can_rx_unregister(dev_net(dev), dev, so->rxid, + SINGLE_MASK(so->rxid), + isotp_rcv, sk); + + can_rx_unregister(dev_net(dev), dev, so->txid, + SINGLE_MASK(so->txid), + isotp_rcv_echo, sk); + } so->ifindex = 0; so->bound = 0; release_sock(sk); @@ -1464,14 +1627,21 @@ static int isotp_init(struct sock *sk) so->tx.ll_dl = so->ll.tx_dl; so->rx.state = ISOTP_IDLE; so->tx.state = ISOTP_IDLE; + so->rx.buf = so->rx.sbuf; + so->tx.buf = so->tx.sbuf; + so->rx.buflen = ARRAY_SIZE(so->rx.sbuf); + so->tx.buflen = ARRAY_SIZE(so->tx.sbuf); + hrtimer_init(&so->rxtimer, CLOCK_MONOTONIC, HRTIMER_MODE_REL_SOFT); so->rxtimer.function = isotp_rx_timer_handler; hrtimer_init(&so->txtimer, CLOCK_MONOTONIC, HRTIMER_MODE_REL_SOFT); so->txtimer.function = isotp_tx_timer_handler; + hrtimer_init(&so->txfrtimer, CLOCK_MONOTONIC, HRTIMER_MODE_REL_SOFT); + so->txfrtimer.function = isotp_txfr_timer_handler; init_waitqueue_head(&so->wait); spin_lock_init(&so->rx_lock); spin_lock(&isotp_notifier_lock); @@ -1544,15 +1714,18 @@ static struct notifier_block canisotp_notifier = { static __init int isotp_module_init(void) { int err; - pr_info("can: isotp protocol\n"); + max_pdu_size = max_t(unsigned int, max_pdu_size, MAX_12BIT_PDU_SIZE); + max_pdu_size = min_t(unsigned int, max_pdu_size, MAX_PDU_SIZE); + + pr_info("can: isotp protocol (max_pdu_size %d)\n", max_pdu_size); err = can_proto_register(&isotp_can_proto); if (err < 0) - pr_err("can: registration of isotp protocol failed\n"); + pr_err("can: registration of isotp protocol failed %pe\n", ERR_PTR(err)); else register_netdevice_notifier(&canisotp_notifier); return err; } -- 2.34.1

1 year, 2 months

3
2
0 0

[PATCH 6.1 000/131] 6.1.59-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.59 release. There are 131 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 18 Oct 2023 08:39:40 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.59-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.59-rc1 Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fixed two speaker platform Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/64e: Fix wrong test in __ptep_test_and_clear_young() Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/8xx: Fix pte_access_permitted() for PAGE_NONE Duoming Zhou <duoming(a)zju.edu.cn> dmaengine: mediatek: Fix deadlock caused by synchronize_irq() Rex Zhang <rex.zhang(a)intel.com> dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/alternatives: Disable KASAN in apply_alternatives() Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: Fixes issue with dequeuing not queued requests Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call Piyush Mehta <piyush.mehta(a)amd.com> usb: gadget: udc-xilinx: replace memcpy with memcpy_toio Prashanth K <quic_prashk(a)quicinc.com> usb: typec: ucsi: Clear EVENT_PENDING bit if ucsi_send_command fails RD Babiera <rdbabiera(a)google.com> usb: typec: altmodes/displayport: Signal hpd low when exiting mode Dharma Balasubiramani <dharma.b(a)microchip.com> counter: microchip-tcb-capture: Fix the use of internal GCLK logic Fabrice Gasnier <fabrice.gasnier(a)foss.st.com> counter: chrdev: fix getting array extensions Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Correct clear TM error log Dmitry Torokhov <dmitry.torokhov(a)gmail.com> pinctrl: avoid unsafe code pattern in find_pinctrl() Christian König <christian.koenig(a)amd.com> dma-buf: add dma_fence_timestamp helper Michal Koutný <mkoutny(a)suse.com> cgroup: Remove duplicates in cgroup v1 tasks file Mario Limonciello <mario.limonciello(a)amd.com> usb: typec: ucsi: Use GET_CAPABILITY attributes data to set power supply scope Yanguo Li <yanguo.li(a)corigine.com> nfp: flower: avoid rmmod nfp crash issues Jeremy Kerr <jk(a)codeconstruct.com.au> mctp: perform route lookups under a RCU read-side lock Rijo Thomas <Rijo-john.Thomas(a)amd.com> tee: amdtee: fix use-after-free vulnerability in amdtee_close_session Hans de Goede <hdegoede(a)redhat.com> Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case Szilard Fabian <szfabian(a)bluemarch.art> Input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table Matthias Berndt <matthias_berndt(a)gmx.de> Input: xpad - add PXN V900 support Jeffery Miller <jefferymiller(a)google.com> Input: psmouse - fix fast_reconnect function for PS/2 mode Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Input: powermate - fix use-after-free in powermate_config_complete Dan Carpenter <dan.carpenter(a)linaro.org> ceph: fix type promotion bug on 32bit systems Xiubo Li <xiubli(a)redhat.com> ceph: fix incorrect revoked caps assert in ceph_fill_file_size() Jordan Rife <jrife(a)google.com> libceph: use kernel_connect() Michael Ellerman <mpe(a)ellerman.id.au> powerpc/47x: Fix 47x syscall return crash Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Restart XDomain discovery handshake after failure Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge Jorge Sanjuan Garcia <jorge.sanjuangarcia(a)duagon.com> mcb: remove is_added flag from mcb_device struct Borislav Petkov (AMD) <bp(a)alien8.de> x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs JP Kobryn <inwardvessel(a)gmail.com> perf/x86/lbr: Filter vsyscall addresses Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: not allow to open file if delelete on close bit is set Hans de Goede <hdegoede(a)redhat.com> ACPI: EC: Add quirk for the HP Pavilion Gaming 15-dk1xxx Hans de Goede <hdegoede(a)redhat.com> ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA Daniel Miess <daniel.miess(a)amd.com> drm/amd/display: Don't set dpms_off for seamless boot Christian König <christian.koenig(a)amd.com> drm/amdgpu: add missing NULL check Simon Ser <contact(a)emersion.fr> drm/atomic-helper: relax unregistered connector check Macpaul Lin <macpaul.lin(a)mediatek.com> arm64: dts: mediatek: mt8195-demo: update and reorder reserved memory regions Macpaul Lin <macpaul.lin(a)mediatek.com> arm64: dts: mediatek: mt8195-demo: fix the memory size to 8GB Antoniu Miclaus <antoniu.miclaus(a)analog.com> iio: addac: Kconfig: update ad74413r selections Alexander Zangerl <az(a)breathe-safe.com> iio: pressure: ms5611: ms5611_prom_is_valid false negative bug Lakshmi Yadlapati <lakshmiy(a)us.ibm.com> iio: pressure: dps310: Adjust Timeout Settings Antoniu Miclaus <antoniu.miclaus(a)analog.com> iio: admv1013: add mixer_vgate corner cases Marcelo Schmitt <marcelo.schmitt1(a)gmail.com> iio: dac: ad3552r: Correct device IDs Philipp Rossak <embed3d(a)gmail.com> iio: adc: imx8qxp: Fix address for command buffer registers Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: imu: bno055: Fix missing Kconfig dependencies Phil Elwell <phil(a)raspberrypi.com> iio: pressure: bmp280: Fix NULL pointer exception Xingxing Luo <xingxing.luo(a)unisoc.com> usb: musb: Modify the "HWVers" register address Xingxing Luo <xingxing.luo(a)unisoc.com> usb: musb: Get the musb_qh poniter after musb_giveback Ricardo Cañuelo <ricardo.canuelo(a)collabora.com> usb: hub: Guard against accesses to uninitialized BOS descriptors Xiaolei Wang <xiaolei.wang(a)windriver.com> usb: cdns3: Modify the return value of cdns_set_active () to void when CONFIG_PM_SLEEP is disabled Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> usb: dwc3: Soft reset phy on probe for host Javier Carrasco <javier.carrasco.cruz(a)gmail.com> net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read Wesley Cheng <quic_wcheng(a)quicinc.com> usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer Amelie Delaunay <amelie.delaunay(a)foss.st.com> dmaengine: stm32-mdma: set in_flight_bytes in case CRQA flag is set Amelie Delaunay <amelie.delaunay(a)foss.st.com> dmaengine: stm32-mdma: use Link Address Register to compute residue Amelie Delaunay <amelie.delaunay(a)foss.st.com> dmaengine: stm32-dma: fix residue in case of MDMA chaining Amelie Delaunay <amelie.delaunay(a)foss.st.com> dmaengine: stm32-dma: fix stm32_dma_prep_slave_sg in case of MDMA chaining Amelie Delaunay <amelie.delaunay(a)foss.st.com> dmaengine: stm32-mdma: abort resume if no ongoing transfer mfreemon(a)cloudflare.com <mfreemon(a)cloudflare.com> tcp: enforce receive buffer memory limits by allowing the tcp window to shrink Waiman Long <longman(a)redhat.com> workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask() Jeremy Cline <jeremy(a)jcline.org> nfc: nci: assert requested protocol is valid Ralph Siemsen <ralph.siemsen(a)linaro.org> pinctrl: renesas: rzn1: Enable missing PINMUX Nils Hoppmann <niho(a)linux.ibm.com> net/smc: Fix pos miscalculation in statistics Kory Maincent <kory.maincent(a)bootlin.com> ethtool: Fix mod state of verbose no_mask bitset Eric Dumazet <edumazet(a)google.com> net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() Will Mortensen <will(a)extrahop.com> net/mlx5e: Again mutually exclude RX-FCS and RX-port-timestamp Dan Carpenter <dan.carpenter(a)linaro.org> ixgbe: fix crash with empty VF macvlan list Radu Pirea (NXP OSS) <radu-nicolae.pirea(a)oss.nxp.com> net/mlx5e: macsec: use update_pn flag instead of PN comparation Radu Pirea (NXP OSS) <radu-nicolae.pirea(a)oss.nxp.com> net: phy: mscc: macsec: reject PN update requests Radu Pirea (NXP OSS) <radu-nicolae.pirea(a)oss.nxp.com> net: macsec: indicate next pn update when offloading Eric Dumazet <edumazet(a)google.com> net: refine debug info in skb_checksum_help() David Vernet <void(a)manifault.com> bpf: Fix verifier log for async callback return values Konstantin Meskhidze <konstantin.meskhidze(a)huawei.com> drm/vmwgfx: fix typo of sizeof argument Björn Töpel <bjorn(a)rivosinc.com> riscv, bpf: Sign-extend return values Pu Lehui <pulehui(a)huawei.com> riscv, bpf: Factor out emit_call for kernel and bpf context Roger Pau Monne <roger.pau(a)citrix.com> xen-netback: use default TX queue size for vifs Dan Carpenter <dan.carpenter(a)linaro.org> mlxsw: fix mlxsw_sp2_nve_vxlan_learning_set() return type Dinghao Liu <dinghao.liu(a)zju.edu.cn> ieee802154: ca8210: Fix a potential UAF in ca8210_probe Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> ravb: Fix use-after-free issue in ravb_tx_timeout_work() Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> ravb: Fix up dma_free_coherent() call in ravb_remove() Nícolas F. R. A. Prado <nfraprado(a)collabora.com> arm64: dts: mediatek: mt8195: Set DSU PMU status to fail John Watts <contact(a)jookia.org> can: sun4i_can: Only show Kconfig if ARCH_SUNXI is set Lukas Magel <lukas.magel(a)posteo.net> can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior Marek Behún <kabel(a)kernel.org> net: dsa: qca8k: fix potential MDIO bus conflict when accessing internal PHYs via management frames Vladimir Oltean <vladimir.oltean(a)nxp.com> phy: lynx-28g: serialize concurrent phy_set_mode_ext() calls to shared registers Vladimir Oltean <vladimir.oltean(a)nxp.com> phy: lynx-28g: lock PHY while performing CDR lock workaround Ioana Ciornei <ioana.ciornei(a)nxp.com> phy: lynx-28g: cancel the CDR check work item on the remove path Stephen Boyd <swboyd(a)chromium.org> drm/msm/dp: Add newlines to debug printks Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow Dan Carpenter <dan.carpenter(a)linaro.org> drm/msm/dsi: fix irq_of_parse_and_map() error checking Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/dsi: skip the wait for video mode done if not applicable Kuogee Hsieh <quic_khsieh(a)quicinc.com> drm/msm/dp: do not reinitialize phy unless retry during link training Mikhail Kobuk <m.kobuk(a)ispras.ru> pinctrl: nuvoton: wpcm450: fix out of bounds write Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - ALC287 merge RTK codec with CS CS35L41 AMP Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - ALC287 I2S speaker platform support Fabian Vogt <fabian(a)ritter-vogt.de> ALSA: hda/realtek: Add quirk for mute LEDs on HP ENVY x360 15-eu0xxx SungHwan Jung <onenowy(a)gmail.com> ALSA: hda/realtek: Add quirk for HP Victus 16-d1xxx to enable mute LED Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_sai: Don't disable bitclock for i.MX8MP Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_sai: MCLK bind with TX/RX enable bit Rob Herring <robh(a)kernel.org> ASoC: Use of_property_read_bool() for boolean properties Balamurugan C <balamurugan.c(a)intel.com> ASoC: Intel: soc-acpi: Add entry for sof_es8336 in MTL match table. Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: Intel: sof_sdw: add support for SKU 0B14 Balamurugan C <balamurugan.c(a)intel.com> ASoC: Intel: soc-acpi: Add entry for HDMI_In capture support in MTL match table Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: simple-card-utils: fixup simple_util_startup() error handling Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: SOF: amd: fix for firmware reload failure after playback Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Change model for Intel RVP board Christos Skevis <xristos.thes(a)gmail.com> ALSA: usb-audio: Fix microphone sound on Nexigo webcam. WhaleChang <whalechang(a)google.com> ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset Sumit Garg <sumit.garg(a)linaro.org> KEYS: trusted: Remove redundant static calls usage Biju Das <biju.das.jz(a)bp.renesas.com> irqchip: renesas-rzg2l: Fix logic to clear TINT interrupt source Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> dt-bindings: interrupt-controller: renesas,rzg2l-irqc: Update description for '#interrupt-cells' property Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8150: extend the size of the PDC resource Jordan Rife <jrife(a)google.com> net: prevent address rewrite in kernel_bind() Damien Le Moal <dlemoal(a)kernel.org> ata: libata-scsi: Disable scsi device manage_system_start_stop Sven Frotscher <sven.frotscher(a)gmail.com> ASoC: amd: yc: Fix non-functional mic on Lenovo 82YM Jan Kara <jack(a)suse.cz> quota: Fix slow quotaoff Hans de Goede <hdegoede(a)redhat.com> HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect Damien Le Moal <dlemoal(a)kernel.org> scsi: Do not rescan devices with a suspended queue Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> platform/x86: hp-wmi:: Mark driver struct with __refdata to prevent section mismatch warning Armin Wolf <W_Armin(a)gmx.de> platform/x86: think-lmi: Fix reference leak Jing Zhang <renyu.zj(a)linux.alibaba.com> perf/arm-cmn: Fix the unhandled overflow status of counter 4 to 7 Artem Chernyshev <artem.chernyshev(a)red-soft.ru> RDMA/cxgb4: Check skb value for failure to allocate Nirmoy Das <nirmoy.das(a)intel.com> drm/i915: Don't set PIPE_CONTROL_FLUSH_L3 for aux inval Paolo Abeni <pabeni(a)redhat.com> mptcp: fix delegated action races Haiyang Zhang <haiyangz(a)microsoft.com> net: mana: Fix TX CQE error handling ------------- Diffstat: .../interrupt-controller/renesas,rzg2l-irqc.yaml | 5 +- Documentation/networking/ip-sysctl.rst | 15 ++++ Makefile | 4 +- arch/arm64/boot/dts/mediatek/mt8195-demo.dts | 39 ++++++++-- arch/arm64/boot/dts/mediatek/mt8195.dtsi | 1 + arch/arm64/boot/dts/qcom/sm8150.dtsi | 2 +- arch/powerpc/include/asm/nohash/32/pte-8xx.h | 7 ++ arch/powerpc/include/asm/nohash/64/pgtable.h | 2 +- arch/powerpc/include/asm/nohash/pgtable.h | 2 + arch/powerpc/kernel/entry_32.S | 8 +- arch/riscv/net/bpf_jit_comp64.c | 33 ++++---- arch/x86/events/utils.c | 5 +- arch/x86/include/asm/msr-index.h | 9 ++- arch/x86/kernel/alternative.c | 13 ++++ arch/x86/kernel/cpu/amd.c | 8 ++ drivers/acpi/ec.c | 11 +++ drivers/acpi/resource.c | 7 ++ drivers/ata/libata-core.c | 90 ++++++++++++++++++++++ drivers/ata/libata-eh.c | 54 ++++++++++++- drivers/ata/libata-scsi.c | 16 ++-- drivers/ata/libata.h | 2 + drivers/counter/counter-chrdev.c | 4 +- drivers/counter/microchip-tcb-capture.c | 2 +- drivers/dma-buf/dma-fence-unwrap.c | 13 +--- drivers/dma-buf/sync_file.c | 9 +-- drivers/dma/idxd/device.c | 5 +- drivers/dma/mediatek/mtk-uart-apdma.c | 3 +- drivers/dma/stm32-dma.c | 11 ++- drivers/dma/stm32-mdma.c | 33 +++++--- drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 2 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 3 + drivers/gpu/drm/drm_atomic_helper.c | 17 +++- drivers/gpu/drm/i915/gt/gen8_engine_cs.c | 11 ++- drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c | 12 +-- drivers/gpu/drm/msm/dp/dp_ctrl.c | 13 ++-- drivers/gpu/drm/msm/dp/dp_link.c | 2 +- drivers/gpu/drm/msm/dsi/dsi_host.c | 19 ++++- drivers/gpu/drm/scheduler/sched_main.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 2 +- drivers/hid/hid-logitech-hidpp.c | 3 +- drivers/iio/adc/imx8qxp-adc.c | 4 +- drivers/iio/addac/Kconfig | 2 + drivers/iio/dac/ad3552r.c | 4 +- drivers/iio/frequency/admv1013.c | 4 +- drivers/iio/imu/bno055/Kconfig | 2 + drivers/iio/pressure/bmp280-core.c | 2 +- drivers/iio/pressure/dps310.c | 8 +- drivers/iio/pressure/ms5611_core.c | 2 +- drivers/infiniband/hw/cxgb4/cm.c | 3 + drivers/input/joystick/xpad.c | 2 + drivers/input/misc/powermate.c | 1 + drivers/input/mouse/elantech.c | 1 + drivers/input/mouse/synaptics.c | 1 + drivers/input/serio/i8042-acpipnpio.h | 8 ++ drivers/input/touchscreen/goodix.c | 19 +++++ drivers/irqchip/irq-renesas-rzg2l.c | 2 +- drivers/mcb/mcb-core.c | 10 +-- drivers/mcb/mcb-parse.c | 2 - drivers/net/can/Kconfig | 2 +- drivers/net/dsa/qca/qca8k-8xxx.c | 11 +++ drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c | 5 +- .../ethernet/mellanox/mlx5/core/en_accel/macsec.c | 4 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 3 +- .../ethernet/mellanox/mlxsw/spectrum_nve_vxlan.c | 4 +- drivers/net/ethernet/microsoft/mana/mana_en.c | 16 ++-- drivers/net/ethernet/netronome/nfp/flower/cmsg.c | 10 ++- .../net/ethernet/netronome/nfp/flower/conntrack.c | 19 +++-- drivers/net/ethernet/netronome/nfp/flower/main.h | 2 + .../net/ethernet/netronome/nfp/flower/metadata.c | 2 + .../net/ethernet/netronome/nfp/flower/offload.c | 24 ++++-- .../net/ethernet/netronome/nfp/flower/qos_conf.c | 20 +++-- drivers/net/ethernet/renesas/ravb_main.c | 6 +- drivers/net/ieee802154/ca8210.c | 17 +--- drivers/net/macsec.c | 2 + drivers/net/phy/mscc/mscc_macsec.c | 6 ++ drivers/net/usb/dm9601.c | 7 +- drivers/net/xen-netback/interface.c | 4 - drivers/perf/arm-cmn.c | 2 +- drivers/phy/freescale/phy-fsl-lynx-28g.c | 27 ++++++- drivers/pinctrl/core.c | 16 ++-- drivers/pinctrl/nuvoton/pinctrl-wpcm450.c | 6 +- drivers/pinctrl/renesas/Kconfig | 1 + drivers/platform/x86/hp/hp-wmi.c | 8 +- drivers/platform/x86/think-lmi.c | 24 +++++- drivers/scsi/scsi_scan.c | 11 +-- drivers/tee/amdtee/core.c | 10 ++- drivers/thunderbolt/icm.c | 40 +++++----- drivers/thunderbolt/switch.c | 7 ++ drivers/thunderbolt/xdomain.c | 58 ++++++++++---- drivers/ufs/core/ufshcd.c | 2 +- drivers/usb/cdns3/cdnsp-gadget.c | 3 + drivers/usb/cdns3/core.h | 3 +- drivers/usb/core/hub.c | 25 +++++- drivers/usb/core/hub.h | 2 +- drivers/usb/dwc3/core.c | 39 +++++++++- drivers/usb/gadget/function/f_ncm.c | 26 +++++-- drivers/usb/gadget/udc/udc-xilinx.c | 20 +++-- drivers/usb/host/xhci-ring.c | 4 +- drivers/usb/musb/musb_debugfs.c | 2 +- drivers/usb/musb/musb_host.c | 9 ++- drivers/usb/typec/altmodes/displayport.c | 5 ++ drivers/usb/typec/ucsi/psy.c | 9 +++ drivers/usb/typec/ucsi/ucsi.c | 1 + fs/ceph/file.c | 2 +- fs/ceph/inode.c | 4 +- fs/quota/dquot.c | 66 +++++++++------- fs/smb/server/vfs_cache.c | 4 +- include/linux/dma-fence.h | 19 +++++ include/linux/libata.h | 7 +- include/linux/mcb.h | 1 - include/linux/quota.h | 4 +- include/linux/quotaops.h | 2 +- include/net/macsec.h | 1 + include/net/netns/ipv4.h | 1 + kernel/bpf/verifier.c | 6 +- kernel/cgroup/cgroup-v1.c | 5 +- kernel/workqueue.c | 8 +- net/can/isotp.c | 19 ++--- net/ceph/messenger.c | 4 +- net/core/dev.c | 8 +- net/ethtool/bitset.c | 32 ++++++-- net/ipv4/sysctl_net_ipv4.c | 9 +++ net/ipv4/tcp_ipv4.c | 2 + net/ipv4/tcp_output.c | 60 ++++++++++++--- net/mctp/route.c | 22 ++++-- net/mptcp/protocol.c | 28 +++---- net/mptcp/protocol.h | 35 +++------ net/mptcp/subflow.c | 10 ++- net/netfilter/ipvs/ip_vs_sync.c | 4 +- net/nfc/llcp_core.c | 30 +++----- net/nfc/nci/core.c | 5 ++ net/rds/tcp_connect.c | 2 +- net/rds/tcp_listen.c | 2 +- net/smc/smc_stats.h | 14 ++-- net/socket.c | 6 +- security/keys/trusted-keys/trusted_core.c | 13 ++-- sound/pci/hda/patch_realtek.c | 89 ++++++++++++++++++--- sound/soc/amd/yc/acp6x-mach.c | 7 ++ sound/soc/codecs/sta32x.c | 39 +++++----- sound/soc/codecs/sta350.c | 63 +++++++-------- sound/soc/codecs/tas5086.c | 2 +- sound/soc/fsl/fsl_sai.c | 41 +++++++--- sound/soc/fsl/fsl_sai.h | 2 + sound/soc/fsl/fsl_ssi.c | 2 +- sound/soc/fsl/imx-card.c | 2 +- sound/soc/generic/simple-card-utils.c | 3 +- sound/soc/intel/boards/sof_es8336.c | 10 +++ sound/soc/intel/boards/sof_sdw.c | 10 +++ sound/soc/intel/common/soc-acpi-intel-mtl-match.c | 25 ++++++ sound/soc/sh/rcar/ssi.c | 4 +- sound/soc/sof/amd/pci-rmb.c | 1 - sound/usb/mixer.c | 7 ++ sound/usb/quirks.c | 8 +- 153 files changed, 1327 insertions(+), 523 deletions(-)

1 year, 2 months

14
151
0 0

FAILED: patch "[PATCH] drm/dp_mst: Fix NULL deref in" failed to apply to 4.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.14.y git checkout FETCH_HEAD git cherry-pick -x 3d887d512494d678b17c57b835c32f4e48d34f26 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023102726-arousal-ransack-d969@gregkh' --subject-prefix 'PATCH 4.14.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3d887d512494d678b17c57b835c32f4e48d34f26 Mon Sep 17 00:00:00 2001 From: Lukasz Majczak <lma(a)semihalf.com> Date: Fri, 22 Sep 2023 08:34:10 +0200 Subject: [PATCH] drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper() As drm_dp_get_mst_branch_device_by_guid() is called from drm_dp_get_mst_branch_device_by_guid(), mstb parameter has to be checked, otherwise NULL dereference may occur in the call to the memcpy() and cause following: [12579.365869] BUG: kernel NULL pointer dereference, address: 0000000000000049 [12579.365878] #PF: supervisor read access in kernel mode [12579.365880] #PF: error_code(0x0000) - not-present page [12579.365882] PGD 0 P4D 0 [12579.365887] Oops: 0000 [#1] PREEMPT SMP NOPTI ... [12579.365895] Workqueue: events_long drm_dp_mst_up_req_work [12579.365899] RIP: 0010:memcmp+0xb/0x29 [12579.365921] Call Trace: [12579.365927] get_mst_branch_device_by_guid_helper+0x22/0x64 [12579.365930] drm_dp_mst_up_req_work+0x137/0x416 [12579.365933] process_one_work+0x1d0/0x419 [12579.365935] worker_thread+0x11a/0x289 [12579.365938] kthread+0x13e/0x14f [12579.365941] ? process_one_work+0x419/0x419 [12579.365943] ? kthread_blkcg+0x31/0x31 [12579.365946] ret_from_fork+0x1f/0x30 As get_mst_branch_device_by_guid_helper() is recursive, moving condition to the first line allow to remove a similar one for step over of NULL elements inside a loop. Fixes: 5e93b8208d3c ("drm/dp/mst: move GUID storage from mgr, port to only mst branch") Cc: <stable(a)vger.kernel.org> # 4.14+ Signed-off-by: Lukasz Majczak <lma(a)semihalf.com> Reviewed-by: Radoslaw Biernacki <rad(a)chromium.org> Signed-off-by: Manasi Navare <navaremanasi(a)chromium.org> Link: https://patchwork.freedesktop.org/patch/msgid/20230922063410.23626-1-lma@se… diff --git a/drivers/gpu/drm/display/drm_dp_mst_topology.c b/drivers/gpu/drm/display/drm_dp_mst_topology.c index ed96cfcfa304..8c929ef72c72 100644 --- a/drivers/gpu/drm/display/drm_dp_mst_topology.c +++ b/drivers/gpu/drm/display/drm_dp_mst_topology.c @@ -2574,14 +2574,14 @@ static struct drm_dp_mst_branch *get_mst_branch_device_by_guid_helper( struct drm_dp_mst_branch *found_mstb; struct drm_dp_mst_port *port; + if (!mstb) + return NULL; + if (memcmp(mstb->guid, guid, 16) == 0) return mstb; list_for_each_entry(port, &mstb->ports, next) { - if (!port->mstb) - continue; - found_mstb = get_mst_branch_device_by_guid_helper(port->mstb, guid); if (found_mstb)

1 year, 2 months

2
1
0 0

FAILED: patch "[PATCH] drm/dp_mst: Fix NULL deref in" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 3d887d512494d678b17c57b835c32f4e48d34f26 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023102725-spiral-unglue-4f7c@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3d887d512494d678b17c57b835c32f4e48d34f26 Mon Sep 17 00:00:00 2001 From: Lukasz Majczak <lma(a)semihalf.com> Date: Fri, 22 Sep 2023 08:34:10 +0200 Subject: [PATCH] drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper() As drm_dp_get_mst_branch_device_by_guid() is called from drm_dp_get_mst_branch_device_by_guid(), mstb parameter has to be checked, otherwise NULL dereference may occur in the call to the memcpy() and cause following: [12579.365869] BUG: kernel NULL pointer dereference, address: 0000000000000049 [12579.365878] #PF: supervisor read access in kernel mode [12579.365880] #PF: error_code(0x0000) - not-present page [12579.365882] PGD 0 P4D 0 [12579.365887] Oops: 0000 [#1] PREEMPT SMP NOPTI ... [12579.365895] Workqueue: events_long drm_dp_mst_up_req_work [12579.365899] RIP: 0010:memcmp+0xb/0x29 [12579.365921] Call Trace: [12579.365927] get_mst_branch_device_by_guid_helper+0x22/0x64 [12579.365930] drm_dp_mst_up_req_work+0x137/0x416 [12579.365933] process_one_work+0x1d0/0x419 [12579.365935] worker_thread+0x11a/0x289 [12579.365938] kthread+0x13e/0x14f [12579.365941] ? process_one_work+0x419/0x419 [12579.365943] ? kthread_blkcg+0x31/0x31 [12579.365946] ret_from_fork+0x1f/0x30 As get_mst_branch_device_by_guid_helper() is recursive, moving condition to the first line allow to remove a similar one for step over of NULL elements inside a loop. Fixes: 5e93b8208d3c ("drm/dp/mst: move GUID storage from mgr, port to only mst branch") Cc: <stable(a)vger.kernel.org> # 4.14+ Signed-off-by: Lukasz Majczak <lma(a)semihalf.com> Reviewed-by: Radoslaw Biernacki <rad(a)chromium.org> Signed-off-by: Manasi Navare <navaremanasi(a)chromium.org> Link: https://patchwork.freedesktop.org/patch/msgid/20230922063410.23626-1-lma@se… diff --git a/drivers/gpu/drm/display/drm_dp_mst_topology.c b/drivers/gpu/drm/display/drm_dp_mst_topology.c index ed96cfcfa304..8c929ef72c72 100644 --- a/drivers/gpu/drm/display/drm_dp_mst_topology.c +++ b/drivers/gpu/drm/display/drm_dp_mst_topology.c @@ -2574,14 +2574,14 @@ static struct drm_dp_mst_branch *get_mst_branch_device_by_guid_helper( struct drm_dp_mst_branch *found_mstb; struct drm_dp_mst_port *port; + if (!mstb) + return NULL; + if (memcmp(mstb->guid, guid, 16) == 0) return mstb; list_for_each_entry(port, &mstb->ports, next) { - if (!port->mstb) - continue; - found_mstb = get_mst_branch_device_by_guid_helper(port->mstb, guid); if (found_mstb)

1 year, 2 months

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror October 2023