August 2024 - Linux-stable-mirror

[PATCH v3 net] net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings

by longli＠linuxonhyperv.com

From: Long Li <longli(a)microsoft.com> After napi_complete_done() is called when NAPI is polling in the current process context, another NAPI may be scheduled and start running in softirq on another CPU and may ring the doorbell before the current CPU does. When combined with unnecessary rings when there is no need to arm the CQ, it triggers error paths in the hardware. This patch fixes this by calling napi_complete_done() after doorbell rings. It limits the number of unnecessary rings when there is no need to arm. MANA hardware specifies that there must be one doorbell ring every 8 CQ wraparounds. This driver guarantees one doorbell ring as soon as the number of consumed CQEs exceeds 4 CQ wraparounds. In practical workloads, the 4 CQ wraparounds proves to be big enough that it rarely exceeds this limit before all the napi weight is consumed. To implement this, add a per-CQ counter cq->work_done_since_doorbell, and make sure the CQ is armed as soon as passing 4 wraparounds of the CQ. Cc: stable(a)vger.kernel.org Fixes: e1b5683ff62e ("net: mana: Move NAPI from EQ to CQ") Reviewed-by: Haiyang Zhang <haiyangz(a)microsoft.com> Signed-off-by: Long Li <longli(a)microsoft.com> --- change in v2: Added more details to comments to explain the patch. change in v3: Corrected typo. Removed extra empty lines between "Fixes" and "Reviewed-by". drivers/net/ethernet/microsoft/mana/mana_en.c | 24 ++++++++++++------- include/net/mana/mana.h | 1 + 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/drivers/net/ethernet/microsoft/mana/mana_en.c b/drivers/net/ethernet/microsoft/mana/mana_en.c index d2f07e179e86..f83211f9e737 100644 --- a/drivers/net/ethernet/microsoft/mana/mana_en.c +++ b/drivers/net/ethernet/microsoft/mana/mana_en.c @@ -1788,7 +1788,6 @@ static void mana_poll_rx_cq(struct mana_cq *cq) static int mana_cq_handler(void *context, struct gdma_queue *gdma_queue) { struct mana_cq *cq = context; - u8 arm_bit; int w; WARN_ON_ONCE(cq->gdma_cq != gdma_queue); @@ -1799,16 +1798,23 @@ static int mana_cq_handler(void *context, struct gdma_queue *gdma_queue) mana_poll_tx_cq(cq); w = cq->work_done; - - if (w < cq->budget && - napi_complete_done(&cq->napi, w)) { - arm_bit = SET_ARM_BIT; - } else { - arm_bit = 0; + cq->work_done_since_doorbell += w; + + if (w < cq->budget) { + mana_gd_ring_cq(gdma_queue, SET_ARM_BIT); + cq->work_done_since_doorbell = 0; + napi_complete_done(&cq->napi, w); + } else if (cq->work_done_since_doorbell > + cq->gdma_cq->queue_size / COMP_ENTRY_SIZE * 4) { + /* MANA hardware requires at least one doorbell ring every 8 + * wraparounds of CQ even if there is no need to arm the CQ. + * This driver rings the doorbell as soon as we have exceeded + * 4 wraparounds. + */ + mana_gd_ring_cq(gdma_queue, 0); + cq->work_done_since_doorbell = 0; } - mana_gd_ring_cq(gdma_queue, arm_bit); - return w; } diff --git a/include/net/mana/mana.h b/include/net/mana/mana.h index 6439fd8b437b..7caa334f4888 100644 --- a/include/net/mana/mana.h +++ b/include/net/mana/mana.h @@ -275,6 +275,7 @@ struct mana_cq { /* NAPI data */ struct napi_struct napi; int work_done; + int work_done_since_doorbell; int budget; }; -- 2.17.1

8 months, 2 weeks

2
1
0 0

[PATCH v2] pps: add an error check in parport_attach

by Ma Ke

In parport_attach, the return value of ida_alloc is unchecked, witch leads to the use of an invalid index value. To address this issue, index should be checked. When the index value is abnormal, the device should be freed. Found by code review, compile tested only. Cc: stable(a)vger.kernel.org Fixes: 55dbc5b5174d ("pps: remove usage of the deprecated ida_simple_xx() API") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - removed error output as suggestions. --- drivers/pps/clients/pps_parport.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/pps/clients/pps_parport.c b/drivers/pps/clients/pps_parport.c index 63d03a0df5cc..abaffb4e1c1c 100644 --- a/drivers/pps/clients/pps_parport.c +++ b/drivers/pps/clients/pps_parport.c @@ -149,6 +149,9 @@ static void parport_attach(struct parport *port) } index = ida_alloc(&pps_client_index, GFP_KERNEL); + if (index < 0) + goto err_free_device; + memset(&pps_client_cb, 0, sizeof(pps_client_cb)); pps_client_cb.private = device; pps_client_cb.irq_func = parport_irq; @@ -159,7 +162,7 @@ static void parport_attach(struct parport *port) index); if (!device->pardev) { pr_err("couldn't register with %s\n", port->name); - goto err_free; + goto err_free_ida; } if (parport_claim_or_block(device->pardev) < 0) { @@ -187,8 +190,9 @@ static void parport_attach(struct parport *port) parport_release(device->pardev); err_unregister_dev: parport_unregister_device(device->pardev); -err_free: +err_free_ida: ida_free(&pps_client_index, index); +err_free_device: kfree(device); } -- 2.25.1

8 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] mptcp: fully established after ADD_ADDR echo on MPJ" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x d67c5649c1541dc93f202eeffc6f49220a4ed71d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081209-wrongly-zen-35f3@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: d67c5649c154 ("mptcp: fully established after ADD_ADDR echo on MPJ") b3ea6b272d79 ("mptcp: consolidate initial ack seq generation") f3589be0c420 ("mptcp: never shrink offered window") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d67c5649c1541dc93f202eeffc6f49220a4ed71d Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Wed, 31 Jul 2024 13:05:53 +0200 Subject: [PATCH] mptcp: fully established after ADD_ADDR echo on MPJ Before this patch, receiving an ADD_ADDR echo on the just connected MP_JOIN subflow -- initiator side, after the MP_JOIN 3WHS -- was resulting in an MP_RESET. That's because only ACKs with a DSS or ADD_ADDRs without the echo bit were allowed. Not allowing the ADD_ADDR echo after an MP_CAPABLE 3WHS makes sense, as we are not supposed to send an ADD_ADDR before because it requires to be in full established mode first. For the MP_JOIN 3WHS, that's different: the ADD_ADDR can be sent on a previous subflow, and the ADD_ADDR echo can be received on the recently created one. The other peer will already be in fully established, so it is allowed to send that. We can then relax the conditions here to accept the ADD_ADDR echo for MPJ subflows. Fixes: 67b12f792d5e ("mptcp: full fully established support after ADD_ADDR") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240731-upstream-net-20240731-mptcp-endp-subflow-… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/options.c b/net/mptcp/options.c index 8a68382a4fe9..ac2f1a54cc43 100644 --- a/net/mptcp/options.c +++ b/net/mptcp/options.c @@ -958,7 +958,8 @@ static bool check_fully_established(struct mptcp_sock *msk, struct sock *ssk, if (subflow->remote_key_valid && (((mp_opt->suboptions & OPTION_MPTCP_DSS) && mp_opt->use_ack) || - ((mp_opt->suboptions & OPTION_MPTCP_ADD_ADDR) && !mp_opt->echo))) { + ((mp_opt->suboptions & OPTION_MPTCP_ADD_ADDR) && + (!mp_opt->echo || subflow->mp_join)))) { /* subflows are fully established as soon as we get any * additional ack, including ADD_ADDR. */

8 months, 2 weeks

3
2
0 0

[PATCH v5.10 v2] powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt.

by Jinjie Ruan

From: Mahesh Salgaonkar <mahesh(a)linux.ibm.com> [ Upstream commit 0db880fc865ffb522141ced4bfa66c12ab1fbb70 ] nmi_enter()/nmi_exit() touches per cpu variables which can lead to kernel crash when invoked during real mode interrupt handling (e.g. early HMI/MCE interrupt handler) if percpu allocation comes from vmalloc area. Early HMI/MCE handlers are called through DEFINE_INTERRUPT_HANDLER_NMI() wrapper which invokes nmi_enter/nmi_exit calls. We don't see any issue when percpu allocation is from the embedded first chunk. However with CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK enabled there are chances where percpu allocation can come from the vmalloc area. With kernel command line "percpu_alloc=page" we can force percpu allocation to come from vmalloc area and can see kernel crash in machine_check_early: [ 1.215714] NIP [c000000000e49eb4] rcu_nmi_enter+0x24/0x110 [ 1.215717] LR [c0000000000461a0] machine_check_early+0xf0/0x2c0 [ 1.215719] --- interrupt: 200 [ 1.215720] [c000000fffd73180] [0000000000000000] 0x0 (unreliable) [ 1.215722] [c000000fffd731b0] [0000000000000000] 0x0 [ 1.215724] [c000000fffd73210] [c000000000008364] machine_check_early_common+0x134/0x1f8 Fix this by avoiding use of nmi_enter()/nmi_exit() in real mode if percpu first chunk is not embedded. CVE-2024-42126 Cc: stable(a)vger.kernel.org#5.10.x Cc: gregkh(a)linuxfoundation.org Reviewed-by: Christophe Leroy <christophe.leroy(a)csgroup.eu> Tested-by: Shirisha Ganta <shirisha(a)linux.ibm.com> Signed-off-by: Mahesh Salgaonkar <mahesh(a)linux.ibm.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Link: https://msgid.link/20240410043006.81577-1-mahesh@linux.ibm.com [ Conflicts in arch/powerpc/include/asm/interrupt.h because machine_check_early() and machine_check_exception() has been refactored. ] Signed-off-by: Jinjie Ruan <ruanjinjie(a)huawei.com> --- v2: - Also fix for CONFIG_PPC_BOOK3S_64 not enabled. - Add Upstream. - Cc stable(a)vger.kernel.org. --- arch/powerpc/include/asm/percpu.h | 10 ++++++++++ arch/powerpc/kernel/mce.c | 14 +++++++++++--- arch/powerpc/kernel/setup_64.c | 2 ++ arch/powerpc/kernel/traps.c | 8 +++++++- 4 files changed, 30 insertions(+), 4 deletions(-) diff --git a/arch/powerpc/include/asm/percpu.h b/arch/powerpc/include/asm/percpu.h index 8e5b7d0b851c..634970ce13c6 100644 --- a/arch/powerpc/include/asm/percpu.h +++ b/arch/powerpc/include/asm/percpu.h @@ -15,6 +15,16 @@ #endif /* CONFIG_SMP */ #endif /* __powerpc64__ */ +#if defined(CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK) && defined(CONFIG_SMP) +#include <linux/jump_label.h> +DECLARE_STATIC_KEY_FALSE(__percpu_first_chunk_is_paged); + +#define percpu_first_chunk_is_paged \ + (static_key_enabled(&__percpu_first_chunk_is_paged.key)) +#else +#define percpu_first_chunk_is_paged false +#endif /* CONFIG_PPC64 && CONFIG_SMP */ + #include <asm-generic/percpu.h> #include <asm/paca.h> diff --git a/arch/powerpc/kernel/mce.c b/arch/powerpc/kernel/mce.c index 63702c0badb9..259343040e1b 100644 --- a/arch/powerpc/kernel/mce.c +++ b/arch/powerpc/kernel/mce.c @@ -594,8 +594,15 @@ long notrace machine_check_early(struct pt_regs *regs) u8 ftrace_enabled = this_cpu_get_ftrace_enabled(); this_cpu_set_ftrace_enabled(0); - /* Do not use nmi_enter/exit for pseries hpte guest */ - if (radix_enabled() || !firmware_has_feature(FW_FEATURE_LPAR)) + /* + * Do not use nmi_enter/exit for pseries hpte guest + * + * Likewise, do not use it in real mode if percpu first chunk is not + * embedded. With CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK enabled there + * are chances where percpu allocation can come from vmalloc area. + */ + if ((radix_enabled() || !firmware_has_feature(FW_FEATURE_LPAR)) && + !percpu_first_chunk_is_paged) nmi_enter(); hv_nmi_check_nonrecoverable(regs); @@ -606,7 +613,8 @@ long notrace machine_check_early(struct pt_regs *regs) if (ppc_md.machine_check_early) handled = ppc_md.machine_check_early(regs); - if (radix_enabled() || !firmware_has_feature(FW_FEATURE_LPAR)) + if ((radix_enabled() || !firmware_has_feature(FW_FEATURE_LPAR)) && + !percpu_first_chunk_is_paged) nmi_exit(); this_cpu_set_ftrace_enabled(ftrace_enabled); diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c index 3f8426bccd16..899d87de0165 100644 --- a/arch/powerpc/kernel/setup_64.c +++ b/arch/powerpc/kernel/setup_64.c @@ -824,6 +824,7 @@ static int pcpu_cpu_distance(unsigned int from, unsigned int to) unsigned long __per_cpu_offset[NR_CPUS] __read_mostly; EXPORT_SYMBOL(__per_cpu_offset); +DEFINE_STATIC_KEY_FALSE(__percpu_first_chunk_is_paged); static void __init pcpu_populate_pte(unsigned long addr) { @@ -903,6 +904,7 @@ void __init setup_per_cpu_areas(void) if (rc < 0) panic("cannot initialize percpu area (err=%d)", rc); + static_key_enable(&__percpu_first_chunk_is_paged.key); delta = (unsigned long)pcpu_base_addr - (unsigned long)__per_cpu_start; for_each_possible_cpu(cpu) { __per_cpu_offset[cpu] = delta + pcpu_unit_offsets[cpu]; diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c index b0e87dce2b9a..b4d108bef814 100644 --- a/arch/powerpc/kernel/traps.c +++ b/arch/powerpc/kernel/traps.c @@ -835,8 +835,14 @@ void machine_check_exception(struct pt_regs *regs) * This is silly. The BOOK3S_64 should just call a different function * rather than expecting semantics to magically change. Something * like 'non_nmi_machine_check_exception()', perhaps? + * + * Do not use nmi_enter/exit in real mode if percpu first chunk is + * not embedded. With CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK enabled + * there are chances where percpu allocation can come from + * vmalloc area. */ - const bool nmi = !IS_ENABLED(CONFIG_PPC_BOOK3S_64); + const bool nmi = !IS_ENABLED(CONFIG_PPC_BOOK3S_64) && + !percpu_first_chunk_is_paged; if (nmi) nmi_enter(); -- 2.34.1

8 months, 2 weeks

2
2
0 0

[PATCH v5.15 RESEND] wifi: mac80211: check basic rates validity

by Vincenzo Mezzela

From: Johannes Berg <johannes.berg(a)intel.com> commit ce04abc3fcc62cd5640af981ebfd7c4dc3bded28 upstream. When userspace sets basic rates, it might send us some rates list that's empty or consists of invalid values only. We're currently ignoring invalid values and then may end up with a rates bitmap that's empty, which later results in a warning. Reject the call if there were no valid rates. [ Conflict resolution involved adjusting the patch to accommodate changes in the function signature of ieee80211_parse_bitrates, specifically the updated first parameter ] Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Reported-by: syzbot+19013115c9786bfd0c4e(a)syzkaller.appspotmail.com Tested-by: syzbot+19013115c9786bfd0c4e(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=19013115c9786bfd0c4e Signed-off-by: Vincenzo Mezzela <vincenzo.mezzela(a)gmail.com> --- Hi, I'm resending the backport for v5.15 [1], following the one I previously sent for v6.1 [2]. Best regards, Vincenzo - [1] https://lore.kernel.org/all/20240727125033.1774143-1-vincenzo.mezzela@gmail… - [2] https://lore.kernel.org/all/20240729134318.291424-1-vincenzo.mezzela@gmail.… net/mac80211/cfg.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index f277ce839ddb..85abd3ff07b4 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c @@ -2339,6 +2339,17 @@ static int ieee80211_change_bss(struct wiphy *wiphy, if (!sband) return -EINVAL; + if (params->basic_rates) { + if (!ieee80211_parse_bitrates(&sdata->vif.bss_conf.chandef, + wiphy->bands[sband->band], + params->basic_rates, + params->basic_rates_len, + &sdata->vif.bss_conf.basic_rates)) + return -EINVAL; + changed |= BSS_CHANGED_BASIC_RATES; + ieee80211_check_rate_mask(sdata); + } + if (params->use_cts_prot >= 0) { sdata->vif.bss_conf.use_cts_prot = params->use_cts_prot; changed |= BSS_CHANGED_ERP_CTS_PROT; @@ -2362,16 +2373,6 @@ static int ieee80211_change_bss(struct wiphy *wiphy, changed |= BSS_CHANGED_ERP_SLOT; } - if (params->basic_rates) { - ieee80211_parse_bitrates(&sdata->vif.bss_conf.chandef, - wiphy->bands[sband->band], - params->basic_rates, - params->basic_rates_len, - &sdata->vif.bss_conf.basic_rates); - changed |= BSS_CHANGED_BASIC_RATES; - ieee80211_check_rate_mask(sdata); - } - if (params->ap_isolate >= 0) { if (params->ap_isolate) sdata->flags |= IEEE80211_SDATA_DONT_BRIDGE_PACKETS; -- 2.43.0

8 months, 2 weeks

2
1
0 0

[PATCH -stable,4.19.x 0/3] Netfilter fixes for -stable

by Pablo Neira Ayuso

Hi Greg, Sasha, This batch contains a backport for recent fixes already upstream for 4.19.x. The following list shows the backported patches, I am using original commit IDs for reference: 1) b53c11664250 ("netfilter: nf_tables: set element extended ACK reporting support") 2) 7395dfacfff6 ("netfilter: nf_tables: use timestamp to check for set element timeout") 3) cff3bd012a95 ("netfilter: nf_tables: prefer nft_chain_validate") Please, apply, Thanks Florian Westphal (1): netfilter: nf_tables: prefer nft_chain_validate Pablo Neira Ayuso (2): netfilter: nf_tables: set element extended ACK reporting support netfilter: nf_tables: use timestamp to check for set element timeout include/net/netfilter/nf_tables.h | 21 ++++- net/netfilter/nf_tables_api.c | 128 ++++++------------------------ net/netfilter/nft_set_hash.c | 8 +- net/netfilter/nft_set_rbtree.c | 6 +- 4 files changed, 53 insertions(+), 110 deletions(-) -- 2.30.2

8 months, 2 weeks

2
4
0 0

[PATCH -stable,5.4.x 0/3] Netfilter fixes for -stable

by Pablo Neira Ayuso

Hi Greg, Sasha, This batch contains a backport for recent fixes already upstream for 5.4.x. The following list shows the backported patches, I am using original commit IDs for reference: 1) b53c11664250 ("netfilter: nf_tables: set element extended ACK reporting support") 2) 7395dfacfff6 ("netfilter: nf_tables: use timestamp to check for set element timeout") 3) cff3bd012a95 ("netfilter: nf_tables: prefer nft_chain_validate") Please, apply, Thanks Florian Westphal (1): netfilter: nf_tables: prefer nft_chain_validate Pablo Neira Ayuso (2): netfilter: nf_tables: set element extended ACK reporting support netfilter: nf_tables: use timestamp to check for set element timeout include/net/netfilter/nf_tables.h | 21 ++++- net/netfilter/nf_tables_api.c | 128 ++++++------------------------ net/netfilter/nft_set_hash.c | 8 +- net/netfilter/nft_set_rbtree.c | 6 +- 4 files changed, 53 insertions(+), 110 deletions(-) -- 2.30.2

8 months, 2 weeks

2
4
0 0

[PATCH -stable,5.10.x 0/4] Netfilter fixes for -stable

by Pablo Neira Ayuso

Hi Greg, Sasha, This batch contains a backport for recent fixes already upstream for 5.10.x. The following list shows the backported patches, I am using original commit IDs for reference: 1) b53c11664250 ("netfilter: nf_tables: set element extended ACK reporting support") This improves error reporting when adding more than one single element to set, it is not specifically fixing up a crash. 2) 7395dfacfff6 ("netfilter: nf_tables: use timestamp to check for set element timeout") 3) fa23e0d4b756 ("netfilter: nf_tables: allow clone callbacks to sleep") 4) cff3bd012a95 ("netfilter: nf_tables: prefer nft_chain_validate") Please, apply, Thanks Florian Westphal (1): netfilter: nf_tables: prefer nft_chain_validate Pablo Neira Ayuso (3): netfilter: nf_tables: set element extended ACK reporting support netfilter: nf_tables: use timestamp to check for set element timeout netfilter: nf_tables: allow clone callbacks to sleep include/net/netfilter/nf_tables.h | 25 ++++- net/netfilter/nf_tables_api.c | 149 ++++++------------------------ net/netfilter/nft_connlimit.c | 2 +- net/netfilter/nft_counter.c | 4 +- net/netfilter/nft_dynset.c | 2 +- net/netfilter/nft_set_hash.c | 8 +- net/netfilter/nft_set_pipapo.c | 18 ++-- net/netfilter/nft_set_rbtree.c | 6 +- 8 files changed, 74 insertions(+), 140 deletions(-) -- 2.30.2

8 months, 2 weeks

2
5
0 0

[PATCH -stable,5.15.x 0/5] Netfilter fixes for -stable

by Pablo Neira Ayuso

Hi Greg, Sasha, This batch contains a backport for recent fixes already upstream for 5.15.x. The following list shows the backported patches, I am using original commit IDs for reference: 1) b53c11664250 ("netfilter: nf_tables: set element extended ACK reporting support") This improves error reporting when adding more than one single element to set, it is not specifically fixing up a crash. 2) 7395dfacfff6 ("netfilter: nf_tables: use timestamp to check for set element timeout") 3) 3c13725f43dc ("netfilter: nf_tables: bail out if stateful expression provides no .clone") 4) fa23e0d4b756 ("netfilter: nf_tables: allow clone callbacks to sleep") 5) cff3bd012a95 ("netfilter: nf_tables: prefer nft_chain_validate") Please, apply, Thanks Florian Westphal (2): netfilter: nf_tables: allow clone callbacks to sleep netfilter: nf_tables: prefer nft_chain_validate Pablo Neira Ayuso (3): netfilter: nf_tables: set element extended ACK reporting support netfilter: nf_tables: use timestamp to check for set element timeout netfilter: nf_tables: bail out if stateful expression provides no .clone include/net/netfilter/nf_tables.h | 20 +++- net/netfilter/nf_tables_api.c | 188 ++++++------------------------ net/netfilter/nft_connlimit.c | 4 +- net/netfilter/nft_counter.c | 4 +- net/netfilter/nft_dynset.c | 2 +- net/netfilter/nft_last.c | 4 +- net/netfilter/nft_limit.c | 14 ++- net/netfilter/nft_quota.c | 4 +- net/netfilter/nft_set_hash.c | 8 +- net/netfilter/nft_set_pipapo.c | 18 +-- net/netfilter/nft_set_rbtree.c | 6 +- 11 files changed, 90 insertions(+), 182 deletions(-) -- 2.30.2

8 months, 2 weeks

2
6
0 0

[PATCH 6.1 1/1] tls: fix race between tx work scheduling and socket close

by Lee Jones

From: Jakub Kicinski <kuba(a)kernel.org> [ Upstream commit e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb ] Similarly to previous commit, the submitting thread (recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete(). Reorder scheduling the work before calling complete(). This seems more logical in the first place, as it's the inverse order of what the submitting thread will do. Reported-by: valis <sec(a)valis.email> Fixes: a42055e8d2c3 ("net/tls: Add support for async encryption of records for performance") Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Reviewed-by: Simon Horman <horms(a)kernel.org> Reviewed-by: Sabrina Dubroca <sd(a)queasysnail.net> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> (cherry picked from commit 6db22d6c7a6dc914b12c0469b94eb639b6a8a146) [Lee: Fixed merge-conflict in Stable branches linux-6.1.y and older] Signed-off-by: Lee Jones <lee(a)kernel.org> --- net/tls/tls_sw.c | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index 2bd27b77769cb..d53587ff9ddea 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -449,7 +449,6 @@ static void tls_encrypt_done(crypto_completion_data_t *data, int err) struct scatterlist *sge; struct sk_msg *msg_en; struct tls_rec *rec; - bool ready = false; struct sock *sk; rec = container_of(aead_req, struct tls_rec, aead_req); @@ -486,19 +485,16 @@ static void tls_encrypt_done(crypto_completion_data_t *data, int err) /* If received record is at head of tx_list, schedule tx */ first_rec = list_first_entry(&ctx->tx_list, struct tls_rec, list); - if (rec == first_rec) - ready = true; + if (rec == first_rec) { + /* Schedule the transmission */ + if (!test_and_set_bit(BIT_TX_SCHEDULED, + &ctx->tx_bitmask)) + schedule_delayed_work(&ctx->tx_work.work, 1); + } } if (atomic_dec_and_test(&ctx->encrypt_pending)) complete(&ctx->async_wait.completion); - - if (!ready) - return; - - /* Schedule the transmission */ - if (!test_and_set_bit(BIT_TX_SCHEDULED, &ctx->tx_bitmask)) - schedule_delayed_work(&ctx->tx_work.work, 1); } static int tls_encrypt_async_wait(struct tls_sw_context_tx *ctx) -- 2.44.0.278.ge034bb2e1d-goog

8 months, 2 weeks

5
8
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror August 2024