Hi Linus!
Couple of "new code fixes" which is annoying this late, but neither
of those gives me pause.
We pooped it by merging a Xen patch too quickly, and Juergen ended
up sending you a different version via his tree, so you'll see
a conflict. Just keep what you have. Link to the linux-next conflict
report:
https://lore.kernel.org/all/[email protected]/
There is an outstanding regression in BPF / Peter's static calls stuff,
you can probably judge this sort of stuff better than I can:
https://lore.kernel.org/all/CACkBjsYioeJLhJAZ=Sq4CAL2O_W+5uqcJynFgLSizWLqEjNrjw@mail.gmail.com/
No other known regressions.
The following changes since commit 01f856ae6d0ca5ad0505b79bf2d22d7ca439b2a1:
Merge tag 'net-6.1-rc8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net (2022-11-29 09:52:10 -0800)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git tags/net-6.1-rc9
for you to fetch changes up to f8bac7f9fdb0017b32157957ffffd490f95faa07:
net: dsa: sja1105: avoid out of bounds access in sja1105_init_l2_policing() (2022-12-08 09:38:31 -0800)
----------------------------------------------------------------
Including fixes from bluetooth, can and netfilter.
Current release - new code bugs:
- bonding: ipv6: correct address used in Neighbour Advertisement
parsing (src vs dst typo)
- fec: properly scope IRQ coalesce setup during link up to supported
chips only
Previous releases - regressions:
- Bluetooth fixes for fake CSR clones (knockoffs):
- re-add ERR_DATA_REPORTING quirk
- fix crash when device is replugged
- Bluetooth:
- silence a user-triggerable dmesg error message
- L2CAP: fix u8 overflow, oob access
- correct vendor codec definition
- fix support for Read Local Supported Codecs V2
- ti: am65-cpsw: fix RGMII configuration at SPEED_10
- mana: fix race on per-CQ variable NAPI work_done
Previous releases - always broken:
- af_unix: diag: fetch user_ns from in_skb in unix_diag_get_exact(),
avoid null-deref
- af_can: fix NULL pointer dereference in can_rcv_filter
- can: slcan: fix UAF with a freed work
- can: can327: flush TX_work on ldisc .close()
- macsec: add missing attribute validation for offload
- ipv6: avoid use-after-free in ip6_fragment()
- nft_set_pipapo: actually validate intervals in fields
after the first one
- mvneta: prevent oob access in mvneta_config_rss()
- ipv4: fix incorrect route flushing when table ID 0 is used,
or when source address is deleted
- phy: mxl-gpy: add workaround for IRQ bug on GPY215B and GPY215C
Signed-off-by: Jakub Kicinski <[email protected]>
----------------------------------------------------------------
Akihiko Odaki (2):
e1000e: Fix TX dispatch condition
igb: Allocate MSI-X vector when testing
Alexandra Winter (1):
s390/qeth: fix use-after-free in hsci
Artem Chernyshev (3):
net: dsa: ksz: Check return value
net: dsa: hellcreek: Check return value
net: dsa: sja1105: Check return value
Casper Andersson (1):
net: microchip: sparx5: correctly free skb in xmit
Chen Zhongjin (1):
Bluetooth: Fix not cleanup led when bt_init fails
Chethan T N (2):
Bluetooth: Remove codec id field in vendor codec definition
Bluetooth: Fix support for Read Local Supported Codecs V2
Dan Carpenter (2):
net: mvneta: Prevent out of bounds read in mvneta_config_rss()
net: mvneta: Fix an out of bounds check
David S. Miller (1):
Merge branch 'vmxnet3-fixes'
Emeel Hakim (1):
macsec: add missing attribute validation for offload
Eric Dumazet (1):
ipv6: avoid use-after-free in ip6_fragment()
Florian Westphal (1):
inet: ping: use hlist_nulls rcu iterator during lookup
Frank Jungclaus (1):
can: esd_usb: Allow REC and TEC to return to zero
Haiyang Zhang (1):
net: mana: Fix race on per-CQ variable napi work_done
Hangbin Liu (2):
ip_gre: do not report erspan version on GRE interface
bonding: get correct NA dest address
Hauke Mehrtens (1):
ca8210: Fix crash by zero initializing data
Ido Schimmel (2):
ipv4: Fix incorrect route flushing when source address is deleted
ipv4: Fix incorrect route flushing when table ID 0 is used
Ismael Ferreras Morezuelas (2):
Bluetooth: btusb: Fix CSR clones again by re-adding ERR_DATA_REPORTING quirk
Bluetooth: btusb: Add debug message for CSR controllers
Jakub Kicinski (6):
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf
Merge branch '1GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/net-queue
Merge tag 'for-net-2022-12-02' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth
Merge branch 'ipv4-two-bug-fixes'
Merge branch '40GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/net-queue
Merge tag 'linux-can-fixes-for-6.1-20221207' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can
Jiri Slaby (SUSE) (1):
can: slcan: fix freed work crash
Jisheng Zhang (1):
net: stmmac: fix "snps,axi-config" node property parsing
Kees Cook (1):
NFC: nci: Bounds check struct nfc_target arrays
Kuniyuki Iwashima (2):
af_unix: Get user_ns from in_skb in unix_diag_get_exact().
af_unix: Add test for sock_diag and UDIAG_SHOW_UID.
Lin Liu (1):
xen-netfront: Fix NULL sring after live migration
Liu Jian (2):
net: hisilicon: Fix potential use-after-free in hisi_femac_rx()
net: hisilicon: Fix potential use-after-free in hix5hd2_rx()
Luiz Augusto von Dentz (1):
Bluetooth: Fix crash when replugging CSR fake controllers
Mateusz Jończyk (1):
Bluetooth: silence a dmesg error message in hci_request.c
Max Staudt (1):
can: can327: flush TX_work on ldisc .close()
Michael Walle (1):
net: phy: mxl-gpy: add MDINT workaround
Michal Jaron (1):
i40e: Fix not setting default xps_cpus after reset
Oliver Hartkopp (1):
can: af_can: fix NULL pointer dereference in can_rcv_filter
Pablo Neira Ayuso (1):
netfilter: ctnetlink: fix compilation warning after data race fixes in ct mark
Paolo Abeni (2):
Merge branch 'af_unix-fix-a-null-deref-in-sk_diag_dump_uid'
Merge tag 'ieee802154-for-net-2022-12-05' of git://git.kernel.org/pub/scm/linux/kernel/git/sschmidt/wpan
Przemyslaw Patynowski (1):
i40e: Disallow ip4 and ip6 l4_4_bytes
Qiheng Lin (1):
net: microchip: sparx5: Fix missing destroy_workqueue of mact_queue
Radu Nicolae Pirea (OSS) (1):
net: dsa: sja1105: avoid out of bounds access in sja1105_init_l2_policing()
Rasmus Villemoes (1):
net: fec: properly guard irq coalesce setup
Ronak Doshi (2):
vmxnet3: correctly report encapsulated LRO packet
vmxnet3: use correct intrConf reference when using extended queues
Siddharth Vadapalli (1):
net: ethernet: ti: am65-cpsw: Fix RGMII configuration at SPEED_10
Stefano Brivio (1):
netfilter: nft_set_pipapo: Actually validate intervals in fields after the first one
Sungwoo Kim (1):
Bluetooth: L2CAP: Fix u8 overflow
Sylwester Dziedziuch (1):
i40e: Fix for VF MAC address 0
Tianjia Zhang (1):
selftests/tls: Fix tls selftests dependency to correct algorithm
Tiezhu Yang (1):
selftests: net: Use "grep -E" instead of "egrep"
Valentina Goncharenko (2):
net: encx24j600: Add parentheses to fix precedence
net: encx24j600: Fix invalid logic in reading of MISTAT register
Vladimir Oltean (1):
net: dsa: mv88e6xxx: accept phy-mode = "internal" for internal PHY ports
Wang ShaoBo (2):
Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn()
Bluetooth: hci_conn: add missing hci_dev_put() in iso_listen_bis()
Wei Yongjun (1):
mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add()
Xin Long (3):
netfilter: flowtable_offload: fix using __this_cpu_add in preemptible
netfilter: conntrack: fix using __this_cpu_add in preemptible
tipc: call tipc_lxc_xmit without holding node_read_lock
Yang Yingliang (3):
net: mdiobus: fix double put fwnode in the error path
xen/netback: don't call kfree_skb() under spin_lock_irqsave()
net: plip: don't call kfree_skb/dev_kfree_skb() under spin_lock_irq()
Yinjun Zhang (1):
nfp: correct desc type when header dma len is 4096
Yongqiang Liu (1):
net: thunderx: Fix missing destroy_workqueue of nicvf_rx_mode_wq
Yuan Can (1):
dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove()
YueHaibing (3):
net: broadcom: Add PTP_1588_CLOCK_OPTIONAL dependency for BCMGENET under ARCH_BCM2835
ravb: Fix potential use-after-free in ravb_rx_gbeth()
tipc: Fix potential OOB in tipc_link_proto_rcv()
Zeng Heng (1):
net: mdio: fix unbalanced fwnode reference count in mdio_device_release()
Zhang Changzhong (1):
ethernet: aeroflex: fix potential skb leak in greth_init_rings()
Zhengchao Shao (4):
selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload
net: wwan: iosm: fix memory leak in ipc_mux_init()
net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions()
net: thunderbolt: fix memory leak in tbnet_open()
Ziyang Xuan (2):
ieee802154: cc2520: Fix error return code in cc2520_hw_init()
octeontx2-pf: Fix potential memory leak in otx2_init_tc()
.clang-format | 1 +
drivers/bluetooth/btusb.c | 6 +
drivers/net/bonding/bond_main.c | 2 +-
drivers/net/can/can327.c | 17 +-
drivers/net/can/slcan/slcan-core.c | 10 +-
drivers/net/can/usb/esd_usb.c | 6 +
drivers/net/dsa/mv88e6xxx/chip.c | 7 +-
drivers/net/dsa/sja1105/sja1105_devlink.c | 2 +
drivers/net/dsa/sja1105/sja1105_main.c | 2 +-
drivers/net/ethernet/aeroflex/greth.c | 1 +
drivers/net/ethernet/broadcom/Kconfig | 3 +-
drivers/net/ethernet/cavium/thunder/nicvf_main.c | 4 +-
.../ethernet/freescale/dpaa2/dpaa2-switch-flower.c | 4 +
drivers/net/ethernet/freescale/fec_main.c | 3 +-
drivers/net/ethernet/hisilicon/hisi_femac.c | 2 +-
drivers/net/ethernet/hisilicon/hix5hd2_gmac.c | 2 +-
drivers/net/ethernet/intel/e1000e/netdev.c | 4 +-
drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 12 +-
drivers/net/ethernet/intel/i40e/i40e_main.c | 19 ++-
drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 2 +
drivers/net/ethernet/intel/igb/igb_ethtool.c | 2 +
drivers/net/ethernet/marvell/mvneta.c | 2 +-
.../net/ethernet/marvell/octeontx2/nic/otx2_tc.c | 7 +-
drivers/net/ethernet/microchip/encx24j600-regmap.c | 4 +-
.../net/ethernet/microchip/sparx5/sparx5_fdma.c | 2 +-
.../net/ethernet/microchip/sparx5/sparx5_main.c | 3 +
.../net/ethernet/microchip/sparx5/sparx5_packet.c | 41 +++--
drivers/net/ethernet/microsoft/mana/gdma.h | 9 +-
drivers/net/ethernet/microsoft/mana/mana_en.c | 16 +-
drivers/net/ethernet/netronome/nfp/nfdk/dp.c | 6 +-
drivers/net/ethernet/renesas/ravb_main.c | 2 +-
.../net/ethernet/stmicro/stmmac/stmmac_platform.c | 8 +-
drivers/net/ethernet/ti/am65-cpsw-nuss.c | 2 +-
drivers/net/ieee802154/ca8210.c | 2 +-
drivers/net/ieee802154/cc2520.c | 2 +-
drivers/net/macsec.c | 1 +
drivers/net/mdio/fwnode_mdio.c | 4 +-
drivers/net/mdio/of_mdio.c | 3 +-
drivers/net/phy/mdio_device.c | 2 +
drivers/net/phy/mxl-gpy.c | 85 ++++++++++
drivers/net/plip/plip.c | 4 +-
drivers/net/thunderbolt.c | 1 +
drivers/net/vmxnet3/vmxnet3_drv.c | 27 +++-
drivers/net/wwan/iosm/iosm_ipc_mux.c | 1 +
drivers/net/xen-netback/rx.c | 2 +-
drivers/net/xen-netfront.c | 6 +
drivers/s390/net/qeth_l2_main.c | 2 +-
include/net/bluetooth/hci.h | 12 +-
include/net/ping.h | 3 -
net/bluetooth/6lowpan.c | 1 +
net/bluetooth/af_bluetooth.c | 4 +-
net/bluetooth/hci_codec.c | 19 +--
net/bluetooth/hci_core.c | 8 +-
net/bluetooth/hci_request.c | 2 +-
net/bluetooth/hci_sync.c | 19 ++-
net/bluetooth/iso.c | 1 +
net/bluetooth/l2cap_core.c | 3 +-
net/can/af_can.c | 6 +-
net/dsa/tag_hellcreek.c | 3 +-
net/dsa/tag_ksz.c | 3 +-
net/dsa/tag_sja1105.c | 3 +-
net/ipv4/fib_frontend.c | 3 +
net/ipv4/fib_semantics.c | 1 +
net/ipv4/ip_gre.c | 48 +++---
net/ipv4/ping.c | 7 +-
net/ipv6/ip6_output.c | 5 +
net/mac802154/iface.c | 1 +
net/netfilter/nf_conntrack_core.c | 6 +-
net/netfilter/nf_conntrack_netlink.c | 19 +--
net/netfilter/nf_flow_table_offload.c | 6 +-
net/netfilter/nft_set_pipapo.c | 5 +-
net/nfc/nci/ntf.c | 6 +
net/tipc/link.c | 4 +-
net/tipc/node.c | 12 +-
net/unix/diag.c | 20 ++-
tools/testing/selftests/net/.gitignore | 1 +
tools/testing/selftests/net/af_unix/Makefile | 2 +-
tools/testing/selftests/net/af_unix/diag_uid.c | 178 +++++++++++++++++++++
tools/testing/selftests/net/config | 2 +-
tools/testing/selftests/net/fib_tests.sh | 37 +++++
tools/testing/selftests/net/rtnetlink.sh | 2 +-
tools/testing/selftests/net/toeplitz.sh | 2 +-
82 files changed, 644 insertions(+), 165 deletions(-)
create mode 100644 tools/testing/selftests/net/af_unix/diag_uid.c
On Thu, Dec 8, 2022 at 1:00 PM Jakub Kicinski <[email protected]> wrote:
>
> There is an outstanding regression in BPF / Peter's static calls stuff,
Looks like it's not related to the static calls. Jiri says that
reverting that static call change makes no difference, and currently
suspects a RCU race instead:
https://lore.kernel.org/bpf/Y5M9P95l85oMHki9@krava/T/#t
Hmm?
Linus
On Fri, 9 Dec 2022 10:25:09 -0800 Linus Torvalds wrote:
> > There is an outstanding regression in BPF / Peter's static calls stuff,
>
> Looks like it's not related to the static calls. Jiri says that
> reverting that static call change makes no difference, and currently
> suspects a RCU race instead:
>
> https://lore.kernel.org/bpf/Y5M9P95l85oMHki9@krava/T/#t
>
> Hmm?
Yes. I can't quickly grok how the static call changes impacted
the locking. I'll poke the BPF people to give us a sense of urgency.
IDK how likely it is to get hold of Peter Z..
On Fri, 9 Dec 2022 13:00:01 -0800 Jakub Kicinski wrote:
> On Fri, 9 Dec 2022 10:25:09 -0800 Linus Torvalds wrote:
> > > There is an outstanding regression in BPF / Peter's static calls stuff,
> >
> > Looks like it's not related to the static calls. Jiri says that
> > reverting that static call change makes no difference, and currently
> > suspects a RCU race instead:
> >
> > https://lore.kernel.org/bpf/Y5M9P95l85oMHki9@krava/T/#t
> >
> > Hmm?
>
> Yes. I can't quickly grok how the static call changes impacted
> the locking. I'll poke the BPF people to give us a sense of urgency.
> IDK how likely it is to get hold of Peter Z..
Adding Alexei et al. to the CC.
What I understood from off-list comments is the issue is not
a showstopper and synchronize_rcu_tasks() seems like a good fix.
On Fri, Dec 9, 2022 at 2:05 PM Jakub Kicinski <[email protected]> wrote:
>
> On Fri, 9 Dec 2022 13:00:01 -0800 Jakub Kicinski wrote:
> > On Fri, 9 Dec 2022 10:25:09 -0800 Linus Torvalds wrote:
> > > > There is an outstanding regression in BPF / Peter's static calls stuff,
> > >
> > > Looks like it's not related to the static calls. Jiri says that
> > > reverting that static call change makes no difference, and currently
> > > suspects a RCU race instead:
> > >
> > > https://lore.kernel.org/bpf/Y5M9P95l85oMHki9@krava/T/#t
> > >
> > > Hmm?
> >
> > Yes. I can't quickly grok how the static call changes impacted
> > the locking. I'll poke the BPF people to give us a sense of urgency.
> > IDK how likely it is to get hold of Peter Z..
>
> Adding Alexei et al. to the CC.
> What I understood from off-list comments is the issue is not
> a showstopper and synchronize_rcu_tasks() seems like a good fix.
Confirming. The bug is not a show stopper.
The nature of the bug still needs to be understood though.