Commit f54ca91f authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'net-5.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 

Pull networking fixes from Jakub Kicinski:
 "Including fixes from bpf, can and netfilter.

  Current release - regressions:

   - bpf: do not reject when the stack read size is different from the
     tracked scalar size

   - net: fix premature exit from NAPI state polling in napi_disable()

   - riscv, bpf: fix RV32 broken build, and silence RV64 warning

  Current release - new code bugs:

   - net: fix possible NULL deref in sock_reserve_memory

   - amt: fix error return code in amt_init(); fix stopping the
     workqueue

   - ax88796c: use the correct ioctl callback

  Previous releases - always broken:

   - bpf: stop caching subprog index in the bpf_pseudo_func insn

   - security: fixups for the security hooks in sctp

   - nfc: add necessary privilege flags in netlink layer, limit
     operations to admin only

   - vsock: prevent unnecessary refcnt inc for non-blocking connect

   - net/smc: fix sk_refcnt underflow on link down and fallback

   - nfnetlink_queue: fix OOB when mac header was cleared

   - can: j1939: ignore invalid messages per standard

   - bpf, sockmap:
      - fix race in ingress receive verdict with redirect to self
      - fix incorrect sk_skb data_end access when src_reg = dst_reg
      - strparser, and tls are reusing qdisc_skb_cb and colliding

   - ethtool: fix ethtool msg len calculation for pause stats

   - vlan: fix a UAF in vlan_dev_real_dev() when ref-holder tries to
     access an unregistering real_dev

   - udp6: make encap_rcv() bump the v6 not v4 stats

   - drv: prestera: add explicit padding to fix m68k build

   - drv: felix: fix broken VLAN-tagged PTP under VLAN-aware bridge

   - drv: mvpp2: fix wrong SerDes reconfiguration order

  Misc & small latecomers:

   - ipvs: auto-load ipvs on genl access

   - mctp: sanity check the struct sockaddr_mctp padding fields

   - libfs: support RENAME_EXCHANGE in simple_rename()

   - avoid double accounting for pure zerocopy skbs"

* tag 'net-5.16-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (123 commits)
  selftests/net: udpgso_bench_rx: fix port argument
  net: wwan: iosm: fix compilation warning
  cxgb4: fix eeprom len when diagnostics not implemented
  net: fix premature exit from NAPI state polling in napi_disable()
  net/smc: fix sk_refcnt underflow on linkdown and fallback
  net/mlx5: Lag, fix a potential Oops with mlx5_lag_create_definer()
  gve: fix unmatched u64_stats_update_end()
  net: ethernet: lantiq_etop: Fix compilation error
  selftests: forwarding: Fix packet matching in mirroring selftests
  vsock: prevent unnecessary refcnt inc for nonblocking connect
  net: marvell: mvpp2: Fix wrong SerDes reconfiguration order
  net: ethernet: ti: cpsw_ale: Fix access to un-initialized memory
  net: stmmac: allow a tc-taprio base-time of zero
  selftests: net: test_vxlan_under_vrf: fix HV connectivity test
  net: hns3: allow configure ETS bandwidth of all TCs
  net: hns3: remove check VF uc mac exist when set by PF
  net: hns3: fix some mac statistics is always 0 in device version V2
  net: hns3: fix kernel crash when unload VF while it is being reset
  net: hns3: sync rx ring head in echo common pull
  net: hns3: fix pfc packet number incorrect after querying pfc parameters
  ...
parents c55a0417 d336509c

Documentation/networking/ip-sysctl.rst

+2 −4
Original line number Diff line number Diff line
@@ -1004,13 +1004,11 @@ udp_l3mdev_accept - BOOLEAN 
udp_mem - vector of 3 INTEGERs: min, pressure, max

	Number of pages allowed for queueing by all UDP sockets.



	min: Below this number of pages UDP is not bothered about its

	memory appetite. When amount of memory allocated by UDP exceeds

	this number, UDP starts to moderate memory usage.

	min: Number of pages allowed for queueing by all UDP sockets.



	pressure: This value was introduced to follow format of tcp_mem.



	max: Number of pages allowed for queueing by all UDP sockets.

	max: This value was introduced to follow format of tcp_mem.



	Default is calculated at boot time from amount of available memory.

Documentation/security/SCTP.rst

+33 −32
Original line number Diff line number Diff line
@@ -15,10 +15,7 @@ For security module support, three SCTP specific hooks have been implemented:: 
    security_sctp_assoc_request()

    security_sctp_bind_connect()

    security_sctp_sk_clone()



Also the following security hook has been utilised::



    security_inet_conn_established()

    security_sctp_assoc_established()



The usage of these hooks are described below with the SELinux implementation

described in the `SCTP SELinux Support`_ chapter.
@@ -26,11 +23,11 @@ described in the `SCTP SELinux Support`_ chapter. 


security_sctp_assoc_request()

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Passes the ``@ep`` and ``@chunk->skb`` of the association INIT packet to the

Passes the ``@asoc`` and ``@chunk->skb`` of the association INIT packet to the

security module. Returns 0 on success, error on failure.

::



    @ep - pointer to sctp endpoint structure.

    @asoc - pointer to sctp association structure.

    @skb - pointer to skbuff of association packet.
@@ -117,16 +114,17 @@ Called whenever a new socket is created by **accept**\(2) 
calls **sctp_peeloff**\(3).

::



    @ep - pointer to current sctp endpoint structure.

    @asoc - pointer to current sctp association structure.

    @sk - pointer to current sock structure.

    @sk - pointer to new sock structure.

    @newsk - pointer to new sock structure.





security_inet_conn_established()

security_sctp_assoc_established()

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Called when a COOKIE ACK is received::

Called when a COOKIE ACK is received, and the peer secid will be

saved into ``@asoc->peer_secid`` for client::



    @sk  - pointer to sock structure.

    @asoc - pointer to sctp association structure.

    @skb - pointer to skbuff of the COOKIE ACK packet.
@@ -134,7 +132,7 @@ Security Hooks used for Association Establishment 
-------------------------------------------------



The following diagram shows the use of ``security_sctp_bind_connect()``,

``security_sctp_assoc_request()``, ``security_inet_conn_established()`` when

``security_sctp_assoc_request()``, ``security_sctp_assoc_established()`` when

establishing an association.

::
@@ -151,9 +149,9 @@ establishing an association. 
         INIT --------------------------------------------->

                                                   sctp_sf_do_5_1B_init()

                                                 Respond to an INIT chunk.

                                             SCTP peer endpoint "A" is

                                             asking for an association. Call

                                             security_sctp_assoc_request()

                                             SCTP peer endpoint "A" is asking

                                             for a temporary association.

                                             Call security_sctp_assoc_request()

                                             to set the peer label if first

                                             association.

                                             If not first association, check
@@ -163,13 +161,16 @@ establishing an association. 
          |                                       discard the packet.

          |

    COOKIE ECHO ------------------------------------------>

                                                          |

                                                          |

                                                          |

                                                  sctp_sf_do_5_1D_ce()

                                             Respond to an COOKIE ECHO chunk.

                                             Confirm the cookie and create a

                                             permanent association.

                                             Call security_sctp_assoc_request() to

                                             do the same as for INIT chunk Response.

          <------------------------------------------- COOKIE ACK

          |                                               |

    sctp_sf_do_5_1E_ca                                    |

 Call security_inet_conn_established()                    |

 Call security_sctp_assoc_established()                   |

 to set the peer label.                                   |

          |                                               |

          |                               If SCTP_SOCKET_TCP or peeled off
@@ -195,27 +196,27 @@ hooks with the SELinux specifics expanded below:: 
    security_sctp_assoc_request()

    security_sctp_bind_connect()

    security_sctp_sk_clone()

    security_inet_conn_established()

    security_sctp_assoc_established()





security_sctp_assoc_request()

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Passes the ``@ep`` and ``@chunk->skb`` of the association INIT packet to the

Passes the ``@asoc`` and ``@chunk->skb`` of the association INIT packet to the

security module. Returns 0 on success, error on failure.

::



    @ep - pointer to sctp endpoint structure.

    @asoc - pointer to sctp association structure.

    @skb - pointer to skbuff of association packet.



The security module performs the following operations:

     IF this is the first association on ``@ep->base.sk``, then set the peer

     IF this is the first association on ``@asoc->base.sk``, then set the peer

     sid to that in ``@skb``. This will ensure there is only one peer sid

     assigned to ``@ep->base.sk`` that may support multiple associations.

     assigned to ``@asoc->base.sk`` that may support multiple associations.



     ELSE validate the ``@ep->base.sk peer_sid`` against the ``@skb peer sid``

     ELSE validate the ``@asoc->base.sk peer_sid`` against the ``@skb peer sid``

     to determine whether the association should be allowed or denied.



     Set the sctp ``@ep sid`` to socket's sid (from ``ep->base.sk``) with

     Set the sctp ``@asoc sid`` to socket's sid (from ``asoc->base.sk``) with

     MLS portion taken from ``@skb peer sid``. This will be used by SCTP

     TCP style sockets and peeled off connections as they cause a new socket

     to be generated.
@@ -259,21 +260,21 @@ security_sctp_sk_clone() 
Called whenever a new socket is created by **accept**\(2) (i.e. a TCP style

socket) or when a socket is 'peeled off' e.g userspace calls

**sctp_peeloff**\(3). ``security_sctp_sk_clone()`` will set the new

sockets sid and peer sid to that contained in the ``@ep sid`` and

``@ep peer sid`` respectively.

sockets sid and peer sid to that contained in the ``@asoc sid`` and

``@asoc peer sid`` respectively.

::



    @ep - pointer to current sctp endpoint structure.

    @asoc - pointer to current sctp association structure.

    @sk - pointer to current sock structure.

    @sk - pointer to new sock structure.

    @newsk - pointer to new sock structure.





security_inet_conn_established()

security_sctp_assoc_established()

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Called when a COOKIE ACK is received where it sets the connection's peer sid

to that in ``@skb``::



    @sk  - pointer to sock structure.

    @asoc - pointer to sctp association structure.

    @skb - pointer to skbuff of the COOKIE ACK packet.

MAINTAINERS

+3 −2
Original line number Diff line number Diff line
@@ -872,9 +872,10 @@ F: Documentation/devicetree/bindings/thermal/amazon,al-thermal.txt 
F:	drivers/thermal/thermal_mmio.c









AMAZON ETHERNET DRIVERS









M:	Netanel Belgazal <netanel@amazon.com>









M:	Shay Agroskin <shayagr@amazon.com>









M:	Arthur Kiyanovski <akiyano@amazon.com>









R:	Guy Tzalik <gtzalik@amazon.com>









R:	David Arinzon <darinzon@amazon.com>









R:	Noam Dagan <ndagan@amazon.com>









R:	Saeed Bishara <saeedb@amazon.com>









L:	netdev@vger.kernel.org









S:	Supported
































arch/riscv/mm/extable.c



+2
−2






























Original line number
Diff line number
Diff line







@@ -11,7 +11,7 @@







#include <linux/module.h>









#include <linux/uaccess.h>



















#ifdef CONFIG_BPF_JIT









#if defined(CONFIG_BPF_JIT) && defined(CONFIG_ARCH_RV64I)









int rv_bpf_fixup_exception(const struct exception_table_entry *ex, struct pt_regs *regs);









#endif


















@@ -23,7 +23,7 @@ int fixup_exception(struct pt_regs *regs)







	if (!fixup)









		return 0;



















#ifdef CONFIG_BPF_JIT









#if defined(CONFIG_BPF_JIT) && defined(CONFIG_ARCH_RV64I)









	if (regs->epc >= BPF_JIT_REGION_START && regs->epc < BPF_JIT_REGION_END)









		return rv_bpf_fixup_exception(fixup, regs);









#endif
































arch/riscv/net/bpf_jit_comp64.c



+2
−0






























Original line number
Diff line number
Diff line







@@ -459,6 +459,8 @@ static int emit_call(bool fixed, u64 addr, struct rv_jit_context *ctx)







#define BPF_FIXUP_OFFSET_MASK   GENMASK(26, 0)









#define BPF_FIXUP_REG_MASK      GENMASK(31, 27)



















int rv_bpf_fixup_exception(const struct exception_table_entry *ex,









				struct pt_regs *regs);









int rv_bpf_fixup_exception(const struct exception_table_entry *ex,









				struct pt_regs *regs)









{