TechPanelGM/kernel_xiaomi_sm8250
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge android-4.19-stable.157 (8ee67bc) into msm-4.19

Browse Source 
* refs/heads/tmp-8ee67bc
  Revert "nl80211: fix non-split wiphy information"
  Reverting usb changes
  Linux 4.19.157
  powercap: restrict energy meter to root access
  Revert "ANDROID: Kbuild, LLVMLinux: allow overriding clang target triple"
  Linux 4.19.156
  arm64: dts: marvell: espressobin: Add ethernet switch aliases
  net: dsa: read mac address from DT for slave device
  tools: perf: Fix build error in v4.19.y
  perf/core: Fix a memory leak in perf_event_parse_addr_filter()
  PM: runtime: Resume the device earlier in __device_release_driver()
  Revert "ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE"
  ARC: stack unwinding: avoid indefinite looping
  usb: mtu3: fix panic in mtu3_gadget_stop()
  USB: Add NO_LPM quirk for Kingston flash drive
  USB: serial: option: add Telit FN980 composition 0x1055
  USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231
  USB: serial: option: add Quectel EC200T module support
  USB: serial: cyberjack: fix write-URB completion race
  serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init
  serial: 8250_mtk: Fix uart_get_baud_rate warning
  fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
  vt: Disable KD_FONT_OP_COPY
  ACPI: NFIT: Fix comparison to '-ENXIO'
  drm/vc4: drv: Add error handding for bind
  vsock: use ns_capable_noaudit() on socket create
  scsi: core: Don't start concurrent async scan on same host
  blk-cgroup: Pre-allocate tree node on blkg_conf_prep
  blk-cgroup: Fix memleak on error path
  of: Fix reserved-memory overlap detection
  x86/kexec: Use up-to-dated screen_info copy to fill boot params
  ARM: dts: sun4i-a10: fix cpu_alert temperature
  futex: Handle transient "ownerless" rtmutex state correctly
  tracing: Fix out of bounds write in get_trace_buf
  ftrace: Handle tracing when switching between context
  ftrace: Fix recursion check for NMI test
  ring-buffer: Fix recursion protection transitions between interrupt context
  gfs2: Wake up when sd_glock_disposal becomes zero
  mm: always have io_remap_pfn_range() set pgprot_decrypted()
  kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled
  lib/crc32test: remove extra local_irq_disable/enable
  mm: mempolicy: fix potential pte_unmap_unlock pte error
  ALSA: usb-audio: Add implicit feedback quirk for MODX
  ALSA: usb-audio: Add implicit feedback quirk for Qu-16
  ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices
  ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2
  Fonts: Replace discarded const qualifier
  btrfs: tree-checker: fix the error message for transid error
  btrfs: tree-checker: Verify inode item
  btrfs: tree-checker: Enhance chunk checker to validate chunk profile
  btrfs: tree-checker: Fix wrong check on max devid
  btrfs: tree-checker: Verify dev item
  btrfs: tree-checker: Check chunk item at tree block read time
  btrfs: tree-checker: Make btrfs_check_chunk_valid() return EUCLEAN instead of EIO
  btrfs: tree-checker: Make chunk item checker messages more readable
  btrfs: Move btrfs_check_chunk_valid() to tree-check.[ch] and export it
  btrfs: Don't submit any btree write bio if the fs has errors
  Btrfs: fix unwritten extent buffers and hangs on future writeback attempts
  btrfs: extent_io: add proper error handling to lock_extent_buffer_for_io()
  btrfs: extent_io: Handle errors better in btree_write_cache_pages()
  btrfs: extent_io: Handle errors better in extent_write_full_page()
  btrfs: flush write bio if we loop in extent_write_cache_pages
  Revert "btrfs: flush write bio if we loop in extent_write_cache_pages"
  btrfs: extent_io: Move the BUG_ON() in flush_write_bio() one level up
  btrfs: extent_io: Kill the forward declaration of flush_write_bio
  blktrace: fix debugfs use after free
  sfp: Fix error handing in sfp_probe()
  sctp: Fix COMM_LOST/CANT_STR_ASSOC err reporting on big-endian platforms
  net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition
  gianfar: Account for Tx PTP timestamp in the skb headroom
  gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP
  chelsio/chtls: fix always leaking ctrl_skb
  chelsio/chtls: fix memory leaks caused by a race
  cadence: force nonlinear buffers to be cloned
  ptrace: fix task_join_group_stop() for the case when current is traced
  tipc: fix use-after-free in tipc_bcast_get_mode
  drm/i915: Break up error capture compression loops with cond_resched()
  ANDROID: fuse: Add support for d_canonical_path
  ANDROID: vfs: add d_canonical_path for stacked filesystem support
  ANDROID: Temporarily disable XFRM_USER_COMPAT filtering
  Linux 4.19.155
  staging: octeon: Drop on uncorrectable alignment or FCS error
  staging: octeon: repair "fixed-link" support
  staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice
  KVM: arm64: Fix AArch32 handling of DBGD{CCINT,SCRext} and DBGVCR
  device property: Don't clear secondary pointer for shared primary firmware node
  device property: Keep secondary firmware node secondary by type
  ARM: s3c24xx: fix missing system reset
  ARM: samsung: fix PM debug build with DEBUG_LL but !MMU
  arm: dts: mt7623: add missing pause for switchport
  hil/parisc: Disable HIL driver when it gets stuck
  cachefiles: Handle readpage error correctly
  arm64: berlin: Select DW_APB_TIMER_OF
  tty: make FONTX ioctl use the tty pointer they were actually passed
  rtc: rx8010: don't modify the global rtc ops
  drm/ttm: fix eviction valuable range check.
  ext4: fix invalid inode checksum
  ext4: fix error handling code in add_new_gdb
  ext4: fix leaking sysfs kobject after failed mount
  vringh: fix __vringh_iov() when riov and wiov are different
  ring-buffer: Return 0 on success from ring_buffer_resize()
  9P: Cast to loff_t before multiplying
  libceph: clear con->out_msg on Policy::stateful_server faults
  ceph: promote to unsigned long long before shifting
  drm/amd/display: Don't invoke kgdb_breakpoint() unconditionally
  drm/amdgpu: don't map BO in reserved region
  i2c: imx: Fix external abort on interrupt in exit paths
  ia64: fix build error with !COREDUMP
  ubi: check kthread_should_stop() after the setting of task state
  perf python scripting: Fix printable strings in python3 scripts
  ubifs: dent: Fix some potential memory leaks while iterating entries
  NFSD: Add missing NFSv2 .pc_func methods
  NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag
  powerpc: Fix undetected data corruption with P9N DD2.1 VSX CI load emulation
  powerpc/powernv/elog: Fix race while processing OPAL error log event.
  powerpc: Warn about use of smt_snooze_delay
  powerpc/rtas: Restrict RTAS requests from userspace
  s390/stp: add locking to sysfs functions
  powerpc/drmem: Make lmb_size 64 bit
  iio:gyro:itg3200: Fix timestamp alignment and prevent data leak.
  iio:adc:ti-adc12138 Fix alignment issue with timestamp
  iio:adc:ti-adc0832 Fix alignment issue with timestamp
  iio:light:si1145: Fix timestamp alignment and prevent data leak.
  dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status
  udf: Fix memory leak when mounting
  HID: wacom: Avoid entering wacom_wac_pen_report for pad / battery
  vt: keyboard, extend func_buf_lock to readers
  vt: keyboard, simplify vt_kdgkbsent
  drm/i915: Force VT'd workarounds when running as a guest OS
  usb: host: fsl-mph-dr-of: check return of dma_set_mask()
  usb: typec: tcpm: reset hard_reset_count for any disconnect
  usb: cdc-acm: fix cooldown mechanism
  usb: dwc3: core: don't trigger runtime pm when remove driver
  usb: dwc3: core: add phy cleanup for probe error handling
  usb: dwc3: gadget: Check MPS of the request length
  usb: dwc3: ep0: Fix ZLP for OUT ep0 requests
  usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC
  btrfs: fix use-after-free on readahead extent after failure to create it
  btrfs: cleanup cow block on error
  btrfs: use kvzalloc() to allocate clone_roots in btrfs_ioctl_send()
  btrfs: send, recompute reference path after orphanization of a directory
  btrfs: reschedule if necessary when logging directory items
  btrfs: improve device scanning messages
  btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode
  scsi: qla2xxx: Fix crash on session cleanup with unload
  scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove()
  w1: mxc_w1: Fix timeout resolution problem leading to bus error
  acpi-cpufreq: Honor _PSD table setting on new AMD CPUs
  ACPI: debug: don't allow debugging when ACPI is disabled
  ACPI: video: use ACPI backlight for HP 635 Notebook
  ACPI / extlog: Check for RDMSR failure
  ACPI: button: fix handling lid state changes when input device closed
  NFS: fix nfs_path in case of a rename retry
  fs: Don't invalidate page buffers in block_write_full_page()
  media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect
  leds: bcm6328, bcm6358: use devres LED registering function
  perf/x86/amd/ibs: Fix raw sample data accumulation
  perf/x86/amd/ibs: Don't include randomized bits in get_ibs_op_count()
  mmc: sdhci-acpi: AMDI0040: Set SDHCI_QUIRK2_PRESET_VALUE_BROKEN
  md/raid5: fix oops during stripe resizing
  nvme-rdma: fix crash when connect rejected
  sgl_alloc_order: fix memory leak
  nbd: make the config put is called before the notifying the waiter
  ARM: dts: s5pv210: remove dedicated 'audio-subsystem' node
  ARM: dts: s5pv210: move PMU node out of clock controller
  ARM: dts: s5pv210: remove DMA controller bus node name to fix dtschema warnings
  memory: emif: Remove bogus debugfs error handling
  ARM: dts: omap4: Fix sgx clock rate for 4430
  arm64: dts: renesas: ulcb: add full-pwr-cycle-in-suspend into eMMC nodes
  cifs: handle -EINTR in cifs_setattr
  gfs2: add validation checks for size of superblock
  ext4: Detect already used quota file early
  drivers: watchdog: rdc321x_wdt: Fix race condition bugs
  net: 9p: initialize sun_server.sun_path to have addr's value only when addr is valid
  clk: ti: clockdomain: fix static checker warning
  rpmsg: glink: Use complete_all for open states
  bnxt_en: Log unknown link speed appropriately.
  md/bitmap: md_bitmap_get_counter returns wrong blocks
  btrfs: fix replace of seed device
  drm/amd/display: HDMI remote sink need mode validation for Linux
  power: supply: test_power: add missing newlines when printing parameters by sysfs
  bus/fsl_mc: Do not rely on caller to provide non NULL mc_io
  drivers/net/wan/hdlc_fr: Correctly handle special skb->protocol values
  ACPI: Add out of bounds and numa_off protections to pxm_to_node()
  xfs: don't free rt blocks when we're doing a REMAP bunmapi call
  arm64/mm: return cpu_all_mask when node is NUMA_NO_NODE
  usb: xhci: omit duplicate actions when suspending a runtime suspended host.
  uio: free uio id after uio file node is freed
  USB: adutux: fix debugging
  cpufreq: sti-cpufreq: add stih418 support
  riscv: Define AT_VECTOR_SIZE_ARCH for ARCH_DLINFO
  media: uvcvideo: Fix dereference of out-of-bound list iterator
  kgdb: Make "kgdbcon" work properly with "kgdb_earlycon"
  ia64: kprobes: Use generic kretprobe trampoline handler
  printk: reduce LOG_BUF_SHIFT range for H8300
  arm64: topology: Stop using MPIDR for topology information
  drm/bridge/synopsys: dsi: add support for non-continuous HS clock
  mmc: via-sdmmc: Fix data race bug
  media: imx274: fix frame interval handling
  media: tw5864: check status of tw5864_frameinterval_get
  usb: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart
  media: platform: Improve queue set up flow for bug fixing
  media: videodev2.h: RGB BT2020 and HSV are always full range
  drm/brige/megachips: Add checking if ge_b850v3_lvds_init() is working correctly
  ath10k: fix VHT NSS calculation when STBC is enabled
  ath10k: start recovery process when payload length exceeds max htc length for sdio
  video: fbdev: pvr2fb: initialize variables
  xfs: fix realtime bitmap/summary file truncation when growing rt volume
  power: supply: bq27xxx: report "not charging" on all types
  ARM: 8997/2: hw_breakpoint: Handle inexact watchpoint addresses
  um: change sigio_spinlock to a mutex
  f2fs: fix to check segment boundary during SIT page readahead
  f2fs: fix uninit-value in f2fs_lookup
  f2fs: add trace exit in exception path
  sparc64: remove mm_cpumask clearing to fix kthread_use_mm race
  powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM
  mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race
  powerpc/powernv/smp: Fix spurious DBG() warning
  futex: Fix incorrect should_fail_futex() handling
  ata: sata_nv: Fix retrieving of active qcs
  RDMA/qedr: Fix memory leak in iWARP CM
  mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish()
  x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels
  xen/events: block rogue events for some time
  xen/events: defer eoi in case of excessive number of events
  xen/events: use a common cpu hotplug hook for event channels
  xen/events: switch user event channels to lateeoi model
  xen/pciback: use lateeoi irq binding
  xen/pvcallsback: use lateeoi irq binding
  xen/scsiback: use lateeoi irq binding
  xen/netback: use lateeoi irq binding
  xen/blkback: use lateeoi irq binding
  xen/events: add a new "late EOI" evtchn framework
  xen/events: fix race in evtchn_fifo_unmask()
  xen/events: add a proper barrier to 2-level uevent unmasking
  xen/events: avoid removing an event channel while handling it
  xen/events: don't use chip_data for legacy IRQs
  Revert "block: ratelimit handle_bad_sector() message"
  fscrypt: fix race where ->lookup() marks plaintext dentry as ciphertext
  fscrypt: only set dentry_operations on ciphertext dentries
  fs, fscrypt: clear DCACHE_ENCRYPTED_NAME when unaliasing directory
  fscrypt: fix race allowing rename() and link() of ciphertext dentries
  fscrypt: clean up and improve dentry revalidation
  fscrypt: return -EXDEV for incompatible rename or link into encrypted dir
  ata: sata_rcar: Fix DMA boundary mask
  serial: pl011: Fix lockdep splat when handling magic-sysrq interrupt
  mtd: lpddr: Fix bad logic in print_drs_error
  RDMA/addr: Fix race with netevent_callback()/rdma_addr_cancel()
  cxl: Rework error message for incompatible slots
  p54: avoid accessing the data mapped to streaming DMA
  evm: Check size of security.evm before using it
  bpf: Fix comment for helper bpf_current_task_under_cgroup()
  fuse: fix page dereference after free
  x86/xen: disable Firmware First mode for correctable memory errors
  arch/x86/amd/ibs: Fix re-arming IBS Fetch
  cxgb4: set up filter action after rewrites
  r8169: fix issue with forced threading in combination with shared interrupts
  tipc: fix memory leak caused by tipc_buf_append()
  tcp: Prevent low rmem stalls with SO_RCVLOWAT.
  ravb: Fix bit fields checking in ravb_hwtstamp_get()
  netem: fix zero division in tabledist
  mlxsw: core: Fix memory leak on module removal
  gtp: fix an use-before-init in gtp_newlink()
  chelsio/chtls: fix tls record info to user
  chelsio/chtls: fix memory leaks in CPL handlers
  chelsio/chtls: fix deadlock issue
  efivarfs: Replace invalid slashes with exclamation marks in dentries.
  x86/PCI: Fix intel_mid_pci.c build error when ACPI is not enabled
  arm64: link with -z norelro regardless of CONFIG_RELOCATABLE
  arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs
  scripts/setlocalversion: make git describe output more reliable
  objtool: Support Clang non-section symbols in ORC generation
  ANDROID: GKI: Enable DEBUG_INFO_DWARF4
  UPSTREAM: mm/sl[uo]b: export __kmalloc_track(_node)_caller
  BACKPORT: xfrm/compat: Translate 32-bit user_policy from sockptr
  BACKPORT: xfrm/compat: Add 32=>64-bit messages translator
  UPSTREAM: xfrm/compat: Attach xfrm dumps to 64=>32 bit translator
  UPSTREAM: xfrm/compat: Add 64=>32-bit messages translator
  BACKPORT: xfrm: Provide API to register translator module
  ANDROID: Publish uncompressed Image on aarch64
  FROMLIST: crypto: arm64/poly1305-neon - reorder PAC authentication with SP update
  UPSTREAM: crypto: arm64/chacha - fix chacha_4block_xor_neon() for big endian
  UPSTREAM: crypto: arm64/chacha - fix hchacha_block_neon() for big endian
  Linux 4.19.154
  usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets.
  eeprom: at25: set minimum read/write access stride to 1
  USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync().
  usb: cdc-acm: add quirk to blacklist ETAS ES58X devices
  tty: serial: fsl_lpuart: fix lpuart32_poll_get_char
  net: korina: cast KSEG0 address to pointer in kfree
  ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n()
  scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config()
  usb: core: Solve race condition in anchor cleanup functions
  brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach
  mwifiex: don't call del_timer_sync() on uninitialized timer
  reiserfs: Fix memory leak in reiserfs_parse_options()
  ipvs: Fix uninit-value in do_ip_vs_set_ctl()
  tty: ipwireless: fix error handling
  scsi: qedi: Fix list_del corruption while removing active I/O
  scsi: qedi: Protect active command list to avoid list corruption
  Fix use after free in get_capset_info callback.
  rtl8xxxu: prevent potential memory leak
  brcmsmac: fix memory leak in wlc_phy_attach_lcnphy
  scsi: ibmvfc: Fix error return in ibmvfc_probe()
  Bluetooth: Only mark socket zapped after unlocking
  usb: ohci: Default to per-port over-current protection
  xfs: make sure the rt allocator doesn't run off the end
  reiserfs: only call unlock_new_inode() if I_NEW
  misc: rtsx: Fix memory leak in rtsx_pci_probe
  ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs()
  can: flexcan: flexcan_chip_stop(): add error handling and propagate error value
  usb: dwc3: simple: add support for Hikey 970
  USB: cdc-acm: handle broken union descriptors
  udf: Avoid accessing uninitialized data on failed inode read
  udf: Limit sparing table size
  usb: gadget: function: printer: fix use-after-free in __lock_acquire
  misc: vop: add round_up(x,4) for vring_size to avoid kernel panic
  mic: vop: copy data to kernel space then write to io memory
  scsi: target: core: Add CONTROL field for trace events
  scsi: mvumi: Fix error return in mvumi_io_attach()
  PM: hibernate: remove the bogus call to get_gendisk() in software_resume()
  mac80211: handle lack of sband->bitrates in rates
  ip_gre: set dev->hard_header_len and dev->needed_headroom properly
  ntfs: add check for mft record size in superblock
  media: venus: core: Fix runtime PM imbalance in venus_probe
  fs: dlm: fix configfs memory leak
  media: saa7134: avoid a shift overflow
  mmc: sdio: Check for CISTPL_VERS_1 buffer size
  media: uvcvideo: Ensure all probed info is returned to v4l2
  media: media/pci: prevent memory leak in bttv_probe
  media: bdisp: Fix runtime PM imbalance on error
  media: platform: sti: hva: Fix runtime PM imbalance on error
  media: platform: s3c-camif: Fix runtime PM imbalance on error
  media: vsp1: Fix runtime PM imbalance on error
  media: exynos4-is: Fix a reference count leak
  media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync
  media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync
  media: sti: Fix reference count leaks
  media: st-delta: Fix reference count leak in delta_run_work
  media: ati_remote: sanity check for both endpoints
  media: firewire: fix memory leak
  crypto: ccp - fix error handling
  block: ratelimit handle_bad_sector() message
  i2c: core: Restore acpi_walk_dep_device_list() getting called after registering the ACPI i2c devs
  perf: correct SNOOPX field offset
  sched/features: Fix !CONFIG_JUMP_LABEL case
  NTB: hw: amd: fix an issue about leak system resources
  nvmet: fix uninitialized work for zero kato
  powerpc/powernv/dump: Fix race while processing OPAL dump
  arm64: dts: zynqmp: Remove additional compatible string for i2c IPs
  ARM: dts: owl-s500: Fix incorrect PPI interrupt specifiers
  arm64: dts: qcom: msm8916: Fix MDP/DSI interrupts
  arm64: dts: qcom: pm8916: Remove invalid reg size from wcd_codec
  memory: fsl-corenet-cf: Fix handling of platform_get_irq() error
  memory: omap-gpmc: Fix build error without CONFIG_OF
  memory: omap-gpmc: Fix a couple off by ones
  ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix dcdc1 regulator
  ARM: dts: imx6sl: fix rng node
  netfilter: nf_fwd_netdev: clear timestamp in forwarding path
  netfilter: conntrack: connection timeout after re-register
  KVM: x86: emulating RDPID failure shall return #UD rather than #GP
  Input: sun4i-ps2 - fix handling of platform_get_irq() error
  Input: twl4030_keypad - fix handling of platform_get_irq() error
  Input: omap4-keypad - fix handling of platform_get_irq() error
  Input: ep93xx_keypad - fix handling of platform_get_irq() error
  Input: stmfts - fix a & vs && typo
  Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume()
  SUNRPC: fix copying of multiple pages in gss_read_proxy_verf()
  vfio iommu type1: Fix memory leak in vfio_iommu_type1_pin_pages
  vfio/pci: Clear token on bypass registration failure
  ext4: limit entries returned when counting fsmap records
  svcrdma: fix bounce buffers for unaligned offsets and multiple pages
  watchdog: sp5100: Fix definition of EFCH_PM_DECODEEN3
  watchdog: Use put_device on error
  watchdog: Fix memleak in watchdog_cdev_register
  clk: bcm2835: add missing release if devm_clk_hw_register fails
  clk: at91: clk-main: update key before writing AT91_CKGR_MOR
  clk: rockchip: Initialize hw to error to avoid undefined behavior
  pwm: img: Fix null pointer access in probe
  rpmsg: smd: Fix a kobj leak in in qcom_smd_parse_edge()
  PCI: iproc: Set affinity mask on MSI interrupts
  i2c: rcar: Auto select RESET_CONTROLLER
  mailbox: avoid timer start from callback
  rapidio: fix the missed put_device() for rio_mport_add_riodev
  rapidio: fix error handling path
  ramfs: fix nommu mmap with gaps in the page cache
  lib/crc32.c: fix trivial typo in preprocessor condition
  f2fs: wait for sysfs kobject removal before freeing f2fs_sb_info
  IB/rdmavt: Fix sizeof mismatch
  cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_reboot_notifier
  powerpc/perf/hv-gpci: Fix starting index value
  powerpc/perf: Exclude pmc5/6 from the irrelevant PMU group constraints
  overflow: Include header file with SIZE_MAX declaration
  kdb: Fix pager search for multi-line strings
  RDMA/hns: Fix missing sq_sig_type when querying QP
  RDMA/hns: Set the unsupported wr opcode
  perf intel-pt: Fix "context_switch event has no tid" error
  RDMA/cma: Consolidate the destruction of a cma_multicast in one place
  RDMA/cma: Remove dead code for kernel rdmacm multicast
  powerpc/64s/radix: Fix mm_cpumask trimming race vs kthread_use_mm
  powerpc/tau: Disable TAU between measurements
  powerpc/tau: Check processor type before enabling TAU interrupt
  ANDROID: GKI: update the ABI xml
  Linux 4.19.153
  powerpc/tau: Remove duplicated set_thresholds() call
  powerpc/tau: Convert from timer to workqueue
  powerpc/tau: Use appropriate temperature sample interval
  RDMA/qedr: Fix inline size returned for iWARP
  RDMA/qedr: Fix use of uninitialized field
  xfs: fix high key handling in the rt allocator's query_range function
  xfs: limit entries returned when counting fsmap records
  arc: plat-hsdk: fix kconfig dependency warning when !RESET_CONTROLLER
  ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT values
  mtd: mtdoops: Don't write panic data twice
  powerpc/pseries: explicitly reschedule during drmem_lmb list traversal
  mtd: lpddr: fix excessive stack usage with clang
  RDMA/ucma: Add missing locking around rdma_leave_multicast()
  RDMA/ucma: Fix locking for ctx->events_reported
  powerpc/icp-hv: Fix missing of_node_put() in success path
  powerpc/pseries: Fix missing of_node_put() in rng_init()
  IB/mlx4: Adjust delayed work when a dup is observed
  IB/mlx4: Fix starvation in paravirt mux/demux
  mm, oom_adj: don't loop through tasks in __set_oom_adj when not necessary
  mm/memcg: fix device private memcg accounting
  netfilter: nf_log: missing vlan offload tag and proto
  net: korina: fix kfree of rx/tx descriptor array
  ipvs: clear skb->tstamp in forwarding path
  mwifiex: fix double free
  platform/x86: mlx-platform: Remove PSU EEPROM configuration
  scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()
  scsi: target: tcmu: Fix warning: 'page' may be used uninitialized
  usb: dwc2: Fix INTR OUT transfers in DDMA mode.
  nl80211: fix non-split wiphy information
  usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well
  usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above.
  iwlwifi: mvm: split a print to avoid a WARNING in ROC
  mfd: sm501: Fix leaks in probe()
  net: enic: Cure the enic api locking trainwreck
  qtnfmac: fix resource leaks on unsupported iftype error return path
  HID: hid-input: fix stylus battery reporting
  slimbus: qcom-ngd-ctrl: disable ngd in qmi server down callback
  slimbus: core: do not enter to clock pause mode in core
  slimbus: core: check get_addr before removing laddr ida
  quota: clear padding in v2r1_mem2diskdqb()
  usb: dwc2: Fix parameter type in function pointer prototype
  ALSA: seq: oss: Avoid mutex lock for a long-time ioctl
  misc: mic: scif: Fix error handling path
  ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd()
  net: dsa: rtl8366rb: Support all 4096 VLANs
  net: dsa: rtl8366: Skip PVID setting if not requested
  net: dsa: rtl8366: Refactor VLAN/PVID init
  net: dsa: rtl8366: Check validity of passed VLANs
  cpufreq: armada-37xx: Add missing MODULE_DEVICE_TABLE
  net: stmmac: use netif_tx_start|stop_all_queues() function
  net/mlx5: Don't call timecounter cyc2time directly from 1PPS flow
  pinctrl: mcp23s08: Fix mcp23x17 precious range
  pinctrl: mcp23s08: Fix mcp23x17_regmap initialiser
  HID: roccat: add bounds checking in kone_sysfs_write_settings()
  video: fbdev: radeon: Fix memleak in radeonfb_pci_register
  video: fbdev: sis: fix null ptr dereference
  video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error
  drivers/virt/fsl_hypervisor: Fix error handling path
  pwm: lpss: Add range limit check for the base_unit register value
  pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare()
  pty: do tty_flip_buffer_push without port->lock in pty_write
  tty: hvcs: Don't NULL tty->driver_data until hvcs_cleanup()
  tty: serial: earlycon dependency
  VMCI: check return value of get_user_pages_fast() for errors
  backlight: sky81452-backlight: Fix refcount imbalance on error
  scsi: csiostor: Fix wrong return value in csio_hw_prep_fw()
  scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba()
  scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()'
  drm/gma500: fix error check
  staging: rtl8192u: Do not use GFP_KERNEL in atomic context
  mwifiex: Do not use GFP_KERNEL in atomic context
  brcmfmac: check ndev pointer
  ASoC: qcom: lpass-cpu: fix concurrency issue
  ASoC: qcom: lpass-platform: fix memory leak
  wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680
  ath10k: Fix the size used in a 'dma_free_coherent()' call in an error handling path
  ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb()
  ath6kl: prevent potential array overflow in ath6kl_add_new_sta()
  Bluetooth: hci_uart: Cancel init work before unregistering
  ath10k: provide survey info as accumulated data
  spi: spi-s3c64xx: Check return values
  spi: spi-s3c64xx: swap s3c64xx_spi_set_cs() and s3c64xx_enable_datapath()
  pinctrl: bcm: fix kconfig dependency warning when !GPIOLIB
  regulator: resolve supply after creating regulator
  media: ti-vpe: Fix a missing check and reference count leak
  media: stm32-dcmi: Fix a reference count leak
  media: s5p-mfc: Fix a reference count leak
  media: camss: Fix a reference count leak.
  media: platform: fcp: Fix a reference count leak.
  media: rockchip/rga: Fix a reference count leak.
  media: rcar-vin: Fix a reference count leak.
  media: tc358743: cleanup tc358743_cec_isr
  media: tc358743: initialize variable
  media: mx2_emmaprp: Fix memleak in emmaprp_probe
  cypto: mediatek - fix leaks in mtk_desc_ring_alloc
  hwmon: (pmbus/max34440) Fix status register reads for MAX344{51,60,61}
  crypto: omap-sham - fix digcnt register handling with export/import
  media: omap3isp: Fix memleak in isp_probe
  media: uvcvideo: Silence shift-out-of-bounds warning
  media: uvcvideo: Set media controller entity functions
  media: m5mols: Check function pointer in m5mols_sensor_power
  media: Revert "media: exynos4-is: Add missed check for pinctrl_lookup_state()"
  media: tuner-simple: fix regression in simple_set_radio_freq
  crypto: picoxcell - Fix potential race condition bug
  crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call
  crypto: mediatek - Fix wrong return value in mtk_desc_ring_alloc()
  crypto: algif_skcipher - EBUSY on aio should be an error
  x86/events/amd/iommu: Fix sizeof mismatch
  x86/nmi: Fix nmi_handle() duration miscalculation
  drivers/perf: xgene_pmu: Fix uninitialized resource struct
  x86/fpu: Allow multiple bits in clearcpuid= parameter
  EDAC/ti: Fix handling of platform_get_irq() error
  EDAC/i5100: Fix error handling order in i5100_init_one()
  crypto: algif_aead - Do not set MAY_BACKLOG on the async path
  ima: Don't ignore errors from crypto_shash_update()
  KVM: SVM: Initialize prev_ga_tag before use
  KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages
  cifs: Return the error from crypt_message when enc/dec key not found.
  cifs: remove bogus debug code
  ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887
  icmp: randomize the global rate limiter
  r8169: fix operation under forced interrupt threading
  tcp: fix to update snd_wl1 in bulk receiver fast path
  nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download()
  net/sched: act_tunnel_key: fix OOB write in case of IPv6 ERSPAN tunnels
  net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup
  net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device
  chelsio/chtls: correct function return and return type
  chelsio/chtls: correct netdevice for vlan interface
  chelsio/chtls: fix socket lock
  ALSA: bebob: potential info leak in hwdep_read()
  binder: fix UAF when releasing todo list
  net/tls: sendfile fails with ktls offload
  r8169: fix data corruption issue on RTL8402
  net/ipv4: always honour route mtu during forwarding
  tipc: fix the skb_unshare() in tipc_buf_append()
  net: usb: qmi_wwan: add Cellient MPL200 card
  net/smc: fix valid DMBE buffer sizes
  net: fix pos incrementment in ipv6_route_seq_next
  net: fec: Fix PHY init after phy_reset_after_clk_enable()
  net: fec: Fix phy_device lookup for phy_reset_after_clk_enable()
  mlx4: handle non-napi callers to napi_poll
  ipv4: Restore flowi4_oif update before call to xfrm_lookup_route
  ibmveth: Identify ingress large send packets.
  ibmveth: Switch order of ibmveth_helper calls.
  ANDROID: clang: update to 11.0.5
  FROMLIST: arm64: link with -z norelro regardless of CONFIG_RELOCATABLE
  ANDROID: GKI: enable CONFIG_WIREGUARD
  UPSTREAM: wireguard: peerlookup: take lock before checking hash in replace operation
  UPSTREAM: wireguard: noise: take lock when removing handshake entry from table
  UPSTREAM: wireguard: queueing: make use of ip_tunnel_parse_protocol
  UPSTREAM: net: ip_tunnel: add header_ops for layer 3 devices
  UPSTREAM: wireguard: receive: account for napi_gro_receive never returning GRO_DROP
  UPSTREAM: wireguard: device: avoid circular netns references
  UPSTREAM: wireguard: noise: do not assign initiation time in if condition
  UPSTREAM: wireguard: noise: separate receive counter from send counter
  UPSTREAM: wireguard: queueing: preserve flow hash across packet scrubbing
  UPSTREAM: wireguard: noise: read preshared key while taking lock
  UPSTREAM: wireguard: selftests: use newer iproute2 for gcc-10
  UPSTREAM: wireguard: send/receive: use explicit unlikely branch instead of implicit coalescing
  UPSTREAM: wireguard: selftests: initalize ipv6 members to NULL to squelch clang warning
  UPSTREAM: wireguard: send/receive: cond_resched() when processing worker ringbuffers
  UPSTREAM: wireguard: socket: remove errant restriction on looping to self
  UPSTREAM: wireguard: selftests: use normal kernel stack size on ppc64
  UPSTREAM: wireguard: receive: use tunnel helpers for decapsulating ECN markings
  UPSTREAM: wireguard: queueing: cleanup ptr_ring in error path of packet_queue_init
  UPSTREAM: wireguard: send: remove errant newline from packet_encrypt_worker
  UPSTREAM: wireguard: noise: error out precomputed DH during handshake rather than config
  UPSTREAM: wireguard: receive: remove dead code from default packet type case
  UPSTREAM: wireguard: queueing: account for skb->protocol==0
  UPSTREAM: wireguard: selftests: remove duplicated include <sys/types.h>
  UPSTREAM: wireguard: socket: remove extra call to synchronize_net
  UPSTREAM: wireguard: send: account for mtu=0 devices
  UPSTREAM: wireguard: receive: reset last_under_load to zero
  UPSTREAM: wireguard: selftests: reduce complexity and fix make races
  UPSTREAM: wireguard: device: use icmp_ndo_send helper
  UPSTREAM: wireguard: selftests: tie socket waiting to target pid
  UPSTREAM: wireguard: selftests: ensure non-addition of peers with failed precomputation
  UPSTREAM: wireguard: noise: reject peers with low order public keys
  UPSTREAM: wireguard: allowedips: fix use-after-free in root_remove_peer_lists
  UPSTREAM: net: skbuff: disambiguate argument and member for skb_list_walk_safe helper
  UPSTREAM: net: introduce skb_list_walk_safe for skb segment walking
  UPSTREAM: wireguard: socket: mark skbs as not on list when receiving via gro
  UPSTREAM: wireguard: queueing: do not account for pfmemalloc when clearing skb header
  UPSTREAM: wireguard: selftests: remove ancient kernel compatibility code
  UPSTREAM: wireguard: allowedips: use kfree_rcu() instead of call_rcu()
  UPSTREAM: wireguard: main: remove unused include <linux/version.h>
  UPSTREAM: wireguard: global: fix spelling mistakes in comments
  UPSTREAM: wireguard: Kconfig: select parent dependency for crypto
  UPSTREAM: wireguard: selftests: import harness makefile for test suite
  UPSTREAM: net: WireGuard secure network tunnel
  UPSTREAM: timekeeping: Boot should be boottime for coarse ns accessor
  UPSTREAM: timekeeping: Add missing _ns functions for coarse accessors
  UPSTREAM: icmp: introduce helper for nat'd source address in network device context
  UPSTREAM: crypto: poly1305-x86_64 - Use XORL r32,32
  UPSTREAM: crypto: curve25519-x86_64 - Use XORL r32,32
  UPSTREAM: crypto: arm/poly1305 - Add prototype for poly1305_blocks_neon
  UPSTREAM: crypto: arm/curve25519 - include <linux/scatterlist.h>
  UPSTREAM: crypto: x86/curve25519 - Remove unused carry variables
  UPSTREAM: crypto: x86/chacha-sse3 - use unaligned loads for state array
  UPSTREAM: crypto: lib/chacha20poly1305 - Add missing function declaration
  UPSTREAM: crypto: arch/lib - limit simd usage to 4k chunks
  UPSTREAM: crypto: arm[64]/poly1305 - add artifact to .gitignore files
  UPSTREAM: crypto: x86/curve25519 - leave r12 as spare register
  UPSTREAM: crypto: x86/curve25519 - replace with formally verified implementation
  UPSTREAM: crypto: arm64/chacha - correctly walk through blocks
  UPSTREAM: crypto: x86/curve25519 - support assemblers with no adx support
  UPSTREAM: crypto: chacha20poly1305 - prevent integer overflow on large input
  UPSTREAM: crypto: Kconfig - allow tests to be disabled when manager is disabled
  UPSTREAM: crypto: arm/chacha - fix build failured when kernel mode NEON is disabled
  UPSTREAM: crypto: x86/poly1305 - emit does base conversion itself
  UPSTREAM: crypto: chacha20poly1305 - add back missing test vectors and test chunking
  UPSTREAM: crypto: x86/poly1305 - fix .gitignore typo
  UPSTREAM: crypto: curve25519 - Fix selftest build error
  UPSTREAM: crypto: {arm,arm64,mips}/poly1305 - remove redundant non-reduction from emit
  UPSTREAM: crypto: x86/poly1305 - wire up faster implementations for kernel
  UPSTREAM: crypto: x86/poly1305 - import unmodified cryptogams implementation
  UPSTREAM: crypto: poly1305 - add new 32 and 64-bit generic versions
  UPSTREAM: crypto: lib/curve25519 - re-add selftests
  UPSTREAM: crypto: arm/curve25519 - add arch-specific key generation function
  UPSTREAM: crypto: chacha - fix warning message in header file
  UPSTREAM: crypto: arch - conditionalize crypto api in arch glue for lib code
  UPSTREAM: crypto: lib/chacha20poly1305 - use chacha20_crypt()
  UPSTREAM: crypto: x86/chacha - only unregister algorithms if registered
  UPSTREAM: crypto: chacha_generic - remove unnecessary setkey() functions
  UPSTREAM: crypto: lib/chacha20poly1305 - reimplement crypt_from_sg() routine
  UPSTREAM: crypto: chacha20poly1305 - import construction and selftest from Zinc
  UPSTREAM: crypto: arm/curve25519 - wire up NEON implementation
  UPSTREAM: crypto: arm/curve25519 - import Bernstein and Schwabe's Curve25519 ARM implementation
  UPSTREAM: crypto: curve25519 - x86_64 library and KPP implementations
  UPSTREAM: crypto: lib/curve25519 - work around Clang stack spilling issue
  UPSTREAM: crypto: curve25519 - implement generic KPP driver
  UPSTREAM: crypto: curve25519 - add kpp selftest
  UPSTREAM: crypto: curve25519 - generic C library implementations
  UPSTREAM: crypto: blake2s - x86_64 SIMD implementation
  UPSTREAM: crypto: blake2s - implement generic shash driver
  UPSTREAM: crypto: testmgr - add test cases for Blake2s
  UPSTREAM: crypto: blake2s - generic C library implementation and selftest
  UPSTREAM: crypto: mips/poly1305 - incorporate OpenSSL/CRYPTOGAMS optimized implementation
  UPSTREAM: crypto: arm/poly1305 - incorporate OpenSSL/CRYPTOGAMS NEON implementation
  UPSTREAM: crypto: arm64/poly1305 - incorporate OpenSSL/CRYPTOGAMS NEON implementation
  UPSTREAM: crypto: x86/poly1305 - expose existing driver as poly1305 library
  UPSTREAM: crypto: x86/poly1305 - depend on generic library not generic shash
  UPSTREAM: crypto: poly1305 - expose init/update/final library interface
  UPSTREAM: crypto: x86/poly1305 - unify Poly1305 state struct with generic code
  UPSTREAM: crypto: poly1305 - move core routines into a separate library
  UPSTREAM: crypto: chacha - unexport chacha_generic routines
  UPSTREAM: crypto: mips/chacha - wire up accelerated 32r2 code from Zinc
  UPSTREAM: crypto: mips/chacha - import 32r2 ChaCha code from Zinc
  UPSTREAM: crypto: arm/chacha - expose ARM ChaCha routine as library function
  UPSTREAM: crypto: arm/chacha - remove dependency on generic ChaCha driver
  UPSTREAM: crypto: arm/chacha - import Eric Biggers's scalar accelerated ChaCha code
  UPSTREAM: crypto: arm64/chacha - expose arm64 ChaCha routine as library function
  UPSTREAM: crypto: arm64/chacha - depend on generic chacha library instead of crypto driver
  UPSTREAM: crypto: arm64/chacha - use combined SIMD/ALU routine for more speed
  UPSTREAM: crypto: arm64/chacha - optimize for arbitrary length inputs
  UPSTREAM: crypto: x86/chacha - expose SIMD ChaCha routine as library function
  UPSTREAM: crypto: x86/chacha - depend on generic chacha library instead of crypto driver
  UPSTREAM: crypto: chacha - move existing library code into lib/crypto
  UPSTREAM: crypto: lib - tidy up lib/crypto Kconfig and Makefile
  UPSTREAM: crypto: chacha - constify ctx and iv arguments
  UPSTREAM: crypto: x86/poly1305 - Clear key material from stack in SSE2 variant
  UPSTREAM: crypto: xchacha20 - fix comments for test vectors
  UPSTREAM: crypto: xchacha - add test vector from XChaCha20 draft RFC
  UPSTREAM: crypto: arm64/chacha - add XChaCha12 support
  UPSTREAM: crypto: arm64/chacha20 - refactor to allow varying number of rounds
  UPSTREAM: crypto: arm64/chacha20 - add XChaCha20 support
  UPSTREAM: crypto: x86/chacha - avoid sleeping under kernel_fpu_begin()
  UPSTREAM: crypto: x86/chacha - yield the FPU occasionally
  UPSTREAM: crypto: x86/chacha - add XChaCha12 support
  UPSTREAM: crypto: x86/chacha20 - refactor to allow varying number of rounds
  UPSTREAM: crypto: x86/chacha20 - add XChaCha20 support
  UPSTREAM: crypto: x86/chacha20 - Add a 4-block AVX-512VL variant
  UPSTREAM: crypto: x86/chacha20 - Add a 2-block AVX-512VL variant
  UPSTREAM: crypto: x86/chacha20 - Add a 8-block AVX-512VL variant
  UPSTREAM: crypto: x86/chacha20 - Add a 4-block AVX2 variant
  UPSTREAM: crypto: x86/chacha20 - Add a 2-block AVX2 variant
  UPSTREAM: crypto: x86/chacha20 - Use larger block functions more aggressively
  UPSTREAM: crypto: x86/chacha20 - Support partial lengths in 8-block AVX2 variant
  UPSTREAM: crypto: x86/chacha20 - Support partial lengths in 4-block SSSE3 variant
  UPSTREAM: crypto: x86/chacha20 - Support partial lengths in 1-block SSSE3 variant
  ANDROID: GKI: Enable CONFIG_USB_ANNOUNCE_NEW_DEVICES
  ANDROID: GKI: Enable CONFIG_X86_X2APIC
  ANDROID: move builds to use gas prebuilts
  UPSTREAM: binder: fix UAF when releasing todo list

 Conflicts:
	crypto/algif_aead.c
	drivers/rpmsg/qcom_glink_native.c
	drivers/scsi/ufs/ufs-qcom.c
	drivers/slimbus/qcom-ngd-ctrl.c
	fs/notify/inotify/inotify_user.c
	include/linux/dcache.h
	include/linux/fsnotify.h
	mm/oom_kill.c

 Fixed build errors:
	fs/fuse/dir.c

Change-Id: I95bdbb1b183fa2c569023f18e09799d9cb96fc9f
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
This commit is contained in:
Srinivasarao P
2020-12-18 18:25:50 +05:30
parent 00089f062c 63625b1b0d
commit 20912a8acc
662 changed files with 51036 additions and 5409 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
net/9p/trans_fd.c
View File

@@ -1038,7 +1038,7 @@ p9_fd_create_unix(struct p9_client *client, const char *addr, char *args)
csocket = NULL;
if (addr == NULL)
if (!addr || !strlen(addr))
return -EINVAL;
if (strlen(addr) >= UNIX_PATH_MAX) {

7
net/bluetooth/l2cap_sock.c
View File

@@ -1341,8 +1341,6 @@ static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
parent = bt_sk(sk)->parent;
sock_set_flag(sk, SOCK_ZAPPED);
switch (chan->state) {
case BT_OPEN:
case BT_BOUND:
@@ -1369,8 +1367,11 @@ static void l2cap_sock_teardown_cb(struct l2cap_chan *chan, int err)
break;
}
release_sock(sk);
/* Only zap after cleanup to avoid use after free race */
sock_set_flag(sk, SOCK_ZAPPED);
}
static void l2cap_sock_state_change_cb(struct l2cap_chan *chan, int state,

5
net/ceph/messenger.c
View File

@@ -3037,6 +3037,11 @@ static void con_fault(struct ceph_connection *con)
ceph_msg_put(con->in_msg);
con->in_msg = NULL;
}
if (con->out_msg) {
BUG_ON(con->out_msg->con != con);
ceph_msg_put(con->out_msg);
con->out_msg = NULL;
}
/* Requeue anything that hasn't been acked */
list_splice_init(&con->out_sent, &con->out_queue);

1
net/dsa/dsa2.c
View File

@@ -261,6 +261,7 @@ static int dsa_port_setup(struct dsa_port *dp)
int err = 0;
memset(&dp->devlink_port, 0, sizeof(dp->devlink_port));
dp->mac = of_get_mac_address(dp->dn);
if (dp->type != DSA_PORT_TYPE_UNUSED)
err = devlink_port_register(ds->devlink, &dp->devlink_port,

5
net/dsa/slave.c
View File

@@ -1313,7 +1313,10 @@ int dsa_slave_create(struct dsa_port *port)
slave_dev->features = master->vlan_features | NETIF_F_HW_TC;
slave_dev->hw_features |= NETIF_F_HW_TC;
slave_dev->ethtool_ops = &dsa_slave_ethtool_ops;
eth_hw_addr_inherit(slave_dev, master);
if (port->mac && is_valid_ether_addr(port->mac))
ether_addr_copy(slave_dev->dev_addr, port->mac);
else
eth_hw_addr_inherit(slave_dev, master);
slave_dev->priv_flags |= IFF_NO_QUEUE;
slave_dev->netdev_ops = &dsa_slave_netdev_ops;
slave_dev->switchdev_ops = &dsa_slave_switchdev_ops;

40
net/ipv4/icmp.c
View File

@@ -244,7 +244,7 @@ static struct {
/**
* icmp_global_allow - Are we allowed to send one more ICMP message ?
*
* Uses a token bucket to limit our ICMP messages to sysctl_icmp_msgs_per_sec.
* Uses a token bucket to limit our ICMP messages to ~sysctl_icmp_msgs_per_sec.
* Returns false if we reached the limit and can not send another packet.
* Note: called with BH disabled
*/
@@ -272,7 +272,10 @@ bool icmp_global_allow(void)
}
credit = min_t(u32, icmp_global.credit + incr, sysctl_icmp_msgs_burst);
if (credit) {
credit--;
/* We want to use a credit of one in average, but need to randomize
* it for security reasons.
*/
credit = max_t(int, credit - prandom_u32_max(3), 0);
rc = true;
}
WRITE_ONCE(icmp_global.credit, credit);
@@ -752,6 +755,39 @@ out:;
}
EXPORT_SYMBOL(__icmp_send);
#if IS_ENABLED(CONFIG_NF_NAT)
#include <net/netfilter/nf_conntrack.h>
void icmp_ndo_send(struct sk_buff *skb_in, int type, int code, __be32 info)
{
struct sk_buff *cloned_skb = NULL;
enum ip_conntrack_info ctinfo;
struct nf_conn *ct;
__be32 orig_ip;
ct = nf_ct_get(skb_in, &ctinfo);
if (!ct || !(ct->status & IPS_SRC_NAT)) {
icmp_send(skb_in, type, code, info);
return;
}
if (skb_shared(skb_in))
skb_in = cloned_skb = skb_clone(skb_in, GFP_ATOMIC);
if (unlikely(!skb_in || skb_network_header(skb_in) < skb_in->head ||
(skb_network_header(skb_in) + sizeof(struct iphdr)) >
skb_tail_pointer(skb_in) || skb_ensure_writable(skb_in,
skb_network_offset(skb_in) + sizeof(struct iphdr))))
goto out;
orig_ip = ip_hdr(skb_in)->saddr;
ip_hdr(skb_in)->saddr = ct->tuplehash[0].tuple.src.u3.ip;
icmp_send(skb_in, type, code, info);
ip_hdr(skb_in)->saddr = orig_ip;
out:
consume_skb(cloned_skb);
}
EXPORT_SYMBOL(icmp_ndo_send);
#endif
static void icmp_socket_deliver(struct sk_buff *skb, u32 info)
{

15
net/ipv4/ip_gre.c
View File

@@ -680,9 +680,7 @@ static netdev_tx_t ipgre_xmit(struct sk_buff *skb,
}
if (dev->header_ops) {
/* Need space for new headers */
if (skb_cow_head(skb, dev->needed_headroom -
(tunnel->hlen + sizeof(struct iphdr))))
if (skb_cow_head(skb, 0))
goto free_skb;
tnl_params = (const struct iphdr *)skb->data;
@@ -800,7 +798,11 @@ static void ipgre_link_update(struct net_device *dev, bool set_mtu)
len = tunnel->tun_hlen - len;
tunnel->hlen = tunnel->hlen + len;
dev->needed_headroom = dev->needed_headroom + len;
if (dev->header_ops)
dev->hard_header_len += len;
else
dev->needed_headroom += len;
if (set_mtu)
dev->mtu = max_t(int, dev->mtu - len, 68);
@@ -1003,6 +1005,7 @@ static void __gre_tunnel_init(struct net_device *dev)
tunnel->parms.iph.protocol = IPPROTO_GRE;
tunnel->hlen = tunnel->tun_hlen + tunnel->encap_hlen;
dev->needed_headroom = tunnel->hlen + sizeof(tunnel->parms.iph);
dev->features |= GRE_FEATURES;
dev->hw_features |= GRE_FEATURES;
@@ -1046,10 +1049,14 @@ static int ipgre_tunnel_init(struct net_device *dev)
return -EINVAL;
dev->flags = IFF_BROADCAST;
dev->header_ops = &ipgre_header_ops;
dev->hard_header_len = tunnel->hlen + sizeof(*iph);
dev->needed_headroom = 0;
}
#endif
} else if (!tunnel->collect_md) {
dev->header_ops = &ipgre_header_ops;
dev->hard_header_len = tunnel->hlen + sizeof(*iph);
dev->needed_headroom = 0;
}
return ip_tunnel_init(dev);

15
net/ipv4/ip_tunnel_core.c
View File

@@ -440,3 +440,18 @@ void ip_tunnel_unneed_metadata(void)
static_branch_dec(&ip_tunnel_metadata_cnt);
}
EXPORT_SYMBOL_GPL(ip_tunnel_unneed_metadata);
/* Returns either the correct skb->protocol value, or 0 if invalid. */
__be16 ip_tunnel_parse_protocol(const struct sk_buff *skb)
{
if (skb_network_header(skb) >= skb->head &&
(skb_network_header(skb) + sizeof(struct iphdr)) <= skb_tail_pointer(skb) &&
ip_hdr(skb)->version == 4)
return htons(ETH_P_IP);
if (skb_network_header(skb) >= skb->head &&
(skb_network_header(skb) + sizeof(struct ipv6hdr)) <= skb_tail_pointer(skb) &&
ipv6_hdr(skb)->version == 6)
return htons(ETH_P_IPV6);
return 0;
}
EXPORT_SYMBOL(ip_tunnel_parse_protocol);

19
net/ipv4/netfilter/nf_log_arp.c
View File

@@ -46,16 +46,31 @@ static void dump_arp_packet(struct nf_log_buf *m,
const struct nf_loginfo *info,
const struct sk_buff *skb, unsigned int nhoff)
{
const struct arphdr *ah;
struct arphdr _arph;
const struct arppayload *ap;
struct arppayload _arpp;
const struct arphdr *ah;
unsigned int logflags;
struct arphdr _arph;
ah = skb_header_pointer(skb, 0, sizeof(_arph), &_arph);
if (ah == NULL) {
nf_log_buf_add(m, "TRUNCATED");
return;
}
if (info->type == NF_LOG_TYPE_LOG)
logflags = info->u.log.logflags;
else
logflags = NF_LOG_DEFAULT_MASK;
if (logflags & NF_LOG_MACDECODE) {
nf_log_buf_add(m, "MACSRC=%pM MACDST=%pM ",
eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest);
nf_log_dump_vlan(m, skb);
nf_log_buf_add(m, "MACPROTO=%04x ",
ntohs(eth_hdr(skb)->h_proto));
}
nf_log_buf_add(m, "ARP HTYPE=%d PTYPE=0x%04x OPCODE=%d",
ntohs(ah->ar_hrd), ntohs(ah->ar_pro), ntohs(ah->ar_op));

6
net/ipv4/netfilter/nf_log_ipv4.c
View File

@@ -287,8 +287,10 @@ static void dump_ipv4_mac_header(struct nf_log_buf *m,
switch (dev->type) {
case ARPHRD_ETHER:
nf_log_buf_add(m, "MACSRC=%pM MACDST=%pM MACPROTO=%04x ",
eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest,
nf_log_buf_add(m, "MACSRC=%pM MACDST=%pM ",
eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest);
nf_log_dump_vlan(m, skb);
nf_log_buf_add(m, "MACPROTO=%04x ",
ntohs(eth_hdr(skb)->h_proto));
return;
default:

4
net/ipv4/route.c
View File

@@ -2634,10 +2634,12 @@ struct rtable *ip_route_output_flow(struct net *net, struct flowi4 *flp4,
if (IS_ERR(rt))
return rt;
if (flp4->flowi4_proto)
if (flp4->flowi4_proto) {
flp4->flowi4_oif = rt->dst.dev->ifindex;
rt = (struct rtable *)xfrm_lookup_route(net, &rt->dst,
flowi4_to_flowi(flp4),
sk, 0);
}
return rt;
}

2
net/ipv4/tcp.c
View File

@@ -500,6 +500,8 @@ static inline bool tcp_stream_is_readable(const struct tcp_sock *tp,
return true;
if (tcp_rmem_pressure(sk))
return true;
if (tcp_receive_window(tp) <= inet_csk(sk)->icsk_ack.rcv_mss)
return true;
}
if (sk->sk_prot->stream_memory_read)
return sk->sk_prot->stream_memory_read(sk);

5
net/ipv4/tcp_input.c
View File

@@ -4704,7 +4704,8 @@ void tcp_data_ready(struct sock *sk)
int avail = tp->rcv_nxt - tp->copied_seq;
if (avail < sk->sk_rcvlowat && !tcp_rmem_pressure(sk) &&
!sock_flag(sk, SOCK_DONE))
!sock_flag(sk, SOCK_DONE) &&
tcp_receive_window(tp) > inet_csk(sk)->icsk_ack.rcv_mss)
return;
sk->sk_data_ready(sk);
@@ -5632,6 +5633,8 @@ void tcp_rcv_established(struct sock *sk, struct sk_buff *skb)
tcp_data_snd_check(sk);
if (!inet_csk_ack_scheduled(sk))
goto no_ack;
} else {
tcp_update_wl(tp, TCP_SKB_CB(skb)->seq);
}
__tcp_ack_snd_check(sk, 0);

4
net/ipv6/ip6_fib.c
View File

@@ -2417,8 +2417,10 @@ static void *ipv6_route_seq_start(struct seq_file *seq, loff_t *pos)
iter->skip = *pos;
if (iter->tbl) {
loff_t p = 0;
ipv6_route_seq_setup_walk(iter, net);
return ipv6_route_seq_next(seq, NULL, pos);
return ipv6_route_seq_next(seq, NULL, &p);
} else {
return NULL;
}

34
net/ipv6/ip6_icmp.c
View File

@@ -45,4 +45,38 @@ void icmpv6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info)
rcu_read_unlock();
}
EXPORT_SYMBOL(icmpv6_send);
#if IS_ENABLED(CONFIG_NF_NAT)
#include <net/netfilter/nf_conntrack.h>
void icmpv6_ndo_send(struct sk_buff *skb_in, u8 type, u8 code, __u32 info)
{
struct sk_buff *cloned_skb = NULL;
enum ip_conntrack_info ctinfo;
struct in6_addr orig_ip;
struct nf_conn *ct;
ct = nf_ct_get(skb_in, &ctinfo);
if (!ct || !(ct->status & IPS_SRC_NAT)) {
icmpv6_send(skb_in, type, code, info);
return;
}
if (skb_shared(skb_in))
skb_in = cloned_skb = skb_clone(skb_in, GFP_ATOMIC);
if (unlikely(!skb_in || skb_network_header(skb_in) < skb_in->head ||
(skb_network_header(skb_in) + sizeof(struct ipv6hdr)) >
skb_tail_pointer(skb_in) || skb_ensure_writable(skb_in,
skb_network_offset(skb_in) + sizeof(struct ipv6hdr))))
goto out;
orig_ip = ipv6_hdr(skb_in)->saddr;
ipv6_hdr(skb_in)->saddr = ct->tuplehash[0].tuple.src.u3.in6;
icmpv6_send(skb_in, type, code, info);
ipv6_hdr(skb_in)->saddr = orig_ip;
out:
consume_skb(cloned_skb);
}
EXPORT_SYMBOL(icmpv6_ndo_send);
#endif
#endif

8
net/ipv6/netfilter/nf_log_ipv6.c
View File

@@ -300,9 +300,11 @@ static void dump_ipv6_mac_header(struct nf_log_buf *m,
switch (dev->type) {
case ARPHRD_ETHER:
nf_log_buf_add(m, "MACSRC=%pM MACDST=%pM MACPROTO=%04x ",
eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest,
ntohs(eth_hdr(skb)->h_proto));
nf_log_buf_add(m, "MACSRC=%pM MACDST=%pM ",
eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest);
nf_log_dump_vlan(m, skb);
nf_log_buf_add(m, "MACPROTO=%04x ",
ntohs(eth_hdr(skb)->h_proto));
return;
default:
break;

3
net/mac80211/cfg.c
View File

@@ -664,7 +664,8 @@ void sta_set_rate_info_tx(struct sta_info *sta,
u16 brate;
sband = ieee80211_get_sband(sta->sdata);
if (sband) {
WARN_ON_ONCE(sband && !sband->bitrates);
if (sband && sband->bitrates) {
brate = sband->bitrates[rate->idx].bitrate;
rinfo->legacy = DIV_ROUND_UP(brate, 1 << shift);
}

4
net/mac80211/sta_info.c
View File

@@ -2009,6 +2009,10 @@ static void sta_stats_decode_rate(struct ieee80211_local *local, u32 rate,
int rate_idx = STA_STATS_GET(LEGACY_IDX, rate);
sband = local->hw.wiphy->bands[band];
if (WARN_ON_ONCE(!sband->bitrates))
break;
brate = sband->bitrates[rate_idx].bitrate;
if (rinfo->bw == RATE_INFO_BW_5)
shift = 2;

7
net/netfilter/ipvs/ip_vs_ctl.c
View File

@@ -2393,6 +2393,10 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
/* Set timeout values for (tcp tcpfin udp) */
ret = ip_vs_set_timeout(ipvs, (struct ip_vs_timeout_user *)arg);
goto out_unlock;
} else if (!len) {
/* No more commands with len == 0 below */
ret = -EINVAL;
goto out_unlock;
}
usvc_compat = (struct ip_vs_service_user *)arg;
@@ -2469,9 +2473,6 @@ do_ip_vs_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
break;
case IP_VS_SO_SET_DELDEST:
ret = ip_vs_del_dest(svc, &udest);
break;
default:
ret = -EINVAL;
}
out_unlock:

6
net/netfilter/ipvs/ip_vs_xmit.c
View File

@@ -586,6 +586,8 @@ static inline int ip_vs_tunnel_xmit_prepare(struct sk_buff *skb,
if (ret == NF_ACCEPT) {
nf_reset(skb);
skb_forward_csum(skb);
if (skb->dev)
skb->tstamp = 0;
}
return ret;
}
@@ -626,6 +628,8 @@ static inline int ip_vs_nat_send_or_cont(int pf, struct sk_buff *skb,
if (!local) {
skb_forward_csum(skb);
if (skb->dev)
skb->tstamp = 0;
NF_HOOK(pf, NF_INET_LOCAL_OUT, cp->ipvs->net, NULL, skb,
NULL, skb_dst(skb)->dev, dst_output);
} else
@@ -646,6 +650,8 @@ static inline int ip_vs_send_or_cont(int pf, struct sk_buff *skb,
if (!local) {
ip_vs_drop_early_demux_sk(skb);
skb_forward_csum(skb);
if (skb->dev)
skb->tstamp = 0;
NF_HOOK(pf, NF_INET_LOCAL_OUT, cp->ipvs->net, NULL, skb,
NULL, skb_dst(skb)->dev, dst_output);
} else

19
net/netfilter/nf_conntrack_proto_tcp.c
View File

@@ -549,13 +549,20 @@ static bool tcp_in_window(const struct nf_conn *ct,
swin = win << sender->td_scale;
sender->td_maxwin = (swin == 0 ? 1 : swin);
sender->td_maxend = end + sender->td_maxwin;
/*
* We haven't seen traffic in the other direction yet
* but we have to tweak window tracking to pass III
* and IV until that happens.
*/
if (receiver->td_maxwin == 0)
if (receiver->td_maxwin == 0) {
/* We haven't seen traffic in the other
* direction yet but we have to tweak window
* tracking to pass III and IV until that
* happens.
*/
receiver->td_end = receiver->td_maxend = sack;
} else if (sack == receiver->td_end + 1) {
/* Likely a reply to a keepalive.
* Needed for III.
*/
receiver->td_end++;
}
}
} else if (((state->state == TCP_CONNTRACK_SYN_SENT
&& dir == IP_CT_DIR_ORIGINAL)

1
net/netfilter/nf_dup_netdev.c
View File

@@ -21,6 +21,7 @@ static void nf_do_netdev_egress(struct sk_buff *skb, struct net_device *dev)
skb_push(skb, skb->mac_len);
skb->dev = dev;
skb->tstamp = 0;
dev_queue_xmit(skb);
}

12
net/netfilter/nf_log_common.c
View File

@@ -176,6 +176,18 @@ nf_log_dump_packet_common(struct nf_log_buf *m, u_int8_t pf,
}
EXPORT_SYMBOL_GPL(nf_log_dump_packet_common);
void nf_log_dump_vlan(struct nf_log_buf *m, const struct sk_buff *skb)
{
u16 vid;
if (!skb_vlan_tag_present(skb))
return;
vid = skb_vlan_tag_get(skb);
nf_log_buf_add(m, "VPROTO=%04x VID=%u ", ntohs(skb->vlan_proto), vid);
}
EXPORT_SYMBOL_GPL(nf_log_dump_vlan);
/* bridge and netdev logging families share this code. */
void nf_log_l2packet(struct net *net, u_int8_t pf,
__be16 protocol,

1
net/netfilter/nft_fwd_netdev.c
View File

@@ -129,6 +129,7 @@ static void nft_fwd_neigh_eval(const struct nft_expr *expr,
return;
skb->dev = dev;
skb->tstamp = 0;
neigh_xmit(neigh_table, dev, addr, skb);
out:
regs->verdict.code = verdict;

2
net/nfc/netlink.c
View File

@@ -1235,7 +1235,7 @@ static int nfc_genl_fw_download(struct sk_buff *skb, struct genl_info *info)
u32 idx;
char firmware_name[NFC_FIRMWARE_NAME_MAXSIZE + 1];
if (!info->attrs[NFC_ATTR_DEVICE_INDEX])
if (!info->attrs[NFC_ATTR_DEVICE_INDEX] || !info->attrs[NFC_ATTR_FIRMWARE_NAME])
return -EINVAL;
idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]);

2
net/sched/act_tunnel_key.c
View File

@@ -314,7 +314,7 @@ static int tunnel_key_init(struct net *net, struct nlattr *nla,
metadata = __ipv6_tun_set_dst(&saddr, &daddr, tos, ttl, dst_port,
0, flags,
key_id, 0);
key_id, opts_len);
} else {
NL_SET_ERR_MSG(extack, "Missing either ipv4 or ipv6 src and dst");
ret = -EINVAL;

9
net/sched/sch_netem.c
View File

@@ -330,7 +330,7 @@ static s64 tabledist(s64 mu, s32 sigma,
/* default uniform distribution */
if (dist == NULL)
return ((rnd % (2 * sigma)) + mu) - sigma;
return ((rnd % (2 * (u32)sigma)) + mu) - sigma;
t = dist->table[rnd % dist->size];
x = (sigma % NETEM_DIST_SCALE) * t;
@@ -787,6 +787,10 @@ static void get_slot(struct netem_sched_data *q, const struct nlattr *attr)
q->slot_config.max_packets = INT_MAX;
if (q->slot_config.max_bytes == 0)
q->slot_config.max_bytes = INT_MAX;
/* capping dist_jitter to the range acceptable by tabledist() */
q->slot_config.dist_jitter = min_t(__s64, INT_MAX, abs(q->slot_config.dist_jitter));
q->slot.packets_left = q->slot_config.max_packets;
q->slot.bytes_left = q->slot_config.max_bytes;
if (q->slot_config.min_delay | q->slot_config.max_delay |
@@ -1011,6 +1015,9 @@ static int netem_change(struct Qdisc *sch, struct nlattr *opt,
if (tb[TCA_NETEM_SLOT])
get_slot(q, tb[TCA_NETEM_SLOT]);
/* capping jitter to the range acceptable by tabledist() */
q->jitter = min_t(s64, abs(q->jitter), INT_MAX);
return ret;
get_table_failure:

4
net/sctp/sm_sideeffect.c
View File

@@ -1615,12 +1615,12 @@ static int sctp_cmd_interpreter(enum sctp_event event_type,
break;
case SCTP_CMD_INIT_FAILED:
sctp_cmd_init_failed(commands, asoc, cmd->obj.u32);
sctp_cmd_init_failed(commands, asoc, cmd->obj.u16);
break;
case SCTP_CMD_ASSOC_FAILED:
sctp_cmd_assoc_failed(commands, asoc, event_type,
subtype, chunk, cmd->obj.u32);
subtype, chunk, cmd->obj.u16);
break;
case SCTP_CMD_INIT_COUNTER_INC:

2
net/smc/smc_core.c
View File

@@ -770,7 +770,7 @@ static struct smc_buf_desc *smcr_new_buf_create(struct smc_link_group *lgr,
return buf_desc;
}
#define SMCD_DMBE_SIZES 7 /* 0 -> 16KB, 1 -> 32KB, .. 6 -> 1MB */
#define SMCD_DMBE_SIZES 6 /* 0 -> 16KB, 1 -> 32KB, .. 6 -> 1MB */
static struct smc_buf_desc *smcd_new_buf_create(struct smc_link_group *lgr,
bool is_dmb, int bufsize)

27
net/sunrpc/auth_gss/svcauth_gss.c
View File

@@ -1079,9 +1079,9 @@ static int gss_read_proxy_verf(struct svc_rqst *rqstp,
struct gssp_in_token *in_token)
{
struct kvec *argv = &rqstp->rq_arg.head[0];
unsigned int page_base, length;
int pages, i, res;
size_t inlen;
unsigned int length, pgto_offs, pgfrom_offs;
int pages, i, res, pgto, pgfrom;
size_t inlen, to_offs, from_offs;
res = gss_read_common_verf(gc, argv, authp, in_handle);
if (res)
@@ -1109,17 +1109,24 @@ static int gss_read_proxy_verf(struct svc_rqst *rqstp,
memcpy(page_address(in_token->pages[0]), argv->iov_base, length);
inlen -= length;
i = 1;
page_base = rqstp->rq_arg.page_base;
to_offs = length;
from_offs = rqstp->rq_arg.page_base;
while (inlen) {
length = min_t(unsigned int, inlen, PAGE_SIZE);
memcpy(page_address(in_token->pages[i]),
page_address(rqstp->rq_arg.pages[i]) + page_base,
pgto = to_offs >> PAGE_SHIFT;
pgfrom = from_offs >> PAGE_SHIFT;
pgto_offs = to_offs & ~PAGE_MASK;
pgfrom_offs = from_offs & ~PAGE_MASK;
length = min_t(unsigned int, inlen,
min_t(unsigned int, PAGE_SIZE - pgto_offs,
PAGE_SIZE - pgfrom_offs));
memcpy(page_address(in_token->pages[pgto]) + pgto_offs,
page_address(rqstp->rq_arg.pages[pgfrom]) + pgfrom_offs,
length);
to_offs += length;
from_offs += length;
inlen -= length;
page_base = 0;
i++;
}
return 0;
}

3
net/sunrpc/xprtrdma/svc_rdma_sendto.c
View File

@@ -639,10 +639,11 @@ static int svc_rdma_pull_up_reply_msg(struct svcxprt_rdma *rdma,
while (remaining) {
len = min_t(u32, PAGE_SIZE - pageoff, remaining);
memcpy(dst, page_address(*ppages), len);
memcpy(dst, page_address(*ppages) + pageoff, len);
remaining -= len;
dst += len;
pageoff = 0;
ppages++;
}
}

5
net/tipc/core.c
View File

@@ -93,6 +93,11 @@ static int __net_init tipc_init_net(struct net *net)
static void __net_exit tipc_exit_net(struct net *net)
{
tipc_net_stop(net);
/* Make sure the tipc_net_finalize_work stopped
* before releasing the resources.
*/
flush_scheduled_work();
tipc_bcast_stop(net);
tipc_nametbl_stop(net);
tipc_sk_rht_destroy(net);

2
net/tipc/msg.c
View File

@@ -140,11 +140,11 @@ int tipc_buf_append(struct sk_buff **headbuf, struct sk_buff **buf)
if (fragid == FIRST_FRAGMENT) {
if (unlikely(head))
goto err;
*buf = NULL;
frag = skb_unshare(frag, GFP_ATOMIC);
if (unlikely(!frag))
goto err;
head = *headbuf = frag;
*buf = NULL;
TIPC_SKB_CB(head)->tail = NULL;
if (skb_is_nonlinear(head)) {
skb_walk_frags(head, tail) {

11
net/tls/tls_device.c
View File

@@ -351,13 +351,13 @@ static int tls_push_data(struct sock *sk,
struct tls_context *tls_ctx = tls_get_ctx(sk);
struct tls_offload_context_tx *ctx = tls_offload_ctx_tx(tls_ctx);
int tls_push_record_flags = flags | MSG_SENDPAGE_NOTLAST;
int more = flags & (MSG_SENDPAGE_NOTLAST | MSG_MORE);
struct tls_record_info *record = ctx->open_record;
struct page_frag *pfrag;
size_t orig_size = size;
u32 max_open_record_len;
int copy, rc = 0;
bool more = false;
bool done = false;
int copy, rc = 0;
long timeo;
if (flags &
@@ -422,9 +422,8 @@ static int tls_push_data(struct sock *sk,
if (!size) {
last_record:
tls_push_record_flags = flags;
if (more) {
tls_ctx->pending_open_record_frags =
record->num_frags;
if (flags & (MSG_SENDPAGE_NOTLAST | MSG_MORE)) {
more = true;
break;
}
@@ -445,6 +444,8 @@ static int tls_push_data(struct sock *sk,
}
} while (!done);
tls_ctx->pending_open_record_frags = more;
if (orig_size - size > 0)
rc = orig_size - size;

2
net/vmw_vsock/af_vsock.c
View File

@@ -629,7 +629,7 @@ struct sock *__vsock_create(struct net *net,
vsk->owner = get_cred(psk->owner);
vsk->connect_timeout = psk->connect_timeout;
} else {
vsk->trusted = capable(CAP_NET_ADMIN);
vsk->trusted = ns_capable_noaudit(&init_user_ns, CAP_NET_ADMIN);
vsk->owner = get_current_cred();
vsk->connect_timeout = VSOCK_DEFAULT_CONNECT_TIMEOUT;
}

11
net/xfrm/Kconfig
View File

@@ -27,6 +27,17 @@ config XFRM_USER
If unsure, say Y.
config XFRM_USER_COMPAT
tristate "Compatible ABI support"
depends on XFRM_USER && COMPAT_FOR_U64_ALIGNMENT && \
HAVE_EFFICIENT_UNALIGNED_ACCESS
select WANT_COMPAT_NETLINK_MESSAGES
help
Transformation(XFRM) user configuration interface like IPsec
used by compatible Linux applications.
If unsure, say N.
config XFRM_INTERFACE
tristate "Transformation virtual interface"
depends on XFRM && IPV6

1
net/xfrm/Makefile
View File

@@ -9,5 +9,6 @@ obj-$(CONFIG_XFRM) := xfrm_policy.o xfrm_state.o xfrm_hash.o \
obj-$(CONFIG_XFRM_STATISTICS) += xfrm_proc.o
obj-$(CONFIG_XFRM_ALGO) += xfrm_algo.o
obj-$(CONFIG_XFRM_USER) += xfrm_user.o
obj-$(CONFIG_XFRM_USER_COMPAT) += xfrm_compat.o
obj-$(CONFIG_XFRM_IPCOMP) += xfrm_ipcomp.o
obj-$(CONFIG_XFRM_INTERFACE) += xfrm_interface.o

625
net/xfrm/xfrm_compat.c Normal file
View File

@@ -0,0 +1,625 @@
// SPDX-License-Identifier: GPL-2.0
/*
* XFRM compat layer
* Author: Dmitry Safonov <dima@arista.com>
* Based on code and translator idea by: Florian Westphal <fw@strlen.de>
*/
#include <linux/compat.h>
#include <linux/xfrm.h>
#include <net/xfrm.h>
struct compat_xfrm_lifetime_cfg {
compat_u64 soft_byte_limit, hard_byte_limit;
compat_u64 soft_packet_limit, hard_packet_limit;
compat_u64 soft_add_expires_seconds, hard_add_expires_seconds;
compat_u64 soft_use_expires_seconds, hard_use_expires_seconds;
}; /* same size on 32bit, but only 4 byte alignment required */
struct compat_xfrm_lifetime_cur {
compat_u64 bytes, packets, add_time, use_time;
}; /* same size on 32bit, but only 4 byte alignment required */
struct compat_xfrm_userpolicy_info {
struct xfrm_selector sel;
struct compat_xfrm_lifetime_cfg lft;
struct compat_xfrm_lifetime_cur curlft;
__u32 priority, index;
u8 dir, action, flags, share;
/* 4 bytes additional padding on 64bit */
};
struct compat_xfrm_usersa_info {
struct xfrm_selector sel;
struct xfrm_id id;
xfrm_address_t saddr;
struct compat_xfrm_lifetime_cfg lft;
struct compat_xfrm_lifetime_cur curlft;
struct xfrm_stats stats;
__u32 seq, reqid;
u16 family;
u8 mode, replay_window, flags;
/* 4 bytes additional padding on 64bit */
};
struct compat_xfrm_user_acquire {
struct xfrm_id id;
xfrm_address_t saddr;
struct xfrm_selector sel;
struct compat_xfrm_userpolicy_info policy;
/* 4 bytes additional padding on 64bit */
__u32 aalgos, ealgos, calgos, seq;
};
struct compat_xfrm_userspi_info {
struct compat_xfrm_usersa_info info;
/* 4 bytes additional padding on 64bit */
__u32 min, max;
};
struct compat_xfrm_user_expire {
struct compat_xfrm_usersa_info state;
/* 8 bytes additional padding on 64bit */
u8 hard;
};
struct compat_xfrm_user_polexpire {
struct compat_xfrm_userpolicy_info pol;
/* 8 bytes additional padding on 64bit */
u8 hard;
};
#define XMSGSIZE(type) sizeof(struct type)
static const int compat_msg_min[XFRM_NR_MSGTYPES] = {
[XFRM_MSG_NEWSA - XFRM_MSG_BASE] = XMSGSIZE(compat_xfrm_usersa_info),
[XFRM_MSG_DELSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id),
[XFRM_MSG_GETSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id),
[XFRM_MSG_NEWPOLICY - XFRM_MSG_BASE] = XMSGSIZE(compat_xfrm_userpolicy_info),
[XFRM_MSG_DELPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id),
[XFRM_MSG_GETPOLICY - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id),
[XFRM_MSG_ALLOCSPI - XFRM_MSG_BASE] = XMSGSIZE(compat_xfrm_userspi_info),
[XFRM_MSG_ACQUIRE - XFRM_MSG_BASE] = XMSGSIZE(compat_xfrm_user_acquire),
[XFRM_MSG_EXPIRE - XFRM_MSG_BASE] = XMSGSIZE(compat_xfrm_user_expire),
[XFRM_MSG_UPDPOLICY - XFRM_MSG_BASE] = XMSGSIZE(compat_xfrm_userpolicy_info),
[XFRM_MSG_UPDSA - XFRM_MSG_BASE] = XMSGSIZE(compat_xfrm_usersa_info),
[XFRM_MSG_POLEXPIRE - XFRM_MSG_BASE] = XMSGSIZE(compat_xfrm_user_polexpire),
[XFRM_MSG_FLUSHSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_flush),
[XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = 0,
[XFRM_MSG_NEWAE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_aevent_id),
[XFRM_MSG_GETAE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_aevent_id),
[XFRM_MSG_REPORT - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_report),
[XFRM_MSG_MIGRATE - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id),
[XFRM_MSG_NEWSADINFO - XFRM_MSG_BASE] = sizeof(u32),
[XFRM_MSG_GETSADINFO - XFRM_MSG_BASE] = sizeof(u32),
[XFRM_MSG_NEWSPDINFO - XFRM_MSG_BASE] = sizeof(u32),
[XFRM_MSG_GETSPDINFO - XFRM_MSG_BASE] = sizeof(u32),
[XFRM_MSG_MAPPING - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_mapping)
};
static const struct nla_policy compat_policy[XFRMA_MAX+1] = {
[XFRMA_SA] = { .len = XMSGSIZE(compat_xfrm_usersa_info)},
[XFRMA_POLICY] = { .len = XMSGSIZE(compat_xfrm_userpolicy_info)},
[XFRMA_LASTUSED] = { .type = NLA_U64},
[XFRMA_ALG_AUTH_TRUNC] = { .len = sizeof(struct xfrm_algo_auth)},
[XFRMA_ALG_AEAD] = { .len = sizeof(struct xfrm_algo_aead) },
[XFRMA_ALG_AUTH] = { .len = sizeof(struct xfrm_algo) },
[XFRMA_ALG_CRYPT] = { .len = sizeof(struct xfrm_algo) },
[XFRMA_ALG_COMP] = { .len = sizeof(struct xfrm_algo) },
[XFRMA_ENCAP] = { .len = sizeof(struct xfrm_encap_tmpl) },
[XFRMA_TMPL] = { .len = sizeof(struct xfrm_user_tmpl) },
[XFRMA_SEC_CTX] = { .len = sizeof(struct xfrm_sec_ctx) },
[XFRMA_LTIME_VAL] = { .len = sizeof(struct xfrm_lifetime_cur) },
[XFRMA_REPLAY_VAL] = { .len = sizeof(struct xfrm_replay_state) },
[XFRMA_REPLAY_THRESH] = { .type = NLA_U32 },
[XFRMA_ETIMER_THRESH] = { .type = NLA_U32 },
[XFRMA_SRCADDR] = { .len = sizeof(xfrm_address_t) },
[XFRMA_COADDR] = { .len = sizeof(xfrm_address_t) },
[XFRMA_POLICY_TYPE] = { .len = sizeof(struct xfrm_userpolicy_type)},
[XFRMA_MIGRATE] = { .len = sizeof(struct xfrm_user_migrate) },
[XFRMA_KMADDRESS] = { .len = sizeof(struct xfrm_user_kmaddress) },
[XFRMA_MARK] = { .len = sizeof(struct xfrm_mark) },
[XFRMA_TFCPAD] = { .type = NLA_U32 },
[XFRMA_REPLAY_ESN_VAL] = { .len = sizeof(struct xfrm_replay_state_esn) },
[XFRMA_SA_EXTRA_FLAGS] = { .type = NLA_U32 },
[XFRMA_PROTO] = { .type = NLA_U8 },
[XFRMA_ADDRESS_FILTER] = { .len = sizeof(struct xfrm_address_filter) },
[XFRMA_OFFLOAD_DEV] = { .len = sizeof(struct xfrm_user_offload) },
[XFRMA_SET_MARK] = { .type = NLA_U32 },
[XFRMA_SET_MARK_MASK] = { .type = NLA_U32 },
[XFRMA_IF_ID] = { .type = NLA_U32 },
};
static struct nlmsghdr *xfrm_nlmsg_put_compat(struct sk_buff *skb,
const struct nlmsghdr *nlh_src, u16 type)
{
int payload = compat_msg_min[type];
int src_len = xfrm_msg_min[type];
struct nlmsghdr *nlh_dst;
/* Compat messages are shorter or equal to native (+padding) */
if (WARN_ON_ONCE(src_len < payload))
return ERR_PTR(-EMSGSIZE);
nlh_dst = nlmsg_put(skb, nlh_src->nlmsg_pid, nlh_src->nlmsg_seq,
nlh_src->nlmsg_type, payload, nlh_src->nlmsg_flags);
if (!nlh_dst)
return ERR_PTR(-EMSGSIZE);
memset(nlmsg_data(nlh_dst), 0, payload);
switch (nlh_src->nlmsg_type) {
/* Compat message has the same layout as native */
case XFRM_MSG_DELSA:
case XFRM_MSG_DELPOLICY:
case XFRM_MSG_FLUSHSA:
case XFRM_MSG_FLUSHPOLICY:
case XFRM_MSG_NEWAE:
case XFRM_MSG_REPORT:
case XFRM_MSG_MIGRATE:
case XFRM_MSG_NEWSADINFO:
case XFRM_MSG_NEWSPDINFO:
case XFRM_MSG_MAPPING:
WARN_ON_ONCE(src_len != payload);
memcpy(nlmsg_data(nlh_dst), nlmsg_data(nlh_src), src_len);
break;
/* 4 byte alignment for trailing u64 on native, but not on compat */
case XFRM_MSG_NEWSA:
case XFRM_MSG_NEWPOLICY:
case XFRM_MSG_UPDSA:
case XFRM_MSG_UPDPOLICY:
WARN_ON_ONCE(src_len != payload + 4);
memcpy(nlmsg_data(nlh_dst), nlmsg_data(nlh_src), payload);
break;
case XFRM_MSG_EXPIRE: {
const struct xfrm_user_expire *src_ue = nlmsg_data(nlh_src);
struct compat_xfrm_user_expire *dst_ue = nlmsg_data(nlh_dst);
/* compat_xfrm_user_expire has 4-byte smaller state */
memcpy(dst_ue, src_ue, sizeof(dst_ue->state));
dst_ue->hard = src_ue->hard;
break;
}
case XFRM_MSG_ACQUIRE: {
const struct xfrm_user_acquire *src_ua = nlmsg_data(nlh_src);
struct compat_xfrm_user_acquire *dst_ua = nlmsg_data(nlh_dst);
memcpy(dst_ua, src_ua, offsetof(struct compat_xfrm_user_acquire, aalgos));
dst_ua->aalgos = src_ua->aalgos;
dst_ua->ealgos = src_ua->ealgos;
dst_ua->calgos = src_ua->calgos;
dst_ua->seq = src_ua->seq;
break;
}
case XFRM_MSG_POLEXPIRE: {
const struct xfrm_user_polexpire *src_upe = nlmsg_data(nlh_src);
struct compat_xfrm_user_polexpire *dst_upe = nlmsg_data(nlh_dst);
/* compat_xfrm_user_polexpire has 4-byte smaller state */
memcpy(dst_upe, src_upe, sizeof(dst_upe->pol));
dst_upe->hard = src_upe->hard;
break;
}
case XFRM_MSG_ALLOCSPI: {
const struct xfrm_userspi_info *src_usi = nlmsg_data(nlh_src);
struct compat_xfrm_userspi_info *dst_usi = nlmsg_data(nlh_dst);
/* compat_xfrm_user_polexpire has 4-byte smaller state */
memcpy(dst_usi, src_usi, sizeof(src_usi->info));
dst_usi->min = src_usi->min;
dst_usi->max = src_usi->max;
break;
}
/* Not being sent by kernel */
case XFRM_MSG_GETSA:
case XFRM_MSG_GETPOLICY:
case XFRM_MSG_GETAE:
case XFRM_MSG_GETSADINFO:
case XFRM_MSG_GETSPDINFO:
default:
WARN_ONCE(1, "unsupported nlmsg_type %d", nlh_src->nlmsg_type);
return ERR_PTR(-EOPNOTSUPP);
}
return nlh_dst;
}
static int xfrm_nla_cpy(struct sk_buff *dst, const struct nlattr *src, int len)
{
return nla_put(dst, src->nla_type, len, nla_data(src));
}
static int xfrm_xlate64_attr(struct sk_buff *dst, const struct nlattr *src)
{
switch (src->nla_type) {
case XFRMA_PAD:
/* Ignore */
return 0;
case XFRMA_ALG_AUTH:
case XFRMA_ALG_CRYPT:
case XFRMA_ALG_COMP:
case XFRMA_ENCAP:
case XFRMA_TMPL:
return xfrm_nla_cpy(dst, src, nla_len(src));
case XFRMA_SA:
return xfrm_nla_cpy(dst, src, XMSGSIZE(compat_xfrm_usersa_info));
case XFRMA_POLICY:
return xfrm_nla_cpy(dst, src, XMSGSIZE(compat_xfrm_userpolicy_info));
case XFRMA_SEC_CTX:
return xfrm_nla_cpy(dst, src, nla_len(src));
case XFRMA_LTIME_VAL:
return nla_put_64bit(dst, src->nla_type, nla_len(src),
nla_data(src), XFRMA_PAD);
case XFRMA_REPLAY_VAL:
case XFRMA_REPLAY_THRESH:
case XFRMA_ETIMER_THRESH:
case XFRMA_SRCADDR:
case XFRMA_COADDR:
return xfrm_nla_cpy(dst, src, nla_len(src));
case XFRMA_LASTUSED:
return nla_put_64bit(dst, src->nla_type, nla_len(src),
nla_data(src), XFRMA_PAD);
case XFRMA_POLICY_TYPE:
case XFRMA_MIGRATE:
case XFRMA_ALG_AEAD:
case XFRMA_KMADDRESS:
case XFRMA_ALG_AUTH_TRUNC:
case XFRMA_MARK:
case XFRMA_TFCPAD:
case XFRMA_REPLAY_ESN_VAL:
case XFRMA_SA_EXTRA_FLAGS:
case XFRMA_PROTO:
case XFRMA_ADDRESS_FILTER:
case XFRMA_OFFLOAD_DEV:
case XFRMA_SET_MARK:
case XFRMA_SET_MARK_MASK:
case XFRMA_IF_ID:
return xfrm_nla_cpy(dst, src, nla_len(src));
default:
BUILD_BUG_ON(XFRMA_MAX != XFRMA_IF_ID);
WARN_ONCE(1, "unsupported nla_type %d", src->nla_type);
return -EOPNOTSUPP;
}
}
/* Take kernel-built (64bit layout) and create 32bit layout for userspace */
static int xfrm_xlate64(struct sk_buff *dst, const struct nlmsghdr *nlh_src)
{
u16 type = nlh_src->nlmsg_type - XFRM_MSG_BASE;
const struct nlattr *nla, *attrs;
struct nlmsghdr *nlh_dst;
int len, remaining;
nlh_dst = xfrm_nlmsg_put_compat(dst, nlh_src, type);
if (IS_ERR(nlh_dst))
return PTR_ERR(nlh_dst);
attrs = nlmsg_attrdata(nlh_src, xfrm_msg_min[type]);
len = nlmsg_attrlen(nlh_src, xfrm_msg_min[type]);
nla_for_each_attr(nla, attrs, len, remaining) {
int err = xfrm_xlate64_attr(dst, nla);
if (err)
return err;
}
nlmsg_end(dst, nlh_dst);
return 0;
}
static int xfrm_alloc_compat(struct sk_buff *skb, const struct nlmsghdr *nlh_src)
{
u16 type = nlh_src->nlmsg_type - XFRM_MSG_BASE;
struct sk_buff *new = NULL;
int err;
if (WARN_ON_ONCE(type >= ARRAY_SIZE(xfrm_msg_min)))
return -EOPNOTSUPP;
if (skb_shinfo(skb)->frag_list == NULL) {
new = alloc_skb(skb->len + skb_tailroom(skb), GFP_ATOMIC);
if (!new)
return -ENOMEM;
skb_shinfo(skb)->frag_list = new;
}
err = xfrm_xlate64(skb_shinfo(skb)->frag_list, nlh_src);
if (err) {
if (new) {
kfree_skb(new);
skb_shinfo(skb)->frag_list = NULL;
}
return err;
}
return 0;
}
/* Calculates len of translated 64-bit message. */
static size_t xfrm_user_rcv_calculate_len64(const struct nlmsghdr *src,
struct nlattr *attrs[XFRMA_MAX+1])
{
size_t len = nlmsg_len(src);
switch (src->nlmsg_type) {
case XFRM_MSG_NEWSA:
case XFRM_MSG_NEWPOLICY:
case XFRM_MSG_ALLOCSPI:
case XFRM_MSG_ACQUIRE:
case XFRM_MSG_UPDPOLICY:
case XFRM_MSG_UPDSA:
len += 4;
break;
case XFRM_MSG_EXPIRE:
case XFRM_MSG_POLEXPIRE:
len += 8;
break;
default:
break;
}
if (attrs[XFRMA_SA])
len += 4;
if (attrs[XFRMA_POLICY])
len += 4;
/* XXX: some attrs may need to be realigned
* if !CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS
*/
return len;
}
static int xfrm_attr_cpy32(void *dst, size_t *pos, const struct nlattr *src,
size_t size, int copy_len, int payload)
{
struct nlmsghdr *nlmsg = dst;
struct nlattr *nla;
if (WARN_ON_ONCE(copy_len > payload))
copy_len = payload;
if (size - *pos < nla_attr_size(payload))
return -ENOBUFS;
nla = dst + *pos;
memcpy(nla, src, nla_attr_size(copy_len));
nla->nla_len = nla_attr_size(payload);
*pos += nla_attr_size(payload);
nlmsg->nlmsg_len += nla->nla_len;
memset(dst + *pos, 0, payload - copy_len);
*pos += payload - copy_len;
return 0;
}
static int xfrm_xlate32_attr(void *dst, const struct nlattr *nla,
size_t *pos, size_t size,
struct netlink_ext_ack *extack)
{
int type = nla_type(nla);
u16 pol_len32, pol_len64;
int err;
if (type > XFRMA_MAX) {
BUILD_BUG_ON(XFRMA_MAX != XFRMA_IF_ID);
NL_SET_ERR_MSG(extack, "Bad attribute");
return -EOPNOTSUPP;
}
if (nla_len(nla) < compat_policy[type].len) {
NL_SET_ERR_MSG(extack, "Attribute bad length");
return -EOPNOTSUPP;
}
pol_len32 = compat_policy[type].len;
pol_len64 = xfrma_policy[type].len;
/* XFRMA_SA and XFRMA_POLICY - need to know how-to translate */
if (pol_len32 != pol_len64) {
if (nla_len(nla) != compat_policy[type].len) {
NL_SET_ERR_MSG(extack, "Attribute bad length");
return -EOPNOTSUPP;
}
err = xfrm_attr_cpy32(dst, pos, nla, size, pol_len32, pol_len64);
if (err)
return err;
}
return xfrm_attr_cpy32(dst, pos, nla, size, nla_len(nla), nla_len(nla));
}
static int xfrm_xlate32(struct nlmsghdr *dst, const struct nlmsghdr *src,
struct nlattr *attrs[XFRMA_MAX+1],
size_t size, u8 type, struct netlink_ext_ack *extack)
{
size_t pos;
int i;
memcpy(dst, src, NLMSG_HDRLEN);
dst->nlmsg_len = NLMSG_HDRLEN + xfrm_msg_min[type];
memset(nlmsg_data(dst), 0, xfrm_msg_min[type]);
switch (src->nlmsg_type) {
/* Compat message has the same layout as native */
case XFRM_MSG_DELSA:
case XFRM_MSG_GETSA:
case XFRM_MSG_DELPOLICY:
case XFRM_MSG_GETPOLICY:
case XFRM_MSG_FLUSHSA:
case XFRM_MSG_FLUSHPOLICY:
case XFRM_MSG_NEWAE:
case XFRM_MSG_GETAE:
case XFRM_MSG_REPORT:
case XFRM_MSG_MIGRATE:
case XFRM_MSG_NEWSADINFO:
case XFRM_MSG_GETSADINFO:
case XFRM_MSG_NEWSPDINFO:
case XFRM_MSG_GETSPDINFO:
case XFRM_MSG_MAPPING:
memcpy(nlmsg_data(dst), nlmsg_data(src), compat_msg_min[type]);
break;
/* 4 byte alignment for trailing u64 on native, but not on compat */
case XFRM_MSG_NEWSA:
case XFRM_MSG_NEWPOLICY:
case XFRM_MSG_UPDSA:
case XFRM_MSG_UPDPOLICY:
memcpy(nlmsg_data(dst), nlmsg_data(src), compat_msg_min[type]);
break;
case XFRM_MSG_EXPIRE: {
const struct compat_xfrm_user_expire *src_ue = nlmsg_data(src);
struct xfrm_user_expire *dst_ue = nlmsg_data(dst);
/* compat_xfrm_user_expire has 4-byte smaller state */
memcpy(dst_ue, src_ue, sizeof(src_ue->state));
dst_ue->hard = src_ue->hard;
break;
}
case XFRM_MSG_ACQUIRE: {
const struct compat_xfrm_user_acquire *src_ua = nlmsg_data(src);
struct xfrm_user_acquire *dst_ua = nlmsg_data(dst);
memcpy(dst_ua, src_ua, offsetof(struct compat_xfrm_user_acquire, aalgos));
dst_ua->aalgos = src_ua->aalgos;
dst_ua->ealgos = src_ua->ealgos;
dst_ua->calgos = src_ua->calgos;
dst_ua->seq = src_ua->seq;
break;
}
case XFRM_MSG_POLEXPIRE: {
const struct compat_xfrm_user_polexpire *src_upe = nlmsg_data(src);
struct xfrm_user_polexpire *dst_upe = nlmsg_data(dst);
/* compat_xfrm_user_polexpire has 4-byte smaller state */
memcpy(dst_upe, src_upe, sizeof(src_upe->pol));
dst_upe->hard = src_upe->hard;
break;
}
case XFRM_MSG_ALLOCSPI: {
const struct compat_xfrm_userspi_info *src_usi = nlmsg_data(src);
struct xfrm_userspi_info *dst_usi = nlmsg_data(dst);
/* compat_xfrm_user_polexpire has 4-byte smaller state */
memcpy(dst_usi, src_usi, sizeof(src_usi->info));
dst_usi->min = src_usi->min;
dst_usi->max = src_usi->max;
break;
}
default:
NL_SET_ERR_MSG(extack, "Unsupported message type");
return -EOPNOTSUPP;
}
pos = dst->nlmsg_len;
for (i = 1; i < XFRMA_MAX + 1; i++) {
int err;
if (i == XFRMA_PAD)
continue;
if (!attrs[i])
continue;
err = xfrm_xlate32_attr(dst, attrs[i], &pos, size, extack);
if (err)
return err;
}
return 0;
}
static struct nlmsghdr *xfrm_user_rcv_msg_compat(const struct nlmsghdr *h32,
int maxtype, const struct nla_policy *policy,
struct netlink_ext_ack *extack)
{
/* netlink_rcv_skb() checks if a message has full (struct nlmsghdr) */
u16 type = h32->nlmsg_type - XFRM_MSG_BASE;
struct nlattr *attrs[XFRMA_MAX+1];
struct nlmsghdr *h64;
size_t len;
int err;
BUILD_BUG_ON(ARRAY_SIZE(xfrm_msg_min) != ARRAY_SIZE(compat_msg_min));
if (type >= ARRAY_SIZE(xfrm_msg_min))
return ERR_PTR(-EINVAL);
/* Don't call parse: the message might have only nlmsg header */
if ((h32->nlmsg_type == XFRM_MSG_GETSA ||
h32->nlmsg_type == XFRM_MSG_GETPOLICY) &&
(h32->nlmsg_flags & NLM_F_DUMP))
return NULL;
err = nlmsg_parse(h32, compat_msg_min[type], attrs,
maxtype ? : XFRMA_MAX, policy ? : compat_policy, extack);
if (err < 0)
return ERR_PTR(err);
len = xfrm_user_rcv_calculate_len64(h32, attrs);
/* The message doesn't need translation */
if (len == nlmsg_len(h32))
return NULL;
len += NLMSG_HDRLEN;
h64 = kvmalloc(len, GFP_KERNEL | __GFP_ZERO);
if (!h64)
return ERR_PTR(-ENOMEM);
err = xfrm_xlate32(h64, h32, attrs, len, type, extack);
if (err < 0) {
kvfree(h64);
return ERR_PTR(err);
}
return h64;
}
static int xfrm_user_policy_compat(u8 **pdata32, int optlen)
{
struct compat_xfrm_userpolicy_info *p = (void *)*pdata32;
u8 *src_templates, *dst_templates;
u8 *data64;
if (optlen < sizeof(*p))
return -EINVAL;
data64 = kmalloc(optlen + 4, GFP_USER | __GFP_NOWARN);
if (!data64)
return -ENOMEM;
memcpy(data64, *pdata32, sizeof(*p));
memset(data64 + sizeof(*p), 0, 4);
src_templates = *pdata32 + sizeof(*p);
dst_templates = data64 + sizeof(*p) + 4;
memcpy(dst_templates, src_templates, optlen - sizeof(*p));
kfree(*pdata32);
*pdata32 = data64;
return 0;
}
static struct xfrm_translator xfrm_translator = {
.owner = THIS_MODULE,
.alloc_compat = xfrm_alloc_compat,
.rcv_msg_compat = xfrm_user_rcv_msg_compat,
.xlate_user_policy_sockptr = xfrm_user_policy_compat,
};
static int __init xfrm_compat_init(void)
{
return xfrm_register_translator(&xfrm_translator);
}
static void __exit xfrm_compat_exit(void)
{
xfrm_unregister_translator(&xfrm_translator);
}
module_init(xfrm_compat_init);
module_exit(xfrm_compat_exit);
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Dmitry Safonov");
MODULE_DESCRIPTION("XFRM 32-bit compatibility layer");

77
net/xfrm/xfrm_state.c
View File

@@ -2118,6 +2118,66 @@ bool km_is_alive(const struct km_event *c)
}
EXPORT_SYMBOL(km_is_alive);
#if IS_ENABLED(CONFIG_XFRM_USER_COMPAT)
static DEFINE_SPINLOCK(xfrm_translator_lock);
static struct xfrm_translator __rcu *xfrm_translator;
struct xfrm_translator *xfrm_get_translator(void)
{
struct xfrm_translator *xtr;
rcu_read_lock();
xtr = rcu_dereference(xfrm_translator);
if (unlikely(!xtr))
goto out;
if (!try_module_get(xtr->owner))
xtr = NULL;
out:
rcu_read_unlock();
return xtr;
}
EXPORT_SYMBOL_GPL(xfrm_get_translator);
void xfrm_put_translator(struct xfrm_translator *xtr)
{
module_put(xtr->owner);
}
EXPORT_SYMBOL_GPL(xfrm_put_translator);
int xfrm_register_translator(struct xfrm_translator *xtr)
{
int err = 0;
spin_lock_bh(&xfrm_translator_lock);
if (unlikely(xfrm_translator != NULL))
err = -EEXIST;
else
rcu_assign_pointer(xfrm_translator, xtr);
spin_unlock_bh(&xfrm_translator_lock);
return err;
}
EXPORT_SYMBOL_GPL(xfrm_register_translator);
int xfrm_unregister_translator(struct xfrm_translator *xtr)
{
int err = 0;
spin_lock_bh(&xfrm_translator_lock);
if (likely(xfrm_translator != NULL)) {
if (rcu_access_pointer(xfrm_translator) != xtr)
err = -EINVAL;
else
RCU_INIT_POINTER(xfrm_translator, NULL);
}
spin_unlock_bh(&xfrm_translator_lock);
synchronize_rcu();
return err;
}
EXPORT_SYMBOL_GPL(xfrm_unregister_translator);
#endif
int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
{
int err;
@@ -2139,6 +2199,23 @@ int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen
if (IS_ERR(data))
return PTR_ERR(data);
/* Use the 64-bit / untranslated format on Android, even for compat */
if (!IS_ENABLED(CONFIG_ANDROID) || IS_ENABLED(CONFIG_XFRM_USER_COMPAT)) {
if (in_compat_syscall()) {
struct xfrm_translator *xtr = xfrm_get_translator();
if (!xtr)
return -EOPNOTSUPP;
err = xtr->xlate_user_policy_sockptr(&data, optlen);
xfrm_put_translator(xtr);
if (err) {
kfree(data);
return err;
}
}
}
err = -EINVAL;
rcu_read_lock();
list_for_each_entry_rcu(km, &xfrm_km_list, list) {

110
net/xfrm/xfrm_user.c
View File

@@ -974,6 +974,7 @@ static int dump_one_state(struct xfrm_state *x, int count, void *ptr)
struct xfrm_dump_info *sp = ptr;
struct sk_buff *in_skb = sp->in_skb;
struct sk_buff *skb = sp->out_skb;
struct xfrm_translator *xtr;
struct xfrm_usersa_info *p;
struct nlmsghdr *nlh;
int err;
@@ -991,6 +992,18 @@ static int dump_one_state(struct xfrm_state *x, int count, void *ptr)
return err;
}
nlmsg_end(skb, nlh);
xtr = xfrm_get_translator();
if (xtr) {
err = xtr->alloc_compat(skb, nlh);
xfrm_put_translator(xtr);
if (err) {
nlmsg_cancel(skb, nlh);
return err;
}
}
return 0;
}
@@ -1005,7 +1018,6 @@ static int xfrm_dump_sa_done(struct netlink_callback *cb)
return 0;
}
static const struct nla_policy xfrma_policy[XFRMA_MAX+1];
static int xfrm_dump_sa(struct sk_buff *skb, struct netlink_callback *cb)
{
struct net *net = sock_net(skb->sk);
@@ -1082,12 +1094,24 @@ static inline int xfrm_nlmsg_multicast(struct net *net, struct sk_buff *skb,
u32 pid, unsigned int group)
{
struct sock *nlsk = rcu_dereference(net->xfrm.nlsk);
struct xfrm_translator *xtr;
if (!nlsk) {
kfree_skb(skb);
return -EPIPE;
}
xtr = xfrm_get_translator();
if (xtr) {
int err = xtr->alloc_compat(skb, nlmsg_hdr(skb));
xfrm_put_translator(xtr);
if (err) {
kfree_skb(skb);
return err;
}
}
return nlmsg_multicast(nlsk, skb, pid, group, GFP_ATOMIC);
}
@@ -1307,6 +1331,7 @@ static int xfrm_alloc_userspi(struct sk_buff *skb, struct nlmsghdr *nlh,
struct net *net = sock_net(skb->sk);
struct xfrm_state *x;
struct xfrm_userspi_info *p;
struct xfrm_translator *xtr;
struct sk_buff *resp_skb;
xfrm_address_t *daddr;
int family;
@@ -1357,6 +1382,17 @@ static int xfrm_alloc_userspi(struct sk_buff *skb, struct nlmsghdr *nlh,
goto out;
}
xtr = xfrm_get_translator();
if (xtr) {
err = xtr->alloc_compat(skb, nlmsg_hdr(skb));
xfrm_put_translator(xtr);
if (err) {
kfree_skb(resp_skb);
goto out;
}
}
err = nlmsg_unicast(net->xfrm.nlsk, resp_skb, NETLINK_CB(skb).portid);
out:
@@ -1763,6 +1799,7 @@ static int dump_one_policy(struct xfrm_policy *xp, int dir, int count, void *ptr
struct xfrm_userpolicy_info *p;
struct sk_buff *in_skb = sp->in_skb;
struct sk_buff *skb = sp->out_skb;
struct xfrm_translator *xtr;
struct nlmsghdr *nlh;
int err;
@@ -1787,6 +1824,18 @@ static int dump_one_policy(struct xfrm_policy *xp, int dir, int count, void *ptr
return err;
}
nlmsg_end(skb, nlh);
xtr = xfrm_get_translator();
if (xtr) {
err = xtr->alloc_compat(skb, nlh);
xfrm_put_translator(xtr);
if (err) {
nlmsg_cancel(skb, nlh);
return err;
}
}
return 0;
}
@@ -2528,7 +2577,7 @@ static int xfrm_send_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
#define XMSGSIZE(type) sizeof(struct type)
static const int xfrm_msg_min[XFRM_NR_MSGTYPES] = {
const int xfrm_msg_min[XFRM_NR_MSGTYPES] = {
[XFRM_MSG_NEWSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info),
[XFRM_MSG_DELSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id),
[XFRM_MSG_GETSA - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id),
@@ -2551,10 +2600,11 @@ static const int xfrm_msg_min[XFRM_NR_MSGTYPES] = {
[XFRM_MSG_NEWSPDINFO - XFRM_MSG_BASE] = sizeof(u32),
[XFRM_MSG_GETSPDINFO - XFRM_MSG_BASE] = sizeof(u32),
};
EXPORT_SYMBOL_GPL(xfrm_msg_min);
#undef XMSGSIZE
static const struct nla_policy xfrma_policy[XFRMA_MAX+1] = {
const struct nla_policy xfrma_policy[XFRMA_MAX+1] = {
[XFRMA_SA] = { .len = sizeof(struct xfrm_usersa_info)},
[XFRMA_POLICY] = { .len = sizeof(struct xfrm_userpolicy_info)},
[XFRMA_LASTUSED] = { .type = NLA_U64},
@@ -2586,6 +2636,7 @@ static const struct nla_policy xfrma_policy[XFRMA_MAX+1] = {
[XFRMA_SET_MARK_MASK] = { .type = NLA_U32 },
[XFRMA_IF_ID] = { .type = NLA_U32 },
};
EXPORT_SYMBOL_GPL(xfrma_policy);
static const struct nla_policy xfrma_spd_policy[XFRMA_SPD_MAX+1] = {
[XFRMA_SPD_IPV4_HTHRESH] = { .len = sizeof(struct xfrmu_spdhthresh) },
@@ -2635,6 +2686,7 @@ static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh,
struct net *net = sock_net(skb->sk);
struct nlattr *attrs[XFRMA_MAX+1];
const struct xfrm_link *link;
struct nlmsghdr *nlh64 = NULL;
int type, err;
type = nlh->nlmsg_type;
@@ -2648,32 +2700,58 @@ static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh,
if (!netlink_net_capable(skb, CAP_NET_ADMIN))
return -EPERM;
/* Use the 64-bit / untranslated format on Android, even for compat */
if (!IS_ENABLED(CONFIG_ANDROID) || IS_ENABLED(CONFIG_XFRM_USER_COMPAT)) {
if (in_compat_syscall()) {
struct xfrm_translator *xtr = xfrm_get_translator();
if (!xtr)
return -EOPNOTSUPP;
nlh64 = xtr->rcv_msg_compat(nlh, link->nla_max,
link->nla_pol, extack);
xfrm_put_translator(xtr);
if (IS_ERR(nlh64))
return PTR_ERR(nlh64);
if (nlh64)
nlh = nlh64;
}
}
if ((type == (XFRM_MSG_GETSA - XFRM_MSG_BASE) ||
type == (XFRM_MSG_GETPOLICY - XFRM_MSG_BASE)) &&
(nlh->nlmsg_flags & NLM_F_DUMP)) {
if (link->dump == NULL)
return -EINVAL;
struct netlink_dump_control c = {
.start = link->start,
.dump = link->dump,
.done = link->done,
};
{
struct netlink_dump_control c = {
.start = link->start,
.dump = link->dump,
.done = link->done,
};
return netlink_dump_start(net->xfrm.nlsk, skb, nlh, &c);
if (link->dump == NULL) {
err = -EINVAL;
goto err;
}
err = netlink_dump_start(net->xfrm.nlsk, skb, nlh, &c);
goto err;
}
err = nlmsg_parse(nlh, xfrm_msg_min[type], attrs,
link->nla_max ? : XFRMA_MAX,
link->nla_pol ? : xfrma_policy, extack);
if (err < 0)
return err;
goto err;
if (link->doit == NULL)
return -EINVAL;
if (link->doit == NULL) {
err = -EINVAL;
goto err;
}
return link->doit(skb, nlh, attrs);
err = link->doit(skb, nlh, attrs);
err:
kvfree(nlh64);
return err;
}
static void xfrm_netlink_rcv(struct sk_buff *skb)