Age | Commit message (Collapse) | Author |
|
hub_port_init()"
This reverts commit 7fe9d87996062f5eb0ca476ad0257f79bf43aaf5.
Downstream NXP and stable have deviated to far, do not pull this in.
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
|
|
This reverts commit 7e3ddbea87a92979fda4a9ddac37f423cb5a9d8a.
Downstream NXP and stable have deviated to far, do not pull this in.
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
|
|
This reverts commit 69c712389e1f5e6761fc27fe39a36ca56b0c560c.
Downstream NXP and stable have deviated to far, do not pull this in.
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
|
|
This reverts commit 4be323c73797bcebd0f9d1642e4705c13c3749d2.
Downstream NXP and stable have deviated to far, do not pull this in.
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
|
|
This reverts commit cefcb002c5c9bc107daee807e25636a9afc7aba7.
Downstream NXP and stable have deviated to far, do not pull this in.
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
|
|
Merge tag lf-5.15.71-2.2.2 with reverted upstream (sound/) commits
339ba37942c9d 6f668d2cbd2e2 d62dd3e291e06 416f4b7624040 1c23070f17c59
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
|
|
This reverts commit 1c23070f17c5934e31db5c2dda79c681eedea538.
|
|
This reverts commit 416f4b76240400260aaf0c4200565d63f49290d7.
|
|
This reverts commit d62dd3e291e061d66e088401e32f1119bcfdc7f3.
|
|
This reverts commit 6f668d2cbd2e2b87a3f347070704714453383712.
|
|
This reverts commit 339ba37942c9de7aeb7647b6a225c49cc3d7e0dc.
|
|
The kernel should search the correct cma memory region. This can be
achieved by deleting the property alloc-ranges. However, we used
delete-node instead of delete-property. Because of this the property was
still existing. For the Verdin iMX8MP this didn't have any side effects
for modules with only 1GB RAM because NXP sets alloc-ranges to a value
that works for 1GB and 2GB RAM. It had side effects for the Verdin
iMX8MM with 1GB though this is why we update it here as well.
Upstream-Status: Inappropriate [other]
We use the kernel configuration to define the CMA size and don't use the
linux,cma node in the device tree.
Signed-off-by: Stefan Eichenberger <stefan.eichenberger@toradex.com>
|
|
The kernel should search the correct cma memory region. This can be
achieved by deleting the property alloc-ranges. However, we used
delete-node instead of delete-property. Because of this the property was
still existing. With this we fix a mismatch between modules with 1024
and 2048 MB of RAM. The 1024 MB modules showed the following message
during boot and only used 32 MB for CMA:
OF: reserved mem: failed to allocate memory for node 'linux,cma'
Upstream-Status: Inappropriate [other]
We use the kernel configuration to define the CMA size and don't use the
linux,cma node in the device tree.
Signed-off-by: Stefan Eichenberger <stefan.eichenberger@toradex.com>
|
|
Return EPROBE_DEFER in the probe function if the LDB bridge is missing
some of its child bridges. The current implementation returns
EPROBE_DEFER in the bind function, which is incorrect because the kernel
assumes the driver is fully functional when bind is called.
When both HDMI and LVDS is configured the above actually happens in
about 20% of the boots, resulting in a kernel backtrace and neither of
the two graphical outputs being functional.
drm_mode_config_cleanup tries to cleanup a not instantiated device,
if one fixes that the next hickup occurs...
This commit assures to not take this code path.
[ 7.130956] Internal error: Oops: 96000004 [#1] PREEMPT SMP
[ 7.142436] Modules linked in: crct10dif_ce snd_soc_imx_spdif snd_soc_imx_hdmi mwifiex panel_lvds cfg80211 rfkill ahci_imx atmel_
mxt_ts flexcan can_dev mxc_jpeg_encdec snd_soc_fsl_audmix v4l2_jpeg imx8_media_dev(C) snd_soc_fsl_spdif snd_soc_fsl_asrc snd_soc_fsl
_sai cdns_mhdp_imx(+) cdns_mhdp_drmcore caam error galcore fuse
[ 7.171161] CPU: 1 PID: 277 Comm: systemd-udevd Tainted: G C 5.15.129-6.5.0-06970-gdc84adb6e1b2-dirty #31
[ 7.182073] Hardware name: Toradex Apalis iMX8QP V1.1 on Apalis Evaluation Board (DT)
[ 7.189932] pstate: 80000005 (Nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 7.196905] pc : drm_mode_config_cleanup+0x54/0x300
[ 7.201815] lr : drm_mode_config_init_release+0x10/0x20
[ 7.207079] sp : ffff800009ffb710
[ 7.210411] x29: ffff800009ffb770 x28: ffff000003210550 x27: ffff00001af06a00
[ 7.217582] x26: ffff80000812cdd0 x25: dead000000000122 x24: dead000000000100
[ 7.224748] x23: ffff8000094b7250 x22: ffff00001a9c7810 x21: ffff00001a9c7800
[ 7.231907] x20: ffff00001a9c7aa8 x19: fffffffffffffff8 x18: 0000000000000000
[ 7.239065] x17: ffff8000763e6000 x16: ffff800009c18000 x15: 0000000000000000
[ 7.246222] x14: 0000000000000000 x13: 0000000000000010 x12: 0000000000000001
[ 7.253373] x11: 0000000000000001 x10: 00000000000009e0 x9 : ffff800009bda000
[ 7.260531] x8 : ffff00001ae41c80 x7 : ffff00001a9a9e00 x6 : 0000000000000000
[ 7.267690] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000
[ 7.274839] x2 : ffff8000087b58e0 x1 : 0000000000000000 x0 : ffff00001b13a120
[ 7.282000] Call trace:
[ 7.284456] drm_mode_config_cleanup+0x54/0x300
[ 7.289008] drm_mode_config_init_release+0x10/0x20
[ 7.293900] drm_managed_release+0xa4/0x13c
[ 7.298097] drm_dev_put.part.0+0x90/0xc0
[ 7.302127] drm_dev_put+0x14/0x2c
[ 7.305541] imx_drm_bind+0xbc/0x200
[ 7.309129] try_to_bring_up_master+0x214/0x2e0
[ 7.313714] __component_add+0xa0/0x18c
...
Upstream-Status: Inappropriate [Other]
The upstream imx8qm-ldb driver is a complete rewrite, the bind() calls
are not present as part of the driver.
Upstream: drivers/gpu/drm/bridge/imx/{imx8qm-ldb-drv.c|imx8qm-ldb.c}
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
|
|
When the FW is already loaded and running on the uCPU access to
IRAM/DRAM from the Cortex A core is no longer granted.
Trying to load the FW to IRAM/DRAM results in a asynchronous abort.
Fix this by loading the FW only if the uCPU is still in reset.
If the reset is deasserted assume that the FW is already loaded
and do nothing.
Note that asserting the reset and enabling access to IRAM/DRAM by
writing '7' to APB_CTRL seems to be not enough to allow (re) writing
the FW.
The error was triggered by enabling both LVDS and HDMI. This resulted
in cdns_mhdp_imx_probe being called twice, returning EPROBE_DEFER
on the first invocation and then on the second invocation the FW is
already loaded and the uCPU started.
[ 7.407427] SError Interrupt on CPU0, code 0x00000000bf000002 -- SError
[ 7.407443] CPU: 0 PID: 200 Comm: kworker/u10:4 Tainted: G C O 5.15.129-6.4.0-devel+git.3311382cb124 #1
[ 7.407452] Hardware name: Toradex Apalis iMX8QP V1.1 on Apalis Evaluation Board (DT)
[ 7.407458] Workqueue: events_unbound deferred_probe_work_func
[ 7.407478] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 7.407486] pc : mutex_unlock+0x44/0x70
[ 7.407498] lr : cdns_mhdp_bus_write+0xa4/0x100 [cdns_mhdp_drmcore]
[ 7.407536] sp : ffff80000b19b910
[ 7.407539] x29: ffff80000b19b910 x28: ffff00000324e550 x27: ffff00001b2df700
[ 7.407549] x26: 0000000000000000 x25: ffff80000109f1c0 x24: ffff000003a2a120
[ 7.407558] x23: ffff000003a28080 x22: 0000000022222211 x21: ffff000003a28d88
[ 7.407567] x20: 0000000000000004 x19: ffff000003a28080 x18: 0000000000000001
[ 7.407576] x17: 3038363236353a32 x16: 3a64706e65673a64 x15: 00007de44ad2f95c
[ 7.407584] x14: 0000000000000008 x13: 0000000000000008 x12: 0000000000000000
[ 7.407593] x11: 0000000000000001 x10: 00000000000009e0 x9 : ffff80000b19b810
[ 7.407601] x8 : ffff000002801880 x7 : ffff00007fb0a440 x6 : 0000000000000000
[ 7.407610] x5 : 0000000000220000 x4 : 0000000000000000 x3 : ffff000003a28d88
[ 7.407618] x2 : 0000000000000000 x1 : ffff000002800e40 x0 : ffff000002800e40
[ 7.407629] Kernel panic - not syncing: Asynchronous SError Interrupt
[ 7.407634] CPU: 0 PID: 200 Comm: kworker/u10:4 Tainted: G C O 5.15.129-6.4.0-devel+git.3311382cb124 #1
[ 7.407641] Hardware name: Toradex Apalis iMX8QP V1.1 on Apalis Evaluation Board (DT)
[ 7.407644] Workqueue: events_unbound deferred_probe_work_func
[ 7.407652] Call trace:
[ 7.407654] dump_backtrace+0x0/0x1e0
[ 7.407667] show_stack+0x18/0x40
[ 7.407674] dump_stack_lvl+0x68/0x84
[ 7.407683] dump_stack+0x18/0x34
[ 7.407690] panic+0x188/0x348
[ 7.407696] add_taint+0x0/0xc0
[ 7.407706] arm64_serror_panic+0x6c/0x7c
[ 7.407711] do_serror+0x58/0x5c
[ 7.407716] el1h_64_error_handler+0x30/0x50
[ 7.407722] el1h_64_error+0x78/0x7c
[ 7.407728] mutex_unlock+0x44/0x70
[ 7.407734] cdns_mhdp_firmware_write_section+0x74/0xa0 [cdns_mhdp_imx]
[ 7.407749] cdns_mhdp_firmware_init_imx8qm+0xac/0x1c0 [cdns_mhdp_imx]
[ 7.407759] __cdns_hdmi_probe+0x174/0x37c [cdns_mhdp_drmcore]
[ 7.407786] cdns_hdmi_bind+0x28/0x90 [cdns_mhdp_drmcore]
[ 7.407810] cdns_mhdp_imx_bind+0xe4/0x170 [cdns_mhdp_imx]
[ 7.407821] component_bind_all+0x124/0x284
[ 7.407829] imx_drm_bind+0x15c/0x20c
[ 7.407837] try_to_bring_up_master+0x228/0x314
[ 7.407843] __component_add+0xa0/0x18c
[ 7.407849] component_add+0x14/0x20
[ 7.407855] cdns_mhdp_imx_probe+0x1c/0x30 [cdns_mhdp_imx]
[ 7.407865] platform_probe+0x68/0xe0
[ 7.407872] really_probe+0xbc/0x46c
[ 7.407877] __driver_probe_device+0x104/0x160
[ 7.407883] driver_probe_device+0x40/0x120
[ 7.407888] __device_attach_driver+0xbc/0x160
[ 7.407894] bus_for_each_drv+0x78/0xd0
[ 7.407903] __device_attach+0xa8/0x1e4
[ 7.407909] device_initial_probe+0x14/0x20
[ 7.407914] bus_probe_device+0x98/0xa0
[ 7.407920] deferred_probe_work_func+0x94/0xe4
[ 7.407925] process_one_work+0x1d0/0x374
[ 7.407932] worker_thread+0x13c/0x490
[ 7.407937] kthread+0x150/0x160
[ 7.407945] ret_from_fork+0x10/0x20
[ 7.407954] SMP: stopping secondary CPUs
[ 7.411611] Kernel Offset: disabled
[ 7.411613] CPU features: 0x4,000820b1,20000846
[ 7.411618] Memory Limit: none
Upstream-Status: Inappropriate [other]
Upstream does not have a driver for the cadence HDMI IP.
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
|
|
6.4.11_22Q2_NXP: IMX-3189: fix
the build error caused by conflicting types of "_QuerySignal" with gcc13.1.
Signed-off-by: IPD_SCM <IPD_SCM@verisilicon.com>
Signed-off-by: Yuan Tian <yuan.tian@nxp.com>
Upstream-Status: Inappropriate [other]
Upstream does not have the propriatery Vivante driver.
Cherry picked from NXP downstream commit 9b70e0e11b04c18545093bd6d172762f65709365.
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
|
|
Several cadence API functions are missing mutex protection. Adding the
missing mutex calls in cadence API functions to prevent unstable display
behavior.
Signed-off-by: Oliver F. Brown <oliver.brown@oss.nxp.com>
Upstream-Status: Inappropriate [other]
Upstream does not have a driver for the cadence HDMI IP.
Cherry picked from NXP downstream commit ce02e24ef317a3bb24b056cbb650e0e314663ffc.
Neither the missing mutex calls nor the double mutex unlock in an
error path were showing negative effects in our known use cases.
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
|
|
Return EPROBE_DEFER in the probe function if the LDB bridge is missing
some of its child bridges. The current implementation returns
EPROBE_DEFER in the bind function, which is incorrect because the kernel
assumes the driver is fully functional when bind is called. This results
in a deferal loop if native HDMI and the ldb bridge are enabled that
looks as follows:
dwhdmi-imx 32fd8000.hdmi: Detected HDMI TX controller v2.13a with HDCP (samsung_dw_hdmi_phy2)
dwhdmi-imx 32fd8000.hdmi: registered DesignWare HDMI I2C bus driver
imx-drm display-subsystem: bound imx-lcdifv3-crtc.0 (ops lcdifv3_crtc_ops)
imx-drm display-subsystem: bound imx-lcdifv3-crtc.1 (ops lcdifv3_crtc_ops)
dwhdmi-imx 32fd8000.hdmi: Detected HDMI TX controller v2.13a with HDCP (samsung_dw_hdmi_phy2)
dwhdmi-imx 32fd8000.hdmi: registered DesignWare HDMI I2C bus driver
...
Upstream-Status: Inappropriate [Other]
The upstream imx8mp-ldb driver is a complete rewrite of the downstream
one and is most likely not affected because there is no bind:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/gpu/drm/bridge/fsl-ldb.c
Signed-off-by: Stefan Eichenberger <stefan.eichenberger@toradex.com>
|
|
The file for the new certificate (Chen-Yu Tsai's) didn't
end with a comma, so depending on the file order in the
build rule, we'd end up with invalid C when concatenating
the (now two) certificates. Fix that.
Upstream-Status: Backport [3c2a8ebe3fe66a5f77d4c164a0bea8e2ff37b455]
Cc: stable@vger.kernel.org
Reported-by: Biju Das <biju.das.jz@bp.renesas.com>
Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org>
Fixes: fb768d3b13ff ("wifi: cfg80211: Add my certificate")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
As announced [1][2], I have taken over maintainership of the
wireless-regdb project.
Add my certificate so that newer releases are valid to the kernel.
Seth's certificate should be kept around for awhile, at least until
a few new releases by me happen.
This should also be applied to stable trees so that stable kernels
can utilize newly released database binaries.
[1] https://lore.kernel.org/linux-wireless/CAGb2v657baNMPKU3QADijx7hZa=GUcSv2LEDdn6N=QQaFX8r-g@mail.gmail.com/
[2] https://lore.kernel.org/linux-wireless/ZWmRR5ul7EDfxCan@wens.tw/
Upstream-Status: Backport [fb768d3b13ffa325b7e84480d488ac799c9d2cd7]
Cc: stable@vger.kernel.org
Signed-off-by: Chen-Yu Tsai <wens@kernel.org>
Acked-by: Seth Forshee <sforshee@kernel.org>
Link: https://msgid.link/ZXHGsqs34qZyzZng@wens.tw
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
Add support for audio-codec NAU88C22 present on the Apalis Evaluation
Board v1.2 carrier board.
Upstream-Status: Pending
- This change depends on audio being supported on mainline for
iMX8QM/QP, which is not working yet.
Related-to: ELB-5533
Signed-off-by: Hiago De Franco <hiago.franco@toradex.com>
|
|
Add support for the new version, v1.2, of Apalis Evaluation Board with
Apalis iMX8 v1.1 QP module.
Board versions v1.0 and v1.1 are compatible with each other and should
use imx8qp-apalis-v1.1-eval.dts file dts file.
Upstream-Status: Pending
- Apalis iMX8QP has no specific device tree file mainline yet, there is
only a device tree file for the Apalis iMX8QM.
Related-to: ELB-5533
Signed-off-by: Hiago De Franco <hiago.franco@toradex.com>
|
|
Add support for the new version, v1.2, of Apalis Evaluation Board.
Because only imx8-apalis-eval.dtsi was available and used as the only
board configuration for board version v1.0 and v1.1, it was changed to
be the common hardware configurations for all versions v1.0,
v1.1 and v1.2. Also, two .dtsi board files were added to have the
differences by board. The .dts were organized by SoM and board version.
Board versions v1.0 and v1.1 are compatible with each other and should
use imx8qm-apalis-eval.dts file or imx8qm-apalis-v1.1-eval.dts file
depending on SoM version. Now for v1.2, organized by SoM version too, the
files are imx8qm-apalis-eval-v1.2.dts and imx8qm-apalis-v1.1-eval-v1.2.dts.
Upstream-Status: Submitted [https://lore.kernel.org/all/20240125101457.9873-3-francesco@dolcini.it/]
Related-to: ELB-5533
Signed-off-by: Joao Paulo Goncalves <joao.goncalves@toradex.com>
Signed-off-by: Francesco Dolcini <francesco.dolcini@toradex.com>
|
|
Link: https://lore.kernel.org/r/20240122235744.598274724@linuxfoundation.org
Tested-by: SeongJae Park <sj@kernel.org>
Tested-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Link: https://lore.kernel.org/r/20240123174500.819179356@linuxfoundation.org
Tested-by: SeongJae Park <sj@kernel.org>
Tested-by: Florian Fainelli <florian.fainelli@broadcom.com>
Tested-by: Kelsey Steele <kelseysteele@linux.microsoft.com>
Tested-by: Ron Economos <re@w6rz.net>
Tested-by: Jon Hunter <jonathanh@nvidia.com>
Tested-by: Linux Kernel Functional Testing <lkft@linaro.org>
Tested-by: Allen Pais <apais@linux.microsoft.com>
Tested-by: kernelci.org bot <bot@kernelci.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
This reverts commit bed9e27baf52a09b7ba2a3714f1e24e17ced386d.
The original set [1][2] was expected to undo a suboptimal fix in [2], and
replace it with a better fix [1]. However, as reported by Dan Moulding [2]
causes an issue with raid5 with journal device.
Revert [2] for now to close the issue. We will follow up on another issue
reported by Juxiao Bi, as [2] is expected to fix it. We believe this is a
good trade-off, because the latter issue happens less freqently.
In the meanwhile, we will NOT revert [1], as it contains the right logic.
[1] commit d6e035aad6c0 ("md: bypass block throttle for superblock update")
[2] commit bed9e27baf52 ("Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"")
Reported-by: Dan Moulding <dan@danm.net>
Closes: https://lore.kernel.org/linux-raid/20240123005700.9302-1-dan@danm.net/
Fixes: bed9e27baf52 ("Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"")
Cc: stable@vger.kernel.org # v5.19+
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Yu Kuai <yukuai3@huawei.com>
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit fca8a117c1c9a0f8b8feed117db34cf58134dc2c upstream.
The rtc on the mox shares its interrupt line with the moxtet bus. Set
the interrupt type to be consistent between both devices. This ensures
correct setup of the interrupt line regardless of probing order.
Signed-off-by: Sjoerd Simons <sjoerd@collabora.com>
Cc: <stable@vger.kernel.org> # v6.2+
Fixes: 21aad8ba615e ("arm64: dts: armada-3720-turris-mox: Add missing interrupt for RTC")
Reviewed-by: Marek Behún <kabel@kernel.org>
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit aabef97a35160461e9c576848ded737558d89055 upstream.
If the ruleset contains consumed quota, restore them accordingly.
Otherwise, listing after restoration shows never used items.
Restore the user-defined quota and flags too.
Fixes: ed0a0c60f0e5 ("netfilter: nft_quota: move stateful fields out of expression data")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 860e874290fb3be08e966c9c8ffc510c5b0f2bd8 upstream.
If the ruleset contains last timestamps, restore them accordingly.
Otherwise, listing after restoration shows never used items.
Fixes: 33a24de37e81 ("netfilter: nft_last: move stateful fields out of expression data")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 558254b0b602b8605d7246a10cfeb584b1fcabfc upstream.
When cloning a packet-based limit expression, copy the cost value as
well. Otherwise the new limit is not functional anymore.
Fixes: 3b9e2ea6c11bf ("netfilter: nft_limit: move stateful fields out of expression data")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 1a58f84ea5df7f026bf92a0009f931bf547fe965 upstream.
We need to provide a destroy callback to release the extra fields.
Fixes: 3b9e2ea6c11b ("netfilter: nft_limit: move stateful fields out of expression data")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 7d70984a1ad4c445dff08edb9aacce8906b6a222 upstream.
Check if nf_ct_netns_get() fails then release the limit object
previously allocated via kmalloc().
Fixes: 37f319f37d90 ("netfilter: nft_connlimit: move stateful fields out of expression data")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 51edb2ff1c6fc27d3fa73f0773a31597ecd8e230 upstream.
This should check for NULL in case memory allocation fails.
Reported-by: Julian Wiedmann <jwiedmann.dev@gmail.com>
Fixes: 3b9e2ea6c11b ("netfilter: nft_limit: move stateful fields out of expression data")
Fixes: 37f319f37d90 ("netfilter: nft_connlimit: move stateful fields out of expression data")
Fixes: 33a24de37e81 ("netfilter: nft_last: move stateful fields out of expression data")
Fixes: ed0a0c60f0e5 ("netfilter: nft_quota: move stateful fields out of expression data")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Link: https://lore.kernel.org/r/20220110194817.53481-1-pablo@netfilter.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 1b151e2435fc3a9b10c8946c6aebe9f3e1938c55 upstream.
The special casing was originally added in pre-git history; reproducing
the commit log here:
> commit a318a92567d77
> Author: Andrew Morton <akpm@osdl.org>
> Date: Sun Sep 21 01:42:22 2003 -0700
>
> [PATCH] Speed up direct-io hugetlbpage handling
>
> This patch short-circuits all the direct-io page dirtying logic for
> higher-order pages. Without this, we pointlessly bounce BIOs up to
> keventd all the time.
In the last twenty years, compound pages have become used for more than
just hugetlb. Rewrite these functions to operate on folios instead
of pages and remove the special case for hugetlbfs; I don't think
it's needed any more (and if it is, we can put it back in as a call
to folio_test_hugetlb()).
This was found by inspection; as far as I can tell, this bug can lead
to pages used as the destination of a direct I/O read not being marked
as dirty. If those pages are then reclaimed by the MM without being
dirtied for some other reason, they won't be written out. Then when
they're faulted back in, they will not contain the data they should.
It'll take a pretty unusual setup to produce this problem with several
races all going the wrong way.
This problem predates the folio work; it could for example have been
triggered by mmaping a THP in tmpfs and using that as the target of an
O_DIRECT read.
Fixes: 800d8c63b2e98 ("shmem: add huge pages support")
Cc: <stable@vger.kernel.org>
Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
[ Upstream commit 990489e1042c6c5d6bccf56deca68f8dbeed8180 ]
To properly handle ACK on the bus when transferring more than one
message in polling mode, move the polling handling loop from
s3c24xx_i2c_message_start() to s3c24xx_i2c_doxfer(). This way
i2c_s3c_irq_nextbyte() is always executed till the end, properly
acknowledging the IRQ bits and no recursive calls to
i2c_s3c_irq_nextbyte() are made.
While touching this, also fix finishing transfers in polling mode by
using common code path and always waiting for the bus to become idle
and disabled.
Fixes: 117053f77a5a ("i2c: s3c2410: Add polling mode support")
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Andi Shyti <andi.shyti@kernel.org>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
[ Upstream commit 0d9cf23ed55d7ba3ab26d617a3ae507863674c8f ]
To properly handle read transfers in polling mode, no waiting for the ACK
state is needed as it will never come. Just wait a bit to ensure start
state is on the bus and continue processing next bytes.
Fixes: 117053f77a5a ("i2c: s3c2410: Add polling mode support")
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Chanho Park <chanho61.park@samsung.com>
Reviewed-by: Andi Shyti <andi.shyti@kernel.org>
Signed-off-by: Wolfram Sang <wsa@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
[ Upstream commit 2e7ef287f07c74985f1bf2858bedc62bd9ebf155 ]
idev->mc_ifc_count can be written over without proper locking.
Originally found by syzbot [1], fix this issue by encapsulating calls
to mld_ifc_stop_work() (and mld_gq_stop_work() for good measure) with
mutex_lock() and mutex_unlock() accordingly as these functions
should only be called with mc_lock per their declarations.
[1]
BUG: KCSAN: data-race in ipv6_mc_down / mld_ifc_work
write to 0xffff88813a80c832 of 1 bytes by task 3771 on cpu 0:
mld_ifc_stop_work net/ipv6/mcast.c:1080 [inline]
ipv6_mc_down+0x10a/0x280 net/ipv6/mcast.c:2725
addrconf_ifdown+0xe32/0xf10 net/ipv6/addrconf.c:3949
addrconf_notify+0x310/0x980
notifier_call_chain kernel/notifier.c:93 [inline]
raw_notifier_call_chain+0x6b/0x1c0 kernel/notifier.c:461
__dev_notify_flags+0x205/0x3d0
dev_change_flags+0xab/0xd0 net/core/dev.c:8685
do_setlink+0x9f6/0x2430 net/core/rtnetlink.c:2916
rtnl_group_changelink net/core/rtnetlink.c:3458 [inline]
__rtnl_newlink net/core/rtnetlink.c:3717 [inline]
rtnl_newlink+0xbb3/0x1670 net/core/rtnetlink.c:3754
rtnetlink_rcv_msg+0x807/0x8c0 net/core/rtnetlink.c:6558
netlink_rcv_skb+0x126/0x220 net/netlink/af_netlink.c:2545
rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:6576
netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline]
netlink_unicast+0x589/0x650 net/netlink/af_netlink.c:1368
netlink_sendmsg+0x66e/0x770 net/netlink/af_netlink.c:1910
...
write to 0xffff88813a80c832 of 1 bytes by task 22 on cpu 1:
mld_ifc_work+0x54c/0x7b0 net/ipv6/mcast.c:2653
process_one_work kernel/workqueue.c:2627 [inline]
process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2700
worker_thread+0x525/0x730 kernel/workqueue.c:2781
...
Fixes: 2d9a93b4902b ("mld: convert from timer to delayed work")
Reported-by: syzbot+a9400cabb1d784e49abf@syzkaller.appspotmail.com
Link: https://lore.kernel.org/all/000000000000994e09060ebcdffb@google.com/
Signed-off-by: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
Acked-by: Taehee Yoo <ap420073@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Hangbin Liu <liuhangbin@gmail.com>
Link: https://lore.kernel.org/r/20240117172102.12001-1-n.zhandarovich@fintech.ru
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
[ Upstream commit b34f4de6d30cbaa8fed905a5080b6eace8c84dc7 ]
'qos_pfc' test checks PFC behavior. The idea is to limit the traffic
using a shaper somewhere in the flow of the packets. In this area, the
buffer is smaller than the buffer at the beginning of the flow, so it fills
up until there is no more space left. The test configures there PFC
which is supposed to notice that the headroom is filling up and send PFC
Xoff to indicate the transmitter to stop sending traffic for the priorities
sharing this PG.
The Xon/Xoff threshold is auto-configured and always equal to
2*(MTU rounded up to cell size). Even after sending the PFC Xoff packet,
traffic will keep arriving until the transmitter receives and processes
the PFC packet. This amount of traffic is known as the PFC delay allowance.
Currently the buffer for the delay traffic is configured as 100KB. The
MTU in the test is 10KB, therefore the threshold for Xoff is about 20KB.
This allows 80KB extra to be stored in this buffer.
8-lane ports use two buffers among which the configured buffer is split,
the Xoff threshold then applies to each buffer in parallel.
The test does not take into account the behavior of 8-lane ports, when the
ports are configured to 400Gbps with 8 lanes or 800Gbps with 8 lanes,
packets are dropped and the test fails.
Check if the relevant ports use 8 lanes, in such case double the size of
the buffer, as the headroom is split half-half.
Cc: Shuah Khan <shuah@kernel.org>
Fixes: bfa804784e32 ("selftests: mlxsw: Add a PFC test")
Signed-off-by: Amit Cohen <amcohen@nvidia.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: Petr Machata <petrm@nvidia.com>
Acked-by: Paolo Abeni <pabeni@redhat.com>
Link: https://lore.kernel.org/r/23ff11b7dff031eb04a41c0f5254a2b636cd8ebb.1705502064.git.petrm@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
[ Upstream commit 483ae90d8f976f8339cf81066312e1329f2d3706 ]
When tc filters are first added to a net device, the corresponding local
port gets bound to an ACL group in the device. The group contains a list
of ACLs. In turn, each ACL points to a different TCAM region where the
filters are stored. During forwarding, the ACLs are sequentially
evaluated until a match is found.
One reason to place filters in different regions is when they are added
with decreasing priorities and in an alternating order so that two
consecutive filters can never fit in the same region because of their
key usage.
In Spectrum-2 and newer ASICs the firmware started to report that the
maximum number of ACLs in a group is more than 16, but the layout of the
register that configures ACL groups (PAGT) was not updated to account
for that. It is therefore possible to hit stack corruption [1] in the
rare case where more than 16 ACLs in a group are required.
Fix by limiting the maximum ACL group size to the minimum between what
the firmware reports and the maximum ACLs that fit in the PAGT register.
Add a test case to make sure the machine does not crash when this
condition is hit.
[1]
Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: mlxsw_sp_acl_tcam_group_update+0x116/0x120
[...]
dump_stack_lvl+0x36/0x50
panic+0x305/0x330
__stack_chk_fail+0x15/0x20
mlxsw_sp_acl_tcam_group_update+0x116/0x120
mlxsw_sp_acl_tcam_group_region_attach+0x69/0x110
mlxsw_sp_acl_tcam_vchunk_get+0x492/0xa20
mlxsw_sp_acl_tcam_ventry_add+0x25/0xe0
mlxsw_sp_acl_rule_add+0x47/0x240
mlxsw_sp_flower_replace+0x1a9/0x1d0
tc_setup_cb_add+0xdc/0x1c0
fl_hw_replace_filter+0x146/0x1f0
fl_change+0xc17/0x1360
tc_new_tfilter+0x472/0xb90
rtnetlink_rcv_msg+0x313/0x3b0
netlink_rcv_skb+0x58/0x100
netlink_unicast+0x244/0x390
netlink_sendmsg+0x1e4/0x440
____sys_sendmsg+0x164/0x260
___sys_sendmsg+0x9a/0xe0
__sys_sendmsg+0x7a/0xc0
do_syscall_64+0x40/0xe0
entry_SYSCALL_64_after_hwframe+0x63/0x6b
Fixes: c3ab435466d5 ("mlxsw: spectrum: Extend to support Spectrum-2 ASIC")
Reported-by: Orel Hagag <orelh@nvidia.com>
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Amit Cohen <amcohen@nvidia.com>
Signed-off-by: Petr Machata <petrm@nvidia.com>
Acked-by: Paolo Abeni <pabeni@redhat.com>
Link: https://lore.kernel.org/r/2d91c89afba59c22587b444994ae419dbea8d876.1705502064.git.petrm@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
[ Upstream commit 194ab9476089bbfc021073214e071a404e375ee6 ]
Move the initialization and de-initialization code further below in
order to avoid forward declarations in the next patch. No functional
changes.
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: Petr Machata <petrm@nvidia.com>
Reviewed-by: Jacob Keller <jacob.e.keller@intel.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Stable-dep-of: 483ae90d8f97 ("mlxsw: spectrum_acl_tcam: Fix stack corruption")
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
[ Upstream commit 61fe3b9102ac84ba479ab84d8f5454af2e21e468 ]
Move mutex_destroy() to the end to make the function symmetric with
mlxsw_sp_acl_tcam_init(). No functional changes.
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: Petr Machata <petrm@nvidia.com>
Reviewed-by: Jacob Keller <jacob.e.keller@intel.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Stable-dep-of: 483ae90d8f97 ("mlxsw: spectrum_acl_tcam: Fix stack corruption")
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
[ Upstream commit 65823e07b1e4055b6278725fd92f4d7e6f8d53fd ]
Pair mutex_init() with a mutex_destroy() in the error path. Found during
code review. No functional changes.
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: Petr Machata <petrm@nvidia.com>
Reviewed-by: Jacob Keller <jacob.e.keller@intel.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Stable-dep-of: 483ae90d8f97 ("mlxsw: spectrum_acl_tcam: Fix stack corruption")
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
[ Upstream commit 2c087dfcc9d5e7e8557d217f01f58ba42d1ddbf1 ]
Use 'bitmap_zalloc()' to simplify code, improve the semantic and avoid
some open-coded arithmetic in allocator arguments.
Also change the corresponding 'kfree()' into 'bitmap_free()' to keep
consistency.
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stable-dep-of: 483ae90d8f97 ("mlxsw: spectrum_acl_tcam: Fix stack corruption")
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
[ Upstream commit 6d6eeabcfaba2fcadf5443b575789ea606f9de83 ]
Lately, a bug was found when many TC filters are added - at some point,
several bugs are printed to dmesg [1] and the switch is crashed with
segmentation fault.
The issue starts when gen_pool_free() fails because of unexpected
behavior - a try to free memory which is already freed, this leads to BUG()
call which crashes the switch and makes many other bugs.
Trying to track down the unexpected behavior led to a bug in eRP code. The
function mlxsw_sp_acl_erp_table_alloc() gets a pointer to the allocated
index, sets the value and returns an error code. When gen_pool_alloc()
fails it returns address 0, we track it and return -ENOBUFS outside, BUT
the call for gen_pool_alloc() already override the index in erp_table
structure. This is a problem when such allocation is done as part of
table expansion. This is not a new table, which will not be used in case
of allocation failure. We try to expand eRP table and override the
current index (non-zero) with zero. Then, it leads to an unexpected
behavior when address 0 is freed twice. Note that address 0 is valid in
erp_table->base_index and indeed other tables use it.
gen_pool_alloc() fails in case that there is no space left in the
pre-allocated pool, in our case, the pool is limited to
ACL_MAX_ERPT_BANK_SIZE, which is read from hardware. When more than max
erp entries are required, we exceed the limit and return an error, this
error leads to "Failed to migrate vregion" print.
Fix this by changing erp_table->base_index only in case of a successful
allocation.
Add a test case for such a scenario. Without this fix it causes
segmentation fault:
$ TESTS="max_erp_entries_test" ./tc_flower.sh
./tc_flower.sh: line 988: 1560 Segmentation fault tc filter del dev $h2 ingress chain $i protocol ip pref $i handle $j flower &>/dev/null
[1]:
kernel BUG at lib/genalloc.c:508!
invalid opcode: 0000 [#1] PREEMPT SMP
CPU: 6 PID: 3531 Comm: tc Not tainted 6.7.0-rc5-custom-ga6893f479f5e #1
Hardware name: Mellanox Technologies Ltd. MSN4700/VMOD0010, BIOS 5.11 07/12/2021
RIP: 0010:gen_pool_free_owner+0xc9/0xe0
...
Call Trace:
<TASK>
__mlxsw_sp_acl_erp_table_other_dec+0x70/0xa0 [mlxsw_spectrum]
mlxsw_sp_acl_erp_mask_destroy+0xf5/0x110 [mlxsw_spectrum]
objagg_obj_root_destroy+0x18/0x80 [objagg]
objagg_obj_destroy+0x12c/0x130 [objagg]
mlxsw_sp_acl_erp_mask_put+0x37/0x50 [mlxsw_spectrum]
mlxsw_sp_acl_ctcam_region_entry_remove+0x74/0xa0 [mlxsw_spectrum]
mlxsw_sp_acl_ctcam_entry_del+0x1e/0x40 [mlxsw_spectrum]
mlxsw_sp_acl_tcam_ventry_del+0x78/0xd0 [mlxsw_spectrum]
mlxsw_sp_flower_destroy+0x4d/0x70 [mlxsw_spectrum]
mlxsw_sp_flow_block_cb+0x73/0xb0 [mlxsw_spectrum]
tc_setup_cb_destroy+0xc1/0x180
fl_hw_destroy_filter+0x94/0xc0 [cls_flower]
__fl_delete+0x1ac/0x1c0 [cls_flower]
fl_destroy+0xc2/0x150 [cls_flower]
tcf_proto_destroy+0x1a/0xa0
...
mlxsw_spectrum3 0000:07:00.0: Failed to migrate vregion
mlxsw_spectrum3 0000:07:00.0: Failed to migrate vregion
Fixes: f465261aa105 ("mlxsw: spectrum_acl: Implement common eRP core")
Signed-off-by: Amit Cohen <amcohen@nvidia.com>
Signed-off-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: Petr Machata <petrm@nvidia.com>
Acked-by: Paolo Abeni <pabeni@redhat.com>
Link: https://lore.kernel.org/r/4cfca254dfc0e5d283974801a24371c7b6db5989.1705502064.git.petrm@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
[ Upstream commit f1172f3ee3a98754d95b968968920a7d03fdebcc ]
Accessing an ethernet device that is powered off or clock gated might
cause the CPU to hang. Add ethnl_ops_begin/complete in
ethnl_set_features() to protect against this.
Fixes: 0980bfcd6954 ("ethtool: set netdev features with FEATURES_SET request")
Signed-off-by: Ludvig Pärsson <ludvig.parsson@axis.com>
Link: https://lore.kernel.org/r/20240117-etht2-v2-1-1a96b6e8c650@axis.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
[ Upstream commit 4f41d30cd6dc865c3cbc1a852372321eba6d4e4c ]
When appending "[defcmd]" to 'kdb_prompt_str', the size of the string
already in the buffer should be taken into account.
An option could be to switch from strncat() to strlcat() which does the
correct test to avoid such an overflow.
However, this actually looks as dead code, because 'defcmd_in_progress'
can't be true here.
See a more detailed explanation at [1].
[1]: https://lore.kernel.org/all/CAD=FV=WSh7wKN7Yp-3wWiDgX4E3isQ8uh0LCzTmd1v9Cg9j+nQ@mail.gmail.com/
Fixes: 5d5314d6795f ("kdb: core for kgdb back end (1 of 2)")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
[ Upstream commit d6938c1c76c64f42363d0d1f051e1b4641c2ad40 ]
Inside decrement_ttl() upon discovering that the packet ttl has exceeded,
__IP_INC_STATS and __IP6_INC_STATS macros can be called from preemptible
context having the following backtrace:
check_preemption_disabled: 48 callbacks suppressed
BUG: using __this_cpu_add() in preemptible [00000000] code: curl/1177
caller is decrement_ttl+0x217/0x830
CPU: 5 PID: 1177 Comm: curl Not tainted 6.7.0+ #34
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0xbd/0xe0
check_preemption_disabled+0xd1/0xe0
decrement_ttl+0x217/0x830
__ip_vs_get_out_rt+0x4e0/0x1ef0
ip_vs_nat_xmit+0x205/0xcd0
ip_vs_in_hook+0x9b1/0x26a0
nf_hook_slow+0xc2/0x210
nf_hook+0x1fb/0x770
__ip_local_out+0x33b/0x640
ip_local_out+0x2a/0x490
__ip_queue_xmit+0x990/0x1d10
__tcp_transmit_skb+0x288b/0x3d10
tcp_connect+0x3466/0x5180
tcp_v4_connect+0x1535/0x1bb0
__inet_stream_connect+0x40d/0x1040
inet_stream_connect+0x57/0xa0
__sys_connect_file+0x162/0x1a0
__sys_connect+0x137/0x160
__x64_sys_connect+0x72/0xb0
do_syscall_64+0x6f/0x140
entry_SYSCALL_64_after_hwframe+0x6e/0x76
RIP: 0033:0x7fe6dbbc34e0
Use the corresponding preemption-aware variants: IP_INC_STATS and
IP6_INC_STATS.
Found by Linux Verification Center (linuxtesting.org).
Fixes: 8d8e20e2d7bb ("ipvs: Decrement ttl")
Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
Acked-by: Julian Anastasov <ja@ssi.bg>
Acked-by: Simon Horman <horms@kernel.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
[ Upstream commit 113661e07460a6604aacc8ae1b23695a89e7d4b3 ]
It is still possible to set on the NFT_SET_CONCAT flag by specifying a
set size and no field description, report EINVAL in such case.
Fixes: 1b6345d4160e ("netfilter: nf_tables: check NFT_SET_CONCAT flag if field_count is specified")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
[ Upstream commit 6b1ca88e4bb63673dc9f9c7f23c899f22c3cb17a ]
Delete from packet path relies on the garbage collector to purge
elements with NFT_SET_ELEM_DEAD_BIT on.
Skip these dead elements from nf_tables_dump_setelem() path, I very
rarely see tests/shell/testcases/maps/typeof_maps_add_delete reports
[DUMP FAILED] showing a mismatch in the expected output with an element
that should not be there.
If the netlink dump happens before GC worker run, it might show dead
elements in the ruleset listing.
nft_rhash_get() already skips dead elements in nft_rhash_cmp(),
therefore, it already does not show the element when getting a single
element via netlink control plane.
Fixes: 5f68718b34a5 ("netfilter: nf_tables: GC transaction API to avoid race with control plane")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
[ Upstream commit 3ce67e3793f48c1b9635beb9bb71116ca1e51b58 ]
The set description provides the size of each field in the set whose sum
should not mismatch the set key length, bail out otherwise.
I did not manage to crash nft_set_pipapo with mismatch fields and set key
length so far, but this is UB which must be disallowed.
Fixes: f3a2181e16f1 ("netfilter: nf_tables: Support for sets with multiple ranged fields")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
[ Upstream commit 91a139cee1202a4599a380810d93c69b5bac6197 ]
Bail out if userspace provides unsupported flags, otherwise future
extensions to the limit expression will be silently ignored by the
kernel.
Fixes: c7862a5f0de5 ("netfilter: nft_limit: allow to invert matching criteria")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|