Commit 6714ebb9 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'net-6.8.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 

Pull networking fixes from Paolo Abeni:
 "Including fixes from bpf and netfilter.

  Current release - regressions:

   - af_unix: fix another unix GC hangup

  Previous releases - regressions:

   - core: fix a possible AF_UNIX deadlock

   - bpf: fix NULL pointer dereference in sk_psock_verdict_data_ready()

   - netfilter: nft_flow_offload: release dst in case direct xmit path
     is used

   - bridge: switchdev: ensure MDB events are delivered exactly once

   - l2tp: pass correct message length to ip6_append_data

   - dccp/tcp: unhash sk from ehash for tb2 alloc failure after
     check_estalblished()

   - tls: fixes for record type handling with PEEK

   - devlink: fix possible use-after-free and memory leaks in
     devlink_init()

  Previous releases - always broken:

   - bpf: fix an oops when attempting to read the vsyscall page through
     bpf_probe_read_kernel

   - sched: act_mirred: use the backlog for mirred ingress

   - netfilter: nft_flow_offload: fix dst refcount underflow

   - ipv6: sr: fix possible use-after-free and null-ptr-deref

   - mptcp: fix several data races

   - phonet: take correct lock to peek at the RX queue

  Misc:

   - handful of fixes and reliability improvements for selftests"

* tag 'net-6.8.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (72 commits)
  l2tp: pass correct message length to ip6_append_data
  net: phy: realtek: Fix rtl8211f_config_init() for RTL8211F(D)(I)-VD-CG PHY
  selftests: ioam: refactoring to align with the fix
  Fix write to cloned skb in ipv6_hop_ioam()
  phonet/pep: fix racy skb_queue_empty() use
  phonet: take correct lock to peek at the RX queue
  net: sparx5: Add spinlock for frame transmission from CPU
  net/sched: flower: Add lock protection when remove filter handle
  devlink: fix port dump cmd type
  net: stmmac: Fix EST offset for dwmac 5.10
  tools: ynl: don't leak mcast_groups on init error
  tools: ynl: make sure we always pass yarg to mnl_cb_run
  net: mctp: put sock on tag allocation failure
  netfilter: nf_tables: use kzalloc for hook allocation
  netfilter: nf_tables: register hooks last when adding new chain/flowtable
  netfilter: nft_flow_offload: release dst in case direct xmit path is used
  netfilter: nft_flow_offload: reset dst in route object after setting up flow
  netfilter: nf_tables: set dormant flag on hook register failure
  selftests: tls: add test for peeking past a record of a different type
  selftests: tls: add test for merging of same-type control messages
  ...
parents efa80dcb 359e54a9

Documentation/process/maintainer-netdev.rst

+1 −1
Original line number Diff line number Diff line
@@ -431,7 +431,7 @@ patchwork checks 
Checks in patchwork are mostly simple wrappers around existing kernel

scripts, the sources are available at:



https://github.com/kuba-moo/nipa/tree/master/tests

https://github.com/linux-netdev/nipa/tree/master/tests



**Do not** post your patches just to run them through the checks.

You must ensure that your patches are ready by testing them locally

MAINTAINERS

+2 −0
Original line number Diff line number Diff line
@@ -15242,6 +15242,8 @@ F: Documentation/networking/ 
F:	Documentation/networking/net_cachelines/

F:	Documentation/process/maintainer-netdev.rst

F:	Documentation/userspace-api/netlink/

F:	include/linux/framer/framer-provider.h

F:	include/linux/framer/framer.h

F:	include/linux/in.h

F:	include/linux/indirect_call_wrapper.h

F:	include/linux/net.h

arch/x86/include/asm/vsyscall.h

+10 −0
Original line number Diff line number Diff line
@@ -4,6 +4,7 @@ 


#include <linux/seqlock.h>

#include <uapi/asm/vsyscall.h>

#include <asm/page_types.h>



#ifdef CONFIG_X86_VSYSCALL_EMULATION

extern void map_vsyscall(void);
@@ -24,4 +25,13 @@ static inline bool emulate_vsyscall(unsigned long error_code, 
}

#endif



/*

 * The (legacy) vsyscall page is the long page in the kernel portion

 * of the address space that has user-accessible permissions.

 */

static inline bool is_vsyscall_vaddr(unsigned long vaddr)

{

	return unlikely((vaddr & PAGE_MASK) == VSYSCALL_ADDR);

}



#endif /* _ASM_X86_VSYSCALL_H */

arch/x86/mm/fault.c

+0 −9
Original line number Diff line number Diff line
@@ -798,15 +798,6 @@ show_signal_msg(struct pt_regs *regs, unsigned long error_code, 
	show_opcodes(regs, loglvl);

}



/*

 * The (legacy) vsyscall page is the long page in the kernel portion

 * of the address space that has user-accessible permissions.

 */

static bool is_vsyscall_vaddr(unsigned long vaddr)

{

	return unlikely((vaddr & PAGE_MASK) == VSYSCALL_ADDR);

}



static void

__bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code,

		       unsigned long address, u32 pkey, int si_code)

arch/x86/mm/maccess.c

+10 −0
Original line number Diff line number Diff line
@@ -3,6 +3,8 @@ 
#include <linux/uaccess.h>

#include <linux/kernel.h>



#include <asm/vsyscall.h>



#ifdef CONFIG_X86_64

bool copy_from_kernel_nofault_allowed(const void *unsafe_src, size_t size)

{
@@ -15,6 +17,14 @@ bool copy_from_kernel_nofault_allowed(const void *unsafe_src, size_t size) 
	if (vaddr < TASK_SIZE_MAX + PAGE_SIZE)

		return false;



	/*

	 * Reading from the vsyscall page may cause an unhandled fault in

	 * certain cases.  Though it is at an address above TASK_SIZE_MAX, it is

	 * usually considered as a user space address.

	 */

	if (is_vsyscall_vaddr(vaddr))

		return false;



	/*

	 * Allow everything during early boot before 'x86_virt_bits'

	 * is initialized.  Needed for instruction decoding in early