Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v6.18.21 2025-09-23T08:04:58+00:00 2025-09-23T08:04:58+00:00 Vincent Mailhol mailhol@kernel.org 2025-09-23T06:37:08+00:00 urn:sha1:c67732d067860850b767c81736b49f88a946bffb As hinted in commit 501a90c94510 ("inet: protect against too small mtu values."), net_device->mtu is vulnerable to race conditions if it is written and read without holding the RTNL. At the moment, all the writes are done while the interface is down, either in the devices' probe() function or in can_changelink(). So there are no such issues yet. But upcoming changes will allow to modify the MTU while the CAN XL devices are up. In preparation to the introduction of CAN XL, annotate all the net_device->mtu accesses which are not yet guarded by the RTNL with a READ_ONCE(). Note that all the write accesses are already either guarded by the RTNL or are already annotated and thus need no changes. Signed-off-by: Vincent Mailhol <mailhol@kernel.org> Link: https://patch.msgid.link/20250923-can-fix-mtu-v3-1-581bde113f52@kernel.org Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> 2025-09-19T18:56:35+00:00 Vincent Mailhol mailhol@kernel.org 2025-09-17T04:48:26+00:00 urn:sha1:a146cfaaa0dd8a3e2cf3447cd2965a3c4d046e8f struct raw_sock has several holes. Reorder the fields to save 8 bytes. Statistics before: $ pahole --class_name=raw_sock net/can/raw.o struct raw_sock { struct sock sk __attribute__((__aligned__(8))); /* 0 776 */ /* XXX last struct has 1 bit hole */ /* --- cacheline 12 boundary (768 bytes) was 8 bytes ago --- */ int ifindex; /* 776 4 */ /* XXX 4 bytes hole, try to pack */ struct net_device * dev; /* 784 8 */ netdevice_tracker dev_tracker; /* 792 0 */ struct list_head notifier; /* 792 16 */ unsigned int bound:1; /* 808: 0 4 */ unsigned int loopback:1; /* 808: 1 4 */ unsigned int recv_own_msgs:1; /* 808: 2 4 */ unsigned int fd_frames:1; /* 808: 3 4 */ unsigned int xl_frames:1; /* 808: 4 4 */ unsigned int join_filters:1; /* 808: 5 4 */ /* XXX 2 bits hole, try to pack */ /* Bitfield combined with next fields */ struct can_raw_vcid_options raw_vcid_opts; /* 809 4 */ /* XXX 3 bytes hole, try to pack */ canid_t tx_vcid_shifted; /* 816 4 */ canid_t rx_vcid_shifted; /* 820 4 */ canid_t rx_vcid_mask_shifted; /* 824 4 */ int count; /* 828 4 */ /* --- cacheline 13 boundary (832 bytes) --- */ struct can_filter dfilter; /* 832 8 */ struct can_filter * filter; /* 840 8 */ can_err_mask_t err_mask; /* 848 4 */ /* XXX 4 bytes hole, try to pack */ struct uniqframe * uniq; /* 856 8 */ /* size: 864, cachelines: 14, members: 20 */ /* sum members: 852, holes: 3, sum holes: 11 */ /* sum bitfield members: 6 bits, bit holes: 1, sum bit holes: 2 bits */ /* member types with bit holes: 1, total: 1 */ /* forced alignments: 1 */ /* last cacheline: 32 bytes */ } __attribute__((__aligned__(8))); ...and after: $ pahole --class_name=raw_sock net/can/raw.o struct raw_sock { struct sock sk __attribute__((__aligned__(8))); /* 0 776 */ /* XXX last struct has 1 bit hole */ /* --- cacheline 12 boundary (768 bytes) was 8 bytes ago --- */ struct net_device * dev; /* 776 8 */ netdevice_tracker dev_tracker; /* 784 0 */ struct list_head notifier; /* 784 16 */ int ifindex; /* 800 4 */ unsigned int bound:1; /* 804: 0 4 */ unsigned int loopback:1; /* 804: 1 4 */ unsigned int recv_own_msgs:1; /* 804: 2 4 */ unsigned int fd_frames:1; /* 804: 3 4 */ unsigned int xl_frames:1; /* 804: 4 4 */ unsigned int join_filters:1; /* 804: 5 4 */ /* XXX 2 bits hole, try to pack */ /* Bitfield combined with next fields */ struct can_raw_vcid_options raw_vcid_opts; /* 805 4 */ /* XXX 3 bytes hole, try to pack */ canid_t tx_vcid_shifted; /* 812 4 */ canid_t rx_vcid_shifted; /* 816 4 */ canid_t rx_vcid_mask_shifted; /* 820 4 */ can_err_mask_t err_mask; /* 824 4 */ int count; /* 828 4 */ /* --- cacheline 13 boundary (832 bytes) --- */ struct can_filter dfilter; /* 832 8 */ struct can_filter * filter; /* 840 8 */ struct uniqframe * uniq; /* 848 8 */ /* size: 856, cachelines: 14, members: 20 */ /* sum members: 852, holes: 1, sum holes: 3 */ /* sum bitfield members: 6 bits, bit holes: 1, sum bit holes: 2 bits */ /* member types with bit holes: 1, total: 1 */ /* forced alignments: 1 */ /* last cacheline: 24 bytes */ } __attribute__((__aligned__(8))); Acked-by: Oliver Hartkopp <socketcan@hartkopp.net> Signed-off-by: Vincent Mailhol <mailhol@kernel.org> Link: https://patch.msgid.link/20250917-can-raw-repack-v2-3-395e8b3a4437@kernel.org Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> 2025-09-19T18:56:34+00:00 Vincent Mailhol mailhol@kernel.org 2025-09-17T04:48:25+00:00 urn:sha1:890e5198a6e5b238627c245fafea1a92670a86cd The bound, loopback, recv_own_msgs, fd_frames, xl_frames and join_filters fields of struct raw_sock just need to store one bit of information. Declare all those members as a bitfields of type unsigned int and width one bit. Add a temporary variable to raw_setsockopt() and raw_getsockopt() to make the conversion between the stored bits and the socket interface. This reduces the size of struct raw_sock by sixteen bytes. Statistics before: $ pahole --class_name=raw_sock net/can/raw.o struct raw_sock { struct sock sk __attribute__((__aligned__(8))); /* 0 776 */ /* XXX last struct has 1 bit hole */ /* --- cacheline 12 boundary (768 bytes) was 8 bytes ago --- */ int bound; /* 776 4 */ int ifindex; /* 780 4 */ struct net_device * dev; /* 784 8 */ netdevice_tracker dev_tracker; /* 792 0 */ struct list_head notifier; /* 792 16 */ int loopback; /* 808 4 */ int recv_own_msgs; /* 812 4 */ int fd_frames; /* 816 4 */ int xl_frames; /* 820 4 */ struct can_raw_vcid_options raw_vcid_opts; /* 824 4 */ canid_t tx_vcid_shifted; /* 828 4 */ /* --- cacheline 13 boundary (832 bytes) --- */ canid_t rx_vcid_shifted; /* 832 4 */ canid_t rx_vcid_mask_shifted; /* 836 4 */ int join_filters; /* 840 4 */ int count; /* 844 4 */ struct can_filter dfilter; /* 848 8 */ struct can_filter * filter; /* 856 8 */ can_err_mask_t err_mask; /* 864 4 */ /* XXX 4 bytes hole, try to pack */ struct uniqframe * uniq; /* 872 8 */ /* size: 880, cachelines: 14, members: 20 */ /* sum members: 876, holes: 1, sum holes: 4 */ /* member types with bit holes: 1, total: 1 */ /* forced alignments: 1 */ /* last cacheline: 48 bytes */ } __attribute__((__aligned__(8))); ...and after: $ pahole --class_name=raw_sock net/can/raw.o struct raw_sock { struct sock sk __attribute__((__aligned__(8))); /* 0 776 */ /* XXX last struct has 1 bit hole */ /* --- cacheline 12 boundary (768 bytes) was 8 bytes ago --- */ int ifindex; /* 776 4 */ /* XXX 4 bytes hole, try to pack */ struct net_device * dev; /* 784 8 */ netdevice_tracker dev_tracker; /* 792 0 */ struct list_head notifier; /* 792 16 */ unsigned int bound:1; /* 808: 0 4 */ unsigned int loopback:1; /* 808: 1 4 */ unsigned int recv_own_msgs:1; /* 808: 2 4 */ unsigned int fd_frames:1; /* 808: 3 4 */ unsigned int xl_frames:1; /* 808: 4 4 */ unsigned int join_filters:1; /* 808: 5 4 */ /* XXX 2 bits hole, try to pack */ /* Bitfield combined with next fields */ struct can_raw_vcid_options raw_vcid_opts; /* 809 4 */ /* XXX 3 bytes hole, try to pack */ canid_t tx_vcid_shifted; /* 816 4 */ canid_t rx_vcid_shifted; /* 820 4 */ canid_t rx_vcid_mask_shifted; /* 824 4 */ int count; /* 828 4 */ /* --- cacheline 13 boundary (832 bytes) --- */ struct can_filter dfilter; /* 832 8 */ struct can_filter * filter; /* 840 8 */ can_err_mask_t err_mask; /* 848 4 */ /* XXX 4 bytes hole, try to pack */ struct uniqframe * uniq; /* 856 8 */ /* size: 864, cachelines: 14, members: 20 */ /* sum members: 852, holes: 3, sum holes: 11 */ /* sum bitfield members: 6 bits, bit holes: 1, sum bit holes: 2 bits */ /* member types with bit holes: 1, total: 1 */ /* forced alignments: 1 */ /* last cacheline: 32 bytes */ } __attribute__((__aligned__(8))); Acked-by: Oliver Hartkopp <socketcan@hartkopp.net> Signed-off-by: Vincent Mailhol <mailhol@kernel.org> Link: https://patch.msgid.link/20250917-can-raw-repack-v2-2-395e8b3a4437@kernel.org Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> 2025-09-19T18:56:34+00:00 Vincent Mailhol mailhol@kernel.org 2025-09-17T04:48:24+00:00 urn:sha1:fc8418eca43d5872e3976636d7c4924094bd07fd struct uniqframe has one hole. Reorder the fields to save 8 bytes. Statistics before: $ pahole --class_name=uniqframe net/can/raw.o struct uniqframe { int skbcnt; /* 0 4 */ /* XXX 4 bytes hole, try to pack */ const struct sk_buff * skb; /* 8 8 */ unsigned int join_rx_count; /* 16 4 */ /* size: 24, cachelines: 1, members: 3 */ /* sum members: 16, holes: 1, sum holes: 4 */ /* padding: 4 */ /* last cacheline: 24 bytes */ }; ...and after: $ pahole --class_name=uniqframe net/can/raw.o struct uniqframe { const struct sk_buff * skb; /* 0 8 */ int skbcnt; /* 8 4 */ unsigned int join_rx_count; /* 12 4 */ /* size: 16, cachelines: 1, members: 3 */ /* last cacheline: 16 bytes */ }; Acked-by: Oliver Hartkopp <socketcan@hartkopp.net> Signed-off-by: Vincent Mailhol <mailhol@kernel.org> Link: https://patch.msgid.link/20250917-can-raw-repack-v2-1-395e8b3a4437@kernel.org Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> 2025-06-10T08:23:56+00:00 Davide Caratti dcaratti@redhat.com 2025-06-04T16:06:05+00:00 urn:sha1:81807451c2a6af59bbc58adfd0da69870c30d4ab sock_queue_rcv_skb() can fail because of lack of memory resources: use drop reasons and pass the receiving socket to the tracepoint, so that it's possible to better locate/debug such events. Tested with: | # modprobe vcan echo=1 | # ip link add name vcan2 type vcan | # ip link set dev vcan2 up | # ./netlayer/tst-proc 1 & | # bg | # while true ; do perf record -e skb:kfree_skb -aR -- \ | > ./raw/tst-raw-sendto vcan2 ; perf script ; done | [...] | tst-raw-sendto 10942 [000] 506428.431856: skb:kfree_skb: skbaddr=0xffff97cec38b4200 rx_sk=0xffff97cf0f75a800 protocol=12 location=raw_rcv+0x20e reason: SOCKET_RCVBUF Signed-off-by: Davide Caratti <dcaratti@redhat.com> Link: https://patch.msgid.link/20250604160605.1005704-3-dcaratti@redhat.com Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> 2025-03-14T12:27:33+00:00 Davide Caratti dcaratti@redhat.com 2025-03-14T11:39:49+00:00 urn:sha1:6bffe88452dbe284747442f10a7ac8249d6495d7 The third column in the output of the following command: | # grep CAN /proc/net/protocols is systematically '0': use sock_prot_inuse_add() to account for the number of sockets for each protocol on top of AF_CAN family. Signed-off-by: Davide Caratti <dcaratti@redhat.com> Link: https://patch.msgid.link/9db5d0e6c11b232ad895885616f1258882a32f61.1741952160.git.dcaratti@redhat.com Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> 2025-02-19T02:27:19+00:00 Willem de Bruijn willemb@google.com 2025-02-14T22:26:59+00:00 urn:sha1:6ad861519a69ecf3cf032c579e18569f62b81263 Avoid open coding initialization of sockcm fields. Avoid reading the sk_priority field twice. This ensures all callers, existing and future, will correctly try a cmsg passed mark before sk_mark. This patch extends support for cmsg mark to: packet_spkt and packet_tpacket and net/can/raw.c. This patch extends support for cmsg priority to: packet_spkt and packet_tpacket. Signed-off-by: Willem de Bruijn <willemb@google.com> Reviewed-by: David Ahern <dsahern@kernel.org> Link: https://patch.msgid.link/20250214222720.3205500-3-willemdebruijn.kernel@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2024-12-17T02:13:44+00:00 Anna Emese Nyiri annaemesenyiri@gmail.com 2024-12-13T08:44:55+00:00 urn:sha1:a32f3e9d1ed146f81162702605d65447a319eb76 The Linux socket API currently allows setting SO_PRIORITY at the socket level, applying a uniform priority to all packets sent through that socket. The exception to this is IP_TOS, when the priority value is calculated during the handling of ancillary data, as implemented in commit f02db315b8d8 ("ipv4: IP_TOS and IP_TTL can be specified as ancillary data"). However, this is a computed value, and there is currently no mechanism to set a custom priority via control messages prior to this patch. According to this patch, if SO_PRIORITY is specified as ancillary data, the packet is sent with the priority value set through sockc->priority, overriding the socket-level values set via the traditional setsockopt() method. This is analogous to the existing support for SO_MARK, as implemented in commit c6af0c227a22 ("ip: support SO_MARK cmsg"). If both cmsg SO_PRIORITY and IP_TOS are passed, then the one that takes precedence is the last one in the cmsg list. This patch has the side effect that raw_send_hdrinc now interprets cmsg IP_TOS. Reviewed-by: Willem de Bruijn <willemb@google.com> Suggested-by: Ferenc Fejes <fejes@inf.elte.hu> Signed-off-by: Anna Emese Nyiri <annaemesenyiri@gmail.com> Link: https://patch.msgid.link/20241213084457.45120-3-annaemesenyiri@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2024-10-04T18:52:19+00:00 Vadim Fedorenko vadfed@meta.com 2024-10-01T12:57:15+00:00 urn:sha1:822b5bc6db55f1c3ea51659c423784ac6919ddd4 The last type of sockets which supports SOF_TIMESTAMPING_OPT_ID is RAW sockets. To add new option this patch converts all callers (direct and indirect) of _sock_tx_timestamp to provide sockcm_cookie instead of tsflags. And while here fix __sock_tx_timestamp to receive tsflags as __u32 instead of __u16. Reviewed-by: Willem de Bruijn <willemb@google.com> Reviewed-by: Jason Xing <kerneljasonxing@gmail.com> Signed-off-by: Vadim Fedorenko <vadfed@meta.com> Link: https://patch.msgid.link/20241001125716.2832769-3-vadfed@meta.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2024-02-20T08:40:46+00:00 Marc Kleine-Budde mkl@pengutronix.de 2024-02-20T08:16:16+00:00 urn:sha1:00bf80c437dcbbd808d61cc2866c8f065ff436bd Reduce the scope of the variable "err" to the individual cases. This is to avoid the mistake of setting "err" in the mistaken belief that it will be evaluated later. Reviewed-by: Vincent Mailhol <mailhol.vincent@wanadoo.fr> Link: https://lore.kernel.org/all/20240220-raw-setsockopt-v1-1-7d34cb1377fc@pengutronix.de Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>