summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-11-24x86/decoder: Add new TEST instruction patternMasami Hiramatsu
The kbuild test robot reported this build warning: Warning: arch/x86/tools/test_get_len found difference at <jump_table>:ffffffff8103dd2c Warning: ffffffff8103dd82: f6 09 d8 testb $0xd8,(%rcx) Warning: objdump says 3 bytes, but insn_get_length() says 2 Warning: decoded and checked 1569014 instructions with 1 warnings This sequence seems to be a new instruction not in the opcode map in the Intel SDM. The instruction sequence is "F6 09 d8", means Group3(F6), MOD(00)REG(001)RM(001), and 0xd8. Intel SDM vol2 A.4 Table A-6 said the table index in the group is "Encoding of Bits 5,4,3 of the ModR/M Byte (bits 2,1,0 in parenthesis)" In that table, opcodes listed by the index REG bits as: 000 001 010 011 100 101 110 111 TEST Ib/Iz,(undefined),NOT,NEG,MUL AL/rAX,IMUL AL/rAX,DIV AL/rAX,IDIV AL/rAX So, it seems TEST Ib is assigned to 001. Add the new pattern. Reported-by: kbuild test robot <fengguang.wu@intel.com> Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: <stable@vger.kernel.org> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar <mingo@kernel.org>
2017-11-23Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds
Pull networking fixes from David Miller: 1) Fix PCI IDs of 9000 series iwlwifi devices, from Luca Coelho. 2) bpf offload bug fixes from Jakub Kicinski. 3) Fix bpf verifier to NOP out code which is dead at run time because due to branch pruning the verifier will not explore such instructions. From Alexei Starovoitov. 4) Fix crash when deleting secondary chains in packet scheduler classifier. From Roman Kapl. 5) Fix buffer management bugs in smc, from Ursula Braun. 6) Fix regression in anycast route handling, from David Ahern. 7) Fix link settings regression in r8169, from Tobias Jakobi. 8) Add back enough UFO support so that live migration still works, from Willem de Bruijn. 9) Linearize enough packet data for the full extent to which the ipvlan code will inspect the packet headers, from Gao Feng. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (46 commits) ipvlan: Fix insufficient skb linear check for ipv6 icmp ipvlan: Fix insufficient skb linear check for arp geneve: only configure or fill UDP_ZERO_CSUM6_RX/TX info when CONFIG_IPV6 net: dsa: bcm_sf2: Clear IDDQ_GLOBAL_PWR bit for PHY net: accept UFO datagrams from tuntap and packet net: realtek: r8169: implement set_link_ksettings() net: ipv6: Fixup device for anycast routes during copy net/smc: Fix preinitialization of buf_desc in __smc_buf_create() net/smc: use sk_rcvbuf as start for rmb creation ipv6: Do not consider linkdown nexthops during multipath net: sched: fix crash when deleting secondary chains net: phy: cortina: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE bpf: fix branch pruning logic bpf: change bpf_perf_event_output arg5 type to ARG_CONST_SIZE_OR_ZERO bpf: change bpf_probe_read_str arg2 type to ARG_CONST_SIZE_OR_ZERO bpf: remove explicit handling of 0 for arg2 in bpf_probe_read bpf: introduce ARG_PTR_TO_MEM_OR_NULL i40evf: Use smp_rmb rather than read_barrier_depends fm10k: Use smp_rmb rather than read_barrier_depends igb: Use smp_rmb rather than read_barrier_depends ...
2017-11-23Merge tag 'platform-drivers-x86-v4.15-2' of ↵Linus Torvalds
git://git.infradead.org/linux-platform-drivers-x86 Pull x86 platform driver fixes from Darren Hart: "Fix two issues resulting from the dell-smbios refactoring and introduction of the dell-smbios-wmi dispatcher. The first ensures a proper error code is returned when kzalloc fails. The second avoids an issue in older Dell BIOS implementations which would fail if the more complex calls were made by limiting those platforms to the simple calls such as those used by the existing dell-laptop and dell-wmi drivers, preserving their functionality prior to the addition of the dell-smbios-wmi dispatcher" * tag 'platform-drivers-x86-v4.15-2' of git://git.infradead.org/linux-platform-drivers-x86: platform/x86: dell-laptop: fix error return code in dell_init() platform/x86: dell-smbios-wmi: Disable userspace interface if missing hotfix
2017-11-23Merge tag 'scsi-fixes' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI fixes from James Bottomley: "Two basic fixes: one for the sparse problem with the blacklist flags and another for a hang forever in bnx2i" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: Use 'blist_flags_t' for scsi_devinfo flags scsi: bnx2fc: Fix hung task messages when a cleanup response is not received during abort
2017-11-23Merge tag 'sound-fix-4.15-rc1' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound fixes from Takashi Iwai: "All commits found here are small fixes for regression or stable: - PCM timestamp behavior fix that could be seen as a regression - Remove spurious WARN_ON() from ALSA timer 32bit compat ioctl - HD-audio HDMI/DP channel mapping fix for 32bit archs - Fix the previous fix for HD-audio initialization code - More hardening USB-audio against malicious USB descriptors - HD-audio quirks/fixes (Realtek codec, AMD controller) - Missing help text for the recent Intel SST kconfig change" * tag 'sound-fix-4.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: hda: Add Raven PCI ID ALSA: hda/realtek - Fix ALC700 family no sound issue ALSA: hda - Fix yet remaining issue with vmaster 0dB initialization ALSA: usb-audio: Add sanity checks in v2 clock parsers ALSA: usb-audio: Fix potential zero-division at parsing FU ALSA: usb-audio: Fix potential out-of-bound access at parsing SU ALSA: usb-audio: Add sanity checks to FE parser ALSA: timer: Remove kernel warning at compat ioctl error paths ALSA: pcm: update tstamp only if audio_tstamp changed ALSA: hda/realtek: Add headset mic support for Intel NUC Skull Canyon ALSA: hda: Fix too short HDMI/DP chmap reporting ALSA: usb-audio: uac1: Invalidate ctl on interrupt ALSA: hda/realtek - Fix ALC275 no sound issue ASoC: Intel: Add help text for SND_SOC_INTEL_SST_TOPLEVEL
2017-11-23Merge tag 'drm-for-v4.15-part2' of git://people.freedesktop.org/~airlied/linuxLinus Torvalds
Pull more drm updates from Dave Airlie: "Fixes/cleanups for rc1, non-desktop flags for VR - remove the MSM dt-bindings file Rob managed to push in the previous pull. - add a property/edid quirk to denote HMD devices, I had these hanging around for a few weeks and Keith had done some work on them, they are fairly self contained and small, and only affect people using HTC Vive VR headsets so far. - amdgpu, tegra, tilcdc, fsl fixes - some imx-drm cleanups I missed, these seemed pretty small, and no reason to hold off. I have one TTM regression fix (fixes bochs-vga in qemu) sitting locally awaiting review I'll probably send that in a separate pull request tomorrow" * tag 'drm-for-v4.15-part2' of git://people.freedesktop.org/~airlied/linux: (33 commits) dt-bindings: remove file that was added accidentally drm/edid: quirk HTC vive headset as non-desktop. [v2] drm/fb: add support for not enabling fbcon on non-desktop displays [v2] drm: add connector info/property for non-desktop displays [v2] drm/amdgpu: fix rmmod KCQ disable failed error drm/amdgpu: fix kernel hang when starting VNC server drm/amdgpu: don't skip attributes when powerplay is enabled drm/amd/pp: fix typecast error in powerplay. drm/tilcdc: Remove obsolete "ti,tilcdc,slave" dts binding support drm/tegra: sor: Reimplement pad clock Revert "drm/radeon: dont switch vt on suspend" drm/amd/amdgpu: fix over-bound accessing in amdgpu_cs_wait_any_fence drm/amd/powerplay: fix unfreeze level smc message for smu7 drm/amdgpu:fix memleak drm/amdgpu:fix memleak in takedown drm/amd/pp: fix dpm randomly failed on Vega10 drm/amdgpu: set f_mapping on exported DMA-bufs drm/amdgpu: Properly allocate VM invalidate eng v2 drm/fsl-dcu: enable IRQ before drm_atomic_helper_resume() drm/fsl-dcu: avoid disabling pixel clock twice on suspend ...
2017-11-23Merge tag 'docs-4.15-2' of git://git.lwn.net/linuxLinus Torvalds
Pull documentation updates from Jonathan Corbet: "A few late-arriving docs updates that have no real reason to wait. There's a new "Co-Developed-by" tag described by Greg, and a build enhancement from Willy to generate docs warnings during a kernel build (but only when additional warnings have been requested in general)" * tag 'docs-4.15-2' of git://git.lwn.net/linux: Add optional check for bad kernel-doc comments Documentation: fix profile= options in kernel-parameters.txt documentation/svga.txt: update outdated file kokr/memory-barriers.txt: Fix typo in paring example kokr/memory-barriers/txt: Replace uses of "transitive" Documentation/process: add Co-Developed-by: tag for patches with multiple authors
2017-11-23Merge branch 'next-keys' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security Pull keys update from James Morris: "There's nothing too controversial here: - Doc fix for keyctl_read(). - time_t -> time64_t replacement. - Set the module licence on things to prevent tainting" * 'next-keys' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: pkcs7: Set the module licence to prevent tainting security: keys: Replace time_t with time64_t for struct key_preparsed_payload security: keys: Replace time_t/timespec with time64_t KEYS: fix in-kernel documentation for keyctl_read()
2017-11-23Merge tag 'apparmor-pr-2017-11-21' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor Pull apparmor updates from John Johansen: "No features this time, just minor cleanups and bug fixes. Cleanups: - fix spelling mistake: "resoure" -> "resource" - remove unused redundant variable stop - Fix bool initialization/comparison Bug Fixes: - initialized returned struct aa_perms - fix leak of null profile name if profile allocation fails - ensure that undecidable profile attachments fail - fix profile attachment for special unconfined profiles - fix locking when creating a new complain profile. - fix possible recursive lock warning in __aa_create_ns" * tag 'apparmor-pr-2017-11-21' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor: apparmor: fix possible recursive lock warning in __aa_create_ns apparmor: fix locking when creating a new complain profile. apparmor: fix profile attachment for special unconfined profiles apparmor: ensure that undecidable profile attachments fail apparmor: fix leak of null profile name if profile allocation fails apparmor: remove unused redundant variable stop apparmor: Fix bool initialization/comparison apparmor: initialized returned struct aa_perms apparmor: fix spelling mistake: "resoure" -> "resource"
2017-11-24Merge tag 'keys-next-20171123' of ↵James Morris
git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs into next-keys Merge keys subsystem changes from David Howells, for v4.15.
2017-11-23x86/PCI: Remove unused HyperTransport interrupt supportBjorn Helgaas
There are no in-tree callers of ht_create_irq(), the driver interface for HyperTransport interrupts, left. Remove the unused entry point and all the supporting code. See 8b955b0dddb3 ("[PATCH] Initial generic hypertransport interrupt support"). Signed-off-by: Bjorn Helgaas <bhelgaas@google.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Andi Kleen <ak@linux.intel.com> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: linux-pci@vger.kernel.org Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Link: https://lkml.kernel.org/r/20171122221337.3877.23362.stgit@bhelgaas-glaptop.roam.corp.google.com
2017-11-23x86/umip: Fix insn_get_code_seg_params()'s return valueBorislav Petkov
In order to save on redundant structs definitions insn_get_code_seg_params() was made to return two 4-bit values in a char but clang complains: arch/x86/lib/insn-eval.c:780:10: warning: implicit conversion from 'int' to 'char' changes value from 132 to -124 [-Wconstant-conversion] return INSN_CODE_SEG_PARAMS(4, 8); ~~~~~~ ^~~~~~~~~~~~~~~~~~~~~~~~~~ ./arch/x86/include/asm/insn-eval.h:16:57: note: expanded from macro 'INSN_CODE_SEG_PARAMS' #define INSN_CODE_SEG_PARAMS(oper_sz, addr_sz) (oper_sz | (addr_sz << 4)) Those two values do get picked apart afterwards the opposite way of how they were ORed so wrt to the LSByte, the return value is the same. But this function returns -EINVAL in the error case, which is an int. So make it return an int which is the native word size anyway and thus fix the clang warning. Reported-by: Kees Cook <keescook@google.com> Reported-by: Nick Desaulniers <nick.desaulniers@gmail.com> Signed-off-by: Borislav Petkov <bp@suse.de> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: ricardo.neri-calderon@linux.intel.com Link: https://lkml.kernel.org/r/20171123091951.1462-1-bp@alien8.de
2017-11-23x86/boot/KASLR: Remove unused variableChao Fan
There are two variables "rc" in mem_avoid_memmap. One at the top of the function and another one inside the while() loop. Drop the outer one as it is unused. Cleanup some whitespace damage while at it. Signed-off-by: Chao Fan <fanc.fnst@cn.fujitsu.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: gregkh@linuxfoundation.org Cc: n-horiguchi@ah.jp.nec.com Cc: keescook@chromium.org Link: https://lkml.kernel.org/r/20171123090847.15293-1-fanc.fnst@cn.fujitsu.com
2017-11-23genirq/matrix: Make - vs ?: Precedence explicitKees Cook
Noticed with a Clang build. This improves the readability of the ?: expression, as it has lower precedence than the - expression. Show explicitly that - is evaluated first. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Link: https://lkml.kernel.org/r/20171122205645.GA27125@beast
2017-11-23irqchip/imgpdc: Use resource_size function on resource objectVasyl Gomonovych
drivers/irqchip/irq-imgpdc.c:327:20-23: WARNING: Suspicious code. resource_size is maybe missing with res_regs Generated by: scripts/coccinelle/api/resource_size.cocci Signed-off-by: Vasyl Gomonovych <gomonovych@gmail.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: marc.zyngier@arm.com Cc: jason@lakedaemon.net Link: https://lkml.kernel.org/r/1511215361-8279-1-git-send-email-gomonovych@gmail.com
2017-11-23irqchip/qcom: Fix u32 comparison with value less than zeroColin Ian King
The comparison of u32 nregs being less than zero is never true since nregs is unsigned. Fix this by making nregs a signed integer. Fixes: f20cc9b00c7b ("irqchip/qcom: Add IRQ combiner driver") Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: Marc Zyngier <marc.zyngier@arm.com> Cc: kernel-janitors@vger.kernel.org Cc: Jason Cooper <jason@lakedaemon.net> Link: https://lkml.kernel.org/r/20171117183553.2739-1-colin.king@canonical.com
2017-11-24Merge branch 'ipvlan-Fix-insufficient-skb-linear-check'David S. Miller
Gao Feng says: ==================== ipvlan: Fix insufficient skb linear check The current ipvlan codes use pskb_may_pull to get the skb linear header in func ipvlan_get_L3_hdr, but the size isn't enough for arp and ipv6 icmp. So it may access the unexpected momory in ipvlan_addr_lookup. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-24ipvlan: Fix insufficient skb linear check for ipv6 icmpGao Feng
In the function ipvlan_get_L3_hdr, current codes use pskb_may_pull to make sure the skb header has enough linear room for ipv6 header. But it would use the latter memory directly without linear check when it is icmp. So it still may access the unepxected memory in ipvlan_addr_lookup. Now invoke the pskb_may_pull again if it is ipv6 icmp. Signed-off-by: Gao Feng <gfree.wind@vip.163.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-24ipvlan: Fix insufficient skb linear check for arpGao Feng
In the function ipvlan_get_L3_hdr, current codes use pskb_may_pull to make sure the skb header has enough linear room for arp header. But it would access the arp payload in func ipvlan_addr_lookup. So it still may access the unepxected memory. Now use arp_hdr_len(port->dev) instead of the arp header as the param. Signed-off-by: Gao Feng <gfree.wind@vip.163.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-24geneve: only configure or fill UDP_ZERO_CSUM6_RX/TX info when CONFIG_IPV6Hangbin Liu
Stefano pointed that configure or show UDP_ZERO_CSUM6_RX/TX info doesn't make sense if we haven't enabled CONFIG_IPV6. Fix it by adding if IS_ENABLED(CONFIG_IPV6) check. Fixes: abe492b4f50c ("geneve: UDP checksum configuration via netlink") Fixes: fd7eafd02121 ("geneve: fix fill_info when link down") Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> Reviewed-by: Stefano Brivio <sbrivio@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-24Merge tag 'wireless-drivers-for-davem-2017-11-22' of ↵David S. Miller
git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers Kalle Valo says: ==================== wireless-drivers fixes for 4.15 First set of fixes for 4.15. Most important here is the iwlwifi fix for scan command firmware interface change. ath10k * fix CCMP-256, GCMP and GCMP-256 in raw mode, it was never working wcn36xx * fix device tree node search iwlwifi * fix a regression with firmware API change of scan cmd (introduced in firmware version 34) * add a bunch of PCI IDs and fix configuration structs for A000 devices * fix the exported firmware name strings for 9000 and A000 devices ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-24Merge branch '40GbE' of ↵David S. Miller
git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net-queue Jeff Kirsher says: ==================== Intel Wired LAN Driver Fixes 2017-11-21 This series contains fixes for igb/vf, ixgbe/vf, i40e/vf and fm10k. Jake fixes a regression issue with older firmware, where we were using the NVM lock to synchronize NVM reads for all devices and firmware versions, yet this caused issues with older firmware prior to version 1.5. Fixed this by only grabbing the lock for newer devices and firmware version 1.5 or newer. Zijie Pan fixes the calculation of the i40e VF MAC addresses, where it was possible to increment to the next MAC entry without calling i40e_add_mac_filter(). Amritha removes the upper limit of 64 queues on a channel VSI since the upper bound is determined by the VSI's num_queue_pairs. Filip fixes an issue during FLR resets, where should have been checking for upcoming core reset and if so, just return with I40E_ERR_NOT_READY. Alan fixes the notifying clients of l2 parameters by copying the parameters to the client instance struct and re-organizes the priority in which the client tasks fire so that if the flag for notifying l2 params is set, it will trigger before the client open task. Also fixed the promiscuous settings after reset for all the VSI's. Brian King from IBM fixes an issue seen on Power systems which would result in skb list corruption and eventual kernel oops. Brian provides the same fix for nearly all our drivers, to replace the read_barrier_depends with smp_rmb() to ensure loads are ordered with respect to the load of tx_buffer->next_to_watch. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-24net: dsa: bcm_sf2: Clear IDDQ_GLOBAL_PWR bit for PHYFlorian Fainelli
The PHY on BCM7278 has an additional bit that needs to be cleared: IDDQ_GLOBAL_PWR, without doing this, the PHY remains stuck in reset out of suspend/resume cycles. Fixes: 0fe9933804eb ("net: dsa: bcm_sf2: Add support for BCM7278 integrated switch") Signed-off-by: Florian Fainelli <f.fainelli@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-24Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpfDavid S. Miller
Daniel Borkmann says: ==================== pull-request: bpf 2017-11-23 The following pull-request contains BPF updates for your *net* tree. The main changes are: 1) Several BPF offloading fixes, from Jakub. Among others: - Limit offload to cls_bpf and XDP program types only. - Move device validation into the driver and don't make any assumptions about the device in the classifier due to shared blocks semantics. - Don't pass offloaded XDP program into the driver when it should be run in native XDP instead. Offloaded ones are not JITed for the host in such cases. - Don't destroy device offload state when moved to another namespace. - Revert dumping offload info into user space for now, since ifindex alone is not sufficient. This will be redone properly for bpf-next tree. 2) Fix test_verifier to avoid using bpf_probe_write_user() helper in test cases, since it's dumping a warning into kernel log which may confuse users when only running tests. Switch to use bpf_trace_printk() instead, from Yonghong. 3) Several fixes for correcting ARG_CONST_SIZE_OR_ZERO semantics before it becomes uabi, from Gianluca. More specifically: - Add a type ARG_PTR_TO_MEM_OR_NULL that is used only by bpf_csum_diff(), where the argument is either a valid pointer or NULL. The subsequent ARG_CONST_SIZE_OR_ZERO then enforces a valid pointer in case of non-0 size or a valid pointer or NULL in case of size 0. Given that, the semantics for ARG_PTR_TO_MEM in combination with ARG_CONST_SIZE_OR_ZERO are now such that in case of size 0, the pointer must always be valid and cannot be NULL. This fix in semantics allows for bpf_probe_read() to drop the recently added size == 0 check in the helper that would become part of uabi otherwise once released. At the same time we can then fix bpf_probe_read_str() and bpf_perf_event_output() to use ARG_CONST_SIZE_OR_ZERO instead of ARG_CONST_SIZE in order to fix recently reported issues by Arnaldo et al, where LLVM optimizes two boundary checks into a single one for unknown variables where the verifier looses track of the variable bounds and thus rejects valid programs otherwise. 4) A fix for the verifier for the case when it detects comparison of two constants where the branch is guaranteed to not be taken at runtime. Verifier will rightfully prune the exploration of such paths, but we still pass the program to JITs, where they would complain about using reserved fields, etc. Track such dead instructions and sanitize them with mov r0,r0. Rejection is not possible since LLVM may generate them for valid C code and doesn't do as much data flow analysis as verifier. For bpf-next we might implement removal of such dead code and adjust branches instead. Fix from Alexei. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-24net: accept UFO datagrams from tuntap and packetWillem de Bruijn
Tuntap and similar devices can inject GSO packets. Accept type VIRTIO_NET_HDR_GSO_UDP, even though not generating UFO natively. Processes are expected to use feature negotiation such as TUNSETOFFLOAD to detect supported offload types and refrain from injecting other packets. This process breaks down with live migration: guest kernels do not renegotiate flags, so destination hosts need to expose all features that the source host does. Partially revert the UFO removal from 182e0b6b5846~1..d9d30adf5677. This patch introduces nearly(*) no new code to simplify verification. It brings back verbatim tuntap UFO negotiation, VIRTIO_NET_HDR_GSO_UDP insertion and software UFO segmentation. It does not reinstate protocol stack support, hardware offload (NETIF_F_UFO), SKB_GSO_UDP tunneling in SKB_GSO_SOFTWARE or reception of VIRTIO_NET_HDR_GSO_UDP packets in tuntap. To support SKB_GSO_UDP reappearing in the stack, also reinstate logic in act_csum and openvswitch. Achieve equivalence with v4.13 HEAD by squashing in commit 939912216fa8 ("net: skb_needs_check() removes CHECKSUM_UNNECESSARY check for tx.") and reverting commit 8d63bee643f1 ("net: avoid skb_warn_bad_offload false positives on UFO"). (*) To avoid having to bring back skb_shinfo(skb)->ip6_frag_id, ipv6_proxy_select_ident is changed to return a __be32 and this is assigned directly to the frag_hdr. Also, SKB_GSO_UDP is inserted at the end of the enum to minimize code churn. Tested Booted a v4.13 guest kernel with QEMU. On a host kernel before this patch `ethtool -k eth0` shows UFO disabled. After the patch, it is enabled, same as on a v4.13 host kernel. A UFO packet sent from the guest appears on the tap device: host: nc -l -p -u 8000 & tcpdump -n -i tap0 guest: dd if=/dev/zero of=payload.txt bs=1 count=2000 nc -u 192.16.1.1 8000 < payload.txt Direct tap to tap transmission of VIRTIO_NET_HDR_GSO_UDP succeeds, packets arriving fragmented: ./with_tap_pair.sh ./tap_send_ufo tap0 tap1 (from https://github.com/wdebruij/kerneltools/tree/master/tests) Changes v1 -> v2 - simplified set_offload change (review comment) - documented test procedure Link: http://lkml.kernel.org/r/<CAF=yD-LuUeDuL9YWPJD9ykOZ0QCjNeznPDr6whqZ9NGMNF12Mw@mail.gmail.com> Fixes: fb652fdfe837 ("macvlan/macvtap: Remove NETIF_F_UFO advertisement.") Reported-by: Michal Kubecek <mkubecek@suse.cz> Signed-off-by: Willem de Bruijn <willemb@google.com> Acked-by: Jason Wang <jasowang@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-24net: realtek: r8169: implement set_link_ksettings()Tobias Jakobi
Commit 6fa1ba61520576cf1346c4ff09a056f2950cb3bf partially implemented the new ethtool API, by replacing get_settings() with get_link_ksettings(). This breaks ethtool, since the userspace tool (according to the new API specs) never tries the legacy set() call, when the new get() call succeeds. All attempts to chance some setting from userspace result in: > Cannot set new settings: Operation not supported Implement the missing set() call. Signed-off-by: Tobias Jakobi <tjakobi@math.uni-bielefeld.de> Tested-by: Holger Hoffstätte <holger@applied-asynchrony.com> Reviewed-by: Andrew Lunn <andrew@lunn.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-24net: ipv6: Fixup device for anycast routes during copyDavid Ahern
Florian reported a breakage with anycast routes due to commit 4832c30d5458 ("net: ipv6: put host and anycast routes on device with address"). Prior to this commit anycast routes were added against the loopback device causing repetitive route entries with no insight into why they existed. e.g.: $ ip -6 ro ls table local type anycast anycast 2001:db8:1:: dev lo proto kernel metric 0 pref medium anycast 2001:db8:2:: dev lo proto kernel metric 0 pref medium anycast fe80:: dev lo proto kernel metric 0 pref medium anycast fe80:: dev lo proto kernel metric 0 pref medium The point of commit 4832c30d5458 is to add the routes using the device with the address which is causing the route to be added. e.g.,: $ ip -6 ro ls table local type anycast anycast 2001:db8:1:: dev eth1 proto kernel metric 0 pref medium anycast 2001:db8:2:: dev eth2 proto kernel metric 0 pref medium anycast fe80:: dev eth2 proto kernel metric 0 pref medium anycast fe80:: dev eth1 proto kernel metric 0 pref medium For traffic to work as it did before, the dst device needs to be switched to the loopback when the copy is created similar to local routes. Fixes: 4832c30d5458 ("net: ipv6: put host and anycast routes on device with address") Signed-off-by: David Ahern <dsahern@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-24Merge branch 'smc-fixes-for-smc-buffer-handling'David S. Miller
Ursula Braun says: ==================== net/smc: fixes for smc buffer handling here are 2 cleanup patches for smc buffer handling. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-24net/smc: Fix preinitialization of buf_desc in __smc_buf_create()Geert Uytterhoeven
With gcc-4.1.2: net/smc/smc_core.c: In function ‘__smc_buf_create’: net/smc/smc_core.c:567: warning: ‘bufsize’ may be used uninitialized in this function Indeed, if the for-loop is never executed, bufsize is used uninitialized. In addition, buf_desc is stored for later use, while it is still a NULL pointer. Before, error handling was done by checking if buf_desc is non-NULL. The cleanup changed this to an error check, but forgot to update the preinitialization of buf_desc to an error pointer. Update the preinitializatin of buf_desc to fix this. Fixes: b33982c3a6838d13 ("net/smc: cleanup function __smc_buf_create()") Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: Ursula Braun <ubraun@linux.vnet.ibm.com> Acked-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-24net/smc: use sk_rcvbuf as start for rmb creationUrsula Braun
Commit 3e034725c0d8 ("net/smc: common functions for RMBs and send buffers") merged handling of SMC receive and send buffers. It introduced sk_buf_size as merged start value for size determination. But since sk_buf_size is not used at all, sk_sndbuf is erroneously used as start for rmb creation. This patch makes sure, sk_buf_size is really used as intended, and sk_rcvbuf is used as start value for rmb creation. Fixes: 3e034725c0d8 ("net/smc: common functions for RMBs and send buffers") Signed-off-by: Ursula Braun <ubraun@linux.vnet.ibm.com> Reviewed-by: Hans Wippel <hwippel@linux.vnet.ibm.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-24ipv6: Do not consider linkdown nexthops during multipathIdo Schimmel
When the 'ignore_routes_with_linkdown' sysctl is set, we should not consider linkdown nexthops during route lookup. While the code correctly verifies that the initially selected route ('match') has a carrier, it does not perform the same check in the subsequent multipath selection, resulting in a potential packet loss. In case the chosen route does not have a carrier and the sysctl is set, choose the initially selected route. Fixes: 35103d11173b ("net: ipv6 sysctl option to ignore routes when nexthop link is down") Signed-off-by: Ido Schimmel <idosch@mellanox.com> Acked-by: David Ahern <dsahern@gmail.com> Acked-by: Andy Gospodarek <andy@greyhouse.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-24net: sched: fix crash when deleting secondary chainsRoman Kapl
If you flush (delete) a filter chain other than chain 0 (such as when deleting the device), the kernel may run into a use-after-free. The chain refcount must not be decremented unless we are sure we are done with the chain. To reproduce the bug, run: ip link add dtest type dummy tc qdisc add dev dtest ingress tc filter add dev dtest chain 1 parent ffff: flower ip link del dtest Introduced in: commit f93e1cdcf42c ("net/sched: fix filter flushing"), but unless you have KAsan or luck, you won't notice it until commit 0dadc117ac8b ("cls_flower: use tcf_exts_get_net() before call_rcu()") Fixes: f93e1cdcf42c ("net/sched: fix filter flushing") Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Roman Kapl <code@rkapl.cz> Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-24net: phy: cortina: add missing MODULE_DESCRIPTION/AUTHOR/LICENSEJesse Chan
This change resolves a new compile-time warning when built as a loadable module: WARNING: modpost: missing MODULE_LICENSE() in drivers/net/phy/cortina.o see include/linux/module.h for more information This adds the license as "GPL", which matches the header of the file. MODULE_DESCRIPTION and MODULE_AUTHOR are also added. Signed-off-by: Jesse Chan <jc@linux.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2017-11-23Merge tag 'for-linus-timers-conversion-final-v4.15-rc1' of ↵Thomas Gleixner
git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux into timers/urgent Pull the last batch of manual timer conversions from Kees Cook: - final batch of "non trivial" timer conversions (multi-tree dependencies, things Coccinelle couldn't handle, etc). - treewide conversions via Coccinelle, in 4 steps: - DEFINE_TIMER() functions converted to struct timer_list * argument - init_timer() -> setup_timer() - setup_timer() -> timer_setup() - setup_timer() -> timer_setup() (with a single embedded structure) - deprecated timer API removals (init_timer(), setup_*timer()) - finalization of new API (remove global casts)
2017-11-23kbuild: drop $(extra-y) from real-objs-yMasahiro Yamada
$(real-objs-y) in only used in scripts/Makefile.build to form "targets", but $(extra-y) is added to "targets" in another line. We do not need to add $(extra-y) twice. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
2017-11-23kbuild: clean up *.i and *.lst patterns by make cleanMasahiro Yamada
*.i and *.lst are supported by the single target build. Clean up them. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
2017-11-23kbuild: rpm: prompt to use "rpm-pkg" if "rpm" target is usedMasahiro Yamada
The "rpm" has been kept for backward compatibility since pre-git era. I am planning to remove it after the Linux 4.18 release. Annouce the end of the support, prompting to use "rpm-pkg" instead. If you use "rpm", it will work like "rpm-pkg", but warning messages will be displayed as follows: WARNING: "rpm" target will be removed after Linux 4.18 Please use "rpm-pkg" instead. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
2017-11-23kbuild: pkg: use --transform option to prefix paths in tarMasahiro Yamada
For rpm-pkg and deb-pkg, a source tar file is created. All paths in the archive must be prefixed with the base name of the tar so that everything is contained in the directory when you extract it. Currently, scripts/package/Makefile uses a symlink for that, and removes it after the tar is created. If you terminate the build during the tar creation, the symlink is left over. Then, at the next package build, you will see a warning like follows: ln: '.' and 'kernel-4.14.0+/.' are the same file It is possible to fix it by adding -n (--no-dereference) option to the "ln" command, but a cleaner way is to use --transform option of "tar" command. This option is GNU extension, but it should not hurt to use it in the Linux build system. The 'S' flag is needed to exclude symlinks from the path fixup. Without it, symlinks in the kernel are broken. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
2017-11-23coccinelle: fix parallel build with CHECK=scripts/coccicheckMasahiro Yamada
The command "make -j8 C=1 CHECK=scripts/coccicheck" produces lots of "coccicheck failed" error messages. Julia Lawall explained the Coccinelle behavior as follows: "The problem on the Coccinelle side is that it uses a subdirectory with the name of the semantic patch to store standard output and standard error for the different threads. I didn't want to use a name with the pid, so that one could easily find this information while Coccinelle is running. Normally the subdirectory is cleaned up when Coccinelle completes, so there is only one of them at a time. Maybe it is best to just add the pid. There is the risk that these subdirectories will accumulate if Coccinelle crashes in a way such that they don't get cleaned up, but Coccinelle could print a warning if it detects this case, rather than failing." When scripts/coccicheck is used as CHECK tool and -j option is given to Make, the whole of build process runs in parallel. So, multiple processes try to get access to the same subdirectory. I notice spatch creates the subdirectory only when it runs in parallel (i.e. --jobs <N> is given and <N> is greater than 1). Setting NPROC=1 is a reasonable solution; spatch does not create the subdirectory. Besides, ONLINE=1 mode takes a single file input for each spatch invocation, so there is no reason to parallelize it in the first place. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Acked-by: Julia Lawall <Julia.Lawall@lip6.fr>
2017-11-23kconfig/symbol.c: use correct pointer type argument for sizeofHeinrich Schuchardt
sym_arr is of type struct symbol **. So in malloc we need sizeof(struct symbol *). The problem was indicated by coccinelle. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
2017-11-23bpf: fix branch pruning logicAlexei Starovoitov
when the verifier detects that register contains a runtime constant and it's compared with another constant it will prune exploration of the branch that is guaranteed not to be taken at runtime. This is all correct, but malicious program may be constructed in such a way that it always has a constant comparison and the other branch is never taken under any conditions. In this case such path through the program will not be explored by the verifier. It won't be taken at run-time either, but since all instructions are JITed the malicious program may cause JITs to complain about using reserved fields, etc. To fix the issue we have to track the instructions explored by the verifier and sanitize instructions that are dead at run time with NOPs. We cannot reject such dead code, since llvm generates it for valid C code, since it doesn't do as much data flow analysis as the verifier does. Fixes: 17a5267067f3 ("bpf: verifier (add verifier core)") Signed-off-by: Alexei Starovoitov <ast@kernel.org> Acked-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2017-11-23ALSA: hda: Add Raven PCI IDVijendar Mukunda
This commit adds PCI ID for Raven platform Signed-off-by: Vijendar Mukunda <Vijendar.Mukunda@amd.com> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
2017-11-23ALSA: hda/realtek - Fix ALC700 family no sound issueKailang Yang
It maybe the typo for ALC700 support patch. To fix the bit value on this patch. Fixes: 6fbae35a3170 ("ALSA: hda/realtek - Add support for new codecs ALC700/ALC701/ALC703") Signed-off-by: Kailang Yang <kailang@realtek.com> Cc: <stable@vger.kernel.org> Signed-off-by: Takashi Iwai <tiwai@suse.de>
2017-11-22Merge tag 'pwm/for-4.15-rc1' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm Pull pwm updates from Thierry Reding: "The changes for this release include power management improvements for the pwm-img driver, support for the backup mode on pwm-atmel-tcb as well as support for more hardware with the R-Car and Mediatek drivers. To round things off there's a bit of cleanup for sunxi and stm32-lp" * tag 'pwm/for-4.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm: pwm: stm32-lp: Remove pwm_is_enabled() check before calling pwm_disable() pwm: mediatek: Add MT2712/MT7622 support pwm: sunxi: Use of_device_get_match_data() pwm: atmel-tcb: Support backup mode dt-bindings: pwm: Add R-Car D3 device tree bindings pwm: img: Add runtime PM pwm: img: Add suspend / resume handling
2017-11-22Merge tag 'rtc-4.15' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux Pull RTC updates from Alexandre Belloni: "There is nothing scary this cycle, mostly driver fixes and updates. The core fix has been in for a while and has been tested on multiple kernel revisions by multiple teams. Core: - Fix setting the alarm to the next expiring timer New drivers: - Mediatek MT7622 RTC - NXP PCF85363 - Spreadtrum SC27xx PMIC RTC Drivers updates: - Use generic nvmem to expose the Non volatile ram for ds1305, ds1511, m48t86 and omap - abx80x: solve possible race condition at probe - armada38x: support trimming the RTC oscillator - at91rm9200: fix reading the alarm value at boot - ds1511: allow waking platform - m41t80: rework square wave output - pcf8523: support trimming the RTC oscillator - pcf8563: fix clock output rate - pl031: make interrupt optional - xgene: fix suspend/resume" * tag 'rtc-4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux: (50 commits) dt-bindings: rtc: imxdi: Improve the bindings text rtc: sc27xx: Add Spreadtrum SC27xx PMIC RTC driver dt-bindings: rtc: Add Spreadtrum SC27xx RTC documentation rtc: at91rm9200: fix reading alarm value rtc: at91rm9200: stop calculating yday in at91_rtc_readalarm rtc: sysfs: Use time64_t variables to set time/alarm rtc: xgene: mark PM functions as __maybe_unused rtc: xgene: Fix suspend/resume rtc: pcf8563: don't alway enable the alarm rtc: pcf8563: fix output clock rate rtc: rx8010: Fix for incorrect return value rtc: rx8010: Specify correct address for RX8010_RESV31 rtc: rx8010: Remove duplicate define rtc: m41t80: remove unneeded checks from m41t80_sqw_set_rate rtc: m41t80: avoid i2c read in m41t80_sqw_is_prepared rtc: m41t80: avoid i2c read in m41t80_sqw_recalc_rate rtc: m41t80: fix m41t80_sqw_round_rate return value rtc: m41t80: m41t80_sqw_set_rate should return 0 on success rtc: add support for NXP PCF85363 real-time clock rtc: omap: Support scratch registers ...
2017-11-23x86/entry/64: Add missing irqflags tracing to native_load_gs_index()Andy Lutomirski
Running this code with IRQs enabled (where dummy_lock is a spinlock): static void check_load_gs_index(void) { /* This will fail. */ load_gs_index(0xffff); spin_lock(&dummy_lock); spin_unlock(&dummy_lock); } Will generate a lockdep warning. The issue is that the actual write to %gs would cause an exception with IRQs disabled, and the exception handler would, as an inadvertent side effect, update irqflag tracing to reflect the IRQs-off status. native_load_gs_index() would then turn IRQs back on and return with irqflag tracing still thinking that IRQs were off. The dummy lock-and-unlock causes lockdep to notice the error and warn. Fix it by adding the missing tracing. Apparently nothing did this in a context where it mattered. I haven't tried to find a code path that would actually exhibit the warning if appropriately nasty user code were running. I suspect that the security impact of this bug is very, very low -- production systems don't run with lockdep enabled, and the warning is mostly harmless anyway. Found during a quick audit of the entry code to try to track down an unrelated bug that Ingo found in some still-in-development code. Signed-off-by: Andy Lutomirski <luto@kernel.org> Cc: Borislav Petkov <bpetkov@suse.de> Cc: Brian Gerst <brgerst@gmail.com> Cc: Dave Hansen <dave.hansen@intel.com> Cc: Josh Poimboeuf <jpoimboe@redhat.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: stable@vger.kernel.org Link: http://lkml.kernel.org/r/e1aeb0e6ba8dd430ec36c8a35e63b429698b4132.1511411918.git.luto@kernel.org Signed-off-by: Ingo Molnar <mingo@kernel.org>
2017-11-22Merge tag 'for-linus-20171120' of git://git.infradead.org/linux-mtdLinus Torvalds
Pull MTD updates from Richard Weinberger: "General changes: - Unconfuse get_unmapped_area and point/unpoint driver methods - New partition parser: sharpslpart - Kill GENERIC_IO - Various fixes NAND changes: - Add a flag to mark NANDs that require 3 address cycles to encode a page address - Set a default ECC/free layout when NAND_ECC_NONE is requested - Fix a bug in panic_nand_write() - Another batch of cleanups for the denali driver - Fix PM support in the atmel driver - Remove support for platform data in the omap driver - Fix subpage write in the omap driver - Fix irq handling in the mtk driver - Change link order of mtk_ecc and mtk_nand drivers to speed up boot time - Change log level of ECC error messages in the mxc driver - Patch the pxa3xx driver to support Armada 8k platforms - Add BAM DMA support to the qcom driver - Convert gpio-nand to the GPIO desc API - Fix ECC handling in the mt29f driver SPI-NOR changes: - Introduce system power management support - New mechanism to select the proper .quad_enable() hook by JEDEC ID, when needed, instead of only by manufacturer ID - Add support to new memory parts from Gigadevice, Winbond, Macronix and Everspin - Maintainance for Cadence, Intel, Mediatek and STM32 drivers" * tag 'for-linus-20171120' of git://git.infradead.org/linux-mtd: (85 commits) mtd: Avoid probe failures when mtd->dbg.dfs_dir is invalid mtd: sharpslpart: Add sharpslpart partition parser mtd: Add sanity checks in mtd_write/read_oob() mtd: remove the get_unmapped_area method mtd: implement mtd_get_unmapped_area() using the point method mtd: chips/map_rom.c: implement point and unpoint methods mtd: chips/map_ram.c: implement point and unpoint methods mtd: mtdram: properly handle the phys argument in the point method mtd: mtdswap: fix spelling mistake: 'TRESHOLD' -> 'THRESHOLD' mtd: slram: use memremap() instead of ioremap() kconfig: kill off GENERIC_IO option mtd: Fix C++ comment in include/linux/mtd/mtd.h mtd: constify mtd_partition mtd: plat-ram: Replace manual resource management by devm mtd: nand: Fix writing mtdoops to nand flash. mtd: intel-spi: Add Intel Lewisburg PCH SPI super SKU PCI ID mtd: nand: mtk: fix infinite ECC decode IRQ issue mtd: spi-nor: Add support for mr25h128 mtd: nand: mtk: change the compile sequence of mtk_nand.o and mtk_ecc.o mtd: spi-nor: enable 4B opcodes for mx66l51235l ...
2017-11-22Merge tag 'xfs-4.15-merge-3' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linuxLinus Torvalds
Pull xfs fixes from Darrick Wong: - Fix a memory leak in the new in-core extent map - Refactor the xfs_dev_t conversions for easier xfsprogs porting * tag 'xfs-4.15-merge-3' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux: xfs: abstract out dev_t conversions xfs: fix memory leak in xfs_iext_free_last_leaf
2017-11-22Merge branch 'work.whack-a-mole' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull mode_t whack-a-mole from Al Viro: "For all internal uses we want umode_t, which is arch-independent; mode_t (or __kernel_mode_t, for that matter) is wrong outside of userland ABI. Unfortunately, that crap keeps coming back and needs to be put down from time to time..." * 'work.whack-a-mole' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: mode_t whack-a-mole: task_dump_owner()
2017-11-22Merge branch '9p-fixes' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull 9p filesystemfixes from Al Viro: "Several 9p fixes" * '9p-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: 9p: Fix missing commas in mount options net/9p: Switch to wait_event_killable() fs/9p: Compare qid.path in v9fs_test_inode