-
Notifications
You must be signed in to change notification settings - Fork 54.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
a few changes : boot.h , bit.h ,crc32 #103
Closed
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
a few types definition and basic i/o port change
Get & set bit macro definitions
edit & add comments
crc32 defines & endian select function prototype extern u32 crc32_sel(u32 crc,unsigned char const *p,size_t len,u8 endian_type);
crc32_sel(u32 crc,unsigned char const *p,size_t len,u8 endian_type); function
changed a definition name
burakkoken
changed the title
a few changes : boot.h , bit.h
a few changes : boot.h , bit.h ,crc32
Jun 30, 2014
hubcapsc
pushed a commit
to hubcapsc/linux
that referenced
this pull request
Jul 2, 2014
Turn it into (for example): [ 0.073380] x86: Booting SMP configuration: [ 0.074005] .... node #0, CPUs: #1 #2 #3 #4 #5 torvalds#6 torvalds#7 [ 0.603005] .... node #1, CPUs: torvalds#8 torvalds#9 torvalds#10 torvalds#11 torvalds#12 torvalds#13 torvalds#14 torvalds#15 [ 1.200005] .... node #2, CPUs: torvalds#16 torvalds#17 torvalds#18 torvalds#19 torvalds#20 torvalds#21 torvalds#22 torvalds#23 [ 1.796005] .... node #3, CPUs: torvalds#24 torvalds#25 torvalds#26 torvalds#27 torvalds#28 torvalds#29 torvalds#30 torvalds#31 [ 2.393005] .... node #4, CPUs: torvalds#32 torvalds#33 torvalds#34 torvalds#35 torvalds#36 torvalds#37 torvalds#38 torvalds#39 [ 2.996005] .... node #5, CPUs: torvalds#40 torvalds#41 torvalds#42 torvalds#43 torvalds#44 torvalds#45 torvalds#46 torvalds#47 [ 3.600005] .... node torvalds#6, CPUs: torvalds#48 torvalds#49 torvalds#50 torvalds#51 #52 #53 torvalds#54 torvalds#55 [ 4.202005] .... node torvalds#7, CPUs: torvalds#56 torvalds#57 #58 torvalds#59 torvalds#60 torvalds#61 torvalds#62 torvalds#63 [ 4.811005] .... node torvalds#8, CPUs: torvalds#64 torvalds#65 torvalds#66 torvalds#67 torvalds#68 torvalds#69 #70 torvalds#71 [ 5.421006] .... node torvalds#9, CPUs: torvalds#72 torvalds#73 torvalds#74 torvalds#75 torvalds#76 torvalds#77 torvalds#78 torvalds#79 [ 6.032005] .... node torvalds#10, CPUs: torvalds#80 torvalds#81 torvalds#82 torvalds#83 torvalds#84 torvalds#85 torvalds#86 torvalds#87 [ 6.648006] .... node torvalds#11, CPUs: torvalds#88 torvalds#89 torvalds#90 torvalds#91 torvalds#92 torvalds#93 torvalds#94 torvalds#95 [ 7.262005] .... node torvalds#12, CPUs: torvalds#96 torvalds#97 torvalds#98 torvalds#99 torvalds#100 torvalds#101 torvalds#102 torvalds#103 [ 7.865005] .... node torvalds#13, CPUs: torvalds#104 torvalds#105 torvalds#106 torvalds#107 torvalds#108 torvalds#109 torvalds#110 torvalds#111 [ 8.466005] .... node torvalds#14, CPUs: torvalds#112 torvalds#113 torvalds#114 torvalds#115 torvalds#116 torvalds#117 torvalds#118 torvalds#119 [ 9.073006] .... node torvalds#15, CPUs: torvalds#120 torvalds#121 torvalds#122 torvalds#123 torvalds#124 torvalds#125 torvalds#126 torvalds#127 [ 9.679901] x86: Booted up 16 nodes, 128 CPUs and drop useless elements. Change num_digits() to hpa's division-avoiding, cell-phone-typed version which he went at great lengths and pains to submit on a Saturday evening. Signed-off-by: Borislav Petkov <[email protected]> Cc: [email protected] Cc: [email protected] Cc: [email protected] Cc: [email protected] Cc: [email protected] Cc: Linus Torvalds <[email protected]> Cc: Andrew Morton <[email protected]> Cc: Peter Zijlstra <[email protected]> Cc: Thomas Gleixner <[email protected]> Link: http://lkml.kernel.org/r/[email protected] Signed-off-by: Ingo Molnar <[email protected]>
tom3q
pushed a commit
to tom3q/linux
that referenced
this pull request
Oct 2, 2014
At boot we display a bunch of low level settings which can be useful to know, and can help to spot bugs when things are fundamentally misconfigured. At the moment they are very widely spaced, so that we can accommodate the line: ppc64_caches.dcache_line_size = 0xYY But we only print that line when the cache line size is not 128, ie. almost never, so it just makes the display look odd usually. The ppc64_caches prefix is redundant so remove it, which means we can align things a bit closer for the common case. While we're there replace the last use of camelCase (physicalMemorySize), and use phys_mem_size. Before: Starting Linux PPC64 torvalds#104 SMP Wed Aug 6 18:41:34 EST 2014 ----------------------------------------------------- ppc64_pft_size = 0x1a physicalMemorySize = 0x200000000 ppc64_caches.dcache_line_size = 0xf0 ppc64_caches.icache_line_size = 0xf0 htab_address = 0xdeadbeef htab_hash_mask = 0x7ffff physical_start = 0xf000bar ----------------------------------------------------- After: Starting Linux PPC64 torvalds#103 SMP Wed Aug 6 18:38:04 EST 2014 ----------------------------------------------------- ppc64_pft_size = 0x1a phys_mem_size = 0x200000000 dcache_line_size = 0xf0 icache_line_size = 0xf0 htab_address = 0xdeadbeef htab_hash_mask = 0x7ffff physical_start = 0xf000bar ----------------------------------------------------- This patch is final, no bike shedding ;) Signed-off-by: Michael Ellerman <[email protected]>
aryabinin
referenced
this pull request
in aryabinin/linux
Oct 3, 2014
GIT 6fe676b243e5a0cb4cc4d9a4b094de8db0cdbf74 commit e500f488c27659bb6f5d313b336621f3daa67701 Author: Fabian Frederick <[email protected]> Date: Wed Oct 1 06:52:06 2014 +0200 net/dccp/ccid.c: add __init to ccid_activate ccid_activate is only called by __init ccid_initialize_builtins in same module. Signed-off-by: Fabian Frederick <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 0c5b8a46294d43fc63788839d3c18de0961ec1bc Author: Fabian Frederick <[email protected]> Date: Wed Oct 1 06:48:03 2014 +0200 net/dccp/proto.c: add __init to dccp_mib_init dccp_mib_init is only called by __init dccp_init in same module. Signed-off-by: Fabian Frederick <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 082f58ac4a48d3f5cb4597232cb2ac6823a96f43 Author: Quinn Tran <[email protected]> Date: Thu Sep 25 06:22:28 2014 -0400 target: Fix queue full status NULL pointer for SCF_TRANSPORT_TASK_SENSE During temporary resource starvation at lower transport layer, command is placed on queue full retry path, which expose this problem. The TCM queue full handling of SCF_TRANSPORT_TASK_SENSE currently sends the same cmd twice to lower layer. The 1st time led to cmd normal free path. The 2nd time cause Null pointer access. This regression bug was originally introduced v3.1-rc code in the following commit: commit e057f53308a5f071556ee80586b99ee755bf07f5 Author: Christoph Hellwig <[email protected]> Date: Mon Oct 17 13:56:41 2011 -0400 target: remove the transport_qf_callback se_cmd callback Signed-off-by: Quinn Tran <[email protected]> Signed-off-by: Saurav Kashyap <[email protected]> Cc: <[email protected]> # v3.1+ Signed-off-by: Nicholas Bellinger <[email protected]> commit db3a99b9921f27fe71ca8c0f218ee810e0e7fb69 Author: Joern Engel <[email protected]> Date: Tue Sep 16 16:23:19 2014 -0400 qla_target: rearrange struct qla_tgt_prm On most (non-x86) 64bit platforms this will remove 8 padding bytes from the structure. Signed-off-by: Joern Engel <[email protected]> Signed-off-by: Nicholas Bellinger <[email protected]> commit f9b6721a9cef94908467abf7a2cacbd15a7d23cb Author: Joern Engel <[email protected]> Date: Tue Sep 16 16:23:18 2014 -0400 qla_target: improve qlt_unmap_sg() Remove the inline attribute. Modern compilers ignore it and the function has grown beyond where inline made sense anyway. Remove the BUG_ON(!cmd->sg_mapped), and instead return if sg_mapped is not set. Every caller is doing this check, so we might as well have it in one place instead of four. Signed-off-by: Joern Engel <[email protected]> Signed-off-by: Nicholas Bellinger <[email protected]> commit 55a9066fffd2f533e7ed434b072469ef09d6c476 Author: Joern Engel <[email protected]> Date: Tue Sep 16 16:23:15 2014 -0400 qla_target: make some global functions static Also removes the declarations from the header - including two declarations without function definitions or callers. Signed-off-by: Joern Engel <[email protected]> Signed-off-by: Nicholas Bellinger <[email protected]> commit c57010420654aca179c500f61e86315a337244ca Author: Joern Engel <[email protected]> Date: Tue Sep 16 16:23:14 2014 -0400 qla_target: remove unused parameter Signed-off-by: Joern Engel <[email protected]> Signed-off-by: Nicholas Bellinger <[email protected]> commit f81ccb489a7a641c1bed41b49cf8d72c199c68d5 Author: Joern Engel <[email protected]> Date: Tue Sep 16 16:23:13 2014 -0400 target: simplify core_tmr_abort_task list_for_each_entry_safe is necessary if list objects are deleted from the list while traversing it. Not the case here, so we can use the base list_for_each_entry variant. Signed-off-by: Joern Engel <[email protected]> Signed-off-by: Nicholas Bellinger <[email protected]> commit 33940d09937276cd3c81f2874faf43e37c2db0e2 Author: Joern Engel <[email protected]> Date: Tue Sep 16 16:23:12 2014 -0400 target: encapsulate smp_mb__after_atomic() The target code has a rather generous helping of smp_mb__after_atomic() throughout the code base. Most atomic operations were followed by one and none were preceded by smp_mb__before_atomic(), nor accompanied by a comment explaining the need for a barrier. Instead of trying to prove for every case whether or not it is needed, this patch introduces atomic_inc_mb() and atomic_dec_mb(), which explicitly include the memory barriers before and after the atomic operation. For now they are defined in a target header, although they could be of general use. Most of the existing atomic/mb combinations were replaced by the new helpers. In a few cases the atomic was sandwiched in spin_lock/spin_unlock and I simply removed the barrier. I suspect that in most cases the correct conversion would have been to drop the barrier. I also suspect that a few cases exist where a) the barrier was necessary and b) a second barrier before the atomic would have been necessary and got added by this patch. Signed-off-by: Joern Engel <[email protected]> Signed-off-by: Nicholas Bellinger <[email protected]> commit 74ed7e62289dc6d388996d7c8f89c2e7e95b9657 Author: Joern Engel <[email protected]> Date: Tue Sep 16 16:23:11 2014 -0400 target: remove some smp_mb__after_atomic()s atomic_inc_return() already does an implicit memory barrier and the second case was moved from an atomic to a plain flag operation. If a barrier were needed in the second case, it would have to be smp_mb(), not a variant optimized away for x86 and other architectures. Signed-off-by: Joern Engel <[email protected]> Signed-off-by: Nicholas Bellinger <[email protected]> commit 8f83269048628d7b139dacbfc6cc97befcbdd2e9 Author: Joern Engel <[email protected]> Date: Tue Sep 16 16:23:10 2014 -0400 target: simplify core_tmr_release_req() And while at it, do minimal coding style fixes in the area. Signed-off-by: Joern Engel <[email protected]> Signed-off-by: Nicholas Bellinger <[email protected]> commit 9c7d6154bc4b9dfefd580490cdca5f7c72321464 Author: Andy Grover <[email protected]> Date: Mon Jun 30 16:39:46 2014 -0700 target: Remove core_tpg_release_virtual_lun0 function Simple and just called from one place. Reviewed-by: Christoph Hellwig <[email protected]> Signed-off-by: Andy Grover <[email protected]> Signed-off-by: Nicholas Bellinger <[email protected]> commit cd9d7cbaec8b622eee4edcd8bf481c4047f74915 Author: Andy Grover <[email protected]> Date: Mon Jun 30 16:39:44 2014 -0700 target: Change core_dev_del_lun to take a se_lun instead of unpacked_lun Remove core_tpg_pre_dellun entirely, since we don't need to get/check a pointer we already have. Nothing else can return an error, so core_dev_del_lun can return void. Rename core_tpg_post_dellun to remove_lun - a clearer name, now that pre_dellun is gone. Reviewed-by: Christoph Hellwig <[email protected]> Signed-off-by: Andy Grover <[email protected]> Signed-off-by: Nicholas Bellinger <[email protected]> commit cc83881f2c57caaf4b14adaffa65595640a59661 Author: Andy Grover <[email protected]> Date: Mon Jun 30 16:39:43 2014 -0700 target: core_tpg_post_dellun can return void Nothing in it can raise an error. Reviewed-by: Christoph Hellwig <[email protected]> Signed-off-by: Andy Grover <[email protected]> Signed-off-by: Nicholas Bellinger <[email protected]> commit 49be17235c0acd96f2ff0fe282867fe3a83f554c Author: hayeswang <[email protected]> Date: Wed Oct 1 13:25:11 2014 +0800 r8152: disable power cut for RTL8153 The firmware would be clear when the power cut is enabled for RTL8153. Signed-off-by: Hayes Wang <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 204c8704128943bf3f8b605f4b40bdc2b6bd89dc Author: hayeswang <[email protected]> Date: Wed Oct 1 13:25:10 2014 +0800 r8152: remove clearing bp The xxx_clear_bp() is used to halt the firmware. It only necessary for updating the new firmware. Besides, depend on the version of the current firmware, it may have problem to halt the firmware directly. Finally, halt the firmware would let the firmware code useless, and the bugs which are fixed by the firmware would occur. Signed-off-by: Hayes Wang <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit aa55c8e2f7a395dfc9e67fc6637321e19ce9bfe1 Author: Masahiro Yamada <[email protected]> Date: Tue Sep 9 20:02:24 2014 +0900 kbuild: handle C=... and M=... after entering into build directory This commit avoids processing C=... and M=... twice when O=... is also given. Besides, we can also remove KBUILD_EXTMOD="$(KBUILD_EXTMOD)" in the sub-make target. Signed-off-by: Masahiro Yamada <[email protected]> Acked-by: Peter Foley <[email protected]> Signed-off-by: Michal Marek <[email protected]> commit 745a254322c898dadf019342cd7140f7867d2d0f Author: Masahiro Yamada <[email protected]> Date: Tue Sep 9 20:02:23 2014 +0900 kbuild: use $(Q) for sub-make target Since commit 066b7ed9558087a7957a1128f27d7a3462ff117f (kbuild: Do not print the build directory with make -s), "Q" is defined above the sub-make target. This commit takes advantage of that and replaces "$(if $(KBUILD_VERBOSE:1=),@)" with "$(Q)". Signed-off-by: Masahiro Yamada <[email protected]> Acked-by: Peter Foley <[email protected]> Signed-off-by: Michal Marek <[email protected]> commit 7ff525712acf9325e9acdb27bbc93049ea2e850c Author: Masahiro Yamada <[email protected]> Date: Tue Sep 9 20:02:22 2014 +0900 kbuild: fake the "Entering directory ..." message more simply Commit c2e28dc975ea87feed84415006ae143424912ac7 (kbuild: Print the name of the build directory) added a gimmick to show the "Entering directory ...". Instead of echoing the hard-coded message (that is, we need to know the exact message), moving --no-print-directory would be easier. Signed-off-by: Masahiro Yamada <[email protected]> Acked-by: Peter Foley <[email protected]> Signed-off-by: Michal Marek <[email protected]> commit 1b0ecb28b0cc216535ce6477d39aa610c3ff68a1 Author: Vlad Yasevich <[email protected]> Date: Tue Sep 30 19:39:37 2014 -0400 bnx2: Correctly receive full sized 802.1ad fragmes This driver, similar to tg3, has a check that will cause full sized 802.1ad frames to be dropped. The frame will be larger then the standard mtu due to the presense of vlan header that has not been stripped. The driver should not drop this frame and should process it just like it does for 802.1q. CC: Sony Chacko <[email protected]> CC: [email protected] Signed-off-by: Vladislav Yasevich <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 7d3083ee36b51e425b6abd76778a2046906b0fd3 Author: Vlad Yasevich <[email protected]> Date: Tue Sep 30 19:39:36 2014 -0400 tg3: Allow for recieve of full-size 8021AD frames When receiving a vlan-tagged frame that still contains a vlan header, the length of the packet will be greater then MTU+ETH_HLEN since it will account of the extra vlan header. TG3 checks this for the case for 802.1Q, but not for 802.1ad. As a result, full sized 802.1ad frames get dropped by the card. Add a check for 802.1ad protocol when receving full sized frames. Suggested-by: Prashant Sreedharan <[email protected]> CC: Prashant Sreedharan <[email protected]> CC: Michael Chan <[email protected]> Signed-off-by: Vladislav Yasevich <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 1e918876853aa85435e0f17fd8b4a92dcfff53d6 Author: Florian Westphal <[email protected]> Date: Wed Oct 1 13:38:03 2014 +0200 r8169: add support for Byte Queue Limits tested on RTL8168d/8111d model using 'super_netperf 40' with TCP/UDP_STREAM. Output of while true; do for n in inflight limit; do echo -n $n\ ; cat $n; done; sleep 1; done during netperf run, 100mbit peer: inflight 0 limit 3028 inflight 6056 limit 4542 [ trimmed output for brevity, no limit/inflight changes during test steady-state ] limit 4542 inflight 3028 limit 6122 inflight 0 limit 6122 [ changed cable to 1gbit peer, restart netperf ] inflight 37850 limit 36336 inflight 33308 limit 31794 inflight 33308 limit 31794 inflight 27252 limit 25738 [ again, no changes during test ] inflight 27252 limit 25738 inflight 0 limit 28766 [ change cable to 100mbit peer, restart netperf ] limit 28766 inflight 27370 limit 28766 inflight 4542 limit 5990 inflight 6056 limit 4542 [ .. ] inflight 6056 limit 4542 inflight 0 [end of test] Cc: Francois Romieu <[email protected]> Cc: Hayes Wang <[email protected]> Signed-off-by: Florian Westphal <[email protected]> Acked-by: Eric Dumazet <[email protected]> Acked-by: Tom Herbert <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit d0bf4a9e92b9a93ffeeacbd7b6cb83e0ee3dc2ef Author: Eric Dumazet <[email protected]> Date: Mon Sep 29 13:29:15 2014 -0700 net: cleanup and document skb fclone layout Lets use a proper structure to clearly document and implement skb fast clones. Then, we might experiment more easily alternative layouts. This patch adds a new skb_fclone_busy() helper, used by tcp and xfrm, to stop leaking of implementation details. Signed-off-by: Eric Dumazet <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 0f1ca65ee50df042051e8fa3a14f73b0c71d45b9 Author: Arianna Avanzini <[email protected]> Date: Fri Aug 22 13:20:02 2014 +0200 xen, blkfront: factor out flush-related checks from do_blkif_request() This commit factors out some checks related to the request insertion path, which can be done in an function instead of by itself. Reviewed-by: David Vrabel <[email protected]> Signed-off-by: Arianna Avanzini <[email protected]> Signed-off-by: Konrad Rzeszutek Wilk <[email protected]> commit 61cecca865280bef4f8a9748d0a9afa5df351ac2 Author: Roger Pau Monné <[email protected]> Date: Mon Sep 15 11:55:27 2014 +0200 xen-blkback: fix leak on grant map error path Fix leaking a page when a grant mapping has failed. CC: [email protected] Signed-off-by: Roger Pau Monné <[email protected]> Reported-and-Tested-by: Tao Chen <[email protected]> Signed-off-by: Konrad Rzeszutek Wilk <[email protected]> commit 12ea729645ace01e08f9654df155622898d3aae6 Author: Vitaly Kuznetsov <[email protected]> Date: Mon Sep 8 15:21:33 2014 +0200 xen/blkback: unmap all persistent grants when frontend gets disconnected blkback does not unmap persistent grants when frontend goes to Closed state (e.g. when blkfront module is being removed). This leads to the following in guest's dmesg: [ 343.243825] xen:grant_table: WARNING: g.e. 0x445 still in use! [ 343.243825] xen:grant_table: WARNING: g.e. 0x42a still in use! ... When load module -> use device -> unload module sequence is performed multiple times it is possible to hit BUG() condition in blkfront module: [ 343.243825] kernel BUG at drivers/block/xen-blkfront.c:954! [ 343.243825] invalid opcode: 0000 [#1] SMP [ 343.243825] Modules linked in: xen_blkfront(-) ata_generic pata_acpi [last unloaded: xen_blkfront] ... [ 343.243825] Call Trace: [ 343.243825] [<ffffffff814111ef>] ? unregister_xenbus_watch+0x16f/0x1e0 [ 343.243825] [<ffffffffa0016fbf>] blkfront_remove+0x3f/0x140 [xen_blkfront] ... [ 343.243825] RIP [<ffffffffa0016aae>] blkif_free+0x34e/0x360 [xen_blkfront] [ 343.243825] RSP <ffff88001eb8fdc0> We don't need to keep these grants if we're disconnecting as frontend might already forgot about them. Solve the issue by moving xen_blkbk_free_caches() call from xen_blkif_free() to xen_blkif_disconnect(). Now we can see the following: [ 928.590893] xen:grant_table: WARNING: g.e. 0x587 still in use! [ 928.591861] xen:grant_table: WARNING: g.e. 0x372 still in use! ... [ 929.592146] xen:grant_table: freeing g.e. 0x587 [ 929.597174] xen:grant_table: freeing g.e. 0x372 ... Backend does not keep persistent grants any more, reconnect works fine. CC: [email protected] Signed-off-by: Vitaly Kuznetsov <[email protected]> Signed-off-by: Konrad Rzeszutek Wilk <[email protected]> commit b248230c34970a6c1c17c591d63b464e8d2cfc33 Author: Yuchung Cheng <[email protected]> Date: Mon Sep 29 13:20:38 2014 -0700 tcp: abort orphan sockets stalling on zero window probes Currently we have two different policies for orphan sockets that repeatedly stall on zero window ACKs. If a socket gets a zero window ACK when it is transmitting data, the RTO is used to probe the window. The socket is aborted after roughly tcp_orphan_retries() retries (as in tcp_write_timeout()). But if the socket was idle when it received the zero window ACK, and later wants to send more data, we use the probe timer to probe the window. If the receiver always returns zero window ACKs, icsk_probes keeps getting reset in tcp_ack() and the orphan socket can stall forever until the system reaches the orphan limit (as commented in tcp_probe_timer()). This opens up a simple attack to create lots of hanging orphan sockets to burn the memory and the CPU, as demonstrated in the recent netdev post "TCP connection will hang in FIN_WAIT1 after closing if zero window is advertised." http://www.spinics.net/lists/netdev/msg296539.html This patch follows the design in RTO-based probe: we abort an orphan socket stalling on zero window when the probe timer reaches both the maximum backoff and the maximum RTO. For example, an 100ms RTT connection will timeout after roughly 153 seconds (0.3 + 0.6 + .... + 76.8) if the receiver keeps the window shut. If the orphan socket passes this check, but the system already has too many orphans (as in tcp_out_of_resources()), we still abort it but we'll also send an RST packet as the connection may still be active. In addition, we change TCP_USER_TIMEOUT to cover (life or dead) sockets stalled on zero-window probes. This changes the semantics of TCP_USER_TIMEOUT slightly because it previously only applies when the socket has pending transmission. Signed-off-by: Yuchung Cheng <[email protected]> Signed-off-by: Eric Dumazet <[email protected]> Signed-off-by: Neal Cardwell <[email protected]> Reported-by: Andrey Dmitrov <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 3edfe0030bb7a82dab2a30a29ea6e1800e600c4b Author: Helge Deller <[email protected]> Date: Wed Oct 1 22:11:01 2014 +0200 parisc: Fix serial console for machines with serial port on superio chip Fix the serial console on machines where the serial port is located on the SuperIO chip. Signed-off-by: Helge Deller <[email protected]> Cc: Peter Hurley <[email protected]> commit baf378126b08474de2e2428b16e62a69df0339d9 Author: Michael Opdenacker <[email protected]> Date: Wed Oct 1 14:07:39 2014 -0600 rsxx: Remove deprecated IRQF_DISABLED This removes the use of the IRQF_DISABLED flag from drivers/block/rsxx/core.c It's a NOOP since 2.6.35 and it will be removed one day. Signed-off-by: Michael Opdenacker <[email protected]> Acked-by Philip Kelleher <[email protected]> Signed-off-by: Jens Axboe <[email protected]> commit cb57659a15c6c0576493cc8a10474ce7ffd44eb3 Author: Fabian Frederick <[email protected]> Date: Wed Oct 1 19:30:03 2014 +0200 cipso: add __init to cipso_v4_cache_init cipso_v4_cache_init is only called by __init cipso_v4_init Signed-off-by: Fabian Frederick <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 57a02c39c1c20ed03a86f8014c11a8c18b94cac3 Author: Fabian Frederick <[email protected]> Date: Wed Oct 1 19:18:57 2014 +0200 inet: frags: add __init to ip4_frags_ctl_register ip4_frags_ctl_register is only called by __init ipfrag_init Signed-off-by: Fabian Frederick <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 47d7a88c188f06ffaea3a539f84fe10cb4e77787 Author: Fabian Frederick <[email protected]> Date: Wed Oct 1 18:27:50 2014 +0200 tcp: add __init to tcp_init_mem tcp_init_mem is only called by __init tcp_init. Signed-off-by: Fabian Frederick <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit ee7a1beb9759c94aea67dd887faf5e447a5c6710 Author: Chun-Hao Lin <[email protected]> Date: Wed Oct 1 23:17:21 2014 +0800 r8169:call "rtl8168_driver_start" "rtl8168_driver_stop" only when hardware dash function is enabled These two functions are used to inform dash firmware that driver is been brought up or brought down. So call these two functions only when hardware dash function is enabled. Signed-off-by: Chun-Hao Lin <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 2a9b4d9670e71784896d95c41c9b0acd50db1dbb Author: Chun-Hao Lin <[email protected]> Date: Wed Oct 1 23:17:20 2014 +0800 r8169:modify the behavior of function "rtl8168_oob_notify" In function "rtl8168_oob_notify", using function "rtl_eri_write" to access eri register 0xe8, instead of using MAC register "ERIDR" and "ERIAR" to access it. For using function "rtl_eri_write" in function "rtl8168_oob_notify", need to move down "rtl8168_oob_notify" related functions under the function "rtl_eri_write". Signed-off-by: Chun-Hao Lin <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 2f8c040ce6791ef0477e6d59768ee3d5fd0df0fd Author: Chun-Hao Lin <[email protected]> Date: Wed Oct 1 23:17:19 2014 +0800 r8169:change the name of function "r8168dp_check_dash" to "r8168_check_dash" DASH function not only RTL8168DP can support, but also RTL8168EP. So change the name of function "r8168dp_check_dash" to "r8168_check_dash". Signed-off-by: Chun-Hao Lin <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 706123d06c18b55da5e9da21e2d138ee789bf8f4 Author: Chun-Hao Lin <[email protected]> Date: Wed Oct 1 23:17:18 2014 +0800 r8169:change the name of function"rtl_w1w0_eri" Change the name of function "rtl_w1w0_eri" to "rtl_w0w1_eri". In this function, the local variable "val" is "write zeros then write ones". Please see below code. (val & ~m) | p In this patch, change the function name from "xx_w1w0_xx" to "xx_w0w1_xx". The changed function name is more suitable for it's behavior. Signed-off-by: Chun-Hao Lin <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 7656442824f6174b56a19c664fe560972df56ad4 Author: Chun-Hao Lin <[email protected]> Date: Wed Oct 1 23:17:17 2014 +0800 r8169:for function "rtl_w1w0_phy" change its name and behavior Change function name from "rtl_w1w0_phy" to "rtl_w0w1_phy". And its behavior from "write ones then write zeros" to "write zeros then write ones". In Realtek internal driver, bitwise operations are almost "write zeros then write ones". For easy to port hardware parameters from Realtek internal driver to Linux kernal driver "r8169", we would like to change this function's behavior and its name. Signed-off-by: Chun-Hao Lin <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit ac85bcdbc0ffd3903d6db4abcd769ecacf98605b Author: Chun-Hao Lin <[email protected]> Date: Wed Oct 1 23:17:16 2014 +0800 r8169:add more chips to support magic packet v2 For RTL8168F RTL8168FB RTL8168G RTL8168GU RTL8411 RTL8411B RTL8402 RTL8107E, the magic packet enable bit is changed to eri 0xde bit0. In this patch, change magic packet enable bit of these chips to eri 0xde bit0. Signed-off-by: Chun-Hao Lin <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 89cceb2729c752e6ff9b3bc8650a70f29884f116 Author: Chun-Hao Lin <[email protected]> Date: Wed Oct 1 23:17:15 2014 +0800 r8169:add support more chips to get mac address from backup mac address register RTL8168FB RTL8168G RTL8168GU RTL8411 RTL8411B RTL8106EUS RTL8402 can support get mac address from backup mac address register. Signed-off-by: Chun-Hao Lin <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 42fde7371035144037844f41bd16950de9912bdb Author: Chun-Hao Lin <[email protected]> Date: Wed Oct 1 23:17:14 2014 +0800 r8169:add disable/enable RTL8411B pll function RTL8411B can support disable/enable pll function. Signed-off-by: Chun-Hao Lin <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit b8e5e6ad7115befef13a4493f1d2b8e438abc058 Author: Chun-Hao Lin <[email protected]> Date: Wed Oct 1 23:17:13 2014 +0800 r8169:add disable/enable RTL8168G pll function RTL8168G also can disable/enable pll function. Signed-off-by: Chun-Hao Lin <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 05b9687bb3606190304f08c2e4cd63de8717e30b Author: Chun-Hao Lin <[email protected]> Date: Wed Oct 1 23:17:12 2014 +0800 r8169:change uppercase number to lowercase number Signed-off-by: Chun-Hao Lin <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit a29c9c43bb633a9965909cd548879fee4aa789a4 Author: David L Stevens <[email protected]> Date: Wed Oct 1 11:05:27 2014 -0400 sunvnet: fix potential NULL pointer dereference One of the error cases for vnet_start_xmit()'s "out_dropped" label is port == NULL, so only mess with port->clean_timer when port is not NULL. Signed-off-by: David L Stevens <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit e506d405ac7d34d03996c97ac68aa2ac010be64a Author: Thierry Reding <[email protected]> Date: Wed Oct 1 13:59:00 2014 +0200 net: dsa: Fix build warning for !PM_SLEEP The dsa_switch_suspend() and dsa_switch_resume() functions are only used when PM_SLEEP is enabled, so they need #ifdef CONFIG_PM_SLEEP protection to avoid a compiler warning. Signed-off-by: Thierry Reding <[email protected]> Acked-by: Florian Fainelli <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 84ac1f2ca41f5888cc995944c073a5220f3ed549 Author: Tanmay Inamdar <[email protected]> Date: Fri Sep 26 14:08:25 2014 -0700 arm64: dts: Add APM X-Gene PCIe device tree nodes Add the device tree nodes for APM X-Gene PCIe host controller and PCIe clock interface. Since X-Gene SOC supports maximum 5 ports, 5 dts nodes are added. Signed-off-by: Tanmay Inamdar <[email protected]> Signed-off-by: Bjorn Helgaas <[email protected]> commit 2896e4418b17363f211e084471b589e3c06a7248 Author: Bjorn Helgaas <[email protected]> Date: Wed Oct 1 13:01:35 2014 -0600 PCI: xgene: Add APM X-Gene PCIe driver Add the AppliedMicro X-Gene SOC PCIe host controller driver. The X-Gene PCIe controller supports up to 8 lanes and GEN3 speed. The X-Gene SOC supports up to 5 PCIe ports. [bhelgaas: folded in MAINTAINERS and bindings updates] Tested-by: Ming Lei <[email protected]> Tested-by: Dann Frazier <[email protected]> Signed-off-by: Tanmay Inamdar <[email protected]> Signed-off-by: Bjorn Helgaas <[email protected]> Reviewed-by: Liviu Dudau <[email protected]> (driver) commit 3c87dcbfb36ce6d3d9087f0163c02ba5690d9a85 Author: Subbaraya Sundeep Bhatta <[email protected]> Date: Wed Oct 1 11:01:17 2014 +0200 net: ll_temac: Remove unnecessary ether_setup after alloc_etherdev Calling ether_setup is redundant since alloc_etherdev calls it. Signed-off-by: Subbaraya Sundeep Bhatta <[email protected]> Signed-off-by: Michal Simek <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 8493ecca74a7b4a66e19676de1a0f14194179941 Author: Benjamin Tissoires <[email protected]> Date: Wed Oct 1 11:59:47 2014 -0400 HID: uHID: fix excepted report type When uhid_get_report() or uhid_set_report() are called, they emit on the char device a UHID_GET_REPORT or UHID_SET_REPORT message. Then, the protocol says that the user space asnwers with UHID_GET_REPORT_REPLY or UHID_SET_REPORT_REPLY. Unfortunatelly, the current code waits for an event of type UHID_GET_REPORT or UHID_SET_REPORT instead of the reply one. Add 1 to UHID_GET_REPORT or UHID_SET_REPORT to actually wait for the reply, and validate the reply. Signed-off-by: Benjamin Tissoires <[email protected]> Reviewed-by: David Herrmann <[email protected]> Signed-off-by: Jiri Kosina <[email protected]> commit c8df6ac9452e8f47a6f660993c526d13e858a6f3 Author: Lucas Stach <[email protected]> Date: Tue Sep 30 18:36:27 2014 +0200 PCI: designware: Remove open-coded bitmap operations Replace them by using the standard kernel bitmap ops. No functional change, but makes the code a lot cleaner. Signed-off-by: Lucas Stach <[email protected]> Signed-off-by: Bjorn Helgaas <[email protected]> Reviewed-by: Pratyush Anand <[email protected]> Acked-by: Jingoo Han <[email protected]> commit 2199f0608864cf4e8c93d37842a5ee50c8d79843 Author: Mikulas Patocka <[email protected]> Date: Fri Mar 28 15:51:56 2014 -0400 dm crypt: sort writes Write requests are sorted in a red-black tree structure and are submitted in the sorted order. In theory the sorting should be performed by the underlying disk scheduler, however, in practice the disk scheduler only accepts and sorts a finite number of requests. To allow the sorting of all requests, dm-crypt needs to implement its own own sorting. The overhead associated with rbtree-based sorting is considered negligible so it is not used conditionally. Even on SSD sorting can be beneficial since in-order request dispatch promotes lower latency IO completion to the upper layers. Signed-off-by: Mikulas Patocka <[email protected]> Signed-off-by: Mike Snitzer <[email protected]> commit 648fee35be4c75667aa18bf513f7e7e65c01640b Author: Mikulas Patocka <[email protected]> Date: Fri Mar 28 15:51:56 2014 -0400 dm crypt: offload writes to thread Submitting write bios directly in the encryption thread caused serious performance degradation. On a multiprocessor machine, encryption requests finish in a different order than they were submitted. Consequently, write requests would be submitted in a different order and it could cause severe performance degradation. Move the submission of write requests to a separate thread so that the requests can be sorted before submitting. But this commit improves dm-crypt performance even without having dm-crypt perform request sorting (in particular it enables IO schedulers like CFQ to sort more effectively). Note: it is required that a previous commit ("dm crypt: don't allocate pages for a partial request") be applied before applying this patch. Otherwise, this commit could introduce a crash. Signed-off-by: Mikulas Patocka <[email protected]> Signed-off-by: Mike Snitzer <[email protected]> commit 4a0d7e0464226eee625a5b77484c339334453882 Author: Mikulas Patocka <[email protected]> Date: Fri Mar 28 15:51:55 2014 -0400 dm crypt: use unbound workqueue for request processing Use unbound workqueue so that work is automatically balanced between available CPUs. Signed-off-by: Mikulas Patocka <[email protected]> Signed-off-by: Mike Snitzer <[email protected]> commit 72bfc40ca3b393cb0bc6b5e2ce364e6c6ce0f390 Author: Mikulas Patocka <[email protected]> Date: Thu May 29 14:18:12 2014 -0400 dm crypt: remove io_pending refcount member from dm_crypt_io Commit "dm crypt: don't allocate pages for a partial request" changed the code to allocate all pages for one request. There is always just one pending request, so the io_pending refcount may be removed. Signed-off-by: Mikulas Patocka <[email protected]> Signed-off-by: Mike Snitzer <[email protected]> commit 42196fec8945cc84c032b7f59deaffee82036245 Author: Mikulas Patocka <[email protected]> Date: Fri Mar 28 15:51:56 2014 -0400 dm crypt: remove unused io_pool and _crypt_io_pool The previous commits ("dm crypt: use per-bio data") and ("dm crypt: don't allocate pages for a partial request") stopped using the io_pool slab mempool and backing _crypt_io_pool kmem cache. Signed-off-by: Mikulas Patocka <[email protected]> Signed-off-by: Mike Snitzer <[email protected]> commit ebfda24b1e1bf483accdb900f8625151d8f01383 Author: Mikulas Patocka <[email protected]> Date: Fri Mar 28 15:51:56 2014 -0400 dm crypt: avoid deadlock in mempools Fix a theoretical deadlock introduced in the previous commit ("dm crypt: don't allocate pages for a partial request"). The function crypt_alloc_buffer may be called concurrently. If we allocate from the mempool concurrently, there is a possibility of deadlock. For example, if we have mempool of 256 pages, two processes, each wanting 256, pages allocate from the mempool concurrently, it may deadlock in a situation where both processes have allocated 128 pages and the mempool is exhausted. In order to avoid such a scenario, we allocate the pages under a mutex. In order to not degrade performance with excessive locking, we try non-blocking allocations without a mutex first and if it fails, we fallback to a blocking allocation with a mutex. Signed-off-by: Mikulas Patocka <[email protected]> Signed-off-by: Mike Snitzer <[email protected]> commit b9ea7cb3fb237078be400522880932008c630fb7 Author: Mikulas Patocka <[email protected]> Date: Fri Mar 28 15:51:56 2014 -0400 dm crypt: don't allocate pages for a partial request Change crypt_alloc_buffer so that it only ever allocates pages for a full request. This change is a prerequisite for the commit "dm crypt: offload writes to thread". Which implies this change is effectively required for the upcoming cpu parallelization changes. But this change simplifies the dm-crypt code at the expense of reduced throughput in low memory conditions (where allocation for a partial request is most useful). This change also enables the removal of the io_pending refcount. Note: the next commit ("dm-crypt: avoid deadlock in mempools") is needed to fix a theoretical deadlock. Signed-off-by: Mikulas Patocka <[email protected]> Signed-off-by: Mike Snitzer <[email protected]> commit 117cd3e12232afea97dd31489fbde8888ad22b3e Author: Heinz Mauelshagen <[email protected]> Date: Wed Sep 24 17:47:19 2014 +0200 dm raid: add discard support for RAID levels 4, 5 and 6 In case of RAID levels 4, 5 and 6 we have to verify each RAID members' ability to zero data on discards to avoid stripe data corruption -- if discard_zeroes_data is not set for each RAID member discard support must be disabled. Also add an 'ignore_discard' table argument to the target in order to ignore discard processing completely on a RAID array, hence not passing down discards to MD personalities. This 'ignore_discard' control provides the ability to: - prohibit discards in case of _potential_ data corruptions in RAID4/5/6 (e.g. if ability to zero data on discard is flawed in a RAID member) - avoid discard processing overhead Signed-off-by: Heinz Mauelshagen <[email protected]> Signed-off-by: Mike Snitzer <[email protected]> commit 04c308f43a90a9b3b84c344b324d6af29288da05 Author: Mikulas Patocka <[email protected]> Date: Wed Oct 1 13:29:48 2014 -0400 dm bufio: when done scanning return from __scan immediately When __scan frees the required number of buffer entries that the shrinker requested (nr_to_scan becomes zero) it must return. Before this fix the __scan code exited only the inner loop and continued in the outer loop. Also, move dm_bufio_cond_resched to __scan's inner loop, so that iterating the bufio client's lru lists doesn't result in scheduling latency. Reported-by: Joe Thornber <[email protected]> Signed-off-by: Mikulas Patocka <[email protected]> Signed-off-by: Mike Snitzer <[email protected]> Cc: [email protected] # 3.2+ commit 5ec094057c7df5ff80f5e7fe282f47ad205fb976 Author: Bjorn Helgaas <[email protected]> Date: Tue Sep 23 14:38:28 2014 -0600 PCI/MSI: Remove unnecessary temporary variable The only use of "status" is to hold a value which is immediately returned, so just return and remove the variable directly. Signed-off-by: Bjorn Helgaas <[email protected]> commit 56b72b40957947f7c08771f030102351d4c906df Author: Yijing Wang <[email protected]> Date: Mon Sep 29 18:35:16 2014 -0600 PCI/MSI: Use __write_msi_msg() instead of write_msi_msg() default_restore_msi_irq() already has the struct msi_desc pointer required by __write_msi_msg(), so call it directly instead of having write_msi_msg() look it up from the IRQ. No functional change. [bhelgaas: split into separate patch] Signed-off-by: Yijing Wang <[email protected]> Signed-off-by: Bjorn Helgaas <[email protected]> commit 1e8f4cc82eded0c3c97ef6e2f119782e42deda35 Author: Yijing Wang <[email protected]> Date: Wed Sep 24 11:09:45 2014 +0800 MSI/powerpc: Use __read_msi_msg() instead of read_msi_msg() rtas_setup_msi_irqs() already has the struct msi_desc pointer required by __read_msi_msg(), so call it directly instead of having read_msi_msg() look it up from the IRQ. No functional change. [bhelgaas: changelog] Signed-off-by: Yijing Wang <[email protected]> Signed-off-by: Bjorn Helgaas <[email protected]> Acked-by: Michael Ellerman <[email protected]> CC: Benjamin Herrenschmidt <[email protected]> CC: [email protected] commit 2b260085e466c345e78f23b1c9ad1d123d509ef8 Author: Yijing Wang <[email protected]> Date: Tue Sep 23 13:27:25 2014 +0800 PCI/MSI: Use __get_cached_msi_msg() instead of get_cached_msi_msg() Both callers of get_cached_msi_msg() start with a struct irq_data pointer, look up the corresponding IRQ number, and pass it to get_cached_msi_msg(), which then uses irq_get_irq_data() to look up the struct irq_data again to call __get_cached_msi_msg(). Since we already have the struct irq_data, call __get_cached_msi_msg() directly and skip the lookup work done by get_cached_msi_msg(). No functional change. [bhelgaas: changelog] Signed-off-by: Yijing Wang <[email protected]> Signed-off-by: Bjorn Helgaas <[email protected]> CC: Tony Luck <[email protected]> CC: [email protected] commit 468ff15a3ab98ed7153c29c68229ffb97f15a251 Author: Yijing Wang <[email protected]> Date: Tue Sep 23 13:27:24 2014 +0800 PCI/MSI: Add "msi_bus" sysfs MSI/MSI-X control for endpoints The "msi_bus" sysfs file for bridges sets a bus flag to allow or disallow future driver requests for MSI or MSI-X. Previously, the sysfs file existed for endpoints but did nothing. Add "msi_bus" support for endpoints, so an administrator can prevent the use of MSI and MSI-X for individual devices. Note that as for bridges, these changes only affect future driver requests for MSI or MSI-X, so drivers may need to be reloaded. Add documentation for the "msi_bus" sysfs file. [bhelgaas: changelog, comments, add "subordinate", add endpoint printk, rework bus_flags setting, make bus_flags printk unconditional] Signed-off-by: Yijing Wang <[email protected]> Signed-off-by: Bjorn Helgaas <[email protected]> commit 48c3c38f003c25d50a09d3da558667c5ecd530aa Author: Yijing Wang <[email protected]> Date: Tue Sep 23 11:02:42 2014 -0600 PCI/MSI: Remove "pos" from the struct msi_desc msi_attrib "msi_attrib.pos" is only used for MSI (not MSI-X), and we already cache the MSI capability offset in "dev->msi_cap". Remove "pos" from the struct msi_attrib and use "dev->msi_cap" directly. [bhelgaas: changelog, fix whitespace] Signed-off-by: Yijing Wang <[email protected]> Signed-off-by: Bjorn Helgaas <[email protected]> commit 81052769e48609525c452d8f078a5786b673e178 Author: Yijing Wang <[email protected]> Date: Tue Sep 23 13:27:22 2014 +0800 PCI/MSI: Remove unused kobject from struct msi_desc After commit 1c51b50c2995 ("PCI/MSI: Export MSI mode using attributes, not kobjects"), the kobject in struct msi_desc is unused. Remove the unused struct kobject from struct msi_desc. [bhelgaas: changelog] Fixes: 1c51b50c2995 ("PCI/MSI: Export MSI mode using attributes, not kobjects") Signed-off-by: Yijing Wang <[email protected]> Signed-off-by: Bjorn Helgaas <[email protected]> Acked-by: Greg Kroah-Hartman <[email protected]> commit a06cd74cefe754341f747ddc4cf7b0058fa9bff8 Author: Alexander Gordeev <[email protected]> Date: Tue Sep 23 12:45:58 2014 -0600 PCI/MSI: Rename pci_msi_check_device() to pci_msi_supported() Rename pci_msi_check_device() to pci_msi_supported() for clarity. Note that pci_msi_supported() returns true if MSI/MSI-X is supported, so code like: if (pci_msi_supported(...)) reads naturally. [bhelgaas: changelog, split to separate patch, reverse sense] Signed-off-by: Alexander Gordeev <[email protected]> Signed-off-by: Bjorn Helgaas <[email protected]> commit 27e20603c54ba633ed259284d006275f13c9f95b Author: Alexander Gordeev <[email protected]> Date: Tue Sep 23 14:25:11 2014 -0600 PCI/MSI: Move D0 check into pci_msi_check_device() Both callers of pci_msi_check_device() check that the device is in D0 state, so move the check from the callers into pci_msi_check_device() itself. In pci_enable_msi_range(), note that pci_msi_check_device() never returns a positive value any more, so the loop that called it until it returns zero or negative is no longer necessary. [bhelgaas: changelog, split to separate patch] Signed-off-by: Alexander Gordeev <[email protected]> Signed-off-by: Bjorn Helgaas <[email protected]> commit ad975ebad4c3ce8dcc7d0bb4db26ea5aca4cfc99 Author: Alexander Gordeev <[email protected]> Date: Tue Sep 23 12:39:54 2014 -0600 PCI/MSI: Remove arch_msi_check_device() No architectures implement arch_msi_check_device() or the struct msi_chip .check_device() method, so remove them. Remove the "type" parameter to pci_msi_check_device() because it was only used to call arch_msi_check_device() and is no longer needed. [bhelgaas: changelog, split to separate patch] Signed-off-by: Alexander Gordeev <[email protected]> Signed-off-by: Bjorn Helgaas <[email protected]> commit 3930115e0dd67f61b3b1882c7a34d0baeff1bb4c Author: Alexander Gordeev <[email protected]> Date: Sun Sep 7 20:57:54 2014 +0200 irqchip: armada-370-xp: Remove arch_msi_check_device() Move MSI checks from arch_msi_check_device() to arch_setup_msi_irqs(). This makes the code more compact and allows removing arch_msi_check_device() from generic MSI code. Tested-by: Thomas Petazzoni <[email protected]> Signed-off-by: Alexander Gordeev <[email protected]> Signed-off-by: Bjorn Helgaas <[email protected]> Acked-by: Jason Cooper <[email protected]> CC: Thomas Gleixner <[email protected]> commit 6b2fd7efeb888fa781c1f767de6c36497ac1596b Author: Alexander Gordeev <[email protected]> Date: Sun Sep 7 20:57:53 2014 +0200 PCI/MSI/PPC: Remove arch_msi_check_device() Move MSI checks from arch_msi_check_device() to arch_setup_msi_irqs(). This makes the code more compact and allows removing arch_msi_check_device() from generic MSI code. Signed-off-by: Alexander Gordeev <[email protected]> Signed-off-by: Bjorn Helgaas <[email protected]> Acked-by: Michael Ellerman <[email protected]> commit 977104ece1568f2e2ad3f5fd8e55bd640e8ab55a Author: Mark Charlebois <[email protected]> Date: Thu Sep 4 14:16:17 2014 -0700 arm: LLVMLinux: Use global stack register variable for percpu Using global current_stack_pointer works on both clang and gcc. current_stack_pointer is an unsigned long and needs to be cast as a pointer to dereference. KernelVersion: 3.17.0-rc6 Signed-off-by: Mark Charlebois <[email protected]> Signed-off-by: Behan Webster <[email protected]> commit a35dc594542b29935cd3a92e53233ad4ba4e622f Author: Behan Webster <[email protected]> Date: Tue Sep 3 22:27:27 2013 -0400 arm: LLVMLinux: Use current_stack_pointer in unwind_backtrace Use the global current_stack_pointer to get the value of the stack pointer. This change supports being able to compile the kernel with both gcc and clang. KernelVersion: 3.17.0-rc6 Signed-off-by: Behan Webster <[email protected]> Reviewed-by: Mark Charlebois <[email protected]> Reviewed-by: Jan-Simon Möller <[email protected]> Acked-by: Will Deacon <[email protected]> Acked-by: Nicolas Pitre <[email protected]> commit 5c5da6724d8e1767405a3f4b611451a11ece99e2 Author: Behan Webster <[email protected]> Date: Tue Sep 3 22:27:27 2013 -0400 arm: LLVMLinux: Calculate current_thread_info from current_stack_pointer Use the global current_stack_pointer to get the value of the stack pointer. This change supports being able to compile the kernel with both gcc and clang. KernelVersion: 3.17.0-rc6 Signed-off-by: Behan Webster <[email protected]> Reviewed-by: Mark Charlebois <[email protected]> Reviewed-by: Jan-Simon Möller <[email protected]> Acked-by: Will Deacon <[email protected]> Acked-by: Nicolas Pitre <[email protected]> commit f2b6d8c6c56c9a164a2d885ba34a09d613c959c9 Author: Behan Webster <[email protected]> Date: Tue Sep 3 22:27:27 2013 -0400 arm: LLVMLinux: Use current_stack_pointer in save_stack_trace_tsk Use the global current_stack_pointer to get the value of the stack pointer. This change supports being able to compile the kernel with both gcc and clang. KernelVersion: 3.17.0-rc6 Signed-off-by: Behan Webster <[email protected]> Reviewed-by: Mark Charlebois <[email protected]> Reviewed-by: Jan-Simon Möller <[email protected]> Acked-by: Will Deacon <[email protected]> Acked-by: Nicolas Pitre <[email protected]> commit 40802b84566a3d9731a8fea43b144301d9ac450d Author: Behan Webster <[email protected]> Date: Tue Sep 3 22:27:27 2013 -0400 arm: LLVMLinux: Use current_stack_pointer for return_address Use the global current_stack_pointer to get the value of the stack pointer. This change supports being able to compile the kernel with both gcc and Clang. KernelVersion: 3.17.0-rc6 Signed-off-by: Behan Webster <[email protected]> Reviewed-by: Mark Charlebois <[email protected]> Reviewed-by: Jan-Simon Möller <[email protected]> Acked-by: Will Deacon <[email protected]> Acked-by: Nicolas Pitre <[email protected]> commit d80ced5236764b8c4ffda5545d5b357cf88c77c1 Author: Behan Webster <[email protected]> Date: Tue Sep 3 22:27:27 2013 -0400 arm: LLVMLinux: Use current_stack_pointer to calculate pt_regs address Use the global current_stack_pointer to calculate the end of the stack for current_pt_regs() KernelVersion: 3.17.0-rc6 Signed-off-by: Behan Webster <[email protected]> Reviewed-by: Mark Charlebois <[email protected]> Reviewed-by: Jan-Simon Möller <[email protected]> Acked-by: Will Deacon <[email protected]> Acked-by: Nicolas Pitre <[email protected]> commit 9d0d6994806b36891453beb1e94b6253f853af61 Author: Behan Webster <[email protected]> Date: Tue Sep 3 22:27:26 2013 -0400 arm: LLVMLinux: Add global named register current_stack_pointer for ARM Define a global named register for current_stack_pointer. The use of this new variable guarantees that both gcc and clang can access this register in C code. KernelVersion: 3.17.0-rc6 Signed-off-by: Behan Webster <[email protected]> Reviewed-by: Jan-Simon Möller <[email protected]> Reviewed-by: Mark Charlebois <[email protected]> Acked-by: Will Deacon <[email protected]> Acked-by: Nicolas Pitre <[email protected]> commit 2c804d0f8fc7799981d9fdd8c88653541b28c1a7 Author: Eric Dumazet <[email protected]> Date: Tue Sep 30 22:12:05 2014 -0700 ipv4: mentions skb_gro_postpull_rcsum() in inet_gro_receive() Proper CHECKSUM_COMPLETE support needs to adjust skb->csum when we remove one header. Its done using skb_gro_postpull_rcsum() In the case of IPv4, we know that the adjustment is not really needed, because the checksum over IPv4 header is 0. Lets add a comment to ease code comprehension and avoid copy/paste errors. Signed-off-by: Eric Dumazet <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit eb51bbaf8dedf142a54a7ff58514a29b40d515bb Author: Stephen Rothwell <[email protected]> Date: Wed Oct 1 17:00:49 2014 +1000 fm10k: using vmalloc requires including linux/vmalloc.h Signed-off-by: Stephen Rothwell <[email protected]> Acked-by: Jeff Kirsher <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 078efae00ffc76381c3248006e9cf0988163488f Author: Anish Bhatt <[email protected]> Date: Mon Sep 15 17:44:18 2014 -0700 [SCSI] cxgb4i: avoid holding mutex in interrupt context cxgbi_inet6addr_handler() can be called in interrupt context, so use rcu protected list while finding netdev. This is observed as a scheduling in atomic oops when running over ipv6. Fixes: fc8d0590d914 ("libcxgbi: Add ipv6 api to driver") Fixes: 759a0cc5a3e1 ("cxgb4i: Add ipv6 code to driver, call into libcxgbi ipv6 api") Signed-off-by: Anish Bhatt <[email protected]> Signed-off-by: Karen Xie <[email protected]> Signed-off-by: Christoph Hellwig <[email protected]> Signed-off-by: James Bottomley <[email protected]> commit 34549ab09e62db9703811c6ed4715f2ffa1fd7fb Author: Jeff Layton <[email protected]> Date: Wed Oct 1 08:05:22 2014 -0400 nfsd: eliminate "to_delegation" define We now have cb_to_delegation and to_delegation, which do the same thing and are defined separately in different .c files. Move the cb_to_delegation definition into a header file and eliminate the redundant to_delegation definition. Reviewed-by: Christoph Hellwig <[email protected]> Signed-off-by: Jeff Layton <[email protected]> commit 4a0efdc933680d908de11712a774a2c9492c3d5a Author: Hannes Reinecke <[email protected]> Date: Wed Oct 1 14:32:31 2014 +0200 block: misplaced rq_complete tracepoint The rq_complete tracepoint was never issued for empty requests, causing the resulting blktrace information to never show any completion for those request. Signed-off-by: Hannes Reinecke <[email protected]> Acked-by: Tejun Heo <[email protected]> Signed-off-by: Jens Axboe <[email protected]> commit fc2021fb9baf9ed375c8161b40b68e120e75c60e Author: Michael Opdenacker <[email protected]> Date: Wed Oct 1 12:07:07 2014 +0200 block: hd: remove deprecated IRQF_DISABLED This patch removes the use of the IRQF_DISABLED flag from drivers/block/hd.c It's a NOOP since 2.6.35 and it will be removed one day. This also removes a related comment which is obsolete too. Signed-off-by: Michael Opdenacker <[email protected]> Signed-off-by: Jens Axboe <[email protected]> commit 19aeb5a65f1a6504fc665466c188241e7393d66f Author: Bob Peterson <[email protected]> Date: Mon Sep 29 08:52:04 2014 -0400 GFS2: Make rename not save dirent location This patch fixes a regression in the patch "GFS2: Remember directory insert point", commit 2b47dad866d04f14c328f888ba5406057b8c7d33. The problem had to do with the rename function: The function found space for the new dirent, and remembered that location. But then the old dirent was removed, which often moved the eligible location for the renamed dirent. Putting the new dirent at the saved location caused file system corruption. This patch adds a new "save_loc" variable to struct gfs2_diradd. If 1, the dirent location is saved. If 0, the dirent location is not saved and the buffer_head is released as per previous behavior. Signed-off-by: Bob Peterson <[email protected]> Signed-off-by: Steven Whitehouse <[email protected]> commit 5235166fbc332c8b5dcf49e3a498a8b510a77449 Author: Oliver Neukum <[email protected]> Date: Tue Sep 30 12:54:56 2014 +0200 HID: usbhid: add another mouse that needs QUIRK_ALWAYS_POLL There is a second mouse sharing the same vendor strings but different IDs. Signed-off-by: Oliver Neukum <[email protected]> Signed-off-by: Jiri Kosina <[email protected]> commit 2013add4ce73c93ae2148969a9ec3ecc8b1e26fa Author: Gavin Shan <[email protected]> Date: Wed Oct 1 14:34:51 2014 +1000 powerpc/eeh: Show hex prefix for PE state sysfs As Michael suggested, the hex prefix for the output of EEH PE state sysfs entry (/sys/bus/pci/devices/xxx/eeh_pe_state) is always informative to users. Suggested-by: Michael Ellerman <[email protected]> Signed-off-by: Gavin Shan <[email protected]> Signed-off-by: Michael Ellerman <[email protected]> commit 24c20f10583647e30afe87b6f6d5e14bc7b1cbc6 Author: Christoph Hellwig <[email protected]> Date: Tue Sep 30 16:43:46 2014 +0200 scsi: add a CONFIG_SCSI_MQ_DEFAULT option Add a Kconfig option to enable the blk-mq path for SCSI by default to ease testing and deployment in setups that know they benefit from blk-mq. Signed-off-by: Christoph Hellwig <[email protected]> Reviewed-by: Martin K. Petersen <[email protected]> Reviewed-by: Robert Elliott <[email protected]> Tested-by: Robert Elliott <[email protected]> commit e785060ea3a1c8e37a8bc1449c79e36bff2b5b13 Author: Dolev Raviv <[email protected]> Date: Thu Sep 25 15:32:36 2014 +0300 ufs: definitions for phy interface - Adding some of the definitions missing in unipro.h, including power enumeration. - Read Modify Write Line helper function - Indication for the type of suspend Signed-off-by: Dolev Raviv <[email protected]> Signed-off-by: Subhash Jadavani <[email protected]> Signed-off-by: Yaniv Gardi <[email protected]> Signed-off-by: Christoph Hellwig <[email protected]> commit 374a246e4ebda1fc55d537877bf2412e511ecc7b Author: Subhash Jadavani <[email protected]> Date: Thu Sep 25 15:32:35 2014 +0300 ufs: tune bkops while power managment events Add capability to control the auto bkops during suspend. If host explicitly enables the auto bkops (background operation) on device then only device would perform the bkops on its own. If auto bkops is not enabled explicitly and if the device reaches to state where it must do background operation, device would raise the urgent bkops exception event to host and then host will enable the auto bkops on device. This patch adds the option to choose whether auto bkops should be enabled during runtime suspend or not. Since we don't want to keep the device active to perform the non critical bkops, host will enable urgent bkops only. Keep auto-bkops enabled after resume if urgent bkops needed. If device bkops status shows that its in critical need of executing background operations, host should allow the device to continue doing background operations. Signed-off-by: Subhash Jadavani <[email protected]> Signed-off-by: Dolev Raviv <[email protected]> Signed-off-by: Christoph Hellwig <[email protected]> commit 856b348305c98d4e0c8e5eafa97c61443197f8d3 Author: Sahitya Tummala <[email protected]> Date: Thu Sep 25 15:32:34 2014 +0300 ufs: Add support for clock scaling using devfreq framework The clocks for UFS device will be managed by generic DVFS (Dynamic Voltage and Frequency Scaling) framework within kernel. This devfreq framework works with different governors to scale the clocks. By default, UFS devices uses simple_ondemand governor which scales the clocks up if the load is more than upthreshold and scales down if the load is less than downthreshold. Signed-off-by: Sahitya Tummala <[email protected]> Signed-off-by: Dolev Raviv <[email protected]> Signed-off-by: Christoph Hellwig <[email protected]> commit 4cff6d991e4a291cf50fe2659da2ea9ad46620bf Author: Sahitya Tummala <[email protected]> Date: Thu Sep 25 15:32:33 2014 +0300 ufs: Add freq-table-hz property for UFS device Add freq-table-hz propery for UFS device to keep track of <min max> frequencies supported by UFS clocks. Signed-off-by: Sahitya Tummala <[email protected]> Signed-off-by: Dolev Raviv <[email protected]> Signed-off-by: Christoph Hellwig <[email protected]> commit 1ab27c9cf8b63dd8dec9e17b5c17721c7f3b6cc7 Author: Sahitya Tummala <[email protected]> Date: Thu Sep 25 15:32:32 2014 +0300 ufs: Add support for clock gating The UFS controller clocks can be gated after certain period of inactivity, which is typically less than runtime suspend timeout. In addition to clocks the link will also be put into Hibern8 mode to save more power. The clock gating can be turned on by enabling the capability UFSHCD_CAP_CLK_GATING. To enable entering into Hibern8 mode as part of clock gating, set the capability UFSHCD_CAP_HIBERN8_WITH_CLK_GATING. The tracing events for clock gating can be enabled through debugfs as: echo 1 > /sys/kernel/debug/tracing/events/ufs/ufshcd_clk_gating/enable cat /sys/kernel/debug/tracing/trace_pipe Signed-off-by: Sahitya Tummala <[email protected]> Signed-off-by: Dolev Raviv <[email protected]> Signed-off-by: Christoph Hellwig <[email protected]> commit 7eb584db73bebbc9852a14341431ed6935419bec Author: Dolev Raviv <[email protected]> Date: Thu Sep 25 15:32:31 2014 +0300 ufs: refactor configuring power mode Sometimes, the device shall report its maximum power and speed capabilities, but we might not wish to configure it to use those maximum capabilities. This change adds support for the vendor specific host driver to implement power change notify callback. To enable configuring different power modes (number of lanes, gear number and fast/slow modes) it is necessary to split the configuration stage from the stage that reads the device max power mode. In addition, it is not required to read the configuration more than once, thus the configuration is stored after reading it once. Signed-off-by: Dolev Raviv <[email protected]> Signed-off-by: Yaniv Gardi <[email protected]> Signed-off-by: Christoph Hellwig <[email protected]> commit 57d104c153d3d6d7bea60089e80f37501851ed2c Author: Subhash Jadavani <[email protected]> Date: Thu Sep 25 15:32:30 2014 +0300 ufs: add UFS power management support This patch adds support for UFS device and UniPro link power management during runtime/system PM. Main idea is to define multiple UFS low power levels based on UFS device and UFS link power states. This would allow any specific platform or pci driver to choose the best suited low power level during runtime and system suspend based on their power goals. bkops handlig: To put the UFS device in sleep state when bkops is disabled, first query the bkops status from the device and enable bkops on device only if device needs time to perform the bkops. START_STOP handling: Before sending START_STOP_UNIT to the device well-known logical unit (w-lun) to make sure that the device w-lun unit attention condition is cleared. Write protection: UFS device specification allows LUs to be write protected, either permanently or power on write protected. If any LU is power on write protected and if the card is power cycled (by powering off VCCQ and/or VCC rails), LU's write protect status would be lost. So this means those LUs can be written now. To ensures that UFS device is power cycled only if the power on protect is not set for any of the LUs, check if power on write protect is set and if device is in sleep/power-off state & link in inactive state (Hibern8 or OFF state). If none of the Logical Units on UFS device is power on write protected then all UFS device power rails (VCC, VCCQ & VCCQ2) can be turned off if UFS device is in power-off state and UFS link is in OFF state. But current implementation would disable all device power rails even if UFS link is not in OFF state. Low power mode: If UFS link is in OFF state then UFS host controller can be power collapsed to avoid leakage current from it. Note that if UFS host controller is power collapsed, full UFS reinitialization will be required on resume to re-establish the link between host and device. Signed-off-by: Subhash Jadavani <[email protected]> Signed-off-by: Dolev Raviv <[email protected]> Signed-off-by: Sujit Reddy Thumma <[email protected]> Signed-off-by: Christoph Hellwig <[email protected]> commit 0ce147d48a3e3352859f0c185e98e8392bee7a25 Author: Subhash Jadavani <[email protected]> Date: Thu Sep 25 15:32:29 2014 +0300 ufs: introduce well known logical unit in ufs UFS device may have standard LUs and LUN id could be from 0x00 to 0x7F. UFS device specification use "Peripheral Device Addressing Format" (SCSI SAM-5) for standard LUs. UFS device may also have the Well Known LUs (also referred as W-LU) which again could be from 0x00 to 0x7F. For W-LUs, UFS device specification only allows the "Extended Addressing Format" (SCSI SAM-5) which means the W-LUNs would start from 0xC100 onwards. This means max. LUN number reported from UFS device could be 0xC17F hence this patch advertise the "max_lun" as 0xC17F which will allow SCSI mid layer to detect the W-LUs as well. But once the W-LUs are detected, UFSHCD driver may get the commands with SCSI LUN id upto 0xC17F but UPIU LUN id field is only 8-bit wide so it requires the mapping of SCSI LUN id to UPIU LUN id. This patch also add support for this mapping. Signed-off-by: Subhash Jadavani <[email protected]> Signed-off-by: Dolev Raviv <[email protected]> Signed-off-by: Sujit Reddy Thumma <[email protected]> Signed-off-by: Christoph Hellwig <[email protected]> commit 2a8fa600445c45222632810a4811ce820279d106 Author: Subhash Jadavani <su…
|
tobetter
pushed a commit
to tobetter/linux
that referenced
this pull request
May 12, 2015
…midi Enable MIDI by setting CONFIG_SND_SEQUENCER=m through menuconfig.
martinezjavier
pushed a commit
to martinezjavier/linux
that referenced
this pull request
Jul 30, 2015
WARNING: line over 80 characters torvalds#103: FILE: include/linux/mm.h:132: +#define VM_LOCKONFAULT 0x00001000 /* Lock the pages covered when they are faulted in */ WARNING: line over 80 characters torvalds#195: FILE: mm/hugetlb.c:3768: + unsigned long svm_flags = svma->vm_flags & ~(VM_LOCKED | VM_LOCKONFAULT); WARNING: line over 80 characters torvalds#231: FILE: mm/rmap.c:747: + pra->vm_flags |= (vma->vm_flags & (VM_LOCKED | VM_LOCKONFAULT)); WARNING: line over 80 characters torvalds#240: FILE: mm/rmap.c:768: + pra->vm_flags |= (vma->vm_flags & (VM_LOCKED | VM_LOCKONFAULT)); total: 0 errors, 4 warnings, 138 lines checked ./patches/mm-introduce-vm_lockonfault.patch has style problems, please review. NOTE: If any of the errors are false positives, please report them to the maintainer, see CHECKPATCH in MAINTAINERS. Please run checkpatch prior to sending patches Cc: Eric B Munson <[email protected]> Signed-off-by: Andrew Morton <[email protected]>
ddstreet
pushed a commit
to ddstreet/linux
that referenced
this pull request
Jul 31, 2015
WARNING: line over 80 characters torvalds#103: FILE: include/linux/mm.h:132: +#define VM_LOCKONFAULT 0x00001000 /* Lock the pages covered when they are faulted in */ WARNING: line over 80 characters torvalds#195: FILE: mm/hugetlb.c:3768: + unsigned long svm_flags = svma->vm_flags & ~(VM_LOCKED | VM_LOCKONFAULT); WARNING: line over 80 characters torvalds#231: FILE: mm/rmap.c:747: + pra->vm_flags |= (vma->vm_flags & (VM_LOCKED | VM_LOCKONFAULT)); WARNING: line over 80 characters torvalds#240: FILE: mm/rmap.c:768: + pra->vm_flags |= (vma->vm_flags & (VM_LOCKED | VM_LOCKONFAULT)); total: 0 errors, 4 warnings, 138 lines checked ./patches/mm-introduce-vm_lockonfault.patch has style problems, please review. NOTE: If any of the errors are false positives, please report them to the maintainer, see CHECKPATCH in MAINTAINERS. Please run checkpatch prior to sending patches Cc: Eric B Munson <[email protected]> Signed-off-by: Andrew Morton <[email protected]>
ddstreet
pushed a commit
to ddstreet/linux
that referenced
this pull request
Aug 6, 2015
WARNING: line over 80 characters torvalds#103: FILE: include/linux/mm.h:132: +#define VM_LOCKONFAULT 0x00001000 /* Lock the pages covered when they are faulted in */ WARNING: line over 80 characters torvalds#195: FILE: mm/hugetlb.c:3768: + unsigned long svm_flags = svma->vm_flags & ~(VM_LOCKED | VM_LOCKONFAULT); WARNING: line over 80 characters torvalds#231: FILE: mm/rmap.c:747: + pra->vm_flags |= (vma->vm_flags & (VM_LOCKED | VM_LOCKONFAULT)); WARNING: line over 80 characters torvalds#240: FILE: mm/rmap.c:768: + pra->vm_flags |= (vma->vm_flags & (VM_LOCKED | VM_LOCKONFAULT)); total: 0 errors, 4 warnings, 138 lines checked ./patches/mm-introduce-vm_lockonfault.patch has style problems, please review. NOTE: If any of the errors are false positives, please report them to the maintainer, see CHECKPATCH in MAINTAINERS. Please run checkpatch prior to sending patches Cc: Eric B Munson <[email protected]> Signed-off-by: Andrew Morton <[email protected]>
hzhuang1
pushed a commit
to hzhuang1/linux
that referenced
this pull request
Aug 10, 2015
…ll-get-from-registers-v3 Revert "Working syspll get from registers v3"
norov
pushed a commit
to norov/linux
that referenced
this pull request
Jun 2, 2017
When running lscpu on an AArch64 system that has SMBIOS version 2.0 tables, it will segfault in the following way: Unable to handle kernel paging request at virtual address ffff8000bfff0000 pgd = ffff8000f9615000 [ffff8000bfff0000] *pgd=0000000000000000 Internal error: Oops: 96000007 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 1284 Comm: lscpu Not tainted 4.11.0-rc3+ torvalds#103 Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 task: ffff8000fa78e800 task.stack: ffff8000f9780000 PC is at __arch_copy_to_user+0x90/0x220 LR is at read_mem+0xcc/0x140 This is caused by the fact that lspci issues a read() on /dev/mem at the offset where it expects to find the SMBIOS structure array. However, this region is classified as EFI_RUNTIME_SERVICE_DATA (as per the UEFI spec), and so it is omitted from the linear mapping. So let's restrict /dev/mem read/write access to those areas that are covered by the linear region. Reported-by: Alexander Graf <[email protected]> Fixes: 4dffbfc ("arm64/efi: mark UEFI reserved regions as MEMBLOCK_NOMAP") Signed-off-by: Ard Biesheuvel <[email protected]> Signed-off-by: Will Deacon <[email protected]>
fengguang
pushed a commit
to 0day-ci/linux
that referenced
this pull request
Jun 4, 2017
GIT 1bc60b48157f140f72a98357b7f1f4eef12a887b commit 4f61e1e687c45ee8c6820519fdd9027ed95bb774 Author: Nicholas Bellinger <[email protected]> Date: Thu Jun 1 08:57:15 2017 +0200 target: Avoid target_shutdown_sessions loop during queue_depth change When target_shutdown_sessions() is invoked to shutdown all active sessions associated with a se_node_acl when se_node_acl->queue_depth is changed via core_tpg_set_initiator_node_queue_depth(), it's possible that new connections reconnect immediately after explicit shutdown occurs via target_shutdown_sessions(). Which means it's possible for the newly reconnected session with the proper queue_depth can be shutdown multiple times when target_shutdown_sessions() loops to drain all active sessions for all cases. This was regression was introduced by: commit bc6e6bb470eda42f44bcac96c261cff1216577b3 Author: Christoph Hellwig <[email protected]> Date: Mon May 2 15:45:19 2016 +0200 target: consolidate and fix session shutdown To avoid this case, instead change target_shutdown_sessions() to pass 'do_restart' and avoid the looping drain of sessions when invoked via core_tpg_set_initiator_node_queue_depth(), but still loop during normal se_node_acl delete until all associated sessions have been shutdown. (v2 - go back to the original version instead of a local list, in order to protect list_del_init(&sess->sess_acl_list) from transport_deregister_session_configfs. Also use safe list walking in target_shutdown_sessions - nab) Cc: Christoph Hellwig <[email protected]> Cc: Mike Christie <[email protected]> Cc: Hannes Reinecke <[email protected]> Cc: <[email protected]> # 4.7+ Signed-off-by: Nicholas Bellinger <[email protected]> commit e4c078873f138fc2db3256ed1454c5fadd109e81 Author: Nicholas Bellinger <[email protected]> Date: Thu Jun 1 20:21:33 2017 -0700 iscsi-target: Avoid holding ->tpg_state_lock during param update As originally reported by Jia-Ju, iscsit_tpg_enable_portal_group() holds iscsi_portal_group->tpg_state_lock while updating AUTHMETHOD via iscsi_update_param_value(), which performs a GFP_KERNEL allocation. However, since iscsit_tpg_enable_portal_group() is already protected by iscsit_get_tpg() -> iscsi_portal_group->tpg_access_lock in it's parent caller, ->tpg_state_lock only needs to be held when setting TPG_STATE_ACTIVE. Reported-by: Jia-Ju Bai <[email protected]> Reviewed-by: Jia-Ju Bai <[email protected]> Signed-off-by: Nicholas Bellinger <[email protected]> commit 06fd91ce633d46898e1d0b272a342a4c9b310b34 Author: Nicholas Bellinger <[email protected]> Date: Thu Jun 1 03:11:18 2017 -0700 target/configfs: Kill se_lun->lun_link_magic Instead of using a hardcoded magic value in se_lun when verifying a target config_item symlink source during target_fabric_mappedlun_link(), go ahead and use target_fabric_port_item_ops directly instead. Reviewed-by: Christoph Hellwig <[email protected]> Cc: Mike Christie <[email protected]> Cc: Hannes Reinecke <[email protected]> Signed-off-by: Nicholas Bellinger <[email protected]> commit 9af17008a0add07105569ba6adaa60078e5b36fa Author: Nicholas Bellinger <[email protected]> Date: Thu Jun 1 03:10:53 2017 -0700 target/configfs: Kill se_device->dev_link_magic Instead of using a hardcoded magic value in se_device when verifying a target config_item symlink source during target_fabric_port_link(), go ahead and use target_core_dev_item_ops directly instead. Reviewed-by: Christoph Hellwig <[email protected]> Cc: Mike Christie <[email protected]> Cc: Hannes Reinecke <[email protected]> Signed-off-by: Nicholas Bellinger <[email protected]> commit 1b7d8dd63b27518c97990c64321293fdb929cf30 Author: Yunlei He <[email protected]> Date: Thu Jun 1 16:43:51 2017 +0800 f2fs: fix a panic caused by NULL flush_cmd_control Mount fs with option noflush_merge, boot failed for illegal address fcc in function f2fs_issue_flush: if (!test_opt(sbi, FLUSH_MERGE)) { ret = submit_flush_wait(sbi); atomic_inc(&fcc->issued_flush); -> Here, fcc illegal return ret; } Signed-off-by: Yunlei He <[email protected]> Signed-off-by: Jaegeuk Kim <[email protected]> commit dbc30d988661f652f9d61d8f112f2cf4fb9a0bab Author: Zhang Shengju <[email protected]> Date: Thu Jun 1 16:50:10 2017 +0800 f2fs: remove the unnecessary cast for PTR_ERR It's not necessary to specify 'int' casting for PTR_ERR. Signed-off-by: Zhang Shengju <[email protected]> Signed-off-by: Jaegeuk Kim <[email protected]> commit a7e7fd11b8efb1a5a9525ec4667faf11f3fbfed1 Author: Jaegeuk Kim <[email protected]> Date: Thu Jun 1 15:39:27 2017 -0700 f2fs: remove false-positive bug_on For example, f2fs_create - new_node_page is failed - handle_failed_inode - skip to add it into orphan list, since ni.blk_addr == NULL_ADDR : set_inode_flag(inode, FI_FREE_NID) f2fs_evict_inode - EIO due to fault injection - f2fs_bug_on() is triggered So, we don't need to call f2fs_bug_on in this case. Signed-off-by: Jaegeuk Kim <[email protected]> commit ce0407e1e88392deaf20fca542d139cdbeeb75a8 Author: Paul E. McKenney <[email protected]> Date: Tue May 2 15:22:26 2017 -0700 rcutorture: Don't wait for kernel when all builds fail Currently, rcutorture groups runs in batches, building each scenario in a given batch, then invoking qemu to run all the kernels in the batch. Of course, if a given scenario's kernel fails to build, there is no qemu run for that scenario. And if all of the kernels in a given batch fail to build, there are no runs, and rcutorture immediately starts on the next batch. But not if --jitter has been specified, which it is by default. In this case, the jitter scripts are started unconditionally, and rcutorture waits for them to complete, even though there are no kernels to run. This commit therefore checks for this situation, and refuses to start jitter unless at least one of the kernels in the batch built successfully. This saves substantial time when all scenarios' kernels fail to build, particularly if a long --duration was specified. Signed-off-by: Paul E. McKenney <[email protected]> commit 597635ee552b0fe91521cffe688b0c6085b19778 Author: Paul E. McKenney <[email protected]> Date: Mon May 1 17:49:29 2017 -0700 torture: Add --kconfig argument to kvm.sh Currently, testing a variant of an existing scenario requires editing that scenario's file or creating a new scenario file. This is messy and error prone with respect to changes to scenarios. This commit therefore adds a --kconfig argument to kvm.sh, so that '--kconfig "CONFIG_RCU_TRACE=y CONFIG_RCU_EQS_DEBUG=n" will override those two Kconfig options. In addition, there is now clear precedence: the config fragment overrides CFcommon, and the --kconfig argument overrides both. Signed-off-by: Paul E. McKenney <[email protected]> commit 0d51d5d59e8767cb2b7d74882b15d998433e07f9 Author: Paul E. McKenney <[email protected]> Date: Fri May 26 16:16:40 2017 -0700 srcu: Move rcu_scheduler_starting() from Tiny RCU to Tiny SRCU Other than lockdep support, Tiny RCU has no need for the scheduler status. However, Tiny SRCU will need this to control boot-time behavior independent of lockdep. Therefore, this commit moves rcu_scheduler_starting() from kernel/rcu/tiny_plugin.h to kernel/rcu/srcutiny.c. This in turn allows the complete removal of kernel/rcu/tiny_plugin.h. Signed-off-by: Paul E. McKenney <[email protected]> commit be215bb343adb2b3b0e9b4f18e728eb7a39b12d6 Author: Paul E. McKenney <[email protected]> Date: Fri May 26 17:31:45 2017 -0700 rcutorture: Select CONFIG_PROVE_LOCKING for Tiny SRCU scenario This commit selects CONFIG_PROVE_LOCKING for the SRCU-u scenario to get better test coverage. Signed-off-by: Paul E. McKenney <[email protected]> commit 8a2ccf36fd4eea0b1f9121e7781363050cf365a5 Author: Paul E. McKenney <[email protected]> Date: Thu May 25 08:51:48 2017 -0700 rcu: Create reasonable API for do_exit() TASKS_RCU processing Currently, the exit-time support for TASKS_RCU is open-coded in do_exit(). This commit creates exit_tasks_rcu_start() and exit_tasks_rcu_finish() APIs for do_exit() use. This has the benefit of confining the use of the tasks_rcu_exit_srcu variable to one file, allowing it to become static. Signed-off-by: Paul E. McKenney <[email protected]> commit 035932dfada84331bbec2f126b53c3f377f32daa Author: Paul E. McKenney <[email protected]> Date: Thu May 25 08:23:06 2017 -0700 rcu: Remove CONFIG_TASKS_RCU ifdef from rcuperf.c The synchronize_rcu_tasks() and call_rcu_tasks() APIs are now available regardless of kernel configuration, so this commit removes the CONFIG_TASKS_RCU ifdef from rcuperf.c. Signed-off-by: Paul E. McKenney <[email protected]> commit ddd3da98d603c72dcbf32f53cf4a204fcc2abff8 Author: Paul E. McKenney <[email protected]> Date: Thu May 25 08:05:00 2017 -0700 rcu: Drive TASKS_RCU directly off of PREEMPT The actual use of TASKS_RCU is only when PREEMPT, otherwise RCU-sched is used instead. This commit therefore makes synchronize_rcu_tasks() and call_rcu_tasks() available always, but mapped to synchronize_sched() and call_rcu_sched(), respectively, when !PREEMPT. This approach also allows some #ifdefs to be removed from rcutorture. Reported-by: Ingo Molnar <[email protected]> Signed-off-by: Paul E. McKenney <[email protected]> Reviewed-by: Masami Hiramatsu <[email protected]> Acked-by: Ingo Molnar <[email protected]> commit 14c8d59b22d326ea33f4e0e1b8612d0903189633 Author: Paul E. McKenney <[email protected]> Date: Mon May 22 13:59:52 2017 -0700 rcutorture: Print SRCU lock/unlock totals This commit adds printing of SRCU lock/unlock totals, which are just the sums of the per-CPU counts. Saves a bit of mental arithmetic. Signed-off-by: Paul E. McKenney <[email protected]> commit ed5cbd3db8d718a6c880904432b439e8b5e6abf6 Author: Paul E. McKenney <[email protected]> Date: Mon May 22 13:31:03 2017 -0700 rcutorture: Move SRCU status printing to SRCU implementations This commit gets rid of some ugly #ifdefs in rcutorture.c by moving the SRCU status printing to the SRCU implementations. Signed-off-by: Paul E. McKenney <[email protected]> commit 6ba3472d3218db2be12c6f1c6a40e56daafc2335 Author: Paul E. McKenney <[email protected]> Date: Tue May 30 15:20:37 2017 -0700 module: Fix pr_fmt() bug for header use of printk This commit removes the pr_fmt() macro, replacing it with mod_err() and mod_debug() macros to avoid errors when using printk() from header files. Signed-off-by: Joe Perches <[email protected]> Signed-off-by: Paul E. McKenney <[email protected]> commit e2b41e3196cb8320f81fa10bda17d17ddcf6e419 Author: Paul E. McKenney <[email protected]> Date: Sat Apr 29 20:03:20 2017 -0700 rcu: Use timer as backstop for NOCB deferred wakeups The handling of RCU's no-CBs CPUs has a maintenance headache, namely that if call_rcu() is invoked with interrupts disabled, the rcuo kthread wakeup must be defered to a point where we can be sure that scheduler locks are not held. Of course, there are a lot of code paths leading from an interrupts-disabled invocation of call_rcu(), and missing any one of these can result in excessive callback-invocation latency, and potentially even system hangs. This commit therefore uses a timer to guarantee that the wakeup will eventually occur. If one of the deferred-wakeup points kicks in, then the timer is simply cancelled. This commit also fixes up an incomplete removal of commits that were intended to plug remaining exit paths, which should have the added benefit of reducing the overhead of RCU's context-switch hooks. Signed-off-by: Paul E. McKenney <[email protected]> [ paulmck: Dan Carpenter fix for mod_timer() usage bug found by smatch. ] commit 1b9d76e44cac9aaa2e7d19fe746252b4b41d8353 Author: Paul E. McKenney <[email protected]> Date: Wed Nov 30 06:24:30 2016 -0800 sched,rcu: Make cond_resched() provide RCU quiescent state There is some confusion as to which of cond_resched() or cond_resched_rcu_qs() should be added to long in-kernel loops. This commit therefore eliminates the decision by adding RCU quiescent states to cond_resched(). This commit also simplifies the code that used to interact with cond_resched_rcu_qs(), and that now interacts with cond_resched(), to reduce its overhead. This reduction is necessary to allow the heavier-weight cond_resched_rcu_qs() mechanism to be invoked everywhere that cond_resched() is invoked. Part of that reduction in overhead converts the jiffies_till_sched_qs kernel parameter to read-only at runtime, thus eliminating the need for bounds checking. Reported-by: Michal Hocko <[email protected]> Signed-off-by: Paul E. McKenney <[email protected]> Cc: Peter Zijlstra <[email protected]> commit c3fa663c7c4b86dc42a23cf72607616a6cc4da92 Author: Paul E. McKenney <[email protected]> Date: Wed May 17 10:54:29 2017 -0700 rcu: Remove RCU CPU stall warnings from Tiny RCU Tiny RCU's job is to be tiny, so this commit removes its RCU CPU stall warning code. After this, there is no longer any need for rcu_sched_ctrlblk and rcu_bh_ctrlblk to be in tiny_plugin.h, so this commit also moves them to tiny.c. Signed-off-by: Paul E. McKenney <[email protected]> commit e574636033dbb5f720c7d008ec073a8af6c53539 Author: Paul E. McKenney <[email protected]> Date: Wed May 17 10:17:03 2017 -0700 rcu: Remove event tracing from Tiny RCU This commit saves a few lines by getting rid of Tiny RCU's event tracing. Signed-off-by: Paul E. McKenney <[email protected]> commit d53d3a286a91da65d09ab3dccf93f32a2d53648f Author: Paul E. McKenney <[email protected]> Date: Wed May 17 09:19:44 2017 -0700 rcu: Move RCU debug Kconfig options to kernel/rcu RCU's debugging Kconfig options are in the unintuitive location lib/Kconfig.debug, and there are enough of them that it would be good for them to be more centralized. This commit therefore extracts RCU's Kconfig options from init/Kconfig into a new kernel/rcu/Kconfig.debug file. Reported-by: Ingo Molnar <[email protected]> Signed-off-by: Paul E. McKenney <[email protected]> commit 287b1b5a0b431a5b85747140d1d91ecb72ece1e3 Author: Paul E. McKenney <[email protected]> Date: Wed May 17 08:43:40 2017 -0700 rcu: Move RCU non-debug Kconfig options to kernel/rcu RCU's Kconfig options are scattered, and there are enough of them that it would be good for them to be more centralized. This commit therefore extracts RCU's Kconfig options from init/Kconfig into a new kernel/rcu/Kconfig file. Reported-by: Ingo Molnar <[email protected]> Signed-off-by: Paul E. McKenney <[email protected]> commit 4c22da1f2c0a63172d567403316fcf2006dac7a2 Author: Paul E. McKenney <[email protected]> Date: Mon May 15 16:26:34 2017 -0700 rcu: Eliminate NOCBs CPU-state Kconfig options The CONFIG_RCU_NOCB_CPU_ALL, CONFIG_RCU_NOCB_CPU_NONE, and CONFIG_RCU_NOCB_CPU_ZERO Kconfig options are used only in testing and are redundant with the rcu_nocbs= boot parameter. This commit therefore removes these three Kconfig options and adjusts the rcutorture scripts to use the boot parameter instead. Signed-off-by: Paul E. McKenney <[email protected]> commit 64d6535de2b2949d005b81f98a224cd7992e7e7c Author: Paul E. McKenney <[email protected]> Date: Mon May 15 15:30:32 2017 -0700 rcu: Remove debugfs tracing RCU's debugfs tracing used to be the only reasonable low-level debug information available, but ftrace and event tracing has since surpassed the RCU debugfs level of usefulness. This commit therefore removes RCU's debugfs tracing. Signed-off-by: Paul E. McKenney <[email protected]> commit 0ce2e8a0aa44d456179b47c31ff3e48b5b0a7e64 Author: Paul E. McKenney <[email protected]> Date: Mon May 15 14:57:01 2017 -0700 srcu: Remove Classic SRCU Classic SRCU was only ever intended to be a fallback in case of issues with Tree/Tiny SRCU, and the latter two are doing quite well in testing. This commit therefore removes Classic SRCU. Signed-off-by: Paul E. McKenney <[email protected]> commit 49ba6fb1e68f5ab828f1f789295a97ad691e076c Author: Paul E. McKenney <[email protected]> Date: Sun May 14 17:06:30 2017 -0700 srcu: Fix rcutorture-statistics typo The function srcutorture_get_gp_data() duplicated the check for sp->batch_check0.head instead of also checking sp->batch_check1.head. The only effect of this typo would be for rcutorture statistics to understate the fraction of time that an SRCU grace period was in flight, and only for Classic SRCU. This commit fixes this typo. Reported-by: David Binderman <[email protected]> Signed-off-by: Paul E. McKenney <[email protected]> commit 27ad1d73e8271e565825b9072a2ddfd82a355a05 Author: Paul E. McKenney <[email protected]> Date: Fri May 12 15:56:35 2017 -0700 rcu: Remove SPARSE_RCU_POINTER Kconfig option The sparse-based checking for non-RCU accesses to RCU-protected pointers has been around for a very long time, and it is now the only type of sparse-based checking that is optional. This commit therefore makes it unconditional. Reported-by: Ingo Molnar <[email protected]> Signed-off-by: Paul E. McKenney <[email protected]> Cc: Fengguang Wu <[email protected]> commit 0dd218086c81075a539385667f51452c006b04fc Author: Paul E. McKenney <[email protected]> Date: Fri May 12 14:37:19 2017 -0700 rcu: Remove the now-obsolete PROVE_RCU_REPEATEDLY Kconfig option The PROVE_RCU_REPEATEDLY Kconfig option was initially added due to the volume of messages from PROVE_RCU: Doing just one per boot would have required excessive numbers of boots to locate them all. However, PROVE_RCU messages are now relatively rare, so there is no longer any reason to need more than one such message per boot. This commit therefore removes the PROVE_RCU_REPEATEDLY Kconfig option. Signed-off-by: Paul E. McKenney <[email protected]> Cc: Ingo Molnar <[email protected]> commit 742714427fbaaa6a9ad877a2409e569eb4ade08d Author: Paul E. McKenney <[email protected]> Date: Thu May 11 15:33:23 2017 -0700 rcu: Remove typecheck() from RCU locking wrapper functions Because raw_spin_lock_irqsave() and raw_spin_unlock_irqrestore() both do typecheck() on their flags argument, there is no point in duplicating this check in raw_spin_lock_irqsave_rcu_node() and raw_spin_unlock_irqrestore_rcu_node(). This commit therefore saves a few lines by removing this duplicated check. Signed-off-by: Paul E. McKenney <[email protected]> commit 06a7b44feb2f317e6ff3066a0a69caa86701b871 Author: Paul E. McKenney <[email protected]> Date: Thu May 11 12:01:50 2017 -0700 rcu: Remove #ifdef moving rcu_end_inkernel_boot from rcupdate.h This commit removes a #ifdef and saves a few lines of code by moving the rcu_end_inkernel_boot() function from include/linux/rcupdate.h to include/linux/rcutiny.h (for TINY_RCU) and to include/linux/rcutree.h (for TREE_RCU). Signed-off-by: Paul E. McKenney <[email protected]> commit 5e62cf9dc3773c3ec8f08f86b441b0d6f0e472e2 Author: Paul E. McKenney <[email protected]> Date: Thu May 11 11:26:22 2017 -0700 rcu: Remove nohz_full full-system-idle state machine The NO_HZ_FULL_SYSIDLE full-system-idle capability was added in 2013 by commit 0edd1b1784cb ("nohz_full: Add full-system-idle state machine"), but has not been used. This commit therefore removes it. If it turns out to be needed later, this commit can always be reverted. Signed-off-by: Paul E. McKenney <[email protected]> Cc: Frederic Weisbecker <[email protected]> Cc: Rik van Riel <[email protected]> Cc: Ingo Molnar <[email protected]> Acked-by: Linus Torvalds <[email protected]> commit a34830f754e21c81c9ef7c89b65f61797d1b17dd Author: Paul E. McKenney <[email protected]> Date: Wed May 10 15:57:16 2017 -0700 rcu: Remove the RCU_KTHREAD_PRIO Kconfig option Anything that can be done with the RCU_KTHREAD_PRIO Kconfig option can also be done with the rcutree.kthread_prio kernel boot parameter. This commit therefore removes this Kconfig option. Reported-by: Linus Torvalds <[email protected]> Signed-off-by: Paul E. McKenney <[email protected]> Cc: Frederic Weisbecker <[email protected]> Cc: Rik van Riel <[email protected]> commit ed4b57aa2231315ce6d242d5348526d685172f61 Author: Paul E. McKenney <[email protected]> Date: Wed May 10 14:36:55 2017 -0700 rcu: Remove *_SLOW_* Kconfig options The RCU_TORTURE_TEST_SLOW_PREINIT, RCU_TORTURE_TEST_SLOW_PREINIT_DELAY, RCU_TORTURE_TEST_SLOW_PREINIT_DELAY, RCU_TORTURE_TEST_SLOW_INIT, RCU_TORTURE_TEST_SLOW_INIT_DELAY, RCU_TORTURE_TEST_SLOW_CLEANUP, and RCU_TORTURE_TEST_SLOW_CLEANUP_DELAY Kconfig options are only useful for torture testing, and there are the rcutree.gp_cleanup_delay, rcutree.gp_init_delay, and rcutree.gp_preinit_delay kernel boot parameters that rcutorture can use instead. The effect of these parameters is to artificially slow down grace period initialization and cleanup in order to make some types of race conditions happen more often. This commit therefore simplifies Tree RCU a bit by removing the Kconfig options and adding the corresponding kernel parameters to rcutorture's .boot files instead. However, this commit also leaves out the kernel parameters for TREE02, TREE04, and TREE07 in order to have about the same number of tests slowed as not slowed. TREE01, TREE03, TREE05, and TREE06 are slowed, and the rest are not slowed. Reported-by: Linus Torvalds <[email protected]> Signed-off-by: Paul E. McKenney <[email protected]> commit 1b8b5fe04eceed655e21f58e5f5b0d034d2892a2 Author: Paul E. McKenney <[email protected]> Date: Tue May 9 15:00:14 2017 -0700 srcu: Use rnp->lock wrappers to replace explicit memory barriers This commit uses TREE RCU's rnp->lock wrappers to replace a few explicit memory barriers. This change also has the advantage of making SRCU's memory-ordering properties be implemented in roughly the same way as they are in Tree RCU. Signed-off-by: Paul E. McKenney <[email protected]> commit e3a95369a3f612804d09a12b0edcc6581b7f5368 Author: Paul E. McKenney <[email protected]> Date: Tue May 9 13:28:51 2017 -0700 rcu: Move rnp->lock wrappers for SRCU use This commit moves the now-generic rnp->lock wrapper macros from kernel/rcu/tree.h to kernel/rcu/rcu.h, thus allowing SRCU to use them. Signed-off-by: Paul E. McKenney <[email protected]> commit 642b6fda21c2e31c1e3d667d41d0f2f2e021aafe Author: Paul E. McKenney <[email protected]> Date: Tue May 9 12:05:46 2017 -0700 rcu: Convert rnp->lock wrappers to macros for SRCU use Use of smp_mb__after_unlock_lock() would allow SRCU to omit a full memory barrier during callback execution, so this commit converts raw_spin_lock_rcu_node() from inline functions to type-generic macros to allow them to handle locks in srcu_node structures as well as rcu_node structures. Signed-off-by: Paul E. McKenney <[email protected]> commit 8820bc038470f90fd584fada46b6b0d551d1c259 Author: Paul E. McKenney <[email protected]> Date: Wed May 3 15:24:25 2017 -0700 rcu: Refactor #includes from include/linux/rcupdate.h The list of #includes from include/linux/rcupdate.h has grown quite a bit, so it is time to trim it. This commit moves the #include of include/linux/ktime.h to include/linux/rcutiny.h, along with the Tiny-RCU-only function that was the only thing needing ktimem.h. It then reconstructs the files included into include/linux/ktime.h based on what is actually needed, with significant help from the 0day Test Robot. This single change reduces the .i file footprint from rcupdate.h from 9018 lines to 7101 lines. Reported-by: Ingo Molnar <[email protected]> Signed-off-by: Paul E. McKenney <[email protected]> commit 2411354d68627e94d9d2e4c9ea96c8cd06a040f6 Author: Arnd Bergmann <[email protected]> Date: Wed May 31 09:26:07 2017 -0700 bcm47xx: Fix build regression Commit 0bc2d534708b ("rcu: Refactor #includes from include/linux/rcupdate.h") caused a build regression in an MTD partition driver: In file included from drivers/mtd/bcm47xxpart.c:12:0: include/linux/bcm47xx_nvram.h: In function 'bcm47xx_nvram_init_from_mem': include/linux/bcm47xx_nvram.h:27:10: error: 'ENOTSUPP' undeclared (first use in this function) The rcupdate.h file has no particular need for linux/errno.h, so this commit includes linux/errno.h into bcm47xx_nvram.h. Fixes: 0bc2d534708b ("rcu: Refactor #includes from include/linux/rcupdate.h") Signed-off-by: Arnd Bergmann <[email protected]> Signed-off-by: Paul E. McKenney <[email protected]> commit fe47d563065c91cd30088d9b118b79d44905be6f Author: Vivien Didelot <[email protected]> Date: Thu Jun 1 16:07:15 2017 -0400 net: dsa: factor skb freeing on xmit As of a86d8becc3f0 ("net: dsa: Factor bottom tag receive functions"), the rcv caller frees the original SKB in case or error. Be symmetric with that and make the xmit caller do the same. At the same time, fix the checkpatch NULL comparison check: CHECK: Comparison to NULL could be written "!nskb" #208: FILE: net/dsa/tag_trailer.c:35: + if (nskb == NULL) Signed-off-by: Vivien Didelot <[email protected]> Reviewed-by: Florian Fainelli <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 5470979585d81271d4338c2accfd5e71dafa4af6 Author: Vivien Didelot <[email protected]> Date: Thu Jun 1 16:07:14 2017 -0400 net: dsa: remove out_drop label in taggers rcv Many rcv functions from net/dsa/tag_*.c have a useless out_drop goto label which simply returns NULL. Kill it in favor of the obvious. Reviewed-by: Florian Fainelli <[email protected]> Signed-off-by: Vivien Didelot <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 717ffbfb28ac2b53d3140b2a7dfd345e1569b3a5 Author: Vivien Didelot <[email protected]> Date: Thu Jun 1 16:07:13 2017 -0400 net: dsa: remove dsa_uses_tagged_protocol Since dev->dsa_ptr is a pointer to a dsa_switch_tree, there is no need to have another inline helper just to check rcv. Remove dsa_uses_tagged_protocol and check dsa_ptr && dsa_ptr->rcv together at the same time. Reviewed-by: Florian Fainelli <[email protected]> Signed-off-by: Vivien Didelot <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 02f840cbc9fa9ee147d882edb96b203999c3ac62 Author: Vivien Didelot <[email protected]> Date: Thu Jun 1 16:07:12 2017 -0400 net: dsa: do not cast dst dsa_ptr is not a void pointer anymore since Nov 2011, as of cf50dcc24f82 ("dsa: Change dsa_uses_{dsa, trailer}_tags() into inline functions"), but an explicit dsa_switch_tree pointer, thus remove the (void *) cast. Reviewed-by: Florian Fainelli <[email protected]> Signed-off-by: Vivien Didelot <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 73a7ece8f70c955464080e434b5324bcdfdcb1b1 Author: Vivien Didelot <[email protected]> Date: Thu Jun 1 16:07:11 2017 -0400 net: dsa: comment hot path requirements The DSA layer uses inline helpers and copy of the tagging functions for faster access in hot path. Add comments to detail that. Reviewed-by: Florian Fainelli <[email protected]> Signed-off-by: Vivien Didelot <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 30181faae37fa80d3aa73672e5df5f2a5b8dea0a Author: Bart Van Assche <[email protected]> Date: Wed May 31 14:43:50 2017 -0700 nfsd: Check queue type before submitting a SCSI request Since using scsi_req() is only allowed against request queues for which struct scsi_request is the first member of their private request data, refuse to submit SCSI commands against a queue for which this is not the case. References: commit 82ed4db499b8 ("block: split scsi_request out of struct request") Signed-off-by: Bart Van Assche <[email protected]> Reviewed-by: Hannes Reinecke <[email protected]> Reviewed-by: Christoph Hellwig <[email protected]> Acked-by: J. Bruce Fields <[email protected]> Cc: Jeff Layton <[email protected]> Cc: Omar Sandoval <[email protected]> Cc: [email protected] Signed-off-by: Jens Axboe <[email protected]> commit 73d17701db503382eeed03afb3a6c39ec4d9a5c7 Author: Bart Van Assche <[email protected]> Date: Wed May 31 14:43:49 2017 -0700 cdrom: Check SCSI passthrough support before reading audio The CDROMREADAUDIO ioctl uses SCSI passthrough when the .disk pointer has been set in struct cdrom_device_info. Hence check whether SCSI passthrough is supported before submitting a SCSI command. Note: both the ide-cd and sr drivers set the disk pointer in struct cdrom_device_info but neither the pcd nor the gdrom driver sets that pointer. References: commit 82ed4db499b8 ("block: split scsi_request out of struct request") Signed-off-by: Bart Van Assche <[email protected]> Reviewed-by: Hannes Reinecke <[email protected]> Reviewed-by: Christoph Hellwig <[email protected]> Cc: Omar Sandoval <[email protected]> Cc: [email protected] Signed-off-by: Jens Axboe <[email protected]> commit ec2be6a98e50d3eb9f35f70aa51c5d2c23737c55 Author: Bart Van Assche <[email protected]> Date: Wed May 31 14:43:48 2017 -0700 pktcdvd: Check queue type before attaching to a queue Since the pktcdvd driver only supports request queues for which struct scsi_request is the first member of their private request data, refuse to register block layer queues for which struct scsi_request is not the first member of the private data. References: commit 82ed4db499b8 ("block: split scsi_request out of struct request") Signed-off-by: Bart Van Assche <[email protected]> Reviewed-by: Hannes Reinecke <[email protected]> Reviewed-by: Christoph Hellwig <[email protected]> Cc: Omar Sandoval <[email protected]> Signed-off-by: Jens Axboe <[email protected]> commit d9f972644606ecc2581390b43cb5a980b54c04bf Author: Bart Van Assche <[email protected]> Date: Wed May 31 14:43:47 2017 -0700 bsg: Check queue type before attaching to a queue Since BSG only supports request queues for which struct scsi_request is the first member of their private request data, refuse to register block layer queues for which struct scsi_request is not the first member of their private data. References: commit bd1599d931ca ("scsi_transport_sas: fix BSG ioctl memory corruption") References: commit 82ed4db499b8 ("block: split scsi_request out of struct request") Signed-off-by: Bart Van Assche <[email protected]> Reviewed-by: Hannes Reinecke <[email protected]> Reviewed-by: Christoph Hellwig <[email protected]> Cc: Omar Sandoval <[email protected]> Signed-off-by: Jens Axboe <[email protected]> commit 9efc160f4bbd69b17b48edec53067537d04e62b7 Author: Bart Van Assche <[email protected]> Date: Wed May 31 14:43:46 2017 -0700 block: Introduce queue flag QUEUE_FLAG_SCSI_PASSTHROUGH From the context where a SCSI command is submitted it is not always possible to figure out whether or not the queue the command is submitted to has struct scsi_request as the first member of its private data. Hence introduce the flag QUEUE_FLAG_SCSI_PASSTHROUGH. Signed-off-by: Bart Van Assche <[email protected]> Reviewed-by: Hannes Reinecke <[email protected]> Reviewed-by: Christoph Hellwig <[email protected]> Reviewed-by: Martin K. Petersen <[email protected]> Cc: Omar Sandoval <[email protected]> Cc: Don Brace <[email protected]> Signed-off-by: Jens Axboe <[email protected]> commit 0266f79778de0afadd070941aae493c28529d974 Author: Ido Schimmel <[email protected]> Date: Wed May 31 21:33:42 2017 +0300 mlxsw: spectrum: Add bridge dependency for spectrum When BRIDGE is a loadable module, MLXSW_SPECTRUM mustn't be built-in: drivers/built-in.o: In function `mlxsw_sp_bridge_device_create': drivers/net/ethernet/mellanox/mlxsw/spectrum_switchdev.c:145: undefined reference to `br_vlan_enabled' drivers/net/ethernet/mellanox/mlxsw/spectrum_switchdev.c:158: undefined reference to `br_multicast_enabled' drivers/built-in.o: In function `mlxsw_sp_dev_rif_type': drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c:2972: undefined reference to `br_vlan_enabled' drivers/built-in.o: In function `mlxsw_sp_inetaddr_vlan_event': drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c:3310: undefined reference to `br_vlan_enabled' Add Kconfig dependency to enforce usable configurations. Fixes: c57529e1d5d8 ("mlxsw: spectrum: Replace vPorts with Port-VLAN") Signed-off-by: Ido Schimmel <[email protected]> Reported-by: Nikolay Aleksandrov <[email protected]> Tested-by: Nikolay Aleksandrov <[email protected]> Cc: Arnd Bergmann <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit edea55abb86ff67afda96120d6254290e7a75d9e Author: Bart Van Assche <[email protected]> Date: Thu Jun 1 08:55:13 2017 -0700 blk-mq-debugfs: Add 'kick' operation Running a queue causes the block layer to examine the per-CPU and hw queues but not the requeue list. Hence add a 'kick' operation that also examines the requeue list. Signed-off-by: Bart Van Assche <[email protected]> Reviewed-by: Ming Lei <[email protected]> Reviewed-by: Eduardo Valentin <[email protected]> Cc: Christoph Hellwig <[email protected]> Cc: Hannes Reinecke <[email protected]> Cc: Omar Sandoval <[email protected]> Signed-off-by: Jens Axboe <[email protected]> commit 2720bab50258782573df0f536681bece11e784f0 Author: Bart Van Assche <[email protected]> Date: Thu Jun 1 08:55:12 2017 -0700 blk-mq-debugfs: Show busy requests Requests that got stuck in a block driver are neither on blk_mq_ctx.rq_list nor on any hw dispatch queue. Make these visible in debugfs through the "busy" attribute. Signed-off-by: Bart Van Assche <[email protected]> Reviewed-by: Eduardo Valentin <[email protected]> Cc: Christoph Hellwig <[email protected]> Cc: Hannes Reinecke <[email protected]> Cc: Omar Sandoval <[email protected]> Cc: Ming Lei <[email protected]> Signed-off-by: Jens Axboe <[email protected]> commit 8ef1a191038c138d5675933cd69d47747d0d396b Author: Bart Van Assche <[email protected]> Date: Thu Jun 1 08:55:11 2017 -0700 blk-mq-debugfs: Show requeue list When verifying whether or not a blk-mq driver forgot to kick the requeue list after having requeued a request it is important to be able to verify the contents of the requeue list. Hence export that list through debugfs. Signed-off-by: Bart Van Assche <[email protected]> Reviewed-by: Hannes Reinecke <[email protected]> Reviewed-by: Ming Lei <[email protected]> Reviewed-by: Eduardo Valentin <[email protected]> Cc: Christoph Hellwig <[email protected]> Cc: Omar Sandoval <[email protected]> Signed-off-by: Jens Axboe <[email protected]> commit c0cb1c6d39060ce04470b10347b7b6f1df77bef5 Author: Bart Van Assche <[email protected]> Date: Thu Jun 1 08:55:10 2017 -0700 blk-mq-debugfs: Show atomic request flags When analyzing e.g. queue lockups it is important to know whether or not a request has already been started. Hence also show the atomic request flags. Signed-off-by: Bart Van Assche <[email protected]> Reviewed-by: Hannes Reinecke <[email protected]> Reviewed-by: Ming Lei <[email protected]> Reviewed-by: Eduardo Valentin <[email protected]> Cc: Omar Sandoval <[email protected]> Cc: Christoph Hellwig <[email protected]> Signed-off-by: Jens Axboe <[email protected]> commit 79e498a9c7da0737829ff864aae44df434105676 Author: Leonard Crestez <[email protected]> Date: Wed May 31 13:29:30 2017 +0300 net: phy: micrel: Restore led_mode and clk_sel on resume These bits seem to be lost after a suspend/resume cycle so just set them again. Do this by splitting the handling of these bits into a function that is also called on resume. This patch fixes ethernet suspend/resume on imx6ul-14x14-evk boards. Signed-off-by: Leonard Crestez <[email protected]> Reviewed-by: Florian Fainelli <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit e6f4292ae0a1e73fae26ced57de13a48f71ad1fa Author: Leonard Crestez <[email protected]> Date: Wed May 31 13:29:29 2017 +0300 ARM: dts: imx6ul-14x14-evk: Add ksz8081 phy properties Right now mach-imx6ul registers a fixup for the ksz8081 phy. The same register values can be set through the micrel phy driver by using dts properties. This seems preferable and allows cleanly fixing suspend/resume. Signed-off-by: Leonard Crestez <[email protected]> Reviewed-by: Fabio Estevam <[email protected]> Reviewed-by: Florian Fainelli <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 2428fd0fe5508f5d8599d70cd6f650e19e835b5a Author: LABBE Corentin <[email protected]> Date: Wed May 31 09:18:52 2017 +0200 arm64: defconfig: Enable dwmac-sun8i driver on defconfig Enable the dwmac-sun8i ethernet driver as a module in the ARM64 defconfig. Signed-off-by: Corentin Labbe <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 5209324407477f5dbe2ad6def17584e80b7faa91 Author: LABBE Corentin <[email protected]> Date: Wed May 31 09:18:51 2017 +0200 arm: multi_v7: Enable dwmac-sun8i driver on multi_v7_defconfig Enable the dwmac-sun8i driver in the multi_v7 default configuration Signed-off-by: Corentin Labbe <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit b97a96848011322f7ce24c7a4dce5c0066846e56 Author: LABBE Corentin <[email protected]> Date: Wed May 31 09:18:50 2017 +0200 arm: sunxi: Enable dwmac-sun8i driver on sunxi_defconfig Enable the dwmac-sun8i driver in the sunxi default configuration Signed-off-by: Corentin Labbe <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 67e29b4240e305c687b43de908c51f842ce1b507 Author: LABBE Corentin <[email protected]> Date: Wed May 31 09:18:49 2017 +0200 arm64: allwinner: bananapi-m64: Enable dwmac-sun8i The dwmac-sun8i hardware is present on the BananaPi M64. It uses an external PHY rtl8211e via RGMII. Signed-off-by: Corentin Labbe <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 72aa5f0fd198569be85c843bbbf6ec4a06553910 Author: LABBE Corentin <[email protected]> Date: Wed May 31 09:18:48 2017 +0200 arm64: allwinner: pine64-plus: Enable dwmac-sun8i The dwmac-sun8i hardware is present on the pine64 plus. It uses an external PHY rtl8211e via RGMII. Signed-off-by: Corentin Labbe <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 93264150b017ae1d3edbae883d0df6962d859180 Author: LABBE Corentin <[email protected]> Date: Wed May 31 09:18:47 2017 +0200 arm64: allwinner: pine64: Enable dwmac-sun8i The dwmac-sun8i hardware is present on the pine64 It uses an external PHY via RMII. Signed-off-by: Corentin Labbe <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 103aefa01c1ba7528a6035658dcf43f85409115d Author: LABBE Corentin <[email protected]> Date: Wed May 31 09:18:46 2017 +0200 arm64: allwinner: sun50i-a64: add dwmac-sun8i Ethernet driver The dwmac-sun8i is an Ethernet MAC that supports 10/100/1000 Mbit connections. It is very similar to the device found in the Allwinner H3, but lacks the internal 100 Mbit PHY and its associated control bits. This adds the necessary bits to the Allwinner A64 SoC .dtsi, but keeps it disabled at this level. Signed-off-by: Corentin Labbe <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit b89acf34c6427104b63cdc2be9300c80540728ed Author: LABBE Corentin <[email protected]> Date: Wed May 31 09:18:45 2017 +0200 arm64: allwinner: sun50i-a64: Add dt node for the syscon control module This patch add the dt node for the syscon register present on the Allwinner A64. Only two register are present in this syscon and the only one useful is the one dedicated to EMAC clock. Signed-off-by: Corentin Labbe <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 6f9461d6a489b3e9884a7a4eb9df6f20ad7c5857 Author: LABBE Corentin <[email protected]> Date: Wed May 31 09:18:44 2017 +0200 arm: sun8i: nanopi-neo: Enable dwmac-sun8i The dwmac-sun8i hardware is present on the NanoPi Neo. It uses the internal PHY. This patch create the needed emac node. Signed-off-by: Corentin Labbe <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 29eb9d2984402db5e303c476c8efa8a2f587196b Author: LABBE Corentin <[email protected]> Date: Wed May 31 09:18:43 2017 +0200 arm: sun8i: orangepi-pc-plus: Set EMAC activity LEDs to active high On the Orange Pi PC Plus, the polarity of the LEDs on the RJ45 Ethernet port were changed from active low to active high. Signed-off-by: Chen-Yu Tsai <[email protected]> Signed-off-by: Corentin Labbe <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 0d38218c4d84ec1a975195cf45eeda0fae6b0c0a Author: LABBE Corentin <[email protected]> Date: Wed May 31 09:18:42 2017 +0200 arm: sun8i: orangepi-2: Enable dwmac-sun8i The dwmac-sun8i hardware is present on the Orange PI 2. It uses the internal PHY. This patch create the needed emac node. Signed-off-by: Corentin Labbe <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit bec8f59b740d8e4f6c7fa868487f795a5897b09a Author: LABBE Corentin <[email protected]> Date: Wed May 31 09:18:41 2017 +0200 arm: sun8i: orangepi-one: Enable dwmac-sun8i The dwmac-sun8i hardware is present on the Orange PI One. It uses the internal PHY. This patch create the needed emac node. Signed-off-by: Corentin Labbe <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 0e4da3444597a737e26d296d782227674effc5b7 Author: LABBE Corentin <[email protected]> Date: Wed May 31 09:18:40 2017 +0200 arm: sun8i: orangepi-zero: Enable dwmac-sun8i The dwmac-sun8i hardware is present on the Orange PI Zero. It uses the internal PHY. This patch create the needed emac node. Signed-off-by: Corentin Labbe <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 62781b28785d3b21b58152489fea6fe14450eaaf Author: LABBE Corentin <[email protected]> Date: Wed May 31 09:18:39 2017 +0200 arm: sun8i: orangepi-pc: Enable dwmac-sun8i The dwmac-sun8i hardware is present on the Orange PI PC. It uses the internal PHY. This patch create the needed emac node. Signed-off-by: Corentin Labbe <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 33125eaae481ad7da6b281f25b77a7bc91732b25 Author: LABBE Corentin <[email protected]> Date: Wed May 31 09:18:38 2017 +0200 arm: sun8i: sunxi-h3-h5: add dwmac-sun8i ethernet driver The dwmac-sun8i is an ethernet MAC hardware that support 10/100/1000 speed. This patch enable the dwmac-sun8i on Allwinner H3/H5 SoC Device-tree. SoC H3/H5 have an internal PHY, so optionals syscon and ephy are set. Signed-off-by: Corentin Labbe <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 2c0cba482e795ff2cae4729bd1522b289c5b4412 Author: LABBE Corentin <[email protected]> Date: Wed May 31 09:18:37 2017 +0200 arm: sun8i: sunxi-h3-h5: Add dt node for the syscon control module This patch add the dt node for the syscon register present on the Allwinner H3/H5 Only two register are present in this syscon and the only one useful is the one dedicated to EMAC clock.. Signed-off-by: Corentin Labbe <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 9f93ac8d4085f718d3c7c5fedcb98dbdd2287648 Author: LABBE Corentin <[email protected]> Date: Wed May 31 09:18:36 2017 +0200 net-next: stmmac: Add dwmac-sun8i The dwmac-sun8i is a heavy hacked version of stmmac hardware by allwinner. In fact the only common part is the descriptor management and the first register function. Signed-off-by: Corentin Labbe <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit ce5a4ff3c5058a1c934d3416385948a499a62e6f Author: LABBE Corentin <[email protected]> Date: Wed May 31 09:18:35 2017 +0200 dt-bindings: syscon: Add DT bindings documentation for Allwinner syscon This patch adds documentation for Device-Tree bindings for the syscon present in allwinner devices. Signed-off-by: Corentin Labbe <[email protected]> Acked-by: Rob Herring <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 0441bde003bee53a61d7e365562a295f2049ca53 Author: LABBE Corentin <[email protected]> Date: Wed May 31 09:18:34 2017 +0200 dt-bindings: net-next: Add DT bindings documentation for Allwinner dwmac-sun8i This patch adds documentation for Device-Tree bindings for the Allwinner dwmac-sun8i driver. Signed-off-by: Corentin Labbe <[email protected]> Acked-by: Rob Herring <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit ec33d71de7309c50531c2ae0eb178244899e6e46 Author: LABBE Corentin <[email protected]> Date: Wed May 31 09:18:33 2017 +0200 net-next: stmmac: add optional setup function Instead of adding more ifthen logic for adding a new mac_device_info setup function, it is easier to add a function pointer to the function needed. Signed-off-by: Corentin Labbe <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 3874191898675ac34b6d1d94cfe997c570492bbb Author: LABBE Corentin <[email protected]> Date: Wed May 31 09:18:32 2017 +0200 net-next: stmmac: export stmmac_set_mac_addr/stmmac_get_mac_addr Thoses symbol will be needed for the dwmac-sun8i ethernet driver. For letting it to be build as module, they need to be exported. Signed-off-by: Corentin Labbe <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 93818da5eed63fbc17b64080406ea53b86b23309 Author: Jia-Ju Bai <[email protected]> Date: Wed May 31 15:08:25 2017 +0800 mISDN: Fix a sleep-in-atomic bug The driver may sleep under a read spin lock, and the function call path is: send_socklist (acquire the lock by read_lock) skb_copy(GFP_KERNEL) --> may sleep To fix it, the "GFP_KERNEL" is replaced with "GFP_ATOMIC". Signed-off-by: Jia-Ju Bai <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 042cc409349f997d8a04f26829e4a048538a9794 Author: Stephen Rothwell <[email protected]> Date: Wed May 31 15:43:37 2017 +1000 powerpc: use asm-generic/socket.h as much as possible asm-generic/socket.h already has an exception for the differences that powerpc needs, so just include it after defining the differences. Signed-off-by: Stephen Rothwell <[email protected]> Acked-by: Arnd Bergmann <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 35cf2845563c1aaa01d27bd34d64795c4ae72700 Author: Lance Richardson <[email protected]> Date: Mon May 29 13:25:57 2017 -0400 vxlan: eliminate cached dst leak After commit 0c1d70af924b ("net: use dst_cache for vxlan device"), cached dst entries could be leaked when more than one remote was present for a given vxlan_fdb entry, causing subsequent netns operations to block indefinitely and "unregister_netdevice: waiting for lo to become free." messages to appear in the kernel log. Fix by properly releasing cached dst and freeing resources in this case. Fixes: 0c1d70af924b ("net: use dst_cache for vxlan device") Signed-off-by: Lance Richardson <[email protected]> Acked-by: Paolo Abeni <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 44225c9c79ae288b5f1668dc5dda7ba9f87995f1 Author: Chris Packham <[email protected]> Date: Thu May 25 11:49:13 2017 +1200 mtd: mchp23k256: switch to mtd_device_register() Use mtd_device_register() instead of mtd_device_parse_register() to eliminate two unused parameters. Signed-off-by: Chris Packham <[email protected]> Reviewed-by: Andrew Lunn <[email protected]> Tested-by: Andrew Lunn <[email protected]> Acked-by: Boris Brezillon <[email protected]> Signed-off-by: Brian Norris <[email protected]> commit 4db4d35ebda390b5287d758fdd51b26c24fbc26b Author: Chris Packham <[email protected]> Date: Thu May 25 11:49:12 2017 +1200 mtd: mchp23k256: Add OF device ID table This allows registering of this device via a Device Tree. Signed-off-by: Chris Packham <[email protected]> Reviewed-by: Andrew Lunn <[email protected]> Tested-by: Andrew Lunn <[email protected]> Acked-by: Boris Brezillon <[email protected]> Acked-by: Rob Herring <[email protected]> Signed-off-by: Brian Norris <[email protected]> commit cf97825862f0acd7d6bad67da59962e4badc870a Author: Vadim Lomovtsev <[email protected]> Date: Wed May 31 18:51:57 2017 +0300 EDAC, thunderx: Fix a warning during l2c debugfs node creation Compare the number of debugfs entries created by thunderx_create_debugfs_nodes() with the requested number of entries to properly determine whether to print a warning. Signed-off-by: Vadim Lomovtsev <[email protected]> Cc: linux-edac <[email protected]> Cc: [email protected] Link: http://lkml.kernel.org/r/[email protected] Signed-off-by: Sergey Temerkhanov <[email protected]> Signed-off-by: Borislav Petkov <[email protected]> commit 1151f838cb626005f4d69bf675dacaaa5ea909d6 Author: Ard Biesheuvel <[email protected]> Date: Fri May 19 16:42:00 2017 +0100 arm64: kernel: restrict /dev/mem read() calls to linear region When running lscpu on an AArch64 system that has SMBIOS version 2.0 tables, it will segfault in the following way: Unable to handle kernel paging request at virtual address ffff8000bfff0000 pgd = ffff8000f9615000 [ffff8000bfff0000] *pgd=0000000000000000 Internal error: Oops: 96000007 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 1284 Comm: lscpu Not tainted 4.11.0-rc3+ #103 Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 task: ffff8000fa78e800 task.stack: ffff8000f9780000 PC is at __arch_copy_to_user+0x90/0x220 LR is at read_mem+0xcc/0x140 This is caused by the fact that lspci issues a read() on /dev/mem at the offset where it expects to find the SMBIOS structure array. However, this region is classified as EFI_RUNTIME_SERVICE_DATA (as per the UEFI spec), and so it is omitted from the linear mapping. So let's restrict /dev/mem read/write access to those areas that are covered by the linear region. Reported-by: Alexander Graf <[email protected]> Fixes: 4dffbfc48d65 ("arm64/efi: mark UEFI reserved regions as MEMBLOCK_NOMAP") Signed-off-by: Ard Biesheuvel <[email protected]> Signed-off-by: Will Deacon <[email protected]> commit cae285ea12b54adb99fb758f9edc0333606e4f89 Author: Richard Gong <[email protected]> Date: Thu Jun 1 09:23:59 2017 -0500 dt-bindings: reset: Add reset manager offsets for Stratix10 There are several changes in reset manager offsets from Arria10 to Stratix10. This patch is based on one from Arria10 and adds offset updates for Stratix10 Signed-off-by: Richard Gong <[email protected]> commit ffd526e290f118e634a642314245f416f2aaaba5 Author: Stefan Berger <[email protected]> Date: Thu May 25 18:29:13 2017 -0400 tpm: vtpm_proxy: Suppress error logging when in closed state Suppress the error logging when the core TPM driver sends commands to the VTPM proxy driver and -EPIPE is returned in case the VTPM proxy driver is 'closed' (closed anonymous file descriptor). This error code is only returned by the send function and by tpm_transmit when the VTPM proxy driver is being used. Signed-off-by: Stefan Berger <[email protected]> Reviewed-by: Jarkko Sakkinen <[email protected]> Tested-by: Jarkko Sakkinen <[email protected]> Signed-off-by: Jarkko Sakkinen <[email protected]> commit 0fde7ad71ee371ede73b3f326e58f9e8d102feb6 Author: David S. Miller <[email protected]> Date: Thu Jun 1 09:42:46 2017 -0700 sparc64: Fix build warnings with gcc 7. arch/sparc/kernel/ds.c: In function ‘register_services’: arch/sparc/kernel/ds.c:912:3: error: ‘strcpy’: writing at least 1 byte into a region of size 0 overflows the destination Reported-by: Anatoly Pugachev <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit aeb073241fe7a2b932e04e20c60e47718332877f Author: Nikolay Aleksandrov <[email protected]> Date: Thu Jun 1 18:07:55 2017 +0300 net: bridge: start hello timer only if device is up When the transition of NO_STP -> KERNEL_STP was fixed by always calling mod_timer in br_stp_start, it introduced a new regression which causes the timer to be armed even when the bridge is down, and since we stop the timers in its ndo_stop() function, they never get disabled if the device is destroyed before it's upped. To reproduce: $ while :; do ip l add br0 type bridge hello_time 100; brctl stp br0 on; ip l del br0; done; CC: Xin Long <[email protected]> CC: Ivan Vecera <[email protected]> CC: Sebastian Ott <[email protected]> Reported-by: Sebastian Ott <[email protected]> Fixes: 6d18c732b95c ("bridge: start hello_timer when enabling KERNEL_STP in br_stp_start") Signed-off-by: Nikolay Aleksandrov <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit ce6ef68f433f2c97e5d2cf35d2b694e17592d350 Author: Yotam Gigi <[email protected]> Date: Thu Jun 1 16:26:46 2017 +0300 mlxsw: spectrum: Implement the ethtool flash_device callback Add callback to the ethtool flash_device op. This callback uses the mlxfw module to flash the new firmware file to the device. As the firmware flash process takes about 20 seconds and ethtool takes the rtnl lock during the flash_device callback, release the rtnl lock at the beginning of the flash process and take it again before leaving the callback. This way, the rtnl is not held during the process. To make sure the device does not get deleted during the flash process, take a reference to it before releasing the rtnl lock. Signed-off-by: Yotam Gigi <[email protected]> Reviewed-by: Ido Schimmel <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 3968d38917eb9bd0cd391265f6c9c538d9b33ffa Author: Mintz, Yuval <[email protected]> Date: Thu Jun 1 15:57:56 2017 +0300 bnx2x: Fix Multi-Cos Apparently multi-cos isn't working for bnx2x quite some time - driver implements ndo_select_queue() to allow queue-selection for FCoE, but the regular L2 flow would cause it to modulo the fallback's result by the number of queues. The fallback would return a queue matching the needed tc [via __skb_tx_hash()], but since the modulo is by the number of TSS queues where number of TCs is not accounted, transmission would always be done by a queue configured into using TC0. Fixes: ada7c19e6d27 ("bnx2x: use XPS if possible for bnx2x_select_queue instead of pure hash") Signed-off-by: Yuval Mintz <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 1ee240e31d4c0a5fd37ebaf064ca1f6cb6adcb6f Author: Mintz, Yuval <[email protected]> Date: Thu Jun 1 15:29:11 2017 +0300 qed: No need to reset SBs on IOV init Since we're resetting the IGU CAM each time we initialize the PF device, there's no need to reset the VF SBs again when initializing IOV. Signed-off-by: Yuval Mintz <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit ebbdcc669c7f9d8632d358a739d814485f8917dc Author: Mintz, Yuval <[email protected]> Date: Thu Jun 1 15:29:10 2017 +0300 qed: Reset IGU CAM to default on init The IGU CAM contains an assocaition between hardware SBs and interrupt lines, and it can be dynamically configured to allow more interrupts in one entity over another, specifically for Re-distibution of SBs between a PF and its child VFs. While we don't yet use this functionality, there are other clients that do and as such its possible the information passed from management firmware during initialization in regard to the possible number of SBs doesn't accurately reflect the current HW configuration. The following changes are going to apply to the driver init sequence: a. PF is going to re-configure all entries belonging to itself and its child VFs in IGU CAM based on the management firmware info regarding the number of SBs that are supposed to exist there. b. PF is going to stop using the SB resource [management firmware provided information] for anything but the initialization. Instead, it would use the live-time counters it maintains for the numbers. Signed-off-by: Yuval Mintz <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 50a207147fceb64ad24c1e08e4a2a75535922e81 Author: Mintz, Yuval <[email protected]> Date: Thu Jun 1 15:29:09 2017 +0300 qed: Hold a single array for SBs A PF today holds 2 different arrays - one holding information about the HW configuration and one holding information about the SBs that are used by the protocol drivers. These arrays aren't really connected - e.g., protocol driver initializing a given SB would not mark the same SB as occupied in the HW shadow array. Move into a single array [at least for PFs] - hold the mapping of the driver-protocol SBs on the HW entry which they configure. Signed-off-by: Yuval Mintz <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 09b6b14749523e3660b72be2ed91b3c0b852f58f Author: Mintz, Yuval <[email protected]> Date: Thu Jun 1 15:29:08 2017 +0300 qed: Provide auxiliary for getting free VF SB IOV code is very intrusive in its manipulation of the status block database. Add a new auxiliary function to allow the PF to find an available unused status block to configure for a specific VF's MSI-x vector. Signed-off-by: Yuval Mintz <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 1ac72433c565c8db38fd1f9db80a73193369e5fc Author: Mintz, Yuval <[email protected]> Date: Thu Jun 1 15:29:07 2017 +0300 qed: Remove assumption on SB order in IGU Current code assumes there's a known layout for SBs in the IGU, where all the SBs of a single entity would be laid in consecutive order of vectors. While the assumption is still kept by management firmware, we already have the necessary information to eliminate it, so no reason to keep it in code. Signed-off-by: Yuval Mintz <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 726fdbe9fa7ebccda1579716f68f8bae6fa9c87a Author: Mintz, Yuval <[email protected]> Date: Thu Jun 1 15:29:06 2017 +0300 qed: Encapsulate interrupt counters in struct We already have an API struct that contains interrupt-related numbers. Use it to encapsulate all information relating to the status of SBs as (used|free). Signed-off-by: Yuval Mintz <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit a333f7f3fd327d736a23c52aafcfe17c75f2610c Author: Mintz, Yuval <[email protected]> Date: Thu Jun 1 15:29:05 2017 +0300 qed: Add aux. function translating sb_id -> igu_sb_id An additional step for relaxing the IGU order assumption, we now add an auxiliary function that can be used for finding the HW status block that's associated with a given MSI-x vector. Signed-off-by: Yuval Mintz <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit d031548e9194714dc2e8cb928d9f671432c8a342 Author: Mintz, Yuval <[email protected]> Date: Thu Jun 1 15:29:04 2017 +0300 qed: Distinguish between sb_id and igu_sb_id In qed code, sb_id means 2 different things: - An interrupt vector [usually when received as a parameter from a protocol driver, but not only] that's associated with a status block. - An index to a status block entity existing in HW. This patch renames the references to the HW entity, adding an 'igu_' prefix to allow an easier distinction. Signed-off-by: Yuval Mintz <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit d749dd0dc117e7b02fa3a169c431476d59d18950 Author: Mintz, Yuval <[email protected]> Date: Thu Jun 1 15:29:03 2017 +0300 qed: IGU read revised As a first step for relaxing various assumptions done by driver about the IGU m…
broonie
pushed a commit
to Linaro/rpk
that referenced
this pull request
Jun 27, 2017
When running lscpu on an AArch64 system that has SMBIOS version 2.0 tables, it will segfault in the following way: Unable to handle kernel paging request at virtual address ffff8000bfff0000 pgd = ffff8000f9615000 [ffff8000bfff0000] *pgd=0000000000000000 Internal error: Oops: 96000007 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 1284 Comm: lscpu Not tainted 4.11.0-rc3+ torvalds#103 Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 task: ffff8000fa78e800 task.stack: ffff8000f9780000 PC is at __arch_copy_to_user+0x90/0x220 LR is at read_mem+0xcc/0x140 This is caused by the fact that lspci issues a read() on /dev/mem at the offset where it expects to find the SMBIOS structure array. However, this region is classified as EFI_RUNTIME_SERVICE_DATA (as per the UEFI spec), and so it is omitted from the linear mapping. So let's restrict /dev/mem read/write access to those areas that are covered by the linear region. Reported-by: Alexander Graf <[email protected]> Fixes: 4dffbfc ("arm64/efi: mark UEFI reserved regions as MEMBLOCK_NOMAP") Signed-off-by: Ard Biesheuvel <[email protected]> Signed-off-by: Will Deacon <[email protected]> Signed-off-by: Graeme Gregory <[email protected]>
jchandra-cavm
pushed a commit
to jchandra-cavm/linux
that referenced
this pull request
Jul 13, 2017
When running lscpu on an AArch64 system that has SMBIOS version 2.0 tables, it will segfault in the following way: Unable to handle kernel paging request at virtual address ffff8000bfff0000 pgd = ffff8000f9615000 [ffff8000bfff0000] *pgd=0000000000000000 Internal error: Oops: 96000007 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 1284 Comm: lscpu Not tainted 4.11.0-rc3+ torvalds#103 Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 task: ffff8000fa78e800 task.stack: ffff8000f9780000 PC is at __arch_copy_to_user+0x90/0x220 LR is at read_mem+0xcc/0x140 This is caused by the fact that lspci issues a read() on /dev/mem at the offset where it expects to find the SMBIOS structure array. However, this region is classified as EFI_RUNTIME_SERVICE_DATA (as per the UEFI spec), and so it is omitted from the linear mapping. So let's restrict /dev/mem read/write access to those areas that are covered by the linear region. Reported-by: Alexander Graf <[email protected]> Fixes: 4dffbfc ("arm64/efi: mark UEFI reserved regions as MEMBLOCK_NOMAP") Signed-off-by: Ard Biesheuvel <[email protected]> Signed-off-by: Will Deacon <[email protected]> (cherry picked from commit 1151f83)
jchandra-cavm
pushed a commit
to jchandra-cavm/linux
that referenced
this pull request
Aug 5, 2017
When running lscpu on an AArch64 system that has SMBIOS version 2.0 tables, it will segfault in the following way: Unable to handle kernel paging request at virtual address ffff8000bfff0000 pgd = ffff8000f9615000 [ffff8000bfff0000] *pgd=0000000000000000 Internal error: Oops: 96000007 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 1284 Comm: lscpu Not tainted 4.11.0-rc3+ torvalds#103 Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 task: ffff8000fa78e800 task.stack: ffff8000f9780000 PC is at __arch_copy_to_user+0x90/0x220 LR is at read_mem+0xcc/0x140 This is caused by the fact that lspci issues a read() on /dev/mem at the offset where it expects to find the SMBIOS structure array. However, this region is classified as EFI_RUNTIME_SERVICE_DATA (as per the UEFI spec), and so it is omitted from the linear mapping. So let's restrict /dev/mem read/write access to those areas that are covered by the linear region. Reported-by: Alexander Graf <[email protected]> Fixes: 4dffbfc ("arm64/efi: mark UEFI reserved regions as MEMBLOCK_NOMAP") Signed-off-by: Ard Biesheuvel <[email protected]> Signed-off-by: Will Deacon <[email protected]> (commit 1151f83 from arm64/linux.git)
jchandra-cavm
pushed a commit
to jchandra-cavm/linux
that referenced
this pull request
Jan 23, 2018
When running lscpu on an AArch64 system that has SMBIOS version 2.0 tables, it will segfault in the following way: Unable to handle kernel paging request at virtual address ffff8000bfff0000 pgd = ffff8000f9615000 [ffff8000bfff0000] *pgd=0000000000000000 Internal error: Oops: 96000007 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 1284 Comm: lscpu Not tainted 4.11.0-rc3+ torvalds#103 Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 task: ffff8000fa78e800 task.stack: ffff8000f9780000 PC is at __arch_copy_to_user+0x90/0x220 LR is at read_mem+0xcc/0x140 This is caused by the fact that lspci issues a read() on /dev/mem at the offset where it expects to find the SMBIOS structure array. However, this region is classified as EFI_RUNTIME_SERVICE_DATA (as per the UEFI spec), and so it is omitted from the linear mapping. So let's restrict /dev/mem read/write access to those areas that are covered by the linear region. Reported-by: Alexander Graf <[email protected]> Fixes: 4dffbfc ("arm64/efi: mark UEFI reserved regions as MEMBLOCK_NOMAP") Signed-off-by: Ard Biesheuvel <[email protected]> Signed-off-by: Will Deacon <[email protected]> (cherry picked from commit 1151f83)
iaguis
pushed a commit
to kinvolk/linux
that referenced
this pull request
Feb 6, 2018
Rebase 4.13.10 patches onto 4.14-rc7
Noltari
pushed a commit
to Noltari/linux
that referenced
this pull request
Apr 13, 2018
[ Upstream commit 1151f83 ] When running lscpu on an AArch64 system that has SMBIOS version 2.0 tables, it will segfault in the following way: Unable to handle kernel paging request at virtual address ffff8000bfff0000 pgd = ffff8000f9615000 [ffff8000bfff0000] *pgd=0000000000000000 Internal error: Oops: 96000007 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 1284 Comm: lscpu Not tainted 4.11.0-rc3+ torvalds#103 Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 task: ffff8000fa78e800 task.stack: ffff8000f9780000 PC is at __arch_copy_to_user+0x90/0x220 LR is at read_mem+0xcc/0x140 This is caused by the fact that lspci issues a read() on /dev/mem at the offset where it expects to find the SMBIOS structure array. However, this region is classified as EFI_RUNTIME_SERVICE_DATA (as per the UEFI spec), and so it is omitted from the linear mapping. So let's restrict /dev/mem read/write access to those areas that are covered by the linear region. Reported-by: Alexander Graf <[email protected]> Fixes: 4dffbfc ("arm64/efi: mark UEFI reserved regions as MEMBLOCK_NOMAP") Signed-off-by: Ard Biesheuvel <[email protected]> Signed-off-by: Will Deacon <[email protected]> Signed-off-by: Sasha Levin <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
fengguang
pushed a commit
to 0day-ci/linux
that referenced
this pull request
Jun 5, 2018
Before using nla_get_u32(), better make sure the attribute is of the proper size. Code recently was changed, but bug has been there from beginning of git. BUG: KMSAN: uninit-value in rtnetlink_put_metrics+0x553/0x960 net/core/rtnetlink.c:746 CPU: 1 PID: 14139 Comm: syz-executor6 Not tainted 4.17.0-rc5+ torvalds#103 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x185/0x1d0 lib/dump_stack.c:113 kmsan_report+0x149/0x260 mm/kmsan/kmsan.c:1084 __msan_warning_32+0x6e/0xc0 mm/kmsan/kmsan_instr.c:686 rtnetlink_put_metrics+0x553/0x960 net/core/rtnetlink.c:746 fib_dump_info+0xc42/0x2190 net/ipv4/fib_semantics.c:1361 rtmsg_fib+0x65f/0x8c0 net/ipv4/fib_semantics.c:419 fib_table_insert+0x2314/0x2b50 net/ipv4/fib_trie.c:1287 inet_rtm_newroute+0x210/0x340 net/ipv4/fib_frontend.c:779 rtnetlink_rcv_msg+0xa32/0x1560 net/core/rtnetlink.c:4646 netlink_rcv_skb+0x378/0x600 net/netlink/af_netlink.c:2448 rtnetlink_rcv+0x50/0x60 net/core/rtnetlink.c:4664 netlink_unicast_kernel net/netlink/af_netlink.c:1310 [inline] netlink_unicast+0x1678/0x1750 net/netlink/af_netlink.c:1336 netlink_sendmsg+0x104f/0x1350 net/netlink/af_netlink.c:1901 sock_sendmsg_nosec net/socket.c:629 [inline] sock_sendmsg net/socket.c:639 [inline] ___sys_sendmsg+0xec0/0x1310 net/socket.c:2117 __sys_sendmsg net/socket.c:2155 [inline] __do_sys_sendmsg net/socket.c:2164 [inline] __se_sys_sendmsg net/socket.c:2162 [inline] __x64_sys_sendmsg+0x331/0x460 net/socket.c:2162 do_syscall_64+0x152/0x230 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x455a09 RSP: 002b:00007faae5fd8c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007faae5fd96d4 RCX: 0000000000455a09 RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000013 RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000005d0 R14: 00000000006fdc20 R15: 0000000000000000 Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:279 [inline] kmsan_save_stack mm/kmsan/kmsan.c:294 [inline] kmsan_internal_chain_origin+0x12b/0x210 mm/kmsan/kmsan.c:685 __msan_chain_origin+0x69/0xc0 mm/kmsan/kmsan_instr.c:529 fib_convert_metrics net/ipv4/fib_semantics.c:1056 [inline] fib_create_info+0x2d46/0x9dc0 net/ipv4/fib_semantics.c:1150 fib_table_insert+0x3e4/0x2b50 net/ipv4/fib_trie.c:1146 inet_rtm_newroute+0x210/0x340 net/ipv4/fib_frontend.c:779 rtnetlink_rcv_msg+0xa32/0x1560 net/core/rtnetlink.c:4646 netlink_rcv_skb+0x378/0x600 net/netlink/af_netlink.c:2448 rtnetlink_rcv+0x50/0x60 net/core/rtnetlink.c:4664 netlink_unicast_kernel net/netlink/af_netlink.c:1310 [inline] netlink_unicast+0x1678/0x1750 net/netlink/af_netlink.c:1336 netlink_sendmsg+0x104f/0x1350 net/netlink/af_netlink.c:1901 sock_sendmsg_nosec net/socket.c:629 [inline] sock_sendmsg net/socket.c:639 [inline] ___sys_sendmsg+0xec0/0x1310 net/socket.c:2117 __sys_sendmsg net/socket.c:2155 [inline] __do_sys_sendmsg net/socket.c:2164 [inline] __se_sys_sendmsg net/socket.c:2162 [inline] __x64_sys_sendmsg+0x331/0x460 net/socket.c:2162 do_syscall_64+0x152/0x230 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:279 [inline] kmsan_internal_poison_shadow+0xb8/0x1b0 mm/kmsan/kmsan.c:189 kmsan_kmalloc+0x94/0x100 mm/kmsan/kmsan.c:315 kmsan_slab_alloc+0x10/0x20 mm/kmsan/kmsan.c:322 slab_post_alloc_hook mm/slab.h:446 [inline] slab_alloc_node mm/slub.c:2753 [inline] __kmalloc_node_track_caller+0xb32/0x11b0 mm/slub.c:4395 __kmalloc_reserve net/core/skbuff.c:138 [inline] __alloc_skb+0x2cb/0x9e0 net/core/skbuff.c:206 alloc_skb include/linux/skbuff.h:988 [inline] netlink_alloc_large_skb net/netlink/af_netlink.c:1182 [inline] netlink_sendmsg+0x76e/0x1350 net/netlink/af_netlink.c:1876 sock_sendmsg_nosec net/socket.c:629 [inline] sock_sendmsg net/socket.c:639 [inline] ___sys_sendmsg+0xec0/0x1310 net/socket.c:2117 __sys_sendmsg net/socket.c:2155 [inline] __do_sys_sendmsg net/socket.c:2164 [inline] __se_sys_sendmsg net/socket.c:2162 [inline] __x64_sys_sendmsg+0x331/0x460 net/socket.c:2162 do_syscall_64+0x152/0x230 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Fixes: a919525 ("net: Move fib_convert_metrics to metrics file") Fixes: 1da177e ("Linux-2.6.12-rc2") Signed-off-by: Eric Dumazet <[email protected]> Reported-by: syzbot <[email protected]> Cc: David Ahern <[email protected]>
alaahl
pushed a commit
to alaahl/linux
that referenced
this pull request
Jun 6, 2018
Before using nla_get_u32(), better make sure the attribute is of the proper size. Code recently was changed, but bug has been there from beginning of git. BUG: KMSAN: uninit-value in rtnetlink_put_metrics+0x553/0x960 net/core/rtnetlink.c:746 CPU: 1 PID: 14139 Comm: syz-executor6 Not tainted 4.17.0-rc5+ torvalds#103 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x185/0x1d0 lib/dump_stack.c:113 kmsan_report+0x149/0x260 mm/kmsan/kmsan.c:1084 __msan_warning_32+0x6e/0xc0 mm/kmsan/kmsan_instr.c:686 rtnetlink_put_metrics+0x553/0x960 net/core/rtnetlink.c:746 fib_dump_info+0xc42/0x2190 net/ipv4/fib_semantics.c:1361 rtmsg_fib+0x65f/0x8c0 net/ipv4/fib_semantics.c:419 fib_table_insert+0x2314/0x2b50 net/ipv4/fib_trie.c:1287 inet_rtm_newroute+0x210/0x340 net/ipv4/fib_frontend.c:779 rtnetlink_rcv_msg+0xa32/0x1560 net/core/rtnetlink.c:4646 netlink_rcv_skb+0x378/0x600 net/netlink/af_netlink.c:2448 rtnetlink_rcv+0x50/0x60 net/core/rtnetlink.c:4664 netlink_unicast_kernel net/netlink/af_netlink.c:1310 [inline] netlink_unicast+0x1678/0x1750 net/netlink/af_netlink.c:1336 netlink_sendmsg+0x104f/0x1350 net/netlink/af_netlink.c:1901 sock_sendmsg_nosec net/socket.c:629 [inline] sock_sendmsg net/socket.c:639 [inline] ___sys_sendmsg+0xec0/0x1310 net/socket.c:2117 __sys_sendmsg net/socket.c:2155 [inline] __do_sys_sendmsg net/socket.c:2164 [inline] __se_sys_sendmsg net/socket.c:2162 [inline] __x64_sys_sendmsg+0x331/0x460 net/socket.c:2162 do_syscall_64+0x152/0x230 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x455a09 RSP: 002b:00007faae5fd8c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007faae5fd96d4 RCX: 0000000000455a09 RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000013 RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000005d0 R14: 00000000006fdc20 R15: 0000000000000000 Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:279 [inline] kmsan_save_stack mm/kmsan/kmsan.c:294 [inline] kmsan_internal_chain_origin+0x12b/0x210 mm/kmsan/kmsan.c:685 __msan_chain_origin+0x69/0xc0 mm/kmsan/kmsan_instr.c:529 fib_convert_metrics net/ipv4/fib_semantics.c:1056 [inline] fib_create_info+0x2d46/0x9dc0 net/ipv4/fib_semantics.c:1150 fib_table_insert+0x3e4/0x2b50 net/ipv4/fib_trie.c:1146 inet_rtm_newroute+0x210/0x340 net/ipv4/fib_frontend.c:779 rtnetlink_rcv_msg+0xa32/0x1560 net/core/rtnetlink.c:4646 netlink_rcv_skb+0x378/0x600 net/netlink/af_netlink.c:2448 rtnetlink_rcv+0x50/0x60 net/core/rtnetlink.c:4664 netlink_unicast_kernel net/netlink/af_netlink.c:1310 [inline] netlink_unicast+0x1678/0x1750 net/netlink/af_netlink.c:1336 netlink_sendmsg+0x104f/0x1350 net/netlink/af_netlink.c:1901 sock_sendmsg_nosec net/socket.c:629 [inline] sock_sendmsg net/socket.c:639 [inline] ___sys_sendmsg+0xec0/0x1310 net/socket.c:2117 __sys_sendmsg net/socket.c:2155 [inline] __do_sys_sendmsg net/socket.c:2164 [inline] __se_sys_sendmsg net/socket.c:2162 [inline] __x64_sys_sendmsg+0x331/0x460 net/socket.c:2162 do_syscall_64+0x152/0x230 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:279 [inline] kmsan_internal_poison_shadow+0xb8/0x1b0 mm/kmsan/kmsan.c:189 kmsan_kmalloc+0x94/0x100 mm/kmsan/kmsan.c:315 kmsan_slab_alloc+0x10/0x20 mm/kmsan/kmsan.c:322 slab_post_alloc_hook mm/slab.h:446 [inline] slab_alloc_node mm/slub.c:2753 [inline] __kmalloc_node_track_caller+0xb32/0x11b0 mm/slub.c:4395 __kmalloc_reserve net/core/skbuff.c:138 [inline] __alloc_skb+0x2cb/0x9e0 net/core/skbuff.c:206 alloc_skb include/linux/skbuff.h:988 [inline] netlink_alloc_large_skb net/netlink/af_netlink.c:1182 [inline] netlink_sendmsg+0x76e/0x1350 net/netlink/af_netlink.c:1876 sock_sendmsg_nosec net/socket.c:629 [inline] sock_sendmsg net/socket.c:639 [inline] ___sys_sendmsg+0xec0/0x1310 net/socket.c:2117 __sys_sendmsg net/socket.c:2155 [inline] __do_sys_sendmsg net/socket.c:2164 [inline] __se_sys_sendmsg net/socket.c:2162 [inline] __x64_sys_sendmsg+0x331/0x460 net/socket.c:2162 do_syscall_64+0x152/0x230 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Fixes: a919525 ("net: Move fib_convert_metrics to metrics file") Fixes: 1da177e ("Linux-2.6.12-rc2") Signed-off-by: Eric Dumazet <[email protected]> Reported-by: syzbot <[email protected]> Cc: David Ahern <[email protected]> Signed-off-by: David S. Miller <[email protected]>
alaahl
pushed a commit
to alaahl/linux
that referenced
this pull request
Jun 6, 2018
It seems that rtnl_group_changelink() can call do_setlink while a prior call to validate_linkmsg(dev = NULL, ...) could not validate IFLA_ADDRESS / IFLA_BROADCAST Make sure do_setlink() calls validate_linkmsg() instead of letting its callers having this responsibility. With help from Dmitry Vyukov, thanks a lot ! BUG: KMSAN: uninit-value in is_valid_ether_addr include/linux/etherdevice.h:199 [inline] BUG: KMSAN: uninit-value in eth_prepare_mac_addr_change net/ethernet/eth.c:275 [inline] BUG: KMSAN: uninit-value in eth_mac_addr+0x203/0x2b0 net/ethernet/eth.c:308 CPU: 1 PID: 8695 Comm: syz-executor3 Not tainted 4.17.0-rc5+ torvalds#103 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x185/0x1d0 lib/dump_stack.c:113 kmsan_report+0x149/0x260 mm/kmsan/kmsan.c:1084 __msan_warning_32+0x6e/0xc0 mm/kmsan/kmsan_instr.c:686 is_valid_ether_addr include/linux/etherdevice.h:199 [inline] eth_prepare_mac_addr_change net/ethernet/eth.c:275 [inline] eth_mac_addr+0x203/0x2b0 net/ethernet/eth.c:308 dev_set_mac_address+0x261/0x530 net/core/dev.c:7157 do_setlink+0xbc3/0x5fc0 net/core/rtnetlink.c:2317 rtnl_group_changelink net/core/rtnetlink.c:2824 [inline] rtnl_newlink+0x1fe9/0x37a0 net/core/rtnetlink.c:2976 rtnetlink_rcv_msg+0xa32/0x1560 net/core/rtnetlink.c:4646 netlink_rcv_skb+0x378/0x600 net/netlink/af_netlink.c:2448 rtnetlink_rcv+0x50/0x60 net/core/rtnetlink.c:4664 netlink_unicast_kernel net/netlink/af_netlink.c:1310 [inline] netlink_unicast+0x1678/0x1750 net/netlink/af_netlink.c:1336 netlink_sendmsg+0x104f/0x1350 net/netlink/af_netlink.c:1901 sock_sendmsg_nosec net/socket.c:629 [inline] sock_sendmsg net/socket.c:639 [inline] ___sys_sendmsg+0xec0/0x1310 net/socket.c:2117 __sys_sendmsg net/socket.c:2155 [inline] __do_sys_sendmsg net/socket.c:2164 [inline] __se_sys_sendmsg net/socket.c:2162 [inline] __x64_sys_sendmsg+0x331/0x460 net/socket.c:2162 do_syscall_64+0x152/0x230 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x455a09 RSP: 002b:00007fc07480ec68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fc07480f6d4 RCX: 0000000000455a09 RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000014 RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000005d0 R14: 00000000006fdc20 R15: 0000000000000000 Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:279 [inline] kmsan_save_stack mm/kmsan/kmsan.c:294 [inline] kmsan_internal_chain_origin+0x12b/0x210 mm/kmsan/kmsan.c:685 kmsan_memcpy_origins+0x11d/0x170 mm/kmsan/kmsan.c:527 __msan_memcpy+0x109/0x160 mm/kmsan/kmsan_instr.c:478 do_setlink+0xb84/0x5fc0 net/core/rtnetlink.c:2315 rtnl_group_changelink net/core/rtnetlink.c:2824 [inline] rtnl_newlink+0x1fe9/0x37a0 net/core/rtnetlink.c:2976 rtnetlink_rcv_msg+0xa32/0x1560 net/core/rtnetlink.c:4646 netlink_rcv_skb+0x378/0x600 net/netlink/af_netlink.c:2448 rtnetlink_rcv+0x50/0x60 net/core/rtnetlink.c:4664 netlink_unicast_kernel net/netlink/af_netlink.c:1310 [inline] netlink_unicast+0x1678/0x1750 net/netlink/af_netlink.c:1336 netlink_sendmsg+0x104f/0x1350 net/netlink/af_netlink.c:1901 sock_sendmsg_nosec net/socket.c:629 [inline] sock_sendmsg net/socket.c:639 [inline] ___sys_sendmsg+0xec0/0x1310 net/socket.c:2117 __sys_sendmsg net/socket.c:2155 [inline] __do_sys_sendmsg net/socket.c:2164 [inline] __se_sys_sendmsg net/socket.c:2162 [inline] __x64_sys_sendmsg+0x331/0x460 net/socket.c:2162 do_syscall_64+0x152/0x230 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:279 [inline] kmsan_internal_poison_shadow+0xb8/0x1b0 mm/kmsan/kmsan.c:189 kmsan_kmalloc+0x94/0x100 mm/kmsan/kmsan.c:315 kmsan_slab_alloc+0x10/0x20 mm/kmsan/kmsan.c:322 slab_post_alloc_hook mm/slab.h:446 [inline] slab_alloc_node mm/slub.c:2753 [inline] __kmalloc_node_track_caller+0xb32/0x11b0 mm/slub.c:4395 __kmalloc_reserve net/core/skbuff.c:138 [inline] __alloc_skb+0x2cb/0x9e0 net/core/skbuff.c:206 alloc_skb include/linux/skbuff.h:988 [inline] netlink_alloc_large_skb net/netlink/af_netlink.c:1182 [inline] netlink_sendmsg+0x76e/0x1350 net/netlink/af_netlink.c:1876 sock_sendmsg_nosec net/socket.c:629 [inline] sock_sendmsg net/socket.c:639 [inline] ___sys_sendmsg+0xec0/0x1310 net/socket.c:2117 __sys_sendmsg net/socket.c:2155 [inline] __do_sys_sendmsg net/socket.c:2164 [inline] __se_sys_sendmsg net/socket.c:2162 [inline] __x64_sys_sendmsg+0x331/0x460 net/socket.c:2162 do_syscall_64+0x152/0x230 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Fixes: e7ed828 ("netlink: support setting devgroup parameters") Signed-off-by: Eric Dumazet <[email protected]> Reported-by: syzbot <[email protected]> Cc: Dmitry Vyukov <[email protected]> Signed-off-by: David S. Miller <[email protected]>
fengguang
pushed a commit
to 0day-ci/linux
that referenced
this pull request
Jun 11, 2018
GIT 3036bc45364f98515a2c446d7fac2c34dcfbeff4 commit 48a8bbc7ca494709522621929f8407ab823d73fc Author: Arnd Bergmann <[email protected]> Date: Fri May 25 11:25:12 2018 -0400 media: omap2: fix compile-testing with FB_OMAP2=m Compile-testing with FB_OMAP2=m results in a link error: drivers/media/platform/omap/omap_vout.o: In function `vidioc_streamoff': omap_vout.c:(.text+0x1028): undefined reference to `omap_dispc_unregister_isr' drivers/media/platform/omap/omap_vout.o: In function `omap_vout_release': omap_vout.c:(.text+0x1330): undefined reference to `omap_dispc_unregister_isr' drivers/media/platform/omap/omap_vout.o: In function `vidioc_streamon': omap_vout.c:(.text+0x2dd4): undefined reference to `omap_dispc_register_isr' drivers/media/platform/omap/omap_vout.o: In function `omap_vout_remove': In order to enable compile-testing but still keep the correct dependency, this changes the Kconfig logic so we only allow CONFIG_COMPILE_TEST building when FB_OMAP is completely disabled, or have use the old dependency on FB_OMAP to ensure VIDEO_OMAP2_VOUT is also a loadable module when FB_OMAP2 is. Fixes: d8555fd2f452 ("media: omap2: allow building it with COMPILE_TEST && DRM_OMAP") Signed-off-by: Arnd Bergmann <[email protected]> Signed-off-by: Hans Verkuil <[email protected]> Signed-off-by: Mauro Carvalho Chehab <[email protected]> commit 0ed2dd03b94b7b7f66e23f25073b5385d0416589 Author: Kees Cook <[email protected]> Date: Tue May 8 16:08:53 2018 -0700 treewide: Use struct_size() for devm_kmalloc() and friends Replaces open-coded struct size calculations with struct_size() for devm_*, f2fs_*, and sock_* allocations. Automatically generated (and manually adjusted) from the following Coccinelle script: // Direct reference to struct field. @@ identifier alloc =~ "devm_kmalloc|devm_kzalloc|sock_kmalloc|f2fs_kmalloc|f2fs_kzalloc"; expression HANDLE; expression GFP; identifier VAR, ELEMENT; expression COUNT; @@ - alloc(HANDLE, sizeof(*VAR) + COUNT * sizeof(*VAR->ELEMENT), GFP) + alloc(HANDLE, struct_size(VAR, ELEMENT, COUNT), GFP) // mr = kzalloc(sizeof(*mr) + m * sizeof(mr->map[0]), GFP_KERNEL); @@ identifier alloc =~ "devm_kmalloc|devm_kzalloc|sock_kmalloc|f2fs_kmalloc|f2fs_kzalloc"; expression HANDLE; expression GFP; identifier VAR, ELEMENT; expression COUNT; @@ - alloc(HANDLE, sizeof(*VAR) + COUNT * sizeof(VAR->ELEMENT[0]), GFP) + alloc(HANDLE, struct_size(VAR, ELEMENT, COUNT), GFP) // Same pattern, but can't trivially locate the trailing element name, // or variable name. @@ identifier alloc =~ "devm_kmalloc|devm_kzalloc|sock_kmalloc|f2fs_kmalloc|f2fs_kzalloc"; expression HANDLE; expression GFP; expression SOMETHING, COUNT, ELEMENT; @@ - alloc(HANDLE, sizeof(SOMETHING) + COUNT * sizeof(ELEMENT), GFP) + alloc(HANDLE, CHECKME_struct_size(&SOMETHING, ELEMENT, COUNT), GFP) Signed-off-by: Kees Cook <[email protected]> commit b4b06db115bbbc10252287ae2d326fb5ecefaf18 Author: Kees Cook <[email protected]> Date: Tue May 8 15:56:34 2018 -0700 treewide: Use struct_size() for vmalloc()-family This only finds one hit in the entire tree, but here's the Coccinelle: // Directly refer to structure's field @@ identifier alloc =~ "vmalloc|vzalloc"; identifier VAR, ELEMENT; expression COUNT; @@ - alloc(sizeof(*VAR) + COUNT * sizeof(*VAR->ELEMENT)) + alloc(struct_size(VAR, ELEMENT, COUNT)) // mr = kzalloc(sizeof(*mr) + m * sizeof(mr->map[0]), GFP_KERNEL); @@ identifier alloc =~ "vmalloc|vzalloc"; identifier VAR, ELEMENT; expression COUNT; @@ - alloc(sizeof(*VAR) + COUNT * sizeof(VAR->ELEMENT[0])) + alloc(struct_size(VAR, ELEMENT, COUNT)) // Same pattern, but can't trivially locate the trailing element name, // or variable name. @@ identifier alloc =~ "vmalloc|vzalloc"; expression SOMETHING, COUNT, ELEMENT; @@ - alloc(sizeof(SOMETHING) + COUNT * sizeof(ELEMENT)) + alloc(CHECKME_struct_size(&SOMETHING, ELEMENT, COUNT)) Signed-off-by: Kees Cook <[email protected]> commit acafe7e30216166a17e6e226aadc3ecb63993242 Author: Kees Cook <[email protected]> Date: Tue May 8 13:45:50 2018 -0700 treewide: Use struct_size() for kmalloc()-family One of the more common cases of allocation size calculations is finding the size of a structure that has a zero-sized array at the end, along with memory for some number of elements for that array. For example: struct foo { int stuff; void *entry[]; }; instance = kmalloc(sizeof(struct foo) + sizeof(void *) * count, GFP_KERNEL); Instead of leaving these open-coded and prone to type mistakes, we can now use the new struct_size() helper: instance = kmalloc(struct_size(instance, entry, count), GFP_KERNEL); This patch makes the changes for kmalloc()-family (and kvmalloc()-family) uses. It was done via automatic conversion with manual review for the "CHECKME" non-standard cases noted below, using the following Coccinelle script: // pkey_cache = kmalloc(sizeof *pkey_cache + tprops->pkey_tbl_len * // sizeof *pkey_cache->table, GFP_KERNEL); @@ identifier alloc =~ "kmalloc|kzalloc|kvmalloc|kvzalloc"; expression GFP; identifier VAR, ELEMENT; expression COUNT; @@ - alloc(sizeof(*VAR) + COUNT * sizeof(*VAR->ELEMENT), GFP) + alloc(struct_size(VAR, ELEMENT, COUNT), GFP) // mr = kzalloc(sizeof(*mr) + m * sizeof(mr->map[0]), GFP_KERNEL); @@ identifier alloc =~ "kmalloc|kzalloc|kvmalloc|kvzalloc"; expression GFP; identifier VAR, ELEMENT; expression COUNT; @@ - alloc(sizeof(*VAR) + COUNT * sizeof(VAR->ELEMENT[0]), GFP) + alloc(struct_size(VAR, ELEMENT, COUNT), GFP) // Same pattern, but can't trivially locate the trailing element name, // or variable name. @@ identifier alloc =~ "kmalloc|kzalloc|kvmalloc|kvzalloc"; expression GFP; expression SOMETHING, COUNT, ELEMENT; @@ - alloc(sizeof(SOMETHING) + COUNT * sizeof(ELEMENT), GFP) + alloc(CHECKME_struct_size(&SOMETHING, ELEMENT, COUNT), GFP) Signed-off-by: Kees Cook <[email protected]> commit 7170e6045a6a8b33f4fa5753589dc77b16198e2d Author: Doron Roberts-Kedes <[email protected]> Date: Wed Jun 6 09:33:28 2018 -0700 strparser: Add __strp_unpause and use it in ktls. strp_unpause queues strp_work in order to parse any messages that arrived while the strparser was paused. However, the process invoking strp_unpause could eagerly parse a buffered message itself if it held the sock lock. __strp_unpause is an alternative to strp_pause that avoids the scheduling overhead that results when a receiving thread unpauses the strparser and waits for the next message to be delivered by the workqueue thread. This patch more than doubled the IOPS achieved in a benchmark of NBD traffic encrypted using ktls. Signed-off-by: Doron Roberts-Kedes <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit fb1967a69f756073362b8f19347f863f227320ad Author: David Howells <[email protected]> Date: Wed Jun 6 14:59:14 2018 +0100 rxrpc: Fix terminal retransmission connection ID to include the channel When retransmitting the final ACK or ABORT packet for a call, the cid field in the packet header is set to the connection's cid, but this is incorrect as it also needs to include the channel number on that connection that the call was made on. Fix this by OR'ing in the channel number. Note that this fixes the bug that: commit 1a025028d400b23477341aa7ec2ce55f8b39b554 rxrpc: Fix handling of call quietly cancelled out on server works around. I'm not intending to revert that as it will help protect against problems that might occur on the server. Fixes: 3136ef49a14c ("rxrpc: Delay terminal ACK transmission on a client call") Signed-off-by: David Howells <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 8e52a602b5126183f7a6487c4d48f6a00af4e4fd Author: Xi Wang <[email protected]> Date: Wed Jun 6 14:07:53 2018 +0100 net: hns3: Optimize PF CMDQ interrupt switching process When the PF frequently switches the CMDQ interrupt, if the CMDQ_SRC is not cleared before the hardware interrupt is generated, the new interrupt will not be reported. This patch optimizes this problem by clearing CMDQ_SRC and RESET_STS before enabling interrupt and syncing pending IRQ handlers after disabling interrupt. Fixes: 466b0c00391b ("net: hns3: Add support for misc interrupt") Signed-off-by: Xi Wang <[email protected]> Signed-off-by: Peng Li <[email protected]> Signed-off-by: Salil Mehta <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 6444e2a5f1e680278b58ced3568bdff84afe14a5 Author: Xi Wang <[email protected]> Date: Wed Jun 6 14:07:52 2018 +0100 net: hns3: Fix for VF mailbox receiving unknown message Before the firmware updates the crq's tail pointer, if the VF driver reads the data in the crq, the data may be incomplete at this time, which will lead to the driver read an unknown message. This patch fixes it by checking if crq is empty before reading the message. Fixes: b11a0bb231f3 ("net: hns3: Add mailbox support to VF driver") Signed-off-by: Xi Wang <[email protected]> Signed-off-by: Peng Li <[email protected]> Signed-off-by: Salil Mehta <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 1819e40908ee76c7219287224c22c772556c927e Author: Xi Wang <[email protected]> Date: Wed Jun 6 14:07:51 2018 +0100 net: hns3: Fix for VF mailbox cannot receiving PF response When the VF frequently switches the CMDQ interrupt, if the CMDQ_SRC is not cleared, the VF will not receive the new PF response after the interrupt is re-enabled, the corresponding log is as follows: [ 317.482222] hns3 0000:00:03.0: VF could not get mbx resp(=0) from PF in 500 tries [ 317.483137] hns3 0000:00:03.0: VF request to get tqp info from PF failed -5 This patch fixes this problem by clearing CMDQ_SRC before enabling interrupt and syncing pending IRQ handlers after disabling interrupt. Fixes: e2cb1dec9779 ("net: hns3: Add HNS3 VF HCL(Hardware Compatibility Layer) Support") Signed-off-by: Xi Wang <[email protected]> Signed-off-by: Peng Li <[email protected]> Signed-off-by: Salil Mehta <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit dd612f18a49b63af8b3a5f572d999bdb197385bc Author: Julia Lawall <[email protected]> Date: Wed Jun 6 15:03:22 2018 +0200 bnx2x: use the right constant Nearby code that also tests port suggests that the P0 constant should be used when port is zero. The semantic match that finds this problem is as follows: (http://coccinelle.lip6.fr/) // <smpl> @@ expression e,e1; @@ * e ? e1 : e1 // </smpl> Fixes: 6c3218c6f7e5 ("bnx2x: Adjust ETS to 578xx") Signed-off-by: Julia Lawall <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 9a99dc1c41772e0b24348f089a7a7edb91fc7723 Author: David S. Miller <[email protected]> Date: Wed Jun 6 13:55:47 2018 -0400 Revert "net: sched: cls: Fix offloading when ingress dev is vxlan" This reverts commit d96a43c66464cdf0b249fdf47b6dcd65b83af8c0. This potentially breaks things, so reverting as per request by Jakub Kicinski. Signed-off-by: David S. Miller <[email protected]> commit 5040cc990cbac98733df4d58fdeac5bbdab15b49 Author: Arun Parameswaran <[email protected]> Date: Tue Jun 5 13:38:12 2018 -0700 net: dsa: b53: Fix for brcm tag issue in Cygnus SoC In the Broadcom Cygnus SoC, the brcm tag needs to be inserted in between the mac address and the ether type (should use 'DSA_PROTO_TAG_BRCM') for the packets sent to the internal b53 switch. Since the Cygnus was added with the BCM58XX device id and the BCM58XX uses 'DSA_PROTO_TAG_BRCM_PREPEND', the data path is broken, due to the incorrect brcm tag location. Add a new b53 device id (BCM583XX) for Cygnus family to fix the issue. Add the new device id to the BCM58XX family as Cygnus is similar to the BCM58XX in most other functionalities. Fixes: 11606039604c ("net: dsa: b53: Support prepended Broadcom tags") Signed-off-by: Arun Parameswaran <[email protected]> Acked-by: Scott Branden <[email protected]> Reported-by: Clément Péron <[email protected]> Reviewed-by: Florian Fainelli <[email protected]> Tested-by: Clément Péron <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 4016a7f15efc9189f0ce18025fb3306a8b5f9195 Author: Govindarajulu Varadarajan <[email protected]> Date: Tue Jun 5 10:14:57 2018 -0700 enic: fix UDP rss bits In commit 48398b6e7065 ("enic: set UDP rss flag") driver needed to set a single bit to enable UDP rss. This is changed to two bit. One for UDP IPv4 and other bit for UDP IPv6. The hardware which supports this is not released yet. When released, driver should set 2 bit to enable UDP rss for both IPv4 and IPv6. Also add spinlock around vnic_dev_capable_rss_hash_type(). Signed-off-by: Govindarajulu Varadarajan <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit ff5bc793e47b537bf3e904fada585e102c54dd8b Author: Nicholas Piggin <[email protected]> Date: Wed Jun 6 11:40:08 2018 +1000 powerpc/64s/radix: Fix missing ptesync in flush_cache_vmap There is a typo in f1cb8f9beb ("powerpc/64s/radix: avoid ptesync after set_pte and ptep_set_access_flags") config ifdef, which results in the necessary ptesync not being issued after vmalloc. This causes random kernel faults in module load, bpf load, anywhere that vmalloc mappings are used. After correcting the code, this survives a guest kernel booting hundreds of times where previously there would be a crash every few boots (I haven't noticed the crash on host, perhaps due to different TLB and page table walking behaviour in hardware). A memory clobber is also added to the flush, just to be sure it won't be reordered with the pte set or the subsequent mapping access. Fixes: f1cb8f9beb ("powerpc/64s/radix: avoid ptesync after set_pte and ptep_set_access_flags") Signed-off-by: Nicholas Piggin <[email protected]> Signed-off-by: Michael Ellerman <[email protected]> commit 591a033dc17ff6f684b6b6d1d7426e22d178194f Author: Yisheng Xie <[email protected]> Date: Thu May 17 16:36:03 2018 +0800 tracing: Use match_string() instead of open coding it in trace_set_options() match_string() returns the index of an array for a matching string, which can be used to simplify the code. Link: http://lkml.kernel.org/r/[email protected] Reviewed-by: Andy Shevchenko <[email protected]> Signed-off-by: Yisheng Xie <[email protected]> Signed-off-by: Steven Rostedt (VMware) <[email protected]> commit 2509b561f7c6599907c08cb364c86b8c45466e4f Author: Kees Cook <[email protected]> Date: Tue May 8 22:29:52 2018 -0700 device: Use overflow helpers for devm_kmalloc() Use the overflow helpers both in existing multiplication-using inlines as well as the addition-overflow case in the core allocation routine. Signed-off-by: Kees Cook <[email protected]> commit 3b3b1a29eb89ba93f91213cbebb332a2ac31fa8b Author: Kees Cook <[email protected]> Date: Tue May 8 12:55:26 2018 -0700 mm: Use overflow helpers in kvmalloc() Instead of open-coded multiplication and bounds checking, use the new overflow helper. Additionally prepare for vmalloc() users to add array_size()-family helpers in the future. Signed-off-by: Kees Cook <[email protected]> commit 49b7f8983aa78581bfd511a26891b26cd734e293 Author: Kees Cook <[email protected]> Date: Tue May 8 12:52:32 2018 -0700 mm: Use overflow helpers in kmalloc_array*() Instead of open-coded multiplication and bounds checking, use the new overflow helper. Suggested-by: Rasmus Villemoes <[email protected]> Signed-off-by: Kees Cook <[email protected]> commit ca90800a91ba723d78ded634d037c1d2df8b54d6 Author: Kees Cook <[email protected]> Date: Thu May 10 16:40:03 2018 -0700 test_overflow: Add memory allocation overflow tests Make sure that the memory allocators are behaving as expected in the face of overflows of multiplied arguments or when using the array_size()-family helpers. Example output of new tests (with the expected __alloc_pages_slowpath and vmalloc warnings about refusing giant allocations removed): [ 93.062076] test_overflow: kmalloc detected saturation [ 93.062988] test_overflow: kmalloc_node detected saturation [ 93.063818] test_overflow: kzalloc detected saturation [ 93.064539] test_overflow: kzalloc_node detected saturation [ 93.120386] test_overflow: kvmalloc detected saturation [ 93.143458] test_overflow: kvmalloc_node detected saturation [ 93.166861] test_overflow: kvzalloc detected saturation [ 93.189924] test_overflow: kvzalloc_node detected saturation [ 93.221671] test_overflow: vmalloc detected saturation [ 93.246326] test_overflow: vmalloc_node detected saturation [ 93.270260] test_overflow: vzalloc detected saturation [ 93.293824] test_overflow: vzalloc_node detected saturation [ 93.294597] test_overflow: devm_kmalloc detected saturation [ 93.295383] test_overflow: devm_kzalloc detected saturation [ 93.296217] test_overflow: all tests passed Signed-off-by: Kees Cook <[email protected]> commit 610b15c50e86eb1e4b77274fabcaea29ac72d6a8 Author: Kees Cook <[email protected]> Date: Mon May 7 16:47:02 2018 -0700 overflow.h: Add allocation size calculation helpers In preparation for replacing unchecked overflows for memory allocations, this creates helpers for the 3 most common calculations: array_size(a, b): 2-dimensional array array3_size(a, b, c): 3-dimensional array struct_size(ptr, member, n): struct followed by n-many trailing members Each of these return SIZE_MAX on overflow instead of wrapping around. (Additionally renames a variable named "array_size" to avoid future collision.) Co-developed-by: Matthew Wilcox <[email protected]> Signed-off-by: Kees Cook <[email protected]> commit 8fee81aa4598484c073c845281a25d94fb204cf6 Author: Kees Cook <[email protected]> Date: Wed May 9 22:13:28 2018 -0700 test_overflow: Report test failures This adjusts the overflow test to report failures, and prepares to add allocation tests. Signed-off-by: Kees Cook <[email protected]> commit 6d3344324b5ae49fc8cb599a2c687e5607ba6e9f Author: Rasmus Villemoes <[email protected]> Date: Mon Jun 4 08:41:27 2018 +0200 test_overflow: macrofy some more, do more tests for free Obviously a+b==b+a and a*b==b*a, but the implementation of the fallback checks are not entirely symmetric in how they treat a and b. So we might as well check the (b,a,r,of) tuple as well as the (a,b,r,of) one for + and *. Rather than more copy-paste, factor out the common part to check_one_op. Signed-off-by: Rasmus Villemoes <[email protected]> Signed-off-by: Kees Cook <[email protected]> commit 455a35a6cdb6f53fe9294e23301eb056f2908bd9 Author: Rasmus Villemoes <[email protected]> Date: Tue May 8 00:36:28 2018 +0200 lib: add runtime test of check_*_overflow functions This adds a small module for testing that the check_*_overflow functions work as expected, whether implemented in C or using gcc builtins. Example output: test_overflow: u8 : 18 tests test_overflow: s8 : 19 tests test_overflow: u16: 17 tests test_overflow: s16: 17 tests test_overflow: u32: 17 tests test_overflow: s32: 17 tests test_overflow: u64: 17 tests test_overflow: s64: 21 tests Signed-off-by: Rasmus Villemoes <[email protected]> [kees: add output to commit log, drop u64 tests on 32-bit] Signed-off-by: Kees Cook <[email protected]> commit 75d4e704fa8d2cf33ff295e5b441317603d7f9fd Author: Cong Wang <[email protected]> Date: Tue Jun 5 09:48:13 2018 -0700 netdev-FAQ: clarify DaveM's position for stable backports Per discussion with David at netconf 2018, let's clarify DaveM's position of handling stable backports in netdev-FAQ. This is important for people relying on upstream -stable releases. Cc: Greg Kroah-Hartman <[email protected]> Signed-off-by: Cong Wang <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 644c7eebbfd59e72982d11ec6cc7d39af12450ae Author: Eric Dumazet <[email protected]> Date: Tue Jun 5 09:25:19 2018 -0700 rtnetlink: validate attributes in do_setlink() It seems that rtnl_group_changelink() can call do_setlink while a prior call to validate_linkmsg(dev = NULL, ...) could not validate IFLA_ADDRESS / IFLA_BROADCAST Make sure do_setlink() calls validate_linkmsg() instead of letting its callers having this responsibility. With help from Dmitry Vyukov, thanks a lot ! BUG: KMSAN: uninit-value in is_valid_ether_addr include/linux/etherdevice.h:199 [inline] BUG: KMSAN: uninit-value in eth_prepare_mac_addr_change net/ethernet/eth.c:275 [inline] BUG: KMSAN: uninit-value in eth_mac_addr+0x203/0x2b0 net/ethernet/eth.c:308 CPU: 1 PID: 8695 Comm: syz-executor3 Not tainted 4.17.0-rc5+ #103 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x185/0x1d0 lib/dump_stack.c:113 kmsan_report+0x149/0x260 mm/kmsan/kmsan.c:1084 __msan_warning_32+0x6e/0xc0 mm/kmsan/kmsan_instr.c:686 is_valid_ether_addr include/linux/etherdevice.h:199 [inline] eth_prepare_mac_addr_change net/ethernet/eth.c:275 [inline] eth_mac_addr+0x203/0x2b0 net/ethernet/eth.c:308 dev_set_mac_address+0x261/0x530 net/core/dev.c:7157 do_setlink+0xbc3/0x5fc0 net/core/rtnetlink.c:2317 rtnl_group_changelink net/core/rtnetlink.c:2824 [inline] rtnl_newlink+0x1fe9/0x37a0 net/core/rtnetlink.c:2976 rtnetlink_rcv_msg+0xa32/0x1560 net/core/rtnetlink.c:4646 netlink_rcv_skb+0x378/0x600 net/netlink/af_netlink.c:2448 rtnetlink_rcv+0x50/0x60 net/core/rtnetlink.c:4664 netlink_unicast_kernel net/netlink/af_netlink.c:1310 [inline] netlink_unicast+0x1678/0x1750 net/netlink/af_netlink.c:1336 netlink_sendmsg+0x104f/0x1350 net/netlink/af_netlink.c:1901 sock_sendmsg_nosec net/socket.c:629 [inline] sock_sendmsg net/socket.c:639 [inline] ___sys_sendmsg+0xec0/0x1310 net/socket.c:2117 __sys_sendmsg net/socket.c:2155 [inline] __do_sys_sendmsg net/socket.c:2164 [inline] __se_sys_sendmsg net/socket.c:2162 [inline] __x64_sys_sendmsg+0x331/0x460 net/socket.c:2162 do_syscall_64+0x152/0x230 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x455a09 RSP: 002b:00007fc07480ec68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fc07480f6d4 RCX: 0000000000455a09 RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000014 RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000005d0 R14: 00000000006fdc20 R15: 0000000000000000 Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:279 [inline] kmsan_save_stack mm/kmsan/kmsan.c:294 [inline] kmsan_internal_chain_origin+0x12b/0x210 mm/kmsan/kmsan.c:685 kmsan_memcpy_origins+0x11d/0x170 mm/kmsan/kmsan.c:527 __msan_memcpy+0x109/0x160 mm/kmsan/kmsan_instr.c:478 do_setlink+0xb84/0x5fc0 net/core/rtnetlink.c:2315 rtnl_group_changelink net/core/rtnetlink.c:2824 [inline] rtnl_newlink+0x1fe9/0x37a0 net/core/rtnetlink.c:2976 rtnetlink_rcv_msg+0xa32/0x1560 net/core/rtnetlink.c:4646 netlink_rcv_skb+0x378/0x600 net/netlink/af_netlink.c:2448 rtnetlink_rcv+0x50/0x60 net/core/rtnetlink.c:4664 netlink_unicast_kernel net/netlink/af_netlink.c:1310 [inline] netlink_unicast+0x1678/0x1750 net/netlink/af_netlink.c:1336 netlink_sendmsg+0x104f/0x1350 net/netlink/af_netlink.c:1901 sock_sendmsg_nosec net/socket.c:629 [inline] sock_sendmsg net/socket.c:639 [inline] ___sys_sendmsg+0xec0/0x1310 net/socket.c:2117 __sys_sendmsg net/socket.c:2155 [inline] __do_sys_sendmsg net/socket.c:2164 [inline] __se_sys_sendmsg net/socket.c:2162 [inline] __x64_sys_sendmsg+0x331/0x460 net/socket.c:2162 do_syscall_64+0x152/0x230 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:279 [inline] kmsan_internal_poison_shadow+0xb8/0x1b0 mm/kmsan/kmsan.c:189 kmsan_kmalloc+0x94/0x100 mm/kmsan/kmsan.c:315 kmsan_slab_alloc+0x10/0x20 mm/kmsan/kmsan.c:322 slab_post_alloc_hook mm/slab.h:446 [inline] slab_alloc_node mm/slub.c:2753 [inline] __kmalloc_node_track_caller+0xb32/0x11b0 mm/slub.c:4395 __kmalloc_reserve net/core/skbuff.c:138 [inline] __alloc_skb+0x2cb/0x9e0 net/core/skbuff.c:206 alloc_skb include/linux/skbuff.h:988 [inline] netlink_alloc_large_skb net/netlink/af_netlink.c:1182 [inline] netlink_sendmsg+0x76e/0x1350 net/netlink/af_netlink.c:1876 sock_sendmsg_nosec net/socket.c:629 [inline] sock_sendmsg net/socket.c:639 [inline] ___sys_sendmsg+0xec0/0x1310 net/socket.c:2117 __sys_sendmsg net/socket.c:2155 [inline] __do_sys_sendmsg net/socket.c:2164 [inline] __se_sys_sendmsg net/socket.c:2162 [inline] __x64_sys_sendmsg+0x331/0x460 net/socket.c:2162 do_syscall_64+0x152/0x230 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Fixes: e7ed828f10bd ("netlink: support setting devgroup parameters") Signed-off-by: Eric Dumazet <[email protected]> Reported-by: syzbot <[email protected]> Cc: Dmitry Vyukov <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 3fcc773be62a9c42dc9a5c1108da298fb9f66cfa Author: David Ahern <[email protected]> Date: Tue Jun 5 08:14:11 2018 -0700 mlxsw: Add extack messages for port_{un, }split failures Return messages in extack for port split/unsplit errors. e.g., $ devlink port split swp1s1 count 4 Error: mlxsw_spectrum: Port cannot be split further. devlink answers: Invalid argument $ devlink port unsplit swp4 Error: mlxsw_spectrum: Port was not split. devlink answers: Invalid argument Signed-off-by: David Ahern <[email protected]> Reviewed-by: Ido Schimmel <[email protected]> Acked-by: Jiri Pirko <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 7fa76d777ec53eeece1546b737a3b93b37639575 Author: David Ahern <[email protected]> Date: Tue Jun 5 08:14:10 2018 -0700 netdevsim: Add extack error message for devlink reload devlink reset command can fail if a FIB resource limit is set to a value lower than the current occupancy. Return a proper message indicating the reason for the failure. $ devlink resource sh netdevsim/netdevsim0 netdevsim/netdevsim0: name IPv4 size unlimited unit entry size_min 0 size_max unlimited size_gran 1 dpipe_tables none resources: name fib size unlimited occ 43 unit entry size_min 0 size_max unlimited size_gran 1 dpipe_tables none name fib-rules size unlimited occ 4 unit entry size_min 0 size_max unlimited size_gran 1 dpipe_tables none name IPv6 size unlimited unit entry size_min 0 size_max unlimited size_gran 1 dpipe_tables none resources: name fib size unlimited occ 54 unit entry size_min 0 size_max unlimited size_gran 1 dpipe_tables none name fib-rules size unlimited occ 3 unit entry size_min 0 size_max unlimited size_gran 1 dpipe_tables none $ devlink resource set netdevsim/netdevsim0 path /IPv4/fib size 40 $ devlink dev reload netdevsim/netdevsim0 Error: netdevsim: New size is less than current occupancy. devlink answers: Invalid argument Signed-off-by: David Ahern <[email protected]> Acked-by: Jakub Kicinski <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit ac0fc8a1bbcbe03ee67278afded105c05eb3535e Author: David Ahern <[email protected]> Date: Tue Jun 5 08:14:09 2018 -0700 devlink: Add extack to reload and port_{un, }split operations Add extack argument to reload, port_split and port_unsplit operations. Signed-off-by: David Ahern <[email protected]> Acked-by: Jiri Pirko <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 5b5e7a0de2bbf2a1afcd9f49e940010e9fb80d53 Author: Eric Dumazet <[email protected]> Date: Tue Jun 5 06:06:19 2018 -0700 net: metrics: add proper netlink validation Before using nla_get_u32(), better make sure the attribute is of the proper size. Code recently was changed, but bug has been there from beginning of git. BUG: KMSAN: uninit-value in rtnetlink_put_metrics+0x553/0x960 net/core/rtnetlink.c:746 CPU: 1 PID: 14139 Comm: syz-executor6 Not tainted 4.17.0-rc5+ #103 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x185/0x1d0 lib/dump_stack.c:113 kmsan_report+0x149/0x260 mm/kmsan/kmsan.c:1084 __msan_warning_32+0x6e/0xc0 mm/kmsan/kmsan_instr.c:686 rtnetlink_put_metrics+0x553/0x960 net/core/rtnetlink.c:746 fib_dump_info+0xc42/0x2190 net/ipv4/fib_semantics.c:1361 rtmsg_fib+0x65f/0x8c0 net/ipv4/fib_semantics.c:419 fib_table_insert+0x2314/0x2b50 net/ipv4/fib_trie.c:1287 inet_rtm_newroute+0x210/0x340 net/ipv4/fib_frontend.c:779 rtnetlink_rcv_msg+0xa32/0x1560 net/core/rtnetlink.c:4646 netlink_rcv_skb+0x378/0x600 net/netlink/af_netlink.c:2448 rtnetlink_rcv+0x50/0x60 net/core/rtnetlink.c:4664 netlink_unicast_kernel net/netlink/af_netlink.c:1310 [inline] netlink_unicast+0x1678/0x1750 net/netlink/af_netlink.c:1336 netlink_sendmsg+0x104f/0x1350 net/netlink/af_netlink.c:1901 sock_sendmsg_nosec net/socket.c:629 [inline] sock_sendmsg net/socket.c:639 [inline] ___sys_sendmsg+0xec0/0x1310 net/socket.c:2117 __sys_sendmsg net/socket.c:2155 [inline] __do_sys_sendmsg net/socket.c:2164 [inline] __se_sys_sendmsg net/socket.c:2162 [inline] __x64_sys_sendmsg+0x331/0x460 net/socket.c:2162 do_syscall_64+0x152/0x230 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x455a09 RSP: 002b:00007faae5fd8c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007faae5fd96d4 RCX: 0000000000455a09 RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000013 RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000005d0 R14: 00000000006fdc20 R15: 0000000000000000 Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:279 [inline] kmsan_save_stack mm/kmsan/kmsan.c:294 [inline] kmsan_internal_chain_origin+0x12b/0x210 mm/kmsan/kmsan.c:685 __msan_chain_origin+0x69/0xc0 mm/kmsan/kmsan_instr.c:529 fib_convert_metrics net/ipv4/fib_semantics.c:1056 [inline] fib_create_info+0x2d46/0x9dc0 net/ipv4/fib_semantics.c:1150 fib_table_insert+0x3e4/0x2b50 net/ipv4/fib_trie.c:1146 inet_rtm_newroute+0x210/0x340 net/ipv4/fib_frontend.c:779 rtnetlink_rcv_msg+0xa32/0x1560 net/core/rtnetlink.c:4646 netlink_rcv_skb+0x378/0x600 net/netlink/af_netlink.c:2448 rtnetlink_rcv+0x50/0x60 net/core/rtnetlink.c:4664 netlink_unicast_kernel net/netlink/af_netlink.c:1310 [inline] netlink_unicast+0x1678/0x1750 net/netlink/af_netlink.c:1336 netlink_sendmsg+0x104f/0x1350 net/netlink/af_netlink.c:1901 sock_sendmsg_nosec net/socket.c:629 [inline] sock_sendmsg net/socket.c:639 [inline] ___sys_sendmsg+0xec0/0x1310 net/socket.c:2117 __sys_sendmsg net/socket.c:2155 [inline] __do_sys_sendmsg net/socket.c:2164 [inline] __se_sys_sendmsg net/socket.c:2162 [inline] __x64_sys_sendmsg+0x331/0x460 net/socket.c:2162 do_syscall_64+0x152/0x230 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:279 [inline] kmsan_internal_poison_shadow+0xb8/0x1b0 mm/kmsan/kmsan.c:189 kmsan_kmalloc+0x94/0x100 mm/kmsan/kmsan.c:315 kmsan_slab_alloc+0x10/0x20 mm/kmsan/kmsan.c:322 slab_post_alloc_hook mm/slab.h:446 [inline] slab_alloc_node mm/slub.c:2753 [inline] __kmalloc_node_track_caller+0xb32/0x11b0 mm/slub.c:4395 __kmalloc_reserve net/core/skbuff.c:138 [inline] __alloc_skb+0x2cb/0x9e0 net/core/skbuff.c:206 alloc_skb include/linux/skbuff.h:988 [inline] netlink_alloc_large_skb net/netlink/af_netlink.c:1182 [inline] netlink_sendmsg+0x76e/0x1350 net/netlink/af_netlink.c:1876 sock_sendmsg_nosec net/socket.c:629 [inline] sock_sendmsg net/socket.c:639 [inline] ___sys_sendmsg+0xec0/0x1310 net/socket.c:2117 __sys_sendmsg net/socket.c:2155 [inline] __do_sys_sendmsg net/socket.c:2164 [inline] __se_sys_sendmsg net/socket.c:2162 [inline] __x64_sys_sendmsg+0x331/0x460 net/socket.c:2162 do_syscall_64+0x152/0x230 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Fixes: a919525ad832 ("net: Move fib_convert_metrics to metrics file") Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Eric Dumazet <[email protected]> Reported-by: syzbot <[email protected]> Cc: David Ahern <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit e783bb00ad86d9d1f01d9d3a750713070036358e Author: Sabrina Dubroca <[email protected]> Date: Tue Jun 5 15:02:00 2018 +0200 ipmr: fix error path when ipmr_new_table fails commit 0bbbf0e7d0e7 ("ipmr, ip6mr: Unite creation of new mr_table") refactored ipmr_new_table, so that it now returns NULL when mr_table_alloc fails. Unfortunately, all callers of ipmr_new_table expect an ERR_PTR. This can result in NULL deref, for example when ipmr_rules_exit calls ipmr_free_table with NULL net->ipv4.mrt in the !CONFIG_IP_MROUTE_MULTIPLE_TABLES version. This patch makes mr_table_alloc return errors, and changes ip6mr_new_table and its callers to return/expect error pointers as well. It also removes the version of mr_table_alloc defined under !CONFIG_IP_MROUTE_COMMON, since it is never used. Fixes: 0bbbf0e7d0e7 ("ipmr, ip6mr: Unite creation of new mr_table") Signed-off-by: Sabrina Dubroca <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 848235edb5c93ed086700584c8ff64f6d7fc778d Author: Sabrina Dubroca <[email protected]> Date: Tue Jun 5 15:01:59 2018 +0200 ip6mr: only set ip6mr_table from setsockopt when ip6mr_new_table succeeds Currently, raw6_sk(sk)->ip6mr_table is set unconditionally during ip6_mroute_setsockopt(MRT6_TABLE). A subsequent attempt at the same setsockopt will fail with -ENOENT, since we haven't actually created that table. A similar fix for ipv4 was included in commit 5e1859fbcc3c ("ipv4: ipmr: various fixes and cleanups"). Fixes: d1db275dd3f6 ("ipv6: ip6mr: support multiple tables") Signed-off-by: Sabrina Dubroca <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 4f416db98beaef2f047709e4693b0a4c64d9bbf8 Author: Arnd Bergmann <[email protected]> Date: Tue Jun 5 13:38:21 2018 +0200 net: hns3: remove unused hclgevf_cfg_func_mta_filter The last patch apparently added a complete replacement for this function, but left the old one in place, which now causes a harmless warning: drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c:731:12: 'hclgevf_cfg_func_mta_filter' defined but not used I assume it can be removed. Fixes: 3a678b5806e6 ("net: hns3: Optimize the VF's process of updating multicast MAC") Signed-off-by: Arnd Bergmann <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 2562c011f89785dea5b7e12449c587527dba3d2f Author: Josh Poimboeuf <[email protected]> Date: Mon Jun 4 13:48:32 2018 -0500 MAINTAINERS: add Josh Poimboeuf as faddr2line maintainer ... so I finally get credit for my greatest accomplishment. And, less importantly, so get_maintainer.pl will actually CC me on future patches. Signed-off-by: Josh Poimboeuf <[email protected]> Signed-off-by: Linus Torvalds <[email protected]> commit 689135f0ed61b6bf3adc215d2ee70be747cf8f93 Author: Peter Zijlstra (Intel) <[email protected]> Date: Mon Jun 4 13:48:31 2018 -0500 scripts/faddr2line: make the new code listing format optional Commit 6870c0165feaa5 ("scripts/faddr2line: show the code context") radically altered the output format of the faddr2line tool. And while the new list output format might have merit it broke my vim usage and was hard to read. Make the new format optional; using a '--list' argument and attempt to make the output slightly easier to read by adding a little whitespace to separate the different files and explicitly mark the line in question. Cc: Changbin Du <[email protected]> Fixes: 6870c0165feaa5 ("scripts/faddr2line: show the code context") Signed-off-by: Peter Zijlstra (Intel) <[email protected]> Signed-off-by: Josh Poimboeuf <[email protected]> Signed-off-by: Linus Torvalds <[email protected]> commit 6e86000c2c63123e174b7e198735fbb12f0258ea Author: Arnd Bergmann <[email protected]> Date: Tue Jun 5 13:40:34 2018 +0200 netfilter: provide udp*_lib_lookup for nf_tproxy It is now possible to enable the libified nf_tproxy modules without also enabling NETFILTER_XT_TARGET_TPROXY, which throws off the ifdef logic in the udp core code: net/ipv6/netfilter/nf_tproxy_ipv6.o: In function `nf_tproxy_get_sock_v6': nf_tproxy_ipv6.c:(.text+0x1a8): undefined reference to `udp6_lib_lookup' net/ipv4/netfilter/nf_tproxy_ipv4.o: In function `nf_tproxy_get_sock_v4': nf_tproxy_ipv4.c:(.text+0x3d0): undefined reference to `udp4_lib_lookup' We can actually simplify the conditions now to provide the two functions exactly when they are needed. Fixes: 45ca4e0cf273 ("netfilter: Libify xt_TPROXY") Signed-off-by: Arnd Bergmann <[email protected]> Acked-by: Paolo Abeni <[email protected]> Acked-by: Máté Eckl <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit d52c89f120de849575f6b2e5948038f2be12ce6f Author: Michal Kalderon <[email protected]> Date: Tue Jun 5 13:11:16 2018 +0300 qed*: Utilize FW 8.37.2.0 This FW contains several fixes and features. RDMA - Several modifications and fixes for Memory Windows - drop vlan and tcp timestamp from mss calculation in driver for this FW - Fix SQ completion flow when local ack timeout is infinite - Modifications in t10dif support ETH - Fix aRFS for tunneled traffic without inner IP. - Fix chip configuration which may fail under heavy traffic conditions. - Support receiving any-VNI in VXLAN and GENEVE RX classification. iSCSI / FcoE - Fix iSCSI recovery flow - Drop vlan and tcp timestamp from mss calc for fw 8.37.2.0 Misc - Several registers (split registers) won't read correctly with ethtool -d Signed-off-by: Ariel Elior <[email protected]> Signed-off-by: Manish Rangankar <[email protected]> Signed-off-by: Michal Kalderon <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit d377535405686f735b90a8ad4ba269484cd7c96e Author: Kent Overstreet <[email protected]> Date: Tue Jun 5 05:26:33 2018 -0400 dm: Use kzalloc for all structs with embedded biosets/mempools mempool_init()/bioset_init() require that the mempools/biosets be zeroed first; they probably should not _require_ this, but not allocating those structs with kzalloc is a fairly nonsensical thing to do (calling mempool_exit()/bioset_exit() on an uninitialized mempool/bioset is legal and safe, but only works if said memory was zeroed.) Acked-by: Mike Snitzer <[email protected]> Signed-off-by: Kent Overstreet <[email protected]> Signed-off-by: Jens Axboe <[email protected]> commit 95358a9553fbec6c47ad7bd1aec20df663295088 Author: Maciej Żenczykowski <[email protected]> Date: Tue Jun 5 03:07:23 2018 -0700 net-tcp: remove useless tw_timeout field Tested: 'git grep tw_timeout' comes up empty and it builds :-) Signed-off-by: Maciej Żenczykowski <[email protected]> Cc: Eric Dumazet <[email protected]> Signed-off-by: Eric Dumazet <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit d96a43c66464cdf0b249fdf47b6dcd65b83af8c0 Author: Paul Blakey <[email protected]> Date: Tue Jun 5 11:04:03 2018 +0300 net: sched: cls: Fix offloading when ingress dev is vxlan When using a vxlan device as the ingress dev, we count it as a "no offload dev", so when such a rule comes and err stop is true, we fail early and don't try the egdev route which can offload it through the egress device. Fix that by not calling the block offload if one of the devices attached to it is not offload capable, but make sure egress on such case is capable instead. Fixes: caa7260156eb ("net: sched: keep track of offloaded filters [..]") Reviewed-by: Roi Dayan <[email protected]> Acked-by: Jiri Pirko <[email protected]> Signed-off-by: Paul Blakey <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 1d88ba1ebb2763aa86172cd7ca05dedbeccc0d35 Author: Xin Long <[email protected]> Date: Tue Jun 5 12:16:58 2018 +0800 sctp: not allow transport timeout value less than HZ/5 for hb_timer syzbot reported a rcu_sched self-detected stall on CPU which is caused by too small value set on rto_min with SCTP_RTOINFO sockopt. With this value, hb_timer will get stuck there, as in its timer handler it starts this timer again with this value, then goes to the timer handler again. This problem is there since very beginning, and thanks to Eric for the reproducer shared from a syzbot mail. This patch fixes it by not allowing sctp_transport_timeout to return a smaller value than HZ/5 for hb_timer, which is based on TCP's min rto. Note that it doesn't fix this issue by limiting rto_min, as some users are still using small rto and no proper value was found for it yet. Reported-by: [email protected] Suggested-by: Marcelo Ricardo Leitner <[email protected]> Signed-off-by: Xin Long <[email protected]> Acked-by: Neil Horman <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 819dd92b9c0bc7bce9097d8c1f14240f471bb386 Author: Alexei Starovoitov <[email protected]> Date: Mon Jun 4 19:53:41 2018 -0700 bpfilter: switch to CC from HOSTCC check that CC can build executables and use that compiler instead of HOSTCC Suggested-by: Arnd Bergmann <[email protected]> Signed-off-by: Alexei Starovoitov <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 47a6ca3f972f5baf06cd0c9f37d7b5268ade5363 Author: Wei Yongjun <[email protected]> Date: Tue Jun 5 02:42:56 2018 +0000 net/mlx5e: fix error return code in mlx5e_alloc_rq() Fix to return error code -ENOMEM from the kvzalloc_node() error handling case instead of 0, as done elsewhere in this function. Fixes: 069d11465a80 ("net/mlx5e: RX, Enhance legacy Receive Queue memory scheme") Signed-off-by: Wei Yongjun <[email protected]> Reviewed-by: Tariq Toukan <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 6f6027a52bfbb9bbf18937d2628eaf1137a5a386 Author: Wei Yongjun <[email protected]> Date: Tue Jun 5 02:42:45 2018 +0000 net/mlx5e: Make function mlx5e_change_rep_mtu() static Fixes the following sparse warning: drivers/net/ethernet/mellanox/mlx5/core/en_rep.c:903:5: warning: symbol 'mlx5e_change_rep_mtu' was not declared. Should it be static? Signed-off-by: Wei Yongjun <[email protected]> Reviewed-by: Leon Romanovsky <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 3602207ca6582dd359308b7bd2ce08348cc0854e Author: Subash Abhinov Kasiviswanathan <[email protected]> Date: Mon Jun 4 19:43:38 2018 -0600 net: qualcomm: rmnet: Fix use after free while sending command ack When sending an ack to a command packet, the skb is still referenced after it is sent to the real device. Since the real device could free the skb, the device pointer would be invalid. Also, remove an unnecessary variable. Fixes: ceed73a2cf4a ("drivers: net: ethernet: qualcomm: rmnet: Initial implementation") Signed-off-by: Subash Abhinov Kasiviswanathan <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 9deb441c113ae9e761e42f78d90736d762ff49a3 Author: Subash Abhinov Kasiviswanathan <[email protected]> Date: Mon Jun 4 19:26:07 2018 -0600 net: ipv6: Generate random IID for addresses on RAWIP devices RAWIP devices such as rmnet do not have a hardware address and instead require the kernel to generate a random IID for the IPv6 addresses. Signed-off-by: Sean Tranchetti <[email protected]> Signed-off-by: Subash Abhinov Kasiviswanathan <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit f4c9f85f3b2cb7669830cd04d0be61192a4d2436 Author: Yousuk Seung <[email protected]> Date: Mon Jun 4 15:29:51 2018 -0700 tcp: refactor tcp_ecn_check_ce to remove sk type cast Refactor tcp_ecn_check_ce and __tcp_ecn_check_ce to accept struct sock* instead of tcp_sock* to clean up type casts. This is a pure refactor patch. Signed-off-by: Yousuk Seung <[email protected]> Signed-off-by: Neal Cardwell <[email protected]> Signed-off-by: Yuchung Cheng <[email protected]> Signed-off-by: Eric Dumazet <[email protected]> Acked-by: Soheil Hassas Yeganeh <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit f7225172f25aaf0dfd9ad65f05be8da5d6108b12 Author: David Ahern <[email protected]> Date: Mon Jun 4 13:41:42 2018 -0700 net/ipv6: prevent use after free in ip6_route_mpath_notify syzbot reported a use-after-free: BUG: KASAN: use-after-free in ip6_route_mpath_notify+0xe9/0x100 net/ipv6/route.c:4180 Read of size 4 at addr ffff8801bf789cf0 by task syz-executor756/4555 CPU: 1 PID: 4555 Comm: syz-executor756 Not tainted 4.17.0-rc7+ #78 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1b9/0x294 lib/dump_stack.c:113 print_address_description+0x6c/0x20b mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.7+0x242/0x2fe mm/kasan/report.c:412 __asan_report_load4_noabort+0x14/0x20 mm/kasan/report.c:432 ip6_route_mpath_notify+0xe9/0x100 net/ipv6/route.c:4180 ip6_route_multipath_add+0x615/0x1910 net/ipv6/route.c:4303 inet6_rtm_newroute+0xe3/0x160 net/ipv6/route.c:4391 ... Allocated by task 4555: save_stack+0x43/0xd0 mm/kasan/kasan.c:448 set_track mm/kasan/kasan.c:460 [inline] kasan_kmalloc+0xc4/0xe0 mm/kasan/kasan.c:553 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:490 kmem_cache_alloc+0x12e/0x760 mm/slab.c:3554 dst_alloc+0xbb/0x1d0 net/core/dst.c:104 __ip6_dst_alloc+0x35/0xa0 net/ipv6/route.c:361 ip6_dst_alloc+0x29/0xb0 net/ipv6/route.c:376 ip6_route_info_create+0x4d4/0x3a30 net/ipv6/route.c:2834 ip6_route_multipath_add+0xc7e/0x1910 net/ipv6/route.c:4240 inet6_rtm_newroute+0xe3/0x160 net/ipv6/route.c:4391 ... Freed by task 4555: save_stack+0x43/0xd0 mm/kasan/kasan.c:448 set_track mm/kasan/kasan.c:460 [inline] __kasan_slab_free+0x11a/0x170 mm/kasan/kasan.c:521 kasan_slab_free+0xe/0x10 mm/kasan/kasan.c:528 __cache_free mm/slab.c:3498 [inline] kmem_cache_free+0x86/0x2d0 mm/slab.c:3756 dst_destroy+0x267/0x3c0 net/core/dst.c:140 dst_release_immediate+0x71/0x9e net/core/dst.c:205 fib6_add+0xa40/0x1650 net/ipv6/ip6_fib.c:1305 __ip6_ins_rt+0x6c/0x90 net/ipv6/route.c:1011 ip6_route_multipath_add+0x513/0x1910 net/ipv6/route.c:4267 inet6_rtm_newroute+0xe3/0x160 net/ipv6/route.c:4391 ... The problem is that rt_last can point to a deleted route if the insert fails. One reproducer is to insert a route and then add a multipath route that has a duplicate nexthop.e.g,: $ ip -6 ro add vrf red 2001:db8:101::/64 nexthop via 2001:db8:1::2 $ ip -6 ro append vrf red 2001:db8:101::/64 nexthop via 2001:db8:1::4 nexthop via 2001:db8:1::2 Fix by not setting rt_last until the it is verified the insert succeeded. Fixes: 3b1137fe7482 ("net: ipv6: Change notifications for multipath add to RTA_MULTIPATH") Cc: Eric Dumazet <[email protected]> Reported-by: syzbot <[email protected]> Signed-off-by: David Ahern <[email protected]> Reviewed-by: Eric Dumazet <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 8d7ab3a0d72d3c98bcd12ff553c5ead0b5e32c31 Author: Hans Verkuil <[email protected]> Date: Mon Jun 4 08:47:53 2018 -0400 media: media/radio/Kconfig: add back RADIO_ISA Patch 258c524bdaab inadvertently removed the 'select RADIO_ISA' line for the RADIO_RTRACK. Fixes: 258c524bdaab ("radio: allow building ISA drivers with COMPILE_TEST") Reported-by: Randy Dunlap <[email protected]> Signed-off-by: Hans Verkuil <[email protected]> Signed-off-by: Mauro Carvalho Chehab <[email protected]> commit 5983d3bca5282b6785473434894933fa908ef693 Author: Hans Verkuil <[email protected]> Date: Mon Jun 4 07:22:28 2018 -0400 media: v4l2-ioctl.c: fix missing unlock in __video_do_ioctl() If dev_debug was active, then the code could return without unlocking the core mutex. Replace the return with a 'goto unlock' to ensure proper unlocking. Fixes: 73a110623e7b ("v4l2-core: push taking ioctl mutex down to ioctl handler") Signed-off-by: Hans Verkuil <[email protected]> Signed-off-by: Mauro Carvalho Chehab <[email protected]> commit 8cbc3a856fc6acee31f9820a566a9625776b68ee Author: Akinobu Mita <[email protected]> Date: Sun Jun 3 10:14:25 2018 -0400 media: pxa_camera: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power When the subdevice doesn't provide s_power core ops callback, the v4l2_subdev_call for s_power returns -ENOIOCTLCMD. If the subdevice doesn't have the special handling for its power saving mode, the s_power isn't required. So -ENOIOCTLCMD from the v4l2_subdev_call should be ignored. Actually the -ENOIOCTLCMD is ignored in this driver's suspend/resume, but the others treat the -ENOIOCTLCMD as an error. This prepares a wrapper function to ignore -ENOIOCTLCMD and replaces all s_power calls with it. This also adds warning message when s_power() is failed. Cc: Sakari Ailus <[email protected]> Signed-off-by: Akinobu Mita <[email protected]> Signed-off-by: Hans Verkuil <[email protected]> Signed-off-by: Mauro Carvalho Chehab <[email protected]> commit 2b787b66bcb03ec3bd97e950464e0452f459e2ca Author: Jacopo Mondi <[email protected]> Date: Wed May 30 05:13:24 2018 -0400 media: arch: sh: migor: Fix TW9910 PDN gpio The TW9910 PDN gpio (power down) is listed as active high in the chip manual. It turns out it is actually active low as when set to physical level 0 it actually turns the video decoder power off. Without this patch applied: tw9910 0-0045: Product ID error 1f:2 With this patch applied: tw9910 0-0045: tw9910 Product ID b:0 Fixes: commit "186c446f4b840bd77b79d3dc951ca436cb8abe79" Signed-off-by: Jacopo Mondi <[email protected]> Signed-off-by: Hans Verkuil <[email protected]> Signed-off-by: Mauro Carvalho Chehab <[email protected]> commit f956aec08d2b989dcf4699c15de8cd465929b750 Author: Dmitry Osipenko <[email protected]> Date: Tue May 29 18:41:06 2018 -0400 media: staging: tegra-vde: Reset VDE regardless of memory client resetting failure A failed memory client reset doesn't prevent VDE from resetting, hence reset VDE regardless of preceding memory client resetting failure. Signed-off-by: Dmitry Osipenko <[email protected]> Signed-off-by: Hans Verkuil <[email protected]> Signed-off-by: Mauro Carvalho Chehab <[email protected]> commit 9f5232cc7f040f443f81069f553d31b27ab7eb79 Author: Björn Töpel <[email protected]> Date: Mon Jun 4 14:06:01 2018 +0200 samples/bpf: xdpsock: use skb Tx path for XDP_SKB Make sure that XDP_SKB also uses the skb Tx path. Signed-off-by: Björn Töpel <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> commit fc6c19fb712dea1580f7eb1a7b207522d2cf6f6f Author: Arnd Bergmann <[email protected]> Date: Mon May 28 11:57:00 2018 -0400 media: marvel-ccic: mmp: select VIDEOBUF2_VMALLOC/DMA_CONTIG Testing randconfig builds after the return of the mmp ccic driver shows a link error in some configurations: drivers/media/platform/marvell-ccic/mcam-core.o: In function `mccic_register': mcam-core.c:(.text+0x2e48): undefined reference to `vb2_dma_contig_memops' A closer look at the mcam-core.c file reveals that we need to select both VIDEOBUF2_DMA_CONTIG and VIDEOBUF2_VMALLOC, as already do for VIDEO_CAFE_CCIC. Fixes: 0a9c643c8faa ("media: marvel-ccic: re-enable mmp-driver build") Signed-off-by: Arnd Bergmann <[email protected]> Signed-off-by: Hans Verkuil <[email protected]> Signed-off-by: Mauro Carvalho Chehab <[email protected]> commit ac98d8aab61baf785eb8f099b36daf34fc76a70e Author: Magnus Karlsson <[email protected]> Date: Mon Jun 4 14:05:57 2018 +0200 xsk: wire upp Tx zero-copy functions Here we add the functionality required to support zero-copy Tx, and also exposes various zero-copy related functions for the netdevs. Signed-off-by: Magnus Karlsson <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> commit e3760c7e50ac6cdf1188fec44938dd7e6e6eef61 Author: Magnus Karlsson <[email protected]> Date: Mon Jun 4 14:05:56 2018 +0200 net: added netdevice operation for Tx Added ndo_xsk_async_xmit. This ndo "kicks" the netdev to start to pull userland AF_XDP Tx frames from a NAPI context. Signed-off-by: Magnus Karlsson <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> commit 173d3adb6f437037f216270955886ca9878187a5 Author: Björn Töpel <[email protected]> Date: Mon Jun 4 14:05:55 2018 +0200 xsk: add zero-copy support for Rx Extend the xsk_rcv to support the new MEM_TYPE_ZERO_COPY memory, and wireup ndo_bpf call in bind. Signed-off-by: Björn Töpel <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> commit ee20a4459ee5afdc5c69725abd438e20cc4ac0ad Author: Arnd Bergmann <[email protected]> Date: Fri May 25 11:25:11 2018 -0400 media: marvel-ccic: allow ccic and mmp drivers to coexist Randconfig builds fail when one of the two is a built-in driver and the other one is a loadable module: drivers/media/platform/marvell-ccic/mcam-core.o: In function `mccic_register': mcam-core.c:(.text+0x2594): undefined reference to `__this_module' drivers/media/platform/marvell-ccic/mcam-core.o:(.rodata+0x50): undefined reference to `__this_module' The problem is that mcam-core.c can not be built both ways at the smae time. However, we can make kbuild take care of that by making the core driver a separate module, which can be either built-in or loadable as needed. Making it a separate module requires exporting a few symbols and adding the module license from the header. Fixes: 0a9c643c8faa ("media: marvel-ccic: re-enable mmp-driver build") Signed-off-by: Arnd Bergmann <[email protected]> Signed-off-by: Hans Verkuil <[email protected]> Signed-off-by: Mauro Carvalho Chehab <[email protected]> commit 02b55e5657c3a569fc681ba851e464cfa6b90d4f Author: Björn Töpel <[email protected]> Date: Mon Jun 4 14:05:54 2018 +0200 xdp: add MEM_TYPE_ZERO_COPY Here, a new type of allocator support is added to the XDP return API. A zero-copy allocated xdp_buff cannot be converted to an xdp_frame. Instead is the buff has to be copied. This is not supported at all in this commit. Also, an opaque "handle" is added to xdp_buff. This can be used as a context for the zero-copy allocator implementation. Signed-off-by: Björn Töpel <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> commit 74515c5750f30244a901c3c0c82a2fe534b3c9c5 Author: Björn Töpel <[email protected]> Date: Mon Jun 4 14:05:53 2018 +0200 net: xdp: added bpf_netdev_command XDP_{QUERY, SETUP}_XSK_UMEM Extend ndo_bpf with two new commands used for query zero-copy support and register an UMEM to a queue_id of a netdev. Signed-off-by: Björn Töpel <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> commit 8aef7340ae9695912a411886452ae9773206e845 Author: Björn Töpel <[email protected]> Date: Mon Jun 4 14:05:52 2018 +0200 xsk: introduce xdp_umem_page The xdp_umem_page holds the address for a page. Trade memory for faster lookup. Later, we'll add DMA address here as well. Signed-off-by: Björn Töpel <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> commit e61e62b9e2cc14b336f330f37f517f9d373ff31e Author: Björn Töpel <[email protected]> Date: Mon Jun 4 14:05:51 2018 +0200 xsk: moved struct xdp_umem definition Moved struct xdp_umem to xdp_sock.h, in order to prepare for zero-copy support. Signed-off-by: Björn Töpel <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> commit 69e2ecccd0bee6b186d0d42f8093109bfca7e990 Author: Kun Yi <[email protected]> Date: Mon Jun 4 13:17:04 2018 -0700 net: phy: broadcom: Enable 125 MHz clock on LED4 pin for BCM54612E by default. BCM54612E have 4 multi-functional LED pins that can be configured through register setting; the LED4 pin can be configured to a 125MHz reference clock output by setting the spare register. Since the dedicated CLK125 reference clock pin is not brought out on the 48-Pin MLP, the LED4 pin is the only pin to provide such function in this package, and therefore it is beneficial to just enable the reference clock by default. Signed-off-by: Kun Yi <[email protected]> Reviewed-by: Florian Fainelli <[email protected]> Signed-off-by: David S. Miller <[email protected]> commit 3d609342cc04129ff7568e19316ce3d7451a27e8 Author: Guillaume Nault <[email protected]> Date: Mon Jun 4 18:52:19 2018 +0200 l2tp: fix refcount leakage on PPPoL2TP sockets Commit d02ba2a6110c ("l2tp: fix race in pppol2tp_release with session object destroy") tried to fix a race condition where a PPPoL2TP socket would disappear while the L2TP session was still using it. However, it missed the root issue which is that an L2TP session may accept to be reconnected if its associated socket has entered the release process. The tentative fix makes the session hold the socket it is connected to. That saves the kernel from crashing, but introduces refcount leakage, preventing the socket from completing the release process. Once stalled, everything the socket depends on can't be released anymore, including the L2TP session and the l2tp_ppp module. The root issue is that, when releasing a connected PPPoL2TP socket, the session's ->sk pointer (RCU-protected) is reset to NULL and we have to wait for a grace period before destroying the socket. The socket drops the session in its ->sk_destruct callback function, so the session will exist until the last reference on the socket is dropped. Therefore, there is a time frame where pppol2tp_connect() may accept reconnecting a session, as it only checks ->sk to figure out if the session is connected. This time frame is shortened by the fact that pppol2tp_release() calls l2tp_session_delete(), making the session unreachable before resetting ->sk. However, pppol2tp_connect() may grab the session before it gets unhashed by l2tp_session_delete(), but it may test ->sk after the later got reset. The race is not so hard to trigger and syzbot found a pretty reliable reproducer: https://syzkaller.appspot.com/bug?id=418578d2a4389074524e04d641eacb091961b2cf Before d02ba2a6110c, another race could let pppol2tp_release() overwrite the ->__sk pointer of an L2TP session, thus tricking pppol2tp_put_sk() into calling sock_put() on a socket that is different than the one for which pppol2tp_release() was originally called. To get there, we had to trigger the race described above, therefore having one PPPoL2TP socket being released, while the session it is connected to is reconnecting to a different PPPoL2TP socket. When releasing this new socket fast enough, pppol2tp_release() overwrites the session's ->__sk pointer with the address of the new socket, before the first pppol2tp_put_sk() call gets scheduled. Then the pppol2tp_put_sk() call invoked by the original socket will sock_put() the new socket, potentially dropping its last reference. When the second pppol2tp_put_sk() finally runs, its socket has already been freed. With d02ba2a6110c, the session takes a reference on both sockets. Furthermore, the session's ->sk pointer is reset in the pppol2tp_session_close() callback function rather than in pppol2tp_release(). Therefore, ->__sk can't be overwritten and pppol2tp_put_sk() is called only once (l2tp_session_delete() will only run pppol2tp_session_close() once, to protect the session against concurrent deletion requests). Now pppol2tp_put_sk() will properly sock_put() the original socket, but the new socket will remain, as l2tp_session_delete() prevented the release process from completing. Here, we don't depend on the ->__sk race to trigger the bug. Getting into the pppol2tp_connect() race is enough to leak the reference, no matter when new socket is released. So it all boils do…
frank-w
referenced
this pull request
in frank-w/BPI-Router-Linux
Jun 12, 2018
[ Upstream commit 5b5e7a0 ] Before using nla_get_u32(), better make sure the attribute is of the proper size. Code recently was changed, but bug has been there from beginning of git. BUG: KMSAN: uninit-value in rtnetlink_put_metrics+0x553/0x960 net/core/rtnetlink.c:746 CPU: 1 PID: 14139 Comm: syz-executor6 Not tainted 4.17.0-rc5+ #103 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x185/0x1d0 lib/dump_stack.c:113 kmsan_report+0x149/0x260 mm/kmsan/kmsan.c:1084 __msan_warning_32+0x6e/0xc0 mm/kmsan/kmsan_instr.c:686 rtnetlink_put_metrics+0x553/0x960 net/core/rtnetlink.c:746 fib_dump_info+0xc42/0x2190 net/ipv4/fib_semantics.c:1361 rtmsg_fib+0x65f/0x8c0 net/ipv4/fib_semantics.c:419 fib_table_insert+0x2314/0x2b50 net/ipv4/fib_trie.c:1287 inet_rtm_newroute+0x210/0x340 net/ipv4/fib_frontend.c:779 rtnetlink_rcv_msg+0xa32/0x1560 net/core/rtnetlink.c:4646 netlink_rcv_skb+0x378/0x600 net/netlink/af_netlink.c:2448 rtnetlink_rcv+0x50/0x60 net/core/rtnetlink.c:4664 netlink_unicast_kernel net/netlink/af_netlink.c:1310 [inline] netlink_unicast+0x1678/0x1750 net/netlink/af_netlink.c:1336 netlink_sendmsg+0x104f/0x1350 net/netlink/af_netlink.c:1901 sock_sendmsg_nosec net/socket.c:629 [inline] sock_sendmsg net/socket.c:639 [inline] ___sys_sendmsg+0xec0/0x1310 net/socket.c:2117 __sys_sendmsg net/socket.c:2155 [inline] __do_sys_sendmsg net/socket.c:2164 [inline] __se_sys_sendmsg net/socket.c:2162 [inline] __x64_sys_sendmsg+0x331/0x460 net/socket.c:2162 do_syscall_64+0x152/0x230 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x455a09 RSP: 002b:00007faae5fd8c68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007faae5fd96d4 RCX: 0000000000455a09 RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000013 RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000005d0 R14: 00000000006fdc20 R15: 0000000000000000 Uninit was stored to memory at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:279 [inline] kmsan_save_stack mm/kmsan/kmsan.c:294 [inline] kmsan_internal_chain_origin+0x12b/0x210 mm/kmsan/kmsan.c:685 __msan_chain_origin+0x69/0xc0 mm/kmsan/kmsan_instr.c:529 fib_convert_metrics net/ipv4/fib_semantics.c:1056 [inline] fib_create_info+0x2d46/0x9dc0 net/ipv4/fib_semantics.c:1150 fib_table_insert+0x3e4/0x2b50 net/ipv4/fib_trie.c:1146 inet_rtm_newroute+0x210/0x340 net/ipv4/fib_frontend.c:779 rtnetlink_rcv_msg+0xa32/0x1560 net/core/rtnetlink.c:4646 netlink_rcv_skb+0x378/0x600 net/netlink/af_netlink.c:2448 rtnetlink_rcv+0x50/0x60 net/core/rtnetlink.c:4664 netlink_unicast_kernel net/netlink/af_netlink.c:1310 [inline] netlink_unicast+0x1678/0x1750 net/netlink/af_netlink.c:1336 netlink_sendmsg+0x104f/0x1350 net/netlink/af_netlink.c:1901 sock_sendmsg_nosec net/socket.c:629 [inline] sock_sendmsg net/socket.c:639 [inline] ___sys_sendmsg+0xec0/0x1310 net/socket.c:2117 __sys_sendmsg net/socket.c:2155 [inline] __do_sys_sendmsg net/socket.c:2164 [inline] __se_sys_sendmsg net/socket.c:2162 [inline] __x64_sys_sendmsg+0x331/0x460 net/socket.c:2162 do_syscall_64+0x152/0x230 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Uninit was created at: kmsan_save_stack_with_flags mm/kmsan/kmsan.c:279 [inline] kmsan_internal_poison_shadow+0xb8/0x1b0 mm/kmsan/kmsan.c:189 kmsan_kmalloc+0x94/0x100 mm/kmsan/kmsan.c:315 kmsan_slab_alloc+0x10/0x20 mm/kmsan/kmsan.c:322 slab_post_alloc_hook mm/slab.h:446 [inline] slab_alloc_node mm/slub.c:2753 [inline] __kmalloc_node_track_caller+0xb32/0x11b0 mm/slub.c:4395 __kmalloc_reserve net/core/skbuff.c:138 [inline] __alloc_skb+0x2cb/0x9e0 net/core/skbuff.c:206 alloc_skb include/linux/skbuff.h:988 [inline] netlink_alloc_large_skb net/netlink/af_netlink.c:1182 [inline] netlink_sendmsg+0x76e/0x1350 net/netlink/af_netlink.c:1876 sock_sendmsg_nosec net/socket.c:629 [inline] sock_sendmsg net/socket.c:639 [inline] ___sys_sendmsg+0xec0/0x1310 net/socket.c:2117 __sys_sendmsg net/socket.c:2155 [inline] __do_sys_sendmsg net/socket.c:2164 [inline] __se_sys_sendmsg net/socket.c:2162 [inline] __x64_sys_sendmsg+0x331/0x460 net/socket.c:2162 do_syscall_64+0x152/0x230 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Fixes: a919525 ("net: Move fib_convert_metrics to metrics file") Fixes: 1da177e ("Linux-2.6.12-rc2") Signed-off-by: Eric Dumazet <[email protected]> Reported-by: syzbot <[email protected]> Cc: David Ahern <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
ammarfaizi2
pushed a commit
to ammarfaizi2/linux-fork
that referenced
this pull request
May 3, 2022
… lwt hook [ Upstream commit b02d196 ] xmit_check_hhlen() observes the dst for getting the device hard header length to make sure a modified packet can fit. When a helper which changes the dst - such as bpf_skb_set_tunnel_key() - is called as part of the xmit program the accessed dst is no longer valid. This leads to the following splat: BUG: kernel NULL pointer dereference, address: 00000000000000de #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 0 PID: 798 Comm: ping Not tainted 5.18.0-rc2+ torvalds#103 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 RIP: 0010:bpf_xmit+0xfb/0x17f Code: c6 c0 4d cd 8e 48 c7 c7 7d 33 f0 8e e8 42 09 fb ff 48 8b 45 58 48 8b 95 c8 00 00 00 48 2b 95 c0 00 00 00 48 83 e0 fe 48 8b 00 <0f> b7 80 de 00 00 00 39 c2 73 22 29 d0 b9 20 0a 00 00 31 d2 48 89 RSP: 0018:ffffb148c0bc7b98 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000240008 RCX: 0000000000000000 RDX: 0000000000000010 RSI: 00000000ffffffea RDI: 00000000ffffffff RBP: ffff922a828a4e00 R08: ffffffff8f1350e8 R09: 00000000ffffdfff R10: ffffffff8f055100 R11: ffffffff8f105100 R12: 0000000000000000 R13: ffff922a828a4e00 R14: 0000000000000040 R15: 0000000000000000 FS: 00007f414e8f0080(0000) GS:ffff922afdc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000de CR3: 0000000002d80006 CR4: 0000000000370ef0 Call Trace: <TASK> lwtunnel_xmit.cold+0x71/0xc8 ip_finish_output2+0x279/0x520 ? __ip_finish_output.part.0+0x21/0x130 Fix by fetching the device hard header length before running the BPF code. Fixes: 3a0af8f ("bpf: BPF for lightweight tunnel infrastructure") Signed-off-by: Eyal Birger <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> Link: https://lore.kernel.org/bpf/[email protected] Signed-off-by: Sasha Levin <[email protected]>
ammarfaizi2
pushed a commit
to ammarfaizi2/linux-fork
that referenced
this pull request
May 3, 2022
… lwt hook [ Upstream commit b02d196 ] xmit_check_hhlen() observes the dst for getting the device hard header length to make sure a modified packet can fit. When a helper which changes the dst - such as bpf_skb_set_tunnel_key() - is called as part of the xmit program the accessed dst is no longer valid. This leads to the following splat: BUG: kernel NULL pointer dereference, address: 00000000000000de #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 0 PID: 798 Comm: ping Not tainted 5.18.0-rc2+ torvalds#103 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 RIP: 0010:bpf_xmit+0xfb/0x17f Code: c6 c0 4d cd 8e 48 c7 c7 7d 33 f0 8e e8 42 09 fb ff 48 8b 45 58 48 8b 95 c8 00 00 00 48 2b 95 c0 00 00 00 48 83 e0 fe 48 8b 00 <0f> b7 80 de 00 00 00 39 c2 73 22 29 d0 b9 20 0a 00 00 31 d2 48 89 RSP: 0018:ffffb148c0bc7b98 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000240008 RCX: 0000000000000000 RDX: 0000000000000010 RSI: 00000000ffffffea RDI: 00000000ffffffff RBP: ffff922a828a4e00 R08: ffffffff8f1350e8 R09: 00000000ffffdfff R10: ffffffff8f055100 R11: ffffffff8f105100 R12: 0000000000000000 R13: ffff922a828a4e00 R14: 0000000000000040 R15: 0000000000000000 FS: 00007f414e8f0080(0000) GS:ffff922afdc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000de CR3: 0000000002d80006 CR4: 0000000000370ef0 Call Trace: <TASK> lwtunnel_xmit.cold+0x71/0xc8 ip_finish_output2+0x279/0x520 ? __ip_finish_output.part.0+0x21/0x130 Fix by fetching the device hard header length before running the BPF code. Fixes: 3a0af8f ("bpf: BPF for lightweight tunnel infrastructure") Signed-off-by: Eyal Birger <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> Link: https://lore.kernel.org/bpf/[email protected] Signed-off-by: Sasha Levin <[email protected]>
ammarfaizi2
pushed a commit
to ammarfaizi2/linux-fork
that referenced
this pull request
May 3, 2022
… lwt hook [ Upstream commit b02d196 ] xmit_check_hhlen() observes the dst for getting the device hard header length to make sure a modified packet can fit. When a helper which changes the dst - such as bpf_skb_set_tunnel_key() - is called as part of the xmit program the accessed dst is no longer valid. This leads to the following splat: BUG: kernel NULL pointer dereference, address: 00000000000000de #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 0 PID: 798 Comm: ping Not tainted 5.18.0-rc2+ torvalds#103 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 RIP: 0010:bpf_xmit+0xfb/0x17f Code: c6 c0 4d cd 8e 48 c7 c7 7d 33 f0 8e e8 42 09 fb ff 48 8b 45 58 48 8b 95 c8 00 00 00 48 2b 95 c0 00 00 00 48 83 e0 fe 48 8b 00 <0f> b7 80 de 00 00 00 39 c2 73 22 29 d0 b9 20 0a 00 00 31 d2 48 89 RSP: 0018:ffffb148c0bc7b98 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000240008 RCX: 0000000000000000 RDX: 0000000000000010 RSI: 00000000ffffffea RDI: 00000000ffffffff RBP: ffff922a828a4e00 R08: ffffffff8f1350e8 R09: 00000000ffffdfff R10: ffffffff8f055100 R11: ffffffff8f105100 R12: 0000000000000000 R13: ffff922a828a4e00 R14: 0000000000000040 R15: 0000000000000000 FS: 00007f414e8f0080(0000) GS:ffff922afdc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000de CR3: 0000000002d80006 CR4: 0000000000370ef0 Call Trace: <TASK> lwtunnel_xmit.cold+0x71/0xc8 ip_finish_output2+0x279/0x520 ? __ip_finish_output.part.0+0x21/0x130 Fix by fetching the device hard header length before running the BPF code. Fixes: 3a0af8f ("bpf: BPF for lightweight tunnel infrastructure") Signed-off-by: Eyal Birger <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> Link: https://lore.kernel.org/bpf/[email protected] Signed-off-by: Sasha Levin <[email protected]>
ammarfaizi2
pushed a commit
to ammarfaizi2/linux-fork
that referenced
this pull request
May 3, 2022
… lwt hook [ Upstream commit b02d196 ] xmit_check_hhlen() observes the dst for getting the device hard header length to make sure a modified packet can fit. When a helper which changes the dst - such as bpf_skb_set_tunnel_key() - is called as part of the xmit program the accessed dst is no longer valid. This leads to the following splat: BUG: kernel NULL pointer dereference, address: 00000000000000de #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 0 PID: 798 Comm: ping Not tainted 5.18.0-rc2+ torvalds#103 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 RIP: 0010:bpf_xmit+0xfb/0x17f Code: c6 c0 4d cd 8e 48 c7 c7 7d 33 f0 8e e8 42 09 fb ff 48 8b 45 58 48 8b 95 c8 00 00 00 48 2b 95 c0 00 00 00 48 83 e0 fe 48 8b 00 <0f> b7 80 de 00 00 00 39 c2 73 22 29 d0 b9 20 0a 00 00 31 d2 48 89 RSP: 0018:ffffb148c0bc7b98 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000240008 RCX: 0000000000000000 RDX: 0000000000000010 RSI: 00000000ffffffea RDI: 00000000ffffffff RBP: ffff922a828a4e00 R08: ffffffff8f1350e8 R09: 00000000ffffdfff R10: ffffffff8f055100 R11: ffffffff8f105100 R12: 0000000000000000 R13: ffff922a828a4e00 R14: 0000000000000040 R15: 0000000000000000 FS: 00007f414e8f0080(0000) GS:ffff922afdc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000de CR3: 0000000002d80006 CR4: 0000000000370ef0 Call Trace: <TASK> lwtunnel_xmit.cold+0x71/0xc8 ip_finish_output2+0x279/0x520 ? __ip_finish_output.part.0+0x21/0x130 Fix by fetching the device hard header length before running the BPF code. Fixes: 3a0af8f ("bpf: BPF for lightweight tunnel infrastructure") Signed-off-by: Eyal Birger <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> Link: https://lore.kernel.org/bpf/[email protected] Signed-off-by: Sasha Levin <[email protected]>
ammarfaizi2
pushed a commit
to ammarfaizi2/linux-fork
that referenced
this pull request
May 4, 2022
… lwt hook [ Upstream commit b02d196 ] xmit_check_hhlen() observes the dst for getting the device hard header length to make sure a modified packet can fit. When a helper which changes the dst - such as bpf_skb_set_tunnel_key() - is called as part of the xmit program the accessed dst is no longer valid. This leads to the following splat: BUG: kernel NULL pointer dereference, address: 00000000000000de #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 0 PID: 798 Comm: ping Not tainted 5.18.0-rc2+ torvalds#103 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 RIP: 0010:bpf_xmit+0xfb/0x17f Code: c6 c0 4d cd 8e 48 c7 c7 7d 33 f0 8e e8 42 09 fb ff 48 8b 45 58 48 8b 95 c8 00 00 00 48 2b 95 c0 00 00 00 48 83 e0 fe 48 8b 00 <0f> b7 80 de 00 00 00 39 c2 73 22 29 d0 b9 20 0a 00 00 31 d2 48 89 RSP: 0018:ffffb148c0bc7b98 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000240008 RCX: 0000000000000000 RDX: 0000000000000010 RSI: 00000000ffffffea RDI: 00000000ffffffff RBP: ffff922a828a4e00 R08: ffffffff8f1350e8 R09: 00000000ffffdfff R10: ffffffff8f055100 R11: ffffffff8f105100 R12: 0000000000000000 R13: ffff922a828a4e00 R14: 0000000000000040 R15: 0000000000000000 FS: 00007f414e8f0080(0000) GS:ffff922afdc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000de CR3: 0000000002d80006 CR4: 0000000000370ef0 Call Trace: <TASK> lwtunnel_xmit.cold+0x71/0xc8 ip_finish_output2+0x279/0x520 ? __ip_finish_output.part.0+0x21/0x130 Fix by fetching the device hard header length before running the BPF code. Fixes: 3a0af8f ("bpf: BPF for lightweight tunnel infrastructure") Signed-off-by: Eyal Birger <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> Link: https://lore.kernel.org/bpf/[email protected] Signed-off-by: Sasha Levin <[email protected]>
ammarfaizi2
pushed a commit
to ammarfaizi2/linux-fork
that referenced
this pull request
May 4, 2022
… lwt hook [ Upstream commit b02d196 ] xmit_check_hhlen() observes the dst for getting the device hard header length to make sure a modified packet can fit. When a helper which changes the dst - such as bpf_skb_set_tunnel_key() - is called as part of the xmit program the accessed dst is no longer valid. This leads to the following splat: BUG: kernel NULL pointer dereference, address: 00000000000000de #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 0 PID: 798 Comm: ping Not tainted 5.18.0-rc2+ torvalds#103 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 RIP: 0010:bpf_xmit+0xfb/0x17f Code: c6 c0 4d cd 8e 48 c7 c7 7d 33 f0 8e e8 42 09 fb ff 48 8b 45 58 48 8b 95 c8 00 00 00 48 2b 95 c0 00 00 00 48 83 e0 fe 48 8b 00 <0f> b7 80 de 00 00 00 39 c2 73 22 29 d0 b9 20 0a 00 00 31 d2 48 89 RSP: 0018:ffffb148c0bc7b98 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000240008 RCX: 0000000000000000 RDX: 0000000000000010 RSI: 00000000ffffffea RDI: 00000000ffffffff RBP: ffff922a828a4e00 R08: ffffffff8f1350e8 R09: 00000000ffffdfff R10: ffffffff8f055100 R11: ffffffff8f105100 R12: 0000000000000000 R13: ffff922a828a4e00 R14: 0000000000000040 R15: 0000000000000000 FS: 00007f414e8f0080(0000) GS:ffff922afdc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000de CR3: 0000000002d80006 CR4: 0000000000370ef0 Call Trace: <TASK> lwtunnel_xmit.cold+0x71/0xc8 ip_finish_output2+0x279/0x520 ? __ip_finish_output.part.0+0x21/0x130 Fix by fetching the device hard header length before running the BPF code. Fixes: 3a0af8f ("bpf: BPF for lightweight tunnel infrastructure") Signed-off-by: Eyal Birger <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> Link: https://lore.kernel.org/bpf/[email protected] Signed-off-by: Sasha Levin <[email protected]>
ammarfaizi2
pushed a commit
to ammarfaizi2/linux-fork
that referenced
this pull request
May 4, 2022
… lwt hook [ Upstream commit b02d196 ] xmit_check_hhlen() observes the dst for getting the device hard header length to make sure a modified packet can fit. When a helper which changes the dst - such as bpf_skb_set_tunnel_key() - is called as part of the xmit program the accessed dst is no longer valid. This leads to the following splat: BUG: kernel NULL pointer dereference, address: 00000000000000de #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 0 PID: 798 Comm: ping Not tainted 5.18.0-rc2+ torvalds#103 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 RIP: 0010:bpf_xmit+0xfb/0x17f Code: c6 c0 4d cd 8e 48 c7 c7 7d 33 f0 8e e8 42 09 fb ff 48 8b 45 58 48 8b 95 c8 00 00 00 48 2b 95 c0 00 00 00 48 83 e0 fe 48 8b 00 <0f> b7 80 de 00 00 00 39 c2 73 22 29 d0 b9 20 0a 00 00 31 d2 48 89 RSP: 0018:ffffb148c0bc7b98 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000240008 RCX: 0000000000000000 RDX: 0000000000000010 RSI: 00000000ffffffea RDI: 00000000ffffffff RBP: ffff922a828a4e00 R08: ffffffff8f1350e8 R09: 00000000ffffdfff R10: ffffffff8f055100 R11: ffffffff8f105100 R12: 0000000000000000 R13: ffff922a828a4e00 R14: 0000000000000040 R15: 0000000000000000 FS: 00007f414e8f0080(0000) GS:ffff922afdc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000de CR3: 0000000002d80006 CR4: 0000000000370ef0 Call Trace: <TASK> lwtunnel_xmit.cold+0x71/0xc8 ip_finish_output2+0x279/0x520 ? __ip_finish_output.part.0+0x21/0x130 Fix by fetching the device hard header length before running the BPF code. Fixes: 3a0af8f ("bpf: BPF for lightweight tunnel infrastructure") Signed-off-by: Eyal Birger <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> Link: https://lore.kernel.org/bpf/[email protected] Signed-off-by: Sasha Levin <[email protected]>
ammarfaizi2
pushed a commit
to ammarfaizi2/linux-fork
that referenced
this pull request
May 4, 2022
… lwt hook [ Upstream commit b02d196 ] xmit_check_hhlen() observes the dst for getting the device hard header length to make sure a modified packet can fit. When a helper which changes the dst - such as bpf_skb_set_tunnel_key() - is called as part of the xmit program the accessed dst is no longer valid. This leads to the following splat: BUG: kernel NULL pointer dereference, address: 00000000000000de #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 0 PID: 798 Comm: ping Not tainted 5.18.0-rc2+ torvalds#103 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 RIP: 0010:bpf_xmit+0xfb/0x17f Code: c6 c0 4d cd 8e 48 c7 c7 7d 33 f0 8e e8 42 09 fb ff 48 8b 45 58 48 8b 95 c8 00 00 00 48 2b 95 c0 00 00 00 48 83 e0 fe 48 8b 00 <0f> b7 80 de 00 00 00 39 c2 73 22 29 d0 b9 20 0a 00 00 31 d2 48 89 RSP: 0018:ffffb148c0bc7b98 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000240008 RCX: 0000000000000000 RDX: 0000000000000010 RSI: 00000000ffffffea RDI: 00000000ffffffff RBP: ffff922a828a4e00 R08: ffffffff8f1350e8 R09: 00000000ffffdfff R10: ffffffff8f055100 R11: ffffffff8f105100 R12: 0000000000000000 R13: ffff922a828a4e00 R14: 0000000000000040 R15: 0000000000000000 FS: 00007f414e8f0080(0000) GS:ffff922afdc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000de CR3: 0000000002d80006 CR4: 0000000000370ef0 Call Trace: <TASK> lwtunnel_xmit.cold+0x71/0xc8 ip_finish_output2+0x279/0x520 ? __ip_finish_output.part.0+0x21/0x130 Fix by fetching the device hard header length before running the BPF code. Fixes: 3a0af8f ("bpf: BPF for lightweight tunnel infrastructure") Signed-off-by: Eyal Birger <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> Link: https://lore.kernel.org/bpf/[email protected] Signed-off-by: Sasha Levin <[email protected]>
ammarfaizi2
pushed a commit
to ammarfaizi2/linux-fork
that referenced
this pull request
May 4, 2022
… lwt hook [ Upstream commit b02d196 ] xmit_check_hhlen() observes the dst for getting the device hard header length to make sure a modified packet can fit. When a helper which changes the dst - such as bpf_skb_set_tunnel_key() - is called as part of the xmit program the accessed dst is no longer valid. This leads to the following splat: BUG: kernel NULL pointer dereference, address: 00000000000000de #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 0 PID: 798 Comm: ping Not tainted 5.18.0-rc2+ torvalds#103 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 RIP: 0010:bpf_xmit+0xfb/0x17f Code: c6 c0 4d cd 8e 48 c7 c7 7d 33 f0 8e e8 42 09 fb ff 48 8b 45 58 48 8b 95 c8 00 00 00 48 2b 95 c0 00 00 00 48 83 e0 fe 48 8b 00 <0f> b7 80 de 00 00 00 39 c2 73 22 29 d0 b9 20 0a 00 00 31 d2 48 89 RSP: 0018:ffffb148c0bc7b98 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000240008 RCX: 0000000000000000 RDX: 0000000000000010 RSI: 00000000ffffffea RDI: 00000000ffffffff RBP: ffff922a828a4e00 R08: ffffffff8f1350e8 R09: 00000000ffffdfff R10: ffffffff8f055100 R11: ffffffff8f105100 R12: 0000000000000000 R13: ffff922a828a4e00 R14: 0000000000000040 R15: 0000000000000000 FS: 00007f414e8f0080(0000) GS:ffff922afdc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000de CR3: 0000000002d80006 CR4: 0000000000370ef0 Call Trace: <TASK> lwtunnel_xmit.cold+0x71/0xc8 ip_finish_output2+0x279/0x520 ? __ip_finish_output.part.0+0x21/0x130 Fix by fetching the device hard header length before running the BPF code. Fixes: 3a0af8f ("bpf: BPF for lightweight tunnel infrastructure") Signed-off-by: Eyal Birger <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> Link: https://lore.kernel.org/bpf/[email protected] Signed-off-by: Sasha Levin <[email protected]>
ammarfaizi2
pushed a commit
to ammarfaizi2/linux-fork
that referenced
this pull request
May 4, 2022
… lwt hook [ Upstream commit b02d196 ] xmit_check_hhlen() observes the dst for getting the device hard header length to make sure a modified packet can fit. When a helper which changes the dst - such as bpf_skb_set_tunnel_key() - is called as part of the xmit program the accessed dst is no longer valid. This leads to the following splat: BUG: kernel NULL pointer dereference, address: 00000000000000de #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 0 PID: 798 Comm: ping Not tainted 5.18.0-rc2+ torvalds#103 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 RIP: 0010:bpf_xmit+0xfb/0x17f Code: c6 c0 4d cd 8e 48 c7 c7 7d 33 f0 8e e8 42 09 fb ff 48 8b 45 58 48 8b 95 c8 00 00 00 48 2b 95 c0 00 00 00 48 83 e0 fe 48 8b 00 <0f> b7 80 de 00 00 00 39 c2 73 22 29 d0 b9 20 0a 00 00 31 d2 48 89 RSP: 0018:ffffb148c0bc7b98 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000240008 RCX: 0000000000000000 RDX: 0000000000000010 RSI: 00000000ffffffea RDI: 00000000ffffffff RBP: ffff922a828a4e00 R08: ffffffff8f1350e8 R09: 00000000ffffdfff R10: ffffffff8f055100 R11: ffffffff8f105100 R12: 0000000000000000 R13: ffff922a828a4e00 R14: 0000000000000040 R15: 0000000000000000 FS: 00007f414e8f0080(0000) GS:ffff922afdc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000de CR3: 0000000002d80006 CR4: 0000000000370ef0 Call Trace: <TASK> lwtunnel_xmit.cold+0x71/0xc8 ip_finish_output2+0x279/0x520 ? __ip_finish_output.part.0+0x21/0x130 Fix by fetching the device hard header length before running the BPF code. Fixes: 3a0af8f ("bpf: BPF for lightweight tunnel infrastructure") Signed-off-by: Eyal Birger <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> Link: https://lore.kernel.org/bpf/[email protected] Signed-off-by: Sasha Levin <[email protected]>
ammarfaizi2
pushed a commit
to ammarfaizi2/linux-fork
that referenced
this pull request
May 4, 2022
… lwt hook [ Upstream commit b02d196 ] xmit_check_hhlen() observes the dst for getting the device hard header length to make sure a modified packet can fit. When a helper which changes the dst - such as bpf_skb_set_tunnel_key() - is called as part of the xmit program the accessed dst is no longer valid. This leads to the following splat: BUG: kernel NULL pointer dereference, address: 00000000000000de #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 0 PID: 798 Comm: ping Not tainted 5.18.0-rc2+ torvalds#103 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 RIP: 0010:bpf_xmit+0xfb/0x17f Code: c6 c0 4d cd 8e 48 c7 c7 7d 33 f0 8e e8 42 09 fb ff 48 8b 45 58 48 8b 95 c8 00 00 00 48 2b 95 c0 00 00 00 48 83 e0 fe 48 8b 00 <0f> b7 80 de 00 00 00 39 c2 73 22 29 d0 b9 20 0a 00 00 31 d2 48 89 RSP: 0018:ffffb148c0bc7b98 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000240008 RCX: 0000000000000000 RDX: 0000000000000010 RSI: 00000000ffffffea RDI: 00000000ffffffff RBP: ffff922a828a4e00 R08: ffffffff8f1350e8 R09: 00000000ffffdfff R10: ffffffff8f055100 R11: ffffffff8f105100 R12: 0000000000000000 R13: ffff922a828a4e00 R14: 0000000000000040 R15: 0000000000000000 FS: 00007f414e8f0080(0000) GS:ffff922afdc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000de CR3: 0000000002d80006 CR4: 0000000000370ef0 Call Trace: <TASK> lwtunnel_xmit.cold+0x71/0xc8 ip_finish_output2+0x279/0x520 ? __ip_finish_output.part.0+0x21/0x130 Fix by fetching the device hard header length before running the BPF code. Fixes: 3a0af8f ("bpf: BPF for lightweight tunnel infrastructure") Signed-off-by: Eyal Birger <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> Link: https://lore.kernel.org/bpf/[email protected] Signed-off-by: Sasha Levin <[email protected]>
ammarfaizi2
pushed a commit
to ammarfaizi2/linux-fork
that referenced
this pull request
May 4, 2022
… lwt hook [ Upstream commit b02d196 ] xmit_check_hhlen() observes the dst for getting the device hard header length to make sure a modified packet can fit. When a helper which changes the dst - such as bpf_skb_set_tunnel_key() - is called as part of the xmit program the accessed dst is no longer valid. This leads to the following splat: BUG: kernel NULL pointer dereference, address: 00000000000000de #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 0 PID: 798 Comm: ping Not tainted 5.18.0-rc2+ torvalds#103 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 RIP: 0010:bpf_xmit+0xfb/0x17f Code: c6 c0 4d cd 8e 48 c7 c7 7d 33 f0 8e e8 42 09 fb ff 48 8b 45 58 48 8b 95 c8 00 00 00 48 2b 95 c0 00 00 00 48 83 e0 fe 48 8b 00 <0f> b7 80 de 00 00 00 39 c2 73 22 29 d0 b9 20 0a 00 00 31 d2 48 89 RSP: 0018:ffffb148c0bc7b98 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000240008 RCX: 0000000000000000 RDX: 0000000000000010 RSI: 00000000ffffffea RDI: 00000000ffffffff RBP: ffff922a828a4e00 R08: ffffffff8f1350e8 R09: 00000000ffffdfff R10: ffffffff8f055100 R11: ffffffff8f105100 R12: 0000000000000000 R13: ffff922a828a4e00 R14: 0000000000000040 R15: 0000000000000000 FS: 00007f414e8f0080(0000) GS:ffff922afdc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000de CR3: 0000000002d80006 CR4: 0000000000370ef0 Call Trace: <TASK> lwtunnel_xmit.cold+0x71/0xc8 ip_finish_output2+0x279/0x520 ? __ip_finish_output.part.0+0x21/0x130 Fix by fetching the device hard header length before running the BPF code. Fixes: 3a0af8f ("bpf: BPF for lightweight tunnel infrastructure") Signed-off-by: Eyal Birger <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> Link: https://lore.kernel.org/bpf/[email protected] Signed-off-by: Sasha Levin <[email protected]>
ammarfaizi2
pushed a commit
to ammarfaizi2/linux-fork
that referenced
this pull request
May 8, 2022
… lwt hook [ Upstream commit b02d196 ] xmit_check_hhlen() observes the dst for getting the device hard header length to make sure a modified packet can fit. When a helper which changes the dst - such as bpf_skb_set_tunnel_key() - is called as part of the xmit program the accessed dst is no longer valid. This leads to the following splat: BUG: kernel NULL pointer dereference, address: 00000000000000de #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 0 PID: 798 Comm: ping Not tainted 5.18.0-rc2+ torvalds#103 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 RIP: 0010:bpf_xmit+0xfb/0x17f Code: c6 c0 4d cd 8e 48 c7 c7 7d 33 f0 8e e8 42 09 fb ff 48 8b 45 58 48 8b 95 c8 00 00 00 48 2b 95 c0 00 00 00 48 83 e0 fe 48 8b 00 <0f> b7 80 de 00 00 00 39 c2 73 22 29 d0 b9 20 0a 00 00 31 d2 48 89 RSP: 0018:ffffb148c0bc7b98 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000240008 RCX: 0000000000000000 RDX: 0000000000000010 RSI: 00000000ffffffea RDI: 00000000ffffffff RBP: ffff922a828a4e00 R08: ffffffff8f1350e8 R09: 00000000ffffdfff R10: ffffffff8f055100 R11: ffffffff8f105100 R12: 0000000000000000 R13: ffff922a828a4e00 R14: 0000000000000040 R15: 0000000000000000 FS: 00007f414e8f0080(0000) GS:ffff922afdc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000de CR3: 0000000002d80006 CR4: 0000000000370ef0 Call Trace: <TASK> lwtunnel_xmit.cold+0x71/0xc8 ip_finish_output2+0x279/0x520 ? __ip_finish_output.part.0+0x21/0x130 Fix by fetching the device hard header length before running the BPF code. Fixes: 3a0af8f ("bpf: BPF for lightweight tunnel infrastructure") Signed-off-by: Eyal Birger <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> Link: https://lore.kernel.org/bpf/[email protected] Signed-off-by: Sasha Levin <[email protected]>
ammarfaizi2
pushed a commit
to ammarfaizi2/linux-fork
that referenced
this pull request
May 8, 2022
… lwt hook [ Upstream commit b02d196 ] xmit_check_hhlen() observes the dst for getting the device hard header length to make sure a modified packet can fit. When a helper which changes the dst - such as bpf_skb_set_tunnel_key() - is called as part of the xmit program the accessed dst is no longer valid. This leads to the following splat: BUG: kernel NULL pointer dereference, address: 00000000000000de #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 0 PID: 798 Comm: ping Not tainted 5.18.0-rc2+ torvalds#103 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 RIP: 0010:bpf_xmit+0xfb/0x17f Code: c6 c0 4d cd 8e 48 c7 c7 7d 33 f0 8e e8 42 09 fb ff 48 8b 45 58 48 8b 95 c8 00 00 00 48 2b 95 c0 00 00 00 48 83 e0 fe 48 8b 00 <0f> b7 80 de 00 00 00 39 c2 73 22 29 d0 b9 20 0a 00 00 31 d2 48 89 RSP: 0018:ffffb148c0bc7b98 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000240008 RCX: 0000000000000000 RDX: 0000000000000010 RSI: 00000000ffffffea RDI: 00000000ffffffff RBP: ffff922a828a4e00 R08: ffffffff8f1350e8 R09: 00000000ffffdfff R10: ffffffff8f055100 R11: ffffffff8f105100 R12: 0000000000000000 R13: ffff922a828a4e00 R14: 0000000000000040 R15: 0000000000000000 FS: 00007f414e8f0080(0000) GS:ffff922afdc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000de CR3: 0000000002d80006 CR4: 0000000000370ef0 Call Trace: <TASK> lwtunnel_xmit.cold+0x71/0xc8 ip_finish_output2+0x279/0x520 ? __ip_finish_output.part.0+0x21/0x130 Fix by fetching the device hard header length before running the BPF code. Fixes: 3a0af8f ("bpf: BPF for lightweight tunnel infrastructure") Signed-off-by: Eyal Birger <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> Link: https://lore.kernel.org/bpf/[email protected] Signed-off-by: Sasha Levin <[email protected]>
ammarfaizi2
pushed a commit
to ammarfaizi2/linux-fork
that referenced
this pull request
May 8, 2022
… lwt hook [ Upstream commit b02d196 ] xmit_check_hhlen() observes the dst for getting the device hard header length to make sure a modified packet can fit. When a helper which changes the dst - such as bpf_skb_set_tunnel_key() - is called as part of the xmit program the accessed dst is no longer valid. This leads to the following splat: BUG: kernel NULL pointer dereference, address: 00000000000000de #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 0 PID: 798 Comm: ping Not tainted 5.18.0-rc2+ torvalds#103 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 RIP: 0010:bpf_xmit+0xfb/0x17f Code: c6 c0 4d cd 8e 48 c7 c7 7d 33 f0 8e e8 42 09 fb ff 48 8b 45 58 48 8b 95 c8 00 00 00 48 2b 95 c0 00 00 00 48 83 e0 fe 48 8b 00 <0f> b7 80 de 00 00 00 39 c2 73 22 29 d0 b9 20 0a 00 00 31 d2 48 89 RSP: 0018:ffffb148c0bc7b98 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000240008 RCX: 0000000000000000 RDX: 0000000000000010 RSI: 00000000ffffffea RDI: 00000000ffffffff RBP: ffff922a828a4e00 R08: ffffffff8f1350e8 R09: 00000000ffffdfff R10: ffffffff8f055100 R11: ffffffff8f105100 R12: 0000000000000000 R13: ffff922a828a4e00 R14: 0000000000000040 R15: 0000000000000000 FS: 00007f414e8f0080(0000) GS:ffff922afdc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000de CR3: 0000000002d80006 CR4: 0000000000370ef0 Call Trace: <TASK> lwtunnel_xmit.cold+0x71/0xc8 ip_finish_output2+0x279/0x520 ? __ip_finish_output.part.0+0x21/0x130 Fix by fetching the device hard header length before running the BPF code. Fixes: 3a0af8f ("bpf: BPF for lightweight tunnel infrastructure") Signed-off-by: Eyal Birger <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> Link: https://lore.kernel.org/bpf/[email protected] Signed-off-by: Sasha Levin <[email protected]>
ammarfaizi2
pushed a commit
to ammarfaizi2/linux-fork
that referenced
this pull request
May 8, 2022
… lwt hook [ Upstream commit b02d196 ] xmit_check_hhlen() observes the dst for getting the device hard header length to make sure a modified packet can fit. When a helper which changes the dst - such as bpf_skb_set_tunnel_key() - is called as part of the xmit program the accessed dst is no longer valid. This leads to the following splat: BUG: kernel NULL pointer dereference, address: 00000000000000de #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 0 PID: 798 Comm: ping Not tainted 5.18.0-rc2+ torvalds#103 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 RIP: 0010:bpf_xmit+0xfb/0x17f Code: c6 c0 4d cd 8e 48 c7 c7 7d 33 f0 8e e8 42 09 fb ff 48 8b 45 58 48 8b 95 c8 00 00 00 48 2b 95 c0 00 00 00 48 83 e0 fe 48 8b 00 <0f> b7 80 de 00 00 00 39 c2 73 22 29 d0 b9 20 0a 00 00 31 d2 48 89 RSP: 0018:ffffb148c0bc7b98 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000240008 RCX: 0000000000000000 RDX: 0000000000000010 RSI: 00000000ffffffea RDI: 00000000ffffffff RBP: ffff922a828a4e00 R08: ffffffff8f1350e8 R09: 00000000ffffdfff R10: ffffffff8f055100 R11: ffffffff8f105100 R12: 0000000000000000 R13: ffff922a828a4e00 R14: 0000000000000040 R15: 0000000000000000 FS: 00007f414e8f0080(0000) GS:ffff922afdc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000de CR3: 0000000002d80006 CR4: 0000000000370ef0 Call Trace: <TASK> lwtunnel_xmit.cold+0x71/0xc8 ip_finish_output2+0x279/0x520 ? __ip_finish_output.part.0+0x21/0x130 Fix by fetching the device hard header length before running the BPF code. Fixes: 3a0af8f ("bpf: BPF for lightweight tunnel infrastructure") Signed-off-by: Eyal Birger <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> Link: https://lore.kernel.org/bpf/[email protected] Signed-off-by: Sasha Levin <[email protected]>
ammarfaizi2
pushed a commit
to ammarfaizi2/linux-fork
that referenced
this pull request
May 9, 2022
… lwt hook [ Upstream commit b02d196 ] xmit_check_hhlen() observes the dst for getting the device hard header length to make sure a modified packet can fit. When a helper which changes the dst - such as bpf_skb_set_tunnel_key() - is called as part of the xmit program the accessed dst is no longer valid. This leads to the following splat: BUG: kernel NULL pointer dereference, address: 00000000000000de #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 0 PID: 798 Comm: ping Not tainted 5.18.0-rc2+ torvalds#103 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 RIP: 0010:bpf_xmit+0xfb/0x17f Code: c6 c0 4d cd 8e 48 c7 c7 7d 33 f0 8e e8 42 09 fb ff 48 8b 45 58 48 8b 95 c8 00 00 00 48 2b 95 c0 00 00 00 48 83 e0 fe 48 8b 00 <0f> b7 80 de 00 00 00 39 c2 73 22 29 d0 b9 20 0a 00 00 31 d2 48 89 RSP: 0018:ffffb148c0bc7b98 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000240008 RCX: 0000000000000000 RDX: 0000000000000010 RSI: 00000000ffffffea RDI: 00000000ffffffff RBP: ffff922a828a4e00 R08: ffffffff8f1350e8 R09: 00000000ffffdfff R10: ffffffff8f055100 R11: ffffffff8f105100 R12: 0000000000000000 R13: ffff922a828a4e00 R14: 0000000000000040 R15: 0000000000000000 FS: 00007f414e8f0080(0000) GS:ffff922afdc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000de CR3: 0000000002d80006 CR4: 0000000000370ef0 Call Trace: <TASK> lwtunnel_xmit.cold+0x71/0xc8 ip_finish_output2+0x279/0x520 ? __ip_finish_output.part.0+0x21/0x130 Fix by fetching the device hard header length before running the BPF code. Fixes: 3a0af8f ("bpf: BPF for lightweight tunnel infrastructure") Signed-off-by: Eyal Birger <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> Link: https://lore.kernel.org/bpf/[email protected] Signed-off-by: Sasha Levin <[email protected]>
ammarfaizi2
pushed a commit
to ammarfaizi2/linux-fork
that referenced
this pull request
May 9, 2022
… lwt hook [ Upstream commit b02d196 ] xmit_check_hhlen() observes the dst for getting the device hard header length to make sure a modified packet can fit. When a helper which changes the dst - such as bpf_skb_set_tunnel_key() - is called as part of the xmit program the accessed dst is no longer valid. This leads to the following splat: BUG: kernel NULL pointer dereference, address: 00000000000000de #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 0 PID: 798 Comm: ping Not tainted 5.18.0-rc2+ torvalds#103 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 RIP: 0010:bpf_xmit+0xfb/0x17f Code: c6 c0 4d cd 8e 48 c7 c7 7d 33 f0 8e e8 42 09 fb ff 48 8b 45 58 48 8b 95 c8 00 00 00 48 2b 95 c0 00 00 00 48 83 e0 fe 48 8b 00 <0f> b7 80 de 00 00 00 39 c2 73 22 29 d0 b9 20 0a 00 00 31 d2 48 89 RSP: 0018:ffffb148c0bc7b98 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000240008 RCX: 0000000000000000 RDX: 0000000000000010 RSI: 00000000ffffffea RDI: 00000000ffffffff RBP: ffff922a828a4e00 R08: ffffffff8f1350e8 R09: 00000000ffffdfff R10: ffffffff8f055100 R11: ffffffff8f105100 R12: 0000000000000000 R13: ffff922a828a4e00 R14: 0000000000000040 R15: 0000000000000000 FS: 00007f414e8f0080(0000) GS:ffff922afdc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000de CR3: 0000000002d80006 CR4: 0000000000370ef0 Call Trace: <TASK> lwtunnel_xmit.cold+0x71/0xc8 ip_finish_output2+0x279/0x520 ? __ip_finish_output.part.0+0x21/0x130 Fix by fetching the device hard header length before running the BPF code. Fixes: 3a0af8f ("bpf: BPF for lightweight tunnel infrastructure") Signed-off-by: Eyal Birger <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> Link: https://lore.kernel.org/bpf/[email protected] Signed-off-by: Sasha Levin <[email protected]>
ammarfaizi2
pushed a commit
to ammarfaizi2/linux-fork
that referenced
this pull request
May 9, 2022
… lwt hook [ Upstream commit b02d196 ] xmit_check_hhlen() observes the dst for getting the device hard header length to make sure a modified packet can fit. When a helper which changes the dst - such as bpf_skb_set_tunnel_key() - is called as part of the xmit program the accessed dst is no longer valid. This leads to the following splat: BUG: kernel NULL pointer dereference, address: 00000000000000de #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 0 PID: 798 Comm: ping Not tainted 5.18.0-rc2+ torvalds#103 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 RIP: 0010:bpf_xmit+0xfb/0x17f Code: c6 c0 4d cd 8e 48 c7 c7 7d 33 f0 8e e8 42 09 fb ff 48 8b 45 58 48 8b 95 c8 00 00 00 48 2b 95 c0 00 00 00 48 83 e0 fe 48 8b 00 <0f> b7 80 de 00 00 00 39 c2 73 22 29 d0 b9 20 0a 00 00 31 d2 48 89 RSP: 0018:ffffb148c0bc7b98 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000240008 RCX: 0000000000000000 RDX: 0000000000000010 RSI: 00000000ffffffea RDI: 00000000ffffffff RBP: ffff922a828a4e00 R08: ffffffff8f1350e8 R09: 00000000ffffdfff R10: ffffffff8f055100 R11: ffffffff8f105100 R12: 0000000000000000 R13: ffff922a828a4e00 R14: 0000000000000040 R15: 0000000000000000 FS: 00007f414e8f0080(0000) GS:ffff922afdc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000de CR3: 0000000002d80006 CR4: 0000000000370ef0 Call Trace: <TASK> lwtunnel_xmit.cold+0x71/0xc8 ip_finish_output2+0x279/0x520 ? __ip_finish_output.part.0+0x21/0x130 Fix by fetching the device hard header length before running the BPF code. Fixes: 3a0af8f ("bpf: BPF for lightweight tunnel infrastructure") Signed-off-by: Eyal Birger <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> Link: https://lore.kernel.org/bpf/[email protected] Signed-off-by: Sasha Levin <[email protected]>
ammarfaizi2
pushed a commit
to ammarfaizi2/linux-fork
that referenced
this pull request
May 9, 2022
… lwt hook [ Upstream commit b02d196 ] xmit_check_hhlen() observes the dst for getting the device hard header length to make sure a modified packet can fit. When a helper which changes the dst - such as bpf_skb_set_tunnel_key() - is called as part of the xmit program the accessed dst is no longer valid. This leads to the following splat: BUG: kernel NULL pointer dereference, address: 00000000000000de #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 0 PID: 798 Comm: ping Not tainted 5.18.0-rc2+ torvalds#103 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 RIP: 0010:bpf_xmit+0xfb/0x17f Code: c6 c0 4d cd 8e 48 c7 c7 7d 33 f0 8e e8 42 09 fb ff 48 8b 45 58 48 8b 95 c8 00 00 00 48 2b 95 c0 00 00 00 48 83 e0 fe 48 8b 00 <0f> b7 80 de 00 00 00 39 c2 73 22 29 d0 b9 20 0a 00 00 31 d2 48 89 RSP: 0018:ffffb148c0bc7b98 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000240008 RCX: 0000000000000000 RDX: 0000000000000010 RSI: 00000000ffffffea RDI: 00000000ffffffff RBP: ffff922a828a4e00 R08: ffffffff8f1350e8 R09: 00000000ffffdfff R10: ffffffff8f055100 R11: ffffffff8f105100 R12: 0000000000000000 R13: ffff922a828a4e00 R14: 0000000000000040 R15: 0000000000000000 FS: 00007f414e8f0080(0000) GS:ffff922afdc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000de CR3: 0000000002d80006 CR4: 0000000000370ef0 Call Trace: <TASK> lwtunnel_xmit.cold+0x71/0xc8 ip_finish_output2+0x279/0x520 ? __ip_finish_output.part.0+0x21/0x130 Fix by fetching the device hard header length before running the BPF code. Fixes: 3a0af8f ("bpf: BPF for lightweight tunnel infrastructure") Signed-off-by: Eyal Birger <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> Link: https://lore.kernel.org/bpf/[email protected] Signed-off-by: Sasha Levin <[email protected]>
ammarfaizi2
pushed a commit
to ammarfaizi2/linux-fork
that referenced
this pull request
May 9, 2022
… lwt hook [ Upstream commit b02d196 ] xmit_check_hhlen() observes the dst for getting the device hard header length to make sure a modified packet can fit. When a helper which changes the dst - such as bpf_skb_set_tunnel_key() - is called as part of the xmit program the accessed dst is no longer valid. This leads to the following splat: BUG: kernel NULL pointer dereference, address: 00000000000000de #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 0 PID: 798 Comm: ping Not tainted 5.18.0-rc2+ torvalds#103 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 RIP: 0010:bpf_xmit+0xfb/0x17f Code: c6 c0 4d cd 8e 48 c7 c7 7d 33 f0 8e e8 42 09 fb ff 48 8b 45 58 48 8b 95 c8 00 00 00 48 2b 95 c0 00 00 00 48 83 e0 fe 48 8b 00 <0f> b7 80 de 00 00 00 39 c2 73 22 29 d0 b9 20 0a 00 00 31 d2 48 89 RSP: 0018:ffffb148c0bc7b98 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000240008 RCX: 0000000000000000 RDX: 0000000000000010 RSI: 00000000ffffffea RDI: 00000000ffffffff RBP: ffff922a828a4e00 R08: ffffffff8f1350e8 R09: 00000000ffffdfff R10: ffffffff8f055100 R11: ffffffff8f105100 R12: 0000000000000000 R13: ffff922a828a4e00 R14: 0000000000000040 R15: 0000000000000000 FS: 00007f414e8f0080(0000) GS:ffff922afdc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000de CR3: 0000000002d80006 CR4: 0000000000370ef0 Call Trace: <TASK> lwtunnel_xmit.cold+0x71/0xc8 ip_finish_output2+0x279/0x520 ? __ip_finish_output.part.0+0x21/0x130 Fix by fetching the device hard header length before running the BPF code. Fixes: 3a0af8f ("bpf: BPF for lightweight tunnel infrastructure") Signed-off-by: Eyal Birger <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> Link: https://lore.kernel.org/bpf/[email protected] Signed-off-by: Sasha Levin <[email protected]>
ammarfaizi2
pushed a commit
to ammarfaizi2/linux-fork
that referenced
this pull request
May 9, 2022
… lwt hook [ Upstream commit b02d196 ] xmit_check_hhlen() observes the dst for getting the device hard header length to make sure a modified packet can fit. When a helper which changes the dst - such as bpf_skb_set_tunnel_key() - is called as part of the xmit program the accessed dst is no longer valid. This leads to the following splat: BUG: kernel NULL pointer dereference, address: 00000000000000de #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 0 PID: 798 Comm: ping Not tainted 5.18.0-rc2+ torvalds#103 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 RIP: 0010:bpf_xmit+0xfb/0x17f Code: c6 c0 4d cd 8e 48 c7 c7 7d 33 f0 8e e8 42 09 fb ff 48 8b 45 58 48 8b 95 c8 00 00 00 48 2b 95 c0 00 00 00 48 83 e0 fe 48 8b 00 <0f> b7 80 de 00 00 00 39 c2 73 22 29 d0 b9 20 0a 00 00 31 d2 48 89 RSP: 0018:ffffb148c0bc7b98 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000240008 RCX: 0000000000000000 RDX: 0000000000000010 RSI: 00000000ffffffea RDI: 00000000ffffffff RBP: ffff922a828a4e00 R08: ffffffff8f1350e8 R09: 00000000ffffdfff R10: ffffffff8f055100 R11: ffffffff8f105100 R12: 0000000000000000 R13: ffff922a828a4e00 R14: 0000000000000040 R15: 0000000000000000 FS: 00007f414e8f0080(0000) GS:ffff922afdc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000de CR3: 0000000002d80006 CR4: 0000000000370ef0 Call Trace: <TASK> lwtunnel_xmit.cold+0x71/0xc8 ip_finish_output2+0x279/0x520 ? __ip_finish_output.part.0+0x21/0x130 Fix by fetching the device hard header length before running the BPF code. Fixes: 3a0af8f ("bpf: BPF for lightweight tunnel infrastructure") Signed-off-by: Eyal Birger <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> Link: https://lore.kernel.org/bpf/[email protected] Signed-off-by: Sasha Levin <[email protected]>
ammarfaizi2
pushed a commit
to ammarfaizi2/linux-fork
that referenced
this pull request
May 9, 2022
… lwt hook [ Upstream commit b02d196 ] xmit_check_hhlen() observes the dst for getting the device hard header length to make sure a modified packet can fit. When a helper which changes the dst - such as bpf_skb_set_tunnel_key() - is called as part of the xmit program the accessed dst is no longer valid. This leads to the following splat: BUG: kernel NULL pointer dereference, address: 00000000000000de #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 0 PID: 798 Comm: ping Not tainted 5.18.0-rc2+ torvalds#103 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 RIP: 0010:bpf_xmit+0xfb/0x17f Code: c6 c0 4d cd 8e 48 c7 c7 7d 33 f0 8e e8 42 09 fb ff 48 8b 45 58 48 8b 95 c8 00 00 00 48 2b 95 c0 00 00 00 48 83 e0 fe 48 8b 00 <0f> b7 80 de 00 00 00 39 c2 73 22 29 d0 b9 20 0a 00 00 31 d2 48 89 RSP: 0018:ffffb148c0bc7b98 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000240008 RCX: 0000000000000000 RDX: 0000000000000010 RSI: 00000000ffffffea RDI: 00000000ffffffff RBP: ffff922a828a4e00 R08: ffffffff8f1350e8 R09: 00000000ffffdfff R10: ffffffff8f055100 R11: ffffffff8f105100 R12: 0000000000000000 R13: ffff922a828a4e00 R14: 0000000000000040 R15: 0000000000000000 FS: 00007f414e8f0080(0000) GS:ffff922afdc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000de CR3: 0000000002d80006 CR4: 0000000000370ef0 Call Trace: <TASK> lwtunnel_xmit.cold+0x71/0xc8 ip_finish_output2+0x279/0x520 ? __ip_finish_output.part.0+0x21/0x130 Fix by fetching the device hard header length before running the BPF code. Fixes: 3a0af8f ("bpf: BPF for lightweight tunnel infrastructure") Signed-off-by: Eyal Birger <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> Link: https://lore.kernel.org/bpf/[email protected] Signed-off-by: Sasha Levin <[email protected]>
CamberLoid
pushed a commit
to CamberLoid/linux-kernel
that referenced
this pull request
May 17, 2022
… lwt hook xmit_check_hhlen() observes the dst for getting the device hard header length to make sure a modified packet can fit. When a helper which changes the dst - such as bpf_skb_set_tunnel_key() - is called as part of the xmit program the accessed dst is no longer valid. This leads to the following splat: BUG: kernel NULL pointer dereference, address: 00000000000000de #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 0 PID: 798 Comm: ping Not tainted 5.18.0-rc2+ torvalds#103 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 RIP: 0010:bpf_xmit+0xfb/0x17f Code: c6 c0 4d cd 8e 48 c7 c7 7d 33 f0 8e e8 42 09 fb ff 48 8b 45 58 48 8b 95 c8 00 00 00 48 2b 95 c0 00 00 00 48 83 e0 fe 48 8b 00 <0f> b7 80 de 00 00 00 39 c2 73 22 29 d0 b9 20 0a 00 00 31 d2 48 89 RSP: 0018:ffffb148c0bc7b98 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000240008 RCX: 0000000000000000 RDX: 0000000000000010 RSI: 00000000ffffffea RDI: 00000000ffffffff RBP: ffff922a828a4e00 R08: ffffffff8f1350e8 R09: 00000000ffffdfff R10: ffffffff8f055100 R11: ffffffff8f105100 R12: 0000000000000000 R13: ffff922a828a4e00 R14: 0000000000000040 R15: 0000000000000000 FS: 00007f414e8f0080(0000) GS:ffff922afdc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000de CR3: 0000000002d80006 CR4: 0000000000370ef0 Call Trace: <TASK> lwtunnel_xmit.cold+0x71/0xc8 ip_finish_output2+0x279/0x520 ? __ip_finish_output.part.0+0x21/0x130 Fix by fetching the device hard header length before running the BPF code. Fixes: 3a0af8f ("bpf: BPF for lightweight tunnel infrastructure") Signed-off-by: Eyal Birger <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> Link: https://lore.kernel.org/bpf/[email protected]
CamberLoid
pushed a commit
to CamberLoid/linux-kernel
that referenced
this pull request
May 17, 2022
… lwt hook xmit_check_hhlen() observes the dst for getting the device hard header length to make sure a modified packet can fit. When a helper which changes the dst - such as bpf_skb_set_tunnel_key() - is called as part of the xmit program the accessed dst is no longer valid. This leads to the following splat: BUG: kernel NULL pointer dereference, address: 00000000000000de #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 0 PID: 798 Comm: ping Not tainted 5.18.0-rc2+ torvalds#103 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 RIP: 0010:bpf_xmit+0xfb/0x17f Code: c6 c0 4d cd 8e 48 c7 c7 7d 33 f0 8e e8 42 09 fb ff 48 8b 45 58 48 8b 95 c8 00 00 00 48 2b 95 c0 00 00 00 48 83 e0 fe 48 8b 00 <0f> b7 80 de 00 00 00 39 c2 73 22 29 d0 b9 20 0a 00 00 31 d2 48 89 RSP: 0018:ffffb148c0bc7b98 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000240008 RCX: 0000000000000000 RDX: 0000000000000010 RSI: 00000000ffffffea RDI: 00000000ffffffff RBP: ffff922a828a4e00 R08: ffffffff8f1350e8 R09: 00000000ffffdfff R10: ffffffff8f055100 R11: ffffffff8f105100 R12: 0000000000000000 R13: ffff922a828a4e00 R14: 0000000000000040 R15: 0000000000000000 FS: 00007f414e8f0080(0000) GS:ffff922afdc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000000de CR3: 0000000002d80006 CR4: 0000000000370ef0 Call Trace: <TASK> lwtunnel_xmit.cold+0x71/0xc8 ip_finish_output2+0x279/0x520 ? __ip_finish_output.part.0+0x21/0x130 Fix by fetching the device hard header length before running the BPF code. Fixes: 3a0af8f ("bpf: BPF for lightweight tunnel infrastructure") Signed-off-by: Eyal Birger <[email protected]> Signed-off-by: Daniel Borkmann <[email protected]> Link: https://lore.kernel.org/bpf/[email protected]
akiernan
pushed a commit
to zuma-array/linux
that referenced
this pull request
Nov 3, 2022
PD#150094: driver defect clean up: torvalds#32 torvalds#86 torvalds#90 torvalds#92 torvalds#97 torvalds#101 torvalds#103 torvalds#152 torvalds#155 torvalds#157~torvalds#158 torvalds#164 torvalds#167 torvalds#169~torvalds#179 torvalds#187~torvalds#191 torvalds#193~torvalds#199 torvalds#201~torvalds#210 torvalds#212~torvalds#213 torvalds#316~torvalds#319 torvalds#385 torvalds#572 torvalds#693~torvalds#694 torvalds#696~torvalds#697 Change-Id: I9669e5c0d717ee2287faf57a271ff27692039802 Signed-off-by: Guosong Zhou <[email protected]>
akiernan
pushed a commit
to zuma-array/linux
that referenced
this pull request
Nov 4, 2022
PD#150094: driver defect clean up: torvalds#32 torvalds#86 torvalds#90 torvalds#92 torvalds#97 torvalds#101 torvalds#103 torvalds#152 torvalds#155 torvalds#157~torvalds#158 torvalds#164 torvalds#167 torvalds#169~torvalds#179 torvalds#187~torvalds#191 torvalds#193~torvalds#199 torvalds#201~torvalds#210 torvalds#212~torvalds#213 torvalds#316~torvalds#319 torvalds#385 torvalds#572 torvalds#693~torvalds#694 torvalds#696~torvalds#697 Change-Id: I9669e5c0d717ee2287faf57a271ff27692039802 Signed-off-by: Guosong Zhou <[email protected]>
gatieme
pushed a commit
to gatieme/linux
that referenced
this pull request
Nov 24, 2022
ANBZ: torvalds#103 While backporting io_uring async buffered reads feature, we should have replaced most task_work_add() calls with io_req_task_work_add(), but seems that we failed to do it, which causes task works maybe not executed in time. Use TWA_SIGNAL to fix this bug. Reviewed-by: Joseph Qi <[email protected]> Reviewed-by: Hao Xu <[email protected]> Signed-off-by: Xiaoguang Wang <[email protected]>
logic10492
pushed a commit
to logic10492/linux-amd-zen2
that referenced
this pull request
Jan 18, 2024
Implement generic bypass mode and use it while PM operations are in progress
honjow
pushed a commit
to 3003n/linux
that referenced
this pull request
Oct 11, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
boot.h : basic i/o port change
bit.h : new header file (set & get bit )
crc32 : a new crc32 function