OSDN Git Service
Stanislav Fomichev [Tue, 14 May 2019 21:12:34 +0000 (14:12 -0700)]
selftests/bpf: add prog detach to flow_dissector test
In case we are not running in a namespace (which we don't do by default),
let's try to detach the bpf program that we use for eth_get_headlen tests.
Fixes:
0905beec9f52 ("selftests/bpf: run flow dissector tests in skb-less mode")
Signed-off-by: Stanislav Fomichev <sdf@google.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Stanislav Fomichev [Tue, 14 May 2019 21:12:33 +0000 (14:12 -0700)]
selftests/bpf: add missing \n to flow_dissector CHECK errors
Otherwise, in case of an error, everything gets mushed together.
Fixes:
a5cb33464e53 ("selftests/bpf: make flow dissector tests more extensible")
Signed-off-by: Stanislav Fomichev <sdf@google.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Stanislav Fomichev [Wed, 15 May 2019 03:38:49 +0000 (20:38 -0700)]
libbpf: don't fail when feature probing fails
Otherwise libbpf is unusable from unprivileged process with
kernel.kernel.unprivileged_bpf_disabled=1.
All I get is EPERM from the probes, even if I just want to
open an ELF object and look at what progs/maps it has.
Instead of dying on probes, let's just pr_debug the error and
try to continue.
Signed-off-by: Stanislav Fomichev <sdf@google.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Alexei Starovoitov [Tue, 14 May 2019 17:47:29 +0000 (10:47 -0700)]
Merge branch 'lru-map-fix'
Daniel Borkmann says:
====================
This set fixes LRU map eviction in combination with map lookups out
of system call side from user space. Main patch is the second one and
test cases are adapted and added in the last one. Thanks!
====================
Acked-by: Andrii Nakryiko <andriin@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Daniel Borkmann [Mon, 13 May 2019 23:18:57 +0000 (01:18 +0200)]
bpf: test ref bit from data path and add new tests for syscall path
The test_lru_map is relying on marking the LRU map entry via regular
BPF map lookup from system call side. This is basically for simplicity
reasons. Given we fixed marking entries in that case, the test needs
to be fixed as well. Here we add a small drop-in replacement to retain
existing behavior for the tests by marking out of the BPF program and
transferring the retrieved value out via temporary map. This also adds
new test cases to track the new behavior where two elements are marked,
one via system call side and one via program side, where the next update
then evicts the key looked up only from system call side.
# ./test_lru_map
nr_cpus:8
test_lru_sanity0 (map_type:9 map_flags:0x0): Pass
test_lru_sanity1 (map_type:9 map_flags:0x0): Pass
test_lru_sanity2 (map_type:9 map_flags:0x0): Pass
test_lru_sanity3 (map_type:9 map_flags:0x0): Pass
test_lru_sanity4 (map_type:9 map_flags:0x0): Pass
test_lru_sanity5 (map_type:9 map_flags:0x0): Pass
test_lru_sanity7 (map_type:9 map_flags:0x0): Pass
test_lru_sanity8 (map_type:9 map_flags:0x0): Pass
test_lru_sanity0 (map_type:10 map_flags:0x0): Pass
test_lru_sanity1 (map_type:10 map_flags:0x0): Pass
test_lru_sanity2 (map_type:10 map_flags:0x0): Pass
test_lru_sanity3 (map_type:10 map_flags:0x0): Pass
test_lru_sanity4 (map_type:10 map_flags:0x0): Pass
test_lru_sanity5 (map_type:10 map_flags:0x0): Pass
test_lru_sanity7 (map_type:10 map_flags:0x0): Pass
test_lru_sanity8 (map_type:10 map_flags:0x0): Pass
test_lru_sanity0 (map_type:9 map_flags:0x2): Pass
test_lru_sanity4 (map_type:9 map_flags:0x2): Pass
test_lru_sanity6 (map_type:9 map_flags:0x2): Pass
test_lru_sanity7 (map_type:9 map_flags:0x2): Pass
test_lru_sanity8 (map_type:9 map_flags:0x2): Pass
test_lru_sanity0 (map_type:10 map_flags:0x2): Pass
test_lru_sanity4 (map_type:10 map_flags:0x2): Pass
test_lru_sanity6 (map_type:10 map_flags:0x2): Pass
test_lru_sanity7 (map_type:10 map_flags:0x2): Pass
test_lru_sanity8 (map_type:10 map_flags:0x2): Pass
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Daniel Borkmann [Mon, 13 May 2019 23:18:56 +0000 (01:18 +0200)]
bpf, lru: avoid messing with eviction heuristics upon syscall lookup
One of the biggest issues we face right now with picking LRU map over
regular hash table is that a map walk out of user space, for example,
to just dump the existing entries or to remove certain ones, will
completely mess up LRU eviction heuristics and wrong entries such
as just created ones will get evicted instead. The reason for this
is that we mark an entry as "in use" via bpf_lru_node_set_ref() from
system call lookup side as well. Thus upon walk, all entries are
being marked, so information of actual least recently used ones
are "lost".
In case of Cilium where it can be used (besides others) as a BPF
based connection tracker, this current behavior causes disruption
upon control plane changes that need to walk the map from user space
to evict certain entries. Discussion result from bpfconf [0] was that
we should simply just remove marking from system call side as no
good use case could be found where it's actually needed there.
Therefore this patch removes marking for regular LRU and per-CPU
flavor. If there ever should be a need in future, the behavior could
be selected via map creation flag, but due to mentioned reason we
avoid this here.
[0] http://vger.kernel.org/bpfconf.html
Fixes:
29ba732acbee ("bpf: Add BPF_MAP_TYPE_LRU_HASH")
Fixes:
8f8449384ec3 ("bpf: Add BPF_MAP_TYPE_LRU_PERCPU_HASH")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Daniel Borkmann [Mon, 13 May 2019 23:18:55 +0000 (01:18 +0200)]
bpf: add map_lookup_elem_sys_only for lookups from syscall side
Add a callback map_lookup_elem_sys_only() that map implementations
could use over map_lookup_elem() from system call side in case the
map implementation needs to handle the latter differently than from
the BPF data path. If map_lookup_elem_sys_only() is set, this will
be preferred pick for map lookups out of user space. This hook is
used in a follow-up fix for LRU map, but once development window
opens, we can convert other map types from map_lookup_elem() (here,
the one called upon BPF_MAP_LOOKUP_ELEM cmd is meant) over to use
the callback to simplify and clean up the latter.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Gary Lin [Tue, 14 May 2019 03:15:50 +0000 (11:15 +0800)]
tools/bpf: Sync kernel btf.h header
For the fix of BTF_INT_OFFSET().
Signed-off-by: Gary Lin <glin@suse.com>
Acked-by: Andrii Nakryiko <andriin@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Gary Lin [Mon, 13 May 2019 09:45:48 +0000 (17:45 +0800)]
bpf: btf: fix the brackets of BTF_INT_OFFSET()
'VAL' should be protected by the brackets.
v2:
* Squash the fix for Documentation/bpf/btf.rst
Fixes:
69b693f0aefa ("bpf: btf: Introduce BPF Type Format (BTF)")
Signed-off-by: Gary Lin <glin@suse.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
John Fastabend [Mon, 13 May 2019 14:19:55 +0000 (07:19 -0700)]
bpf: sockmap fix msg->sg.size account on ingress skb
When converting a skb to msg->sg we forget to set the size after the
latest ktls/tls code conversion. This patch can be reached by doing
a redir into ingress path from BPF skb sock recv hook. Then trying to
read the size fails.
Fix this by setting the size.
Fixes:
604326b41a6fb ("bpf, sockmap: convert to generic sk_msg interface")
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
John Fastabend [Mon, 13 May 2019 14:19:37 +0000 (07:19 -0700)]
bpf: sockmap remove duplicate queue free
In tcp bpf remove we free the cork list and purge the ingress msg
list. However we do this before the ref count reaches zero so it
could be possible some other access is in progress. In this case
(tcp close and/or tcp_unhash) we happen to also hold the sock
lock so no path exists but lets fix it otherwise it is extremely
fragile and breaks the reference counting rules. Also we already
check the cork list and ingress msg queue and free them once the
ref count reaches zero so its wasteful to check twice.
Fixes:
604326b41a6fb ("bpf, sockmap: convert to generic sk_msg interface")
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
John Fastabend [Mon, 13 May 2019 14:19:19 +0000 (07:19 -0700)]
bpf: sockmap, only stop/flush strp if it was enabled at some point
If we try to call strp_done on a parser that has never been
initialized, because the sockmap user is only using TX side for
example we get the following error.
[ 883.422081] WARNING: CPU: 1 PID: 208 at kernel/workqueue.c:3030 __flush_work+0x1ca/0x1e0
...
[ 883.422095] Workqueue: events sk_psock_destroy_deferred
[ 883.422097] RIP: 0010:__flush_work+0x1ca/0x1e0
This had been wrapped in a 'if (psock->parser.enabled)' logic which
was broken because the strp_done() was never actually being called
because we do a strp_stop() earlier in the tear down logic will
set parser.enabled to false. This could result in a use after free
if work was still in the queue and was resolved by the patch here,
1d79895aef18f ("sk_msg: Always cancel strp work before freeing the
psock"). However, calling strp_stop(), done by the patch marked in
the fixes tag, only is useful if we never initialized a strp parser
program and never initialized the strp to start with. Because if
we had initialized a stream parser strp_stop() would have been called
by sk_psock_drop() earlier in the tear down process. By forcing the
strp to stop we get past the WARNING in strp_done that checks
the stopped flag but calling cancel_work_sync on work that has never
been initialized is also wrong and generates the warning above.
To fix check if the parser program exists. If the program exists
then the strp work has been initialized and must be sync'd and
cancelled before free'ing any structures. If no program exists we
never initialized the stream parser in the first place so skip the
sync/cancel logic implemented by strp_done.
Finally, remove the strp_done its not needed and in the case where we
are using the stream parser has already been called.
Fixes:
e8e3437762ad9 ("bpf: Stop the psock parser before canceling its work")
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Stanislav Fomichev [Mon, 13 May 2019 19:04:36 +0000 (12:04 -0700)]
bpf: mark bpf_event_notify and bpf_event_init as static
Both of them are not declared in the headers and not used outside
of bpf_trace.c file.
Fixes:
a38d1107f937c ("bpf: support raw tracepoints in modules")
Signed-off-by: Stanislav Fomichev <sdf@google.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Eric Dumazet [Mon, 13 May 2019 16:59:16 +0000 (09:59 -0700)]
bpf: devmap: fix use-after-free Read in __dev_map_entry_free
synchronize_rcu() is fine when the rcu callbacks only need
to free memory (kfree_rcu() or direct kfree() call rcu call backs)
__dev_map_entry_free() is a bit more complex, so we need to make
sure that call queued __dev_map_entry_free() callbacks have completed.
sysbot report:
BUG: KASAN: use-after-free in dev_map_flush_old kernel/bpf/devmap.c:365
[inline]
BUG: KASAN: use-after-free in __dev_map_entry_free+0x2a8/0x300
kernel/bpf/devmap.c:379
Read of size 8 at addr
ffff8801b8da38c8 by task ksoftirqd/1/18
CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 4.17.0+ #39
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1b9/0x294 lib/dump_stack.c:113
print_address_description+0x6c/0x20b mm/kasan/report.c:256
kasan_report_error mm/kasan/report.c:354 [inline]
kasan_report.cold.7+0x242/0x2fe mm/kasan/report.c:412
__asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:433
dev_map_flush_old kernel/bpf/devmap.c:365 [inline]
__dev_map_entry_free+0x2a8/0x300 kernel/bpf/devmap.c:379
__rcu_reclaim kernel/rcu/rcu.h:178 [inline]
rcu_do_batch kernel/rcu/tree.c:2558 [inline]
invoke_rcu_callbacks kernel/rcu/tree.c:2818 [inline]
__rcu_process_callbacks kernel/rcu/tree.c:2785 [inline]
rcu_process_callbacks+0xe9d/0x1760 kernel/rcu/tree.c:2802
__do_softirq+0x2e0/0xaf5 kernel/softirq.c:284
run_ksoftirqd+0x86/0x100 kernel/softirq.c:645
smpboot_thread_fn+0x417/0x870 kernel/smpboot.c:164
kthread+0x345/0x410 kernel/kthread.c:240
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:412
Allocated by task 6675:
save_stack+0x43/0xd0 mm/kasan/kasan.c:448
set_track mm/kasan/kasan.c:460 [inline]
kasan_kmalloc+0xc4/0xe0 mm/kasan/kasan.c:553
kmem_cache_alloc_trace+0x152/0x780 mm/slab.c:3620
kmalloc include/linux/slab.h:513 [inline]
kzalloc include/linux/slab.h:706 [inline]
dev_map_alloc+0x208/0x7f0 kernel/bpf/devmap.c:102
find_and_alloc_map kernel/bpf/syscall.c:129 [inline]
map_create+0x393/0x1010 kernel/bpf/syscall.c:453
__do_sys_bpf kernel/bpf/syscall.c:2351 [inline]
__se_sys_bpf kernel/bpf/syscall.c:2328 [inline]
__x64_sys_bpf+0x303/0x510 kernel/bpf/syscall.c:2328
do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Freed by task 26:
save_stack+0x43/0xd0 mm/kasan/kasan.c:448
set_track mm/kasan/kasan.c:460 [inline]
__kasan_slab_free+0x11a/0x170 mm/kasan/kasan.c:521
kasan_slab_free+0xe/0x10 mm/kasan/kasan.c:528
__cache_free mm/slab.c:3498 [inline]
kfree+0xd9/0x260 mm/slab.c:3813
dev_map_free+0x4fa/0x670 kernel/bpf/devmap.c:191
bpf_map_free_deferred+0xba/0xf0 kernel/bpf/syscall.c:262
process_one_work+0xc64/0x1b70 kernel/workqueue.c:2153
worker_thread+0x181/0x13a0 kernel/workqueue.c:2296
kthread+0x345/0x410 kernel/kthread.c:240
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:412
The buggy address belongs to the object at
ffff8801b8da37c0
which belongs to the cache kmalloc-512 of size 512
The buggy address is located 264 bytes inside of
512-byte region [
ffff8801b8da37c0,
ffff8801b8da39c0)
The buggy address belongs to the page:
page:
ffffea0006e368c0 count:1 mapcount:0 mapping:
ffff8801da800940
index:0xffff8801b8da3540
flags: 0x2fffc0000000100(slab)
raw:
02fffc0000000100 ffffea0007217b88 ffffea0006e30cc8 ffff8801da800940
raw:
ffff8801b8da3540 ffff8801b8da3040 0000000100000004 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff8801b8da3780: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
ffff8801b8da3800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>
ffff8801b8da3880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff8801b8da3900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff8801b8da3980: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
Fixes:
546ac1ffb70d ("bpf: add devmap, a map for storing net device references")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot+457d3e2ffbcf31aee5c0@syzkaller.appspotmail.com
Acked-by: Toke Høiland-Jørgensen <toke@redhat.com>
Acked-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Corentin Labbe [Mon, 13 May 2019 13:06:39 +0000 (13:06 +0000)]
net: ethernet: stmmac: dwmac-sun8i: enable support of unicast filtering
When adding more MAC addresses to a dwmac-sun8i interface, the device goes
directly in promiscuous mode.
This is due to IFF_UNICAST_FLT missing flag.
So since the hardware support unicast filtering, let's add IFF_UNICAST_FLT.
Fixes:
9f93ac8d4085 ("net-next: stmmac: Add dwmac-sun8i")
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Grygorii Strashko [Mon, 13 May 2019 13:16:36 +0000 (16:16 +0300)]
net: ethernet: ti: netcp_ethss: fix build
Fix reported build fail:
ERROR: "cpsw_ale_flush_multicast" [drivers/net/ethernet/ti/keystone_netcp_ethss.ko] undefined!
ERROR: "cpsw_ale_create" [drivers/net/ethernet/ti/keystone_netcp_ethss.ko] undefined!
ERROR: "cpsw_ale_add_vlan" [drivers/net/ethernet/ti/keystone_netcp_ethss.ko] undefined!
Fixes:
16f54164828b ("net: ethernet: ti: cpsw: drop CONFIG_TI_CPSW_ALE config option")
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Mon, 13 May 2019 16:38:55 +0000 (09:38 -0700)]
flow_dissector: disable preemption around BPF calls
Various things in eBPF really require us to disable preemption
before running an eBPF program.
syzbot reported :
BUG: assuming atomic context at net/core/flow_dissector.c:737
in_atomic(): 0, irqs_disabled(): 0, pid: 24710, name: syz-executor.3
2 locks held by syz-executor.3/24710:
#0:
00000000e81a4bf1 (&tfile->napi_mutex){+.+.}, at: tun_get_user+0x168e/0x3ff0 drivers/net/tun.c:1850
#1:
00000000254afebd (rcu_read_lock){....}, at: __skb_flow_dissect+0x1e1/0x4bb0 net/core/flow_dissector.c:822
CPU: 1 PID: 24710 Comm: syz-executor.3 Not tainted 5.1.0+ #6
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x172/0x1f0 lib/dump_stack.c:113
__cant_sleep kernel/sched/core.c:6165 [inline]
__cant_sleep.cold+0xa3/0xbb kernel/sched/core.c:6142
bpf_flow_dissect+0xfe/0x390 net/core/flow_dissector.c:737
__skb_flow_dissect+0x362/0x4bb0 net/core/flow_dissector.c:853
skb_flow_dissect_flow_keys_basic include/linux/skbuff.h:1322 [inline]
skb_probe_transport_header include/linux/skbuff.h:2500 [inline]
skb_probe_transport_header include/linux/skbuff.h:2493 [inline]
tun_get_user+0x2cfe/0x3ff0 drivers/net/tun.c:1940
tun_chr_write_iter+0xbd/0x156 drivers/net/tun.c:2037
call_write_iter include/linux/fs.h:1872 [inline]
do_iter_readv_writev+0x5fd/0x900 fs/read_write.c:693
do_iter_write fs/read_write.c:970 [inline]
do_iter_write+0x184/0x610 fs/read_write.c:951
vfs_writev+0x1b3/0x2f0 fs/read_write.c:1015
do_writev+0x15b/0x330 fs/read_write.c:1058
__do_sys_writev fs/read_write.c:1131 [inline]
__se_sys_writev fs/read_write.c:1128 [inline]
__x64_sys_writev+0x75/0xb0 fs/read_write.c:1128
do_syscall_64+0x103/0x670 arch/x86/entry/common.c:298
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Fixes:
d58e468b1112 ("flow_dissector: implements flow dissector BPF hook")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: Petar Penkov <ppenkov@google.com>
Cc: Stanislav Fomichev <sdf@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jarod Wilson [Fri, 10 May 2019 21:57:09 +0000 (17:57 -0400)]
bonding: fix arp_validate toggling in active-backup mode
There's currently a problem with toggling arp_validate on and off with an
active-backup bond. At the moment, you can start up a bond, like so:
modprobe bonding mode=1 arp_interval=100 arp_validate=0 arp_ip_targets=192.168.1.1
ip link set bond0 down
echo "ens4f0" > /sys/class/net/bond0/bonding/slaves
echo "ens4f1" > /sys/class/net/bond0/bonding/slaves
ip link set bond0 up
ip addr add 192.168.1.2/24 dev bond0
Pings to 192.168.1.1 work just fine. Now turn on arp_validate:
echo 1 > /sys/class/net/bond0/bonding/arp_validate
Pings to 192.168.1.1 continue to work just fine. Now when you go to turn
arp_validate off again, the link falls flat on it's face:
echo 0 > /sys/class/net/bond0/bonding/arp_validate
dmesg
...
[133191.911987] bond0: Setting arp_validate to none (0)
[133194.257793] bond0: bond_should_notify_peers: slave ens4f0
[133194.258031] bond0: link status definitely down for interface ens4f0, disabling it
[133194.259000] bond0: making interface ens4f1 the new active one
[133197.330130] bond0: link status definitely down for interface ens4f1, disabling it
[133197.331191] bond0: now running without any active interface!
The problem lies in bond_options.c, where passing in arp_validate=0
results in bond->recv_probe getting set to NULL. This flies directly in
the face of commit
3fe68df97c7f, which says we need to set recv_probe =
bond_arp_recv, even if we're not using arp_validate. Said commit fixed
this in bond_option_arp_interval_set, but missed that we can get to that
same state in bond_option_arp_validate_set as well.
One solution would be to universally set recv_probe = bond_arp_recv here
as well, but I don't think bond_option_arp_validate_set has any business
touching recv_probe at all, and that should be left to the arp_interval
code, so we can just make things much tidier here.
Fixes:
3fe68df97c7f ("bonding: always set recv_probe to bond_arp_rcv in arp monitor")
CC: Jay Vosburgh <j.vosburgh@gmail.com>
CC: Veaceslav Falico <vfalico@gmail.com>
CC: Andy Gospodarek <andy@greyhouse.net>
CC: "David S. Miller" <davem@davemloft.net>
CC: netdev@vger.kernel.org
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Signed-off-by: Jay Vosburgh <jay.vosburgh@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jerome Brunet [Sun, 12 May 2019 21:12:37 +0000 (23:12 +0200)]
net: meson: fixup g12a glue ephy id
The phy id chosen by Amlogic is incorrectly set in the mdio mux and
does not match the phy driver.
It was not detected before because DT forces the use the correct driver
for the internal PHY.
Fixes:
7090425104db ("net: phy: add amlogic g12a mdio mux support")
Reported-by: Qi Duan <qi.duan@amlogic.com>
Signed-off-by: Jerome Brunet <jbrunet@baylibre.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Kunihiko Hayashi [Mon, 13 May 2019 06:41:45 +0000 (15:41 +0900)]
net: phy: realtek: Replace phy functions with non-locked version in rtl8211e_config_init()
After calling phy_select_page() and until calling phy_restore_page(),
the mutex 'mdio_lock' is already locked, so the driver should use
non-locked version of phy functions. Or there will be a deadlock with
'mdio_lock'.
This replaces phy functions called from rtl8211e_config_init() to avoid
the deadlock issue.
Fixes:
f81dadbcf7fd ("net: phy: realtek: Add rtl8211e rx/tx delays config")
Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Bogendoerfer [Mon, 13 May 2019 11:15:17 +0000 (13:15 +0200)]
net: seeq: fix crash caused by not set dev.parent
The old MIPS implementation of dma_cache_sync() didn't use the dev argument,
but commit
c9eb6172c328 ("dma-mapping: turn dma_cache_sync into a
dma_map_ops method") changed that, so we now need to set dev.parent.
Signed-off-by: Thomas Bogendoerfer <tbogendoerfer@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Mon, 13 May 2019 15:55:15 +0000 (08:55 -0700)]
Merge git://git./pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says:
====================
Netfilter fixes for net
The following patchset contains Netfilter fixes for net:
1) Postpone chain policy update to drop after transaction is complete,
from Florian Westphal.
2) Add entry to flowtable after confirmation to fix UDP flows with
packets going in one single direction.
3) Reference count leak in dst object, from Taehee Yoo.
4) Check for TTL field in flowtable datapath, from Taehee Yoo.
5) Fix h323 conntrack helper due to incorrect boundary check,
from Jakub Jankowski.
6) Fix incorrect rcu dereference when fetching basechain stats,
from Florian Westphal.
7) Missing error check when adding new entries to flowtable,
from Taehee Yoo.
8) Use version field in nfnetlink message to honor the nfgen_family
field, from Kristian Evensen.
9) Remove incorrect configuration check for CONFIG_NF_CONNTRACK_IPV6,
from Subash Abhinov Kasiviswanathan.
10) Prevent dying entries from being added to the flowtable,
from Taehee Yoo.
11) Don't hit WARN_ON() with malformed blob in ebtables with
trailing data after last rule, reported by syzbot, patch
from Florian Westphal.
12) Remove NFT_CT_TIMEOUT enumeration, never used in the kernel
code.
13) Fix incorrect definition for NFT_LOGLEVEL_MAX, from Florian
Westphal.
This batch comes with a conflict that can be fixed with this patch:
diff --cc include/uapi/linux/netfilter/nf_tables.h
index
7bdb234f3d8c,
f0cf7b0f4f35..
505393c6e959
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@@ -966,6 -966,8 +966,7 @@@ enum nft_socket_keys
* @NFT_CT_DST_IP: conntrack layer 3 protocol destination (IPv4 address)
* @NFT_CT_SRC_IP6: conntrack layer 3 protocol source (IPv6 address)
* @NFT_CT_DST_IP6: conntrack layer 3 protocol destination (IPv6 address)
- * @NFT_CT_TIMEOUT: connection tracking timeout policy assigned to conntrack
+ * @NFT_CT_ID: conntrack id
*/
enum nft_ct_keys {
NFT_CT_STATE,
@@@ -991,6 -993,8 +992,7 @@@
NFT_CT_DST_IP,
NFT_CT_SRC_IP6,
NFT_CT_DST_IP6,
- NFT_CT_TIMEOUT,
+ NFT_CT_ID,
__NFT_CT_MAX
};
#define NFT_CT_MAX (__NFT_CT_MAX - 1)
That replaces the unused NFT_CT_TIMEOUT definition by NFT_CT_ID. If you prefer,
I can also solve this conflict here, just let me know.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Petr Štetiar [Mon, 13 May 2019 09:41:39 +0000 (11:41 +0200)]
of_net: Fix missing of_find_device_by_node ref count drop
of_find_device_by_node takes a reference to the embedded struct device
which needs to be dropped after use.
Fixes:
d01f449c008a ("of_net: add NVMEM support to of_get_mac_address")
Reported-by: kbuild test robot <lkp@intel.com>
Reported-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Maxime Chevallier [Mon, 13 May 2019 07:30:33 +0000 (09:30 +0200)]
net: mvpp2: cls: Add missing NETIF_F_NTUPLE flag
Now that the mvpp2 driver supports classification offloading, we must
add the NETIF_F_NTUPLE to the features list.
Since the current code doesn't allow disabling the feature, we don't set
the flag in dev->hw_features.
Fixes:
90b509b39ac9 ("net: mvpp2: cls: Add Classification offload support")
Reported-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Acked-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Mon, 13 May 2019 03:03:35 +0000 (20:03 -0700)]
Merge git://git./pub/scm/linux/kernel/git/bpf/bpf
Daniel Borkmann says:
====================
pull-request: bpf 2019-05-13
The following pull-request contains BPF updates for your *net* tree.
The main changes are:
1) Fix out of bounds backwards jumps due to a bug in dead code
removal, from Daniel.
2) Fix libbpf users by detecting unsupported BTF kernel features
and sanitize them before load, from Andrii.
3) Fix undefined behavior in narrow load handling of context
fields, from Krzesimir.
4) Various BPF uapi header doc/man page fixes, from Quentin.
5) Misc .gitignore fixups to exclude built files, from Kelsey.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Krzesimir Nowak [Wed, 8 May 2019 16:08:58 +0000 (18:08 +0200)]
bpf: fix undefined behavior in narrow load handling
Commit
31fd85816dbe ("bpf: permits narrower load from bpf program
context fields") made the verifier add AND instructions to clear the
unwanted bits with a mask when doing a narrow load. The mask is
computed with
(1 << size * 8) - 1
where "size" is the size of the narrow load. When doing a 4 byte load
of a an 8 byte field the verifier shifts the literal 1 by 32 places to
the left. This results in an overflow of a signed integer, which is an
undefined behavior. Typically, the computed mask was zero, so the
result of the narrow load ended up being zero too.
Cast the literal to long long to avoid overflows. Note that narrow
load of the 4 byte fields does not have the undefined behavior,
because the load size can only be either 1 or 2 bytes, so shifting 1
by 8 or 16 places will not overflow it. And reading 4 bytes would not
be a narrow load of a 4 bytes field.
Fixes:
31fd85816dbe ("bpf: permits narrower load from bpf program context fields")
Reviewed-by: Alban Crequy <alban@kinvolk.io>
Reviewed-by: Iago López Galeiras <iago@kinvolk.io>
Signed-off-by: Krzesimir Nowak <krzesimir@kinvolk.io>
Cc: Yonghong Song <yhs@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Andrii Nakryiko [Fri, 10 May 2019 21:13:15 +0000 (14:13 -0700)]
libbpf: detect supported kernel BTF features and sanitize BTF
Depending on used versions of libbpf, Clang, and kernel, it's possible to
have valid BPF object files with valid BTF information, that still won't
load successfully due to Clang emitting newer BTF features (e.g.,
BTF_KIND_FUNC, .BTF.ext's line_info/func_info, BTF_KIND_DATASEC, etc), that
are not yet supported by older kernel.
This patch adds detection of BTF features and sanitizes BPF object's BTF
by substituting various supported BTF kinds, which have compatible layout:
- BTF_KIND_FUNC -> BTF_KIND_TYPEDEF
- BTF_KIND_FUNC_PROTO -> BTF_KIND_ENUM
- BTF_KIND_VAR -> BTF_KIND_INT
- BTF_KIND_DATASEC -> BTF_KIND_STRUCT
Replacement is done in such a way as to preserve as much information as
possible (names, sizes, etc) where possible without violating kernel's
validation rules.
v2->v3:
- remove duplicate #defines from libbpf_util.h
v1->v2:
- add internal libbpf_internal.h w/ common stuff
- switch SK storage BTF to use new libbpf__probe_raw_btf()
Reported-by: Alexei Starovoitov <ast@fb.com>
Signed-off-by: Andrii Nakryiko <andriin@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Kelsey Skunberg [Sun, 12 May 2019 07:29:18 +0000 (01:29 -0600)]
selftests: bpf: Add files generated after build to .gitignore
The following files are generated after building /selftests/bpf/ and
should be added to .gitignore:
- libbpf.pc
- libbpf.so.*
Signed-off-by: Kelsey Skunberg <skunberg.kelsey@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Daniel Borkmann [Sun, 12 May 2019 23:12:46 +0000 (01:12 +0200)]
Merge branch 'bpf-uapi-doc-fixes'
Quentin Monnet says:
====================
Another round of fixes for the doc in the BPF UAPI header, which can be
turned into a manual page. First patch is the most important, as it fixes
parsing for the bpf_strtoul() helper doc. Following patches are formatting
fixes (nitpicks, mostly). The last one updates the copy of the header,
located under tools/.
====================
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Quentin Monnet [Fri, 10 May 2019 14:51:25 +0000 (15:51 +0100)]
tools: bpf: synchronise BPF UAPI header with tools
Synchronise the bpf.h header under tools, to report the fixes and
additions recently brought to the documentation for the BPF helpers.
Signed-off-by: Quentin Monnet <quentin.monnet@netronome.com>
Acked-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Quentin Monnet [Fri, 10 May 2019 14:51:24 +0000 (15:51 +0100)]
bpf: fix minor issues in documentation for BPF helpers.
This commit brings many minor fixes to the documentation for BPF helper
functions. Mostly, this is limited to formatting fixes and improvements.
In particular, fix broken formatting for bpf_skb_adjust_room().
Besides formatting, replace the mention of "bpf_fullsock()" (that is not
associated with any function or type exposed to the user) in the
description of bpf_sk_storage_get() by "full socket".
Signed-off-by: Quentin Monnet <quentin.monnet@netronome.com>
Acked-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Quentin Monnet [Fri, 10 May 2019 14:51:23 +0000 (15:51 +0100)]
bpf: fix recurring typo in documentation for BPF helpers
"Underlaying packet buffer" should be an "underlying" one, in the
warning about invalidated data and data_end pointers. Through
copy-and-paste, the typo occurred no fewer than 19 times in the
documentation. Let's fix it.
Signed-off-by: Quentin Monnet <quentin.monnet@netronome.com>
Acked-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Quentin Monnet [Fri, 10 May 2019 14:51:22 +0000 (15:51 +0100)]
bpf: fix script for generating man page on BPF helpers
The script broke on parsing function prototype for bpf_strtoul(). This
is because the last argument for the function is a pointer to an
"unsigned long". The current version of the script only accepts "const"
and "struct", but not "unsigned", at the beginning of argument types
made of several words.
One solution could be to add "unsigned" to the list, but the issue could
come up again in the future (what about "long int"?). It turns out we do
not need to have such restrictions on the words: so let's simply accept
any series of words instead.
Reported-by: Yonghong Song <yhs@fb.com>
Signed-off-by: Quentin Monnet <quentin.monnet@netronome.com>
Acked-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Daniel Borkmann [Fri, 10 May 2019 22:51:33 +0000 (22:51 +0000)]
bpf: add various test cases for backward jumps
Add a couple of tests to make sure branch(/call) offset adjustments
are correctly performed.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Hariprasad Kelam [Sun, 12 May 2019 10:39:49 +0000 (16:09 +0530)]
net: dccp : proto: remove Unneeded variable "err"
Fix below issue reported by coccicheck
net/dccp/proto.c:266:5-8: Unneeded variable: "err". Return "0" on line
310
Signed-off-by: Hariprasad Kelam <hariprasad.kelam@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Sun, 12 May 2019 20:19:46 +0000 (13:19 -0700)]
Merge branch 'dsa-Fix-a-bug-and-avoid-dangerous-usage-patterns'
Vladimir Oltean says:
====================
Fix a bug and avoid dangerous usage patterns around DSA_SKB_CB
Making DSA use the sk_buff control block was my idea during the
'Traffic-support-for-SJA1105-DSA-driver' patchset, and I had also
introduced a series of macro helpers that turned out to not be so
helpful:
1. DSA_SKB_ZERO() zeroizes the 48-byte skb->cb area, but due to the high
performance impact in the hotpath it was only intended to be called
from the timestamping path. But it turns out that not zeroizing it
has uncovered the reading of an uninitialized member field of
DSA_SKB_CB, so in the future just be careful about what needs
initialization and remove this macro.
2. DSA_SKB_CLONE() contains a flaw in its body definition (originally
put there to silence checkpatch.pl) and is unusable at this point
(will only cause NPE's when used). So remove it.
3. For DSA_SKB_COPY() the same performance considerations apply as above
and therefore it's best to prune this function before it reaches a
stable kernel and potentially any users.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Vladimir Oltean [Sat, 11 May 2019 20:14:47 +0000 (23:14 +0300)]
net: dsa: Remove the now unused DSA_SKB_CB_COPY() macro
It's best to not expose this, due to the performance hit it may cause
when calling it.
Fixes:
b68b0dd0fb2d ("net: dsa: Keep private info in the skb->cb")
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Vladimir Oltean [Sat, 11 May 2019 20:14:46 +0000 (23:14 +0300)]
net: dsa: Remove dangerous DSA_SKB_CLONE() macro
This does not cause any bug now because it has no users, but its body
contains two pointer definitions within a code block:
struct sk_buff *clone = _clone; \
struct sk_buff *skb = _skb; \
When calling the macro as DSA_SKB_CLONE(clone, skb), these variables
would obscure the arguments that the macro was called with, and the
initializers would be a no-op instead of doing their job (undefined
behavior, by the way, but GCC nicely puts NULL pointers instead).
So simply remove this broken macro and leave users to simply call
"DSA_SKB_CB(skb)->clone = clone" by hand when needed.
There is one functional difference when doing what I just suggested
above: the control block won't be transferred from the original skb into
the clone. Since there's no foreseen need for the control block in the
clone ATM, this is ok.
Fixes:
b68b0dd0fb2d ("net: dsa: Keep private info in the skb->cb")
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Vladimir Oltean [Sat, 11 May 2019 20:14:45 +0000 (23:14 +0300)]
net: dsa: Initialize DSA_SKB_CB(skb)->deferred_xmit variable
The sk_buff control block can have any contents on xmit put there by the
stack, so initialization is mandatory, since we are checking its value
after the actual DSA xmit (the tagger may have changed it).
The DSA_SKB_ZERO() macro could have been used for this purpose, but:
- Zeroizing a 48-byte memory region in the hotpath is best avoided.
- It would have triggered a warning with newer compilers since
__dsa_skb_cb contains a structure within a structure, and the {0}
initializer was incorrect for that purpose.
So simply remove the DSA_SKB_ZERO() macro and initialize the
deferred_xmit variable by hand (which should be done for all further
dsa_skb_cb variables which need initialization - currently none - to
avoid the performance penalty).
Fixes:
97a69a0dea9a ("net: dsa: Add support for deferred xmit")
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Florian Westphal [Sun, 12 May 2019 18:42:37 +0000 (20:42 +0200)]
netfilter: nf_tables: correct NFT_LOGLEVEL_MAX value
should be same as NFT_LOGLEVEL_AUDIT, so use -, not +.
Fixes:
7eced5ab5a73 ("netfilter: nf_tables: add NFT_LOGLEVEL_* enumeration and use it")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Heiner Kallweit [Sat, 11 May 2019 05:44:48 +0000 (07:44 +0200)]
net: phy: realtek: fix double page ops in generic Realtek driver
When adding missing callbacks I missed that one had them set already.
Interesting that the compiler didn't complain.
Fixes:
daf3ddbe11a2 ("net: phy: realtek: add missing page operations")
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Nicholas Mc Guire [Sat, 11 May 2019 00:56:33 +0000 (02:56 +0200)]
net: qrtr: use protocol endiannes variable
sparse was unable to verify endiannes correctness due to reassignment
from le32_to_cpu to the same variable - fix this warning up by providing
a proper __le32 type and initializing it. This is not actually fixing
any bug - rather just addressing the sparse warning.
Signed-off-by: Nicholas Mc Guire <hofrat@osadl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Daniel Borkmann [Sat, 11 May 2019 01:03:09 +0000 (03:03 +0200)]
bpf: fix out of bounds backwards jmps due to dead code removal
systemtap folks reported the following splat recently:
[ 7790.862212] WARNING: CPU: 3 PID: 26759 at arch/x86/kernel/kprobes/core.c:1022 kprobe_fault_handler+0xec/0xf0
[...]
[ 7790.864113] CPU: 3 PID: 26759 Comm: sshd Not tainted 5.1.0-0.rc7.git1.1.fc31.x86_64 #1
[ 7790.864198] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS[...]
[ 7790.864314] RIP: 0010:kprobe_fault_handler+0xec/0xf0
[ 7790.864375] Code: 48 8b 50 [...]
[ 7790.864714] RSP: 0018:
ffffc06800bdbb48 EFLAGS:
00010082
[ 7790.864812] RAX:
ffff9e2b75a16320 RBX:
0000000000000000 RCX:
0000000000000000
[ 7790.865306] RDX:
ffffffffffffffff RSI:
000000000000000e RDI:
ffffc06800bdbbf8
[ 7790.865514] RBP:
ffffc06800bdbbf8 R08:
0000000000000000 R09:
0000000000000000
[ 7790.865960] R10:
0000000000000000 R11:
0000000000000000 R12:
ffffc06800bdbbf8
[ 7790.866037] R13:
ffff9e2ab56a0418 R14:
ffff9e2b6d0bb400 R15:
ffff9e2b6d268000
[ 7790.866114] FS:
00007fde49937d80(0000) GS:
ffff9e2b75a00000(0000) knlGS:
0000000000000000
[ 7790.866193] CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
[ 7790.866318] CR2:
0000000000000000 CR3:
000000012f312000 CR4:
00000000000006e0
[ 7790.866419] Call Trace:
[ 7790.866677] do_user_addr_fault+0x64/0x480
[ 7790.867513] do_page_fault+0x33/0x210
[ 7790.868002] async_page_fault+0x1e/0x30
[ 7790.868071] RIP: 0010: (null)
[ 7790.868144] Code: Bad RIP value.
[ 7790.868229] RSP: 0018:
ffffc06800bdbca8 EFLAGS:
00010282
[ 7790.868362] RAX:
ffff9e2b598b60f8 RBX:
ffffc06800bdbe48 RCX:
0000000000000004
[ 7790.868629] RDX:
0000000000000004 RSI:
ffffc06800bdbc6c RDI:
ffff9e2b598b60f0
[ 7790.868834] RBP:
ffffc06800bdbcf8 R08:
0000000000000000 R09:
0000000000000004
[ 7790.870432] R10:
00000000ff6f7a03 R11:
0000000000000000 R12:
0000000000000001
[ 7790.871859] R13:
ffffc06800bdbcb8 R14:
0000000000000000 R15:
ffff9e2acd0a5310
[ 7790.873455] ? vfs_read+0x5/0x170
[ 7790.874639] ? vfs_read+0x1/0x170
[ 7790.875834] ? trace_call_bpf+0xf6/0x260
[ 7790.877044] ? vfs_read+0x1/0x170
[ 7790.878208] ? vfs_read+0x5/0x170
[ 7790.879345] ? kprobe_perf_func+0x233/0x260
[ 7790.880503] ? vfs_read+0x1/0x170
[ 7790.881632] ? vfs_read+0x5/0x170
[ 7790.882751] ? kprobe_ftrace_handler+0x92/0xf0
[ 7790.883926] ? __vfs_read+0x30/0x30
[ 7790.885050] ? ftrace_ops_assist_func+0x94/0x100
[ 7790.886183] ? vfs_read+0x1/0x170
[ 7790.887283] ? vfs_read+0x5/0x170
[ 7790.888348] ? ksys_read+0x5a/0xe0
[ 7790.889389] ? do_syscall_64+0x5c/0xa0
[ 7790.890401] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
After some debugging, turns out that the logic in
2cbd95a5c4fb
("bpf: change parameters of call/branch offset adjustment") has
a bug that is exposed after
52875a04f4b2 ("bpf: verifier: remove
dead code") in that we miss some of the jump offset adjustments
after code patching when we remove dead code, more concretely,
upon backward jump spanning over the area that is being removed.
BPF insns of a case that was hit pre
52875a04f4b2:
[...]
676: (85) call bpf_perf_event_output#-47616
677: (05) goto pc-636
678: (62) *(u32 *)(r10 -64) = 0
679: (bf) r7 = r10
680: (07) r7 += -64
681: (05) goto pc-44
682: (05) goto pc-1
683: (05) goto pc-1
BPF insns afterwards:
[...]
618: (85) call bpf_perf_event_output#-47616
619: (05) goto pc-638
620: (62) *(u32 *)(r10 -64) = 0
621: (bf) r7 = r10
622: (07) r7 += -64
623: (05) goto pc-44
To illustrate the bug, situation looks as follows:
____
0 | | <-- foo: [...]
1 |____|
2 |____| <-- pos / end_new ^
3 | | |
4 | | | len
5 |____| | (remove region)
6 | | <-- end_old v
7 | |
8 | | <-- curr (jmp foo)
9 |____|
The condition curr >= end_new && curr + off + 1 < end_new in the
branch delta adjustments is never hit because curr + off + 1 <
end_new is compared as unsigned and therefore curr + off + 1 >
end_new in unsigned realm as curr + off + 1 becomes negative
since the insns are memmove()'d before the offset adjustments.
Correct BPF insns after this fix:
[...]
618: (85) call bpf_perf_event_output#-47216
619: (05) goto pc-578
620: (62) *(u32 *)(r10 -64) = 0
621: (bf) r7 = r10
622: (07) r7 += -64
623: (05) goto pc-44
Note that unprivileged case is not affected from this.
Fixes:
52875a04f4b2 ("bpf: verifier: remove dead code")
Fixes:
2cbd95a5c4fb ("bpf: change parameters of call/branch offset adjustment")
Reported-by: Frank Ch. Eigler <fche@redhat.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Heiner Kallweit [Fri, 10 May 2019 20:11:26 +0000 (22:11 +0200)]
net: phy: realtek: add missing page operations
Add missing page operation callbacks to few Realtek drivers.
This also fixes a NPE after the referenced commit added code to the
RTL8211E driver that uses phy_select_page().
Fixes:
f81dadbcf7fd ("net: phy: realtek: Add rtl8211e rx/tx delays config")
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Reported-by: Vicente Bergas <vicencb@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Fri, 10 May 2019 22:14:30 +0000 (15:14 -0700)]
Merge branch 'of_get_mac_address-fixes'
Petr Štetiar says:
====================
of_get_mac_address fixes
this patch series is hopefuly the last series of the fixes which are related
to the introduction of NVMEM support into of_get_mac_address.
First patch is removing `nvmem-mac-address` property which was wrong idea as
I've allocated the property with devm_kzalloc and then added it to DT, so then
2 entities would be refcounting the allocation. So if the driver unbinds, the
buffer is freed, but DT code would be still referencing that memory.
Second patch fixes some unwanted references to the Linux API in the DT
bindings documentation.
Patches 3-5 should hopefully make compilers and thus kbuild test robot happy.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Petr Štetiar [Fri, 10 May 2019 09:35:18 +0000 (11:35 +0200)]
net: wireless: mt76: fix similar warning reported by kbuild test robot
This patch fixes following (similar) warning reported by kbuild test robot:
In function ‘memcpy’,
inlined from ‘smsc75xx_init_mac_address’ at drivers/net/usb/smsc75xx.c:778:3,
inlined from ‘smsc75xx_bind’ at drivers/net/usb/smsc75xx.c:1501:2:
./include/linux/string.h:355:9: warning: argument 2 null where non-null expected [-Wnonnull]
return __builtin_memcpy(p, q, size);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/net/usb/smsc75xx.c: In function ‘smsc75xx_bind’:
./include/linux/string.h:355:9: note: in a call to built-in function ‘__builtin_memcpy’
I've replaced the offending memcpy with ether_addr_copy, because I'm
100% sure, that of_get_mac_address can't return NULL as it returns valid
pointer or ERR_PTR encoded value, nothing else.
I'm hesitant to just change IS_ERR into IS_ERR_OR_NULL check, as this
would make the warning disappear also, but it would be confusing to
check for impossible return value just to make a compiler happy.
I'm now changing all occurencies of memcpy to ether_addr_copy after the
of_get_mac_address call, as it's very likely, that we're going to get
similar reports from kbuild test robot in the future.
Fixes:
d31a36b5f407 ("net: wireless: support of_get_mac_address new ERR_PTR error")
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
Petr Štetiar [Fri, 10 May 2019 09:35:17 +0000 (11:35 +0200)]
net: ethernet: fix similar warning reported by kbuild test robot
This patch fixes following (similar) warning reported by kbuild test robot:
In function ‘memcpy’,
inlined from ‘smsc75xx_init_mac_address’ at drivers/net/usb/smsc75xx.c:778:3,
inlined from ‘smsc75xx_bind’ at drivers/net/usb/smsc75xx.c:1501:2:
./include/linux/string.h:355:9: warning: argument 2 null where non-null expected [-Wnonnull]
return __builtin_memcpy(p, q, size);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/net/usb/smsc75xx.c: In function ‘smsc75xx_bind’:
./include/linux/string.h:355:9: note: in a call to built-in function ‘__builtin_memcpy’
I've replaced the offending memcpy with ether_addr_copy, because I'm
100% sure, that of_get_mac_address can't return NULL as it returns valid
pointer or ERR_PTR encoded value, nothing else.
I'm hesitant to just change IS_ERR into IS_ERR_OR_NULL check, as this
would make the warning disappear also, but it would be confusing to
check for impossible return value just to make a compiler happy.
I'm now changing all occurencies of memcpy to ether_addr_copy after the
of_get_mac_address call, as it's very likely, that we're going to get
similar reports from kbuild test robot in the future.
Fixes:
a51645f70f63 ("net: ethernet: support of_get_mac_address new ERR_PTR error")
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
Petr Štetiar [Fri, 10 May 2019 09:35:16 +0000 (11:35 +0200)]
powerpc: tsi108: fix similar warning reported by kbuild test robot
This patch fixes following (similar) warning reported by kbuild test robot:
In function ‘memcpy’,
inlined from ‘smsc75xx_init_mac_address’ at drivers/net/usb/smsc75xx.c:778:3,
inlined from ‘smsc75xx_bind’ at drivers/net/usb/smsc75xx.c:1501:2:
./include/linux/string.h:355:9: warning: argument 2 null where non-null expected [-Wnonnull]
return __builtin_memcpy(p, q, size);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/net/usb/smsc75xx.c: In function ‘smsc75xx_bind’:
./include/linux/string.h:355:9: note: in a call to built-in function ‘__builtin_memcpy’
I've replaced the offending memcpy with ether_addr_copy, because I'm
100% sure, that of_get_mac_address can't return NULL as it returns valid
pointer or ERR_PTR encoded value, nothing else.
I'm hesitant to just change IS_ERR into IS_ERR_OR_NULL check, as this
would make the warning disappear also, but it would be confusing to
check for impossible return value just to make a compiler happy.
I'm now changing all occurencies of memcpy to ether_addr_copy after the
of_get_mac_address call, as it's very likely, that we're going to get
similar reports from kbuild test robot in the future.
Fixes:
ea168cdf1299 ("powerpc: tsi108: support of_get_mac_address new ERR_PTR error")
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
Petr Štetiar [Fri, 10 May 2019 09:35:15 +0000 (11:35 +0200)]
dt-bindings: doc: net: remove Linux API references
In commit
687e3d5550c7 ("dt-bindings: doc: reflect new NVMEM
of_get_mac_address behaviour") I've kept or added references to Linux
of_get_mac_address API which is unwanted so this patch fixes that by
removing those references.
Fixes:
687e3d5550c7 ("dt-bindings: doc: reflect new NVMEM of_get_mac_address behaviour")
Suggested-by: Rob Herring <robh@kernel.org>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
Petr Štetiar [Fri, 10 May 2019 09:35:14 +0000 (11:35 +0200)]
of_net: remove nvmem-mac-address property
In commit
d01f449c008a ("of_net: add NVMEM support to
of_get_mac_address") I've added `nvmem-mac-address` property which was
wrong idea as I've allocated the property with devm_kzalloc and then
added it to DT, so then 2 entities would be refcounting the allocation.
So if the driver unbinds, the buffer is freed, but DT code would be
still referencing that memory.
I'm removing this property completely instead of fixing it, as it's not
needed to have it.
Fixes:
d01f449c008a ("of_net: add NVMEM support to of_get_mac_address")
Suggested-by: Rob Herring <robh@kernel.org>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Falcon [Fri, 10 May 2019 04:13:44 +0000 (23:13 -0500)]
net/ibmvnic: Update carrier state after link state change
Only set the device carrier state to on after receiving an up link
state indication from the underlying adapter. Likewise, if a down
link indication is receieved, update the carrier state accordingly.
This fix ensures that accurate carrier state is reported by the driver
following a link state update by the underlying adapter.
Signed-off-by: Thomas Falcon <tlfalcon@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Falcon [Fri, 10 May 2019 04:13:43 +0000 (23:13 -0500)]
net/ibmvnic: Update MAC address settings after adapter reset
It was discovered in testing that the underlying hardware MAC
address will revert to initial settings following a device reset,
but the driver fails to resend the current OS MAC settings. This
oversight can result in dropped packets should the scenario occur.
Fix this by informing hardware of current MAC address settings
following any adapter initialization or resets.
Signed-off-by: Thomas Falcon <tlfalcon@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
YueHaibing [Fri, 10 May 2019 03:00:28 +0000 (11:00 +0800)]
dsa: tag_brcm: Fix build error without CONFIG_NET_DSA_TAG_BRCM_PREPEND
Fix gcc build error:
net/dsa/tag_brcm.c:211:16: error: brcm_prepend_netdev_ops undeclared here (not in a function); did you mean brcm_netdev_ops?
DSA_TAG_DRIVER(brcm_prepend_netdev_ops);
^
./include/net/dsa.h:708:10: note: in definition of macro DSA_TAG_DRIVER
.ops = &__ops, \
^~~~~
./include/net/dsa.h:701:36: warning: dsa_tag_driver_brcm_prepend_netdev_ops defined but not used [-Wunused-variable]
#define DSA_TAG_DRIVER_NAME(__ops) dsa_tag_driver ## _ ## __ops
^
./include/net/dsa.h:707:30: note: in expansion of macro DSA_TAG_DRIVER_NAME
static struct dsa_tag_driver DSA_TAG_DRIVER_NAME(__ops) = { \
^~~~~~~~~~~~~~~~~~~
net/dsa/tag_brcm.c:211:1: note: in expansion of macro DSA_TAG_DRIVER
DSA_TAG_DRIVER(brcm_prepend_netdev_ops);
Like the CONFIG_NET_DSA_TAG_BRCM case,
brcm_prepend_netdev_ops and DSA_TAG_PROTO_BRCM_PREPEND
should be wrappeed by CONFIG_NET_DSA_TAG_BRCM_PREPEND.
Reported-by: Hulk Robot <hulkci@huawei.com>
Fixes:
b74b70c44986 ("net: dsa: Support prepended Broadcom tag")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Tobin C. Harding [Fri, 10 May 2019 02:52:12 +0000 (12:52 +1000)]
bridge: Fix error path for kobject_init_and_add()
Currently error return from kobject_init_and_add() is not followed by a
call to kobject_put(). This means there is a memory leak. We currently
set p to NULL so that kfree() may be called on it as a noop, the code is
arguably clearer if we move the kfree() up closer to where it is
called (instead of after goto jump).
Remove a goto label 'err1' and jump to call to kobject_put() in error
return from kobject_init_and_add() fixing the memory leak. Re-name goto
label 'put_back' to 'err1' now that we don't use err1, following current
nomenclature (err1, err2 ...). Move call to kfree out of the error
code at bottom of function up to closer to where memory was allocated.
Add comment to clarify call to kfree().
Signed-off-by: Tobin C. Harding <tobin@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Paolo Abeni [Fri, 10 May 2019 09:37:58 +0000 (11:37 +0200)]
Revert "selinux: do not report error on connect(AF_UNSPEC)"
This reverts commit
c7e0d6cca86581092cbbf2cd868b3601495554cf.
It was agreed a slightly different fix via the selinux tree.
v1 -> v2:
- use the correct reverted commit hash
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Fri, 10 May 2019 12:29:27 +0000 (05:29 -0700)]
Merge tag 'powerpc-5.2-1' of ssh://gitolite./linux/kernel/git/powerpc/linux
Pull powerpc updates from Michael Ellerman:
"Slightly delayed due to the issue with printk() calling
probe_kernel_read() interacting with our new user access prevention
stuff, but all fixed now.
The only out-of-area changes are the addition of a cpuhp_state, small
additions to Documentation and MAINTAINERS updates.
Highlights:
- Support for Kernel Userspace Access/Execution Prevention (like
SMAP/SMEP/PAN/PXN) on some 64-bit and 32-bit CPUs. This prevents
the kernel from accidentally accessing userspace outside
copy_to/from_user(), or ever executing userspace.
- KASAN support on 32-bit.
- Rework of where we map the kernel, vmalloc, etc. on 64-bit hash to
use the same address ranges we use with the Radix MMU.
- A rewrite into C of large parts of our idle handling code for
64-bit Book3S (ie. power8 & power9).
- A fast path entry for syscalls on 32-bit CPUs, for a 12-17% speedup
in the null_syscall benchmark.
- On 64-bit bare metal we have support for recovering from errors
with the time base (our clocksource), however if that fails
currently we hang in __delay() and never crash. We now have support
for detecting that case and short circuiting __delay() so we at
least panic() and reboot.
- Add support for optionally enabling the DAWR on Power9, which had
to be disabled by default due to a hardware erratum. This has the
effect of enabling hardware breakpoints for GDB, the downside is a
badly behaved program could crash the machine by pointing the DAWR
at cache inhibited memory. This is opt-in obviously.
- xmon, our crash handler, gets support for a read only mode where
operations that could change memory or otherwise disturb the system
are disabled.
Plus many clean-ups, reworks and minor fixes etc.
Thanks to: Christophe Leroy, Akshay Adiga, Alastair D'Silva, Alexey
Kardashevskiy, Andrew Donnellan, Aneesh Kumar K.V, Anju T Sudhakar,
Anton Blanchard, Ben Hutchings, Bo YU, Breno Leitao, Cédric Le Goater,
Christopher M. Riedl, Christoph Hellwig, Colin Ian King, David Gibson,
Ganesh Goudar, Gautham R. Shenoy, George Spelvin, Greg Kroah-Hartman,
Greg Kurz, Horia Geantă, Jagadeesh Pagadala, Joel Stanley, Joe
Perches, Julia Lawall, Laurentiu Tudor, Laurent Vivier, Lukas Bulwahn,
Madhavan Srinivasan, Mahesh Salgaonkar, Mathieu Malaterre, Michael
Neuling, Mukesh Ojha, Nathan Fontenot, Nathan Lynch, Nicholas Piggin,
Nick Desaulniers, Oliver O'Halloran, Peng Hao, Qian Cai, Ravi
Bangoria, Rick Lindsley, Russell Currey, Sachin Sant, Stewart Smith,
Sukadev Bhattiprolu, Thomas Huth, Tobin C. Harding, Tyrel Datwyler,
Valentin Schneider, Wei Yongjun, Wen Yang, YueHaibing"
* tag 'powerpc-5.2-1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: (205 commits)
powerpc/64s: Use early_mmu_has_feature() in set_kuap()
powerpc/book3s/64: check for NULL pointer in pgd_alloc()
powerpc/mm: Fix hugetlb page initialization
ocxl: Fix return value check in afu_ioctl()
powerpc/mm: fix section mismatch for setup_kup()
powerpc/mm: fix redundant inclusion of pgtable-frag.o in Makefile
powerpc/mm: Fix makefile for KASAN
powerpc/kasan: add missing/lost Makefile
selftests/powerpc: Add a signal fuzzer selftest
powerpc/booke64: set RI in default MSR
ocxl: Provide global MMIO accessors for external drivers
ocxl: move event_fd handling to frontend
ocxl: afu_irq only deals with IRQ IDs, not offsets
ocxl: Allow external drivers to use OpenCAPI contexts
ocxl: Create a clear delineation between ocxl backend & frontend
ocxl: Don't pass pci_dev around
ocxl: Split pci.c
ocxl: Remove some unused exported symbols
ocxl: Remove superfluous 'extern' from headers
ocxl: read_pasid never returns an error, so make it void
...
Linus Torvalds [Fri, 10 May 2019 02:35:41 +0000 (19:35 -0700)]
Merge branch 'fixes' of git://git./linux/kernel/git/viro/vfs
Pull vfs mount fix from Al Viro:
"Fix for umount -l/mount --move race caught by syzbot yesterday..."
* 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
do_move_mount(): fix an unsafe use of is_anon_ns()
Linus Torvalds [Fri, 10 May 2019 00:00:51 +0000 (17:00 -0700)]
Merge git://git./linux/kernel/git/davem/net
Pull networking fixes from David Miller:
"Several bug fixes, many are quick merge-window regression cures:
- When NLM_F_EXCL is not set, allow same fib rule insertion. From
Hangbin Liu.
- Several cures in sja1105 DSA driver (while loop exit condition fix,
return of negative u8, etc.) from Vladimir Oltean.
- Handle tx/rx delays in realtek PHY driver properly, from Serge
Semin.
- Double free in cls_matchall, from Pieter Jansen van Vuuren.
- Disable SIOCSHWTSTAMP in macvlan/vlan containers, from Hangbin Liu.
- Endainness fixes in aqc111, from Oliver Neukum.
- Handle errors in packet_init properly, from Haibing Yue.
- Various W=1 warning fixes in kTLS, from Jakub Kicinski"
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (34 commits)
nfp: add missing kdoc
net/tls: handle errors from padding_length()
net/tls: remove set but not used variables
docs/btf: fix the missing section marks
nfp: bpf: fix static check error through tightening shift amount adjustment
selftests: bpf: initialize bpf_object pointers where needed
packet: Fix error path in packet_init
net/tcp: use deferred jump label for TCP acked data hook
net: aquantia: fix undefined devm_hwmon_device_register_with_info reference
aqc111: fix double endianness swap on BE
aqc111: fix writing to the phy on BE
aqc111: fix endianness issue in aqc111_change_mtu
vlan: disable SIOCSHWTSTAMP in container
macvlan: disable SIOCSHWTSTAMP in container
tipc: fix hanging clients using poll with EPOLLOUT flag
tuntap: synchronize through tfiles array instead of tun->numqueues
tuntap: fix dividing by zero in ebpf queue selection
dwmac4_prog_mtl_tx_algorithms() missing write operation
ptp_qoriq: fix NULL access if ptp dt node missing
net/sched: avoid double free on matchall reoffload
...
Jakub Kicinski [Thu, 9 May 2019 23:19:34 +0000 (16:19 -0700)]
nfp: add missing kdoc
Add missing kdoc for app member.
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Thu, 9 May 2019 23:37:40 +0000 (16:37 -0700)]
Merge branch 'tls-warnings'
Jakub Kicinski says:
====================
net/tls: fix W=1 build warnings
This small series cleans up two outstanding W=1 build
warnings in tls code. Both are set but not used variables.
The first case looks fairly straightforward. In the second
I think it's better to propagate the error code, even if
not doing some does not lead to a crash with current code.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Jakub Kicinski [Thu, 9 May 2019 23:14:07 +0000 (16:14 -0700)]
net/tls: handle errors from padding_length()
At the time padding_length() is called the record header
is still part of the message. If malicious TLS 1.3 peer
sends an all-zero record padding_length() will stop at
the record header, and return full length of the data
including the tail_size.
Subsequent subtraction of prot->overhead_size from rxm->full_len
will cause rxm->full_len to turn negative. skb accessors,
however, will always catch resulting out-of-bounds operation,
so in practice this fix comes down to returning the correct
error code. It also fixes a set but not used warning.
This code was added by commit
130b392c6cd6 ("net: tls: Add tls 1.3 support").
CC: Dave Watson <davejwatson@fb.com>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jakub Kicinski [Thu, 9 May 2019 23:14:06 +0000 (16:14 -0700)]
net/tls: remove set but not used variables
Commit
4504ab0e6eb8 ("net/tls: Inform user space about send buffer availability")
made us report write_space regardless whether partial record
push was successful or not. Remove the now unused return value
to clean up the following W=1 warning:
net/tls/tls_device.c: In function ‘tls_device_write_space’:
net/tls/tls_device.c:546:6: warning: variable ‘rc’ set but not used [-Wunused-but-set-variable]
int rc = 0;
^~
CC: Vakul Garg <vakul.garg@nxp.com>
CC: Boris Pismenny <borisp@mellanox.com>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Thu, 9 May 2019 23:25:08 +0000 (16:25 -0700)]
Merge git://git./pub/scm/linux/kernel/git/bpf/bpf
Alexei Starovoitov says:
====================
pull-request: bpf 2019-05-09
The following pull-request contains BPF updates for your *net* tree.
The main changes are:
1) three small fixes from Gary, Jiong and Lorenz.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Gary Lin [Wed, 8 May 2019 07:54:48 +0000 (15:54 +0800)]
docs/btf: fix the missing section marks
The section titles of 3.4 and 3.5 are not marked correctly.
Signed-off-by: Gary Lin <glin@suse.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Jiong Wang [Tue, 7 May 2019 16:41:30 +0000 (17:41 +0100)]
nfp: bpf: fix static check error through tightening shift amount adjustment
NFP shift instruction has something special. If shift direction is left
then shift amount of 1 to 31 is specified as 32 minus the amount to shift.
But no need to do this for indirect shift which has shift amount be 0. Even
after we do this subtraction, shift amount 0 will be turned into 32 which
will eventually be encoded the same as 0 because only low 5 bits are
encoded, but shift amount be 32 will fail the FIELD_PREP check done later
on shift mask (0x1f), due to 32 is out of mask range. Such error has been
observed when compiling nfp/bpf/jit.c using gcc 8.3 + O3.
This issue has started when indirect shift support added after which the
incoming shift amount to __emit_shf could be 0, therefore it is at that
time shift amount adjustment inside __emit_shf should have been tightened.
Fixes:
991f5b3651f6 ("nfp: bpf: support logic indirect shifts (BPF_[L|R]SH | BPF_X)")
Reported-by: Oleksandr Natalenko <oleksandr@natalenko.name>
Reported-by: Pablo Cascón <pablo.cascon@netronome.com
Reviewed-by: Quentin Monnet <quentin.monnet@netronome.com>
Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Jiong Wang <jiong.wang@netronome.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Lorenz Bauer [Wed, 8 May 2019 16:49:32 +0000 (17:49 +0100)]
selftests: bpf: initialize bpf_object pointers where needed
There are a few tests which call bpf_object__close on uninitialized
bpf_object*, which may segfault. Explicitly zero-initialise these pointers
to avoid this.
Signed-off-by: Lorenz Bauer <lmb@cloudflare.com>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Linus Torvalds [Thu, 9 May 2019 22:07:44 +0000 (15:07 -0700)]
Merge git://git./linux/kernel/git/davem/sparc
Pull sparc updates from David Miller:
"Here we go:
- Fix various long standing issues in the sparc 32-bit IOMMU support
code, from Christoph Hellwig.
- Various other code cleanups and simplifications all over. From
Gustavo A. R. Silva, Jagadeesh Pagadala, Masahiro Yamada, Mauro
Carvalho Chehab, Mike Rapoport"
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
sparc64: simplify reduce_memory() function
sparc: use struct_size() in kzalloc()
docs: sparc: convert to ReST
sparc/iommu: merge iommu_get_one and __sbus_iommu_map_page
sparc/iommu: use __sbus_iommu_map_page to implement the map_sg path
sparc/iommu: fix __sbus_iommu_map_page for highmem pages
sparc/iommu: move per-page flushing into __sbus_iommu_map_page
sparc/iommu: pass a physical address to iommu_get_one
sparc/iommu: create a common helper for map_sg
sparc/iommu: merge iommu_release_one and sbus_iommu_unmap_page
sparc/iommu: use sbus_iommu_unmap_page in sbus_iommu_unmap_sg
sparc/iommu: use !PageHighMem to check if a page has a kernel mapping
sparc: vdso: add FORCE to the build rule of %.so
arch:sparc:kernel/uprobes.c : Remove duplicate header
Linus Torvalds [Thu, 9 May 2019 21:50:09 +0000 (14:50 -0700)]
Merge tag 'clk-for-linus' of git://git./linux/kernel/git/clk/linux
Pull clk framework updates from Stephen Boyd:
"We have a couple new features and changes in the core clk framework
this time around because we've finally gotten around to fixing some
long standing issues. There's still work to do though, so this pull
request is largely laying down the foundation for all the driver
changes to come in the next merge window.
The first problem we're alleviating is how parents of clks are
specified. With the new method, we should see lots of drivers migrate
away from the current design of string comparisons on the entire clk
tree to a more direct method where they can use clk_hw pointers or
more localized names specified in DT or via clkdev. This should reduce
our reliance on string comparisons for all the topology description
logic that we've been using for years and hopefully speed some things
up while avoiding problems we have with generating clk names.
Beyond that we also got rid of the CLK_IS_BASIC flag because it wasn't
really helping anyone and we introduced big-endian versions of the
basic clk types so that we can get rid of clk_{readl,writel}(). Both
of these are things that driver developers have tried to use over the
years that I typically bat away during code reviews because they're
not useful. It's great to see these two things go away so maintainers
can save time not worrying about these things.
On the driver side we got the usual collection of new SoC support and
non-critical fixes and updates to existing code. The big topics that
stand out are the new driver support for Mediatek MT8183 and MT8516
SoCs, Amlogic Meson8b and G12a SoCs, and the SiFive FU540 SoC. The
other patches in the driver pile are mostly fixes for things that are
being used for the first time or additions for clks that couldn't be
tested before because there wasn't a consumer driver that exercised
them. Details are below and also in the sub-maintainer tags.
Core:
- Remove clk_readl() and introduce BE versions of basic clk types
- Rewrite how clk parents can be specified to allow DT/clkdev lookups
- Removal of the CLK_IS_BASIC clk flag
- Framework documentation updates and fixes
New Drivers:
- Support for STM32F769
- AT91 sam9x60 PMC support
- SiFive FU540 PRCI and PLL support
- Qualcomm QCS404 CDSP clk support
- Qualcomm QCS404 Turing clk support
- Mediatek MT8183 clock support
- Mediatek MT8516 clock support
- Milbeaut M10V clk controller support
- Support for Cirrus Logic Lochnagar clks
Updates:
- Rework AT91 sckc DT bindings
- Fix slow RC oscillator issue on sama5d3
- Mark UFS clk as critical on Hi-Silicon hi3660 SoCs
- Various static analysis fixes/finds and const markings
- Video Engine (ECLK) support on Aspeed SoCs
- Xilinx ZynqMP Versal platform support
- Convert Xilinx ZynqMP driver to be struct oriented
- Fixes for Rockchip rk3328 and rk3288 SoCs
- Sub-type for Rockchip SoCs where mux and divider aren't a single register
- Remove SNVS clock from i.MX7UPL clock driver and bindings
- Improve i.MX5 clock driver for i.MX50 support
- Addition of ADC clock definition for Exynos 5410 SoC (Odroid XU)
- Export a new clock for the MBUS controller on the A13
- Allwinner H6 fixes to support a finer clocking of the video and VPU engines
- Add g12a support in the Amlogic axg audio clock controller
- Add missing PCI USB clock on Rensas RZ/N1
- Add Z2 (Cortex-A53) clocks on Rensas R-Car E3 and RZ/G2E
- A new helper DIV64_U64_ROUND_CLOSEST() in <linux/math64.h>
- VPU and Video Decoder clocks on Amlogic Meson8b
- Finally remove the wrong ABP Meson8b clock id
- Add Video Decoder, PCIe PLL, and CPU Clocks on Amlogic G12A
- Re-expose SAR_ADC_SEL and CTS_OSCIN on Amlogic G12A AO clock controller
- Un-expose some Amlogic AXG-Audio input clocks IDs"
* tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux: (172 commits)
clk: Cache core in clk_fetch_parent_index() without names
clk: imx: correct pfdv2 gate_bit/vld_bit operations
clk: sifive: add a driver for the SiFive FU540 PRCI IP block
clk: analogbits: add Wide-Range PLL library
clk: imx: clk-pllv3: mark expected switch fall-throughs
clk: imx8mq: Add dsi_ipg_div
clk: imx: pllv4: add fractional-N pll support
clk: sunxi-ng: Use the correct style for SPDX License Identifier
clk: sprd: Use the correct style for SPDX License Identifier
clk: renesas: Use the correct style for SPDX License Identifier
clk: qcom: Use the correct style for SPDX License Identifier
clk: davinci: Use the correct style for SPDX License Identifier
clk: actions: Use the correct style for SPDX License Identifier
clk: imx: keep uart clock on during system boot
clk: imx: correct i.MX7D AV PLL num/denom offset
dt-bindings: clk: add documentation for the SiFive PRCI driver
clk: stm32mp1: Add ddrperfm clock
clk: Remove CLK_IS_BASIC clk flag
clock: milbeaut: Add Milbeaut M10V clock controller
dt-bindings: clock: milbeaut: add Milbeaut clock description
...
Linus Torvalds [Thu, 9 May 2019 21:46:33 +0000 (14:46 -0700)]
Merge tag 'rtc-5.2' of git://git./linux/kernel/git/abelloni/linux
Pull RTC updates from Alexandre Belloni:
"A huge series from me this cycle. I went through many drivers to set
the date and time range supported by the RTC which helps solving HW
limitation when the time comes (as early as next year for some). This
time, I focused on drivers using .set_mms and .set_mmss64, allowing me
to remove those callbacks. About a third of the patches got reviews, I
actually own the RTCs and I tested another third and the remaining one
are unlikely to cause any issues.
Other than that, a single new driver and the usual fixes here and there.
Summary:
Subsystem:
- set_mmss and set_mmss64 rtc_ops removal
- Fix timestamp value for RTC_TIMESTAMP_BEGIN_1900
- Use SPDX identifier for the core
- validate upper bound of tm->tm_year
New driver:
- Aspeed BMC SoC RTC
Drivers:
- abx80x: use rtc_add_group
- ds3232: nvram support
- pcf85063: add alarm, nvram, offset correction and microcrystal
rv8263 support
- x1205: add of_match_table
- Use set_time instead of set_mms/set_mmss64 for: ab3100, coh901331,
digicolor, ds1672, ds2404, ep93xx, imxdi, jz4740, lpc32xx, mc13xxx,
mxc, pcap, stmp3xxx, test, wm831x, xgene.
- Set RTC range for: ab3100, at91sam9, coh901331, da9063, digicolor,
dm355evm, ds1672, ds2404, ep39xx, goldfish, imxdi, jz4740, lpc32xx,
mc13xxx, mv, mxc, omap, pcap, pcf85063, pcf85363, ps3, sh,
stmp3xxx, sun4v, tegra, wm831x, xgene.
- Switch to rtc_time64_to_tm/rtc_tm_to_time64 for the driver that
properly set the RTC range.
- Use dev_get_drvdata instead of multiple indirections"
* tag 'rtc-5.2' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux: (177 commits)
rtc: snvs: Use __maybe_unused instead of #if CONFIG_PM_SLEEP
rtc: imxdi: remove unused variable
rtc: drop set_mms and set_mmss64
rtc: pcap: convert to SPDX identifier
rtc: pcap: use .set_time
rtc: pcap: switch to rtc_time64_to_tm/rtc_tm_to_time64
rtc: pcap: set range
rtc: digicolor: convert to SPDX identifier
rtc: digicolor: use .set_time
rtc: digicolor: set range
rtc: digicolor: fix possible race condition
rtc: jz4740: convert to SPDX identifier
rtc: jz4740: rework invalid time detection
rtc: jz4740: use dev_pm_set_wake_irq() to simplify code
rtc: jz4740: use .set_time
rtc: jz4740: remove useless check
rtc: jz4740: switch to rtc_time64_to_tm/rtc_tm_to_time64
rtc: jz4740: set range
rtc: 88pm860x: prevent use-after-free on device remove
rtc: Use dev_get_drvdata()
...
Linus Torvalds [Thu, 9 May 2019 21:41:55 +0000 (14:41 -0700)]
Merge branch 'i2c/for-5.2' of git://git./linux/kernel/git/wsa/linux
Pull i2c updates from Wolfram Sang:
- API for late atomic transfers (e.g. to shut down via PMIC). We have a
seperate callback now which is called under clearly defined
conditions. In-kernel users are converted, too.
- new driver for the AMD PCIe MP2 I2C controller
- large refactoring for at91 and bcm-iproc (both gain slave support due
to this)
- and a good share of various driver improvements anf fixes
* 'i2c/for-5.2' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: (57 commits)
dt-bindings: i2c: riic: document r7s9210 support
i2c: imx-lpi2c: Use __maybe_unused instead of #if CONFIG_PM_SLEEP
i2c-piix4: Add Hygon Dhyana SMBus support
i2c: core: apply 'is_suspended' check for SMBus, too
i2c: core: ratelimit 'transfer when suspended' errors
i2c: iproc: Change driver to use 'BIT' macro
i2c: riic: Add Runtime PM support
i2c: mux: demux-pinctrl: use struct_size() in devm_kzalloc()
i2c: mux: pca954x: allow management of device idle state via sysfs
i2c: mux: pca9541: remove support for unused platform data
i2c: mux: pca954x: remove support for unused platform data
dt-bindings: i2c: i2c-mtk: add support for MT8516
i2c: axxia: use auto cmd for last message
i2c: gpio: flag atomic capability if possible
i2c: algo: bit: add flag to whitelist atomic transfers
i2c: stu300: use xfer_atomic callback to bail out early
i2c: ocores: enable atomic xfers
i2c: ocores: refactor setup for polling
i2c: tegra-bpmp: convert to use new atomic callbacks
i2c: omap: Add the master_xfer_atomic hook
...
Linus Torvalds [Thu, 9 May 2019 21:33:15 +0000 (14:33 -0700)]
Merge tag 'nfs-for-5.2-1' of git://git.linux-nfs.org/projects/anna/linux-nfs
Pull NFS client updates from Anna Schumaker:
"Highlights include:
Stable bugfixes:
- Fall back to MDS if no deviceid is found rather than aborting # v4.11+
- NFS4: Fix v4.0 client state corruption when mount
Features:
- Much improved handling of soft mounts with NFS v4.0:
- Reduce risk of false positive timeouts
- Faster failover of reads and writes after a timeout
- Added a "softerr" mount option to return ETIMEDOUT instead of
EIO to the application after a timeout
- Increase number of xprtrdma backchannel requests
- Add additional xprtrdma tracepoints
- Improved send completion batching for xprtrdma
Other bugfixes and cleanups:
- Return -EINVAL when NFS v4.2 is passed an invalid dedup mode
- Reduce usage of GFP_ATOMIC pages in SUNRPC
- Various minor NFS over RDMA cleanups and bugfixes
- Use the correct container namespace for upcalls
- Don't share superblocks between user namespaces
- Various other container fixes
- Make nfs_match_client() killable to prevent soft lockups
- Don't mark all open state for recovery when handling recallable
state revoked flag"
* tag 'nfs-for-5.2-1' of git://git.linux-nfs.org/projects/anna/linux-nfs: (69 commits)
SUNRPC: Rebalance a kref in auth_gss.c
NFS: Fix a double unlock from nfs_match,get_client
nfs: pass the correct prototype to read_cache_page
NFSv4: don't mark all open state for recovery when handling recallable state revoked flag
SUNRPC: Fix an error code in gss_alloc_msg()
SUNRPC: task should be exit if encode return EKEYEXPIRED more times
NFS4: Fix v4.0 client state corruption when mount
PNFS fallback to MDS if no deviceid found
NFS: make nfs_match_client killable
lockd: Store the lockd client credential in struct nlm_host
NFS: When mounting, don't share filesystems between different user namespaces
NFS: Convert NFSv2 to use the container user namespace
NFSv4: Convert the NFS client idmapper to use the container user namespace
NFS: Convert NFSv3 to use the container user namespace
SUNRPC: Use namespace of listening daemon in the client AUTH_GSS upcall
SUNRPC: Use the client user namespace when encoding creds
NFS: Store the credential of the mount process in the nfs_server
SUNRPC: Cache cred of process creating the rpc_client
xprtrdma: Remove stale comment
xprtrdma: Update comments that reference ib_drain_qp
...
Mike Rapoport [Tue, 12 Feb 2019 09:32:36 +0000 (11:32 +0200)]
sparc64: simplify reduce_memory() function
The reduce_memory() function clampls the available memory to a limit
defined by the "mem=" command line parameter. It takes into account the
amount of already reserved memory and excludes it from the limit
calculations.
Rather than traverse memblocks and remove them by hand, use
memblock_reserved_size() to account the reserved memory and
memblock_enforce_memory_limit() to clamp the available memory.
Signed-off-by: Mike Rapoport <rppt@linux.ibm.com>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Gustavo A. R. Silva [Tue, 8 Jan 2019 16:13:56 +0000 (10:13 -0600)]
sparc: use struct_size() in kzalloc()
One of the more common cases of allocation size calculations is finding the
size of a structure that has a zero-sized array at the end, along with memory
for some number of elements for that array. For example:
struct foo {
int stuff;
void *entry[];
};
instance = kzalloc(sizeof(struct foo) + sizeof(void *) * count, GFP_KERNEL);
Instead of leaving these open-coded and prone to type mistakes, we can now
use the new struct_size() helper:
instance = kzalloc(struct_size(instance, entry, count), GFP_KERNEL);
This code was detected with the help of Coccinelle.
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Thu, 9 May 2019 20:52:12 +0000 (13:52 -0700)]
Merge branch 'for-5.2' of git://git./linux/kernel/git/tj/cgroup
Pull cgroup updates from Tejun Heo:
"This includes Roman's cgroup2 freezer implementation.
It's a separate machanism from cgroup1 freezer. Instead of blocking
user tasks in arbitrary uninterruptible sleeps, the new implementation
extends jobctl stop - frozen tasks are trapped in jobctl stop until
thawed and can be killed and ptraced. Lots of thanks to Oleg for
sheperding the effort.
Other than that, there are a few trivial changes"
* 'for-5.2' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup:
cgroup: never call do_group_exit() with task->frozen bit set
kernel: cgroup: fix misuse of %x
cgroup: get rid of cgroup_freezer_frozen_exit()
cgroup: prevent spurious transition into non-frozen state
cgroup: Remove unused cgrp variable
cgroup: document cgroup v2 freezer interface
cgroup: add tracing points for cgroup v2 freezer
cgroup: make TRACE_CGROUP_PATH irq-safe
kselftests: cgroup: add freezer controller self-tests
kselftests: cgroup: don't fail on cg_kill_all() error in cg_destroy()
cgroup: cgroup v2 freezer
cgroup: protect cgroup->nr_(dying_)descendants by css_set_lock
cgroup: implement __cgroup_task_count() helper
cgroup: rename freezer.c into legacy_freezer.c
cgroup: remove extra cgroup_migrate_finish() call
Linus Torvalds [Thu, 9 May 2019 20:48:52 +0000 (13:48 -0700)]
Merge branch 'for-5.2' of git://git./linux/kernel/git/tj/wq
Pull workqueue updates from Tejun Heo:
"Only three commits, of which two are trivial.
The non-trivial chagne is Thomas's patch to switch workqueue from
sched RCU to regular one. The use of sched RCU is mostly historic and
doesn't really buy us anything noticeable"
* 'for-5.2' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq:
workqueue: Use normal rcu
kernel/workqueue: Document wq_worker_last_func() argument
kernel/workqueue: Use __printf markup to silence compiler in function 'alloc_workqueue'
YueHaibing [Thu, 9 May 2019 14:52:20 +0000 (22:52 +0800)]
packet: Fix error path in packet_init
kernel BUG at lib/list_debug.c:47!
invalid opcode: 0000 [#1
CPU: 0 PID: 12914 Comm: rmmod Tainted: G W 5.1.0+ #47
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.9.3-0-ge2fc41e-prebuilt.qemu-project.org 04/01/2014
RIP: 0010:__list_del_entry_valid+0x53/0x90
Code: 48 8b 32 48 39 fe 75 35 48 8b 50 08 48 39 f2 75 40 b8 01 00 00 00 5d c3 48
89 fe 48 89 c2 48 c7 c7 18 75 fe 82 e8 cb 34 78 ff <0f> 0b 48 89 fe 48 c7 c7 50 75 fe 82 e8 ba 34 78 ff 0f 0b 48 89 f2
RSP: 0018:
ffffc90001c2fe40 EFLAGS:
00010286
RAX:
000000000000004e RBX:
ffffffffa0184000 RCX:
0000000000000000
RDX:
0000000000000000 RSI:
ffff888237a17788 RDI:
00000000ffffffff
RBP:
ffffc90001c2fe40 R08:
0000000000000000 R09:
0000000000000000
R10:
ffffc90001c2fe10 R11:
0000000000000000 R12:
0000000000000000
R13:
ffffc90001c2fe50 R14:
ffffffffa0184000 R15:
0000000000000000
FS:
00007f3d83634540(0000) GS:
ffff888237a00000(0000) knlGS:
0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
CR2:
0000555c350ea818 CR3:
0000000231677000 CR4:
00000000000006f0
Call Trace:
unregister_pernet_operations+0x34/0x120
unregister_pernet_subsys+0x1c/0x30
packet_exit+0x1c/0x369 [af_packet
__x64_sys_delete_module+0x156/0x260
? lockdep_hardirqs_on+0x133/0x1b0
? do_syscall_64+0x12/0x1f0
do_syscall_64+0x6e/0x1f0
entry_SYSCALL_64_after_hwframe+0x49/0xbe
When modprobe af_packet, register_pernet_subsys
fails and does a cleanup, ops->list is set to LIST_POISON1,
but the module init is considered to success, then while rmmod it,
BUG() is triggered in __list_del_entry_valid which is called from
unregister_pernet_subsys. This patch fix error handing path in
packet_init to avoid possilbe issue if some error occur.
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Thu, 9 May 2019 20:28:26 +0000 (13:28 -0700)]
Merge tag 'csky-for-linus-5.2-perf-unwind-libdw' of git://github.com/c-sky/csky-linux
Pull arch/csky perf update from Guo Ren:
"Add support for perf unwind-libdw"
* tag 'csky-for-linus-5.2-perf-unwind-libdw' of git://github.com/c-sky/csky-linux:
csky: Add support for perf unwind-libdw
Chuck Lever [Thu, 9 May 2019 15:00:07 +0000 (11:00 -0400)]
SUNRPC: Rebalance a kref in auth_gss.c
Restore the kref_get that matches the gss_put_auth(gss_msg->auth)
done by gss_release_msg().
Fixes:
ac83228a7101 ("SUNRPC: Use namespace of listening daemon ...")
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Benjamin Coddington [Thu, 9 May 2019 11:25:21 +0000 (07:25 -0400)]
NFS: Fix a double unlock from nfs_match,get_client
Now that nfs_match_client drops the nfs_client_lock, we should be
careful
to always return it in the same condition: locked.
Fixes:
950a578c6128 ("NFS: make nfs_match_client killable")
Reported-by: syzbot+228a82b263b5da91883d@syzkaller.appspotmail.com
Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Christoph Hellwig [Wed, 1 May 2019 16:06:35 +0000 (12:06 -0400)]
nfs: pass the correct prototype to read_cache_page
Fix the callbacks NFS passes to read_cache_page to actually have the
proper type expected. Casting around function pointers can easily
hide typing bugs, and defeats control flow protection.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Scott Mayhew [Mon, 6 May 2019 15:59:05 +0000 (11:59 -0400)]
NFSv4: don't mark all open state for recovery when handling recallable state revoked flag
Only delegations and layouts can be recalled, so it shouldn't be
necessary to recover all opens when handling the status bit
SEQ4_STATUS_RECALLABLE_STATE_REVOKED. We'll still wind up calling
nfs41_open_expired() when a TEST_STATEID returns NFS4ERR_DELEG_REVOKED.
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Reviewed-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Dan Carpenter [Fri, 3 May 2019 12:30:09 +0000 (15:30 +0300)]
SUNRPC: Fix an error code in gss_alloc_msg()
If kstrdup_const() then this function returns zero (success) but it
should return -ENOMEM.
Fixes:
ac83228a7101 ("SUNRPC: Use namespace of listening daemon in the client AUTH_GSS upcall")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
ZhangXiaoxu [Mon, 29 Apr 2019 09:32:31 +0000 (17:32 +0800)]
SUNRPC: task should be exit if encode return EKEYEXPIRED more times
If the rpc.gssd always return cred success, but now the cred is
expired, then the task will loop in call_refresh and call_transmit.
Exit the rpc task after retry.
Signed-off-by: ZhangXiaoxu <zhangxiaoxu5@huawei.com>
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
ZhangXiaoxu [Mon, 6 May 2019 03:57:03 +0000 (11:57 +0800)]
NFS4: Fix v4.0 client state corruption when mount
stat command with soft mount never return after server is stopped.
When alloc a new client, the state of the client will be set to
NFS4CLNT_LEASE_EXPIRED.
When the server is stopped, the state manager will work, and accord
the state to recover. But the state is NFS4CLNT_LEASE_EXPIRED, it
will drain the slot table and lead other task to wait queue, until
the client recovered. Then the stat command is hung.
When discover server trunking, the client will renew the lease,
but check the client state, it lead the client state corruption.
So, we need to call state manager to recover it when detect server
ip trunking.
Signed-off-by: ZhangXiaoxu <zhangxiaoxu5@huawei.com>
Cc: stable@vger.kernel.org
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Olga Kornievskaia [Tue, 7 May 2019 17:41:49 +0000 (13:41 -0400)]
PNFS fallback to MDS if no deviceid found
If we fail to find a good deviceid while trying to pnfs instead of
propogating an error back fallback to doing IO to the MDS. Currently,
code with fals the IO with EINVAL.
Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Fixes:
8d40b0f14846f ("NFS filelayout:call GETDEVICEINFO after pnfs_layout_process completes"
Cc: stable@vger.kernel.org # v4.11+
Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
Linus Torvalds [Thu, 9 May 2019 20:08:05 +0000 (13:08 -0700)]
Merge branch 'next-smack' of git://git./linux/kernel/git/jmorris/linux-security
Pull smack updates from James Morris:
"Bug fixes for IPv6 handling and other issues and two memory use
improvements."
* 'next-smack' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
Smack: Fix kbuild reported build error
smack: Check address length before reading address family
Smack: Fix IPv6 handling of 0 secmark
Smack: Create smack_rule cache to optimize memory usage
smack: removal of global rule list
Linus Torvalds [Thu, 9 May 2019 19:54:40 +0000 (12:54 -0700)]
Merge branch 'next-integrity' of git://git./linux/kernel/git/jmorris/linux-security
Pull intgrity updates from James Morris:
"This contains just three patches, the remainder were either included
in other pull requests (eg. audit, lockdown) or will be upstreamed via
other subsystems (eg. kselftests, Power).
Included here is one bug fix, one documentation update, and extending
the x86 IMA arch policy rules to coordinate the different kernel
module signature verification methods"
* 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
doc/kernel-parameters.txt: Deprecate ima_appraise_tcb
x86/ima: add missing include
x86/ima: require signed kernel modules
Jakub Kicinski [Wed, 8 May 2019 23:46:14 +0000 (16:46 -0700)]
net/tcp: use deferred jump label for TCP acked data hook
User space can flip the clean_acked_data_enabled static branch
on and off with TLS offload when CONFIG_TLS_DEVICE is enabled.
jump_label.h suggests we use the delayed version in this case.
Deferred branches now also don't take the branch mutex on
decrement, so we avoid potential locking issues.
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Kefeng Wang [Thu, 9 May 2019 15:32:35 +0000 (23:32 +0800)]
net: aquantia: fix undefined devm_hwmon_device_register_with_info reference
drivers/net/ethernet/aquantia/atlantic/aq_drvinfo.o: In function `aq_drvinfo_init':
aq_drvinfo.c:(.text+0xe8): undefined reference to `devm_hwmon_device_register_with_info'
Fix it by using #if IS_REACHABLE(CONFIG_HWMON).
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Thu, 9 May 2019 16:44:17 +0000 (09:44 -0700)]
Merge tag 'batadv-net-for-davem-
20190509' of git://git.open-mesh.org/linux-merge
Simon Wunderlich says:
====================
This feature/cleanup patchset includes the following patches:
- bump version strings, by Simon Wunderlich (we forgot to include
this patch previously ...)
- fix multicast tt/tvlv worker locking, by Linus Lüssing
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Thu, 9 May 2019 16:37:25 +0000 (09:37 -0700)]
Merge tag 'for-linus-5.2-ofs1' of git://git./linux/kernel/git/hubcap/linux
Pull orangefs updates from Mike Marshall:
"This includes one fix and our "Orangefs through the pagecache" patch
series which greatly improves our small IO performance and helps us
pass more xfstests than before.
Fix:
- orangefs: truncate before updating size
Pagecache series:
- all the rest"
* tag 'for-linus-5.2-ofs1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux: (23 commits)
orangefs: truncate before updating size
orangefs: copy Orangefs-sized blocks into the pagecache if possible.
orangefs: pass slot index back to readpage.
orangefs: remember count when reading.
orangefs: add orangefs_revalidate_mapping
orangefs: implement writepages
orangefs: write range tracking
orangefs: avoid fsync service operation on flush
orangefs: skip inode writeout if nothing to write
orangefs: move do_readv_writev to direct_IO
orangefs: do not return successful read when the client-core disappeared
orangefs: implement writepage
orangefs: migrate to generic_file_read_iter
orangefs: service ops done for writeback are not killable
orangefs: remove orangefs_readpages
orangefs: reorganize setattr functions to track attribute changes
orangefs: let setattr write to cached inode
orangefs: set up and use backing_dev_info
orangefs: hold i_lock during inode_getattr
orangefs: update attributes rather than relying on server
...
Oliver Neukum [Thu, 9 May 2019 09:08:18 +0000 (11:08 +0200)]
aqc111: fix double endianness swap on BE
If you are using a function that does a swap in place,
you cannot just reuse the buffer on the assumption that it has
not been changed.
Signed-off-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Oliver Neukum [Thu, 9 May 2019 09:08:17 +0000 (11:08 +0200)]
aqc111: fix writing to the phy on BE
When writing to the phy on BE architectures an internal data structure
was directly given, leading to it being byte swapped in the wrong
way for the CPU in 50% of all cases. A temporary buffer must be used.
Signed-off-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Oliver Neukum [Thu, 9 May 2019 09:08:16 +0000 (11:08 +0200)]
aqc111: fix endianness issue in aqc111_change_mtu
If the MTU is large enough, the first write to the device
is just repeated. On BE architectures, however, the first
word of the command will be swapped a second time and garbage
will be written. Avoid that.
Signed-off-by: Oliver Neukum <oneukum@suse.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Hangbin Liu [Thu, 9 May 2019 06:55:07 +0000 (14:55 +0800)]
vlan: disable SIOCSHWTSTAMP in container
With NET_ADMIN enabled in container, a normal user could be mapped to
root and is able to change the real device's rx filter via ioctl on
vlan, which would affect the other ptp process on host. Fix it by
disabling SIOCSHWTSTAMP in container.
Fixes:
a6111d3c93d0 ("vlan: Pass SIOC[SG]HWTSTAMP ioctls to real device")
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Acked-by: Richard Cochran <richardcochran@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Hangbin Liu [Thu, 9 May 2019 06:54:08 +0000 (14:54 +0800)]
macvlan: disable SIOCSHWTSTAMP in container
Miroslav pointed that with NET_ADMIN enabled in container, a normal user
could be mapped to root and is able to change the real device's rx
filter via ioctl on macvlan, which would affect the other ptp process on
host. Fix it by disabling SIOCSHWTSTAMP in container.
Fixes:
254c0a2bfedb ("macvlan: pass get_ts_info and SIOC[SG]HWTSTAMP ioctl to real device")
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Acked-by: Richard Cochran <richardcochran@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Parthasarathy Bhuvaragan [Thu, 9 May 2019 05:13:42 +0000 (07:13 +0200)]
tipc: fix hanging clients using poll with EPOLLOUT flag
commit
517d7c79bdb398 ("tipc: fix hanging poll() for stream sockets")
introduced a regression for clients using non-blocking sockets.
After the commit, we send EPOLLOUT event to the client even in
TIPC_CONNECTING state. This causes the subsequent send() to fail
with ENOTCONN, as the socket is still not in TIPC_ESTABLISHED state.
In this commit, we:
- improve the fix for hanging poll() by replacing sk_data_ready()
with sk_state_change() to wake up all clients.
- revert the faulty updates introduced by commit
517d7c79bdb398
("tipc: fix hanging poll() for stream sockets").
Fixes:
517d7c79bdb398 ("tipc: fix hanging poll() for stream sockets")
Signed-off-by: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@gmail.com>
Acked-by: Jon Maloy <jon.maloy@ericsson.se>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jason Wang [Thu, 9 May 2019 03:20:18 +0000 (23:20 -0400)]
tuntap: synchronize through tfiles array instead of tun->numqueues
When a queue(tfile) is detached through __tun_detach(), we move the
last enabled tfile to the position where detached one sit but don't
NULL out last position. We expect to synchronize the datapath through
tun->numqueues. Unfortunately, this won't work since we're lacking
sufficient mechanism to order or synchronize the access to
tun->numqueues.
To fix this, NULL out the last position during detaching and check
RCU protected tfile against NULL instead of checking tun->numqueues in
datapath.
Cc: YueHaibing <yuehaibing@huawei.com>
Cc: Cong Wang <xiyou.wangcong@gmail.com>
Cc: weiyongjun (A) <weiyongjun1@huawei.com>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Fixes:
c8d68e6be1c3b ("tuntap: multiqueue support")
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Wei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jason Wang [Thu, 9 May 2019 03:20:17 +0000 (23:20 -0400)]
tuntap: fix dividing by zero in ebpf queue selection
We need check if tun->numqueues is zero (e.g for the persist device)
before trying to use it for modular arithmetic.
Reported-by: Eric Dumazet <eric.dumazet@gmail.com>
Fixes:
96f84061620c6("tun: add eBPF based queue selection method")
Signed-off-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Cheng Han [Thu, 9 May 2019 03:13:41 +0000 (11:13 +0800)]
dwmac4_prog_mtl_tx_algorithms() missing write operation
net: ethernet: stmmac: dwmac4_prog_mtl_tx_algorithms() missing write operation
The value of MTL_OPERATION_MODE is not written back
Signed-off-by: Cheng Han <hancheng2009@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
OSDN Git Service
