summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-06-16Merge branch 'afs-proc' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull AFS updates from Al Viro: "Assorted AFS stuff - ended up in vfs.git since most of that consists of David's AFS-related followups to Christoph's procfs series" * 'afs-proc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: afs: Optimise callback breaking by not repeating volume lookup afs: Display manually added cells in dynamic root mount afs: Enable IPv6 DNS lookups afs: Show all of a server's addresses in /proc/fs/afs/servers afs: Handle CONFIG_PROC_FS=n proc: Make inline name size calculation automatic afs: Implement network namespacing afs: Mark afs_net::ws_cell as __rcu and set using rcu functions afs: Fix a Sparse warning in xdr_decode_AFSFetchStatus() proc: Add a way to make network proc files writable afs: Rearrange fs/afs/proc.c to remove remaining predeclarations. afs: Rearrange fs/afs/proc.c to move the show routines up afs: Rearrange fs/afs/proc.c by moving fops and open functions down afs: Move /proc management functions to the end of the file
2018-06-16Merge branch 'work.compat' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull compat updates from Al Viro: "Some biarch patches - getting rid of assorted (mis)uses of compat_alloc_user_space(). Not much in that area this cycle..." * 'work.compat' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: orangefs: simplify compat ioctl handling signalfd: lift sigmask copyin and size checks to callers of do_signalfd4() vmsplice(): lift importing iovec into vmsplice(2) and compat counterpart
2018-06-16Merge branch 'work.aio' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull aio fixes from Al Viro: "Assorted AIO followups and fixes" * 'work.aio' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: eventpoll: switch to ->poll_mask aio: only return events requested in poll_mask() for IOCB_CMD_POLL eventfd: only return events requested in poll_mask() aio: mark __aio_sigset::sigmask const
2018-06-16Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds
Pull networking fixes from David Miller: 1) Various netfilter fixlets from Pablo and the netfilter team. 2) Fix regression in IPVS caused by lack of PMTU exceptions on local routes in ipv6, from Julian Anastasov. 3) Check pskb_trim_rcsum for failure in DSA, from Zhouyang Jia. 4) Don't crash on poll in TLS, from Daniel Borkmann. 5) Revert SO_REUSE{ADDR,PORT} change, it regresses various things including Avahi mDNS. From Bart Van Assche. 6) Missing of_node_put in qcom/emac driver, from Yue Haibing. 7) We lack checking of the TCP checking in one special case during SYN receive, from Frank van der Linden. 8) Fix module init error paths of mac80211 hwsim, from Johannes Berg. 9) Handle 802.1ad properly in stmmac driver, from Elad Nachman. 10) Must grab HW caps before doing quirk checks in stmmac driver, from Jose Abreu. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (81 commits) net: stmmac: Run HWIF Quirks after getting HW caps neighbour: skip NTF_EXT_LEARNED entries during forced gc net: cxgb3: add error handling for sysfs_create_group tls: fix waitall behavior in tls_sw_recvmsg tls: fix use-after-free in tls_push_record l2tp: filter out non-PPP sessions in pppol2tp_tunnel_ioctl() l2tp: reject creation of non-PPP sessions on L2TPv2 tunnels mlxsw: spectrum_switchdev: Fix port_vlan refcounting mlxsw: spectrum_router: Align with new route replace logic mlxsw: spectrum_router: Allow appending to dev-only routes ipv6: Only emit append events for appended routes stmmac: added support for 802.1ad vlan stripping cfg80211: fix rcu in cfg80211_unregister_wdev mac80211: Move up init of TXQs mac80211_hwsim: fix module init error paths cfg80211: initialize sinfo in cfg80211_get_station nl80211: fix some kernel doc tag mistakes hv_netvsc: Fix the variable sizes in ipsecv2 and rsc offload rds: avoid unenecessary cong_update in loop transport l2tp: clean up stale tunnel or session in pppol2tp_connect's error path ...
2018-06-16Merge tag 'modules-for-v4.18' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux Pull module updates from Jessica Yu: "Minor code cleanup and also allow sig_enforce param to be shown in sysfs with CONFIG_MODULE_SIG_FORCE" * tag 'modules-for-v4.18' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux: module: Allow to always show the status of modsign module: Do not access sig_enforce directly
2018-06-16Merge branch 'for-linus-4.18-rc1' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml Pull uml updates from Richard Weinberger: "Minor updates for UML: - fixes for our new vector network driver by Anton - initcall cleanup by Alexander - We have a new mailinglist, sourceforge.net sucks" * 'for-linus-4.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml: um: Fix raw interface options um: Fix initialization of vector queues um: remove uml initcalls um: Update mailing list address
2018-06-16Merge tag 'riscv-for-linus-4.18-merge_window' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux Pull RISC-V updates from Palmer Dabbelt: "This contains some small RISC-V updates I'd like to target for 4.18. They are all fairly small this time. Here's a short summary, there's more info in the commits/merges: - a fix to __clear_user to respect the passed arguments. - enough support for the perf subsystem to work with RISC-V's ISA defined performance counters. - support for sparse and cleanups suggested by it. - support for R_RISCV_32 (a relocation, not the 32-bit ISA). - some MAINTAINERS cleanups. - the addition of CONFIG_HVC_RISCV_SBI to our defconfig, as it's always present. I've given these a simple build+boot test" * tag 'riscv-for-linus-4.18-merge_window' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux: RISC-V: Add CONFIG_HVC_RISCV_SBI=y to defconfig RISC-V: Handle R_RISCV_32 in modules riscv/ftrace: Export _mcount when DYNAMIC_FTRACE isn't set riscv: add riscv-specific predefines to CHECKFLAGS riscv: split the declaration of __copy_user riscv: no __user for probe_kernel_address() riscv: use NULL instead of a plain 0 perf: riscv: Add Document for Future Porting Guide perf: riscv: preliminary RISC-V support MAINTAINERS: Update Albert's email, he's back at Berkeley MAINTAINERS: Add myself as a maintainer for SiFive's drivers riscv: Fix the bug in memory access fixup code
2018-06-16Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvmLinus Torvalds
Pull more kvm updates from Paolo Bonzini: "Mostly the PPC part of the release, but also switching to Arnd's fix for the hyperv config issue and a typo fix. Main PPC changes: - reimplement the MMIO instruction emulation - transactional memory support for PR KVM - improve radix page table handling" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (63 commits) KVM: x86: VMX: redo fix for link error without CONFIG_HYPERV KVM: x86: fix typo at kvm_arch_hardware_setup comment KVM: PPC: Book3S PR: Fix failure status setting in tabort. emulation KVM: PPC: Book3S PR: Enable use on POWER9 bare-metal hosts in HPT mode KVM: PPC: Book3S PR: Don't let PAPR guest set MSR hypervisor bit KVM: PPC: Book3S PR: Fix failure status setting in treclaim. emulation KVM: PPC: Book3S PR: Fix MSR setting when delivering interrupts KVM: PPC: Book3S PR: Handle additional interrupt types KVM: PPC: Book3S PR: Enable kvmppc_get/set_one_reg_pr() for HTM registers KVM: PPC: Book3S: Remove load/put vcpu for KVM_GET_REGS/KVM_SET_REGS KVM: PPC: Remove load/put vcpu for KVM_GET/SET_ONE_REG ioctl KVM: PPC: Move vcpu_load/vcpu_put down to each ioctl case in kvm_arch_vcpu_ioctl KVM: PPC: Book3S PR: Enable HTM for PR KVM for KVM_CHECK_EXTENSION ioctl KVM: PPC: Book3S PR: Support TAR handling for PR KVM HTM KVM: PPC: Book3S PR: Add guard code to prevent returning to guest with PR=0 and Transactional state KVM: PPC: Book3S PR: Add emulation for tabort. in privileged state KVM: PPC: Book3S PR: Add emulation for trechkpt. KVM: PPC: Book3S PR: Add emulation for treclaim. KVM: PPC: Book3S PR: Restore NV regs after emulating mfspr from TM SPRs KVM: PPC: Book3S PR: Always fail transactions in guest privileged state ...
2018-06-16Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhostLinus Torvalds
Pull virtio updates from Michael Tsirkin: "virtio, vhost: features, fixes - PCI virtual function support for virtio - DMA barriers for virtio strong barriers - bugfixes" * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost: virtio: update the comments for transport features virtio_pci: support enabling VFs vhost: fix info leak due to uninitialized memory virtio_ring: switch to dma_XX barriers for rpmsg
2018-06-15net: stmmac: Run HWIF Quirks after getting HW capsJose Abreu
Currently we were running HWIF quirks before getting HW capabilities. This is not right because some HWIF callbacks depend on HW caps. Lets save the quirks callback and use it in a later stage. This fixes Altera socfpga. Signed-off-by: Jose Abreu <joabreu@synopsys.com> Fixes: 5f0456b43140 ("net: stmmac: Implement logic to automatically select HW Interface") Reported-by: Dinh Nguyen <dinh.linux@gmail.com> Cc: David S. Miller <davem@davemloft.net> Cc: Joao Pinto <jpinto@synopsys.com> Cc: Vitor Soares <soares@synopsys.com> Cc: Giuseppe Cavallaro <peppe.cavallaro@st.com> Cc: Alexandre Torgue <alexandre.torgue@st.com> Cc: Dinh Nguyen <dinh.linux@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-06-15neighbour: skip NTF_EXT_LEARNED entries during forced gcRoopa Prabhu
Commit 9ce33e46531d ("neighbour: support for NTF_EXT_LEARNED flag") added support for NTF_EXT_LEARNED for neighbour entries. NTF_EXT_LEARNED entries are neigh entries managed by control plane (eg: Ethernet VPN implementation in FRR routing suite). Periodic gc already excludes these entries. This patch extends it to forced gc which the earlier patch missed. Fixes: 9ce33e46531d ("neighbour: support for NTF_EXT_LEARNED flag") Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-06-15net: cxgb3: add error handling for sysfs_create_groupZhouyang Jia
When sysfs_create_group fails, the lack of error-handling code may cause unexpected results. This patch adds error-handling code after calling sysfs_create_group. Signed-off-by: Zhouyang Jia <jiazhouyang09@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-06-15Merge branch 'tls-fixes'David S. Miller
Daniel Borkmann says: ==================== Two tls fixes First one is syzkaller trigered uaf and second one noticed while writing test code with tls ulp. For details please see individual patches. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2018-06-15tls: fix waitall behavior in tls_sw_recvmsgDaniel Borkmann
Current behavior in tls_sw_recvmsg() is to wait for incoming tls messages and copy up to exactly len bytes of data that the user provided. This is problematic in the sense that i) if no packet is currently queued in strparser we keep waiting until one has been processed and pushed into tls receive layer for tls_wait_data() to wake up and push the decrypted bits to user space. Given after tls decryption, we're back at streaming data, use sock_rcvlowat() hint from tcp socket instead. Retain current behavior with MSG_WAITALL flag and otherwise use the hint target for breaking the loop and returning to application. This is done if currently no ctx->recv_pkt is ready, otherwise continue to process it from our strparser backlog. Fixes: c46234ebb4d1 ("tls: RX path for ktls") Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Dave Watson <davejwatson@fb.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-06-15tls: fix use-after-free in tls_push_recordDaniel Borkmann
syzkaller managed to trigger a use-after-free in tls like the following: BUG: KASAN: use-after-free in tls_push_record.constprop.15+0x6a2/0x810 [tls] Write of size 1 at addr ffff88037aa08000 by task a.out/2317 CPU: 3 PID: 2317 Comm: a.out Not tainted 4.17.0+ #144 Hardware name: LENOVO 20FBCTO1WW/20FBCTO1WW, BIOS N1FET47W (1.21 ) 11/28/2016 Call Trace: dump_stack+0x71/0xab print_address_description+0x6a/0x280 kasan_report+0x258/0x380 ? tls_push_record.constprop.15+0x6a2/0x810 [tls] tls_push_record.constprop.15+0x6a2/0x810 [tls] tls_sw_push_pending_record+0x2e/0x40 [tls] tls_sk_proto_close+0x3fe/0x710 [tls] ? tcp_check_oom+0x4c0/0x4c0 ? tls_write_space+0x260/0x260 [tls] ? kmem_cache_free+0x88/0x1f0 inet_release+0xd6/0x1b0 __sock_release+0xc0/0x240 sock_close+0x11/0x20 __fput+0x22d/0x660 task_work_run+0x114/0x1a0 do_exit+0x71a/0x2780 ? mm_update_next_owner+0x650/0x650 ? handle_mm_fault+0x2f5/0x5f0 ? __do_page_fault+0x44f/0xa50 ? mm_fault_error+0x2d0/0x2d0 do_group_exit+0xde/0x300 __x64_sys_exit_group+0x3a/0x50 do_syscall_64+0x9a/0x300 ? page_fault+0x8/0x30 entry_SYSCALL_64_after_hwframe+0x44/0xa9 This happened through fault injection where aead_req allocation in tls_do_encryption() eventually failed and we returned -ENOMEM from the function. Turns out that the use-after-free is triggered from tls_sw_sendmsg() in the second tls_push_record(). The error then triggers a jump to waiting for memory in sk_stream_wait_memory() resp. returning immediately in case of MSG_DONTWAIT. What follows is the trim_both_sgl(sk, orig_size), which drops elements from the sg list added via tls_sw_sendmsg(). Now the use-after-free gets triggered when the socket is being closed, where tls_sk_proto_close() callback is invoked. The tls_complete_pending_work() will figure that there's a pending closed tls record to be flushed and thus calls into the tls_push_pending_closed_record() from there. ctx->push_pending_record() is called from the latter, which is the tls_sw_push_pending_record() from sw path. This again calls into tls_push_record(). And here the tls_fill_prepend() will panic since the buffer address has been freed earlier via trim_both_sgl(). One way to fix it is to move the aead request allocation out of tls_do_encryption() early into tls_push_record(). This means we don't prep the tls header and advance state to the TLS_PENDING_CLOSED_RECORD before allocation which could potentially fail happened. That fixes the issue on my side. Fixes: 3c4d7559159b ("tls: kernel TLS support") Reported-by: syzbot+5c74af81c547738e1684@syzkaller.appspotmail.com Reported-by: syzbot+709f2810a6a05f11d4d3@syzkaller.appspotmail.com Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Dave Watson <davejwatson@fb.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-06-15Merge branch 'l2tp-l2tp_ppp-must-ignore-non-PPP-sessions'David S. Miller
Guillaume Nault says: ==================== l2tp: l2tp_ppp must ignore non-PPP sessions The original L2TP code was written for version 2 of the protocol, which could only carry PPP sessions. Then L2TPv3 generalised the protocol so that it could transport different kinds of pseudo-wires. But parts of the l2tp_ppp module still break in presence of non-PPP sessions. Assuming L2TPv2 tunnels can only transport PPP sessions is right, but l2tp_netlink failed to ensure that (fixed in patch 1). When retrieving a session from an arbitrary tunnel, l2tp_ppp needs to filter out non-PPP sessions (last occurrence fixed in patch 2). ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2018-06-15l2tp: filter out non-PPP sessions in pppol2tp_tunnel_ioctl()Guillaume Nault
pppol2tp_tunnel_ioctl() can act on an L2TPv3 tunnel, in which case 'session' may be an Ethernet pseudo-wire. However, pppol2tp_session_ioctl() expects a PPP pseudo-wire, as it assumes l2tp_session_priv() points to a pppol2tp_session structure. For an Ethernet pseudo-wire l2tp_session_priv() points to an l2tp_eth_sess structure instead, making pppol2tp_session_ioctl() access invalid memory. Fixes: d9e31d17ceba ("l2tp: Add L2TP ethernet pseudowire support") Signed-off-by: Guillaume Nault <g.nault@alphalink.fr> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-06-15l2tp: reject creation of non-PPP sessions on L2TPv2 tunnelsGuillaume Nault
The /proc/net/pppol2tp handlers (pppol2tp_seq_*()) iterate over all L2TPv2 tunnels, and rightfully expect that only PPP sessions can be found there. However, l2tp_netlink accepts creating Ethernet sessions regardless of the underlying tunnel version. This confuses pppol2tp_seq_session_show(), which expects that l2tp_session_priv() returns a pppol2tp_session structure. When the session is an Ethernet pseudo-wire, a struct l2tp_eth_sess is returned instead. This leads to invalid memory access when pppol2tp_session_get_sock() later tries to dereference ps->sk. Fixes: d9e31d17ceba ("l2tp: Add L2TP ethernet pseudowire support") Signed-off-by: Guillaume Nault <g.nault@alphalink.fr> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-06-15Merge branch 'mlxsw-IPv6-and-reference-counting-fixes'David S. Miller
Ido Schimmel says: ==================== mlxsw: IPv6 and reference counting fixes The first three patches fix a mismatch between the new IPv6 behavior introduced in commit f34436a43092 ("net/ipv6: Simplify route replace and appending into multipath route") and mlxsw. The patches allow the driver to support multipathing in IPv6 overlays with GRE tunnel devices. A selftest will be submitted when net-next opens. The last patch fixes a reference count problem of the port_vlan struct. I plan to simplify the code in net-next, so that reference counting is not necessary anymore. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2018-06-15mlxsw: spectrum_switchdev: Fix port_vlan refcountingPetr Machata
Switchdev notifications for addition of SWITCHDEV_OBJ_ID_PORT_VLAN are distributed not only on clean addition, but also when flags on an existing VLAN are changed. mlxsw_sp_bridge_port_vlan_add() calls mlxsw_sp_port_vlan_get() to get at the port_vlan in question, which implicitly references the object. This then leads to discrepancies in reference counting when the VLAN is removed. spectrum.c warns about the problem when the module is removed: [13578.493090] WARNING: CPU: 0 PID: 2454 at drivers/net/ethernet/mellanox/mlxsw/spectrum.c:2973 mlxsw_sp_port_remove+0xfd/0x110 [mlxsw_spectrum] [...] [13578.627106] Call Trace: [13578.629617] mlxsw_sp_fini+0x2a/0xe0 [mlxsw_spectrum] [13578.634748] mlxsw_core_bus_device_unregister+0x3e/0x130 [mlxsw_core] [13578.641290] mlxsw_pci_remove+0x13/0x40 [mlxsw_pci] [13578.646238] pci_device_remove+0x31/0xb0 [13578.650244] device_release_driver_internal+0x14f/0x220 [13578.655562] driver_detach+0x32/0x70 [13578.659183] bus_remove_driver+0x47/0xa0 [13578.663134] pci_unregister_driver+0x1e/0x80 [13578.667486] mlxsw_sp_module_exit+0xc/0x3fa [mlxsw_spectrum] [13578.673207] __x64_sys_delete_module+0x13b/0x1e0 [13578.677888] ? exit_to_usermode_loop+0x78/0x80 [13578.682374] do_syscall_64+0x39/0xe0 [13578.685976] entry_SYSCALL_64_after_hwframe+0x44/0xa9 Fix by putting the port_vlan when mlxsw_sp_port_vlan_bridge_join() determines it's a flag-only change. Fixes: b3529af6bb0d ("spectrum: Reference count VLAN entries") Signed-off-by: Petr Machata <petrm@mellanox.com> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-06-15mlxsw: spectrum_router: Align with new route replace logicIdo Schimmel
Commit f34436a43092 ("net/ipv6: Simplify route replace and appending into multipath route") changed the IPv6 route replace logic so that the first matching route (i.e., same metric) is replaced. Have mlxsw replace the first matching route as well. Fixes: f34436a43092 ("net/ipv6: Simplify route replace and appending into multipath route") Signed-off-by: Ido Schimmel <idosch@mellanox.com> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-06-15mlxsw: spectrum_router: Allow appending to dev-only routesIdo Schimmel
Commit f34436a43092 ("net/ipv6: Simplify route replace and appending into multipath route") changed the IPv6 route append logic so that dev-only routes can be appended and not only gatewayed routes. Align mlxsw with the new behaviour. Fixes: f34436a43092 ("net/ipv6: Simplify route replace and appending into multipath route") Signed-off-by: Ido Schimmel <idosch@mellanox.com> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-06-15ipv6: Only emit append events for appended routesIdo Schimmel
Current code will emit an append event in the FIB notification chain for any route added with NLM_F_APPEND set, even if the route was not appended to any existing route. This is inconsistent with IPv4 where such an event is only emitted when the new route is appended after an existing one. Align IPv6 behavior with IPv4, thereby allowing listeners to more easily handle these events. Fixes: f34436a43092 ("net/ipv6: Simplify route replace and appending into multipath route") Signed-off-by: Ido Schimmel <idosch@mellanox.com> Acked-by: Jiri Pirko <jiri@mellanox.com> Acked-by: David Ahern <dsahern@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-06-15Merge tag 'mac80211-for-davem-2018-06-15' of ↵David S. Miller
git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 Johannes Berg says: ==================== A handful of fixes: * missing RCU grace period enforcement led to drivers freeing data structures before; fix from Dedy Lansky. * hwsim module init error paths were messed up; fixed it myself after a report from Colin King (who had sent a partial patch) * kernel-doc tag errors; fix from Luca Coelho * initialize the on-stack sinfo data structure when getting station information; fix from Sven Eckelmann * TXQ state dumping is now done from init, and when TXQs aren't initialized yet at that point, bad things happen, move the initialization; fix from Toke Høiland-Jørgensen. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2018-06-15stmmac: added support for 802.1ad vlan strippingElad Nachman
stmmac reception handler calls stmmac_rx_vlan() to strip the vlan before calling napi_gro_receive(). The function assumes VLAN tagged frames are always tagged with 802.1Q protocol, and assigns ETH_P_8021Q to the skb by hard-coding the parameter on call to __vlan_hwaccel_put_tag() . This causes packets not to be passed to the VLAN slave if it was created with 802.1AD protocol (ip link add link eth0 eth0.100 type vlan proto 802.1ad id 100). This fix passes the protocol from the VLAN header into __vlan_hwaccel_put_tag() instead of using the hard-coded value of ETH_P_8021Q. NETIF_F_HW_VLAN_STAG_RX check was added and the strip action is now dependent on the correct combination of features and the detected vlan tag. NETIF_F_HW_VLAN_STAG_RX feature was added to be in line with the driver actual abilities. Signed-off-by: Elad Nachman <eladn@gilat.com> Reviewed-by: Toshiaki Makita <makita.toshiaki@lab.ntt.co.jp> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-06-15afs: Optimise callback breaking by not repeating volume lookupDavid Howells
At the moment, afs_break_callbacks calls afs_break_one_callback() for each separate FID it was given, and the latter looks up the volume individually for each one. However, this is inefficient if two or more FIDs have the same vid as we could reuse the volume. This is complicated by cell aliasing whereby we may have multiple cells sharing a volume and can therefore have multiple callback interests for any particular volume ID. At the moment afs_break_one_callback() scans the entire list of volumes we're getting from a server and breaks the appropriate callback in every matching volume, regardless of cell. This scan is done for every FID. Optimise callback breaking by the following means: (1) Sort the FID list by vid so that all FIDs belonging to the same volume are clumped together. This is done through the use of an indirection table as we cannot do an insertion sort on the afs_callback_break array as we decode FIDs into it as we subsequently also have to decode callback info into it that corresponds by array index only. We also don't really want to bubblesort afterwards if we can avoid it. (2) Sort the server->cb_interests array by vid so that all the matching volumes are grouped together. This permits the scan to stop after finding a record that has a higher vid. (3) When breaking FIDs, we try to keep server->cb_break_lock as long as possible, caching the start point in the array for that volume group as long as possible. It might make sense to add another layer in that list and have a refcounted volume ID anchor that has the matching interests attached to it rather than being in the list. This would allow the lock to be dropped without losing the cursor. Signed-off-by: David Howells <dhowells@redhat.com>
2018-06-15afs: Display manually added cells in dynamic root mountDavid Howells
Alter the dynroot mount so that cells created by manipulation of /proc/fs/afs/cells and /proc/fs/afs/rootcell and by specification of a root cell as a module parameter will cause directories for those cells to be created in the dynamic root superblock for the network namespace[*]. To this end: (1) Only one dynamic root superblock is now created per network namespace and this is shared between all attempts to mount it. This makes it easier to find the superblock to modify. (2) When a dynamic root superblock is created, the list of cells is walked and directories created for each cell already defined. (3) When a new cell is added, if a dynamic root superblock exists, a directory is created for it. (4) When a cell is destroyed, the directory is removed. (5) These directories are created by calling lookup_one_len() on the root dir which automatically creates them if they don't exist. [*] Inasmuch as network namespaces are currently supported here. Signed-off-by: David Howells <dhowells@redhat.com>
2018-06-15afs: Enable IPv6 DNS lookupsDavid Howells
Remove the restriction on DNS lookup upcalls that prevents ipv6 addresses from being looked up. Signed-off-by: David Howells <dhowells@redhat.com>
2018-06-15cfg80211: fix rcu in cfg80211_unregister_wdevDedy Lansky
Callers of cfg80211_unregister_wdev can free the wdev object immediately after this function returns. This may crash the kernel because this wdev object is still in use by other threads. Add synchronize_rcu() after list_del_rcu to make sure wdev object can be safely freed. Signed-off-by: Dedy Lansky <dlansky@codeaurora.org> Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
2018-06-15mac80211: Move up init of TXQsToke Høiland-Jørgensen
On init, ieee80211_if_add() dumps the interface. Since that now includes a dump of the TXQ state, we need to initialise that before the dump happens. So move up the TXQ initialisation to to before the call to ieee80211_if_add(). Fixes: 52539ca89f36 ("cfg80211: Expose TXQ stats and parameters to userspace") Reported-by: Niklas Cassel <niklas.cassel@linaro.org> Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk> Tested-by: Niklas Cassel <niklas.cassel@linaro.org> Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
2018-06-15mac80211_hwsim: fix module init error pathsJohannes Berg
We didn't free the workqueue on any errors, nor did we correctly check for rhashtable allocation errors, nor did we free the hashtable on error. Reported-by: Colin King <colin.king@canonical.com> Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
2018-06-15cfg80211: initialize sinfo in cfg80211_get_stationSven Eckelmann
Most of the implementations behind cfg80211_get_station will not initialize sinfo to zero before manipulating it. For example, the member "filled", which indicates the filled in parts of this struct, is often only modified by enabling certain bits in the bitfield while keeping the remaining bits in their original state. A caller without a preinitialized sinfo.filled can then no longer decide which parts of sinfo were filled in by cfg80211_get_station (or actually the underlying implementations). cfg80211_get_station must therefore take care that sinfo is initialized to zero. Otherwise, the caller may tries to read information which was not filled in and which must therefore also be considered uninitialized. In batadv_v_elp_get_throughput's case, an invalid "random" expected throughput may be stored for this neighbor and thus the B.A.T.M.A.N V algorithm may switch to non-optimal neighbors for certain destinations. Fixes: 7406353d43c8 ("cfg80211: implement cfg80211_get_station cfg80211 API") Reported-by: Thomas Lauer <holminateur@gmail.com> Reported-by: Marcel Schmidt <ff.z-casparistrasse@mailbox.org> Cc: b.a.t.m.a.n@lists.open-mesh.org Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
2018-06-15nl80211: fix some kernel doc tag mistakesLuca Coelho
There is a bunch of tags marking constants with &, which means struct or enum name. Replace them with %, which is the correct tag for constants. Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
2018-06-15Merge tag 'linux-kselftest-4.18-rc1-2' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest Pull more Kselftest updates from Shuah Khan: - fix a signedness bug in cgroups test - add ppc support for kprobe args tests * tag 'linux-kselftest-4.18-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest: kselftest/cgroup: fix a signedness bug selftests/ftrace: Add ppc support for kprobe args tests
2018-06-15Merge tag 'sound-fix-4.18-rc1' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound fixes from Takashi Iwai: "Here is a collection of small fixes on top of the previous update. All small and obvious fixes. Mostly for usual suspects, USB-audio and HD-audio, but a few trivial error handling fixes for misc drivers as well" * tag 'sound-fix-4.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: usb-audio: Always create the interrupt pipe for the mixer ALSA: usb-audio: Add insertion control for UAC3 BADD ALSA: usb-audio: Change in connectors control creation interface ALSA: usb-audio: Add bi-directional terminal types ALSA: lx6464es: add error handling for pci_ioremap_bar ALSA: sonicvibes: add error handling for snd_ctl_add ALSA: usb-audio: Remove explicitly listed Mytek devices ALSA: usb-audio: Generic DSD detection for XMOS-based implementations ALSA: usb-audio: Add native DSD support for Mytek DACs ALSA: hda/realtek - Add shutup hint ALSA: usb-audio: Disable the quirk for Nura headset ALSA: hda: add dock and led support for HP ProBook 640 G4 ALSA: hda: add dock and led support for HP EliteBook 830 G5 ALSA: emu10k1: add error handling for snd_ctl_add ALSA: fm801: add error handling for snd_ctl_add
2018-06-15Merge tag 'drm-next-2018-06-15' of git://anongit.freedesktop.org/drm/drmLinus Torvalds
Pull amd drm fixes from Dave Airlie: "Just a single set of AMD fixes for stuff in -next for -rc1" * tag 'drm-next-2018-06-15' of git://anongit.freedesktop.org/drm/drm: (47 commits) drm/amd/powerplay: Set higher SCLK&MCLK frequency than dpm7 in OD (v2) drm/amd/powerplay: remove uncessary extra gfxoff control call drm/amdgpu: fix parsing indirect register list v2 drm/amd/include: Update df 3.6 mask and shift definition drm/amd/pp: Fix OD feature enable failed on Vega10 workstation cards drm/amd/display: Fix stale buffer object (bo) use drm/amd/pp: initialize result to before or'ing in data drm/amd/powerplay: fix wrong clock adjust sequence drm/amdgpu: Grab/put runtime PM references in atomic_commit_tail() drm/amd/powerplay: fix missed hwmgr check warning before call gfx_off_control handler drm/amdgpu: fix CG enabling hang with gfxoff enabled drm/amdgpu: fix clear_all and replace handling in the VM (v2) drm/amdgpu: add checking for sos version drm/amdgpu: fix the missed vcn fw version report Revert "drm/amdgpu: Add an ATPX quirk for hybrid laptop" drm/amdgpu/df: fix potential array out-of-bounds read drm/amdgpu: Fix NULL pointer when load kfd driver with PP block is disabled drm/gfx9: Update gc goldensetting for vega20. drm/amd/pp: Allow underclocking when od table is empty in vbios drm/amdgpu/display: check if ppfuncs exists before using it ...
2018-06-15afs: Show all of a server's addresses in /proc/fs/afs/serversDavid Howells
Show all of a server's addresses in /proc/fs/afs/servers, placing the second plus addresses on padded lines of their own. The current address is marked with a star. Signed-off-by: David Howells <dhowells@redhat.com>
2018-06-15afs: Handle CONFIG_PROC_FS=nDavid Howells
The AFS filesystem depends at the moment on /proc for configuration and also presents information that way - however, this causes a compilation failure if procfs is disabled. Fix it so that the procfs bits aren't compiled in if procfs is disabled. This means that you can't configure the AFS filesystem directly, but it is still usable provided that an up-to-date keyutils is installed to look up cells by SRV or AFSDB DNS records. Reported-by: Al Viro <viro@ZenIV.linux.org.uk> Signed-off-by: David Howells <dhowells@redhat.com>
2018-06-15proc: Make inline name size calculation automaticDavid Howells
Make calculation of the size of the inline name in struct proc_dir_entry automatic, rather than having to manually encode the numbers and failing to allow for lockdep. Require a minimum inline name size of 33+1 to allow for names that look like two hex numbers with a dash between. Reported-by: Al Viro <viro@ZenIV.linux.org.uk> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2018-06-15orangefs: simplify compat ioctl handlingAl Viro
no need to mess with copy_in_user(), etc... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2018-06-15signalfd: lift sigmask copyin and size checks to callers of do_signalfd4()Al Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2018-06-14hv_netvsc: Fix the variable sizes in ipsecv2 and rsc offloadHaiyang Zhang
These fields in struct ndis_ipsecv2_offload and struct ndis_rsc_offload are one byte according to the specs. This patch defines them with the right size. These structs are not in use right now, but will be used soon. Signed-off-by: Haiyang Zhang <haiyangz@microsoft.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-06-14rds: avoid unenecessary cong_update in loop transportSantosh Shilimkar
Loop transport which is self loopback, remote port congestion update isn't relevant. Infact the xmit path already ignores it. Receive path needs to do the same. Reported-by: syzbot+4c20b3866171ce8441d2@syzkaller.appspotmail.com Reviewed-by: Sowmini Varadhan <sowmini.varadhan@oracle.com> Signed-off-by: Santosh Shilimkar <santosh.shilimkar@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-06-15Merge branch 'drm-next-4.18' of git://people.freedesktop.org/~agd5f/linux ↵Dave Airlie
into drm-next Fixes for 4.18. Highlights: - Fixes for gfxoff on Raven - Remove an ATPX quirk now that the root cause is fixed - Runtime PM fixes - Vega20 register header update - Wattman fixes - Misc bug fixes Signed-off-by: Dave Airlie <airlied@redhat.com> Link: https://patchwork.freedesktop.org/patch/msgid/20180614141428.2909-1-alexander.deucher@amd.com
2018-06-14Merge branch 'l2tp-fixes'David S. Miller
Guillaume Nault says: ==================== l2tp: pppol2tp_connect() fixes This series fixes a few remaining issues with pppol2tp_connect(). It doesn't try to prevent invalid configurations that have no effect on kernel's reliability. That would be work for a future patch set. Patch 2 is the most important as it avoids an invalid pointer dereference crashing the kernel. It depends on patch 1 for correctly identifying L2TP session types. Patches 3 and 4 avoid creating stale tunnels and sessions. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2018-06-14l2tp: clean up stale tunnel or session in pppol2tp_connect's error pathGuillaume Nault
pppol2tp_connect() may create a tunnel or a session. Remove them in case of error. Fixes: fd558d186df2 ("l2tp: Split pppol2tp patch into separate l2tp and ppp parts") Signed-off-by: Guillaume Nault <g.nault@alphalink.fr> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-06-14l2tp: prevent pppol2tp_connect() from creating kernel socketsGuillaume Nault
If 'fd' is negative, l2tp_tunnel_create() creates a tunnel socket using the configuration passed in 'tcfg'. Currently, pppol2tp_connect() sets the relevant fields to zero, tricking l2tp_tunnel_create() into setting up an unusable kernel socket. We can't set 'tcfg' with the required fields because there's no way to get them from the current connect() parameters. So let's restrict kernel sockets creation to the netlink API, which is the original use case. Fixes: 789a4a2c61d8 ("l2tp: Add support for static unmanaged L2TPv3 tunnels") Signed-off-by: Guillaume Nault <g.nault@alphalink.fr> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-06-14l2tp: only accept PPP sessions in pppol2tp_connect()Guillaume Nault
l2tp_session_priv() returns a struct pppol2tp_session pointer only for PPPoL2TP sessions. In particular, if the session is an L2TP_PWTYPE_ETH pseudo-wire, l2tp_session_priv() returns a pointer to an l2tp_eth_sess structure, which is much smaller than struct pppol2tp_session. This leads to invalid memory dereference when trying to lock ps->sk_lock. Fixes: d9e31d17ceba ("l2tp: Add L2TP ethernet pseudowire support") Signed-off-by: Guillaume Nault <g.nault@alphalink.fr> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-06-14l2tp: fix pseudo-wire type for sessions created by pppol2tp_connect()Guillaume Nault
Define cfg.pw_type so that the new session is created with its .pwtype field properly set (L2TP_PWTYPE_PPP). Not setting the pseudo-wire type had several annoying effects: * Invalid value returned in the L2TP_ATTR_PW_TYPE attribute when dumping sessions with the netlink API. * Impossibility to delete the session using the netlink API (because l2tp_nl_cmd_session_delete() gets the deletion callback function from an array indexed by the session's pseudo-wire type). Also, there are several cases where we should check a session's pseudo-wire type. For example, pppol2tp_connect() should refuse to connect a session that is not PPPoL2TP, but that requires the session's .pwtype field to be properly set. Fixes: f7faffa3ff8e ("l2tp: Add L2TPv3 protocol support") Signed-off-by: Guillaume Nault <g.nault@alphalink.fr> Signed-off-by: David S. Miller <davem@davemloft.net>
2018-06-14eventpoll: switch to ->poll_maskBen Noordhuis
Signed-off-by: Ben Noordhuis <info@bnoordhuis.nl> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>