24 Oct, 2014
2 commits
-
We currently neither account for the nlattr size, nor do we consider
the size of the trailing NLMSG_DONE when allocating nlmsg skb.This can result in nflog to stop working, as __nfulnl_send() re-tries
sending forever if it failed to append NLMSG_DONE (which will never
work if buffer is not large enough).Reported-by: Houcheng Lin
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso -
Commit 462fb2af9788a82a534f8184abfde31574e1cfa0
bridge : Sanitize skb before it enters the IP stack
broke when IP options are actually used because it mangles the
skb as if it entered the IP stack which is wrong because the
bridge is supposed to operate below the IP stack.Since nobody has actually requested for parsing of IP options
this patch fixes it by simply reverting to the previous approach
of ignoring all IP options, i.e., zeroing the IPCB.If and when somebody who uses IP options and actually needs them
to be parsed by the bridge complains then we can revisit this.Reported-by: David Newall
Signed-off-by: Herbert Xu
Tested-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
22 Oct, 2014
11 commits
-
alloc_percpu returns NULL on failure, not a negative error code.
Fixes: ff3cd7b3c922 ("netfilter: nf_tables: refactor chain statistic routines")
Signed-off-by: Sabrina Dubroca
Signed-off-by: Pablo Neira Ayuso -
The ->ip_set_list[] array is initialized in ip_set_net_init() and it
has ->ip_set_max elements so this check should be >= instead of >
otherwise we are off by one.Signed-off-by: Dan Carpenter
Acked-by: Jozsef Kadlecsik
Signed-off-by: Pablo Neira Ayuso -
When a port that was used to listen for inbound connections gets closed
and reused for outgoing connections (like rsh ends up doing for stderr
flow), current we may reject the SYN/ACK packet for the new connection
because tcp_conntracks states forbirds a port to become a client while
there is still a TIME_WAIT entry in there for it.As TCP may expire the TIME_WAIT socket in 60s and conntrack's timeout
for it is 120s, there is a ~60s window that the application can end up
opening a port that conntrack will end up blocking.This patch fixes this by simply allowing such state transition: if we
see a SYN, in TIME_WAIT state, on REPLY direction, move it to sSS. Note
that the rest of the code already handles this situation, more
specificly in tcp_packet(), first switch clause.Signed-off-by: Marcelo Ricardo Leitner
Acked-by: Jozsef Kadlecsik
Signed-off-by: Pablo Neira Ayuso -
Use netdev_alloc_pcpu_stats to allocate percpu stats and initialize syncp.
Fixes: 22e0f8b9322c "net: sched: make bstats per cpu and estimator RCU safe"
Signed-off-by: Sabrina Dubroca
Acked-by: Cong Wang
Signed-off-by: David S. Miller -
while comparing for verifier state equivalency the comparison
was missing a check for uninitialized register.
Make sure it does so and add a testcase.Fixes: f1bca824dabb ("bpf: add search pruning optimization to verifier")
Cc: Hannes Frederic Sowa
Signed-off-by: Alexei Starovoitov
Acked-by: Hannes Frederic Sowa
Signed-off-by: David S. Miller -
The synchronize_rcu() in netlink_release() introduces unacceptable
latency. Reintroduce minimal lookup so we can drop the
synchronize_rcu() until socket destruction has been RCUfied.Cc: David S. Miller
Cc: Eric Dumazet
Reported-by: Steinar H. Gunderson
Reported-and-tested-by: Heiko Carstens
Signed-off-by: Thomas Graf
Signed-off-by: David S. Miller -
When running tipcTC&tipcTS test suite, below lockdep unsafe locking
scenario is reported:[ 1109.997854]
[ 1109.997988] =================================
[ 1109.998290] [ INFO: inconsistent lock state ]
[ 1109.998575] 3.17.0-rc1+ #113 Not tainted
[ 1109.998762] ---------------------------------
[ 1109.998762] inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
[ 1109.998762] swapper/7/0 [HC0[0]:SC1[1]:HE1:SE0] takes:
[ 1109.998762] (slock-AF_TIPC){+.?...}, at: [] tipc_sk_rcv+0x49/0x2b0 [tipc]
[ 1109.998762] {SOFTIRQ-ON-W} state was registered at:
[ 1109.998762] [] __lock_acquire+0x6a0/0x1d80
[ 1109.998762] [] lock_acquire+0x95/0x1e0
[ 1109.998762] [] _raw_spin_lock+0x3e/0x80
[ 1109.998762] [] tipc_sk_rcv+0x49/0x2b0 [tipc]
[ 1109.998762] [] tipc_link_xmit+0xa8/0xc0 [tipc]
[ 1109.998762] [] tipc_sendmsg+0x15f/0x550 [tipc]
[ 1109.998762] [] tipc_connect+0x105/0x140 [tipc]
[ 1109.998762] [] SYSC_connect+0xae/0xc0
[ 1109.998762] [] SyS_connect+0xe/0x10
[ 1109.998762] [] compat_SyS_socketcall+0xb8/0x200
[ 1109.998762] [] sysenter_dispatch+0x7/0x1f
[ 1109.998762] irq event stamp: 241060
[ 1109.998762] hardirqs last enabled at (241060): [] __local_bh_enable_ip+0x6d/0xd0
[ 1109.998762] hardirqs last disabled at (241059): [] __local_bh_enable_ip+0x2f/0xd0
[ 1109.998762] softirqs last enabled at (241020): [] _local_bh_enable+0x22/0x50
[ 1109.998762] softirqs last disabled at (241021): [] irq_exit+0x96/0xc0
[ 1109.998762]
[ 1109.998762] other info that might help us debug this:
[ 1109.998762] Possible unsafe locking scenario:
[ 1109.998762]
[ 1109.998762] CPU0
[ 1109.998762] ----
[ 1109.998762] lock(slock-AF_TIPC);
[ 1109.998762]
[ 1109.998762] lock(slock-AF_TIPC);
[ 1109.998762]
[ 1109.998762] *** DEADLOCK ***
[ 1109.998762]
[ 1109.998762] 2 locks held by swapper/7/0:
[ 1109.998762] #0: (rcu_read_lock){......}, at: [] __netif_receive_skb_core+0x69/0xb70
[ 1109.998762] #1: (rcu_read_lock){......}, at: [] tipc_l2_rcv_msg+0x40/0x260 [tipc]
[ 1109.998762]
[ 1109.998762] stack backtrace:
[ 1109.998762] CPU: 7 PID: 0 Comm: swapper/7 Not tainted 3.17.0-rc1+ #113
[ 1109.998762] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2007
[ 1109.998762] ffffffff82745830 ffff880016c03828 ffffffff81a209eb 0000000000000007
[ 1109.998762] ffff880017b3cac0 ffff880016c03888 ffffffff81a1c5ef 0000000000000001
[ 1109.998762] ffff880000000001 ffff880000000000 ffffffff81012d4f 0000000000000000
[ 1109.998762] Call Trace:
[ 1109.998762] [] dump_stack+0x4e/0x68
[ 1109.998762] [] print_usage_bug+0x1f1/0x202
[ 1109.998762] [] ? save_stack_trace+0x2f/0x50
[ 1109.998762] [] mark_lock+0x28c/0x2f0
[ 1109.998762] [] ? print_irq_inversion_bug.part.46+0x1f0/0x1f0
[ 1109.998762] [] __lock_acquire+0x5ad/0x1d80
[ 1109.998762] [] ? trace_hardirqs_on+0xd/0x10
[ 1109.998762] [] ? sched_clock_cpu+0x98/0xc0
[ 1109.998762] [] ? local_clock+0x1b/0x30
[ 1109.998762] [] ? lock_release_holdtime.part.29+0x1c/0x1a0
[ 1109.998762] [] ? sched_clock_local+0x25/0x90
[ 1109.998762] [] ? tipc_sk_get+0x60/0x80 [tipc]
[ 1109.998762] [] lock_acquire+0x95/0x1e0
[ 1109.998762] [] ? tipc_sk_rcv+0x49/0x2b0 [tipc]
[ 1109.998762] [] ? trace_hardirqs_on_caller+0xa6/0x1c0
[ 1109.998762] [] _raw_spin_lock+0x3e/0x80
[ 1109.998762] [] ? tipc_sk_rcv+0x49/0x2b0 [tipc]
[ 1109.998762] [] ? tipc_sk_get+0x60/0x80 [tipc]
[ 1109.998762] [] tipc_sk_rcv+0x49/0x2b0 [tipc]
[ 1109.998762] [] tipc_rcv+0x5ed/0x960 [tipc]
[ 1109.998762] [] tipc_l2_rcv_msg+0xcc/0x260 [tipc]
[ 1109.998762] [] ? tipc_l2_rcv_msg+0x40/0x260 [tipc]
[ 1109.998762] [] __netif_receive_skb_core+0x5e5/0xb70
[ 1109.998762] [] ? __netif_receive_skb_core+0x69/0xb70
[ 1109.998762] [] ? dev_gro_receive+0x259/0x4e0
[ 1109.998762] [] __netif_receive_skb+0x26/0x70
[ 1109.998762] [] netif_receive_skb_internal+0x2d/0x1f0
[ 1109.998762] [] napi_gro_receive+0xd8/0x240
[ 1109.998762] [] e1000_clean_rx_irq+0x2c4/0x530
[ 1109.998762] [] e1000_clean+0x266/0x9c0
[ 1109.998762] [] ? local_clock+0x1b/0x30
[ 1109.998762] [] ? sched_clock_local+0x25/0x90
[ 1109.998762] [] net_rx_action+0x141/0x310
[ 1109.998762] [] ? handle_fasteoi_irq+0xe0/0x150
[ 1109.998762] [] __do_softirq+0x116/0x4d0
[ 1109.998762] [] irq_exit+0x96/0xc0
[ 1109.998762] [] do_IRQ+0x67/0x110
[ 1109.998762] [] common_interrupt+0x6f/0x6f
[ 1109.998762] [] ? default_idle+0x37/0x250
[ 1109.998762] [] ? default_idle+0x35/0x250
[ 1109.998762] [] arch_cpu_idle+0xf/0x20
[ 1109.998762] [] cpu_startup_entry+0x27d/0x4d0
[ 1109.998762] [] start_secondary+0x188/0x1f0When intra-node messages are delivered from one process to another
process, tipc_link_xmit() doesn't disable BH before it directly calls
tipc_sk_rcv() on process context to forward messages to destination
socket. Meanwhile, if messages delivered by remote node arrive at the
node and their destinations are also the same socket, tipc_sk_rcv()
running on process context might be preempted by tipc_sk_rcv() running
BH context. As a result, the latter cannot obtain the socket lock as
the lock was obtained by the former, however, the former has no chance
to be run as the latter is owning the CPU now, so headlock happens. To
avoid it, BH should be always disabled in tipc_sk_rcv().Signed-off-by: Ying Xue
Reviewed-by: Jon Maloy
Signed-off-by: David S. Miller -
Locking dependency detected below possible unsafe locking scenario:
CPU0 CPU1
T0: tipc_named_rcv() tipc_rcv()
T1: [grab nametble write lock]* [grab node lock]*
T2: tipc_update_nametbl() tipc_node_link_up()
T3: tipc_nodesub_subscribe() tipc_nametbl_publish()
T4: [grab node lock]* [grab nametble write lock]*The opposite order of holding nametbl write lock and node lock on
above two different paths may result in a deadlock. If we move the
the updating of the name table after link state named out of node
lock, the reverse order of holding locks will be eliminated, and
as a result, the deadlock risk.Signed-off-by: Ying Xue
Signed-off-by: Jon Maloy
Signed-off-by: David S. Miller -
Govindarajulu Varadarajan says:
====================
enic: Bug fixesThis series fixes the following problem.
Please apply this to net.
====================Signed-off-by: David S. Miller
-
In enic_stop, we disable preemption using local_bh_disable(). We disable
preemption to wait for busy_poll to finish.napi_disable should not be called here as it might sleep.
Moving napi_disable() call out side of local_bh_disable.
BUG: sleeping function called from invalid context at include/linux/netdevice.h:477
in_atomic(): 1, irqs_disabled(): 0, pid: 443, name: ifconfig
INFO: lockdep is turned off.
Preemption disabled at:[] enic_rfs_flw_tbl_free+0x34/0xd0 [enic]CPU: 31 PID: 443 Comm: ifconfig Not tainted 3.17.0-netnext-05504-g59f35b8 #268
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
ffff8800dac10000 ffff88020b8dfcb8 ffffffff8148a57c 0000000000000000
ffff88020b8dfcd0 ffffffff8107e253 ffff8800dac12a40 ffff88020b8dfd10
ffffffffa029305b ffff88020b8dfd48 ffff8800dac10000 ffff88020b8dfd48
Call Trace:
[] dump_stack+0x4e/0x7a
[] __might_sleep+0x123/0x1a0
[] enic_stop+0xdb/0x4d0 [enic]
[] __dev_close_many+0x9d/0xf0
[] __dev_close+0x31/0x50
[] __dev_change_flags+0x98/0x160
[] dev_change_flags+0x24/0x60
[] devinet_ioctl+0x63d/0x710
[] ? might_fault+0x56/0xc0
[] inet_ioctl+0x65/0x90
[] sock_do_ioctl+0x20/0x50
[] sock_ioctl+0x20b/0x2e0
[] do_vfs_ioctl+0x2e0/0x500
[] ? sysret_check+0x22/0x5d
[] ? __this_cpu_preempt_check+0x13/0x20
[] ? trace_hardirqs_on_caller+0x119/0x270
[] SyS_ioctl+0x3c/0x80
[] system_call_fastpath+0x1a/0x1fSigned-off-by: Govindarajulu Varadarajan
Signed-off-by: David S. Miller -
The following warning is shown when spinlock debug is enabled.
This occurs when enic_flow_may_expire timer function is running and
enic_stop is called on same CPU.Fix this by using spink_lock_bh().
=================================
[ INFO: inconsistent lock state ]
3.17.0-netnext-05504-g59f35b8 #268 Not tainted
---------------------------------
inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage.
ifconfig/443 [HC0[0]:SC0[0]:HE1:SE1] takes:
(&(&enic->rfs_h.lock)->rlock){+.?...}, at:
enic_rfs_flw_tbl_free+0x34/0xd0 [enic]
{IN-SOFTIRQ-W} state was registered at:
[] __lock_acquire+0x83f/0x21c0
[] lock_acquire+0xa2/0xd0
[] _raw_spin_lock+0x3c/0x80
[] enic_flow_may_expire+0x25/0x130[enic]
[] call_timer_fn+0x77/0x100
[] run_timer_softirq+0x1e3/0x270
[] __do_softirq+0x14e/0x280
[] irq_exit+0x8e/0xb0
[] smp_apic_timer_interrupt+0x3f/0x50
[] apic_timer_interrupt+0x72/0x80
[] default_idle+0x13/0x20
[] arch_cpu_idle+0xa/0x10
[] cpu_startup_entry+0x2c6/0x330
[] start_secondary+0x21d/0x290
irq event stamp: 2997
hardirqs last enabled at (2997): [] _raw_spin_unlock_irqrestore+0x65/0x90
hardirqs last disabled at (2996): [] _raw_spin_lock_irqsave+0x26/0x90
softirqs last enabled at (2968): [] dev_deactivate_many+0x213/0x260
softirqs last disabled at (2966): [] dev_deactivate_many+0x1f3/0x260other info that might help us debug this:
Possible unsafe locking scenario:CPU0
----
lock(&(&enic->rfs_h.lock)->rlock);
lock(&(&enic->rfs_h.lock)->rlock);*** DEADLOCK ***
Reported-by: Jan Stancek
Signed-off-by: Govindarajulu Varadarajan
Signed-off-by: David S. Miller
21 Oct, 2014
4 commits
-
Florian Westphal says:
====================
net: minor gso encapsulation fixesThe following series fixes a minor bug in the gso segmentation handlers
when encapsulation offload is used.Theoretically this could cause kernel panic when the stack tries
to software-segment such a GRE offload packet, but it looks like there
is only one affected call site (tbf scheduler) and it handles NULL
return value.I've included a followup patch to add IS_ERR_OR_NULL checks where needed.
While looking into this, I also found that size computation of the individual
segments is incorrect if skb->encapsulation is set.Please see individual patches for delta vs. v1.
====================Signed-off-by: David S. Miller
-
if ->encapsulation is set we have to use inner_tcp_hdrlen and add the
size of the inner network headers too.This is 'mostly harmless'; tbf might send skb that is slightly over
quota or drop skb even if it would have fit.Signed-off-by: Florian Westphal
Signed-off-by: David S. Miller -
skb_gso_segment has three possible return values:
1. a pointer to the first segmented skb
2. an errno value (IS_ERR())
3. NULL. This can happen when GSO is used for header verification.However, several callers currently test IS_ERR instead of IS_ERR_OR_NULL
and would oops when NULL is returned.Note that these call sites should never actually see such a NULL return
value; all callers mask out the GSO bits in the feature argument.However, there have been issues with some protocol handlers erronously not
respecting the specified feature mask in some cases.It is preferable to get 'have to turn off hw offloading, else slow' reports
rather than 'kernel crashes'.Signed-off-by: Florian Westphal
Signed-off-by: David S. Miller -
skb_gso_segment() has a 'features' argument representing offload features
available to the output path.A few handlers, e.g. GRE, instead re-fetch the features of skb->dev and use
those instead of the provided ones when handing encapsulation/tunnels.Depending on dev->hw_enc_features of the output device skb_gso_segment() can
then return NULL even when the caller has disabled all GSO feature bits,
as segmentation of inner header thinks device will take care of segmentation.This e.g. affects the tbf scheduler, which will silently drop GRE-encap GSO skbs
that did not fit the remaining token quota as the segmentation does not work
when device supports corresponding hw offload capabilities.Cc: Pravin B Shelar
Signed-off-by: Florian Westphal
Signed-off-by: David S. Miller
20 Oct, 2014
11 commits
-
Pablo Neira Ayuso says:
====================
netfilter fixes for netThe following patchset contains netfilter fixes for your net tree,
they are:1) Fix missing MODULE_LICENSE() in the new nf_reject_ipv{4,6} modules.
2) Restrict nat and masq expressions to the nat chain type. Otherwise,
users may crash their kernel if they attach a nat/masq rule to a non
nat chain.3) Fix hook validation in nft_compat when non-base chains are used.
Basically, initialize hook_mask to zero.4) Make sure you use match/targets in nft_compat from the right chain
type. The existing validation relies on the table name which can be
avoided by5) Better netlink attribute validation in nft_nat. This expression has
to reject the configuration when no address and proto configurations
are specified.6) Interpret NFTA_NAT_REG_*_MAX if only if NFTA_NAT_REG_*_MIN is set.
Yet another sanity check to reject incorrect configurations from
userspace.7) Conditional NAT attribute dumping depending on the existing
configuration.
====================Signed-off-by: David S. Miller
-
The following patch fixes a bug which causes the ax88179_178a driver to be
incapable of being added to a bond.When I brought up the issue with the bonding maintainers, they indicated
that the real problem was with the NIC driver which must return zero for
success (of setting the MAC address). I see that several other NIC drivers
follow that pattern by either simply always returing zero, or by passing
through a negative (error) result while rewriting any positive return code
to zero. With that same philisophy applied to the ax88179_178a driver, it
allows it to work correctly with the bonding driver.I believe this is suitable for queuing in -stable, as it's a small, simple,
and obvious fix that corrects a defect with no other known workaround.This patch is against vanilla 3.17(.0).
Signed-off-by: Ian Morgan
drivers/net/usb/ax88179_178a.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
Signed-off-by: David S. Miller -
Pull ntb (non-transparent bridge) updates from Jon Mason:
"Add support for Haswell NTB split BARs, a debugfs entry for basic
debugging info, and some code clean-ups"* tag 'ntb-3.18' of git://github.com/jonmason/ntb:
ntb: Adding split BAR support for Haswell platforms
ntb: use errata flag set via DID to implement workaround
ntb: conslidate reading of PPD to move platform detection earlier
ntb: move platform detection to separate function
NTB: debugfs device entry -
Pull i2c updates from Wolfram Sang:
"Highlights from the I2C subsystem for 3.18:- new drivers for Axxia AM55xx, and Hisilicon hix5hd2 SoC.
- designware driver gained AMD support, exynos gained exynos7 support
The rest is usual driver stuff. Hopefully no lowlights this time"
* 'i2c/for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
i2c: i801: Add Device IDs for Intel Sunrise Point PCH
i2c: hix5hd2: add i2c controller driver
i2c-imx: Disable the clock on probe failure
i2c: designware: Add support for AMD I2C controller
i2c: designware: Rework probe() to get clock a bit later
i2c: designware: Default to fast mode in case of ACPI
i2c: axxia: Add I2C driver for AXM55xx
i2c: exynos: add support for HSI2C module on Exynos7
i2c: mxs: detect No Slave Ack on SELECT in PIO mode
i2c: cros_ec: Remove EC_I2C_FLAG_10BIT
i2c: cros-ec-tunnel: Add of match table
i2c: rcar: remove sign-compare flaw
i2c: ismt: Use minimum descriptor size
i2c: imx: Add arbitration lost check
i2c: rk3x: Remove unlikely() annotations
i2c: rcar: check for no IRQ in rcar_i2c_irq()
i2c: rcar: make rcar_i2c_prepare_msg() *void*
i2c: rcar: simplify check for last message
i2c: designware: add support of platform data to set I2C mode
i2c: designware: add support of I2C standard mode -
Pull sound fixes from Takashi Iwai:
"Here are a collection of small fixes after 3.18 merge.The urgent one is the fix for kernel panics with linked PCM substream
triggered by the recent nonatomic PCM ops support. Other two fixes
(emu10k1 and bebob) are stable fixes, and one easy PCI ID addition for
a new Intel HD-audio controller"* tag 'sound-fix-3.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: hda_intel: Add Device IDs for Intel Sunrise Point PCH
ALSA: emu10k1: Fix deadlock in synth voice lookup
ALSA: pcm: Fix referred substream in snd_pcm_action_group() unlock loop
ALSA: bebob: Fix failure to detect source of clock for Terratec Phase 88 -
Pull second round of input updates from Dmitry Torokhov:
"Mostly simple bug fixes, although we do have one brand new driver for
Microchip AR1021 i2c touchscreen.Also there is the change to stop trying to use i8042 active
multiplexing by default (it is still possible to activate it via
i8042.nomux=0 on boxes that implement it)"* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
Input: xpad - add Thrustmaster as Xbox 360 controller vendor
Input: xpad - add USB ID for Thrustmaster Ferrari 458 Racing Wheel
Input: max77693-haptic - fix state check in imax77693_haptic_disable()
Input: xen-kbdfront - free grant table entry in xenkbd_disconnect_backend
Input: alps - fix v4 button press recognition
Input: i8042 - disable active multiplexing by default
Input: i8042 - add noloop quirk for Asus X750LN
Input: synaptics - gate forcepad support by DMI check
Input: Add Microchip AR1021 i2c touchscreen
Input: cros_ec_keyb - add of match table
Input: serio - avoid negative serio device numbers
Input: avoid negative input device numbers
Input: automatically set EV_ABS bit in input_set_abs_params
Input: adp5588-keys - cancel workqueue in failure path
Input: opencores-kbd - switch to using managed resources
Input: evdev - fix EVIOCG{type} ioctl -
Pull infiniband/RDMA updates from Roland Dreier:
- large set of iSER initiator improvements
- hardware driver fixes for cxgb4, mlx5 and ocrdma
- small fixes to core midlayer* tag 'rdma-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband: (47 commits)
RDMA/cxgb4: Fix ntuple calculation for ipv6 and remove duplicate line
RDMA/cxgb4: Add missing neigh_release in find_route
RDMA/cxgb4: Take IPv6 into account for best_mtu and set_emss
RDMA/cxgb4: Make c4iw_wr_log_size_order static
IB/core: Fix XRC race condition in ib_uverbs_open_qp
IB/core: Clear AH attr variable to prevent garbage data
RDMA/ocrdma: Save the bit environment, spare unncessary parenthesis
RDMA/ocrdma: The kernel has a perfectly good BIT() macro - use it
RDMA/ocrdma: Don't memset() buffers we just allocated with kzalloc()
RDMA/ocrdma: Remove a unused-label warning
RDMA/ocrdma: Convert kernel VA to PA for mmap in user
RDMA/ocrdma: Get vlan tag from ib_qp_attrs
RDMA/ocrdma: Add default GID at index 0
IB/mlx5, iser, isert: Add Signature API additions
Target/iser: Centralize ib_sig_domain setting
IB/iser: Centralize ib_sig_domain settings
IB/mlx5: Use extended internal signature layout
IB/iser: Set IP_CSUM as default guard type
IB/iser: Remove redundant assignment
IB/mlx5: Use enumerations for PI copy mask
... -
Pull more perf updates from Ingo Molnar:
"A second (and last) round of late coming fixes and changes, almost all
of them in perf tooling:User visible tooling changes:
- Add period data column and make it default in 'perf script' (Jiri
Olsa)- Add a visual cue for toggle zeroing of samples in 'perf top'
(Taeung Song)- Improve callchains when using libunwind (Namhyung Kim)
Tooling fixes and infrastructure changes:
- Fix for double free in 'perf stat' when using some specific invalid
command line combo (Yasser Shalabi)- Fix off-by-one bugs in map->end handling (Stephane Eranian)
- Fix off-by-one bug in maps__find(), also related to map->end
handling (Namhyung Kim)- Make struct symbol->end be the first addr after the symbol range,
to make it match the convention used for struct map->end. (Arnaldo
Carvalho de Melo)- Fix perf_evlist__add_pollfd() error handling in 'perf kvm stat
live' (Jiri Olsa)- Fix python test build by moving callchain_param to an object linked
into the python binding (Jiri Olsa)- Document sysfs events/ interfaces (Cody P Schafer)
- Fix typos in perf/Documentation (Masanari Iida)
- Add missing 'struct option' forward declaration (Arnaldo Carvalho
de Melo)- Add option to copy events when queuing for sorting across cpu
buffers and enable it for 'perf kvm stat live', to avoid having
events left in the queue pointing to the ring buffer be rewritten
in high volume sessions. (Alexander Yarygin, improving work done
by David Ahern):- Do not include a struct hists per perf_evsel, untangling the
histogram code from perf_evsel, to pave the way for exporting a
minimalistic tools/lib/api/perf/ library usable by tools/perf and
initially by the rasd daemon being developed by Borislav Petkov,
Robert Richter and Jean Pihet. (Arnaldo Carvalho de Melo)- Make perf_evlist__open(evlist, NULL, NULL), i.e. without cpu and
thread maps mean syswide monitoring, reducing the boilerplate for
tools that only want system wide mode. (Arnaldo Carvalho de Melo)- Move exit stuff from perf_evsel__delete to perf_evsel__exit, delete
should be just a front end for exit + free (Arnaldo Carvalho de
Melo)- Add support to new style format of kernel PMU event. (Kan Liang)
and other misc fixes"
* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (45 commits)
perf script: Add period as a default output column
perf script: Add period data column
perf evsel: No need to drag util/cgroup.h
perf evlist: Add missing 'struct option' forward declaration
perf evsel: Move exit stuff from __delete to __exit
kprobes/x86: Remove stale ARCH_SUPPORTS_KPROBES_ON_FTRACE define
perf kvm stat live: Enable events copying
perf session: Add option to copy events when queueing
perf Documentation: Fix typos in perf/Documentation
perf trace: Use thread_{,_set}_priv helpers
perf kvm: Use thread_{,_set}_priv helpers
perf callchain: Create an address space per thread
perf report: Set callchain_param.record_mode for future use
perf evlist: Fix for double free in tools/perf stat
perf test: Add test case for pmu event new style format
perf tools: Add support to new style format of kernel PMU event
perf tools: Parse the pmu event prefix and suffix
Revert "perf tools: Default to cpu// for events v5"
perf Documentation: Remove Ruplicated docs for powerpc cpu specific events
perf Documentation: sysfs events/ interfaces
... -
Pull sparc fixes from David Miller:
"Here we have two bug fixes:1) The current thread's fault_code is not setup properly upon entry to
do_sparc64_fault() in some paths, leading to spurious SIGBUS.2) Don't use a zero length array at the end of thread_info on sparc64,
otherwise end_of_stack() isn't right"* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
sparc64: Do not define thread fpregs save area as zero-length array.
sparc64: Fix corrupted thread fault code. -
Pull networking fixes from David Miller:
"A quick batch of bug fixes:1) Fix build with IPV6 disabled, from Eric Dumazet.
2) Several more cases of caching SKB data pointers across calls to
pskb_may_pull(), thus referencing potentially free'd memory. From
Li RongQing.3) DSA phy code tests operation presence improperly, instead of going:
if (x->ops->foo)
r = x->ops->foo(args);it was going:
if (x->ops->foo(args))
r = x->ops->foo(args);Fix from Andew Lunn"
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
Net: DSA: Fix checking for get_phy_flags function
ipv6: fix a potential use after free in sit.c
ipv6: fix a potential use after free in ip6_offload.c
ipv4: fix a potential use after free in gre_offload.c
tcp: fix build error if IPv6 is not enabled -
The check for the presence or not of the optional switch function
get_phy_flags() called the function, rather than checked to see if it
is a NULL pointer. This causes a derefernce of a NULL pointer on all
switch chips except the sf2, the only switch to implement this call.Signed-off-by: Andrew Lunn
Fixes: 6819563e646a ("net: dsa: allow switch drivers to specify phy_device::dev_flags")
Cc: Florian Fainelli
Signed-off-by: David S. Miller
19 Oct, 2014
12 commits
-
This breaks the stack end corruption detection facility.
What that facility does it write a magic value to "end_of_stack()"
and checking to see if it gets overwritten."end_of_stack()" is "task_thread_info(p) + 1", which for sparc64 is
the beginning of the FPU register save area.So once the user uses the FPU, the magic value is overwritten and the
debug checks trigger.Fix this by making the size explicit.
Due to the size we use for the fpsaved[], gsr[], and xfsr[] arrays we
are limited to 7 levels of FPU state saves. So each FPU register set
is 256 bytes, allocate 256 * 7 for the fpregs area.Reported-by: Meelis Roos
Signed-off-by: David S. Miller -
Every path that ends up at do_sparc64_fault() must install a valid
FAULT_CODE_* bitmask in the per-thread fault code byte.Two paths leading to the label winfix_trampoline (which expects the
FAULT_CODE_* mask in register %g4) were not doing so:1) For pre-hypervisor TLB protection violation traps, if we took
the 'winfix_trampoline' path we wouldn't have %g4 initialized
with the FAULT_CODE_* value yet. Resulting in using the
TLB_TAG_ACCESS register address value instead.2) In the TSB miss path, when we notice that we are going to use a
hugepage mapping, but we haven't allocated the hugepage TSB yet, we
still have to take the window fixup case into consideration and
in that particular path we leave %g4 not setup properly.Errors on this sort were largely invisible previously, but after
commit 4ccb9272892c33ef1c19a783cfa87103b30c2784 ("sparc64: sun4v TLB
error power off events") we now have a fault_code mask bit
(FAULT_CODE_BAD_RA) that triggers due to this bug.FAULT_CODE_BAD_RA triggers because this bit is set in TLB_TAG_ACCESS
(see #1 above) and thus we get seemingly random bus errors triggered
for user processes.Fixes: 4ccb9272892c ("sparc64: sun4v TLB error power off events")
Reported-by: Meelis Roos
Signed-off-by: David S. Miller -
Pull slave-dmaengine updates from Vinod Koul:
"For dmaengine contributions we have:
- designware cleanup by Andy
- my series moving device_control users to dmanegine_xxx APIs for
later removal of device_control API
- minor fixes spread over drivers mainly mv_xor, pl330, mmp, imx-sdma
etc"* 'for-linus' of git://git.infradead.org/users/vkoul/slave-dma: (60 commits)
serial: atmel: add missing dmaengine header
dmaengine: remove FSLDMA_EXTERNAL_START
dmaengine: freescale: remove FSLDMA_EXTERNAL_START control method
carma-fpga: move to fsl_dma_external_start()
carma-fpga: use dmaengine_xxx() API
dmaengine: freescale: add and export fsl_dma_external_start()
dmaengine: add dmaengine_prep_dma_sg() helper
video: mx3fb: use dmaengine_terminate_all() API
serial: sh-sci: use dmaengine_terminate_all() API
net: ks8842: use dmaengine_terminate_all() API
mtd: sh_flctl: use dmaengine_terminate_all() API
mtd: fsmc_nand: use dmaengine_terminate_all() API
V4L2: mx3_camer: use dmaengine_pause() API
dmaengine: coh901318: use dmaengine_terminate_all() API
pata_arasan_cf: use dmaengine_terminate_all() API
dmaengine: edma: check for echan->edesc => NULL in edma_dma_pause()
dmaengine: dw: export probe()/remove() and Co to users
dmaengine: dw: enable and disable controller when needed
dmaengine: dw: always export dw_dma_{en,dis}able
dmaengine: dw: introduce dw_dma_on() helper
... -
Pull fbdev updates from Tomi Valkeinen:
- new 6x10 font
- various small fixes and cleanups* tag 'fbdev-3.18' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux: (30 commits)
fonts: Add 6x10 font
videomode: provide dummy inline functions for !CONFIG_OF
video/atmel_lcdfb: Introduce regulator support
fbdev: sh_mobile_hdmi: Re-init regs before irq re-enable on resume
framebuffer: fix screen corruption when copying
framebuffer: fix border color
arm, fbdev, omap2, LLVMLinux: Remove nested function from omapfb
arm, fbdev, omap2, LLVMLinux: Remove nested function from omap2 dss
video: fbdev: valkyriefb.c: use container_of to resolve fb_info_valkyrie from fb_info
video: fbdev: pxafb.c: use container_of to resolve pxafb_info/layer from fb_info
video: fbdev: cyber2000fb.c: use container_of to resolve cfb_info from fb_info
video: fbdev: controlfb.c: use container_of to resolve fb_info_control from fb_info
video: fbdev: sa1100fb.c: use container_of to resolve sa1100fb_info from fb_info
video: fbdev: stifb.c: use container_of to resolve stifb_info from fb_info
video: fbdev: sis: sis_main.c: Cleaning up missing null-terminate in conjunction with strncpy
video: valkyriefb: Fix unused variable warning in set_valkyrie_clock()
video: fbdev: use %*ph specifier to dump small buffers
video: mx3fb: always enable BACKLIGHT_LCD_SUPPORT
video: fbdev: au1200fb: delete double assignment
video: fbdev: sis: delete double assignment
... -
Pull second batch of changes for KVM/{arm,arm64} from Marc Zyngier:
"The most obvious thing is the sizeable MMU changes to support 48bit
VAs on arm64.Summary:
- support for 48bit IPA and VA (EL2)
- a number of fixes for devices mapped into guests
- yet another VGIC fix for BE
- a fix for CPU hotplug
- a few compile fixes (disabled VGIC, strict mm checks)"[ I'm pulling directly from Marc at the request of Paolo Bonzini, whose
backpack was stolen at Düsseldorf airport and will do new keys and
rebuild his web of trust. - Linus ]* tag 'kvm-arm-for-3.18-take-2' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm:
arm/arm64: KVM: Fix BE accesses to GICv2 EISR and ELRSR regs
arm: kvm: STRICT_MM_TYPECHECKS fix for user_mem_abort
arm/arm64: KVM: Ensure memslots are within KVM_PHYS_SIZE
arm64: KVM: Implement 48 VA support for KVM EL2 and Stage-2
arm/arm64: KVM: map MMIO regions at creation time
arm64: kvm: define PAGE_S2_DEVICE as read-only by default
ARM: kvm: define PAGE_S2_DEVICE as read-only by default
arm/arm64: KVM: add 'writable' parameter to kvm_phys_addr_ioremap
arm/arm64: KVM: fix potential NULL dereference in user_mem_abort()
arm/arm64: KVM: use __GFP_ZERO not memset() to get zeroed pages
ARM: KVM: fix vgic-disabled build
arm: kvm: fix CPU hotplug -
Pull MIPS updates from Ralf Baechle:
"This is the MIPS pull request for the next kernel:- Zubair's patch series adds CMA support for MIPS. Doing so it also
touches ARM64 and x86.
- remove the last instance of IRQF_DISABLED from arch/mips
- updates to two of the MIPS defconfig files.
- cleanup of how cache coherency bits are handled on MIPS and
implement support for write-combining.
- platform upgrades for Alchemy
- move MIPS DTS files to arch/mips/boot/dts/"* 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus: (24 commits)
MIPS: ralink: remove deprecated IRQF_DISABLED
MIPS: pgtable.h: Implement the pgprot_writecombine function for MIPS
MIPS: cpu-probe: Set the write-combine CCA value on per core basis
MIPS: pgtable-bits: Define the CCA bit for WC writes on Ingenic cores
MIPS: pgtable-bits: Move the CCA bits out of the core's ifdef blocks
MIPS: DMA: Add cma support
x86: use generic dma-contiguous.h
arm64: use generic dma-contiguous.h
asm-generic: Add dma-contiguous.h
MIPS: BPF: Add new emit_long_instr macro
MIPS: ralink: Move device-trees to arch/mips/boot/dts/
MIPS: Netlogic: Move device-trees to arch/mips/boot/dts/
MIPS: sead3: Move device-trees to arch/mips/boot/dts/
MIPS: Lantiq: Move device-trees to arch/mips/boot/dts/
MIPS: Octeon: Move device-trees to arch/mips/boot/dts/
MIPS: Add support for building device-tree binaries
MIPS: Create common infrastructure for building built-in device-trees
MIPS: SEAD3: Enable DEVTMPFS
MIPS: SEAD3: Regenerate defconfigs
MIPS: Alchemy: DB1300: Add touch penirq support
... -
Pull powerpc fix from Michael Ellerman:
"There was a bit of a misunderstanding between us and the ARM guys in
the device tree PCI code, which is breaking virtio on powerpc.This is the minimal fix until we can sort it out properly"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mpe/linux:
powerpc/pci: Fix IO space breakage after of_pci_range_to_resource() change -
Pull cifs/smb3 updates from Steve French:
"Improved SMB3 support (symlink and device emulation, and remapping by
default the 7 reserved posix characters) and a workaround for cifs
mounts to Mac (working around a commonly encountered Mac server bug)"* 'for-linus' of git://git.samba.org/sfrench/cifs-2.6:
[CIFS] Remove obsolete comment
Check minimum response length on query_network_interface
Workaround Mac server problem
Remap reserved posix characters by default (part 3/3)
Allow conversion of characters in Mac remap range (part 2)
Allow conversion of characters in Mac remap range. Part 1
mfsymlinks support for SMB2.1/SMB3. Part 2 query symlink
Add mfsymlinks support for SMB2.1/SMB3. Part 1 create symlink
Allow mknod and mkfifo on SMB2/SMB3 mounts
add defines for two new file attributes -
Pull dlm fix from David Teigland:
"This includes a single commit fixing a missing endian conversion"* tag 'dlm-3.18' of git://git.kernel.org/pub/scm/linux/kernel/git/teigland/linux-dlm:
dlm: fix missing endian conversion of rcom_status flags -
Pull btrfs data corruption fix from Chris Mason:
"I'm testing a pull with more fixes, but wanted to get this one out so
Greg can pick it up.The corruption isn't easy to hit, you have to do a readonly snapshot
and have orphans in the snapshot. But my review and testing missed
the bug. Filipe has added a better xfstest to cover it"* 'for-linus-update' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs:
Revert "Btrfs: race free update of commit root for ro snapshots" -
Pull pstore fix from Tony Luck:
"Ensure unique filenames in pstore"* tag 'please-pull-pstore' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux:
pstore: Fix duplicate {console,ftrace}-efi entries -
Pull NTFS update from Anton Altaparmakov:
"Here is a small NTFS update notably implementing FIBMAP ioctl for NTFS
by adding the bmap address space operation. People seem to still want
FIBMAP"* git://git.kernel.org/pub/scm/linux/kernel/git/aia21/ntfs:
NTFS: Bump version to 2.1.31.
NTFS: Add bmap address space operation needed for FIBMAP ioctl.
NTFS: Remove changelog from Documentation/filesystems/ntfs.txt.
NTFS: Split ntfs_aops into ntfs_normal_aops and ntfs_compressed_aops in preparation for them diverging.