Two minor cleanups after Dave's recent merge in f8ddadc4
("Merge git://git.kernel.org...") of net into net-next in
order to get the code in line with what was done originally
in the net tree: i) use max() instead of max_t() since both
ranges are u16, ii) don't split the direct access test cases
in the middle with bpf_exit test cases from 390ee7e2
("bpf: enforce return code for cgroup-bpf programs").
Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
Acked-by: NAlexei Starovoitov <ast@kernel.org>
Acked-by: NJohn Fastabend <john.fastabend@gmail.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Touching linux/bpf.h makes us rebuild a surprisingly large
portion of the kernel.  Remove the unnecessary dependency
from security.h, it only needs forward declarations.
Signed-off-by: NJakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: NQuentin Monnet <quentin.monnet@netronome.com>
Acked-by: NAlexei Starovoitov <ast@kernel.org>
Acked-by: NDaniel Borkmann <daniel@iogearbox.net>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Hesoteric board configurations where port 0 is not available would still
make SYSTEMPORT inspect the switch port 0, queue 0, which, not being
enabled, would cause transmit timeouts over time. Just ignore those
unconfigured rings instead.

Fixes: 84ff33eeb23d ("net: systemport: Establish DSA network device queue mapping")
Signed-off-by: NFlorian Fainelli <f.fainelli@gmail.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Jakub Kicinski says:

====================
nfp: bpf: rename ALU_OP_NEG and support BPF_NEG

Jiong says:

  Compilers are starting to use BPF_NEG, for example LLVM. However, NFP
does not support JITing it. This patch set adds this. Unit test is added
as well.

  Meanwhile, the current NFP_ALU_NEG is actually doing bitwise NOT (one's
complement) operation, so the name is misleading. This patch set corrects
this.
====================
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

This patch supports BPF_NEG under both BPF_ALU64 and BPF_ALU. LLVM recently
starts to generate it.

NOTE: BPF_NEG takes single operand which is an register and serve as both
input and output.
Signed-off-by: NJiong Wang <jiong.wang@netronome.com>
Reviewed-by: NJakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

The current ALU_OP_NEG is Op encoding 0x4 for NPF ALU instruction. It is
actually performing "~B" operation which is bitwise NOT.

The using naming ALU_OP_NEG is misleading as NEG is -B which is not the
same as ~B.
Signed-off-by: NJiong Wang <jiong.wang@netronome.com>
Reviewed-by: NJakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

yuan linyu says:

====================
net: dpaa: two minor cleanup

original i try to remove duplicate code which clean allocated per-cpu area,
thanks to David S. Miller, there are two build warning as errors.
path 1: fix old code maybe-uninitialized warning.
path 2: remove duplicate code and fix unused var warning.
====================
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Signed-off-by: Nyuan linyu <Linyu.Yuan@alcatel-sbell.com.cn>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Signed-off-by: Nyuan linyu <Linyu.Yuan@alcatel-sbell.com.cn>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Discovered that the compiler laid-out asm code in suboptimal way
when studying perf report during benchmarking of cpumap. Help
the compiler by the marking unlikely code paths.
Signed-off-by: NJesper Dangaard Brouer <brouer@redhat.com>
Acked-by: NJohn Fastabend <john.fastabend@gmail.com>
Acked-by: NAlexei Starovoitov <ast@kernel.org>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Jiri Pirko says:

====================
net: sched: block callbacks follow-up

This patchset does a bit of cleanup of leftovers after block callbacks
patchset. The main part is patch 2, which restores the original handling
of tc offload feature flag.

---
v1->v2:
- rebased on top of current net-next (bnxt changes)
====================
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Since tc_can_offload is always called from block callback or egdev
callback, no need to check if ndo_setup_tc exists.
Signed-off-by: NJiri Pirko <jiri@mellanox.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Since the only user, mlx5 driver does the check in
mlx5e_setup_tc_block_cb, no need to check here.
Signed-off-by: NJiri Pirko <jiri@mellanox.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

This restores the original behaviour before the block callbacks were
introduced. Allow the drivers to do binding of block always, no matter
if the NETIF_F_HW_TC feature is on or off. Move the check to the block
callback which is called for rule insertion.
Reported-by: NAlexander Duyck <alexander.duyck@gmail.com>
Signed-off-by: NJiri Pirko <jiri@mellanox.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

tc_should_offload is no longer used, remove it.
Signed-off-by: NJiri Pirko <jiri@mellanox.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Currently the bridge device doesn't generate any notifications upon vlan
modifications on itself because it doesn't use the generic bridge
notifications.
With the recent changes we know if anything was modified in the vlan config
thus we can generate a notification when necessary for the bridge device
so add support to br_ifinfo_notify() similar to how other combined
functions are done - if port is present it takes precedence, otherwise
notify about the bridge. I've explicitly marked the locations where the
notification should be always for the port by setting bridge to NULL.
I've also taken the liberty to rearrange each modified function's local
variables in reverse xmas tree as well.
Signed-off-by: NNikolay Aleksandrov <nikolay@cumulusnetworks.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

The assignment to kinfo is redundant as this is a duplicate of
the initialiation of kinfo a few lines earlier, so it can be
removed.  The assignment to v_tc_info is never read, so this
variable is redundant and can be removed completely. Cleans
up two clang warnings:

drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c:433:34:
warning: Value stored to 'kinfo' during its initialization is never read
drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c:775:3:
warning: Value stored to 'v_tc_info' is never read
Signed-off-by: NColin Ian King <colin.king@canonical.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

The zero value assigned to inst_processed at the end of each
iteration of the do-while loop is overwritten on the next iteration
and hence it is a redundant assignment and can be removed. Cleans
up clang warning:

drivers/net/ethernet/cavium/liquidio/request_manager.c:480:3:
warning: Value stored to 'inst_processed' is never read
Signed-off-by: NColin Ian King <colin.king@canonical.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

The pointer np is initialized and then re-assigned the same value
a few lines later. Remove the redundant duplicated assignment. Cleans
up clang warning:

drivers/net/ethernet/dlink/dl2k.c:314:25: warning: Value stored to
'np' during its initialization is never read
Signed-off-by: NColin Ian King <colin.king@canonical.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

stat set to zero and the value is never read, instead stat is
set again in the do-loop. Hence the setting to zero is redundant
and can be removed. Cleans up clang warning:

drivers/net/wan/wanxl.c:737:2: warning: Value stored to 'stat'
is never read
Signed-off-by: NColin Ian King <colin.king@canonical.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Smooth Cong Wang's bug fix into 'net-next'.  Basically put
the bulk of the tcf_block_put() logic from 'net' into
tcf_block_put_ext(), but after the offload unbind.
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Jesper Dangaard Brouer says:

====================
Updates for samples/pktgen

This patchset updates samples/pktgen and synchronize with changes
maintained in https://github.com/netoptimizer/network-testing/

Features wise Robert Hoo <robert.hu@intel.com> added support for
detecting and determining dev NUMA node IRQs, and added a new script
named pktgen_sample06_numa_awared_queue_irq_affinity.sh that use these
features.

Cleanup remove last of the old sample files, as IPv6 is covered by
existing sample code.
====================
Acked-by: NAlexei Starovoitov <ast@kernel.org>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Since commit 0f06a678 ("samples: Add an IPv6 '-6' option to the
pktgen scripts") the newer pktgen_sampleXX script does show howto use
IPv6 with pktgen.

Thus, there is no longer a reason to keep the older sample scripts around.
Signed-off-by: NJesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Like sample05, don't use pktgen clone_skb feature when using 'burst' feature,
it is not really needed.  This brings the burst users in sync.
Signed-off-by: NJesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

This script simply does:

* Detect $DEV's NUMA node belonging.

* Bind each thread (processor of NUMA locality) with each $DEV queue's
  irq affinity, 1:1 mapping.

* How many '-t' threads input determines how many queues will be utilized.

If '-f' designates first cpu id, then offset in the NUMA node's cpu list.

(Changes by Jesper: allow changing count from cmdline via '-n')
Signed-off-by: NRobert Hoo <robert.hu@intel.com>
Signed-off-by: NJesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

1. given a device, get its NUMA belongings
2. given a device, get its queues' irq numbers.
3. given a NUMA node, get its cpu id list.
Signed-off-by: NRobert Hoo <robert.hu@intel.com>
Signed-off-by: NJesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Parvi Kaustubhi says:

====================
enic: Additional ethtool support

This patch set allows the user to show or modify rx/tx ring sizes using
ethtool.

v2:
- remove unused variable to fix build warning.
- update list of maintainers for cisco vic ethernet nic driver.
====================
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Add myself to list of maintainers for cisco vic ethernet nic driver. Remove
Neel as he left.
Signed-off-by: NParvi Kaustubhi <pkaustub@cisco.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Add support for displaying and modifying rx and tx ring sizes using
ethtool.

Also, increasing version to  2.3.0.45
Signed-off-by: NParvi Kaustubhi <pkaustub@cisco.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Since we are allowing rx ring size modification, reset fetch index
everytime. Otherwise it could have a stale value that can lead to a null
pointer dereference.
Signed-off-by: NGovindarajulu Varadarajan <gvaradar@cisco.com>
Signed-off-by: NParvi Kaustubhi <pkaustub@cisco.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Pull signal bugfix from Eric Biederman:
 "When making the generic support for SIGEMT conditional on the presence
  of SIGEMT I made a typo that causes it to fail to activate. It was
  noticed comparatively quickly but the bug report just made it to me
  today"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
  signal: Fix name of SIGEMT in #if defined() check

Commit cc731525 ("signal: Remove kernel interal si_code magic")
added a check for SIGMET and NSIGEMT being defined. That SIGMET should
in fact be SIGEMT, with SIGEMT being defined in
arch/{alpha,mips,sparc}/include/uapi/asm/signal.h

This was actually pointed out by BenHutchings in a lwn.net comment
here https://lwn.net/Comments/734608/

Fixes: cc731525 ("signal: Remove kernel interal si_code magic")
Signed-off-by: NAndrew Clayton <andrew@digital-domain.net>
Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>

Pull block fixes from Jens Axboe:
 "A few fixes that should go into this series:

   - Regression fix for ide-cd, ensuring that a request is fully
     initialized. From Hongxu.

   - Ditto fix for virtio_blk, from Bart.

   - NVMe fix from Keith, ensuring that we set the right block size on
     revalidation. If the block size changed, we'd be in trouble without
     it.

   - NVMe rdma fix from Sagi, fixing a potential hang while the
     controller is being removed"

* 'for-linus' of git://git.kernel.dk/linux-block:
  ide:ide-cd: fix kernel panic resulting from missing scsi_req_init
  nvme: Fix setting logical block format when revalidating
  virtio_blk: Fix an SG_IO regression
  nvme-rdma: fix possible hang when issuing commands during ctrl removal

Pull networking fixes from David Miller:

 1) Fix refcounting in xfrm_bundle_lookup() when using a dummy bundle,
    from Steffen Klassert.

 2) Fix crypto header handling in rx data frames in ath10k driver, from
    Vasanthakumar Thiagarajan.

 3) Fix use after free of qdisc when we defer tcp_chain_flush() to a
    workqueue. From Cong Wang.

 4) Fix double free in lapbether driver, from Pan Bian.

 5) Sanitize TUNSETSNDBUF values, from Craig Gallek.

 6) Fix refcounting when addrconf_permanent_addr() calls
    ipv6_del_addr(). From Eric Dumazet.

 7) Fix MTU probing bug in TCP that goes back to 2007, from Eric
    Dumazet.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
  tcp: fix tcp_mtu_probe() vs highest_sack
  ipv6: addrconf: increment ifp refcount before ipv6_del_addr()
  tun/tap: sanitize TUNSETSNDBUF input
  mlxsw: i2c: Fix buffer increment counter for write transaction
  mlxsw: reg: Add high and low temperature thresholds
  MAINTAINERS: Remove Yotam from mlxfw
  MAINTAINERS: Update Yotam's E-mail
  net: hns: set correct return value
  net: lapbether: fix double free
  bpf: remove SK_REDIRECT from UAPI
  net: phy: marvell: Only configure RGMII delays when using RGMII
  xfrm: Fix GSO for IPsec with GRE tunnel.
  tc-testing: fix arg to ip command: -s -> -n
  net_sched: remove tcf_block_put_deferred()
  l2tp: hold tunnel in pppol2tp_connect()
  Revert "ath10k: fix napi_poll budget overflow"
  ath10k: rebuild crypto header in rx data frames
  wcn36xx: Remove unnecessary rcu_read_unlock in wcn36xx_bss_info_changed
  xfrm: Clear sk_dst_cache when applying per-socket policy.
  xfrm: Fix xfrm_dst_cache memleak

Syzkaller with KASAN has reported a use-after-free of vma->vm_flags in
__do_page_fault() with the following reproducer:

  mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
  mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0)
  r0 = userfaultfd(0x0)
  ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000002000-0x18)={0xaa, 0x0, 0x0})
  ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000019000)={{&(0x7f0000012000/0x2000)=nil, 0x2000}, 0x1, 0x0})
  r1 = gettid()
  syz_open_dev$evdev(&(0x7f0000013000-0x12)="2f6465762f696e7075742f6576656e742300", 0x0, 0x0)
  tkill(r1, 0x7)

The vma should be pinned by mmap_sem, but handle_userfault() might (in a
return to userspace scenario) release it and then acquire again, so when
we return to __do_page_fault() (with other result than VM_FAULT_RETRY),
the vma might be gone.

Specifically, per Andrea the scenario is
 "A return to userland to repeat the page fault later with a
  VM_FAULT_NOPAGE retval (potentially after handling any pending signal
  during the return to userland). The return to userland is identified
  whenever FAULT_FLAG_USER|FAULT_FLAG_KILLABLE are both set in
  vmf->flags"

However, since commit a3c4fb7c ("x86/mm: Fix fault error path using
unsafe vma pointer") there is a vma_pkey() read of vma->vm_flags after
that point, which can thus become use-after-free.  Fix this by moving
the read before calling handle_mm_fault().
Reported-by: Nsyzbot <bot+6a5269ce759a7bb12754ed9622076dc93f65a1f6@syzkaller.appspotmail.com>
Reported-by: NDmitry Vyukov <dvyukov@google.com>
Suggested-by: NKirill A. Shutemov <kirill@shutemov.name>
Fixes: 3c4fb7c9c2e ("x86/mm: Fix fault error path using unsafe vma pointer")
Reviewed-by: NAndrea Arcangeli <aarcange@redhat.com>
Signed-off-by: NVlastimil Babka <vbabka@suse.cz>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Pull cifs fix from Steve French:
 "smb3 file name too long fix"

* tag 'smb3-file-name-too-long-fix' of git://git.samba.org/sfrench/cifs-2.6:
  cifs: check MaxPathNameComponentLength != 0 before using it

Since we split the scsi_request out of struct request, while the
standard prep_rq_fn builds 10 byte cmds, it missed to invoke
scsi_req_init() to initialize certain fields of a scsi_request
structure (.__cmd[], .cmd, .cmd_len and .sense_len but no other
members of struct scsi_request).

An example panic on virtual machines (qemu/virtualbox) to boot
from IDE cdrom:
...
[    8.754381] Call Trace:
[    8.755419]  blk_peek_request+0x182/0x2e0
[    8.755863]  blk_fetch_request+0x1c/0x40
[    8.756148]  ? ktime_get+0x40/0xa0
[    8.756385]  do_ide_request+0x37d/0x660
[    8.756704]  ? cfq_group_service_tree_add+0x98/0xc0
[    8.757011]  ? cfq_service_tree_add+0x1e5/0x2c0
[    8.757313]  ? ktime_get+0x40/0xa0
[    8.757544]  __blk_run_queue+0x3d/0x60
[    8.757837]  queue_unplugged+0x2f/0xc0
[    8.758088]  blk_flush_plug_list+0x1f4/0x240
[    8.758362]  blk_finish_plug+0x2c/0x40
...
[    8.770906] RIP: ide_cdrom_prep_fn+0x63/0x180 RSP: ffff92aec018bae8
[    8.772329] ---[ end trace 6408481e551a85c9 ]---
...

Fixes: 82ed4db4 ("block: split scsi_request out of struct request")
Signed-off-by: NHongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: NJens Axboe <axboe@kernel.dk>

Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next

Johan Hedberg says:

====================
pull request: bluetooth-next 2017-11-01

Here's one more bluetooth-next pull request for the 4.15 kernel.

 - New NFA344A device entry for btusb drvier
 - Fix race conditions in hci_ldisc
 - Fix for isochronous interface assignments in btusb driver
 - A few other smaller fixes & improvements

Please let me know if there are any issues pulling. Thanks.
====================
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

fix verifier memory leaks

Fixes: 638f5b90 ("bpf: reduce verifier memory consumption")
Signed-off-by: NAlexei Starovoitov <ast@fb.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Rahul Lakkireddy says:

====================
cxgb4: add hash-filter support to tc-flower offload

This series of patches add support to create hash-filters; a.k.a
exact-match filters, to tc-flower offload.  T6 supports creating
~500K hash-filters in hw and can theoretically be expanded up to
~1 million.

Patch 1 fetches and saves the configured hw filter tuple field shifts
and filter mask.

Patch 2 initializes the driver to use hash-filter configuration.

Patch 3 adds support to create hash filters in hw.

Patch 4 adds support to delete hash filters in hw.

Patch 5 adds support to retrieve filter stats for hash filters.

Patch 6 converts the flower table to use rhashtable instead of
static hlist.

Patch 7 finally adds support to create hash filters via tc-flower
offload.
====================
Signed-off-by: NDavid S. Miller <davem@davemloft.net>