1. 16 11月, 2017 25 次提交
    • M
      genetlink: fix genlmsg_nlhdr() · 0a833c29
      Michal Kubecek 提交于
      According to the description, first argument of genlmsg_nlhdr() points to
      what genlmsg_put() returns, i.e. beginning of user header. Therefore we
      should only subtract size of genetlink header and netlink message header,
      not user header.
      
      This also means we don't need to pass the pointer to genetlink family and
      the same is true for genl_dump_check_consistent() which is the only caller
      of genlmsg_nlhdr(). (Note that at the moment, these functions are only
      used for families which do not have user header so that they are not
      affected.)
      
      Fixes: 670dc283 ("netlink: advertise incomplete dumps")
      Signed-off-by: NMichal Kubecek <mkubecek@suse.cz>
      Reviewed-by: NJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      0a833c29
    • X
      sctp: check stream reset info len before making reconf chunk · 423852f8
      Xin Long 提交于
      Now when resetting stream, if both in and out flags are set, the info
      len can reach:
        sizeof(struct sctp_strreset_outreq) + SCTP_MAX_STREAM(65535) +
        sizeof(struct sctp_strreset_inreq)  + SCTP_MAX_STREAM(65535)
      even without duplicated stream no, this value is far greater than the
      chunk's max size.
      
      _sctp_make_chunk doesn't do any check for this, which would cause the
      skb it allocs is huge, syzbot even reported a crash due to this.
      
      This patch is to check stream reset info len before making reconf
      chunk and return EINVAL if the len exceeds chunk's capacity.
      
      Thanks Marcelo and Neil for making this clear.
      
      v1->v2:
        - move the check into sctp_send_reset_streams instead.
      
      Fixes: cc16f00f ("sctp: add support for generating stream reconf ssn reset request chunk")
      Reported-by: NDmitry Vyukov <dvyukov@google.com>
      Signed-off-by: NXin Long <lucien.xin@gmail.com>
      Acked-by: NNeil Horman <nhorman@tuxdriver.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      423852f8
    • X
      sctp: use the right sk after waking up from wait_buf sleep · cea0cc80
      Xin Long 提交于
      Commit dfcb9f4f ("sctp: deny peeloff operation on asocs with threads
      sleeping on it") fixed the race between peeloff and wait sndbuf by
      checking waitqueue_active(&asoc->wait) in sctp_do_peeloff().
      
      But it actually doesn't work, as even if waitqueue_active returns false
      the waiting sndbuf thread may still not yet hold sk lock. After asoc is
      peeled off, sk is not asoc->base.sk any more, then to hold the old sk
      lock couldn't make assoc safe to access.
      
      This patch is to fix this by changing to hold the new sk lock if sk is
      not asoc->base.sk, meanwhile, also set the sk in sctp_sendmsg with the
      new sk.
      
      With this fix, there is no more race between peeloff and waitbuf, the
      check 'waitqueue_active' in sctp_do_peeloff can be removed.
      
      Thanks Marcelo and Neil for making this clear.
      
      v1->v2:
        fix it by changing to lock the new sock instead of adding a flag in asoc.
      Suggested-by: NNeil Horman <nhorman@tuxdriver.com>
      Signed-off-by: NXin Long <lucien.xin@gmail.com>
      Acked-by: NNeil Horman <nhorman@tuxdriver.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      cea0cc80
    • X
      sctp: do not free asoc when it is already dead in sctp_sendmsg · ca3af4dd
      Xin Long 提交于
      Now in sctp_sendmsg sctp_wait_for_sndbuf could schedule out without
      holding sock sk. It means the current asoc can be freed elsewhere,
      like when receiving an abort packet.
      
      If the asoc is just created in sctp_sendmsg and sctp_wait_for_sndbuf
      returns err, the asoc will be freed again due to new_asoc is not nil.
      An use-after-free issue would be triggered by this.
      
      This patch is to fix it by setting new_asoc with nil if the asoc is
      already dead when cpu schedules back, so that it will not be freed
      again in sctp_sendmsg.
      
      v1->v2:
        set new_asoc as nil in sctp_sendmsg instead of sctp_wait_for_sndbuf.
      Suggested-by: NNeil Horman <nhorman@tuxdriver.com>
      Reported-by: NDmitry Vyukov <dvyukov@google.com>
      Signed-off-by: NXin Long <lucien.xin@gmail.com>
      Acked-by: NNeil Horman <nhorman@tuxdriver.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      ca3af4dd
    • L
      Merge tag 'ipmi-for-4.15' of git://github.com/cminyard/linux-ipmi · 6363b3f3
      Linus Torvalds 提交于
      Pull IPMI updates from Corey Minyard:
       "This is a fairly large rework of the IPMI code, along with a bunch of
        smaller fixes. The major changes have been in the next tree for a
        couple of months, so they should be good to do in.
      
         - Some users had IPMI systems where the GUID of the IPMI controller
           could change. So rescanning of the GUID was added. The naming of
           some sysfs things was dependent on the GUID, however, so this
           resulted in the sysfs interface code in IPMI changing to remove
           that dependency and name the IPMI BMCs like other sysfs devices.
      
         - The ipmi_si_intf.c code was fairly bloated with all the different
           discovery methods (PCI, ACPI, SMBIOS, OF, platform, module
           parameters, hot add). The structure of how the interfaces were
           added was redone to make them more modular, then the individual
           methods were pulled out into their own files"
      
      * tag 'ipmi-for-4.15' of git://github.com/cminyard/linux-ipmi: (48 commits)
        ipmi_si: Delete an error message for a failed memory allocation in try_smi_init()
        ipmi_si: fix memory leak on new_smi
        ipmi: remove redundant initialization of bmc
        ipmi: pr_err() strings should end with newlines
        ipmi: Clean up some print operations
        ipmi: Make the DMI probe into a generic platform probe
        ipmi: Make the IPMI proc interface configurable
        ipmi_ssif: Add device attrs for the things in proc
        ipmi_si: Add device attrs for the things in proc
        ipmi_si: remove ipmi_smi_alloc() function
        ipmi_si: Move port and mem I/O handling to their own files
        ipmi_si: Get rid of unused spacing and port fields
        ipmi_si: Move PARISC handling to another file
        ipmi_si: Move PCI setup to another file
        ipmi_si: Move platform device handling to another file
        ipmi_si: Move hardcode handling to a separate file.
        ipmi_si: Move the hotmod handling to another file.
        ipmi_si: Change ipmi_si_add_smi() to take just I/O info
        ipmi_si: Move io setup into io structure
        ipmi_si: Move irq setup handling into the io struct
        ...
      6363b3f3
    • L
      Merge tag 'pci-v4.15-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci · 1b6115fb
      Linus Torvalds 提交于
      Pull PCI updates from Bjorn Helgaas:
      
        - detach driver before tearing down procfs/sysfs (Alex Williamson)
      
        - disable PCIe services during shutdown (Sinan Kaya)
      
        - fix ASPM oops on systems with no Root Ports (Ard Biesheuvel)
      
        - fix ASPM LTR_L1.2_THRESHOLD programming (Bjorn Helgaas)
      
        - fix ASPM Common_Mode_Restore_Time computation (Bjorn Helgaas)
      
        - fix portdrv MSI/MSI-X vector allocation (Dongdong Liu, Bjorn
          Helgaas)
      
        - report non-fatal AER errors only to the affected endpoint (Gabriele
          Paoloni)
      
        - distribute bus numbers, MMIO, and I/O space among hotplug bridges to
          allow more devices to be hot-added (Mika Westerberg)
      
        - fix pciehp races during initialization and surprise link down (Mika
          Westerberg)
      
        - handle surprise-removed devices in PME handling (Qiang)
      
        - support resizable BARs for large graphics devices (Christian König)
      
        - expose SR-IOV offset, stride, and VF device ID via sysfs (Filippo
          Sironi)
      
        - create SR-IOV virtfn/physfn sysfs links before attaching driver
          (Stuart Hayes)
      
        - fix SR-IOV "ARI Capable Hierarchy" restore issue (Tony Nguyen)
      
        - enforce Kconfig IOV/REALLOC dependency (Sascha El-Sharkawy)
      
        - avoid slot reset if bridge itself is broken (Jan Glauber)
      
        - clean up pci_reset_function() path (Jan H. Schönherr)
      
        - make pci_map_rom() fail if the option ROM is invalid (Changbin Du)
      
        - convert timers to timer_setup() (Kees Cook)
      
        - move PCI_QUIRKS to PCI bus Kconfig menu (Randy Dunlap)
      
        - constify pci_dev_type and intel_mid_pci_ops (Bhumika Goyal)
      
        - remove unnecessary pci_dev, pci_bus, resource, pcibios_set_master()
          declarations (Bjorn Helgaas)
      
        - fix endpoint framework overflows and BUG()s (Dan Carpenter)
      
        - fix endpoint framework issues (Kishon Vijay Abraham I)
      
        - avoid broken Cavium CN8xxx bus reset behavior (David Daney)
      
        - extend Cavium ACS capability quirks (Vadim Lomovtsev)
      
        - support Synopsys DesignWare RC in ECAM mode (Ard Biesheuvel)
      
        - turn off dra7xx clocks cleanly on shutdown (Keerthy)
      
        - fix Faraday probe error path (Wei Yongjun)
      
        - support HiSilicon STB SoC PCIe host controller (Jianguo Sun)
      
        - fix Hyper-V interrupt affinity issue (Dexuan Cui)
      
        - remove useless ACPI warning for Hyper-V pass-through devices (Vitaly
          Kuznetsov)
      
        - support multiple MSI on iProc (Sandor Bodo-Merle)
      
        - support Layerscape LS1012a and LS1046a PCIe host controllers (Hou
          Zhiqiang)
      
        - fix Layerscape default error response (Minghuan Lian)
      
        - support MSI on Tango host controller (Marc Gonzalez)
      
        - support Tegra186 PCIe host controller (Manikanta Maddireddy)
      
        - use generic accessors on Tegra when possible (Thierry Reding)
      
        - support V3 Semiconductor PCI host controller (Linus Walleij)
      
      * tag 'pci-v4.15-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci: (85 commits)
        PCI/ASPM: Add L1 Substates definitions
        PCI/ASPM: Reformat ASPM register definitions
        PCI/ASPM: Use correct capability pointer to program LTR_L1.2_THRESHOLD
        PCI/ASPM: Account for downstream device's Port Common_Mode_Restore_Time
        PCI: xgene: Rename xgene_pcie_probe_bridge() to xgene_pcie_probe()
        PCI: xilinx: Rename xilinx_pcie_link_is_up() to xilinx_pcie_link_up()
        PCI: altera: Rename altera_pcie_link_is_up() to altera_pcie_link_up()
        PCI: Fix kernel-doc build warning
        PCI: Fail pci_map_rom() if the option ROM is invalid
        PCI: Move pci_map_rom() error path
        PCI: Move PCI_QUIRKS to the PCI bus menu
        alpha/PCI: Make pdev_save_srm_config() static
        PCI: Remove unused declarations
        PCI: Remove redundant pci_dev, pci_bus, resource declarations
        PCI: Remove redundant pcibios_set_master() declarations
        PCI/PME: Handle invalid data when reading Root Status
        PCI: hv: Use effective affinity mask
        PCI: pciehp: Do not clear Presence Detect Changed during initialization
        PCI: pciehp: Fix race condition handling surprise link down
        PCI: Distribute available resources to hotplug-capable bridges
        ...
      1b6115fb
    • L
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma · ad0835a9
      Linus Torvalds 提交于
      Pull rdma updates from Doug Ledford:
       "This is a fairly plain pull request. Lots of driver updates across the
        stack, a huge number of static analysis cleanups including a close to
        50 patch series from Bart Van Assche, and a number of new features
        inside the stack such as general CQ moderation support.
      
        Nothing really stands out, but there might be a few conflicts as you
        take things in. In particular, the cleanups touched some of the same
        lines as the new timer_setup changes.
      
        Everything in this pull request has been through 0day and at least two
        days of linux-next (since Stephen doesn't necessarily flag new
        errors/warnings until day2). A few more items (about 30 patches) from
        Intel and Mellanox showed up on the list on Tuesday. I've excluded
        those from this pull request, and I'm sure some of them qualify as
        fixes suitable to send any time, but I still have to review them
        fully. If they contain mostly fixes and little or no new development,
        then I will probably send them through by the end of the week just to
        get them out of the way.
      
        There was a break in my acceptance of patches which coincides with the
        computer problems I had, and then when I got things mostly back under
        control I had a backlog of patches to process, which I did mostly last
        Friday and Monday. So there is a larger number of patches processed in
        that timeframe than I was striving for.
      
        Summary:
         - Add iWARP support to qedr driver
         - Lots of misc fixes across subsystem
         - Multiple update series to hns roce driver
         - Multiple update series to hfi1 driver
         - Updates to vnic driver
         - Add kref to wait struct in cxgb4 driver
         - Updates to i40iw driver
         - Mellanox shared pull request
         - timer_setup changes
         - massive cleanup series from Bart Van Assche
         - Two series of SRP/SRPT changes from Bart Van Assche
         - Core updates from Mellanox
         - i40iw updates
         - IPoIB updates
         - mlx5 updates
         - mlx4 updates
         - hns updates
         - bnxt_re fixes
         - PCI write padding support
         - Sparse/Smatch/warning cleanups/fixes
         - CQ moderation support
         - SRQ support in vmw_pvrdma"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma: (296 commits)
        RDMA/core: Rename kernel modify_cq to better describe its usage
        IB/mlx5: Add CQ moderation capability to query_device
        IB/mlx4: Add CQ moderation capability to query_device
        IB/uverbs: Add CQ moderation capability to query_device
        IB/mlx5: Exposing modify CQ callback to uverbs layer
        IB/mlx4: Exposing modify CQ callback to uverbs layer
        IB/uverbs: Allow CQ moderation with modify CQ
        iw_cxgb4: atomically flush the qp
        iw_cxgb4: only call the cq comp_handler when the cq is armed
        iw_cxgb4: Fix possible circular dependency locking warning
        RDMA/bnxt_re: report vlan_id and sl in qp1 recv completion
        IB/core: Only maintain real QPs in the security lists
        IB/ocrdma_hw: remove unnecessary code in ocrdma_mbx_dealloc_lkey
        RDMA/core: Make function rdma_copy_addr return void
        RDMA/vmw_pvrdma: Add shared receive queue support
        RDMA/core: avoid uninitialized variable warning in create_udata
        RDMA/bnxt_re: synchronize poll_cq and req_notify_cq verbs
        RDMA/bnxt_re: Flush CQ notification Work Queue before destroying QP
        RDMA/bnxt_re: Set QP state in case of response completion errors
        RDMA/bnxt_re: Add memory barriers when processing CQ/EQ entries
        ...
      ad0835a9
    • L
      Merge branch 'for-4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup · 22714a2b
      Linus Torvalds 提交于
      Pull cgroup updates from Tejun Heo:
       "Cgroup2 cpu controller support is finally merged.
      
         - Basic cpu statistics support to allow monitoring by default without
           the CPU controller enabled.
      
         - cgroup2 cpu controller support.
      
         - /sys/kernel/cgroup files to help dealing with new / optional
           features"
      
      * 'for-4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup:
        cgroup: export list of cgroups v2 features using sysfs
        cgroup: export list of delegatable control files using sysfs
        cgroup: mark @cgrp __maybe_unused in cpu_stat_show()
        MAINTAINERS: relocate cpuset.c
        cgroup, sched: Move basic cpu stats from cgroup.stat to cpu.stat
        sched: Implement interface for cgroup unified hierarchy
        sched: Misc preps for cgroup unified hierarchy interface
        sched/cputime: Add dummy cputime_adjust() implementation for CONFIG_VIRT_CPU_ACCOUNTING_NATIVE
        cgroup: statically initialize init_css_set->dfl_cgrp
        cgroup: Implement cgroup2 basic CPU usage accounting
        cpuacct: Introduce cgroup_account_cputime[_field]()
        sched/cputime: Expose cputime_adjust()
      22714a2b
    • L
      Merge branch 'for-4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu · 766ec76a
      Linus Torvalds 提交于
      Pull percpu update from Tejun Heo:
       "Another minor pull request. It only contains one commit which can
        reclaim a bit of memory wasted during boot on UP"
      
      * 'for-4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu:
        percpu: don't forget to free the temporary struct pcpu_alloc_info
      766ec76a
    • L
      Merge branch 'for-4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq · 0be50036
      Linus Torvalds 提交于
      Pull workqueue updates from Tejun Heo:
       "There was a commit to make unbound kworkers respect cpu isolation but
        it conflicted with the restructuring of cpu isolation and got
        reverted, so the only thing left is the trivial comment fix.
      
        Will retry the cpu isolation change after this merge window"
      
      * 'for-4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq:
        workqueue: Fix comment for unbound workqueue's attrbutes
        Revert "workqueue: respect isolated cpus when queueing an unbound work"
        workqueue: respect isolated cpus when queueing an unbound work
      0be50036
    • L
      Merge branch 'for-4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata · 1bc03573
      Linus Torvalds 提交于
      Pull libata updates from Tejun Heo:
       "Nothing too interesting or alarming. Other than a new power saving
        mode addition to ahci and crash fix on a tracepoint, all changes are
        trivial or device-specific"
      
      * 'for-4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata: (22 commits)
        ahci: imx: Handle increased read failures for IMX53 temperature sensor in low frequency mode.
        ata: sata_dwc_460ex: Propagate platform device ID to DMA driver
        ata: fixes kernel crash while tracing ata_eh_link_autopsy event
        ata: pata_pdc2027x: Fix space before '[' error.
        libata: fix spelling mistake: 'ambigious' -> 'ambiguous'
        ata: ceva: Add SMMU support for SATA IP
        ata: ceva: Correct the suspend and resume logic for SATA
        ata: ceva: Correct the AXI bus configuration for SATA ports
        ata: ceva: Add CCI support for SATA if CCI is enabled
        ata: ceva: Make RxWaterMark value as module parameter
        ata: ceva: Disable Device Sleep capability
        ata: ceva: Add gen 3 mode support in driver
        ata: ceva: Move sata port phy oob settings to device-tree
        devicetree: bindings: Add sata port phy config parameters in ahci-ceva
        ata: mark expected switch fall-throughs
        ata: sata_mv: remove a redundant assignment to pointer ehi
        ahci: Add support for Cavium's fifth generation SATA controller
        ata: sata_rcar: Use of_device_get_match_data() helper
        libata: make ata_port_type const
        libata: make static arrays const, reduces object code size
        ...
      1bc03573
    • L
      Merge tag 'modules-for-v4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux · 1be2172e
      Linus Torvalds 提交于
      Pull module updates from Jessica Yu:
       "Summary of modules changes for the 4.15 merge window:
      
         - treewide module_param_call() cleanup, fix up set/get function
           prototype mismatches, from Kees Cook
      
         - minor code cleanups"
      
      * tag 'modules-for-v4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux:
        module: Do not paper over type mismatches in module_param_call()
        treewide: Fix function prototypes for module_param_call()
        module: Prepare to convert all module_param_call() prototypes
        kernel/module: Delete an error message for a failed memory allocation in add_module_usage()
      1be2172e
    • L
      Merge tag 'mailbox-v4.15' of git://git.linaro.org/landing-teams/working/fujitsu/integration · 3c18767a
      Linus Torvalds 提交于
      Pull mailbox updates from Jassi Brar:
       "Change to POLL api and fixes for FlexRM and OMAP driver.
      
        Summary:
      
         - Core: Prefer ACK method over POLL, if both supported
      
         - Test: use flag instead of special character
      
         - FlexRM: Usual driver internal minor churn
      
         - Omap: fix error path"
      
      * tag 'mailbox-v4.15' of git://git.linaro.org/landing-teams/working/fujitsu/integration:
        mailbox/omap: unregister mbox class
        mailbox: mailbox-test: don't rely on rx_buffer content to signal data ready
        mailbox: reset txdone_method TXDONE_BY_POLL if client knows_txdone
        mailbox: Build Broadcom FlexRM driver as loadable module for iProc SOCs
        mailbox: bcm-flexrm-mailbox: Use common GPL comment header
        mailbox: bcm-flexrm-mailbox: add depends on ARCH_BCM_IPROC
        mailbox: bcm-flexrm-mailbox: Print ring number in errors and warnings
        mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush sequence
      3c18767a
    • L
      Merge tag 'for-v4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply · 19b9aaf8
      Linus Torvalds 提交于
      Pull power supply and reset updates from Sebastian Reichel:
      
       - misc minor fixes
      
      * tag 'for-v4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply:
        power: supply: cpcap-charger: fix incorrect return value check
        power: supply: replace pr_* with dev_*
        power: supply: pcf50633-charger: remove redundant variable charging_start
        power: supply: generic-adc-battery: remove redundant variable pdata
        power: supply: max8997: Improve a size determination in probe
      19b9aaf8
    • L
      Merge tag 'hsi-for-4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-hsi · 6c4ba00c
      Linus Torvalds 提交于
      Pull HSI updates from Sebastian Reichel:
      
       - add HSI OMAP4 bindings
      
       - misc small fixes
      
      * tag 'hsi-for-4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-hsi:
        dt-bindings: hsi: add omap4 hsi controller bindings
        HSI: hsi_char: pr_err() strings should end with newlines
        HSI: omap_ssi_core: fix kilo to be "k" not "K"
      6c4ba00c
    • L
      Merge tag 'selinux-pr-20171113' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux · 8c38fb5c
      Linus Torvalds 提交于
      Pull SELinux updates from Paul Moore:
       "Seven SELinux patches for v4.15, although five of the seven are small
        build fixes and cleanups.
      
        Of the remaining two patches, the only one worth really calling out is
        Eric's fix for the SELinux filesystem xattr set/remove code; the other
        patch simply converts the SELinux hash table implementation to use
        kmem_cache.
      
        Eric's setxattr/removexattr tweak converts SELinux back to calling the
        commoncap implementations when the xattr is not SELinux related. The
        immediate win is to fixup filesystem capabilities in user namespaces,
        but it makes things a bit saner overall; more information in the
        commit description"
      
      * tag 'selinux-pr-20171113' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
        selinux: remove extraneous initialization of slots_used and max_chain_len
        selinux: remove redundant assignment to len
        selinux: remove redundant assignment to str
        selinux: fix build warning
        selinux: fix build warning by removing the unused sid variable
        selinux: Perform both commoncap and selinux xattr checks
        selinux: Use kmem_cache for hashtab_node
      8c38fb5c
    • L
      Merge tag 'audit-pr-20171113' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit · f9bab267
      Linus Torvalds 提交于
      Pull audit updates from Paul Moore:
       "Another relatively small pull request for audit, nine patches total.
      
        The only real new bit of functionality is the patch from Richard which
        adds the ability to filter records based on the filesystem type.
      
        The remainder are bug fixes and cleanups; the bug fix highlights
        include:
      
         - ensuring that we properly audit init/PID-1 (me)
      
         - allowing the audit daemon to shutdown the kernel/auditd connection
           cleanly by setting the audit PID to zero (Steve)"
      
      * tag 'audit-pr-20171113' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit:
        audit: filter PATH records keyed on filesystem magic
        Audit: remove unused audit_log_secctx function
        audit: Allow auditd to set pid to 0 to end auditing
        audit: Add new syscalls to the perm=w filter
        audit: use audit_set_enabled() in audit_enable()
        audit: convert audit_ever_enabled to a boolean
        audit: don't use simple_strtol() anymore
        audit: initialize the audit subsystem as early as possible
        audit: ensure that 'audit=1' actually enables audit for PID 1
      f9bab267
    • J
      mm/pagewalk.c: report holes in hugetlb ranges · 373c4557
      Jann Horn 提交于
      This matters at least for the mincore syscall, which will otherwise copy
      uninitialized memory from the page allocator to userspace.  It is
      probably also a correctness error for /proc/$pid/pagemap, but I haven't
      tested that.
      
      Removing the `walk->hugetlb_entry` condition in walk_hugetlb_range() has
      no effect because the caller already checks for that.
      
      This only reports holes in hugetlb ranges to callers who have specified
      a hugetlb_entry callback.
      
      This issue was found using an AFL-based fuzzer.
      
      v2:
       - don't crash on ->pte_hole==NULL (Andrew Morton)
       - add Cc stable (Andrew Morton)
      
      Fixes: 1e25a271 ("mincore: apply page table walker on do_mincore()")
      Signed-off-by: NJann Horn <jannh@google.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      373c4557
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next · 5bbcc0f5
      Linus Torvalds 提交于
      Pull networking updates from David Miller:
       "Highlights:
      
         1) Maintain the TCP retransmit queue using an rbtree, with 1GB
            windows at 100Gb this really has become necessary. From Eric
            Dumazet.
      
         2) Multi-program support for cgroup+bpf, from Alexei Starovoitov.
      
         3) Perform broadcast flooding in hardware in mv88e6xxx, from Andrew
            Lunn.
      
         4) Add meter action support to openvswitch, from Andy Zhou.
      
         5) Add a data meta pointer for BPF accessible packets, from Daniel
            Borkmann.
      
         6) Namespace-ify almost all TCP sysctl knobs, from Eric Dumazet.
      
         7) Turn on Broadcom Tags in b53 driver, from Florian Fainelli.
      
         8) More work to move the RTNL mutex down, from Florian Westphal.
      
         9) Add 'bpftool' utility, to help with bpf program introspection.
            From Jakub Kicinski.
      
        10) Add new 'cpumap' type for XDP_REDIRECT action, from Jesper
            Dangaard Brouer.
      
        11) Support 'blocks' of transformations in the packet scheduler which
            can span multiple network devices, from Jiri Pirko.
      
        12) TC flower offload support in cxgb4, from Kumar Sanghvi.
      
        13) Priority based stream scheduler for SCTP, from Marcelo Ricardo
            Leitner.
      
        14) Thunderbolt networking driver, from Amir Levy and Mika Westerberg.
      
        15) Add RED qdisc offloadability, and use it in mlxsw driver. From
            Nogah Frankel.
      
        16) eBPF based device controller for cgroup v2, from Roman Gushchin.
      
        17) Add some fundamental tracepoints for TCP, from Song Liu.
      
        18) Remove garbage collection from ipv6 route layer, this is a
            significant accomplishment. From Wei Wang.
      
        19) Add multicast route offload support to mlxsw, from Yotam Gigi"
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (2177 commits)
        tcp: highest_sack fix
        geneve: fix fill_info when link down
        bpf: fix lockdep splat
        net: cdc_ncm: GetNtbFormat endian fix
        openvswitch: meter: fix NULL pointer dereference in ovs_meter_cmd_reply_start
        netem: remove unnecessary 64 bit modulus
        netem: use 64 bit divide by rate
        tcp: Namespace-ify sysctl_tcp_default_congestion_control
        net: Protect iterations over net::fib_notifier_ops in fib_seq_sum()
        ipv6: set all.accept_dad to 0 by default
        uapi: fix linux/tls.h userspace compilation error
        usbnet: ipheth: prevent TX queue timeouts when device not ready
        vhost_net: conditionally enable tx polling
        uapi: fix linux/rxrpc.h userspace compilation errors
        net: stmmac: fix LPI transitioning for dwmac4
        atm: horizon: Fix irq release error
        net-sysfs: trigger netlink notification on ifalias change via sysfs
        openvswitch: Using kfree_rcu() to simplify the code
        openvswitch: Make local function ovs_nsh_key_attr_size() static
        openvswitch: Fix return value check in ovs_meter_cmd_features()
        ...
      5bbcc0f5
    • L
      Merge tag 'mips_4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/mips · 892204e0
      Linus Torvalds 提交于
      Pull MIPS updates from James Hogan:
       "These are the main MIPS changes for 4.15.
      
        Fixes:
         - ralink: Fix MT7620 PCI build issues (4.5)
         - Disable cmpxchg64() and HAVE_VIRT_CPU_ACCOUNTING_GEN for 32-bit SMP
           (4.1)
         - Fix MIPS64 FP save/restore on 32-bit kernels (4.0)
         - ptrace: Pick up ptrace/seccomp changed syscall numbers (3.19)
         - ralink: Fix MT7628 pinmux (3.19)
         - BCM47XX: Fix LED inversion on WRT54GSv1 (3.17)
         - Fix n32 core dumping as o32 since regset support (3.13)
         - ralink: Drop obsolete USB_ARCH_HAS_HCD select
      
        Build system:
         - Default to "generic" (multiplatform) system type instead of IP22
         - Use generic little endian MIPS32 r2 configuration as default
           defconfig instead of ip22_defconfig
      
        FPU emulation:
         - Fix exception generation for certain R6 FPU instructions
      
        SMP:
         - Allow __cpu_number_map to be larger than NR_CPUS for sparse CPU id
           spaces
      
        Miscellaneous:
         - Add iomem resource for kernel bss section for kexec/kdump
         - Atomics: Nudge writes on bit unlock
         - DT files: Standardise "ok" -> "okay"
      
        Minor cleanups:
         - Define virt_to_pfn()
         - Make thread_saved_pc static
         - Simplify 32-bit sign extension in __read_64bit_c0_split()
         - DMA: Use vma_pages() helper
         - FPU emulation: Replace unsigned with unsigned int
         - MM: Removed unused lastpfn
         - Alchemy: Make clk_ops const
         - Lasat: Use setup_timer() helper
         - ralink: Use BIT() in MT7620 PCI driver
      
        Platform support:
      
        BMIPS:
        - Enable HARDIRQS_SW_RESEND
      
        Broadcom BCM63XX:
        - Add clkdev lookup support
        - Update clk driver, UART driver, DTs to handle named refclk from DTs
        - Split apart various clocks to more closely match hardware
        - Add ethernet clocks
      
        Cavium Octeon:
        - Remove usage of cvmx_wait() in favour of __delay()
      
        ImgTec Pistachio:
        - DT: Drop deprecated dwmmc num-slots property
      
        Ingenic JZ4780:
        - Add NFS root to Ci20 defconfig
        - Add watchdog to Ci20 DT & defconfig, and allow building of watchdog
          driver with this SoC
      
        Generic (multiplatform):
        - Migrate xilfpga (MIPSfpga) platform to the generic platform
      
        Lantiq xway:
        - Fix ASC0/ASC1 clocks"
      
      * tag 'mips_4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/mips: (46 commits)
        MIPS: Add iomem resource for kernel bss section.
        MIPS: cmpxchg64() and HAVE_VIRT_CPU_ACCOUNTING_GEN don't work for 32-bit SMP
        MIPS: BMIPS: Enable HARDIRQS_SW_RESEND
        MIPS: pci: Make use of the BIT() macro inside the mt7620 driver
        MIPS: pci: Remove KERN_WARN instance inside the mt7620 driver
        MIPS: pci: Remove duplicate define in mt7620 driver
        MIPS: ralink: Fix typo in mt7628 pinmux function
        MIPS: ralink: Fix MT7628 pinmux
        MIPS: Fix odd fp register warnings with MIPS64r2
        watchdog: jz4780: Allow selection of jz4740-wdt driver
        MIPS/ptrace: Update syscall nr on register changes
        MIPS/ptrace: Pick up ptrace/seccomp changed syscalls
        MIPS: Fix an n32 core file generation regset support regression
        MIPS: Fix MIPS64 FP save/restore on 32-bit kernels
        MIPS: page.h: Define virt_to_pfn()
        MIPS: Xilfpga: Switch to using generic defconfigs
        MIPS: generic: Add support for MIPSfpga
        MIPS: Set defconfig target to a generic system for 32r2el
        MIPS: Kconfig: Set default MIPS system type as generic
        MIPS: DTS: Remove num-slots from Pistachio SoC
        ...
      892204e0
    • L
      Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · c9b012e5
      Linus Torvalds 提交于
      Pull arm64 updates from Will Deacon:
       "The big highlight is support for the Scalable Vector Extension (SVE)
        which required extensive ABI work to ensure we don't break existing
        applications by blowing away their signal stack with the rather large
        new vector context (<= 2 kbit per vector register). There's further
        work to be done optimising things like exception return, but the ABI
        is solid now.
      
        Much of the line count comes from some new PMU drivers we have, but
        they're pretty self-contained and I suspect we'll have more of them in
        future.
      
        Plenty of acronym soup here:
      
         - initial support for the Scalable Vector Extension (SVE)
      
         - improved handling for SError interrupts (required to handle RAS
           events)
      
         - enable GCC support for 128-bit integer types
      
         - remove kernel text addresses from backtraces and register dumps
      
         - use of WFE to implement long delay()s
      
         - ACPI IORT updates from Lorenzo Pieralisi
      
         - perf PMU driver for the Statistical Profiling Extension (SPE)
      
         - perf PMU driver for Hisilicon's system PMUs
      
         - misc cleanups and non-critical fixes"
      
      * tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: (97 commits)
        arm64: Make ARMV8_DEPRECATED depend on SYSCTL
        arm64: Implement __lshrti3 library function
        arm64: support __int128 on gcc 5+
        arm64/sve: Add documentation
        arm64/sve: Detect SVE and activate runtime support
        arm64/sve: KVM: Hide SVE from CPU features exposed to guests
        arm64/sve: KVM: Treat guest SVE use as undefined instruction execution
        arm64/sve: KVM: Prevent guests from using SVE
        arm64/sve: Add sysctl to set the default vector length for new processes
        arm64/sve: Add prctl controls for userspace vector length management
        arm64/sve: ptrace and ELF coredump support
        arm64/sve: Preserve SVE registers around EFI runtime service calls
        arm64/sve: Preserve SVE registers around kernel-mode NEON use
        arm64/sve: Probe SVE capabilities and usable vector lengths
        arm64: cpufeature: Move sys_caps_initialised declarations
        arm64/sve: Backend logic for setting the vector length
        arm64/sve: Signal handling support
        arm64/sve: Support vector length resetting for new processes
        arm64/sve: Core task context handling
        arm64/sve: Low-level CPU setup
        ...
      c9b012e5
    • L
      Merge tag 'riscv-for-linus-4.15-arch-v9-premerge' of... · b293fca4
      Linus Torvalds 提交于
      Merge tag 'riscv-for-linus-4.15-arch-v9-premerge' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/linux
      
      Pull RISC-V architecture support from Palmer Dabbelt:
       "This contains the core RISC-V Linux port, which has been through nine
        rounds of review on various mailing lists. The port is not complete:
        there's some cleanup patches moving through the review process, a
        whole bunch of drivers that need some work, and a lot of feature
        additions that will be needed.
      
        The patches contained in this tag have been through nine rounds of
        review on the various mailing lists. I have some outstanding cleanup
        patches, but since there's been so much review on these patches I
        thought it would be best to submit them as-is and then submit explicit
        cleanup patches so everyone can review them. This first patch set is
        big enough that it's a bit of a pain to constantly rewrite, and it's
        caused a few headaches with various contributors.
      
        The port is definately a work in progress. While what's there builds
        and boots with 4.14, it's a bit hard to actually see anything happen
        because there are no device drivers yet. I maintain a staging branch
        that contains all the device drivers and cleanup that actually works,
        but those patches won't all be ready for a while. I'd like to get what
        we currently have into your tree so everyone can start working from a
        single base -- of particular importance is allowing the glibc
        upstreaming process to proceed so we can sort out any possibly
        lingering user-visible ABI problems we might have.
      
        Copied below is the ChangeLog that contains the history of this patch
        set:
      
         (v9) As per suggestions on our v8 patch set, I've split the core
              architecture code out from our drivers and would like to submit
              this patch set to be included into linux-next, with the goal
              being to be merged in during the next merge window. This patch
              set is based on 4.14-rc2, but if it's better to have it based on
              something else then I can change it around.
      
              This patch set contains just the core arch code for RISC-V, so
              while it builds an nominally boots, you can't print or take an
              interrupt so it's not that useful. If you're looking to actually
              boot a system it would probably be better to use the full patch
              set listed below.
      
              We've collected a handful of tags from reviewers, and the
              remainder of the patch set only got minimal feedback last time.
              Here's what changed:
      
               - We now use the device tree to initialize the timer driver so
                 it's less tighly coupled with the arch port.
      
               - I cleaned up the defconfigs -- there's actually now just one,
                 and it's empty. For now I think we're OK with what the kernel
                 sets as defaults, but I anticipate we'll begin to expand this
                 as people start to use the port more.
      
               - The VDSO symbols version is sane.
      
               - We WFI while spinning in the boot loop.
      
               - A handful of comments have been added.
      
              While there are still a handful of FIXMEs in this patch set,
              we've started to get enough interest from various users and
              contributors that maintaining an out of tree patch set is
              starting to become a big burden. Hopefully the patches are good
              enough to merge now, which will at least get everyone working in
              a more reasonable manner as we clean up the remaining issues.
      
         (v8) I know it may not be the ideal time to submit a patch set right
              now, as it's the middle of the merge window, but things have
              calmed down quite a bit in the last month so I thought it would
              be good to get everyone on the same page. There's been a handful
              of changes since the last patch set, but most of them are fairly
              minor:
      
               - We changed PAGE_OFFSET to allowing mapping more physical
                 memory on 64-bit systems. This is user configurable, as it
                 triggers a different code model that generates slightly less
                 efficient code.
      
               - The device tree binding documentation is back, I'd managed to
                 lose it at some point.
      
               - We now pass the atomic64 test suite
      
               - The SBI timer driver has been refactored.
      
         (v7) It's been a while since my last patch set, but the changes han
              been fairly minimal:
      
               - The PCI cleanup patches have been dropped, we'll do them as a
                 separate patch set later.
      
               - We've the Kconfig entries from CONFIG_ISA_* to
                 CONFIG_RISCV_ISA_*, to make grep easier.
      
               - There have been a handful of memory model related tweaks in
                 I/O land, particularly relating the PCI and the upcoming
                 platform specification. There are significant comments in the
                 relevant files. This is still a WIP, but I think we're close
                 to getting as good as we're going to get until we end up with
                 some more specifications.
      
         (v6) As it's been only a day since the v5 patch set, the changes are
              pretty minimal:
      
               - The patch set is now based on linux-next/master, which I
                 believe is a better base now that we're getting closer to
                 upstream.
      
               - EARLY_PRINTK is no longer an option. Since the SBI console is
                 reasonable, there's no penalty to enabling it (and thus no
                 benefit to disabling it).
      
               - The mmap syscalls were refactored a bit.
      
         (v5) Things have really started to calm down, so this is fairly
              similar to the v4 patch set. The most interesting changes
              include:
      
               - We've moved back to a single patch set.
      
               - SMP support has been fixed, I was accidentally running on a
                 non-SMP configuration. There were various mistakes all over
                 the tree as a result of this.
      
               - The cmpxchg syscalls have been removed, as they were deemed a
                 bad idea. As a result, RISC-V Linux systems mandate the A
                 extension. The corresponding Kconfig entry to enable builds
                 on non-A systems has been removed.
      
               - A few more atomic fixes: mostly fence changes, but those
                 resulted in a handful of additional macros that were no
                 longer necessary.
      
               - riscv_early_sie has been removed.
      
         (v4) There have only been a few changes since the v3 patch set:
      
               - The cmpxchg64 syscall is no longer enabled on 32-bit systems.
                 It's not possible to provide this on SMP systems, and it's
                 not necessary as glibc knows not to call it.
      
               - We provide a ELF_HWCAP so users can determine the ISA of the
                 machine the kernel is running on.
      
               - The multi-line comments are in a better form.
      
               - There were a handful of headers that could be replaced with
                 the asm-generic versions, and a few unnecessary definitions.
      
               - We no longer use printk, but instead use pr_*.
      
               - A few Kconfig and defconfig entries have been cleaned up.
      
         (v3) A highlight of the changes since the v2 patch set includes:
      
               - We've split out all our drivers into separate patch sets,
                 which I've already sent out to the relevant maintainers. I
                 haven't included those patches in this patch set, but some of
                 them are necessary to build our port.
      
               - The patch set is now split up differently: rather than being
                 split per directory it is split per topic. Hopefully this
                 will make it easier to review the port on the mailing list.
                 The split is a bit rough, so you probably still want to look
                 at the patch set as a whole.
      
               - atomic.h has been completely rewritten and is hopefully now
                 correct. I've attempted to sanitize the various other memory
                 model related code as well, and I think it should all be sane
                 now aside from a handful of FIXMEs commented in the code.
      
               - We've changed the cmpexchg syscall to always exist and to not
                 be multiplexed. There is also a VDSO entry for compare and
                 exchange, which allows kernels with the A extension to
                 execute user code without the A extension reasonably fast.
      
               - Our user-visible register state now contains enough space for
                 the Q extension for 128-bit floating point, as well as a few
                 words to allow extensibility to future ISA extensions like
                 the eventual V extension for vectors.
      
               - A handful of driver cleanups, but these have been split into
                 separate patch sets now so I won't duplicate them here.
      
         (v2) A highlight of the changes since the v1 patch set includes:
      
               - We've split out our drivers into the right places, which
                 means now there's a lot more patches. I'll be submitting
                 these patches to various subsystem maintainers and including
                 them in any future RISC-V patch sets until they've been
                 merged.
      
               - The SBI console driver has been completely rewritten to use
                 the HVC helpers and is now significantly smaller.
      
               - We've begun to use weaker barriers as opposed to just the big
                 "fence". There's still some work to do here, specifically:
                  - We need fences in the relaxed MMIO functions.
                  - The non-relaxed MMIO functions are missing R/W bits on their fences.
                  - Many AMOs need the aq and rl bits set.
      
               - We now have thread_info in task_struct. As a result, sscratch
                 now contains TP instead of SP. This was necessary because
                 thread_info is no longer on the stack.
      
               - A few shared routines have been added that we use instead of
                 creating another arch copy"
      Reviewed-by: NArnd Bergmann <arnd@arndb.de>
      
      * tag 'riscv-for-linus-4.15-arch-v9-premerge' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/linux:
        RISC-V: Build Infrastructure
        RISC-V: User-facing API
        RISC-V: Paging and MMU
        RISC-V: Device, timer, IRQs, and the SBI
        RISC-V: Task implementation
        RISC-V: ELF and module implementation
        RISC-V: Generic library routines and assembly
        RISC-V: Atomic and Locking Code
        RISC-V: Init and Halt Code
        dt-bindings: RISC-V CPU Bindings
        lib: Add shared copies of some GCC library routines
        MAINTAINERS: Add RISC-V
      b293fca4
    • L
      Merge branch 'for-linus' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching · 0ef76878
      Linus Torvalds 提交于
      Pull livepatching updates from Jiri Kosina:
      
       - shadow variables support, allowing livepatches to associate new
         "shadow" fields to existing data structures, from Joe Lawrence
      
       - pre/post patch callbacks API, allowing livepatch writers to register
         callbacks to be called before and after patch application, from Joe
         Lawrence
      
      * 'for-linus' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching:
        livepatch: __klp_disable_patch() should never be called for disabled patches
        livepatch: Correctly call klp_post_unpatch_callback() in error paths
        livepatch: add transition notices
        livepatch: move transition "complete" notice into klp_complete_transition()
        livepatch: add (un)patch callbacks
        livepatch: Small shadow variable documentation fixes
        livepatch: __klp_shadow_get_or_alloc() is local to shadow.c
        livepatch: introduce shadow variable API
      0ef76878
    • L
      Merge branch 'for-linus' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/jikos/trivial · 9682b3de
      Linus Torvalds 提交于
      Pull trivial tree updates from Jiri Kosina:
       "The usual rocket-science from trivial tree for 4.15"
      
      * 'for-linus' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/jikos/trivial:
        MAINTAINERS: relinquish kconfig
        MAINTAINERS: Update my email address
        treewide: Fix typos in Kconfig
        kfifo: Fix comments
        init/Kconfig: Fix module signing document location
        misc: ibmasm: Return error on error path
        HID: logitech-hidpp: fix mistake in printk, "feeback" -> "feedback"
        MAINTAINERS: Correct path to uDraw PS3 driver
        tracing: Fix doc mistakes in trace sample
        tracing: Kconfig text fixes for CONFIG_HWLAT_TRACER
        MIPS: Alchemy: Remove reverted CONFIG_NETLINK_MMAP from db1xxx_defconfig
        mm/huge_memory.c: fixup grammar in comment
        lib/xz: Add fall-through comments to a switch statement
      9682b3de
    • L
      Merge branch 'for-linus' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/jikos/hid · 20df1578
      Linus Torvalds 提交于
      Pull HID updates from Jiri Kosina:
      
       - high resolution mode for Dell canvas support, from Benjamin Tissoires
      
       - pen handling fixes for the Wacom driver, from Jason Gerecke
      
       - i2c-hid: Apollo-Lake based laptops improvements, from Hans de Goede
      
       - Input/Core: eraser tool support, from Ping Cheng
      
       - new ALPS touchpad (T4, found currently on HP EliteBook 1000, Zbook
         Stduio and HP Elite book x360) supportm from Masaki Ota
      
       - other smaller assorted fixes
      
      * 'for-linus' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/jikos/hid: (33 commits)
        HID: cp2112: fix broken gpio_direction_input callback
        HID: cp2112: fix interface specification URL
        HID: Wacom: switch Dell canvas into highres mode
        HID: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set
        HID: sony: Fix SHANWAN pad rumbling on USB
        HID: i2c-hid: Add no-irq-after-reset quirk for 0911:5288 device
        HID: add backlight level quirk for Asus ROG laptops
        HID: cp2112: add HIDRAW dependency
        HID: Add ID 044f:b605 ThrustMaster, Inc. force feedback Racing Wheel
        HID: hid-logitech: remove redundant assignment to pointer value
        HID: wacom: generic: Recognize WACOM_HID_WD_PEN as a type of pen collection
        HID: rmi: Check that a device is a RMI device before calling RMI functions
        HID: add multi-input quirk for GamepadBlock
        HID: alps: add new U1 device ID
        HID: alps: add support for Alps T4 Touchpad device
        HID: alps: remove variables local to u1_init() from the device struct
        HID: alps: properly handle max_fingers and minimum on X and Y axis
        HID: alps: Separate U1 device code
        HID: alps: delete unnecessary struct u1_dev devInfo
        HID: usbhid: Convert timers to use timer_setup()
        ...
      20df1578
  2. 15 11月, 2017 15 次提交
    • E
      tcp: highest_sack fix · 50895b9d
      Eric Dumazet 提交于
      syzbot easily found a regression added in our latest patches [1]
      
      No longer set tp->highest_sack to the head of the send queue since
      this is not logical and error prone.
      
      Only sack processing should maintain the pointer to an skb from rtx queue.
      
      We might in the future only remember the sequence instead of a pointer to skb,
      since rb-tree should allow a fast lookup.
      
      [1]
      BUG: KASAN: use-after-free in tcp_highest_sack_seq include/net/tcp.h:1706 [inline]
      BUG: KASAN: use-after-free in tcp_ack+0x42bb/0x4fd0 net/ipv4/tcp_input.c:3537
      Read of size 4 at addr ffff8801c154faa8 by task syz-executor4/12860
      
      CPU: 0 PID: 12860 Comm: syz-executor4 Not tainted 4.14.0-next-20171113+ #41
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      Call Trace:
       __dump_stack lib/dump_stack.c:17 [inline]
       dump_stack+0x194/0x257 lib/dump_stack.c:53
       print_address_description+0x73/0x250 mm/kasan/report.c:252
       kasan_report_error mm/kasan/report.c:351 [inline]
       kasan_report+0x25b/0x340 mm/kasan/report.c:409
       __asan_report_load4_noabort+0x14/0x20 mm/kasan/report.c:429
       tcp_highest_sack_seq include/net/tcp.h:1706 [inline]
       tcp_ack+0x42bb/0x4fd0 net/ipv4/tcp_input.c:3537
       tcp_rcv_established+0x672/0x18a0 net/ipv4/tcp_input.c:5439
       tcp_v4_do_rcv+0x2ab/0x7d0 net/ipv4/tcp_ipv4.c:1468
       sk_backlog_rcv include/net/sock.h:909 [inline]
       __release_sock+0x124/0x360 net/core/sock.c:2264
       release_sock+0xa4/0x2a0 net/core/sock.c:2778
       tcp_sendmsg+0x3a/0x50 net/ipv4/tcp.c:1462
       inet_sendmsg+0x11f/0x5e0 net/ipv4/af_inet.c:763
       sock_sendmsg_nosec net/socket.c:632 [inline]
       sock_sendmsg+0xca/0x110 net/socket.c:642
       ___sys_sendmsg+0x75b/0x8a0 net/socket.c:2048
       __sys_sendmsg+0xe5/0x210 net/socket.c:2082
       SYSC_sendmsg net/socket.c:2093 [inline]
       SyS_sendmsg+0x2d/0x50 net/socket.c:2089
       entry_SYSCALL_64_fastpath+0x1f/0x96
      RIP: 0033:0x452879
      RSP: 002b:00007fc9761bfbe8 EFLAGS: 00000212 ORIG_RAX: 000000000000002e
      RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 0000000000452879
      RDX: 0000000000000000 RSI: 0000000020917fc8 RDI: 0000000000000015
      RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000
      R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006ee3a0
      R13: 00000000ffffffff R14: 00007fc9761c06d4 R15: 0000000000000000
      
      Allocated by task 12860:
       save_stack+0x43/0xd0 mm/kasan/kasan.c:447
       set_track mm/kasan/kasan.c:459 [inline]
       kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:551
       kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:489
       kmem_cache_alloc_node+0x144/0x760 mm/slab.c:3638
       __alloc_skb+0xf1/0x780 net/core/skbuff.c:193
       alloc_skb_fclone include/linux/skbuff.h:1023 [inline]
       sk_stream_alloc_skb+0x11d/0x900 net/ipv4/tcp.c:870
       tcp_sendmsg_locked+0x1341/0x3b80 net/ipv4/tcp.c:1299
       tcp_sendmsg+0x2f/0x50 net/ipv4/tcp.c:1461
       inet_sendmsg+0x11f/0x5e0 net/ipv4/af_inet.c:763
       sock_sendmsg_nosec net/socket.c:632 [inline]
       sock_sendmsg+0xca/0x110 net/socket.c:642
       SYSC_sendto+0x358/0x5a0 net/socket.c:1749
       SyS_sendto+0x40/0x50 net/socket.c:1717
       entry_SYSCALL_64_fastpath+0x1f/0x96
      
      Freed by task 12860:
       save_stack+0x43/0xd0 mm/kasan/kasan.c:447
       set_track mm/kasan/kasan.c:459 [inline]
       kasan_slab_free+0x71/0xc0 mm/kasan/kasan.c:524
       __cache_free mm/slab.c:3492 [inline]
       kmem_cache_free+0x77/0x280 mm/slab.c:3750
       kfree_skbmem+0xdd/0x1d0 net/core/skbuff.c:603
       __kfree_skb+0x1d/0x20 net/core/skbuff.c:642
       sk_wmem_free_skb include/net/sock.h:1419 [inline]
       tcp_rtx_queue_unlink_and_free include/net/tcp.h:1682 [inline]
       tcp_clean_rtx_queue net/ipv4/tcp_input.c:3111 [inline]
       tcp_ack+0x1b17/0x4fd0 net/ipv4/tcp_input.c:3593
       tcp_rcv_established+0x672/0x18a0 net/ipv4/tcp_input.c:5439
       tcp_v4_do_rcv+0x2ab/0x7d0 net/ipv4/tcp_ipv4.c:1468
       sk_backlog_rcv include/net/sock.h:909 [inline]
       __release_sock+0x124/0x360 net/core/sock.c:2264
       release_sock+0xa4/0x2a0 net/core/sock.c:2778
       tcp_sendmsg+0x3a/0x50 net/ipv4/tcp.c:1462
       inet_sendmsg+0x11f/0x5e0 net/ipv4/af_inet.c:763
       sock_sendmsg_nosec net/socket.c:632 [inline]
       sock_sendmsg+0xca/0x110 net/socket.c:642
       ___sys_sendmsg+0x75b/0x8a0 net/socket.c:2048
       __sys_sendmsg+0xe5/0x210 net/socket.c:2082
       SYSC_sendmsg net/socket.c:2093 [inline]
       SyS_sendmsg+0x2d/0x50 net/socket.c:2089
       entry_SYSCALL_64_fastpath+0x1f/0x96
      
      The buggy address belongs to the object at ffff8801c154fa80
       which belongs to the cache skbuff_fclone_cache of size 456
      The buggy address is located 40 bytes inside of
       456-byte region [ffff8801c154fa80, ffff8801c154fc48)
      The buggy address belongs to the page:
      page:ffffea00070553c0 count:1 mapcount:0 mapping:ffff8801c154f080 index:0x0
      flags: 0x2fffc0000000100(slab)
      raw: 02fffc0000000100 ffff8801c154f080 0000000000000000 0000000100000006
      raw: ffffea00070a5a20 ffffea0006a18360 ffff8801d9ca0500 0000000000000000
      page dumped because: kasan: bad access detected
      
      Fixes: 737ff314 ("tcp: use sequence distance to detect reordering")
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Cc: Yuchung Cheng <ycheng@google.com>
      Reported-by: Nsyzbot <syzkaller@googlegroups.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      50895b9d
    • H
      geneve: fix fill_info when link down · fd7eafd0
      Hangbin Liu 提交于
      geneve->sock4/6 were added with geneve_open and released with geneve_stop.
      So when geneve link down, we will not able to show remote address and
      checksum info after commit 11387fe4 ("geneve: fix fill_info when using
      collect_metadata").
      
      Fix this by avoid passing *_REMOTE{,6} for COLLECT_METADATA since they are
      mutually exclusive, and always show UDP_ZERO_CSUM6_RX info.
      
      Fixes: 11387fe4 ("geneve: fix fill_info when using collect_metadata")
      Signed-off-by: NHangbin Liu <liuhangbin@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      fd7eafd0
    • E
      bpf: fix lockdep splat · 89ad2fa3
      Eric Dumazet 提交于
      pcpu_freelist_pop() needs the same lockdep awareness than
      pcpu_freelist_populate() to avoid a false positive.
      
       [ INFO: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected ]
      
       switchto-defaul/12508 [HC0[0]:SC0[6]:HE0:SE0] is trying to acquire:
        (&htab->buckets[i].lock){......}, at: [<ffffffff9dc099cb>] __htab_percpu_map_update_elem+0x1cb/0x300
      
       and this task is already holding:
        (dev_queue->dev->qdisc_class ?: &qdisc_tx_lock#2){+.-...}, at: [<ffffffff9e135848>] __dev_queue_xmit+0
      x868/0x1240
       which would create a new lock dependency:
        (dev_queue->dev->qdisc_class ?: &qdisc_tx_lock#2){+.-...} -> (&htab->buckets[i].lock){......}
      
       but this new dependency connects a SOFTIRQ-irq-safe lock:
        (dev_queue->dev->qdisc_class ?: &qdisc_tx_lock#2){+.-...}
       ... which became SOFTIRQ-irq-safe at:
         [<ffffffff9db5931b>] __lock_acquire+0x42b/0x1f10
         [<ffffffff9db5b32c>] lock_acquire+0xbc/0x1b0
         [<ffffffff9da05e38>] _raw_spin_lock+0x38/0x50
         [<ffffffff9e135848>] __dev_queue_xmit+0x868/0x1240
         [<ffffffff9e136240>] dev_queue_xmit+0x10/0x20
         [<ffffffff9e1965d9>] ip_finish_output2+0x439/0x590
         [<ffffffff9e197410>] ip_finish_output+0x150/0x2f0
         [<ffffffff9e19886d>] ip_output+0x7d/0x260
         [<ffffffff9e19789e>] ip_local_out+0x5e/0xe0
         [<ffffffff9e197b25>] ip_queue_xmit+0x205/0x620
         [<ffffffff9e1b8398>] tcp_transmit_skb+0x5a8/0xcb0
         [<ffffffff9e1ba152>] tcp_write_xmit+0x242/0x1070
         [<ffffffff9e1baffc>] __tcp_push_pending_frames+0x3c/0xf0
         [<ffffffff9e1b3472>] tcp_rcv_established+0x312/0x700
         [<ffffffff9e1c1acc>] tcp_v4_do_rcv+0x11c/0x200
         [<ffffffff9e1c3dc2>] tcp_v4_rcv+0xaa2/0xc30
         [<ffffffff9e191107>] ip_local_deliver_finish+0xa7/0x240
         [<ffffffff9e191a36>] ip_local_deliver+0x66/0x200
         [<ffffffff9e19137d>] ip_rcv_finish+0xdd/0x560
         [<ffffffff9e191e65>] ip_rcv+0x295/0x510
         [<ffffffff9e12ff88>] __netif_receive_skb_core+0x988/0x1020
         [<ffffffff9e130641>] __netif_receive_skb+0x21/0x70
         [<ffffffff9e1306ff>] process_backlog+0x6f/0x230
         [<ffffffff9e132129>] net_rx_action+0x229/0x420
         [<ffffffff9da07ee8>] __do_softirq+0xd8/0x43d
         [<ffffffff9e282bcc>] do_softirq_own_stack+0x1c/0x30
         [<ffffffff9dafc2f5>] do_softirq+0x55/0x60
         [<ffffffff9dafc3a8>] __local_bh_enable_ip+0xa8/0xb0
         [<ffffffff9db4c727>] cpu_startup_entry+0x1c7/0x500
         [<ffffffff9daab333>] start_secondary+0x113/0x140
      
       to a SOFTIRQ-irq-unsafe lock:
        (&head->lock){+.+...}
       ... which became SOFTIRQ-irq-unsafe at:
       ...  [<ffffffff9db5971f>] __lock_acquire+0x82f/0x1f10
         [<ffffffff9db5b32c>] lock_acquire+0xbc/0x1b0
         [<ffffffff9da05e38>] _raw_spin_lock+0x38/0x50
         [<ffffffff9dc0b7fa>] pcpu_freelist_pop+0x7a/0xb0
         [<ffffffff9dc08b2c>] htab_map_alloc+0x50c/0x5f0
         [<ffffffff9dc00dc5>] SyS_bpf+0x265/0x1200
         [<ffffffff9e28195f>] entry_SYSCALL_64_fastpath+0x12/0x17
      
       other info that might help us debug this:
      
       Chain exists of:
         dev_queue->dev->qdisc_class ?: &qdisc_tx_lock#2 --> &htab->buckets[i].lock --> &head->lock
      
        Possible interrupt unsafe locking scenario:
      
              CPU0                    CPU1
              ----                    ----
         lock(&head->lock);
                                      local_irq_disable();
                                      lock(dev_queue->dev->qdisc_class ?: &qdisc_tx_lock#2);
                                      lock(&htab->buckets[i].lock);
         <Interrupt>
           lock(dev_queue->dev->qdisc_class ?: &qdisc_tx_lock#2);
      
        *** DEADLOCK ***
      
      Fixes: e19494ed ("bpf: introduce percpu_freelist")
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      89ad2fa3
    • B
      net: cdc_ncm: GetNtbFormat endian fix · 6314dab4
      Bjørn Mork 提交于
      The GetNtbFormat and SetNtbFormat requests operate on 16 bit little
      endian values. We get away with ignoring this most of the time, because
      we only care about USB_CDC_NCM_NTB16_FORMAT which is 0x0000.  This
      fails for USB_CDC_NCM_NTB32_FORMAT.
      
      Fix comparison between LE value from device and constant by converting
      the constant to LE.
      Reported-by: NBen Hutchings <ben.hutchings@codethink.co.uk>
      Fixes: 2b02c20c ("cdc_ncm: Set NTB format again after altsetting switch for Huawei devices")
      Cc: Enrico Mioso <mrkiko.rs@gmail.com>
      Cc: Christian Panton <christian@panton.org>
      Signed-off-by: NBjørn Mork <bjorn@mork.no>
      Acked-By: NEnrico Mioso <mrkiko.rs@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      6314dab4
    • J
      Merge branch 'for-4.15/wacom' into for-linus · 01125b2d
      Jiri Kosina 提交于
      - High resolution mode for DEll canvas support, from Benjamin Tissoires
      - A lot of improvements to pen handling in the Wacom driver, from Jason Gerecke
      Signed-off-by: NJiri Kosina <jkosina@suse.cz>
      01125b2d
    • J
      Merge branch 'for-4.15/use-timer-setup' into for-linus · 4b545304
      Jiri Kosina 提交于
      - usbhid: conversion to timer_setup() and from_timer() from Kees Cook
      Signed-off-by: NJiri Kosina <jkosina@suse.cz>
      4b545304
    • J
      Merge branch 'for-4.15/upstream' into for-linus · 6ed7a70b
      Jiri Kosina 提交于
      - cp2112: GPIO error handling and Kconfig fixes from Sébastien Szymanski
      - i2c-hid: fixup / quirk for Apollo-Lake based laptops, from Hans de Goede
      - Input/Core: add eraser tool support, from Ping Cheng
      - small assorted code fixes
      Signed-off-by: NJiri Kosina <jkosina@suse.cz>
      6ed7a70b
    • J
      Merge branch 'for-4.15/sony' into for-linus · b50b9d3d
      Jiri Kosina 提交于
      - SHANWAN PS3 rumble fix from Bastien Nocera
      Signed-off-by: NJiri Kosina <jkosina@suse.cz>
      b50b9d3d
    • J
      Merge branch 'for-4.15/multitouch' into for-linus · ea3bbd0a
      Jiri Kosina 提交于
      - make sure that we forward MSC_TIMESTAMP in accordance to the specification,
        from Nicolas Boichat
      Signed-off-by: NJiri Kosina <jkosina@suse.cz>
      ea3bbd0a
    • J
      Merge branch 'for-4.15/logitech' into for-linus · 6101cb7e
      Jiri Kosina 提交于
      - small code fixes for Logitech driver from Colin Ian King
      6101cb7e
    • J
      Merge branch 'for-4.15/hyperv' into for-linus · e1548dcd
      Jiri Kosina 提交于
      - trivial printk() line termination fix for HyperV
      e1548dcd
    • J
      Merge branch 'for-4.15/asus' into for-linus · 47dd6b01
      Jiri Kosina 提交于
      - Asus laptop fixes (fn keys, backlight), from Mustafa Kuscu and
        Maxime Bellengé
      47dd6b01
    • J
      Merge branch 'for-4.15/alps' into for-linus · 5cc619db
      Jiri Kosina 提交于
      - New ALPS touchpad (T4, found currently on HP EliteBook 1000, Zbook Stduio
        and HP Elite book x360) support from Masaki Ota
      5cc619db
    • J
      Merge branch 'for-4.14/upstream-fixes' into for-linus · 83fd5ddc
      Jiri Kosina 提交于
      - Wacom: recognize PEN application collection properly, from Jason Gerecke
      - RMI: avoid cofusion caused by RMI functions being by mistake called on
        non-RMI devices, from Andrew Duggan
      - small device-ID-specific quirks/fixes
      Signed-off-by: NJiri Kosina <jkosina@suse.cz>
      83fd5ddc
    • J
      Merge branch 'for-4.15/callbacks' into for-linus · fc41efc1
      Jiri Kosina 提交于
      This pulls in an infrastructure/API that allows livepatch writers to
      register pre-patch and post-patch callbacks that allow for running a
      glue code necessary for finalizing the patching if necessary.
      
      Conflicts:
      	kernel/livepatch/core.c
      	- trivial conflict by adding a callback call into
      	  module going notifier vs. moving that code block
      	  to klp_cleanup_module_patches_limited()
      Signed-off-by: NJiri Kosina <jkosina@suse.cz>
      fc41efc1