1. 08 11月, 2017 11 次提交
    • V
      nfsd: use nfs->ns.inum as net ID · 7e981a8a
      Vasily Averin 提交于
      Publishing of net pointer is not safe,
      let's use nfs->ns.inum instead
      Signed-off-by: NVasily Averin <vvs@virtuozzo.com>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      7e981a8a
    • J
      rpc: remove some BUG()s · 1754eb2b
      J. Bruce Fields 提交于
      It would be kinder to WARN() and recover in several spots here instead
      of BUG()ing.
      
      Also, it looks like the read_u32_from_xdr_buf() call could actually
      fail, though it might require a broken (or malicious) client, so convert
      that to just an error return.
      Reported-by: NWeston Andros Adamson <dros@monkey.org>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      1754eb2b
    • C
      svcrdma: Preserve CB send buffer across retransmits · 0bad47ca
      Chuck Lever 提交于
      During each NFSv4 callback Call, an RDMA Send completion frees the
      page that contains the RPC Call message. If the upper layer
      determines that a retransmit is necessary, this is too soon.
      
      One possible symptom: after a GARBAGE_ARGS response an NFSv4.1
      callback request, the following BUG fires on the NFS server:
      
      kernel: BUG: Bad page state in process kworker/0:2H  pfn:7d3ce2
      kernel: page:ffffea001f4f3880 count:-2 mapcount:0 mapping:          (null) index:0x0
      kernel: flags: 0x2fffff80000000()
      kernel: raw: 002fffff80000000 0000000000000000 0000000000000000 fffffffeffffffff
      kernel: raw: dead000000000100 dead000000000200 0000000000000000 0000000000000000
      kernel: page dumped because: nonzero _refcount
      kernel: Modules linked in: cts rpcsec_gss_krb5 ocfs2_dlmfs ocfs2_stack_o2cb ocfs2_dlm
      ocfs2_nodemanager ocfs2_stackglue rpcrdm a ib_ipoib rdma_ucm ib_ucm ib_uverbs ib_umad
      rdma_cm ib_cm iw_cm x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel
      kvm irqbypass crct10dif_pc lmul crc32_pclmul ghash_clmulni_intel pcbc iTCO_wdt
      iTCO_vendor_support aesni_intel crypto_simd glue_helper cryptd pcspkr lpc_ich i2c_i801
      mei_me mf d_core mei raid0 sg wmi ioatdma ipmi_si ipmi_devintf ipmi_msghandler shpchp
      acpi_power_meter acpi_pad nfsd nfs_acl lockd auth_rpcgss grace sunrpc ip_tables xfs
      libcrc32c mlx4_en mlx4_ib mlx5_ib ib_core sd_mod sr_mod cdrom ast drm_kms_helper
      syscopyarea sysfillrect sysimgblt fb_sys_fops ttm ahci crc32c_intel libahci drm
      mlx5_core igb libata mlx4_core dca i2c_algo_bit i2c_core nvme
      kernel: ptp nvme_core pps_core dm_mirror dm_region_hash dm_log dm_mod dax
      kernel: CPU: 0 PID: 11495 Comm: kworker/0:2H Not tainted 4.14.0-rc3-00001-g577ce48 #811
      kernel: Hardware name: Supermicro Super Server/X10SRL-F, BIOS 1.0c 09/09/2015
      kernel: Workqueue: ib-comp-wq ib_cq_poll_work [ib_core]
      kernel: Call Trace:
      kernel: dump_stack+0x62/0x80
      kernel: bad_page+0xfe/0x11a
      kernel: free_pages_check_bad+0x76/0x78
      kernel: free_pcppages_bulk+0x364/0x441
      kernel: ? ttwu_do_activate.isra.61+0x71/0x78
      kernel: free_hot_cold_page+0x1c5/0x202
      kernel: __put_page+0x2c/0x36
      kernel: svc_rdma_put_context+0xd9/0xe4 [rpcrdma]
      kernel: svc_rdma_wc_send+0x50/0x98 [rpcrdma]
      
      This issue exists all the way back to v4.5, but refactoring and code
      re-organization prevents this simple patch from applying to kernels
      older than v4.12. The fix is the same, however, if someone needs to
      backport it.
      Reported-by: NBen Coddington <bcodding@redhat.com>
      BugLink: https://bugzilla.linux-nfs.org/show_bug.cgi?id=314
      Fixes: 5d252f90 ('svcrdma: Add class for RDMA backwards ... ')
      Cc: stable@vger.kernel.org # v4.12
      Signed-off-by: NChuck Lever <chuck.lever@oracle.com>
      Reviewed-by: NJeff Layton <jlayton@redhat.com>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      0bad47ca
    • A
      nfds: avoid gettimeofday for nfssvc_boot time · 256a89fa
      Arnd Bergmann 提交于
      do_gettimeofday() is deprecated and we should generally use time64_t
      based functions instead.
      
      In case of nfsd, all three users of nfssvc_boot only use the initial
      time as a unique token, and are not affected by it overflowing, so they
      are not affected by the y2038 overflow.
      
      This converts the structure to timespec64 anyway and adds comments
      to all uses, to document that we have thought about it and avoid
      having to look at it again.
      Signed-off-by: NArnd Bergmann <arnd@arndb.de>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      256a89fa
    • E
      fs, nfsd: convert nfs4_file.fi_ref from atomic_t to refcount_t · 818a34eb
      Elena Reshetova 提交于
      atomic_t variables are currently used to implement reference
      counters with the following properties:
       - counter is initialized to 1 using atomic_set()
       - a resource is freed upon counter reaching zero
       - once counter reaches zero, its further
         increments aren't allowed
       - counter schema uses basic atomic operations
         (set, inc, inc_not_zero, dec_and_test, etc.)
      
      Such atomic variables should be converted to a newly provided
      refcount_t type and API that prevents accidental counter overflows
      and underflows. This is important since overflows and underflows
      can lead to use-after-free situation and be exploitable.
      
      The variable nfs4_file.fi_ref is used as pure reference counter.
      Convert it to refcount_t and fix up the operations.
      Suggested-by: NKees Cook <keescook@chromium.org>
      Reviewed-by: NDavid Windsor <dwindsor@gmail.com>
      Reviewed-by: NHans Liljestrand <ishkamiel@gmail.com>
      Signed-off-by: NElena Reshetova <elena.reshetova@intel.com>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      818a34eb
    • E
      fs, nfsd: convert nfs4_cntl_odstate.co_odcount from atomic_t to refcount_t · cff7cb2e
      Elena Reshetova 提交于
      atomic_t variables are currently used to implement reference
      counters with the following properties:
       - counter is initialized to 1 using atomic_set()
       - a resource is freed upon counter reaching zero
       - once counter reaches zero, its further
         increments aren't allowed
       - counter schema uses basic atomic operations
         (set, inc, inc_not_zero, dec_and_test, etc.)
      
      Such atomic variables should be converted to a newly provided
      refcount_t type and API that prevents accidental counter overflows
      and underflows. This is important since overflows and underflows
      can lead to use-after-free situation and be exploitable.
      
      The variable nfs4_cntl_odstate.co_odcount is used as pure reference counter.
      Convert it to refcount_t and fix up the operations.
      Suggested-by: NKees Cook <keescook@chromium.org>
      Reviewed-by: NDavid Windsor <dwindsor@gmail.com>
      Reviewed-by: NHans Liljestrand <ishkamiel@gmail.com>
      Signed-off-by: NElena Reshetova <elena.reshetova@intel.com>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      cff7cb2e
    • E
      fs, nfsd: convert nfs4_stid.sc_count from atomic_t to refcount_t · a15dfcd5
      Elena Reshetova 提交于
      atomic_t variables are currently used to implement reference
      counters with the following properties:
       - counter is initialized to 1 using atomic_set()
       - a resource is freed upon counter reaching zero
       - once counter reaches zero, its further
         increments aren't allowed
       - counter schema uses basic atomic operations
         (set, inc, inc_not_zero, dec_and_test, etc.)
      
      Such atomic variables should be converted to a newly provided
      refcount_t type and API that prevents accidental counter overflows
      and underflows. This is important since overflows and underflows
      can lead to use-after-free situation and be exploitable.
      
      The variable nfs4_stid.sc_count is used as pure reference counter.
      Convert it to refcount_t and fix up the operations.
      Suggested-by: NKees Cook <keescook@chromium.org>
      Reviewed-by: NDavid Windsor <dwindsor@gmail.com>
      Reviewed-by: NHans Liljestrand <ishkamiel@gmail.com>
      Signed-off-by: NElena Reshetova <elena.reshetova@intel.com>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      a15dfcd5
    • V
      lockd: double unregister of inetaddr notifiers · dc3033e1
      Vasily Averin 提交于
      lockd_up() can call lockd_unregister_notifiers twice:
      inside lockd_start_svc() when it calls lockd_svc_exit_thread()
      and then in error path of lockd_up()
      
      Patch forces lockd_start_svc() to unregister notifiers in all error cases
      and removes extra unregister in error path of lockd_up().
      
      Fixes: cb7d224f "lockd: unregister notifier blocks if the service ..."
      Signed-off-by: NVasily Averin <vvs@virtuozzo.com>
      Cc: stable@vger.kernel.org
      Reviewed-by: NJeff Layton <jlayton@kernel.org>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      dc3033e1
    • J
      nfsd4: catch some false session retries · 53da6a53
      J. Bruce Fields 提交于
      The spec allows us to return NFS4ERR_SEQ_FALSE_RETRY if we notice that
      the client is making a call that matches a previous (slot, seqid) pair
      but that *isn't* actually a replay, because some detail of the call
      doesn't actually match the previous one.
      
      Catching every such case is difficult, but we may as well catch a few
      easy ones.  This also handles the case described in the previous patch,
      in a different way.
      
      The spec does however require us to catch the case where the difference
      is in the rpc credentials.  This prevents somebody from snooping another
      user's replies by fabricating retries.
      
      (But the practical value of the attack is limited by the fact that the
      replies with the most sensitive data are READ replies, which are not
      normally cached.)
      Tested-by: NOlga Kornievskaia <aglo@umich.edu>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      53da6a53
    • J
      nfsd4: fix cached replies to solo SEQUENCE compounds · 085def3a
      J. Bruce Fields 提交于
      Currently our handling of 4.1+ requests without "cachethis" set is
      confusing and not quite correct.
      
      Suppose a client sends a compound consisting of only a single SEQUENCE
      op, and it matches the seqid in a session slot (so it's a retry), but
      the previous request with that seqid did not have "cachethis" set.
      
      The obvious thing to do might be to return NFS4ERR_RETRY_UNCACHED_REP,
      but the protocol only allows that to be returned on the op following the
      SEQUENCE, and there is no such op in this case.
      
      The protocol permits us to cache replies even if the client didn't ask
      us to.  And it's easy to do so in the case of solo SEQUENCE compounds.
      
      So, when we get a solo SEQUENCE, we can either return the previously
      cached reply or NFSERR_SEQ_FALSE_RETRY if we notice it differs in some
      way from the original call.
      
      Currently, we're returning a corrupt reply in the case a solo SEQUENCE
      matches a previous compound with more ops.  This actually matters
      because the Linux client recently started doing this as a way to recover
      from lost replies to idempotent operations in the case the process doing
      the original reply was killed: in that case it's difficult to keep the
      original arguments around to do a real retry, and the client no longer
      cares what the result is anyway, but it would like to make sure that the
      slot's sequence id has been incremented, and the solo SEQUENCE assures
      that: if the server never got the original reply, it will increment the
      sequence id.  If it did get the original reply, it won't increment, and
      nothing else that about the reply really matters much.  But we can at
      least attempt to return valid xdr!
      Tested-by: NOlga Kornievskaia <aglo@umich.edu>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      085def3a
    • C
      sunrcp: make function _svc_create_xprt static · da36e6db
      Colin Ian King 提交于
      The function _svc_create_xprt is local to the source and
      does not need to be in global scope, so make it static.
      
      Cleans up sparse warning:
      symbol '_svc_create_xprt' was not declared. Should it be static?
      Signed-off-by: NColin Ian King <colin.king@canonical.com>
      Reviewed-by: NJeff Layton <jlayton@poochiereds.net>
      Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
      da36e6db
  2. 12 10月, 2017 1 次提交
  3. 06 10月, 2017 1 次提交
  4. 05 10月, 2017 3 次提交
  5. 26 9月, 2017 3 次提交
  6. 19 9月, 2017 1 次提交
  7. 17 9月, 2017 9 次提交
  8. 16 9月, 2017 11 次提交
    • L
      Merge branch '4.14-features' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus · 73184130
      Linus Torvalds 提交于
      Pull MIPS updates from Ralf Baechle:
       "This is the main pull request for 4.14 for MIPS; below a summary of
        the non-merge commits:
      
        CM:
         - Rename mips_cm_base to mips_gcr_base
         - Specify register size when generating accessors
         - Use BIT/GENMASK for register fields, order & drop shifts
         - Add cluster & block args to mips_cm_lock_other()
      
        CPC:
         - Use common CPS accessor generation macros
         - Use BIT/GENMASK for register fields, order & drop shifts
         - Introduce register modify (set/clear/change) accessors
         - Use change_*, set_* & clear_* where appropriate
         - Add CM/CPC 3.5 register definitions
         - Use GlobalNumber macros rather than magic numbers
         - Have asm/mips-cps.h include CM & CPC headers
         - Cluster support for topology functions
         - Detect CPUs in secondary clusters
      
        CPS:
         - Read GIC_VL_IDENT directly, not via irqchip driver
      
        DMA:
         - Consolidate coherent and non-coherent dma_alloc code
         - Don't use dma_cache_sync to implement fd_cacheflush
      
        FPU emulation / FP assist code:
         - Another series of 14 commits fixing corner cases such as NaN
           propgagation and other special input values.
         - Zero bits 32-63 of the result for a CLASS.D instruction.
         - Enhanced statics via debugfs
         - Do not use bools for arithmetic. GCC 7.1 moans about this.
         - Correct user fault_addr type
      
        Generic MIPS:
         - Enhancement of stack backtraces
         - Cleanup from non-existing options
         - Handle non word sized instructions when examining frame
         - Fix detection and decoding of ADDIUSP instruction
         - Fix decoding of SWSP16 instruction
         - Refactor handling of stack pointer in get_frame_info
         - Remove unreachable code from force_fcr31_sig()
         - Convert to using %pOF instead of full_name
         - Remove the R6000 support.
         - Move FP code from *_switch.S to *_fpu.S
         - Remove unused ST_OFF from r2300_switch.S
         - Allow platform to specify multiple its.S files
         - Add #includes to various files to ensure code builds reliable and
           without warning..
         - Remove __invalidate_kernel_vmap_range
         - Remove plat_timer_setup
         - Declare various variables & functions static
         - Abstract CPU core & VP(E) ID access through accessor functions
         - Store core & VP IDs in GlobalNumber-style variable
         - Unify checks for sibling CPUs
         - Add CPU cluster number accessors
         - Prevent direct use of generic_defconfig
         - Make CONFIG_MIPS_MT_SMP default y
         - Add __ioread64_copy
         - Remove unnecessary inclusions of linux/irqchip/mips-gic.h
      
        GIC:
         - Introduce asm/mips-gic.h with accessor functions
         - Use new GIC accessor functions in mips-gic-timer
         - Remove counter access functions from irq-mips-gic.c
         - Remove gic_read_local_vp_id() from irq-mips-gic.c
         - Simplify shared interrupt pending/mask reads in irq-mips-gic.c
         - Simplify gic_local_irq_domain_map() in irq-mips-gic.c
         - Drop gic_(re)set_mask() functions in irq-mips-gic.c
         - Remove gic_set_polarity(), gic_set_trigger(), gic_set_dual_edge(),
           gic_map_to_pin() and gic_map_to_vpe() from irq-mips-gic.c.
         - Convert remaining shared reg access, local int mask access and
           remaining local reg access to new accessors
         - Move GIC_LOCAL_INT_* to asm/mips-gic.h
         - Remove GIC_CPU_INT* macros from irq-mips-gic.c
         - Move various definitions to the driver
         - Remove gic_get_usm_range()
         - Remove __gic_irq_dispatch() forward declaration
         - Remove gic_init()
         - Use mips_gic_present() in place of gic_present and remove
           gic_present
         - Move gic_get_c0_*_int() to asm/mips-gic.h
         - Remove linux/irqchip/mips-gic.h
         - Inline __gic_init()
         - Inline gic_basic_init()
         - Make pcpu_masks a per-cpu variable
         - Use pcpu_masks to avoid reading GIC_SH_MASK*
         - Clean up mti, reserved-cpu-vectors handling
         - Use cpumask_first_and() in gic_set_affinity()
         - Let the core set struct irq_common_data affinity
      
        microMIPS:
         - Fix microMIPS stack unwinding on big endian systems
      
        MIPS-GIC:
         - SYNC after enabling GIC region
      
        NUMA:
         - Remove the unused parent_node() macro
      
        R6:
         - Constify r2_decoder_tables
         - Add accessor & bit definitions for GlobalNumber
      
        SMP:
         - Constify smp ops
         - Allow boot_secondary SMP op to return errors
      
        VDSO:
         - Drop gic_get_usm_range() usage
         - Avoid use of linux/irqchip/mips-gic.h
      
        Platform changes:
      
        Alchemy:
         - Add devboard machine type to cpuinfo
         - update cpu feature overrides
         - Threaded carddetect irqs for devboards
      
        AR7:
         - allow NULL clock for clk_get_rate
      
        BCM63xx:
         - Fix ENETDMA_6345_MAXBURST_REG offset
         - Allow NULL clock for clk_get_rate
      
        CI20:
         - Enable GPIO and RTC drivers in defconfig
         - Add ethernet and fixed-regulator nodes to DTS
      
        Generic platform:
         - Move Boston and NI 169445 FIT image source to their own files
         - Include asm/bootinfo.h for plat_fdt_relocated()
         - Include asm/time.h for get_c0_*_int()
         - Include asm/bootinfo.h for plat_fdt_relocated()
         - Include asm/time.h for get_c0_*_int()
         - Allow filtering enabled boards by requirements
         - Don't explicitly disable CONFIG_USB_SUPPORT
         - Bump default NR_CPUS to 16
      
        JZ4700:
         - Probe the jz4740-rtc driver from devicetree
      
        Lantiq:
         - Drop check of boot select from the spi-falcon driver.
         - Drop check of boot select from the lantiq-flash MTD driver.
         - Access boot cause register in the watchdog driver through regmap
         - Add device tree binding documentation for the watchdog driver
         - Add docs for the RCU DT bindings.
         - Convert the fpi bus driver to a platform_driver
         - Remove ltq_reset_cause() and ltq_boot_select(
         - Switch to a proper reset driver
         - Switch to a new drivers/soc GPHY driver
         - Add an USB PHY driver for the Lantiq SoCs using the RCU module
         - Use of_platform_default_populate instead of __dt_register_buses
         - Enable MFD_SYSCON to be able to use it for the RCU MFD
         - Replace ltq_boot_select() with dummy implementation.
      
        Loongson 2F:
         - Allow NULL clock for clk_get_rate
      
        Malta:
         - Use new GIC accessor functions
      
        NI 169445:
         - Add support for NI 169445 board.
         - Only include in 32r2el kernels
      
        Octeon:
         - Add support for watchdog of 78XX SOCs.
         - Add support for watchdog of CN68XX SOCs.
         - Expose support for mips32r1, mips32r2 and mips64r1
         - Enable more drivers in config file
         - Add support for accessing the boot vector.
         - Remove old boot vector code from watchdog driver
         - Define watchdog registers for 70xx, 73xx, 78xx, F75xx.
         - Make CSR functions node aware.
         - Allow access to CIU3 IRQ domains.
         - Misc cleanups in the watchdog driver
      
        Omega2+:
         - New board, add support and defconfig
      
        Pistachio:
         - Enable Root FS on NFS in defconfig
      
        Ralink:
         - Add Mediatek MT7628A SoC
         - Allow NULL clock for clk_get_rate
         - Explicitly request exclusive reset control in the pci-mt7620 PCI driver.
      
        SEAD3:
         - Only include in 32 bit kernels by default
      
        VoCore:
         - Add VoCore as a vendor t0 dt-bindings
         - Add defconfig file"
      
      * '4.14-features' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus: (167 commits)
        MIPS: Refactor handling of stack pointer in get_frame_info
        MIPS: Stacktrace: Fix microMIPS stack unwinding on big endian systems
        MIPS: microMIPS: Fix decoding of swsp16 instruction
        MIPS: microMIPS: Fix decoding of addiusp instruction
        MIPS: microMIPS: Fix detection of addiusp instruction
        MIPS: Handle non word sized instructions when examining frame
        MIPS: ralink: allow NULL clock for clk_get_rate
        MIPS: Loongson 2F: allow NULL clock for clk_get_rate
        MIPS: BCM63XX: allow NULL clock for clk_get_rate
        MIPS: AR7: allow NULL clock for clk_get_rate
        MIPS: BCM63XX: fix ENETDMA_6345_MAXBURST_REG offset
        mips: Save all registers when saving the frame
        MIPS: Add DWARF unwinding to assembly
        MIPS: Make SAVE_SOME more standard
        MIPS: Fix issues in backtraces
        MIPS: jz4780: DTS: Probe the jz4740-rtc driver from devicetree
        MIPS: Ci20: Enable RTC driver
        watchdog: octeon-wdt: Add support for 78XX SOCs.
        watchdog: octeon-wdt: Add support for cn68XX SOCs.
        watchdog: octeon-wdt: File cleaning.
        ...
      73184130
    • L
      Merge tag 'pci-v4.14-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci · 8d93c7a4
      Linus Torvalds 提交于
      Pull PCI fix from Bjorn Helgaas:
       "Revert an attempt to fix a race while enabling upstream bridges
        because it broke iwlwifi firmware loading"
      
      * tag 'pci-v4.14-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
        Revert "PCI: Avoid race while enabling upstream bridges"
      8d93c7a4
    • L
      Merge tag 'drm-fixes-for-v4.14-rc1' of git://people.freedesktop.org/~airlied/linux · 02cfe977
      Linus Torvalds 提交于
      Pull drm AMD fixes from Dave Airlie:
       "Just had a single AMD fixes pull from Alex for rc1"
      
      * tag 'drm-fixes-for-v4.14-rc1' of git://people.freedesktop.org/~airlied/linux:
        drm/amdgpu: revert "fix deadlock of reservation between cs and gpu reset v2"
        drm/amdgpu: remove duplicate return statement
        drm/amdgpu: check memory allocation failure
        drm/amd/amdgpu: fix BANK_SELECT on Vega10 (v2)
        drm/amdgpu: inline amdgpu_ttm_do_bind again
        drm/amdgpu: fix amdgpu_ttm_bind
        drm/amdgpu: remove the GART copy hack
        drm/ttm:fix wrong decoding of bo_count
        drm/ttm: fix missing inc bo_count
        drm/amdgpu: set sched_hw_submission higher for KIQ (v3)
        drm/amdgpu: move default gart size setting into gmc modules
        drm/amdgpu: refine default gart size
        drm/amd/powerplay: ACG frequency added in PPTable
        drm/amdgpu: discard commands of killed processes
        drm/amdgpu: fix and cleanup shadow handling
        drm/amdgpu: add automatic per asic settings for gart_size
        drm/amdgpu/gfx8: fix spelling typo in mqd allocation
        drm/amd/powerplay: unhalt mec after loading
        drm/amdgpu/virtual_dce: Virtual display doesn't support disable vblank immediately
        drm/amdgpu: Fix huge page updates with CPU
      02cfe977
    • L
      Merge branch 'i2c/for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux · bbe05e54
      Linus Torvalds 提交于
      Pull more i2c updates from Wolfram Sang:
       "I2C has two more new drivers: Altera FPGA and STM32F7"
      
      * 'i2c/for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
        i2c: i2c-stm32f7: add driver
        i2c: i2c-stm32f4: use generic definition of speed enum
        dt-bindings: i2c-stm32: Document the STM32F7 I2C bindings
        i2c: altera: Add Altera I2C Controller driver
        dt-bindings: i2c: Add Altera I2C Controller
      bbe05e54
    • L
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 9db59599
      Linus Torvalds 提交于
      Pull more KVM updates from Paolo Bonzini:
       - PPC bugfixes
       - RCU splat fix
       - swait races fix
       - pointless userspace-triggerable BUG() fix
       - misc fixes for KVM_RUN corner cases
       - nested virt correctness fixes + one host DoS
       - some cleanups
       - clang build fix
       - fix AMD AVIC with default QEMU command line options
       - x86 bugfixes
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (28 commits)
        kvm: nVMX: Handle deferred early VMLAUNCH/VMRESUME failure properly
        kvm: vmx: Handle VMLAUNCH/VMRESUME failure properly
        kvm: nVMX: Remove nested_vmx_succeed after successful VM-entry
        kvm,mips: Fix potential swait_active() races
        kvm,powerpc: Serialize wq active checks in ops->vcpu_kick
        kvm: Serialize wq active checks in kvm_vcpu_wake_up()
        kvm,x86: Fix apf_task_wake_one() wq serialization
        kvm,lapic: Justify use of swait_active()
        kvm,async_pf: Use swq_has_sleeper()
        sched/wait: Add swq_has_sleeper()
        KVM: VMX: Do not BUG() on out-of-bounds guest IRQ
        KVM: Don't accept obviously wrong gsi values via KVM_IRQFD
        kvm: nVMX: Don't allow L2 to access the hardware CR8
        KVM: trace events: update list of exit reasons
        KVM: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready" exceptions simultaneously
        KVM: X86: Don't block vCPU if there is pending exception
        KVM: SVM: Add irqchip_split() checks before enabling AVIC
        KVM: Add struct kvm_vcpu pointer parameter to get_enable_apicv()
        KVM: SVM: Refactor AVIC vcpu initialization into avic_init_vcpu()
        KVM: x86: fix clang build
        ...
      9db59599
    • E
      bpf/verifier: reject BPF_ALU64|BPF_END · e67b8a68
      Edward Cree 提交于
      Neither ___bpf_prog_run nor the JITs accept it.
      Also adds a new test case.
      
      Fixes: 17a52670 ("bpf: verifier (add verifier core)")
      Signed-off-by: NEdward Cree <ecree@solarflare.com>
      Acked-by: NAlexei Starovoitov <ast@kernel.org>
      Acked-by: NDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      e67b8a68
    • X
      sctp: do not mark sk dumped when inet_sctp_diag_fill returns err · 8c7c19a5
      Xin Long 提交于
      sctp_diag would not actually dump out sk/asoc if inet_sctp_diag_fill
      returns err, in which case it shouldn't mark sk dumped by setting
      cb->args[3] as 1 in sctp_sock_dump().
      
      Otherwise, it could cause some asocs to have no parent's sk dumped
      in 'ss --sctp'.
      
      So this patch is to not set cb->args[3] when inet_sctp_diag_fill()
      returns err in sctp_sock_dump().
      
      Fixes: 8f840e47 ("sctp: add the sctp_diag.c file")
      Signed-off-by: NXin Long <lucien.xin@gmail.com>
      Acked-by: NMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
      Acked-by: NNeil Horman <nhorman@tuxdriver.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      8c7c19a5
    • X
      sctp: fix an use-after-free issue in sctp_sock_dump · d25adbeb
      Xin Long 提交于
      Commit 86fdb344 ("sctp: ensure ep is not destroyed before doing the
      dump") tried to fix an use-after-free issue by checking !sctp_sk(sk)->ep
      with holding sock and sock lock.
      
      But Paolo noticed that endpoint could be destroyed in sctp_rcv without
      sock lock protection. It means the use-after-free issue still could be
      triggered when sctp_rcv put and destroy ep after sctp_sock_dump checks
      !ep, although it's pretty hard to reproduce.
      
      I could reproduce it by mdelay in sctp_rcv while msleep in sctp_close
      and sctp_sock_dump long time.
      
      This patch is to add another param cb_done to sctp_for_each_transport
      and dump ep->assocs with holding tsp after jumping out of transport's
      traversal in it to avoid this issue.
      
      It can also improve sctp diag dump to make it run faster, as no need
      to save sk into cb->args[5] and keep calling sctp_for_each_transport
      any more.
      
      This patch is also to use int * instead of int for the pos argument
      in sctp_for_each_transport, which could make postion increment only
      in sctp_for_each_transport and no need to keep changing cb->args[2]
      in sctp_sock_filter and sctp_sock_dump any more.
      
      Fixes: 86fdb344 ("sctp: ensure ep is not destroyed before doing the dump")
      Reported-by: NPaolo Abeni <pabeni@redhat.com>
      Signed-off-by: NXin Long <lucien.xin@gmail.com>
      Acked-by: NMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
      Acked-by: NNeil Horman <nhorman@tuxdriver.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      d25adbeb
    • S
      netvsc: increase default receive buffer size · 5023a6db
      Stephen Hemminger 提交于
      The default receive buffer size was reduced by recent change
      to a value which was appropriate for 10G and Windows Server 2016.
      But the value is too small for full performance with 40G on Azure.
      Increase the default back to maximum supported by host.
      
      Fixes: 8b532797 ("netvsc: allow controlling send/recv buffer size")
      Signed-off-by: NStephen Hemminger <sthemmin@microsoft.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      5023a6db
    • E
      tcp: update skb->skb_mstamp more carefully · 8c72c65b
      Eric Dumazet 提交于
      liujian reported a problem in TCP_USER_TIMEOUT processing with a patch
      in tcp_probe_timer() :
            https://www.spinics.net/lists/netdev/msg454496.html
      
      After investigations, the root cause of the problem is that we update
      skb->skb_mstamp of skbs in write queue, even if the attempt to send a
      clone or copy of it failed. One reason being a routing problem.
      
      This patch prevents this, solving liujian issue.
      
      It also removes a potential RTT miscalculation, since
      __tcp_retransmit_skb() is not OR-ing TCP_SKB_CB(skb)->sacked with
      TCPCB_EVER_RETRANS if a failure happens, but skb->skb_mstamp has
      been changed.
      
      A future ACK would then lead to a very small RTT sample and min_rtt
      would then be lowered to this too small value.
      
      Tested:
      
      # cat user_timeout.pkt
      --local_ip=192.168.102.64
      
          0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3
         +0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
         +0 bind(3, ..., ...) = 0
         +0 listen(3, 1) = 0
      
         +0 `ifconfig tun0 192.168.102.64/16; ip ro add 192.0.2.1 dev tun0`
      
         +0 < S 0:0(0) win 0 <mss 1460>
         +0 > S. 0:0(0) ack 1 <mss 1460>
      
        +.1 < . 1:1(0) ack 1 win 65530
         +0 accept(3, ..., ...) = 4
      
         +0 setsockopt(4, SOL_TCP, TCP_USER_TIMEOUT, [3000], 4) = 0
         +0 write(4, ..., 24) = 24
         +0 > P. 1:25(24) ack 1 win 29200
         +.1 < . 1:1(0) ack 25 win 65530
      
      //change the ipaddress
         +1 `ifconfig tun0 192.168.0.10/16`
      
         +1 write(4, ..., 24) = 24
         +1 write(4, ..., 24) = 24
         +1 write(4, ..., 24) = 24
         +1 write(4, ..., 24) = 24
      
         +0 `ifconfig tun0 192.168.102.64/16`
         +0 < . 1:2(1) ack 25 win 65530
         +0 `ifconfig tun0 192.168.0.10/16`
      
         +3 write(4, ..., 24) = -1
      
      # ./packetdrill user_timeout.pkt
      Signed-off-by: NEric Dumazet <edumazet@googl.com>
      Reported-by: Nliujian <liujian56@huawei.com>
      Acked-by: NNeal Cardwell <ncardwell@google.com>
      Acked-by: NYuchung Cheng <ycheng@google.com>
      Acked-by: NSoheil Hassas Yeganeh <soheil@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      8c72c65b
    • D
      net: ipv4: fix l3slave check for index returned in IP_PKTINFO · cbea8f02
      David Ahern 提交于
      rt_iif is only set to the actual egress device for the output path. The
      recent change to consider the l3slave flag when returning IP_PKTINFO
      works for local traffic (the correct device index is returned), but it
      broke the more typical use case of packets received from a remote host
      always returning the VRF index rather than the original ingress device.
      Update the fixup to consider l3slave and rt_iif actually getting set.
      
      Fixes: 1dfa7639 ("net: ipv4: add check for l3slave for index returned in IP_PKTINFO")
      Signed-off-by: NDavid Ahern <dsahern@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      cbea8f02