1. 15 Nov, 2017 40 commits
    • Jann Horn's avatar
      mm/pagewalk.c: report holes in hugetlb ranges · 373c4557
      Jann Horn authored
      This matters at least for the mincore syscall, which will otherwise copy
      uninitialized memory from the page allocator to userspace.  It is
      probably also a correctness error for /proc/$pid/pagemap, but I haven't
      tested that.
      
      Removing the `walk->hugetlb_entry` condition in walk_hugetlb_range() has
      no effect because the caller already checks for that.
      
      This only reports holes in hugetlb ranges to callers who have specified
      a hugetlb_entry callback.
      
      This issue was found using an AFL-based fuzzer.
      
      v2:
       - don't crash on ->pte_hole==NULL (Andrew Morton)
       - add Cc stable (Andrew Morton)
      
      Fixes: 1e25a271 ("mincore: apply page table walker on do_mincore()")
      Signed-off-by: default avatarJann Horn <jannh@google.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      373c4557
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next · 5bbcc0f5
      Linus Torvalds authored
      Pull networking updates from David Miller:
       "Highlights:
      
         1) Maintain the TCP retransmit queue using an rbtree, with 1GB
            windows at 100Gb this really has become necessary. From Eric
            Dumazet.
      
         2) Multi-program support for cgroup+bpf, from Alexei Starovoitov.
      
         3) Perform broadcast flooding in hardware in mv88e6xxx, from Andrew
            Lunn.
      
         4) Add meter action support to openvswitch, from Andy Zhou.
      
         5) Add a data meta pointer for BPF accessible packets, from Daniel
            Borkmann.
      
         6) Namespace-ify almost all TCP sysctl knobs, from Eric Dumazet.
      
         7) Turn on Broadcom Tags in b53 driver, from Florian Fainelli.
      
         8) More work to move the RTNL mutex down, from Florian Westphal.
      
         9) Add 'bpftool' utility, to help with bpf program introspection.
            From Jakub Kicinski.
      
        10) Add new 'cpumap' type for XDP_REDIRECT action, from Jesper
            Dangaard Brouer.
      
        11) Support 'blocks' of transformations in the packet scheduler which
            can span multiple network devices, from Jiri Pirko.
      
        12) TC flower offload support in cxgb4, from Kumar Sanghvi.
      
        13) Priority based stream scheduler for SCTP, from Marcelo Ricardo
            Leitner.
      
        14) Thunderbolt networking driver, from Amir Levy and Mika Westerberg.
      
        15) Add RED qdisc offloadability, and use it in mlxsw driver. From
            Nogah Frankel.
      
        16) eBPF based device controller for cgroup v2, from Roman Gushchin.
      
        17) Add some fundamental tracepoints for TCP, from Song Liu.
      
        18) Remove garbage collection from ipv6 route layer, this is a
            significant accomplishment. From Wei Wang.
      
        19) Add multicast route offload support to mlxsw, from Yotam Gigi"
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (2177 commits)
        tcp: highest_sack fix
        geneve: fix fill_info when link down
        bpf: fix lockdep splat
        net: cdc_ncm: GetNtbFormat endian fix
        openvswitch: meter: fix NULL pointer dereference in ovs_meter_cmd_reply_start
        netem: remove unnecessary 64 bit modulus
        netem: use 64 bit divide by rate
        tcp: Namespace-ify sysctl_tcp_default_congestion_control
        net: Protect iterations over net::fib_notifier_ops in fib_seq_sum()
        ipv6: set all.accept_dad to 0 by default
        uapi: fix linux/tls.h userspace compilation error
        usbnet: ipheth: prevent TX queue timeouts when device not ready
        vhost_net: conditionally enable tx polling
        uapi: fix linux/rxrpc.h userspace compilation errors
        net: stmmac: fix LPI transitioning for dwmac4
        atm: horizon: Fix irq release error
        net-sysfs: trigger netlink notification on ifalias change via sysfs
        openvswitch: Using kfree_rcu() to simplify the code
        openvswitch: Make local function ovs_nsh_key_attr_size() static
        openvswitch: Fix return value check in ovs_meter_cmd_features()
        ...
      5bbcc0f5
    • Linus Torvalds's avatar
      Merge tag 'mips_4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/mips · 892204e0
      Linus Torvalds authored
      Pull MIPS updates from James Hogan:
       "These are the main MIPS changes for 4.15.
      
        Fixes:
         - ralink: Fix MT7620 PCI build issues (4.5)
         - Disable cmpxchg64() and HAVE_VIRT_CPU_ACCOUNTING_GEN for 32-bit SMP
           (4.1)
         - Fix MIPS64 FP save/restore on 32-bit kernels (4.0)
         - ptrace: Pick up ptrace/seccomp changed syscall numbers (3.19)
         - ralink: Fix MT7628 pinmux (3.19)
         - BCM47XX: Fix LED inversion on WRT54GSv1 (3.17)
         - Fix n32 core dumping as o32 since regset support (3.13)
         - ralink: Drop obsolete USB_ARCH_HAS_HCD select
      
        Build system:
         - Default to "generic" (multiplatform) system type instead of IP22
         - Use generic little endian MIPS32 r2 configuration as default
           defconfig instead of ip22_defconfig
      
        FPU emulation:
         - Fix exception generation for certain R6 FPU instructions
      
        SMP:
         - Allow __cpu_number_map to be larger than NR_CPUS for sparse CPU id
           spaces
      
        Miscellaneous:
         - Add iomem resource for kernel bss section for kexec/kdump
         - Atomics: Nudge writes on bit unlock
         - DT files: Standardise "ok" -> "okay"
      
        Minor cleanups:
         - Define virt_to_pfn()
         - Make thread_saved_pc static
         - Simplify 32-bit sign extension in __read_64bit_c0_split()
         - DMA: Use vma_pages() helper
         - FPU emulation: Replace unsigned with unsigned int
         - MM: Removed unused lastpfn
         - Alchemy: Make clk_ops const
         - Lasat: Use setup_timer() helper
         - ralink: Use BIT() in MT7620 PCI driver
      
        Platform support:
      
        BMIPS:
        - Enable HARDIRQS_SW_RESEND
      
        Broadcom BCM63XX:
        - Add clkdev lookup support
        - Update clk driver, UART driver, DTs to handle named refclk from DTs
        - Split apart various clocks to more closely match hardware
        - Add ethernet clocks
      
        Cavium Octeon:
        - Remove usage of cvmx_wait() in favour of __delay()
      
        ImgTec Pistachio:
        - DT: Drop deprecated dwmmc num-slots property
      
        Ingenic JZ4780:
        - Add NFS root to Ci20 defconfig
        - Add watchdog to Ci20 DT & defconfig, and allow building of watchdog
          driver with this SoC
      
        Generic (multiplatform):
        - Migrate xilfpga (MIPSfpga) platform to the generic platform
      
        Lantiq xway:
        - Fix ASC0/ASC1 clocks"
      
      * tag 'mips_4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/mips: (46 commits)
        MIPS: Add iomem resource for kernel bss section.
        MIPS: cmpxchg64() and HAVE_VIRT_CPU_ACCOUNTING_GEN don't work for 32-bit SMP
        MIPS: BMIPS: Enable HARDIRQS_SW_RESEND
        MIPS: pci: Make use of the BIT() macro inside the mt7620 driver
        MIPS: pci: Remove KERN_WARN instance inside the mt7620 driver
        MIPS: pci: Remove duplicate define in mt7620 driver
        MIPS: ralink: Fix typo in mt7628 pinmux function
        MIPS: ralink: Fix MT7628 pinmux
        MIPS: Fix odd fp register warnings with MIPS64r2
        watchdog: jz4780: Allow selection of jz4740-wdt driver
        MIPS/ptrace: Update syscall nr on register changes
        MIPS/ptrace: Pick up ptrace/seccomp changed syscalls
        MIPS: Fix an n32 core file generation regset support regression
        MIPS: Fix MIPS64 FP save/restore on 32-bit kernels
        MIPS: page.h: Define virt_to_pfn()
        MIPS: Xilfpga: Switch to using generic defconfigs
        MIPS: generic: Add support for MIPSfpga
        MIPS: Set defconfig target to a generic system for 32r2el
        MIPS: Kconfig: Set default MIPS system type as generic
        MIPS: DTS: Remove num-slots from Pistachio SoC
        ...
      892204e0
    • Linus Torvalds's avatar
      Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · c9b012e5
      Linus Torvalds authored
      Pull arm64 updates from Will Deacon:
       "The big highlight is support for the Scalable Vector Extension (SVE)
        which required extensive ABI work to ensure we don't break existing
        applications by blowing away their signal stack with the rather large
        new vector context (<= 2 kbit per vector register). There's further
        work to be done optimising things like exception return, but the ABI
        is solid now.
      
        Much of the line count comes from some new PMU drivers we have, but
        they're pretty self-contained and I suspect we'll have more of them in
        future.
      
        Plenty of acronym soup here:
      
         - initial support for the Scalable Vector Extension (SVE)
      
         - improved handling for SError interrupts (required to handle RAS
           events)
      
         - enable GCC support for 128-bit integer types
      
         - remove kernel text addresses from backtraces and register dumps
      
         - use of WFE to implement long delay()s
      
         - ACPI IORT updates from Lorenzo Pieralisi
      
         - perf PMU driver for the Statistical Profiling Extension (SPE)
      
         - perf PMU driver for Hisilicon's system PMUs
      
         - misc cleanups and non-critical fixes"
      
      * tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: (97 commits)
        arm64: Make ARMV8_DEPRECATED depend on SYSCTL
        arm64: Implement __lshrti3 library function
        arm64: support __int128 on gcc 5+
        arm64/sve: Add documentation
        arm64/sve: Detect SVE and activate runtime support
        arm64/sve: KVM: Hide SVE from CPU features exposed to guests
        arm64/sve: KVM: Treat guest SVE use as undefined instruction execution
        arm64/sve: KVM: Prevent guests from using SVE
        arm64/sve: Add sysctl to set the default vector length for new processes
        arm64/sve: Add prctl controls for userspace vector length management
        arm64/sve: ptrace and ELF coredump support
        arm64/sve: Preserve SVE registers around EFI runtime service calls
        arm64/sve: Preserve SVE registers around kernel-mode NEON use
        arm64/sve: Probe SVE capabilities and usable vector lengths
        arm64: cpufeature: Move sys_caps_initialised declarations
        arm64/sve: Backend logic for setting the vector length
        arm64/sve: Signal handling support
        arm64/sve: Support vector length resetting for new processes
        arm64/sve: Core task context handling
        arm64/sve: Low-level CPU setup
        ...
      c9b012e5
    • Linus Torvalds's avatar
      Merge tag 'riscv-for-linus-4.15-arch-v9-premerge' of... · b293fca4
      Linus Torvalds authored
      Merge tag 'riscv-for-linus-4.15-arch-v9-premerge' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/linux
      
      Pull RISC-V architecture support from Palmer Dabbelt:
       "This contains the core RISC-V Linux port, which has been through nine
        rounds of review on various mailing lists. The port is not complete:
        there's some cleanup patches moving through the review process, a
        whole bunch of drivers that need some work, and a lot of feature
        additions that will be needed.
      
        The patches contained in this tag have been through nine rounds of
        review on the various mailing lists. I have some outstanding cleanup
        patches, but since there's been so much review on these patches I
        thought it would be best to submit them as-is and then submit explicit
        cleanup patches so everyone can review them. This first patch set is
        big enough that it's a bit of a pain to constantly rewrite, and it's
        caused a few headaches with various contributors.
      
        The port is definately a work in progress. While what's there builds
        and boots with 4.14, it's a bit hard to actually see anything happen
        because there are no device drivers yet. I maintain a staging branch
        that contains all the device drivers and cleanup that actually works,
        but those patches won't all be ready for a while. I'd like to get what
        we currently have into your tree so everyone can start working from a
        single base -- of particular importance is allowing the glibc
        upstreaming process to proceed so we can sort out any possibly
        lingering user-visible ABI problems we might have.
      
        Copied below is the ChangeLog that contains the history of this patch
        set:
      
         (v9) As per suggestions on our v8 patch set, I've split the core
              architecture code out from our drivers and would like to submit
              this patch set to be included into linux-next, with the goal
              being to be merged in during the next merge window. This patch
              set is based on 4.14-rc2, but if it's better to have it based on
              something else then I can change it around.
      
              This patch set contains just the core arch code for RISC-V, so
              while it builds an nominally boots, you can't print or take an
              interrupt so it's not that useful. If you're looking to actually
              boot a system it would probably be better to use the full patch
              set listed below.
      
              We've collected a handful of tags from reviewers, and the
              remainder of the patch set only got minimal feedback last time.
              Here's what changed:
      
               - We now use the device tree to initialize the timer driver so
                 it's less tighly coupled with the arch port.
      
               - I cleaned up the defconfigs -- there's actually now just one,
                 and it's empty. For now I think we're OK with what the kernel
                 sets as defaults, but I anticipate we'll begin to expand this
                 as people start to use the port more.
      
               - The VDSO symbols version is sane.
      
               - We WFI while spinning in the boot loop.
      
               - A handful of comments have been added.
      
              While there are still a handful of FIXMEs in this patch set,
              we've started to get enough interest from various users and
              contributors that maintaining an out of tree patch set is
              starting to become a big burden. Hopefully the patches are good
              enough to merge now, which will at least get everyone working in
              a more reasonable manner as we clean up the remaining issues.
      
         (v8) I know it may not be the ideal time to submit a patch set right
              now, as it's the middle of the merge window, but things have
              calmed down quite a bit in the last month so I thought it would
              be good to get everyone on the same page. There's been a handful
              of changes since the last patch set, but most of them are fairly
              minor:
      
               - We changed PAGE_OFFSET to allowing mapping more physical
                 memory on 64-bit systems. This is user configurable, as it
                 triggers a different code model that generates slightly less
                 efficient code.
      
               - The device tree binding documentation is back, I'd managed to
                 lose it at some point.
      
               - We now pass the atomic64 test suite
      
               - The SBI timer driver has been refactored.
      
         (v7) It's been a while since my last patch set, but the changes han
              been fairly minimal:
      
               - The PCI cleanup patches have been dropped, we'll do them as a
                 separate patch set later.
      
               - We've the Kconfig entries from CONFIG_ISA_* to
                 CONFIG_RISCV_ISA_*, to make grep easier.
      
               - There have been a handful of memory model related tweaks in
                 I/O land, particularly relating the PCI and the upcoming
                 platform specification. There are significant comments in the
                 relevant files. This is still a WIP, but I think we're close
                 to getting as good as we're going to get until we end up with
                 some more specifications.
      
         (v6) As it's been only a day since the v5 patch set, the changes are
              pretty minimal:
      
               - The patch set is now based on linux-next/master, which I
                 believe is a better base now that we're getting closer to
                 upstream.
      
               - EARLY_PRINTK is no longer an option. Since the SBI console is
                 reasonable, there's no penalty to enabling it (and thus no
                 benefit to disabling it).
      
               - The mmap syscalls were refactored a bit.
      
         (v5) Things have really started to calm down, so this is fairly
              similar to the v4 patch set. The most interesting changes
              include:
      
               - We've moved back to a single patch set.
      
               - SMP support has been fixed, I was accidentally running on a
                 non-SMP configuration. There were various mistakes all over
                 the tree as a result of this.
      
               - The cmpxchg syscalls have been removed, as they were deemed a
                 bad idea. As a result, RISC-V Linux systems mandate the A
                 extension. The corresponding Kconfig entry to enable builds
                 on non-A systems has been removed.
      
               - A few more atomic fixes: mostly fence changes, but those
                 resulted in a handful of additional macros that were no
                 longer necessary.
      
               - riscv_early_sie has been removed.
      
         (v4) There have only been a few changes since the v3 patch set:
      
               - The cmpxchg64 syscall is no longer enabled on 32-bit systems.
                 It's not possible to provide this on SMP systems, and it's
                 not necessary as glibc knows not to call it.
      
               - We provide a ELF_HWCAP so users can determine the ISA of the
                 machine the kernel is running on.
      
               - The multi-line comments are in a better form.
      
               - There were a handful of headers that could be replaced with
                 the asm-generic versions, and a few unnecessary definitions.
      
               - We no longer use printk, but instead use pr_*.
      
               - A few Kconfig and defconfig entries have been cleaned up.
      
         (v3) A highlight of the changes since the v2 patch set includes:
      
               - We've split out all our drivers into separate patch sets,
                 which I've already sent out to the relevant maintainers. I
                 haven't included those patches in this patch set, but some of
                 them are necessary to build our port.
      
               - The patch set is now split up differently: rather than being
                 split per directory it is split per topic. Hopefully this
                 will make it easier to review the port on the mailing list.
                 The split is a bit rough, so you probably still want to look
                 at the patch set as a whole.
      
               - atomic.h has been completely rewritten and is hopefully now
                 correct. I've attempted to sanitize the various other memory
                 model related code as well, and I think it should all be sane
                 now aside from a handful of FIXMEs commented in the code.
      
               - We've changed the cmpexchg syscall to always exist and to not
                 be multiplexed. There is also a VDSO entry for compare and
                 exchange, which allows kernels with the A extension to
                 execute user code without the A extension reasonably fast.
      
               - Our user-visible register state now contains enough space for
                 the Q extension for 128-bit floating point, as well as a few
                 words to allow extensibility to future ISA extensions like
                 the eventual V extension for vectors.
      
               - A handful of driver cleanups, but these have been split into
                 separate patch sets now so I won't duplicate them here.
      
         (v2) A highlight of the changes since the v1 patch set includes:
      
               - We've split out our drivers into the right places, which
                 means now there's a lot more patches. I'll be submitting
                 these patches to various subsystem maintainers and including
                 them in any future RISC-V patch sets until they've been
                 merged.
      
               - The SBI console driver has been completely rewritten to use
                 the HVC helpers and is now significantly smaller.
      
               - We've begun to use weaker barriers as opposed to just the big
                 "fence". There's still some work to do here, specifically:
                  - We need fences in the relaxed MMIO functions.
                  - The non-relaxed MMIO functions are missing R/W bits on their fences.
                  - Many AMOs need the aq and rl bits set.
      
               - We now have thread_info in task_struct. As a result, sscratch
                 now contains TP instead of SP. This was necessary because
                 thread_info is no longer on the stack.
      
               - A few shared routines have been added that we use instead of
                 creating another arch copy"
      Reviewed-by: default avatarArnd Bergmann <arnd@arndb.de>
      
      * tag 'riscv-for-linus-4.15-arch-v9-premerge' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/linux:
        RISC-V: Build Infrastructure
        RISC-V: User-facing API
        RISC-V: Paging and MMU
        RISC-V: Device, timer, IRQs, and the SBI
        RISC-V: Task implementation
        RISC-V: ELF and module implementation
        RISC-V: Generic library routines and assembly
        RISC-V: Atomic and Locking Code
        RISC-V: Init and Halt Code
        dt-bindings: RISC-V CPU Bindings
        lib: Add shared copies of some GCC library routines
        MAINTAINERS: Add RISC-V
      b293fca4
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching · 0ef76878
      Linus Torvalds authored
      Pull livepatching updates from Jiri Kosina:
      
       - shadow variables support, allowing livepatches to associate new
         "shadow" fields to existing data structures, from Joe Lawrence
      
       - pre/post patch callbacks API, allowing livepatch writers to register
         callbacks to be called before and after patch application, from Joe
         Lawrence
      
      * 'for-linus' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching:
        livepatch: __klp_disable_patch() should never be called for disabled patches
        livepatch: Correctly call klp_post_unpatch_callback() in error paths
        livepatch: add transition notices
        livepatch: move transition "complete" notice into klp_complete_transition()
        livepatch: add (un)patch callbacks
        livepatch: Small shadow variable documentation fixes
        livepatch: __klp_shadow_get_or_alloc() is local to shadow.c
        livepatch: introduce shadow variable API
      0ef76878
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/jikos/trivial · 9682b3de
      Linus Torvalds authored
      Pull trivial tree updates from Jiri Kosina:
       "The usual rocket-science from trivial tree for 4.15"
      
      * 'for-linus' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/jikos/trivial:
        MAINTAINERS: relinquish kconfig
        MAINTAINERS: Update my email address
        treewide: Fix typos in Kconfig
        kfifo: Fix comments
        init/Kconfig: Fix module signing document location
        misc: ibmasm: Return error on error path
        HID: logitech-hidpp: fix mistake in printk, "feeback" -> "feedback"
        MAINTAINERS: Correct path to uDraw PS3 driver
        tracing: Fix doc mistakes in trace sample
        tracing: Kconfig text fixes for CONFIG_HWLAT_TRACER
        MIPS: Alchemy: Remove reverted CONFIG_NETLINK_MMAP from db1xxx_defconfig
        mm/huge_memory.c: fixup grammar in comment
        lib/xz: Add fall-through comments to a switch statement
      9682b3de
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/jikos/hid · 20df1578
      Linus Torvalds authored
      Pull HID updates from Jiri Kosina:
      
       - high resolution mode for Dell canvas support, from Benjamin Tissoires
      
       - pen handling fixes for the Wacom driver, from Jason Gerecke
      
       - i2c-hid: Apollo-Lake based laptops improvements, from Hans de Goede
      
       - Input/Core: eraser tool support, from Ping Cheng
      
       - new ALPS touchpad (T4, found currently on HP EliteBook 1000, Zbook
         Stduio and HP Elite book x360) supportm from Masaki Ota
      
       - other smaller assorted fixes
      
      * 'for-linus' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/jikos/hid: (33 commits)
        HID: cp2112: fix broken gpio_direction_input callback
        HID: cp2112: fix interface specification URL
        HID: Wacom: switch Dell canvas into highres mode
        HID: wacom: generic: Send BTN_STYLUS3 when both barrel switches are set
        HID: sony: Fix SHANWAN pad rumbling on USB
        HID: i2c-hid: Add no-irq-after-reset quirk for 0911:5288 device
        HID: add backlight level quirk for Asus ROG laptops
        HID: cp2112: add HIDRAW dependency
        HID: Add ID 044f:b605 ThrustMaster, Inc. force feedback Racing Wheel
        HID: hid-logitech: remove redundant assignment to pointer value
        HID: wacom: generic: Recognize WACOM_HID_WD_PEN as a type of pen collection
        HID: rmi: Check that a device is a RMI device before calling RMI functions
        HID: add multi-input quirk for GamepadBlock
        HID: alps: add new U1 device ID
        HID: alps: add support for Alps T4 Touchpad device
        HID: alps: remove variables local to u1_init() from the device struct
        HID: alps: properly handle max_fingers and minimum on X and Y axis
        HID: alps: Separate U1 device code
        HID: alps: delete unnecessary struct u1_dev devInfo
        HID: usbhid: Convert timers to use timer_setup()
        ...
      20df1578
    • Eric Dumazet's avatar
      tcp: highest_sack fix · 50895b9d
      Eric Dumazet authored
      syzbot easily found a regression added in our latest patches [1]
      
      No longer set tp->highest_sack to the head of the send queue since
      this is not logical and error prone.
      
      Only sack processing should maintain the pointer to an skb from rtx queue.
      
      We might in the future only remember the sequence instead of a pointer to skb,
      since rb-tree should allow a fast lookup.
      
      [1]
      BUG: KASAN: use-after-free in tcp_highest_sack_seq include/net/tcp.h:1706 [inline]
      BUG: KASAN: use-after-free in tcp_ack+0x42bb/0x4fd0 net/ipv4/tcp_input.c:3537
      Read of size 4 at addr ffff8801c154faa8 by task syz-executor4/12860
      
      CPU: 0 PID: 12860 Comm: syz-executor4 Not tainted 4.14.0-next-20171113+ #41
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      Call Trace:
       __dump_stack lib/dump_stack.c:17 [inline]
       dump_stack+0x194/0x257 lib/dump_stack.c:53
       print_address_description+0x73/0x250 mm/kasan/report.c:252
       kasan_report_error mm/kasan/report.c:351 [inline]
       kasan_report+0x25b/0x340 mm/kasan/report.c:409
       __asan_report_load4_noabort+0x14/0x20 mm/kasan/report.c:429
       tcp_highest_sack_seq include/net/tcp.h:1706 [inline]
       tcp_ack+0x42bb/0x4fd0 net/ipv4/tcp_input.c:3537
       tcp_rcv_established+0x672/0x18a0 net/ipv4/tcp_input.c:5439
       tcp_v4_do_rcv+0x2ab/0x7d0 net/ipv4/tcp_ipv4.c:1468
       sk_backlog_rcv include/net/sock.h:909 [inline]
       __release_sock+0x124/0x360 net/core/sock.c:2264
       release_sock+0xa4/0x2a0 net/core/sock.c:2778
       tcp_sendmsg+0x3a/0x50 net/ipv4/tcp.c:1462
       inet_sendmsg+0x11f/0x5e0 net/ipv4/af_inet.c:763
       sock_sendmsg_nosec net/socket.c:632 [inline]
       sock_sendmsg+0xca/0x110 net/socket.c:642
       ___sys_sendmsg+0x75b/0x8a0 net/socket.c:2048
       __sys_sendmsg+0xe5/0x210 net/socket.c:2082
       SYSC_sendmsg net/socket.c:2093 [inline]
       SyS_sendmsg+0x2d/0x50 net/socket.c:2089
       entry_SYSCALL_64_fastpath+0x1f/0x96
      RIP: 0033:0x452879
      RSP: 002b:00007fc9761bfbe8 EFLAGS: 00000212 ORIG_RAX: 000000000000002e
      RAX: ffffffffffffffda RBX: 0000000000758020 RCX: 0000000000452879
      RDX: 0000000000000000 RSI: 0000000020917fc8 RDI: 0000000000000015
      RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000
      R10: 0000000000000000 R11: 0000000000000212 R12: 00000000006ee3a0
      R13: 00000000ffffffff R14: 00007fc9761c06d4 R15: 0000000000000000
      
      Allocated by task 12860:
       save_stack+0x43/0xd0 mm/kasan/kasan.c:447
       set_track mm/kasan/kasan.c:459 [inline]
       kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:551
       kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:489
       kmem_cache_alloc_node+0x144/0x760 mm/slab.c:3638
       __alloc_skb+0xf1/0x780 net/core/skbuff.c:193
       alloc_skb_fclone include/linux/skbuff.h:1023 [inline]
       sk_stream_alloc_skb+0x11d/0x900 net/ipv4/tcp.c:870
       tcp_sendmsg_locked+0x1341/0x3b80 net/ipv4/tcp.c:1299
       tcp_sendmsg+0x2f/0x50 net/ipv4/tcp.c:1461
       inet_sendmsg+0x11f/0x5e0 net/ipv4/af_inet.c:763
       sock_sendmsg_nosec net/socket.c:632 [inline]
       sock_sendmsg+0xca/0x110 net/socket.c:642
       SYSC_sendto+0x358/0x5a0 net/socket.c:1749
       SyS_sendto+0x40/0x50 net/socket.c:1717
       entry_SYSCALL_64_fastpath+0x1f/0x96
      
      Freed by task 12860:
       save_stack+0x43/0xd0 mm/kasan/kasan.c:447
       set_track mm/kasan/kasan.c:459 [inline]
       kasan_slab_free+0x71/0xc0 mm/kasan/kasan.c:524
       __cache_free mm/slab.c:3492 [inline]
       kmem_cache_free+0x77/0x280 mm/slab.c:3750
       kfree_skbmem+0xdd/0x1d0 net/core/skbuff.c:603
       __kfree_skb+0x1d/0x20 net/core/skbuff.c:642
       sk_wmem_free_skb include/net/sock.h:1419 [inline]
       tcp_rtx_queue_unlink_and_free include/net/tcp.h:1682 [inline]
       tcp_clean_rtx_queue net/ipv4/tcp_input.c:3111 [inline]
       tcp_ack+0x1b17/0x4fd0 net/ipv4/tcp_input.c:3593
       tcp_rcv_established+0x672/0x18a0 net/ipv4/tcp_input.c:5439
       tcp_v4_do_rcv+0x2ab/0x7d0 net/ipv4/tcp_ipv4.c:1468
       sk_backlog_rcv include/net/sock.h:909 [inline]
       __release_sock+0x124/0x360 net/core/sock.c:2264
       release_sock+0xa4/0x2a0 net/core/sock.c:2778
       tcp_sendmsg+0x3a/0x50 net/ipv4/tcp.c:1462
       inet_sendmsg+0x11f/0x5e0 net/ipv4/af_inet.c:763
       sock_sendmsg_nosec net/socket.c:632 [inline]
       sock_sendmsg+0xca/0x110 net/socket.c:642
       ___sys_sendmsg+0x75b/0x8a0 net/socket.c:2048
       __sys_sendmsg+0xe5/0x210 net/socket.c:2082
       SYSC_sendmsg net/socket.c:2093 [inline]
       SyS_sendmsg+0x2d/0x50 net/socket.c:2089
       entry_SYSCALL_64_fastpath+0x1f/0x96
      
      The buggy address belongs to the object at ffff8801c154fa80
       which belongs to the cache skbuff_fclone_cache of size 456
      The buggy address is located 40 bytes inside of
       456-byte region [ffff8801c154fa80, ffff8801c154fc48)
      The buggy address belongs to the page:
      page:ffffea00070553c0 count:1 mapcount:0 mapping:ffff8801c154f080 index:0x0
      flags: 0x2fffc0000000100(slab)
      raw: 02fffc0000000100 ffff8801c154f080 0000000000000000 0000000100000006
      raw: ffffea00070a5a20 ffffea0006a18360 ffff8801d9ca0500 0000000000000000
      page dumped because: kasan: bad access detected
      
      Fixes: 737ff314 ("tcp: use sequence distance to detect reordering")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Cc: Yuchung Cheng <ycheng@google.com>
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      50895b9d
    • Hangbin Liu's avatar
      geneve: fix fill_info when link down · fd7eafd0
      Hangbin Liu authored
      geneve->sock4/6 were added with geneve_open and released with geneve_stop.
      So when geneve link down, we will not able to show remote address and
      checksum info after commit 11387fe4 ("geneve: fix fill_info when using
      collect_metadata").
      
      Fix this by avoid passing *_REMOTE{,6} for COLLECT_METADATA since they are
      mutually exclusive, and always show UDP_ZERO_CSUM6_RX info.
      
      Fixes: 11387fe4 ("geneve: fix fill_info when using collect_metadata")
      Signed-off-by: default avatarHangbin Liu <liuhangbin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      fd7eafd0
    • Eric Dumazet's avatar
      bpf: fix lockdep splat · 89ad2fa3
      Eric Dumazet authored
      pcpu_freelist_pop() needs the same lockdep awareness than
      pcpu_freelist_populate() to avoid a false positive.
      
       [ INFO: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected ]
      
       switchto-defaul/12508 [HC0[0]:SC0[6]:HE0:SE0] is trying to acquire:
        (&htab->buckets[i].lock){......}, at: [<ffffffff9dc099cb>] __htab_percpu_map_update_elem+0x1cb/0x300
      
       and this task is already holding:
        (dev_queue->dev->qdisc_class ?: &qdisc_tx_lock#2){+.-...}, at: [<ffffffff9e135848>] __dev_queue_xmit+0
      x868/0x1240
       which would create a new lock dependency:
        (dev_queue->dev->qdisc_class ?: &qdisc_tx_lock#2){+.-...} -> (&htab->buckets[i].lock){......}
      
       but this new dependency connects a SOFTIRQ-irq-safe lock:
        (dev_queue->dev->qdisc_class ?: &qdisc_tx_lock#2){+.-...}
       ... which became SOFTIRQ-irq-safe at:
         [<ffffffff9db5931b>] __lock_acquire+0x42b/0x1f10
         [<ffffffff9db5b32c>] lock_acquire+0xbc/0x1b0
         [<ffffffff9da05e38>] _raw_spin_lock+0x38/0x50
         [<ffffffff9e135848>] __dev_queue_xmit+0x868/0x1240
         [<ffffffff9e136240>] dev_queue_xmit+0x10/0x20
         [<ffffffff9e1965d9>] ip_finish_output2+0x439/0x590
         [<ffffffff9e197410>] ip_finish_output+0x150/0x2f0
         [<ffffffff9e19886d>] ip_output+0x7d/0x260
         [<ffffffff9e19789e>] ip_local_out+0x5e/0xe0
         [<ffffffff9e197b25>] ip_queue_xmit+0x205/0x620
         [<ffffffff9e1b8398>] tcp_transmit_skb+0x5a8/0xcb0
         [<ffffffff9e1ba152>] tcp_write_xmit+0x242/0x1070
         [<ffffffff9e1baffc>] __tcp_push_pending_frames+0x3c/0xf0
         [<ffffffff9e1b3472>] tcp_rcv_established+0x312/0x700
         [<ffffffff9e1c1acc>] tcp_v4_do_rcv+0x11c/0x200
         [<ffffffff9e1c3dc2>] tcp_v4_rcv+0xaa2/0xc30
         [<ffffffff9e191107>] ip_local_deliver_finish+0xa7/0x240
         [<ffffffff9e191a36>] ip_local_deliver+0x66/0x200
         [<ffffffff9e19137d>] ip_rcv_finish+0xdd/0x560
         [<ffffffff9e191e65>] ip_rcv+0x295/0x510
         [<ffffffff9e12ff88>] __netif_receive_skb_core+0x988/0x1020
         [<ffffffff9e130641>] __netif_receive_skb+0x21/0x70
         [<ffffffff9e1306ff>] process_backlog+0x6f/0x230
         [<ffffffff9e132129>] net_rx_action+0x229/0x420
         [<ffffffff9da07ee8>] __do_softirq+0xd8/0x43d
         [<ffffffff9e282bcc>] do_softirq_own_stack+0x1c/0x30
         [<ffffffff9dafc2f5>] do_softirq+0x55/0x60
         [<ffffffff9dafc3a8>] __local_bh_enable_ip+0xa8/0xb0
         [<ffffffff9db4c727>] cpu_startup_entry+0x1c7/0x500
         [<ffffffff9daab333>] start_secondary+0x113/0x140
      
       to a SOFTIRQ-irq-unsafe lock:
        (&head->lock){+.+...}
       ... which became SOFTIRQ-irq-unsafe at:
       ...  [<ffffffff9db5971f>] __lock_acquire+0x82f/0x1f10
         [<ffffffff9db5b32c>] lock_acquire+0xbc/0x1b0
         [<ffffffff9da05e38>] _raw_spin_lock+0x38/0x50
         [<ffffffff9dc0b7fa>] pcpu_freelist_pop+0x7a/0xb0
         [<ffffffff9dc08b2c>] htab_map_alloc+0x50c/0x5f0
         [<ffffffff9dc00dc5>] SyS_bpf+0x265/0x1200
         [<ffffffff9e28195f>] entry_SYSCALL_64_fastpath+0x12/0x17
      
       other info that might help us debug this:
      
       Chain exists of:
         dev_queue->dev->qdisc_class ?: &qdisc_tx_lock#2 --> &htab->buckets[i].lock --> &head->lock
      
        Possible interrupt unsafe locking scenario:
      
              CPU0                    CPU1
              ----                    ----
         lock(&head->lock);
                                      local_irq_disable();
                                      lock(dev_queue->dev->qdisc_class ?: &qdisc_tx_lock#2);
                                      lock(&htab->buckets[i].lock);
         <Interrupt>
           lock(dev_queue->dev->qdisc_class ?: &qdisc_tx_lock#2);
      
        *** DEADLOCK ***
      
      Fixes: e19494ed ("bpf: introduce percpu_freelist")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      89ad2fa3
    • Bjørn Mork's avatar
      net: cdc_ncm: GetNtbFormat endian fix · 6314dab4
      Bjørn Mork authored
      The GetNtbFormat and SetNtbFormat requests operate on 16 bit little
      endian values. We get away with ignoring this most of the time, because
      we only care about USB_CDC_NCM_NTB16_FORMAT which is 0x0000.  This
      fails for USB_CDC_NCM_NTB32_FORMAT.
      
      Fix comparison between LE value from device and constant by converting
      the constant to LE.
      Reported-by: default avatarBen Hutchings <ben.hutchings@codethink.co.uk>
      Fixes: 2b02c20c ("cdc_ncm: Set NTB format again after altsetting switch for Huawei devices")
      Cc: Enrico Mioso <mrkiko.rs@gmail.com>
      Cc: Christian Panton <christian@panton.org>
      Signed-off-by: default avatarBjørn Mork <bjorn@mork.no>
      Acked-By: default avatarEnrico Mioso <mrkiko.rs@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6314dab4
    • Jiri Kosina's avatar
      Merge branch 'for-4.15/wacom' into for-linus · 01125b2d
      Jiri Kosina authored
      - High resolution mode for DEll canvas support, from Benjamin Tissoires
      - A lot of improvements to pen handling in the Wacom driver, from Jason Gerecke
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      01125b2d
    • Jiri Kosina's avatar
      Merge branch 'for-4.15/use-timer-setup' into for-linus · 4b545304
      Jiri Kosina authored
      - usbhid: conversion to timer_setup() and from_timer() from Kees Cook
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      4b545304
    • Jiri Kosina's avatar
      Merge branch 'for-4.15/upstream' into for-linus · 6ed7a70b
      Jiri Kosina authored
      - cp2112: GPIO error handling and Kconfig fixes from Sébastien Szymanski
      - i2c-hid: fixup / quirk for Apollo-Lake based laptops, from Hans de Goede
      - Input/Core: add eraser tool support, from Ping Cheng
      - small assorted code fixes
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      6ed7a70b
    • Jiri Kosina's avatar
      Merge branch 'for-4.15/sony' into for-linus · b50b9d3d
      Jiri Kosina authored
      - SHANWAN PS3 rumble fix from Bastien Nocera
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      b50b9d3d
    • Jiri Kosina's avatar
      Merge branch 'for-4.15/multitouch' into for-linus · ea3bbd0a
      Jiri Kosina authored
      - make sure that we forward MSC_TIMESTAMP in accordance to the specification,
        from Nicolas Boichat
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      ea3bbd0a
    • Jiri Kosina's avatar
      Merge branch 'for-4.15/logitech' into for-linus · 6101cb7e
      Jiri Kosina authored
      - small code fixes for Logitech driver from Colin Ian King
      6101cb7e
    • Jiri Kosina's avatar
      Merge branch 'for-4.15/hyperv' into for-linus · e1548dcd
      Jiri Kosina authored
      - trivial printk() line termination fix for HyperV
      e1548dcd
    • Jiri Kosina's avatar
      Merge branch 'for-4.15/asus' into for-linus · 47dd6b01
      Jiri Kosina authored
      - Asus laptop fixes (fn keys, backlight), from Mustafa Kuscu and
        Maxime Bellengé
      47dd6b01
    • Jiri Kosina's avatar
      Merge branch 'for-4.15/alps' into for-linus · 5cc619db
      Jiri Kosina authored
      - New ALPS touchpad (T4, found currently on HP EliteBook 1000, Zbook Stduio
        and HP Elite book x360) support from Masaki Ota
      5cc619db
    • Jiri Kosina's avatar
      Merge branch 'for-4.14/upstream-fixes' into for-linus · 83fd5ddc
      Jiri Kosina authored
      - Wacom: recognize PEN application collection properly, from Jason Gerecke
      - RMI: avoid cofusion caused by RMI functions being by mistake called on
        non-RMI devices, from Andrew Duggan
      - small device-ID-specific quirks/fixes
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      83fd5ddc
    • Jiri Kosina's avatar
      Merge branch 'for-4.15/callbacks' into for-linus · fc41efc1
      Jiri Kosina authored
      This pulls in an infrastructure/API that allows livepatch writers to
      register pre-patch and post-patch callbacks that allow for running a
      glue code necessary for finalizing the patching if necessary.
      
      Conflicts:
      	kernel/livepatch/core.c
      	- trivial conflict by adding a callback call into
      	  module going notifier vs. moving that code block
      	  to klp_cleanup_module_patches_limited()
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      fc41efc1
    • Jiri Kosina's avatar
      Merge branch 'for-4.15/shadow-variables' into for-linus · cb65dc7b
      Jiri Kosina authored
      Shadow variables allow callers to associate new shadow fields to existing data
      structures.  This is intended to be used by livepatch modules seeking to
      emulate additions to data structure definitions.
      cb65dc7b
    • Gustavo A. R. Silva's avatar
      openvswitch: meter: fix NULL pointer dereference in ovs_meter_cmd_reply_start · b74912a2
      Gustavo A. R. Silva authored
      It seems that the intention of the code is to null check the value
      returned by function genlmsg_put. But the current code is null
      checking the address of the pointer that holds the value returned
      by genlmsg_put.
      
      Fix this by properly null checking the value returned by function
      genlmsg_put in order to avoid a pontential null pointer dereference.
      
      Addresses-Coverity-ID: 1461561 ("Dereference before null check")
      Addresses-Coverity-ID: 1461562 ("Dereference null return value")
      Fixes: 96fbc13d ("openvswitch: Add meter infrastructure")
      Signed-off-by: default avatarGustavo A. R. Silva <garsilva@embeddedor.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b74912a2
    • David S. Miller's avatar
      Merge branch 'netem-fix-compilation-on-32-bit' · 69d48179
      David S. Miller authored
      Stephen Hemminger says:
      
      ====================
      netem: fix compilation on 32 bit
      
      A couple of places where 64 bit CPU was being assumed incorrectly.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      69d48179
    • Stephen Hemminger's avatar
      netem: remove unnecessary 64 bit modulus · 9b0ed891
      Stephen Hemminger authored
      Fix compilation on 32 bit platforms (where doing modulus operation
      with 64 bit requires extra glibc functions) by truncation.
      The jitter for table distribution is limited to a 32 bit value
      because random numbers are scaled as 32 bit value.
      
      Also fix some whitespace.
      
      Fixes: 99803171 ("netem: add uapi to express delay and jitter in nanoseconds")
      Reported-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Signed-off-by: default avatarStephen Hemminger <stephen@networkplumber.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9b0ed891
    • Stephen Hemminger's avatar
      netem: use 64 bit divide by rate · bce552fd
      Stephen Hemminger authored
      Since times are now expressed in nanosecond, need to now do
      true 64 bit divide. Old code would truncate rate at 32 bits.
      Rename function to better express current usage.
      Signed-off-by: default avatarStephen Hemminger <stephen@networkplumber.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bce552fd
    • Stephen Hemminger's avatar
      tcp: Namespace-ify sysctl_tcp_default_congestion_control · 6670e152
      Stephen Hemminger authored
      Make default TCP default congestion control to a per namespace
      value. This changes default congestion control to a pointer to congestion ops
      (rather than implicit as first element of available lsit).
      
      The congestion control setting of new namespaces is inherited
      from the current setting of the root namespace.
      Signed-off-by: default avatarStephen Hemminger <sthemmin@microsoft.com>
      Reviewed-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6670e152
    • Kirill Tkhai's avatar
      net: Protect iterations over net::fib_notifier_ops in fib_seq_sum() · 11bf284f
      Kirill Tkhai authored
      There is at least unlocked deletion of net->ipv4.fib_notifier_ops
      from net::fib_notifier_ops:
      
      ip_fib_net_exit()
        rtnl_unlock()
        fib4_notifier_exit()
          fib_notifier_ops_unregister(net->ipv4.notifier_ops)
            list_del_rcu(&ops->list)
      
      So fib_seq_sum() can't use rtnl_lock() only for protection.
      
      The possible solution could be to use rtnl_lock()
      in fib_notifier_ops_unregister(), but this adds
      a possible delay during net namespace creation,
      so we better use rcu_read_lock() till someone
      really needs the mutex (if that happens).
      Signed-off-by: default avatarKirill Tkhai <ktkhai@virtuozzo.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      11bf284f
    • Nicolas Dichtel's avatar
      ipv6: set all.accept_dad to 0 by default · 09400953
      Nicolas Dichtel authored
      With commits 35e015e1 and a2d3f3e3, the global 'accept_dad' flag
      is also taken into account (default value is 1). If either global or
      per-interface flag is non-zero, DAD will be enabled on a given interface.
      
      This is not backward compatible: before those patches, the user could
      disable DAD just by setting the per-interface flag to 0. Now, the
      user instead needs to set both flags to 0 to actually disable DAD.
      
      Restore the previous behaviour by setting the default for the global
      'accept_dad' flag to 0. This way, DAD is still enabled by default,
      as per-interface flags are set to 1 on device creation, but setting
      them to 0 is enough to disable DAD on a given interface.
      
      - Before 35e015e1f57a7 and a2d3f3e3:
                global    per-interface    DAD enabled
      [default]   1             1              yes
                  X             0              no
                  X             1              yes
      
      - After 35e015e1 and a2d3f3e3:
                global    per-interface    DAD enabled
      [default]   1             1              yes
                  0             0              no
                  0             1              yes
                  1             0              yes
      
      - After this fix:
                global    per-interface    DAD enabled
                  1             1              yes
                  0             0              no
      [default]   0             1              yes
                  1             0              yes
      
      Fixes: 35e015e1 ("ipv6: fix net.ipv6.conf.all interface DAD handlers")
      Fixes: a2d3f3e3 ("ipv6: fix net.ipv6.conf.all.accept_dad behaviour for real")
      CC: Stefano Brivio <sbrivio@redhat.com>
      CC: Matteo Croce <mcroce@redhat.com>
      CC: Erik Kline <ek@google.com>
      Signed-off-by: default avatarNicolas Dichtel <nicolas.dichtel@6wind.com>
      Acked-by: default avatarStefano Brivio <sbrivio@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      09400953
    • Dmitry V. Levin's avatar
      uapi: fix linux/tls.h userspace compilation error · b9f3eb49
      Dmitry V. Levin authored
      Move inclusion of a private kernel header <net/tcp.h>
      from uapi/linux/tls.h to its only user - net/tls.h,
      to fix the following linux/tls.h userspace compilation error:
      
      /usr/include/linux/tls.h:41:21: fatal error: net/tcp.h: No such file or directory
      
      As to this point uapi/linux/tls.h was totaly unusuable for userspace,
      cleanup this header file further by moving other redundant includes
      to net/tls.h.
      
      Fixes: 3c4d7559 ("tls: kernel TLS support")
      Cc: <stable@vger.kernel.org> # v4.13+
      Signed-off-by: default avatarDmitry V. Levin <ldv@altlinux.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b9f3eb49
    • Alexander Kappner's avatar
      usbnet: ipheth: prevent TX queue timeouts when device not ready · bb1b40c7
      Alexander Kappner authored
      iOS devices require the host to be "trusted" before servicing network
      packets. Establishing trust requires the user to confirm a dialog on the
      iOS device.Until trust is established, the iOS device will silently discard
      network packets from the host. Currently, the ipheth driver does not detect
      whether an iOS device has established trust with the host, and immediately
      sets up the transmit queues.
      
      This causes the following problems:
      
      - Kernel taint due to WARN() in netdev watchdog.
      - Dmesg spam ("TX timeout").
      - Disruption of user space networking activity (dhcpd, etc...) when new
      interface comes up but cannot be used.
      - Unnecessary host and device wakeups and USB traffic
      
      Example dmesg output:
      
      [ 1101.319778] NETDEV WATCHDOG: eth1 (ipheth): transmit queue 0 timed out
      [ 1101.319817] ------------[ cut here ]------------
      [ 1101.319828] WARNING: CPU: 0 PID: 0 at net/sched/sch_generic.c:316 dev_watchdog+0x20f/0x220
      [ 1101.319831] Modules linked in: ipheth usbmon nvidia_drm(PO) nvidia_modeset(PO) nvidia(PO) iwlmvm mac80211 iwlwifi btusb btrtl btbcm btintel qmi_wwan bluetooth cfg80211 ecdh_generic thinkpad_acpi rfkill [last unloaded: ipheth]
      [ 1101.319861] CPU: 0 PID: 0 Comm: swapper/0 Tainted: P           O    4.13.12.1 #1
      [ 1101.319864] Hardware name: LENOVO 20ENCTO1WW/20ENCTO1WW, BIOS N1EET62W (1.35 ) 11/10/2016
      [ 1101.319867] task: ffffffff81e11500 task.stack: ffffffff81e00000
      [ 1101.319873] RIP: 0010:dev_watchdog+0x20f/0x220
      [ 1101.319876] RSP: 0018:ffff8810a3c03e98 EFLAGS: 00010292
      [ 1101.319880] RAX: 000000000000003a RBX: 0000000000000000 RCX: 0000000000000000
      [ 1101.319883] RDX: ffff8810a3c15c48 RSI: ffffffff81ccbfc2 RDI: 00000000ffffffff
      [ 1101.319886] RBP: ffff880c04ebc41c R08: 0000000000000000 R09: 0000000000000379
      [ 1101.319889] R10: 00000100696589d0 R11: 0000000000000378 R12: ffff880c04ebc000
      [ 1101.319892] R13: 0000000000000000 R14: 0000000000000001 R15: ffff880c2865fc80
      [ 1101.319896] FS:  0000000000000000(0000) GS:ffff8810a3c00000(0000) knlGS:0000000000000000
      [ 1101.319899] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [ 1101.319902] CR2: 00007f3ff24ac000 CR3: 0000000001e0a000 CR4: 00000000003406f0
      [ 1101.319905] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      [ 1101.319908] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      [ 1101.319910] Call Trace:
      [ 1101.319914]  <IRQ>
      [ 1101.319921]  ? dev_graft_qdisc+0x70/0x70
      [ 1101.319928]  ? dev_graft_qdisc+0x70/0x70
      [ 1101.319934]  ? call_timer_fn+0x2e/0x170
      [ 1101.319939]  ? dev_graft_qdisc+0x70/0x70
      [ 1101.319944]  ? run_timer_softirq+0x1ea/0x440
      [ 1101.319951]  ? timerqueue_add+0x54/0x80
      [ 1101.319956]  ? enqueue_hrtimer+0x38/0xa0
      [ 1101.319963]  ? __do_softirq+0xed/0x2e7
      [ 1101.319970]  ? irq_exit+0xb4/0xc0
      [ 1101.319976]  ? smp_apic_timer_interrupt+0x39/0x50
      [ 1101.319981]  ? apic_timer_interrupt+0x8c/0xa0
      [ 1101.319983]  </IRQ>
      [ 1101.319992]  ? cpuidle_enter_state+0xfa/0x2a0
      [ 1101.319999]  ? do_idle+0x1a3/0x1f0
      [ 1101.320004]  ? cpu_startup_entry+0x5f/0x70
      [ 1101.320011]  ? start_kernel+0x444/0x44c
      [ 1101.320017]  ? early_idt_handler_array+0x120/0x120
      [ 1101.320023]  ? x86_64_start_kernel+0x145/0x154
      [ 1101.320028]  ? secondary_startup_64+0x9f/0x9f
      [ 1101.320033] Code: 20 04 00 00 eb 9f 4c 89 e7 c6 05 59 44 71 00 01 e8 a7 df fd ff 89 d9 4c 89 e6 48 c7 c7 70 b7 cd 81 48 89 c2 31 c0 e8 97 64 90 ff <0f> ff eb bf 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00
      [ 1101.320103] ---[ end trace 0cc4d251e2b57080 ]---
      [ 1101.320110] ipheth 1-5:4.2: ipheth_tx_timeout: TX timeout
      
      The last message "TX timeout" is repeated every 5 seconds until trust is
      established or the device is disconnected, filling up dmesg.
      
      The proposed patch eliminates the problem by, upon connection, keeping the
      TX queue and carrier disabled until a packet is first received from the iOS
      device. This is reflected by the confirmed_pairing variable in the device
      structure. Only after at least one packet has been received from the iOS
      device, the transmit queue and carrier are brought up during the periodic
      device poll in ipheth_carrier_set. Because the iOS device will always send
      a packet immediately upon trust being established, this should not delay
      the interface becoming useable. To prevent failed UBRs in
      ipheth_rcvbulk_callback from perpetually re-enabling the queue if it was
      disabled, a new check is added so only successful transfers re-enable the
      queue, whereas failed transfers only trigger an immediate poll.
      
      This has the added benefit of removing the periodic control requests to the
      iOS device until trust has been established and thus should reduce wakeup
      events on both the host and the iOS device.
      Signed-off-by: default avatarAlexander Kappner <agk@godking.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bb1b40c7
    • Jason Wang's avatar
      vhost_net: conditionally enable tx polling · feb8892c
      Jason Wang authored
      We always poll tx for socket, this is sub optimal since this will
      slightly increase the waitqueue traversing time and more important,
      vhost could not benefit from commit 9e641bdc ("net-tun:
      restructure tun_do_read for better sleep/wakeup efficiency") even if
      we've stopped rx polling during handle_rx(), tx poll were still left
      in the waitqueue.
      
      Pktgen from a remote host to VM over mlx4 on two 2.00GHz Xeon E5-2650
      shows 11.7% improvements on rx PPS. (from 1.28Mpps to 1.44Mpps)
      
      Cc: Wei Xu <wexu@redhat.com>
      Cc: Matthew Rosato <mjrosato@linux.vnet.ibm.com>
      Signed-off-by: default avatarJason Wang <jasowang@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      feb8892c
    • Dmitry V. Levin's avatar
      uapi: fix linux/rxrpc.h userspace compilation errors · 0eef304b
      Dmitry V. Levin authored
      Consistently use types provided by <linux/types.h> to fix the following
      linux/rxrpc.h userspace compilation errors:
      
      /usr/include/linux/rxrpc.h:24:2: error: unknown type name 'u16'
        u16  srx_service; /* service desired */
      /usr/include/linux/rxrpc.h:25:2: error: unknown type name 'u16'
        u16  transport_type; /* type of transport socket (SOCK_DGRAM) */
      /usr/include/linux/rxrpc.h:26:2: error: unknown type name 'u16'
        u16  transport_len; /* length of transport address */
      
      Use __kernel_sa_family_t instead of sa_family_t the same way
      as uapi/linux/in.h does, to fix the following
      linux/rxrpc.h userspace compilation errors:
      
      /usr/include/linux/rxrpc.h:23:2: error: unknown type name 'sa_family_t'
        sa_family_t srx_family; /* address family */
      /usr/include/linux/rxrpc.h:28:3: error: unknown type name 'sa_family_t'
        sa_family_t family;  /* transport address family */
      
      Fixes: 727f8914 ("rxrpc: Expose UAPI definitions to userspace")
      Cc: <stable@vger.kernel.org> # v4.14
      Signed-off-by: default avatarDmitry V. Levin <ldv@altlinux.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0eef304b
    • Linus Torvalds's avatar
      Merge tag 'devicetree-for-4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux · 37cb8e1f
      Linus Torvalds authored
      Pull DeviceTree updates from Rob Herring:
       "A bigger diffstat than usual with the kbuild changes and a tree wide
        fix in the binding documentation.
      
        Summary:
      
         - kbuild cleanups and improvements for dtbs
      
         - Code clean-up of overlay code and fixing for some long standing
           memory leak and race condition in applying overlays
      
         - Improvements to DT memory usage making sysfs/kobjects optional and
           skipping unflattening of disabled nodes. This is part of kernel
           tinification efforts.
      
         - Final piece of removing storing the full path for every DT node.
           The prerequisite conversion of printk's to use device_node format
           specifier happened in 4.14.
      
         - Sync with current upstream dtc. This brings additional checks to
           dtb compiling.
      
         - Binding doc tree wide removal of leading 0s from examples
      
         - RTC binding documentation adding missing devices and some
           consolidation of duplicated bindings
      
         - Vendor prefix documentation for nutsboard, Silicon Storage
           Technology, shimafuji, Tecon Microprocessor Technologies, DH
           electronics GmbH, Opal Kelly, and Next Thing"
      
      * tag 'devicetree-for-4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux: (55 commits)
        dt-bindings: usb: add #phy-cells to usb-nop-xceiv
        dt-bindings: Remove leading zeros from bindings notation
        kbuild: handle dtb-y and CONFIG_OF_ALL_DTBS natively in Makefile.lib
        MIPS: dts: remove bogus bcm96358nb4ser.dtb from dtb-y entry
        kbuild: clean up *.dtb and *.dtb.S patterns from top-level Makefile
        .gitignore: move *.dtb and *.dtb.S patterns to the top-level .gitignore
        .gitignore: sort normal pattern rules alphabetically
        dt-bindings: add vendor prefix for Next Thing Co.
        scripts/dtc: Update to upstream version v1.4.5-6-gc1e55a5513e9
        of: dynamic: fix memory leak related to properties of __of_node_dup
        of: overlay: make pr_err() string unique
        of: overlay: pr_err from return NOTIFY_OK to overlay apply/remove
        of: overlay: remove unneeded check for NULL kbasename()
        of: overlay: remove a dependency on device node full_name
        of: overlay: simplify applying symbols from an overlay
        of: overlay: avoid race condition between applying multiple overlays
        of: overlay: loosen overly strict phandle clash check
        of: overlay: expand check of whether overlay changeset can be removed
        of: overlay: detect cases where device tree may become corrupt
        of: overlay: minor restructuring
        ...
      37cb8e1f
    • Linus Torvalds's avatar
      Merge tag 'leds_for_4.15rc1' of... · 6a77d866
      Linus Torvalds authored
      Merge tag 'leds_for_4.15rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/j.anaszewski/linux-leds
      
      Pull LED updates from Jacek Anaszewski:
       "New LED class driver:
         - add a driver for PC Engines APU/APU2 LEDs
      
        New LED trigger:
         - add a system activity LED trigger
      
        LED core improvements:
         - replace flags bit shift with BIT() macros
      
        Convert timers to use timer_setup() in:
         - led-core
         - ledtrig-activity
         - ledtrig-heartbeat
         - ledtrig-transient
      
        LED class drivers fixes:
         - lp55xx: fix spelling mistake: 'cound' -> 'could'
         - tca6507: Remove unnecessary reg check
         - pca955x: Don't invert requested value in pca955x_gpio_set_value()
      
        LED documentation improvements:
         - update 00-INDEX file"
      
      * tag 'leds_for_4.15rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/j.anaszewski/linux-leds:
        leds: Add driver for PC Engines APU/APU2 LEDs
        leds: lp55xx: fix spelling mistake: 'cound' -> 'could'
        leds: Convert timers to use timer_setup()
        Documentation: leds: Update 00-INDEX file
        leds: tca6507: Remove unnecessary reg check
        leds: ledtrig-heartbeat: Convert timers to use timer_setup()
        leds: Replace flags bit shift with BIT() macros
        leds: pca955x: Don't invert requested value in pca955x_gpio_set_value()
        leds: ledtrig-activity: Add a system activity LED trigger
      6a77d866
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input · 9f7a9b11
      Linus Torvalds authored
      Pull input updates from Dmitry Torokhov:
      
       - three new touchscreen drivers: EETI EXC3000, HiDeep, and Samsung
         S6SY761
      
       - the timer API conversion (setup_timer() -> timer_setup())
      
       - a few drivers swiytched to using managed API for creating custom
         device attributes
      
       - other assorted fixed and cleanups.
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: (50 commits)
        Input: gamecon - mark expected switch fall-throughs
        Input: sidewinder - mark expected switch fall-throughs
        Input: spaceball - mark expected switch fall-throughs
        Input: uinput - unlock on allocation failure in ioctl
        Input: add support for the Samsung S6SY761 touchscreen
        Input: add support for HiDeep touchscreen
        Input: st1232 - remove obsolete platform device support
        Input: convert autorepeat timer to use timer_setup()
        media: ttpci: remove autorepeat handling and use timer_setup
        Input: cyttsp4 - avoid overflows when calculating memory sizes
        Input: mxs-lradc - remove redundant assignment to pointer input
        Input: add I2C attached EETI EXC3000 multi touch driver
        Input: goodix - support gt1151 touchpanel
        Input: ps2-gpio - actually abort probe when connected to sleeping GPIOs
        Input: hil_mlc - convert to using timer_setup()
        Input: hp_sdc - convert to using timer_setup()
        Input: touchsceen - convert timers to use timer_setup()
        Input: keyboard - convert timers to use timer_setup()
        Input: uinput - fold header into the driver proper
        Input: uinput - remove uinput_allocate_device()
        ...
      9f7a9b11
    • Linus Torvalds's avatar
      Merge tag 'sound-4.15-rc1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · 4e4510fe
      Linus Torvalds authored
      Pull sound updates from Takashi Iwai:
       "There are no big surprising changes in this cycle, yet not too boring,
        either. The biggest change from diffstat POV is the removal of the
        legacy OSS driver codes that have been already disabled for a long
        time. This will bring a few trivial merge conflicts.
      
        As new features in ASoC side, there are two things: a new AC97 bus
        implementation and AMD Stony platform support. Both include the
        relevant changes shared with other subsystems, e.g. AC97 MFD changes
        and DRM AMD changes.
      
        Some other highlighted topics are:
      
         - A bunch of USB-audio drivers got the hardening against the
           malicious device accesses with a new helper code for endpoint
           sanity check
      
         - Lots of cleanups for ASoC Intel platform code, including support
           for their open source audio firmware
      
         - Continued ASoC core componentization works
      
         - Support for scaling MCLK with sample rate in ASoC simple-card
      
         - Stabler PCM hot-unplug capability, especially for ASoC usages"
      
      * tag 'sound-4.15-rc1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (302 commits)
        Documentation: sound: hd-audio: notes.rst
        ASoC: bcm2835: Support left/right justified and DSP modes
        ASoC: bcm2835: Enforce full symmetry
        ASoC: bcm2835: Support additional samplerates up to 384kHz
        ASoC: bcm2835: Add support for TDM modes
        ASoC: add mclk-fs support to audio graph card
        ASoC: add mclk-fs to audio graph card binding
        ASoC: rt5514: work around link error
        ASoC: rt5514: mark PM functions as __maybe_unused
        ASoC: rt5663: Check the JD status in the button pushing
        ASoC: amd: Modified DMA transfer Mechanism for Playback
        ASoC: rt5645: Wait for 400msec before concluding on value of RT5645_VENDOR_ID2
        ASoC: sun4i-codec: fixed 32bit audio capture support for H3/H2+
        ASoC: da7213: add support for DSP modes
        ASoC: sun8i-codec: Add a comment on the LRCK inversion
        ASoC: sun8i-codec: Set the BCLK divider
        ASoC: rt5663: Delay and retry reading rt5663 ID register
        ASoC: amd: use do_div rather than 64 bit division to fix 32 bit builds
        ASoC: cs42l56: Fix reset GPIO name in example DT binding
        ASoC: rt5514-spi: check irq status to schedule data copy in resume function
        ...
      4e4510fe
    • Linus Torvalds's avatar
      Merge branch 'i2c/for-4.15' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/wsa/linux · 4008e6a9
      Linus Torvalds authored
      Pull i2c updates from Wolfram Sang:
       "This contains two bigger than usual tree-wide changes this time. They
        all have proper acks, caused no merge conflicts in linux-next where
        they have been for a while. They are namely:
      
         - to-gpiod conversion of the i2c-gpio driver and its users (touching
           arch/* and drivers/mfd/*)
      
         - adding a sbs-manager based on I2C core updates to SMBus alerts
           (touching drivers/power/*)
      
        Other notable changes:
      
         - i2c_boardinfo can now carry a dev_name to be used when the device
           is created. This is because some devices in ACPI world need fixed
           names to find the regulators.
      
         - the designware driver got a long discussed overhaul of its PM
           handling. img-scb and davinci got PM support, too.
      
         - at24 driver has way better OF support. And it has a new maintainer.
           Thanks Bartosz for stepping up!
      
        The rest is regular driver updates and fixes"
      
      * 'i2c/for-4.15' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/wsa/linux: (55 commits)
        ARM: sa1100: simpad: Correct I2C GPIO offsets
        i2c: aspeed: Deassert reset in probe
        eeprom: at24: Add OF device ID table
        MAINTAINERS: new maintainer for AT24 driver
        i2c: nuc900: remove platform_data, too
        i2c: thunderx: Remove duplicate NULL check
        i2c: taos-evm: Remove duplicate NULL check
        i2c: Make i2c_unregister_device() NULL-aware
        i2c: xgene-slimpro: Support v2
        i2c: mpc: remove useless variable initialization
        i2c: omap: Trigger bus recovery in lockup case
        i2c: gpio: Add support for named gpios in DT
        dt-bindings: i2c: i2c-gpio: Add support for named gpios
        i2c: gpio: Local vars in probe
        i2c: gpio: Augment all boardfiles to use open drain
        i2c: gpio: Enforce open drain through gpiolib
        gpio: Make it possible for consumers to enforce open drain
        i2c: gpio: Convert to use descriptors
        power: supply: sbs-message: fix some code style issues
        power: supply: sbs-battery: remove unchecked return var
        ...
      4008e6a9