1. 22 Nov, 2017 3 commits
    • Gianluca Borello's avatar
      bpf: change bpf_probe_read_str arg2 type to ARG_CONST_SIZE_OR_ZERO · 5c4e1201
      Gianluca Borello authored
      Commit 9fd29c08 ("bpf: improve verifier ARG_CONST_SIZE_OR_ZERO
      semantics") relaxed the treatment of ARG_CONST_SIZE_OR_ZERO due to the way
      the compiler generates optimized BPF code when checking boundaries of an
      argument from C code. A typical example of this optimized code can be
      generated using the bpf_probe_read_str helper when operating on variable
      memory:
      
      /* len is a generic scalar */
      if (len > 0 && len <= 0x7fff)
              bpf_probe_read_str(p, len, s);
      
      251: (79) r1 = *(u64 *)(r10 -88)
      252: (07) r1 += -1
      253: (25) if r1 > 0x7ffe goto pc-42
      254: (bf) r1 = r7
      255: (79) r2 = *(u64 *)(r10 -88)
      256: (bf) r8 = r4
      257: (85) call bpf_probe_read_str#45
      R2 min value is negative, either use unsigned or 'var &= const'
      
      With this code, the verifier loses track of the variable.
      
      Replacing arg2 with ARG_CONST_SIZE_OR_ZERO is thus desirable since it
      avoids this quite common case which leads to usability issues, and the
      compiler generates code that the verifier can more easily test:
      
      if (len <= 0x7fff)
              bpf_probe_read_str(p, len, s);
      
      or
      
      bpf_probe_read_str(p, len & 0x7fff, s);
      
      No changes to the bpf_probe_read_str helper are necessary since
      strncpy_from_unsafe itself immediately returns if the size passed is 0.
      Signed-off-by: default avatarGianluca Borello <g.borello@gmail.com>
      Acked-by: default avatarAlexei Starovoitov <ast@kernel.org>
      Acked-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      5c4e1201
    • Gianluca Borello's avatar
      bpf: remove explicit handling of 0 for arg2 in bpf_probe_read · eb33f2cc
      Gianluca Borello authored
      Commit 9c019e2b ("bpf: change helper bpf_probe_read arg2 type to
      ARG_CONST_SIZE_OR_ZERO") changed arg2 type to ARG_CONST_SIZE_OR_ZERO to
      simplify writing bpf programs by taking advantage of the new semantics
      introduced for ARG_CONST_SIZE_OR_ZERO which allows <!NULL, 0> arguments.
      
      In order to prevent the helper from actually passing a NULL pointer to
      probe_kernel_read, which can happen when <NULL, 0> is passed to the helper,
      the commit also introduced an explicit check against size == 0.
      
      After the recent introduction of the ARG_PTR_TO_MEM_OR_NULL type,
      bpf_probe_read can not receive a pair of <NULL, 0> arguments anymore, thus
      the check is not needed anymore and can be removed, since probe_kernel_read
      can correctly handle a <!NULL, 0> call. This also fixes the semantics of
      the helper before it gets officially released and bpf programs start
      relying on this check.
      
      Fixes: 9c019e2b ("bpf: change helper bpf_probe_read arg2 type to ARG_CONST_SIZE_OR_ZERO")
      Signed-off-by: default avatarGianluca Borello <g.borello@gmail.com>
      Acked-by: default avatarAlexei Starovoitov <ast@kernel.org>
      Acked-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Acked-by: default avatarYonghong Song <yhs@fb.com>
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      eb33f2cc
    • Gianluca Borello's avatar
      bpf: introduce ARG_PTR_TO_MEM_OR_NULL · db1ac496
      Gianluca Borello authored
      With the current ARG_PTR_TO_MEM/ARG_PTR_TO_UNINIT_MEM semantics, an helper
      argument can be NULL when the next argument type is ARG_CONST_SIZE_OR_ZERO
      and the verifier can prove the value of this next argument is 0. However,
      most helpers are just interested in handling <!NULL, 0>, so forcing them to
      deal with <NULL, 0> makes the implementation of those helpers more
      complicated for no apparent benefits, requiring them to explicitly handle
      those corner cases with checks that bpf programs could start relying upon,
      preventing the possibility of removing them later.
      
      Solve this by making ARG_PTR_TO_MEM/ARG_PTR_TO_UNINIT_MEM never accept NULL
      even when ARG_CONST_SIZE_OR_ZERO is set, and introduce a new argument type
      ARG_PTR_TO_MEM_OR_NULL to explicitly deal with the NULL case.
      
      Currently, the only helper that needs this is bpf_csum_diff_proto(), so
      change arg1 and arg3 to this new type as well.
      
      Also add a new battery of tests that explicitly test the
      !ARG_PTR_TO_MEM_OR_NULL combination: all the current ones testing the
      various <NULL, 0> variations are focused on bpf_csum_diff, so cover also
      other helpers.
      Signed-off-by: default avatarGianluca Borello <g.borello@gmail.com>
      Acked-by: default avatarAlexei Starovoitov <ast@kernel.org>
      Acked-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      db1ac496
  2. 21 Nov, 2017 1 commit
    • Yonghong Song's avatar
      bpf: change bpf_probe_write_user to bpf_trace_printk in test_verifier · f1a8b8e3
      Yonghong Song authored
      There are four tests in test_verifier using bpf_probe_write_user
      helper. These four tests will emit the following kernel messages
        [   12.974753] test_verifier[220] is installing a program with bpf_probe_write_user
                                          helper that may corrupt user memory!
        [   12.979285] test_verifier[220] is installing a program with bpf_probe_write_user
                                          helper that may corrupt user memory!
        ......
      
      This may confuse certain users. This patch replaces bpf_probe_write_user
      with bpf_trace_printk. The test_verifier already uses bpf_trace_printk
      earlier in the test and a trace_printk warning message has been printed.
      So this patch does not emit any more kernel messages.
      
      Fixes: b6ff6391 ("bpf: fix and add test cases for ARG_CONST_SIZE_OR_ZERO semantics change")
      Signed-off-by: default avatarYonghong Song <yhs@fb.com>
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      f1a8b8e3
  3. 20 Nov, 2017 13 commits
  4. 19 Nov, 2017 6 commits
    • Heiner Kallweit's avatar
      r8169: use same RTL8111EVL green settings as in vendor driver · b399a394
      Heiner Kallweit authored
      Adjust the code to use the same green settings as in the latest
      vendor driver.
      Signed-off-by: default avatarHeiner Kallweit <hkallweit1@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b399a394
    • Heiner Kallweit's avatar
      r8169: fix RTL8111EVL EEE and green settings · 1814d6a8
      Heiner Kallweit authored
      Name of functions rtl_w0w1_eri and rtl_w0w1_phy is somewhat misleading
      regarding order of arguments. One could assume that w0w1 means
      argument with bits to be reset comes before argument with bits to set.
      However this is not the case.
      So fix the order of arguments in several statements.
      
      In addition fix EEE advertisement. The current code resets the bits
      for 100BaseT and 1000BaseT EEE advertisement what is not what we want.
      
      I have a little of a hard time to find a proper "Fixes" line as the
      issue seems to have been there forever (at least it existed already
      when the driver was moved to the current place in 2011).
      
      The patch was tested on a Zotac Mini-PC with a RTL8111E-VL chip.
      Before the patch EEE was disabled, now it's properly advertised and
      works fine.
      Signed-off-by: default avatarHeiner Kallweit <hkallweit1@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1814d6a8
    • Xin Long's avatar
      tun: fix rcu_read_lock imbalance in tun_build_skb · 654d5738
      Xin Long authored
      rcu_read_lock in tun_build_skb is used to rcu_dereference tun->xdp_prog
      safely, rcu_read_unlock should be done in every return path.
      
      Now I could see one place missing it, where it returns NULL in switch-case
      XDP_REDIRECT,  another palce using rcu_read_lock wrongly, where it returns
      NULL in if (xdp_xmit) chunk.
      
      So fix both in this patch.
      
      Fixes: 761876c8 ("tap: XDP support")
      Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      654d5738
    • Neal Cardwell's avatar
      tcp: when scheduling TLP, time of RTO should account for current ACK · ed66dfaf
      Neal Cardwell authored
      Fix the TLP scheduling logic so that when scheduling a TLP probe, we
      ensure that the estimated time at which an RTO would fire accounts for
      the fact that ACKs indicating forward progress should push back RTO
      times.
      
      After the following fix:
      
      df92c839 ("tcp: fix xmit timer to only be reset if data ACKed/SACKed")
      
      we had an unintentional behavior change in the following kind of
      scenario: suppose the RTT variance has been very low recently. Then
      suppose we send out a flight of N packets and our RTT is 100ms:
      
      t=0: send a flight of N packets
      t=100ms: receive an ACK for N-1 packets
      
      The response before df92c839 that was:
        -> schedule a TLP for now + RTO_interval
      
      The response after df92c839 is:
        -> schedule a TLP for t=0 + RTO_interval
      
      Since RTO_interval = srtt + RTT_variance, this means that we have
      scheduled a TLP timer at a point in the future that only accounts for
      RTT_variance. If the RTT_variance term is small, this means that the
      timer fires soon.
      
      Before df92c839 this would not happen, because in that code, when
      we receive an ACK for a prefix of flight, we did:
      
          1) Near the top of tcp_ack(), switch from TLP timer to RTO
             at write_queue_head->paket_tx_time + RTO_interval:
                  if (icsk->icsk_pending == ICSK_TIME_LOSS_PROBE)
                         tcp_rearm_rto(sk);
      
          2) In tcp_clean_rtx_queue(), update the RTO to now + RTO_interval:
                  if (flag & FLAG_ACKED) {
                         tcp_rearm_rto(sk);
      
          3) In tcp_ack() after tcp_fastretrans_alert() switch from RTO
             to TLP at now + RTO_interval:
                  if (icsk->icsk_pending == ICSK_TIME_RETRANS)
                         tcp_schedule_loss_probe(sk);
      
      In df92c839 we removed that 3-phase dance, and instead directly
      set the TLP timer once: we set the TLP timer in cases like this to
      write_queue_head->packet_tx_time + RTO_interval. So if the RTT
      variance is small, then this means that this is setting the TLP timer
      to fire quite soon. This means if the ACK for the tail of the flight
      takes longer than an RTT to arrive (often due to delayed ACKs), then
      the TLP timer fires too quickly.
      
      Fixes: df92c839 ("tcp: fix xmit timer to only be reset if data ACKed/SACKed")
      Signed-off-by: default avatarNeal Cardwell <ncardwell@google.com>
      Signed-off-by: default avatarYuchung Cheng <ycheng@google.com>
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Acked-by: default avatarSoheil Hassas Yeganeh <soheil@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ed66dfaf
    • Gustavo A. R. Silva's avatar
      usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set · 61c59355
      Gustavo A. R. Silva authored
      _dev_ is being dereferenced before it is null checked, hence there
      is a potential null pointer dereference.
      
      Fix this by moving the pointer dereference after _dev_ has been null
      checked.
      
      Addresses-Coverity-ID: 1462020
      Fixes: bb1b40c7 ("usbnet: ipheth: prevent TX queue timeouts when device not ready")
      Signed-off-by: default avatarGustavo A. R. Silva <garsilva@embeddedor.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      61c59355
    • Alexey Kodanev's avatar
      gre6: use log_ecn_error module parameter in ip6_tnl_rcv() · 981542c5
      Alexey Kodanev authored
      After commit 308edfdf ("gre6: Cleanup GREv6 receive path, call
      common GRE functions") it's not used anywhere in the module, but
      previously was used in ip6gre_rcv().
      
      Fixes: 308edfdf ("gre6: Cleanup GREv6 receive path, call common GRE functions")
      Signed-off-by: default avatarAlexey Kodanev <alexey.kodanev@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      981542c5
  5. 18 Nov, 2017 17 commits
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc · 1deab8ce
      Linus Torvalds authored
      Pull sparc updates from David Miller:
      
       1) Add missing cmpxchg64() for 32-bit sparc.
      
       2) Timer conversions from Allen Pais and Kees Cook.
      
       3) vDSO support, from Nagarathnam Muthusamy.
      
       4) Fix sparc64 huge page table walks based upon bug report by Al Viro,
          from Nitin Gupta.
      
       5) Optimized fls() for T4 and above, from Vijay Kumar.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
        sparc64: Fix page table walk for PUD hugepages
        sparc64: Convert timers to user timer_setup()
        sparc64: convert mdesc_handle.refcnt from atomic_t to refcount_t
        sparc/led: Convert timers to use timer_setup()
        sparc64: Use sparc optimized fls and __fls for T4 and above
        sparc64: SPARC optimized __fls function
        sparc64: SPARC optimized fls function
        sparc64: Define SPARC default __fls function
        sparc64: Define SPARC default fls function
        vDSO for sparc
        sparc32: Add cmpxchg64().
        sbus: char: Move D7S_MINOR to include/linux/miscdevice.h
        sparc: time: Remove unneeded linux/miscdevice.h include
        sparc64: mmu_context: Add missing include files
      1deab8ce
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 81700247
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Revert regression inducing change to the IPSEC template resolver,
          from Steffen Klassert.
      
       2) Peeloffs can cause the wrong sk to be waken up in SCTP, fix from Xin
          Long.
      
       3) Min packet MTU size is wrong in cpsw driver, from Grygorii Strashko.
      
       4) Fix build failure in netfilter ctnetlink, from Arnd Bergmann.
      
       5) ISDN hisax driver checks pnp_irq() for errors incorrectly, from
          Arvind Yadav.
      
       6) Fix fealnx driver build failure on MIPS, from Huacai Chen.
      
       7) Fix into leak in SCTP, the scope_id of socket addresses is not
          always filled in. From Eric W. Biederman.
      
       8) MTU inheritance between physical function and representor fix in nfp
          driver, from Dirk van der Merwe.
      
       9) Fix memory leak in rsi driver, from Colin Ian King.
      
      10) Fix expiration and generation ID handling of cached ipv4 redirect
          routes, from Xin Long.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (40 commits)
        net: usb: hso.c: remove unneeded DRIVER_LICENSE #define
        ibmvnic: fix dma_mapping_error call
        ipvlan: NULL pointer dereference panic in ipvlan_port_destroy
        route: also update fnhe_genid when updating a route cache
        route: update fnhe_expires for redirect when the fnhe exists
        sctp: set frag_point in sctp_setsockopt_maxseg correctly
        rsi: fix memory leak on buf and usb_reg_buf
        net/netlabel: Add list_next_rcu() in rcu_dereference().
        nfp: remove false positive offloads in flower vxlan
        nfp: register flower reprs for egress dev offload
        nfp: inherit the max_mtu from the PF netdev
        nfp: fix vlan receive MAC statistics typo
        nfp: fix flower offload metadata flag usage
        virto_net: remove empty file 'virtio_net.'
        net/sctp: Always set scope_id in sctp_inet6_skb_msgname
        fealnx: Fix building error on MIPS
        isdn: hisax: Fix pnp_irq's error checking for setup_teles3
        isdn: hisax: Fix pnp_irq's error checking for setup_sedlbauer_isapnp
        isdn: hisax: Fix pnp_irq's error checking for setup_niccy
        isdn: hisax: Fix pnp_irq's error checking for setup_ix1micro
        ...
      81700247
    • Linus Torvalds's avatar
      Merge tag 'hwlock-v4.15' of git://github.com/andersson/remoteproc · 27eabfaa
      Linus Torvalds authored
      Pull hwspinlock update from Bjorn Andersson:
       "This changes the HWSPINLOCK core Kconfig option to bool, to aid when
        other core code depends on it"
      
      * tag 'hwlock-v4.15' of git://github.com/andersson/remoteproc:
        hwspinlock: Change hwspinlock to a bool
      27eabfaa
    • Linus Torvalds's avatar
      Merge tag 'rproc-v4.15' of git://github.com/andersson/remoteproc · 4f88bd23
      Linus Torvalds authored
      Pull remoteproc updates from Bjorn Andersson:
       "This adds an interface for configuring Qualcomm's "secure SMMU" and
        adds support for booting the modem Hexagon on MSM8996.
      
        Two new debugfs entries are added in the remoteproc core to introspect
        the list of memory carveouts and the loaded resource table"
      
      * tag 'rproc-v4.15' of git://github.com/andersson/remoteproc:
        remoteproc: qcom: Fix error handling paths in order to avoid memory leaks
        remoteproc: qcom: Drop pr_err in q6v5_xfer_mem_ownership()
        remoteproc: debug: add carveouts list dump feature
        remoteproc: debug: add resource table dump feature
        remoteproc: qcom: Add support for mss remoteproc on msm8996
        remoteproc: qcom: Make secure world call for mem ownership switch
        remoteproc: qcom: refactor mss fw image loading sequence
        firmware: scm: Add new SCM call API for switching memory ownership
      4f88bd23
    • Linus Torvalds's avatar
      Merge tag 'rpmsg-v4.15' of git://github.com/andersson/remoteproc · bedf5719
      Linus Torvalds authored
      Pull rpmsg updates from Bjorn Andersson:
      
       - turn RPMSG_VIRTIO into a user selectable config
      
       - fix few bugs in GLINK
      
       - provide the support for specifying initial buffer sizes for GLINK
         channels.
      
      * tag 'rpmsg-v4.15' of git://github.com/andersson/remoteproc:
        rpmsg: glink: The mbox client knows_txdone
        rpmsg: glink: Add missing MODULE_LICENSE
        rpmsg: glink: Use best fit intent during tx
        rpmsg: glink: Add support to preallocate intents
        dt-bindings: soc: qcom: Support GLINK intents
        rpmsg: glink: Initialize the "intent_req_comp" completion variable
        rpmsg: Allow RPMSG_VIRTIO to be enabled via menuconfig or defconfig
      bedf5719
    • Linus Torvalds's avatar
      Merge tag 'hwmon-for-linus-v4.15-take2' of... · d9ef1ccf
      Linus Torvalds authored
      Merge tag 'hwmon-for-linus-v4.15-take2' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging
      
      Pull more hwmon updates/fixes from Guenter Roeck:
      
       - minor bug fix in k10temp driver
      
       - take advantage of added NULL check in i2c_unregister_device()
      
      * tag 'hwmon-for-linus-v4.15-take2' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
        hwmon: (w83793) Remove duplicate NULL check
        hwmon: (w83792d) Remove duplicate NULL check
        hwmon: (w83791d) Remove duplicate NULL check
        hwmon: (w83781d) Remove duplicate NULL check
        hwmon: (k10temp) Correct model name for Ryzen 1600X
      d9ef1ccf
    • Linus Torvalds's avatar
      Merge tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux · fc35c196
      Linus Torvalds authored
      Pull clk updates from Stephen Boyd:
       "We have two changes to the core framework this time around.
      
        The first being a large change that introduces runtime PM support to
        the clk framework. Now we properly call runtime PM operations on the
        device providing a clk when the clk is in use. This helps on SoCs
        where the clks provided by a device need something to be powered on
        before using the clks, like power domains or regulators. It also helps
        power those things down when clks aren't in use.
      
        The other core change is a devm API addition for clk providers so we
        can get rid of a bunch of clk driver remove functions that are just
        doing of_clk_del_provider().
      
        Outside of the core, we have the usual addition of clk drivers and
        smattering of non-critical fixes to existing drivers. The biggest diff
        is support for Mediatek MT2712 and MT7622 SoCs, but those patches
        really just add a bunch of data.
      
        By the way, we're trying something new here where we build the tree up
        with topic branches. We plan to work this into our workflow so that we
        don't step on each other's toes, and so the fixes branch can be merged
        on an as-needed basis.
      
        Summary:
      
        Core:
         - runtime PM support for clk providers
         - devm API for of_clk_add_hw_provider()
      
        New Drivers:
         - Mediatek MT2712 and MT7622
         - Renesas R-Car V3M SoC
      
        Updates:
         - runtime PM support for Samsung exynos5433/exynos4412 providers
         - removal of clkdev aliases on Samsung SoCs
         - convert clk-gpio to use gpio descriptors
         - various driver cleanups to match kernel coding style
         - Amlogic Video Processing Unit VPU and VAPB clks
         - sigma-delta modulation for Allwinner audio PLLs
         - Allwinner A83t Display clks
         - support for the second display unit clock on Renesas RZ/G1E
         - suspend/resume support for Renesas R-Car Gen3 CPG/MSSR
         - new clock ids for Rockchip rk3188 and rk3368 SoCs
         - various 'const' markings on clk_ops structures
         - RPM clk support on Qualcomm MSM8996/MSM8660 SoCs"
      
      * tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux: (137 commits)
        clk: stm32h7: fix test of clock config
        clk: pxa: fix building on older compilers
        clk: sunxi-ng: a83t: Fix i2c buses bits
        clk: ti: dra7-atl-clock: fix child-node lookups
        clk: qcom: common: fix legacy board-clock registration
        clk: uniphier: fix DAPLL2 clock rate of Pro5
        clk: uniphier: fix parent of miodmac clock data
        clk: hi3798cv200: correct parent mux clock for 'clk_sdio0_ciu'
        clk: hisilicon: Delete an error message for a failed memory allocation in hisi_register_clkgate_sep()
        clk: hi3660: fix incorrect uart3 clock freqency
        clk: kona-setup: Delete error messages for failed memory allocations
        ARC: clk: fix spelling mistake: "configurarion" -> "configuration"
        clk: cdce925: remove redundant check for non-null parent_name
        clk: versatile: Improve sizeof() usage
        clk: versatile: Delete error messages for failed memory allocations
        clk: ux500: Improve sizeof() usage
        clk: ux500: Delete error messages for failed memory allocations
        clk: spear: Delete error messages for failed memory allocations
        clk: ti: Delete error messages for failed memory allocations
        clk: mmp: Adjust checks for NULL pointers
        ...
      fc35c196
    • Linus Torvalds's avatar
      Merge tag 'kbuild-misc-v4.15' of... · 2ce079f0
      Linus Torvalds authored
      Merge tag 'kbuild-misc-v4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
      
      Pull Kbuild misc updates from Masahiro Yamada:
      
       - Clean up and fix RPM package build
      
       - Fix a warning in DEB package build
      
       - Improve coccicheck script
      
       - Improve some semantic patches
      
      * tag 'kbuild-misc-v4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
        docs: dev-tools: coccinelle: delete out of date wiki reference
        coccinelle: orplus: reorganize to improve performance
        coccinelle: use exists to improve efficiency
        builddeb: Pass the kernel:debarch substvar to dpkg-genchanges
        Coccinelle: use false positive annotation
        coccinelle: fix verbose message about .cocci file being run
        coccinelle: grep Options and Requires fields more precisely
        Coccinelle: make DEBUG_FILE option more useful
        coccinelle: api: detect identical chip data arrays
        coccinelle: Improve setup_timer.cocci matching
        Coccinelle: setup_timer: improve messages from setup_timer
        kbuild: rpm-pkg: do not force -jN in submake
        kbuild: rpm-pkg: keep spec file until make mrproper
        kbuild: rpm-pkg: fix jobserver unavailable warning
        kbuild: rpm-pkg: replace $RPM_BUILD_ROOT with %{buildroot}
        kbuild: rpm-pkg: fix build error when CONFIG_MODULES is disabled
        kbuild: rpm-pkg: refactor mkspec with here doc
        kbuild: rpm-pkg: clean up mkspec
        kbuild: rpm-pkg: install vmlinux.bz2 unconditionally
        kbuild: rpm-pkg: remove ppc64 specific image handling
      2ce079f0
    • Linus Torvalds's avatar
      Merge tag 'kbuild-v4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild · 09bd7c75
      Linus Torvalds authored
      Pull Kbuild updates from Masahiro Yamada:
       "One of the most remarkable improvements in this cycle is, Kbuild is
        now able to cache the result of shell commands. Some variables are
        expensive to compute, for example, $(call cc-option,...) invokes the
        compiler. It is not efficient to redo this computation every time,
        even when we are not actually building anything. Kbuild creates a
        hidden file ".cache.mk" that contains invoked shell commands and their
        results. The speed-up should be noticeable.
      
        Summary:
      
         - Fix arch build issues (hexagon, sh)
      
         - Clean up various Makefiles and scripts
      
         - Fix wrong usage of {CFLAGS,LDFLAGS}_MODULE in arch Makefiles
      
         - Cache variables that are expensive to compute
      
         - Improve cc-ldopton and ld-option for Clang
      
         - Optimize output directory creation"
      
      * tag 'kbuild-v4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild: (30 commits)
        kbuild: move coccicheck help from scripts/Makefile.help to top Makefile
        sh: decompressor: add shipped files to .gitignore
        frv: .gitignore: ignore vmlinux.lds
        selinux: remove unnecessary assignment to subdir-
        kbuild: specify FORCE in Makefile.headersinst as .PHONY target
        kbuild: remove redundant mkdir from ./Kbuild
        kbuild: optimize object directory creation for incremental build
        kbuild: create object directories simpler and faster
        kbuild: filter-out PHONY targets from "targets"
        kbuild: remove redundant $(wildcard ...) for cmd_files calculation
        kbuild: create directory for make cache only when necessary
        sh: select KBUILD_DEFCONFIG depending on ARCH
        kbuild: fix linker feature test macros when cross compiling with Clang
        kbuild: shrink .cache.mk when it exceeds 1000 lines
        kbuild: do not call cc-option before KBUILD_CFLAGS initialization
        kbuild: Cache a few more calls to the compiler
        kbuild: Add a cache for generated variables
        kbuild: add forward declaration of default target to Makefile.asm-generic
        kbuild: remove KBUILD_SUBDIR_ASFLAGS and KBUILD_SUBDIR_CCFLAGS
        hexagon/kbuild: replace CFLAGS_MODULE with KBUILD_CFLAGS_MODULE
        ...
      09bd7c75
    • Greg Kroah-Hartman's avatar
      net: usb: hso.c: remove unneeded DRIVER_LICENSE #define · 461ee7f3
      Greg Kroah-Hartman authored
      There is no need to #define the license of the driver, just put it in
      the MODULE_LICENSE() line directly as a text string.
      
      This allows tools that check that the module license matches the source
      code license to work properly, as there is no need to unwind the
      unneeded dereference.
      
      Cc: "David S. Miller" <davem@davemloft.net>
      Cc: Andreas Kemnade <andreas@kemnade.info>
      Cc: Johan Hovold <johan@kernel.org>
      Reported-by: default avatarPhilippe Ombredanne <pombredanne@nexb.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Reviewed-by: default avatarPhilippe Ombredanne <pombredanne@nexb.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      461ee7f3
    • Desnes Augusto Nunes do Rosario's avatar
      ibmvnic: fix dma_mapping_error call · f743106e
      Desnes Augusto Nunes do Rosario authored
      This patch fixes the dma_mapping_error call to use the correct dma_addr
      which is inside the ibmvnic_vpd struct. Moreover, it fixes an uninitialized
      warning regarding a local dma_addr variable which is not used anymore.
      
      Fixes: 4e6759be ("ibmvnic: Feature implementation of VPD for the ibmvnic driver")
      Reported-by: default avatarStephen Rothwell <sfr@canb.auug.org.au>
      Signed-off-by: default avatarDesnes A. Nunes do Rosario <desnesn@linux.vnet.ibm.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f743106e
    • Girish Moodalbail's avatar
      ipvlan: NULL pointer dereference panic in ipvlan_port_destroy · fe18da60
      Girish Moodalbail authored
      When call to register_netdevice() (called from ipvlan_link_new()) fails,
      we call ipvlan_uninit() (through ndo_uninit()) to destroy the ipvlan
      port. After returning unsuccessfully from register_netdevice() we go
      ahead and call ipvlan_port_destroy() again which causes NULL pointer
      dereference panic. Fix the issue by making ipvlan_init() and
      ipvlan_uninit() call symmetric.
      
      The ipvlan port will now be created inside ipvlan_init() and will be
      destroyed in ipvlan_uninit().
      
      Fixes: 2ad7bf36 (ipvlan: Initial check-in of the IPVLAN driver)
      Signed-off-by: default avatarGirish Moodalbail <girish.moodalbail@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      fe18da60
    • Xin Long's avatar
      route: also update fnhe_genid when updating a route cache · cebe84c6
      Xin Long authored
      Now when ip route flush cache and it turn out all fnhe_genid != genid.
      If a redirect/pmtu icmp packet comes and the old fnhe is found and all
      it's members but fnhe_genid will be updated.
      
      Then next time when it looks up route and tries to rebind this fnhe to
      the new dst, the fnhe will be flushed due to fnhe_genid != genid. It
      causes this redirect/pmtu icmp packet acutally not to be applied.
      
      This patch is to also reset fnhe_genid when updating a route cache.
      
      Fixes: 5aad1de5 ("ipv4: use separate genid for next hop exceptions")
      Acked-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
      Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      cebe84c6
    • Xin Long's avatar
      route: update fnhe_expires for redirect when the fnhe exists · e39d5246
      Xin Long authored
      Now when creating fnhe for redirect, it sets fnhe_expires for this
      new route cache. But when updating the exist one, it doesn't do it.
      It will cause this fnhe never to be expired.
      
      Paolo already noticed it before, in Jianlin's test case, it became
      even worse:
      
      When ip route flush cache, the old fnhe is not to be removed, but
      only clean it's members. When redirect comes again, this fnhe will
      be found and updated, but never be expired due to fnhe_expires not
      being set.
      
      So fix it by simply updating fnhe_expires even it's for redirect.
      
      Fixes: aee06da6 ("ipv4: use seqlock for nh_exceptions")
      Reported-by: default avatarJianlin Shi <jishi@redhat.com>
      Acked-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
      Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e39d5246
    • Xin Long's avatar
      sctp: set frag_point in sctp_setsockopt_maxseg correctly · ecca8f88
      Xin Long authored
      Now in sctp_setsockopt_maxseg user_frag or frag_point can be set with
      val >= 8 and val <= SCTP_MAX_CHUNK_LEN. But both checks are incorrect.
      
      val >= 8 means frag_point can even be less than SCTP_DEFAULT_MINSEGMENT.
      Then in sctp_datamsg_from_user(), when it's value is greater than cookie
      echo len and trying to bundle with cookie echo chunk, the first_len will
      overflow.
      
      The worse case is when it's value is equal as cookie echo len, first_len
      becomes 0, it will go into a dead loop for fragment later on. In Hangbin
      syzkaller testing env, oom was even triggered due to consecutive memory
      allocation in that loop.
      
      Besides, SCTP_MAX_CHUNK_LEN is the max size of the whole chunk, it should
      deduct the data header for frag_point or user_frag check.
      
      This patch does a proper check with SCTP_DEFAULT_MINSEGMENT subtracting
      the sctphdr and datahdr, SCTP_MAX_CHUNK_LEN subtracting datahdr when
      setting frag_point via sockopt. It also improves sctp_setsockopt_maxseg
      codes.
      Suggested-by: default avatarMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
      Reported-by: default avatarHangbin Liu <liuhangbin@gmail.com>
      Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Acked-by: default avatarMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ecca8f88
    • Colin Ian King's avatar
      rsi: fix memory leak on buf and usb_reg_buf · d35ef8f8
      Colin Ian King authored
      In the cases where len is too long, the error return path fails to
      kfree allocated buffers buf and usb_reg_buf.  The simplest fix is to
      perform the sanity check on len before the allocations to avoid having
      to do the kfree'ing in the first place.
      
      Detected by CoverityScan, CID#1452258,1452259 ("Resource Leak")
      
      Fixes: 59f73e2a ("rsi: check length before USB read/write register")
      Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d35ef8f8
    • Tim Hansen's avatar
      net/netlabel: Add list_next_rcu() in rcu_dereference(). · 17e48577
      Tim Hansen authored
      Add list_next_rcu() for fetching next list in rcu_deference safely.
      
      Found with sparse in linux-next tree on tag next-20171116.
      Signed-off-by: default avatarTim Hansen <devtimhansen@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      17e48577