1. 10 Jan, 2020 4 commits
  2. 07 Jan, 2020 4 commits
  3. 24 Dec, 2019 1 commit
    • YueHaibing's avatar
      selinux: remove set but not used variable 'sidtab' · f1268534
      YueHaibing authored
      security/selinux/ss/services.c: In function security_port_sid:
      security/selinux/ss/services.c:2346:17: warning: variable sidtab set but not used [-Wunused-but-set-variable]
      security/selinux/ss/services.c: In function security_ib_endport_sid:
      security/selinux/ss/services.c:2435:17: warning: variable sidtab set but not used [-Wunused-but-set-variable]
      security/selinux/ss/services.c: In function security_netif_sid:
      security/selinux/ss/services.c:2480:17: warning: variable sidtab set but not used [-Wunused-but-set-variable]
      security/selinux/ss/services.c: In function security_fs_use:
      security/selinux/ss/services.c:2831:17: warning: variable sidtab set but not used [-Wunused-but-set-variable]
      
      Since commit 66f8e2f0 ("selinux: sidtab reverse lookup hash table")
      'sidtab' is not used any more, so remove it.
      Reported-by: default avatarHulk Robot <hulkci@huawei.com>
      Signed-off-by: default avatarYueHaibing <yuehaibing@huawei.com>
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      f1268534
  4. 23 Dec, 2019 1 commit
  5. 21 Dec, 2019 1 commit
  6. 19 Dec, 2019 2 commits
    • Stephen Smalley's avatar
      selinux: randomize layout of key structures · 5c108d4e
      Stephen Smalley authored
      Randomize the layout of key selinux data structures.
      Initially this is applied to the selinux_state, selinux_ss,
      policydb, and task_security_struct data structures.
      
      NB To test/use this mechanism, one must install the
      necessary build-time dependencies, e.g. gcc-plugin-devel on Fedora,
      and enable CONFIG_GCC_PLUGIN_RANDSTRUCT in the kernel configuration.
      Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      Reviewed-by: default avatarKees Cook <keescook@chromium.org>
      [PM: double semi-colon fixed]
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      5c108d4e
    • Stephen Smalley's avatar
      selinux: clean up selinux_enabled/disabled/enforcing_boot · 6c5a682e
      Stephen Smalley authored
      Rename selinux_enabled to selinux_enabled_boot to make it clear that
      it only reflects whether SELinux was enabled at boot.  Replace the
      references to it in the MAC_STATUS audit log in sel_write_enforce()
      with hardcoded "1" values because this code is only reachable if SELinux
      is enabled and does not change its value, and update the corresponding
      MAC_STATUS audit log in sel_write_disable().  Stop clearing
      selinux_enabled in selinux_disable() since it is not used outside of
      initialization code that runs before selinux_disable() can be reached.
      Mark both selinux_enabled_boot and selinux_enforcing_boot as __initdata
      since they are only used in initialization code.
      
      Wrap the disabled field in the struct selinux_state with
      CONFIG_SECURITY_SELINUX_DISABLE since it is only used for
      runtime disable.
      Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      6c5a682e
  7. 12 Dec, 2019 1 commit
  8. 10 Dec, 2019 2 commits
  9. 09 Dec, 2019 6 commits
    • Stephen Smalley's avatar
      selinux: clean up selinux_inode_permission MAY_NOT_BLOCK tests · 5298d0b9
      Stephen Smalley authored
      Through a somewhat convoluted series of changes, we have ended up
      with multiple unnecessary occurrences of (flags & MAY_NOT_BLOCK)
      tests in selinux_inode_permission().  Clean it up and simplify.
      No functional change.
      Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      5298d0b9
    • Stephen Smalley's avatar
      selinux: fall back to ref-walk if audit is required · 0188d5c0
      Stephen Smalley authored
      commit bda0be7a ("security: make inode_follow_link RCU-walk aware")
      passed down the rcu flag to the SELinux AVC, but failed to adjust the
      test in slow_avc_audit() to also return -ECHILD on LSM_AUDIT_DATA_DENTRY.
      Previously, we only returned -ECHILD if generating an audit record with
      LSM_AUDIT_DATA_INODE since this was only relevant from inode_permission.
      Move the handling of MAY_NOT_BLOCK to avc_audit() and its inlined
      equivalent in selinux_inode_permission() immediately after we determine
      that audit is required, and always fall back to ref-walk in this case.
      
      Fixes: bda0be7a ("security: make inode_follow_link RCU-walk aware")
      Reported-by: default avatarWill Deacon <will@kernel.org>
      Suggested-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      0188d5c0
    • Stephen Smalley's avatar
      selinux: revert "stop passing MAY_NOT_BLOCK to the AVC upon follow_link" · 1a37079c
      Stephen Smalley authored
      This reverts commit e46e01ee ("selinux: stop passing MAY_NOT_BLOCK
      to the AVC upon follow_link"). The correct fix is to instead fall
      back to ref-walk if audit is required irrespective of the specific
      audit data type.  This is done in the next commit.
      
      Fixes: e46e01ee ("selinux: stop passing MAY_NOT_BLOCK to the AVC upon follow_link")
      Reported-by: default avatarWill Deacon <will@kernel.org>
      Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      1a37079c
    • Stephen Smalley's avatar
      security,lockdown,selinux: implement SELinux lockdown · 59438b46
      Stephen Smalley authored
      Implement a SELinux hook for lockdown.  If the lockdown module is also
      enabled, then a denial by the lockdown module will take precedence over
      SELinux, so SELinux can only further restrict lockdown decisions.
      The SELinux hook only distinguishes at the granularity of integrity
      versus confidentiality similar to the lockdown module, but includes the
      full lockdown reason as part of the audit record as a hint in diagnosing
      what triggered the denial.  To support this auditing, move the
      lockdown_reasons[] string array from being private to the lockdown
      module to the security framework so that it can be used by the lsm audit
      code and so that it is always available even when the lockdown module
      is disabled.
      
      Note that the SELinux implementation allows the integrity and
      confidentiality reasons to be controlled independently from one another.
      Thus, in an SELinux policy, one could allow operations that specify
      an integrity reason while blocking operations that specify a
      confidentiality reason. The SELinux hook implementation is
      stricter than the lockdown module in validating the provided reason value.
      
      Sample AVC audit output from denials:
      avc:  denied  { integrity } for pid=3402 comm="fwupd"
       lockdown_reason="/dev/mem,kmem,port" scontext=system_u:system_r:fwupd_t:s0
       tcontext=system_u:system_r:fwupd_t:s0 tclass=lockdown permissive=0
      
      avc:  denied  { confidentiality } for pid=4628 comm="cp"
       lockdown_reason="/proc/kcore access"
       scontext=unconfined_u:unconfined_r:test_lockdown_integrity_t:s0-s0:c0.c1023
       tcontext=unconfined_u:unconfined_r:test_lockdown_integrity_t:s0-s0:c0.c1023
       tclass=lockdown permissive=0
      Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      Reviewed-by: default avatarJames Morris <jamorris@linux.microsoft.com>
      [PM: some merge fuzz do the the perf hooks]
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      59438b46
    • Ondrej Mosnacek's avatar
      selinux: cache the SID -> context string translation · d97bd23c
      Ondrej Mosnacek authored
      Translating a context struct to string can be quite slow, especially if
      the context has a lot of category bits set. This can cause quite
      noticeable performance impact in situations where the translation needs
      to be done repeatedly. A common example is a UNIX datagram socket with
      the SO_PASSSEC option enabled, which is used e.g. by systemd-journald
      when receiving log messages via datagram socket. This scenario can be
      reproduced with:
      
          cat /dev/urandom | base64 | logger &
          timeout 30s perf record -p $(pidof systemd-journald) -a -g
          kill %1
          perf report -g none --pretty raw | grep security_secid_to_secctx
      
      Before the caching introduced by this patch, computing the context
      string (security_secid_to_secctx() function) takes up ~65% of
      systemd-journald's CPU time (assuming a context with 1024 categories
      set and Fedora x86_64 release kernel configs). After this patch
      (assuming near-perfect cache hit ratio) this overhead is reduced to just
      ~2%.
      
      This patch addresses the issue by caching a certain number (compile-time
      configurable) of recently used context strings to speed up repeated
      translations of the same context, while using only a small amount of
      memory.
      
      The cache is integrated into the existing sidtab table by adding a field
      to each entry, which when not NULL contains an RCU-protected pointer to
      a cache entry containing the cached string. The cache entries are kept
      in a linked list sorted according to how recently they were used. On a
      cache miss when the cache is full, the least recently used entry is
      removed to make space for the new entry.
      
      The patch migrates security_sid_to_context_core() to use the cache (also
      a few other functions where it was possible without too much fuss, but
      these mostly use the translation for logging in case of error, which is
      rare).
      
      Link: https://bugzilla.redhat.com/show_bug.cgi?id=1733259
      Cc: Michal Sekletar <msekleta@redhat.com>
      Signed-off-by: default avatarOndrej Mosnacek <omosnace@redhat.com>
      Reviewed-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      Tested-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      Reviewed-by: default avatarPaul E. McKenney <paulmck@kernel.org>
      [PM: lots of merge fixups due to collisions with other sidtab patches]
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      d97bd23c
    • Jeff Vander Stoep's avatar
      selinux: sidtab reverse lookup hash table · 66f8e2f0
      Jeff Vander Stoep authored
      This replaces the reverse table lookup and reverse cache with a
      hashtable which improves cache-miss reverse-lookup times from
      O(n) to O(1)* and maintains the same performance as a reverse
      cache hit.
      
      This reduces the time needed to add a new sidtab entry from ~500us
      to 5us on a Pixel 3 when there are ~10,000 sidtab entries.
      
      The implementation uses the kernel's generic hashtable API,
      It uses the context's string represtation as the hash source,
      and the kernels generic string hashing algorithm full_name_hash()
      to reduce the string to a 32 bit value.
      
      This change also maintains the improvement introduced in
      commit ee1a84fd ("selinux: overhaul sidtab to fix bug and improve
      performance") which removed the need to keep the current sidtab
      locked during policy reload. It does however introduce periodic
      locking of the target sidtab while converting the hashtable. Sidtab
      entries are never modified or removed, so the context struct stored
      in the sid_to_context tree can also be used for the context_to_sid
      hashtable to reduce memory usage.
      
      This bug was reported by:
      - On the selinux bug tracker.
        BUG: kernel softlockup due to too many SIDs/contexts #37
        https://github.com/SELinuxProject/selinux-kernel/issues/37
      - Jovana Knezevic on Android's bugtracker.
        Bug: 140252993
        "During multi-user performance testing, we create and remove users
        many times. selinux_android_restorecon_pkgdir goes from 1ms to over
        20ms after about 200 user creations and removals. Accumulated over
        ~280 packages, that adds a significant time to user creation,
        making perf benchmarks unreliable."
      
      * Hashtable lookup is only O(1) when n < the number of buckets.
      Signed-off-by: default avatarJeff Vander Stoep <jeffv@google.com>
      Reported-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      Reported-by: default avatarJovana Knezevic <jovanak@google.com>
      Reviewed-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      Tested-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      [PM: subj tweak, removed changelog from patch description]
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      66f8e2f0
  10. 08 Dec, 2019 12 commits
    • Linus Torvalds's avatar
      Linux 5.5-rc1 · e42617b8
      Linus Torvalds authored
      e42617b8
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 95e6ba51
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) More jumbo frame fixes in r8169, from Heiner Kallweit.
      
       2) Fix bpf build in minimal configuration, from Alexei Starovoitov.
      
       3) Use after free in slcan driver, from Jouni Hogander.
      
       4) Flower classifier port ranges don't work properly in the HW offload
          case, from Yoshiki Komachi.
      
       5) Use after free in hns3_nic_maybe_stop_tx(), from Yunsheng Lin.
      
       6) Out of bounds access in mqprio_dump(), from Vladyslav Tarasiuk.
      
       7) Fix flow dissection in dsa TX path, from Alexander Lobakin.
      
       8) Stale syncookie timestampe fixes from Guillaume Nault.
      
      [ Did an evil merge to silence a warning introduced by this pull - Linus ]
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (84 commits)
        r8169: fix rtl_hw_jumbo_disable for RTL8168evl
        net_sched: validate TCA_KIND attribute in tc_chain_tmplt_add()
        r8169: add missing RX enabling for WoL on RTL8125
        vhost/vsock: accept only packets with the right dst_cid
        net: phy: dp83867: fix hfs boot in rgmii mode
        net: ethernet: ti: cpsw: fix extra rx interrupt
        inet: protect against too small mtu values.
        gre: refetch erspan header from skb->data after pskb_may_pull()
        pppoe: remove redundant BUG_ON() check in pppoe_pernet
        tcp: Protect accesses to .ts_recent_stamp with {READ,WRITE}_ONCE()
        tcp: tighten acceptance of ACKs not matching a child socket
        tcp: fix rejected syncookies due to stale timestamps
        lpc_eth: kernel BUG on remove
        tcp: md5: fix potential overestimation of TCP option space
        net: sched: allow indirect blocks to bind to clsact in TC
        net: core: rename indirect block ingress cb function
        net-sysfs: Call dev_hold always in netdev_queue_add_kobject
        net: dsa: fix flow dissection on Tx path
        net/tls: Fix return values to avoid ENOTSUPP
        net: avoid an indirect call in ____sys_recvmsg()
        ...
      95e6ba51
    • Linus Torvalds's avatar
      Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 138f371d
      Linus Torvalds authored
      Pull more SCSI updates from James Bottomley:
       "Eleven patches, all in drivers (no core changes) that are either minor
        cleanups or small fixes.
      
        They were late arriving, but still safe for -rc1"
      
      * tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: MAINTAINERS: Add the linux-scsi mailing list to the ISCSI entry
        scsi: megaraid_sas: Make poll_aen_lock static
        scsi: sd_zbc: Improve report zones error printout
        scsi: qla2xxx: Fix qla2x00_request_irqs() for MSI
        scsi: qla2xxx: unregister ports after GPN_FT failure
        scsi: qla2xxx: fix rports not being mark as lost in sync fabric scan
        scsi: pm80xx: Remove unused include of linux/version.h
        scsi: pm80xx: fix logic to break out of loop when register value is 2 or 3
        scsi: scsi_transport_sas: Fix memory leak when removing devices
        scsi: lpfc: size cpu map by last cpu id set
        scsi: ibmvscsi_tgt: Remove unneeded variable rc
      138f371d
    • Linus Torvalds's avatar
      Merge tag '5.5-rc-smb3-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6 · a78f7cdd
      Linus Torvalds authored
      Pull cifs fixes from Steve French:
       "Nine cifs/smb3 fixes:
      
         - one fix for stable (oops during oplock break)
      
         - two timestamp fixes including important one for updating mtime at
           close to avoid stale metadata caching issue on dirty files (also
           improves perf by using SMB2_CLOSE_FLAG_POSTQUERY_ATTRIB over the
           wire)
      
         - two fixes for "modefromsid" mount option for file create (now
           allows mode bits to be set more atomically and accurately on create
           by adding "sd_context" on create when modefromsid specified on
           mount)
      
         - two fixes for multichannel found in testing this week against
           different servers
      
         - two small cleanup patches"
      
      * tag '5.5-rc-smb3-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6:
        smb3: improve check for when we send the security descriptor context on create
        smb3: fix mode passed in on create for modetosid mount option
        cifs: fix possible uninitialized access and race on iface_list
        cifs: Fix lookup of SMB connections on multichannel
        smb3: query attributes on file close
        smb3: remove unused flag passed into close functions
        cifs: remove redundant assignment to pointer pneg_ctxt
        fs: cifs: Fix atime update check vs mtime
        CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks
      a78f7cdd
    • Linus Torvalds's avatar
      Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · 5bf9a06a
      Linus Torvalds authored
      Pull misc vfs cleanups from Al Viro:
       "No common topic, just three cleanups".
      
      * 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        make __d_alloc() static
        fs/namespace: add __user to open_tree and move_mount syscalls
        fs/fnctl: fix missing __user in fcntl_rw_hint()
      5bf9a06a
    • Linus Torvalds's avatar
      Merge tag 'ntb-5.5' of git://github.com/jonmason/ntb · 9455d25f
      Linus Torvalds authored
      Pull NTB update from Jon Mason:
       "Just a simple patch to add a new Hygon Device ID to the AMD NTB device
        driver"
      
      * tag 'ntb-5.5' of git://github.com/jonmason/ntb:
        NTB: Add Hygon Device ID
      9455d25f
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input · 73721451
      Linus Torvalds authored
      Pull more input updates from Dmitry Torokhov:
      
       - fixups for Synaptics RMI4 driver
      
       - a quirk for Goodinx touchscreen on Teclast tablet
      
       - a new keycode definition for activating privacy screen feature found
         on a few "enterprise" laptops
      
       - updates to snvs_pwrkey driver
      
       - polling uinput device for writing (which is always allowed) now works
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
        Input: synaptics-rmi4 - don't increment rmiaddr for SMBus transfers
        Input: synaptics-rmi4 - re-enable IRQs in f34v7_do_reflash
        Input: goodix - add upside-down quirk for Teclast X89 tablet
        Input: add privacy screen toggle keycode
        Input: uinput - fix returning EPOLLOUT from uinput_poll
        Input: snvs_pwrkey - remove gratuitous NULL initializers
        Input: snvs_pwrkey - send key events for i.MX6 S, DL and Q
      73721451
    • Linus Torvalds's avatar
      Merge tag 'iomap-5.5-merge-14' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux · 95207d55
      Linus Torvalds authored
      Pull iomap fixes from Darrick Wong:
       "Fix a race condition and a use-after-free error:
      
         - Fix a UAF when reporting writeback errors
      
         - Fix a race condition when handling page uptodate on fragmented file
           with blocksize < pagesize"
      
      * tag 'iomap-5.5-merge-14' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
        iomap: stop using ioend after it's been freed in iomap_finish_ioend()
        iomap: fix sub-page uptodate handling
      95207d55
    • Linus Torvalds's avatar
      Merge tag 'xfs-5.5-merge-17' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux · 50caca9d
      Linus Torvalds authored
      Pull xfs fixes from Darrick Wong:
       "Fix a couple of resource management errors and a hang:
      
         - fix a crash in the log setup code when log mounting fails
      
         - fix a hang when allocating space on the realtime device
      
         - fix a block leak when freeing space on the realtime device"
      
      * tag 'xfs-5.5-merge-17' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
        xfs: fix mount failure crash on invalid iclog memory access
        xfs: don't check for AG deadlock for realtime files in bunmapi
        xfs: fix realtime file data space leak
      50caca9d
    • Linus Torvalds's avatar
      Merge tag 'for-linus-5.5-ofs1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux · 316933cf
      Linus Torvalds authored
      Pull orangefs update from Mike Marshall:
       "orangefs: posix open permission checking...
      
        Orangefs has no open, and orangefs checks file permissions on each
        file access. Posix requires that file permissions be checked on open
        and nowhere else. Orangefs-through-the-kernel needs to seem posix
        compliant.
      
        The VFS opens files, even if the filesystem provides no method. We can
        see if a file was successfully opened for read and or for write by
        looking at file->f_mode.
      
        When writes are flowing from the page cache, file is no longer
        available. We can trust the VFS to have checked file->f_mode before
        writing to the page cache.
      
        The mode of a file might change between when it is opened and IO
        commences, or it might be created with an arbitrary mode.
      
        We'll make sure we don't hit EACCES during the IO stage by using
        UID 0"
      
      [ This is "posixish", but not a great solution in the long run, since a
        proper secure network server shouldn't really trust the client like this.
        But proper and secure POSIX behavior requires an open method and a
        resulting cookie for IO of some kind, or similar.    - Linus ]
      
      * tag 'for-linus-5.5-ofs1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux:
        orangefs: posix open permission checking...
      316933cf
    • Linus Torvalds's avatar
      Merge tag 'nfsd-5.5' of git://linux-nfs.org/~bfields/linux · 911d137a
      Linus Torvalds authored
      Pull nfsd updates from Bruce Fields:
       "This is a relatively quiet cycle for nfsd, mainly various bugfixes.
      
        Possibly most interesting is Trond's fixes for some callback races
        that were due to my incomplete understanding of rpc client shutdown.
        Unfortunately at the last minute I've started noticing a new
        intermittent failure to send callbacks. As the logic seems basically
        correct, I'm leaving Trond's patches in for now, and hope to find a
        fix in the next week so I don't have to revert those patches"
      
      * tag 'nfsd-5.5' of git://linux-nfs.org/~bfields/linux: (24 commits)
        nfsd: depend on CRYPTO_MD5 for legacy client tracking
        NFSD fixing possible null pointer derefering in copy offload
        nfsd: check for EBUSY from vfs_rmdir/vfs_unink.
        nfsd: Ensure CLONE persists data and metadata changes to the target file
        SUNRPC: Fix backchannel latency metrics
        nfsd: restore NFSv3 ACL support
        nfsd: v4 support requires CRYPTO_SHA256
        nfsd: Fix cld_net->cn_tfm initialization
        lockd: remove __KERNEL__ ifdefs
        sunrpc: remove __KERNEL__ ifdefs
        race in exportfs_decode_fh()
        nfsd: Drop LIST_HEAD where the variable it declares is never used.
        nfsd: document callback_wq serialization of callback code
        nfsd: mark cb path down on unknown errors
        nfsd: Fix races between nfsd4_cb_release() and nfsd4_shutdown_callback()
        nfsd: minor 4.1 callback cleanup
        SUNRPC: Fix svcauth_gss_proxy_init()
        SUNRPC: Trace gssproxy upcall results
        sunrpc: fix crash when cache_head become valid before update
        nfsd: remove private bin2hex implementation
        ...
      911d137a
    • Linus Torvalds's avatar
      Merge tag 'nfs-for-5.5-1' of git://git.linux-nfs.org/projects/trondmy/linux-nfs · fb9bf40c
      Linus Torvalds authored
      Pull NFS client updates from Trond Myklebust:
       "Highlights include:
      
        Features:
      
         - NFSv4.2 now supports cross device offloaded copy (i.e. offloaded
           copy of a file from one source server to a different target
           server).
      
         - New RDMA tracepoints for debugging congestion control and Local
           Invalidate WRs.
      
        Bugfixes and cleanups
      
         - Drop the NFSv4.1 session slot if nfs4_delegreturn_prepare waits for
           layoutreturn
      
         - Handle bad/dead sessions correctly in nfs41_sequence_process()
      
         - Various bugfixes to the delegation return operation.
      
         - Various bugfixes pertaining to delegations that have been revoked.
      
         - Cleanups to the NFS timespec code to avoid unnecessary conversions
           between timespec and timespec64.
      
         - Fix unstable RDMA connections after a reconnect
      
         - Close race between waking an RDMA sender and posting a receive
      
         - Wake pending RDMA tasks if connection fails
      
         - Fix MR list corruption, and clean up MR usage
      
         - Fix another RPCSEC_GSS issue with MIC buffer space"
      
      * tag 'nfs-for-5.5-1' of git://git.linux-nfs.org/projects/trondmy/linux-nfs: (79 commits)
        SUNRPC: Capture completion of all RPC tasks
        SUNRPC: Fix another issue with MIC buffer space
        NFS4: Trace lock reclaims
        NFS4: Trace state recovery operation
        NFSv4.2 fix memory leak in nfs42_ssc_open
        NFSv4.2 fix kfree in __nfs42_copy_file_range
        NFS: remove duplicated include from nfs4file.c
        NFSv4: Make _nfs42_proc_copy_notify() static
        NFS: Fallocate should use the nfs4_fattr_bitmap
        NFS: Return -ETXTBSY when attempting to write to a swapfile
        fs: nfs: sysfs: Remove NULL check before kfree
        NFS: remove unneeded semicolon
        NFSv4: add declaration of current_stateid
        NFSv4.x: Drop the slot if nfs4_delegreturn_prepare waits for layoutreturn
        NFSv4.x: Handle bad/dead sessions correctly in nfs41_sequence_process()
        nfsv4: Move NFSPROC4_CLNT_COPY_NOTIFY to end of list
        SUNRPC: Avoid RPC delays when exiting suspend
        NFS: Add a tracepoint in nfs_fh_to_dentry()
        NFSv4: Don't retry the GETATTR on old stateid in nfs4_delegreturn_done()
        NFSv4: Handle NFS4ERR_OLD_STATEID in delegreturn
        ...
      fb9bf40c
  11. 07 Dec, 2019 6 commits
    • Steve French's avatar
      smb3: improve check for when we send the security descriptor context on create · 231e2a0b
      Steve French authored
      We had cases in the previous patch where we were sending the security
      descriptor context on SMB3 open (file create) in cases when we hadn't
      mounted with with "modefromsid" mount option.
      
      Add check for that mount flag before calling ad_sd_context in
      open init.
      Signed-off-by: default avatarSteve French <stfrench@microsoft.com>
      Reviewed-by: default avatarPavel Shilovsky <pshilov@microsoft.com>
      231e2a0b
    • Linus Torvalds's avatar
      Merge tag 'vfio-v5.5-rc1' of git://github.com/awilliam/linux-vfio · 94e89b40
      Linus Torvalds authored
      Pull VFIO updates from Alex Williamson:
      
       - Remove hugepage checks for reserved pfns (Ben Luo)
      
       - Fix irq-bypass unregister ordering (Jiang Yi)
      
      * tag 'vfio-v5.5-rc1' of git://github.com/awilliam/linux-vfio:
        vfio/pci: call irq_bypass_unregister_producer() before freeing irq
        vfio/type1: remove hugepage checks in is_invalid_reserved_pfn()
      94e89b40
    • Linus Torvalds's avatar
      Merge tag 'for-linus-5.5b-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip · f74fd13f
      Linus Torvalds authored
      Pull more xen updates from Juergen Gross:
      
       - a patch to fix a build warning
      
       - a cleanup of no longer needed code in the Xen event handling
      
       - a small series for the Xen grant driver avoiding high order
         allocations and replacing an insane global limit by a per-call one
      
       - a small series fixing Xen frontend/backend module referencing
      
      * tag 'for-linus-5.5b-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
        xen-blkback: allow module to be cleanly unloaded
        xen/xenbus: reference count registered modules
        xen/gntdev: switch from kcalloc() to kvcalloc()
        xen/gntdev: replace global limit of mapped pages by limit per call
        xen/gntdev: remove redundant non-zero check on ret
        xen/events: remove event handling recursion detection
      f74fd13f
    • Linus Torvalds's avatar
      Merge branch 'akpm' (patches from Andrew) · 6dc517a3
      Linus Torvalds authored
      Merge misc Kconfig updates from Andrew Morton:
       "A number of changes to Kconfig files under lib/ from Changbin Du and
        Krzysztof Kozlowski"
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>:
        lib/: fix Kconfig indentation
        kernel-hacking: move DEBUG_FS to 'Generic Kernel Debugging Instruments'
        kernel-hacking: move DEBUG_BUGVERBOSE to 'printk and dmesg options'
        kernel-hacking: create a submenu for scheduler debugging options
        kernel-hacking: move SCHED_STACK_END_CHECK after DEBUG_STACK_USAGE
        kernel-hacking: move Oops into 'Lockups and Hangs'
        kernel-hacking: move kernel testing and coverage options to same submenu
        kernel-hacking: group kernel data structures debugging together
        kernel-hacking: create submenu for arch special debugging options
        kernel-hacking: group sysrq/kgdb/ubsan into 'Generic Kernel Debugging Instruments'
      6dc517a3
    • Heiner Kallweit's avatar
      r8169: fix rtl_hw_jumbo_disable for RTL8168evl · 0fc75219
      Heiner Kallweit authored
      In referenced fix we removed the RTL8168e-specific jumbo config for
      RTL8168evl in rtl_hw_jumbo_enable(). We have to do the same in
      rtl_hw_jumbo_disable().
      
      v2: fix referenced commit id
      
      Fixes: 14012c9f ("r8169: fix jumbo configuration for RTL8168evl")
      Signed-off-by: default avatarHeiner Kallweit <hkallweit1@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0fc75219
    • Linus Torvalds's avatar
      pipe: don't use 'pipe_wait() for basic pipe IO · 85190d15
      Linus Torvalds authored
      pipe_wait() may be simple, but since it relies on the pipe lock, it
      means that we have to do the wakeup while holding the lock.  That's
      unfortunate, because the very first thing the waked entity will want to
      do is to get the pipe lock for itself.
      
      So get rid of the pipe_wait() usage by simply releasing the pipe lock,
      doing the wakeup (if required) and then using wait_event_interruptible()
      to wait on the right condition instead.
      
      wait_event_interruptible() handles races on its own by comparing the
      wakeup condition before and after adding itself to the wait queue, so
      you can use an optimistic unlocked condition for it.
      
      Cc: David Howells <dhowells@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      85190d15