Now when adding an ipt_CLUSTERIP rule, it only checks duplicate config in
clusterip_config_find_get(). But after that, there may be still another
thread to insert a config with the same ip, then it leaves proc_create_data
to do duplicate check.

It's more reasonable to check duplicate config by ipt_CLUSTERIP itself,
instead of checking it by proc fs duplicate file check. Before, when proc
fs allowed duplicate name files in a directory, It could even crash kernel
because of use-after-free.

This patch is to check duplicate config under the protection of clusterip
net lock when initializing a new config and correct the return err.

Note that it also moves proc file node creation after adding new config, as
proc_create_data may sleep, it couldn't be called under the clusterip_net
lock. clusterip_config_find_get returns NULL if c->pde is null to make sure
it can't be used until the proc file node creation is done.
Suggested-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

If the NFT_PAYLOAD_L4CSUM_PSEUDOHDR flag is set, then mangle layer 4
checksum. This should not depend on csum_type NFT_PAYLOAD_CSUM_INET
since IPv6 header has no checksum field, but still an update of any of
the pseudoheader fields may trigger a layer 4 checksum update.

Fixes: 18140969 ("netfilter: nft_payload: layer 4 checksum adjustment for pseudoheader fields")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

BUG: KASAN: slab-out-of-bounds in nf_tables_rule_destroy+0xf1/0x130 at addr ffff88006a4c35c8
Read of size 8 by task nft/1607

When we've destroyed last valid expr, nft_expr_next() returns an invalid expr.
We must not dereference it unless it passes != nft_expr_last() check.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Using smp_processor_id() causes splats with PREEMPT_RCU:

[19379.552780] BUG: using smp_processor_id() in preemptible [00000000] code: ping/32389
[19379.552793] caller is debug_smp_processor_id+0x17/0x19
[...]
[19379.552823] Call Trace:
[19379.552832]  [<ffffffff81274e9e>] dump_stack+0x67/0x90
[19379.552837]  [<ffffffff8129a4d4>] check_preemption_disabled+0xe5/0xf5
[19379.552842]  [<ffffffff8129a4fb>] debug_smp_processor_id+0x17/0x19
[19379.552849]  [<ffffffffa07c42dd>] nft_queue_eval+0x35/0x20c [nft_queue]

No need to disable preemption since we only fetch the numeric value, so
let's use raw_smp_processor_id() instead.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Dumping of netlink attributes may fail due to insufficient room in the
skbuff, so let's reset consumed quota if we succeed to put netlink
attributes into the skbuff.

Fixes: 43da04a5 ("netfilter: nf_tables: atomic dump and reset for stateful objects")
Reported-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Commit 44900010 ("virtio-net: enable
multiqueue by default") blindly set the affinity instead of queues
during probe which can cause a mismatch of #queues between guest and
host. This patch fixes it by setting queues.
Reported-by: Theodore Ts'o <tytso@mit.edu>
Tested-by: Theodore Ts'o <tytso@mit.edu>
Cc: Neil Horman <nhorman@tuxdriver.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Fixes: 49000102901 ("virtio-net: enable multiqueue by default")
Signed-off-by: Jason Wang <jasowang@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Pull CRIS updates from Jesper Nilsson:
 "Three patches for minor issues"

* tag 'cris-for-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/jesper/cris:
  cris: No need to append -O2 and $(LINUXINCLUDE)
  tty: serial: make crisv10 explicitly non-modular
  cris: Only build flash rescue image if CONFIG_ETRAX_AXISFLASHMAP is selected

Pull Openrisc updates from Stafford Horne:

 - changes to MAINTAINER for openrisc

 - probably biggest actual change is the move to memblock from bootmem

 - ... plus several bug and build fixes

* tag 'openrisc-for-linus' of git://github.com/openrisc/linux:
  openrisc: prevent VGA console, fix builds
  openrisc: include l.swa in check for write data pagefault
  openrisc: Updates after openrisc.net has been lost
  openrisc: Consolidate setup to use memblock instead of bootmem
  openrisc: remove the redundant of_platform_populate
  openrisc: add NR_CPUS Kconfig default value
  openrisc: Support both old (or32) and new (or1k) toolchain
  openrisc: Add thread-local storage (TLS) support
  openrisc: restore all regs on rt_sigreturn
  openrisc: fix PTRS_PER_PGD define

Pull m68k updates from Geert Uytterhoeven:
 "Use seq_puts() for fixed strings"

* tag 'm68k-for-v4.10-tag1' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k:
  m68k/atari: Use seq_puts() in atari_get_hardware_list()
  m68k/amiga: Use seq_puts() in amiga_get_hardware_list()

Pull AVR32 updates from Hans-Christian Noren Egtvedt.

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/egtvedt/linux-avr32:
  avr32: wire up pkey syscalls
  AVR32-pio: Replace two seq_printf() calls by seq_puts() in pio_bank_show()
  AVR32-pio: Use seq_putc() in pio_bank_show()
  AVR32-clock: Combine nine seq_printf() calls into one call in clk_show()
  AVR32-clock: Use seq_putc() in two functions

Pull m68knommu updates from Greg Ungerer:
 "There are two sets of changes in this pull.

  The largest is the addition of the ColdFire platform side i2c support
  (the IO addressing, setup and clock definitions). The i2c hardware
  module itself is driven by the kernels existing iMX i2c driver.

  The other change is the addition of support for the Amcore board"

* 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu:
  m68knommu: AMCORE board, add iMX i2c support
  m68k: add Sysam AMCORE open board support
  m68knommu: platform support for i2c devices on ColdFire SoC

Pull sparc updates from David Miller:
 "Just a bunch of small cleanups and fixes here, and support for user
  probes from Allen Pais"

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
  sparc: fix a building error reported by kbuild
  sparc64: fix typo in pgd_clear()
  sparc64: restore irq in error paths in iommu
  sparc: leon: Fix a retry loop in leon_init_timers()
  sparc64: make string buffers large enough
  sparc64: move dereference after check for NULL
  sparc: kernel: use builtin_platform_driver
  sparc64:Support User Probes for sparc

Pull networking updates from David Miller:

 1) Platform regulatory domain support for ath10k, from Bartosz
    Markowski.

 2) Centralize min/max MTU checking, thus removing tons of duplicated
    code all of the the various drivers. From Jarod Wilson.

 3) Support ingress actions in act_mirred, from Shmulik Ladkani.

 4) Improve device adjacency tracking, from David Ahern.

 5) Add support for LED triggers on PHY link state changes, from Zach
    Brown.

 6) Improve UDP socket memory accounting, from Paolo Abeni.

 7) Set SK_MEM_QUANTUM to a fixed size of 4096, instead of PAGE_SIZE.
    From Eric Dumazet.

 8) Collapse TCP SKBs at retransmit time even if the right side SKB has
    frags. Also from Eric Dumazet.

 9) Add IP_RECVFRAGSIZE and IPV6_RECVFRAGSIZE cmsgs, from Willem de
    Bruijn.

10) Support routing by UID, from Lorenzo Colitti.

11) Handle L3 domain binding (ie. VRF) for RAW sockets, from David
    Ahern.

12) tcp_get_info() can run lockless, from Eric Dumazet.

13) 4-tuple UDP hashing in SFC driver, from Edward Cree.

14) Avoid reorders in GRO code, from Eric Dumazet.

15) IPV6 Segment Routing support, from David Lebrun.

16) Support MPLS push and pop for L3 packets in openvswitch, from Jiri
    Benc.

17) Add LRU datastructure support for BPF, Martin KaFai Lau.

18) VF support in liquidio driver, from Raghu Vatsavayi.

19) Multiqueue support in alx driver, from Tobias Regnery.

20) Networking cgroup BPF support, from Daniel Mack.

21) TCP chronograph measurements, from Francis Yan.

22) XDP support for qed driver, from Yuval Mintz.

23) BPF based lwtunnels, from Thomas Graf.

24) Consistent FIB dumping to offloading drivers, from Ido Schimmel.

25) Many optimizations for UDP under high load, from Eric Dumazet.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1522 commits)
  netfilter: nft_counter: rework atomic dump and reset
  e1000: use disable_hardirq() for e1000_netpoll()
  i40e: don't truncate match_method assignment
  net: ethernet: ti: netcp: add support of cpts
  net: phy: phy drivers should not set SUPPORTED_[Asym_]Pause
  net: l2tp: ppp: change PPPOL2TP_MSG_* => L2TP_MSG_*
  net: l2tp: deprecate PPPOL2TP_MSG_* in favour of L2TP_MSG_*
  net: l2tp: export debug flags to UAPI
  net: ethernet: stmmac: remove private tx queue lock
  net: ethernet: sxgbe: remove private tx queue lock
  net: bridge: shorten ageing time on topology change
  net: bridge: add helper to set topology change
  net: bridge: add helper to offload ageing time
  net: nicvf: use new api ethtool_{get|set}_link_ksettings
  net: ethernet: ti: cpsw: sync rates for channels in dual emac mode
  net: ethernet: ti: cpsw: re-split res only when speed is changed
  net: ethernet: ti: cpsw: combine budget and weight split and check
  net: ethernet: ti: cpsw: don't start queue twice
  net: ethernet: ti: cpsw: use same macros to get active slave
  net: mvneta: select GENERIC_ALLOCATOR
  ...

OpenRISC does not support VGA console, so prevent that kconfig symbol
from being enabled for OpenRISC, thus fixing these build errors:

   drivers/built-in.o: In function `vgacon_save_screen':
   vgacon.c:(.text+0x20e0): undefined reference to `screen_info'
   vgacon.c:(.text+0x20e8): undefined reference to `screen_info'
   drivers/built-in.o: In function `vgacon_init':
   vgacon.c:(.text+0x284c): undefined reference to `screen_info'
   vgacon.c:(.text+0x2850): undefined reference to `screen_info'
   drivers/built-in.o: In function `vgacon_startup':
   vgacon.c:(.text+0x28d8): undefined reference to `screen_info'
   drivers/built-in.o:vgacon.c:(.text+0x28f0): more undefined references to `screen_info' follow
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: kbuild test robot <fengguang.wu@intel.com>
Cc: Chen Gang <gang.chen@asianux.com>
Cc: Jonas Bonn <jonas@southpole.se>
Signed-off-by: Stafford Horne <shorne@gmail.com>

During page fault handling we check the last instruction to understand
if the fault was for a read or for a write.  By default we fall back to
read.  New instructions were added to the openrisc 1.1 spec for an
atomic load/store pair (l.lwa/l.swa).

This patch adds the opcode for l.swa (0x33) allowing it to be treated as
a write operation.
Signed-off-by: Stefan Kristiansson <stefan.kristiansson@saunalahti.fi>
[shorne@gmail.com: expanded a bit on the comment]
Signed-off-by: Stafford Horne <shorne@gmail.com>

The openrisc.net domain expired and was taken over by squatters.
These updates point documentation to the new domain, mailing lists
and git repos.

Also, Jonas is not the main maintainer anylonger, he reviews changes
but does not maintain a repo or sent pull requests.  Updating this to
add Stafford and Stefan who are the active maintainers.
Acked-by: Olof Kindgren <olof.kindgren@gmail.com>
Signed-off-by: Stafford Horne <shorne@gmail.com>

Clearing out one todo item. Use the memblock boot time memory
which is the current standard.
Tested-by: Guenter Roeck <linux@roeck-us.net>
Acked-by: Jonas <jonas@southpole.se>
Signed-off-by: Stafford Horne <shorne@gmail.com>

The of_platform_populate call in the openrisc arch code is now redundant
as the DT core provides a default call. Openrisc has a NULL match table
which means only top level nodes with compatible strings will have
devices creates. The default version will also descend nodes in the
match table such as "simple-bus" which should be fine as openrisc
doesn't have any of these (though it is preferred that memory-mapped
peripherals be grouped under a bus node(s)).
Signed-off-by: Rob Herring <robh@kernel.org>
Cc: Jonas Bonn <jonas@southpole.se>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Stafford Horne <shorne@gmail.com>

The build system now expects that NR_CPUS is defined.

Follow 4cbbbb43 ("microblaze: Fix missing NR_CPUS in menuconfig")
Signed-off-by: Stafford Horne <shorne@gmail.com>

The output file format for or1k has changed from "elf32-or32"
to "elf32-or1k". Select the correct output format automatically
to be able to compile the kernel with both toolchain variants.
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Stafford Horne <shorne@gmail.com>

Historically OpenRISC GCC has reserved r10 which we now use to hold
the thread pointer for thread-local storage (TLS).
Signed-off-by: Christian Svensson <blue@cmd.nu>
Signed-off-by: Stefan Kristiansson <stefan.kristiansson@saunalahti.fi>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Stafford Horne <shorne@gmail.com>

Fix signal handling for when signals are handled as the result of timers
or exceptions, previous code assumed syscalls. This was noticeable with X
crashing where it uses SIGALRM.

This patch restores all regs before returning to userspace via
_resume_userspace instead of via syscall return path.

The rt_sigreturn syscall is more like a context switch than a function
call; it entails a return from one context (the signal handler) to another
(the process in question).  For a context switch like this there are
effectively no call-saved regs that remain constant across the transition.
Reported-by: Sebastian Macke <sebastian@macke.de>
Signed-off-by: Jonas Bonn <jonas@southpole.se>
Tested-by: Guenter Roeck <linux@roeck-us.net>
[shorne@gmail.com: Updated comment better reflect change and issue]
Signed-off-by: Stafford Horne <shorne@gmail.com>

On OpenRISC, with its 8k pages, PAGE_SHIFT is defined to be 13.
That makes the expression (1UL << (PAGE_SHIFT-2)) evaluate
to 2048.
The correct value for PTRS_PER_PGD should be 256.

Correcting the PTRS_PER_PGD define unveiled a bug in map_ram(),
where PTRS_PER_PGD was used when the intent was to iterate
over a set of page table entries.
This patch corrects that issue as well.
Signed-off-by: Stefan Kristiansson <stefan.kristiansson@saunalahti.fi>
Acked-by: Jonas Bonn <jonas@southpole.se>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Stafford Horne <shorne@gmail.com>

This patch wires up the new pkey_mprotect, pkey_alloc and pkey_free syscalls on
AVR32.

Strings which did not contain data format specifications should be put
into a sequence. Thus use the corresponding function "seq_puts".

This issue was detected by using the Coccinelle software.
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>

A single character (line break) should be put into a sequence.
Thus use the corresponding function "seq_putc".

This issue was detected by using the Coccinelle software.
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>

Some data were printed into a sequence by nine separate function calls.
Print the same data by a single function call instead.
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>

A single character (line break) should be put into two sequences.
Thus use the corresponding function "seq_putc".

This issue was detected by using the Coccinelle software.
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>

>> arch/sparc/include/asm/topology_64.h:44:44:
error: implicit declaration of function 'cpu_data'
[-Werror=implicit-function-declaration]

 #define topology_physical_package_id(cpu) (cpu_data(cpu).proc_id)
                                               ^
Let's include cpudata.h in topology_64.h.

Cc: Sam Ravnborg <sam@ravnborg.org>
Cc: David S. Miller <davem@davemloft.net>
Cc: sparclinux@vger.kernel.org
Suggested-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Acked-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

It really has to be pgdp, not pgd.

It just happend to work since all callers have 'pgd' as an argument.
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

There are some error paths where we should restore IRQs but we don't.

Fixes: bb620c3d ("sparc: Make sparc64 use scalable lib/iommu-common.c functions")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

The original code causes a static checker warning because it has a
continue inside a do { } while (0); loop.  In that context, a continue
and a break are equivalent.  The intent was to go back to the start of
the loop so the continue was a bug.

I've added a retry label at the start and changed the continue to a goto
retry.  Then I removed the do { } while (0) loop and pulled the code in
one indent level.

Fixes: 2791c1a4 ("SPARC/LEON: added support for selecting Timer Core and Timer within core")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

My static checker complains that if "lvl" is ULONG_MAX (this is 64 bit)
then some of the strings will overflow.  I don't know if that's possible
but it seems simple enough to make the buffers slightly larger.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

We shouldn't dereference "iommu" until after we have checked that it is
non-NULL.

Fixes: f08978b0 ("sparc64: Enable sun4v dma ops to use IOMMU v2 APIs")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Use builtin_platform_driver() helper to simplify the code.
Signed-off-by: Geliang Tang <geliangtang@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Signed-off-by: Eric Saint Etienne <eric.saint.etienne@oracle.com>
Signed-off-by: Allen Pais <allen.pais@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Pull MIPS fixes from Ralf Baechle:
 "Two more MIPS fixes for 4.9:

   - RTC: Return -ENODEV so an external RTC will be tried

   - Fix mask of GPE frequency

  These two have been tested on Imagination's automated test system and
  also both received positive reviews on the linux-mips mailing list"

* 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
  MIPS: Lantiq: Fix mask of GPE frequency
  MIPS: Return -ENODEV from weak implementation of rtc_mips_set_time

Dump and reset doesn't work unless cmpxchg64() is used both from packet
and control plane paths. This approach is going to be slow though.
Instead, use a percpu seqcount to fetch counters consistently, then
subtract bytes and packets in case a reset was requested.

The cpu that running over the reset code is guaranteed to own this stats
exclusively, we have to turn counters into signed 64bit though so stats
update on reset don't get wrong on underflow.

This patch is based on original sketch from Eric Dumazet.

Fixes: 43da04a5 ("netfilter: nf_tables: atomic dump and reset for stateful objects")
Suggested-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

The hardware documentation says bit 11:10 are used for the GPE
frequency selection. Fix the mask in the define to match these bits.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Thomas Langer <thomas.langer@intel.com>
Cc: linux-mips@linux-mips.org
Cc: john@phrozen.org
Patchwork: https://patchwork.linux-mips.org/patch/14648/Signed-off-by: Ralf Baechle <ralf@linux-mips.org>