1. 15 Aug, 2017 1 commit
  2. 19 Jul, 2017 1 commit
    • Shu Wang's avatar
      audit: fix memleak in auditd_send_unicast_skb. · b0659ae5
      Shu Wang authored
      Found this issue by kmemleak report, auditd_send_unicast_skb
      did not free skb if rcu_dereference(auditd_conn) returns null.
      
      unreferenced object 0xffff88082568ce00 (size 256):
      comm "auditd", pid 1119, jiffies 4294708499
      backtrace:
      [<ffffffff8176166a>] kmemleak_alloc+0x4a/0xa0
      [<ffffffff8121820c>] kmem_cache_alloc_node+0xcc/0x210
      [<ffffffff8161b99d>] __alloc_skb+0x5d/0x290
      [<ffffffff8113c614>] audit_make_reply+0x54/0xd0
      [<ffffffff8113dfa7>] audit_receive_msg+0x967/0xd70
      ----------------
      (gdb) list *audit_receive_msg+0x967
      0xffffffff8113dff7 is in audit_receive_msg (kernel/audit.c:1133).
      1132    skb = audit_make_reply(0, AUDIT_REPLACE, 0,
                                      0, &pvnr, sizeof(pvnr));
      ---------------
      [<ffffffff8113e402>] audit_receive+0x52/0xa0
      [<ffffffff8166c561>] netlink_unicast+0x181/0x240
      [<ffffffff8166c8e2>] netlink_sendmsg+0x2c2/0x3b0
      [<ffffffff816112e8>] sock_sendmsg+0x38/0x50
      [<ffffffff816117a2>] SYSC_sendto+0x102/0x190
      [<ffffffff81612f4e>] SyS_sendto+0xe/0x10
      [<ffffffff8176d337>] entry_SYSCALL_64_fastpath+0x1a/0xa5
      [<ffffffffffffffff>] 0xffffffffffffffff
      Signed-off-by: default avatarShu Wang <shuwang@redhat.com>
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      b0659ae5
  3. 16 Jun, 2017 1 commit
  4. 13 Jun, 2017 1 commit
    • Paul Moore's avatar
      audit: fix a race condition with the auditd tracking code · c81be52a
      Paul Moore authored
      Originally reported by Adam and Dusty, it appears we have a small
      race window in kauditd_thread(), as documented in the Fedora BZ:
      
       * https://bugzilla.redhat.com/show_bug.cgi?id=1459326#c35
      
       "This issue is partly due to the read-copy nature of RCU, and
        partly due to how we sync the auditd_connection state across
        kauditd_thread and the audit control channel.  The kauditd_thread
        thread is always running so it can service the record queues and
        emit the multicast messages, if it happens to be just past the
        "main_queue" label, but before the "if (sk == NULL || ...)"
        if-statement which calls auditd_reset() when the new auditd
        connection is registered it could end up resetting the auditd
        connection, regardless of if it is valid or not.  This is a rather
        small window and the variable nature of multi-core scheduling
        explains why this is proving rather difficult to reproduce."
      
      The fix is to have functions only call auditd_reset() when they
      believe that the kernel/auditd connection is still valid, e.g.
      non-NULL, and to have these callers pass their local copy of the
      auditd_connection pointer to auditd_reset() where it can be compared
      with the current connection state before resetting.  If the caller
      has a stale state tracking pointer then the reset is ignored.
      
      We also make a small change to kauditd_thread() so that if the
      kernel/auditd connection is dead we skip the retry queue and send the
      records straight to the hold queue.  This is necessary as we used to
      rely on auditd_reset() to occasionally purge the retry queue but we
      are going to be calling the reset function much less now and we want
      to make sure the retry queue doesn't grow unbounded.
      Reported-by: default avatarAdam Williamson <awilliam@redhat.com>
      Reported-by: default avatarDusty Mabe <dustymabe@redhat.com>
      Reviewed-by: default avatarRichard Guy Briggs <rgb@redhat.com>
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      c81be52a
  5. 12 Jun, 2017 1 commit
  6. 30 May, 2017 1 commit
    • Richard Guy Briggs's avatar
      audit: add ambient capabilities to CAPSET and BPRM_FCAPS records · 7786f6b6
      Richard Guy Briggs authored
      Capabilities were augmented to include ambient capabilities in v4.3
      commit 58319057 ("capabilities: ambient capabilities").
      
      Add ambient capabilities to the audit BPRM_FCAPS and CAPSET records.
      
      The record contains fields "old_pp", "old_pi", "old_pe", "new_pp",
      "new_pi", "new_pe" so in keeping with the previous record
      normalizations, change the "new_*" variants to simply drop the "new_"
      prefix.
      
      A sample of the replaced BPRM_FCAPS record:
      RAW: type=BPRM_FCAPS msg=audit(1491468034.252:237): fver=2
      fp=0000000000200000 fi=0000000000000000 fe=1 old_pp=0000000000000000
      old_pi=0000000000000000 old_pe=0000000000000000 old_pa=0000000000000000
      pp=0000000000200000 pi=0000000000000000 pe=0000000000200000
      pa=0000000000000000
      
      INTERPRET: type=BPRM_FCAPS msg=audit(04/06/2017 04:40:34.252:237):
      fver=2 fp=sys_admin fi=none fe=chown old_pp=none old_pi=none
      old_pe=none old_pa=none pp=sys_admin pi=none pe=sys_admin pa=none
      
      A sample of the replaced CAPSET record:
      RAW: type=CAPSET msg=audit(1491469502.371:242): pid=833
      cap_pi=0000003fffffffff cap_pp=0000003fffffffff cap_pe=0000003fffffffff
      cap_pa=0000000000000000
      
      INTERPRET: type=CAPSET msg=audit(04/06/2017 05:05:02.371:242) : pid=833
      cap_pi=chown,dac_override,dac_read_search,fowner,fsetid,kill,
      setgid,setuid,setpcap,linux_immutable,net_bind_service,net_broadcast,
      net_admin,net_raw,ipc_lock,ipc_owner,sys_module,sys_rawio,sys_chroot,
      sys_ptrace,sys_pacct,sys_admin,sys_boot,sys_nice,sys_resource,sys_time,
      sys_tty_config,mknod,lease,audit_write,audit_control,setfcap,
      mac_override,mac_admin,syslog,wake_alarm,block_suspend,audit_read
      cap_pp=chown,dac_override,dac_read_search,fowner,fsetid,kill,setgid,
      setuid,setpcap,linux_immutable,net_bind_service,net_broadcast,
      net_admin,net_raw,ipc_lock,ipc_owner,sys_module,sys_rawio,sys_chroot,
      sys_ptrace,sys_pacct,sys_admin,sys_boot,sys_nice,sys_resource,
      sys_time,sys_tty_config,mknod,lease,audit_write,audit_control,setfcap,
      mac_override,mac_admin,syslog,wake_alarm,block_suspend,audit_read
      cap_pe=chown,dac_override,dac_read_search,fowner,fsetid,kill,setgid,
      setuid,setpcap,linux_immutable,net_bind_service,net_broadcast,
      net_admin,net_raw,ipc_lock,ipc_owner,sys_module,sys_rawio,sys_chroot,
      sys_ptrace,sys_pacct,sys_admin,sys_boot,sys_nice,sys_resource,
      sys_time,sys_tty_config,mknod,lease,audit_write,audit_control,setfcap,
      mac_override,mac_admin,syslog,wake_alarm,block_suspend,audit_read
      cap_pa=none
      
      See: https://github.com/linux-audit/audit-kernel/issues/40Signed-off-by: default avatarRichard Guy Briggs <rgb@redhat.com>
      Acked-by: default avatarSerge Hallyn <serge@hallyn.com>
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      7786f6b6
  7. 23 May, 2017 1 commit
    • Richard Guy Briggs's avatar
      audit: unswing cap_* fields in PATH records · 4b3e4ed6
      Richard Guy Briggs authored
      The cap_* fields swing in and out of PATH records.
      If no capabilities are set, the cap_* fields are completely missing and when
      one of the cap_fi or cap_fp values is empty, that field is omitted.
      
      Original:
      type=PATH msg=audit(04/20/2017 12:17:11.222:193) : item=1 name=/lib64/ld-linux-x86-64.so.2 inode=787694 dev=08:03 mode=file,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL
      type=PATH msg=audit(04/20/2017 12:17:11.222:193) : item=0 name=/home/sleep inode=1319469 dev=08:03 mode=file,suid,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:bin_t:s0 nametype=NORMAL cap_fp=sys_admin cap_fe=1 cap_fver=2
      
      Normalize the PATH record by always printing all 4 cap_* fields.
      
      Fixed:
      type=PATH msg=audit(04/20/2017 13:01:31.679:201) : item=1 name=/lib64/ld-linux-x86-64.so.2 inode=787694 dev=08:03 mode=file,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:ld_so_t:s0 nametype=NORMAL cap_fp=none cap_fi=none cap_fe=0 cap_fver=0
      type=PATH msg=audit(04/20/2017 13:01:31.679:201) : item=0 name=/home/sleep inode=1319469 dev=08:03 mode=file,suid,755 ouid=root ogid=root rdev=00:00 obj=system_u:object_r:bin_t:s0 nametype=NORMAL cap_fp=sys_admin cap_fi=none cap_fe=1 cap_fver=2
      
      See: https://github.com/linux-audit/audit-kernel/issues/42Signed-off-by: default avatarRichard Guy Briggs <rgb@redhat.com>
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      4b3e4ed6
  8. 02 May, 2017 14 commits
  9. 01 May, 2017 1 commit
  10. 30 Apr, 2017 3 commits
  11. 29 Apr, 2017 3 commits
  12. 28 Apr, 2017 12 commits
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 0e911788
      Linus Torvalds authored
      Pull networking fixes from David Miller:
       "Just a couple more stragglers, I really hope this is it.
      
        1) Don't let frags slip down into the GRO segmentation handlers, from
           Steffen Klassert.
      
        2) Truesize under-estimation triggers warnings in TCP over loopback
           with socket filters, 2 part fix from Eric Dumazet.
      
        3) Fix undesirable reset of bonding MTU to ETH_HLEN on slave removal,
           from Paolo Abeni.
      
        4) If we flush the XFRM policy after garbage collection, it doesn't
           work because stray entries can be created afterwards. Fix from Xin
           Long.
      
        5) Hung socket connection fixes in TIPC from Parthasarathy Bhuvaragan.
      
        6) Fix GRO regression with IPSEC when netfilter is disabled, from
           Sabrina Dubroca.
      
        7) Fix cpsw driver Kconfig dependency regression, from Arnd Bergmann"
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
        net: hso: register netdev later to avoid a race condition
        net: adjust skb->truesize in ___pskb_trim()
        tcp: do not underestimate skb->truesize in tcp_trim_head()
        bonding: avoid defaulting hard_header_len to ETH_HLEN on slave removal
        ipv4: Don't pass IP fragments to upper layer GRO handlers.
        cpsw/netcp: refine cpts dependency
        tipc: close the connection if protocol messages contain errors
        tipc: improve error validations for sockets in CONNECTING state
        tipc: Fix missing connection request handling
        xfrm: fix GRO for !CONFIG_NETFILTER
        xfrm: do the garbage collection after flushing policy
      0e911788
    • Andreas Kemnade's avatar
      net: hso: register netdev later to avoid a race condition · 4c761daf
      Andreas Kemnade authored
      If the netdev is accessed before the urbs are initialized,
      there will be NULL pointer dereferences. That is avoided by
      registering it when it is fully initialized.
      
      This case occurs e.g. if dhcpcd is running in the background
      and the device is probed, either after insmod hso or
      when the device appears on the usb bus.
      
      A backtrace is the following:
      
      [ 1357.356048] usb 1-2: new high-speed USB device number 12 using ehci-omap
      [ 1357.551177] usb 1-2: New USB device found, idVendor=0af0, idProduct=8800
      [ 1357.558654] usb 1-2: New USB device strings: Mfr=3, Product=2, SerialNumber=0
      [ 1357.568572] usb 1-2: Product: Globetrotter HSUPA Modem
      [ 1357.574096] usb 1-2: Manufacturer: Option N.V.
      [ 1357.685882] hso 1-2:1.5: Not our interface
      [ 1460.886352] hso: unloaded
      [ 1460.889984] usbcore: deregistering interface driver hso
      [ 1513.769134] hso: ../drivers/net/usb/hso.c: Option Wireless
      [ 1513.846771] Unable to handle kernel NULL pointer dereference at virtual address 00000030
      [ 1513.887664] hso 1-2:1.5: Not our interface
      [ 1513.906890] usbcore: registered new interface driver hso
      [ 1513.937988] pgd = ecdec000
      [ 1513.949890] [00000030] *pgd=acd15831, *pte=00000000, *ppte=00000000
      [ 1513.956573] Internal error: Oops: 817 [#1] PREEMPT SMP ARM
      [ 1513.962371] Modules linked in: hso usb_f_ecm omap2430 bnep bluetooth g_ether usb_f_rndis u_ether libcomposite configfs ipv6 arc4 wl18xx wlcore mac80211 cfg80211 bq27xxx_battery panel_tpo_td028ttec1 omapdrm drm_kms_helper cfbfillrect snd_soc_simple_card syscopyarea cfbimgblt snd_soc_simple_card_utils sysfillrect sysimgblt fb_sys_fops snd_soc_omap_twl4030 cfbcopyarea encoder_opa362 drm twl4030_madc_hwmon wwan_on_off snd_soc_gtm601 pwm_omap_dmtimer generic_adc_battery connector_analog_tv pwm_bl extcon_gpio omap3_isp wlcore_sdio videobuf2_dma_contig videobuf2_memops w1_bq27000 videobuf2_v4l2 videobuf2_core omap_hdq snd_soc_omap_mcbsp ov9650 snd_soc_omap bmp280_i2c bmg160_i2c v4l2_common snd_pcm_dmaengine bmp280 bmg160_core at24 bmc150_magn_i2c nvmem_core videodev phy_twl4030_usb bmc150_accel_i2c tsc2007
      [ 1514.037384]  bmc150_magn bmc150_accel_core media leds_tca6507 bno055 industrialio_triggered_buffer kfifo_buf gpio_twl4030 musb_hdrc snd_soc_twl4030 twl4030_vibra twl4030_madc twl4030_pwrbutton twl4030_charger industrialio w2sg0004 ehci_omap omapdss [last unloaded: hso]
      [ 1514.062622] CPU: 0 PID: 3433 Comm: dhcpcd Tainted: G        W       4.11.0-rc8-letux+ #1
      [ 1514.071136] Hardware name: Generic OMAP36xx (Flattened Device Tree)
      [ 1514.077758] task: ee748240 task.stack: ecdd6000
      [ 1514.082580] PC is at hso_start_net_device+0x50/0xc0 [hso]
      [ 1514.088287] LR is at hso_net_open+0x68/0x84 [hso]
      [ 1514.093231] pc : [<bf79c304>]    lr : [<bf79ced8>]    psr: a00f0013
      sp : ecdd7e20  ip : 00000000  fp : ffffffff
      [ 1514.105316] r10: 00000000  r9 : ed0e080c  r8 : ecd8fe2c
      [ 1514.110839] r7 : bf79cef4  r6 : ecd8fe00  r5 : 00000000  r4 : ed0dbd80
      [ 1514.117706] r3 : 00000000  r2 : c0020c80  r1 : 00000000  r0 : ecdb7800
      [ 1514.124572] Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
      [ 1514.132110] Control: 10c5387d  Table: acdec019  DAC: 00000051
      [ 1514.138153] Process dhcpcd (pid: 3433, stack limit = 0xecdd6218)
      [ 1514.144470] Stack: (0xecdd7e20 to 0xecdd8000)
      [ 1514.149078] 7e20: ed0dbd80 ecd8fe98 00000001 00000000 ecd8f800 ecd8fe00 ecd8fe60 00000000
      [ 1514.157714] 7e40: ed0e080c bf79ced8 bf79ce70 ecd8f800 00000001 bf7a0258 ecd8f830 c068d958
      [ 1514.166320] 7e60: c068d8b8 ecd8f800 00000001 00001091 00001090 c068dba4 ecd8f800 00001090
      [ 1514.174926] 7e80: ecd8f940 ecd8f800 00000000 c068dc60 00000000 00000001 ed0e0800 ecd8f800
      [ 1514.183563] 7ea0: 00000000 c06feaa8 c0ca39c2 beea57dc 00000020 00000000 306f7368 00000000
      [ 1514.192169] 7ec0: 00000000 00000000 00001091 00000000 00000000 00000000 00000000 00008914
      [ 1514.200805] 7ee0: eaa9ab60 beea57dc c0c9bfc0 eaa9ab40 00000006 00000000 00046858 c066a948
      [ 1514.209411] 7f00: beea57dc eaa9ab60 ecc6b0c0 c02837b0 00000006 c0282c90 0000c000 c0283654
      [ 1514.218017] 7f20: c09b0c00 c098bc31 00000001 c0c5e513 c0c5e513 00000000 c0151354 c01a20c0
      [ 1514.226654] 7f40: c0c5e513 c01a3134 ecdd6000 c01a3160 ee7487f0 600f0013 00000000 ee748240
      [ 1514.235260] 7f60: ee748734 00000000 ecc6b0c0 ecc6b0c0 beea57dc 00008914 00000006 00000000
      [ 1514.243896] 7f80: 00046858 c02837b0 00001091 0003a1f0 00046608 0003a248 00000036 c01071e4
      [ 1514.252502] 7fa0: ecdd6000 c0107040 0003a1f0 00046608 00000006 00008914 beea57dc 00001091
      [ 1514.261108] 7fc0: 0003a1f0 00046608 0003a248 00000036 0003ac0c 00046608 00046610 00046858
      [ 1514.269744] 7fe0: 0003a0ac beea57d4 000167eb b6f23106 400f0030 00000006 00000000 00000000
      [ 1514.278411] [<bf79c304>] (hso_start_net_device [hso]) from [<bf79ced8>] (hso_net_open+0x68/0x84 [hso])
      [ 1514.288238] [<bf79ced8>] (hso_net_open [hso]) from [<c068d958>] (__dev_open+0xa0/0xf4)
      [ 1514.296600] [<c068d958>] (__dev_open) from [<c068dba4>] (__dev_change_flags+0x8c/0x130)
      [ 1514.305023] [<c068dba4>] (__dev_change_flags) from [<c068dc60>] (dev_change_flags+0x18/0x48)
      [ 1514.313934] [<c068dc60>] (dev_change_flags) from [<c06feaa8>] (devinet_ioctl+0x348/0x714)
      [ 1514.322540] [<c06feaa8>] (devinet_ioctl) from [<c066a948>] (sock_ioctl+0x2b0/0x308)
      [ 1514.330627] [<c066a948>] (sock_ioctl) from [<c0282c90>] (vfs_ioctl+0x20/0x34)
      [ 1514.338165] [<c0282c90>] (vfs_ioctl) from [<c0283654>] (do_vfs_ioctl+0x82c/0x93c)
      [ 1514.346038] [<c0283654>] (do_vfs_ioctl) from [<c02837b0>] (SyS_ioctl+0x4c/0x74)
      [ 1514.353759] [<c02837b0>] (SyS_ioctl) from [<c0107040>] (ret_fast_syscall+0x0/0x1c)
      [ 1514.361755] Code: e3822103 e3822080 e1822781 e5981014 (e5832030)
      [ 1514.510833] ---[ end trace dfb3e53c657f34a0 ]---
      Reported-by: default avatarH. Nikolaus Schaller <hns@goldelico.com>
      Signed-off-by: default avatarAndreas Kemnade <andreas@kemnade.info>
      Reviewed-by: default avatarJohan Hovold <johan@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4c761daf
    • Eric Dumazet's avatar
      net: adjust skb->truesize in ___pskb_trim() · c21b48cc
      Eric Dumazet authored
      Andrey found a way to trigger the WARN_ON_ONCE(delta < len) in
      skb_try_coalesce() using syzkaller and a filter attached to a TCP
      socket.
      
      As we did recently in commit 158f323b ("net: adjust skb->truesize in
      pskb_expand_head()") we can adjust skb->truesize from ___pskb_trim(),
      via a call to skb_condense().
      
      If all frags were freed, then skb->truesize can be recomputed.
      
      This call can be done if skb is not yet owned, or destructor is
      sock_edemux().
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarAndrey Konovalov <andreyknvl@google.com>
      Cc: Willem de Bruijn <willemb@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c21b48cc
    • Eric Dumazet's avatar
      tcp: do not underestimate skb->truesize in tcp_trim_head() · 7162fb24
      Eric Dumazet authored
      Andrey found a way to trigger the WARN_ON_ONCE(delta < len) in
      skb_try_coalesce() using syzkaller and a filter attached to a TCP
      socket over loopback interface.
      
      I believe one issue with looped skbs is that tcp_trim_head() can end up
      producing skb with under estimated truesize.
      
      It hardly matters for normal conditions, since packets sent over
      loopback are never truncated.
      
      Bytes trimmed from skb->head should not change skb truesize, since
      skb->head is not reallocated.
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarAndrey Konovalov <andreyknvl@google.com>
      Tested-by: default avatarAndrey Konovalov <andreyknvl@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7162fb24
    • Paolo Abeni's avatar
      bonding: avoid defaulting hard_header_len to ETH_HLEN on slave removal · 19cdead3
      Paolo Abeni authored
      On slave list updates, the bonding driver computes its hard_header_len
      as the maximum of all enslaved devices's hard_header_len.
      If the slave list is empty, e.g. on last enslaved device removal,
      ETH_HLEN is used.
      
      Since the bonding header_ops are set only when the first enslaved
      device is attached, the above can lead to header_ops->create()
      being called with the wrong skb headroom in place.
      
      If bond0 is configured on top of ipoib devices, with the
      following commands:
      
      ifup bond0
      for slave in $BOND_SLAVES_LIST; do
      	ip link set dev $slave nomaster
      done
      ping -c 1 <ip on bond0 subnet>
      
      we will obtain a skb_under_panic() with a similar call trace:
      	skb_push+0x3d/0x40
      	push_pseudo_header+0x17/0x30 [ib_ipoib]
      	ipoib_hard_header+0x4e/0x80 [ib_ipoib]
      	arp_create+0x12f/0x220
      	arp_send_dst.part.19+0x28/0x50
      	arp_solicit+0x115/0x290
      	neigh_probe+0x4d/0x70
      	__neigh_event_send+0xa7/0x230
      	neigh_resolve_output+0x12e/0x1c0
      	ip_finish_output2+0x14b/0x390
      	ip_finish_output+0x136/0x1e0
      	ip_output+0x76/0xe0
      	ip_local_out+0x35/0x40
      	ip_send_skb+0x19/0x40
      	ip_push_pending_frames+0x33/0x40
      	raw_sendmsg+0x7d3/0xb50
      	inet_sendmsg+0x31/0xb0
      	sock_sendmsg+0x38/0x50
      	SYSC_sendto+0x102/0x190
      	SyS_sendto+0xe/0x10
      	do_syscall_64+0x67/0x180
      	entry_SYSCALL64_slow_path+0x25/0x25
      
      This change addresses the issue avoiding updating the bonding device
      hard_header_len when the slaves list become empty, forbidding to
      shrink it below the value used by header_ops->create().
      
      The bug is there since commit 54ef3137 ("[PATCH] bonding: Handle large
      hard_header_len") but the panic can be triggered only since
      commit fc791b63 ("IB/ipoib: move back IB LL address into the hard
      header").
      Reported-by: default avatarNorbert P <noe@physik.uzh.ch>
      Fixes: 54ef3137 ("[PATCH] bonding: Handle large hard_header_len")
      Fixes: fc791b63 ("IB/ipoib: move back IB LL address into the hard header")
      Signed-off-by: default avatarMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      Signed-off-by: default avatarJay Vosburgh <jay.vosburgh@canonical.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      19cdead3
    • Steffen Klassert's avatar
      ipv4: Don't pass IP fragments to upper layer GRO handlers. · 9b83e031
      Steffen Klassert authored
      Upper layer GRO handlers can not handle IP fragments, so
      exit GRO processing in this case.
      
      This fixes ESP GRO because the packet must be reassembled
      before we can decapsulate, otherwise we get authentication
      failures.
      
      It also aligns IPv4 to IPv6 where packets with fragmentation
      headers are not passed to upper layer GRO handlers.
      
      Fixes: 7785bba2 ("esp: Add a software GRO codepath")
      Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9b83e031
    • Arnd Bergmann's avatar
      cpsw/netcp: refine cpts dependency · 504926df
      Arnd Bergmann authored
      Tony Lindgren reports a kernel oops that resulted from my compile-time
      fix on the default config. This shows two problems:
      
      a) configurations that did not already enable PTP_1588_CLOCK will
         now miss the cpts driver
      
      b) when cpts support is disabled, the driver crashes. This is a
         preexisting problem that we did not notice before my patch.
      
      While the second problem is still being investigated, this modifies
      the dependencies again, getting us back to the original state, with
      another 'select NET_PTP_CLASSIFY' added in to avoid the original
      link error we got, and the 'depends on POSIX_TIMERS' to hide
      the CPTS support when turning it on would be useless.
      
      Cc: stable@vger.kernel.org # 4.11 needs this
      Fixes: 07fef362 ("cpsw/netcp: cpts depends on posix_timers")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Tested-by: default avatarTony Lindgren <tony@atomide.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      504926df
    • David S. Miller's avatar
      Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec · 5577e679
      David S. Miller authored
      Steffen Klassert says:
      
      ====================
      pull request (net): ipsec 2017-04-28
      
      1) Do garbage collecting after a policy flush to remove old
         bundles immediately. From Xin Long.
      
      2) Fix GRO if netfilter is not defined.
         From Sabrina Dubroca.
      
      Please pull or let me know if there are problems.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5577e679
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input · affb852d
      Linus Torvalds authored
      Pull input fix from Dmitry Torokhov:
       "Yet another quirk to i8042 to get touchpad recognized on some laptops"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
        Input: i8042 - add Clevo P650RS to the i8042 reset list
      affb852d
    • Arnd Bergmann's avatar
      clk: sunxi-ng: always select CCU_GATE · 36c02d0b
      Arnd Bergmann authored
      When the base driver is enabled but all SoC specific drivers are turned
      off, we now get a build error after code was added to always refer to the
      clk gates:
      
      drivers/clk/built-in.o: In function `ccu_pll_notifier_cb':
      :(.text+0x154f8): undefined reference to `ccu_gate_helper_disable'
      :(.text+0x15504): undefined reference to `ccu_gate_helper_enable'
      
      This changes the Kconfig to always require the gate code to be built-in
      when CONFIG_SUNXI_CCU is set.
      
      Fixes: 02ae2bc6 ("clk: sunxi-ng: Add clk notifier to gate then ungate PLL clocks")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Acked-by: default avatarMaxime Ripard <maxime.ripard@free-electrons.com>
      Signed-off-by: default avatarStephen Boyd <sboyd@codeaurora.org>
      36c02d0b
    • Linus Torvalds's avatar
      Merge branch 'for-linus-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs · 28b20135
      Linus Torvalds authored
      Pull btrfs fix from Chris Mason:
       "We have one more fix for btrfs.
      
        This gets rid of a new WARN_ON from rc1 that ended up making more
        noise than we really want. The larger fix for the underflow got
        delayed a bit and it's better for now to put it under
        CONFIG_BTRFS_DEBUG"
      
      * 'for-linus-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs:
        btrfs: qgroup: move noisy underflow warning to debugging build
      28b20135
    • David S. Miller's avatar
      Merge branch 'tipc-socket-connection-hangs' · c5184717
      David S. Miller authored
      Parthasarathy Bhuvaragan says:
      
      ====================
      tipc: fix hanging socket connections
      
      This patch series contains fixes for the socket layer to
      prevent hanging / stale connections.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c5184717