1. 06 Dec, 2017 4 commits
  2. 05 Dec, 2017 13 commits
    • Robb Glasser's avatar
      ALSA: pcm: prevent UAF in snd_pcm_info · 362bca57
      Robb Glasser authored
      When the device descriptor is closed, the `substream->runtime` pointer
      is freed. But another thread may be in the ioctl handler, case
      SNDRV_CTL_IOCTL_PCM_INFO. This case calls snd_pcm_info_user() which
      calls snd_pcm_info() which accesses the now freed `substream->runtime`.
      
      Note: this fixes CVE-2017-0861
      Signed-off-by: default avatarRobb Glasser <rglasser@google.com>
      Signed-off-by: default avatarNick Desaulniers <ndesaulniers@google.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      362bca57
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 13231cac
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "A bunch of fixes for aacraid, a set of coherency fixes that only
        affect non-coherent platforms and one coccinelle detected null check
        after use"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: libsas: align sata_device's rps_resp on a cacheline
        scsi: use dma_get_cache_alignment() as minimum DMA alignment
        scsi: dma-mapping: always provide dma_get_cache_alignment
        scsi: ufs: ufshcd: fix potential NULL pointer dereference in ufshcd_config_vreg
        scsi: aacraid: Prevent crash in case of free interrupt during scsi EH path
        scsi: aacraid: Perform initialization reset only once
        scsi: aacraid: Check for PCI state of device in a generic way
      13231cac
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma · e6cdd80a
      Linus Torvalds authored
      Pull rdma fixes from Jason Gunthorpe:
       "Here is the first rc pull request for RDMA. This includes an important
        core fix for a regression in iWarp if SELinux is enabled, a fix for a
        compilation regression introduced in this merge window, and one
        obscure kconfig combination that oops's the kernel.
      
        For drivers, we have hns fixes needed to make their devices work on
        certain ARM IOMMU configurations, a stack data leak for hfi1, and
        various testing discovered -rc bug fixes for i40iw.
      
        This cycle we pushed back on the driver maintainers to have better
        commit messages for -rc material"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
        IB/core: Only enforce security for InfiniBand
        RDMA/hns: Get rid of page operation after dma_alloc_coherent
        RDMA/hns: Get rid of virt_to_page and vmap calls after dma_alloc_coherent
        RDMA/hns: Fix the issue of IOVA not page continuous in hip08
        IB/core: Init subsys if compiled to vmlinuz-core
        RDMA/cma: Make sure that PSN is not over max allowed
        i40iw: Notify user of established connection after QP in RTS
        i40iw: Move MPA request event for loopback after connect
        i40iw: Correct ARP index mask
        i40iw: Do not free sqbuf when event is I40IW_TIMER_TYPE_CLOSE
        i40iw: Allocate a sdbuf per CQP WQE
        IB: INFINIBAND should depend on HAS_DMA
        IB/hfi1: Initialize bth1 in 16B rc ack builder
      e6cdd80a
    • Linus Torvalds's avatar
      Merge tag 'char-misc-4.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · 6a5e05a4
      Linus Torvalds authored
      Pull char/misc fixes from Greg KH:
       "Here are some small misc driver fixes for 4.15-rc3 to resolve reported
        issues. Specifically these are:
      
         - binder fix for a memory leak
      
         - vpd driver fixes for a number of reported problems
      
         - hyperv driver fix for memory accesses where it shouldn't be.
      
        All of these have been in linux-next for a while. There's also one
        more MAINTAINERS file update that came in today to get the Android
        developer's emails correct, which is also in this pull request, that
        was not in linux-next, but should not be an issue"
      
      * tag 'char-misc-4.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
        MAINTAINERS: update Android driver maintainers.
        firmware: vpd: Fix platform driver and device registration/unregistration
        firmware: vpd: Tie firmware kobject to device lifetime
        firmware: vpd: Destroy vpd sections in remove function
        hv: kvp: Avoid reading past allocated blocks from KVP file
        Drivers: hv: vmbus: Fix a rescind issue
        ANDROID: binder: fix transaction leak.
      6a5e05a4
    • Linus Torvalds's avatar
      Merge tag 'driver-core-4.15-rc3' of... · 1fbd55c0
      Linus Torvalds authored
      Merge tag 'driver-core-4.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
      
      Pull driver core fixes from Greg KH:
       "Here are 3 small fixes for some reported issues:
      
         - a debugfs build error that lots of people have reported
      
         - a Kconfig help text cleanup now that the firmware is not in the
           kernel tree
      
         - an ISA bus bug fix for a reported issue that has been there since
           2.6.18.
      
        All of these have been in linux-next with no reported issues"
      
      * tag 'driver-core-4.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
        firmware: cleanup FIRMWARE_IN_KERNEL message
        isa: Prevent NULL dereference in isa_bus driver callbacks
        debugfs: fix debugfs_real_fops() build error
      1fbd55c0
    • Linus Torvalds's avatar
      Merge tag 'staging-4.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging · 73996933
      Linus Torvalds authored
      Pull staging and iio driver fixes from Greg KH:
       "Here are a number of small staging and iio driver fixes for reported
        issues for 4.15-rc3. Nothing major here, the majority is IIO issues,
        like normal, but there are also some small bugfixes for a few staging
        drivers as well.
      
        Full details are in the shortlog.
      
        All of these have been in linux-next for a while with no reported
        issues"
      
      * tag 'staging-4.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
        iio: stm32: fix adc/trigger link error
        iio: health: max30102: Temperature should be in milli Celsius
        iio: fix kernel-doc build errors
        iio: adc: meson-saradc: Meson8 and Meson8b do not have REG11 and REG13
        iio: adc: meson-saradc: initialize the bandgap correctly on older SoCs
        iio: adc: meson-saradc: fix the bit_idx of the adc_en clock
        iio: proximity: sx9500: Assign interrupt from GpioIo()
        iio: adc: cpcap: fix incorrect validation
        staging: octeon-usb: use __delay() instead of cvmx_wait()
        staging: rtl8188eu: Fix incorrect response to SIOCGIWESSID
        staging: ccree: fix leak of import() after init()
        staging: comedi: ni_atmio: fix license warning.
      73996933
    • Linus Torvalds's avatar
      Merge tag 'tty-4.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty · 84dda296
      Linus Torvalds authored
      Pull tty/serial driver fixes from Greg KH:
       "Here are some small serdev and serial fixes for 4.15-rc3. They resolve
        some reported problems:
      
         - a number of serdev fixes to resolve crashes
      
         - MIPS build fixes for their serial port
      
         - a new 8250 device id
      
        All of these have been in linux-next for a while with no reported
        issues"
      
      * tag 'tty-4.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
        MIPS: Add custom serial.h with BASE_BAUD override for generic kernel
        serdev: ttyport: fix tty locking in close
        serdev: ttyport: fix NULL-deref on hangup
        serdev: fix receive_buf return value when no callback
        serdev: ttyport: add missing receive_buf sanity checks
        serial: 8250_early: Only set divisor if valid clk & baud
        serial: 8250_pci: Add Amazon PCI serial device ID
      84dda296
    • Linus Torvalds's avatar
      Merge tag 'usb-4.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · 6b0b3bda
      Linus Torvalds authored
      Pull USB fixes from Greg KH:
       "Here are a few minor USB fixes for 4.15-rc3.
      
        The largest here is the Kconfig text and configuration changes for the
        USB TypeC build options that you reported during the -rc1 merge
        window. The others are all just small fixes for reported issues, as
        well as some new device ids.
      
        The most "interesting" of anything here is the usbip fixes as it seems
        lots of people are starting to pay attention to that driver at the
        moment. These fixes should resolve all of the reported problems as of
        now.
      
        Of course there are the usual xhci and gadget fixes as well, can't go
        a pull request without those...
      
        All of these have been in linux-next for a while with no reported
        issues"
      
      * tag 'usb-4.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (22 commits)
        usb: xhci: fix panic in xhci_free_virt_devices_depth_first
        xhci: Don't show incorrect WARN message about events for empty rings
        usbip: fix usbip attach to find a port that matches the requested speed
        usbip: Fix USB device hang due to wrong enabling of scatter-gather
        uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices
        usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub
        usb: build drivers/usb/common/ when USB_SUPPORT is set
        usb: hub: Cycle HUB power when initialization fails
        USB: core: Add type-specific length check of BOS descriptors
        usb: host: fix incorrect updating of offset
        USB: ulpi: fix bus-node lookup
        USB: usbfs: Filter flags passed in from user space
        usb: add user selectable option for the whole USB Type-C Support
        usb: f_fs: Force Reserved1=1 in OS_DESC_EXT_COMPAT
        usb: gadget: core: Fix ->udc_set_speed() speed handling
        usb: gadget: allow to enable legacy drivers without USB_ETH
        usb: gadget: udc: renesas_usb3: fix number of the pipes
        usb: gadget: don't dereference g until after it has been null checked
        USB: serial: usb_debug: add new USB device id
        usb: bdc: fix platform_no_drv_owner.cocci warnings
        ...
      6b0b3bda
    • Linus Torvalds's avatar
      Merge tag 'pinctrl-v4.15-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl · 54b99370
      Linus Torvalds authored
      Pull pin control fixes from Linus Walleij:
       "As with GPIO not much action in pin control. All are driver fixes:
      
         - fix the UART2 RTS pin mode on Intel Denverton
      
         - fix the direction_output() behaviour on the Armada 37xx
      
         - fix the groups selection per-SoC on the Gemini
      
         - fix the interrupt pin bank on the Sunxi A80
      
         - fix the UART mux on the Sunxi A64
      
         - disable the strict mode on the Sunxi H5 driver"
      
      * tag 'pinctrl-v4.15-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
        pinctrl: sunxi: Disable strict mode for H5 driver
        pinctrl: sunxi: Fix A64 UART mux value
        pinctrl: sunxi: Fix A80 interrupt pin bank
        pinctrl: gemini: Fix usage of 3512 groups
        pinctrl: armada-37xx: Fix direction_output() callback behavior
        pinctrl: denverton: Fix UART2 RTS pin mode
      54b99370
    • Linus Torvalds's avatar
      Merge tag 'gpio-v4.15-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio · f81c7287
      Linus Torvalds authored
      Pull GPIO fixes from Linus Walleij:
       "Three small fixes for GPIO. Not much, I'm surprised by the silence in
        my subsystems. All driver fixes:
      
         - fix a crash in the 74x164 driver
      
         - fix IRQ banks in the DaVinci driver
      
         - fix the vendor prefix in the PCA953x driver"
      
      * tag 'gpio-v4.15-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
        gpio: pca953x: fix vendor prefix for PCA9654
        gpio: davinci: Assign first bank regs for unbanked case
        gpio: 74x164: Fix crash during .remove()
      f81c7287
    • Linus Torvalds's avatar
      remove task and stack pointer printout from oops dump · b7ad7ef7
      Linus Torvalds authored
      Geert Uytterhoeven reported a NFS oops, and pointed out that some of the
      numbers were hashed and useless.
      
      We could just turn them from '%p' into '%px', but those numbers are
      really just legacy, and useless even when not hashed.
      
      So just remove them entirely.
      Reported-by: default avatarGeert Uytterhoeven <geert@linux-m68k.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      b7ad7ef7
    • Martijn Coenen's avatar
      MAINTAINERS: update Android driver maintainers. · 66bc5df3
      Martijn Coenen authored
      Add Todd Kjos and myself, remove Riley (who no
      longer works at Google).
      Signed-off-by: default avatarMartijn Coenen <maco@android.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      66bc5df3
    • Kailang Yang's avatar
      ALSA: hda/realtek - New codec support for ALC257 · f429e7e4
      Kailang Yang authored
      Add new support for ALC257 codec.
      
      [ It's supposed to be almost equivalent with other ALC25x variants,
        just adding another type and id -- tiwai ]
      Signed-off-by: default avatarKailang Yang <kailang@realtek.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      f429e7e4
  3. 04 Dec, 2017 6 commits
    • Linus Torvalds's avatar
      Merge tag 'docs-4.15-fixes' of git://git.lwn.net/linux · fd6d2e50
      Linus Torvalds authored
      Pull documentation fixes from Jonathan Corbet:
       "A handful of documentation fixes.
      
        The most significant of these addresses a problem with the new warning
        mode: it can break the build when confronted with a source file
        containing malformed kerneldoc comments"
      
      * tag 'docs-4.15-fixes' of git://git.lwn.net/linux:
        Documentation: fix docs build error after source file removed
        scsi: documentation: Fix case of 'scsi_device' struct mention(s)
        genericirq.rst: Remove :c:func:`...` in code blocks
        dmaengine: doc : Fix warning "Title underline too short" while make xmldocs
        scripts/kernel-doc: Don't fail with status != 0 if error encountered with -none
      fd6d2e50
    • Linus Torvalds's avatar
      Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost · 2391f0b4
      Linus Torvalds authored
      Pull virtio fixes from Michael Tsirkin:
       "virtio and qemu bugfixes
      
        A couple of bugfixes that just became ready"
      
      * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
        virtio_balloon: fix increment of vb->num_pfns in fill_balloon()
        virtio: release virtio index when fail to device_register
        fw_cfg: fix driver remove
      2391f0b4
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 236fa078
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Various TCP control block fixes, including one that crashes with
          SELinux, from David Ahern and Eric Dumazet.
      
       2) Fix ACK generation in rxrpc, from David Howells.
      
       3) ipvlan doesn't set the mark properly in the ipv4 route lookup key,
          from Gao Feng.
      
       4) SIT configuration doesn't take on the frag_off ipv4 field
          configuration properly, fix from Hangbin Liu.
      
       5) TSO can fail after device down/up on stmmac, fix from Lars Persson.
      
       6) Various bpftool fixes (mostly in JSON handling) from Quentin Monnet.
      
       7) Various SKB leak fixes in vhost/tun/tap (mostly observed as
          performance problems). From Wei Xu.
      
       8) mvpps's TX descriptors were not zero initialized, from Yan Markman.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (57 commits)
        tcp: use IPCB instead of TCP_SKB_CB in inet_exact_dif_match()
        tcp: add tcp_v4_fill_cb()/tcp_v4_restore_cb()
        rxrpc: Fix the MAINTAINERS record
        rxrpc: Use correct netns source in rxrpc_release_sock()
        liquidio: fix incorrect indentation of assignment statement
        stmmac: reset last TSO segment size after device open
        ipvlan: Add the skb->mark as flow4's member to lookup route
        s390/qeth: build max size GSO skbs on L2 devices
        s390/qeth: fix GSO throughput regression
        s390/qeth: fix thinko in IPv4 multicast address tracking
        tap: free skb if flags error
        tun: free skb in early errors
        vhost: fix skb leak in handle_rx()
        bnxt_en: Fix a variable scoping in bnxt_hwrm_do_send_msg()
        bnxt_en: fix dst/src fid for vxlan encap/decap actions
        bnxt_en: wildcard smac while creating tunnel decap filter
        bnxt_en: Need to unconditionally shut down RoCE in bnxt_shutdown
        phylink: ensure we take the link down when phylink_stop() is called
        sfp: warn about modules requiring address change sequence
        sfp: improve RX_LOS handling
        ...
      236fa078
    • Chris Metcalf's avatar
      arch/tile: mark as orphaned · 8ee5ad1d
      Chris Metcalf authored
      The chip family of TILEPro and TILE-Gx was developed by Tilera, which
      was eventually acquired by Mellanox.  The tile architecture was added to
      the kernel in 2010 and first appeared in 2.6.36.
      
      Now at Mellanox we are developing new chips based on the ARM64
      architecture; our last TILE-Gx chip (the Gx72) was released in 2013, and
      our customers using tile architecture products are not, as far as we
      know, looking to upgrade to newer kernel releases.  In the absence of
      someone in the community stepping up to take over maintainership, this
      commit marks the architecture as orphaned.
      
      Cc: Chris Metcalf <metcalf@alum.mit.edu>
      Signed-off-by: default avatarChris Metcalf <cmetcalf@mellanox.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      8ee5ad1d
    • Jaejoong Kim's avatar
      ALSA: usb-audio: Add check return value for usb_string() · 89b89d12
      Jaejoong Kim authored
      snd_usb_copy_string_desc() returns zero if usb_string() fails.
      In case of failure, we need to check the snd_usb_copy_string_desc()'s
      return value and add an exception case
      Signed-off-by: default avatarJaejoong Kim <climbbb.kim@gmail.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      89b89d12
    • Jaejoong Kim's avatar
      ALSA: usb-audio: Fix out-of-bound error · 251552a2
      Jaejoong Kim authored
      The snd_usb_copy_string_desc() retrieves the usb string corresponding to
      the index number through the usb_string(). The problem is that the
      usb_string() returns the length of the string (>= 0) when successful, but
      it can also return a negative value about the error case or status of
      usb_control_msg().
      
      If iClockSource is '0' as shown below, usb_string() will returns -EINVAL.
      This will result in '0' being inserted into buf[-22], and the following
      KASAN out-of-bound error message will be output.
      
      AudioControl Interface Descriptor:
        bLength                 8
        bDescriptorType        36
        bDescriptorSubtype     10 (CLOCK_SOURCE)
        bClockID                1
        bmAttributes         0x07 Internal programmable Clock (synced to SOF)
        bmControls           0x07
        Clock Frequency Control (read/write)
        Clock Validity Control (read-only)
        bAssocTerminal          0
        iClockSource            0
      
      To fix it, check usb_string()'return value and bail out.
      
      ==================================================================
      BUG: KASAN: stack-out-of-bounds in parse_audio_unit+0x1327/0x1960 [snd_usb_audio]
      Write of size 1 at addr ffff88007e66735a by task systemd-udevd/18376
      
      CPU: 0 PID: 18376 Comm: systemd-udevd Not tainted 4.13.0+ #3
      Hardware name: LG Electronics                   15N540-RFLGL/White Tip Mountain, BIOS 15N5
      Call Trace:
      dump_stack+0x63/0x8d
      print_address_description+0x70/0x290
      ? parse_audio_unit+0x1327/0x1960 [snd_usb_audio]
      kasan_report+0x265/0x350
      __asan_store1+0x4a/0x50
      parse_audio_unit+0x1327/0x1960 [snd_usb_audio]
      ? save_stack+0xb5/0xd0
      ? save_stack_trace+0x1b/0x20
      ? save_stack+0x46/0xd0
      ? kasan_kmalloc+0xad/0xe0
      ? kmem_cache_alloc_trace+0xff/0x230
      ? snd_usb_create_mixer+0xb0/0x4b0 [snd_usb_audio]
      ? usb_audio_probe+0x4de/0xf40 [snd_usb_audio]
      ? usb_probe_interface+0x1f5/0x440
      ? driver_probe_device+0x3ed/0x660
      ? build_feature_ctl+0xb10/0xb10 [snd_usb_audio]
      ? save_stack_trace+0x1b/0x20
      ? init_object+0x69/0xa0
      ? snd_usb_find_csint_desc+0xa8/0xf0 [snd_usb_audio]
      snd_usb_mixer_controls+0x1dc/0x370 [snd_usb_audio]
      ? build_audio_procunit+0x890/0x890 [snd_usb_audio]
      ? snd_usb_create_mixer+0xb0/0x4b0 [snd_usb_audio]
      ? kmem_cache_alloc_trace+0xff/0x230
      ? usb_ifnum_to_if+0xbd/0xf0
      snd_usb_create_mixer+0x25b/0x4b0 [snd_usb_audio]
      ? snd_usb_create_stream+0x255/0x2c0 [snd_usb_audio]
      usb_audio_probe+0x4de/0xf40 [snd_usb_audio]
      ? snd_usb_autosuspend.part.7+0x30/0x30 [snd_usb_audio]
      ? __pm_runtime_idle+0x90/0x90
      ? kernfs_activate+0xa6/0xc0
      ? usb_match_one_id_intf+0xdc/0x130
      ? __pm_runtime_set_status+0x2d4/0x450
      usb_probe_interface+0x1f5/0x440
      
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarJaejoong Kim <climbbb.kim@gmail.com>
      Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
      251552a2
  4. 03 Dec, 2017 17 commits
    • Randy Dunlap's avatar
      Documentation: fix docs build error after source file removed · 9956cfef
      Randy Dunlap authored
      The pci/htirq.c file was removed so remove it from the documentation
      file also.
      
      Error: Cannot open file ../drivers/pci/htirq.c
      WARNING: kernel-doc '../scripts/kernel-doc -rst -enable-lineno -export ../drivers/pci/htirq.c' failed with return code 2
      
      Fixes: fd2fa6c1 ("x86/PCI: Remove unused HyperTransport interrupt support")
      Signed-off-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Signed-off-by: default avatarJonathan Corbet <corbet@lwn.net>
      9956cfef
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf · c2eb6d07
      David S. Miller authored
      Daniel Borkmann says:
      
      ====================
      pull-request: bpf 2017-12-02
      
      The following pull-request contains BPF updates for your *net* tree.
      
      The main changes are:
      
      1) Fix a compilation warning in xdp redirect tracepoint due to
         missing bpf.h include that pulls in struct bpf_map, from Xie.
      
      2) Limit the maximum number of attachable BPF progs for a given
         perf event as long as uabi is not frozen yet. The hard upper
         limit is now 64 and therefore the same as with BPF multi-prog
         for cgroups. Also add related error checking for the sample
         BPF loader when enabling and attaching to the perf event, from
         Yonghong.
      
      3) Specifically set the RLIMIT_MEMLOCK for the test_verifier_log
         case, so that the test case can always pass and not fail in
         some environments due to too low default limit, also from
         Yonghong.
      
      4) Fix up a missing license header comment for kernel/bpf/offload.c,
         from Jakub.
      
      5) Several fixes for bpftool, among others a crash on incorrect
         arguments when json output is used, error message handling
         fixes on unknown options and proper destruction of json writer
         for some exit cases, all from Quentin.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c2eb6d07
    • David S. Miller's avatar
      Merge branch 'tcp-cb-selinux-corruption' · e4485c74
      David S. Miller authored
      Eric Dumazet says:
      
      ====================
      tcp: add tcp_v4_fill_cb()/tcp_v4_restore_cb()
      
      James Morris reported kernel stack corruption bug that
      we tracked back to commit 971f10ec ("tcp: better TCP_SKB_CB
      layout to reduce cache line misses")
      
      First patch needs to be backported to kernels >= 3.18,
      while second patch needs to be backported to kernels >= 4.9, since
      this was the time when inet_exact_dif_match appeared.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e4485c74
    • David Ahern's avatar
      tcp: use IPCB instead of TCP_SKB_CB in inet_exact_dif_match() · b4d1605a
      David Ahern authored
      After this fix : ("tcp: add tcp_v4_fill_cb()/tcp_v4_restore_cb()"),
      socket lookups happen while skb->cb[] has not been mangled yet by TCP.
      
      Fixes: a04a480d ("net: Require exact match for TCP socket lookups if dif is l3mdev")
      Signed-off-by: default avatarDavid Ahern <dsahern@gmail.com>
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b4d1605a
    • Eric Dumazet's avatar
      tcp: add tcp_v4_fill_cb()/tcp_v4_restore_cb() · eeea10b8
      Eric Dumazet authored
      James Morris reported kernel stack corruption bug [1] while
      running the SELinux testsuite, and bisected to a recent
      commit bffa72cf ("net: sk_buff rbnode reorg")
      
      We believe this commit is fine, but exposes an older bug.
      
      SELinux code runs from tcp_filter() and might send an ICMP,
      expecting IP options to be found in skb->cb[] using regular IPCB placement.
      
      We need to defer TCP mangling of skb->cb[] after tcp_filter() calls.
      
      This patch adds tcp_v4_fill_cb()/tcp_v4_restore_cb() in a very
      similar way we added them for IPv6.
      
      [1]
      [  339.806024] SELinux: failure in selinux_parse_skb(), unable to parse packet
      [  339.822505] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffffff81745af5
      [  339.822505]
      [  339.852250] CPU: 4 PID: 3642 Comm: client Not tainted 4.15.0-rc1-test #15
      [  339.868498] Hardware name: LENOVO 10FGS0VA1L/30BC, BIOS FWKT68A   01/19/2017
      [  339.885060] Call Trace:
      [  339.896875]  <IRQ>
      [  339.908103]  dump_stack+0x63/0x87
      [  339.920645]  panic+0xe8/0x248
      [  339.932668]  ? ip_push_pending_frames+0x33/0x40
      [  339.946328]  ? icmp_send+0x525/0x530
      [  339.958861]  ? kfree_skbmem+0x60/0x70
      [  339.971431]  __stack_chk_fail+0x1b/0x20
      [  339.984049]  icmp_send+0x525/0x530
      [  339.996205]  ? netlbl_skbuff_err+0x36/0x40
      [  340.008997]  ? selinux_netlbl_err+0x11/0x20
      [  340.021816]  ? selinux_socket_sock_rcv_skb+0x211/0x230
      [  340.035529]  ? security_sock_rcv_skb+0x3b/0x50
      [  340.048471]  ? sk_filter_trim_cap+0x44/0x1c0
      [  340.061246]  ? tcp_v4_inbound_md5_hash+0x69/0x1b0
      [  340.074562]  ? tcp_filter+0x2c/0x40
      [  340.086400]  ? tcp_v4_rcv+0x820/0xa20
      [  340.098329]  ? ip_local_deliver_finish+0x71/0x1a0
      [  340.111279]  ? ip_local_deliver+0x6f/0xe0
      [  340.123535]  ? ip_rcv_finish+0x3a0/0x3a0
      [  340.135523]  ? ip_rcv_finish+0xdb/0x3a0
      [  340.147442]  ? ip_rcv+0x27c/0x3c0
      [  340.158668]  ? inet_del_offload+0x40/0x40
      [  340.170580]  ? __netif_receive_skb_core+0x4ac/0x900
      [  340.183285]  ? rcu_accelerate_cbs+0x5b/0x80
      [  340.195282]  ? __netif_receive_skb+0x18/0x60
      [  340.207288]  ? process_backlog+0x95/0x140
      [  340.218948]  ? net_rx_action+0x26c/0x3b0
      [  340.230416]  ? __do_softirq+0xc9/0x26a
      [  340.241625]  ? do_softirq_own_stack+0x2a/0x40
      [  340.253368]  </IRQ>
      [  340.262673]  ? do_softirq+0x50/0x60
      [  340.273450]  ? __local_bh_enable_ip+0x57/0x60
      [  340.285045]  ? ip_finish_output2+0x175/0x350
      [  340.296403]  ? ip_finish_output+0x127/0x1d0
      [  340.307665]  ? nf_hook_slow+0x3c/0xb0
      [  340.318230]  ? ip_output+0x72/0xe0
      [  340.328524]  ? ip_fragment.constprop.54+0x80/0x80
      [  340.340070]  ? ip_local_out+0x35/0x40
      [  340.350497]  ? ip_queue_xmit+0x15c/0x3f0
      [  340.361060]  ? __kmalloc_reserve.isra.40+0x31/0x90
      [  340.372484]  ? __skb_clone+0x2e/0x130
      [  340.382633]  ? tcp_transmit_skb+0x558/0xa10
      [  340.393262]  ? tcp_connect+0x938/0xad0
      [  340.403370]  ? ktime_get_with_offset+0x4c/0xb0
      [  340.414206]  ? tcp_v4_connect+0x457/0x4e0
      [  340.424471]  ? __inet_stream_connect+0xb3/0x300
      [  340.435195]  ? inet_stream_connect+0x3b/0x60
      [  340.445607]  ? SYSC_connect+0xd9/0x110
      [  340.455455]  ? __audit_syscall_entry+0xaf/0x100
      [  340.466112]  ? syscall_trace_enter+0x1d0/0x2b0
      [  340.476636]  ? __audit_syscall_exit+0x209/0x290
      [  340.487151]  ? SyS_connect+0xe/0x10
      [  340.496453]  ? do_syscall_64+0x67/0x1b0
      [  340.506078]  ? entry_SYSCALL64_slow_path+0x25/0x25
      
      Fixes: 971f10ec ("tcp: better TCP_SKB_CB layout to reduce cache line misses")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarJames Morris <james.l.morris@oracle.com>
      Tested-by: default avatarJames Morris <james.l.morris@oracle.com>
      Tested-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      eeea10b8
    • Linus Torvalds's avatar
      Linux 4.15-rc2 · ae64f9bd
      Linus Torvalds authored
      ae64f9bd
    • Linus Torvalds's avatar
      Merge branch 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm · 87fc5c68
      Linus Torvalds authored
      Pull ARM fix from Russell King:
       "Just one fix this time around, for the late commit in the merge window
        that triggered a problem with qemu. Qemu is apparently also going to
        receive a fix for the discovered issue"
      
      * 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm:
        ARM: avoid faulting on qemu
      87fc5c68
    • Linus Torvalds's avatar
      Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux · ae4806a3
      Linus Torvalds authored
      Pull i2c fixes from Wolfram Sang:
       "Here are two bugfixes for I2C, fixing a memleak in the core and irq
        allocation for i801.
      
        Also three bugfixes for the at24 eeprom driver which Bartosz collected
        while taking over maintainership for this driver"
      
      * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
        eeprom: at24: check at24_read/write arguments
        eeprom: at24: fix reading from 24MAC402/24MAC602
        eeprom: at24: correctly set the size for at24mac402
        i2c: i2c-boardinfo: fix memory leaks on devinfo
        i2c: i801: Fix Failed to allocate irq -2147483648 error
      ae4806a3
    • Linus Torvalds's avatar
      Merge tag 'hwmon-for-linus-v4.15-rc2' of... · 49a418d7
      Linus Torvalds authored
      Merge tag 'hwmon-for-linus-v4.15-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging
      
      Pull hwmon fixes from Guenter Roeck:
       "Fixes:
      
         - Drop reference to obsolete maintainer tree
      
         - Fix overflow bug in pmbus driver
      
         - Fix SMBUS timeout problem in jc42 driver
      
        For the SMBUS timeout handling, we had a brief discussion if this
        should be considered a bug fix or a feature. Peter says "it fixes real
        problems where the application misbehave due to faulty content when
        reading from an eeprom", and he needs the patch in his company's v4.14
        images. This is good enough for me and warrants backport to stable
        kernels"
      
      * tag 'hwmon-for-linus-v4.15-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
        hwmon: (jc42) optionally try to disable the SMBUS timeout
        hwmon: (pmbus) Use 64bit math for DIRECT format values
        hwmon: Drop reference to Jean's tree
      49a418d7
    • David Howells's avatar
      rxrpc: Fix the MAINTAINERS record · bcd1d601
      David Howells authored
      Fix the MAINTAINERS record so that it's more obvious who the maintainer for
      AF_RXRPC is.
      Reported-by: default avatarJoe Perches <joe@perches.com>
      Reported-by: default avatarDavid Miller <davem@davemloft.net>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bcd1d601
    • David Howells's avatar
      rxrpc: Use correct netns source in rxrpc_release_sock() · c5012564
      David Howells authored
      In rxrpc_release_sock() there may be no rx->local value to access, so we
      can't unconditionally follow it to the rxrpc network namespace information
      to poke the connection reapers.
      
      Instead, use the socket's namespace pointer to find the namespace.
      
      This unfixed code causes the following static checker warning:
      
      	net/rxrpc/af_rxrpc.c:898 rxrpc_release_sock()
      	error: we previously assumed 'rx->local' could be null (see line 887)
      
      Fixes: 3d18cbb7 ("rxrpc: Fix conn expiry timers")
      Reported-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c5012564
    • Greg Kroah-Hartman's avatar
      Merge tag 'iio-fixes-for-4.15a' of... · e168e984
      Greg Kroah-Hartman authored
      Merge tag 'iio-fixes-for-4.15a' of git://git.kernel.org/pub/scm/linux/kernel/git/jic23/iio into staging-linus
      
      Jonathan writes:
      
      First set of IIO fixes in the 4.15 cycle.
      
      * kernel-doc
        - fix a build error from symbols ending in _ by making them _*
      * cpcap
        - Fix wrong handling of platform_get_irq_by_name which can return a
          postive value on success.
      * max30102
        - ABI says temperature should bein milli Celsius after scaling. Here it
          was in Celsius.
      * meson-saradc:
        - for Meson8/8b the gate clock bit was wrongly selected due to ffs/fls fun.
        - bandgap was not initialized properly on older socs.  Mostly got away
          with this because the bootloader was doing it for us.
        - Meson8/8b don't have some registers in the general regmap config. Give
          them their own ones.
      * stm32-lptimer/stm32-adc trigger
        - Fix a link error when optional stm32-lptimer driver isn't built.
      * sx9500
        - we recently removed explict handling of ACPI provided gpio interrupts
          as the core i2c acpi code started providing them directly.  Unfortuantely
          there are ACPI tables out there that use GpioIO resources and it doesn't
          know to map those as interrupts.  As such partial revert the removal
          of this handling from the driver.
      e168e984
    • Colin Ian King's avatar
      liquidio: fix incorrect indentation of assignment statement · 886afc1d
      Colin Ian King authored
      Remove one extraneous level of indentation on assignment statement.
      Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      886afc1d
    • David S. Miller's avatar
      Merge tag 'linux-can-fixes-for-4.15-20171201' of... · ed75e1ac
      David S. Miller authored
      Merge tag 'linux-can-fixes-for-4.15-20171201' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can
      
      Marc Kleine-Budde says:
      
      ====================
      pull-request: can 2017-12-01
      
      this is a pull for net consisting of nine patches.
      
      The first three patches are by Jimmy Assarsson for the kvaser_usb driver
      and add the missing free()s in some error path, a signed/unsigned
      comparison and ratelimit the error messages in case of incomplete
      messages. Oliver Stäbler's patch for the ti_hecc driver fix the napi
      poll function's return value. The return values of the probe function of
      the peak_canfd and peak_pci PCI drivers are fixed by Stephane Grosjean's
      patch. Two patches by me for the flexcan driver update the
      bugs/features/quirks overview table and fix the error state transition
      for the VF610 SoC. The two patches by Martin Kelly for the mcba_usb
      driver fix a typo and a device disconnect bug.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ed75e1ac
    • Wolfram Sang's avatar
      Merge tag 'at24-4.15-fixes-for-wolfram' of... · edef3098
      Wolfram Sang authored
      Merge tag 'at24-4.15-fixes-for-wolfram' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux into i2c/for-current
      
      Please consider pulling the following fixes for v4.15. While it doesn't
      fix any regression introduced in the v4.15 merge window, we have a
      feature in at24 since linux v4.8 - reading the mac address block from
      at24mac series - which turned out to be not working.
      
      This pull request contains changes that fix it together with a patch
      that hardens the read and write argument sanitization with
      out-of-bounds checks that were missing.
      edef3098
    • Lars Persson's avatar
      stmmac: reset last TSO segment size after device open · 45ab4b13
      Lars Persson authored
      The mss variable tracks the last max segment size sent to the TSO
      engine. We do not update the hardware as long as we receive skb:s with
      the same value in gso_size.
      
      During a network device down/up cycle (mapped to stmmac_release() and
      stmmac_open() callbacks) we issue a reset to the hardware and it
      forgets the setting for mss. However we did not zero out our mss
      variable so the next transmission of a gso packet happens with an
      undefined hardware setting.
      
      This triggers a hang in the TSO engine and eventuelly the netdev
      watchdog will bark.
      
      Fixes: f748be53 ("stmmac: support new GMAC4")
      Signed-off-by: default avatarLars Persson <larper@axis.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      45ab4b13
    • Gao Feng's avatar
      ipvlan: Add the skb->mark as flow4's member to lookup route · a98a4ebc
      Gao Feng authored
      Current codes don't use skb->mark to assign flowi4_mark, it would
      make the policy route rule with fwmark doesn't work as expected.
      Signed-off-by: default avatarGao Feng <gfree.wind@vip.163.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a98a4ebc