1. 13 May, 2019 9 commits
    • Jarod Wilson's avatar
      bonding: fix arp_validate toggling in active-backup mode · a9b8a2b3
      Jarod Wilson authored
      There's currently a problem with toggling arp_validate on and off with an
      active-backup bond. At the moment, you can start up a bond, like so:
      
      modprobe bonding mode=1 arp_interval=100 arp_validate=0 arp_ip_targets=192.168.1.1
      ip link set bond0 down
      echo "ens4f0" > /sys/class/net/bond0/bonding/slaves
      echo "ens4f1" > /sys/class/net/bond0/bonding/slaves
      ip link set bond0 up
      ip addr add 192.168.1.2/24 dev bond0
      
      Pings to 192.168.1.1 work just fine. Now turn on arp_validate:
      
      echo 1 > /sys/class/net/bond0/bonding/arp_validate
      
      Pings to 192.168.1.1 continue to work just fine. Now when you go to turn
      arp_validate off again, the link falls flat on it's face:
      
      echo 0 > /sys/class/net/bond0/bonding/arp_validate
      dmesg
      ...
      [133191.911987] bond0: Setting arp_validate to none (0)
      [133194.257793] bond0: bond_should_notify_peers: slave ens4f0
      [133194.258031] bond0: link status definitely down for interface ens4f0, disabling it
      [133194.259000] bond0: making interface ens4f1 the new active one
      [133197.330130] bond0: link status definitely down for interface ens4f1, disabling it
      [133197.331191] bond0: now running without any active interface!
      
      The problem lies in bond_options.c, where passing in arp_validate=0
      results in bond->recv_probe getting set to NULL. This flies directly in
      the face of commit 3fe68df9, which says we need to set recv_probe =
      bond_arp_recv, even if we're not using arp_validate. Said commit fixed
      this in bond_option_arp_interval_set, but missed that we can get to that
      same state in bond_option_arp_validate_set as well.
      
      One solution would be to universally set recv_probe = bond_arp_recv here
      as well, but I don't think bond_option_arp_validate_set has any business
      touching recv_probe at all, and that should be left to the arp_interval
      code, so we can just make things much tidier here.
      
      Fixes: 3fe68df9 ("bonding: always set recv_probe to bond_arp_rcv in arp monitor")
      CC: Jay Vosburgh <j.vosburgh@gmail.com>
      CC: Veaceslav Falico <vfalico@gmail.com>
      CC: Andy Gospodarek <andy@greyhouse.net>
      CC: "David S. Miller" <davem@davemloft.net>
      CC: netdev@vger.kernel.org
      Signed-off-by: default avatarJarod Wilson <jarod@redhat.com>
      Signed-off-by: default avatarJay Vosburgh <jay.vosburgh@canonical.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a9b8a2b3
    • Jerome Brunet's avatar
      net: meson: fixup g12a glue ephy id · 0ecfc7e1
      Jerome Brunet authored
      The phy id chosen by Amlogic is incorrectly set in the mdio mux and
      does not match the phy driver.
      
      It was not detected before because DT forces the use the correct driver
      for the internal PHY.
      
      Fixes: 70904251 ("net: phy: add amlogic g12a mdio mux support")
      Reported-by: default avatarQi Duan <qi.duan@amlogic.com>
      Signed-off-by: default avatarJerome Brunet <jbrunet@baylibre.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0ecfc7e1
    • Kunihiko Hayashi's avatar
      net: phy: realtek: Replace phy functions with non-locked version in rtl8211e_config_init() · dffe7d2e
      Kunihiko Hayashi authored
      After calling phy_select_page() and until calling phy_restore_page(),
      the mutex 'mdio_lock' is already locked, so the driver should use
      non-locked version of phy functions. Or there will be a deadlock with
      'mdio_lock'.
      
      This replaces phy functions called from rtl8211e_config_init() to avoid
      the deadlock issue.
      
      Fixes: f81dadbc ("net: phy: realtek: Add rtl8211e rx/tx delays config")
      Signed-off-by: default avatarKunihiko Hayashi <hayashi.kunihiko@socionext.com>
      Reviewed-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      dffe7d2e
    • Thomas Bogendoerfer's avatar
      net: seeq: fix crash caused by not set dev.parent · 5afcd14c
      Thomas Bogendoerfer authored
      The old MIPS implementation of dma_cache_sync() didn't use the dev argument,
      but commit c9eb6172 ("dma-mapping: turn dma_cache_sync into a
      dma_map_ops method") changed that, so we now need to set dev.parent.
      Signed-off-by: default avatarThomas Bogendoerfer <tbogendoerfer@suse.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5afcd14c
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf · 3ebb41bf
      David S. Miller authored
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter fixes for net
      
      The following patchset contains Netfilter fixes for net:
      
      1) Postpone chain policy update to drop after transaction is complete,
         from Florian Westphal.
      
      2) Add entry to flowtable after confirmation to fix UDP flows with
         packets going in one single direction.
      
      3) Reference count leak in dst object, from Taehee Yoo.
      
      4) Check for TTL field in flowtable datapath, from Taehee Yoo.
      
      5) Fix h323 conntrack helper due to incorrect boundary check,
         from Jakub Jankowski.
      
      6) Fix incorrect rcu dereference when fetching basechain stats,
         from Florian Westphal.
      
      7) Missing error check when adding new entries to flowtable,
         from Taehee Yoo.
      
      8) Use version field in nfnetlink message to honor the nfgen_family
         field, from Kristian Evensen.
      
      9) Remove incorrect configuration check for CONFIG_NF_CONNTRACK_IPV6,
         from Subash Abhinov Kasiviswanathan.
      
      10) Prevent dying entries from being added to the flowtable,
          from Taehee Yoo.
      
      11) Don't hit WARN_ON() with malformed blob in ebtables with
          trailing data after last rule, reported by syzbot, patch
          from Florian Westphal.
      
      12) Remove NFT_CT_TIMEOUT enumeration, never used in the kernel
          code.
      
      13) Fix incorrect definition for NFT_LOGLEVEL_MAX, from Florian
          Westphal.
      
      This batch comes with a conflict that can be fixed with this patch:
      
      diff --cc include/uapi/linux/netfilter/nf_tables.h
      index 7bdb234f3d8c,f0cf7b0f4f35..505393c6e959
      --- a/include/uapi/linux/netfilter/nf_tables.h
      +++ b/include/uapi/linux/netfilter/nf_tables.h
      @@@ -966,6 -966,8 +966,7 @@@ enum nft_socket_keys
         * @NFT_CT_DST_IP: conntrack layer 3 protocol destination (IPv4 address)
         * @NFT_CT_SRC_IP6: conntrack layer 3 protocol source (IPv6 address)
         * @NFT_CT_DST_IP6: conntrack layer 3 protocol destination (IPv6 address)
       - * @NFT_CT_TIMEOUT: connection tracking timeout policy assigned to conntrack
      +  * @NFT_CT_ID: conntrack id
         */
        enum nft_ct_keys {
        	NFT_CT_STATE,
      @@@ -991,6 -993,8 +992,7 @@@
        	NFT_CT_DST_IP,
        	NFT_CT_SRC_IP6,
        	NFT_CT_DST_IP6,
       -	NFT_CT_TIMEOUT,
      + 	NFT_CT_ID,
        	__NFT_CT_MAX
        };
        #define NFT_CT_MAX		(__NFT_CT_MAX - 1)
      
      That replaces the unused NFT_CT_TIMEOUT definition by NFT_CT_ID. If you prefer,
      I can also solve this conflict here, just let me know.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3ebb41bf
    • Petr Štetiar's avatar
      of_net: Fix missing of_find_device_by_node ref count drop · 3ee9ae74
      Petr Štetiar authored
      of_find_device_by_node takes a reference to the embedded struct device
      which needs to be dropped after use.
      
      Fixes: d01f449c ("of_net: add NVMEM support to of_get_mac_address")
      Reported-by: default avatarkbuild test robot <lkp@intel.com>
      Reported-by: default avatarJulia Lawall <julia.lawall@lip6.fr>
      Signed-off-by: default avatarPetr Štetiar <ynezz@true.cz>
      Reviewed-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3ee9ae74
    • Maxime Chevallier's avatar
      net: mvpp2: cls: Add missing NETIF_F_NTUPLE flag · da86f59f
      Maxime Chevallier authored
      Now that the mvpp2 driver supports classification offloading, we must
      add the NETIF_F_NTUPLE to the features list.
      
      Since the current code doesn't allow disabling the feature, we don't set
      the flag in dev->hw_features.
      
      Fixes: 90b509b3 ("net: mvpp2: cls: Add Classification offload support")
      Reported-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
      Acked-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
      Signed-off-by: default avatarMaxime Chevallier <maxime.chevallier@bootlin.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      da86f59f
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf · 69dda13f
      David S. Miller authored
      Daniel Borkmann says:
      
      ====================
      pull-request: bpf 2019-05-13
      
      The following pull-request contains BPF updates for your *net* tree.
      
      The main changes are:
      
      1) Fix out of bounds backwards jumps due to a bug in dead code
         removal, from Daniel.
      
      2) Fix libbpf users by detecting unsupported BTF kernel features
         and sanitize them before load, from Andrii.
      
      3) Fix undefined behavior in narrow load handling of context
         fields, from Krzesimir.
      
      4) Various BPF uapi header doc/man page fixes, from Quentin.
      
      5) Misc .gitignore fixups to exclude built files, from Kelsey.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      69dda13f
    • Krzesimir Nowak's avatar
      bpf: fix undefined behavior in narrow load handling · e2f7fc0a
      Krzesimir Nowak authored
      Commit 31fd8581 ("bpf: permits narrower load from bpf program
      context fields") made the verifier add AND instructions to clear the
      unwanted bits with a mask when doing a narrow load. The mask is
      computed with
      
        (1 << size * 8) - 1
      
      where "size" is the size of the narrow load. When doing a 4 byte load
      of a an 8 byte field the verifier shifts the literal 1 by 32 places to
      the left. This results in an overflow of a signed integer, which is an
      undefined behavior. Typically, the computed mask was zero, so the
      result of the narrow load ended up being zero too.
      
      Cast the literal to long long to avoid overflows. Note that narrow
      load of the 4 byte fields does not have the undefined behavior,
      because the load size can only be either 1 or 2 bytes, so shifting 1
      by 8 or 16 places will not overflow it. And reading 4 bytes would not
      be a narrow load of a 4 bytes field.
      
      Fixes: 31fd8581 ("bpf: permits narrower load from bpf program context fields")
      Reviewed-by: default avatarAlban Crequy <alban@kinvolk.io>
      Reviewed-by: default avatarIago López Galeiras <iago@kinvolk.io>
      Signed-off-by: default avatarKrzesimir Nowak <krzesimir@kinvolk.io>
      Cc: Yonghong Song <yhs@fb.com>
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      e2f7fc0a
  2. 12 May, 2019 14 commits
  3. 11 May, 2019 3 commits
    • Heiner Kallweit's avatar
      net: phy: realtek: fix double page ops in generic Realtek driver · 8f779443
      Heiner Kallweit authored
      When adding missing callbacks I missed that one had them set already.
      Interesting that the compiler didn't complain.
      
      Fixes: daf3ddbe ("net: phy: realtek: add missing page operations")
      Signed-off-by: default avatarHeiner Kallweit <hkallweit1@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8f779443
    • Nicholas Mc Guire's avatar
      net: qrtr: use protocol endiannes variable · 8f5e2451
      Nicholas Mc Guire authored
      sparse was unable to verify endiannes correctness due to reassignment
      from le32_to_cpu to the same variable - fix this warning up by providing
      a proper __le32 type and initializing it. This is not actually fixing
      any bug - rather just addressing the sparse warning.
      Signed-off-by: default avatarNicholas Mc Guire <hofrat@osadl.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8f5e2451
    • Daniel Borkmann's avatar
      bpf: fix out of bounds backwards jmps due to dead code removal · af959b18
      Daniel Borkmann authored
      systemtap folks reported the following splat recently:
      
        [ 7790.862212] WARNING: CPU: 3 PID: 26759 at arch/x86/kernel/kprobes/core.c:1022 kprobe_fault_handler+0xec/0xf0
        [...]
        [ 7790.864113] CPU: 3 PID: 26759 Comm: sshd Not tainted 5.1.0-0.rc7.git1.1.fc31.x86_64 #1
        [ 7790.864198] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS[...]
        [ 7790.864314] RIP: 0010:kprobe_fault_handler+0xec/0xf0
        [ 7790.864375] Code: 48 8b 50 [...]
        [ 7790.864714] RSP: 0018:ffffc06800bdbb48 EFLAGS: 00010082
        [ 7790.864812] RAX: ffff9e2b75a16320 RBX: 0000000000000000 RCX: 0000000000000000
        [ 7790.865306] RDX: ffffffffffffffff RSI: 000000000000000e RDI: ffffc06800bdbbf8
        [ 7790.865514] RBP: ffffc06800bdbbf8 R08: 0000000000000000 R09: 0000000000000000
        [ 7790.865960] R10: 0000000000000000 R11: 0000000000000000 R12: ffffc06800bdbbf8
        [ 7790.866037] R13: ffff9e2ab56a0418 R14: ffff9e2b6d0bb400 R15: ffff9e2b6d268000
        [ 7790.866114] FS:  00007fde49937d80(0000) GS:ffff9e2b75a00000(0000) knlGS:0000000000000000
        [ 7790.866193] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
        [ 7790.866318] CR2: 0000000000000000 CR3: 000000012f312000 CR4: 00000000000006e0
        [ 7790.866419] Call Trace:
        [ 7790.866677]  do_user_addr_fault+0x64/0x480
        [ 7790.867513]  do_page_fault+0x33/0x210
        [ 7790.868002]  async_page_fault+0x1e/0x30
        [ 7790.868071] RIP: 0010:          (null)
        [ 7790.868144] Code: Bad RIP value.
        [ 7790.868229] RSP: 0018:ffffc06800bdbca8 EFLAGS: 00010282
        [ 7790.868362] RAX: ffff9e2b598b60f8 RBX: ffffc06800bdbe48 RCX: 0000000000000004
        [ 7790.868629] RDX: 0000000000000004 RSI: ffffc06800bdbc6c RDI: ffff9e2b598b60f0
        [ 7790.868834] RBP: ffffc06800bdbcf8 R08: 0000000000000000 R09: 0000000000000004
        [ 7790.870432] R10: 00000000ff6f7a03 R11: 0000000000000000 R12: 0000000000000001
        [ 7790.871859] R13: ffffc06800bdbcb8 R14: 0000000000000000 R15: ffff9e2acd0a5310
        [ 7790.873455]  ? vfs_read+0x5/0x170
        [ 7790.874639]  ? vfs_read+0x1/0x170
        [ 7790.875834]  ? trace_call_bpf+0xf6/0x260
        [ 7790.877044]  ? vfs_read+0x1/0x170
        [ 7790.878208]  ? vfs_read+0x5/0x170
        [ 7790.879345]  ? kprobe_perf_func+0x233/0x260
        [ 7790.880503]  ? vfs_read+0x1/0x170
        [ 7790.881632]  ? vfs_read+0x5/0x170
        [ 7790.882751]  ? kprobe_ftrace_handler+0x92/0xf0
        [ 7790.883926]  ? __vfs_read+0x30/0x30
        [ 7790.885050]  ? ftrace_ops_assist_func+0x94/0x100
        [ 7790.886183]  ? vfs_read+0x1/0x170
        [ 7790.887283]  ? vfs_read+0x5/0x170
        [ 7790.888348]  ? ksys_read+0x5a/0xe0
        [ 7790.889389]  ? do_syscall_64+0x5c/0xa0
        [ 7790.890401]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
      
      After some debugging, turns out that the logic in 2cbd95a5
      ("bpf: change parameters of call/branch offset adjustment") has
      a bug that is exposed after 52875a04 ("bpf: verifier: remove
      dead code") in that we miss some of the jump offset adjustments
      after code patching when we remove dead code, more concretely,
      upon backward jump spanning over the area that is being removed.
      
      BPF insns of a case that was hit pre 52875a04:
      
        [...]
        676: (85) call bpf_perf_event_output#-47616
        677: (05) goto pc-636
        678: (62) *(u32 *)(r10 -64) = 0
        679: (bf) r7 = r10
        680: (07) r7 += -64
        681: (05) goto pc-44
        682: (05) goto pc-1
        683: (05) goto pc-1
      
      BPF insns afterwards:
      
        [...]
        618: (85) call bpf_perf_event_output#-47616
        619: (05) goto pc-638
        620: (62) *(u32 *)(r10 -64) = 0
        621: (bf) r7 = r10
        622: (07) r7 += -64
        623: (05) goto pc-44
      
      To illustrate the bug, situation looks as follows:
           ____
        0 |    | <-- foo: [...]
        1 |____|
        2 |____| <-- pos / end_new  ^
        3 |    |                    |
        4 |    |                    |  len
        5 |____|                    |  (remove region)
        6 |    | <-- end_old        v
        7 |    |
        8 |    | <-- curr  (jmp foo)
        9 |____|
      
      The condition curr >= end_new && curr + off + 1 < end_new in the
      branch delta adjustments is never hit because curr + off + 1 <
      end_new is compared as unsigned and therefore curr + off + 1 >
      end_new in unsigned realm as curr + off + 1 becomes negative
      since the insns are memmove()'d before the offset adjustments.
      
      Correct BPF insns after this fix:
      
        [...]
        618: (85) call bpf_perf_event_output#-47216
        619: (05) goto pc-578
        620: (62) *(u32 *)(r10 -64) = 0
        621: (bf) r7 = r10
        622: (07) r7 += -64
        623: (05) goto pc-44
      
      Note that unprivileged case is not affected from this.
      
      Fixes: 52875a04 ("bpf: verifier: remove dead code")
      Fixes: 2cbd95a5 ("bpf: change parameters of call/branch offset adjustment")
      Reported-by: default avatarFrank Ch. Eigler <fche@redhat.com>
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Reviewed-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
      Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      af959b18
  4. 10 May, 2019 14 commits
    • Heiner Kallweit's avatar
      net: phy: realtek: add missing page operations · daf3ddbe
      Heiner Kallweit authored
      Add missing page operation callbacks to few Realtek drivers.
      This also fixes a NPE after the referenced commit added code to the
      RTL8211E driver that uses phy_select_page().
      
      Fixes: f81dadbc ("net: phy: realtek: Add rtl8211e rx/tx delays config")
      Signed-off-by: default avatarHeiner Kallweit <hkallweit1@gmail.com>
      Reviewed-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Reported-by: default avatarVicente Bergas <vicencb@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      daf3ddbe
    • David S. Miller's avatar
      Merge branch 'of_get_mac_address-fixes' · 9593dc35
      David S. Miller authored
      Petr Štetiar says:
      
      ====================
      of_get_mac_address fixes
      
      this patch series is hopefuly the last series of the fixes which are related
      to the introduction of NVMEM support into of_get_mac_address.
      
      First patch is removing `nvmem-mac-address` property which was wrong idea as
      I've allocated the property with devm_kzalloc and then added it to DT, so then
      2 entities would be refcounting the allocation.  So if the driver unbinds, the
      buffer is freed, but DT code would be still referencing that memory.
      
      Second patch fixes some unwanted references to the Linux API in the DT
      bindings documentation.
      
      Patches 3-5 should hopefully make compilers and thus kbuild test robot happy.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9593dc35
    • Petr Štetiar's avatar
      net: wireless: mt76: fix similar warning reported by kbuild test robot · 1b9705d9
      Petr Štetiar authored
      This patch fixes following (similar) warning reported by kbuild test robot:
      
       In function ‘memcpy’,
        inlined from ‘smsc75xx_init_mac_address’ at drivers/net/usb/smsc75xx.c:778:3,
        inlined from ‘smsc75xx_bind’ at drivers/net/usb/smsc75xx.c:1501:2:
        ./include/linux/string.h:355:9: warning: argument 2 null where non-null expected [-Wnonnull]
        return __builtin_memcpy(p, q, size);
               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
        drivers/net/usb/smsc75xx.c: In function ‘smsc75xx_bind’:
        ./include/linux/string.h:355:9: note: in a call to built-in function ‘__builtin_memcpy’
      
      I've replaced the offending memcpy with ether_addr_copy, because I'm
      100% sure, that of_get_mac_address can't return NULL as it returns valid
      pointer or ERR_PTR encoded value, nothing else.
      
      I'm hesitant to just change IS_ERR into IS_ERR_OR_NULL check, as this
      would make the warning disappear also, but it would be confusing to
      check for impossible return value just to make a compiler happy.
      
      I'm now changing all occurencies of memcpy to ether_addr_copy after the
      of_get_mac_address call, as it's very likely, that we're going to get
      similar reports from kbuild test robot in the future.
      
      Fixes: d31a36b5 ("net: wireless: support of_get_mac_address new ERR_PTR error")
      Reported-by: default avatarkbuild test robot <lkp@intel.com>
      Signed-off-by: default avatarPetr Štetiar <ynezz@true.cz>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1b9705d9
    • Petr Štetiar's avatar
      net: ethernet: fix similar warning reported by kbuild test robot · 2d2924af
      Petr Štetiar authored
      This patch fixes following (similar) warning reported by kbuild test robot:
      
       In function ‘memcpy’,
        inlined from ‘smsc75xx_init_mac_address’ at drivers/net/usb/smsc75xx.c:778:3,
        inlined from ‘smsc75xx_bind’ at drivers/net/usb/smsc75xx.c:1501:2:
        ./include/linux/string.h:355:9: warning: argument 2 null where non-null expected [-Wnonnull]
        return __builtin_memcpy(p, q, size);
               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
        drivers/net/usb/smsc75xx.c: In function ‘smsc75xx_bind’:
        ./include/linux/string.h:355:9: note: in a call to built-in function ‘__builtin_memcpy’
      
      I've replaced the offending memcpy with ether_addr_copy, because I'm
      100% sure, that of_get_mac_address can't return NULL as it returns valid
      pointer or ERR_PTR encoded value, nothing else.
      
      I'm hesitant to just change IS_ERR into IS_ERR_OR_NULL check, as this
      would make the warning disappear also, but it would be confusing to
      check for impossible return value just to make a compiler happy.
      
      I'm now changing all occurencies of memcpy to ether_addr_copy after the
      of_get_mac_address call, as it's very likely, that we're going to get
      similar reports from kbuild test robot in the future.
      
      Fixes: a51645f7 ("net: ethernet: support of_get_mac_address new ERR_PTR error")
      Reported-by: default avatarkbuild test robot <lkp@intel.com>
      Signed-off-by: default avatarPetr Štetiar <ynezz@true.cz>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2d2924af
    • Petr Štetiar's avatar
      powerpc: tsi108: fix similar warning reported by kbuild test robot · 1be91314
      Petr Štetiar authored
      This patch fixes following (similar) warning reported by kbuild test robot:
      
       In function ‘memcpy’,
        inlined from ‘smsc75xx_init_mac_address’ at drivers/net/usb/smsc75xx.c:778:3,
        inlined from ‘smsc75xx_bind’ at drivers/net/usb/smsc75xx.c:1501:2:
        ./include/linux/string.h:355:9: warning: argument 2 null where non-null expected [-Wnonnull]
        return __builtin_memcpy(p, q, size);
               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
        drivers/net/usb/smsc75xx.c: In function ‘smsc75xx_bind’:
        ./include/linux/string.h:355:9: note: in a call to built-in function ‘__builtin_memcpy’
      
      I've replaced the offending memcpy with ether_addr_copy, because I'm
      100% sure, that of_get_mac_address can't return NULL as it returns valid
      pointer or ERR_PTR encoded value, nothing else.
      
      I'm hesitant to just change IS_ERR into IS_ERR_OR_NULL check, as this
      would make the warning disappear also, but it would be confusing to
      check for impossible return value just to make a compiler happy.
      
      I'm now changing all occurencies of memcpy to ether_addr_copy after the
      of_get_mac_address call, as it's very likely, that we're going to get
      similar reports from kbuild test robot in the future.
      
      Fixes: ea168cdf ("powerpc: tsi108: support of_get_mac_address new ERR_PTR error")
      Reported-by: default avatarkbuild test robot <lkp@intel.com>
      Signed-off-by: default avatarPetr Štetiar <ynezz@true.cz>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1be91314
    • Petr Štetiar's avatar
      dt-bindings: doc: net: remove Linux API references · 51828950
      Petr Štetiar authored
      In commit 687e3d55 ("dt-bindings: doc: reflect new NVMEM
      of_get_mac_address behaviour") I've kept or added references to Linux
      of_get_mac_address API which is unwanted so this patch fixes that by
      removing those references.
      
      Fixes: 687e3d55 ("dt-bindings: doc: reflect new NVMEM of_get_mac_address behaviour")
      Suggested-by: default avatarRob Herring <robh@kernel.org>
      Signed-off-by: default avatarPetr Štetiar <ynezz@true.cz>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      51828950
    • Petr Štetiar's avatar
      of_net: remove nvmem-mac-address property · 26574986
      Petr Štetiar authored
      In commit d01f449c ("of_net: add NVMEM support to
      of_get_mac_address") I've added `nvmem-mac-address` property which was
      wrong idea as I've allocated the property with devm_kzalloc and then
      added it to DT, so then 2 entities would be refcounting the allocation.
      So if the driver unbinds, the buffer is freed, but DT code would be
      still referencing that memory.
      
      I'm removing this property completely instead of fixing it, as it's not
      needed to have it.
      
      Fixes: d01f449c ("of_net: add NVMEM support to of_get_mac_address")
      Suggested-by: default avatarRob Herring <robh@kernel.org>
      Signed-off-by: default avatarPetr Štetiar <ynezz@true.cz>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      26574986
    • Thomas Falcon's avatar
      net/ibmvnic: Update carrier state after link state change · 0655f994
      Thomas Falcon authored
      Only set the device carrier state to on after receiving an up link
      state indication from the underlying adapter. Likewise, if a down
      link indication is receieved, update the carrier state accordingly.
      This fix ensures that accurate carrier state is reported by the driver
      following a link state update by the underlying adapter.
      Signed-off-by: default avatarThomas Falcon <tlfalcon@linux.ibm.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0655f994
    • Thomas Falcon's avatar
      net/ibmvnic: Update MAC address settings after adapter reset · 62740e97
      Thomas Falcon authored
      It was discovered in testing that the underlying hardware MAC
      address will revert to initial settings following a device reset,
      but the driver fails to resend the current OS MAC settings. This
      oversight can result in dropped packets should the scenario occur.
      Fix this by informing hardware of current MAC address settings
      following any adapter initialization or resets.
      Signed-off-by: default avatarThomas Falcon <tlfalcon@linux.ibm.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      62740e97
    • YueHaibing's avatar
      dsa: tag_brcm: Fix build error without CONFIG_NET_DSA_TAG_BRCM_PREPEND · b96a5415
      YueHaibing authored
      Fix gcc build error:
      
      net/dsa/tag_brcm.c:211:16: error: brcm_prepend_netdev_ops undeclared here (not in a function); did you mean brcm_netdev_ops?
       DSA_TAG_DRIVER(brcm_prepend_netdev_ops);
                      ^
      ./include/net/dsa.h:708:10: note: in definition of macro DSA_TAG_DRIVER
        .ops = &__ops,       \
                ^~~~~
      ./include/net/dsa.h:701:36: warning: dsa_tag_driver_brcm_prepend_netdev_ops defined but not used [-Wunused-variable]
       #define DSA_TAG_DRIVER_NAME(__ops) dsa_tag_driver ## _ ## __ops
                                          ^
      ./include/net/dsa.h:707:30: note: in expansion of macro DSA_TAG_DRIVER_NAME
       static struct dsa_tag_driver DSA_TAG_DRIVER_NAME(__ops) = {  \
                                    ^~~~~~~~~~~~~~~~~~~
      net/dsa/tag_brcm.c:211:1: note: in expansion of macro DSA_TAG_DRIVER
       DSA_TAG_DRIVER(brcm_prepend_netdev_ops);
      
      Like the CONFIG_NET_DSA_TAG_BRCM case,
      brcm_prepend_netdev_ops and DSA_TAG_PROTO_BRCM_PREPEND
      should be wrappeed by CONFIG_NET_DSA_TAG_BRCM_PREPEND.
      Reported-by: default avatarHulk Robot <hulkci@huawei.com>
      Fixes: b74b70c4 ("net: dsa: Support prepended Broadcom tag")
      Signed-off-by: default avatarYueHaibing <yuehaibing@huawei.com>
      Reviewed-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b96a5415
    • Tobin C. Harding's avatar
      bridge: Fix error path for kobject_init_and_add() · bdfad5ae
      Tobin C. Harding authored
      Currently error return from kobject_init_and_add() is not followed by a
      call to kobject_put().  This means there is a memory leak.  We currently
      set p to NULL so that kfree() may be called on it as a noop, the code is
      arguably clearer if we move the kfree() up closer to where it is
      called (instead of after goto jump).
      
      Remove a goto label 'err1' and jump to call to kobject_put() in error
      return from kobject_init_and_add() fixing the memory leak.  Re-name goto
      label 'put_back' to 'err1' now that we don't use err1, following current
      nomenclature (err1, err2 ...).  Move call to kfree out of the error
      code at bottom of function up to closer to where memory was allocated.
      Add comment to clarify call to kfree().
      Signed-off-by: default avatarTobin C. Harding <tobin@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bdfad5ae
    • Paolo Abeni's avatar
      Revert "selinux: do not report error on connect(AF_UNSPEC)" · e711ab93
      Paolo Abeni authored
      This reverts commit c7e0d6cc.
      
      It was agreed a slightly different fix via the selinux tree.
      
      v1 -> v2:
       - use the correct reverted commit hash
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e711ab93
    • Linus Torvalds's avatar
      Merge tag 'powerpc-5.2-1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · b970afcf
      Linus Torvalds authored
      Pull powerpc updates from Michael Ellerman:
       "Slightly delayed due to the issue with printk() calling
        probe_kernel_read() interacting with our new user access prevention
        stuff, but all fixed now.
      
        The only out-of-area changes are the addition of a cpuhp_state, small
        additions to Documentation and MAINTAINERS updates.
      
        Highlights:
      
         - Support for Kernel Userspace Access/Execution Prevention (like
           SMAP/SMEP/PAN/PXN) on some 64-bit and 32-bit CPUs. This prevents
           the kernel from accidentally accessing userspace outside
           copy_to/from_user(), or ever executing userspace.
      
         - KASAN support on 32-bit.
      
         - Rework of where we map the kernel, vmalloc, etc. on 64-bit hash to
           use the same address ranges we use with the Radix MMU.
      
         - A rewrite into C of large parts of our idle handling code for
           64-bit Book3S (ie. power8 & power9).
      
         - A fast path entry for syscalls on 32-bit CPUs, for a 12-17% speedup
           in the null_syscall benchmark.
      
         - On 64-bit bare metal we have support for recovering from errors
           with the time base (our clocksource), however if that fails
           currently we hang in __delay() and never crash. We now have support
           for detecting that case and short circuiting __delay() so we at
           least panic() and reboot.
      
         - Add support for optionally enabling the DAWR on Power9, which had
           to be disabled by default due to a hardware erratum. This has the
           effect of enabling hardware breakpoints for GDB, the downside is a
           badly behaved program could crash the machine by pointing the DAWR
           at cache inhibited memory. This is opt-in obviously.
      
         - xmon, our crash handler, gets support for a read only mode where
           operations that could change memory or otherwise disturb the system
           are disabled.
      
        Plus many clean-ups, reworks and minor fixes etc.
      
        Thanks to: Christophe Leroy, Akshay Adiga, Alastair D'Silva, Alexey
        Kardashevskiy, Andrew Donnellan, Aneesh Kumar K.V, Anju T Sudhakar,
        Anton Blanchard, Ben Hutchings, Bo YU, Breno Leitao, Cédric Le Goater,
        Christopher M. Riedl, Christoph Hellwig, Colin Ian King, David Gibson,
        Ganesh Goudar, Gautham R. Shenoy, George Spelvin, Greg Kroah-Hartman,
        Greg Kurz, Horia Geantă, Jagadeesh Pagadala, Joel Stanley, Joe
        Perches, Julia Lawall, Laurentiu Tudor, Laurent Vivier, Lukas Bulwahn,
        Madhavan Srinivasan, Mahesh Salgaonkar, Mathieu Malaterre, Michael
        Neuling, Mukesh Ojha, Nathan Fontenot, Nathan Lynch, Nicholas Piggin,
        Nick Desaulniers, Oliver O'Halloran, Peng Hao, Qian Cai, Ravi
        Bangoria, Rick Lindsley, Russell Currey, Sachin Sant, Stewart Smith,
        Sukadev Bhattiprolu, Thomas Huth, Tobin C. Harding, Tyrel Datwyler,
        Valentin Schneider, Wei Yongjun, Wen Yang, YueHaibing"
      
      * tag 'powerpc-5.2-1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: (205 commits)
        powerpc/64s: Use early_mmu_has_feature() in set_kuap()
        powerpc/book3s/64: check for NULL pointer in pgd_alloc()
        powerpc/mm: Fix hugetlb page initialization
        ocxl: Fix return value check in afu_ioctl()
        powerpc/mm: fix section mismatch for setup_kup()
        powerpc/mm: fix redundant inclusion of pgtable-frag.o in Makefile
        powerpc/mm: Fix makefile for KASAN
        powerpc/kasan: add missing/lost Makefile
        selftests/powerpc: Add a signal fuzzer selftest
        powerpc/booke64: set RI in default MSR
        ocxl: Provide global MMIO accessors for external drivers
        ocxl: move event_fd handling to frontend
        ocxl: afu_irq only deals with IRQ IDs, not offsets
        ocxl: Allow external drivers to use OpenCAPI contexts
        ocxl: Create a clear delineation between ocxl backend & frontend
        ocxl: Don't pass pci_dev around
        ocxl: Split pci.c
        ocxl: Remove some unused exported symbols
        ocxl: Remove superfluous 'extern' from headers
        ocxl: read_pasid never returns an error, so make it void
        ...
      b970afcf
    • Linus Torvalds's avatar
      Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · 8ea5b2ab
      Linus Torvalds authored
      Pull vfs mount fix from Al Viro:
       "Fix for umount -l/mount --move race caught by syzbot yesterday..."
      
      * 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        do_move_mount(): fix an unsafe use of is_anon_ns()
      8ea5b2ab