]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/log
mirror_ubuntu-artful-kernel.git
7 years agonet: ethernet: mediatek: remove useless code in mtk_probe()
Gustavo A. R. Silva [Fri, 7 Jul 2017 20:23:34 +0000 (15:23 -0500)]
net: ethernet: mediatek: remove useless code in mtk_probe()

Remove useless local variables _match_, _soc_ and the code related.

Notice that

const struct of_device_id of_mtk_match[] = {
        { .compatible = "mediatek,mt2701-eth" },
        {},
};

So match->data is NULL.

Suggested-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agompls: fix uninitialized in_label var warning in mpls_getroute
Roopa Prabhu [Fri, 7 Jul 2017 18:21:49 +0000 (11:21 -0700)]
mpls: fix uninitialized in_label var warning in mpls_getroute

Fix the below warning generated by static checker:
    net/mpls/af_mpls.c:2111 mpls_getroute()
    error: uninitialized symbol 'in_label'."

Fixes: 397fc9e5cefe ("mpls: route get support")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agodoc: SKB_GSO_[IPIP|SIT] have been replaced
Nicolas Dichtel [Fri, 7 Jul 2017 12:08:25 +0000 (14:08 +0200)]
doc: SKB_GSO_[IPIP|SIT] have been replaced

Those enum values don't exist anymore.

Fixes: 7e13318daa4a ("net: define gso types for IPx over IPv4 and IPv6")
CC: Tom Herbert <tom@herbertland.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agobonding: avoid NETDEV_CHANGEMTU event when unregistering slave
WANG Cong [Thu, 6 Jul 2017 22:01:57 +0000 (15:01 -0700)]
bonding: avoid NETDEV_CHANGEMTU event when unregistering slave

As Hongjun/Nicolas summarized in their original patch:

"
When a device changes from one netns to another, it's first unregistered,
then the netns reference is updated and the dev is registered in the new
netns. Thus, when a slave moves to another netns, it is first
unregistered. This triggers a NETDEV_UNREGISTER event which is caught by
the bonding driver. The driver calls bond_release(), which calls
dev_set_mtu() and thus triggers NETDEV_CHANGEMTU (the device is still in
the old netns).
"

This is a very special case, because the device is being unregistered
no one should still care about the NETDEV_CHANGEMTU event triggered
at this point, we can avoid broadcasting this event on this path,
and avoid touching inetdev_event()/addrconf_notify() path.

It requires to export __dev_set_mtu() to bonding driver.

Reported-by: Hongjun Li <hongjun.li@6wind.com>
Reported-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Cc: Jay Vosburgh <j.vosburgh@gmail.com>
Cc: Veaceslav Falico <vfalico@gmail.com>
Cc: Andy Gospodarek <andy@greyhouse.net>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoMerge branch 'rds-tcp-sock_graft-leak'
David S. Miller [Sat, 8 Jul 2017 10:16:16 +0000 (11:16 +0100)]
Merge branch 'rds-tcp-sock_graft-leak'

Sowmini Varadhan says:

====================
rds-tcp: sock_graft() leak

Following up on the discussion at
  https://www.spinics.net/lists/netdev/msg442859.html
- make rds_tcp_accept_one() call sock_create_lite()
- add a WARN_ON() to sock_graft()

Tested by running an infinite while() loop that does
(module-load; rds-stress; module-unload) and monitors
TCP slabinfo while the test is running.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet/sock: add WARN_ON(parent->sk) in sock_graft()
Sowmini Varadhan [Thu, 6 Jul 2017 15:15:07 +0000 (08:15 -0700)]
net/sock: add WARN_ON(parent->sk) in sock_graft()

sock_graft() unilaterally sets up parent->sk based on the
assumption that the existing parent->sk is null. If this
condition is not true, then the existing parent->sk would
be leaked, so add a WARN_ON() to alert callers who may fall
in this category.

Signed-off-by: Sowmini Varadhan <sowmini.varadhan@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agords: tcp: use sock_create_lite() to create the accept socket
Sowmini Varadhan [Thu, 6 Jul 2017 15:15:06 +0000 (08:15 -0700)]
rds: tcp: use sock_create_lite() to create the accept socket

There are two problems with calling sock_create_kern() from
rds_tcp_accept_one()
1. it sets up a new_sock->sk that is wasteful, because this ->sk
   is going to get replaced by inet_accept() in the subsequent ->accept()
2. The new_sock->sk is a leaked reference in sock_graft() which
   expects to find a null parent->sk

Avoid these problems by calling sock_create_lite().

Signed-off-by: Sowmini Varadhan <sowmini.varadhan@oracle.com>
Acked-by: Santosh Shilimkar <santosh.shilimkar@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoMerge branch 'hns-fixes'
David S. Miller [Sat, 8 Jul 2017 10:05:21 +0000 (11:05 +0100)]
Merge branch 'hns-fixes'

Lin Yun Sheng says:

====================
Bugfixs for hns ethernet driver

This patchset fix skb used after free and C45 op code issues
in hns driver.

Patch V2:
1. Remove ndev->feature checking in TX description patch.
2. Add Fixes: Tag in patch description.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet: hns: Fix a skb used after free bug
Yunsheng Lin [Thu, 6 Jul 2017 02:22:00 +0000 (10:22 +0800)]
net: hns: Fix a skb used after free bug

skb maybe freed in hns_nic_net_xmit_hw() and return NETDEV_TX_OK,
which cause hns_nic_net_xmit to use a freed skb.

BUG: KASAN: use-after-free in hns_nic_net_xmit_hw+0x62c/0x940...
[17659.112635]      alloc_debug_processing+0x18c/0x1a0
[17659.117208]      __slab_alloc+0x52c/0x560
[17659.120909]      kmem_cache_alloc_node+0xac/0x2c0
[17659.125309]      __alloc_skb+0x6c/0x260
[17659.128837]      tcp_send_ack+0x8c/0x280
[17659.132449]      __tcp_ack_snd_check+0x9c/0xf0
[17659.136587]      tcp_rcv_established+0x5a4/0xa70
[17659.140899]      tcp_v4_do_rcv+0x27c/0x620
[17659.144687]      tcp_prequeue_process+0x108/0x170
[17659.149085]      tcp_recvmsg+0x940/0x1020
[17659.152787]      inet_recvmsg+0x124/0x180
[17659.156488]      sock_recvmsg+0x64/0x80
[17659.160012]      SyS_recvfrom+0xd8/0x180
[17659.163626]      __sys_trace_return+0x0/0x4
[17659.167506] INFO: Freed in kfree_skbmem+0xa0/0xb0 age=23 cpu=1 pid=13
[17659.174000]      free_debug_processing+0x1d4/0x2c0
[17659.178486]      __slab_free+0x240/0x390
[17659.182100]      kmem_cache_free+0x24c/0x270
[17659.186062]      kfree_skbmem+0xa0/0xb0
[17659.189587]      __kfree_skb+0x28/0x40
[17659.193025]      napi_gro_receive+0x168/0x1c0
[17659.197074]      hns_nic_rx_up_pro+0x58/0x90
[17659.201038]      hns_nic_rx_poll_one+0x518/0xbc0
[17659.205352]      hns_nic_common_poll+0x94/0x140
[17659.209576]      net_rx_action+0x458/0x5e0
[17659.213363]      __do_softirq+0x1b8/0x480
[17659.217062]      run_ksoftirqd+0x64/0x80
[17659.220679]      smpboot_thread_fn+0x224/0x310
[17659.224821]      kthread+0x150/0x170
[17659.228084]      ret_from_fork+0x10/0x40

BUG: KASAN: use-after-free in hns_nic_net_xmit+0x8c/0xc0...
[17751.080490]      __slab_alloc+0x52c/0x560
[17751.084188]      kmem_cache_alloc+0x244/0x280
[17751.088238]      __build_skb+0x40/0x150
[17751.091764]      build_skb+0x28/0x100
[17751.095115]      __alloc_rx_skb+0x94/0x150
[17751.098900]      __napi_alloc_skb+0x34/0x90
[17751.102776]      hns_nic_rx_poll_one+0x180/0xbc0
[17751.107097]      hns_nic_common_poll+0x94/0x140
[17751.111333]      net_rx_action+0x458/0x5e0
[17751.115123]      __do_softirq+0x1b8/0x480
[17751.118823]      run_ksoftirqd+0x64/0x80
[17751.122437]      smpboot_thread_fn+0x224/0x310
[17751.126575]      kthread+0x150/0x170
[17751.129838]      ret_from_fork+0x10/0x40
[17751.133454] INFO: Freed in kfree_skbmem+0xa0/0xb0 age=19 cpu=7 pid=43
[17751.139951]      free_debug_processing+0x1d4/0x2c0
[17751.144436]      __slab_free+0x240/0x390
[17751.148051]      kmem_cache_free+0x24c/0x270
[17751.152014]      kfree_skbmem+0xa0/0xb0
[17751.155543]      __kfree_skb+0x28/0x40
[17751.159022]      napi_gro_receive+0x168/0x1c0
[17751.163074]      hns_nic_rx_up_pro+0x58/0x90
[17751.167041]      hns_nic_rx_poll_one+0x518/0xbc0
[17751.171358]      hns_nic_common_poll+0x94/0x140
[17751.175585]      net_rx_action+0x458/0x5e0
[17751.179373]      __do_softirq+0x1b8/0x480
[17751.183076]      run_ksoftirqd+0x64/0x80
[17751.186691]      smpboot_thread_fn+0x224/0x310
[17751.190826]      kthread+0x150/0x170
[17751.194093]      ret_from_fork+0x10/0x40

Fixes: 13ac695e7ea1 ("net:hns: Add support of Hip06 SoC to the Hislicon Network Subsystem")
Signed-off-by: Yunsheng Lin <linyunsheng@huawei.com>
Signed-off-by: lipeng <lipeng321@huawei.com>
Reported-by: Jun He <hjat2005@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet: hns: Fix a wrong op phy C45 code
Yunsheng Lin [Thu, 6 Jul 2017 02:21:59 +0000 (10:21 +0800)]
net: hns: Fix a wrong op phy C45 code

As the user manual described, the second step to write to C45 phy
by mdio should be data, but not address. Here we should fix this
issue.

Fixes: 5b904d39406a ("net: add Hisilicon Network Subsystem MDIO support")
Signed-off-by: Yunsheng Lin <linyunsheng@huawei.com>
Reviewed-by: lipeng <lipeng321@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet: macb: Adding Support for Jumbo Frames up to 10240 Bytes in SAMA5D3
vishnuvardhan [Wed, 5 Jul 2017 15:36:16 +0000 (17:36 +0200)]
net: macb: Adding Support for Jumbo Frames up to 10240 Bytes in SAMA5D3

As per the SAMA5D3 device specification it supports Jumbo frames.
But the suggested flag and length of bytes it supports was not updated
in this driver config_structure.
The maximum jumbo frames the device supports :
10240 bytes as per the device spec.

While changing the MTU value greater than 1500, it threw error:
sudo ifconfig eth1 mtu 9000
SIOCSIFMTU: Invalid argument

Add this support to driver so that it works as expected and designed.

Signed-off-by: vishnuvardhan <vardhanraj4143@gmail.com>
[nicolas.ferre@microchip.com: modify slightly commit msg]
Signed-off-by: Nicolas Ferre <nicolas.ferre@microchip.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet: Update networking MAINTAINERS entry.
David S. Miller [Fri, 7 Jul 2017 23:18:29 +0000 (00:18 +0100)]
net: Update networking MAINTAINERS entry.

James and Patrick haven't been active in years.

Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agovirtio-net: fix leaking of ctx array
Jason Wang [Fri, 7 Jul 2017 11:56:09 +0000 (19:56 +0800)]
virtio-net: fix leaking of ctx array

Fixes: commit d45b897b11ea ("virtio_net: allow specifying context for rx")
Signed-off-by: Jason Wang <jasowang@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoMerge tag 'mac80211-for-davem-2017-07-07' of git://git.kernel.org/pub/scm/linux/kerne...
David S. Miller [Fri, 7 Jul 2017 10:35:55 +0000 (11:35 +0100)]
Merge tag 'mac80211-for-davem-2017-07-07' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211

Johannes Berg says:

====================
pull-request: mac80211 2017-07-07

Just got a set of fixes in from Jouni/QCA, all netlink validation
fixes. I assume they ran some kind of checker, but I don't know what
kind :)

Please pull and let me know if there's any problem.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agocfg80211: Validate frequencies nested in NL80211_ATTR_SCAN_FREQUENCIES
Srinivas Dasari [Thu, 6 Jul 2017 22:43:42 +0000 (01:43 +0300)]
cfg80211: Validate frequencies nested in NL80211_ATTR_SCAN_FREQUENCIES

validate_scan_freqs() retrieves frequencies from attributes
nested in the attribute NL80211_ATTR_SCAN_FREQUENCIES with
nla_get_u32(), which reads 4 bytes from each attribute
without validating the size of data received. Attributes
nested in NL80211_ATTR_SCAN_FREQUENCIES don't have an nla policy.

Validate size of each attribute before parsing to avoid potential buffer
overread.

Fixes: 2a519311926 ("cfg80211/nl80211: scanning (and mac80211 update to use it)")
Cc: stable@vger.kernel.org
Signed-off-by: Srinivas Dasari <dasaris@qti.qualcomm.com>
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
7 years agocfg80211: Define nla_policy for NL80211_ATTR_LOCAL_MESH_POWER_MODE
Srinivas Dasari [Thu, 6 Jul 2017 22:43:41 +0000 (01:43 +0300)]
cfg80211: Define nla_policy for NL80211_ATTR_LOCAL_MESH_POWER_MODE

Buffer overread may happen as nl80211_set_station() reads 4 bytes
from the attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE without
validating the size of data received when userspace sends less
than 4 bytes of data with NL80211_ATTR_LOCAL_MESH_POWER_MODE.
Define nla_policy for NL80211_ATTR_LOCAL_MESH_POWER_MODE to avoid
the buffer overread.

Fixes: 3b1c5a5307f ("{cfg,nl}80211: mesh power mode primitives and userspace access")
Cc: stable@vger.kernel.org
Signed-off-by: Srinivas Dasari <dasaris@qti.qualcomm.com>
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
7 years agocfg80211: Check if NAN service ID is of expected size
Srinivas Dasari [Thu, 6 Jul 2017 22:43:40 +0000 (01:43 +0300)]
cfg80211: Check if NAN service ID is of expected size

nla policy checks for only maximum length of the attribute data when the
attribute type is NLA_BINARY. If userspace sends less data than
specified, cfg80211 may access illegal memory. When type is NLA_UNSPEC,
nla policy check ensures that userspace sends minimum specified length
number of bytes.

Remove type assignment to NLA_BINARY from nla_policy of
NL80211_NAN_FUNC_SERVICE_ID to make these NLA_UNSPEC and to make sure
minimum NL80211_NAN_FUNC_SERVICE_ID_LEN bytes are received from
userspace with NL80211_NAN_FUNC_SERVICE_ID.

Fixes: a442b761b24 ("cfg80211: add add_nan_func / del_nan_func")
Cc: stable@vger.kernel.org
Signed-off-by: Srinivas Dasari <dasaris@qti.qualcomm.com>
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
7 years agocfg80211: Check if PMKID attribute is of expected size
Srinivas Dasari [Thu, 6 Jul 2017 22:43:39 +0000 (01:43 +0300)]
cfg80211: Check if PMKID attribute is of expected size

nla policy checks for only maximum length of the attribute data
when the attribute type is NLA_BINARY. If userspace sends less
data than specified, the wireless drivers may access illegal
memory. When type is NLA_UNSPEC, nla policy check ensures that
userspace sends minimum specified length number of bytes.

Remove type assignment to NLA_BINARY from nla_policy of
NL80211_ATTR_PMKID to make this NLA_UNSPEC and to make sure minimum
WLAN_PMKID_LEN bytes are received from userspace with
NL80211_ATTR_PMKID.

Fixes: 67fbb16be69d ("nl80211: PMKSA caching support")
Cc: stable@vger.kernel.org
Signed-off-by: Srinivas Dasari <dasaris@qti.qualcomm.com>
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
7 years agoarcnet: com20020-pci: Fix an error handling path in 'com20020pci_probe()'
Christophe Jaillet [Fri, 7 Jul 2017 04:56:16 +0000 (06:56 +0200)]
arcnet: com20020-pci: Fix an error handling path in 'com20020pci_probe()'

If this memory allocation fails, we should go through the error handling
path as done everywhere else in this function before returning.

Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonfp: flower: add missing clean up call to avoid memory leaks
Jakub Kicinski [Fri, 7 Jul 2017 00:29:05 +0000 (17:29 -0700)]
nfp: flower: add missing clean up call to avoid memory leaks

nfp_flower_metadata_cleanup() is defined but never invoked,
not calling it will cause us to leak mask and statistics
queue memory on the host.

Fixes: 43f84b72c50d ("nfp: add metadata to each flow offload")
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agovrf: fix bug_on triggered by rx when destroying a vrf
Nikolay Aleksandrov [Thu, 6 Jul 2017 12:24:40 +0000 (15:24 +0300)]
vrf: fix bug_on triggered by rx when destroying a vrf

When destroying a VRF device we cleanup the slaves in its ndo_uninit()
function, but that causes packets to be switched (skb->dev == vrf being
destroyed) even though we're pass the point where the VRF should be
receiving any packets while it is being dismantled. This causes a BUG_ON
to trigger if we have raw sockets (trace below).
The reason is that the inetdev of the VRF has been destroyed but we're
still sending packets up the stack with it, so let's free the slaves in
the dellink callback as David Ahern suggested.

Note that this fix doesn't prevent packets from going up when the VRF
device is admin down.

[   35.631371] ------------[ cut here ]------------
[   35.631603] kernel BUG at net/ipv4/fib_frontend.c:285!
[   35.631854] invalid opcode: 0000 [#1] SMP
[   35.631977] Modules linked in:
[   35.632081] CPU: 2 PID: 22 Comm: ksoftirqd/2 Not tainted 4.12.0-rc7+ #45
[   35.632247] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
[   35.632477] task: ffff88005ad68000 task.stack: ffff88005ad64000
[   35.632632] RIP: 0010:fib_compute_spec_dst+0xfc/0x1ee
[   35.632769] RSP: 0018:ffff88005ad67978 EFLAGS: 00010202
[   35.632910] RAX: 0000000000000001 RBX: ffff880059a7f200 RCX: 0000000000000000
[   35.633084] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffffff82274af0
[   35.633256] RBP: ffff88005ad679f8 R08: 000000000001ef70 R09: 0000000000000046
[   35.633430] R10: ffff88005ad679f8 R11: ffff880037731cb0 R12: 0000000000000001
[   35.633603] R13: ffff8800599e3000 R14: 0000000000000000 R15: ffff8800599cb852
[   35.634114] FS:  0000000000000000(0000) GS:ffff88005d900000(0000) knlGS:0000000000000000
[   35.634306] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   35.634456] CR2: 00007f3563227095 CR3: 000000000201d000 CR4: 00000000000406e0
[   35.634632] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   35.634865] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   35.635055] Call Trace:
[   35.635271]  ? __lock_acquire+0xf0d/0x1117
[   35.635522]  ipv4_pktinfo_prepare+0x82/0x151
[   35.635831]  raw_rcv_skb+0x17/0x3c
[   35.636062]  raw_rcv+0xe5/0xf7
[   35.636287]  raw_local_deliver+0x169/0x1d9
[   35.636534]  ip_local_deliver_finish+0x87/0x1c4
[   35.636820]  ip_local_deliver+0x63/0x7f
[   35.637058]  ip_rcv_finish+0x340/0x3a1
[   35.637295]  ip_rcv+0x314/0x34a
[   35.637525]  __netif_receive_skb_core+0x49f/0x7c5
[   35.637780]  ? lock_acquire+0x13f/0x1d7
[   35.638018]  ? lock_acquire+0x15e/0x1d7
[   35.638259]  __netif_receive_skb+0x1e/0x94
[   35.638502]  ? __netif_receive_skb+0x1e/0x94
[   35.638748]  netif_receive_skb_internal+0x74/0x300
[   35.639002]  ? dev_gro_receive+0x2ed/0x411
[   35.639246]  ? lock_is_held_type+0xc4/0xd2
[   35.639491]  napi_gro_receive+0x105/0x1a0
[   35.639736]  receive_buf+0xc32/0xc74
[   35.639965]  ? detach_buf+0x67/0x153
[   35.640201]  ? virtqueue_get_buf_ctx+0x120/0x176
[   35.640453]  virtnet_poll+0x128/0x1c5
[   35.640690]  net_rx_action+0x103/0x343
[   35.640932]  __do_softirq+0x1c7/0x4b7
[   35.641171]  run_ksoftirqd+0x23/0x5c
[   35.641403]  smpboot_thread_fn+0x24f/0x26d
[   35.641646]  ? sort_range+0x22/0x22
[   35.641878]  kthread+0x129/0x131
[   35.642104]  ? __list_add+0x31/0x31
[   35.642335]  ? __list_add+0x31/0x31
[   35.642568]  ret_from_fork+0x2a/0x40
[   35.642804] Code: 05 bd 87 a3 00 01 e8 1f ef 98 ff 4d 85 f6 48 c7 c7 f0 4a 27 82 41 0f 94 c4 31 c9 31 d2 41 0f b6 f4 e8 04 71 a1 ff 45 84 e4 74 02 <0f> 0b 0f b7 93 c4 00 00 00 4d 8b a5 80 05 00 00 48 03 93 d0 00
[   35.644342] RIP: fib_compute_spec_dst+0xfc/0x1ee RSP: ffff88005ad67978

Fixes: 193125dbd8eb ("net: Introduce VRF device driver")
Reported-by: Chris Cormier <chriscormier@cumulusnetworks.com>
Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Acked-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
David S. Miller [Thu, 6 Jul 2017 13:02:22 +0000 (14:02 +0100)]
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf

Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following patchset contains two Netfilter fixes for your net tree,
they are:

1) Fix memleak from netns release path of conntrack protocol trackers,
   patch from Liping Zhang.

2) Uninitialized flags field in ebt_log, that results in unpredictable
   logging format in ebtables, also from Liping.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoptp: dte: Use LL suffix for 64-bit constants
Geert Uytterhoeven [Thu, 6 Jul 2017 08:34:54 +0000 (10:34 +0200)]
ptp: dte: Use LL suffix for 64-bit constants

With gcc 4.1.2:

    drivers/ptp/ptp_dte.c: In function ‘dte_write_nco_delta’:
    drivers/ptp/ptp_dte.c:105: warning: integer constant is too large for ‘long’ type
    drivers/ptp/ptp_dte.c:112: warning: integer constant is too large for ‘long’ type
    drivers/ptp/ptp_dte.c:114: warning: integer constant is too large for ‘long’ type

Add the missing "LL" suffix to fix this.

Fixes: 8a56aa107f1e8123 ("ptp: Add a ptp clock driver for Broadcom DTE")
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agosctp: set the value of flowi6_oif to sk_bound_dev_if to make sctp_v6_get_dst to find...
Zheng Li [Thu, 6 Jul 2017 07:00:09 +0000 (15:00 +0800)]
sctp: set the value of flowi6_oif to sk_bound_dev_if to make sctp_v6_get_dst to find the correct route entry.

if there are several same route entries with different outgoing net device,
application's socket specifies the oif through setsockopt with
SO_BINDTODEVICE, sctpv6 should choose the route entry whose outgoing net
device is the oif which was specified by socket, set the value of
flowi6_oif to sk->sk_bound_dev_if to make sctp_v6_get_dst to find the
correct route entry.

Signed-off-by: Zheng Li <james.z.li@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoTLS: Fix length check in do_tls_getsockopt_tx()
Matthias Rosenfelder [Thu, 6 Jul 2017 04:56:36 +0000 (00:56 -0400)]
TLS: Fix length check in do_tls_getsockopt_tx()

copy_to_user() copies the struct the pointer is pointing to, but the
length check compares against sizeof(pointer) and not sizeof(struct).
On 32-bit the size is probably the same, so it might have worked
accidentally.

Signed-off-by: Matthias Rosenfelder <mrosenfelder.lkml@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agotcp: md5: tcp_md5_do_lookup_exact() can be static
Wu Fengguang [Wed, 5 Jul 2017 23:58:53 +0000 (07:58 +0800)]
tcp: md5: tcp_md5_do_lookup_exact() can be static

Fixes: 6797318e623d ("tcp: md5: add an address prefix for key lookup")
Signed-off-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet: ipv6: Compare lwstate in detecting duplicate nexthops
David Ahern [Wed, 5 Jul 2017 20:41:46 +0000 (14:41 -0600)]
net: ipv6: Compare lwstate in detecting duplicate nexthops

Lennert reported a failure to add different mpls encaps in a multipath
route:

  $ ip -6 route add 1234::/16 \
        nexthop encap mpls 10 via fe80::1 dev ens3 \
        nexthop encap mpls 20 via fe80::1 dev ens3
  RTNETLINK answers: File exists

The problem is that the duplicate nexthop detection does not compare
lwtunnel configuration. Add it.

Fixes: 19e42e451506 ("ipv6: support for fib route lwtunnel encap attributes")
Signed-off-by: David Ahern <dsahern@gmail.com>
Reported-by: João Taveira Araújo <joao.taveira@gmail.com>
Reported-by: Lennert Buytenhek <buytenh@wantstofly.org>
Acked-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Tested-by: Lennert Buytenhek <buytenh@wantstofly.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoliquidio: fix bug in soft reset failure detection
Derek Chickles [Wed, 5 Jul 2017 18:59:27 +0000 (11:59 -0700)]
liquidio: fix bug in soft reset failure detection

The code that detects a failed soft reset of Octeon is comparing the wrong
value against the reset value of the Octeon SLI_SCRATCH_1 register,
resulting in an inability to detect a soft reset failure.  Fix it by using
the correct value in the comparison, which is any non-zero value.

Fixes: f21fb3ed364b ("Add support of Cavium Liquidio ethernet adapters")
Fixes: c0eab5b3580a ("liquidio: CN23XX firmware download")
Signed-off-by: Derek Chickles <derek.chickles@cavium.com>
Signed-off-by: Satanand Burla <satananda.burla@cavium.com>
Signed-off-by: Raghu Vatsavayi <raghu.vatsavayi@cavium.com>
Signed-off-by: Felix Manlunas <felix.manlunas@cavium.com>
Reviewed-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoMerge branch 'parisc-4.13-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller...
Linus Torvalds [Thu, 6 Jul 2017 00:41:31 +0000 (17:41 -0700)]
Merge branch 'parisc-4.13-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux

Pull another parisc update from Helge Deller:
 "Christoph Hellwig provided one patch for the parisc architecture to
  drop the DMA_ERROR_CODE define from the parisc architecture"

* 'parisc-4.13-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
  parisc: ->mapping_error

7 years agoMerge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64...
Linus Torvalds [Thu, 6 Jul 2017 00:09:27 +0000 (17:09 -0700)]
Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux

Pull arm64 updates from Will Deacon:

 - RAS reporting via GHES/APEI (ACPI)

 - Indirect ftrace trampolines for modules

 - Improvements to kernel fault reporting

 - Page poisoning

 - Sigframe cleanups and preparation for SVE context

 - Core dump fixes

 - Sparse fixes (mainly relating to endianness)

 - xgene SoC PMU v3 driver

 - Misc cleanups and non-critical fixes

* tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: (75 commits)
  arm64: fix endianness annotation for 'struct jit_ctx' and friends
  arm64: cpuinfo: constify attribute_group structures.
  arm64: ptrace: Fix incorrect get_user() use in compat_vfp_set()
  arm64: ptrace: Remove redundant overrun check from compat_vfp_set()
  arm64: ptrace: Avoid setting compat FP[SC]R to garbage if get_user fails
  arm64: fix endianness annotation for __apply_alternatives()/get_alt_insn()
  arm64: fix endianness annotation in get_kaslr_seed()
  arm64: add missing conversion to __wsum in ip_fast_csum()
  arm64: fix endianness annotation in acpi_parking_protocol.c
  arm64: use readq() instead of readl() to read 64bit entry_point
  arm64: fix endianness annotation for reloc_insn_movw() & reloc_insn_imm()
  arm64: fix endianness annotation for aarch64_insn_write()
  arm64: fix endianness annotation in aarch64_insn_read()
  arm64: fix endianness annotation in call_undef_hook()
  arm64: fix endianness annotation for debug-monitors.c
  ras: mark stub functions as 'inline'
  arm64: pass endianness info to sparse
  arm64: ftrace: fix !CONFIG_ARM64_MODULE_PLTS kernels
  arm64: signal: Allow expansion of the signal frame
  acpi: apei: check for pending errors when probing GHES entries
  ...

7 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm...
Linus Torvalds [Thu, 6 Jul 2017 00:00:56 +0000 (17:00 -0700)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace

Pull mnt namespace updates from Eric Biederman:
 "A big break-through came during this development cycle as a way was
  found to maintain the existing umount -l semantics while allowing for
  optimizations that improve the performance. That is represented by the
  first change in this series moving the reparenting of mounts into
  their own pass. This has allowed addressing the horrific performance
  of umount -l on a carefully crafted tree of mounts with locks held
  (0.06s vs 60s in my testing). What allowed this was not changing where
  umounts propagate to while propgating umounts.

  The next change fixes the case where the order of the mount whose
  umount are being progated visits a tree where the mounts are stacked
  upon each other in another order. This is weird but not hard to
  implement.

  The final change takes advantage of the unchanging mount propgation
  tree to skip parts of the mount propgation tree that have already been
  visited. Yielding a very nice speed up in the worst case.

  There remains one outstanding question about the semantics of umount -l
  that I am still discussiong with Ram Pai. In practice that area of the
  semantics was changed by 1064f874abc0 ("mnt: Tuck mounts under others
  instead of creating shadow/side mounts.") and no regressions have been
  reported. Still I intend to finish talking that out with him to ensure
  there is not something a more intense use of mount propagation in the
  future will not cause to become significant"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
  mnt: Make propagate_umount less slow for overlapping mount propagation trees
  mnt: In propgate_umount handle visiting mounts in any order
  mnt: In umount propagation reparent in a separate pass

7 years agoMerge tag 'gfs2-4.13.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2...
Linus Torvalds [Wed, 5 Jul 2017 23:57:08 +0000 (16:57 -0700)]
Merge tag 'gfs2-4.13.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2

Pull GFS2 updates from Bob Peterson:
 "We've got eight GFS2 patches for this merge window:

   - Andreas Gruenbacher has four patches related to cleaning up the
     GFS2 inode evict process. This is about half of his patches
     designed to fix a long-standing GFS2 hang related to the inode
     shrinker: Shrinker calls gfs2 evict, evict calls DLM, DLM requires
     memory and blocks on the shrinker.

     These four patches have been well tested. His second set of patches
     are still being tested, so I plan to hold them until the next merge
     window, after we have more weeks of testing. The first patch
     eliminates the flush_delayed_work, which can block.

   - Andreas's second patch protects setting of gl_object for rgrps with
     a spin_lock to prevent proven races.

   - His third patch introduces a centralized mechanism for queueing
     glock work with better reference counting, to prevent more races.

    -His fourth patch retains a reference to inode glocks when an error
     occurs while creating an inode. This keeps the subsequent evict
     from needing to reacquire the glock, which might call into DLM and
     block in low memory conditions.

   - Arvind Yadav has a patch to add const to attribute_group
     structures.

   - I have a patch to detect directory entry inconsistencies and
     withdraw the file system if any are found. Better that than silent
     corruption.

   - I have a patch to remove a vestigial variable from glock
     structures, saving some slab space.

   - I have another patch to remove a vestigial variable from the GFS2
     in-core superblock structure"

* tag 'gfs2-4.13.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2:
  GFS2: constify attribute_group structures.
  gfs2: gfs2_create_inode: Keep glock across iput
  gfs2: Clean up glock work enqueuing
  gfs2: Protect gl->gl_object by spin lock
  gfs2: Get rid of flush_delayed_work in gfs2_evict_inode
  GFS2: Eliminate vestigial sd_log_flush_wrapped
  GFS2: Remove gl_list from glock structure
  GFS2: Withdraw when directory entry inconsistencies are detected

7 years agoMerge branch 'for-4.13-part1' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave...
Linus Torvalds [Wed, 5 Jul 2017 23:41:23 +0000 (16:41 -0700)]
Merge branch 'for-4.13-part1' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux

Pull btrfs updates from David Sterba:
 "The core updates improve error handling (mostly related to bios), with
  the usual incremental work on the GFP_NOFS (mis)use removal,
  refactoring or cleanups. Except the two top patches, all have been in
  for-next for an extensive amount of time.

  User visible changes:

   - statx support

   - quota override tunable

   - improved compression thresholds

   - obsoleted mount option alloc_start

  Core updates:

   - bio-related updates:
       - faster bio cloning
       - no allocation failures
       - preallocated flush bios

   - more kvzalloc use, memalloc_nofs protections, GFP_NOFS updates

   - prep work for btree_inode removal

   - dir-item validation

   - qgoup fixes and updates

   - cleanups:
       - removed unused struct members, unused code, refactoring
       - argument refactoring (fs_info/root, caller -> callee sink)
       - SEARCH_TREE ioctl docs"

* 'for-4.13-part1' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux: (115 commits)
  btrfs: Remove false alert when fiemap range is smaller than on-disk extent
  btrfs: Don't clear SGID when inheriting ACLs
  btrfs: fix integer overflow in calc_reclaim_items_nr
  btrfs: scrub: fix target device intialization while setting up scrub context
  btrfs: qgroup: Fix qgroup reserved space underflow by only freeing reserved ranges
  btrfs: qgroup: Introduce extent changeset for qgroup reserve functions
  btrfs: qgroup: Fix qgroup reserved space underflow caused by buffered write and quotas being enabled
  btrfs: qgroup: Return actually freed bytes for qgroup release or free data
  btrfs: qgroup: Cleanup btrfs_qgroup_prepare_account_extents function
  btrfs: qgroup: Add quick exit for non-fs extents
  Btrfs: rework delayed ref total_bytes_pinned accounting
  Btrfs: return old and new total ref mods when adding delayed refs
  Btrfs: always account pinned bytes when dropping a tree block ref
  Btrfs: update total_bytes_pinned when pinning down extents
  Btrfs: make BUG_ON() in add_pinned_bytes() an ASSERT()
  Btrfs: make add_pinned_bytes() take an s64 num_bytes instead of u64
  btrfs: fix validation of XATTR_ITEM dir items
  btrfs: Verify dir_item in iterate_object_props
  btrfs: Check name_len before in btrfs_del_root_ref
  btrfs: Check name_len before reading btrfs_get_name
  ...

7 years agoMerge branch 'work.memdup_user' of git://git.kernel.org/pub/scm/linux/kernel/git...
Linus Torvalds [Wed, 5 Jul 2017 23:05:24 +0000 (16:05 -0700)]
Merge branch 'work.memdup_user' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

Pull memdup_user() conversions from Al Viro:
 "A fairly self-contained series - hunting down open-coded memdup_user()
  and memdup_user_nul() instances"

* 'work.memdup_user' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
  bpf: don't open-code memdup_user()
  kimage_file_prepare_segments(): don't open-code memdup_user()
  ethtool: don't open-code memdup_user()
  do_ip_setsockopt(): don't open-code memdup_user()
  do_ipv6_setsockopt(): don't open-code memdup_user()
  irda: don't open-code memdup_user()
  xfrm_user_policy(): don't open-code memdup_user()
  ima_write_policy(): don't open-code memdup_user_nul()
  sel_write_validatetrans(): don't open-code memdup_user_nul()

7 years agoMerge branch 'timers-compat' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Linus Torvalds [Wed, 5 Jul 2017 22:34:35 +0000 (15:34 -0700)]
Merge branch 'timers-compat' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

Pull timer-related user access updates from Al Viro:
 "Continuation of timers-related stuff (there had been more, but my
  parts of that series are already merged via timers/core). This is more
  of y2038 work by Deepa Dinamani, partially disrupted by the
  unification of native and compat timers-related syscalls"

* 'timers-compat' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
  posix_clocks: Use get_itimerspec64() and put_itimerspec64()
  timerfd: Use get_itimerspec64() and put_itimerspec64()
  nanosleep: Use get_timespec64() and put_timespec64()
  posix-timers: Use get_timespec64() and put_timespec64()
  posix-stubs: Conditionally include COMPAT_SYS_NI defines
  time: introduce {get,put}_itimerspec64
  time: add get_timespec64 and put_timespec64

7 years agoMerge branch 'work.read_write' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Linus Torvalds [Wed, 5 Jul 2017 21:35:57 +0000 (14:35 -0700)]
Merge branch 'work.read_write' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

Pull read/write updates from Al Viro:
 "Christoph's fs/read_write.c series - consolidation and cleanups"

* 'work.read_write' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
  nfsd: remove nfsd_vfs_read
  nfsd: use vfs_iter_read/write
  fs: implement vfs_iter_write using do_iter_write
  fs: implement vfs_iter_read using do_iter_read
  fs: move more code into do_iter_read/do_iter_write
  fs: remove __do_readv_writev
  fs: remove do_compat_readv_writev
  fs: remove do_readv_writev

7 years agoMerge branch 'work.sys_wait' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Linus Torvalds [Wed, 5 Jul 2017 21:10:19 +0000 (14:10 -0700)]
Merge branch 'work.sys_wait' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

Pull wait syscall updates from Al Viro:
 "Consolidating sys_wait* and compat counterparts.

  Gets rid of set_fs()/double-copy mess, simplifies the whole thing
  (lifting the copyouts to the syscalls means less headache in the part
  that does actual work - fewer failure exits, to start with), gets rid
  of the overhead of field-by-field __put_user()"

* 'work.sys_wait' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
  osf_wait4: switch to kernel_wait4()
  waitid(): switch copyout of siginfo to unsafe_put_user()
  wait_task_zombie: consolidate info logics
  kill wait_noreap_copyout()
  lift getrusage() from wait_noreap_copyout()
  waitid(2): leave copyout of siginfo to syscall itself
  kernel_wait4()/kernel_waitid(): delay copying status to userland
  wait4(2)/waitid(2): separate copying rusage to userland
  move compat wait4 and waitid next to native variants

7 years agoMerge branch 'work.misc-set_fs' of git://git.kernel.org/pub/scm/linux/kernel/git...
Linus Torvalds [Wed, 5 Jul 2017 20:13:32 +0000 (13:13 -0700)]
Merge branch 'work.misc-set_fs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

Pull misc user access cleanups from Al Viro:
 "The first pile is assorted getting rid of cargo-culted access_ok(),
  cargo-culted set_fs() and field-by-field copyouts.

  The same description applies to a lot of stuff in other branches -
  this is just the stuff that didn't fit into a more specific topical
  branch"

* 'work.misc-set_fs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
  Switch flock copyin/copyout primitives to copy_{from,to}_user()
  fs/fcntl: return -ESRCH in f_setown when pid/pgid can't be found
  fs/fcntl: f_setown, avoid undefined behaviour
  fs/fcntl: f_setown, allow returning error
  lpfc debugfs: get rid of pointless access_ok()
  adb: get rid of pointless access_ok()
  isdn: get rid of pointless access_ok()
  compat statfs: switch to copy_to_user()
  fs/locks: don't mess with the address limit in compat_fcntl64
  nfsd_readlink(): switch to vfs_get_link()
  drbd: ->sendpage() never needed set_fs()
  fs/locks: pass kernel struct flock to fcntl_getlk/setlk
  fs: locks: Fix some troubles at kernel-doc comments

7 years agoCavium CNN55XX: fix broken default Kconfig entry
Linus Torvalds [Wed, 5 Jul 2017 20:03:05 +0000 (13:03 -0700)]
Cavium CNN55XX: fix broken default Kconfig entry

Every developer always thinks that _their_ code is so special and
magical that it should be enabled by default.

And most of them are completely and utterly wrong.  That's definitely
the case when you write a specialty driver for a very unsual "security
processor". It does *not* get to mark itself as "default m".

If you solve world hunger, and make a driver that cures people of
cancer, by all means enable it by default.  But afaik, the Cavium
CNN55XX does neither.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
7 years agoparisc: ->mapping_error
Christoph Hellwig [Wed, 5 Jul 2017 02:55:06 +0000 (19:55 -0700)]
parisc: ->mapping_error

DMA_ERROR_CODE already went away in linux-next, but parisc unfortunately
added a new instance of it without any review as far as I can tell.

Move the two iommu drivers to report errors through ->mapping_error.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Helge Deller <deller@gmx.de>
7 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
Linus Torvalds [Wed, 5 Jul 2017 19:31:59 +0000 (12:31 -0700)]
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next

Pull networking updates from David Miller:
 "Reasonably busy this cycle, but perhaps not as busy as in the 4.12
  merge window:

   1) Several optimizations for UDP processing under high load from
      Paolo Abeni.

   2) Support pacing internally in TCP when using the sch_fq packet
      scheduler for this is not practical. From Eric Dumazet.

   3) Support mutliple filter chains per qdisc, from Jiri Pirko.

   4) Move to 1ms TCP timestamp clock, from Eric Dumazet.

   5) Add batch dequeueing to vhost_net, from Jason Wang.

   6) Flesh out more completely SCTP checksum offload support, from
      Davide Caratti.

   7) More plumbing of extended netlink ACKs, from David Ahern, Pablo
      Neira Ayuso, and Matthias Schiffer.

   8) Add devlink support to nfp driver, from Simon Horman.

   9) Add RTM_F_FIB_MATCH flag to RTM_GETROUTE queries, from Roopa
      Prabhu.

  10) Add stack depth tracking to BPF verifier and use this information
      in the various eBPF JITs. From Alexei Starovoitov.

  11) Support XDP on qed device VFs, from Yuval Mintz.

  12) Introduce BPF PROG ID for better introspection of installed BPF
      programs. From Martin KaFai Lau.

  13) Add bpf_set_hash helper for TC bpf programs, from Daniel Borkmann.

  14) For loads, allow narrower accesses in bpf verifier checking, from
      Yonghong Song.

  15) Support MIPS in the BPF selftests and samples infrastructure, the
      MIPS eBPF JIT will be merged in via the MIPS GIT tree. From David
      Daney.

  16) Support kernel based TLS, from Dave Watson and others.

  17) Remove completely DST garbage collection, from Wei Wang.

  18) Allow installing TCP MD5 rules using prefixes, from Ivan
      Delalande.

  19) Add XDP support to Intel i40e driver, from Björn Töpel

  20) Add support for TC flower offload in nfp driver, from Simon
      Horman, Pieter Jansen van Vuuren, Benjamin LaHaise, Jakub
      Kicinski, and Bert van Leeuwen.

  21) IPSEC offloading support in mlx5, from Ilan Tayari.

  22) Add HW PTP support to macb driver, from Rafal Ozieblo.

  23) Networking refcount_t conversions, From Elena Reshetova.

  24) Add sock_ops support to BPF, from Lawrence Brako. This is useful
      for tuning the TCP sockopt settings of a group of applications,
      currently via CGROUPs"

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1899 commits)
  net: phy: dp83867: add workaround for incorrect RX_CTRL pin strap
  dt-bindings: phy: dp83867: provide a workaround for incorrect RX_CTRL pin strap
  cxgb4: Support for get_ts_info ethtool method
  cxgb4: Add PTP Hardware Clock (PHC) support
  cxgb4: time stamping interface for PTP
  nfp: default to chained metadata prepend format
  nfp: remove legacy MAC address lookup
  nfp: improve order of interfaces in breakout mode
  net: macb: remove extraneous return when MACB_EXT_DESC is defined
  bpf: add missing break in for the TCP_BPF_SNDCWND_CLAMP case
  bpf: fix return in load_bpf_file
  mpls: fix rtm policy in mpls_getroute
  net, ax25: convert ax25_cb.refcount from atomic_t to refcount_t
  net, ax25: convert ax25_route.refcount from atomic_t to refcount_t
  net, ax25: convert ax25_uid_assoc.refcount from atomic_t to refcount_t
  net, sctp: convert sctp_ep_common.refcnt from atomic_t to refcount_t
  net, sctp: convert sctp_transport.refcnt from atomic_t to refcount_t
  net, sctp: convert sctp_chunk.refcnt from atomic_t to refcount_t
  net, sctp: convert sctp_datamsg.refcnt from atomic_t to refcount_t
  net, sctp: convert sctp_auth_bytes.refcnt from atomic_t to refcount_t
  ...

7 years agoMerge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Linus Torvalds [Wed, 5 Jul 2017 19:22:23 +0000 (12:22 -0700)]
Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

Pull crypto updates from Herbert Xu:
 "Algorithms:
   - add private key generation to ecdh

  Drivers:
   - add generic gcm(aes) to aesni-intel
   - add SafeXcel EIP197 crypto engine driver
   - add ecb(aes), cfb(aes) and ecb(des3_ede) to cavium
   - add support for CNN55XX adapters in cavium
   - add ctr mode to chcr
   - add support for gcm(aes) to omap"

* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (140 commits)
  crypto: testmgr - Reenable sha1/aes in FIPS mode
  crypto: ccp - Release locks before returning
  crypto: cavium/nitrox - dma_mapping_error() returns bool
  crypto: doc - fix typo in docs
  Documentation/bindings: Document the SafeXel cryptographic engine driver
  crypto: caam - fix gfp allocation flags (part II)
  crypto: caam - fix gfp allocation flags (part I)
  crypto: drbg - Fixes panic in wait_for_completion call
  crypto: caam - make of_device_ids const.
  crypto: vmx - remove unnecessary check
  crypto: n2 - make of_device_ids const
  crypto: inside-secure - use the base_end pointer in ring rollback
  crypto: inside-secure - increase the batch size
  crypto: inside-secure - only dequeue when needed
  crypto: inside-secure - get the backlog before dequeueing the request
  crypto: inside-secure - stop requeueing failed requests
  crypto: inside-secure - use one queue per hw ring
  crypto: inside-secure - update the context and request later
  crypto: inside-secure - align the cipher and hash send functions
  crypto: inside-secure - optimize DSE bufferability control
  ...

7 years agoMerge tag 'gcc-plugins-v4.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git...
Linus Torvalds [Wed, 5 Jul 2017 18:46:59 +0000 (11:46 -0700)]
Merge tag 'gcc-plugins-v4.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull GCC plugin updates from Kees Cook:
 "The big part is the randstruct plugin infrastructure.

  This is the first of two expected pull requests for randstruct since
  there are dependencies in other trees that would be easier to merge
  once those have landed. Notably, the IPC allocation refactoring in
  -mm, and many trivial merge conflicts across several trees when
  applying the __randomize_layout annotation.

  As a result, it seemed like I should send this now since it is
  relatively self-contained, and once the rest of the trees have landed,
  send the annotation patches. I'm expecting the final phase of
  randstruct (automatic struct selection) will land for v4.14, but if
  its other tree dependencies actually make it for v4.13, I can send
  that merge request too.

  Summary:

  - typo fix in Kconfig (Jean Delvare)

  - randstruct infrastructure"

* tag 'gcc-plugins-v4.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  ARM: Prepare for randomized task_struct
  randstruct: Whitelist NIU struct page overloading
  randstruct: Whitelist big_key path struct overloading
  randstruct: Whitelist UNIXCB cast
  randstruct: Whitelist struct security_hook_heads cast
  gcc-plugins: Add the randstruct plugin
  Fix English in description of GCC_PLUGIN_STRUCTLEAK
  compiler: Add __designated_init annotation
  gcc-plugins: Detail c-common.h location for GCC 4.6

7 years agoMerge tag 'pstore-v4.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees...
Linus Torvalds [Wed, 5 Jul 2017 18:43:47 +0000 (11:43 -0700)]
Merge tag 'pstore-v4.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull pstore updates from Kees Cook:
 "Various fixes and tweaks for the pstore subsystem.

  Highlights:

   - use memdup_user() instead of open-coded copies (Geliang Tang)

   - fix record memory leak during initialization (Douglas Anderson)

   - avoid confused compressed record warning (Ankit Kumar)

   - prepopulate record timestamp and remove redundant logic from
     backends"

* tag 'pstore-v4.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  powerpc/nvram: use memdup_user
  pstore: use memdup_user
  pstore: Fix format string to use %u for record id
  pstore: Populate pstore record->time field
  pstore: Create common record initializer
  efi-pstore: Refactor erase routine
  pstore: Avoid potential infinite loop
  pstore: Fix leaked pstore_record in pstore_get_backend_records()
  pstore: Don't warn if data is uncompressed and type is not PSTORE_TYPE_DMESG

7 years agoMerge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux...
Linus Torvalds [Wed, 5 Jul 2017 18:26:35 +0000 (11:26 -0700)]
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull security layer updates from James Morris:

 - a major update for AppArmor. From JJ:

     * several bug fixes and cleanups

     * the patch to add symlink support to securityfs that was floated
       on the list earlier and the apparmorfs changes that make use of
       securityfs symlinks

     * it introduces the domain labeling base code that Ubuntu has been
       carrying for several years, with several cleanups applied. And it
       converts the current mediation over to using the domain labeling
       base, which brings domain stacking support with it. This finally
       will bring the base upstream code in line with Ubuntu and provide
       a base to upstream the new feature work that Ubuntu carries.

     * This does _not_ contain any of the newer apparmor mediation
       features/controls (mount, signals, network, keys, ...) that
       Ubuntu is currently carrying, all of which will be RFC'd on top
       of this.

 - Notable also is the Infiniband work in SELinux, and the new file:map
   permission. From Paul:

      "While we're down to 21 patches for v4.13 (it was 31 for v4.12),
       the diffstat jumps up tremendously with over 2k of line changes.

       Almost all of these changes are the SELinux/IB work done by
       Daniel Jurgens; some other noteworthy changes include a NFS v4.2
       labeling fix, a new file:map permission, and reporting of policy
       capabilities on policy load"

   There's also now genfscon labeling support for tracefs, which was
   lost in v4.1 with the separation from debugfs.

 - Smack incorporates a safer socket check in file_receive, and adds a
   cap_capable call in privilege check.

 - TPM as usual has a bunch of fixes and enhancements.

 - Multiple calls to security_add_hooks() can now be made for the same
   LSM, to allow LSMs to have hook declarations across multiple files.

 - IMA now supports different "ima_appraise=" modes (eg. log, fix) from
   the boot command line.

* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (126 commits)
  apparmor: put back designators in struct initialisers
  seccomp: Switch from atomic_t to recount_t
  seccomp: Adjust selftests to avoid double-join
  seccomp: Clean up core dump logic
  IMA: update IMA policy documentation to include pcr= option
  ima: Log the same audit cause whenever a file has no signature
  ima: Simplify policy_func_show.
  integrity: Small code improvements
  ima: fix get_binary_runtime_size()
  ima: use ima_parse_buf() to parse template data
  ima: use ima_parse_buf() to parse measurements headers
  ima: introduce ima_parse_buf()
  ima: Add cgroups2 to the defaults list
  ima: use memdup_user_nul
  ima: fix up #endif comments
  IMA: Correct Kconfig dependencies for hash selection
  ima: define is_ima_appraise_enabled()
  ima: define Kconfig IMA_APPRAISE_BOOTPARAM option
  ima: define a set of appraisal rules requiring file signatures
  ima: extend the "ima_policy" boot command line to support multiple policies
  ...

7 years agoMerge branch 'stable-4.13' of git://git.infradead.org/users/pcmoore/audit
Linus Torvalds [Wed, 5 Jul 2017 18:24:05 +0000 (11:24 -0700)]
Merge branch 'stable-4.13' of git://git.infradead.org/users/pcmoore/audit

Pull audit updates from Paul Moore:
 "Things are relatively quiet on the audit front for v4.13, just five
  patches for a total diffstat of 102 lines.

  There are two patches from Richard to consistently record the POSIX
  capabilities and add the ambient capability information as well.

  I also chipped in two patches to fix a race condition with the auditd
  tracking code and ensure we don't skip sending any records to the
  audit multicast group.

  Finally a single style fix that I accepted because I must have been in
  a good mood that day.

  Everything passes our test suite, and should be relatively harmless,
  please merge for v4.13"

* 'stable-4.13' of git://git.infradead.org/users/pcmoore/audit:
  audit: make sure we never skip the multicast broadcast
  audit: fix a race condition with the auditd tracking code
  audit: style fix
  audit: add ambient capabilities to CAPSET and BPRM_FCAPS records
  audit: unswing cap_* fields in PATH records

7 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek...
Linus Torvalds [Wed, 5 Jul 2017 18:11:26 +0000 (11:11 -0700)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk

Pull printk updates from Petr Mladek:

 - Store printk() messages into the main log buffer directly even in NMI
   when the lock is available. It is the best effort to print even large
   chunk of text. It is handy, for example, when all ftrace messages are
   printed during the system panic in NMI.

 - Add missing annotations to calm down compiler warnings

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk:
  printk: add __printf attributes to internal functions
  printk: Use the main logbuf in NMI when logbuf_lock is available

7 years agoGFS2: constify attribute_group structures.
Arvind Yadav [Fri, 30 Jun 2017 13:33:54 +0000 (08:33 -0500)]
GFS2: constify attribute_group structures.

attribute_groups are not supposed to change at runtime. All functions
working with attribute_groups provided by <linux/sysfs.h> work with const
attribute_group. So mark the non-const structs as const.

File size before:
   text    data     bss     dec     hex filename
   5259    1344       8    6611    19d3 fs/gfs2/sys.o

File size After adding 'const':
   text    data     bss     dec     hex filename
   5371    1216       8    6595    19c3 fs/gfs2/sys.o

Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com>
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
7 years agogfs2: gfs2_create_inode: Keep glock across iput
Andreas Gruenbacher [Fri, 30 Jun 2017 13:16:46 +0000 (08:16 -0500)]
gfs2: gfs2_create_inode: Keep glock across iput

On failure, keep the inode glock across the final iput of the new inode
so that gfs2_evict_inode doesn't have to re-acquire the glock.  That
way, gfs2_evict_inode won't need to revalidate the block type.

Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
7 years agogfs2: Clean up glock work enqueuing
Andreas Gruenbacher [Fri, 30 Jun 2017 13:10:01 +0000 (08:10 -0500)]
gfs2: Clean up glock work enqueuing

This patch adds a standardized queueing mechanism for glock work
with spin_lock protection to prevent races.

Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
7 years agogfs2: Protect gl->gl_object by spin lock
Andreas Gruenbacher [Fri, 30 Jun 2017 12:55:08 +0000 (07:55 -0500)]
gfs2: Protect gl->gl_object by spin lock

Put all remaining accesses to gl->gl_object under the
gl->gl_lockref.lock spinlock to prevent races.

Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
7 years agogfs2: Get rid of flush_delayed_work in gfs2_evict_inode
Andreas Gruenbacher [Fri, 30 Jun 2017 12:47:15 +0000 (07:47 -0500)]
gfs2: Get rid of flush_delayed_work in gfs2_evict_inode

So far, gfs2_evict_inode clears gl->gl_object and then flushes the glock
work queue to make sure that inode glops which dereference gl->gl_object
have finished running before the inode is destroyed.  However, flushing
the work queue may do more work than needed, and in particular, it may
call into DLM, which we want to avoid here.  Use a bit lock
(GIF_GLOP_PENDING) to synchronize between the inode glops and
gfs2_evict_inode instead to get rid of the flushing.

In addition, flush the work queues of existing glocks before reusing
them for new inodes to get those glocks into a known state: the glock
state engine currently doesn't handle glock re-appropriation correctly.
(We may be able to fix the glock state engine instead later.)

Based on a patch by Steven Whitehouse <swhiteho@redhat.com>.

Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
7 years agoMerge branch 'phy-dp83867-workaround-incorrect-RX_CTRL-pin-strap'
David S. Miller [Wed, 5 Jul 2017 08:23:53 +0000 (09:23 +0100)]
Merge branch 'phy-dp83867-workaround-incorrect-RX_CTRL-pin-strap'

Sekhar Nori says:

====================
net: phy: dp83867: workaround incorrect RX_CTRL pin strap

This patch series adds workaround for incorrect RX_CTRL pin strap
setting that can be found on some TI boards.

This is required to be complaint to PHY datamanual specification.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet: phy: dp83867: add workaround for incorrect RX_CTRL pin strap
Murali Karicheri [Tue, 4 Jul 2017 10:53:24 +0000 (16:23 +0530)]
net: phy: dp83867: add workaround for incorrect RX_CTRL pin strap

The data manual for DP83867IR/CR, SNLS484E[1], revised march 2017,
advises that strapping RX_DV/RX_CTRL pin in mode 1 and 2 is not
supported (see note below Table 5 (4-Level Strap Pins)).

There are some boards which have the pin strapped this way and need
software workaround suggested by the data manual. Bit[7] of
Configuration Register 4 (address 0x0031) must be cleared to 0. This
ensures proper operation of the PHY.

Implement driver support for device-tree property meant to advertise
the wrong strapping.

[1] http://www.ti.com/lit/ds/snls484e/snls484e.pdf

Signed-off-by: Murali Karicheri <m-karicheri2@ti.com>
[nsekhar@ti.com: rebase to mainline, code simplification]
Signed-off-by: Sekhar Nori <nsekhar@ti.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agodt-bindings: phy: dp83867: provide a workaround for incorrect RX_CTRL pin strap
Murali Karicheri [Tue, 4 Jul 2017 10:53:23 +0000 (16:23 +0530)]
dt-bindings: phy: dp83867: provide a workaround for incorrect RX_CTRL pin strap

The data manual for DP83867IR/CR, SNLS484E[1], revised march 2017,
advises that strapping RX_DV/RX_CTRL pin in mode 1 and 2 is not
supported (see note below Table 5 (4-Level Strap Pins)).

It further advises that if a board has this pin strapped in mode 1 and
mode 2, then to ensure proper operation of the PHY, a software workaround
must be implemented.

Since it is not possible to detect in software if RX_DV/RX_CTRL pin is
incorrectly strapped, add a device-tree property for the board to
advertise this and allow corrective action in software.

[1] http://www.ti.com/lit/ds/snls484e/snls484e.pdf

Signed-off-by: Murali Karicheri <m-karicheri2@ti.com>
[nsekhar@ti.com: rebase to mainline, split documentation into separate patch]
Signed-off-by: Sekhar Nori <nsekhar@ti.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoMerge branch 'cxgb4-ptp'
David S. Miller [Wed, 5 Jul 2017 08:21:54 +0000 (09:21 +0100)]
Merge branch 'cxgb4-ptp'

Atul Gupta says:

====================
cxgb4: Add PTP Hardware Clock (PHC) support

V4:
Splitting the patch again
V3:
        Releasing lock in the exit paths
V2:
        Splitting the patch
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agocxgb4: Support for get_ts_info ethtool method
Atul Gupta [Tue, 4 Jul 2017 11:16:22 +0000 (16:46 +0530)]
cxgb4: Support for get_ts_info ethtool method

Cc: Richard Cochran <richardcochran@gmail.com>
Signed-off-by: Atul Gupta <atul.gupta@chelsio.com>
Signed-off-by: Ganesh Goudar <ganeshgr@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agocxgb4: Add PTP Hardware Clock (PHC) support
Atul Gupta [Tue, 4 Jul 2017 11:16:21 +0000 (16:46 +0530)]
cxgb4: Add PTP Hardware Clock (PHC) support

Add PTP IEEE-1588 support and make it accessible via PHC subsystem.
The functionality is enabled for T5/T6 adapters. Driver interfaces with
Firmware to program and adjust the clock offset.

Cc: Richard Cochran <richardcochran@gmail.com>
Signed-off-by: Atul Gupta <atul.gupta@chelsio.com>
Signed-off-by: Ganesh Goudar <ganeshgr@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agocxgb4: time stamping interface for PTP
Atul Gupta [Tue, 4 Jul 2017 11:16:20 +0000 (16:46 +0530)]
cxgb4: time stamping interface for PTP

Supports hardware and software time stamping via the
Linux SO_TIMESTAMPING socket option.

Cc: Richard Cochran <richardcochran@gmail.com>
Signed-off-by: Atul Gupta <atul.gupta@chelsio.com>
Signed-off-by: Ganesh Goudar <ganeshgr@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoMerge branch 'nfp-port-enumeration-change-and-FW-ABI-adjustment'
David S. Miller [Wed, 5 Jul 2017 08:13:08 +0000 (09:13 +0100)]
Merge branch 'nfp-port-enumeration-change-and-FW-ABI-adjustment'

Jakub Kicinski says:

====================
nfp: port enumeration change and FW ABI adjustment

This set changes the way ports are numbered internally to avoid MAC address
changes and invalid link information when breakout is configured.  Second
patch gets rid of old way of looking up MAC addresses in device information
which caused all this confusion.

Patch 3 is a small adjustment to the new FW ABI version we introduced in
this release cycle.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonfp: default to chained metadata prepend format
Jakub Kicinski [Tue, 4 Jul 2017 09:27:21 +0000 (02:27 -0700)]
nfp: default to chained metadata prepend format

ABI 4.x introduced the chained metadata format and made it the
only one possible.  There are cases, however, where the old
format is preferred - mostly to make interoperation with VFs
using ABI 3.x easier for the datapath.  In ABI 5.x we allowed
for more flexibility by selecting the metadata format based
on capabilities.  The default was left to non-chained.

In case of fallback traffic, there is no capability telling the
driver there may be chained metadata.  With a very stripped-
-down FW the default old metadata format would be selected
making the driver drop all fallback traffic.

This patch changes the default selection in the driver. It
should not hurt with old firmwares, because if they don't
advertise RSS they will not produce metadata anyway.  New
firmwares advertising ABI 5.x, however, can depend on the
driver defaulting to chained format.

Fixes: f9380629fafc ("nfp: advertise support for NFD ABI 0.5")
Suggested-by: Michael Rapson <michael.rapson@netronome.com>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonfp: remove legacy MAC address lookup
Jakub Kicinski [Tue, 4 Jul 2017 09:27:20 +0000 (02:27 -0700)]
nfp: remove legacy MAC address lookup

The legacy MAC address lookup doesn't work well with breakout
cables.  We are probably better off picking random addresses
than the wrong ones in the theoretical scenario where management
FW didn't tell us what the port config is.

Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonfp: improve order of interfaces in breakout mode
Jakub Kicinski [Tue, 4 Jul 2017 09:27:19 +0000 (02:27 -0700)]
nfp: improve order of interfaces in breakout mode

For historical reasons we enumerate the vNICs in order.  This means
that if user configures breakout on a multiport card, the first
interface of the second port will have its MAC address changed.

What's worse, when moved from static information (HWInfo) to using
management FW (NSP), more features started depending on the port ids.
Right now in case of breakout first subport of the second port and
second subport of the first port will have their link info swapped.

Revise the ordering scheme so that first subport maintains its address.
Side effect of this change is that we will use base lane ids in
devlink (i.e. 40G ports will be 4 ids apart), e.g.:

pci/0000:04:00.0/0: type eth netdev p6p1
pci/0000:04:00.0/4: type eth netdev p6p2

Note that behaviour of phys_port_id is not changed since there is
a separate id number for the subport there.

Fixes: ec8b1fbe682d ("nfp: support port splitting via devlink")
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet: macb: remove extraneous return when MACB_EXT_DESC is defined
Colin Ian King [Tue, 4 Jul 2017 15:09:59 +0000 (16:09 +0100)]
net: macb: remove extraneous return when MACB_EXT_DESC is defined

When macro MACB_EXT_DESC is defined we end up with two identical
return statements and just one is sufficient. Remove the extra
return.

Detected by CoverityScan, CID#1449361 ("Structurally dead code")

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Nicolas Ferre <nicolas.ferre@microchip.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agobpf: add missing break in for the TCP_BPF_SNDCWND_CLAMP case
Colin Ian King [Tue, 4 Jul 2017 15:21:12 +0000 (16:21 +0100)]
bpf: add missing break in for the TCP_BPF_SNDCWND_CLAMP case

There appears to be a missing break in the TCP_BPF_SNDCWND_CLAMP case.
Currently the non-error path where val is greater than zero falls through
to the default case that sets the error return to -EINVAL. Add in
the missing break.

Detected by CoverityScan, CID#1449376 ("Missing break in switch")

Fixes: 13bf96411ad2 ("bpf: Adds support for setting sndcwnd clamp")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Lawrence Brakmo <brakmo@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agobpf: fix return in load_bpf_file
Lawrence Brakmo [Tue, 4 Jul 2017 22:57:50 +0000 (15:57 -0700)]
bpf: fix return in load_bpf_file

The function load_bpf_file ignores the return value of
load_and_attach(), so even if load_and_attach() returns an error,
load_bpf_file() will return 0.

Now, load_bpf_file() can call load_and_attach() multiple times and some
can succeed and some could fail. I think the correct behavor is to
return error on the first failed load_and_attach().

v2: Added missing SOB

Signed-off-by: Lawrence Brakmo <brakmo@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agompls: fix rtm policy in mpls_getroute
Roopa Prabhu [Wed, 5 Jul 2017 00:03:02 +0000 (17:03 -0700)]
mpls: fix rtm policy in mpls_getroute

fix rtm policy name typo in mpls_getroute and also remove
export of rtm_ipv4_policy

Fixes: 397fc9e5cefe ("mpls: route get support")
Reported-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Herbert Xu [Wed, 5 Jul 2017 07:17:26 +0000 (15:17 +0800)]
Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

Merge the crypto tree to pull in fixes for the next merge window.

7 years agoMerge branch 'merge/randstruct' into for-next/gcc-plugins
Kees Cook [Wed, 5 Jul 2017 04:41:31 +0000 (21:41 -0700)]
Merge branch 'merge/randstruct' into for-next/gcc-plugins

7 years agoMerge branch 'for-next/gcc-plugin-infrastructure' into merge/randstruct
Kees Cook [Wed, 5 Jul 2017 04:40:47 +0000 (21:40 -0700)]
Merge branch 'for-next/gcc-plugin-infrastructure' into merge/randstruct

7 years agoMerge tag 'armsoc-arm64' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
Linus Torvalds [Tue, 4 Jul 2017 21:53:26 +0000 (14:53 -0700)]
Merge tag 'armsoc-arm64' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc

Pull ARM SoC 64-bit updates from Arnd Bergmann:
 "Changes to platform code for 64-bit ARM platforms.

  Andreas Färber adds two new platforms with initial code: Realtek
  RTD1295 and Action Semi S900. Both are fairly similar chips, used
  mainly in set-top-boxes, but with other possible applications, and
  additional members in the respective product families that could be
  added in the future. The code here is fairly minimal, as all the
  interesting parts are in device drivers and dts files.

  The Broadcom Vulcan platform gets dropped, as no products ever became
  available, and Cavium integrated the platform under a new name.

  Among some other defconfig changes, Timur Tabi enables a number of
  options that are typically required for server platforms"

* tag 'armsoc-arm64' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
  arm64: defconfig: remove duplicate entry
  arm64: defconfig: enable Qualcomm Technologies EMAC and some PHY drivers
  arm64: defconfig: enable QCOM_L2_PMU and QCOM_L3_PMU
  arm64: defconfig: enable EDAC options
  arm64: defconfig: enable APEI and GHES features
  arm64: defconfig: enable support for PCIe hotplug
  arm64: defconfig: enable EFI_CAPSULE_LOADER
  arm64: defconfig: enable BLK_DEV_NVME
  arm64: defconfig: enable ACPI_CPPC_CPUFREQ
  arm64: marvell: enable ICU and GICP drivers
  arm64: marvell: enable the Armada 7K/8K pinctrl driver
  arm64: Prepare Actions Semi S900
  ARM64: defconfig: enable meson SPICC as module
  ARM64: defconfig: enable IR core, decoders and Meson IR device
  arm64: defconfig: enable Simple Sound Card support
  arm64: defconfig: Enable ARCH_BRCMSTB
  arm64: defconfig: drop ARCH_VULCAN
  arm64: disable Broadcom Vulcan platform
  MAINTAINERS: Add Realtek section
  ARM64: Prepare Realtek RTD1295

7 years agoMerge tag 'armsoc-dt64' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
Linus Torvalds [Tue, 4 Jul 2017 21:50:59 +0000 (14:50 -0700)]
Merge tag 'armsoc-dt64' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc

Pull ARM 64-bit DT updates from Arnd Bergmann:
 "Device-tree updates for arm64 platforms. For the first time I can
  remember, this is actually larger than the corresponding branch for
  32-bit platforms overall, though that has more individual changes.

  A significant portion this time is due to added machine support:

   - Initial support for the Realtek RTD1295 SoC, along with the Zidoo
     X9S set-top-box

   - Initial support for Actions Semi S900 and the Bubblegum-96
     single-board-cёmputer.

   - Rockchips support for the rk3399-Firefly single-board-computer gets
     added, this one stands out for being relatively fast, affordable
     and well₋supported, compared to many boards that only fall into one
     or two of the above categories.

   - Mediatek gains support for the mt6797 mobile-phone SoC platform and
     corresponding evaluation board.

   - Amlogic board support gets added for the NanoPi K2 and S905x
     LibreTech CC single-board computers and the R-Box Pro set-top-box

   - Allwinner board support gets added for the OrangePi Win, Orangepi
     Zero Plus 2, NanoPi NEO2 and Orange Pi Prime single board computers
     and the SoPine system-on-module.

   - Renesas board support for Salvator-XS and H3ULCB automotive
     development systems.

   - Socionext Uniphier board support for LD11-global and LD20-global,
     whatever those may be.

   - Broadcom adds support for the new Stingray communication processor
     in its iProc family, along with two reference boards.

  Other updates include:

   - For the hisicon platform, support for Hi3660-Hikey960 gets extended
     significantly.

   - Lots of smaller updates for Renesas, Amlogic, Rockchip, UniPhier,
     Broadcom, Allwinner, Hisilicon, Qualcomm, Marvell, and NXP"

* tag 'armsoc-dt64' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (243 commits)
  ARM64: dts: marvell: armada37xx: Fix timer interrupt specifiers
  Revert "arm64: dts: marvell: add dma-mask in crypto nodes for 7k/8k"
  arm64: dts: mediatek: don't include missing file
  ARM64: dts: meson-gxl: Add Libre Technology CC support
  dt-bindings: arm: amlogic: Add Libre Technology CC board
  dt-bindings: add Libre Technology vendor prefix
  arm64: dts: marvell: enable GICP and ICU on Armada 7K/8K
  arm64: dts: zte: Use - instead of @ for DT OPP entries
  arm64: dts: marvell: add gpio support for Armada 7K/8K
  arm64: dts: marvell: add pinctrl support for Armada 7K/8K
  arm64: dts: marvell: use new binding for the system controller on cp110
  arm64: dts: marvell: remove *-clock-output-names on cp110
  arm64: dts: marvell: use new bindings for xor clocks on ap806
  arm64: dts: marvell: mcbin: enable the mdio node
  arm64: dts: Add Actions Semi S900 and Bubblegum-96
  dt-bindings: Add vendor prefix for uCRobotics
  arm64: dts: marvell: add xmdio nodes for 7k/8k
  arm64: dts: marvell: add a comment on the cp110 slave node status
  arm64: dts: marvell: remove cpm crypto nodes from dts files
  arm64: dts: marvell: cp110: enable the crypto engine at the SoC level
  ...

7 years agoMerge tag 'armsoc-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
Linus Torvalds [Tue, 4 Jul 2017 21:47:47 +0000 (14:47 -0700)]
Merge tag 'armsoc-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc

Pull ARM SoC driver updates from Arnd Bergmann:
 "New SoC specific drivers:

   - NVIDIA Tegra PM Domain support for newer SoCs (Tegra186 and later)
     based on the "BPMP" firmware

   - Clocksource and system controller drivers for the newly added
     Action Semi platforms (both arm and arm64).

  Reset subsystem, merged through arm-soc by tradition:

   - New drivers for Altera Stratix10, TI Keystone and Cortina Gemini
     SoCs

   - Various subsystem-wide cleanups

  Updates for existing SoC-specific drivers

   - TI GPMC (General Purpose Memory Controller)

   - Mediatek "scpsys" system controller support for MT6797

   - Broadcom "brcmstb_gisb" bus arbitrer

   - ARM SCPI firmware

   - Renesas "SYSC" system controller

  One more driver update was submitted for the Freescale/NXP DPAA data
  path acceleration that has previously been used on PowerPC chips. I
  ended up postponing the merge until some API questions for its unusual
  MMIO access are resolved"

* tag 'armsoc-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (35 commits)
  clocksource: owl: Add S900 support
  clocksource: Add Owl timer
  soc: renesas: rcar-sysc: Use GENPD_FLAG_ALWAYS_ON
  firmware: tegra: Fix locking bugs in BPMP
  soc/tegra: flowctrl: Fix error handling
  soc/tegra: bpmp: Implement generic PM domains
  soc/tegra: bpmp: Update ABI header
  PM / Domains: Allow overriding the ->xlate() callback
  soc: brcmstb: enable drivers for ARM64 and BMIPS
  soc: renesas: Rework Kconfig and Makefile logic
  reset: Add the TI SCI reset driver
  dt-bindings: reset: Add TI SCI reset binding
  reset: use kref for reference counting
  soc: qcom: smsm: Improve error handling, quiesce probe deferral
  cpufreq: scpi: use new scpi_ops functions to remove duplicate code
  firmware: arm_scpi: add support to populate OPPs and get transition latency
  dt-bindings: reset: Add reset manager offsets for Stratix10
  memory: omap-gpmc: add error message if bank-width property is absent
  memory: omap-gpmc: make dts snippet include semicolon
  reset: Add a Gemini reset controller
  ...

7 years agoMerge tag 'armsoc-defconfig' of git://git.kernel.org/pub/scm/linux/kernel/git/arm...
Linus Torvalds [Tue, 4 Jul 2017 21:40:29 +0000 (14:40 -0700)]
Merge tag 'armsoc-defconfig' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc

Pull ARM SoC defconfig updates from Arnd Bergmann:
 "The main changes this time are from a cleanup series that Krzysztof
  Kozłowski did, looking for config options in the defconfig files that
  got removed or renamed. He tracked them down to make sure we don't
  lose information unintentionally after an update.

  Aside from that, there is the usual driver enablement, this time for
  davinci, samsung, stm32, bcm2835, qualcomm, at91, imx, mvebu, and
  omap"

* tag 'armsoc-defconfig' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (37 commits)
  multi_v7_defconfig: Enable OMAP MTD and DM816 AHCI
  ARM: qcom_defconfig: enable RPMSG_QCOM_SMD
  ARM: imx_v6_v7_defconfig: Select CONFIG_IMX7D_ADC
  ARM: mvebu: Enable SENSORS_PWM_FAN in defconfig
  ARM: davinci_all_defconfig: enable USB CDC NCM gadget
  ARM: davinci_all_defconfig: enable mtdtests
  ARM: imx_v6_v7_defconfig: Set THERMAL_WRITABLE_TRIPS=y for testing
  ARM: bcm2835_defconfig: Enable serial & ethernet USB gadget support
  ARM: tct_hammer_defconfig: Save defconfig
  ARM: s5pv210_defconfig: Save defconfig
  ARM: s3c6400_defconfig: Save defconfig
  ARM: mini2440_defconfig: Save defconfig
  ARM: s3c2410_defconfig: Save defconfig
  ARM: exynos_defconfig: Save defconfig
  ARM: s5pv210_defconfig: Bring back lost (but wanted) options
  ARM: s3c6400_defconfig: Bring back lost (but wanted) options
  ARM: s3c2410_defconfig: Bring back lost (but wanted) options
  ARM: tct_hammer_defconfig: Bring back lost (but wanted) options
  ARM: mini2440_defconfig: Bring back lost (but wanted) options
  ARM: defconfig: samsung: Re-order entries to match savedefconfig
  ...

7 years agoMerge tag 'armsoc-dt' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
Linus Torvalds [Tue, 4 Jul 2017 21:37:25 +0000 (14:37 -0700)]
Merge tag 'armsoc-dt' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc

Pull ARM device-tree updates from Arnd Bergmann:
 "Device-tree continues to see lots of updates. The majority of patches
  here are smaller changes for new hardware on existing platforms, and
  there are a few larger changes worth pointing out.

  New machines:

   - The new Action Semi S500 platform is added along with initial
     support for the LeMaker Guitar board.

   - STM32 gains support for three new boards: stm32h743-disco,
     stm32f746-disco, and stm32f769-disco, along with new device support
     for the existing stm32f429 boards.

   - Renesas adds two new boards, the tiny GR-Peach based on RZ/A1H with
     10MB on-chip SRAM, and the iWave G20D-Q7 System-on-Module plus
     board.

   - On Marvell "mvebu", we gain support for the Linksys WRT3200ACM
     wireless router.

   - For NXP i.MX, we gain support for the Gateworks Ventana GW5600 and
     the Technexion Pico i.MX7D single-board computers.

   - The BeagleBone Blue is added for OMAP, it's the latest variation of
     the popular Beaglebone Black single-board computer.

   - The Allwinner based Lichee Pi Zero and NanoPi M1 Plus boards are
     added, these are the latest variations of a seemingly endless
     supply of similar single-board computers.

  Other updates:

   - Linus Walleij improves support for the "Faraday" based SoC
     platforms from various SoC makers (Moxart, Aspeed, Gemini)

   - The ARM Mali GPU is now describe on Rockchips SoCs

   - Mediatek MT7623 is extended significantly, making it much more
     useful.

   - Lots of individual updates on Renesas, OMAP, Rockchips, Broadcom,
     Allwinner, Qualcomm, iMX

   - For Amlogic, the clock support is extended a lot on meson8b.

   - We now build the devicetree file for the Raspberry Pi 3 on 32-bit
     ARM, in addition to the existing ARM64 support, to help users
     wanting to run a 32-bit system on it"

* tag 'armsoc-dt' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (345 commits)
  ARM: dts: socfpga: set the i2c frequency
  ARM: dts: socfpga: Add second ethernet alias to VINING FPGA
  ARM: dts: socfpga: Drop LED node from VINING FPGA
  ARM: dts: socfpga: Remove I2C EEPROMs from VINING FPGA
  ARM: dts: socfpga: Enable QSPI support on VINING FPGA
  ARM: dts: socfpga: Fix the ethernet clock phandle
  ARM: pxa: Use - instead of @ for DT OPP entries
  ARM: dts: owl-s500: Add SPS node
  ARM: dts: owl-s500: Set CPU enable-method
  dt-bindings: arm: cpus: Add S500 enable-method
  ARM: dts: Add Actions Semi S500 and LeMaker Guitar
  dt-bindings: arm: Document Actions Semi S900
  dt-bindings: timer: Document Owl timer
  ARM: dts: imx6q-cm-fx6: add sdio wifi/bt nodes
  dt-bindings: arm: Document Actions Semi S500
  dt-bindings: Add vendor prefix for Actions Semi
  ARM: dts: turris-omnia: Add generic compatible string for I2C EEPROM
  ARM: dts: mvebu: add support for Linksys WRT3200ACM (Rango)
  ARM: dts: armada-385-linksys: fixup button node names
  ARM: dts: armada-385-linksys: group pins in pinctrl
  ...

7 years agoMerge branch 'net-subsystem-misc-refcounter-conversions'
David S. Miller [Tue, 4 Jul 2017 21:35:20 +0000 (22:35 +0100)]
Merge branch 'net-subsystem-misc-refcounter-conversions'

Elena Reshetova says:

====================
v2 net subsystem misc refcounter conversions

Changes in v2:
 * rebase on top of net-next
 * currently by default refcount_t = atomic_t (*) and uses all
   atomic standard operations unless CONFIG_REFCOUNT_FULL is enabled.
   This is a compromise for the systems that are critical on
   performance (such as net) and cannot accept even slight delay
   on the refcounter operations.

This series, for various misc network components, replaces atomic_t reference
counters with the new refcount_t type and API (see include/linux/refcount.h).
By doing this we prevent intentional or accidental
underflows or overflows that can led to use-after-free vulnerabilities.
These are the last networking-related conversions with the exception of
network drivers (to be send separately).

Please excuse the long patch set, but seems like breaking it up
won't save that much on CC list and most of the changes are
trivial.

The patches are fully independent and can be cherry-picked separately.
In order to try with refcount functionality enabled in run-time,
CONFIG_REFCOUNT_FULL must be enabled.

NOTE: automatic kernel builder for some reason doesn't like all my
network branches and regularly times out the builds on these branches.
Suggestion for "waiting a day for a good coverage" doesn't work, as
we have seen with generic network conversions. So please wait for the
full report from kernel test rebot before merging further up.
This has been compile-tested in 116 configs, but 71 timed out (including
all s390-related configs again). I am trying to see if they can fix
build coverage for me in meanwhile.

* The respective change is currently merged into -next as
  "locking/refcount: Create unchecked atomic_t implementation".
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet, ax25: convert ax25_cb.refcount from atomic_t to refcount_t
Reshetova, Elena [Tue, 4 Jul 2017 12:53:31 +0000 (15:53 +0300)]
net, ax25: convert ax25_cb.refcount from atomic_t to refcount_t

refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.

Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet, ax25: convert ax25_route.refcount from atomic_t to refcount_t
Reshetova, Elena [Tue, 4 Jul 2017 12:53:30 +0000 (15:53 +0300)]
net, ax25: convert ax25_route.refcount from atomic_t to refcount_t

refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.

Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet, ax25: convert ax25_uid_assoc.refcount from atomic_t to refcount_t
Reshetova, Elena [Tue, 4 Jul 2017 12:53:29 +0000 (15:53 +0300)]
net, ax25: convert ax25_uid_assoc.refcount from atomic_t to refcount_t

refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.

Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet, sctp: convert sctp_ep_common.refcnt from atomic_t to refcount_t
Reshetova, Elena [Tue, 4 Jul 2017 12:53:28 +0000 (15:53 +0300)]
net, sctp: convert sctp_ep_common.refcnt from atomic_t to refcount_t

refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.

Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet, sctp: convert sctp_transport.refcnt from atomic_t to refcount_t
Reshetova, Elena [Tue, 4 Jul 2017 12:53:27 +0000 (15:53 +0300)]
net, sctp: convert sctp_transport.refcnt from atomic_t to refcount_t

refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.

Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet, sctp: convert sctp_chunk.refcnt from atomic_t to refcount_t
Reshetova, Elena [Tue, 4 Jul 2017 12:53:26 +0000 (15:53 +0300)]
net, sctp: convert sctp_chunk.refcnt from atomic_t to refcount_t

refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.

Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet, sctp: convert sctp_datamsg.refcnt from atomic_t to refcount_t
Reshetova, Elena [Tue, 4 Jul 2017 12:53:25 +0000 (15:53 +0300)]
net, sctp: convert sctp_datamsg.refcnt from atomic_t to refcount_t

refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.

Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet, sctp: convert sctp_auth_bytes.refcnt from atomic_t to refcount_t
Reshetova, Elena [Tue, 4 Jul 2017 12:53:24 +0000 (15:53 +0300)]
net, sctp: convert sctp_auth_bytes.refcnt from atomic_t to refcount_t

refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.

Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet, xfrm: convert sec_path.refcnt from atomic_t to refcount_t
Reshetova, Elena [Tue, 4 Jul 2017 12:53:23 +0000 (15:53 +0300)]
net, xfrm: convert sec_path.refcnt from atomic_t to refcount_t

refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.

Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet, xfrm: convert xfrm_policy.refcnt from atomic_t to refcount_t
Reshetova, Elena [Tue, 4 Jul 2017 12:53:22 +0000 (15:53 +0300)]
net, xfrm: convert xfrm_policy.refcnt from atomic_t to refcount_t

refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.

Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet, xfrm: convert xfrm_state.refcnt from atomic_t to refcount_t
Reshetova, Elena [Tue, 4 Jul 2017 12:53:21 +0000 (15:53 +0300)]
net, xfrm: convert xfrm_state.refcnt from atomic_t to refcount_t

refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.

Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet, x25: convert x25_neigh.refcnt from atomic_t to refcount_t
Reshetova, Elena [Tue, 4 Jul 2017 12:53:20 +0000 (15:53 +0300)]
net, x25: convert x25_neigh.refcnt from atomic_t to refcount_t

refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.

Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet, x25: convert x25_route.refcnt from atomic_t to refcount_t
Reshetova, Elena [Tue, 4 Jul 2017 12:53:19 +0000 (15:53 +0300)]
net, x25: convert x25_route.refcnt from atomic_t to refcount_t

refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.

Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet, rds: convert rds_message.m_refcount from atomic_t to refcount_t
Reshetova, Elena [Tue, 4 Jul 2017 12:53:18 +0000 (15:53 +0300)]
net, rds: convert rds_message.m_refcount from atomic_t to refcount_t

refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.

Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet, rds: convert rds_mr.r_refcount from atomic_t to refcount_t
Reshetova, Elena [Tue, 4 Jul 2017 12:53:17 +0000 (15:53 +0300)]
net, rds: convert rds_mr.r_refcount from atomic_t to refcount_t

refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.

Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet, rds: convert rds_incoming.i_refcount from atomic_t to refcount_t
Reshetova, Elena [Tue, 4 Jul 2017 12:53:16 +0000 (15:53 +0300)]
net, rds: convert rds_incoming.i_refcount from atomic_t to refcount_t

refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.

Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet, rds: convert rds_ib_device.refcount from atomic_t to refcount_t
Reshetova, Elena [Tue, 4 Jul 2017 12:53:15 +0000 (15:53 +0300)]
net, rds: convert rds_ib_device.refcount from atomic_t to refcount_t

refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.

Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet, sunrpc: convert gss_upcall_msg.count from atomic_t to refcount_t
Reshetova, Elena [Tue, 4 Jul 2017 12:53:14 +0000 (15:53 +0300)]
net, sunrpc: convert gss_upcall_msg.count from atomic_t to refcount_t

refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.

Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet, sunrpc: convert gss_cl_ctx.count from atomic_t to refcount_t
Reshetova, Elena [Tue, 4 Jul 2017 12:53:13 +0000 (15:53 +0300)]
net, sunrpc: convert gss_cl_ctx.count from atomic_t to refcount_t

refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.

Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet, netrom: convert nr_node.refcount from atomic_t to refcount_t
Reshetova, Elena [Tue, 4 Jul 2017 12:53:12 +0000 (15:53 +0300)]
net, netrom: convert nr_node.refcount from atomic_t to refcount_t

refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.

Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet, netrom: convert nr_neigh.refcount from atomic_t to refcount_t
Reshetova, Elena [Tue, 4 Jul 2017 12:53:11 +0000 (15:53 +0300)]
net, netrom: convert nr_neigh.refcount from atomic_t to refcount_t

refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.

Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet, ipx: convert ipx_route.refcnt from atomic_t to refcount_t
Reshetova, Elena [Tue, 4 Jul 2017 12:53:10 +0000 (15:53 +0300)]
net, ipx: convert ipx_route.refcnt from atomic_t to refcount_t

refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.

Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet, ipx: convert ipx_interface.refcnt from atomic_t to refcount_t
Reshetova, Elena [Tue, 4 Jul 2017 12:53:09 +0000 (15:53 +0300)]
net, ipx: convert ipx_interface.refcnt from atomic_t to refcount_t

refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.

Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet, lapb: convert lapb_cb.refcnt from atomic_t to refcount_t
Reshetova, Elena [Tue, 4 Jul 2017 12:53:08 +0000 (15:53 +0300)]
net, lapb: convert lapb_cb.refcnt from atomic_t to refcount_t

refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.

Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>