1. 23 Oct, 2018 20 commits
    • David Howells's avatar
      afs: Expand data structure fields to support YFS · d4936803
      David Howells authored
      Expand fields in various data structures to support the expanded
      information that YFS is capable of returning.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      d4936803
    • David Howells's avatar
      afs: Get the target vnode in afs_rmdir() and get a callback on it · f58db83f
      David Howells authored
      Get the target vnode in afs_rmdir() and validate it before we attempt the
      deletion, The vnode pointer will be passed through to the delivery function
      in a later patch so that the delivery function can mark it deleted.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      f58db83f
    • David Howells's avatar
      afs: Calc callback expiry in op reply delivery · 12d8e95a
      David Howells authored
      Calculate the callback expiration time at the point of operation reply
      delivery, using the reply time queried from AF_RXRPC on that call as a
      base.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      12d8e95a
    • David Howells's avatar
      afs: Fix FS.FetchStatus delivery from updating wrong vnode · 36bb5f49
      David Howells authored
      The FS.FetchStatus reply delivery function was updating inode of the
      directory in which a lookup had been done with the status of the looked up
      file.  This corrupts some of the directory state.
      
      Fixes: 5cf9dd55 ("afs: Prospectively look up extra files when doing a single lookup")
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      36bb5f49
    • David Howells's avatar
      afs: Implement the YFS cache manager service · 35dbfba3
      David Howells authored
      Implement the YFS cache manager service which gives extra capabilities on
      top of AFS.  This is done by listening for an additional service on the
      same port and indicating that anyone requesting an upgrade should be
      upgraded to the YFS port.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      35dbfba3
    • David Howells's avatar
      afs: Remove callback details from afs_callback_break struct · 06aeb297
      David Howells authored
      Remove unnecessary details of a broken callback, such as version, expiry
      and type, from the afs_callback_break struct as they're not actually used
      and make the list take more memory.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      06aeb297
    • David Howells's avatar
      afs: Commit the status on a new file/dir/symlink · 00671912
      David Howells authored
      Call the function to commit the status on a new file, dir or symlink so
      that the access rights for the caller's key are cached for that object.
      
      Without this, the next access to the file will cause a FetchStatus
      operation to be emitted to retrieve the access rights.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      00671912
    • David Howells's avatar
      afs: Increase to 64-bit volume ID and 96-bit vnode ID for YFS · 3b6492df
      David Howells authored
      Increase the sizes of the volume ID to 64 bits and the vnode ID (inode
      number equivalent) to 96 bits to allow the support of YFS.
      
      This requires the iget comparator to check the vnode->fid rather than i_ino
      and i_generation as i_ino is not sufficiently capacious.  It also requires
      this data to be placed into the vnode cache key for fscache.
      
      For the moment, just discard the top 32 bits of the vnode ID when returning
      it though stat.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      3b6492df
    • David Howells's avatar
      afs: Don't invoke the server to read data beyond EOF · 2a0b4f64
      David Howells authored
      When writing a new page, clear space in the page rather than attempting to
      load it from the server if the space is beyond the EOF.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      2a0b4f64
    • David Howells's avatar
      afs: Add a couple of tracepoints to log I/O errors · f51375cd
      David Howells authored
      Add a couple of tracepoints to log the production of I/O errors within the AFS
      filesystem.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      f51375cd
    • David Howells's avatar
      afs: Handle EIO from delivery function · 4ac15ea5
      David Howells authored
      Fix afs_deliver_to_call() to handle -EIO being returned by the operation
      delivery function, indicating that the call found itself in the wrong
      state, by printing an error and aborting the call.
      
      Currently, an assertion failure will occur.  This can happen, say, if the
      delivery function falls off the end without calling afs_extract_data() with
      the want_more parameter set to false to collect the end of the Rx phase of
      a call.
      
      The assertion failure looks like:
      
      	AFS: Assertion failed
      	4 == 7 is false
      	0x4 == 0x7 is false
      	------------[ cut here ]------------
      	kernel BUG at fs/afs/rxrpc.c:462!
      
      and is matched in the trace buffer by a line like:
      
      kworker/7:3-3226 [007] ...1 85158.030203: afs_io_error: c=0003be0c r=-5 CM_REPLY
      
      Fixes: 98bf40cd ("afs: Protect call->state changes against signals")
      Reported-by: default avatarMarc Dionne <marc.dionne@auristor.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      4ac15ea5
    • David Howells's avatar
      afs: Fix TTL on VL server and address lists · ded2f4c5
      David Howells authored
      Currently the TTL on VL server and address lists isn't set in all
      circumstances and may be set to poor choices in others, since the TTL is
      derived from the SRV/AFSDB DNS record if and when available.
      
      Fix the TTL by limiting the range to a minimum and maximum from the current
      time.  At some point these can be made into sysctl knobs.  Further, use the
      TTL we obtained from the upcall to set the expiry on negative results too;
      in future a mechanism can be added to force reloading of such data.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      ded2f4c5
    • David Howells's avatar
      afs: Implement VL server rotation · 0a5143f2
      David Howells authored
      Track VL servers as independent entities rather than lumping all their
      addresses together into one set and implement server-level rotation by:
      
       (1) Add the concept of a VL server list, where each server has its own
           separate address list.  This code is similar to the FS server list.
      
       (2) Use the DNS resolver to retrieve a set of servers and their associated
           addresses, ports, preference and weight ratings.
      
       (3) In the case of a legacy DNS resolver or an address list given directly
           through /proc/net/afs/cells, create a list containing just a dummy
           server record and attach all the addresses to that.
      
       (4) Implement a simple rotation policy, for the moment ignoring the
           priorities and weights assigned to the servers.
      
       (5) Show the address list through /proc/net/afs/<cell>/vlservers.  This
           also displays the source and status of the data as indicated by the
           upcall.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      0a5143f2
    • David Howells's avatar
      afs: Improve FS server rotation error handling · e7f680f4
      David Howells authored
      Improve the error handling in FS server rotation by:
      
       (1) Cache the latest useful error value for the fs operation as a whole in
           struct afs_fs_cursor separately from the error cached in the
           afs_addr_cursor struct.  The one in the address cursor gets clobbered
           occasionally.  Copy over the error to the fs operation only when it's
           something we'd be interested in passing to userspace.
      
       (2) Make it so that EDESTADDRREQ is the default that is seen only if no
           addresses are available to be accessed.
      
       (3) When calling utility functions, such as checking a volume status or
           probing a fileserver, don't let a successful result clobber the cached
           error in the cursor; instead, stash the result in a temporary variable
           until it has been assessed.
      
       (4) Don't return ETIMEDOUT or ETIME if a better error, such as
           ENETUNREACH, is already cached.
      
       (5) On leaving the rotation loop, turn any remote abort code into a more
           useful error than ECONNABORTED.
      
      Fixes: d2ddc776 ("afs: Overhaul volume and server record caching and fileserver rotation")
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      e7f680f4
    • David Howells's avatar
      afs: Set up the iov_iter before calling afs_extract_data() · 12bdcf33
      David Howells authored
      afs_extract_data sets up a temporary iov_iter and passes it to AF_RXRPC
      each time it is called to describe the remaining buffer to be filled.
      
      Instead:
      
       (1) Put an iterator in the afs_call struct.
      
       (2) Set the iterator for each marshalling stage to load data into the
           appropriate places.  A number of convenience functions are provided to
           this end (eg. afs_extract_to_buf()).
      
           This iterator is then passed to afs_extract_data().
      
       (3) Use the new ITER_DISCARD iterator to discard any excess data provided
           by FetchData.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      12bdcf33
    • David Howells's avatar
      afs: Better tracing of protocol errors · 160cb957
      David Howells authored
      Include the site of detection of AFS protocol errors in trace lines to
      better be able to determine what went wrong.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      160cb957
    • David Howells's avatar
      iov_iter: Add I/O discard iterator · 9ea9ce04
      David Howells authored
      Add a new iterator, ITER_DISCARD, that can only be used in READ mode and
      just discards any data copied to it.
      
      This is useful in a network filesystem for discarding any unwanted data
      sent by a server.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      9ea9ce04
    • David Howells's avatar
      iov_iter: Separate type from direction and use accessor functions · aa563d7b
      David Howells authored
      In the iov_iter struct, separate the iterator type from the iterator
      direction and use accessor functions to access them in most places.
      
      Convert a bunch of places to use switch-statements to access them rather
      then chains of bitwise-AND statements.  This makes it easier to add further
      iterator types.  Also, this can be more efficient as to implement a switch
      of small contiguous integers, the compiler can use ~50% fewer compare
      instructions than it has to use bitwise-and instructions.
      
      Further, cease passing the iterator type into the iterator setup function.
      The iterator function can set that itself.  Only the direction is required.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      aa563d7b
    • David Howells's avatar
      iov_iter: Use accessor function · 00e23707
      David Howells authored
      Use accessor functions to access an iterator's type and direction.  This
      allows for the possibility of using some other method of determining the
      type of iterator than if-chains with bitwise-AND conditions.
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      00e23707
    • David Howells's avatar
      amd-gpu: Don't undefine READ and WRITE · 1fcb748d
      David Howells authored
      Remove the undefinition of READ and WRITE because these constants may be
      used elsewhere in subsequently included header files, thus breaking them.
      
      These constants don't actually appear to be used in the driver, so the
      undefinition seems pointless.
      
      Fixes: 4562236b ("drm/amd/dc: Add dc display driver (v2)")
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      1fcb748d
  2. 19 Oct, 2018 10 commits
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 2e2d6f03
      David S. Miller authored
      net/sched/cls_api.c has overlapping changes to a call to
      nlmsg_parse(), one (from 'net') added rtm_tca_policy instead of NULL
      to the 5th argument, and another (from 'net-next') added cb->extack
      instead of NULL to the 6th argument.
      
      net/ipv4/ipmr_base.c is a case of a bug fix in 'net' being done to
      code which moved (to mr_table_dump)) in 'net-next'.  Thanks to David
      Ahern for the heads up.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2e2d6f03
    • David S. Miller's avatar
      Revert "bond: take rcu lock in netpoll_send_skb_on_dev" · 48995423
      David S. Miller authored
      This reverts commit 6fe94878.
      
      It is causing more serious regressions than the RCU warning
      it is fixing.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      48995423
    • YueHaibing's avatar
      rocker: Drop pointless static qualifier · 9333f207
      YueHaibing authored
      There is no need to have the 'struct rocker_desc_info *desc_info'
      variable static since new value always be assigned before use it.
      Signed-off-by: default avatarYueHaibing <yuehaibing@huawei.com>
      Acked-by: default avatarJiri Pirko <jiri@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9333f207
    • Greg Kroah-Hartman's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 91b15613
      Greg Kroah-Hartman authored
      David writes:
        "Networking
      
         1) Fix gro_cells leak in xfrm layer, from Li RongQing.
      
         2) BPF selftests change RLIMIT_MEMLOCK blindly, don't do that.  From
            Eric Dumazet.
      
         3) AF_XDP calls synchronize_net() under RCU lock, fix from Björn
            Töpel.
      
         4) Out of bounds packet access in _decode_session6(), from Alexei
            Starovoitov.
      
         5) Several ethtool bugs, where we copy a struct into the kernel twice
            and our validations of the values in the first copy can be
            invalidated by the second copy due to asynchronous updates to the
            memory by the user.  From Wenwen Wang.
      
         6) Missing netlink attribute validation in cls_api, from Davide
            Caratti.
      
         7) LLC SAP sockets neet to be SOCK_RCU FREE, from Cong Wang.
      
         8) rxrpc operates on wrong kvec, from Yue Haibing.
      
         9) A regression was introduced by the disassosciation of route
            neighbour references in rt6_probe(), causing probe for
            neighbourless routes to not be properly rate limited.  Fix from
            Sabrina Dubroca.
      
         10) Unsafe RCU locking in tipc, from Tung Nguyen.
      
         11) Use after free in inet6_mc_check(), from Eric Dumazet.
      
         12) PMTU from icmp packets should update the SCTP transport pathmtu,
             from Xin Long.
      
         13) Missing peer put on error in rxrpc, from David Howells.
      
         14) Fix pedit in nfp driver, from Pieter Jansen van Vuuren.
      
         15) Fix overflowing shift statement in qla3xxx driver, from Nathan
             Chancellor.
      
         16) Fix Spectre v1 in ptp code, from Gustavo A. R. Silva.
      
         17) udp6_unicast_rcv_skb() interprets udpv6_queue_rcv_skb() return
             value in an inverted manner, fix from Paolo Abeni.
      
         18) Fix missed unresolved entries in ipmr dumps, from Nikolay
             Aleksandrov.
      
         19) Fix NAPI handling under high load, we can completely miss events
             when NAPI has to loop more than one time in a cycle.  From Heiner
             Kallweit."
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (49 commits)
        ip6_tunnel: Fix encapsulation layout
        tipc: fix info leak from kernel tipc_event
        net: socket: fix a missing-check bug
        net: sched: Fix for duplicate class dump
        r8169: fix NAPI handling under high load
        net: ipmr: fix unresolved entry dumps
        net: mscc: ocelot: Fix comment in ocelot_vlant_wait_for_completion()
        sctp: fix the data size calculation in sctp_data_size
        virtio_net: avoid using netif_tx_disable() for serializing tx routine
        udp6: fix encap return code for resubmitting
        mlxsw: core: Fix use-after-free when flashing firmware during init
        sctp: not free the new asoc when sctp_wait_for_connect returns err
        sctp: fix race on sctp_id2asoc
        r8169: re-enable MSI-X on RTL8168g
        net: bpfilter: use get_pid_task instead of pid_task
        ptp: fix Spectre v1 vulnerability
        net: qla3xxx: Remove overflowing shift statement
        geneve, vxlan: Don't set exceptions if skb->len < mtu
        geneve, vxlan: Don't check skb_dst() twice
        sctp: get pr_assoc and pr_stream all status with SCTP_PR_SCTP_ALL instead
        ...
      91b15613
    • Greg Kroah-Hartman's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc · 2a966610
      Greg Kroah-Hartman authored
      David writes:
        "Sparc fixes:
      
         The main bit here is fixing how fallback system calls are handled in
         the sparc vDSO.
      
         Unfortunately, I fat fingered the commit and some perf debugging
         hacks slipped into the vDSO fix, which I revert in the very next
         commit."
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
        sparc: Revert unintended perf changes.
        sparc: vDSO: Silence an uninitialized variable warning
        sparc: Fix syscall fallback bugs in VDSO.
      2a966610
    • Greg Kroah-Hartman's avatar
      Merge tag 'drm-fixes-2018-10-19' of git://anongit.freedesktop.org/drm/drm · 7555c5d5
      Greg Kroah-Hartman authored
      Dave writes:
        "drm fixes for 4.19 final
      
         Just a last set of misc core fixes for final.
      
         4 fixes, one use after free, one fb integration fix, one EDID fix,
         and one laptop panel quirk,"
      
      * tag 'drm-fixes-2018-10-19' of git://anongit.freedesktop.org/drm/drm:
        drm/edid: VSDB yCBCr420 Deep Color mode bit definitions
        drm: fix use of freed memory in drm_mode_setcrtc
        drm: fb-helper: Reject all pixel format changing requests
        drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl
      7555c5d5
    • Greg Kroah-Hartman's avatar
      Merge tag 'for-gkh' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma · eb6d938f
      Greg Kroah-Hartman authored
      Doug writes:
        "Really final for-rc pull request for 4.19
      
         Ok, so last week I thought we had sent our final pull request for
         4.19.  Well, wouldn't ya know someone went and found a couple Spectre
         v1 fixes were needed :-/.  So, a couple *very* small specter patches
         for this (hopefully) final -rc week."
      
      * tag 'for-gkh' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
        RDMA/ucma: Fix Spectre v1 vulnerability
        IB/ucm: Fix Spectre v1 vulnerability
      eb6d938f
    • Dave Airlie's avatar
      Merge tag 'drm-misc-fixes-2018-10-18' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes · f8e6e1b6
      Dave Airlie authored
      drm-misc-fixes for v4.19:
      - Fix use of freed memory in drm_mode_setcrtc.
      - Reject pixel format changing requests in fb helper.
      - Add 6 bpc quirk for HP Pavilion 15-n233sl
      - Fix VSDB yCBCr420 Deep Color mode bit definitions
      Signed-off-by: default avatarDave Airlie <airlied@redhat.com>
      
      From: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
      Link: https://patchwork.freedesktop.org/patch/msgid/647fe5d0-4ec5-57cc-9f23-a4836b29e278@linux.intel.com
      f8e6e1b6
    • Colin Ian King's avatar
      qed: fix spelling mistake "transcevier" -> "transceiver" · 1107a674
      Colin Ian King authored
      Trivial fix to spelling mistake in DP_INFO message.
      Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1107a674
    • David S. Miller's avatar
      Merge tag 'mlx5-updates-2018-10-18' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux · 02e6dae6
      David S. Miller authored
      Saeed Mahameed says:
      
      ====================
      mlx5-updates-2018-10-18
      
      This series provides misc updates to mlx5 core and netdevice driver.
      
      1) From Tariq Toukan: Refactor fragmented buffer struct fields and init flow.
      
      2) From Vlad Buslov, Flow counters cache improvements and fixes follow up.
      as a follow up work for the previous series of the mlx5 flow counters,
      Vlad provides two fixes:
        2.1) Take fs_counters dellist before addlist
      Fixes: 6e5e2283 ("net/mlx5: Add new list to store deleted flow counters")
        2.2) Remove counter from idr after removing it from list
      Fixes: 12d6066c ("net/mlx5: Add flow counters idr")
      
      From Shay Agroskin,
      3) Add FEC set/get FW commands and FEC ethtool callbacks support
      4) Add new ethtool statistics to cover errors on rx, such as FEC errors.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      02e6dae6
  3. 18 Oct, 2018 10 commits
    • Stefano Brivio's avatar
      ip6_tunnel: Fix encapsulation layout · d4d576f5
      Stefano Brivio authored
      Commit 058214a4 ("ip6_tun: Add infrastructure for doing
      encapsulation") added the ip6_tnl_encap() call in ip6_tnl_xmit(), before
      the call to ipv6_push_frag_opts() to append the IPv6 Tunnel Encapsulation
      Limit option (option 4, RFC 2473, par. 5.1) to the outer IPv6 header.
      
      As long as the option didn't actually end up in generated packets, this
      wasn't an issue. Then commit 89a23c8b ("ip6_tunnel: Fix missing tunnel
      encapsulation limit option") fixed sending of this option, and the
      resulting layout, e.g. for FoU, is:
      
      .-------------------.------------.----------.-------------------.----- - -
      | Outer IPv6 Header | UDP header | Option 4 | Inner IPv6 Header | Payload
      '-------------------'------------'----------'-------------------'----- - -
      
      Needless to say, FoU and GUE (at least) won't work over IPv6. The option
      is appended by default, and I couldn't find a way to disable it with the
      current iproute2.
      
      Turn this into a more reasonable:
      
      .-------------------.----------.------------.-------------------.----- - -
      | Outer IPv6 Header | Option 4 | UDP header | Inner IPv6 Header | Payload
      '-------------------'----------'------------'-------------------'----- - -
      
      With this, and with 84dad559 ("udp6: fix encap return code for
      resubmitting"), FoU and GUE work again over IPv6.
      
      Fixes: 058214a4 ("ip6_tun: Add infrastructure for doing encapsulation")
      Signed-off-by: default avatarStefano Brivio <sbrivio@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d4d576f5
    • Eric Dumazet's avatar
      tcp: fix TCP_REPAIR xmit queue setup · 79861919
      Eric Dumazet authored
      Andrey reported the following warning triggered while running CRIU tests:
      
      tcp_clean_rtx_queue()
      ...
      	last_ackt = tcp_skb_timestamp_us(skb);
      	WARN_ON_ONCE(last_ackt == 0);
      
      This is caused by 5f6188a8 ("tcp: do not change tcp_wstamp_ns
      in tcp_mstamp_refresh"), as we end up having skbs in retransmit queue
      with a zero skb->skb_mstamp_ns field.
      
      We could fix this bug in different ways, like making sure
      tp->tcp_wstamp_ns is not zero at socket creation, but as Neal pointed
      out, we also do not want that pacing status of a repaired socket
      could push tp->tcp_wstamp_ns far ahead in the future.
      
      So we prefer changing tcp_write_xmit() to not call tcp_update_skb_after_send()
      and instead do what is requested by TCP_REPAIR logic.
      
      Fixes: 5f6188a8 ("tcp: do not change tcp_wstamp_ns in tcp_mstamp_refresh")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarAndrey Vagin <avagin@openvz.org>
      Acked-by: default avatarSoheil Hassas Yeganeh <soheil@google.com>
      Acked-by: default avatarNeal Cardwell <ncardwell@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      79861919
    • Jon Maloy's avatar
      tipc: fix info leak from kernel tipc_event · b06f9d9f
      Jon Maloy authored
      We initialize a struct tipc_event allocated on the kernel stack to
      zero to avert info leak to user space.
      
      Reported-by: syzbot+057458894bc8cada4dee@syzkaller.appspotmail.com
      Signed-off-by: default avatarJon Maloy <jon.maloy@ericsson.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b06f9d9f
    • Zhao Chen's avatar
      net-next/hinic: add checksum offload and TSO support · cc18a754
      Zhao Chen authored
      This patch adds checksum offload and TSO support for the HiNIC
      driver. Perfomance test (Iperf) shows more than 100% improvement
      in TCP streams.
      Signed-off-by: default avatarZhao Chen <zhaochen6@huawei.com>
      Signed-off-by: default avatarXue Chaojing <xuechaojing@huawei.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      cc18a754
    • Wenwen Wang's avatar
      net: socket: fix a missing-check bug · b6168562
      Wenwen Wang authored
      In ethtool_ioctl(), the ioctl command 'ethcmd' is checked through a switch
      statement to see whether it is necessary to pre-process the ethtool
      structure, because, as mentioned in the comment, the structure
      ethtool_rxnfc is defined with padding. If yes, a user-space buffer 'rxnfc'
      is allocated through compat_alloc_user_space(). One thing to note here is
      that, if 'ethcmd' is ETHTOOL_GRXCLSRLALL, the size of the buffer 'rxnfc' is
      partially determined by 'rule_cnt', which is actually acquired from the
      user-space buffer 'compat_rxnfc', i.e., 'compat_rxnfc->rule_cnt', through
      get_user(). After 'rxnfc' is allocated, the data in the original user-space
      buffer 'compat_rxnfc' is then copied to 'rxnfc' through copy_in_user(),
      including the 'rule_cnt' field. However, after this copy, no check is
      re-enforced on 'rxnfc->rule_cnt'. So it is possible that a malicious user
      race to change the value in the 'compat_rxnfc->rule_cnt' between these two
      copies. Through this way, the attacker can bypass the previous check on
      'rule_cnt' and inject malicious data. This can cause undefined behavior of
      the kernel and introduce potential security risk.
      
      This patch avoids the above issue via copying the value acquired by
      get_user() to 'rxnfc->rule_cn', if 'ethcmd' is ETHTOOL_GRXCLSRLALL.
      Signed-off-by: default avatarWenwen Wang <wang6495@umn.edu>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b6168562
    • Ganesh Goudar's avatar
      cxgb4: fix the error path of cxgb4_uld_register() · 40b06553
      Ganesh Goudar authored
      On multi adapter setup if the uld registration fails even on
      one adapter, the allocated resources for the uld on all the
      adapters are freed, rendering the functioning adapters unusable.
      
      This commit fixes the issue by freeing the allocated resources
      only for the failed adapter.
      Signed-off-by: default avatarGanesh Goudar <ganeshgr@chelsio.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      40b06553
    • Phil Sutter's avatar
      net: sched: Fix for duplicate class dump · 3c53ed8f
      Phil Sutter authored
      When dumping classes by parent, kernel would return classes twice:
      
      | # tc qdisc add dev lo root prio
      | # tc class show dev lo
      | class prio 8001:1 parent 8001:
      | class prio 8001:2 parent 8001:
      | class prio 8001:3 parent 8001:
      | # tc class show dev lo parent 8001:
      | class prio 8001:1 parent 8001:
      | class prio 8001:2 parent 8001:
      | class prio 8001:3 parent 8001:
      | class prio 8001:1 parent 8001:
      | class prio 8001:2 parent 8001:
      | class prio 8001:3 parent 8001:
      
      This comes from qdisc_match_from_root() potentially returning the root
      qdisc itself if its handle matched. Though in that case, root's classes
      were already dumped a few lines above.
      
      Fixes: cb395b20 ("net: sched: optimize class dumps")
      Signed-off-by: default avatarPhil Sutter <phil@nwl.cc>
      Reviewed-by: default avatarJiri Pirko <jiri@mellanox.com>
      Reviewed-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3c53ed8f
    • Dan Carpenter's avatar
      bnxt_en: Copy and paste bug in extended tx_stats · 35b842f2
      Dan Carpenter authored
      The struct type was copied from the line before but it should be "tx"
      instead of "rx".  I have reviewed the code and I can't immediately see
      that this bug causes a runtime issue.
      
      Fixes: 36e53349 ("bnxt_en: Add additional extended port statistics.")
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Acked-by: default avatarMichael Chan <michael.chan@broadcom.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      35b842f2
    • David S. Miller's avatar
      Merge branch '10GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue · 817e9290
      David S. Miller authored
      Jeff Kirsher says:
      
      ====================
      Intel Wired LAN Doc Updates 2018-10-18
      
      This series contains documentation fixes and updates for Intel wired
      LAN drivers.
      
      The following was done:
       - Updated incorrect URLs
       - removed document references which did not apply to the current
         in-kernel drivers
       - added documentation for fm10k driver
       - added missing documentation on existing or new features
       - added SPDX headers to all the documentation files
      
      Lastly, the documentation was converted over to the RST (reStructured
      Text) format, so that 'make htmldocs' produces pretty html driver
      documentation for our drivers.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      817e9290
    • Nathan Chancellor's avatar
      atm: zatm: Fix empty body Clang warnings · 64b9d16e
      Nathan Chancellor authored
      Clang warns:
      
      drivers/atm/zatm.c:513:7: error: while loop has empty body
      [-Werror,-Wempty-body]
              zwait;
                   ^
      drivers/atm/zatm.c:513:7: note: put the semicolon on a separate line to
      silence this warning
      
      Get rid of this warning by using an empty do-while loop. While we're at
      it, add parentheses to make it clear that this is a function-like macro.
      
      Link: https://github.com/ClangBuiltLinux/linux/issues/42Suggested-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      Signed-off-by: default avatarNathan Chancellor <natechancellor@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      64b9d16e