- 03 Nov, 2017 11 commits
-
-
Kees Cook authored
In preparation for unconditionally passing the struct timer_list pointer to all timer callbacks, switch to using the new timer_setup() and from_timer() to pass the timer pointer explicitly. This performs some refactoring to remove needless wrapper functions, and adds a pointer back to the desired adapter. Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Shreeya Patel <shreeya.patel23498@gmail.com> Cc: Hans de Goede <hdegoede@redhat.com> Cc: Larry Finger <Larry.Finger@lwfinger.net> Cc: Himanshu Jha <himanshujha199640@gmail.com> Cc: Joe Perches <joe@perches.com> Cc: Derek Robson <robsonde@gmail.com> Cc: Harsha Sharma <harshasharmaiitr@gmail.com> Cc: Dan Carpenter <dan.carpenter@oracle.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: Stephen Hemminger <stephen@networkplumber.org> Cc: yuan linyu <Linyu.Yuan@alcatel-sbell.com.cn> Cc: Johannes Berg <johannes.berg@intel.com> Cc: devel@driverdev.osuosl.org Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Martyn Welch authored
The PIO2 device is (as far as I know) no longer manufactured. I no longer have access to the device and this seems unlikely to change. The only changes to this driver in a long time have been as a result of API changes else where. Time to remove it... Signed-off-by: Martyn Welch <martyn.welch@collabora.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Stanislaw Gruszka authored
Patch fixes splat: r8822be 0000:04:00.0: DMA-API: device driver frees DMA memory with different size [device address=0x0000000078477000] [map size=4096 bytes] [unmap size=424 bytes] <snip> Call Trace: debug_dma_unmap_page+0xa5/0xb0 ? unmap_single+0x2f/0x40 _rtl8822be_send_bcn_or_cmd_packet+0x2c5/0x300 [r8822be] ? _rtl8822be_send_bcn_or_cmd_packet+0x2c5/0x300 [r8822be] rtl8822b_halmac_cb_write_data_rsvd_page+0x51/0xc0 [r8822be] _halmac_write_data_rsvd_page+0x22/0x30 [r8822be] halmac_download_rsvd_page_88xx+0xee/0x1f0 [r8822be] halmac_dlfw_to_mem_88xx+0x80/0x120 [r8822be] halmac_download_firmware_88xx.part.47+0x477/0x600 [r8822be] halmac_download_firmware_88xx+0x32/0x40 [r8822be] rtl_halmac_dlfw+0x70/0x120 [r8822be] rtl_halmac_init_hal+0x5f/0x1b0 [r8822be] rtl8822be_hw_init+0x8a2/0x1040 [r8822be] Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Acked-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Arnd Bergmann authored
A cleanup patch removed the only user of two local variables: drivers/staging/rtl8723bs/hal/hal_btcoex.c: In function 'hal_btcoex_Initialize': drivers/staging/rtl8723bs/hal/hal_btcoex.c:1415:5: error: unused variable 'ret2' [-Werror=unused-variable] drivers/staging/rtl8723bs/hal/hal_btcoex.c:1414:5: error: unused variable 'ret1' [-Werror=unused-variable] This removes the declarations as well. Fixes: 95b3b423 ("staging: rtl8723bs: remove ternary operators in assignmet statments") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Arnd Bergmann authored
As of commit 8e1d6c33 ("greybus: loopback: drop bus aggregate calculation"), nothing ever reads from kfifo_ts, so there is no reason to write to it or even allocate it any more. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Reviewed-by: Viresh Kumar <viresh.kumar@linaro.org> Reviewed-by: Bryan O'Donoghue <pure.logic@nexus-software.ie> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Arvind Yadav authored
Fix checkpatch.pl error: ERROR: space prohibited before open square bracket '['. Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Kees Cook authored
This removes an unused variable to silence the associated build warning. Fixes: f8af6a32 ("staging: rtlwifi: Convert timers to use timer_setup()") Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Kees Cook authored
In preparation for unconditionally passing the struct timer_list pointer to all timer callbacks, switch to using the new timer_setup() and from_timer() to pass the timer pointer explicitly. Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: "Tobin C. Harding" <me@tobin.cc> Cc: devel@driverdev.osuosl.org Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Woohyung Jeon authored
Fixed a coding style issue. There was a prohibited space. Removed. Signed-off-by: Woohyung-Jeon <w.h.jeon329@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Sidong Yang authored
Replaces spaces to tabs for indent. Signed-off-by: Sidong Yang <realwakka@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Colin Ian King authored
There is a check on pmlmepriv before dereferencing it when vfree'ing pmlmepriv->free_bss_buf however the previous call to rtw_free_mlme_priv_ie_data deferences pmlmepriv causing a null pointer deference if it is null. Avoid this by also calling rtw_free_mlme_priv_ie_data if the pointer is non-null. Detected by CoverityScan, CID#1230262 ("Dereference before null check") Fixes: 7b464c9f ("staging: r8188eu: Add files for new driver - part 4") Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
- 02 Nov, 2017 10 commits
-
-
Hans de Goede authored
Commit 2ba8444c ("staging:r8188eu: move IV/ICV trimming into decrypt() and also place it after rtl88eu_mon_recv_hook()") breaks ARP. After this commit ssh-ing to a laptop with r8188eu wifi no longer works if the machine connecting has never communicated with the laptop before. This is 100% reproducable using "arp -d <ipv4> && ssh <ipv4>" to ssh to a laptop with r8188eu wifi. This commit reverts 4 commits in total: 1. Commit 79650ffd ("staging:r8188eu: trim IV/ICV fields in validate_recv_data_frame()") This commit depends on 2 of the other commits being reverted. 2. Commit 02b19b4c ("staging:r8188eu: inline unprotect_frame() in mon_recv_decrypted_recv()") The inline code is wrong the un-inlined version contains: if (skb->len < hdr_len + iv_len + icv_len) return; ... Where as the inline-ed code introduced by this commit does: if (skb->len < hdr_len + iv_len + icv_len) { ... Note the same check, but now to actually continue doing ... instead of to not do it, so this commit is no good. 3. Commit d86e16da ("staging:r8188eu: use different mon_recv_decrypted() inside rtl88eu_mon_recv_hook() and rtl88eu_mon_xmit_hook().") This commit introduced a 1:1 copy of a function so that one of the 2 copies can be modified in the 2 commits we're already reverting. 4. Commit 2ba8444c ("staging:r8188eu: move IV/ICV trimming into decrypt() and also place it after rtl88eu_mon_recv_hook()") This is the commit actually breaking ARP. Note this commit is a straight-forward squash of the revert of these 4 commits, without any changes. Cc: stable@vger.kernel.org Cc: Ivan Safonov <insafonov@gmail.com> Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Hans de Goede authored
Commit b7749656 ("staging: rtl8188eu: Convert timers to use timer_setup()") introduces a copy and paste error which causes the rtl8188eu driver to no longer function. This commit fixes this. Fixes: b7749656 ("staging: rtl8188eu: Convert timers to use timer_setup()") Cc: Kees Cook <keescook@chromium.org> Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Hans de Goede authored
Commit 74e1e498 ("staging: rtl8188eu: fix comments with lines over 80 characters") not only changed comments but also changed an if check: -if (pmlmepriv->cur_network.join_res != true) { +if (!(pmlmepriv->cur_network.join_res)) { This is not equivalent as join_res is an int and can have values such as -2 and -3. Note for the next time, please only make one type of changes in a single clean-up commit. Fixes: 74e1e498 ("staging: rtl8188eu: fix comments with lines over 80 ...") Cc: Juliana Rodrigues <juliana.orod@gmail.com> Signed-off-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Tom Saeger authored
Fix stale path to documentation in MAINTAINERS file. Signed-off-by: Tom Saeger <tom.saeger@oracle.com> Acked-by: David Kershner <david.kershne@unisys.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Benjamin Gaignard authored
Make arguments checking more easy to read. Signed-off-by: Benjamin Gaignard <benjamin.gaignard@linaro.org> Acked-by: Laura Abbott <labbott@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Colin Ian King authored
Variable table is being set but is never read, it is therefore redundant and can be removed. Cleans up clang warning: drivers/staging/android/ion/ion.c:112:2: warning: Value stored to 'table' is never read Signed-off-by: Colin Ian King <colin.king@canonical.com> Acked-by: Laura Abbott <labbott@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Kees Cook authored
In preparation for unconditionally passing the struct timer_list pointer to all timer callbacks, switch to using the new timer_setup() and from_timer() to pass the timer pointer explicitly. Additionally removes invalid NULL check, as pointed out by Dan Carpenter. Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Eric Anholt <eric@anholt.net> Cc: Stefan Wahren <stefan.wahren@i2se.com> Cc: Michael Zoran <mzoran@crowfest.net> Cc: Keerthi Reddy <keerthigd4990@gmail.com> Cc: linux-rpi-kernel@lists.infradead.org Cc: linux-arm-kernel@lists.infradead.org Cc: devel@driverdev.osuosl.org Signed-off-by: Kees Cook <keescook@chromium.org> Tested-by: Stefan Wahren <stefan.wahren@i2se.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Johan Hovold authored
Remove erroneous spi_master_put() after controller deregistration which would access the already freed spi controller. Note that spi_unregister_master() drops our only controller reference. Fixes: ba3e6700 ("greybus: SPI: convert to a gpbridge driver") Cc: stable <stable@vger.kernel.org> # 4.9 Signed-off-by: Johan Hovold <johan@kernel.org> Reviewed-by: Rui Miguel Silva <rmfrfs@gmail.com> Acked-by: Viresh Kumar <viresh.kumar@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Stephen Brennan authored
In particular, fixes some over-indented if statement bodies as well as a couple lines indented with spaces. checkpatch.pl now reports no warnings on this file other than 80 character warnings. Signed-off-by: Stephen Brennan <stephen@brennan.io> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Gilad Ben-Yossef authored
Fix a wrong offset used in splitting a 64 DMA address to MSB/LSB parts needed for scatter/gather HW descriptors causing operations relying on them to fail on 64 bit platforms. Fixes: c6f7f2f4 ("staging: ccree: refactor LLI access macros") Reported-by: Stuart Yoder <stuart.yoder@arm.com> Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com> Cc: stable@vger.kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
- 27 Oct, 2017 1 commit
-
-
Greg Kroah-Hartman authored
Merge tag 'iio-for-4.15c' of git://git.kernel.org/pub/scm/linux/kernel/git/jic23/iio into staging-next Jonathan writes: Third set of new device support, cleanups and features for IIO in the 4.15 cycle New device support * ti-dac082s085 dac - new driver supporting 8, 10 and 12 bit TI DACs with 2 and 4 channels: DAC082S085, DAC102S085, DAC122S085, DAC104s085 and DAC124S085. Minor features and cleanps * adc12138 - make array ch_to_mux static for small object code size reduction. * sun4i-gpadc - use of_device_get_match_data rather than opencoding it. * stm32 trigger - add tim15 tigger on STM32H7 - check clock rate to avoid potential division by zero * tsl2x7x staging cleanups. - move *_thresh_period to being created by IIO core. - remove unused tsl2x7x_parse_result structure. - sort includes - drop a repeat iio_dev forward definition - fix some code alignment of defines. - use IIO_CONST_ATTR for constant string attribute - drop some unnecessary parentheses - fix various alignment with parenthese - rename power defines for readability reasons - fix a missaligned break statement - Tidy up function definitions so they fit on a single line.
-
- 23 Oct, 2017 6 commits
-
-
Greg Kroah-Hartman authored
We want the IIO and staging driver fixes in here as well. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Linus Torvalds authored
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/stagingLinus Torvalds authored
Pull staging and IIO fixes from Greg KH: "Here are a small number of patches to resolve some reported IIO and a staging driver problem. Nothing major here, full details are in the shortlog below. All have been in linux-next with no reported issues" * tag 'staging-4.14-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: staging: bcm2835-audio: Fix memory corruption iio: adc: at91-sama5d2_adc: fix probe error on missing trigger property iio: adc: dln2-adc: fix build error iio: dummy: events: Add missing break staging: iio: ade7759: fix signed extension bug on shift of a u8 iio: pressure: zpa2326: Remove always-true check which confuses gcc iio: proximity: as3935: noise detection + threshold changes
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-miscLinus Torvalds authored
Pull char/misc driver fixes from Greg KH: "Here are four small fixes for 4.14-rc6. Three of them are binder driver fixes for reported issues, and the last one is a hyperv driver bugfix. Nothing major, but good fixes to get into 4.14-final. All of these have been in linux-next with no reported issues" * tag 'char-misc-4.14-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: android: binder: Fix null ptr dereference in debug msg android: binder: Don't get mm from task vmbus: hvsock: add proper sync for vmbus_hvsock_device_unregister() binder: call poll_wait() unconditionally.
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usbLinus Torvalds authored
Pull USB/PHY fixes from Greg KH: "Here are a small number of USB and PHY driver fixes for 4.14-rc6 There is the usual musb and xhci fixes in here, as well as some needed phy patches. Also is a nasty regression fix for usbfs that has started to hit a lot of people using virtual machines. All of these have been in linux-next with no reported problems" * tag 'usb-4.14-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (26 commits) usb: hub: Allow reset retry for USB2 devices on connect bounce USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor() MAINTAINERS: fix git tree url for musb module usb: quirks: add quirk for WORLDE MINI MIDI keyboard usb: musb: sunxi: Explicitly release USB PHY on exit usb: musb: Check for host-mode using is_host_active() on reset interrupt usb: musb: musb_cppi41: Configure the number of channels for DA8xx usb: musb: musb_cppi41: Fix cppi41_set_dma_mode() for DA8xx usb: musb: musb_cppi41: Fix the address of teardown and autoreq registers USB: musb: fix late external abort on suspend USB: musb: fix session-bit runtime-PM quirk usb: cdc_acm: Add quirk for Elatec TWN3 USB: devio: Revert "USB: devio: Don't corrupt user memory" usb: xhci: Handle error condition in xhci_stop_device() usb: xhci: Reset halted endpoint if trb is noop xhci: Cleanup current_cmd in xhci_cleanup_command_queue() xhci: Identify USB 3.1 capable hosts by their port protocol capability USB: serial: metro-usb: add MS7820 device id phy: rockchip-typec: Check for errors from tcphy_phy_init() phy: rockchip-typec: Don't set the aux voltage swing to 400 mV ...
-
Mihaela Muraru authored
Remove unnecessary braces for single statements also declare a local variable "platform_state" of type "struct vchiq_2835_state", to avoid the multiple cast. Signed-off-by: Mihaela Muraru <mihaela.muraru21@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
- 22 Oct, 2017 12 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/dtor/inputLinus Torvalds authored
Pull input fix from Dmitry Torokhov: "A fix for a broken commit in the previous pull breaking automatic module loading of input handlers, such ad evdev" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: Input: do not use property bits when generating module alias
-
Dmitry Torokhov authored
The commit 8724ecb0 ("Input: allow matching device IDs on property bits") started using property bits when generating module aliases for input handlers, but did not adjust the generation of MODALIAS attribute on input device uevents, breaking automatic module loading. Given that no handler currently uses property bits in their module tables, let's revert this part of the commit for now. Reported-by: Damien Wyart <damien.wyart@gmail.com> Tested-by: Damien Wyart <damien.wyart@gmail.com> Fixes: 8724ecb0 ("Input: allow matching device IDs on property bits") Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull x86 fixes from Thomas Gleixner: "A couple of fixes addressing the following issues: - The last polishing for the TLB code, removing the last BUG_ON() and the debug file along with tidying up the lazy TLB code. - Prevent triple fault on 1st Gen. 486 caused by stupidly calling the early IDT setup after the first function which causes a fault which should be caught by the exception table. - Limit the mmap of /dev/mem to valid addresses - Prevent late microcode loading on Broadwell X - Remove a redundant assignment in the cache info code" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/mm: Limit mmap() of /dev/mem to valid physical addresses x86/mm: Remove debug/x86/tlb_defer_switch_to_init_mm x86/mm: Tidy up "x86/mm: Flush more aggressively in lazy TLB mode" x86/mm/64: Remove the last VM_BUG_ON() from the TLB code x86/microcode/intel: Disable late loading on model 79 x86/idt: Initialize early IDT before cr4_init_shadow() x86/cpu/intel_cacheinfo: Remove redundant assignment to 'this_leaf'
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull timer fix from Thomas Gleixner: "A single fix to make the cs5535 clock event driver robust agaist spurious interrupts" * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: clockevents/drivers/cs5535: Improve resilience to spurious interrupts
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull smp/hotplug fix from Thomas Gleixner: "The recent rework of the callback invocation missed to cleanup the leftovers of the operation, so under certain circumstances a subsequent CPU hotplug operation accesses stale data and crashes. Clean it up." * 'smp-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: cpu/hotplug: Reset node state after operation
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull perf fixes from Thomas Gleixner: "A series of fixes for perf tooling: - Make xyarray return the X/Y size correctly which fixes a crash in the exit code. - Fix the libc path in test so it works not only on Debian/Ubuntu correctly - Check for eBPF file existance and output a useful error message instead of failing to compile a non existant file - Make sure perf_hpp_fmt is not longer references before freeing it - Use list_del_init() in the histogram code to prevent a crash when the already deleted element is deleted again - Remove the leftovers of the removed '-l' option - Add reviewer entries to the MAINTAINERS file" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf test shell trace+probe_libc_inet_pton.sh: Be compatible with Debian/Ubuntu perf xyarray: Fix wrong processing when closing evsel fd perf buildid-list: Fix crash when processing PERF_RECORD_NAMESPACE perf record: Fix documentation for a inexistent option '-l' perf tools: Add long time reviewers to MAINTAINERS perf tools: Check wether the eBPF file exists in event parsing perf hists: Add extra integrity checks to fmt_free() perf hists: Fix crash in perf_hpp__reset_output_field()
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull irq fixes from Thomas Gleixner: "A set of small fixes mostly in the irq drivers area: - Make the tango irq chip work correctly, which requires a new function in the generiq irq chip implementation - A set of updates to the GIC-V3 ITS driver removing a bogus BUG_ON() and parsing the VCPU table size correctly" * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: genirq: generic chip: remove irq_gc_mask_disable_reg_and_ack() irqchip/tango: Use irq_gc_mask_disable_and_ack_set genirq: generic chip: Add irq_gc_mask_disable_and_ack_set() irqchip/gic-v3-its: Add missing changes to support 52bit physical address irqchip/gic-v3-its: Fix the incorrect parsing of VCPU table size irqchip/gic-v3-its: Fix the incorrect BUG_ON in its_init_vpe_domain() DT: arm,gic-v3: Update the ITS size in the examples
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull objtool fix from Thomas Gleixner: "Plug a memory leak in the instruction decoder" * 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: objtool: Fix memory leak in decode_instructions()
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds authored
Pull networking fixes from David Miller: "A little more than usual this time around. Been travelling, so that is part of it. Anyways, here are the highlights: 1) Deal with memcontrol races wrt. listener dismantle, from Eric Dumazet. 2) Handle page allocation failures properly in nfp driver, from Jaku Kicinski. 3) Fix memory leaks in macsec, from Sabrina Dubroca. 4) Fix crashes in pppol2tp_session_ioctl(), from Guillaume Nault. 5) Several fixes in bnxt_en driver, including preventing potential NVRAM parameter corruption from Michael Chan. 6) Fix for KRACK attacks in wireless, from Johannes Berg. 7) rtnetlink event generation fixes from Xin Long. 8) Deadlock in mlxsw driver, from Ido Schimmel. 9) Disallow arithmetic operations on context pointers in bpf, from Jakub Kicinski. 10) Missing sock_owned_by_user() check in sctp_icmp_redirect(), from Xin Long. 11) Only TCP is supported for sockmap, make that explicit with a check, from John Fastabend. 12) Fix IP options state races in DCCP and TCP, from Eric Dumazet. 13) Fix panic in packet_getsockopt(), also from Eric Dumazet. 14) Add missing locked in hv_sock layer, from Dexuan Cui. 15) Various aquantia bug fixes, including several statistics handling cures. From Igor Russkikh et al. 16) Fix arithmetic overflow in devmap code, from John Fastabend. 17) Fix busted socket memory accounting when we get a fault in the tcp zero copy paths. From Willem de Bruijn. 18) Don't leave opt->tot_len uninitialized in ipv6, from Eric Dumazet" * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (106 commits) stmmac: Don't access tx_q->dirty_tx before netif_tx_lock ipv6: flowlabel: do not leave opt->tot_len with garbage of_mdio: Fix broken PHY IRQ in case of probe deferral textsearch: fix typos in library helpers rxrpc: Don't release call mutex on error pointer net: stmmac: Prevent infinite loop in get_rx_timestamp_status() net: stmmac: Fix stmmac_get_rx_hwtstamp() net: stmmac: Add missing call to dev_kfree_skb() mlxsw: spectrum_router: Configure TIGCR on init mlxsw: reg: Add Tunneling IPinIP General Configuration Register net: ethtool: remove error check for legacy setting transceiver type soreuseport: fix initialization race net: bridge: fix returning of vlan range op errors sock: correct sk_wmem_queued accounting on efault in tcp zerocopy bpf: add test cases to bpf selftests to cover all access tests bpf: fix pattern matches for direct packet access bpf: fix off by one for range markings with L{T, E} patterns bpf: devmap fix arithmetic overflow in bitmap_size calculation net: aquantia: Bad udp rate on default interrupt coalescing net: aquantia: Enable coalescing management via ethtool interface ...
-
Bernd Edlinger authored
This is the possible reason for different hard to reproduce problems on my ARMv7-SMP test system. The symptoms are in recent kernels imprecise external aborts, and in older kernels various kinds of network stalls and unexpected page allocation failures. My testing indicates that the trouble started between v4.5 and v4.6 and prevails up to v4.14. Using the dirty_tx before acquiring the spin lock is clearly wrong and was first introduced with v4.6. Fixes: e3ad57c9 ("stmmac: review RX/TX ring management") Signed-off-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Eric Dumazet authored
When syzkaller team brought us a C repro for the crash [1] that had been reported many times in the past, I finally could find the root cause. If FlowLabel info is merged by fl6_merge_options(), we leave part of the opt_space storage provided by udp/raw/l2tp with random value in opt_space.tot_len, unless a control message was provided at sendmsg() time. Then ip6_setup_cork() would use this random value to perform a kzalloc() call. Undefined behavior and crashes. Fix is to properly set tot_len in fl6_merge_options() At the same time, we can also avoid consuming memory and cpu cycles to clear it, if every option is copied via a kmemdup(). This is the change in ip6_setup_cork(). [1] kasan: CONFIG_KASAN_INLINE enabled kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 0 PID: 6613 Comm: syz-executor0 Not tainted 4.14.0-rc4+ #127 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff8801cb64a100 task.stack: ffff8801cc350000 RIP: 0010:ip6_setup_cork+0x274/0x15c0 net/ipv6/ip6_output.c:1168 RSP: 0018:ffff8801cc357550 EFLAGS: 00010203 RAX: dffffc0000000000 RBX: ffff8801cc357748 RCX: 0000000000000010 RDX: 0000000000000002 RSI: ffffffff842bd1d9 RDI: 0000000000000014 RBP: ffff8801cc357620 R08: ffff8801cb17f380 R09: ffff8801cc357b10 R10: ffff8801cb64a100 R11: 0000000000000000 R12: ffff8801cc357ab0 R13: ffff8801cc357b10 R14: 0000000000000000 R15: ffff8801c3bbf0c0 FS: 00007f9c5c459700(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020324000 CR3: 00000001d1cf2000 CR4: 00000000001406f0 DR0: 0000000020001010 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Call Trace: ip6_make_skb+0x282/0x530 net/ipv6/ip6_output.c:1729 udpv6_sendmsg+0x2769/0x3380 net/ipv6/udp.c:1340 inet_sendmsg+0x11f/0x5e0 net/ipv4/af_inet.c:762 sock_sendmsg_nosec net/socket.c:633 [inline] sock_sendmsg+0xca/0x110 net/socket.c:643 SYSC_sendto+0x358/0x5a0 net/socket.c:1750 SyS_sendto+0x40/0x50 net/socket.c:1718 entry_SYSCALL_64_fastpath+0x1f/0xbe RIP: 0033:0x4520a9 RSP: 002b:00007f9c5c458c08 EFLAGS: 00000216 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 0000000000718000 RCX: 00000000004520a9 RDX: 0000000000000001 RSI: 0000000020fd1000 RDI: 0000000000000016 RBP: 0000000000000086 R08: 0000000020e0afe4 R09: 000000000000001c R10: 0000000000000000 R11: 0000000000000216 R12: 00000000004bb1ee R13: 00000000ffffffff R14: 0000000000000016 R15: 0000000000000029 Code: e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 ea 0f 00 00 48 8d 79 04 48 b8 00 00 00 00 00 fc ff df 45 8b 74 24 04 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 RIP: ip6_setup_cork+0x274/0x15c0 net/ipv6/ip6_output.c:1168 RSP: ffff8801cc357550 Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: Dmitry Vyukov <dvyukov@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Geert Uytterhoeven authored
If an Ethernet PHY is initialized before the interrupt controller it is connected to, a message like the following is printed: irq: no irq domain found for /interrupt-controller@e61c0000 ! However, the actual error is ignored, leading to a non-functional (POLL) PHY interrupt later: Micrel KSZ8041RNLI ee700000.ethernet-ffffffff:01: attached PHY driver [Micrel KSZ8041RNLI] (mii_bus:phy_addr=ee700000.ethernet-ffffffff:01, irq=POLL) Depending on whether the PHY driver will fall back to polling, Ethernet may or may not work. To fix this: 1. Switch of_mdiobus_register_phy() from irq_of_parse_and_map() to of_irq_get(). Unlike the former, the latter returns -EPROBE_DEFER if the interrupt controller is not yet available, so this condition can be detected. Other errors are handled the same as before, i.e. use the passed mdio->irq[addr] as interrupt. 2. Propagate and handle errors from of_mdiobus_register_phy() and of_mdiobus_register_device(). Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be> Signed-off-by: David S. Miller <davem@davemloft.net>
-