- 17 Feb, 2019 3 commits
-
-
Alexandre Torgue authored
In dwmac4_wrback_get_rx_timestamp_status we looking for a RX timestamp. For that receive descriptors are handled and so we should use defines related to receive descriptors. It'll no change the functional behavior as RDES3_RDES1_VALID=TDES3_RS1V=BIT(26) but it makes code easier to read. Signed-off-by:
Alexandre Torgue <alexandre.torgue@st.com> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Dan Carpenter authored
It's confusing to call PTR_ERR(v). The PTR_ERR() function is basically a fancy cast to long so it makes you wonder, was IS_ERR() intended? But that doesn't make sense because vcc_walk() doesn't return error pointers. This patch doesn't affect runtime, it's just a cleanup. Signed-off-by:
Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by:
-
Guillaume Nault authored
SO_SNDBUF and SO_RCVBUF (and their *BUFFORCE version) may overflow or underflow their input value. This patch aims at providing explicit handling of these extreme cases, to get a clear behaviour even with values bigger than INT_MAX / 2 or lower than INT_MIN / 2. For simplicity, only SO_SNDBUF and SO_SNDBUFFORCE are described here, but the same explanation and fix apply to SO_RCVBUF and SO_RCVBUFFORCE (with 'SNDBUF' replaced by 'RCVBUF' and 'wmem_max' by 'rmem_max'). Overflow of positive values =========================== When handling SO_SNDBUF or SO_SNDBUFFORCE, if 'val' exceeds INT_MAX / 2, the buffer size is set to its minimum value because 'val * 2' overflows, and max_t() considers that it's smaller than SOCK_MIN_SNDBUF. For SO_SNDBUF, this can only happen with net.core.wmem_max > INT_MAX / 2. SO_SNDBUF and SO_SNDBUFFORCE are actually designed to let users probe for the maximum buffer size by setting an arbitrary large number that gets capped to the maximum allowed/possible size. Having the upper half of the positive integer space to potentially reduce the buffer size to its minimum value defeats this purpose. This patch caps the base value to INT_MAX / 2, so that bigger values don't overflow and keep setting the buffer size to its maximum. Underflow of negative values ============================ For negative numbers, SO_SNDBUF always considers them bigger than net.core.wmem_max, which is bounded by [SOCK_MIN_SNDBUF, INT_MAX]. Therefore such values are set to net.core.wmem_max and we're back to the behaviour of positive integers described above (return maximum buffer size if wmem_max <= INT_MAX / 2, return SOCK_MIN_SNDBUF otherwise). However, SO_SNDBUFFORCE behaves differently. The user value is directly multiplied by two and compared with SOCK_MIN_SNDBUF. If 'val * 2' doesn't underflow or if it underflows to a value smaller than SOCK_MIN_SNDBUF then buffer size is set to its minimum value. Otherwise the buffer size is set to the underflowed value. This patch treats negative values passed to SO_SNDBUFFORCE as null, to prevent underflows. Therefore negative values now always set the buffer size to its minimum value. Even though SO_SNDBUF behaves inconsistently by setting buffer size to the maximum value when passed a negative number, no attempt is made to modify this behaviour. There may exist some programs that rely on using negative numbers to set the maximum buffer size. Avoiding overflows because of extreme net.core.wmem_max values is the most we can do here. Summary of altered behaviours ============================= val : user-space value passed to setsockopt() val_uf : the underflowed value resulting from doubling val when val < INT_MIN / 2 wmem_max : short for net.core.wmem_max val_cap : min(val, wmem_max) min_len : minimal buffer length (that is, SOCK_MIN_SNDBUF) max_len : maximal possible buffer length, regardless of wmem_max (that is, INT_MAX - 1) ^^^^ : altered behaviour SO_SNDBUF: +-------------------------+-------------+------------+----------------+ | CONDITION | OLD RESULT | NEW RESULT | COMMENT | +-------------------------+-------------+------------+----------------+ | val < 0 && | | | No overflow, | | wmem_max <= INT_MAX/2 | wmem_max*2 | wmem_max*2 | keep original | | | | | behaviour | +-------------------------+-------------+------------+----------------+ | val < 0 && | | | Cap wmem_max | | INT_MAX/2 < wmem_max | min_len | max_len | to prevent | | | | ^^^^^^^ | overflow | +-------------------------+-------------+------------+----------------+ | 0 <= val <= min_len/2 | min_len | min_len | Ordinary case | +-------------------------+-------------+------------+----------------+ | min_len/2 < val && | val_cap*2 | val_cap*2 | Ordinary case | | val_cap <= INT_MAX/2 | | | | +-------------------------+-------------+------------+----------------+ | min_len < val && | | | Cap val_cap | | INT_MAX/2 < val_cap | min_len | max_len | again to | | (implies that | | ^^^^^^^ | prevent | | INT_MAX/2 < wmem_max) | | | overflow | +-------------------------+-------------+------------+----------------+ SO_SNDBUFFORCE: +------------------------------+---------+---------+------------------+ | CONDITION | BEFORE | AFTER | COMMENT | | | PATCH | PATCH | | +------------------------------+---------+---------+------------------+ | val < INT_MIN/2 && | min_len | min_len | Underflow with | | val_uf <= min_len | | | no consequence | +------------------------------+---------+---------+------------------+ | val < INT_MIN/2 && | val_uf | min_len | Set val to 0 to | | val_uf > min_len | | ^^^^^^^ | avoid underflow | +------------------------------+---------+---------+------------------+ | INT_MIN/2 <= val < 0 | min_len | min_len | No underflow | +------------------------------+---------+---------+------------------+ | 0 <= val <= min_len/2 | min_len | min_len | Ordinary case | +------------------------------+---------+---------+------------------+ | min_len/2 < val <= INT_MAX/2 | val*2 | val*2 | Ordinary case | +------------------------------+---------+---------+------------------+ | INT_MAX/2 < val | min_len | max_len | Cap val to | | | | ^^^^^^^ | prevent overflow | +------------------------------+---------+---------+------------------+ Signed-off-by:Guillaume Nault <gnault@redhat.com> Signed-off-by:
-
- 16 Feb, 2019 26 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linuxDavid S. Miller authored
Saeed Mahameed says: ==================== Support Mellanox BlueField SmartNIC (mlx5-updates-2019-02-15) Bodong Wang says, BlueField device is a multi-core ARM processor in a highly integrated system on chip coupled with the ConnectX interconnect controller. BlueField device can be presented in one out of two modes: - SEPARATED_HOST: ARM processors as a separated and orthogonal host like any other external host in the multi-host virtualization model. - EMBEDDED_CPU: ARM processors as Embedded CPU (EC) and part of the external hosts virtualization model. While existing driver already supports the device on separated_host mode, this patch series focus on the functionalities of embedded_cpu mode. On embedded_cpu mode, BlueField device exposes regular network controller PCI function in the BlueField host(e.g, x86). However, a separate PCI function called Embedded CPU Physical Function(ECPF) is also added to the ARM host side, where standard Linux distributions is able to run on the ARM cores. Depends on the NV configuration from firmware, ECPF can be the e-switch manager and firmware pages supplier. If ECPF is configured as e-switch manager and page supplier, it will take over the responsibilities from the PF on BlueField host includes: - Owns, controls and manages all e-switch parts, and takes e-switch traffic by default. It also should perform ENABLE_HCA for the host PF just like a PF does for its VFs. - Provides and manages the ICM host memory required for the HCA to store various contexts for itself, the PF and VFs belong the e-switch it manages. The PF on BlueField host side is still responsible for: - Control its own permanent MAC. - PCI and SRIOV configurations and perform ENABLE_HCA for its VFs. The ECPF can also retrieve information about the external host it controls, like host identifier, PCI BDF and number of virtual functions. As these parameters may be changed dynamically, an event will be triggered to the driver on ECPF side. ==================== Signed-off-by: -
David S. Miller authored
Julian Wiedmann says: ==================== s390/qeth: updates 2019-02-15 please apply a few more qeth patches to net-next. Along with some smaller improvements, this revamps our code for the SW statistics that are exposed through ETHTOOL_GSTATS. ==================== Signed-off-by: -
Julian Wiedmann authored
Rather than special-casing OSN in a number of places, just give this device type its own netdev_ops structure. When setting up the OSN net_device, also skip the handling of the various HW offloads (eg TSO). The device shouldn't be advertising any of them, and the OSN code paths in qeth don't have support for them. In particular RX VLAN filtering is not supported, so don't hook up those callbacks in the netdev_ops. Signed-off-by:
Julian Wiedmann <jwi@linux.ibm.com> Signed-off-by:
-
Julian Wiedmann authored
Implement a trivial callback that exposes the queue sizes. Signed-off-by:
-
Julian Wiedmann authored
Accumulate per-TX queue statistics, and increase their size to 64 bit. Don't bother with enabling/disabling the statistics, the overhead is negligible. Signed-off-by:
-
Julian Wiedmann authored
Most of this is self-contained code. Signed-off-by:
-
Julian Wiedmann authored
Counting the number of function calls and the time spent in functions is best left to proper tracing facilities. Signed-off-by:
-
Julian Wiedmann authored
qeth dynamically allocates an array for storing pointers to its Output Queue structures. Switch this to a static array - we are currently limited to 4 Output Queues, so shrinking the qeth_qdio_info struct by just a few bytes doesn't justify the additional complexity. Signed-off-by:
-
Julian Wiedmann authored
Once a qeth ccwgroup device is set online, it's also armed for internal recovery. So allow for testing that code path via sysfs, regardless of whether the interface is up or down. Signed-off-by:
-
Florian Fainelli authored
For the forwarding selftests to work, we need network namespaces when using veth/vrf otherwise ping/ping6 commands like these: ip vrf exec vveth0 /bin/ping 192.0.2.2 -c 10 -i 0.1 -w 5 will fail because network namespaces may not be enabled. Signed-off-by:
Florian Fainelli <f.fainelli@gmail.com> Signed-off-by:
-
Paolo Abeni authored
rt6_cache_allowed_for_pmtu() checks for rt->from presence, but it does not access the RCU protected pointer. We can use rcu_access_pointer() and clean-up the code a bit. No functional changes intended. Signed-off-by:
Paolo Abeni <pabeni@redhat.com> Reviewed-by:
David Ahern <dsahern@gmail.com> Signed-off-by:
-
Colin Ian King authored
There is a spelling mistake in several dev_err messages, fix these. Signed-off-by:
Colin Ian King <colin.king@canonical.com> Reviewed-by:
Ido Schimmel <idosch@mellanox.com> Signed-off-by:
-
Bodong Wang authored
Currently, the e-switch driver requires going to legacy mode before changing to the offloads mode. This makes sense for regular case as the legacy mode is done by creating VFs. However, it's problematic when ECPF is the eswitch manager. In such case, ECPF will control the vports on peer host including the peer PF and VFs. But ECPF doesn't need and shall not create VFs as the VFs are created in the peer PF host. Grant ECPF the ability to change from none to the offloads mode. Note that currently the only way to go back to none mode is by unloading the ECPF driver. Signed-off-by:
Bodong Wang <bodong@mellanox.com> Reviewed-by:
Or Gerlitz <ogerlitz@mellanox.com> Signed-off-by:
Saeed Mahameed <saeedm@mellanox.com>
-
Bodong Wang authored
When host PF changes the number of VFs, the ECPF esw driver will get a FW event. It should query the number of VFs enabled by host PF and update the VF reps accordingly. Note that host PF can't change the number of VFs dynamically, it has to reset the number of VFs to 0 before changing to a new positive number. The host event is registered when driver is moving to switchdev mode, and it's the last step to do in esw_offloads_init. It's unregistered and the work queue is flushed when driver quits from switchdev mode. In this way, the host event and devlink command are serialized. When driver is enabling switchdev mode, pay attention to the following two facts: 1. Host PF must not have VF initialized as the flow table in ECPF has ENCAP enabled as default. Such flow table can't be created with existing initialized VFs. 2. ECPF doesn't know how many VFs the host PF will enable, ECPF offloads flow steering shall create the flow table/groups based on the max number of VFs possibly supported by host PF. Signed-off-by:
-
Bodong Wang authored
ECPF connects to the eswitch through vport 0xfffe. ECPF may or may not be the eswitch manager depending on firmware configuration. 1. If ECPF is eswitch manager: ECPF will take over the eswitch manager responsibility. A rep of the host PF shall be created at the ECPF side for the eswitch manager to control. 2. If ECPF is not eswitch manager: host PF will be the eswitch manager, ECPF acts similar as a VF to the host PF. Host PF will be aware of the ECPF vport presence and control it's rep. Signed-off-by:
-
Bodong Wang authored
In offloads mode, the current implementation puts the uplink representor at index zero of the vport reps array. It is not "natural" to place it at index 0 since we want to put the representor for vport 0 at index 0 with the introduction of SmartNIC. A separate patch will handle the case whether a rep is needed for vport 0 (PF vport). So, we want to have a different placeholder for uplink vport and representor. It was placed at the end of vport and rep array. Since vport number can no longer act as an index into the vport or representors arrays, use functions to map vport numbers to indices when accessing the vports or representors arrays, and vice versa. Signed-off-by:
Eli Cohen <eli@mellanox.com> Reviewed-by:
-
Bodong Wang authored
Eswitch has two users: IB and ETH. They both register repersentors when mlx5 interface is added, and unregister the repersentors when mlx5 interface is removed. Ideally, each driver should only deal with the entities which are unique to itself. However, current IB and ETH drivers have to perform the following eswitch operations: 1. When registering, specify how many vports to register. This number is the same for both drivers which is the total available vport numbers. 2. When unregistering, specify the number of registered vports to do unregister. Also, unload the repersentors which are already loaded. It's unnecessary for eswitch driver to hands out the control of above operations to individual driver users, as they're not unique to each driver. Instead, such operations should be centralized to eswitch driver. This consolidates eswitch control flow, and simplified IB and ETH driver. This patch doesn't change any functionality. Signed-off-by:
-
Bodong Wang authored
Currently the driver loads and unloads all reps in an unbreakable group. However, with ECPF, the reps of special vports such as uplink and host PF should always be loaded in switchdev mode where the reps for VFs will be loaded on-demand and unloaded on no-demand. This is a pre-step for that change. This patch doesn't change any functionality. Signed-off-by:
-
Bodong Wang authored
Currently the eswitch vport reps have a valid indicator, which is set on register and unset on unregister. However, a rep can be loaded or not loaded when doing unregister, current driver checks if the vport of that rep is enabled as a flag to imply the rep is loaded. However, for ECPF, this is not valid as the host PF will enable the vports for its VFs instead. Add three states: {unregistered, registered, loaded}, with the following state changes across different operations: create: (none) -> unregistered reg: unregistered -> registered load: registered -> loaded unload: loaded -> registered unreg: registered -> unregistered Note that the state shall only be updated inside eswitch driver rather than individual drivers such as ETH or IB. Signed-off-by:Mark Bloch <markb@mellanox.com> Reviewed-by:
-
Bodong Wang authored
With only PF and VF, it is sufficient to have the vport/rep array index as the vport number. This is because PF and VF vports numbers are consecutive serial numbers. In downstream patches with introducing of ECPF and UPLINK vports, it's not consecutive any more. Use getter to get specific vport/rep, and use iterator to traversal a list of vport/rep. This hides the translation between array index and vport number, and provides flexibility of using different translation mechanism in the future. This patch doesn't change any functionality. Signed-off-by:
-
Bodong Wang authored
When driver is entering offloads mode, there are two major tasks to do: initialize flow steering and create representors. Flow steering should make sure enough flow table/group spaces are reserved for all reps. Representors will be created in a group, all or none. With the introduction of ECPF, flow steering should still reserve the same spaces. But, the representors are not always loaded/unloaded in a single piece. Once ECPF is in offloads mode, it will get the number of VF changing event from host PF. In such scenario, only the VF reps should be loaded/unloaded, not the reps for special vports (such as the uplink vport). Thus, when entering offloads mode, driver should specify the total number of reps, and the number of VF reps separately. When leaving offloads mode, the cleanup should use the information self-contained in eswitch such as number of VFs. This patch doesn't change any functionality. Signed-off-by:
-
Bodong Wang authored
E-switch offloads mode initialize/cleanup multiple steering related entities (flow table/group). Refactor these operations to internal helper functions for better block design. This patch doesn't change any functionality. Signed-off-by:
-
Bodong Wang authored
Commands referring to vports use the following scheme: 1. When referring to my own vport, put 0 in vport and 0 in other_vport. 2. When referring to another vport, put the vport number of the referred vport and put 1 in other_vport. It was assumed that driver is accessing other vport when vport number is greater than 0. With the above scheme, the case that ECPF eswitch manager is trying to access host PF vport will fall over with scheme 1 as the vport number is 0. This is apparently wrong as driver is trying to refer other vport. As such usage can only happen in the eswitch context, change relevant functions to provide other vport input properly. Signed-off-by:
-
Bodong Wang authored
In SmartNIC mode, the eswitch manager is not necessarily the PF (vport 0). Use a helper function to get the correct eswitch manager vport number and cache on the eswitch instance for fast reference. Signed-off-by:
-
Bodong Wang authored
When bonding is added, driver assumes that it's RoCE LAG if no VF is enabled. This is not enough for ECPF as the VF is enabled in host PF side. LAG should only choose RoCE mode when both slave devices meet conditions below: 1. E-Switch offloads mode is NONE. 2. No VF is enabled. Signed-off-by:
-
git://git.kernel.org/pub/scm/linux/kernel/git/mellanox/linuxSaeed Mahameed authored
Merge mlx5-next shared branched into net-next, From Bodong Wang: 1) Introduction of ECPF (Embedded CPU Physical Function), and low level bits for mlx5 SmartNic capabilities support. 2) Vport enumeration refactoring that affect mlx5_ib and mlx5_core From Aya Levin, 3) Add support for 50Gbps per lane link modes in the Port Type and Speed register (PTYS) 4) Refactor low level query functions for PTYS register 5) Add support for 50Gbps per lane link modes to mlx5_ib Note: due to a change in API in mlx5/core and a later patch from net-next, a fixup was squashed with this merge commit that replaces FDB_UPLINK_VPORT with MLX5_VPORT_UPLINK which exists only in upstream net-next. Signed-off-by:
-
- 15 Feb, 2019 11 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/netDavid S. Miller authored
The netfilter conflicts were rather simple overlapping changes. However, the cls_tcindex.c stuff was a bit more complex. On the 'net' side, Cong is fixing several races and memory leaks. Whilst on the 'net-next' side we have Vlad adding the rtnl-ness support. What I've decided to do, in order to resolve this, is revert the conversion over to using a workqueue that Cong did, bringing us back to pure RCU. I did it this way because I believe that either Cong's races don't apply with have Vlad did things, or Cong will have to implement the race fix slightly differently. Signed-off-by: -
git://git.kernel.dk/linux-blockLinus Torvalds authored
Pull block fixes from Jens Axboe: - Ensure we insert into the hctx dispatch list, if a request is marked as DONTPREP (Jianchao) - NVMe pull request, single missing unlock on error fix (Keith) - MD pull request, single fix for a potentially data corrupting issue (Nate) - Floppy check_events regression fix (Yufen) * tag 'for-linus-20190215' of git://git.kernel.dk/linux-block: md/raid1: don't clear bitmap bits on interrupted recovery. floppy: check_events callback should not return a negative number nvme-pci: add missing unlock for reset error blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue
-
Linus Torvalds authored
Merge tag 'for-5.0/dm-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm Pull device mapper fixes from Mike Snitzer: - Fix bug in DM crypt's sizing of its block integrity tag space, resulting in less memory use when DM crypt layers on DM integrity. - Fix a long-standing DM thinp crash consistency bug that was due to improper handling of FUA. This issue is specific to writes that fill an entire thinp block which needs to be allocated. * tag 'for-5.0/dm-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm: dm thin: fix bug where bio that overwrites thin block ignores FUA dm crypt: don't overallocate the integrity tag space
-
git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmcLinus Torvalds authored
Pull MMC fixes from Ulf Hansson: "A couple of MMC fixes intended for v5.0-rc7. MMC core: - Fix deadlock bug for block I/O requests MMC host: - sunxi: Disable broken HS-DDR mode for H5 by default - sunxi: Avoid unsupported speed modes declared via DT - meson-gx: Restore interrupt name" * tag 'mmc-v5.0-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: mmc: meson-gx: fix interrupt name mmc: block: handle complete_work on separate workqueue mmc: sunxi: Filter out unsupported modes declared in the device tree mmc: sunxi: Disable HS-DDR mode for H5 eMMC controller by default
-
git://anongit.freedesktop.org/drm/drmLinus Torvalds authored
Pull drm fixes from Dave Airlie: "Usual pull request, little larger than I'd like but nothing too strange in it. Willy found an bug in the lease ioctl calculations, but it's a drm master only ioctl which makes it harder to mess with. i915: - combo phy programming fix - opregion version check fix for VBT RVDA lookup - gem mmap ioctl race fix - fbdev hpd during suspend fix - array size bounds check fix in pmu amdgpu: - Vega20 psp fix - Add vrr range to debugfs for freesync debugging sched: - Scheduler race fix vkms: - license header fixups imx: - Fix CSI register offsets for i.MX51 and i.MX53. - Fix delayed page flip completion events on i.MX6QP due to unexpected behaviour of the PRE when issuing NOP buffer updates to the same buffer address. - Stop throwing errors for plane updates on disabled CRTCs when a userspace process is killed while a plane update is pending. - Add missing of_node_put cleanup in imx_ldb_bind" * tag 'drm-fixes-2019-02-15-1' of git://anongit.freedesktop.org/drm/drm: drm: Use array_size() when creating lease drm/amdgpu/psp11: TA firmware is optional (v3) drm/i915/opregion: rvda is relative from opregion base in opregion 2.1+ drm/i915/opregion: fix version check drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set drm/i915: Block fbdev HPD processing during suspend drm/i915/pmu: Fix enable count array size and bounds checking drm/i915/cnl: Fix CNL macros for Voltage Swing programming drm/i915/icl: combo port vswing programming changes per BSPEC drm/vkms: Fix license inconsistent drm/amd/display: Expose connector VRR range via debugfs drm/sched: Always trace the dependencies we wait on, to fix a race. gpu: ipu-v3: pre: don't trigger update if buffer address doesn't change gpu: ipu-v3: Fix CSI offsets for imx53 drm/imx: imx-ldb: add missing of_node_puts gpu: ipu-v3: Fix i.MX51 CSI control registers offset drm/imx: ignore plane updates on disabled crtcs -
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6Linus Torvalds authored
Pull crypto fix from Herbert Xu: "This fixes a crash on resume in the ccree driver" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: ccree - fix resume race condition on init
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds authored
Pull networking fixes from David Miller: 1) Fix MAC address setting in mac80211 pmsr code, from Johannes Berg. 2) Probe SFP modules after being attached, from Russell King. 3) Byte ordering bug in SMC rx_curs_confirmed code, from Ursula Braun. 4) Revert some r8169 changes that are causing regressions, from Heiner Kallweit. 5) Fix spurious connection timeouts in netfilter nat code, from Florian Westphal. 6) SKB leak in tipc, from Hoang Le. 7) Short packet checkum issue in mlx4, similar to a previous mlx5 change, from Saeed Mahameed. The issue is that whilst padding bytes are usually zero, it is not guarateed and the hardware doesn't take the padding bytes into consideration when generating the checksum. 8) Fix various races in cls_tcindex, from Cong Wang. 9) Need to set stream ext to NULL before freeing in SCTP code, from Xin Long. 10) Fix locking in phy_is_started, from Heiner Kallweit. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (54 commits) net: ethernet: freescale: set FEC ethtool regs version net: hns: Fix object reference leaks in hns_dsaf_roce_reset() mm: page_alloc: fix ref bias in page_frag_alloc() for 1-byte allocs net: phy: fix potential race in the phylib state machine net: phy: don't use locking in phy_is_started selftests: fix timestamping Makefile net: dsa: bcm_sf2: potential array overflow in bcm_sf2_sw_suspend() net: fix possible overflow in __sk_mem_raise_allocated() dsa: mv88e6xxx: Ensure all pending interrupts are handled prior to exit net: phy: fix interrupt handling in non-started states sctp: set stream ext to NULL after freeing it in sctp_stream_outq_migrate sctp: call gso_reset_checksum when computing checksum in sctp_gso_segment net/mlx5e: XDP, fix redirect resources availability check net/mlx5: Fix a compilation warning in events.c net/mlx5: No command allowed when command interface is not ready net/mlx5e: Fix NULL pointer derefernce in set channels error flow netfilter: nft_compat: use-after-free when deleting targets team: avoid complex list operations in team_nl_cmd_options_set() net_sched: fix two more memory leaks in cls_tcindex net_sched: fix a memory leak in cls_tcindex ... -
git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespaceLinus Torvalds authored
Pull signal fix from Eric Biederman: "Just a single patch that restores PTRACE_EVENT_EXIT functionality that was accidentally broken by last weeks fixes" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: signal: Restore the stop PTRACE_EVENT_EXIT
-
Matthew Wilcox authored
Passing an object_count of sufficient size will make object_count * 4 wrap around to be very small, then a later function will happily iterate off the end of the object_ids array. Using array_size() will saturate at SIZE_MAX, the kmalloc() will fail and we'll return an -ENOMEM to the norty userspace. Fixes: 62884cd3 ("drm: Add four ioctls for managing drm mode object leases [v7]") Signed-off-by:
Matthew Wilcox <willy@infradead.org> Acked-by:
Kees Cook <keescook@chromium.org> Acked-by:
Daniel Vetter <daniel.vetter@ffwll.ch> Cc: <stable@vger.kernel.org> # v4.15+ Signed-off-by:
Dave Airlie <airlied@redhat.com>
-
git://people.freedesktop.org/~agd5f/linuxDave Airlie authored
amdgpu: - Vega20 psp fix - Add vrr range to debugfs for freesync debugging sched: - Scheduler race fix Signed-off-by:
-
Dave Airlie authored
Merge tag 'drm-intel-fixes-2019-02-13' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes drm/i915 fixes for v5.0-rc7: - combo phy programming fix - opregion version check fix for VBT RVDA lookup - gem mmap ioctl race fix - fbdev hpd during suspend fix - array size bounds check fix in pmu Signed-off-by:
-
