- 21 Jul, 2018 18 commits
-
-
Jian Shen authored
Using hex for bit offsets is inconsistent with the rest of the file. Change them to decimal. Signed-off-by: Jian Shen <shenjian15@huawei.com> Signed-off-by: Peng Li <lipeng321@huawei.com> Signed-off-by: Salil Mehta <salil.mehta@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jian Shen authored
This patch fixes some comment spelling errors, removes redundant comments, rewrites misleading comments, and adds some necessary comments. Signed-off-by: Jian Shen <shenjian15@huawei.com> Signed-off-by: Peng Li <lipeng321@huawei.com> Signed-off-by: Salil Mehta <salil.mehta@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jian Shen authored
Remove extra space and brackets. Signed-off-by: Jian Shen <shenjian15@huawei.com> Signed-off-by: Peng Li <lipeng321@huawei.com> Signed-off-by: Salil Mehta <salil.mehta@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jian Shen authored
Apply the standard minor cleanup by returning ret outside the brackets. Signed-off-by: Jian Shen <shenjian15@huawei.com> Signed-off-by: Peng Li <lipeng321@huawei.com> Signed-off-by: Salil Mehta <salil.mehta@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jian Shen authored
Remove some redundant assignments, because they have been set to zero when allocate hdev. Signed-off-by: Jian Shen <shenjian15@huawei.com> Signed-off-by: Peng Li <lipeng321@huawei.com> Signed-off-by: Salil Mehta <salil.mehta@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-nextDavid S. Miller authored
Daniel Borkmann says: ==================== pull-request: bpf-next 2018-07-20 The following pull-request contains BPF updates for your *net-next* tree. The main changes are: 1) Add sharing of BPF objects within one ASIC: this allows for reuse of the same program on multiple ports of a device, and therefore gains better code store utilization. On top of that, this now also enables sharing of maps between programs attached to different ports of a device, from Jakub. 2) Cleanup in libbpf and bpftool's Makefile to reduce unneeded feature detections and unused variable exports, also from Jakub. 3) First batch of RCU annotation fixes in prog array handling, i.e. there are several __rcu markers which are not correct as well as some of the RCU handling, from Roman. 4) Two fixes in BPF sample files related to checking of the prog_cnt upper limit from sample loader, from Dan. 5) Minor cleanup in sockmap to remove a set but not used variable, from Colin. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Tyler Hicks says: ==================== Make /sys/class/net per net namespace objects belong to container This is a revival of an older patch set from Dmitry Torokhov: https://lore.kernel.org/lkml/1471386795-32918-1-git-send-email-dmitry.torokhov@gmail.com/ My submission of v2 is here: https://lore.kernel.org/lkml/1531497949-1766-1-git-send-email-tyhicks@canonical.com/ Here's Dmitry's description: There are objects in /sys hierarchy (/sys/class/net/) that logically belong to a namespace/container. Unfortunately all sysfs objects start their life belonging to global root, and while we could change ownership manually, keeping tracks of all objects that come and go is cumbersome. It would be better if kernel created them using correct uid/gid from the beginning. This series changes kernfs to allow creating object's with arbitrary uid/gid, adds get_ownership() callback to ktype structure so subsystems could supply their own logic (likely tied to namespace support) for determining ownership of kobjects, and adjusts sysfs code to make use of this information. Lastly net-sysfs is adjusted to make sure that objects in net namespace are owned by the root user from the owning user namespace. Note that we do not adjust ownership of objects moved into a new namespace (as when moving a network device into a container) as userspace can easily do it. I'm reviving this patch set because we would like this feature for system containers. One specific use case that we have is that libvirt is unable to configure its bridge device inside of a system container due to the bridge files in /sys/class/net/ being owned by init root instead of container root. The last two patches in this set are patches that I've added to Dmitry's original set to allow such configuration of the bridge device. Eric had previously provided feedback that he didn't favor these changes affecting all layers of the stack and that most of the changes could remain local to drivers/base/core.c. That feedback is certainly sensible but I wanted to send out v2 of the patch set without making that large of a change since quite a bit of time has passed and the bridge changes in the last patch of this set shows that not all of the changes will be local to drivers/base/core.c. I'm happy to make the changes if the original request still stands. * Changes since v2: - Added my Co-Developed-by and Signed-off-by tags to all of Dmitry's patches that I've modified - Patch 1 received build failure fixes in arch/x86/kernel/cpu/intel_rdt_rdtgroup.c - Patch 2 was updated to drop the declaration of sysfs_add_file() from sysfs.h since the patch removed all other uses of the function - Patch 5 is a new patch that prevents tx_maxrate from being written to from inside of a container + Maybe I'm being too cautious here but the restriction can always be loosened up later - Patches 6 and 7 were updated to make net_ns_get_ownership() always initialize uid and gid, even when the network namespace is NULL, so that it isn't a dangerous function to reuse + Requested by Christian Brauner - I've looked at all sysfs attributes affected by this patch set and feel comfortable about the changes. There are quite a few affected attributes that don't have any capable()/ns_capable() checks in their store operations (per_bond_attrs, at91_sysfs_attrs, sysfs_grcan_attrs, ican3_sysfs_attrs, cdc_ncm_sysfs_attrs, qmi_wwan_sysfs_attrs) but I think this is acceptable. It means that container root, rather than specifically CAP_NET_ADMIN inside of the network namespace that the device belongs to, can write to those device attributes. It's the same situation that those devices have today in that init root is able to write to the attributes without necessarily having CAP_NET_ADMIN. I think that this should probably be fixed in order to be consistent with what netdev_store() does by verifying CAP_NET_ADMIN in the network namespace but that it doesn't need to happen in this patch set. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Tyler Hicks authored
When creating various bridge objects in /sys/class/net/... make sure that they belong to the container's owner instead of global root (if they belong to a container/namespace). Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Tyler Hicks authored
Make net_ns_get_ownership() reusable by networking code outside of core. This is useful, for example, to allow bridge related sysfs files to be owned by container root. Add a function comment since this is a potentially dangerous function to use given the way that kobject_get_ownership() works by initializing uid and gid before calling .get_ownership(). Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Dmitry Torokhov authored
When creating various objects in /sys/class/net/... make sure that they belong to container's owner instead of global root (if they belong to a container/namespace). Co-Developed-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Tyler Hicks authored
An upcoming change will allow container root to open some /sys/class/net files for writing. The tx_maxrate attribute can result in changes to actual hardware devices so err on the side of caution by requiring CAP_NET_ADMIN in the init namespace in the corresponding attribute store operation. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Dmitry Torokhov authored
Plumb in get_ownership() callback for devices belonging to a class so that they can be created with uid/gid different from global root. This will allow network devices in a container to belong to container's root and not global root. Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> Reviewed-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Dmitry Torokhov authored
This change implements get_ownership() for ksets created with kset_create_and_add() call by fetching ownership data from parent kobject. This is done mostly for benefit of "queues" attribute of net devices so that corresponding directory belongs to container's root instead of global root for network devices in a container. Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> Reviewed-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Dmitry Torokhov authored
Normally kobjects and their sysfs representation belong to global root, however it is not necessarily the case for objects in separate namespaces. For example, objects in separate network namespace logically belong to the container's root and not global root. This change lays groundwork for allowing network namespace objects ownership to be transferred to container's root user by defining get_ownership() callback in ktype structure and using it in sysfs code to retrieve desired uid/gid when creating sysfs objects for given kobject. Co-Developed-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Dmitry Torokhov authored
This change allows creating kernfs files and directories with arbitrary uid/gid instead of always using GLOBAL_ROOT_UID/GID by extending kernfs_create_dir_ns() and kernfs_create_file_ns() with uid/gid arguments. The "simple" kernfs_create_file() and kernfs_create_dir() are left alone and always create objects belonging to the global root. When creating symlinks ownership (uid/gid) is taken from the target kernfs object. Co-Developed-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> Signed-off-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Based upon a patch by Sean Tranchetti. Fixes: d4546c25 ("net: Convert GRO SKB handling to list_head.") Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-nextDavid S. Miller authored
Pablo Neira Ayuso says: ==================== Netfilter/IPVS updates for net-next The following patchset contains Netfilter/IPVS updates for your net-next tree: 1) No need to set ttl from reject action for the bridge family, from Taehee Yoo. 2) Use a fixed timeout for flow that are passed up from the flowtable to conntrack, from Florian Westphal. 3) More preparation patches for tproxy support for nf_tables, from Mate Eckl. 4) Remove unnecessary indirection in core IPv6 checksum function, from Florian Westphal. 5) Use nf_ct_get_tuplepr() from openvswitch, instead of opencoding it. From Florian Westphal. 6) socket match now selects socket infrastructure, instead of depending on it. From Mate Eckl. 7) Patch series to simplify conntrack tuple building/parsing from packet path and ctnetlink, from Florian Westphal. 8) Fetch timeout policy from protocol helpers, instead of doing it from core, from Florian Westphal. 9) Merge IPv4 and IPv6 protocol trackers into conntrack core, from Florian Westphal. 10) Depend on CONFIG_NF_TABLES_IPV6 and CONFIG_IP6_NF_IPTABLES respectively, instead of IPV6. Patch from Mate Eckl. 11) Add specific function for garbage collection in conncount, from Yi-Hung Wei. 12) Catch number of elements in the connlimit list, from Yi-Hung Wei. 13) Move locking to nf_conncount, from Yi-Hung Wei. 14) Series of patches to add lockless tree traversal in nf_conncount, from Yi-Hung Wei. 15) Resolve clash in matching conntracks when race happens, from Martynas Pumputis. 16) If connection entry times out, remove template entry from the ip_vs_conn_tab table to improve behaviour under flood, from Julian Anastasov. 17) Remove useless parameter from nf_ct_helper_ext_add(), from Gao feng. 18) Call abort from 2-phase commit protocol before requesting modules, make sure this is done under the mutex, from Florian Westphal. 19) Grab module reference when starting transaction, also from Florian. 20) Dynamically allocate expression info array for pre-parsing, from Florian. 21) Add per netns mutex for nf_tables, from Florian Westphal. 22) A couple of patches to simplify and refactor nf_osf code to prepare for nft_osf support. 23) Break evaluation on missing socket, from Mate Eckl. 24) Allow to match socket mark from nft_socket, from Mate Eckl. 25) Remove dependency on nf_defrag_ipv6, now that IPv6 tracker is built-in into nf_conntrack. From Florian Westphal. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
All conflicts were trivial overlapping changes, so reasonably easy to resolve. Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 20 Jul, 2018 22 commits
-
-
git://github.com/awilliam/linux-vfioLinus Torvalds authored
Pull VFIO fix from Alex Williamson: "Harden potential Spectre v1 issue (Gustavo A. R. Silva)" * tag 'vfio-v4.18-rc6' of git://github.com/awilliam/linux-vfio: vfio/pci: Fix potential Spectre v1
-
Linus Torvalds authored
Merge tag 'for-4.18/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm Pull device mapper fix from Mike Snitzer: "Fix DM writecache target to allow an optional offset to the start of the data and metadata area. This allows userspace tools (e.g. LVM2) to place a header and metadata at the front of the writecache device for its use" * tag 'for-4.18/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm: dm writecache: support optional offset for start of device
-
Jon Maloy authored
The commit referred to below introduced an update of the link capabilities field that is not safe. Given the recently added feature to remove idle node and link items after 5 minutes, there is a small risk that the update will happen at the very moment the targeted link is being removed. To avoid this we have to perform the update inside the node item's write lock protection. Fixes: 9012de50 ("tipc: add sequence number check for link STATE messages") Signed-off-by: Jon Maloy <jon.maloy@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Stephen Hemminger says: ==================== constify nla_policy Almost all places that use nla_policy declare it const. A couple of drivers didn't but that is fixable. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Stephen Hemminger authored
The netlink policy structure can be constant like other drivers. Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Stephen Hemminger authored
The netlink policy should be const like other drivers. Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Gustavo A. R. Silva authored
It seems that the proper structure to use in this particular case is *skb_iter* instead of skb. Addresses-Coverity-ID: 1471906 ("Copy-paste error") Fixes: 4799ac81 ("tls: Add rx inline crypto offload") Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsiLinus Torvalds authored
Pull SCSI fixes from James Bottomley: "A set of 8 obvious fixes. Three (2 qla2xxx and the cxlflash oopses) are regressions, two from 4.17 and one from the merge window. The hpsa change is user visible, but it fixes an error users have complained about" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: cxlflash: fix assignment of the backend operations scsi: qedi: Send driver state to MFW scsi: qedf: Send the driver state to MFW scsi: hpsa: correct enclosure sas address scsi: sd_zbc: Fix variable type and bogus comment scsi: qla2xxx: Fix NULL pointer dereference for fcport search scsi: qla2xxx: Fix kernel crash due to late workqueue allocation scsi: qla2xxx: Fix inconsistent DMA mem alloc/free
-
git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommuLinus Torvalds authored
Pull IOMMU fix from Joerg Roedel: "Only one revert, for an an Intel VT-d patch that caused issues with the i915 GPU driver" * tag 'iommu-fixes-v4.18-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu: Revert "iommu/vt-d: Clean up pasid quirk for pre-production devices"
-
git://git.infradead.org/linux-platform-drivers-x86Linus Torvalds authored
Pull x86 platform driver fixes from Andy Shevchenko: "The Dell laptop ACPI video brightness control is now back after fixing a regression brought by SMM refactoring" * tag 'platform-drivers-x86-v4.18-2' of git://git.infradead.org/linux-platform-drivers-x86: platform/x86: dell-laptop: Fix backlight detection
-
git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arcLinus Torvalds authored
Pull ARC fixes from Vineet Gupta: "ARC is back after radio silence in 4.17: - Fix CONFIG_SWAP [Alexey] - Robustify cmpxchg emulation for systems w/o atomics [Alexey / PeterZ] - Allow mprotext(PROT_EXEC) for stack mappings [Vineet] - HSDK platform enable PCIe, APG GPIO [Gustavo] - miscll other fixes, config updates etc" * tag 'arc-4.18-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc: ARCv2: [plat-hsdk]: Save accl reg pair by default ARC: mm: allow mprotect to make stack mappings executable ARC: Fix CONFIG_SWAP ARC: [arcompact] entry.S: minor code movement ARC: configs: Remove CONFIG_INITRAMFS_SOURCE from defconfigs ARC: configs: remove no longer needed CONFIG_DEVPTS_MULTIPLE_INSTANCES ARC: Improve cmpxchg syscall implementation ARC: [plat-hsdk]: Configure APB GPIO controller on ARC HSDK platform ARC: [plat-hsdk] Add PCIe support ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP ARC: Explicitly add -mmedium-calls to CFLAGS
-
git://git.kernel.org/pub/scm/linux/kernel/git/greentime/linuxLinus Torvalds authored
Pull nds32 updates from Greentime Hu: "Bug fixes and build ixes for nds32" * tag 'nds32-for-linus-4.18' of git://git.kernel.org/pub/scm/linux/kernel/git/greentime/linux: nds32: fix build error "relocation truncated to fit: R_NDS32_25_PCREL_RELA" when make allyesconfig nds32: To simplify the implementation of update_mmu_cache() nds32: Fix the dts pointer is not passed correctly issue. nds32: To implement these icache invalidation APIs since nds32 cores don't snoop data cache. This issue is found by Guo Ren. Based on the Documentation/core-api/cachetlb.rst and it says: nds32: Fix build error caused by configuration flag rename nds32: define __NDS32_E[BL]__ for sparse
-
git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pmLinus Torvalds authored
Pull power management fix from Rafael Wysocki: "Fix a relatively old initialization issue in intel_pstate causing the pcc-cpufreq driver to be used instead of it on some HP Proliant systems. This turned into a functional regression during the 4.17 cycle, because pcc-cpufreq is a scalability disaster and that was amplified by the idle loop rework done at that time (Rafael Wysocki). * tag 'pm-4.18-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: cpufreq: intel_pstate: Register when ACPI PCCH is present
-
git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pmLinus Torvalds authored
Pull ACPI fix from Rafael Wysocki: "Extend the recently added suspend-to-idle quirk for Thinkpad X1 Carbon 6th to other systems from that familiy which turned out to need it too (Robin Johnson)" * tag 'acpi-4.18-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: ACPI / EC: Use ec_no_wakeup on more Thinkpad X1 Carbon 6th systems
-
Damien Thébault authored
Fix return code check for "max brightness" ACPI call. The Dell laptop ACPI video brightness control is not present on dell laptops anymore, but was present in older kernel versions. The code that checks the return value is incorrect since the SMM refactoring. The old code was: if (buffer->output[0] == 0) Which was changed to: ret = dell_send_request(...) if (ret) However, dell_send_request() will return 0 if buffer->output[0] == 0, so we must change the check to: if (ret == 0) This issue was found on a Dell M4800 laptop, and the fix tested on it as well. Fixes: 549b4930 ("dell-smbios: Introduce dispatcher for SMM calls") Signed-off-by: Damien Thébault <damien@dtbo.net> Tested-by: Damien Thébault <damien@dtbo.net> Reviewed-by: Pali Rohár <pali.rohar@gmail.com> Reviewed-by: Mario Limonciello <mario.limonciello@dell.com> Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
-
Lu Baolu authored
This reverts commit ab96746a. The commit ab96746a ("iommu/vt-d: Clean up pasid quirk for pre-production devices") triggers ECS mode on some platforms which have broken ECS support. As the result, graphic device will be inoperable on boot. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=107017 Cc: Ashok Raj <ashok.raj@intel.com> Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com> Signed-off-by: Joerg Roedel <jroedel@suse.de>
-
David S. Miller authored
Sudarsana Reddy Kalluru says: ==================== qed*: Add support for phy module query. The patch series adds driver support for querying the PHY module's eeprom data. Please consider applying it to 'net-next'. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Sudarsana Reddy Kalluru authored
This patch implements the ethtool callbacks for querying sfp/eeprom module. Signed-off-by: Sudarsana Reddy Kalluru <Sudarsana.Kalluru@cavium.com> Signed-off-by: Ariel Elior <ariel.elior@cavium.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Sudarsana Reddy Kalluru authored
This patch adds qed APIs for reading the PHY module. Signed-off-by: Sudarsana Reddy Kalluru <Sudarsana.Kalluru@cavium.com> Signed-off-by: Ariel Elior <ariel.elior@cavium.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Or Gerlitz says ==================== set/match the tos/ttl fields of TC based IP tunnels This series comes to address the case to set (encap) and match (decap) also the tos and ttl fields of TC based IP tunnels. Example encap (1st one) and decap (2nd) that use the new fields tc filter add dev eth0_0 protocol ip parent ffff: prio 10 flower \ src_mac e4:11:22:33:44:50 dst_mac e4:11:22:33:44:70 \ action tunnel_key set src_ip 192.168.10.1 dst_ip 192.168.10.2 id 100 dst_port 4789 tos 0x30 \ action mirred egress redirect dev vxlan_sys_4789 tc filter add dev vxlan_sys_4789 protocol ip parent ffff: prio 10 flower \ enc_src_ip 192.168.10.2 enc_dst_ip 192.168.10.1 enc_key_id 100 enc_dst_port 4789 enc_tos 0x30 \ src_mac e4:11:22:33:44:70 dst_mac e4:11:22:33:44:50 \ action tunnel_key unset \ action mirred egress redirect dev eth0_0 ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Or Gerlitz authored
Allow users to set rules matching on ipv4 tos and ttl or ipv6 traffic-class and hoplimit of tunnel headers. Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Or Gerlitz authored
Add dissection of the tos and ttl from the ip tunnel headers fields in case a match is needed on them. Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com> Reviewed-by: Roi Dayan <roid@mellanox.com> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-