1. 27 Apr, 2020 1 commit
  2. 15 Apr, 2020 1 commit
  3. 30 Mar, 2020 2 commits
  4. 12 Mar, 2020 1 commit
  5. 05 Mar, 2020 2 commits
  6. 28 Feb, 2020 2 commits
    • Stephen Smalley's avatar
      selinux: remove unused initial SIDs and improve handling · e3e0b582
      Stephen Smalley authored
      Remove initial SIDs that have never been used or are no longer used by
      the kernel from its string table, which is also used to generate the
      SECINITSID_* symbols referenced in code.  Update the code to
      gracefully handle the fact that these can now be NULL. Stop treating
      it as an error if a policy defines additional initial SIDs unknown to
      the kernel.  Do not load unused initial SID contexts into the sidtab.
      Fix the incorrect usage of the name from the ocontext in error
      messages when loading initial SIDs since these are not presently
      written to the kernel policy and are therefore always NULL.
      
      After this change, it is possible to safely reclaim and reuse some of
      the unused initial SIDs without compatibility issues.  Specifically,
      unused initial SIDs that were being assigned the same context as the
      unlabeled initial SID in policies can be reclaimed and reused for
      another purpose, with existing policies still treating them as having
      the unlabeled context and future policies having the option of mapping
      them to a more specific context.  For example, this could have been
      used when the infiniband labeling support was introduced to define
      initial SIDs for the default pkey and endport SIDs similar to the
      handling of port/netif/node SIDs rather than always using
      SECINITSID_UNLABELED as the default.
      
      The set of safely reclaimable unused initial SIDs across all known
      policies is igmp_packet (13), icmp_socket (14), tcp_socket (15), kmod
      (24), policy (25), and scmp_packet (26); these initial SIDs were
      assigned the same context as unlabeled in all known policies including
      mls.  If only considering non-mls policies (i.e. assuming that mls
      users always upgrade policy with their kernels), the set of safely
      reclaimable unused initial SIDs further includes file_labels (6), init
      (7), sysctl_modprobe (16), and sysctl_fs (18) through sysctl_dev (23).
      
      Adding new initial SIDs beyond SECINITSID_NUM to policy unfortunately
      became a fatal error in commit 24ed7fda ("selinux: use separate
      table for initial SID lookup") and even before that it could cause
      problems on a policy reload (collision between the new initial SID and
      one allocated at runtime) ever since commit 42596eaf ("selinux:
      load the initial SIDs upon every policy load") so we cannot safely
      start adding new initial SIDs to policies beyond SECINITSID_NUM (27)
      until such a time as all such kernels do not need to be supported and
      only those that include this commit are relevant. That is not a big
      deal since we haven't added a new initial SID since 2004 (v2.6.7) and
      we have plenty of unused ones we can reclaim if we truly need one.
      
      If we want to avoid the wasted storage in initial_sid_to_string[]
      and/or sidtab->isids[] for the unused initial SIDs, we could introduce
      an indirection between the kernel initial SID values and the policy
      initial SID values and just map the policy SID values in the ocontexts
      to the kernel values during policy_load_isids(). Originally I thought
      we'd do this by preserving the initial SID names in the kernel policy
      and creating a mapping at load time like we do for the security
      classes and permissions but that would require a new kernel policy
      format version and associated changes to libsepol/checkpolicy and I'm
      not sure it is justified. Simpler approach is just to create a fixed
      mapping table in the kernel from the existing fixed policy values to
      the kernel values. Less flexible but probably sufficient.
      
      A separate selinux userspace change was applied in
      https://github.com/SELinuxProject/selinux/commit/8677ce5e8f592950ae6f14cea1b68a20ddc1ac25
      to enable removal of most of the unused initial SID contexts from
      policies, but there is no dependency between that change and this one.
      That change permits removing all of the unused initial SID contexts
      from policy except for the fs and sysctl SID contexts.  The initial
      SID declarations themselves would remain in policy to preserve the
      values of subsequent ones but the contexts can be dropped.  If/when
      the kernel decides to reuse one of them, future policies can change
      the name and start assigning a context again without breaking
      compatibility.
      
      Here is how I would envision staging changes to the initial SIDs in a
      compatible manner after this commit is applied:
      
      1. At any time after this commit is applied, the kernel could choose
      to reclaim one of the safely reclaimable unused initial SIDs listed
      above for a new purpose (i.e. replace its NULL entry in the
      initial_sid_to_string[] table with a new name and start using the
      newly generated SECINITSID_name symbol in code), and refpolicy could
      at that time rename its declaration of that initial SID to reflect its
      new purpose and start assigning it a context going
      forward. Existing/old policies would map the reclaimed initial SID to
      the unlabeled context, so that would be the initial default behavior
      until policies are updated. This doesn't depend on the selinux
      userspace change; it will work with existing policies and userspace.
      
      2. In 6 months or so we'll have another SELinux userspace release that
      will include the libsepol/checkpolicy support for omitting unused
      initial SID contexts.
      
      3. At any time after that release, refpolicy can make that release its
      minimum build requirement and drop the sid context statements (but not
      the sid declarations) for all of the unused initial SIDs except for
      fs and sysctl, which must remain for compatibility on policy
      reload with old kernels and for compatibility with kernels that were
      still using SECINITSID_SYSCTL (< 2.6.39). This doesn't depend on this
      kernel commit; it will work with previous kernels as well.
      
      4. After N years for some value of N, refpolicy decides that it no
      longer cares about policy reload compatibility for kernels that
      predate this kernel commit, and refpolicy drops the fs and sysctl
      SID contexts from policy too (but retains the declarations).
      
      5. After M years for some value of M, the kernel decides that it no
      longer cares about compatibility with refpolicies that predate step 4
      (dropping the fs and sysctl SIDs), and those two SIDs also become
      safely reclaimable.  This step is optional and need not ever occur unless
      we decide that the need to reclaim those two SIDs outweighs the
      compatibility cost.
      
      6. After O years for some value of O, refpolicy decides that it no
      longer cares about policy load (not just reload) compatibility for
      kernels that predate this kernel commit, and both kernel and refpolicy
      can then start adding and using new initial SIDs beyond 27. This does
      not depend on the previous change (step 5) and can occur independent
      of it.
      
      Fixes: https://github.com/SELinuxProject/selinux-kernel/issues/12Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      e3e0b582
    • Ondrej Mosnacek's avatar
      selinux: reduce the use of hard-coded hash sizes · e0ac568d
      Ondrej Mosnacek authored
      Instead allocate hash tables with just the right size based on the
      actual number of elements (which is almost always known beforehand, we
      just need to defer the hashtab allocation to the right time). The only
      case when we don't know the size (with the current policy format) is the
      new filename transitions hashtable. Here I just left the existing value.
      
      After this patch, the time to load Fedora policy on x86_64 decreases
      from 790 ms to 167 ms. If the unconfined module is removed, it decreases
      from 750 ms to 122 ms. It is also likely that other operations are going
      to be faster, mainly string_to_context_struct() or mls_compute_sid(),
      but I didn't try to quantify that.
      
      The memory usage of all hash table arrays increases from ~58 KB to
      ~163 KB (with Fedora policy on x86_64).
      Signed-off-by: default avatarOndrej Mosnacek <omosnace@redhat.com>
      Acked-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      e0ac568d
  7. 22 Feb, 2020 2 commits
    • Richard Haines's avatar
      selinux: Add xfs quota command types · e4cfa05e
      Richard Haines authored
      Add Q_XQUOTAOFF, Q_XQUOTAON and Q_XSETQLIM to trigger filesystem quotamod
      permission check.
      
      Add Q_XGETQUOTA, Q_XGETQSTAT, Q_XGETQSTATV and Q_XGETNEXTQUOTA to trigger
      filesystem quotaget permission check.
      Signed-off-by: default avatarRichard Haines <richard_c_haines@btinternet.com>
      Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      e4cfa05e
    • Ondrej Mosnacek's avatar
      selinux: optimize storage of filename transitions · c3a27611
      Ondrej Mosnacek authored
      In these rules, each rule with the same (target type, target class,
      filename) values is (in practice) always mapped to the same result type.
      Therefore, it is much more efficient to group the rules by (ttype,
      tclass, filename).
      
      Thus, this patch drops the stype field from the key and changes the
      datum to be a linked list of one or more structures that contain a
      result type and an ebitmap of source types that map the given target to
      the given result type under the given filename. The size of the hash
      table is also incremented to 2048 to be more optimal for Fedora policy
      (which currently has ~2500 unique (ttype, tclass, filename) tuples,
      regardless of whether the 'unconfined' module is enabled).
      
      Not only does this dramtically reduce memory usage when the policy
      contains a lot of unconfined domains (ergo a lot of filename based
      transitions), but it also slightly reduces memory usage of strongly
      confined policies (modeled on Fedora policy with 'unconfined' module
      disabled) and significantly reduces lookup times of these rules on
      Fedora (roughly matches the performance of the rhashtable conversion
      patch [1] posted recently to selinux@vger.kernel.org).
      
      An obvious next step is to change binary policy format to match this
      layout, so that disk space is also saved. However, since that requires
      more work (including matching userspace changes) and this patch is
      already beneficial on its own, I'm posting it separately.
      
      Performance/memory usage comparison:
      
      Kernel           | Policy load | Policy load   | Mem usage | Mem usage     | openbench
                       |             | (-unconfined) |           | (-unconfined) | (createfiles)
      -----------------|-------------|---------------|-----------|---------------|--------------
      reference        |       1,30s |         0,91s |      90MB |          77MB | 55 us/file
      rhashtable patch |       0.98s |         0,85s |      85MB |          75MB | 38 us/file
      this patch       |       0,95s |         0,87s |      75MB |          75MB | 40 us/file
      
      (Memory usage is measured after boot. With SELinux disabled the memory
      usage was ~60MB on the same system.)
      
      [1] https://lore.kernel.org/selinux/20200116213937.77795-1-dev@lynxeye.de/T/Signed-off-by: default avatarOndrej Mosnacek <omosnace@redhat.com>
      Acked-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
      Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
      c3a27611
  8. 13 Feb, 2020 1 commit
  9. 12 Feb, 2020 5 commits
  10. 10 Feb, 2020 7 commits
  11. 09 Feb, 2020 12 commits
    • Linus Torvalds's avatar
      Merge tag 'zonefs-5.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/zonefs · 380a129e
      Linus Torvalds authored
      Pull new zonefs file system from Damien Le Moal:
       "Zonefs is a very simple file system exposing each zone of a zoned
        block device as a file.
      
        Unlike a regular file system with native zoned block device support
        (e.g. f2fs or the on-going btrfs effort), zonefs does not hide the
        sequential write constraint of zoned block devices to the user. As a
        result, zonefs is not a POSIX compliant file system. Its goal is to
        simplify the implementation of zoned block devices support in
        applications by replacing raw block device file accesses with a richer
        file based API, avoiding relying on direct block device file ioctls
        which may be more obscure to developers.
      
        One example of this approach is the implementation of LSM
        (log-structured merge) tree structures (such as used in RocksDB and
        LevelDB) on zoned block devices by allowing SSTables to be stored in a
        zone file similarly to a regular file system rather than as a range of
        sectors of a zoned device. The introduction of the higher level
        construct "one file is one zone" can help reducing the amount of
        changes needed in the application while at the same time allowing the
        use of zoned block devices with various programming languages other
        than C.
      
        Zonefs IO management implementation uses the new iomap generic code.
        Zonefs has been successfully tested using a functional test suite
        (available with zonefs userland format tool on github) and a prototype
        implementation of LevelDB on top of zonefs"
      
      * tag 'zonefs-5.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/zonefs:
        zonefs: Add documentation
        fs: New zonefs file system
      380a129e
    • Marc Zyngier's avatar
      irqchip/gic-v4.1: Avoid 64bit division for the sake of 32bit ARM · 490d332e
      Marc Zyngier authored
      In order to allow the GICv4 code to link properly on 32bit ARM,
      make sure we don't use 64bit divisions when it isn't strictly
      necessary.
      
      Fixes: 4e6437f1 ("irqchip/gic-v4.1: Ensure L2 vPE table is allocated at RD level")
      Reported-by: default avatarStephen Rothwell <sfr@canb.auug.org.au>
      Cc: Zenghui Yu <yuzenghui@huawei.com>
      Signed-off-by: default avatarMarc Zyngier <maz@kernel.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      490d332e
    • Linus Torvalds's avatar
      Merge tag '5.6-rc-smb3-plugfest-patches' of git://git.samba.org/sfrench/cifs-2.6 · d1ea35f4
      Linus Torvalds authored
      Pull cifs fixes from Steve French:
       "13 cifs/smb3 patches, most from testing at the SMB3 plugfest this week:
      
         - Important fix for multichannel and for modefromsid mounts.
      
         - Two reconnect fixes
      
         - Addition of SMB3 change notify support
      
         - Backup tools fix
      
         - A few additional minor debug improvements (tracepoints and
           additional logging found useful during testing this week)"
      
      * tag '5.6-rc-smb3-plugfest-patches' of git://git.samba.org/sfrench/cifs-2.6:
        smb3: Add defines for new information level, FileIdInformation
        smb3: print warning once if posix context returned on open
        smb3: add one more dynamic tracepoint missing from strict fsync path
        cifs: fix mode bits from dir listing when mounted with modefromsid
        cifs: fix channel signing
        cifs: add SMB3 change notification support
        cifs: make multichannel warning more visible
        cifs: fix soft mounts hanging in the reconnect code
        cifs: Add tracepoints for errors on flush or fsync
        cifs: log warning message (once) if out of disk space
        cifs: fail i/o on soft mounts if sessionsetup errors out
        smb3: fix problem with null cifs super block with previous patch
        SMB3: Backup intent flag missing from some more ops
      d1ea35f4
    • Linus Torvalds's avatar
      Merge branch 'work.vboxsf' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · 5586c3c1
      Linus Torvalds authored
      Pull vboxfs from Al Viro:
       "This is the VirtualBox guest shared folder support by Hans de Goede,
        with fixups for fs_parse folded in to avoid bisection hazards from
        those API changes..."
      
      * 'work.vboxsf' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        fs: Add VirtualBox guest shared folder (vboxsf) support
      5586c3c1
    • Linus Torvalds's avatar
      Merge tag 'x86-urgent-2020-02-09' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 1a2a76c2
      Linus Torvalds authored
      Pull x86 fixes from Thomas Gleixner:
       "A set of fixes for X86:
      
         - Ensure that the PIT is set up when the local APIC is disable or
           configured in legacy mode. This is caused by an ordering issue
           introduced in the recent changes which skip PIT initialization when
           the TSC and APIC frequencies are already known.
      
         - Handle malformed SRAT tables during early ACPI parsing which caused
           an infinite loop anda boot hang.
      
         - Fix a long standing race in the affinity setting code which affects
           PCI devices with non-maskable MSI interrupts. The problem is caused
           by the non-atomic writes of the MSI address (destination APIC id)
           and data (vector) fields which the device uses to construct the MSI
           message. The non-atomic writes are mandated by PCI.
      
           If both fields change and the device raises an interrupt after
           writing address and before writing data, then the MSI block
           constructs a inconsistent message which causes interrupts to be
           lost and subsequent malfunction of the device.
      
           The fix is to redirect the interrupt to the new vector on the
           current CPU first and then switch it over to the new target CPU.
           This allows to observe an eventually raised interrupt in the
           transitional stage (old CPU, new vector) to be observed in the APIC
           IRR and retriggered on the new target CPU and the new vector.
      
           The potential spurious interrupts caused by this are harmless and
           can in the worst case expose a buggy driver (all handlers have to
           be able to deal with spurious interrupts as they can and do happen
           for various reasons).
      
         - Add the missing suspend/resume mechanism for the HYPERV hypercall
           page which prevents resume hibernation on HYPERV guests. This
           change got lost before the merge window.
      
         - Mask the IOAPIC before disabling the local APIC to prevent
           potentially stale IOAPIC remote IRR bits which cause stale
           interrupt lines after resume"
      
      * tag 'x86-urgent-2020-02-09' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/apic: Mask IOAPIC entries when disabling the local APIC
        x86/hyperv: Suspend/resume the hypercall page for hibernation
        x86/apic/msi: Plug non-maskable MSI affinity race
        x86/boot: Handle malformed SRAT tables during early ACPI parsing
        x86/timer: Don't skip PIT setup when APIC is disabled or in legacy mode
      1a2a76c2
    • Linus Torvalds's avatar
      Merge tag 'smp-urgent-2020-02-09' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · f4137760
      Linus Torvalds authored
      Pull SMP fixes from Thomas Gleixner:
       "Two fixes for the SMP related functionality:
      
         - Make the UP version of smp_call_function_single() match SMP
           semantics when called for a not available CPU. Instead of emitting
           a warning and assuming that the function call target is CPU0,
           return a proper error code like the SMP version does.
      
         - Remove a superfluous check in smp_call_function_many_cond()"
      
      * tag 'smp-urgent-2020-02-09' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        smp/up: Make smp_call_function_single() match SMP semantics
        smp: Remove superfluous cond_func check in smp_call_function_many_cond()
      f4137760
    • Linus Torvalds's avatar
      Merge tag 'perf-urgent-2020-02-09' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · ca21b9b3
      Linus Torvalds authored
      Pull perf fixes from Thomas Gleixner:
       "A set of fixes and improvements for the perf subsystem:
      
        Kernel fixes:
      
         - Install cgroup events to the correct CPU context to prevent a
           potential list double add
      
         - Prevent an integer underflow in the perf mlock accounting
      
         - Add a missing prototype for arch_perf_update_userpage()
      
        Tooling:
      
         - Add a missing unlock in the error path of maps__insert() in perf
           maps.
      
         - Fix the build with the latest libbfd
      
         - Fix the perf parser so it does not delete parse event terms, which
           caused a regression for using perf with the ARM CoreSight as the
           sink configuration was missing due to the deletion.
      
         - Fix the double free in the perf CPU map merging test case
      
         - Add the missing ustring support for the perf probe command"
      
      * tag 'perf-urgent-2020-02-09' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        perf maps: Add missing unlock to maps__insert() error case
        perf probe: Add ustring support for perf probe command
        perf: Make perf able to build with latest libbfd
        perf test: Fix test case Merge cpu map
        perf parse: Copy string to perf_evsel_config_term
        perf parse: Refactor 'struct perf_evsel_config_term'
        kernel/events: Add a missing prototype for arch_perf_update_userpage()
        perf/cgroups: Install cgroup events to correct cpuctx
        perf/core: Fix mlock accounting in perf_mmap()
      ca21b9b3
    • Linus Torvalds's avatar
      Merge tag 'timers-urgent-2020-02-09' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 2fbc23c7
      Linus Torvalds authored
      Pull timer fixes from Thomas Gleixner:
       "Two small fixes for the time(r) subsystem:
      
         - Handle a subtle race between the clocksource watchdog and a
           concurrent clocksource watchdog stop/start sequence correctly to
           prevent a timer double add bug.
      
         - Fix the file path for the core time namespace file"
      
      * tag 'timers-urgent-2020-02-09' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        clocksource: Prevent double add_timer_on() for watchdog_timer
        MAINTAINERS: Correct path to time namespace source file
      2fbc23c7
    • Linus Torvalds's avatar
      Merge tag 'irq-urgent-2020-02-09' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · f06bed87
      Linus Torvalds authored
      Pull interrupt fixes from Thomas Gleixner:
       "A set of fixes for the interrupt subsystem:
      
         - Provision only ACPI enabled redistributors on GICv3
      
         - Use the proper command colums when building the INVALL command for
           the GICv3-ITS
      
         - Ensure the allocation of the L2 vPE table for GICv4.1
      
         - Correct the GICv4.1 VPROBASER programming so it uses the proper
           size
      
         - A set of small GICv4.1 tidy up patches
      
         - Configuration cleanup for C-SKY interrupt chip
      
         - Clarify the function documentation for irq_set_wake() to document
           that the wakeup functionality is orthogonal to the irq
           disable/enable mechanism"
      
      * tag 'irq-urgent-2020-02-09' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        irqchip/gic-v3-its: Rename VPENDBASER/VPROPBASER accessors
        irqchip/gic-v3-its: Remove superfluous WARN_ON
        irqchip/gic-v4.1: Drop 'tmp' in inherit_vpe_l1_table_from_rd()
        irqchip/gic-v4.1: Ensure L2 vPE table is allocated at RD level
        irqchip/gic-v4.1: Set vpe_l1_base for all redistributors
        irqchip/gic-v4.1: Fix programming of GICR_VPROPBASER_4_1_SIZE
        genirq: Clarify that irq wake state is orthogonal to enable/disable
        irqchip/gic-v3-its: Reference to its_invall_cmd descriptor when building INVALL
        irqchip: Some Kconfig cleanup for C-SKY
        irqchip/gic-v3: Only provision redistributors that are enabled in ACPI
      f06bed87
    • Linus Torvalds's avatar
      Merge tag 'efi-urgent-2020-02-09' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 6ff90aa2
      Linus Torvalds authored
      Pull EFI fix from Thomas Gleixner:
       "A single fix for a EFI boot regression on X86 which was caused by the
        recent rework of the EFI memory map parsing. On systems with invalid
        memmap entries the cleanup function uses an value which cannot be
        relied on in this stage. Use the actual EFI memmap entry instead"
      
      * tag 'efi-urgent-2020-02-09' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        efi/x86: Fix boot regression on systems with invalid memmap entries
      6ff90aa2
    • Linus Torvalds's avatar
      Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · fdfa3a67
      Linus Torvalds authored
      Pull misc SCSI fixes from James Bottomley:
       "Five small patches, all in drivers or doc, which missed the initial
        pull request.
      
        The qla2xxx and megaraid_sas are actual fixes and the rest are
        spelling and doc changes"
      
      * tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: ufs: fix spelling mistake "initilized" -> "initialized"
        scsi: pm80xx: fix spelling mistake "to" -> "too"
        scsi: MAINTAINERS: ufs: remove pedrom.sousa@synopsys.com
        scsi: megaraid_sas: fixup MSIx interrupt setup during resume
        scsi: qla2xxx: Fix unbound NVME response length
      fdfa3a67
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 291abfea
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Unbalanced locking in mwifiex_process_country_ie, from Brian Norris.
      
       2) Fix thermal zone registration in iwlwifi, from Andrei
          Otcheretianski.
      
       3) Fix double free_irq in sgi ioc3 eth, from Thomas Bogendoerfer.
      
       4) Use after free in mptcp, from Florian Westphal.
      
       5) Use after free in wireguard's root_remove_peer_lists, from Eric
          Dumazet.
      
       6) Properly access packets heads in bonding alb code, from Eric
          Dumazet.
      
       7) Fix data race in skb_queue_len(), from Qian Cai.
      
       8) Fix regression in r8169 on some chips, from Heiner Kallweit.
      
       9) Fix XDP program ref counting in hv_netvsc, from Haiyang Zhang.
      
      10) Certain kinds of set link netlink operations can cause a NULL deref
          in the ipv6 addrconf code. Fix from Eric Dumazet.
      
      11) Don't cancel uninitialized work queue in drop monitor, from Ido
          Schimmel.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (84 commits)
        net: thunderx: use proper interface type for RGMII
        mt76: mt7615: fix max_nss in mt7615_eeprom_parse_hw_cap
        bpf: Improve bucket_log calculation logic
        selftests/bpf: Test freeing sockmap/sockhash with a socket in it
        bpf, sockhash: Synchronize_rcu before free'ing map
        bpf, sockmap: Don't sleep while holding RCU lock on tear-down
        bpftool: Don't crash on missing xlated program instructions
        bpf, sockmap: Check update requirements after locking
        drop_monitor: Do not cancel uninitialized work item
        mlxsw: spectrum_dpipe: Add missing error path
        mlxsw: core: Add validation of hardware device types for MGPIR register
        mlxsw: spectrum_router: Clear offload indication from IPv6 nexthops on abort
        selftests: mlxsw: Add test cases for local table route replacement
        mlxsw: spectrum_router: Prevent incorrect replacement of local table routes
        net: dsa: microchip: enable module autoprobe
        ipv6/addrconf: fix potential NULL deref in inet6_set_link_af()
        dpaa_eth: support all modes with rate adapting PHYs
        net: stmmac: update pci platform data to use phy_interface
        net: stmmac: xgmac: fix missing IFF_MULTICAST checki in dwxgmac2_set_filter
        net: stmmac: fix missing IFF_MULTICAST check in dwmac4_set_filter
        ...
      291abfea
  12. 08 Feb, 2020 4 commits
    • Hans de Goede's avatar
      fs: Add VirtualBox guest shared folder (vboxsf) support · 0fd16957
      Hans de Goede authored
      VirtualBox hosts can share folders with guests, this commit adds a
      VFS driver implementing the Linux-guest side of this, allowing folders
      exported by the host to be mounted under Linux.
      
      This driver depends on the guest <-> host IPC functions exported by
      the vboxguest driver.
      Acked-by: default avatarChristoph Hellwig <hch@infradead.org>
      Signed-off-by: default avatarHans de Goede <hdegoede@redhat.com>
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      0fd16957
    • Linus Torvalds's avatar
      Merge tag 'powerpc-5.6-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · d4f309ca
      Linus Torvalds authored
      Pull powerpc fixes from Michael Ellerman:
      
       - Fix an existing bug in our user access handling, exposed by one of
         the bug fixes we merged this cycle.
      
       - A fix for a boot hang on 32-bit with CONFIG_TRACE_IRQFLAGS and the
         recently added CONFIG_VMAP_STACK.
      
      Thanks to: Christophe Leroy, Guenter Roeck.
      
      * tag 'powerpc-5.6-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        powerpc: Fix CONFIG_TRACE_IRQFLAGS with CONFIG_VMAP_STACK
        powerpc/futex: Fix incorrect user access blocking
      d4f309ca
    • Linus Torvalds's avatar
      Fix up remaining devm_ioremap_nocache() in SGI IOC3 8250 UART driver · b0ef7cda
      Linus Torvalds authored
      This is a merge error on my part - the driver was merged into mainline
      by commit c5951e7c ("Merge tag 'mips_5.6' of git://../mips/linux")
      over a week ago, but nobody apparently noticed that it didn't actually
      build due to still having a reference to the devm_ioremap_nocache()
      function, removed a few days earlier through commit 6a1000bd ("Merge
      tag 'ioremap-5.6' of git://../ioremap").
      
      Apparently this didn't get any build testing anywhere.  Not perhaps all
      that surprising: it's restricted to 64-bit MIPS only, and only with the
      new SGI_MFD_IOC3 support enabled.
      
      I only noticed because the ioremap conflicts in the ARM SoC driver
      update made me check there weren't any others hiding, and I found this
      one.
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      b0ef7cda
    • Linus Torvalds's avatar
      Merge tag 'armsoc-late' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc · 4ef1a30c
      Linus Torvalds authored
      Pull ARM SoC late updates from Olof Johansson:
       "This is some material that we picked up into our tree late, or that
        had more complex dependencies on more than one topic branch that makes
        sense to keep separately.
      
         - TI support for secure accelerators and hwrng on OMAP4/5
      
         - TI camera changes for dra7 and am437x and SGX improvement due to
           better reset control support on am335x, am437x and dra7
      
         - Davinci moves to proper clocksource on DM365, and regulator/audio
           improvements for DM365 and DM644x eval boards"
      
      * tag 'armsoc-late' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (32 commits)
        ARM: dts: omap4-droid4: Enable hdq for droid4 ds250x 1-wire battery nvmem
        ARM: dts: motorola-cpcap-mapphone: Configure calibration interrupt
        ARM: dts: Configure interconnect target module for am437x sgx
        ARM: dts: Configure sgx for dra7
        ARM: dts: Configure rstctrl reset for am335x SGX
        ARM: dts: dra7: Add ti-sysc node for VPE
        ARM: dts: dra7: add vpe clkctrl node
        ARM: dts: am43x-epos-evm: Add VPFE and OV2659 entries
        ARM: dts: am437x-sk-evm: Add VPFE and OV2659 entries
        ARM: dts: am43xx: add support for clkout1 clock
        arm: dts: dra76-evm: Add CAL and OV5640 nodes
        arm: dtsi: dra76x: Add CAL dtsi node
        arm: dts: dra72-evm-common: Add entries for the CSI2 cameras
        ARM: dts: DRA72: Add CAL dtsi node
        ARM: dts: dra7-l4: Add ti-sysc node for CAM
        ARM: OMAP: DRA7xx: Make CAM clock domain SWSUP only
        ARM: dts: dra7: add cam clkctrl node
        ARM: OMAP2+: Drop legacy platform data for omap4 des
        ARM: OMAP2+: Drop legacy platform data for omap4 sham
        ARM: OMAP2+: Drop legacy platform data for omap4 aes
        ...
      4ef1a30c