1. 17 Feb, 2019 6 commits
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next · 885e6319
      David S. Miller authored
      Alexei Starovoitov says:
      
      ====================
      pull-request: bpf-next 2019-02-16
      
      The following pull-request contains BPF updates for your *net-next* tree.
      
      The main changes are:
      
      1) numerous libbpf API improvements, from Andrii, Andrey, Yonghong.
      
      2) test all bpf progs in alu32 mode, from Jiong.
      
      3) skb->sk access and bpf_sk_fullsock(), bpf_tcp_sock() helpers, from Martin.
      
      4) support for IP encap in lwt bpf progs, from Peter.
      
      5) remove XDP_QUERY_XSK_UMEM dead code, from Jan.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      885e6319
    • Andrii Nakryiko's avatar
      tools/libbpf: support bigger BTF data sizes · 5aab392c
      Andrii Nakryiko authored
      While it's understandable why kernel limits number of BTF types to 65535
      and size of string section to 64KB, in libbpf as user-space library it's
      too restrictive. E.g., pahole converting DWARF to BTF type information
      for Linux kernel generates more than 3 million BTF types and more than
      3MB of strings, before deduplication. So to allow btf__dedup() to do its
      work, we need to be able to load bigger BTF sections using btf__new().
      Singed-off-by: default avatarAndrii Nakryiko <andriin@fb.com>
      Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      5aab392c
    • Peter Oskolkov's avatar
      selftests: bpf: test_lwt_ip_encap: add negative tests. · 9d6b3584
      Peter Oskolkov authored
      As requested by David Ahern:
      
      - add negative tests (no routes, explicitly unreachable destinations)
        to exercize error handling code paths;
      - do not exit on test failures, but instead print a summary of
        passed/failed tests at the end.
      
      Future patches will add TSO and VRF tests.
      Signed-off-by: default avatarPeter Oskolkov <posk@google.com>
      Reviewed-by: default avatarDavid Ahern <dsahern@gmail.com>
      Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      9d6b3584
    • Alexandre Torgue's avatar
      net: stmmac: use correct define to get rx timestamp on GMAC4 · f186a82b
      Alexandre Torgue authored
      In dwmac4_wrback_get_rx_timestamp_status we looking for a RX timestamp.
      For that receive descriptors are handled and so we should use defines
      related to receive descriptors. It'll no change the functional behavior
      as RDES3_RDES1_VALID=TDES3_RS1V=BIT(26) but it makes code easier to read.
      Signed-off-by: default avatarAlexandre Torgue <alexandre.torgue@st.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f186a82b
    • Dan Carpenter's avatar
      atm: clean up vcc_seq_next() · d0edde8d
      Dan Carpenter authored
      It's confusing to call PTR_ERR(v).  The PTR_ERR() function is basically
      a fancy cast to long so it makes you wonder, was IS_ERR() intended?  But
      that doesn't make sense because vcc_walk() doesn't return error
      pointers.
      
      This patch doesn't affect runtime, it's just a cleanup.
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d0edde8d
    • Guillaume Nault's avatar
      sock: consistent handling of extreme SO_SNDBUF/SO_RCVBUF values · 4057765f
      Guillaume Nault authored
      SO_SNDBUF and SO_RCVBUF (and their *BUFFORCE version) may overflow or
      underflow their input value. This patch aims at providing explicit
      handling of these extreme cases, to get a clear behaviour even with
      values bigger than INT_MAX / 2 or lower than INT_MIN / 2.
      
      For simplicity, only SO_SNDBUF and SO_SNDBUFFORCE are described here,
      but the same explanation and fix apply to SO_RCVBUF and SO_RCVBUFFORCE
      (with 'SNDBUF' replaced by 'RCVBUF' and 'wmem_max' by 'rmem_max').
      
      Overflow of positive values
      
      ===========================
      
      When handling SO_SNDBUF or SO_SNDBUFFORCE, if 'val' exceeds
      INT_MAX / 2, the buffer size is set to its minimum value because
      'val * 2' overflows, and max_t() considers that it's smaller than
      SOCK_MIN_SNDBUF. For SO_SNDBUF, this can only happen with
      net.core.wmem_max > INT_MAX / 2.
      
      SO_SNDBUF and SO_SNDBUFFORCE are actually designed to let users probe
      for the maximum buffer size by setting an arbitrary large number that
      gets capped to the maximum allowed/possible size. Having the upper
      half of the positive integer space to potentially reduce the buffer
      size to its minimum value defeats this purpose.
      
      This patch caps the base value to INT_MAX / 2, so that bigger values
      don't overflow and keep setting the buffer size to its maximum.
      
      Underflow of negative values
      ============================
      
      For negative numbers, SO_SNDBUF always considers them bigger than
      net.core.wmem_max, which is bounded by [SOCK_MIN_SNDBUF, INT_MAX].
      Therefore such values are set to net.core.wmem_max and we're back to
      the behaviour of positive integers described above (return maximum
      buffer size if wmem_max <= INT_MAX / 2, return SOCK_MIN_SNDBUF
      otherwise).
      
      However, SO_SNDBUFFORCE behaves differently. The user value is
      directly multiplied by two and compared with SOCK_MIN_SNDBUF. If
      'val * 2' doesn't underflow or if it underflows to a value smaller
      than SOCK_MIN_SNDBUF then buffer size is set to its minimum value.
      Otherwise the buffer size is set to the underflowed value.
      
      This patch treats negative values passed to SO_SNDBUFFORCE as null, to
      prevent underflows. Therefore negative values now always set the buffer
      size to its minimum value.
      
      Even though SO_SNDBUF behaves inconsistently by setting buffer size to
      the maximum value when passed a negative number, no attempt is made to
      modify this behaviour. There may exist some programs that rely on using
      negative numbers to set the maximum buffer size. Avoiding overflows
      because of extreme net.core.wmem_max values is the most we can do here.
      
      Summary of altered behaviours
      =============================
      
      val      : user-space value passed to setsockopt()
      val_uf   : the underflowed value resulting from doubling val when
                 val < INT_MIN / 2
      wmem_max : short for net.core.wmem_max
      val_cap  : min(val, wmem_max)
      min_len  : minimal buffer length (that is, SOCK_MIN_SNDBUF)
      max_len  : maximal possible buffer length, regardless of wmem_max (that
                 is, INT_MAX - 1)
      ^^^^     : altered behaviour
      
      SO_SNDBUF:
      +-------------------------+-------------+------------+----------------+
      |       CONDITION         | OLD RESULT  | NEW RESULT |    COMMENT     |
      +-------------------------+-------------+------------+----------------+
      | val < 0 &&              |             |            | No overflow,   |
      | wmem_max <= INT_MAX/2   | wmem_max*2  | wmem_max*2 | keep original  |
      |                         |             |            | behaviour      |
      +-------------------------+-------------+------------+----------------+
      | val < 0 &&              |             |            | Cap wmem_max   |
      | INT_MAX/2 < wmem_max    | min_len     | max_len    | to prevent     |
      |                         |             | ^^^^^^^    | overflow       |
      +-------------------------+-------------+------------+----------------+
      | 0 <= val <= min_len/2   | min_len     | min_len    | Ordinary case  |
      +-------------------------+-------------+------------+----------------+
      | min_len/2 < val &&      | val_cap*2   | val_cap*2  | Ordinary case  |
      | val_cap <= INT_MAX/2    |             |            |                |
      +-------------------------+-------------+------------+----------------+
      | min_len < val &&        |             |            | Cap val_cap    |
      | INT_MAX/2 < val_cap     | min_len     | max_len    | again to       |
      | (implies that           |             | ^^^^^^^    | prevent        |
      | INT_MAX/2 < wmem_max)   |             |            | overflow       |
      +-------------------------+-------------+------------+----------------+
      
      SO_SNDBUFFORCE:
      +------------------------------+---------+---------+------------------+
      |          CONDITION           | BEFORE  | AFTER   |     COMMENT      |
      |                              | PATCH   | PATCH   |                  |
      +------------------------------+---------+---------+------------------+
      | val < INT_MIN/2 &&           | min_len | min_len | Underflow with   |
      | val_uf <= min_len            |         |         | no consequence   |
      +------------------------------+---------+---------+------------------+
      | val < INT_MIN/2 &&           | val_uf  | min_len | Set val to 0 to  |
      | val_uf > min_len             |         | ^^^^^^^ | avoid underflow  |
      +------------------------------+---------+---------+------------------+
      | INT_MIN/2 <= val < 0         | min_len | min_len | No underflow     |
      +------------------------------+---------+---------+------------------+
      | 0 <= val <= min_len/2        | min_len | min_len | Ordinary case    |
      +------------------------------+---------+---------+------------------+
      | min_len/2 < val <= INT_MAX/2 | val*2   | val*2   | Ordinary case    |
      +------------------------------+---------+---------+------------------+
      | INT_MAX/2 < val              | min_len | max_len | Cap val to       |
      |                              |         | ^^^^^^^ | prevent overflow |
      +------------------------------+---------+---------+------------------+
      Signed-off-by: default avatarGuillaume Nault <gnault@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4057765f
  2. 16 Feb, 2019 27 commits
  3. 15 Feb, 2019 7 commits
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 3313da81
      David S. Miller authored
      The netfilter conflicts were rather simple overlapping
      changes.
      
      However, the cls_tcindex.c stuff was a bit more complex.
      
      On the 'net' side, Cong is fixing several races and memory
      leaks.  Whilst on the 'net-next' side we have Vlad adding
      the rtnl-ness support.
      
      What I've decided to do, in order to resolve this, is revert the
      conversion over to using a workqueue that Cong did, bringing us back
      to pure RCU.  I did it this way because I believe that either Cong's
      races don't apply with have Vlad did things, or Cong will have to
      implement the race fix slightly differently.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3313da81
    • Linus Torvalds's avatar
      Merge tag 'for-linus-20190215' of git://git.kernel.dk/linux-block · 24f0a487
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
      
       - Ensure we insert into the hctx dispatch list, if a request is marked
         as DONTPREP (Jianchao)
      
       - NVMe pull request, single missing unlock on error fix (Keith)
      
       - MD pull request, single fix for a potentially data corrupting issue
         (Nate)
      
       - Floppy check_events regression fix (Yufen)
      
      * tag 'for-linus-20190215' of git://git.kernel.dk/linux-block:
        md/raid1: don't clear bitmap bits on interrupted recovery.
        floppy: check_events callback should not return a negative number
        nvme-pci: add missing unlock for reset error
        blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue
      24f0a487
    • Linus Torvalds's avatar
      Merge tag 'for-5.0/dm-fixes-3' of... · ae3fa8bd
      Linus Torvalds authored
      Merge tag 'for-5.0/dm-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm
      
      Pull device mapper fixes from Mike Snitzer:
      
       - Fix bug in DM crypt's sizing of its block integrity tag space,
         resulting in less memory use when DM crypt layers on DM integrity.
      
       - Fix a long-standing DM thinp crash consistency bug that was due to
         improper handling of FUA. This issue is specific to writes that fill
         an entire thinp block which needs to be allocated.
      
      * tag 'for-5.0/dm-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
        dm thin: fix bug where bio that overwrites thin block ignores FUA
        dm crypt: don't overallocate the integrity tag space
      ae3fa8bd
    • Linus Torvalds's avatar
      Merge tag 'mmc-v5.0-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc · dfeae337
      Linus Torvalds authored
      Pull MMC fixes from Ulf Hansson:
       "A couple of MMC fixes intended for v5.0-rc7.
      
        MMC core:
         - Fix deadlock bug for block I/O requests
      
        MMC host:
         - sunxi: Disable broken HS-DDR mode for H5 by default
         - sunxi: Avoid unsupported speed modes declared via DT
         - meson-gx: Restore interrupt name"
      
      * tag 'mmc-v5.0-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
        mmc: meson-gx: fix interrupt name
        mmc: block: handle complete_work on separate workqueue
        mmc: sunxi: Filter out unsupported modes declared in the device tree
        mmc: sunxi: Disable HS-DDR mode for H5 eMMC controller by default
      dfeae337
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-2019-02-15-1' of git://anongit.freedesktop.org/drm/drm · 545aabcb
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "Usual pull request, little larger than I'd like but nothing too
        strange in it. Willy found an bug in the lease ioctl calculations, but
        it's a drm master only ioctl which makes it harder to mess with.
      
       i915:
         - combo phy programming fix
         - opregion version check fix for VBT RVDA lookup
         - gem mmap ioctl race fix
         - fbdev hpd during suspend fix
         - array size bounds check fix in pmu
      
        amdgpu:
         - Vega20 psp fix
         - Add vrr range to debugfs for freesync debugging
      
        sched:
         - Scheduler race fix
      
        vkms:
         - license header fixups
      
        imx:
         - Fix CSI register offsets for i.MX51 and i.MX53.
         - Fix delayed page flip completion events on i.MX6QP due to
           unexpected behaviour of the PRE when issuing NOP buffer updates to
           the same buffer address.
         - Stop throwing errors for plane updates on disabled CRTCs when a
           userspace process is killed while a plane update is pending.
         - Add missing of_node_put cleanup in imx_ldb_bind"
      
      * tag 'drm-fixes-2019-02-15-1' of git://anongit.freedesktop.org/drm/drm:
        drm: Use array_size() when creating lease
        drm/amdgpu/psp11: TA firmware is optional (v3)
        drm/i915/opregion: rvda is relative from opregion base in opregion 2.1+
        drm/i915/opregion: fix version check
        drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set
        drm/i915: Block fbdev HPD processing during suspend
        drm/i915/pmu: Fix enable count array size and bounds checking
        drm/i915/cnl: Fix CNL macros for Voltage Swing programming
        drm/i915/icl: combo port vswing programming changes per BSPEC
        drm/vkms: Fix license inconsistent
        drm/amd/display: Expose connector VRR range via debugfs
        drm/sched: Always trace the dependencies we wait on, to fix a race.
        gpu: ipu-v3: pre: don't trigger update if buffer address doesn't change
        gpu: ipu-v3: Fix CSI offsets for imx53
        drm/imx: imx-ldb: add missing of_node_puts
        gpu: ipu-v3: Fix i.MX51 CSI control registers offset
        drm/imx: ignore plane updates on disabled crtcs
      545aabcb
    • Linus Torvalds's avatar
      Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · 2aba3220
      Linus Torvalds authored
      Pull crypto fix from Herbert Xu:
       "This fixes a crash on resume in the ccree driver"
      
      * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
        crypto: ccree - fix resume race condition on init
      2aba3220
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 6e7bd3b5
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Fix MAC address setting in mac80211 pmsr code, from Johannes Berg.
      
       2) Probe SFP modules after being attached, from Russell King.
      
       3) Byte ordering bug in SMC rx_curs_confirmed code, from Ursula Braun.
      
       4) Revert some r8169 changes that are causing regressions, from Heiner
          Kallweit.
      
       5) Fix spurious connection timeouts in netfilter nat code, from Florian
          Westphal.
      
       6) SKB leak in tipc, from Hoang Le.
      
       7) Short packet checkum issue in mlx4, similar to a previous mlx5
          change, from Saeed Mahameed. The issue is that whilst padding bytes
          are usually zero, it is not guarateed and the hardware doesn't take
          the padding bytes into consideration when generating the checksum.
      
       8) Fix various races in cls_tcindex, from Cong Wang.
      
       9) Need to set stream ext to NULL before freeing in SCTP code, from Xin
          Long.
      
      10) Fix locking in phy_is_started, from Heiner Kallweit.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (54 commits)
        net: ethernet: freescale: set FEC ethtool regs version
        net: hns: Fix object reference leaks in hns_dsaf_roce_reset()
        mm: page_alloc: fix ref bias in page_frag_alloc() for 1-byte allocs
        net: phy: fix potential race in the phylib state machine
        net: phy: don't use locking in phy_is_started
        selftests: fix timestamping Makefile
        net: dsa: bcm_sf2: potential array overflow in bcm_sf2_sw_suspend()
        net: fix possible overflow in __sk_mem_raise_allocated()
        dsa: mv88e6xxx: Ensure all pending interrupts are handled prior to exit
        net: phy: fix interrupt handling in non-started states
        sctp: set stream ext to NULL after freeing it in sctp_stream_outq_migrate
        sctp: call gso_reset_checksum when computing checksum in sctp_gso_segment
        net/mlx5e: XDP, fix redirect resources availability check
        net/mlx5: Fix a compilation warning in events.c
        net/mlx5: No command allowed when command interface is not ready
        net/mlx5e: Fix NULL pointer derefernce in set channels error flow
        netfilter: nft_compat: use-after-free when deleting targets
        team: avoid complex list operations in team_nl_cmd_options_set()
        net_sched: fix two more memory leaks in cls_tcindex
        net_sched: fix a memory leak in cls_tcindex
        ...
      6e7bd3b5