1. 02 Jun, 2018 2 commits
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf · cd075ce4
      David S. Miller authored
      Daniel Borkmann says:
      
      ====================
      pull-request: bpf 2018-06-02
      
      The following pull-request contains BPF updates for your *net* tree.
      
      The main changes are:
      
      1) BPF uapi fix in struct bpf_prog_info and struct bpf_map_info in
         order to fix offsets on 32 bit archs.
      
      This will have a minor merge conflict with net-next which has the
      __u32 gpl_compatible:1 bitfield in struct bpf_prog_info at this
      location. Resolution is to use the gpl_compatible member.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      cd075ce4
    • Daniel Borkmann's avatar
      bpf: fix uapi hole for 32 bit compat applications · 36f9814a
      Daniel Borkmann authored
      In 64 bit, we have a 4 byte hole between ifindex and netns_dev in the
      case of struct bpf_map_info but also struct bpf_prog_info. In net-next
      commit b85fab0e ("bpf: Add gpl_compatible flag to struct bpf_prog_info")
      added a bitfield into it to expose some flags related to programs. Thus,
      add an unnamed __u32 bitfield for both so that alignment keeps the same
      in both 32 and 64 bit cases, and can be naturally extended from there
      as in b85fab0e.
      
      Before:
      
        # file test.o
        test.o: ELF 32-bit LSB relocatable, Intel 80386, version 1 (SYSV), not stripped
        # pahole test.o
        struct bpf_map_info {
      	__u32                      type;                 /*     0     4 */
      	__u32                      id;                   /*     4     4 */
      	__u32                      key_size;             /*     8     4 */
      	__u32                      value_size;           /*    12     4 */
      	__u32                      max_entries;          /*    16     4 */
      	__u32                      map_flags;            /*    20     4 */
      	char                       name[16];             /*    24    16 */
      	__u32                      ifindex;              /*    40     4 */
      	__u64                      netns_dev;            /*    44     8 */
      	__u64                      netns_ino;            /*    52     8 */
      
      	/* size: 64, cachelines: 1, members: 10 */
      	/* padding: 4 */
        };
      
      After (same as on 64 bit):
      
        # file test.o
        test.o: ELF 32-bit LSB relocatable, Intel 80386, version 1 (SYSV), not stripped
        # pahole test.o
        struct bpf_map_info {
      	__u32                      type;                 /*     0     4 */
      	__u32                      id;                   /*     4     4 */
      	__u32                      key_size;             /*     8     4 */
      	__u32                      value_size;           /*    12     4 */
      	__u32                      max_entries;          /*    16     4 */
      	__u32                      map_flags;            /*    20     4 */
      	char                       name[16];             /*    24    16 */
      	__u32                      ifindex;              /*    40     4 */
      
      	/* XXX 4 bytes hole, try to pack */
      
      	__u64                      netns_dev;            /*    48     8 */
      	__u64                      netns_ino;            /*    56     8 */
      	/* --- cacheline 1 boundary (64 bytes) --- */
      
      	/* size: 64, cachelines: 1, members: 10 */
      	/* sum members: 60, holes: 1, sum holes: 4 */
        };
      Reported-by: default avatarDmitry V. Levin <ldv@altlinux.org>
      Reported-by: default avatarEugene Syromiatnikov <esyr@redhat.com>
      Fixes: 52775b33 ("bpf: offload: report device information about offloaded maps")
      Fixes: 675fc275 ("bpf: offload: report device information for offloaded programs")
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Acked-by: default avatarAlexei Starovoitov <ast@kernel.org>
      Signed-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      36f9814a
  2. 01 Jun, 2018 9 commits
  3. 31 May, 2018 6 commits
    • Dan Carpenter's avatar
      net: ethernet: davinci_emac: fix error handling in probe() · 8005b09d
      Dan Carpenter authored
      The current error handling code has an issue where it does:
      
      	if (priv->txchan)
      		cpdma_chan_destroy(priv->txchan);
      
      The problem is that ->txchan is either valid or an error pointer (which
      would lead to an Oops).  I've changed it to use multiple error labels so
      that the test can be removed.
      
      Also there were some missing calls to netif_napi_del().
      
      Fixes: 3ef0fdb2 ("net: davinci_emac: switch to new cpdma layer")
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8005b09d
    • Samuel Mendoza-Jonas's avatar
      net/ncsi: Fix array size in dumpit handler · 0f51f358
      Samuel Mendoza-Jonas authored
      With CONFIG_CC_STACKPROTECTOR enabled the kernel panics as below when
      parsing a NCSI_CMD_PKG_INFO command:
      
      [  150.149711] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: 805cff08
      [  150.149711]
      [  150.159919] CPU: 0 PID: 1301 Comm: ncsi-netlink Not tainted 4.13.16-468cbec6d2c91239332cb91b1f0a73aafcb6f0c6 #1
      [  150.170004] Hardware name: Generic DT based system
      [  150.174852] [<80109930>] (unwind_backtrace) from [<80106bc4>] (show_stack+0x20/0x24)
      [  150.182641] [<80106bc4>] (show_stack) from [<805d36e4>] (dump_stack+0x20/0x28)
      [  150.189888] [<805d36e4>] (dump_stack) from [<801163ac>] (panic+0xdc/0x278)
      [  150.196780] [<801163ac>] (panic) from [<801162cc>] (__stack_chk_fail+0x20/0x24)
      [  150.204111] [<801162cc>] (__stack_chk_fail) from [<805cff08>] (ncsi_pkg_info_all_nl+0x244/0x258)
      [  150.212912] [<805cff08>] (ncsi_pkg_info_all_nl) from [<804f939c>] (genl_lock_dumpit+0x3c/0x54)
      [  150.221535] [<804f939c>] (genl_lock_dumpit) from [<804f873c>] (netlink_dump+0xf8/0x284)
      [  150.229550] [<804f873c>] (netlink_dump) from [<804f8d44>] (__netlink_dump_start+0x124/0x17c)
      [  150.237992] [<804f8d44>] (__netlink_dump_start) from [<804f9880>] (genl_rcv_msg+0x1c8/0x3d4)
      [  150.246440] [<804f9880>] (genl_rcv_msg) from [<804f9174>] (netlink_rcv_skb+0xd8/0x134)
      [  150.254361] [<804f9174>] (netlink_rcv_skb) from [<804f96a4>] (genl_rcv+0x30/0x44)
      [  150.261850] [<804f96a4>] (genl_rcv) from [<804f7790>] (netlink_unicast+0x198/0x234)
      [  150.269511] [<804f7790>] (netlink_unicast) from [<804f7ffc>] (netlink_sendmsg+0x368/0x3b0)
      [  150.277783] [<804f7ffc>] (netlink_sendmsg) from [<804abea4>] (sock_sendmsg+0x24/0x34)
      [  150.285625] [<804abea4>] (sock_sendmsg) from [<804ac1dc>] (___sys_sendmsg+0x244/0x260)
      [  150.293556] [<804ac1dc>] (___sys_sendmsg) from [<804ad98c>] (__sys_sendmsg+0x5c/0x9c)
      [  150.301400] [<804ad98c>] (__sys_sendmsg) from [<804ad9e4>] (SyS_sendmsg+0x18/0x1c)
      [  150.308984] [<804ad9e4>] (SyS_sendmsg) from [<80102640>] (ret_fast_syscall+0x0/0x3c)
      [  150.316743] ---[ end Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: 805cff08
      
      This turns out to be because the attrs array in ncsi_pkg_info_all_nl()
      is initialised to a length of NCSI_ATTR_MAX which is the maximum
      attribute number, not the number of attributes.
      
      Fixes: 955dc68c ("net/ncsi: Add generic netlink family")
      Signed-off-by: default avatarSamuel Mendoza-Jonas <sam@mendozajonas.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0f51f358
    • David S. Miller's avatar
      Merge tag 'wireless-drivers-for-davem-2018-05-30' of... · be20f28f
      David S. Miller authored
      Merge tag 'wireless-drivers-for-davem-2018-05-30' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers
      
      Kalle Valo says:
      
      ====================
      wireless-drivers fixes for 4.17
      
      Two last minute fixes, hopefully they make it to 4.17 still.
      
      rt2x00
      
      * revert a fix which caused even more problems
      
      iwlwifi
      
      * fix a crash when there are 16 or more logical CPUs
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      be20f28f
    • Paul Blakey's avatar
      cls_flower: Fix incorrect idr release when failing to modify rule · 8258d2da
      Paul Blakey authored
      When we fail to modify a rule, we incorrectly release the idr handle
      of the unmodified old rule.
      
      Fix that by checking if we need to release it.
      
      Fixes: fe2502e4 ("net_sched: remove cls_flower idr on failure")
      Reported-by: default avatarVlad Buslov <vladbu@mellanox.com>
      Reviewed-by: default avatarRoi Dayan <roid@mellanox.com>
      Acked-by: default avatarJiri Pirko <jiri@mellanox.com>
      Signed-off-by: default avatarPaul Blakey <paulb@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8258d2da
    • Finn Thain's avatar
      net/sonic: Use dma_mapping_error() · 26de0b76
      Finn Thain authored
      With CONFIG_DMA_API_DEBUG=y, calling sonic_open() produces the
      message, "DMA-API: device driver failed to check map error".
      Add the missing dma_mapping_error() call.
      
      Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
      Signed-off-by: default avatarFinn Thain <fthain@telegraphics.com.au>
      Acked-by: default avatarThomas Bogendoerfer <tsbogend@alpha.franken.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      26de0b76
    • Steffen Klassert's avatar
      xfrm Fix potential error pointer dereference in xfrm_bundle_create. · 38369f54
      Steffen Klassert authored
      We may derference an invalid pointer in the error path of
      xfrm_bundle_create(). Fix this by returning this error
      pointer directly instead of assigning it to xdst0.
      
      Fixes: 45b018be ("ipsec: Create and use new helpers for dst child access.")
      Signed-off-by: default avatarSteffen Klassert <steffen.klassert@secunet.com>
      38369f54
  4. 30 May, 2018 1 commit
  5. 29 May, 2018 10 commits
    • Toshiaki Makita's avatar
      tun: Fix NULL pointer dereference in XDP redirect · 6547e387
      Toshiaki Makita authored
      Calling XDP redirection requires bh disabled. Softirq can call another
      XDP function and redirection functions, then the percpu static variable
      ri->map can be overwritten to NULL.
      
      This is a generic XDP case called from tun.
      
      [ 3535.736058] BUG: unable to handle kernel NULL pointer dereference at 0000000000000018
      [ 3535.743974] PGD 0 P4D 0
      [ 3535.746530] Oops: 0000 [#1] SMP PTI
      [ 3535.750049] Modules linked in: vhost_net vhost tap tun bridge stp llc ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter sunrpc vfat fat ext4 mbcache jbd2 intel_rapl skx_edac nfit libnvdimm x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm ipmi_ssif irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc ses aesni_intel crypto_simd cryptd enclosure hpwdt hpilo glue_helper ipmi_si pcspkr wmi mei_me ioatdma mei ipmi_devintf shpchp dca ipmi_msghandler lpc_ich acpi_power_meter sch_fq_codel ip_tables xfs libcrc32c sd_mod mgag200 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm drm smartpqi i40e crc32c_intel scsi_transport_sas tg3 i2c_core ptp pps_core
      [ 3535.813456] CPU: 5 PID: 1630 Comm: vhost-1614 Not tainted 4.17.0-rc4 #2
      [ 3535.820127] Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 11/14/2017
      [ 3535.828732] RIP: 0010:__xdp_map_lookup_elem+0x5/0x30
      [ 3535.833740] RSP: 0018:ffffb4bc47bf7c58 EFLAGS: 00010246
      [ 3535.839009] RAX: ffff9fdfcfea1c40 RBX: 0000000000000000 RCX: ffff9fdf27fe3100
      [ 3535.846205] RDX: ffff9fdfca769200 RSI: 0000000000000000 RDI: 0000000000000000
      [ 3535.853402] RBP: ffffb4bc491d9000 R08: 00000000000045ad R09: 0000000000000ec0
      [ 3535.860597] R10: 0000000000000001 R11: ffff9fdf26c3ce4e R12: ffff9fdf9e72c000
      [ 3535.867794] R13: 0000000000000000 R14: fffffffffffffff2 R15: ffff9fdfc82cdd00
      [ 3535.874990] FS:  0000000000000000(0000) GS:ffff9fdfcfe80000(0000) knlGS:0000000000000000
      [ 3535.883152] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [ 3535.888948] CR2: 0000000000000018 CR3: 0000000bde724004 CR4: 00000000007626e0
      [ 3535.896145] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      [ 3535.903342] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      [ 3535.910538] PKRU: 55555554
      [ 3535.913267] Call Trace:
      [ 3535.915736]  xdp_do_generic_redirect+0x7a/0x310
      [ 3535.920310]  do_xdp_generic.part.117+0x285/0x370
      [ 3535.924970]  tun_get_user+0x5b9/0x1260 [tun]
      [ 3535.929279]  tun_sendmsg+0x52/0x70 [tun]
      [ 3535.933237]  handle_tx+0x2ad/0x5f0 [vhost_net]
      [ 3535.937721]  vhost_worker+0xa5/0x100 [vhost]
      [ 3535.942030]  kthread+0xf5/0x130
      [ 3535.945198]  ? vhost_dev_ioctl+0x3b0/0x3b0 [vhost]
      [ 3535.950031]  ? kthread_bind+0x10/0x10
      [ 3535.953727]  ret_from_fork+0x35/0x40
      [ 3535.957334] Code: 0e 74 15 83 f8 10 75 05 e9 49 aa b3 ff f3 c3 0f 1f 80 00 00 00 00 f3 c3 e9 29 9d b3 ff 66 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 <8b> 47 18 83 f8 0e 74 0d 83 f8 10 75 05 e9 49 a9 b3 ff 31 c0 c3
      [ 3535.976387] RIP: __xdp_map_lookup_elem+0x5/0x30 RSP: ffffb4bc47bf7c58
      [ 3535.982883] CR2: 0000000000000018
      [ 3535.987096] ---[ end trace 383b299dd1430240 ]---
      [ 3536.131325] Kernel panic - not syncing: Fatal exception
      [ 3536.137484] Kernel Offset: 0x26a00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
      [ 3536.281406] ---[ end Kernel panic - not syncing: Fatal exception ]---
      
      And a kernel with generic case fixed still panics in tun driver XDP
      redirect, because it disabled only preemption, but not bh.
      
      [ 2055.128746] BUG: unable to handle kernel NULL pointer dereference at 0000000000000018
      [ 2055.136662] PGD 0 P4D 0
      [ 2055.139219] Oops: 0000 [#1] SMP PTI
      [ 2055.142736] Modules linked in: vhost_net vhost tap tun bridge stp llc ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter sunrpc vfat fat ext4 mbcache jbd2 intel_rapl skx_edac nfit libnvdimm x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc ses aesni_intel ipmi_ssif crypto_simd enclosure cryptd hpwdt glue_helper ioatdma hpilo wmi dca pcspkr ipmi_si acpi_power_meter ipmi_devintf shpchp mei_me ipmi_msghandler mei lpc_ich sch_fq_codel ip_tables xfs libcrc32c sd_mod mgag200 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm drm i40e smartpqi tg3 scsi_transport_sas crc32c_intel i2c_core ptp pps_core
      [ 2055.206142] CPU: 6 PID: 1693 Comm: vhost-1683 Tainted: G        W         4.17.0-rc5-fix-tun+ #1
      [ 2055.215011] Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 11/14/2017
      [ 2055.223617] RIP: 0010:__xdp_map_lookup_elem+0x5/0x30
      [ 2055.228624] RSP: 0018:ffff998b07607cc0 EFLAGS: 00010246
      [ 2055.233892] RAX: ffff8dbd8e235700 RBX: ffff8dbd8ff21c40 RCX: 0000000000000004
      [ 2055.241089] RDX: ffff998b097a9000 RSI: 0000000000000000 RDI: 0000000000000000
      [ 2055.248286] RBP: 0000000000000000 R08: 00000000000065a8 R09: 0000000000005d80
      [ 2055.255483] R10: 0000000000000040 R11: ffff8dbcf0100000 R12: ffff998b097a9000
      [ 2055.262681] R13: ffff8dbd8c98c000 R14: 0000000000000000 R15: ffff998b07607d78
      [ 2055.269879] FS:  0000000000000000(0000) GS:ffff8dbd8ff00000(0000) knlGS:0000000000000000
      [ 2055.278039] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [ 2055.283834] CR2: 0000000000000018 CR3: 0000000c0c8cc005 CR4: 00000000007626e0
      [ 2055.291030] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      [ 2055.298227] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      [ 2055.305424] PKRU: 55555554
      [ 2055.308153] Call Trace:
      [ 2055.310624]  xdp_do_redirect+0x7b/0x380
      [ 2055.314499]  tun_get_user+0x10fe/0x12a0 [tun]
      [ 2055.318895]  tun_sendmsg+0x52/0x70 [tun]
      [ 2055.322852]  handle_tx+0x2ad/0x5f0 [vhost_net]
      [ 2055.327337]  vhost_worker+0xa5/0x100 [vhost]
      [ 2055.331646]  kthread+0xf5/0x130
      [ 2055.334813]  ? vhost_dev_ioctl+0x3b0/0x3b0 [vhost]
      [ 2055.339646]  ? kthread_bind+0x10/0x10
      [ 2055.343343]  ret_from_fork+0x35/0x40
      [ 2055.346950] Code: 0e 74 15 83 f8 10 75 05 e9 e9 aa b3 ff f3 c3 0f 1f 80 00 00 00 00 f3 c3 e9 c9 9d b3 ff 66 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 <8b> 47 18 83 f8 0e 74 0d 83 f8 10 75 05 e9 e9 a9 b3 ff 31 c0 c3
      [ 2055.366004] RIP: __xdp_map_lookup_elem+0x5/0x30 RSP: ffff998b07607cc0
      [ 2055.372500] CR2: 0000000000000018
      [ 2055.375856] ---[ end trace 2a2dcc5e9e174268 ]---
      [ 2055.523626] Kernel panic - not syncing: Fatal exception
      [ 2055.529796] Kernel Offset: 0x2e000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
      [ 2055.677539] ---[ end Kernel panic - not syncing: Fatal exception ]---
      
      v2:
       - Removed preempt_disable/enable since local_bh_disable will prevent
         preemption as well, feedback from Jason Wang.
      
      Fixes: 761876c8 ("tap: XDP support")
      Signed-off-by: default avatarToshiaki Makita <makita.toshiaki@lab.ntt.co.jp>
      Acked-by: default avatarJason Wang <jasowang@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6547e387
    • Suresh Reddy's avatar
      be2net: Fix error detection logic for BE3 · d2c2725c
      Suresh Reddy authored
      Check for 0xE00 (RECOVERABLE_ERR) along with ARMFW UE (0x0)
      in be_detect_error() to know whether the error is valid error or not
      
      Fixes: 673c96e5 ("be2net: Fix UE detection logic for BE3")
      Signed-off-by: default avatarSuresh Reddy <suresh.reddy@broadcom.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d2c2725c
    • Josh Hill's avatar
      net: qmi_wwan: Add Netgear Aircard 779S · 2415f3bd
      Josh Hill authored
      Add support for Netgear Aircard 779S
      Signed-off-by: default avatarJosh Hill <josh@joshuajhill.com>
      Acked-by: default avatarBjørn Mork <bjorn@mork.no>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2415f3bd
    • Petr Machata's avatar
      mlxsw: spectrum: Forbid creation of VLAN 1 over port/LAG · 47bf9df2
      Petr Machata authored
      VLAN 1 is internally used for untagged traffic. Prevent creation of
      explicit netdevice for that VLAN, because that currently isn't supported
      and leads to the NULL pointer dereference cited below.
      
      Fix by preventing creation of VLAN devices with VID of 1 over mlxsw
      devices or LAG devices that involve mlxsw devices.
      
      [  327.175816] ================================================================================
      [  327.184544] UBSAN: Undefined behaviour in drivers/net/ethernet/mellanox/mlxsw/spectrum_fid.c:200:12
      [  327.193667] member access within null pointer of type 'const struct mlxsw_sp_fid'
      [  327.201226] CPU: 0 PID: 8983 Comm: ip Not tainted 4.17.0-rc4-petrm_net_ip6gre_headroom-custom-140 #11
      [  327.210496] Hardware name: Mellanox Technologies Ltd. "MSN2410-CB2F"/"SA000874", BIOS 4.6.5 03/08/2016
      [  327.219872] Call Trace:
      [  327.222384]  dump_stack+0xc3/0x12b
      [  327.234007]  ubsan_epilogue+0x9/0x49
      [  327.237638]  ubsan_type_mismatch_common+0x1f9/0x2d0
      [  327.255769]  __ubsan_handle_type_mismatch+0x90/0xa7
      [  327.264716]  mlxsw_sp_fid_type+0x35/0x50 [mlxsw_spectrum]
      [  327.270255]  mlxsw_sp_port_vlan_router_leave+0x46/0xc0 [mlxsw_spectrum]
      [  327.277019]  mlxsw_sp_inetaddr_port_vlan_event+0xe1/0x340 [mlxsw_spectrum]
      [  327.315031]  mlxsw_sp_netdevice_vrf_event+0xa8/0x100 [mlxsw_spectrum]
      [  327.321626]  mlxsw_sp_netdevice_event+0x276/0x430 [mlxsw_spectrum]
      [  327.367863]  notifier_call_chain+0x4c/0x150
      [  327.372128]  __netdev_upper_dev_link+0x1b3/0x260
      [  327.399450]  vrf_add_slave+0xce/0x170 [vrf]
      [  327.403703]  do_setlink+0x658/0x1d70
      [  327.508998]  rtnl_newlink+0x908/0xf20
      [  327.559128]  rtnetlink_rcv_msg+0x50c/0x720
      [  327.571720]  netlink_rcv_skb+0x16a/0x1f0
      [  327.583450]  netlink_unicast+0x2ca/0x3e0
      [  327.599305]  netlink_sendmsg+0x3e2/0x7f0
      [  327.616655]  sock_sendmsg+0x76/0xc0
      [  327.620207]  ___sys_sendmsg+0x494/0x5d0
      [  327.666117]  __sys_sendmsg+0xc2/0x130
      [  327.690953]  do_syscall_64+0x66/0x370
      [  327.694677]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
      [  327.699782] RIP: 0033:0x7f4c2f3f8037
      [  327.703393] RSP: 002b:00007ffe8c389708 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
      [  327.711035] RAX: ffffffffffffffda RBX: 000000005b03f53e RCX: 00007f4c2f3f8037
      [  327.718229] RDX: 0000000000000000 RSI: 00007ffe8c389760 RDI: 0000000000000003
      [  327.725431] RBP: 00007ffe8c389760 R08: 0000000000000000 R09: 00007f4c2f443630
      [  327.732632] R10: 00000000000005eb R11: 0000000000000246 R12: 0000000000000000
      [  327.739833] R13: 00000000006774e0 R14: 00007ffe8c3897e8 R15: 0000000000000000
      [  327.747096] ================================================================================
      
      Fixes: 9589a7b5 ("mlxsw: spectrum: Handle VLAN devices linking / unlinking")
      Suggested-by: default avatarIdo Schimmel <idosch@mellanox.com>
      Signed-off-by: default avatarPetr Machata <petrm@mellanox.com>
      Signed-off-by: default avatarIdo Schimmel <idosch@mellanox.com>
      Acked-by: default avatarJiri Pirko <jiri@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      47bf9df2
    • Ivan Bornyakov's avatar
      atm: zatm: fix memcmp casting · f9c6442a
      Ivan Bornyakov authored
      memcmp() returns int, but eprom_try_esi() cast it to unsigned char. One
      can lose significant bits and get 0 from non-0 value returned by the
      memcmp().
      Signed-off-by: default avatarIvan Bornyakov <brnkv.i1@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f9c6442a
    • Hao Wei Tee's avatar
      iwlwifi: pcie: compare with number of IRQs requested for, not number of CPUs · ab1068d6
      Hao Wei Tee authored
      When there are 16 or more logical CPUs, we request for
      `IWL_MAX_RX_HW_QUEUES` (16) IRQs only as we limit to that number of
      IRQs, but later on we compare the number of IRQs returned to
      nr_online_cpus+2 instead of max_irqs, the latter being what we
      actually asked for. This ends up setting num_rx_queues to 17 which
      causes lots of out-of-bounds array accesses later on.
      
      Compare to max_irqs instead, and also add an assertion in case
      num_rx_queues > IWM_MAX_RX_HW_QUEUES.
      
      This fixes https://bugzilla.kernel.org/show_bug.cgi?id=199551
      
      Fixes: 2e5d4a8f ("iwlwifi: pcie: Add new configuration to enable MSIX")
      Signed-off-by: default avatarHao Wei Tee <angelsl@in04.sg>
      Tested-by: default avatarSara Sharon <sara.sharon@intel.com>
      Signed-off-by: default avatarLuca Coelho <luciano.coelho@intel.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      ab1068d6
    • Stanislaw Gruszka's avatar
      Revert "rt2800: use TXOP_BACKOFF for probe frames" · 52a19236
      Stanislaw Gruszka authored
      This reverts commit fb47ada8.
      
      In some situations when we set TXOP_BACKOFF, the probe frame is
      not sent at all. What it worse then sending probe frame as part
      of AMPDU and can degrade 11n performance to 11g rates.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarStanislaw Gruszka <sgruszka@redhat.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      52a19236
    • Ard Biesheuvel's avatar
      net: netsec: reduce DMA mask to 40 bits · 31256426
      Ard Biesheuvel authored
      The netsec network controller IP can drive 64 address bits for DMA, and
      the DMA mask is set accordingly in the driver. However, the SynQuacer
      SoC, which is the only silicon incorporating this IP at the moment,
      integrates this IP in a manner that leaves address bits [63:40]
      unconnected.
      
      Up until now, this has not resulted in any problems, given that the DDR
      controller doesn't decode those bits to begin with. However, recent
      firmware updates for platforms incorporating this SoC allow the IOMMU
      to be enabled, which does decode address bits [47:40], and allocates
      top down from the IOVA space, producing DMA addresses that have bits
      set that have been left unconnected.
      
      Both the DT and ACPI (IORT) descriptions of the platform take this into
      account, and only describe a DMA address space of 40 bits (using either
      dma-ranges DT properties, or DMA address limits in IORT named component
      nodes). However, even though our IOMMU and bus layers may take such
      limitations into account by setting a narrower DMA mask when creating
      the platform device, the netsec probe() entrypoint follows the common
      practice of setting the DMA mask uncondionally, according to the
      capabilities of the IP block itself rather than to its integration into
      the chip.
      
      It is currently unclear what the correct fix is here. We could hack around
      it by only setting the DMA mask if it deviates from its default value of
      DMA_BIT_MASK(32). However, this makes it impossible for the bus layer to
      use DMA_BIT_MASK(32) as the bus limit, and so it appears that a more
      comprehensive approach is required to take DMA limits imposed by the
      SoC as a whole into account.
      
      In the mean time, let's limit the DMA mask to 40 bits. Given that there
      is currently only one SoC that incorporates this IP, this is a reasonable
      approach that can be backported to -stable and buys us some time to come
      up with a proper fix going forward.
      
      Fixes: 533dd11a ("net: socionext: Add Synquacer NetSec driver")
      Cc: Robin Murphy <robin.murphy@arm.com>
      Cc: Jassi Brar <jaswinder.singh@linaro.org>
      Cc: Masahisa Kojima <masahisa.kojima@linaro.org>
      Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
      Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
      Reviewed-by: default avatarRobin Murphy <robin.murphy@arm.com>
      Acked-by: default avatarJassi Brar <jaswinder.singh@linaro.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      31256426
    • Mathieu Xhonneux's avatar
      ipv6: sr: fix memory OOB access in seg6_do_srh_encap/inline · bbb40a0b
      Mathieu Xhonneux authored
      seg6_do_srh_encap and seg6_do_srh_inline can possibly do an
      out-of-bounds access when adding the SRH to the packet. This no longer
      happen when expanding the skb not only by the size of the SRH (+
      outer IPv6 header), but also by skb->mac_len.
      
      [   53.793056] BUG: KASAN: use-after-free in seg6_do_srh_encap+0x284/0x620
      [   53.794564] Write of size 14 at addr ffff88011975ecfa by task ping/674
      
      [   53.796665] CPU: 0 PID: 674 Comm: ping Not tainted 4.17.0-rc3-ARCH+ #90
      [   53.796670] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
      BIOS 1.11.0-20171110_100015-anatol 04/01/2014
      [   53.796673] Call Trace:
      [   53.796679]  <IRQ>
      [   53.796689]  dump_stack+0x71/0xab
      [   53.796700]  print_address_description+0x6a/0x270
      [   53.796707]  kasan_report+0x258/0x380
      [   53.796715]  ? seg6_do_srh_encap+0x284/0x620
      [   53.796722]  memmove+0x34/0x50
      [   53.796730]  seg6_do_srh_encap+0x284/0x620
      [   53.796741]  ? seg6_do_srh+0x29b/0x360
      [   53.796747]  seg6_do_srh+0x29b/0x360
      [   53.796756]  seg6_input+0x2e/0x2e0
      [   53.796765]  lwtunnel_input+0x93/0xd0
      [   53.796774]  ipv6_rcv+0x690/0x920
      [   53.796783]  ? ip6_input+0x170/0x170
      [   53.796791]  ? eth_gro_receive+0x2d0/0x2d0
      [   53.796800]  ? ip6_input+0x170/0x170
      [   53.796809]  __netif_receive_skb_core+0xcc0/0x13f0
      [   53.796820]  ? netdev_info+0x110/0x110
      [   53.796827]  ? napi_complete_done+0xb6/0x170
      [   53.796834]  ? e1000_clean+0x6da/0xf70
      [   53.796845]  ? process_backlog+0x129/0x2a0
      [   53.796853]  process_backlog+0x129/0x2a0
      [   53.796862]  net_rx_action+0x211/0x5c0
      [   53.796870]  ? napi_complete_done+0x170/0x170
      [   53.796887]  ? run_rebalance_domains+0x11f/0x150
      [   53.796891]  __do_softirq+0x10e/0x39e
      [   53.796894]  do_softirq_own_stack+0x2a/0x40
      [   53.796895]  </IRQ>
      [   53.796898]  do_softirq.part.16+0x54/0x60
      [   53.796900]  __local_bh_enable_ip+0x5b/0x60
      [   53.796903]  ip6_finish_output2+0x416/0x9f0
      [   53.796906]  ? ip6_dst_lookup_flow+0x110/0x110
      [   53.796909]  ? ip6_sk_dst_lookup_flow+0x390/0x390
      [   53.796911]  ? __rcu_read_unlock+0x66/0x80
      [   53.796913]  ? ip6_mtu+0x44/0xf0
      [   53.796916]  ? ip6_output+0xfc/0x220
      [   53.796918]  ip6_output+0xfc/0x220
      [   53.796921]  ? ip6_finish_output+0x2b0/0x2b0
      [   53.796923]  ? memcpy+0x34/0x50
      [   53.796926]  ip6_send_skb+0x43/0xc0
      [   53.796929]  rawv6_sendmsg+0x1216/0x1530
      [   53.796932]  ? __orc_find+0x6b/0xc0
      [   53.796934]  ? rawv6_rcv_skb+0x160/0x160
      [   53.796937]  ? __rcu_read_unlock+0x66/0x80
      [   53.796939]  ? __rcu_read_unlock+0x66/0x80
      [   53.796942]  ? is_bpf_text_address+0x1e/0x30
      [   53.796944]  ? kernel_text_address+0xec/0x100
      [   53.796946]  ? __kernel_text_address+0xe/0x30
      [   53.796948]  ? unwind_get_return_address+0x2f/0x50
      [   53.796950]  ? __save_stack_trace+0x92/0x100
      [   53.796954]  ? save_stack+0x89/0xb0
      [   53.796956]  ? kasan_kmalloc+0xa0/0xd0
      [   53.796958]  ? kmem_cache_alloc+0xd2/0x1f0
      [   53.796961]  ? prepare_creds+0x23/0x160
      [   53.796963]  ? __x64_sys_capset+0x252/0x3e0
      [   53.796966]  ? do_syscall_64+0x69/0x160
      [   53.796968]  ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
      [   53.796971]  ? __alloc_pages_nodemask+0x170/0x380
      [   53.796973]  ? __alloc_pages_slowpath+0x12c0/0x12c0
      [   53.796977]  ? tty_vhangup+0x20/0x20
      [   53.796979]  ? policy_nodemask+0x1a/0x90
      [   53.796982]  ? __mod_node_page_state+0x8d/0xa0
      [   53.796986]  ? __check_object_size+0xe7/0x240
      [   53.796989]  ? __sys_sendto+0x229/0x290
      [   53.796991]  ? rawv6_rcv_skb+0x160/0x160
      [   53.796993]  __sys_sendto+0x229/0x290
      [   53.796996]  ? __ia32_sys_getpeername+0x50/0x50
      [   53.796999]  ? commit_creds+0x2de/0x520
      [   53.797002]  ? security_capset+0x57/0x70
      [   53.797004]  ? __x64_sys_capset+0x29f/0x3e0
      [   53.797007]  ? __x64_sys_rt_sigsuspend+0xe0/0xe0
      [   53.797011]  ? __do_page_fault+0x664/0x770
      [   53.797014]  __x64_sys_sendto+0x74/0x90
      [   53.797017]  do_syscall_64+0x69/0x160
      [   53.797019]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
      [   53.797022] RIP: 0033:0x7f43b7a6714a
      [   53.797023] RSP: 002b:00007ffd891bd368 EFLAGS: 00000246 ORIG_RAX:
      000000000000002c
      [   53.797026] RAX: ffffffffffffffda RBX: 00000000006129c0 RCX: 00007f43b7a6714a
      [   53.797028] RDX: 0000000000000040 RSI: 00000000006129c0 RDI: 0000000000000004
      [   53.797029] RBP: 00007ffd891be640 R08: 0000000000610940 R09: 000000000000001c
      [   53.797030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000040
      [   53.797032] R13: 000000000060e6a0 R14: 0000000000008004 R15: 000000000040b661
      
      [   53.797171] Allocated by task 642:
      [   53.797460]  kasan_kmalloc+0xa0/0xd0
      [   53.797463]  kmem_cache_alloc+0xd2/0x1f0
      [   53.797465]  getname_flags+0x40/0x210
      [   53.797467]  user_path_at_empty+0x1d/0x40
      [   53.797469]  do_faccessat+0x12a/0x320
      [   53.797471]  do_syscall_64+0x69/0x160
      [   53.797473]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
      
      [   53.797607] Freed by task 642:
      [   53.797869]  __kasan_slab_free+0x130/0x180
      [   53.797871]  kmem_cache_free+0xa8/0x230
      [   53.797872]  filename_lookup+0x15b/0x230
      [   53.797874]  do_faccessat+0x12a/0x320
      [   53.797876]  do_syscall_64+0x69/0x160
      [   53.797878]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
      
      [   53.798014] The buggy address belongs to the object at ffff88011975e600
                      which belongs to the cache names_cache of size 4096
      [   53.799043] The buggy address is located 1786 bytes inside of
                      4096-byte region [ffff88011975e600, ffff88011975f600)
      [   53.800013] The buggy address belongs to the page:
      [   53.800414] page:ffffea000465d600 count:1 mapcount:0
      mapping:0000000000000000 index:0x0 compound_mapcount: 0
      [   53.801259] flags: 0x17fff0000008100(slab|head)
      [   53.801640] raw: 017fff0000008100 0000000000000000 0000000000000000
      0000000100070007
      [   53.803147] raw: dead000000000100 dead000000000200 ffff88011b185a40
      0000000000000000
      [   53.803787] page dumped because: kasan: bad access detected
      
      [   53.804384] Memory state around the buggy address:
      [   53.804788]  ffff88011975eb80: fb fb fb fb fb fb fb fb fb fb fb fb
      fb fb fb fb
      [   53.805384]  ffff88011975ec00: fb fb fb fb fb fb fb fb fb fb fb fb
      fb fb fb fb
      [   53.805979] >ffff88011975ec80: fb fb fb fb fb fb fb fb fb fb fb fb
      fb fb fb fb
      [   53.806577]                                                                 ^
      [   53.807165]  ffff88011975ed00: fb fb fb fb fb fb fb fb fb fb fb fb
      fb fb fb fb
      [   53.807762]  ffff88011975ed80: fb fb fb fb fb fb fb fb fb fb fb fb
      fb fb fb fb
      [   53.808356] ==================================================================
      [   53.808949] Disabling lock debugging due to kernel taint
      
      Fixes: 6c8702c6 ("ipv6: sr: add support for SRH encapsulation and injection with lwtunnels")
      Signed-off-by: default avatarDavid Lebrun <dlebrun@google.com>
      Signed-off-by: default avatarMathieu Xhonneux <m.xhonneux@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bbb40a0b
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf · 513acc5b
      David S. Miller authored
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter/IPVS fixes for net
      
      The following patchset contains Netfilter/IPVS fixes for your net tree:
      
      1) Null pointer dereference when dumping conntrack helper configuration,
         from Taehee Yoo.
      
      2) Missing sanitization in ebtables extension name through compat,
         from Paolo Abeni.
      
      3) Broken fetch of tracing value, from Taehee Yoo.
      
      4) Incorrect arithmetics in packet ratelimiting.
      
      5) Buffer overflow in IPVS sync daemon, from Julian Anastasov.
      
      6) Wrong argument to nla_strlcpy() in nfnetlink_{acct,cthelper},
         from Eric Dumazet.
      
      7) Fix splat in nft_update_chain_stats().
      
      8) Null pointer dereference from object netlink dump path, from
         Taehee Yoo.
      
      9) Missing static_branch_inc() when enabling counters in existing
         chain, from Taehee Yoo.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      513acc5b
  6. 28 May, 2018 3 commits
    • Taehee Yoo's avatar
      netfilter: nf_tables: increase nft_counters_enabled in nft_chain_stats_replace() · bbb8c61f
      Taehee Yoo authored
      When a chain is updated, a counter can be attached. if so,
      the nft_counters_enabled should be increased.
      
      test commands:
      
         %nft add table ip filter
         %nft add chain ip filter input { type filter hook input priority 4\; }
         %iptables-compat -Z input
         %nft delete chain ip filter input
      
      we can see below messages.
      
      [  286.443720] jump label: negative count!
      [  286.448278] WARNING: CPU: 0 PID: 1459 at kernel/jump_label.c:197 __static_key_slow_dec_cpuslocked+0x6f/0xf0
      [  286.449144] Modules linked in: nf_tables nfnetlink ip_tables x_tables
      [  286.449144] CPU: 0 PID: 1459 Comm: nft Tainted: G        W         4.17.0-rc2+ #12
      [  286.449144] RIP: 0010:__static_key_slow_dec_cpuslocked+0x6f/0xf0
      [  286.449144] RSP: 0018:ffff88010e5176f0 EFLAGS: 00010286
      [  286.449144] RAX: 000000000000001b RBX: ffffffffc0179500 RCX: ffffffffb8a82522
      [  286.449144] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffff88011b7e5eac
      [  286.449144] RBP: 0000000000000000 R08: ffffed00236fce5c R09: ffffed00236fce5b
      [  286.449144] R10: ffffffffc0179503 R11: ffffed00236fce5c R12: 0000000000000000
      [  286.449144] R13: ffff88011a28e448 R14: ffff88011a28e470 R15: dffffc0000000000
      [  286.449144] FS:  00007f0384328700(0000) GS:ffff88011b600000(0000) knlGS:0000000000000000
      [  286.449144] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [  286.449144] CR2: 00007f038394bf10 CR3: 0000000104a86000 CR4: 00000000001006f0
      [  286.449144] Call Trace:
      [  286.449144]  static_key_slow_dec+0x6a/0x70
      [  286.449144]  nf_tables_chain_destroy+0x19d/0x210 [nf_tables]
      [  286.449144]  nf_tables_commit+0x1891/0x1c50 [nf_tables]
      [  286.449144]  nfnetlink_rcv+0x1148/0x13d0 [nfnetlink]
      [ ... ]
      Signed-off-by: default avatarTaehee Yoo <ap420073@gmail.com>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      bbb8c61f
    • Taehee Yoo's avatar
      netfilter: nf_tables: fix NULL-ptr in nf_tables_dump_obj() · 360cc79d
      Taehee Yoo authored
      The table field in nft_obj_filter is not an array. In order to check
      tablename, we should check if the pointer is set.
      
      Test commands:
      
         %nft add table ip filter
         %nft add counter ip filter ct1
         %nft reset counters
      
      Splat looks like:
      
      [  306.510504] kasan: CONFIG_KASAN_INLINE enabled
      [  306.516184] kasan: GPF could be caused by NULL-ptr deref or user memory access
      [  306.524775] general protection fault: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN PTI
      [  306.528284] Modules linked in: nft_objref nft_counter nf_tables nfnetlink ip_tables x_tables
      [  306.528284] CPU: 0 PID: 1488 Comm: nft Not tainted 4.17.0-rc4+ #17
      [  306.528284] Hardware name: To be filled by O.E.M. To be filled by O.E.M./Aptio CRB, BIOS 5.6.5 07/08/2015
      [  306.528284] RIP: 0010:nf_tables_dump_obj+0x52c/0xa70 [nf_tables]
      [  306.528284] RSP: 0018:ffff8800b6cb7520 EFLAGS: 00010246
      [  306.528284] RAX: 0000000000000000 RBX: ffff8800b6c49820 RCX: 0000000000000000
      [  306.528284] RDX: 0000000000000000 RSI: dffffc0000000000 RDI: ffffed0016d96e9a
      [  306.528284] RBP: ffff8800b6cb75c0 R08: ffffed00236fce7c R09: ffffed00236fce7b
      [  306.528284] R10: ffffffff9f6241e8 R11: ffffed00236fce7c R12: ffff880111365108
      [  306.528284] R13: 0000000000000000 R14: ffff8800b6c49860 R15: ffff8800b6c49860
      [  306.528284] FS:  00007f838b007700(0000) GS:ffff88011b600000(0000) knlGS:0000000000000000
      [  306.528284] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [  306.528284] CR2: 00007ffeafabcf78 CR3: 00000000b6cbe000 CR4: 00000000001006f0
      [  306.528284] Call Trace:
      [  306.528284]  netlink_dump+0x470/0xa20
      [  306.528284]  __netlink_dump_start+0x5ae/0x690
      [  306.528284]  ? nf_tables_getobj+0x1b3/0x740 [nf_tables]
      [  306.528284]  nf_tables_getobj+0x2f5/0x740 [nf_tables]
      [  306.528284]  ? nft_obj_notify+0x100/0x100 [nf_tables]
      [  306.528284]  ? nf_tables_getobj+0x740/0x740 [nf_tables]
      [  306.528284]  ? nf_tables_dump_flowtable_done+0x70/0x70 [nf_tables]
      [  306.528284]  ? nft_obj_notify+0x100/0x100 [nf_tables]
      [  306.528284]  nfnetlink_rcv_msg+0x8ff/0x932 [nfnetlink]
      [  306.528284]  ? nfnetlink_rcv_msg+0x216/0x932 [nfnetlink]
      [  306.528284]  netlink_rcv_skb+0x1c9/0x2f0
      [  306.528284]  ? nfnetlink_bind+0x1d0/0x1d0 [nfnetlink]
      [  306.528284]  ? debug_check_no_locks_freed+0x270/0x270
      [  306.528284]  ? netlink_ack+0x7a0/0x7a0
      [  306.528284]  ? ns_capable_common+0x6e/0x110
      [ ... ]
      
      Fixes: e46abbcc ("netfilter: nf_tables: Allow table names of up to 255 chars")
      Signed-off-by: default avatarTaehee Yoo <ap420073@gmail.com>
      Acked-by: default avatarFlorian Westphal <fw@strlen.de>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      360cc79d
    • Pablo Neira Ayuso's avatar
      netfilter: nf_tables: disable preemption in nft_update_chain_stats() · ad9d9e85
      Pablo Neira Ayuso authored
      This patch fixes the following splat.
      
      [118709.054937] BUG: using smp_processor_id() in preemptible [00000000] code: test/1571
      [118709.054970] caller is nft_update_chain_stats.isra.4+0x53/0x97 [nf_tables]
      [118709.054980] CPU: 2 PID: 1571 Comm: test Not tainted 4.17.0-rc6+ #335
      [...]
      [118709.054992] Call Trace:
      [118709.055011]  dump_stack+0x5f/0x86
      [118709.055026]  check_preemption_disabled+0xd4/0xe4
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      ad9d9e85
  7. 26 May, 2018 9 commits