Commit Graph

796979 Commits

Author SHA1 Message Date
Nayna Jain
60740accf7 integrity: Load certs to the platform keyring
The patch refactors integrity_load_x509(), making it a wrapper for a new
function named integrity_add_key(). This patch also defines a new
function named integrity_load_cert() for loading the platform keys.

Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Acked-by: Serge Hallyn <serge@hallyn.com>
Reviewed-by: James Morris <james.morris@microsoft.com>
Reviewed-by: Thiago Jung Bauermann <bauerman@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2018-12-12 22:02:54 -05:00
Nayna Jain
9dc92c4517 integrity: Define a trusted platform keyring
On secure boot enabled systems, a verified kernel may need to kexec
additional kernels. For example, it may be used as a bootloader needing
to kexec a target kernel or it may need to kexec a crashdump kernel. In
such cases, it may want to verify the signature of the next kernel
image.

It is further possible that the kernel image is signed with third party
keys which are stored as platform or firmware keys in the 'db' variable.
The kernel, however, can not directly verify these platform keys, and an
administrator may therefore not want to trust them for arbitrary usage.
In order to differentiate platform keys from other keys and provide the
necessary separation of trust, the kernel needs an additional keyring to
store platform keys.

This patch creates the new keyring called ".platform" to isolate keys
provided by platform from keys by kernel. These keys are used to
facilitate signature verification during kexec. Since the scope of this
keyring is only the platform/firmware keys, it cannot be updated from
userspace.

This keyring can be enabled by setting CONFIG_INTEGRITY_PLATFORM_KEYRING.

Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Acked-by: Serge Hallyn <serge@hallyn.com>
Reviewed-by: James Morris <james.morris@microsoft.com>
Reviewed-by: Thiago Jung Bauermann <bauerman@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2018-12-12 22:02:28 -05:00
Mimi Zohar
a802ed0dd9 selftests/ima: kexec_load syscall test
The kernel CONFIG_KEXEC_VERIFY_SIG option is limited to verifying a
kernel image's signature, when loaded via the kexec_file_load syscall.
There is no method for verifying a kernel image's signature loaded
via the kexec_load syscall.

This test verifies loading the kernel image via the kexec_load syscall
fails when the kernel CONFIG_KEXEC_VERIFY_SIG option is enabled on
systems with secureboot enabled[1].

[1] Detecting secureboot enabled is architecture specific.

Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2018-12-11 07:19:47 -05:00
Mimi Zohar
060190fbe6 ima: don't measure/appraise files on efivarfs
Update the builtin IMA policies specified on the boot command line
(eg. ima_policy="tcb|appraise_tcb") to permit accessing efivar files.

Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2018-12-11 07:19:46 -05:00
Mimi Zohar
399574c64e x86/ima: retry detecting secure boot mode
The secure boot mode may not be detected on boot for some reason (eg.
buggy firmware).  This patch attempts one more time to detect the
secure boot mode.

Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2018-12-11 07:19:45 -05:00
Stefan Berger
4264f27a08 docs: Extend trusted keys documentation for TPM 2.0
Extend the documentation for trusted keys with documentation for how to
set up a key for a TPM 2.0 so it can be used with a TPM 2.0 as well.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
Acked-by: Dan Williams <dan.j.williams@intel.com>
Acked-by: Jerry Snitselaar <jsnitsel@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2018-12-11 07:13:42 -05:00
Eric Richter
d958083a8f x86/ima: define arch_get_ima_policy() for x86
On x86, there are two methods of verifying a kexec'ed kernel image
signature being loaded via the kexec_file_load syscall - an architecture
specific implementaton or a IMA KEXEC_KERNEL_CHECK appraisal rule. Neither
of these methods verify the kexec'ed kernel image signature being loaded
via the kexec_load syscall.

Secure boot enabled systems require kexec images to be signed. Therefore,
this patch loads an IMA KEXEC_KERNEL_CHECK policy rule on secure boot
enabled systems not configured with CONFIG_KEXEC_VERIFY_SIG enabled.

When IMA_APPRAISE_BOOTPARAM is configured, different IMA appraise modes
(eg. fix, log) can be specified on the boot command line, allowing unsigned
or invalidly signed kernel images to be kexec'ed. This patch permits
enabling IMA_APPRAISE_BOOTPARAM or IMA_ARCH_POLICY, but not both.

Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Cc: David Howells <dhowells@redhat.com>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: Peter Jones <pjones@redhat.com>
Cc: Vivek Goyal <vgoyal@redhat.com>
Cc: Dave Young <dyoung@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2018-12-11 07:13:41 -05:00
Nayna Jain
6191706246 ima: add support for arch specific policies
Builtin IMA policies can be enabled on the boot command line, and replaced
with a custom policy, normally during early boot in the initramfs. Build
time IMA policy rules were recently added. These rules are automatically
enabled on boot and persist after loading a custom policy.

There is a need for yet another type of policy, an architecture specific
policy, which is derived at runtime during kernel boot, based on the
runtime secure boot flags.  Like the build time policy rules, these rules
persist after loading a custom policy.

This patch adds support for loading an architecture specific IMA policy.

Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Co-Developed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2018-12-11 07:13:40 -05:00
Nayna Jain
c52657d93b ima: refactor ima_init_policy()
This patch removes the code duplication in ima_init_policy() by defining
a new function named add_rules(). The new function adds the rules to the
initial IMA policy, the custom policy or both based on the policy mask
(IMA_DEFAULT_POLICY, IMA_CUSTOM_POLICY).

Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2018-12-11 07:13:39 -05:00
Nayna Jain
b5ca117365 ima: prevent kexec_load syscall based on runtime secureboot flag
When CONFIG_KEXEC_VERIFY_SIG is enabled, the kexec_file_load syscall
requires the kexec'd kernel image to be signed. Distros are concerned
about totally disabling the kexec_load syscall. As a compromise, the
kexec_load syscall will only be disabled when CONFIG_KEXEC_VERIFY_SIG
is configured and the system is booted with secureboot enabled.

This patch disables the kexec_load syscall only for systems booted with
secureboot enabled.

[zohar@linux.ibm.com: add missing mesage on kexec_load failure]
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Cc: David Howells <dhowells@redhat.com>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: Peter Jones <pjones@redhat.com>
Cc: Vivek Goyal <vgoyal@redhat.com>
Cc: Dave Young <dyoung@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2018-12-11 07:10:33 -05:00
Nayna Jain
0914ade209 x86/ima: define arch_ima_get_secureboot
Distros are concerned about totally disabling the kexec_load syscall.
As a compromise, the kexec_load syscall will only be disabled when
CONFIG_KEXEC_VERIFY_SIG is configured and the system is booted with
secureboot enabled.

This patch defines the new arch specific function called
arch_ima_get_secureboot() to retrieve the secureboot state of the system.

Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
Suggested-by: Seth Forshee <seth.forshee@canonical.com>
Cc: David Howells <dhowells@redhat.com>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: Peter Jones <pjones@redhat.com>
Cc: Vivek Goyal <vgoyal@redhat.com>
Cc: Dave Young <dyoung@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2018-11-13 07:38:45 -05:00
Mimi Zohar
59637d5e16 integrity: support new struct public_key_signature encoding field
On systems with IMA-appraisal enabled with a policy requiring file
signatures, the "good" signature values are stored on the filesystem as
extended attributes (security.ima).  Signature verification failure
would normally be limited to just a particular file (eg. executable),
but during boot signature verification failure could result in a system
hang.

Defining and requiring a new public_key_signature field requires all
callers of asymmetric signature verification to be updated to reflect
the change.  This patch updates the integrity asymmetric_verify()
caller.

Fixes: 82f94f2447 ("KEYS: Provide software public key query function [ver #2]")
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Cc: David Howells <dhowells@redhat.com>
Acked-by: Denis Kenzior <denkenz@gmail.com>
2018-11-13 07:37:42 -05:00
James Morris
26b76320a8 Linux 4.20-rc2
-----BEGIN PGP SIGNATURE-----
 
 iQFSBAABCAA8FiEEq68RxlopcLEwq+PEeb4+QwBBGIYFAlvot3YeHHRvcnZhbGRz
 QGxpbnV4LWZvdW5kYXRpb24ub3JnAAoJEHm+PkMAQRiGVa4H/RLy9aCJm2ZsMksK
 JP+m1WDR3gDgcUTlKS1uXxRgCV6+nUORhvrP9ywxR0NJu2dBNSXjEUsE3Mp4z81F
 ncoAL+8Su4cpMPk2MXdRaadXtZpU3kFCB/DLq7mz/cH3ypTNYyjLpiu1I/93KRsd
 3XU5VGvZOT9WhTO4IZ2xyQtX4itEv+RqE0CcFA24Hrs1P1RA4iZB21xWfdFnxdLC
 xWlyEbDoi/jK0hkwk//J6XOof/MCQoltRMgyvn+i/p8tFsJGuH047TMKzkwJbuoy
 2KwHz63hBYR+I00HmLTs5gvGJWset4IX+DDKIW84ROTuXsl2PVIBddKUeZCKFUv9
 oRQxRj8=
 =xfUU
 -----END PGP SIGNATURE-----

Merge tag 'v4.20-rc2' into next-general

Sync to Linux 4.20-rc2 for downstream developers.
2018-11-12 09:07:41 -08:00
Linus Torvalds
ccda4af0f4 Linux 4.20-rc2 2018-11-11 17:12:31 -06:00
Linus Torvalds
7a3765ed66 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:
 "One last pull request before heading to Vancouver for LPC, here we have:

   1) Don't forget to free VSI contexts during ice driver unload, from
      Victor Raj.

   2) Don't forget napi delete calls during device remove in ice driver,
      from Dave Ertman.

   3) Don't request VLAN tag insertion of ibmvnic device when SKB
      doesn't have VLAN tags at all.

   4) IPV4 frag handling code has to accomodate the situation where two
      threads try to insert the same fragment into the hash table at the
      same time. From Eric Dumazet.

   5) Relatedly, don't flow separate on protocol ports for fragmented
      frames, also from Eric Dumazet.

   6) Memory leaks in qed driver, from Denis Bolotin.

   7) Correct valid MTU range in smsc95xx driver, from Stefan Wahren.

   8) Validate cls_flower nested policies properly, from Jakub Kicinski.

   9) Clearing of stats counters in mc88e6xxx driver doesn't retain
      important bits in the G1_STATS_OP register causing the chip to
      hang. Fix from Andrew Lunn"

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (41 commits)
  act_mirred: clear skb->tstamp on redirect
  net: dsa: mv88e6xxx: Fix clearing of stats counters
  tipc: fix link re-establish failure
  net: sched: cls_flower: validate nested enc_opts_policy to avoid warning
  net: mvneta: correct typo
  flow_dissector: do not dissect l4 ports for fragments
  net: qualcomm: rmnet: Fix incorrect assignment of real_dev
  net: aquantia: allow rx checksum offload configuration
  net: aquantia: invalid checksumm offload implementation
  net: aquantia: fixed enable unicast on 32 macvlan
  net: aquantia: fix potential IOMMU fault after driver unbind
  net: aquantia: synchronized flow control between mac/phy
  net: smsc95xx: Fix MTU range
  net: stmmac: Fix RX packet size > 8191
  qed: Fix potential memory corruption
  qed: Fix SPQ entries not returned to pool in error flows
  qed: Fix blocking/unlimited SPQ entries leak
  qed: Fix memory/entry leak in qed_init_sp_request()
  inet: frags: better deal with smp races
  net: hns3: bugfix for not checking return value
  ...
2018-11-11 17:09:48 -06:00
Linus Torvalds
e12e00e388 Kbuild fixes for v4.20
- fix build errors in binrpm-pkg and bindeb-pkg targets
 
  - fix false positive matches in merge_config.sh
 
  - fix build version mismatch in deb-pkg target
 
  - fix dtbs_install handling in (bin)deb-pkg target
 
  - revert a commit that allows setlocalversion to write to source tree
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJb6F89AAoJED2LAQed4NsGbO0P/0MIDTnZ3jG4TkoyZNc0TG0k
 WXsk/UxHqhbWbYOrnn7D2C6kqYu9qVLzZmixP1/Z3l6hKYs3NTDKaFOyanmoFNC2
 UsexSmXFOCPF9tzzRROGVi5pZwEA8wfUIuSy6S7UosVps2gjh10cefwiXGYSJljy
 crZusbxJcTJFTXzdAMMRI5R2EzUOPylgeoCAFaCZT6NLo6caYkgBDhCsKFjGTZ1e
 ooTEWEVwWv34S5mxuCCXmdpCikLcCOL2SmxCPBlj0SXhERb/HW1FlukiVY/mdth+
 B5K4E6huIIgrPMowReGE4kPD4sR6d1+Zsjn9gjfchrSuHkOSg3K0GnTlyPTz+hkc
 eij1XTl6qwlbHdYx9aPqo7kF34OIU6rf9OwsGp+/9fHLPRtHonyWM/kurrKW6wSV
 zBvFNTRfe9nTfffSPowW6KAvlr43wf40HC3zZN6KsMKznQ1F1Lvnd5VGNAg64ykt
 ex++W217qRrRvYpyJML0R1pAyEl6GFIqZ+J99iB6kmP/wyJeOQyflA/DKH79xR3B
 w1RXCqR5+4VwKFonkS99KY/H+zPwMH9NnClB8Y5iH18pmdhtwvk8bIfvmgQF/lBC
 g9nLXz856JiEwjO4MOUvhCqeHmgK4F1wNoXKCgbWobNLVVujaG0NQ71jyz3eYyri
 UrTgUM2axQ6gyeGIDSWy
 =Fj3R
 -----END PGP SIGNATURE-----

Merge tag 'kbuild-fixes-v4.20' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild

Pull Kbuild fixes from Masahiro Yamada:

 - fix build errors in binrpm-pkg and bindeb-pkg targets

 - fix false positive matches in merge_config.sh

 - fix build version mismatch in deb-pkg target

 - fix dtbs_install handling in (bin)deb-pkg target

 - revert a commit that allows setlocalversion to write to source tree

* tag 'kbuild-fixes-v4.20' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
  builddeb: Fix inclusion of dtbs in debian package
  Revert "scripts/setlocalversion: git: Make -dirty check more robust"
  kbuild: deb-pkg: fix too low build version number
  kconfig: merge_config: avoid false positive matches from comment lines
  kbuild: deb-pkg: fix bindeb-pkg breakage when O= is used
  kbuild: rpm-pkg: fix binrpm-pkg breakage when O= is used
2018-11-11 16:57:55 -06:00
Linus Torvalds
63a42e1a5c for-4.20-rc1-tag
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEE8rQSAMVO+zA4DBdWxWXV+ddtWDsFAlvoGIUACgkQxWXV+ddt
 WDta6g//UJSLnVskCUwh8VyMdd47QArQnaLJowOH7wQn4Nqj+2hf04mCq/kv05ed
 OneTezzONZc/qW9fiJGS+Dp77ln4JIDA1hWHtb/A4t9pYlksSQllJ3oiDUVsCp3q
 2EbzrjuNz3iQO6TjKlaHX473CLCMQMXS2OXOUnCkF2maMJSdr86oi+j1UiSnud1/
 C7uMYM3hG8nkfEfjjb1COpkS2MmzYcPruF5RDcbT/WOUfylTsjjX1E7rK/ZEqS9P
 SUcp4uoZe9BNoyWMASLaM7oHE82day4X9MwQoCQFRcm0kq4CnRAZ8X4lBl+M70iW
 7Olii/wNZ2SRiJf3jac/rpxoBHvEskXTHyiHTEmdHp4n1L1pL9GzGYIePQcX7uV1
 Tb6ImdUUKCC//fPqyeB7cEk5yxqahmlFD3qZVs6GnQkzKrPE+ChLx+7PgcJC/XVh
 C5ogNmJm+NvFOuTrYk9zSXg85B8gWHescDJrvNKVizIjw3nKmqiC+dXZljhzw+p8
 HscK9EXsiS8jW9ClfJljXzIa4SeA/i7fQGe4tCKfIrCQ+OqUxWpFCEoxygchinfF
 Rw90fJ0jX083oXsnfFcVdQpQ+SLSKka/aIRMvi58WRgLU3trci5NNN4TFg8TYRKP
 xBDF/iF3sqXajc+xsjoqLhLioZL3Pa5VDNuhsFdois9M5JSRekU=
 =K14u
 -----END PGP SIGNATURE-----

Merge tag 'for-4.20-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux

Pull btrfs fixes from David Sterba:
 "Several fixes to recent release (4.19, fixes tagged for stable) and
  other fixes"

* tag 'for-4.20-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
  Btrfs: fix missing delayed iputs on unmount
  Btrfs: fix data corruption due to cloning of eof block
  Btrfs: fix infinite loop on inode eviction after deduplication of eof block
  Btrfs: fix deadlock on tree root leaf when finding free extent
  btrfs: avoid link error with CONFIG_NO_AUTO_INLINE
  btrfs: tree-checker: Fix misleading group system information
  Btrfs: fix missing data checksums after a ranged fsync (msync)
  btrfs: fix pinned underflow after transaction aborted
  Btrfs: fix cur_offset in the error case for nocow
2018-11-11 16:54:38 -06:00
Linus Torvalds
c140f8b072 A large number of ext4 bug fixes, mostly buffer and memory leaks on
error return cleanup paths.
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEK2m5VNv+CHkogTfJ8vlZVpUNgaMFAlvoFrEACgkQ8vlZVpUN
 gaMTSQf+Ogrvm7pfWtXf+RkmhhuyR26T+Hwxgl51m5bKetJBjEsh0qOaIfo7etwG
 aLc1x/pWng2VTCHk4z0Ij9KS8YwLK3sQCBYZoJFyT/R09yGgAhLm+xP5j38WLqrX
 h4GxVgekHSATkG95N/So7F7pQiz7gDowgbaYFW3PooXPoHJnCnTzcr7TGFAQBZAw
 iR+8+KtH5E8IcC7Jj40nemk7Wib45DgaeGpP5P9Ct/Jw7hW+Mwhf56NYOWkLdHyy
 4Kt7rm1Sbxam8k3nksNmIwx28bw+S0Ew1zZgkwgAcKcHaWdrv3TtGPkOA26AH+S3
 UVeORM7xH+zXslIOyFK+7sXUZr5LiQ==
 =BaBl
 -----END PGP SIGNATURE-----

Merge tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4

Pull ext4 fixes from Ted Ts'o:
 "A large number of ext4 bug fixes, mostly buffer and memory leaks on
  error return cleanup paths"

* tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
  ext4: missing !bh check in ext4_xattr_inode_write()
  ext4: fix buffer leak in __ext4_read_dirblock() on error path
  ext4: fix buffer leak in ext4_expand_extra_isize_ea() on error path
  ext4: fix buffer leak in ext4_xattr_move_to_block() on error path
  ext4: release bs.bh before re-using in ext4_xattr_block_find()
  ext4: fix buffer leak in ext4_xattr_get_block() on error path
  ext4: fix possible leak of s_journal_flag_rwsem in error path
  ext4: fix possible leak of sbi->s_group_desc_leak in error path
  ext4: remove unneeded brelse call in ext4_xattr_inode_update_ref()
  ext4: avoid possible double brelse() in add_new_gdb() on error path
  ext4: avoid buffer leak in ext4_orphan_add() after prior errors
  ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty()
  ext4: fix possible inode leak in the retry loop of ext4_resize_fs()
  ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing
  ext4: add missing brelse() update_backups()'s error path
  ext4: add missing brelse() add_new_gdb_meta_bg()'s error path
  ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path
  ext4: avoid potential extra brelse in setup_new_flex_group_blocks()
2018-11-11 16:53:02 -06:00
Linus Torvalds
b6df7b6db1 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fixes from Thomas Gleixner:
 "A set of x86 fixes:

   - Cure the LDT remapping to user space on 5 level paging which ended
     up in the KASLR space

   - Remove LDT mapping before freeing the LDT pages

   - Make NFIT MCE handling more robust

   - Unbreak the VSMP build by removing the dependency on paravirt ops

   - Support broken PIT emulation on Microsoft hyperV

   - Don't trace vmware_sched_clock() to avoid tracer recursion

   - Remove -pipe from KBUILD CFLAGS which breaks clang and is also
     slower on GCC

   - Trivial coding style and typo fixes"

* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/cpu/vmware: Do not trace vmware_sched_clock()
  x86/vsmp: Remove dependency on pv_irq_ops
  x86/ldt: Remove unused variable in map_ldt_struct()
  x86/ldt: Unmap PTEs for the slot before freeing LDT pages
  x86/mm: Move LDT remap out of KASLR region on 5-level paging
  acpi/nfit, x86/mce: Validate a MCE's address before using it
  acpi/nfit, x86/mce: Handle only uncorrectable machine checks
  x86/build: Remove -pipe from KBUILD_CFLAGS
  x86/hyper-v: Fix indentation in hv_do_fast_hypercall16()
  Documentation/x86: Fix typo in zero-page.txt
  x86/hyper-v: Enable PIT shutdown quirk
  clockevents/drivers/i8253: Add support for PIT shutdown quirk
2018-11-11 16:41:50 -06:00
Linus Torvalds
655c6b9777 Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull perf fixes from Thomas Gleixner:
 "A bunch of perf tooling fixes:

   - Make the Intel PT SQL viewer more robust

   - Make the Intel PT debug log more useful

   - Support weak groups in perf record so it's behaving the same way as
     perf stat

   - Display the LBR stats in callchain entries properly in perf top

   - Handle different PMu names with common prefix properlin in pert
     stat

   - Start syscall augmenting in perf trace. Preparation for
     architecture independent eBPF instrumentation of syscalls.

   - Fix build breakage in JVMTI perf lib

   - Fix arm64 tools build failure wrt smp_load_{acquire,release}"

* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  perf tools: Do not zero sample_id_all for group members
  perf tools: Fix undefined symbol scnprintf in libperf-jvmti.so
  perf beauty: Use SRCARCH, ARCH=x86_64 must map to "x86" to find the headers
  perf intel-pt: Add MTC and CYC timestamps to debug log
  perf intel-pt: Add more event information to debug log
  perf scripts python: exported-sql-viewer.py: Fix table find when table re-ordered
  perf scripts python: exported-sql-viewer.py: Add help window
  perf scripts python: exported-sql-viewer.py: Add Selected branches report
  perf scripts python: exported-sql-viewer.py: Fall back to /usr/local/lib/libxed.so
  perf top: Display the LBR stats in callchain entry
  perf stat: Handle different PMU names with common prefix
  perf record: Support weak groups
  perf evlist: Move perf_evsel__reset_weak_group into evlist
  perf augmented_syscalls: Start collecting pathnames in the BPF program
  perf trace: Fix setting of augmented payload when using eBPF + raw_syscalls
  perf trace: When augmenting raw_syscalls plug raw_syscalls:sys_exit too
  perf examples bpf: Start augmenting raw_syscalls:sys_{start,exit}
  tools headers barrier: Fix arm64 tools build failure wrt smp_load_{acquire,release}
2018-11-11 16:39:12 -06:00
Linus Torvalds
08b5278650 Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull timer fix from Thomas Gleixner:
 "Just the removal of a redundant call into the sched deadline overrun
  check"

* 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  posix-cpu-timers: Remove useless call to check_dl_overrun()
2018-11-11 16:37:41 -06:00
Linus Torvalds
024d4d4c0c Merge branch 'sched/urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull scheduler fixes from Thomas Gleixner:
 "Two small scheduler fixes:

   - Take hotplug lock in sched_init_smp(). Technically not really
     required, but lockdep will complain other.

   - Trivial comment fix in sched/fair"

* 'sched/urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  sched/fair: Fix a comment in task_numa_fault()
  sched/core: Take the hotplug lock in sched_init_smp()
2018-11-11 16:33:00 -06:00
Linus Torvalds
1acf93ca6c Merge branch 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull locking build fix from Thomas Gleixner:
 "A single fix for a build fail with CONFIG_PROFILE_ALL_BRANCHES=y in
  the qspinlock code"

* 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/qspinlock: Fix compile error
2018-11-11 16:18:10 -06:00
Linus Torvalds
0b002cdd50 Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull core fixes from Thomas Gleixner:
 "A couple of fixlets for the core:

   - Kernel doc function documentation fixes

   - Missing prototypes for weak watchdog functions"

* 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  resource/docs: Complete kernel-doc style function documentation
  watchdog/core: Add missing prototypes for weak functions
  resource/docs: Fix new kernel-doc warnings
2018-11-11 16:14:05 -06:00
Eric Dumazet
7236ead1b1 act_mirred: clear skb->tstamp on redirect
If sch_fq is used at ingress, skbs that might have been
timestamped by net_timestamp_set() if a packet capture
is requesting timestamps could be delayed by arbitrary
amount of time, since sch_fq time base is MONOTONIC.

Fix this problem by moving code from sch_netem.c to act_mirred.c.

Fixes: fb420d5d91 ("tcp/fq: move back to CLOCK_MONOTONIC")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-11-11 10:21:31 -08:00
Andrew Lunn
a9049ff921 net: dsa: mv88e6xxx: Fix clearing of stats counters
The mv88e6161 would sometime fail to probe with a timeout waiting for
the switch to complete an operation. This operation is supposed to
clear the statistics counters. However, due to a read/modify/write,
without the needed mask, the operation actually carried out was more
random, with invalid parameters, resulting in the switch not
responding. We need to preserve the histogram mode bits, so apply a
mask to keep them.

Reported-by: Chris Healy <Chris.Healy@zii.aero>
Fixes: 40cff8fca9 ("net: dsa: mv88e6xxx: Fix stats histogram mode")
Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-11-11 10:19:10 -08:00
Jon Maloy
7ab412d33b tipc: fix link re-establish failure
When a link failure is detected locally, the link is reset, the flag
link->in_session is set to false, and a RESET_MSG with the 'stopping'
bit set is sent to the peer.

The purpose of this bit is to inform the peer that this endpoint just
is going down, and that the peer should handle the reception of this
particular RESET message as a local failure. This forces the peer to
accept another RESET or ACTIVATE message from this endpoint before it
can re-establish the link. This again is necessary to ensure that
link session numbers are properly exchanged before the link comes up
again.

If a failure is detected locally at the same time at the peer endpoint
this will do the same, which is also a correct behavior.

However, when receiving such messages, the endpoints will not
distinguish between 'stopping' RESETs and ordinary ones when it comes
to updating session numbers. Both endpoints will copy the received
session number and set their 'in_session' flags to true at the
reception, while they are still expecting another RESET from the
peer before they can go ahead and re-establish. This is contradictory,
since, after applying the validation check referred to below, the
'in_session' flag will cause rejection of all such messages, and the
link will never come up again.

We now fix this by not only handling received RESET/STOPPING messages
as a local failure, but also by omitting to set a new session number
and the 'in_session' flag in such cases.

Fixes: 7ea817f4e8 ("tipc: check session number before accepting link protocol messages")
Signed-off-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-11-11 10:03:38 -08:00
Rob Herring
d5615e472d builddeb: Fix inclusion of dtbs in debian package
Commit 37c8a5fafa ("kbuild: consolidate Devicetree dtb build rules")
moved the location of 'dtbs_install' target which caused dtbs to not be
installed when building debian package with 'bindeb-pkg' target. Update
the builddeb script to use the same logic that determines if there's a
'dtbs_install' target which is presence of the arch dts directory. Also,
use CONFIG_OF_EARLY_FLATTREE instead of CONFIG_OF as that's a better
indication of whether we are building dtbs.

This commit will also have the side effect of installing dtbs on any
arch that has dts files. Previously, it was dependent on whether the
arch defined 'dtbs_install'.

Fixes: 37c8a5fafa ("kbuild: consolidate Devicetree dtb build rules")
Reported-by: Nuno Gonçalves <nunojpg@gmail.com>
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
2018-11-11 23:04:53 +09:00
Guenter Roeck
8ef14c2c41 Revert "scripts/setlocalversion: git: Make -dirty check more robust"
This reverts commit 6147b1cf19.

The reverted patch results in attempted write access to the source
repository, even if that repository is mounted read-only.

Output from "strace git status -uno --porcelain":

getcwd("/tmp/linux-test", 129)          = 16
open("/tmp/linux-test/.git/index.lock", O_RDWR|O_CREAT|O_EXCL|O_CLOEXEC, 0666) =
	-1 EROFS (Read-only file system)

While git appears to be able to handle this situation, a monitored
build environment (such as the one used for Chrome OS kernel builds)
may detect it and bail out with an access violation error. On top of
that, the attempted write access suggests that git _will_ write to the
file even if a build output directory is specified. Users may have the
reasonable expectation that the source repository remains untouched in
that situation.

Fixes: 6147b1cf19 ("scripts/setlocalversion: git: Make -dirty check more robust"
Cc: Genki Sky <sky@genki.is>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Reviewed-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
2018-11-11 23:04:52 +09:00
Masahiro Yamada
bbcde0a724 kbuild: deb-pkg: fix too low build version number
Since commit b41d920acf ("kbuild: deb-pkg: split generating packaging
and build"), the build version of the kernel contained in a deb package
is too low by 1.

Prior to the bad commit, the kernel was built first, then the number
in .version file was read out, and written into the debian control file.

Now, the debian control file is created before the kernel is actually
compiled, which is causing the version number mismatch.

Let the mkdebian script pass KBUILD_BUILD_VERSION=${revision} to require
the build system to use the specified version number.

Fixes: b41d920acf ("kbuild: deb-pkg: split generating packaging and build")
Reported-by: Doug Smythies <dsmythies@telus.net>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Tested-by: Doug Smythies <dsmythies@telus.net>
2018-11-11 23:04:52 +09:00
Masahiro Yamada
6bbe4385d0 kconfig: merge_config: avoid false positive matches from comment lines
The current SED_CONFIG_EXP could match to comment lines in config
fragment files, especially when CONFIG_PREFIX_ is empty. For example,
Buildroot uses empty prefixing; starting symbols with BR2_ is just
convention.

Make the sed expression more robust against false positives from
comment lines. The new sed expression matches to only valid patterns.

Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2018-11-11 23:04:51 +09:00
Linus Torvalds
e255aee5b6 TTY/Serial fixes for 4.20-rc2
Here are some small tty fixes for 4.20-rc2
 
 One of these missed the original 4.19-final release, I missed that I
 hadn't done a pull request for it as it was in linux-next and my branch
 for a long time, that's my fault.
 
 The others are small, fixing some reported issues and finally fixing the
 termios mess for alpha so that glibc has a chance to implement some
 missing functionality that has been pending for many years now.
 
 All of these have been in linux-next with no reported issues.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCW+cpjw8cZ3JlZ0Brcm9h
 aC5jb20ACgkQMUfUDdst+ymcQQCgt4IbK1wm/bxZqikhg64GS7J7IdkAoLoK1gKi
 Sq+KsJX2qr4GuAcxJIjr
 =uyeQ
 -----END PGP SIGNATURE-----

Merge tag 'tty-4.20-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty

Pull tty/serial fixes from Greg KH:
 "Here are some small tty fixes for 4.20-rc2

  One of these missed the original 4.19-final release, I missed that I
  hadn't done a pull request for it as it was in linux-next and my
  branch for a long time, that's my fault.

  The others are small, fixing some reported issues and finally fixing
  the termios mess for alpha so that glibc has a chance to implement
  some missing functionality that has been pending for many years now.

  All of these have been in linux-next with no reported issues"

* tag 'tty-4.20-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
  serial: sh-sci: Fix could not remove dev_attr_rx_fifo_timeout
  arch/alpha, termios: implement BOTHER, IBSHIFT and termios2
  termios, tty/tty_baudrate.c: fix buffer overrun
  vt: fix broken display when running aptitude
  serial: sh-sci: Fix receive on SCIFA/SCIFB variants with DMA
2018-11-10 13:32:14 -06:00
Linus Torvalds
20ef6d06ef drm: i915, amdgpu, sun4i, exynos and etnaviv fixes
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJb5yW/AAoJEAx081l5xIa+UNgQAJeOCWyi87JD02yEbU1Ok0sD
 IirzTRZrA0Yz3KQt3W3piHgtTVD9VBbP3pU3U/3xXdMiHuPFTAowaom8dUCKExbH
 XuTnfdswqSCjBTMgNseCqBP5sTnLx/uNaw9x6KpaYIkpe9c0hCQ9ND8HWk339eLs
 UEgHGWvC6NTJ3vjG/iKmoamp4Pbw3v5ELEz4rzs/GHmUAdU2+vDh4UPf4KnVwxGe
 Dk4kjI6ijCB/xXS5Zzpj6m4SMPILyMs4CsSNXrW31o2+WkTWaMpgJgMWzufVF3Va
 0r6KSbXPkaJSNnIqRiTdnRR048/fx1FgVbHJsYkzKRSh9WTYjlxsjoGJNiu5TNIi
 ibkDeBG6Ve3XFt6spSQJCQE0vFGNKoJuXnI8n97/OH4d6VoXKm96vwy+rP5w3jhg
 Jv0/V+8qRf7rqOXwQoX+2OJdwvxX+tzKwdTqxFgCm5W4/UjCp6junJxyXyOU9CrL
 OPYWYq2Ooqn2aeuUBTf5TdtbpaReTbBtQ0OQZM4fFpCdl2Qnfx5mwMgTzXLWos1x
 kWdzUkFKAS8w3p7oZDiLvGc0lU7GTxOOc8EAfoeNJPud6ONinIVwj+6EC2AKPldG
 NuX+HZSemF0iE4dN44+646qBP0fubVlrquF2pn/QJQ729d3tL5kHG/8paxzZzNmB
 1hMpHKHoYOsghKbQ8xz/
 =2/8D
 -----END PGP SIGNATURE-----

Merge tag 'drm-fixes-2018-11-11' of git://anongit.freedesktop.org/drm/drm

Pull drm fixes from Dave Airlie:
 "drm: i915, amdgpu, sun4i, exynos and etnaviv fixes:

   - amdgpu has some display fixes, KFD ioctl fixes and a Vega20 bios
     interaction fix.

   - sun4i has some NULL checks added

   - i915 has a 32-bit system fix, LPE audio oops, and HDMI2.0 clock
     fixes.

   - Exynos has a 3 regression fixes (one frame counter, fbdev missing,
     dsi->panel check)

   - Etnaviv has a single fencing fix for GPU recovery"

* tag 'drm-fixes-2018-11-11' of git://anongit.freedesktop.org/drm/drm: (39 commits)
  drm/amd/amdgpu/dm: Fix dm_dp_create_fake_mst_encoder()
  drm/amd/display: Drop reusing drm connector for MST
  drm/amd/display: Cleanup MST non-atomic code workaround
  drm/amd/powerplay: always use fast UCLK switching when UCLK DPM enabled
  drm/amd/powerplay: set a default fclk/gfxclk ratio
  drm/amdgpu/display/dce11: only enable FBC when selected
  drm/amdgpu/display/dm: handle FBC dc feature parameter
  drm/amdgpu/display/dc: add FBC to dc_config
  drm/amdgpu: add DC feature mask module parameter
  drm/amdgpu/display: check if fbc is available in set_static_screen_control (v2)
  drm/amdgpu/vega20: add CLK base offset
  drm/amd/display: Stop leaking planes
  drm/amd/display: Fix misleading buffer information
  Revert "drm/amd/display: set backlight level limit to 1"
  drm/amd: Update atom_smu_info_v3_3 structure
  drm/i915: Fix ilk+ watermarks when disabling pipes
  drm/sun4i: tcon: prevent tcon->panel dereference if NULL
  drm/sun4i: tcon: fix check of tcon->panel null pointer
  drm/i915: Don't oops during modeset shutdown after lpe audio deinit
  drm/i915: Mark pin flags as u64
  ...
2018-11-10 13:29:47 -06:00
Linus Torvalds
1de4f2ef21 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
Pull namespace fixes from Eric Biederman:
 "I believe all of these are simple obviously correct bug fixes. These
  fall into two groups:

   - Fixing the implementation of MNT_LOCKED which prevents lesser
     privileged users from seeing unders mounts created by more
     privileged users.

   - Fixing the extended uid and group mapping in user namespaces.

  As well as ensuring the code looks correct I have spot tested these
  changes as well and in my testing the fixes are working"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
  mount: Prevent MNT_DETACH from disconnecting locked mounts
  mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts
  mount: Retest MNT_LOCKED in do_umount
  userns: also map extents in the reverse map to kernel IDs
2018-11-10 13:27:58 -06:00
Linus Torvalds
a1aa42f1d8 A small set of fixes for clk drivers. One to fix a DT refcount
imbalance, two to mark some Amlogic clks as critical, and one final
 one that fixes a clk name for the Qualcomm driver merged this cycle.
 -----BEGIN PGP SIGNATURE-----
 
 iQJFBAABCAAvFiEE9L57QeeUxqYDyoaDrQKIl8bklSUFAlvmB2gRHHNib3lkQGtl
 cm5lbC5vcmcACgkQrQKIl8bklSWI5w//ZvHmJYTxdIecDxjCQU2NUH22iB11K1Za
 gp3Uo58DatYZzu7ASpitFDhOpxxifAtG/QVlxzJ9CNKrCz1JqDRAr/1MwZpClqRX
 903d+pvyzpioG1KB5ODtiOTIH2l4q9Bqs+E7gy0XDKHqD0IXXReCBND9vEY5pNQc
 Ao5GNPqAwNgLGlqQ4B/21dIgmVxOL3HLSYtr2n0mcQKgMP8ppWm4Nfz1R1dMqFgO
 NRSSrAWrkOfarhknlm/SITdBQaRO3ZSJ4+ELqazG/usUMM7UfprEUlTs3Pvd+hER
 O6w8Kyn2WAKFSNE36lRbRZG1LXsYnukUkDRAbei1UTuliIq7EZQL1NbBYoUXDPmA
 5WMkV4ypFEeukeeo+FB4sYwmhPb+lZ4abw9AUnT00RmMzuIQjeaw0dngVc5HbDJu
 /K4M0Xi1ArTJNDQQPTdiXazc2XcICY8MwU8RsD8nlE8fsec0g7ofCNYPgZsVMjkn
 /1OjijaoOziNAzr5VxRVNPf/cs4HpjdIFZ7mC0S5qpFj8E0f9PdUW5wLsW8GeWO/
 Plf5YxzJQCSNfzKeJbMsbBKK1vnXZvkt1rvT0EWKqti4sj83wdzFFy+bE56H9jxR
 KE7y0dUFFWY8vBjoebYuFjJclJerypy3Ir1nYOdrryXW2PrdzjREdEEcwfRRuGYm
 YYGlFxGelGI=
 =YaeV
 -----END PGP SIGNATURE-----

Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux

Pull clk fixes from Stephen Boyd:
 "A small set of fixes for clk drivers.

  One to fix a DT refcount imbalance, two to mark some Amlogic clks as
  critical, and one final one that fixes a clk name for the Qualcomm
  driver merged this cycle"

* tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux:
  clk: qcom: gcc: Fix board clock node name
  clk: meson: axg: mark fdiv2 and fdiv3 as critical
  clk: meson-gxbb: set fclk_div3 as CLK_IS_CRITICAL
  clk: fixed-factor: fix of_node_get-put imbalance
2018-11-10 13:25:55 -06:00
Dave Airlie
73b6f96cbc Merge branch 'drm-fixes-4.20' of git://people.freedesktop.org/~agd5f/linux into drm-fixes
Fixes for 4.20:
- DC MST fixes
- DC FBC fix
- Vega20 updates to support the latest vbios
- KFD type fixes for ioctl headers

Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Alex Deucher <alexdeucher@gmail.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20181108035551.2904-1-alexander.deucher@amd.com
2018-11-11 04:23:02 +10:00
Dave Airlie
d10cf6da31 - sun4i: tcon->panel NULL deref protections (Giulio)
Cc: Giulio Benetti <giulio.benetti@micronovasrl.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEEfxcpfMSgdnQMs+QqlvcN/ahKBwoFAlvjTQkACgkQlvcN/ahK
 BwpL+wf+ITKd7UR4xKsmAOaq5quKIAFgJQ6A/TSYo/v/B+rK8e+VwgCX7ZBNvZpW
 XEFH16UP3k7Rp6IdA+2fLuzanMUabsM2tW9oLXBPdptkuCIw7/gKB6SmIEnAmX5/
 GcidGEPQ2V+uYaPZ+KL7U/ETwIBPyznAMmQrcDKfxpXDp6A2g1J62lP6FWUhJVbM
 LfD5vTgCwXAUoMJVnZ0miBaf0d2nyUH2YwzDhQtc2+NPZ5W6wDpUEcqDL5fFMYXG
 6i+jLpaSWC2R9VmlHRKosojUrhDMvjvN5kC0TWF0HHrU8CAsmvfL7Zg4M/S98PU3
 +VNiySPHCV+akUfVrDHBKKe92XD+WQ==
 =S8SA
 -----END PGP SIGNATURE-----

Merge tag 'drm-misc-fixes-2018-11-07' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes

- sun4i: tcon->panel NULL deref protections (Giulio)

Cc: Giulio Benetti <giulio.benetti@micronovasrl.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Sean Paul <sean@poorly.run>
Link: https://patchwork.freedesktop.org/patch/msgid/20181107205051.GA27823@art_vandelay
2018-11-11 04:20:01 +10:00
Dave Airlie
7d588f90fb Merge tag 'drm-intel-fixes-2018-11-08' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes
Bugzilla #108282 fixed: Avoid graphics corruption on 32-bit systems for Mesa 18.2.x
Avoid OOPS on LPE audio deinit. Remove two unused W/As.
Fix to correct HDMI 2.0 audio clock modes to spec.

Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20181108134508.GA28466@jlahtine-desk.ger.corp.intel.com
2018-11-11 04:14:23 +10:00
Jakub Kicinski
63c82997f5 net: sched: cls_flower: validate nested enc_opts_policy to avoid warning
TCA_FLOWER_KEY_ENC_OPTS and TCA_FLOWER_KEY_ENC_OPTS_MASK can only
currently contain further nested attributes, which are parsed by
hand, so the policy is never actually used resulting in a W=1
build warning:

net/sched/cls_flower.c:492:1: warning: ‘enc_opts_policy’ defined but not used [-Wunused-const-variable=]
 enc_opts_policy[TCA_FLOWER_KEY_ENC_OPTS_MAX + 1] = {

Add the validation anyway to avoid potential bugs when other
attributes are added and to make the attribute structure slightly
more clear.  Validation will also set extact to point to bad
attribute on error.

Fixes: 0a6e77784f ("net/sched: allow flower to match tunnel options")
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Acked-by: Simon Horman <simon.horman@netronome.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-11-10 09:55:30 -08:00
Linus Torvalds
ab6e1f378f xen: fixes for 4.20-rc2
-----BEGIN PGP SIGNATURE-----
 
 iHUEABYIAB0WIQRTLbB6QfY48x44uB6AXGG7T9hjvgUCW+bgfAAKCRCAXGG7T9hj
 vuvvAQDWkWKWrvi6D71g6JV37aDAgv5QlyTnk9HbWKSFtzv1mgEAotDbEMnRuDE/
 CKFo+1J1Lgc8qczbX36X6bXR5TEh9gw=
 =n7Iq
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-4.20a-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip

Pull xen fixes from Juergen Gross:
 "Several fixes, mostly for rather recent regressions when running under
  Xen"

* tag 'for-linus-4.20a-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
  xen: remove size limit of privcmd-buf mapping interface
  xen: fix xen_qlock_wait()
  x86/xen: fix pv boot
  xen-blkfront: fix kernel panic with negotiate_mq error path
  xen/grant-table: Fix incorrect gnttab_dma_free_pages() pr_debug message
  CONFIG_XEN_PV breaks xen_create_contiguous_region on ARM
2018-11-10 08:58:48 -06:00
Linus Torvalds
35c55685fc arm64 fixes:
- Fix occasional page fault during boot due to memblock resizing before
   the linear map is up.
 
 - Define NET_IP_ALIGN to 0 to improve the DMA performance on some
   platforms.
 
 - lib/raid6 test build fix.
 
 - .mailmap update for Punit Agrawal
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEE5RElWfyWxS+3PLO2a9axLQDIXvEFAlvmw/AACgkQa9axLQDI
 XvG7YRAAn1iX/YfMP6m7+QArUXMc5zTmE+/K7hf7CZacFfG5kI1VI2fyUwVk1xk5
 s88IjBHGFfNppZmwLKaKML7bBfS9EzzfmX6idcxCyozXTcz/KUR6PkIjp6uUwqU9
 oRmSm0M4Uh/a6YUJWa5BO2xPdgKxucCZE0nWz1XXlVE3pt/emGsAci2upVN++75z
 37EHSsSF/TdaWC5+/7f9L/nCglXCbP5BRuo+6vuiEzYR510k9ve6RYQnrHvu48Xy
 r2vJD2LNfxGKVFvu6UFZ27LoFlOhS+/TxEZIghnwOnI1ktVXWL949B3WCnQMCU+X
 NEH8Ev2mErKtTo2YZB+4p6+wXrzj34FDu/jR5/7QclkHhquNOGejolU8MXKOI4dE
 osgfok/4w/e3n4eb/UzlLMZQTON6dae7eR1MZko7uWkRazWx/ndfr3SOxGQVQvbe
 nbobDejzpEKkoIF1UttGNLnfiUpp5nwpnymxrxQ8nXJlpS6jqdhxY5A0PIBuaozE
 wGXPbnWFkn1jAG9ey5PPI9wtkbP2JnIqKU4kuFvGt+lhsegHRt2d/8PyZQVZFye9
 2dg63mf5ApIKgsR81ZhCBP2MFpT3d69srJkA1egfPIWtFFd1cb13xpD1d0ej/siM
 VnauOm4jWs3wb8mQcW5MBATbk7lsBd7748AqVYY72PfR6lRO+Lk=
 =mF/U
 -----END PGP SIGNATURE-----

Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux

Pull arm64 fixes from Catalin Marinas:

 - Fix occasional page fault during boot due to memblock resizing before
   the linear map is up.

 - Define NET_IP_ALIGN to 0 to improve the DMA performance on some
   platforms.

 - lib/raid6 test build fix.

 - .mailmap update for Punit Agrawal

* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
  arm64: memblock: don't permit memblock resizing until linear mapping is up
  arm64: mm: define NET_IP_ALIGN to 0
  lib/raid6: Fix arm64 test build
  mailmap: Update email for Punit Agrawal
2018-11-10 07:07:21 -06:00
Linus Torvalds
d5335b3dfc Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux
Pull i2c updates from Wolfram Sang:
 "I2C has one bugfix (qcom-geni driver), one arch enablement (i2c-omap
  driver, no code change), and a new driver (nvidia-gpu) this time"

* 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
  usb: typec: ucsi: add support for Cypress CCGx
  i2c: nvidia-gpu: make pm_ops static
  i2c: add i2c bus driver for NVIDIA GPU
  i2c: qcom-geni: Fix runtime PM mismatch with child devices
  MAINTAINERS: Add entry for i2c-omap driver
  i2c: omap: Enable for ARCH_K3
  dt-bindings: i2c: omap: Add new compatible for AM654 SoCs
2018-11-10 06:57:34 -06:00
Alexandre Belloni
fbd1d52453 net: mvneta: correct typo
The reserved variable should be named reserved1.

Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-11-09 20:10:13 -08:00
배석진
62230715fd flow_dissector: do not dissect l4 ports for fragments
Only first fragment has the sport/dport information,
not the following ones.

If we want consistent hash for all fragments, we need to
ignore ports even for first fragment.

This bug is visible for IPv6 traffic, if incoming fragments
do not have a flow label, since skb_get_hash() will give
different results for first fragment and following ones.

It is also visible if any routing rule wants dissection
and sport or dport.

See commit 5e5d6fed37 ("ipv6: route: dissect flow
in input path if fib rules need it") for details.

[edumazet] rewrote the changelog completely.

Fixes: 06635a35d1 ("flow_dissect: use programable dissector in skb_flow_dissect and friends")
Signed-off-by: 배석진 <soukjin.bae@samsung.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-11-09 20:01:21 -08:00
Subash Abhinov Kasiviswanathan
d02854dc19 net: qualcomm: rmnet: Fix incorrect assignment of real_dev
A null dereference was observed when a sysctl was being set
from userspace and rmnet was stuck trying to complete some actions
in the NETDEV_REGISTER callback. This is because the real_dev is set
only after the device registration handler completes.

sysctl call stack -

<6> Unable to handle kernel NULL pointer dereference at
    virtual address 00000108
<2> pc : rmnet_vnd_get_iflink+0x1c/0x28
<2> lr : dev_get_iflink+0x2c/0x40
<2>  rmnet_vnd_get_iflink+0x1c/0x28
<2>  inet6_fill_ifinfo+0x15c/0x234
<2>  inet6_ifinfo_notify+0x68/0xd4
<2>  ndisc_ifinfo_sysctl_change+0x1b8/0x234
<2>  proc_sys_call_handler+0xac/0x100
<2>  proc_sys_write+0x3c/0x4c
<2>  __vfs_write+0x54/0x14c
<2>  vfs_write+0xcc/0x188
<2>  SyS_write+0x60/0xc0
<2>  el0_svc_naked+0x34/0x38

device register call stack -

<2>  notifier_call_chain+0x84/0xbc
<2>  raw_notifier_call_chain+0x38/0x48
<2>  call_netdevice_notifiers_info+0x40/0x70
<2>  call_netdevice_notifiers+0x38/0x60
<2>  register_netdevice+0x29c/0x3d8
<2>  rmnet_vnd_newlink+0x68/0xe8
<2>  rmnet_newlink+0xa0/0x160
<2>  rtnl_newlink+0x57c/0x6c8
<2>  rtnetlink_rcv_msg+0x1dc/0x328
<2>  netlink_rcv_skb+0xac/0x118
<2>  rtnetlink_rcv+0x24/0x30
<2>  netlink_unicast+0x158/0x1f0
<2>  netlink_sendmsg+0x32c/0x338
<2>  sock_sendmsg+0x44/0x60
<2>  SyS_sendto+0x150/0x1ac
<2>  el0_svc_naked+0x34/0x38

Fixes: b752eff5be ("net: qualcomm: rmnet: Implement ndo_get_iflink")
Signed-off-by: Sean Tranchetti <stranche@codeaurora.org>
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-11-09 19:45:48 -08:00
David S. Miller
dd63c3e02b Merge branch 'aquantia-fixes'
Igor Russkikh says:

====================
net: aquantia: 2018-11 bugfixes

The patchset fixes a number of bugs found in various areas after
driver validation.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2018-11-09 15:38:11 -08:00
Dmitry Bogdanov
bbb67a44ba net: aquantia: allow rx checksum offload configuration
RX Checksum offloads could not be configured and ignored netdev features
flag for checksumming.

Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
Signed-off-by: Dmitry Bogdanov <dmitry.bogdanov@aquantia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-11-09 15:38:10 -08:00
Dmitry Bogdanov
ad703c2b91 net: aquantia: invalid checksumm offload implementation
Packets with marked invalid IP/UDP/TCP checksums were considered as good
by the driver. The error was in a logic, processing offload bits in
RX descriptor.

Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
Signed-off-by: Dmitry Bogdanov <dmitry.bogdanov@aquantia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-11-09 15:38:10 -08:00
Igor Russkikh
bfaa9f8553 net: aquantia: fixed enable unicast on 32 macvlan
Fixed a condition mistake due to which macvlans unicast
item number 32 was not added in the unicast filter.

The consequence is that when exactly 32 macvlans are created
on NIC, the last created macvlan receives no traffic because
its MAC was not registered in HW.

Fixes: 94b3b54230 ("net: aquantia: vlan unicast address list correct handling")
Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
Tested-by: Nikita Danilov <nikita.danilov@aquantia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-11-09 15:38:10 -08:00
Dmitry Bogdanov
7a1bb49461 net: aquantia: fix potential IOMMU fault after driver unbind
IOMMU fault may occurr on unbind/bind or if_down/if_up sequence.

Although driver disables the rings on down, this is not enough.
Due to internal HW design, during subsequent initialization
NIC sometimes may reuse RX descriptors cache and write to the
host memory from the descriptor cache.
That's get catched by IOMMU on host.

This patch invalidates the descriptor cache in NIC on interface down
to prevent writing to the cached descriptors and to the memory pointed
in those descriptors.

Signed-off-by: Dmitry Bogdanov <dmitry.bogdanov@aquantia.com>
Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-11-09 15:38:10 -08:00