Commit Graph

738154 Commits

Author SHA1 Message Date
Linus Torvalds
a638af00b2 USB fixes for 4.16-rc3
Here are a number of USB fixes for 4.16-rc3
 
 Nothing major, but a number of different fixes all over the place in the
 USB stack for reported issues.  Mostly gadget driver fixes, although the
 typical set of xhci bugfixes are there, along with some new quirks
 additions as well.
 
 All of these have been in linux-next for a while with no reported
 issues.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCWo613g8cZ3JlZ0Brcm9h
 aC5jb20ACgkQMUfUDdst+ymS1QCcCDbBPEJQAKF64SyHWZfebeFIBpMAnR9vku/h
 1YXAXpcAJE5lGVVva3+I
 =57Qr
 -----END PGP SIGNATURE-----

Merge tag 'usb-4.16-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb

Pull USB fixes from Greg KH:
 "Here are a number of USB fixes for 4.16-rc3

  Nothing major, but a number of different fixes all over the place in
  the USB stack for reported issues. Mostly gadget driver fixes,
  although the typical set of xhci bugfixes are there, along with some
  new quirks additions as well.

  All of these have been in linux-next for a while with no reported
  issues"

* tag 'usb-4.16-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (39 commits)
  Revert "usb: musb: host: don't start next rx urb if current one failed"
  usb: musb: fix enumeration after resume
  usb: cdc_acm: prevent race at write to acm while system resumes
  Add delay-init quirk for Corsair K70 RGB keyboards
  usb: ohci: Proper handling of ed_rm_list to handle race condition between usb_kill_urb() and finish_unlinks()
  usb: host: ehci: always enable interrupt for qtd completion at test mode
  usb: ldusb: add PIDs for new CASSY devices supported by this driver
  usb: renesas_usbhs: missed the "running" flag in usb_dmac with rx path
  usb: host: ehci: use correct device pointer for dma ops
  usbip: keep usbip_device sockfd state in sync with tcp_socket
  ohci-hcd: Fix race condition caused by ohci_urb_enqueue() and io_watchdog_func()
  USB: serial: option: Add support for Quectel EP06
  xhci: fix xhci debugfs errors in xhci_stop
  xhci: xhci debugfs device nodes weren't removed after device plugged out
  xhci: Fix xhci debugfs devices node disappearance after hibernation
  xhci: Fix NULL pointer in xhci debugfs
  xhci: Don't print a warning when setting link state for disabled ports
  xhci: workaround for AMD Promontory disabled ports wakeup
  usb: dwc3: core: Fix ULPI PHYs and prevent phy_get/ulpi_init during suspend/resume
  USB: gadget: udc: Add missing platform_device_put() on error in bdc_pci_probe()
  ...
2018-02-22 12:13:01 -08:00
Linus Torvalds
77f892eb46 Staging/IIO fixes for 4.16-rc2
Here are a small number of staging and iio driver fixes for 4.16-rc2.
 
 The IIO fixes are all for reported things, and the android driver fixes
 also resolve some reported problems.  The remaining fsl-mc Kconfig
 change resolves a build testing error that Arnd reported.
 
 All of these have been in linux-next with no reported issues.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCWo62hg8cZ3JlZ0Brcm9h
 aC5jb20ACgkQMUfUDdst+ymTsgCg0xEZDChQWSypqA7mw6/0c18iitkAoIyAtoST
 4I0CZwJ/rXtSpmZds8MT
 =Repf
 -----END PGP SIGNATURE-----

Merge tag 'staging-4.16-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging

Pull staging/IIO fixes from Greg KH:
 "Here are a small number of staging and iio driver fixes for 4.16-rc2.

  The IIO fixes are all for reported things, and the android driver
  fixes also resolve some reported problems. The remaining fsl-mc
  Kconfig change resolves a build testing error that Arnd reported.

  All of these have been in linux-next with no reported issues"

* tag 'staging-4.16-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
  iio: buffer: check if a buffer has been set up when poll is called
  iio: adis_lib: Initialize trigger before requesting interrupt
  staging: android: ion: Zero CMA allocated memory
  staging: android: ashmem: Fix a race condition in pin ioctls
  staging: fsl-mc: fix build testing on x86
  iio: srf08: fix link error "devm_iio_triggered_buffer_setup" undefined
  staging: iio: ad5933: switch buffer mode to software
  iio: adc: stm32: fix stm32h7_adc_enable error handling
  staging: iio: adc: ad7192: fix external frequency setting
  iio: adc: aspeed: Fix error handling path
2018-02-22 12:05:43 -08:00
Linus Torvalds
bb17186a3e Char/Misc driver fixes for 4.16-rc3
Here are a handful of char/misc driver fixes for 4.16-rc3.
 
 There are some binder driver fixes to resolve reported issues in stress
 testing the recent binder changes, some extcon driver fixes, and a few
 mei driver fixes and new device ids.
 
 All of these, with the exception of the mei driver id additions, have
 been in linux-next for a while.  I forgot to push out the mei driver id
 additions to kernel.org until today, but all build tests pass with them
 enabled.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCWo63OQ8cZ3JlZ0Brcm9h
 aC5jb20ACgkQMUfUDdst+ylNygCgmvSzSnwD+dBDgsUcb6Nx58RakBIAn29Yswd5
 8v3OEfreuIQwpXjzTtF1
 =5NBI
 -----END PGP SIGNATURE-----

Merge tag 'char-misc-4.16-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc

Pull char/misc driver fixes from Greg KH:
 "Here are a handful of char/misc driver fixes for 4.16-rc3.

  There are some binder driver fixes to resolve reported issues in
  stress testing the recent binder changes, some extcon driver fixes,
  and a few mei driver fixes and new device ids.

  All of these, with the exception of the mei driver id additions, have
  been in linux-next for a while. I forgot to push out the mei driver id
  additions to kernel.org until today, but all build tests pass with
  them enabled"

* tag 'char-misc-4.16-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
  mei: me: add cannon point device ids for 4th device
  mei: me: add cannon point device ids
  mei: set device client to the disconnected state upon suspend.
  ANDROID: binder: synchronize_rcu() when using POLLFREE.
  binder: replace "%p" with "%pK"
  ANDROID: binder: remove WARN() for redundant txn error
  binder: check for binder_thread allocation failure in binder_poll()
  extcon: int3496: process id-pin first so that we start with the right status
  Revert "extcon: axp288: Redo charger type detection a couple of seconds after probe()"
  extcon: axp288: Constify the axp288_pwr_up_down_info array
2018-02-22 12:04:05 -08:00
Johannes Berg
657308f73e regulatory: add NUL to request alpha2
Similar to the ancient commit a5fe8e7695 ("regulatory: add NUL
to alpha2"), add another byte to alpha2 in the request struct so
that when we use nla_put_string(), we don't overrun anything.

Fixes: 73d54c9e74 ("cfg80211: add regulatory netlink multicast group")
Reported-by: Kees Cook <keescook@google.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2018-02-22 20:57:48 +01:00
Linus Torvalds
004e390d81 First pull request for the 4.16 rc cycle
- Lots of fixes for the new IOCTL interface and general uverbs flow.
   Found through testing and syzkaller
 - Bugfixes for the new resource track netlink reporting
 - Remove some unneeded WARN_ONs that were triggering for some users in IPoIB
 - Various fixes for the bnxt_re driver
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJajcKaAAoJELgmozMOVy/dD7IP/AiIZm8Inop73694/2fVDkKN
 UqfGLPqJ5MVgjfDFfurYlBxIMuI2zF0OTWXx1GcEO16Pj9pzGsKV+5qqpnOgTgsZ
 zXsJhzsrScZGd5IHW+a+kKeLZpJK+ViYRgbYmYaPRI/9FuqfzZkwloAR3jKh1S4q
 Y15pbyVW0zW/xekZQykvnySmowwGO3s8IC1453cHW+mwWwMaDoj0B5rwH4HB4eZR
 oOC/FZRrgBAzh8VLKO3NFgrx1DLHnUkS3za1HcGDBbM3Va0iOFWG3SD1mxxd8UET
 188gWK268TgzDdMsCAuUdz2Vp3rRr7EziyQKopikCSvRV0IQrfK6LdN4erh8yysQ
 bPiHjuUD++IfSupk3PoagYH5GbNv1ip4uR4Rl/QD3lezH6UMKC2Npv7Ucqfvwioa
 tL2nkpDHd/fktvrhfsGuNYzKhtCIwlsINvjEM7sydZDYOpxNmEu/R3imQdfiLH4Z
 38BmlIQoX1wFpyOuUnqVjaI3EapVSFjCKlDralO0gVpcDYj4yM88K7rA0cSnlAfC
 8xOmXti3zatrH02LFFUugujGspEn771QtHqW/gd6XjWZwajacbP0i/tB5rnIAxlP
 nNLbNsABcFy745SPkoDG1OymCsvhHk+lkTobEdGjgzPVE2ipOoq1VHG1KlJRF4is
 GO0m3JHr9YdLlAwsu+PS
 =Fir8
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma

Pull rdma fixes from Doug Ledford:
 "Nothing in this is overly interesting, it's mostly your garden variety
  fixes.

  There was some work in this merge cycle around the new ioctl kABI, so
  there are fixes in here related to that (probably with more to come).

  We've also recently added new netlink support with a goal of moving
  the primary means of configuring the entire subsystem to netlink
  (eventually, this is a long term project), so there are fixes for
  that.

  Then a few bnxt_re driver fixes, and a few minor WARN_ON removals, and
  that covers this pull request. There are already a few more fixes on
  the list as of this morning, so there will certainly be more to come
  in this rc cycle ;-)

  Summary:

   - Lots of fixes for the new IOCTL interface and general uverbs flow.
     Found through testing and syzkaller

   - Bugfixes for the new resource track netlink reporting

   - Remove some unneeded WARN_ONs that were triggering for some users
     in IPoIB

   - Various fixes for the bnxt_re driver"

* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma: (27 commits)
  RDMA/uverbs: Fix kernel panic while using XRC_TGT QP type
  RDMA/bnxt_re: Avoid system hang during device un-reg
  RDMA/bnxt_re: Fix system crash during load/unload
  RDMA/bnxt_re: Synchronize destroy_qp with poll_cq
  RDMA/bnxt_re: Unpin SQ and RQ memory if QP create fails
  RDMA/bnxt_re: Disable atomic capability on bnxt_re adapters
  RDMA/restrack: don't use uaccess_kernel()
  RDMA/verbs: Check existence of function prior to accessing it
  RDMA/vmw_pvrdma: Fix usage of user response structures in ABI file
  RDMA/uverbs: Sanitize user entered port numbers prior to access it
  RDMA/uverbs: Fix circular locking dependency
  RDMA/uverbs: Fix bad unlock balance in ib_uverbs_close_xrcd
  RDMA/restrack: Increment CQ restrack object before committing
  RDMA/uverbs: Protect from command mask overflow
  IB/uverbs: Fix unbalanced unlock on error path for rdma_explicit_destroy
  IB/uverbs: Improve lockdep_check
  RDMA/uverbs: Protect from races between lookup and destroy of uobjects
  IB/uverbs: Hold the uobj write lock after allocate
  IB/uverbs: Fix possible oops with duplicate ioctl attributes
  IB/uverbs: Add ioctl support for 32bit processes
  ...
2018-02-22 11:57:39 -08:00
Linus Torvalds
24180a6008 RISC-V: Cleanups for 4.16-rc3
This pull request contains a handful of small cleanups.  The only
 functional change is that IRQs are now enabled during exception
 handling, which was found when some warnings triggered with
 `CONFIG_DEBUG_ATOMIC_SLEEP=y`.  The remaining fixes should have no
 functional change: `sbi_save()` has been renamed to `parse_dtb()`
 reflect what it actually does, and a handful of unused Kconfig entries
 have been removed.
 
 This is based on rc1 as a break to my usual flow, as it appears I missed
 rc2 over the holiday.  I've merged master as of Wednesday morning,
 af3e79d295 ("Merge tag 'leds_for-4.16-rc3' of
 git://git.kernel.org/pub/scm/linux/kernel/git/j.anaszewski/linux-leds")
 without any conflicts and I've given it a simple build test.  If this
 isn't OK then feel free to drop the patch set and I'll send another
 against rc3 for rc4.
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCAAxFiEEAM520YNJYN/OiG3470yhUCzLq0EFAlqNnPYTHHBhbG1lckBk
 YWJiZWx0LmNvbQAKCRDvTKFQLMurQdslD/48VsB5shoMy2hzs7N0myJ0869zB9w4
 C+7A+vgJQCutDbzZVRLCWhRLqZ3bL51ids1cnDtOMISYqHctuIW7xGOtoJELm1qc
 78KXyhr6UvIFqPHyVGWOygW52dzDdrL7HKkDvy+TWk11yWIDZpgqVSVWJPZrvTm2
 qK5IU2NpFVeH8pKkq7G4hZuWRJh2XlPefH7pOh1NYIDK90UShUOK1BmIahraq7Jb
 wIlR6Xxet2BoxjG5wHhSG9JOYJCsgEeoEb6D0fJJz4JIBXHySLUWb3ZfwGstLY2m
 AGO485E+EU0YL6E5AhPrenCzX4xyJlOTb7spAFAqTEkKyytwdM27A+Yv95wo47NZ
 FtlsIRyQsiU6+XWCTvZP53ARQB8J92Pyw1KyDBf8WCl47BJOKwlCBNOvKNDLXtKK
 E9h8FuXsBHGeay/+QQCWvwr7uqT2Z4Q33MYBKlmRVAQlEGj10WywVqai4Kk5Tz3f
 tmvhHxtbA3Fuu4OACM8xZ4m/vDj+pGLkKw91v9XHF8hcBB5x/fkVRt+GHmg5EsKN
 n9f936OpvT8RoBAvCNrtK7zXNWemwKmzkAH0GOdTpkW2fSSokTT9Gnyb66pvrIPL
 TH0SqKOMQ8vQMMm/W0nxuqxaF99qvxoy2bTqa2ojT/NUZQqXz42WxSfhoeRJFTvF
 UdElhd88BBwcoA==
 =9zYf
 -----END PGP SIGNATURE-----

Merge tag 'riscv-for-linus-4.16-rc3-riscv_cleanups' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux

Pull RISC-V cleanups from Palmer Dabbelt:
 "This contains a handful of small cleanups.

  The only functional change is that IRQs are now enabled during
  exception handling, which was found when some warnings triggered with
  `CONFIG_DEBUG_ATOMIC_SLEEP=y`.

  The remaining fixes should have no functional change: `sbi_save()` has
  been renamed to `parse_dtb()` reflect what it actually does, and a
  handful of unused Kconfig entries have been removed"

* tag 'riscv-for-linus-4.16-rc3-riscv_cleanups' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux:
  Rename sbi_save to parse_dtb to improve code readability
  RISC-V: Enable IRQ during exception handling
  riscv: Remove ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE select
  riscv: kconfig: Remove RISCV_IRQ_INTC select
  riscv: Remove ARCH_WANT_OPTIONAL_GPIOLIB select
2018-02-22 11:53:17 -08:00
Thomas Falcon
a2c0f039bb ibmvnic: Fix early release of login buffer
The login buffer is released before the driver can perform
sanity checks between resources the driver requested and what
firmware will provide. Don't release the login buffer until
the sanity check is performed.

Fixes: 34f0f4e3f4 ("ibmvnic: Fix login buffer memory leaks")
Signed-off-by: Thomas Falcon <tlfalcon@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-02-22 14:45:42 -05:00
Finn Thain
83090e7d35 net/smc9194: Remove bogus CONFIG_MAC reference
AFAIK the only version of smc9194.c with Mac support is the one in the
linux-mac68k CVS repo, which never made it to the mainline.

Despite that, from v2.3.45, arch/m68k/config.in listed CONFIG_SMC9194
under CONFIG_MAC. This mistake got carried over into Kconfig in v2.5.55.
(See pre-git era "[PATCH] add m68k dependencies to net driver config".)

Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-02-22 14:44:37 -05:00
David Ahern
1fe4b1184c net: ipv4: Set addr_type in hash_keys for forwarded case
The result of the skb flow dissect is copied from keys to hash_keys to
ensure only the intended data is hashed. The original L4 hash patch
overlooked setting the addr_type for this case; add it.

Fixes: bf4e0a3db9 ("net: ipv4: add support for ECMP hash policy choice")
Reported-by: Ido Schimmel <idosch@idosch.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
Acked-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Reviewed-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-02-22 14:30:51 -05:00
Eric Dumazet
350c9f484b tcp_bbr: better deal with suboptimal GSO
BBR uses tcp_tso_autosize() in an attempt to probe what would be the
burst sizes and to adjust cwnd in bbr_target_cwnd() with following
gold formula :

/* Allow enough full-sized skbs in flight to utilize end systems. */
cwnd += 3 * bbr->tso_segs_goal;

But GSO can be lacking or be constrained to very small
units (ip link set dev ... gso_max_segs 2)

What we really want is to have enough packets in flight so that both
GSO and GRO are efficient.

So in the case GSO is off or downgraded, we still want to have the same
number of packets in flight as if GSO/TSO was fully operational, so
that GRO can hopefully be working efficiently.

To fix this issue, we make tcp_tso_autosize() unaware of
sk->sk_gso_max_segs

Only tcp_tso_segs() has to enforce the gso_max_segs limit.

Tested:

ethtool -K eth0 tso off gso off
tc qd replace dev eth0 root pfifo_fast

Before patch:
for f in {1..5}; do ./super_netperf 1 -H lpaa24 -- -K bbr; done
    691  (ss -temoi shows cwnd is stuck around 6 )
    667
    651
    631
    517

After patch :
# for f in {1..5}; do ./super_netperf 1 -H lpaa24 -- -K bbr; done
   1733 (ss -temoi shows cwnd is around 386 )
   1778
   1746
   1781
   1718

Fixes: 0f8782ea14 ("tcp_bbr: add BBR congestion control")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Oleksandr Natalenko <oleksandr@natalenko.name>
Acked-by: Neal Cardwell <ncardwell@google.com>
Acked-by: Soheil Hassas Yeganeh <soheil@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-02-22 14:15:23 -05:00
Eric Dumazet
88e80c6267 smsc75xx: fix smsc75xx_set_features()
If an attempt is made to disable RX checksums, USB adapter is changed
but netdev->features is not, because smsc75xx_set_features() returns a
non zero value.

This throws errors from netdev_rx_csum_fault() :
<devname>: hw csum failure

Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Steve Glendinning <steve.glendinning@shawell.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-02-22 14:05:15 -05:00
Jason A. Donenfeld
b87b6194be netlink: put module reference if dump start fails
Before, if cb->start() failed, the module reference would never be put,
because cb->cb_running is intentionally false at this point. Users are
generally annoyed by this because they can no longer unload modules that
leak references. Also, it may be possible to tediously wrap a reference
counter back to zero, especially since module.c still uses atomic_inc
instead of refcount_inc.

This patch expands the error path to simply call module_put if
cb->start() fails.

Fixes: 41c87425a1 ("netlink: do not set cb_running if dump's start() errs")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-02-22 14:01:38 -05:00
James Morris
645ae5c51e - Fix seccomp GET_METADATA to deal with field sizes correctly (Tycho Andersen)
- Add selftest to make sure GET_METADATA doesn't regress (Tycho Andersen)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 Comment: Kees Cook <kees@outflux.net>
 
 iQIcBAABCgAGBQJajhgGAAoJEIly9N/cbcAmG0QP/As52uMMTdLcCNFLrBB3CoKY
 OZOhxpP3TdZ7sBvEnSJKSCLiT5gfyUkMOm+q8us6SbjFyelmcbliZ8n25tSMis8A
 QkLBAlOx/goSZyKuv4Cp2uLcq51g8G5uI4vXyHtic6rsxT7qhyQgs+ByMEhXBOj/
 T2+b6UJiENNw58FhrPnnDBLj5enzsxJx2zbZeuz82WsWGaJr6yWI8VoLWz3i0JAK
 mr4tQXkjn6J9hHmfDHs/aTwx8wFUVETs/F5gmTcRwVo/fA4/sD7csKmpIH/pGi4h
 uOJuwnjAq5rDhWzTu96hbSLglSwZ6ONJiS+3c1lOL86q7ZDOwzZxU7ltSc2wVsF0
 j5sKD6vVVS/bJkdoNIWDvETxNc2eRY2UQPTdiCsPCYkxLRwerGu+nmeiYxBmbo86
 fJc65Opcy8srEG68qTUYxI36A2TqhLocqwcPBL/NLdI0EjZevvXMbuu+ymOZPcRN
 suvyfNzi7feDuifpDLE5NfLTTdtcMF0XwiRPQtDyLonFcG+lDCA5umEcZysg5mI3
 pEl9BFbGdz83rdLCIj5LZ3P6OZZQG2oCxigKm7V7/X9VpHv6/5KOBpwXoVWllLc+
 h3K+1weJ9PgRBMEI4oT7CaZRRHZwst1BbY/ZFfCVibOX3eiNSTWgWkTV1cECmNPG
 K0yqDL0171z3vTjCSpSR
 =JPlU
 -----END PGP SIGNATURE-----

Merge tag 'seccomp-v4.16-rc3' of https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux into fixes-v4.16-rc3

- Fix seccomp GET_METADATA to deal with field sizes correctly (Tycho Andersen)
- Add selftest to make sure GET_METADATA doesn't regress (Tycho Andersen)
2018-02-22 10:50:24 -08:00
Linus Torvalds
238ca35707 Merge branch 'akpm' (patches from Andrew)
Merge misc fixes from Andrew Morton:
 "16 fixes"

* emailed patches from Andrew Morton <akpm@linux-foundation.org>:
  mm: don't defer struct page initialization for Xen pv guests
  lib/Kconfig.debug: enable RUNTIME_TESTING_MENU
  vmalloc: fix __GFP_HIGHMEM usage for vmalloc_32 on 32b systems
  selftests/memfd: add run_fuse_test.sh to TEST_FILES
  bug.h: work around GCC PR82365 in BUG()
  mm/swap.c: make functions and their kernel-doc agree (again)
  mm/zpool.c: zpool_evictable: fix mismatch in parameter name and kernel-doc
  ida: do zeroing in ida_pre_get()
  mm, swap, frontswap: fix THP swap if frontswap enabled
  certs/blacklist_nohashes.c: fix const confusion in certs blacklist
  kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE
  mm, mlock, vmscan: no more skipping pagevecs
  mm: memcontrol: fix NR_WRITEBACK leak in memcg and system stats
  Kbuild: always define endianess in kconfig.h
  include/linux/sched/mm.h: re-inline mmdrop()
  tools: fix cross-compile var clobbering
2018-02-22 10:45:46 -08:00
Luck, Tony
bef3efbeb8 efivarfs: Limit the rate for non-root to read files
Each read from a file in efivarfs results in two calls to EFI
(one to get the file size, another to get the actual data).

On X86 these EFI calls result in broadcast system management
interrupts (SMI) which affect performance of the whole system.
A malicious user can loop performing reads from efivarfs bringing
the system to its knees.

Linus suggested per-user rate limit to solve this.

So we add a ratelimit structure to "user_struct" and initialize
it for the root user for no limit. When allocating user_struct for
other users we set the limit to 100 per second. This could be used
for other places that want to limit the rate of some detrimental
user action.

In efivarfs if the limit is exceeded when reading, we take an
interruptible nap for 50ms and check the rate limit again.

Signed-off-by: Tony Luck <tony.luck@intel.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-02-22 10:21:02 -08:00
Kees Cook
28128c61e0 kconfig.h: Include compiler types to avoid missed struct attributes
The header files for some structures could get included in such a way
that struct attributes (specifically __randomize_layout from path.h) would
be parsed as variable names instead of attributes. This could lead to
some instances of a structure being unrandomized, causing nasty GPFs, etc.

This patch makes sure the compiler_types.h header is included in
kconfig.h so that we've always got types and struct attributes defined,
since kconfig.h is included from the compiler command line.

Reported-by: Patrick McLean <chutzpah@gentoo.org>
Root-caused-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Tested-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Fixes: 3859a271a0 ("randstruct: Mark various structs for randomization")
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-02-22 09:43:47 -08:00
Michal Hocko
6275ecbcd3 samples/seccomp: do not compile when cross compiled
samples/seccomp relies on the host setting which is not suitable for
crosscompilation and it actually fails when crosscompiling s390 and
powerpc all{yes,mod}config on x86_64 with

samples/seccomp/bpf-helper.h:135:2: error: #error __BITS_PER_LONG value unusable.
 #error __BITS_PER_LONG value unusable.
  ^
In file included from samples/seccomp/bpf-fancy.c:13:0:
samples/seccomp/bpf-fancy.c: In function ‘main’:
samples/seccomp/bpf-fancy.c:38:11: error: ‘__NR_exit’ undeclared (first use in this function)
   SYSCALL(__NR_exit, ALLOW),

and many others. I am doing these for compile testing and it's been
quite useful to catch issues. Crosscompiling sample code on the other
hand doesn't seem all that important so it seems like the easiest way to
simply disable samples/seccomp when crosscompiling.

Fixing this properly is not that easy as Kees explains:
: IIRC, one of the problems is with build ordering problems: the kernel
: headers used by the samples aren't available when cross compiling.

Signed-off-by: Michal Hocko <mhocko@suse.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
2018-02-22 09:31:43 -08:00
Colin Ian King
1b72040645 NFS: make struct nlmclnt_fl_close_lock_ops static
The structure nlmclnt_fl_close_lock_ops s local to the source and does
not need to be in global scope, so make it static.

Cleans up sparse warning:
fs/nfs/nfs3proc.c:876:33: warning: symbol 'nlmclnt_fl_close_lock_ops' was not
declared. Should it be static?

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
2018-02-22 12:23:01 -05:00
Bill.Baker@oracle.com
ad86f605c5 nfs: system crashes after NFS4ERR_MOVED recovery
nfs4_update_server unconditionally releases the nfs_client for the
source server. If migration fails, this can cause the source server's
nfs_client struct to be left with a low reference count, resulting in
use-after-free.  Also, adjust reference count handling for ELOOP.

NFS: state manager: migration failed on NFSv4 server nfsvmu10 with error 6
WARNING: CPU: 16 PID: 17960 at fs/nfs/client.c:281 nfs_put_client+0xfa/0x110 [nfs]()
	nfs_put_client+0xfa/0x110 [nfs]
	nfs4_run_state_manager+0x30/0x40 [nfsv4]
	kthread+0xd8/0xf0

BUG: unable to handle kernel NULL pointer dereference at 00000000000002a8
	nfs4_xdr_enc_write+0x6b/0x160 [nfsv4]
	rpcauth_wrap_req+0xac/0xf0 [sunrpc]
	call_transmit+0x18c/0x2c0 [sunrpc]
	__rpc_execute+0xa6/0x490 [sunrpc]
	rpc_async_schedule+0x15/0x20 [sunrpc]
	process_one_work+0x160/0x470
	worker_thread+0x112/0x540
	? rescuer_thread+0x3f0/0x3f0
	kthread+0xd8/0xf0

This bug was introduced by 32e62b7c ("NFS: Add nfs4_update_server"),
but the fix applies cleanly to 52442f9b ("NFS4: Avoid migration loops")

Reported-by: Helen Chao <helen.chao@oracle.com>
Fixes: 52442f9b11 ("NFS4: Avoid migration loops")
Signed-off-by: Bill Baker <bill.baker@oracle.com>
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
2018-02-22 12:17:42 -05:00
H.J. Lu
b21ebf2fb4 x86: Treat R_X86_64_PLT32 as R_X86_64_PC32
On i386, there are 2 types of PLTs, PIC and non-PIC.  PIE and shared
objects must use PIC PLT.  To use PIC PLT, you need to load
_GLOBAL_OFFSET_TABLE_ into EBX first.  There is no need for that on
x86-64 since x86-64 uses PC-relative PLT.

On x86-64, for 32-bit PC-relative branches, we can generate PLT32
relocation, instead of PC32 relocation, which can also be used as
a marker for 32-bit PC-relative branches.  Linker can always reduce
PLT32 relocation to PC32 if function is defined locally.   Local
functions should use PC32 relocation.  As far as Linux kernel is
concerned, R_X86_64_PLT32 can be treated the same as R_X86_64_PC32
since Linux kernel doesn't use PLT.

R_X86_64_PLT32 for 32-bit PC-relative branches has been enabled in
binutils master branch which will become binutils 2.31.

[ hjl is working on having better documentation on this all, but a few
  more notes from him:

   "PLT32 relocation is used as marker for PC-relative branches. Because
    of EBX, it looks odd to generate PLT32 relocation on i386 when EBX
    doesn't have GOT.

    As for symbol resolution, PLT32 and PC32 relocations are almost
    interchangeable. But when linker sees PLT32 relocation against a
    protected symbol, it can resolved locally at link-time since it is
    used on a branch instruction. Linker can't do that for PC32
    relocation"

  but for the kernel use, the two are basically the same, and this
  commit gets things building and working with the current binutils
  master   - Linus ]

Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-02-22 09:01:10 -08:00
Arnd Bergmann
8337d08350 ARM: orion: fix orion_ge00_switch_board_info initialization
A section type mismatch warning shows up when building with LTO,
since orion_ge00_mvmdio_bus_name was put in __initconst but not marked
const itself:

include/linux/of.h: In function 'spear_setup_of_timer':
arch/arm/mach-spear/time.c:207:34: error: 'timer_of_match' causes a section type conflict with 'orion_ge00_mvmdio_bus_name'
 static const struct of_device_id timer_of_match[] __initconst = {
                                  ^
arch/arm/plat-orion/common.c:475:32: note: 'orion_ge00_mvmdio_bus_name' was declared here
 static __initconst const char *orion_ge00_mvmdio_bus_name = "orion-mii";
                                ^

As pointed out by Andrew Lunn, it should in fact be 'const' but not
'__initconst' because the string is never copied but may be accessed
after the init sections are freed. To fix that, I get rid of the
extra symbol and rewrite the initialization in a simpler way that
assigns both the bus_id and modalias statically.

I spotted another theoretical bug in the same place, where d->netdev[i]
may be an out of bounds access, this can be fixed by moving the device
assignment into the loop.

Cc: stable@vger.kernel.org
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2018-02-22 17:48:39 +01:00
Arnd Bergmann
e6d210180a Fixes of dwmmc tuning clocks that may make probing HS cards fail,
adding the grf-vio clock to the edp so that it can also be build
 as module, correct pcie ep-gpio on the sapphire board and finally
 a fix that makes the gmac work at gigabit speeds on the rk3328-rock64.
 -----BEGIN PGP SIGNATURE-----
 
 iQFEBAABCAAuFiEE7v+35S2Q1vLNA3Lx86Z5yZzRHYEFAlqHdkUQHGhlaWtvQHNu
 dGVjaC5kZQAKCRDzpnnJnNEdgVVtCACHTxf9/v7UFuXMDtcYRVKZaxwGe9U06RlU
 CNRLJADT300B+feHRyh2WiJvNOX4ZJeDotYkXBe/73xMp9AeLv1gTwQBQD1juAfr
 wZIXl5/P0zYFQV95oPgHOAGj89rMgvuHFGe2loO2GtIoAiZTcjNUel1SwUCNVzQL
 OVei4Z0EGx0Nk5lEFChY0pSg0cZzDko+NGSYYPeQ1qtLJffuOZAq9tG0eJAlUted
 qSCXKJnxy5cZ8FxLeuJmP2xGjiZMYLg20kr5DevRnpQTDCCP73VPIPv0IqO+YtfB
 5Cmtf8cy/GNxcG1sgK1RMW6ytP+kmBX74I6xtpUAQtaQy1Ah4jDN
 =QsKz
 -----END PGP SIGNATURE-----

Merge tag 'v4.16-rockchip-dts64fixes-1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/mmind/linux-rockchip into fixes

Pull "Rockchip dts64 fixes for 4.16" from Heiko Stübner:

Fixes of dwmmc tuning clocks that may make probing HS cards fail,
adding the grf-vio clock to the edp so that it can also be build
as module, correct pcie ep-gpio on the sapphire board and finally
a fix that makes the gmac work at gigabit speeds on the rk3328-rock64.

* tag 'v4.16-rockchip-dts64fixes-1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/mmind/linux-rockchip:
  arm64: dts: rockchip: Fix DWMMC clocks
  arm64: dts: rockchip: introduce pclk_vio_grf in rk3399-eDP device node
  arm64: dts: rockchip: correct ep-gpios for rk3399-sapphire
  arm64: dts: rockchip: fix rock64 gmac2io stability issues
2018-02-22 17:47:09 +01:00
Arnd Bergmann
d1b8b9657a Fix wrong dwmmc tuning clocks that may make probing HS cards fail to
probe and removal of special opps from the phycore boards that may
 run the cpu outside the soc-vendor specs.
 -----BEGIN PGP SIGNATURE-----
 
 iQFEBAABCAAuFiEE7v+35S2Q1vLNA3Lx86Z5yZzRHYEFAlqHdYgQHGhlaWtvQHNu
 dGVjaC5kZQAKCRDzpnnJnNEdgWwyCACeLElOaIYbFWectAjRvpYhOBMwk4mk/qA+
 R5MLVhYRBshyb7KcTG4aBuP/FjrY68BllkxR5ANSF0GZCvvxTGgW3/XCouTRtRjd
 YLIMlVKZZPokXEYxN1lqwgJjPx0pHBmDjwWcmU1cJ0gr6z5+/lPwYQW1x43S/yqd
 T01vP7TsltG7U5Ai+prQfnWkjcKbPZUEqxDtWIRHqNeudJbcIoiWCOC4H+kYbygN
 /w9UvaqGdD97Zs//v3jSxxB9CDdX3EScbPPSLhwFjj5Zckm6GJBRSbO2TWnsPv/H
 Ed83duV1eSfIePbRIu2Qk6XrUdFU37GKlNA9SNDE58nphYTW7y2R
 =Rdqg
 -----END PGP SIGNATURE-----

Merge tag 'v4.16-rockchip-dts32fixes-1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/mmind/linux-rockchip into fixes

Pull "Rockchip dts32 fixes for 4.16" from Heiko Stübner:

Fix wrong dwmmc tuning clocks that may make probing HS cards fail to
probe and removal of special opps from the phycore boards that may
run the cpu outside the soc-vendor specs.

* tag 'v4.16-rockchip-dts32fixes-1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/mmind/linux-rockchip:
  ARM: dts: rockchip: Fix DWMMC clocks
  ARM: dts: rockchip: Remove 1.8 GHz operation point from phycore som
2018-02-22 17:46:40 +01:00
Arnd Bergmann
c209d25e46 Fixes for omaps for v4.16-rc cycle
This is mostly SoC related fixes for clocks, interconnect, and PM with few
 board specifc dts related fixes:
 
 - Fix quirk handling for ti-sysc to check all quirk flags instead of just
   the first one
 
 - Fix LogicPD boards for i2c1 muxing to avoid intermittent PMIC errors
 
 - Fix debounce-interval use for omap5-uevm
 
 - Fix debugfs_create_*() usage for omap1
 
 - Fix sar_base initialization for HS omaps
 
 - Fix omap3 prm wake interrupt for resume
 
 - Fix kmemleak for omap_get_timer_dt()
 
 - Enable optional clocks before main clock to prevent interconnect target
   module from being stuck in transition
 -----BEGIN PGP SIGNATURE-----
 
 iQJFBAABCAAvFiEEkgNvrZJU/QSQYIcQG9Q+yVyrpXMFAlqHIH4RHHRvbnlAYXRv
 bWlkZS5jb20ACgkQG9Q+yVyrpXMGvRAAy67hEsJnXBMCFTasvruXcJ36H7E9csFj
 DRGvfpSvD7+EyqbMT4g9yCWaOtriHoEpZbnlfjqlE/p6Ck6Uh49tcQxqXlwXOvAn
 hMwLGxcvSSLpaTQ/VLbDlUykhE8BBL4jcOjAsCYtcZ5gX6d7ksC0yMmnLwxKVva5
 zeBCl7qASRCC8/45fSVJ9qGgS2miH215hjQYnQxg9C05iyz6sXeDwt1kVTQ0nB3P
 1TIcb2v3EJwWRr/Q/iKoW/jVfrYfrnbh3i4I3LmfUm9zknhv2rpMrgymq7WTBUAT
 EkaWjXpMgZ0HIwGn2QMPZzY7Y9k37mrcWNBxDR6HpxlmkWKmSlO2KtTAGkO+Bg46
 D/GvDKBc7H8QJG9AyT5WXK0R9ofjXN1FXtC/k4XSVUjUnGtghYN1gg8D2U4p56Uv
 zoDhjfqhokhrVIomZYEJ6QRHSO7ZV/izEEN/FDQSLGElaigz4/lsBMFE7J1kul1v
 SnNTsrAHg2UqEfA95VOtJ1eMNPDBE1lJo9wEsGwiLYZv/tvfMAAheGsJqMzbiIE8
 4oRiYPvh8pR9CeTKYp21I1CkU7BE/Nwse7jXj+0fq/XdnHrDzCpLpD3DNanZSplu
 ZxZT01D7LQ/tL76APY6DyndYbMKxGypZgreZrDFudmRazgWOOD8B1tWe/9KHv1C5
 lLpd9EAUBys=
 =cN4I
 -----END PGP SIGNATURE-----

Merge tag 'omap-for-v4.16/fixes-signed' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into fixes

Fixes for omaps for v4.16-rc cycle

This is mostly SoC related fixes for clocks, interconnect, and PM with few
board specifc dts related fixes:

- Fix quirk handling for ti-sysc to check all quirk flags instead of just
  the first one

- Fix LogicPD boards for i2c1 muxing to avoid intermittent PMIC errors

- Fix debounce-interval use for omap5-uevm

- Fix debugfs_create_*() usage for omap1

- Fix sar_base initialization for HS omaps

- Fix omap3 prm wake interrupt for resume

- Fix kmemleak for omap_get_timer_dt()

- Enable optional clocks before main clock to prevent interconnect target
  module from being stuck in transition

* tag 'omap-for-v4.16/fixes-signed' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap:
  bus: ti-sysc: Fix checking of no-reset-on-init quirk
  ARM: dts: LogicPD SOM-LV: Fix I2C1 pinmux
  ARM: dts: LogicPD Torpedo: Fix I2C1 pinmux
  ARM: dts: OMAP5: uevm: Fix "debounce-interval" property misspelling
  ARM: OMAP1: clock: Fix debugfs_create_*() usage
  ARM: OMAP2+: Fix sar_base inititalization for HS omaps
  ARM: OMAP3: Fix prm wake interrupt for resume
  ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt
  ARM: OMAP2+: hwmod_core: enable optional clocks before main clock
2018-02-22 17:45:52 +01:00
Arnd Bergmann
ac07b9aa68 mvebu fixes for 4.16 (part 1)
- Updating my emails address (from free-electrons to bootlin)
 - Adding back the selection of the PL310 Errata fix for the Cortex A9
   based Armada SoCs (Armada 375 and 38x)
 -----BEGIN PGP SIGNATURE-----
 
 iF0EABECAB0WIQQYqXDMF3cvSLY+g9cLBhiOFHI71QUCWoVeyAAKCRALBhiOFHI7
 1aIEAJ47rHwesxLkkkNmuaMGdDplMGoj7gCgqjpKQNQDhf8Jk1+cWU95if/rqWo=
 =XtHS
 -----END PGP SIGNATURE-----

Merge tag 'mvebu-fixes-4.16-1' of git://git.infradead.org/linux-mvebu into fixes

Pull "mvebu fixes for 4.16 (part 1)" from Gregory CLEMENT:

- Updating my emails address (from free-electrons to bootlin)
- Adding back the selection of the PL310 Errata fix for the Cortex A9
  based Armada SoCs (Armada 375 and 38x)

* tag 'mvebu-fixes-4.16-1' of git://git.infradead.org/linux-mvebu:
  ARM: mvebu: Fix broken PL310_ERRATA_753970 selects
  MAINTAINERS: update email address for Gregory CLEMENT
2018-02-22 17:44:19 +01:00
Arnd Bergmann
eec51afc9d ARM: davinci: mark spi_board_info arrays as const
Building with LTO revealed that three spi_board_info arrays are marked
__initconst, but not const:

arch/arm/mach-davinci/board-dm365-evm.c: In function 'dm365_evm_init':
arch/arm/mach-davinci/board-dm365-evm.c:729:30: error: 'dm365_evm_spi_info' causes a section type conflict with 'dm646x_edma_device'
 static struct spi_board_info dm365_evm_spi_info[] __initconst = {
                              ^
arch/arm/mach-davinci/dm646x.c:603:42: note: 'dm646x_edma_device' was declared here
 static const struct platform_device_info dm646x_edma_device __initconst = {

This marks them const as well, as was originally intended.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2018-02-22 17:43:16 +01:00
Arnd Bergmann
01a6e1267e ARM: clps711x: mark clps711x_compat as const
The array of string pointers is put in __initconst, and the strings themselves
are marke 'const' but the the pointers are not, which caused a warning when
built with LTO:

arch/arm/mach-clps711x/board-dt.c:72:20: error: 'clps711x_compat' causes a section type conflict with 'feroceon_ids'
 static const char *clps711x_compat[] __initconst = {

This marks the array itself const as well, which was certainly the
intention originally.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2018-02-22 17:42:42 +01:00
Arnd Bergmann
b0e8ed933a AT91 SOC fixes for 4.16:
- change my email address
 -----BEGIN PGP SIGNATURE-----
 
 iQIyBAABCgAdFiEEXx9Viay1+e7J/aM4AyWl4gNJNJIFAlqO7w4ACgkQAyWl4gNJ
 NJJohQ/4sz3GYr3bcfVSBmYWiJVTJOz65NnSAD94Lj/99tuT1U7sOyC65NYYI7vg
 OJ6PhaqsP58tNXretLEfG+PNEno8B4K/4rnwZcmjzftz/CDXfiVW6JlJYHQoyZtQ
 wdGCqmm2NtPN+QWQ4idQgzDPak6+rDqXM/gO91MhweHgRRYAyetqj4sCX4o3dwUC
 7o7tqnaCPcdGn6OsE+6tjoEX+bpNOZFktEV/LuUwDyvfLtzEBD12fMxY7GlhSRbu
 a3Ei4YlfO+I3+pyd6lW3EZ0hf0ulz7eGJV8TX12DK7+4QWUlvzPrGOo83Vd3P9oo
 mti/GLUZmUeSBMDJouUGEm4WGMrrZDItyf8cC2b+OvaVzYIaPSpvPSeL0WBk/R6F
 gQz2+3Oq4OmYiGsdPZ50x7VIuOhUT8TtQ2jVx4z2CJNWIcG1kgAyq9Ij42PJjGxB
 YhzgiUNks2C+YW6zBxm4h946eKXQMDBbjCAtSBQqEC3eIJE0C15XUdbre3HBsL+U
 sgL+eqi4K0gN9FoUIPR0dAXZTmZiaO4daWfIAO76+gVlEc3cKFJpOOSo7vMsktkP
 ZbRbHMonEgPwQv5+FzDytZYhp2+XFaa3kwBd5F/0GwSmcKN3SEm84ckpvl0TEtc4
 1uNucqtKixCpkNldJvzIgefwz2x5yu/rmlO/w32nokXzoKV0fg==
 =ByuZ
 -----END PGP SIGNATURE-----

Merge tag 'at91-ab-4.16-soc-fixes' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/abelloni/linux into fixes

Pull "AT91 SOC fixes for 4.16" from Alexandre Belloni:

 - change my email address

* tag 'at91-ab-4.16-soc-fixes' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/abelloni/linux:
  MAINTAINERS: ARM: at91: update my email address
2018-02-22 17:40:14 +01:00
Mathieu Malaterre
e519eedb68 arm: zx: dts: Remove leading 0x and 0s from bindings notation
Improve the DTS files by removing all the leading "0x" and zeros to fix the
following dtc warnings:

Warning (unit_address_format): Node /XXX unit name should not have leading "0x"

and

Warning (unit_address_format): Node /XXX unit name should not have leading 0s

Converted using the following command:

find . -type f \( -iname *.dts -o -iname *.dtsi \) -exec sed -i -e "s/@\([0-9a-fA-FxX\.;:#]+\)\s*{/@\L\1 {/g" -e "s/@0x\(.*\) {/@\1 {/g" -e "s/@0+\(.*\) {/@\1 {/g" {} +^C

For simplicity, two sed expressions were used to solve each warnings separately.

To make the regex expression more robust a few other issues were resolved,
namely setting unit-address to lower case, and adding a whitespace before the
the opening curly brace:

https://elinux.org/Device_Tree_Linux#Linux_conventions

This will solve as a side effect warning:

Warning (simple_bus_reg): Node /XXX@<UPPER> simple-bus unit address format error, expected "<lower>"

This is a follow up to commit 4c9847b737 ("dt-bindings: Remove leading 0x from bindings notation")

Reported-by: David Daney <ddaney@caviumnetworks.com>
Suggested-by: Rob Herring <robh@kernel.org>
Signed-off-by: Mathieu Malaterre <malat@debian.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2018-02-22 17:39:02 +01:00
Mathieu Malaterre
9977a8c349 arm64: dts: Remove leading 0x and 0s from bindings notation
Improve the DTS files by removing all the leading "0x" and zeros to fix the
following dtc warnings:

Warning (unit_address_format): Node /XXX unit name should not have leading "0x"

and

Warning (unit_address_format): Node /XXX unit name should not have leading 0s

Converted using the following command:

find . -type f \( -iname *.dts -o -iname *.dtsi \) -exec sed -E -i -e "s/@0x([0-9a-fA-F\.]+)\s?\{/@\L\1 \{/g" -e "s/@0+([0-9a-fA-F\.]+)\s?\{/@\L\1 \{/g" {} +

For simplicity, two sed expressions were used to solve each warnings separately.

To make the regex expression more robust a few other issues were resolved,
namely setting unit-address to lower case, and adding a whitespace before the
the opening curly brace:

https://elinux.org/Device_Tree_Linux#Linux_conventions

This is a follow up to commit 4c9847b737 ("dt-bindings: Remove leading 0x from bindings notation")

Reported-by: David Daney <ddaney@caviumnetworks.com>
Suggested-by: Rob Herring <robh@kernel.org>
Signed-off-by: Mathieu Malaterre <malat@debian.org>
Acked-by: Matthias Brugger <matthias.bgg@gmail.com>
Acked-by: Andy Gross <andy.gross@linaro.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2018-02-22 17:37:53 +01:00
Arnd Bergmann
713bb31c50 Amlogic fixes for v4.16-rc1
- DT: fix UART address ranges
 - DT: enable PHY interrupts
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEe4dGDhaSf6n1v/EMWTcYmtP7xmUFAlqCLmEACgkQWTcYmtP7
 xmXmmg//XRKTh6lsEp8hZZKfV1jhsuyBOoZ3AjuHvB8A1aUWd7KS7jrMYWhrjKb6
 ae1mE02UIe/zmT9UvsCWq+fM71FLsFjo8QeaaWAvLfnKoIeDZGCSkuthwLJOKMlb
 NCLIFdhxXi9oguq7/VR7J18NQX64h9RscbBY06TyqU3Q9kSv70z04TQyMqilZNAr
 M+ziAkST4MS8inM7YUdS9ZZMvu5RPfSSiq0o6pXKE6dQULrC/G7ftvPexCDSUk4O
 3efcT8ZDjuB3lSuTfdV4ynEWypeHTfHUXqWJPxw8rk8/vfPC9ldriWkkmkrqvSs0
 we4hmZuAgfc8iZYT0Unh1vPo3DiqM7X4KihWADvL3IpSlGhaCQpwgnZsktd8BMhL
 sOPodO8neJ0TFTJfIcuk994WysvPbIaDfmWnvI936U3tUrfkTgx7Hc5MMJtBU4rr
 ruVJZjnw4RPeYRwMr0LgQIRwCcQZbMuKXW4TOb974lIEj/3taXMmtRpQif/OMqmX
 gCmdER8O1DPVzNT4fy6rI+pESfWsMWEg+5nPik3rp5kylLrtF1sqIYveXVKiBA++
 WmTAnu5rkqhkmMnOavVMw2LuYtzPwgqJmUb8dQD854RVvFxCZvJOrKAc9npMQr74
 FnpYGY1OBa31c7Dv3cPvIvkOLhAR1dWe/c6CQL57dHy3ZzaXZHY=
 =IKaR
 -----END PGP SIGNATURE-----

Merge tag 'amlogic-fixes' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/khilman/linux-amlogic into fixes

Amlogic fixes for v4.16-rc1
- DT: fix UART address ranges
- DT: enable PHY interrupts

* tag 'amlogic-fixes' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/khilman/linux-amlogic:
  ARM64: dts: meson: uart: fix address space range
  ARM64: dts: meson-gxl: add internal ethernet PHY irq
2018-02-22 17:37:01 +01:00
Rob Herring
e2c8d283c4 arm64: dts: cavium: fix PCI bus dtc warnings
dtc recently added PCI bus checks. Fix these warnings:

arch/arm64/boot/dts/cavium/thunder2-99xx.dtb: Warning (pci_bridge): Node /pci missing bus-range for PCI bridge
arch/arm64/boot/dts/cavium/thunder2-99xx.dtb: Warning (unit_address_vs_reg): Node /pci has a reg or ranges property, but no unit name

Signed-off-by: Rob Herring <robh@kernel.org>
Cc: Jayachandran C <jnair@caviumnetworks.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2018-02-22 17:36:07 +01:00
Alexandre Belloni
c8d5dcf122 MAINTAINERS: ARM: at91: update my email address
Free Electrons is now Bootlin.

Acked-by: Nicolas Ferre <nicolas.ferre@microchip.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
2018-02-22 16:22:15 +01:00
David Howells
d9f4bb1a0f KEYS: Use individual pages in big_key for crypto buffers
kmalloc() can't always allocate large enough buffers for big_key to use for
crypto (1MB + some metadata) so we cannot use that to allocate the buffer.
Further, vmalloc'd pages can't be passed to sg_init_one() and the aead
crypto accessors cannot be called progressively and must be passed all the
data in one go (which means we can't pass the data in one block at a time).

Fix this by allocating the buffer pages individually and passing them
through a multientry scatterlist to the crypto layer.  This has the bonus
advantage that we don't have to allocate a contiguous series of pages.

We then vmap() the page list and pass that through to the VFS read/write
routines.

This can trigger a warning:

	WARNING: CPU: 0 PID: 60912 at mm/page_alloc.c:3883 __alloc_pages_nodemask+0xb7c/0x15f8
	([<00000000002acbb6>] __alloc_pages_nodemask+0x1ee/0x15f8)
	 [<00000000002dd356>] kmalloc_order+0x46/0x90
	 [<00000000002dd3e0>] kmalloc_order_trace+0x40/0x1f8
	 [<0000000000326a10>] __kmalloc+0x430/0x4c0
	 [<00000000004343e4>] big_key_preparse+0x7c/0x210
	 [<000000000042c040>] key_create_or_update+0x128/0x420
	 [<000000000042e52c>] SyS_add_key+0x124/0x220
	 [<00000000007bba2c>] system_call+0xc4/0x2b0

from the keyctl/padd/useradd test of the keyutils testsuite on s390x.

Note that it might be better to shovel data through in page-sized lumps
instead as there's no particular need to use a monolithic buffer unless the
kernel itself wants to access the data.

Fixes: 13100a72f4 ("Security: Keys: Big keys stored encrypted")
Reported-by: Paul Bunyan <pbunyan@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Kirill Marinushkin <k.marinushkin@gmail.com>
2018-02-22 14:58:38 +00:00
Eric Biggers
4b34968e77 X.509: fix NULL dereference when restricting key with unsupported_sig
The asymmetric key type allows an X.509 certificate to be added even if
its signature's hash algorithm is not available in the crypto API.  In
that case 'payload.data[asym_auth]' will be NULL.  But the key
restriction code failed to check for this case before trying to use the
signature, resulting in a NULL pointer dereference in
key_or_keyring_common() or in restrict_link_by_signature().

Fix this by returning -ENOPKG when the signature is unsupported.

Reproducer when all the CONFIG_CRYPTO_SHA512* options are disabled and
keyctl has support for the 'restrict_keyring' command:

    keyctl new_session
    keyctl restrict_keyring @s asymmetric builtin_trusted
    openssl req -new -sha512 -x509 -batch -nodes -outform der \
        | keyctl padd asymmetric desc @s

Fixes: a511e1af8b ("KEYS: Move the point of trust determination to __key_link()")
Cc: <stable@vger.kernel.org> # v4.7+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
2018-02-22 14:38:34 +00:00
Eric Biggers
437499eea4 X.509: fix BUG_ON() when hash algorithm is unsupported
The X.509 parser mishandles the case where the certificate's signature's
hash algorithm is not available in the crypto API.  In this case,
x509_get_sig_params() doesn't allocate the cert->sig->digest buffer;
this part seems to be intentional.  However,
public_key_verify_signature() is still called via
x509_check_for_self_signed(), which triggers the 'BUG_ON(!sig->digest)'.

Fix this by making public_key_verify_signature() return -ENOPKG if the
hash buffer has not been allocated.

Reproducer when all the CONFIG_CRYPTO_SHA512* options are disabled:

    openssl req -new -sha512 -x509 -batch -nodes -outform der \
        | keyctl padd asymmetric desc @s

Fixes: 6c2dc5ae4a ("X.509: Extract signature digest and make self-signed cert checks earlier")
Reported-by: Paolo Valente <paolo.valente@linaro.org>
Cc: Paolo Valente <paolo.valente@linaro.org>
Cc: <stable@vger.kernel.org> # v4.7+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
2018-02-22 14:38:33 +00:00
Eric Biggers
6459ae3866 PKCS#7: fix direct verification of SignerInfo signature
If none of the certificates in a SignerInfo's certificate chain match a
trusted key, nor is the last certificate signed by a trusted key, then
pkcs7_validate_trust_one() tries to check whether the SignerInfo's
signature was made directly by a trusted key.  But, it actually fails to
set the 'sig' variable correctly, so it actually verifies the last
signature seen.  That will only be the SignerInfo's signature if the
certificate chain is empty; otherwise it will actually be the last
certificate's signature.

This is not by itself a security problem, since verifying any of the
certificates in the chain should be sufficient to verify the SignerInfo.
Still, it's not working as intended so it should be fixed.

Fix it by setting 'sig' correctly for the direct verification case.

Fixes: 757932e6da ("PKCS#7: Handle PKCS#7 messages that contain no X.509 certs")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
2018-02-22 14:38:33 +00:00
Eric Biggers
29f4a67c17 PKCS#7: fix certificate blacklisting
If there is a blacklisted certificate in a SignerInfo's certificate
chain, then pkcs7_verify_sig_chain() sets sinfo->blacklisted and returns
0.  But, pkcs7_verify() fails to handle this case appropriately, as it
actually continues on to the line 'actual_ret = 0;', indicating that the
SignerInfo has passed verification.  Consequently, PKCS#7 signature
verification ignores the certificate blacklist.

Fix this by not considering blacklisted SignerInfos to have passed
verification.

Also fix the function comment with regards to when 0 is returned.

Fixes: 03bb79315d ("PKCS#7: Handle blacklisted certificates")
Cc: <stable@vger.kernel.org> # v4.12+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
2018-02-22 14:38:33 +00:00
Eric Biggers
971b42c038 PKCS#7: fix certificate chain verification
When pkcs7_verify_sig_chain() is building the certificate chain for a
SignerInfo using the certificates in the PKCS#7 message, it is passing
the wrong arguments to public_key_verify_signature().  Consequently,
when the next certificate is supposed to be used to verify the previous
certificate, the next certificate is actually used to verify itself.

An attacker can use this bug to create a bogus certificate chain that
has no cryptographic relationship between the beginning and end.

Fortunately I couldn't quite find a way to use this to bypass the
overall signature verification, though it comes very close.  Here's the
reasoning: due to the bug, every certificate in the chain beyond the
first actually has to be self-signed (where "self-signed" here refers to
the actual key and signature; an attacker might still manipulate the
certificate fields such that the self_signed flag doesn't actually get
set, and thus the chain doesn't end immediately).  But to pass trust
validation (pkcs7_validate_trust()), either the SignerInfo or one of the
certificates has to actually be signed by a trusted key.  Since only
self-signed certificates can be added to the chain, the only way for an
attacker to introduce a trusted signature is to include a self-signed
trusted certificate.

But, when pkcs7_validate_trust_one() reaches that certificate, instead
of trying to verify the signature on that certificate, it will actually
look up the corresponding trusted key, which will succeed, and then try
to verify the *previous* certificate, which will fail.  Thus, disaster
is narrowly averted (as far as I could tell).

Fixes: 6c2dc5ae4a ("X.509: Extract signature digest and make self-signed cert checks earlier")
Cc: <stable@vger.kernel.org> # v4.7+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
2018-02-22 14:38:33 +00:00
Li Zhijian
80475c48c6 selftests/bpf/test_maps: exit child process without error in ENOMEM case
test_maps contains a series of stress tests, and previously it will break the
rest tests when it failed to alloc memory.
-----------------------
Failed to create hashmap key=8 value=262144 'Cannot allocate memory'
Failed to create hashmap key=16 value=262144 'Cannot allocate memory'
Failed to create hashmap key=8 value=262144 'Cannot allocate memory'
Failed to create hashmap key=8 value=262144 'Cannot allocate memory'
test_maps: test_maps.c:955: run_parallel: Assertion `status == 0' failed.
Aborted
not ok 1..3 selftests:  test_maps [FAIL]
-----------------------
after this patch, the rest tests will be continue when it occurs an ENOMEM failure

CC: Alexei Starovoitov <alexei.starovoitov@gmail.com>
CC: Philip Li <philip.li@intel.com>
Suggested-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Li Zhijian <zhijianx.li@intel.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2018-02-22 15:21:26 +01:00
Will Deacon
15122ee2c5 arm64: Enforce BBM for huge IO/VMAP mappings
ioremap_page_range doesn't honour break-before-make and attempts to put
down huge mappings (using p*d_set_huge) over the top of pre-existing
table entries. This leads to us leaking page table memory and also gives
rise to TLB conflicts and spurious aborts, which have been seen in
practice on Cortex-A75.

Until this has been resolved, refuse to put block mappings when the
existing entry is found to be present.

Fixes: 324420bf91 ("arm64: add support for ioremap() block mappings")
Reported-by: Hanjun Guo <hanjun.guo@linaro.org>
Reported-by: Lei Li <lious.lilei@hisilicon.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2018-02-22 11:25:53 +00:00
Andy Shevchenko
d1fa74520d i2c: designware: Consider SCL GPIO optional
GPIO library can return -ENOSYS for the failed request.
Instead of failing ->probe() in this case override error code to 0.

Fixes: ca382f5b38 ("i2c: designware: add i2c gpio recovery option")
Reported-by: Dominik Brodowski <linux@dominikbrodowski.net>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Tested-by: Dominik Brodowski <linux@dominikbrodowski.net>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
2018-02-22 12:15:35 +01:00
Patryk Kocielnik
c396b9a03e i2c: busses: i2c-sirf: Fix spelling: "formular" -> "formula".
Fix spelling.

Signed-off-by: Patryk Kocielnik <patryk.kocielnik@gmail.com>
[wsa: fixed "Initialization", too]
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
2018-02-22 12:12:35 +01:00
Eric Anholt
fe32a815f0 i2c: bcm2835: Set up the rising/falling edge delays
We were leaving them in the power on state (or the state the firmware
had set up for some client, if we were taking over from them).  The
boot state was 30 core clocks, when we actually want to sample some
time after (to make sure that the new input bit has actually arrived).

Signed-off-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Boris Brezillon <boris.brezillon@bootlin.com>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Cc: stable@kernel.org
2018-02-22 12:11:07 +01:00
Takashi Iwai
7229b12f5d ALSA: x86: hdmi: Add single_port option for compatible behavior
The recent support for the multiple PCM devices allowed user to use
multiple HDMI/DP outputs, but at the same time, the PCM stream
assignment has been changed, too.  Due to that, the former PCM#0
(there was only one stream in the past) is likely assigned to a
different one (e.g. PCM#2), and it ends up with the regression when
user sticks with the fixed configuration using the device#0.

Although the multiple monitor support shouldn't matter when user
deploys the backend like PulseAudio that checks the jack detection
state, the behavior change isn't always acceptable for some users.

As a mitigation, this patch introduces an option to switch the
behavior back to the old-good-days: when the new option,
single_port=1, is passed, the driver creates only a single PCM device,
and it's assigned to the first connected one, like the earlier
versions did.  The option is turned off as default still to support
the multiple monitors.

Fixes: 8a2d6ae1f7 ("ALSA: x86: Register multiple PCM devices for the LPE audio card")
Reported-and-tested-by: Hubert Mantel <mantel@metadox.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2018-02-22 11:51:36 +01:00
Ingo Molnar
ed7158bae4 treewide/trivial: Remove ';;$' typo noise
On lkml suggestions were made to split up such trivial typo fixes into per subsystem
patches:

  --- a/arch/x86/boot/compressed/eboot.c
  +++ b/arch/x86/boot/compressed/eboot.c
  @@ -439,7 +439,7 @@ setup_uga32(void **uga_handle, unsigned long size, u32 *width, u32 *height)
          struct efi_uga_draw_protocol *uga = NULL, *first_uga;
          efi_guid_t uga_proto = EFI_UGA_PROTOCOL_GUID;
          unsigned long nr_ugas;
  -       u32 *handles = (u32 *)uga_handle;;
  +       u32 *handles = (u32 *)uga_handle;
          efi_status_t status = EFI_INVALID_PARAMETER;
          int i;

This patch is the result of the following script:

  $ sed -i 's/;;$/;/g' $(git grep -E ';;$'  | grep "\.[ch]:"  | grep -vwE 'for|ia64' | cut -d: -f1 | sort | uniq)

... followed by manual review to make sure it's all good.

Splitting this up is just crazy talk, let's get over with this and just do it.

Reported-by: Pavel Machek <pavel@ucw.cz>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2018-02-22 10:59:33 +01:00
Christoph Hellwig
796b0b8d8d nvmet-loop: use blk_rq_payload_bytes for sgl selection
blk_rq_bytes does the wrong thing for special payloads like discards and
might cause the driver to not set up a SGL.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Keith Busch <keith.busch@intel.com>
2018-02-22 01:45:34 -07:00
Christoph Hellwig
0d30992395 nvme-rdma: use blk_rq_payload_bytes instead of blk_rq_bytes
blk_rq_bytes does the wrong thing for special payloads like discards and
might cause the driver to not set up a SGL.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Keith Busch <keith.busch@intel.com>
2018-02-22 01:45:32 -07:00
Christoph Hellwig
5a1e595333 nvme-fabrics: don't check for non-NULL module in nvmf_register_transport
THIS_MODULE evaluates to NULL when used from code built into the kernel,
thus breaking built-in transport modules.  Remove the bogus check.

Fixes: 0de5cd36 ("nvme-fabrics: protect against module unload during create_ctrl")
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Keith Busch <keith.busch@intel.com>
2018-02-22 01:45:30 -07:00
Mark Lord
083b209071 powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access
I am using SECCOMP to filter syscalls on a ppc32 platform, and noticed
that the JIT compiler was failing on the BPF even though the
interpreter was working fine.

The issue was that the compiler was missing one of the instructions
used by SECCOMP, so here is a patch to enable JIT for that
instruction.

Fixes: eb84bab0fb ("ppc: Kconfig: Enable BPF JIT on ppc32")
Signed-off-by: Mark Lord <mlord@pobox.com>
Acked-by: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2018-02-22 14:36:08 +11:00