- Linux-stable-mirror - lists.linaro.org

[PATCH 3.18 000/121] 3.18.105-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 3.18.105 release. There are 121 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri Apr 13 18:34:28 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v3.x/stable-review/patch-3.18.105-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-3.18.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 3.18.105-rc1 Paolo Abeni <pabeni(a)redhat.com> ipv6: the entire IPv6 header chain must fit the first fragment Craig Dillabaugh <cdillaba(a)mojatatu.com> net sched actions: fix dumping which requires several messages to user space Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix setting driver_data after register_netdev Eric Dumazet <edumazet(a)google.com> ip6_tunnel: better validate user provided tunnel names Eric Dumazet <edumazet(a)google.com> vti6: better validate user provided tunnel names Eric Dumazet <edumazet(a)google.com> ip6_gre: better validate user provided tunnel names Eric Dumazet <edumazet(a)google.com> ipv6: sit: better validate user provided tunnel names Eric Dumazet <edumazet(a)google.com> ip_tunnel: better validate user provided tunnel names Eric Dumazet <edumazet(a)google.com> net: fool proof dev_valid_name() Xin Long <lucien.xin(a)gmail.com> bonding: process the err returned by dev_set_allmulti properly in bond_enslave Xin Long <lucien.xin(a)gmail.com> bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave Xin Long <lucien.xin(a)gmail.com> bonding: fix the err path for dev hwaddr sync in bond_enslave Jason Wang <jasowang(a)redhat.com> vhost: correctly remove wait queue during poll failure Kai-Heng Feng <kai.heng.feng(a)canonical.com> sky2: Increase D3 delay to sky2 stops working after suspend Eric Dumazet <edumazet(a)google.com> sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 Eric Dumazet <edumazet(a)google.com> sctp: do not leak kernel memory to user space Eric Dumazet <edumazet(a)google.com> pptp: remove a buggy dst release in pptp_connect() Alexander Potapenko <glider(a)google.com> netlink: make sure nladdr has correct size in netlink_connect() Eric Dumazet <edumazet(a)google.com> net: fix possible out-of-bound read in skb_network_protocol() Mel Gorman <mgorman(a)suse.de> futex: Remove requirement for lock_page() in get_futex_key() Theodore Ts'o <tytso(a)mit.edu> random: use lockless method of accessing and updating f->reg_idx Nathan Chancellor <natechancellor(a)gmail.com> virtio_net: check return value of skb_to_sgvec in one more location Jason A. Donenfeld <Jason(a)zx2c4.com> virtio_net: check return value of skb_to_sgvec always Jason A. Donenfeld <Jason(a)zx2c4.com> rxrpc: check return value of skb_to_sgvec always Jason A. Donenfeld <Jason(a)zx2c4.com> ipsec: check return value of skb_to_sgvec always Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> EDAC, mv64x60: Fix an error handling path Tony Lindgren <tony(a)atomide.com> tty: n_gsm: Allow ADM response in addition to UA for control dlci chenxiang <chenxiang66(a)hisilicon.com> scsi: libsas: initialize sas_phy status according to response of DISCOVER Jason Yan <yanaijie(a)huawei.com> scsi: libsas: fix error when getting phy events Jason Yan <yanaijie(a)huawei.com> scsi: libsas: fix memory leak in sas_smp_get_phy_events() Tang Junhui <tang.junhui(a)zte.com.cn> bcache: segregate flash only volume write streams Tang Junhui <tang.junhui(a)zte.com.cn> bcache: stop writeback thread after detaching Roopa Prabhu <roopa(a)cumulusnetworks.com> vxlan: dont migrate permanent fdb entries during learn Bob Moore <robert.moore(a)intel.com> ACPICA: Disassembler: Abort on an invalid/unknown AML opcode Lv Zheng <lv.zheng(a)intel.com> ACPICA: Events: Add runtime stub support for event APIs Marcel Holtmann <marcel(a)holtmann.org> Bluetooth: Send HCI Set Event Mask Page 2 command only when needed Lorenzo Bianconi <lorenzo.bianconi83(a)gmail.com> iio: magnetometer: st_magn_spi: fix spi_device_id table Jag Raman <jag.raman(a)oracle.com> sparc64: ldc abort during vds iso boot Xin Long <lucien.xin(a)gmail.com> sctp: fix recursive locking warning in sctp_do_peeloff Mintz, Yuval <Yuval.Mintz(a)cavium.com> bnx2x: Allow vfs to disable txvlan offload Arnd Bergmann <arnd(a)arndb.de> xen: avoid type warning in xchg_xen_ulong Namhyung Kim <namhyung(a)kernel.org> perf tests: Decompress kernel module before objdump Christian Lamparter <chunkeey(a)googlemail.com> net: emac: fix reset timeout with AR8035 phy Marcin Nowakowski <marcin.nowakowski(a)imgtec.com> MIPS: kprobes: flush_insn_slot should flush only if probe initialised Marcin Nowakowski <marcin.nowakowski(a)imgtec.com> MIPS: mm: fixed mappings: correct initialisation Peter Zijlstra <peterz(a)infradead.org> perf/core: Correct event creation with PERF_FORMAT_GROUP Chris Wilson <chris(a)chris-wilson.co.uk> e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails Russell King <rmk+kernel(a)armlinux.org.uk> net: phy: avoid genphy_aneg_done() for PHYs without clause 22 support A Sun <as1033x(a)comcast.net> mceusb: sporadic RX truncation corruption fix Pan Bian <bianpan2016(a)163.com> cx25840: fix unchecked return values Jacob Keller <jacob.e.keller(a)intel.com> e1000e: fix race condition around skb_tstamp_tx() Robert Jarzmik <robert.jarzmik(a)free.fr> tags: honor COMPILED_SOURCE with apart output directory Milian Wolff <milian.wolff(a)kdab.com> perf report: Ensure the perf DSO mapping matches what libdw sees Talat Batheesh <talatb(a)mellanox.com> net/mlx4: Fix the check in attaching steering rules Jason A. Donenfeld <Jason(a)zx2c4.com> skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow Dmitry Monakhov <dmonakhov(a)openvz.org> bio-integrity: Do not allocate integrity context for bio w/o data Thomas Bogendoerfer <tsbogend(a)alpha.franken.de> Fix serial console on SNI RM400 machines Tomi Valkeinen <tomi.valkeinen(a)ti.com> drm/omap: fix tiled buffer stride calculations Jia-Ju Bai <baijiaju1990(a)163.com> mISDN: Fix a sleep-in-atomic bug Jia-Ju Bai <baijiaju1990(a)163.com> qlcnic: Fix a sleep-in-atomic bug in qlcnic_82xx_hw_write_wx_2M and qlcnic_82xx_hw_read_wx_2M Jiri Olsa <jolsa(a)kernel.org> perf trace: Add mmap alias for s390 Michael Ellerman <mpe(a)ellerman.id.au> powerpc/spufs: Fix coredump of SPU contexts Roman Pen <roman.penyaev(a)profitbricks.com> KVM: SVM: do not zero out segment attributes if segment is unusable or not present Gustavo A. R. Silva <garsilva(a)embeddedor.com> net: freescale: fix potential null pointer dereference Vaibhav Jain <vaibhav(a)linux.vnet.ibm.com> rtc: interface: Validate alarm-time before handling rollover Will Deacon <will.deacon(a)arm.com> arm64: futex: Fix undefined behaviour with FUTEX_OP_OPARG_SHIFT usage Ivan Mikhaylov <ivan(a)de.ibm.com> powerpc/[booke|4xx]: Don't clobber TCR[WP] when setting TCR[DIE] Miklos Szeredi <mszeredi(a)redhat.com> ovl: filter trusted xattr for non-admin Firo Yang <firogm(a)gmail.com> hdlcdrv: Fix divide by zero in hdlcdrv_ioctl Colin Ian King <colin.king(a)canonical.com> wl1251: check return from call to wl1251_acx_arp_ip_filter Pieter \"PoroCYon\" Sluys <pcy(a)national.shitposting.agency> vfb: fix video mode and line_length being set when loaded Rafael David Tinoco <rafael.tinoco(a)canonical.com> scsi: libiscsi: Allow sd_shutdown on bad transport Hangbin Liu <liuhangbin(a)gmail.com> l2tp: fix missing print session offset info linzhang <xiaolou4617(a)gmail.com> net: llc: add lock_sock in llc_ui_bind to avoid a race condition Jan H. Schönherr <jschoenh(a)amazon.de> KVM: nVMX: Fix handling of lmsw instruction Nithin Sujir <nsujir(a)tintri.com> bonding: Don't update slave->link until ready to commit Roman Kapl <roman.kapl(a)sysgo.com> net: move somaxconn init from sysctl code Eryu Guan <eguan(a)redhat.com> ext4: fix off-by-one on max nr_pages in ext4_find_unwritten_pgoff() Michael Schmitz <schmitzmic(a)gmail.com> fix race in drivers/char/random.c:get_reg() Maurizio Lombardi <mlombard(a)redhat.com> scsi: bnx2fc: fix race condition in bnx2fc_get_host_stats() Liping Zhang <zlpnobody(a)gmail.com> netfilter: ctnetlink: fix incorrect nf_ct_put during hash resize Dan Carpenter <dan.carpenter(a)oracle.com> libceph: NULL deref on crush_decode() error path Dan Carpenter <dan.carpenter(a)oracle.com> block: fix an error code in add_partition() Tin Huynh <tnhuynh(a)apm.com> leds: pca955x: Correct I2C Functionality Kees Cook <keescook(a)chromium.org> ray_cs: Avoid reading past end of buffer Suman Anna <s-anna(a)ti.com> ARM: davinci: da8xx: Create DSP device only when assigned memory Antony Antony <antony(a)phenome.org> xfrm: fix state migration copy replay sequence numbers Michael Ellerman <mpe(a)ellerman.id.au> selftests/powerpc: Fix TM resched DSCR test with some compilers Colin Ian King <colin.king(a)canonical.com> ath5k: fix memory leak on buf on failed eeprom read Geert Uytterhoeven <geert+renesas(a)glider.be> sh_eth: Use platform device for printing before register_netdev() Alan Stern <stern(a)rowland.harvard.edu> USB: ene_usb6250: fix SCSI residue overwriting linzhang <xiaolou4617(a)gmail.com> net: x25: fix one potential use-after-free issue Alan Stern <stern(a)rowland.harvard.edu> USB: ene_usb6250: fix first command execution Jisheng Zhang <jszhang(a)marvell.com> usb: chipidea: properly handle host or gadget initialization failure Ihar Hrachyshka <ihrachys(a)redhat.com> neighbour: update neigh timestamps iff update is effective Thomas Petazzoni <thomas.petazzoni(a)free-electrons.com> ata: libahci: properly propagate return value of platform_get_irq() Colin Ian King <colin.king(a)canonical.com> btrfs: fix incorrect error return ret being passed to mapping_set_error Pan Bian <bianpan2016(a)163.com> usb: dwc3: keystone: check return value Anup Patel <anup.patel(a)broadcom.com> async_tx: Fix DMA_PREP_FENCE usage in do_async_gen_syndrome() Mahesh Bandewar <maheshb(a)google.com> ipv6: avoid dad-failures for addresses with NODAD Fabio Estevam <fabio.estevam(a)nxp.com> ARM: dts: imx6qdl-wandboard: Fix audio channel swap Peter Zijlstra <peterz(a)infradead.org> x86/tsc: Provide 'tsc=unstable' boot parameter Andrea della Porta <sfaragnaus(a)gmail.com> staging: wlan-ng: prism2mgmt.c: fixed a double endian conversion before calling hfa384x_drvr_setconfig16, also fixes relative sparse warning Dan Carpenter <dan.carpenter(a)oracle.com> PowerCap: Fix an error code in powercap_register_zone() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> SMB2: Fix share type handling Neil Horman <nhorman(a)tuxdriver.com> vmxnet3: ensure that adapter is in proper state during force_close Paul Mackerras <paulus(a)ozlabs.org> KVM: PPC: Book3S PR: Check copy_to/from_user return values Colin Ian King <colin.king(a)canonical.com> netxen_nic: set rcode to the return status from the call to netxen_issue_cmd Stefan Wahren <stefan.wahren(a)i2se.com> net: qca_spi: Fix alignment issues in rx path Rabin Vincent <rabinv(a)axis.com> CIFS: silence lockdep splat in cifs_relock_file() Talat Batheesh <talatb(a)mellanox.com> net/mlx4_en: Avoid adding steering rules with invalid ring Heiko Carstens <heiko.carstens(a)de.ibm.com> s390: move _text symbol to address higher than zero Kirill Tkhai <ktkhai(a)virtuozzo.com> pidns: disable pid allocation if pid_ns_prepare_proc() is failed in alloc_pid() J. Bruce Fields <bfields(a)redhat.com> lockd: fix lockd shutdown race Grygorii Strashko <grygorii.strashko(a)ti.com> net: ethernet: ti: cpsw: adjust cpsw fifos depth for fullduplex flow control Kees Cook <keescook(a)chromium.org> qlge: Avoid reading past end of buffer Kees Cook <keescook(a)chromium.org> bna: Avoid reading past end of buffer Luca Coelho <luciano.coelho(a)intel.com> mac80211: bail out from prep_connection() if a reconfig is ongoing Steffen Klassert <steffen.klassert(a)secunet.com> af_key: Fix slab-out-of-bounds in pfkey_compile_policy. Bart Van Assche <bart.vanassche(a)sandisk.com> IB/srpt: Fix abort handling Trond Myklebust <trond.myklebust(a)primarydata.com> NFSv4.1: RECLAIM_COMPLETE must handle NFS4ERR_CONN_NOT_BOUND_TO_SESSION ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/imx6qdl-wandboard.dtsi | 1 + arch/arm/include/asm/xen/events.h | 2 +- arch/arm/mach-davinci/devices-da8xx.c | 10 +++ arch/arm64/include/asm/futex.h | 8 +- arch/mips/include/asm/kprobes.h | 3 +- arch/mips/mm/pgtable-32.c | 6 +- arch/powerpc/kernel/time.c | 14 +++- arch/powerpc/kvm/book3s_pr_papr.c | 34 ++++++-- arch/powerpc/platforms/cell/spufs/coredump.c | 2 + arch/s390/kernel/vmlinux.lds.S | 8 +- arch/sparc/kernel/ldc.c | 7 +- arch/x86/kernel/tsc.c | 2 + arch/x86/kvm/svm.c | 24 +++--- arch/x86/kvm/vmx.c | 7 +- block/bio-integrity.c | 3 + block/partition-generic.c | 4 +- crypto/async_tx/async_pq.c | 5 +- drivers/acpi/acpica/evxfevnt.c | 18 ++++ drivers/acpi/acpica/psobject.c | 14 ++++ drivers/ata/libahci_platform.c | 5 +- drivers/char/random.c | 10 ++- drivers/edac/mv64x60_edac.c | 2 +- drivers/gpu/drm/omapdrm/omap_gem.c | 4 +- drivers/iio/magnetometer/st_magn_spi.c | 2 - drivers/infiniband/ulp/srpt/ib_srpt.c | 6 +- drivers/isdn/mISDN/stack.c | 2 +- drivers/leds/leds-pca955x.c | 2 +- drivers/md/bcache/alloc.c | 19 +++-- drivers/md/bcache/super.c | 6 ++ drivers/media/i2c/cx25840/cx25840-core.c | 36 ++++---- drivers/media/rc/mceusb.c | 9 +- drivers/net/bonding/bond_main.c | 84 ++++++++++--------- drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 19 ++++- drivers/net/ethernet/brocade/bna/bfa_ioc.c | 2 +- drivers/net/ethernet/freescale/fsl_pq_mdio.c | 9 +- drivers/net/ethernet/ibm/emac/core.c | 26 +++++- drivers/net/ethernet/intel/e1000e/netdev.c | 17 +++- drivers/net/ethernet/marvell/sky2.c | 2 +- drivers/net/ethernet/mellanox/mlx4/mcg.c | 15 +++- drivers/net/ethernet/mellanox/mlx4/qp.c | 13 +++ .../net/ethernet/qlogic/netxen/netxen_nic_ctx.c | 2 +- drivers/net/ethernet/qlogic/qlcnic/qlcnic_hw.c | 2 +- drivers/net/ethernet/qlogic/qlge/qlge_dbg.c | 4 +- drivers/net/ethernet/qualcomm/qca_spi.c | 10 ++- drivers/net/ethernet/realtek/r8169.c | 4 +- drivers/net/ethernet/renesas/sh_eth.c | 2 +- drivers/net/ethernet/ti/cpsw.c | 16 ++++ drivers/net/hamradio/hdlcdrv.c | 2 + drivers/net/phy/phy.c | 6 ++ drivers/net/ppp/pptp.c | 1 - drivers/net/virtio_net.c | 16 +++- drivers/net/vmxnet3/vmxnet3_drv.c | 5 ++ drivers/net/vxlan.c | 2 +- drivers/net/wireless/ath/ath5k/debug.c | 5 +- drivers/net/wireless/ray_cs.c | 7 +- drivers/net/wireless/ti/wl1251/main.c | 3 +- drivers/powercap/powercap_sys.c | 1 + drivers/rtc/interface.c | 9 +- drivers/scsi/bnx2fc/bnx2fc.h | 1 + drivers/scsi/bnx2fc/bnx2fc_fcoe.c | 10 ++- drivers/scsi/libiscsi.c | 24 +++++- drivers/scsi/libsas/sas_expander.c | 4 +- drivers/staging/wlan-ng/prism2mgmt.c | 2 +- drivers/tty/n_gsm.c | 17 +++- drivers/tty/serial/sccnxp.c | 15 ++-- drivers/usb/chipidea/core.c | 29 +++++-- drivers/usb/dwc3/dwc3-keystone.c | 4 + drivers/usb/storage/ene_ub6250.c | 11 ++- drivers/vhost/vhost.c | 3 +- drivers/video/fbdev/vfb.c | 17 ++++ fs/btrfs/extent_io.c | 2 +- fs/cifs/file.c | 2 +- fs/cifs/smb2pdu.c | 14 ++-- fs/ext4/file.c | 2 +- fs/lockd/svc.c | 6 +- fs/nfs/nfs4proc.c | 7 +- fs/nfs/nfs4state.c | 10 ++- fs/overlayfs/inode.c | 12 ++- include/linux/mlx4/qp.h | 1 + include/linux/skbuff.h | 8 +- include/net/x25.h | 4 +- kernel/events/core.c | 15 ++-- kernel/futex.c | 98 ++++++++++++++++++++-- kernel/pid.c | 4 +- net/bluetooth/hci_core.c | 17 +++- net/ceph/osdmap.c | 1 + net/core/dev.c | 4 +- net/core/neighbour.c | 14 +++- net/core/net_namespace.c | 19 +++++ net/core/skbuff.c | 65 +++++++++----- net/core/sysctl_net_core.c | 2 - net/ipv4/ah4.c | 8 +- net/ipv4/esp4.c | 12 ++- net/ipv4/ip_tunnel.c | 11 +-- net/ipv6/addrconf.c | 5 +- net/ipv6/ah6.c | 8 +- net/ipv6/esp6.c | 12 ++- net/ipv6/ip6_gre.c | 8 +- net/ipv6/ip6_output.c | 13 ++- net/ipv6/ip6_tunnel.c | 7 +- net/ipv6/ip6_vti.c | 7 +- net/ipv6/sit.c | 8 +- net/key/af_key.c | 2 +- net/l2tp/l2tp_netlink.c | 2 + net/llc/af_llc.c | 3 + net/mac80211/mlme.c | 4 + net/netfilter/nf_conntrack_netlink.c | 7 +- net/netlink/af_netlink.c | 3 + net/rxrpc/rxkad.c | 21 +++-- net/sched/act_api.c | 4 +- net/sctp/ipv6.c | 4 +- net/sctp/socket.c | 17 ++-- net/x25/af_x25.c | 24 ++++-- net/x25/sysctl_net_x25.c | 5 +- net/xfrm/xfrm_state.c | 2 + scripts/tags.sh | 1 + tools/perf/builtin-trace.c | 4 + tools/perf/tests/code-reading.c | 20 ++++- tools/perf/util/unwind-libdw.c | 8 ++ .../testing/selftests/powerpc/tm/tm-resched-dscr.c | 2 +- 121 files changed, 925 insertions(+), 314 deletions(-)

7 years, 5 months

4
123
0 0

[PATCH 10/17] media: v4l2-compat-ioctl32: prevent go past max size

by Mauro Carvalho Chehab

As warned by smatch: drivers/media/v4l2-core/v4l2-compat-ioctl32.c:879 put_v4l2_ext_controls32() warn: check for integer overflow 'count' The access_ok() logic should check for too big arrays too. Cc: stable(a)vger.kernel.org Signed-off-by: Mauro Carvalho Chehab <mchehab(a)s-opensource.com> --- drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c index 4312935f1dfc..d03a44d89649 100644 --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c +++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c @@ -871,7 +871,7 @@ static int put_v4l2_ext_controls32(struct file *file, get_user(kcontrols, &kp->controls)) return -EFAULT; - if (!count) + if (!count || count > (U32_MAX/sizeof(*ucontrols))) return 0; if (get_user(p, &up->controls)) return -EFAULT; -- 2.14.3

7 years, 5 months

1
0
0 0

[PATCH 05/17] dvb_frontend: fix locking issues at dvb_frontend_get_event()

by Mauro Carvalho Chehab

As warned by smatch: drivers/media/dvb-core/dvb_frontend.c:314 dvb_frontend_get_event() warn: inconsistent returns 'sem:&fepriv->sem'. Locked on: line 288 line 295 line 306 line 314 Unlocked on: line 303 The lock implementation for get event is wrong, as, if an interrupt occurs, down_interruptible() will fail, and the routine will call up() twice when userspace calls the ioctl again. The bad code is there since when Linux migrated to git, in 2005. Cc: stable(a)vger.kernel.org Signed-off-by: Mauro Carvalho Chehab <mchehab(a)s-opensource.com> --- drivers/media/dvb-core/dvb_frontend.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/drivers/media/dvb-core/dvb_frontend.c b/drivers/media/dvb-core/dvb_frontend.c index e33414975065..a4ada1ccf0df 100644 --- a/drivers/media/dvb-core/dvb_frontend.c +++ b/drivers/media/dvb-core/dvb_frontend.c @@ -275,8 +275,20 @@ static void dvb_frontend_add_event(struct dvb_frontend *fe, wake_up_interruptible (&events->wait_queue); } +static int dvb_frontend_test_event(struct dvb_frontend_private *fepriv, + struct dvb_fe_events *events) +{ + int ret; + + up(&fepriv->sem); + ret = events->eventw != events->eventr; + down(&fepriv->sem); + + return ret; +} + static int dvb_frontend_get_event(struct dvb_frontend *fe, - struct dvb_frontend_event *event, int flags) + struct dvb_frontend_event *event, int flags) { struct dvb_frontend_private *fepriv = fe->frontend_priv; struct dvb_fe_events *events = &fepriv->events; @@ -294,13 +306,8 @@ static int dvb_frontend_get_event(struct dvb_frontend *fe, if (flags & O_NONBLOCK) return -EWOULDBLOCK; - up(&fepriv->sem); - - ret = wait_event_interruptible (events->wait_queue, - events->eventw != events->eventr); - - if (down_interruptible (&fepriv->sem)) - return -ERESTARTSYS; + ret = wait_event_interruptible(events->wait_queue, + dvb_frontend_test_event(fepriv, events)); if (ret < 0) return ret; -- 2.14.3

7 years, 5 months

1
0
0 0

[PATCH 1/2] Revert "drm/amd/display: fix dereferencing possible ERR_PTR()"

by Harry Wentland

This reverts commit cd2d6c92a8e39d7e50a5af9fcc67d07e6a89e91d. Cc: Shirish S <shirish.s(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Signed-off-by: Harry Wentland <harry.wentland(a)amd.com> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index 3684350f5e9d..3848d6823196 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -4998,9 +4998,6 @@ static int dm_atomic_check_plane_state_fb(struct drm_atomic_state *state, return -EDEADLK; crtc_state = drm_atomic_get_crtc_state(plane_state->state, crtc); - if (IS_ERR(crtc_state)) - return PTR_ERR(crtc_state); - if (crtc->primary == plane && crtc_state->active) { if (!plane_state->fb) return -EINVAL; -- 2.17.0

7 years, 5 months

1
1
0 0

Re: [PATCH] Btrfs: fix loss of prealloc extents past i_size after fsync log replay

by Sasha Levin

Hi, [This is an automated email] This commit has been processed because it contains a "Fixes:" tag, fixing commit: c71bf099abdd Btrfs: Avoid orphan inodes cleanup while replaying log. The bot has also determined it's probably a bug fixing patch. (score: 6.2138) The bot has tested the following trees: v4.16.1, v4.15.16, v4.14.33, v4.9.93, v4.4.127. v4.16.1: Build OK! v4.15.16: Build OK! v4.14.33: Build OK! v4.9.93: Build failed! Errors: tree-log.c:2367:24: error: ‘struct btrfs_fs_info’ has no member named ‘sectorsize’ tree-log.c:2367:24: error: ‘struct btrfs_fs_info’ has no member named ‘sectorsize’ tree-log.c:4224:13: error: ‘struct inode’ has no member named ‘flags’; did you mean ‘i_flags’? tree-log.c:4229:38: error: ‘struct inode’ has no member named ‘vfs_inode’ tree-log.c:4239:4: error: implicit declaration of function ‘refcount_inc’; did you mean ‘i_readcount_inc’? [-Werror=implicit-function-declaration] v4.4.127: Failed to apply! Possible dependencies: 0132761017e0 ("btrfs: fix string and comment grammatical issues and typos") -- Thanks, Sasha

7 years, 5 months

2
1
0 0

Applied "ASoC: fsl_esai: Fix divisor calculation failure at lower ratio" to the asoc tree

by Mark Brown

The patch ASoC: fsl_esai: Fix divisor calculation failure at lower ratio has been applied to the asoc tree at https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound.git All being well this means that it will be integrated into the linux-next tree (usually sometime in the next 24 hours) and sent to Linus during the next merge window (or sooner if it is a bug fix), however if problems are discovered then the patch may be dropped or reverted. You may get further e-mails resulting from automated or manual testing and review of the tree, please engage with people reporting problems and send followup patches addressing any issues that are reported if needed. If any updates are required or you are submitting further changes they should be sent as incremental updates against current git, existing patches will not be replaced. Please add any relevant lists and maintainers to the CCs when replying to this mail. Thanks, Mark >From c656941df9bc80f7ec65b92ca73c42f8b0b62628 Mon Sep 17 00:00:00 2001 From: Nicolin Chen <nicoleotsuka(a)gmail.com> Date: Sun, 8 Apr 2018 16:57:35 -0700 Subject: [PATCH] ASoC: fsl_esai: Fix divisor calculation failure at lower ratio When the desired ratio is less than 256, the savesub (tolerance) in the calculation would become 0. This will then fail the loop- search immediately without reporting any errors. But if the ratio is smaller enough, there is no need to calculate the tolerance because PM divisor alone is enough to get the ratio. So a simple fix could be just to set PM directly instead of going into the loop-search. Reported-by: Marek Vasut <marex(a)denx.de> Signed-off-by: Nicolin Chen <nicoleotsuka(a)gmail.com> Tested-by: Marek Vasut <marex(a)denx.de> Reviewed-by: Fabio Estevam <fabio.estevam(a)nxp.com> Signed-off-by: Mark Brown <broonie(a)kernel.org> Cc: stable(a)vger.kernel.org --- sound/soc/fsl/fsl_esai.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/sound/soc/fsl/fsl_esai.c b/sound/soc/fsl/fsl_esai.c index 40a700493f4c..da8fd98c7f51 100644 --- a/sound/soc/fsl/fsl_esai.c +++ b/sound/soc/fsl/fsl_esai.c @@ -144,6 +144,13 @@ static int fsl_esai_divisor_cal(struct snd_soc_dai *dai, bool tx, u32 ratio, psr = ratio <= 256 * maxfp ? ESAI_xCCR_xPSR_BYPASS : ESAI_xCCR_xPSR_DIV8; + /* Do not loop-search if PM (1 ~ 256) alone can serve the ratio */ + if (ratio <= 256) { + pm = ratio; + fp = 1; + goto out; + } + /* Set the max fluctuation -- 0.1% of the max devisor */ savesub = (psr ? 1 : 8) * 256 * maxfp / 1000; -- 2.17.0

7 years, 5 months

1
0
0 0

Targeted B2B Companies Emails List

by annette.ryan＠myinfosession.com

Hi, Did you get a chance to review my below email? Kindly let me know your requirements and I will get back with detailed information on the same. Warm Regards, Annette Ryan

7 years, 5 months

1
0
0 0

Linux 4.14.34

by Greg KH

I'm announcing the release of the 4.14.34 kernel. All users of the 4.14 kernel series must upgrade. The updated 4.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.14.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/ls1021a.dtsi | 2 arch/arm64/crypto/Makefile | 2 arch/arm64/crypto/aes-ce-cipher.c | 281 -------------- arch/arm64/crypto/aes-ce-core.S | 87 ++++ arch/arm64/crypto/aes-ce-glue.c | 190 +++++++++ arch/x86/include/asm/microcode.h | 10 arch/x86/include/asm/processor.h | 1 arch/x86/kernel/aperture_64.c | 46 ++ arch/x86/kernel/cpu/common.c | 30 + arch/x86/kernel/cpu/microcode/amd.c | 44 +- arch/x86/kernel/cpu/microcode/core.c | 181 ++++++--- arch/x86/kernel/cpu/microcode/intel.c | 62 ++- arch/x86/xen/mmu_hvm.c | 2 block/bfq-cgroup.c | 7 block/blk-mq.c | 29 + crypto/Makefile | 1 drivers/acpi/acpi_video.c | 14 drivers/acpi/ec.c | 2 drivers/acpi/ec_sys.c | 2 drivers/acpi/internal.h | 2 drivers/bluetooth/btusb.c | 1 drivers/char/tpm/tpm-interface.c | 28 - drivers/char/tpm/tpm.h | 5 drivers/clk/clk-divider.c | 7 drivers/clk/hisilicon/clkdivider-hi6220.c | 2 drivers/clk/meson/clk-mpll.c | 2 drivers/clk/nxp/clk-lpc32xx.c | 2 drivers/clk/qcom/clk-regmap-divider.c | 2 drivers/clk/sunxi-ng/ccu-sun8i-a83t.c | 4 drivers/clk/sunxi-ng/ccu_div.c | 2 drivers/cpufreq/powernv-cpufreq.c | 37 + drivers/devfreq/devfreq.c | 3 drivers/edac/mv64x60_edac.c | 2 drivers/gpio/gpio-thunderx.c | 4 drivers/gpio/gpiolib.c | 3 drivers/gpu/drm/msm/dsi/pll/dsi_pll_14nm.c | 2 drivers/hwmon/ina2xx.c | 87 ++-- drivers/infiniband/core/cma.c | 1 drivers/infiniband/core/ucma.c | 7 drivers/infiniband/hw/i40iw/i40iw_cm.c | 5 drivers/infiniband/hw/i40iw/i40iw_ctrl.c | 6 drivers/infiniband/hw/i40iw/i40iw_d.h | 1 drivers/infiniband/hw/i40iw/i40iw_puda.c | 2 drivers/infiniband/sw/rdmavt/cq.c | 10 drivers/input/touchscreen/goodix.c | 8 drivers/irqchip/irq-gic-v3.c | 11 drivers/md/bcache/alloc.c | 19 drivers/md/bcache/request.c | 22 + drivers/md/bcache/super.c | 6 drivers/media/v4l2-core/videobuf2-core.c | 4 drivers/mmc/host/sdhci-pci-core.c | 2 drivers/mmc/host/sdhci.c | 7 drivers/mtd/tests/oobtest.c | 21 + drivers/net/bonding/bond_main.c | 73 +-- drivers/net/ethernet/chelsio/cxgb4vf/sge.c | 23 - drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 drivers/net/ethernet/hisilicon/hns3/hns3pf/hns3_enet.c | 17 drivers/net/ethernet/hisilicon/hns3/hns3pf/hns3_ethtool.c | 13 drivers/net/ethernet/ibm/ibmvnic.c | 6 drivers/net/ethernet/intel/i40evf/i40evf_main.c | 20 drivers/net/ethernet/marvell/sky2.c | 2 drivers/net/ethernet/mellanox/mlx4/en_dcb_nl.c | 77 ++- drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 33 - drivers/net/ethernet/mellanox/mlx4/en_main.c | 4 drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 7 drivers/net/ethernet/mellanox/mlx4/mlx4_en.h | 1 drivers/net/ethernet/mellanox/mlx4/resource_tracker.c | 1 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 10 drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 26 - drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 18 drivers/net/ethernet/mellanox/mlx5/core/vport.c | 33 + drivers/net/ethernet/netronome/nfp/nfpcore/nfp_nsp.c | 9 drivers/net/ethernet/realtek/r8169.c | 4 drivers/net/ppp/pptp.c | 1 drivers/net/team/team.c | 12 drivers/net/usb/lan78xx.c | 23 + drivers/net/vrf.c | 5 drivers/net/wireless/ralink/rt2x00/rt2x00mac.c | 22 - drivers/net/wireless/ti/wl1251/main.c | 3 drivers/nvme/target/fcloop.c | 47 +- drivers/pinctrl/intel/pinctrl-baytrail.c | 6 drivers/power/supply/axp288_charger.c | 13 drivers/rtc/rtc-ac100.c | 6 drivers/scsi/libiscsi.c | 24 + drivers/scsi/libsas/sas_expander.c | 4 drivers/scsi/megaraid/megaraid_sas_base.c | 2 drivers/scsi/megaraid/megaraid_sas_fp.c | 16 drivers/scsi/mpt3sas/mpt3sas_scsih.c | 28 - drivers/spi/spi-sh-msiof.c | 12 drivers/staging/lustre/lnet/libcfs/linux/linux-cpu.c | 13 drivers/target/target_core_user.c | 7 drivers/thermal/int340x_thermal/int3400_thermal.c | 10 drivers/thermal/power_allocator.c | 2 drivers/tty/n_gsm.c | 17 drivers/uio/uio_hv_generic.c | 7 drivers/vhost/net.c | 4 drivers/vhost/vhost.c | 17 drivers/video/backlight/corgi_lcd.c | 2 drivers/video/backlight/tdo24m.c | 2 drivers/video/backlight/tosa_lcd.c | 2 drivers/video/fbdev/vfb.c | 17 drivers/watchdog/dw_wdt.c | 18 fs/dcache.c | 23 - include/linux/clk-provider.h | 2 include/linux/mlx5/driver.h | 2 net/8021q/vlan_dev.c | 6 net/core/dev.c | 4 net/ipv4/arp.c | 2 net/ipv4/fib_semantics.c | 20 net/ipv4/ip_tunnel.c | 11 net/ipv6/ip6_gre.c | 8 net/ipv6/ip6_output.c | 28 + net/ipv6/ip6_tunnel.c | 11 net/ipv6/ip6_vti.c | 7 net/ipv6/route.c | 3 net/ipv6/seg6_iptunnel.c | 16 net/ipv6/sit.c | 8 net/l2tp/l2tp_netlink.c | 2 net/mac80211/cfg.c | 28 + net/mac80211/driver-ops.h | 3 net/netlink/af_netlink.c | 3 net/rds/bind.c | 1 net/sched/act_api.c | 4 net/sched/act_bpf.c | 12 net/sched/act_skbmod.c | 3 net/sched/act_tunnel_key.c | 9 net/sctp/ipv6.c | 4 net/sctp/socket.c | 13 net/strparser/strparser.c | 4 sound/soc/intel/atom/sst/sst_stream.c | 2 sound/soc/intel/boards/cht_bsw_rt5645.c | 7 sound/soc/intel/skylake/skl-messages.c | 4 sound/soc/intel/skylake/skl-pcm.c | 4 tools/objtool/check.c | 11 tools/perf/arch/powerpc/util/sym-handling.c | 8 tools/perf/builtin-record.c | 4 tools/perf/builtin-report.c | 18 tools/perf/util/evsel.c | 47 ++ tools/perf/util/probe-event.c | 28 + tools/perf/util/symbol.c | 5 tools/perf/util/symbol.h | 1 tools/perf/util/util.c | 2 tools/testing/selftests/net/msg_zerocopy.c | 21 - 144 files changed, 1662 insertions(+), 782 deletions(-) Alexander Potapenko (1): netlink: make sure nladdr has correct size in netlink_connect() Alexey Khoroshilov (1): thermal: int3400_thermal: fix error handling in int3400_thermal_probe() Andy Shevchenko (1): sdhci: Advertise 2.0v supply on SDIO host controller Ard Biesheuvel (1): crypto: arm64/aes-ce-cipher - move assembler code to .S file Arjun Vynipadath (1): cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages Arnd Bergmann (1): crypto: aes-generic - build with -Os on gcc-7+ Ashok Raj (4): x86/microcode/intel: Check microcode revision before updating sibling threads x86/microcode/intel: Writeback and invalidate caches before updating microcode x86/microcode: Do not upload microcode if CPUs are offline x86/microcode: Synchronize late microcode loading Borislav Petkov (8): x86/microcode: Propagate return value from updating functions x86/CPU: Add a microcode loader callback x86/CPU: Check CPU feature bits after microcode upgrade x86/microcode: Get rid of struct apply_microcode_ctx x86/microcode/intel: Look into the patch cache first x86/microcode: Request microcode on the BSP x86/microcode: Attempt late loading only when new microcode is present x86/microcode: Fix CPU synchronization routine Chaitra P B (1): scsi: mpt3sas: Proper handling of set/clear of "ATA command pending" flag. Christophe JAILLET (2): ASoC: Intel: sst: Fix the return value of 'sst_send_byte_stream_mrfld()' EDAC, mv64x60: Fix an error handling path Colin Ian King (1): wl1251: check return from call to wl1251_acx_arp_ip_filter Craig Dillabaugh (1): net sched actions: fix dumping which requires several messages to user space Daniel Jurgens (1): net/mlx5: Fix race for multiple RoCE enable Dave Watson (1): strparser: Fix sign of err codes David Ahern (2): net/ipv6: Fix route leaking between VRFs vrf: Fix use after free and double free in vrf_finish_output David Lebrun (1): ipv6: sr: fix seg6 encap performances with TSO enabled Davide Caratti (3): net/sched: fix NULL dereference in the error path of tcf_bpf_init() net/sched: fix NULL dereference in the error path of tunnel_key_init() net/sched: fix NULL dereference on the error path of tcf_skbmod_init() Dirk van der Merwe (1): nfp: use full 40 bits of the NSP buffer address Eran Ben Elisha (1): net/mlx4_en: Fix mixed PFC and Global pause user control requests Eric Dumazet (10): net: fix possible out-of-bound read in skb_network_protocol() pptp: remove a buggy dst release in pptp_connect() sctp: do not leak kernel memory to user space sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 net: fool proof dev_valid_name() ip_tunnel: better validate user provided tunnel names ipv6: sit: better validate user provided tunnel names ip6_gre: better validate user provided tunnel names ip6_tunnel: better validate user provided tunnel names vti6: better validate user provided tunnel names Fuyun Liang (2): net: hns3: fix for getting auto-negotiation state in hclge_get_autoneg net: hns3: fix for changing MTU Gautham R. Shenoy (1): powernv-cpufreq: Add helper to extract pstate from PMSR Geert Uytterhoeven (2): spi: sh-msiof: Fix timeout failures for TX-only DMA transfers ACPI: EC: Fix debugfs_create_*() usage Greg Kroah-Hartman (1): Linux 4.14.34 Gustavo A. R. Silva (1): PM / devfreq: Fix potential NULL pointer dereference in governor_store Hangbin Liu (2): l2tp: fix missing print session offset info vlan: also check phy_driver ts_info for vlan's real device Hans de Goede (5): ACPI / video: Default lcd_only to true on Win8-ready and newer machines ASoC: Intel: cht_bsw_rt5645: Analog Mic support pinctrl: baytrail: Enable glitch filter for GPIOs used as interrupts power: supply: axp288_charger: Properly stop work on probe-error / remove Input: goodix - disable IRQs while suspended Heiner Kallweit (1): r8169: fix setting driver_data after register_netdev Ioan Moldovan (1): Bluetooth: Add a new 04ca:3015 QCA_ROME device Jacob Keller (1): i40evf: don't rely on netif_running() outside rtnl_lock() James Smart (2): nvme_fcloop: disassocate local port structs nvme_fcloop: fix abort race condition Jason Wang (3): vhost: correctly remove wait queue during poll failure vhost: validate log when IOTLB is enabled vhost_net: add missing lock nesting notation Jason Yan (2): scsi: libsas: fix memory leak in sas_smp_get_phy_events() scsi: libsas: fix error when getting phy events Javier Martinez Canillas (1): tpm: return a TPM_RC_COMMAND_CODE response if command is not implemented Jeff Barnhill (1): net/ipv6: Increment OUTxxx counters after netfilter hook Jernej Škrabec (1): clk: sunxi-ng: a83t: Add M divider to TCON1 clock Jerome Brunet (1): clk: divider: fix incorrect usage of container_of Jian Shen (3): net: hns3: Fix an error of total drop packet statistics net: hns3: Fix a loop index error of tqp statistics query net: hns3: Fix an error macro definition of HNS3_TQP_STAT Jianbo Liu (2): net/mlx5e: Fix memory usage issues in offloading TC flows net/mlx5e: Don't override vport admin link state in switchdev mode Jin Yao (1): perf report: Fix a no annotate browser displayed issue Jiri Bohac (1): x86/gart: Exclude GART aperture from vmcore Jiri Olsa (1): perf tools: Fix copyfile_offset update of output offset Josh Poimboeuf (1): objtool: Add Clang support Kai-Heng Feng (1): sky2: Increase D3 delay to sky2 stops working after suspend Leon Romanovsky (1): RDMA/cma: Mark end of CMA ID messages Linus Walleij (1): gpio: label descriptors using the device name Maciej Purski (1): hwmon: (ina2xx) Make calibration register value fixed Martin Blumenstingl (1): clk: meson: mpll: use 64-bit maths in params_from_rate Masami Hiramatsu (2): perf probe: Find versioned symbols from map perf probe: Add warning message if there is unexpected event name Mauro Carvalho Chehab (1): media: videobuf2-core: don't go out of the buffer range Mengting Zhang (1): perf evsel: Enable ignore_missing_thread for pid option Miguel Fadon Perlines (1): arp: fix arp_filter on l3slave devices Mike Christie (1): tcmu: release blocks for partially setup cmds Mike Marciniszyn (1): IB/rdmavt: Allocate CQ memory on the correct node Ming Lei (3): blk-mq: avoid to map CPU into stale hw queue blk-mq: fix race between updating nr_hw_queues and switching io sched blk-mq: fix kernel oops in blk_mq_tag_idle() Miquel Raynal (1): mtd: mtd_oobtest: Handle bitflips during reads Moni Shoua (1): net/mlx4_en: Change default QoS settings Moshe Shemesh (1): net/mlx4_core: Fix memory leak while delete slave's resources Nathan Fontenot (1): ibmvnic: Don't handle RX interrupts when not up. NeilBrown (2): VFS: close race between getcwd() and d_move() staging: lustre: disable preempt while sampling processor id. Oleksij Rempel (1): watchdog: dw_wdt: add stop watchdog operation Or Gerlitz (1): net/mlx5e: Avoid using the ipv6 stub in the TC offload neigh update path Paolo Abeni (1): ipv6: the entire IPv6 header chain must fit the first fragment Paolo Valente (1): block, bfq: put async queues for root bfq groups too Parav Pandit (1): RDMA/cma: Fix rdma_cm path querying for RoCE Pardha Saradhi K (1): ASoC: Intel: Skylake: Disable clock gating during firmware and library download Peng Li (1): net: hns3: free the ring_data structrue when change tqps Peter Große (1): mac80211: Fix setting TX power on monitor interfaces Pieter \"PoroCYon\" Sluys (1): vfb: fix video mode and line_length being set when loaded Rafael David Tinoco (1): scsi: libiscsi: Allow sd_shutdown on bad transport Raghuram Chary J (1): lan78xx: Crash in lan78xx_writ_reg (Workqueue: events lan78xx_deferred_multicast_write) Rasmus Villemoes (1): ARM: dts: ls1021a: add "fsl,ls1021a-esdhc" compatible string to esdhc node Robert Jarzmik (1): backlight: tdo24m: Fix the SPI CS between transfers Roi Dayan (1): net/mlx5e: Fix traffic being dropped on VF representor Rui Hua (1): bcache: ret IOERR when read meets metadata error Shahar Klein (1): net/mlx5e: Sync netdev vxlan ports at open Shanker Donthineni (1): irqchip/gic-v3: Fix the driver probe() fail due to disabled GICC entry Shiraz Saleem (2): i40iw: Fix sequence number for the first partial FPDU i40iw: Correct Q1/XF object count equation Shivasharan S (2): scsi: megaraid_sas: Error handling for invalid ldcount provided by firmware in RAID map scsi: megaraid_sas: unload flag should be set after scsi_remove_host is called Sowmini Varadhan (2): rds; Reset rs->rs_bound_addr in rds_add_bound() failure path selftests/net: fix bugs in address and port initialization Stanislaw Gruszka (1): rt2x00: do not pause queue unconditionally on error path Stephen Hemminger (1): uio_hv_generic: check that host supports monitor page Tang Junhui (2): bcache: stop writeback thread after detaching bcache: segregate flash only volume write streams Tatyana Nikolova (1): i40iw: Validate correct IRD/ORD connection parameters Tobias Brunner (1): ipv6: Reinject IPv6 packets if IPsec policy matches after SNAT Tony Lindgren (1): tty: n_gsm: Allow ADM response in addition to UA for control dlci Wei Yongjun (1): gpio: thunderx: fix error return code in thunderx_gpio_probe() Xin Long (5): bonding: fix the err path for dev hwaddr sync in bond_enslave bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave bonding: process the err returned by dev_set_allmulti properly in bond_enslave route: check sysctl_fib_multipath_use_neigh earlier than hash team: move dev_mc_sync after master_upper_dev_link in team_port_add Yi Zeng (1): thermal: power_allocator: fix one race condition issue for thermal_instances list chenxiang (1): scsi: libsas: initialize sas_phy status according to response of DISCOVER

7 years, 5 months

1
1
0 0

Linux 4.15.17

by Greg KH

I'm announcing the release of the 4.15.17 kernel. All users of the 4.15 kernel series must upgrade. The updated 4.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.15.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/boot/dts/ls1021a.dtsi | 2 arch/arm64/mm/context.c | 19 - arch/x86/include/asm/microcode.h | 10 arch/x86/include/asm/processor.h | 1 arch/x86/kernel/aperture_64.c | 46 +++ arch/x86/kernel/cpu/common.c | 30 ++ arch/x86/kernel/cpu/microcode/amd.c | 44 ++- arch/x86/kernel/cpu/microcode/core.c | 181 ++++++++++---- arch/x86/kernel/cpu/microcode/intel.c | 62 +++- arch/x86/xen/mmu_hvm.c | 2 block/bfq-cgroup.c | 7 block/blk-mq.c | 29 ++ crypto/Makefile | 1 drivers/acpi/acpi_video.c | 14 - drivers/acpi/ec.c | 2 drivers/acpi/ec_sys.c | 2 drivers/acpi/internal.h | 2 drivers/base/power/domain.c | 30 +- drivers/bluetooth/btusb.c | 1 drivers/bluetooth/hci_bcm.c | 25 - drivers/char/tpm/tpm-interface.c | 28 +- drivers/char/tpm/tpm.h | 5 drivers/clk/clk-divider.c | 7 drivers/clk/hisilicon/clkdivider-hi6220.c | 2 drivers/clk/meson/clk-mpll.c | 2 drivers/clk/nxp/clk-lpc32xx.c | 2 drivers/clk/qcom/clk-regmap-divider.c | 2 drivers/clk/sunxi-ng/ccu-sun8i-a83t.c | 4 drivers/clk/sunxi-ng/ccu_div.c | 2 drivers/cpufreq/powernv-cpufreq.c | 37 +- drivers/crypto/amcc/crypto4xx_alg.c | 6 drivers/crypto/amcc/crypto4xx_core.c | 54 ++-- drivers/devfreq/devfreq.c | 3 drivers/edac/mv64x60_edac.c | 2 drivers/gpio/gpio-thunderx.c | 4 drivers/gpio/gpiolib.c | 6 drivers/gpu/drm/amd/powerplay/smumgr/smu7_smumgr.c | 6 drivers/gpu/drm/i915/intel_bios.c | 12 drivers/gpu/drm/msm/adreno/adreno_device.c | 7 drivers/gpu/drm/msm/dsi/pll/dsi_pll_14nm.c | 2 drivers/hwmon/ina2xx.c | 87 +++--- drivers/infiniband/core/cma.c | 1 drivers/infiniband/core/ucma.c | 7 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 27 +- drivers/infiniband/hw/i40iw/i40iw_cm.c | 5 drivers/infiniband/hw/i40iw/i40iw_ctrl.c | 6 drivers/infiniband/hw/i40iw/i40iw_d.h | 1 drivers/infiniband/hw/i40iw/i40iw_puda.c | 2 drivers/infiniband/hw/mlx5/main.c | 3 drivers/infiniband/sw/rdmavt/cq.c | 10 drivers/infiniband/ulp/ipoib/ipoib_cm.c | 10 drivers/infiniband/ulp/ipoib/ipoib_ib.c | 2 drivers/input/touchscreen/goodix.c | 8 drivers/irqchip/irq-gic-v3.c | 11 drivers/irqchip/irq-ompic.c | 4 drivers/md/bcache/alloc.c | 19 + drivers/md/bcache/request.c | 22 + drivers/md/bcache/super.c | 6 drivers/media/v4l2-core/videobuf2-core.c | 4 drivers/mmc/host/sdhci-pci-core.c | 2 drivers/mmc/host/sdhci.c | 7 drivers/mtd/tests/oobtest.c | 21 + drivers/net/bonding/bond_main.c | 73 ++--- drivers/net/ethernet/chelsio/cxgb4vf/sge.c | 23 + drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mdio.c | 1 drivers/net/ethernet/hisilicon/hns3/hns3pf/hns3_enet.c | 17 + drivers/net/ethernet/hisilicon/hns3/hns3pf/hns3_ethtool.c | 13 - drivers/net/ethernet/ibm/ibmvnic.c | 6 drivers/net/ethernet/intel/i40evf/i40evf_main.c | 20 + drivers/net/ethernet/marvell/sky2.c | 2 drivers/net/ethernet/mellanox/mlx4/en_dcb_nl.c | 77 +++-- drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 33 +- drivers/net/ethernet/mellanox/mlx4/en_main.c | 4 drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 7 drivers/net/ethernet/mellanox/mlx4/mlx4_en.h | 1 drivers/net/ethernet/mellanox/mlx4/resource_tracker.c | 1 drivers/net/ethernet/mellanox/mlx5/core/en_ethtool.c | 17 + drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 17 - drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 26 +- drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 7 drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 18 - drivers/net/ethernet/mellanox/mlx5/core/vport.c | 33 ++ drivers/net/ethernet/netronome/nfp/nfpcore/nfp_nsp.c | 9 drivers/net/ethernet/realtek/r8169.c | 4 drivers/net/ppp/pptp.c | 1 drivers/net/team/team.c | 12 drivers/net/usb/lan78xx.c | 23 + drivers/net/vrf.c | 5 drivers/net/wireless/ralink/rt2x00/rt2x00mac.c | 22 + drivers/net/wireless/ti/wl1251/main.c | 3 drivers/nvme/host/fabrics.c | 15 - drivers/nvme/host/fabrics.h | 2 drivers/nvme/host/fc.c | 1 drivers/nvme/host/rdma.c | 1 drivers/nvme/target/fcloop.c | 47 ++- drivers/nvme/target/loop.c | 1 drivers/pinctrl/intel/pinctrl-baytrail.c | 6 drivers/power/supply/axp288_charger.c | 13 + drivers/rtc/rtc-ac100.c | 6 drivers/scsi/libiscsi.c | 24 + drivers/scsi/libsas/sas_event.c | 74 ++++- drivers/scsi/libsas/sas_expander.c | 4 drivers/scsi/libsas/sas_init.c | 27 +- drivers/scsi/libsas/sas_internal.h | 6 drivers/scsi/libsas/sas_phy.c | 44 --- drivers/scsi/libsas/sas_port.c | 18 - drivers/scsi/megaraid/megaraid_sas_base.c | 2 drivers/scsi/megaraid/megaraid_sas_fp.c | 16 - drivers/scsi/mpt3sas/mpt3sas_scsih.c | 28 +- drivers/spi/spi-sh-msiof.c | 12 drivers/staging/lustre/lnet/libcfs/linux/linux-cpu.c | 13 - drivers/target/target_core_user.c | 7 drivers/thermal/hisi_thermal.c | 2 drivers/thermal/int340x_thermal/int3400_thermal.c | 10 drivers/thermal/power_allocator.c | 2 drivers/tty/n_gsm.c | 17 + drivers/tty/serdev/core.c | 5 drivers/uio/uio_hv_generic.c | 7 drivers/vhost/net.c | 4 drivers/vhost/vhost.c | 17 - drivers/video/backlight/corgi_lcd.c | 2 drivers/video/backlight/tdo24m.c | 2 drivers/video/backlight/tosa_lcd.c | 2 drivers/video/fbdev/vfb.c | 17 + drivers/watchdog/dw_wdt.c | 18 + fs/dcache.c | 23 + fs/f2fs/file.c | 20 - include/linux/clk-provider.h | 2 include/linux/mlx5/driver.h | 2 include/linux/netdevice.h | 4 include/scsi/libsas.h | 17 - include/uapi/rdma/mlx5-abi.h | 2 net/8021q/vlan_dev.c | 6 net/core/dev.c | 4 net/dsa/dsa_priv.h | 8 net/ipv4/arp.c | 2 net/ipv4/fib_semantics.c | 20 - net/ipv4/ip_tunnel.c | 11 net/ipv6/ip6_gre.c | 8 net/ipv6/ip6_output.c | 28 +- net/ipv6/ip6_tunnel.c | 11 net/ipv6/ip6_vti.c | 7 net/ipv6/route.c | 3 net/ipv6/seg6_iptunnel.c | 16 - net/ipv6/sit.c | 8 net/l2tp/l2tp_netlink.c | 2 net/mac80211/cfg.c | 28 ++ net/mac80211/driver-ops.h | 3 net/netlink/af_netlink.c | 3 net/rds/bind.c | 1 net/sched/act_api.c | 4 net/sched/act_bpf.c | 12 net/sched/act_sample.c | 3 net/sched/act_skbmod.c | 3 net/sched/act_tunnel_key.c | 9 net/sched/act_vlan.c | 3 net/sched/cls_u32.c | 1 net/sched/sch_red.c | 26 +- net/sctp/ipv6.c | 4 net/sctp/socket.c | 13 - net/strparser/strparser.c | 4 sound/soc/intel/atom/sst/sst_stream.c | 2 sound/soc/intel/boards/cht_bsw_rt5645.c | 7 sound/soc/intel/skylake/skl-messages.c | 4 sound/soc/intel/skylake/skl-pcm.c | 4 tools/perf/arch/powerpc/util/sym-handling.c | 8 tools/perf/builtin-record.c | 4 tools/perf/builtin-report.c | 18 + tools/perf/util/evsel.c | 67 ++++- tools/perf/util/probe-event.c | 28 ++ tools/perf/util/python-ext-sources | 1 tools/perf/util/symbol.c | 5 tools/perf/util/symbol.h | 1 tools/perf/util/util.c | 2 tools/testing/selftests/net/msg_zerocopy.c | 21 + 177 files changed, 1710 insertions(+), 704 deletions(-) Alex Estrin (1): IB/ipoib: Fix for notify send CQ failure messages Alexander Potapenko (1): netlink: make sure nladdr has correct size in netlink_connect() Alexey Khoroshilov (1): thermal: int3400_thermal: fix error handling in int3400_thermal_probe() Andrew Lunn (1): net: dsa: Discard frames from unused ports Andy Shevchenko (1): sdhci: Advertise 2.0v supply on SDIO host controller Archit Taneja (1): drm/msm: Fix NULL deref in adreno_load_gpu Arjun Vynipadath (1): cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages Arnd Bergmann (1): crypto: aes-generic - build with -Os on gcc-7+ Ashok Raj (4): x86/microcode/intel: Check microcode revision before updating sibling threads x86/microcode/intel: Writeback and invalidate caches before updating microcode x86/microcode: Do not upload microcode if CPUs are offline x86/microcode: Synchronize late microcode loading Borislav Petkov (8): x86/microcode: Propagate return value from updating functions x86/CPU: Add a microcode loader callback x86/CPU: Check CPU feature bits after microcode upgrade x86/microcode: Get rid of struct apply_microcode_ctx x86/microcode/intel: Look into the patch cache first x86/microcode: Request microcode on the BSP x86/microcode: Attempt late loading only when new microcode is present x86/microcode: Fix CPU synchronization routine Catalin Marinas (1): arm64: asid: Do not replace active_asids if already 0 Chaitra P B (1): scsi: mpt3sas: Proper handling of set/clear of "ATA command pending" flag. Chao Yu (1): f2fs: fix lock dependency in between dio_rwsem & i_mmap_sem Christian Lamparter (1): crypto: crypto4xx - perform aead icv check in the driver Christoph Hellwig (1): nvme-fabrics: don't check for non-NULL module in nvmf_register_transport Christophe JAILLET (2): ASoC: Intel: sst: Fix the return value of 'sst_send_byte_stream_mrfld()' EDAC, mv64x60: Fix an error handling path Colin Ian King (1): wl1251: check return from call to wl1251_acx_arp_ip_filter Cong Wang (1): net_sched: fix a missing idr_remove() in u32_delete_key() Craig Dillabaugh (1): net sched actions: fix dumping which requires several messages to user space Daniel Jurgens (1): net/mlx5: Fix race for multiple RoCE enable Dave Watson (1): strparser: Fix sign of err codes David Ahern (2): net/ipv6: Fix route leaking between VRFs vrf: Fix use after free and double free in vrf_finish_output David Lebrun (1): ipv6: sr: fix seg6 encap performances with TSO enabled Davide Caratti (5): net/sched: fix NULL dereference in the error path of tcf_bpf_init() net/sched: fix NULL dereference in the error path of tcf_vlan_init() net/sched: fix NULL dereference in the error path of tcf_sample_init() net/sched: fix NULL dereference in the error path of tunnel_key_init() net/sched: fix NULL dereference on the error path of tcf_skbmod_init() Dirk van der Merwe (1): nfp: use full 40 bits of the NSP buffer address Eran Ben Elisha (1): net/mlx4_en: Fix mixed PFC and Global pause user control requests Eric Dumazet (10): net: fix possible out-of-bound read in skb_network_protocol() pptp: remove a buggy dst release in pptp_connect() sctp: do not leak kernel memory to user space sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 net: fool proof dev_valid_name() ip_tunnel: better validate user provided tunnel names ipv6: sit: better validate user provided tunnel names ip6_gre: better validate user provided tunnel names ip6_tunnel: better validate user provided tunnel names vti6: better validate user provided tunnel names Feras Daoud (1): net/mlx5e: IPoIB, Use correct timestamp in child receive flow Fuyun Liang (3): net: hns3: fix for getting auto-negotiation state in hclge_get_autoneg net: hns3: add Asym Pause support to phy default features net: hns3: fix for changing MTU Gal Pressman (1): net: Fix netdev_WARN_ONCE macro Gautham R. Shenoy (1): powernv-cpufreq: Add helper to extract pstate from PMSR Geert Uytterhoeven (3): thermal/drivers/hisi: Remove bogus const from function return type spi: sh-msiof: Fix timeout failures for TX-only DMA transfers ACPI: EC: Fix debugfs_create_*() usage Greg Kroah-Hartman (1): Linux 4.15.17 Gustavo A. R. Silva (1): PM / devfreq: Fix potential NULL pointer dereference in governor_store Hangbin Liu (2): l2tp: fix missing print session offset info vlan: also check phy_driver ts_info for vlan's real device Hans de Goede (6): ACPI / video: Default lcd_only to true on Win8-ready and newer machines ASoC: Intel: cht_bsw_rt5645: Analog Mic support pinctrl: baytrail: Enable glitch filter for GPIOs used as interrupts power: supply: axp288_charger: Properly stop work on probe-error / remove serdev: Fix serdev_uevent failure on ACPI enumerated serdev-controllers Input: goodix - disable IRQs while suspended Heiner Kallweit (1): r8169: fix setting driver_data after register_netdev Ioan Moldovan (1): Bluetooth: Add a new 04ca:3015 QCA_ROME device Jacob Keller (1): i40evf: don't rely on netif_running() outside rtnl_lock() James Smart (2): nvme_fcloop: disassocate local port structs nvme_fcloop: fix abort race condition Jason Wang (3): vhost: correctly remove wait queue during poll failure vhost: validate log when IOTLB is enabled vhost_net: add missing lock nesting notation Jason Yan (3): scsi: libsas: Use dynamic alloced work to avoid sas event lost scsi: libsas: fix memory leak in sas_smp_get_phy_events() scsi: libsas: fix error when getting phy events Javier Martinez Canillas (1): tpm: return a TPM_RC_COMMAND_CODE response if command is not implemented Jeff Barnhill (1): net/ipv6: Increment OUTxxx counters after netfilter hook Jernej Škrabec (1): clk: sunxi-ng: a83t: Add M divider to TCON1 clock Jerome Brunet (1): clk: divider: fix incorrect usage of container_of Jian Shen (3): net: hns3: Fix an error of total drop packet statistics net: hns3: Fix a loop index error of tqp statistics query net: hns3: Fix an error macro definition of HNS3_TQP_STAT Jianbo Liu (2): net/mlx5e: Fix memory usage issues in offloading TC flows net/mlx5e: Don't override vport admin link state in switchdev mode Jin Yao (1): perf report: Fix a no annotate browser displayed issue Jiri Bohac (1): x86/gart: Exclude GART aperture from vmcore Jiri Olsa (2): perf evsel: Fix swap for samples with raw data perf tools: Fix copyfile_offset update of output offset Kai-Heng Feng (1): sky2: Increase D3 delay to sky2 stops working after suspend Leon Romanovsky (1): RDMA/cma: Mark end of CMA ID messages Linus Walleij (1): gpio: label descriptors using the device name Lukas Wunner (1): Bluetooth: hci_bcm: Mandate presence of shutdown and device wake GPIO Maciej Purski (1): hwmon: (ina2xx) Make calibration register value fixed Maor Gottlieb (1): IB/mlx5: Report inner RSS capability Martin Blumenstingl (1): clk: meson: mpll: use 64-bit maths in params_from_rate Masami Hiramatsu (2): perf probe: Find versioned symbols from map perf probe: Add warning message if there is unexpected event name Mauro Carvalho Chehab (1): media: videobuf2-core: don't go out of the buffer range Mengting Zhang (1): perf evsel: Enable ignore_missing_thread for pid option Miguel Fadon Perlines (1): arp: fix arp_filter on l3slave devices Mike Christie (1): tcmu: release blocks for partially setup cmds Mike Marciniszyn (1): IB/rdmavt: Allocate CQ memory on the correct node Ming Lei (3): blk-mq: avoid to map CPU into stale hw queue blk-mq: fix race between updating nr_hw_queues and switching io sched blk-mq: fix kernel oops in blk_mq_tag_idle() Miquel Raynal (1): mtd: mtd_oobtest: Handle bitflips during reads Moni Shoua (1): net/mlx4_en: Change default QoS settings Moshe Shemesh (2): net/mlx5e: Verify coalescing parameters in range net/mlx4_core: Fix memory leak while delete slave's resources Nathan Fontenot (1): ibmvnic: Don't handle RX interrupts when not up. NeilBrown (2): VFS: close race between getcwd() and d_move() staging: lustre: disable preempt while sampling processor id. Nogah Frankel (1): net_sch: red: Fix the new offload indication Oleksij Rempel (1): watchdog: dw_wdt: add stop watchdog operation Or Gerlitz (1): net/mlx5e: Avoid using the ipv6 stub in the TC offload neigh update path Paolo Abeni (1): ipv6: the entire IPv6 header chain must fit the first fragment Paolo Valente (1): block, bfq: put async queues for root bfq groups too Parav Pandit (1): RDMA/cma: Fix rdma_cm path querying for RoCE Pardha Saradhi K (1): ASoC: Intel: Skylake: Disable clock gating during firmware and library download Peng Li (1): net: hns3: free the ring_data structrue when change tqps Peter Große (1): mac80211: Fix setting TX power on monitor interfaces Pieter \"PoroCYon\" Sluys (1): vfb: fix video mode and line_length being set when loaded Rafael David Tinoco (1): scsi: libiscsi: Allow sd_shutdown on bad transport Raghuram Chary J (1): lan78xx: Crash in lan78xx_writ_reg (Workqueue: events lan78xx_deferred_multicast_write) Rasmus Villemoes (1): ARM: dts: ls1021a: add "fsl,ls1021a-esdhc" compatible string to esdhc node Robert Jarzmik (1): backlight: tdo24m: Fix the SPI CS between transfers Rodrigo Vivi (2): drm/i915/cnp: Ignore VBT request for know invalid DDC pin. drm/i915/cnp: Properly handle VBT ddc pin out of bounds. Roi Dayan (1): net/mlx5e: Fix traffic being dropped on VF representor Ronald Tschalär (1): Bluetooth: hci_bcm: Validate IRQ before using it Roy Shterman (1): nvme-fabrics: protect against module unload during create_ctrl Rui Hua (1): bcache: ret IOERR when read meets metadata error Shahar Klein (1): net/mlx5e: Sync netdev vxlan ports at open Shanker Donthineni (1): irqchip/gic-v3: Fix the driver probe() fail due to disabled GICC entry Shiraz Saleem (2): i40iw: Fix sequence number for the first partial FPDU i40iw: Correct Q1/XF object count equation Shivasharan S (2): scsi: megaraid_sas: Error handling for invalid ldcount provided by firmware in RAID map scsi: megaraid_sas: unload flag should be set after scsi_remove_host is called Sowmini Varadhan (2): rds; Reset rs->rs_bound_addr in rds_add_bound() failure path selftests/net: fix bugs in address and port initialization Stanislaw Gruszka (1): rt2x00: do not pause queue unconditionally on error path Stefan Wahren (1): Bluetooth: hci_bcm: Make shutdown and device wake GPIO optional Stephen Hemminger (1): uio_hv_generic: check that host supports monitor page Tal Gilboa (1): net/mlx5e: Set EQE based as default TX interrupt moderation mode Tang Junhui (2): bcache: stop writeback thread after detaching bcache: segregate flash only volume write streams Tatyana Nikolova (1): i40iw: Validate correct IRD/ORD connection parameters Tobias Brunner (1): ipv6: Reinject IPv6 packets if IPsec policy matches after SNAT Tony Lindgren (1): tty: n_gsm: Allow ADM response in addition to UA for control dlci Ulf Hansson (1): PM / domains: Don't skip driver's ->suspend|resume_noirq() callbacks Vladimir Zapolskiy (1): gpiolib: don't dereference a desc before validation Wei Yongjun (2): irqchip/ompic: fix return value check in ompic_of_init() gpio: thunderx: fix error return code in thunderx_gpio_probe() Xin Long (5): bonding: fix the err path for dev hwaddr sync in bond_enslave bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave bonding: process the err returned by dev_set_allmulti properly in bond_enslave route: check sysctl_fib_multipath_use_neigh earlier than hash team: move dev_mc_sync after master_upper_dev_link in team_port_add Yi Zeng (1): thermal: power_allocator: fix one race condition issue for thermal_instances list Yintian Tao (1): drm/amd/powerplay: fix memory leakage when reload (v2) chenxiang (1): scsi: libsas: initialize sas_phy status according to response of DISCOVER oulijun (1): RDMA/hns: Update the usage of sr_max and rr_max field

7 years, 5 months

1
1
0 0

Linux 4.16.2

by Greg KH

I'm announcing the release of the 4.16.2 kernel. All users of the 4.16 kernel series must upgrade. The updated 4.16.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.16.y and can be browsed at the normal kernel.org git web browser: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 +- drivers/net/ethernet/marvell/sky2.c | 2 +- drivers/net/ethernet/netronome/nfp/nfpcore/nfp_nsp.c | 9 +++++---- drivers/net/ppp/pptp.c | 1 - drivers/sbus/char/Kconfig | 3 ++- net/8021q/vlan_dev.c | 6 +++++- net/core/dev.c | 2 +- net/dsa/dsa_priv.h | 8 +++++++- net/ipv4/arp.c | 2 +- net/ipv4/ip_tunnel.c | 11 ++++++----- net/ipv6/ip6_gre.c | 8 +++++--- net/ipv6/ip6_output.c | 7 +++++-- net/ipv6/ip6_tunnel.c | 11 +++++++---- net/ipv6/ip6_vti.c | 7 +++++-- net/ipv6/sit.c | 8 +++++--- net/sched/act_bpf.c | 12 ++++++++---- net/sched/cls_u32.c | 1 + net/sctp/ipv6.c | 4 +++- net/sctp/socket.c | 13 ++++++++----- 19 files changed, 76 insertions(+), 41 deletions(-) Andrew Lunn (1): net: dsa: Discard frames from unused ports Cong Wang (1): net_sched: fix a missing idr_remove() in u32_delete_key() Davide Caratti (1): net/sched: fix NULL dereference in the error path of tcf_bpf_init() Dirk van der Merwe (1): nfp: use full 40 bits of the NSP buffer address Eric Dumazet (9): pptp: remove a buggy dst release in pptp_connect() sctp: do not leak kernel memory to user space sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 net: fool proof dev_valid_name() ip_tunnel: better validate user provided tunnel names ipv6: sit: better validate user provided tunnel names ip6_gre: better validate user provided tunnel names ip6_tunnel: better validate user provided tunnel names vti6: better validate user provided tunnel names Greg Kroah-Hartman (1): Linux 4.16.2 Guenter Roeck (1): sparc64: Oracle DAX driver depends on SPARC64 Hangbin Liu (1): vlan: also check phy_driver ts_info for vlan's real device Jeff Barnhill (1): net/ipv6: Increment OUTxxx counters after netfilter hook Kai-Heng Feng (1): sky2: Increase D3 delay to sky2 stops working after suspend Miguel Fadon Perlines (1): arp: fix arp_filter on l3slave devices

7 years, 5 months

1
1
0 0

[PATCH 4.16 00/18] 4.16.2-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.16.2 release. There are 18 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Apr 12 21:27:41 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.16.2-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.16.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.16.2-rc1 Dirk van der Merwe <dirk.vandermerwe(a)netronome.com> nfp: use full 40 bits of the NSP buffer address Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: fix a missing idr_remove() in u32_delete_key() Eric Dumazet <edumazet(a)google.com> vti6: better validate user provided tunnel names Eric Dumazet <edumazet(a)google.com> ip6_tunnel: better validate user provided tunnel names Eric Dumazet <edumazet(a)google.com> ip6_gre: better validate user provided tunnel names Eric Dumazet <edumazet(a)google.com> ipv6: sit: better validate user provided tunnel names Eric Dumazet <edumazet(a)google.com> ip_tunnel: better validate user provided tunnel names Eric Dumazet <edumazet(a)google.com> net: fool proof dev_valid_name() Hangbin Liu <liuhangbin(a)gmail.com> vlan: also check phy_driver ts_info for vlan's real device Kai-Heng Feng <kai.heng.feng(a)canonical.com> sky2: Increase D3 delay to sky2 stops working after suspend Eric Dumazet <edumazet(a)google.com> sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 Eric Dumazet <edumazet(a)google.com> sctp: do not leak kernel memory to user space Eric Dumazet <edumazet(a)google.com> pptp: remove a buggy dst release in pptp_connect() Davide Caratti <dcaratti(a)redhat.com> net/sched: fix NULL dereference in the error path of tcf_bpf_init() Jeff Barnhill <0xeffeff(a)gmail.com> net/ipv6: Increment OUTxxx counters after netfilter hook Andrew Lunn <andrew(a)lunn.ch> net: dsa: Discard frames from unused ports Miguel Fadon Perlines <mfadon(a)teldat.com> arp: fix arp_filter on l3slave devices Guenter Roeck <linux(a)roeck-us.net> sparc64: Oracle DAX driver depends on SPARC64 ------------- Diffstat: Makefile | 4 ++-- drivers/net/ethernet/marvell/sky2.c | 2 +- drivers/net/ethernet/netronome/nfp/nfpcore/nfp_nsp.c | 9 +++++---- drivers/net/ppp/pptp.c | 1 - drivers/sbus/char/Kconfig | 3 ++- net/8021q/vlan_dev.c | 6 +++++- net/core/dev.c | 2 +- net/dsa/dsa_priv.h | 8 +++++++- net/ipv4/arp.c | 2 +- net/ipv4/ip_tunnel.c | 11 ++++++----- net/ipv6/ip6_gre.c | 8 +++++--- net/ipv6/ip6_output.c | 7 +++++-- net/ipv6/ip6_tunnel.c | 11 +++++++---- net/ipv6/ip6_vti.c | 7 +++++-- net/ipv6/sit.c | 8 +++++--- net/sched/act_bpf.c | 12 ++++++++---- net/sched/cls_u32.c | 1 + net/sctp/ipv6.c | 4 +++- net/sctp/socket.c | 13 ++++++++----- 19 files changed, 77 insertions(+), 42 deletions(-)

7 years, 5 months

4
24
0 0

[PATCH] ASoC: dmic: Fix clock parenting

by Peter Ujfalusi

From: Tero Kristo <t-kristo(a)ti.com> In 4.16 the clock hierarchy got changed by a5c82a09d876 ARM: dts: omap4: add clkctrl nodes The fck of dmic is no longer a mux clock, it's parent is. Signed-off-by: Tero Kristo <t-kristo(a)ti.com> Signed-off-by: Peter Ujfalusi <peter.ujfalusi(a)ti.com> Cc: stable(a)vger.kernel.org # 4.16+ --- Mark, can you apply this for 4.17 as DMIC got broken already in 4.16. Regards, Peter sound/soc/omap/omap-dmic.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/sound/soc/omap/omap-dmic.c b/sound/soc/omap/omap-dmic.c index c7101d851213..51dd7c65096b 100644 --- a/sound/soc/omap/omap-dmic.c +++ b/sound/soc/omap/omap-dmic.c @@ -281,7 +281,7 @@ static int omap_dmic_dai_trigger(struct snd_pcm_substream *substream, static int omap_dmic_select_fclk(struct omap_dmic *dmic, int clk_id, unsigned int freq) { - struct clk *parent_clk; + struct clk *parent_clk, *mux; char *parent_clk_name; int ret = 0; @@ -329,14 +329,21 @@ static int omap_dmic_select_fclk(struct omap_dmic *dmic, int clk_id, return -ENODEV; } + mux = clk_get_parent(dmic->fclk); + if (IS_ERR(mux)) { + dev_err(dmic->dev, "can't get fck mux parent\n"); + clk_put(parent_clk); + return -ENODEV; + } + mutex_lock(&dmic->mutex); if (dmic->active) { /* disable clock while reparenting */ pm_runtime_put_sync(dmic->dev); - ret = clk_set_parent(dmic->fclk, parent_clk); + ret = clk_set_parent(mux, parent_clk); pm_runtime_get_sync(dmic->dev); } else { - ret = clk_set_parent(dmic->fclk, parent_clk); + ret = clk_set_parent(mux, parent_clk); } mutex_unlock(&dmic->mutex); @@ -349,6 +356,7 @@ static int omap_dmic_select_fclk(struct omap_dmic *dmic, int clk_id, dmic->fclk_freq = freq; err_busy: + clk_put(mux); clk_put(parent_clk); return ret; -- Peter Texas Instruments Finland Oy, Porkkalankatu 22, 00180 Helsinki. Y-tunnus/Business ID: 0615521-4. Kotipaikka/Domicile: Helsinki

7 years, 5 months

2
1
0 0

v3.18.104 build: 10 failures 1 warnings (v3.18.104)

by Build bot for Mark Brown

Tree/Branch: v3.18.104 Git describe: v3.18.104 Commit: fb625ba702 Linux 3.18.104 Build Time: 0 min 14 sec Passed: 0 / 10 ( 0.00 %) Failed: 10 / 10 (100.00 %) Errors: 0 Warnings: 1 Section Mismatches: 0 Failed defconfigs: x86_64-allnoconfig arm-allnoconfig arm64-defconfig Errors: ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 1 warnings 0 mismatches : x86_64-allnoconfig 1 warnings 0 mismatches : arm-allnoconfig 1 warnings 0 mismatches : arm64-defconfig ------------------------------------------------------------------------------- Warnings Summary: 1 3 include/config/auto.conf:4559:warning: override: TICK_CPU_ACCOUNTING changes choice state =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- x86_64-allnoconfig : FAIL, 0 errors, 1 warnings, 0 section mismatches Warnings: include/config/auto.conf:4559:warning: override: TICK_CPU_ACCOUNTING changes choice state ------------------------------------------------------------------------------- arm-allnoconfig : FAIL, 0 errors, 1 warnings, 0 section mismatches Warnings: include/config/auto.conf:4559:warning: override: TICK_CPU_ACCOUNTING changes choice state ------------------------------------------------------------------------------- arm64-defconfig : FAIL, 0 errors, 1 warnings, 0 section mismatches Warnings: include/config/auto.conf:4559:warning: override: TICK_CPU_ACCOUNTING changes choice state ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig x86_64-allmodconfig

7 years, 5 months

3
5
0 0

[PATCH] HID: wacom: bluetooth: send exit report for recent Bluetooth devices

by Aaron Armstrong Skomra

The code path for recent Bluetooth devices omits an exit report which resets all the values of the device. Fixes: 4922cd26f0 ("HID: wacom: Support 2nd-gen Intuos Pro's Bluetooth classic interface") Cc: <stable(a)vger.kernel.org> # 4.11 Signed-off-by: Aaron Armstrong Skomra <aaron.skomra(a)wacom.com> Reviewed-by: Ping Cheng <ping.cheng(a)wacom.com> --- drivers/hid/wacom_wac.c | 76 ++++++++++++++++++++++++++++++------------------- 1 file changed, 46 insertions(+), 30 deletions(-) diff --git a/drivers/hid/wacom_wac.c b/drivers/hid/wacom_wac.c index 6da16a879c9f..5f947ec20dcb 100644 --- a/drivers/hid/wacom_wac.c +++ b/drivers/hid/wacom_wac.c @@ -689,6 +689,45 @@ static int wacom_intuos_get_tool_type(int tool_id) return tool_type; } +static void wacom_exit_report(struct wacom_wac *wacom) +{ + struct input_dev *input = wacom->pen_input; + struct wacom_features *features = &wacom->features; + unsigned char *data = wacom->data; + int idx = (features->type == INTUOS) ? (data[1] & 0x01) : 0; + + /* + * Reset all states otherwise we lose the initial states + * when in-prox next time + */ + input_report_abs(input, ABS_X, 0); + input_report_abs(input, ABS_Y, 0); + input_report_abs(input, ABS_DISTANCE, 0); + input_report_abs(input, ABS_TILT_X, 0); + input_report_abs(input, ABS_TILT_Y, 0); + if (wacom->tool[idx] >= BTN_TOOL_MOUSE) { + input_report_key(input, BTN_LEFT, 0); + input_report_key(input, BTN_MIDDLE, 0); + input_report_key(input, BTN_RIGHT, 0); + input_report_key(input, BTN_SIDE, 0); + input_report_key(input, BTN_EXTRA, 0); + input_report_abs(input, ABS_THROTTLE, 0); + input_report_abs(input, ABS_RZ, 0); + } else { + input_report_abs(input, ABS_PRESSURE, 0); + input_report_key(input, BTN_STYLUS, 0); + input_report_key(input, BTN_STYLUS2, 0); + input_report_key(input, BTN_TOUCH, 0); + input_report_abs(input, ABS_WHEEL, 0); + if (features->type >= INTUOS3S) + input_report_abs(input, ABS_Z, 0); + } + input_report_key(input, wacom->tool[idx], 0); + input_report_abs(input, ABS_MISC, 0); /* reset tool id */ + input_event(input, EV_MSC, MSC_SERIAL, wacom->serial[idx]); + wacom->id[idx] = 0; +} + static int wacom_intuos_inout(struct wacom_wac *wacom) { struct wacom_features *features = &wacom->features; @@ -741,36 +780,7 @@ static int wacom_intuos_inout(struct wacom_wac *wacom) if (!wacom->id[idx]) return 1; - /* - * Reset all states otherwise we lose the initial states - * when in-prox next time - */ - input_report_abs(input, ABS_X, 0); - input_report_abs(input, ABS_Y, 0); - input_report_abs(input, ABS_DISTANCE, 0); - input_report_abs(input, ABS_TILT_X, 0); - input_report_abs(input, ABS_TILT_Y, 0); - if (wacom->tool[idx] >= BTN_TOOL_MOUSE) { - input_report_key(input, BTN_LEFT, 0); - input_report_key(input, BTN_MIDDLE, 0); - input_report_key(input, BTN_RIGHT, 0); - input_report_key(input, BTN_SIDE, 0); - input_report_key(input, BTN_EXTRA, 0); - input_report_abs(input, ABS_THROTTLE, 0); - input_report_abs(input, ABS_RZ, 0); - } else { - input_report_abs(input, ABS_PRESSURE, 0); - input_report_key(input, BTN_STYLUS, 0); - input_report_key(input, BTN_STYLUS2, 0); - input_report_key(input, BTN_TOUCH, 0); - input_report_abs(input, ABS_WHEEL, 0); - if (features->type >= INTUOS3S) - input_report_abs(input, ABS_Z, 0); - } - input_report_key(input, wacom->tool[idx], 0); - input_report_abs(input, ABS_MISC, 0); /* reset tool id */ - input_event(input, EV_MSC, MSC_SERIAL, wacom->serial[idx]); - wacom->id[idx] = 0; + wacom_exit_report(wacom); return 2; } @@ -1235,6 +1245,12 @@ static void wacom_intuos_pro2_bt_pen(struct wacom_wac *wacom) if (!valid) continue; + if (!prox) { + wacom->shared->stylus_in_proximity = false; + wacom_exit_report(wacom); + input_sync(pen_input); + return; + } if (range) { input_report_abs(pen_input, ABS_X, get_unaligned_le16(&frame[1])); input_report_abs(pen_input, ABS_Y, get_unaligned_le16(&frame[3])); -- 2.7.4

7 years, 5 months

2
1
0 0

[PATCH] x86/nmi: Enable nested do_nmi() handling for 64-bit kernels

by chenggang.qin＠linux.alibaba.com

From: Andy Lutomirski <luto(a)kernel.org> commit: 9d05041679904b12c12421cbcf9cb5f4860a8d7b upstream 32-bit kernels handle nested NMIs in C. Enable the exact same handling on 64-bit kernels as well. This isn't currently necessary, but it will become necessary once the asm code starts allowing limited nesting. Signed-off-by: Andy Lutomirski <luto(a)kernel.org> Reviewed-by: Steven Rostedt <rostedt(a)goodmis.org> Cc: Borislav Petkov <bp(a)suse.de> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Backported-by: Chenggang <chenggang.qin(a)linux.alibaba.com> --- 7u/arch/x86/kernel/nmi.c | 122 ++++++++++++++++++++--------------------------- 1 file changed, 51 insertions(+), 71 deletions(-) diff --git a/7u/arch/x86/kernel/nmi.c b/7u/arch/x86/kernel/nmi.c index 6030805..a735412 100644 --- a/7u/arch/x86/kernel/nmi.c +++ b/7u/arch/x86/kernel/nmi.c @@ -359,15 +359,15 @@ static __kprobes void default_do_nmi(struct pt_regs *regs) } /* - * NMIs can hit breakpoints which will cause it to lose its - * NMI context with the CPU when the breakpoint does an iret. - */ -#ifdef CONFIG_X86_32 -/* - * For i386, NMIs use the same stack as the kernel, and we can - * add a workaround to the iret problem in C (preventing nested - * NMIs if an NMI takes a trap). Simply have 3 states the NMI - * can be in: + * NMIs can hit breakpoints which will cause it to lose its NMI context + * with the CPU when the breakpoint or page fault does an IRET. + * + * As a result, NMIs can nest if NMIs get unmasked due an IRET during + * NMI processing. On x86_64, the asm glue protects us from nested NMIs + * if the outer NMI came from kernel mode, but we can still nest if the + * outer NMI came from user mode. + * + * To handle these nested NMIs, we have three states: * * 1) not running * 2) executing @@ -381,15 +381,14 @@ static __kprobes void default_do_nmi(struct pt_regs *regs) * (Note, the latch is binary, thus multiple NMIs triggering, * when one is running, are ignored. Only one NMI is restarted.) * - * If an NMI hits a breakpoint that executes an iret, another - * NMI can preempt it. We do not want to allow this new NMI - * to run, but we want to execute it when the first one finishes. - * We set the state to "latched", and the exit of the first NMI will - * perform a dec_return, if the result is zero (NOT_RUNNING), then - * it will simply exit the NMI handler. If not, the dec_return - * would have set the state to NMI_EXECUTING (what we want it to - * be when we are running). In this case, we simply jump back - * to rerun the NMI handler again, and restart the 'latched' NMI. + * If an NMI executes an iret, another NMI can preempt it. We do not + * want to allow this new NMI to run, but we want to execute it when the + * first one finishes. We set the state to "latched", and the exit of + * the first NMI will perform a dec_return, if the result is zero + * (NOT_RUNNING), then it will simply exit the NMI handler. If not, the + * dec_return would have set the state to NMI_EXECUTING (what we want it + * to be when we are running). In this case, we simply jump back to + * rerun the NMI handler again, and restart the 'latched' NMI. * * No trap (breakpoint or page fault) should be hit before nmi_restart, * thus there is no race between the first check of state for NOT_RUNNING @@ -412,49 +411,36 @@ enum nmi_states { static DEFINE_PER_CPU(enum nmi_states, nmi_state); static DEFINE_PER_CPU(unsigned long, nmi_cr2); -#define nmi_nesting_preprocess(regs) \ - do { \ - if (this_cpu_read(nmi_state) != NMI_NOT_RUNNING) { \ - this_cpu_write(nmi_state, NMI_LATCHED); \ - return; \ - } \ - this_cpu_write(nmi_state, NMI_EXECUTING); \ - this_cpu_write(nmi_cr2, read_cr2()); \ - } while (0); \ - nmi_restart: - -#define nmi_nesting_postprocess() \ - do { \ - if (unlikely(this_cpu_read(nmi_cr2) != read_cr2())) \ - write_cr2(this_cpu_read(nmi_cr2)); \ - if (this_cpu_dec_return(nmi_state)) \ - goto nmi_restart; \ - } while (0) -#else /* x86_64 */ +#ifdef CONFIG_X86_64 /* - * In x86_64 things are a bit more difficult. This has the same problem - * where an NMI hitting a breakpoint that calls iret will remove the - * NMI context, allowing a nested NMI to enter. What makes this more - * difficult is that both NMIs and breakpoints have their own stack. - * When a new NMI or breakpoint is executed, the stack is set to a fixed - * point. If an NMI is nested, it will have its stack set at that same - * fixed address that the first NMI had, and will start corrupting the - * stack. This is handled in entry_64.S, but the same problem exists with - * the breakpoint stack. + * In x86_64, we need to handle breakpoint -> NMI -> breakpoint. Without + * some care, the inner breakpoint will clobber the outer breakpoint's + * stack. * - * If a breakpoint is being processed, and the debug stack is being used, - * if an NMI comes in and also hits a breakpoint, the stack pointer - * will be set to the same fixed address as the breakpoint that was - * interrupted, causing that stack to be corrupted. To handle this case, - * check if the stack that was interrupted is the debug stack, and if - * so, change the IDT so that new breakpoints will use the current stack - * and not switch to the fixed address. On return of the NMI, switch back - * to the original IDT. + * If a breakpoint is being processed, and the debug stack is being + * used, if an NMI comes in and also hits a breakpoint, the stack + * pointer will be set to the same fixed address as the breakpoint that + * was interrupted, causing that stack to be corrupted. To handle this + * case, check if the stack that was interrupted is the debug stack, and + * if so, change the IDT so that new breakpoints will use the current + * stack and not switch to the fixed address. On return of the NMI, + * switch back to the original IDT. */ static DEFINE_PER_CPU(int, update_debug_stack); +#endif -static inline void nmi_nesting_preprocess(struct pt_regs *regs) +dotraplinkage notrace void +do_nmi(struct pt_regs *regs, long error_code) { + if (this_cpu_read(nmi_state) != NMI_NOT_RUNNING) { + this_cpu_write(nmi_state, NMI_LATCHED); + return; + } + this_cpu_write(nmi_state, NMI_EXECUTING); + this_cpu_write(nmi_cr2, read_cr2()); +nmi_restart: + +#ifdef CONFIG_X86_64 /* * If we interrupted a breakpoint, it is possible that * the nmi handler will have breakpoints too. We need to @@ -465,22 +451,8 @@ static inline void nmi_nesting_preprocess(struct pt_regs *regs) debug_stack_set_zero(); this_cpu_write(update_debug_stack, 1); } -} - -static inline void nmi_nesting_postprocess(void) -{ - if (unlikely(this_cpu_read(update_debug_stack))) { - debug_stack_reset(); - this_cpu_write(update_debug_stack, 0); - } -} #endif -dotraplinkage notrace __kprobes void -do_nmi(struct pt_regs *regs, long error_code) -{ - nmi_nesting_preprocess(regs); - nmi_enter(); inc_irq_stat(__nmi_count); @@ -489,9 +461,17 @@ do_nmi(struct pt_regs *regs, long error_code) default_do_nmi(regs); nmi_exit(); +#ifdef CONFIG_X86_64 + if (unlikely(this_cpu_read(update_debug_stack))) { + debug_stack_reset(); + this_cpu_write(update_debug_stack, 0); + } +#endif - /* On i386, may loop back to preprocess */ - nmi_nesting_postprocess(); + if (unlikely(this_cpu_read(nmi_cr2) != read_cr2())) + write_cr2(this_cpu_read(nmi_cr2)); + if (this_cpu_dec_return(nmi_state)) + goto nmi_restart; } void stop_nmi(void) -- 1.8.3.1

7 years, 5 months

5
4
0 0

v4.15.17 build: 11 failures 0 warnings (v4.15.17)

by Build bot for Mark Brown

Tree/Branch: v4.15.17 Git describe: v4.15.17 Commit: b22a1fa1b3 Linux 4.15.17 Build Time: 0 min 27 sec Passed: 0 / 11 ( 0.00 %) Failed: 11 / 11 (100.00 %) Errors: 8 Warnings: 0 Section Mismatches: 0 Failed defconfigs: arm64-allnoconfig arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig x86_64-defconfig arm-allmodconfig arm-allnoconfig arm-multi_v4t_defconfig x86_64-allmodconfig arm64-defconfig Errors: arm64-allnoconfig ../scripts/mod/file2alias.c:97:68: error: 'OFF_tb_service_id_match_flags' undeclared (first use in this function) ../scripts/mod/file2alias.c:103:45: error: 'OFF_tb_service_id_protocol_key' undeclared (first use in this function) ../scripts/mod/file2alias.c:97:68: error: 'OFF_tb_service_id_protocol_id' undeclared (first use in this function) ../scripts/mod/file2alias.c:97:68: error: 'OFF_tb_service_id_protocol_version' undeclared (first use in this function) ../scripts/mod/file2alias.c:97:68: error: 'OFF_tb_service_id_protocol_revision' undeclared (first use in this function) ../scripts/mod/file2alias.c:111:3: error: 'SIZE_tb_service_id' undeclared here (not in a function) arm64-allmodconfig ../scripts/mod/file2alias.c:97:68: error: 'OFF_tb_service_id_match_flags' undeclared (first use in this function) ../scripts/mod/file2alias.c:103:45: error: 'OFF_tb_service_id_protocol_key' undeclared (first use in this function) ../scripts/mod/file2alias.c:97:68: error: 'OFF_tb_service_id_protocol_id' undeclared (first use in this function) ../scripts/mod/file2alias.c:97:68: error: 'OFF_tb_service_id_protocol_version' undeclared (first use in this function) ../scripts/mod/file2alias.c:97:68: error: 'OFF_tb_service_id_protocol_revision' undeclared (first use in this function) ../scripts/mod/file2alias.c:111:3: error: 'SIZE_tb_service_id' undeclared here (not in a function) arm-multi_v5_defconfig ../arch/arm/include/asm/string.h:45:3: error: expected identifier or '(' before '{' token arm-multi_v7_defconfig ../arch/arm/include/asm/string.h:45:3: error: expected identifier or '(' before '{' token x86_64-defconfig ../scripts/mod/file2alias.c:97:68: error: 'OFF_tb_service_id_match_flags' undeclared (first use in this function) ../scripts/mod/file2alias.c:103:45: error: 'OFF_tb_service_id_protocol_key' undeclared (first use in this function) ../scripts/mod/file2alias.c:97:68: error: 'OFF_tb_service_id_protocol_id' undeclared (first use in this function) ../scripts/mod/file2alias.c:97:68: error: 'OFF_tb_service_id_protocol_version' undeclared (first use in this function) ../scripts/mod/file2alias.c:97:68: error: 'OFF_tb_service_id_protocol_revision' undeclared (first use in this function) ../scripts/mod/file2alias.c:111:3: error: 'SIZE_tb_service_id' undeclared here (not in a function) arm-allmodconfig ../arch/arm/include/asm/string.h:45:3: error: expected identifier or '(' before '{' token arm-allnoconfig orc.h:21:27: fatal error: asm/orc_types.h: No such file or directory orc.h:21:27: fatal error: asm/orc_types.h: No such file or directory arm-multi_v4t_defconfig ../arch/arm/include/asm/string.h:45:3: error: expected identifier or '(' before '{' token x86_64-allmodconfig ../scripts/mod/file2alias.c:97:68: error: 'OFF_tb_service_id_match_flags' undeclared (first use in this function) ../scripts/mod/file2alias.c:103:45: error: 'OFF_tb_service_id_protocol_key' undeclared (first use in this function) ../scripts/mod/file2alias.c:97:68: error: 'OFF_tb_service_id_protocol_id' undeclared (first use in this function) ../scripts/mod/file2alias.c:97:68: error: 'OFF_tb_service_id_protocol_version' undeclared (first use in this function) ../scripts/mod/file2alias.c:97:68: error: 'OFF_tb_service_id_protocol_revision' undeclared (first use in this function) ../scripts/mod/file2alias.c:111:3: error: 'SIZE_tb_service_id' undeclared here (not in a function) arm64-defconfig orc.h:21:27: fatal error: asm/orc_types.h: No such file or directory orc.h:21:27: fatal error: asm/orc_types.h: No such file or directory orc.h:21:27: fatal error: asm/orc_types.h: No such file or directory ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): ------------------------------------------------------------------------------- Errors summary: 8 5 orc.h:21:27: fatal error: asm/orc_types.h: No such file or directory 4 ../scripts/mod/file2alias.c:97:68: error: 'OFF_tb_service_id_protocol_version' undeclared (first use in this function) 4 ../scripts/mod/file2alias.c:97:68: error: 'OFF_tb_service_id_protocol_revision' undeclared (first use in this function) 4 ../scripts/mod/file2alias.c:97:68: error: 'OFF_tb_service_id_protocol_id' undeclared (first use in this function) 4 ../scripts/mod/file2alias.c:97:68: error: 'OFF_tb_service_id_match_flags' undeclared (first use in this function) 4 ../scripts/mod/file2alias.c:111:3: error: 'SIZE_tb_service_id' undeclared here (not in a function) 4 ../scripts/mod/file2alias.c:103:45: error: 'OFF_tb_service_id_protocol_key' undeclared (first use in this function) 4 ../arch/arm/include/asm/string.h:45:3: error: expected identifier or '(' before '{' token =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- arm64-allnoconfig : FAIL, 6 errors, 0 warnings, 0 section mismatches Errors: ../scripts/mod/file2alias.c:97:68: error: 'OFF_tb_service_id_match_flags' undeclared (first use in this function) ../scripts/mod/file2alias.c:103:45: error: 'OFF_tb_service_id_protocol_key' undeclared (first use in this function) ../scripts/mod/file2alias.c:97:68: error: 'OFF_tb_service_id_protocol_id' undeclared (first use in this function) ../scripts/mod/file2alias.c:97:68: error: 'OFF_tb_service_id_protocol_version' undeclared (first use in this function) ../scripts/mod/file2alias.c:97:68: error: 'OFF_tb_service_id_protocol_revision' undeclared (first use in this function) ../scripts/mod/file2alias.c:111:3: error: 'SIZE_tb_service_id' undeclared here (not in a function) ------------------------------------------------------------------------------- arm64-allmodconfig : FAIL, 6 errors, 0 warnings, 0 section mismatches Errors: ../scripts/mod/file2alias.c:97:68: error: 'OFF_tb_service_id_match_flags' undeclared (first use in this function) ../scripts/mod/file2alias.c:103:45: error: 'OFF_tb_service_id_protocol_key' undeclared (first use in this function) ../scripts/mod/file2alias.c:97:68: error: 'OFF_tb_service_id_protocol_id' undeclared (first use in this function) ../scripts/mod/file2alias.c:97:68: error: 'OFF_tb_service_id_protocol_version' undeclared (first use in this function) ../scripts/mod/file2alias.c:97:68: error: 'OFF_tb_service_id_protocol_revision' undeclared (first use in this function) ../scripts/mod/file2alias.c:111:3: error: 'SIZE_tb_service_id' undeclared here (not in a function) ------------------------------------------------------------------------------- arm-multi_v5_defconfig : FAIL, 1 errors, 0 warnings, 0 section mismatches Errors: ../arch/arm/include/asm/string.h:45:3: error: expected identifier or '(' before '{' token ------------------------------------------------------------------------------- arm-multi_v7_defconfig : FAIL, 1 errors, 0 warnings, 0 section mismatches Errors: ../arch/arm/include/asm/string.h:45:3: error: expected identifier or '(' before '{' token ------------------------------------------------------------------------------- x86_64-defconfig : FAIL, 6 errors, 0 warnings, 0 section mismatches Errors: ../scripts/mod/file2alias.c:97:68: error: 'OFF_tb_service_id_match_flags' undeclared (first use in this function) ../scripts/mod/file2alias.c:103:45: error: 'OFF_tb_service_id_protocol_key' undeclared (first use in this function) ../scripts/mod/file2alias.c:97:68: error: 'OFF_tb_service_id_protocol_id' undeclared (first use in this function) ../scripts/mod/file2alias.c:97:68: error: 'OFF_tb_service_id_protocol_version' undeclared (first use in this function) ../scripts/mod/file2alias.c:97:68: error: 'OFF_tb_service_id_protocol_revision' undeclared (first use in this function) ../scripts/mod/file2alias.c:111:3: error: 'SIZE_tb_service_id' undeclared here (not in a function) ------------------------------------------------------------------------------- arm-allmodconfig : FAIL, 1 errors, 0 warnings, 0 section mismatches Errors: ../arch/arm/include/asm/string.h:45:3: error: expected identifier or '(' before '{' token ------------------------------------------------------------------------------- arm-allnoconfig : FAIL, 2 errors, 0 warnings, 0 section mismatches Errors: orc.h:21:27: fatal error: asm/orc_types.h: No such file or directory orc.h:21:27: fatal error: asm/orc_types.h: No such file or directory ------------------------------------------------------------------------------- arm-multi_v4t_defconfig : FAIL, 1 errors, 0 warnings, 0 section mismatches Errors: ../arch/arm/include/asm/string.h:45:3: error: expected identifier or '(' before '{' token ------------------------------------------------------------------------------- x86_64-allmodconfig : FAIL, 6 errors, 0 warnings, 0 section mismatches Errors: ../scripts/mod/file2alias.c:97:68: error: 'OFF_tb_service_id_match_flags' undeclared (first use in this function) ../scripts/mod/file2alias.c:103:45: error: 'OFF_tb_service_id_protocol_key' undeclared (first use in this function) ../scripts/mod/file2alias.c:97:68: error: 'OFF_tb_service_id_protocol_id' undeclared (first use in this function) ../scripts/mod/file2alias.c:97:68: error: 'OFF_tb_service_id_protocol_version' undeclared (first use in this function) ../scripts/mod/file2alias.c:97:68: error: 'OFF_tb_service_id_protocol_revision' undeclared (first use in this function) ../scripts/mod/file2alias.c:111:3: error: 'SIZE_tb_service_id' undeclared here (not in a function) ------------------------------------------------------------------------------- arm64-defconfig : FAIL, 3 errors, 0 warnings, 0 section mismatches Errors: orc.h:21:27: fatal error: asm/orc_types.h: No such file or directory orc.h:21:27: fatal error: asm/orc_types.h: No such file or directory orc.h:21:27: fatal error: asm/orc_types.h: No such file or directory ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: x86_64-allnoconfig

7 years, 5 months

2
1
0 0

v4.14.34 build: 11 failures 4 warnings (v4.14.34)

by Build bot for Mark Brown

Tree/Branch: v4.14.34 Git describe: v4.14.34 Commit: ffebeb0d7c Linux 4.14.34 Build Time: 0 min 29 sec Passed: 0 / 11 ( 0.00 %) Failed: 11 / 11 (100.00 %) Errors: 2 Warnings: 4 Section Mismatches: 0 Failed defconfigs: arm-multi_v5_defconfig arm-multi_v7_defconfig arm-allmodconfig arm-multi_v4t_defconfig arm-allnoconfig arm64-defconfig Errors: arm-multi_v5_defconfig ../arch/arm/include/asm/string.h:45:3: error: expected identifier or '(' before '{' token arm-multi_v7_defconfig ../arch/arm/include/asm/string.h:45:3: error: expected identifier or '(' before '{' token arm-allmodconfig ../arch/arm/include/asm/string.h:45:3: error: expected identifier or '(' before '{' token arm-multi_v4t_defconfig ../arch/arm/include/asm/string.h:45:3: error: expected identifier or '(' before '{' token arm-allnoconfig orc.h:21:27: fatal error: asm/orc_types.h: No such file or directory orc.h:21:27: fatal error: asm/orc_types.h: No such file or directory orc.h:21:27: fatal error: asm/orc_types.h: No such file or directory ../arch/arm/include/asm/string.h:45:3: error: expected identifier or '(' before '{' token arm64-defconfig orc.h:21:27: fatal error: asm/orc_types.h: No such file or directory orc.h:21:27: fatal error: asm/orc_types.h: No such file or directory orc.h:21:27: fatal error: asm/orc_types.h: No such file or directory ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 4 warnings 0 mismatches : arm-allnoconfig ------------------------------------------------------------------------------- Errors summary: 2 6 orc.h:21:27: fatal error: asm/orc_types.h: No such file or directory 5 ../arch/arm/include/asm/string.h:45:3: error: expected identifier or '(' before '{' token Warnings Summary: 4 1 ../arch/arm/include/asm/barrier.h:9:5: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] 1 ../arch/arm/include/asm/barrier.h:20:35: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] 1 ../arch/arm/include/asm/barrier.h:16:5: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] 1 ../arch/arm/include/asm/barrier.h:10:3: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- arm-multi_v5_defconfig : FAIL, 1 errors, 0 warnings, 0 section mismatches Errors: ../arch/arm/include/asm/string.h:45:3: error: expected identifier or '(' before '{' token ------------------------------------------------------------------------------- arm-multi_v7_defconfig : FAIL, 1 errors, 0 warnings, 0 section mismatches Errors: ../arch/arm/include/asm/string.h:45:3: error: expected identifier or '(' before '{' token ------------------------------------------------------------------------------- arm-allmodconfig : FAIL, 1 errors, 0 warnings, 0 section mismatches Errors: ../arch/arm/include/asm/string.h:45:3: error: expected identifier or '(' before '{' token ------------------------------------------------------------------------------- arm-multi_v4t_defconfig : FAIL, 1 errors, 0 warnings, 0 section mismatches Errors: ../arch/arm/include/asm/string.h:45:3: error: expected identifier or '(' before '{' token ------------------------------------------------------------------------------- arm-allnoconfig : FAIL, 4 errors, 4 warnings, 0 section mismatches Errors: orc.h:21:27: fatal error: asm/orc_types.h: No such file or directory orc.h:21:27: fatal error: asm/orc_types.h: No such file or directory orc.h:21:27: fatal error: asm/orc_types.h: No such file or directory ../arch/arm/include/asm/string.h:45:3: error: expected identifier or '(' before '{' token Warnings: ../arch/arm/include/asm/barrier.h:9:5: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] ../arch/arm/include/asm/barrier.h:10:3: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] ../arch/arm/include/asm/barrier.h:16:5: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] ../arch/arm/include/asm/barrier.h:20:35: warning: "__LINUX_ARM_ARCH__" is not defined [-Wundef] ------------------------------------------------------------------------------- arm64-defconfig : FAIL, 3 errors, 0 warnings, 0 section mismatches Errors: orc.h:21:27: fatal error: asm/orc_types.h: No such file or directory orc.h:21:27: fatal error: asm/orc_types.h: No such file or directory orc.h:21:27: fatal error: asm/orc_types.h: No such file or directory ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: x86_64-allnoconfig arm64-allnoconfig arm64-allmodconfig x86_64-allmodconfig x86_64-defconfig

7 years, 5 months

2
1
0 0

[PATCH V2] blk-mq: fix race between complete and BLK_EH_RESET_TIMER

by Ming Lei

The normal request completion can be done before or during handling BLK_EH_RESET_TIMER, and this race may cause the request to never be completed since driver's .timeout() may always return BLK_EH_RESET_TIMER. This issue can't be fixed completely by driver, since the normal completion can be done between returning .timeout() and handing BLK_EH_RESET_TIMER. This patch fixes this race by introducing rq state of MQ_RQ_COMPLETE_IN_RESET, and reading/writing rq's state by holding queue lock, which can be per-request actually, but just not necessary to introduce one lock for so unusual event. Cc: Bart Van Assche <bart.vanassche(a)wdc.com> Cc: Tejun Heo <tj(a)kernel.org> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Ming Lei <ming.lei(a)redhat.com> Cc: Sagi Grimberg <sagi(a)grimberg.me> Cc: Israel Rukshin <israelr(a)mellanox.com>, Cc: Max Gurtovoy <maxg(a)mellanox.com> Cc: stable(a)vger.kernel.org Signed-off-by: Ming Lei <ming.lei(a)redhat.com> --- V2: - rename the new flag as MQ_RQ_COMPLETE_IN_TIMEOUT - fix lock uses in blk_mq_rq_timed_out - document re-order between blk_add_timer() and blk_mq_rq_update_aborted_gstate(req, 0) block/blk-mq.c | 49 ++++++++++++++++++++++++++++++++++++++++++++----- block/blk-mq.h | 1 + 2 files changed, 45 insertions(+), 5 deletions(-) diff --git a/block/blk-mq.c b/block/blk-mq.c index 0dc9e341c2a7..db1c84b2bb5e 100644 --- a/block/blk-mq.c +++ b/block/blk-mq.c @@ -630,10 +630,27 @@ void blk_mq_complete_request(struct request *rq) * However, that would complicate paths which want to synchronize * against us. Let stay in sync with the issue path so that * hctx_lock() covers both issue and completion paths. + * + * Cover complete vs BLK_EH_RESET_TIMER race in slow path with + * helding queue lock. */ hctx_lock(hctx, &srcu_idx); if (blk_mq_rq_aborted_gstate(rq) != rq->gstate) __blk_mq_complete_request(rq); + else { + unsigned long flags; + bool need_complete = false; + + spin_lock_irqsave(q->queue_lock, flags); + if (!blk_mq_rq_aborted_gstate(rq)) + need_complete = true; + else + blk_mq_rq_update_state(rq, MQ_RQ_COMPLETE_IN_TIMEOUT); + spin_unlock_irqrestore(q->queue_lock, flags); + + if (need_complete) + __blk_mq_complete_request(rq); + } hctx_unlock(hctx, srcu_idx); } EXPORT_SYMBOL(blk_mq_complete_request); @@ -814,6 +831,7 @@ static void blk_mq_rq_timed_out(struct request *req, bool reserved) { const struct blk_mq_ops *ops = req->q->mq_ops; enum blk_eh_timer_return ret = BLK_EH_RESET_TIMER; + unsigned long flags; req->rq_flags |= RQF_MQ_TIMEOUT_EXPIRED; @@ -826,12 +844,33 @@ static void blk_mq_rq_timed_out(struct request *req, bool reserved) break; case BLK_EH_RESET_TIMER: /* - * As nothing prevents from completion happening while - * ->aborted_gstate is set, this may lead to ignored - * completions and further spurious timeouts. + * The normal completion may happen during handling the + * timeout, or even after returning from .timeout(), so + * once the request has been completed, we can't reset + * timer any more since this request may be handled as + * BLK_EH_RESET_TIMER in next timeout handling too, and + * it has to be completed in this situation. + * + * Holding the queue lock to cover read/write rq's + * aborted_gstate and normal state, so the race can be + * avoided completely. + * + * blk_add_timer() may be re-ordered with resetting + * aborted_gstate, and the only side-effec is that if this + * request is recycled after aborted_gstate is cleared, it + * may be timed out a bit late, that is what we can survive + * given timeout event is so unusual. */ - blk_mq_rq_update_aborted_gstate(req, 0); - blk_add_timer(req); + spin_lock_irqsave(req->q->queue_lock, flags); + if (blk_mq_rq_state(req) != MQ_RQ_COMPLETE_IN_TIMEOUT) { + blk_add_timer(req); + blk_mq_rq_update_aborted_gstate(req, 0); + spin_unlock_irqrestore(req->q->queue_lock, flags); + } else { + blk_mq_rq_update_state(req, MQ_RQ_IN_FLIGHT); + spin_unlock_irqrestore(req->q->queue_lock, flags); + __blk_mq_complete_request(req); + } break; case BLK_EH_NOT_HANDLED: break; diff --git a/block/blk-mq.h b/block/blk-mq.h index 88c558f71819..0426d048743d 100644 --- a/block/blk-mq.h +++ b/block/blk-mq.h @@ -35,6 +35,7 @@ enum mq_rq_state { MQ_RQ_IDLE = 0, MQ_RQ_IN_FLIGHT = 1, MQ_RQ_COMPLETE = 2, + MQ_RQ_COMPLETE_IN_TIMEOUT = 3, MQ_RQ_STATE_BITS = 2, MQ_RQ_STATE_MASK = (1 << MQ_RQ_STATE_BITS) - 1, -- 2.9.5

7 years, 5 months

2
3
0 0

Re: [PATCH] x86/xen: zero MSR_IA32_SPEC_CTRL before suspend

by Juergen Gross

On 14/03/18 09:48, Jan Beulich wrote: >>>> On 26.02.18 at 15:08, <jgross(a)suse.com> wrote: >> @@ -35,6 +40,9 @@ void xen_arch_post_suspend(int cancelled) >> >> static void xen_vcpu_notify_restore(void *data) >> { >> + if (xen_pv_domain() && boot_cpu_has(X86_FEATURE_SPEC_CTRL)) >> + wrmsrl(MSR_IA32_SPEC_CTRL, this_cpu_read(spec_ctrl)); >> + >> /* Boot processor notified via generic timekeeping_resume() */ >> if (smp_processor_id() == 0) >> return; >> @@ -44,7 +52,15 @@ static void xen_vcpu_notify_restore(void *data) >> >> static void xen_vcpu_notify_suspend(void *data) >> { >> + u64 tmp; >> + >> tick_suspend_local(); >> + >> + if (xen_pv_domain() && boot_cpu_has(X86_FEATURE_SPEC_CTRL)) { >> + rdmsrl(MSR_IA32_SPEC_CTRL, tmp); >> + this_cpu_write(spec_ctrl, tmp); >> + wrmsrl(MSR_IA32_SPEC_CTRL, 0); >> + } >> } > > While investigating ways how to do something similar on our old, > non-pvops kernels I've started wondering if this solution is actually > correct in all cases. Of course discussing this is complicated by the > fact that the change there might be a conflict with hasn't landed > in Linus'es tree yet (see e.g. > https://patchwork.kernel.org/patch/10153843/ for an upstream > submission; I haven't been able to find any discussion on that > patch or why it isn't upstream yet), but we have it in our various > branches. The potential problem I'm seeing is with the clearing > and re-setting of SPEC_CTRL around CPUs going idle. While the > active CPU could have preemption disabled (if that isn't the case > already), the passive CPUs are - afaict - neither under full control > of drivers/xen/manage.c:do_suspend() nor excluded yet from > any further scheduling activity. Hence with code like this (taken > from one of our branches) > > static void mwait_idle(void) > { > if (!current_set_polling_and_test()) { > trace_cpu_idle_rcuidle(1, smp_processor_id()); > if (this_cpu_has(X86_BUG_CLFLUSH_MONITOR)) { > smp_mb(); /* quirk */ > clflush((void *)&current_thread_info()->flags); > smp_mb(); /* quirk */ > } > > x86_disable_ibrs(); > > __monitor((void *)&current_thread_info()->flags, 0, 0); > if (!need_resched()) > __sti_mwait(0, 0); > else > local_irq_enable(); > > x86_enable_ibrs(); > ... > > the MSR might get set to non-zero again after having been > cleared by the code your patch adds. I therefore think that the > only race free solution would be to do the clearing from > stop-machine context. But maybe I'm overlooking something. Currently and with the above mentioned patch there is no problem: Xen pv guests always use default_idle(), so mwait_idle() eventually playing with MSR_IA32_SPEC_CTRL won't affect us. In order to ensure that won't change in future default_idle() should never modify MSR_IA32_SPEC_CTRL. In case something like that would be required we should rather add another idle function doing that. Juergen

7 years, 5 months

3
6
0 0

[PATCH] usb: typec: ucsi: fix link error on randconfig

by Heikki Krogerus

If building a kernel without FTRACE but with TRACING, ucsi.ko fails to link due to missing trace events. Fix this by using the correct Kconfig symbol on Makefile. Reported-by: Tobias Regnery <tobias.regnery(a)gmail.com> Fixes: c1b0bc2dabfa ("usb: typec: Add support for UCSI interface") Cc: <stable(a)vger.kernel.org> Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> --- drivers/usb/typec/ucsi/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/typec/ucsi/Makefile b/drivers/usb/typec/ucsi/Makefile index b57891c1fd31..7afbea512207 100644 --- a/drivers/usb/typec/ucsi/Makefile +++ b/drivers/usb/typec/ucsi/Makefile @@ -5,6 +5,6 @@ obj-$(CONFIG_TYPEC_UCSI) += typec_ucsi.o typec_ucsi-y := ucsi.o -typec_ucsi-$(CONFIG_FTRACE) += trace.o +typec_ucsi-$(CONFIG_TRACING) += trace.o obj-$(CONFIG_UCSI_ACPI) += ucsi_acpi.o -- 2.16.3

7 years, 5 months

1
1
0 0

[PATCH 1/3] staging: wilc1000: fix NULL pointer exception in host_int_parse_assoc_resp_info()

by Ajay Singh

Commit fe014d4e6b55 (staging: wilc1000: free memory allocated for general info message from firmware) introduced bug by using wrong source address in kmemdup(). 'conn_info.req_ies' is used for source address in kempdup() instead of 'hif_drv->usr_conn_req.ies'. This commit fixes the NULL pointer dereference issue in host_int_parse_assoc_resp_info() by using the correct source address in kmemdup(). Fixes: fe014d4e6b55 (staging: wilc1000: free memory allocated for general info message from firmware) Cc: stable(a)vger.kernel.org Signed-off-by: Ajay Singh <ajay.kathat(a)microchip.com> Tested-by: Ajay Singh <ajay.kathat(a)microchip.com> --- drivers/staging/wilc1000/host_interface.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/staging/wilc1000/host_interface.c b/drivers/staging/wilc1000/host_interface.c index 316d73c..302e3cb 100644 --- a/drivers/staging/wilc1000/host_interface.c +++ b/drivers/staging/wilc1000/host_interface.c @@ -1387,7 +1387,7 @@ static inline void host_int_parse_assoc_resp_info(struct wilc_vif *vif, } if (hif_drv->usr_conn_req.ies) { - conn_info.req_ies = kmemdup(conn_info.req_ies, + conn_info.req_ies = kmemdup(hif_drv->usr_conn_req.ies, hif_drv->usr_conn_req.ies_len, GFP_KERNEL); if (conn_info.req_ies) -- 2.7.4

7 years, 5 months

1
1
0 0

[PATCH 3/5] trace_uprobe: Use %lx to display offset

by Steven Rostedt

From: Ravi Bangoria <ravi.bangoria(a)linux.vnet.ibm.com> tu->offset is unsigned long, not a pointer, thus %lx should be used to print it, not the %px. Link: http://lkml.kernel.org/r/20180315082756.9050-1-ravi.bangoria@linux.vnet.ibm… Cc: stable(a)vger.kernel.org Acked-by: Masami Hiramatsu <mhiramat(a)kernel.org> Fixes: 0e4d819d0893 ("trace_uprobe: Display correct offset in uprobe_events") Suggested-by: Kees Cook <keescook(a)chromium.org> Signed-off-by: Ravi Bangoria <ravi.bangoria(a)linux.vnet.ibm.com> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- kernel/trace/trace_uprobe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/trace/trace_uprobe.c b/kernel/trace/trace_uprobe.c index 8b86d76c55ee..d7d3c9237f64 100644 --- a/kernel/trace/trace_uprobe.c +++ b/kernel/trace/trace_uprobe.c @@ -608,7 +608,7 @@ static int probes_seq_show(struct seq_file *m, void *v) /* Don't print "0x (null)" when offset is 0 */ if (tu->offset) { - seq_printf(m, "0x%px", (void *)tu->offset); + seq_printf(m, "0x%0*lx", (int)(sizeof(void *) * 2), tu->offset); } else { switch (sizeof(void *)) { case 4: -- 2.16.3

7 years, 5 months

1
0
0 0

[merged] fs-reiserfs-journalc-add-missing-resierfs_warning-arg.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: fs/reiserfs/journal.c: add missing resierfs_warning() arg has been removed from the -mm tree. Its filename was fs-reiserfs-journalc-add-missing-resierfs_warning-arg.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Andrew Morton <akpm(a)linux-foundation.org> Subject: fs/reiserfs/journal.c: add missing resierfs_warning() arg One use of the reiserfs_warning() macro in journal_init_dev() is missing a parameter, causing the following warning: REISERFS warning (device loop0): journal_init_dev: Cannot open '%s': %i journal_init_dev: This also causes a WARN_ONCE() warning in the vsprintf code, and then a panic if panic_on_warn is set. Please remove unsupported %/ in format string WARNING: CPU: 1 PID: 4480 at lib/vsprintf.c:2138 format_decode+0x77f/0x830 lib/vsprintf.c:2138 Kernel panic - not syncing: panic_on_warn set ... Just add another string argument to the macro invocation. Addresses https://syzkaller.appspot.com/bug?id=0627d4551fdc39bf1ef5d82cd9eef587047f77… Link: http://lkml.kernel.org/r/d678ebe1-6f54-8090-df4c-b9affad62293@infradead.org Signed-off-by: Randy Dunlap <rdunlap(a)infradead.org> Reported-by: <syzbot+6bd77b88c1977c03f584(a)syzkaller.appspotmail.com> Tested-by: Randy Dunlap <rdunlap(a)infradead.org> Acked-by: Jeff Mahoney <jeffm(a)suse.com> Cc: Alexander Viro <viro(a)zeniv.linux.org.uk> Cc: Jan Kara <jack(a)suse.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/reiserfs/journal.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff -puN fs/reiserfs/journal.c~fs-reiserfs-journalc-add-missing-resierfs_warning-arg fs/reiserfs/journal.c --- a/fs/reiserfs/journal.c~fs-reiserfs-journalc-add-missing-resierfs_warning-arg +++ a/fs/reiserfs/journal.c @@ -2643,7 +2643,7 @@ static int journal_init_dev(struct super if (IS_ERR(journal->j_dev_bd)) { result = PTR_ERR(journal->j_dev_bd); journal->j_dev_bd = NULL; - reiserfs_warning(super, + reiserfs_warning(super, "sh-457", "journal_init_dev: Cannot open '%s': %i", jdev_name, result); return result; _ Patches currently in -mm which might be from akpm(a)linux-foundation.org are i-need-old-gcc.patch mm-gup_benchmark-handle-gup-failures-fix.patch mm-pagemap-fix-swap-offset-value-for-pmd-migration-entry-fix.patch writeback-safer-lock-nesting-fix.patch arm-arch-arm-include-asm-pageh-needs-personalityh.patch ocfs2-without-quota-support-try-to-avoid-calling-quota-recovery-checkpatch-fixes.patch mm.patch list_lru-prefetch-neighboring-list-entries-before-acquiring-lock-fix.patch mm-oom-cgroup-aware-oom-killer-fix.patch mm-oom-docs-describe-the-cgroup-aware-oom-killer-fix-2-fix.patch fs-fsnotify-account-fsnotify-metadata-to-kmemcg-fix.patch kernel-forkc-export-kernel_thread-to-modules.patch slab-leaks3-default-y.patch

7 years, 5 months

1
0
0 0

[merged] task_struct-only-use-anon-struct-under-randstruct-plugin.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: task_struct: only use anon struct under randstruct plugin has been removed from the -mm tree. Its filename was task_struct-only-use-anon-struct-under-randstruct-plugin.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Kees Cook <keescook(a)chromium.org> Subject: task_struct: only use anon struct under randstruct plugin The original intent for always adding the anonymous struct in task_struct was to make sure we had compiler coverage. However, this caused pathological padding of 40 bytes at the start of task_struct. Instead, move the anonymous struct to being only used when struct layout randomization is enabled. Link: http://lkml.kernel.org/r/20180327213609.GA2964@beast Fixes: 29e48ce87f1e ("task_struct: Allow randomized") Signed-off-by: Kees Cook <keescook(a)chromium.org> Reported-by: Peter Zijlstra <peterz(a)infradead.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/compiler-clang.h | 3 --- include/linux/compiler-gcc.h | 12 +++--------- 2 files changed, 3 insertions(+), 12 deletions(-) diff -puN include/linux/compiler-clang.h~task_struct-only-use-anon-struct-under-randstruct-plugin include/linux/compiler-clang.h --- a/include/linux/compiler-clang.h~task_struct-only-use-anon-struct-under-randstruct-plugin +++ a/include/linux/compiler-clang.h @@ -17,9 +17,6 @@ */ #define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix), __COUNTER__) -#define randomized_struct_fields_start struct { -#define randomized_struct_fields_end }; - /* all clang versions usable with the kernel support KASAN ABI version 5 */ #define KASAN_ABI_VERSION 5 diff -puN include/linux/compiler-gcc.h~task_struct-only-use-anon-struct-under-randstruct-plugin include/linux/compiler-gcc.h --- a/include/linux/compiler-gcc.h~task_struct-only-use-anon-struct-under-randstruct-plugin +++ a/include/linux/compiler-gcc.h @@ -242,6 +242,9 @@ #if defined(RANDSTRUCT_PLUGIN) && !defined(__CHECKER__) #define __randomize_layout __attribute__((randomize_layout)) #define __no_randomize_layout __attribute__((no_randomize_layout)) +/* This anon struct can add padding, so only enable it under randstruct. */ +#define randomized_struct_fields_start struct { +#define randomized_struct_fields_end } __randomize_layout; #endif #endif /* GCC_VERSION >= 40500 */ @@ -256,15 +259,6 @@ */ #define __visible __attribute__((externally_visible)) -/* - * RANDSTRUCT_PLUGIN wants to use an anonymous struct, but it is only - * possible since GCC 4.6. To provide as much build testing coverage - * as possible, this is used for all GCC 4.6+ builds, and not just on - * RANDSTRUCT_PLUGIN builds. - */ -#define randomized_struct_fields_start struct { -#define randomized_struct_fields_end } __randomize_layout; - #endif /* GCC_VERSION >= 40600 */ _ Patches currently in -mm which might be from keescook(a)chromium.org are rslib-remove-vlas-by-setting-upper-bound-on-nroots.patch fork-unconditionally-clear-stack-on-fork.patch exofs-avoid-vla-in-structures.patch

7 years, 5 months

1
0
0 0

[merged] mm-ksm-fix-inconsistent-accounting-of-zero-pages.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/ksm.c: fix inconsistent accounting of zero pages has been removed from the -mm tree. Its filename was mm-ksm-fix-inconsistent-accounting-of-zero-pages.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Claudio Imbrenda <imbrenda(a)linux.vnet.ibm.com> Subject: mm/ksm.c: fix inconsistent accounting of zero pages When using KSM with use_zero_pages, we replace anonymous pages containing only zeroes with actual zero pages, which are not anonymous. We need to do proper accounting of the mm counters, otherwise we will get wrong values in /proc and a BUG message in dmesg when tearing down the mm. Link: http://lkml.kernel.org/r/1522931274-15552-1-git-send-email-imbrenda@linux.v… Fixes: e86c59b1b1 ("mm/ksm: improve deduplication of zero pages with colouring") Signed-off-by: Claudio Imbrenda <imbrenda(a)linux.vnet.ibm.com> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Minchan Kim <minchan(a)kernel.org> Cc: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Christian Borntraeger <borntraeger(a)de.ibm.com> Cc: Gerald Schaefer <gerald.schaefer(a)de.ibm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/ksm.c | 7 +++++++ 1 file changed, 7 insertions(+) diff -puN mm/ksm.c~mm-ksm-fix-inconsistent-accounting-of-zero-pages mm/ksm.c --- a/mm/ksm.c~mm-ksm-fix-inconsistent-accounting-of-zero-pages +++ a/mm/ksm.c @@ -1131,6 +1131,13 @@ static int replace_page(struct vm_area_s } else { newpte = pte_mkspecial(pfn_pte(page_to_pfn(kpage), vma->vm_page_prot)); + /* + * We're replacing an anonymous page with a zero page, which is + * not anonymous. We need to do proper accounting otherwise we + * will get wrong values in /proc, and a BUG message in dmesg + * when tearing down the mm. + */ + dec_mm_counter(mm, MM_ANONPAGES); } flush_cache_page(vma, addr, pte_pfn(*ptep)); _ Patches currently in -mm which might be from imbrenda(a)linux.vnet.ibm.com are

7 years, 5 months

1
0
0 0

[merged] mm-hmm-hmm_pfns_bad-was-accessing-wrong-struct.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/hmm: hmm_pfns_bad() was accessing wrong struct has been removed from the -mm tree. Its filename was mm-hmm-hmm_pfns_bad-was-accessing-wrong-struct.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Jérôme Glisse <jglisse(a)redhat.com> Subject: mm/hmm: hmm_pfns_bad() was accessing wrong struct The private field of mm_walk struct point to an hmm_vma_walk struct and not to the hmm_range struct desired. Fix to get proper struct pointer. Link: http://lkml.kernel.org/r/20180323005527.758-6-jglisse@redhat.com Signed-off-by: Jérôme Glisse <jglisse(a)redhat.com> Cc: Evgeny Baskakov <ebaskakov(a)nvidia.com> Cc: Ralph Campbell <rcampbell(a)nvidia.com> Cc: Mark Hairgrove <mhairgrove(a)nvidia.com> Cc: John Hubbard <jhubbard(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hmm.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff -puN mm/hmm.c~mm-hmm-hmm_pfns_bad-was-accessing-wrong-struct mm/hmm.c --- a/mm/hmm.c~mm-hmm-hmm_pfns_bad-was-accessing-wrong-struct +++ a/mm/hmm.c @@ -336,7 +336,8 @@ static int hmm_pfns_bad(unsigned long ad unsigned long end, struct mm_walk *walk) { - struct hmm_range *range = walk->private; + struct hmm_vma_walk *hmm_vma_walk = walk->private; + struct hmm_range *range = hmm_vma_walk->range; hmm_pfn_t *pfns = range->pfns; unsigned long i; _ Patches currently in -mm which might be from jglisse(a)redhat.com are

7 years, 5 months

1
0
0 0

[merged] mm-hmm-fix-header-file-if-else-endif-maze-v2.patch removed from -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm/hmm: fix header file if/else/endif maze has been removed from the -mm tree. Its filename was mm-hmm-fix-header-file-if-else-endif-maze-v2.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Jérôme Glisse <jglisse(a)redhat.com> Subject: mm/hmm: fix header file if/else/endif maze The #if/#else/#endif for IS_ENABLED(CONFIG_HMM) were wrong. Because of this after multiple include there was multiple definition of both hmm_mm_init() and hmm_mm_destroy() leading to build failure if HMM was enabled (CONFIG_HMM set). Link: http://lkml.kernel.org/r/20180323005527.758-3-jglisse@redhat.com Signed-off-by: Jérôme Glisse <jglisse(a)redhat.com> Acked-by: Balbir Singh <bsingharora(a)gmail.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Ralph Campbell <rcampbell(a)nvidia.com> Cc: John Hubbard <jhubbard(a)nvidia.com> Cc: Evgeny Baskakov <ebaskakov(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/hmm.h | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff -puN include/linux/hmm.h~mm-hmm-fix-header-file-if-else-endif-maze-v2 include/linux/hmm.h --- a/include/linux/hmm.h~mm-hmm-fix-header-file-if-else-endif-maze-v2 +++ a/include/linux/hmm.h @@ -498,23 +498,16 @@ struct hmm_device { struct hmm_device *hmm_device_new(void *drvdata); void hmm_device_put(struct hmm_device *hmm_device); #endif /* CONFIG_DEVICE_PRIVATE || CONFIG_DEVICE_PUBLIC */ -#endif /* IS_ENABLED(CONFIG_HMM) */ /* Below are for HMM internal use only! Not to be used by device driver! */ -#if IS_ENABLED(CONFIG_HMM_MIRROR) void hmm_mm_destroy(struct mm_struct *mm); static inline void hmm_mm_init(struct mm_struct *mm) { mm->hmm = NULL; } -#else /* IS_ENABLED(CONFIG_HMM_MIRROR) */ -static inline void hmm_mm_destroy(struct mm_struct *mm) {} -static inline void hmm_mm_init(struct mm_struct *mm) {} -#endif /* IS_ENABLED(CONFIG_HMM_MIRROR) */ - - #else /* IS_ENABLED(CONFIG_HMM) */ static inline void hmm_mm_destroy(struct mm_struct *mm) {} static inline void hmm_mm_init(struct mm_struct *mm) {} +#endif /* IS_ENABLED(CONFIG_HMM) */ #endif /* LINUX_HMM_H */ _ Patches currently in -mm which might be from jglisse(a)redhat.com are

7 years, 5 months

1
0
0 0

Re: [patch net] devlink: convert occ_get op to separate registration

by Sasha Levin

Hi, [This is an automated email] This commit has been processed because it contains a "Fixes:" tag, fixing commit: d9f9b9a4d05f devlink: Add support for resource abstraction. The bot has tested the following trees: v4.16.1. v4.16.1: Failed to apply! Possible dependencies: 37923ed6b8ce ("netdevsim: Add simple FIB resource controller via devlink") 3ed898e8cd05 ("mlxsw: spectrum_kvdl: Make some functions static") 4f4bbf7c4e3d ("devlink: Perform cleanup of resource_set cb") 51d3c08e3371 ("mlxsw: spectrum_kvdl: Add support for linear division resources") 7f47b19bd744 ("mlxsw: spectrum_kvdl: Add support for per part occupancy") 88d2fbcda145 ("mlxsw: spectrum: Pass mlxsw_core as arg of mlxsw_sp_kvdl_resources_register()") c8276dd250e9 ("mlxsw: spectrum_kvdl: Fix handling of resource_size_param") f9b9120119ca ("mlxsw: Constify devlink_resource_ops") -- Thanks, Sasha

7 years, 5 months

4
8
0 0

[PATCH 4.15 000/168] 4.15.17-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.15.17 release. There are 168 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Apr 12 21:27:22 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.15.17-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.15.17-rc1 Moshe Shemesh <moshe(a)mellanox.com> net/mlx4_core: Fix memory leak while delete slave's resources Jason Wang <jasowang(a)redhat.com> vhost_net: add missing lock nesting notation Xin Long <lucien.xin(a)gmail.com> team: move dev_mc_sync after master_upper_dev_link in team_port_add Xin Long <lucien.xin(a)gmail.com> route: check sysctl_fib_multipath_use_neigh earlier than hash Jason Wang <jasowang(a)redhat.com> vhost: validate log when IOTLB is enabled Roi Dayan <roid(a)mellanox.com> net/mlx5e: Fix traffic being dropped on VF representor Eran Ben Elisha <eranbe(a)mellanox.com> net/mlx4_en: Fix mixed PFC and Global pause user control requests Dave Watson <davejwatson(a)fb.com> strparser: Fix sign of err codes Davide Caratti <dcaratti(a)redhat.com> net/sched: fix NULL dereference on the error path of tcf_skbmod_init() Davide Caratti <dcaratti(a)redhat.com> net/sched: fix NULL dereference in the error path of tunnel_key_init() Shahar Klein <shahark(a)mellanox.com> net/mlx5e: Sync netdev vxlan ports at open Jianbo Liu <jianbol(a)mellanox.com> net/mlx5e: Don't override vport admin link state in switchdev mode David Lebrun <dlebrun(a)google.com> ipv6: sr: fix seg6 encap performances with TSO enabled Dirk van der Merwe <dirk.vandermerwe(a)netronome.com> nfp: use full 40 bits of the NSP buffer address Davide Caratti <dcaratti(a)redhat.com> net/sched: fix NULL dereference in the error path of tcf_sample_init() Jianbo Liu <jianbol(a)mellanox.com> net/mlx5e: Fix memory usage issues in offloading TC flows Or Gerlitz <ogerlitz(a)mellanox.com> net/mlx5e: Avoid using the ipv6 stub in the TC offload neigh update path Davide Caratti <dcaratti(a)redhat.com> net/sched: fix NULL dereference in the error path of tcf_vlan_init() Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: fix a missing idr_remove() in u32_delete_key() Tal Gilboa <talgi(a)mellanox.com> net/mlx5e: Set EQE based as default TX interrupt moderation mode Eric Dumazet <edumazet(a)google.com> vti6: better validate user provided tunnel names Eric Dumazet <edumazet(a)google.com> ip6_tunnel: better validate user provided tunnel names Eric Dumazet <edumazet(a)google.com> ip6_gre: better validate user provided tunnel names Eric Dumazet <edumazet(a)google.com> ipv6: sit: better validate user provided tunnel names Eric Dumazet <edumazet(a)google.com> ip_tunnel: better validate user provided tunnel names Eric Dumazet <edumazet(a)google.com> net: fool proof dev_valid_name() Xin Long <lucien.xin(a)gmail.com> bonding: process the err returned by dev_set_allmulti properly in bond_enslave Xin Long <lucien.xin(a)gmail.com> bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave Xin Long <lucien.xin(a)gmail.com> bonding: fix the err path for dev hwaddr sync in bond_enslave David Ahern <dsahern(a)gmail.com> vrf: Fix use after free and double free in vrf_finish_output Hangbin Liu <liuhangbin(a)gmail.com> vlan: also check phy_driver ts_info for vlan's real device Jason Wang <jasowang(a)redhat.com> vhost: correctly remove wait queue during poll failure Kai-Heng Feng <kai.heng.feng(a)canonical.com> sky2: Increase D3 delay to sky2 stops working after suspend Eric Dumazet <edumazet(a)google.com> sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 Eric Dumazet <edumazet(a)google.com> sctp: do not leak kernel memory to user space Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix setting driver_data after register_netdev Eric Dumazet <edumazet(a)google.com> pptp: remove a buggy dst release in pptp_connect() Davide Caratti <dcaratti(a)redhat.com> net/sched: fix NULL dereference in the error path of tcf_bpf_init() Craig Dillabaugh <cdillaba(a)mojatatu.com> net sched actions: fix dumping which requires several messages to user space Moshe Shemesh <moshe(a)mellanox.com> net/mlx5e: Verify coalescing parameters in range Alexander Potapenko <glider(a)google.com> netlink: make sure nladdr has correct size in netlink_connect() Jeff Barnhill <0xeffeff(a)gmail.com> net/ipv6: Increment OUTxxx counters after netfilter hook David Ahern <dsahern(a)gmail.com> net/ipv6: Fix route leaking between VRFs Eric Dumazet <edumazet(a)google.com> net: fix possible out-of-bound read in skb_network_protocol() Andrew Lunn <andrew(a)lunn.ch> net: dsa: Discard frames from unused ports Raghuram Chary J <raghuramchary.jallipalli(a)microchip.com> lan78xx: Crash in lan78xx_writ_reg (Workqueue: events lan78xx_deferred_multicast_write) Paolo Abeni <pabeni(a)redhat.com> ipv6: the entire IPv6 header chain must fit the first fragment Miguel Fadon Perlines <mfadon(a)teldat.com> arp: fix arp_filter on l3slave devices Borislav Petkov <bp(a)suse.de> x86/microcode: Fix CPU synchronization routine Borislav Petkov <bp(a)suse.de> x86/microcode: Attempt late loading only when new microcode is present Ashok Raj <ashok.raj(a)intel.com> x86/microcode: Synchronize late microcode loading Borislav Petkov <bp(a)suse.de> x86/microcode: Request microcode on the BSP Borislav Petkov <bp(a)suse.de> x86/microcode/intel: Look into the patch cache first Ashok Raj <ashok.raj(a)intel.com> x86/microcode: Do not upload microcode if CPUs are offline Ashok Raj <ashok.raj(a)intel.com> x86/microcode/intel: Writeback and invalidate caches before updating microcode Ashok Raj <ashok.raj(a)intel.com> x86/microcode/intel: Check microcode revision before updating sibling threads Borislav Petkov <bp(a)suse.de> x86/microcode: Get rid of struct apply_microcode_ctx Borislav Petkov <bp(a)suse.de> x86/CPU: Check CPU feature bits after microcode upgrade Borislav Petkov <bp(a)suse.de> x86/CPU: Add a microcode loader callback Borislav Petkov <bp(a)suse.de> x86/microcode: Propagate return value from updating functions Rodrigo Vivi <rodrigo.vivi(a)intel.com> drm/i915/cnp: Properly handle VBT ddc pin out of bounds. Rodrigo Vivi <rodrigo.vivi(a)intel.com> drm/i915/cnp: Ignore VBT request for know invalid DDC pin. Alexey Khoroshilov <khoroshilov(a)ispras.ru> thermal: int3400_thermal: fix error handling in int3400_thermal_probe() Mike Christie <mchristi(a)redhat.com> tcmu: release blocks for partially setup cmds Jiri Olsa <jolsa(a)kernel.org> perf tools: Fix copyfile_offset update of output offset Arnd Bergmann <arnd(a)arndb.de> crypto: aes-generic - build with -Os on gcc-7+ Miquel Raynal <miquel.raynal(a)free-electrons.com> mtd: mtd_oobtest: Handle bitflips during reads Hans de Goede <hdegoede(a)redhat.com> Input: goodix - disable IRQs while suspended Nathan Fontenot <nfont(a)linux.vnet.ibm.com> ibmvnic: Don't handle RX interrupts when not up. Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> sdhci: Advertise 2.0v supply on SDIO host controller Jiri Bohac <jbohac(a)suse.cz> x86/gart: Exclude GART aperture from vmcore Wei Yongjun <weiyongjun1(a)huawei.com> gpio: thunderx: fix error return code in thunderx_gpio_probe() Parav Pandit <parav(a)mellanox.com> RDMA/cma: Fix rdma_cm path querying for RoCE Shivasharan S <shivasharan.srikanteshwara(a)broadcom.com> scsi: megaraid_sas: unload flag should be set after scsi_remove_host is called Shivasharan S <shivasharan.srikanteshwara(a)broadcom.com> scsi: megaraid_sas: Error handling for invalid ldcount provided by firmware in RAID map Ulf Hansson <ulf.hansson(a)linaro.org> PM / domains: Don't skip driver's ->suspend|resume_noirq() callbacks Arjun Vynipadath <arjun(a)chelsio.com> cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages Yintian Tao <yttao(a)amd.com> drm/amd/powerplay: fix memory leakage when reload (v2) Jacob Keller <jacob.e.keller(a)intel.com> i40evf: don't rely on netif_running() outside rtnl_lock() Stefan Wahren <stefan.wahren(a)i2se.com> Bluetooth: hci_bcm: Make shutdown and device wake GPIO optional Ronald Tschalär <ronald(a)innovation.ch> Bluetooth: hci_bcm: Validate IRQ before using it Lukas Wunner <lukas(a)wunner.de> Bluetooth: hci_bcm: Mandate presence of shutdown and device wake GPIO Stephen Hemminger <stephen(a)networkplumber.org> uio_hv_generic: check that host supports monitor page Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> EDAC, mv64x60: Fix an error handling path Hans de Goede <hdegoede(a)redhat.com> serdev: Fix serdev_uevent failure on ACPI enumerated serdev-controllers Paolo Valente <paolo.valente(a)linaro.org> block, bfq: put async queues for root bfq groups too Tony Lindgren <tony(a)atomide.com> tty: n_gsm: Allow ADM response in addition to UA for control dlci Ming Lei <ming.lei(a)redhat.com> blk-mq: fix kernel oops in blk_mq_tag_idle() Feras Daoud <ferasda(a)mellanox.com> net/mlx5e: IPoIB, Use correct timestamp in child receive flow chenxiang <chenxiang66(a)hisilicon.com> scsi: libsas: initialize sas_phy status according to response of DISCOVER Jason Yan <yanaijie(a)huawei.com> scsi: libsas: fix error when getting phy events Jason Yan <yanaijie(a)huawei.com> scsi: libsas: fix memory leak in sas_smp_get_phy_events() Gal Pressman <galp(a)mellanox.com> net: Fix netdev_WARN_ONCE macro Jason Yan <yanaijie(a)huawei.com> scsi: libsas: Use dynamic alloced work to avoid sas event lost Tang Junhui <tang.junhui(a)zte.com.cn> bcache: segregate flash only volume write streams Tang Junhui <tang.junhui(a)zte.com.cn> bcache: stop writeback thread after detaching Rui Hua <huarui.dev(a)gmail.com> bcache: ret IOERR when read meets metadata error Fuyun Liang <liangfuyun1(a)huawei.com> net: hns3: fix for changing MTU Jian Shen <shenjian15(a)huawei.com> net: hns3: Fix an error macro definition of HNS3_TQP_STAT Jian Shen <shenjian15(a)huawei.com> net: hns3: Fix a loop index error of tqp statistics query Jian Shen <shenjian15(a)huawei.com> net: hns3: Fix an error of total drop packet statistics Daniel Jurgens <danielj(a)mellanox.com> net/mlx5: Fix race for multiple RoCE enable Colin Ian King <colin.king(a)canonical.com> wl1251: check return from call to wl1251_acx_arp_ip_filter Stanislaw Gruszka <sgruszka(a)redhat.com> rt2x00: do not pause queue unconditionally on error path Hans de Goede <hdegoede(a)redhat.com> power: supply: axp288_charger: Properly stop work on probe-error / remove Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ASoC: Intel: sst: Fix the return value of 'sst_send_byte_stream_mrfld()' NeilBrown <neilb(a)suse.com> staging: lustre: disable preempt while sampling processor id. Jin Yao <yao.jin(a)linux.intel.com> perf report: Fix a no annotate browser displayed issue Javier Martinez Canillas <javierm(a)redhat.com> tpm: return a TPM_RC_COMMAND_CODE response if command is not implemented James Smart <jsmart2021(a)gmail.com> nvme_fcloop: fix abort race condition James Smart <jsmart2021(a)gmail.com> nvme_fcloop: disassocate local port structs Hans de Goede <hdegoede(a)redhat.com> pinctrl: baytrail: Enable glitch filter for GPIOs used as interrupts Christoph Hellwig <hch(a)lst.de> nvme-fabrics: don't check for non-NULL module in nvmf_register_transport Roy Shterman <roys(a)lightbitslabs.com> nvme-fabrics: protect against module unload during create_ctrl Robert Jarzmik <robert.jarzmik(a)free.fr> backlight: tdo24m: Fix the SPI CS between transfers Ming Lei <ming.lei(a)redhat.com> blk-mq: fix race between updating nr_hw_queues and switching io sched Ming Lei <ming.lei(a)redhat.com> blk-mq: avoid to map CPU into stale hw queue Mike Marciniszyn <mike.marciniszyn(a)intel.com> IB/rdmavt: Allocate CQ memory on the correct node Gautham R. Shenoy <ego(a)linux.vnet.ibm.com> powernv-cpufreq: Add helper to extract pstate from PMSR Catalin Marinas <catalin.marinas(a)arm.com> arm64: asid: Do not replace active_asids if already 0 Linus Walleij <linus.walleij(a)linaro.org> gpio: label descriptors using the device name Christian Lamparter <chunkeey(a)gmail.com> crypto: crypto4xx - perform aead icv check in the driver Pieter \"PoroCYon\" Sluys <pcy(a)national.shitposting.agency> vfb: fix video mode and line_length being set when loaded Peter Große <pegro(a)friiks.de> mac80211: Fix setting TX power on monitor interfaces Geert Uytterhoeven <geert+renesas(a)glider.be> ACPI: EC: Fix debugfs_create_*() usage Shanker Donthineni <shankerd(a)codeaurora.org> irqchip/gic-v3: Fix the driver probe() fail due to disabled GICC entry Wei Yongjun <weiyongjun1(a)huawei.com> irqchip/ompic: fix return value check in ompic_of_init() Chaitra P B <chaitra.basappa(a)broadcom.com> scsi: mpt3sas: Proper handling of set/clear of "ATA command pending" flag. Rafael David Tinoco <rafael.tinoco(a)canonical.com> scsi: libiscsi: Allow sd_shutdown on bad transport oulijun <oulijun(a)huawei.com> RDMA/hns: Update the usage of sr_max and rr_max field Geert Uytterhoeven <geert+renesas(a)glider.be> spi: sh-msiof: Fix timeout failures for TX-only DMA transfers Alex Estrin <alex.estrin(a)intel.com> IB/ipoib: Fix for notify send CQ failure messages Archit Taneja <architt(a)codeaurora.org> drm/msm: Fix NULL deref in adreno_load_gpu Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: cht_bsw_rt5645: Analog Mic support Pardha Saradhi K <pardha.saradhi.kesapragada(a)intel.com> ASoC: Intel: Skylake: Disable clock gating during firmware and library download Mauro Carvalho Chehab <mchehab(a)kernel.org> media: videobuf2-core: don't go out of the buffer range Jernej Škrabec <jernej.skrabec(a)siol.net> clk: sunxi-ng: a83t: Add M divider to TCON1 clock Chao Yu <yuchao0(a)huawei.com> f2fs: fix lock dependency in between dio_rwsem & i_mmap_sem Maciej Purski <m.purski(a)samsung.com> hwmon: (ina2xx) Make calibration register value fixed Leon Romanovsky <leonro(a)mellanox.com> RDMA/cma: Mark end of CMA ID messages Geert Uytterhoeven <geert(a)linux-m68k.org> thermal/drivers/hisi: Remove bogus const from function return type Sowmini Varadhan <sowmini.varadhan(a)oracle.com> selftests/net: fix bugs in address and port initialization Nogah Frankel <nogahf(a)mellanox.com> net_sch: red: Fix the new offload indication Vladimir Zapolskiy <vz(a)mleia.com> gpiolib: don't dereference a desc before validation Gustavo A. R. Silva <garsilva(a)embeddedor.com> PM / devfreq: Fix potential NULL pointer dereference in governor_store Jerome Brunet <jbrunet(a)baylibre.com> clk: divider: fix incorrect usage of container_of Oleksij Rempel <o.rempel(a)pengutronix.de> watchdog: dw_wdt: add stop watchdog operation NeilBrown <neilb(a)suse.com> VFS: close race between getcwd() and d_move() Maor Gottlieb <maorg(a)mellanox.com> IB/mlx5: Report inner RSS capability Moni Shoua <monis(a)mellanox.com> net/mlx4_en: Change default QoS settings Hans de Goede <hdegoede(a)redhat.com> ACPI / video: Default lcd_only to true on Win8-ready and newer machines Sowmini Varadhan <sowmini.varadhan(a)oracle.com> rds; Reset rs->rs_bound_addr in rds_add_bound() failure path Hangbin Liu <liuhangbin(a)gmail.com> l2tp: fix missing print session offset info Fuyun Liang <liangfuyun1(a)huawei.com> net: hns3: add Asym Pause support to phy default features Fuyun Liang <liangfuyun1(a)huawei.com> net: hns3: fix for getting auto-negotiation state in hclge_get_autoneg Peng Li <lipeng321(a)huawei.com> net: hns3: free the ring_data structrue when change tqps Mengting Zhang <zhangmengting(a)huawei.com> perf evsel: Enable ignore_missing_thread for pid option Jiri Olsa <jolsa(a)kernel.org> perf evsel: Fix swap for samples with raw data Masami Hiramatsu <mhiramat(a)kernel.org> perf probe: Add warning message if there is unexpected event name Masami Hiramatsu <mhiramat(a)kernel.org> perf probe: Find versioned symbols from map Yi Zeng <yizeng(a)asrmicro.com> thermal: power_allocator: fix one race condition issue for thermal_instances list Tobias Brunner <tobias(a)strongswan.org> ipv6: Reinject IPv6 packets if IPsec policy matches after SNAT Ioan Moldovan <ioan.moldovan1999(a)gmail.com> Bluetooth: Add a new 04ca:3015 QCA_ROME device Rasmus Villemoes <rasmus.villemoes(a)prevas.dk> ARM: dts: ls1021a: add "fsl,ls1021a-esdhc" compatible string to esdhc node Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> clk: meson: mpll: use 64-bit maths in params_from_rate Tatyana Nikolova <tatyana.e.nikolova(a)intel.com> i40iw: Validate correct IRD/ORD connection parameters Shiraz Saleem <shiraz.saleem(a)intel.com> i40iw: Correct Q1/XF object count equation Shiraz Saleem <shiraz.saleem(a)intel.com> i40iw: Fix sequence number for the first partial FPDU ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/ls1021a.dtsi | 2 +- arch/arm64/mm/context.c | 19 ++- arch/x86/include/asm/microcode.h | 10 +- arch/x86/include/asm/processor.h | 1 + arch/x86/kernel/aperture_64.c | 46 +++++- arch/x86/kernel/cpu/common.c | 30 ++++ arch/x86/kernel/cpu/microcode/amd.c | 44 +++-- arch/x86/kernel/cpu/microcode/core.c | 181 ++++++++++++++++----- arch/x86/kernel/cpu/microcode/intel.c | 62 +++++-- arch/x86/xen/mmu_hvm.c | 2 +- block/bfq-cgroup.c | 7 +- block/blk-mq.c | 29 +++- crypto/Makefile | 1 + drivers/acpi/acpi_video.c | 14 +- drivers/acpi/ec.c | 2 +- drivers/acpi/ec_sys.c | 2 +- drivers/acpi/internal.h | 2 +- drivers/base/power/domain.c | 30 ++-- drivers/bluetooth/btusb.c | 1 + drivers/bluetooth/hci_bcm.c | 25 ++- drivers/char/tpm/tpm-interface.c | 28 +++- drivers/char/tpm/tpm.h | 5 + drivers/clk/clk-divider.c | 7 +- drivers/clk/hisilicon/clkdivider-hi6220.c | 2 +- drivers/clk/meson/clk-mpll.c | 2 +- drivers/clk/nxp/clk-lpc32xx.c | 2 +- drivers/clk/qcom/clk-regmap-divider.c | 2 +- drivers/clk/sunxi-ng/ccu-sun8i-a83t.c | 4 +- drivers/clk/sunxi-ng/ccu_div.c | 2 +- drivers/cpufreq/powernv-cpufreq.c | 37 +++-- drivers/crypto/amcc/crypto4xx_alg.c | 6 +- drivers/crypto/amcc/crypto4xx_core.c | 54 +++--- drivers/devfreq/devfreq.c | 3 +- drivers/edac/mv64x60_edac.c | 2 +- drivers/gpio/gpio-thunderx.c | 4 +- drivers/gpio/gpiolib.c | 6 +- drivers/gpu/drm/amd/powerplay/smumgr/smu7_smumgr.c | 6 + drivers/gpu/drm/i915/intel_bios.c | 12 +- drivers/gpu/drm/msm/adreno/adreno_device.c | 7 +- drivers/gpu/drm/msm/dsi/pll/dsi_pll_14nm.c | 2 +- drivers/hwmon/ina2xx.c | 87 +++++----- drivers/infiniband/core/cma.c | 1 + drivers/infiniband/core/ucma.c | 7 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 27 +-- drivers/infiniband/hw/i40iw/i40iw_cm.c | 5 +- drivers/infiniband/hw/i40iw/i40iw_ctrl.c | 6 +- drivers/infiniband/hw/i40iw/i40iw_d.h | 1 + drivers/infiniband/hw/i40iw/i40iw_puda.c | 2 +- drivers/infiniband/hw/mlx5/main.c | 3 +- drivers/infiniband/sw/rdmavt/cq.c | 10 +- drivers/infiniband/ulp/ipoib/ipoib_cm.c | 10 +- drivers/infiniband/ulp/ipoib/ipoib_ib.c | 2 +- drivers/input/touchscreen/goodix.c | 8 +- drivers/irqchip/irq-gic-v3.c | 11 ++ drivers/irqchip/irq-ompic.c | 4 +- drivers/md/bcache/alloc.c | 19 ++- drivers/md/bcache/request.c | 22 +++ drivers/md/bcache/super.c | 6 + drivers/media/v4l2-core/videobuf2-core.c | 4 + drivers/mmc/host/sdhci-pci-core.c | 2 + drivers/mmc/host/sdhci.c | 7 + drivers/mtd/tests/oobtest.c | 21 +++ drivers/net/bonding/bond_main.c | 73 +++++---- drivers/net/ethernet/chelsio/cxgb4vf/sge.c | 23 ++- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 + .../ethernet/hisilicon/hns3/hns3pf/hclge_mdio.c | 1 + .../net/ethernet/hisilicon/hns3/hns3pf/hns3_enet.c | 17 +- .../ethernet/hisilicon/hns3/hns3pf/hns3_ethtool.c | 13 +- drivers/net/ethernet/ibm/ibmvnic.c | 6 + drivers/net/ethernet/intel/i40evf/i40evf_main.c | 20 ++- drivers/net/ethernet/marvell/sky2.c | 2 +- drivers/net/ethernet/mellanox/mlx4/en_dcb_nl.c | 77 +++++---- drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 33 ++-- drivers/net/ethernet/mellanox/mlx4/en_main.c | 4 +- drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 7 + drivers/net/ethernet/mellanox/mlx4/mlx4_en.h | 1 + .../net/ethernet/mellanox/mlx4/resource_tracker.c | 1 + .../net/ethernet/mellanox/mlx5/core/en_ethtool.c | 17 ++ drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 17 +- drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 26 +-- drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 7 +- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 18 +- drivers/net/ethernet/mellanox/mlx5/core/vport.c | 33 +++- .../net/ethernet/netronome/nfp/nfpcore/nfp_nsp.c | 9 +- drivers/net/ethernet/realtek/r8169.c | 4 +- drivers/net/ppp/pptp.c | 1 - drivers/net/team/team.c | 12 +- drivers/net/usb/lan78xx.c | 23 ++- drivers/net/vrf.c | 5 +- drivers/net/wireless/ralink/rt2x00/rt2x00mac.c | 22 ++- drivers/net/wireless/ti/wl1251/main.c | 3 +- drivers/nvme/host/fabrics.c | 15 +- drivers/nvme/host/fabrics.h | 2 + drivers/nvme/host/fc.c | 1 + drivers/nvme/host/rdma.c | 1 + drivers/nvme/target/fcloop.c | 47 ++++-- drivers/nvme/target/loop.c | 1 + drivers/pinctrl/intel/pinctrl-baytrail.c | 6 + drivers/power/supply/axp288_charger.c | 13 ++ drivers/rtc/rtc-ac100.c | 6 +- drivers/scsi/libiscsi.c | 24 ++- drivers/scsi/libsas/sas_event.c | 74 +++++++-- drivers/scsi/libsas/sas_expander.c | 4 +- drivers/scsi/libsas/sas_init.c | 27 ++- drivers/scsi/libsas/sas_internal.h | 6 + drivers/scsi/libsas/sas_phy.c | 44 +---- drivers/scsi/libsas/sas_port.c | 18 +- drivers/scsi/megaraid/megaraid_sas_base.c | 2 +- drivers/scsi/megaraid/megaraid_sas_fp.c | 16 +- drivers/scsi/mpt3sas/mpt3sas_scsih.c | 28 ++-- drivers/spi/spi-sh-msiof.c | 12 +- .../staging/lustre/lnet/libcfs/linux/linux-cpu.c | 13 +- drivers/target/target_core_user.c | 7 + drivers/thermal/hisi_thermal.c | 2 +- drivers/thermal/int340x_thermal/int3400_thermal.c | 10 +- drivers/thermal/power_allocator.c | 2 + drivers/tty/n_gsm.c | 17 +- drivers/tty/serdev/core.c | 5 + drivers/uio/uio_hv_generic.c | 7 + drivers/vhost/net.c | 4 +- drivers/vhost/vhost.c | 17 +- drivers/video/backlight/corgi_lcd.c | 2 +- drivers/video/backlight/tdo24m.c | 2 +- drivers/video/backlight/tosa_lcd.c | 2 +- drivers/video/fbdev/vfb.c | 17 ++ drivers/watchdog/dw_wdt.c | 18 +- fs/dcache.c | 23 ++- fs/f2fs/file.c | 20 +-- include/linux/clk-provider.h | 2 +- include/linux/mlx5/driver.h | 2 +- include/linux/netdevice.h | 4 +- include/scsi/libsas.h | 17 +- include/uapi/rdma/mlx5-abi.h | 2 +- net/8021q/vlan_dev.c | 6 +- net/core/dev.c | 4 +- net/dsa/dsa_priv.h | 8 +- net/ipv4/arp.c | 2 +- net/ipv4/fib_semantics.c | 20 ++- net/ipv4/ip_tunnel.c | 11 +- net/ipv6/ip6_gre.c | 8 +- net/ipv6/ip6_output.c | 28 +++- net/ipv6/ip6_tunnel.c | 11 +- net/ipv6/ip6_vti.c | 7 +- net/ipv6/route.c | 3 + net/ipv6/seg6_iptunnel.c | 16 +- net/ipv6/sit.c | 8 +- net/l2tp/l2tp_netlink.c | 2 + net/mac80211/cfg.c | 28 +++- net/mac80211/driver-ops.h | 3 +- net/netlink/af_netlink.c | 3 + net/rds/bind.c | 1 + net/sched/act_api.c | 4 +- net/sched/act_bpf.c | 12 +- net/sched/act_sample.c | 3 +- net/sched/act_skbmod.c | 3 +- net/sched/act_tunnel_key.c | 9 +- net/sched/act_vlan.c | 3 +- net/sched/cls_u32.c | 1 + net/sched/sch_red.c | 26 +-- net/sctp/ipv6.c | 4 +- net/sctp/socket.c | 13 +- net/strparser/strparser.c | 4 +- sound/soc/intel/atom/sst/sst_stream.c | 2 +- sound/soc/intel/boards/cht_bsw_rt5645.c | 7 + sound/soc/intel/skylake/skl-messages.c | 4 + sound/soc/intel/skylake/skl-pcm.c | 4 + tools/perf/arch/powerpc/util/sym-handling.c | 8 + tools/perf/builtin-record.c | 4 +- tools/perf/builtin-report.c | 18 +- tools/perf/util/evsel.c | 67 +++++++- tools/perf/util/probe-event.c | 28 +++- tools/perf/util/python-ext-sources | 1 + tools/perf/util/symbol.c | 5 + tools/perf/util/symbol.h | 1 + tools/perf/util/util.c | 2 +- tools/testing/selftests/net/msg_zerocopy.c | 21 ++- 177 files changed, 1711 insertions(+), 705 deletions(-)

7 years, 5 months

5
166
0 0

+ mm-slab-reschedule-cache_reap-on-the-same-cpu.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: mm, slab: reschedule cache_reap() on the same CPU has been added to the -mm tree. Its filename is mm-slab-reschedule-cache_reap-on-the-same-cpu.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/mm-slab-reschedule-cache_reap-on-t… and later at http://ozlabs.org/~akpm/mmotm/broken-out/mm-slab-reschedule-cache_reap-on-t… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Vlastimil Babka <vbabka(a)suse.cz> Subject: mm, slab: reschedule cache_reap() on the same CPU cache_reap() is initially scheduled in start_cpu_timer() via schedule_delayed_work_on(). But then the next iterations are scheduled via schedule_delayed_work(), i.e. using WORK_CPU_UNBOUND. Thus since commit ef557180447f ("workqueue: schedule WORK_CPU_UNBOUND work on wq_unbound_cpumask CPUs") there is no guarantee the future iterations will run on the originally intended cpu, although it's still preferred. I was able to demonstrate this with /sys/module/workqueue/parameters/debug_force_rr_cpu. IIUC, it may also happen due to migrating timers in nohz context. As a result, some cpu's would be calling cache_reap() more frequently and others never. This patch uses schedule_delayed_work_on() with the current cpu when scheduling the next iteration. Link: http://lkml.kernel.org/r/20180411070007.32225-1-vbabka@suse.cz Fixes: ef557180447f ("workqueue: schedule WORK_CPU_UNBOUND work on wq_unbound_cpumask CPUs") Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> Acked-by: Pekka Enberg <penberg(a)kernel.org> Acked-by: Christoph Lameter <cl(a)linux.com> Cc: Joonsoo Kim <iamjoonsoo.kim(a)lge.com> Cc: David Rientjes <rientjes(a)google.com> Cc: Tejun Heo <tj(a)kernel.org> Cc: Lai Jiangshan <jiangshanlai(a)gmail.com> Cc: John Stultz <john.stultz(a)linaro.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Stephen Boyd <sboyd(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/slab.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff -puN mm/slab.c~mm-slab-reschedule-cache_reap-on-the-same-cpu mm/slab.c --- a/mm/slab.c~mm-slab-reschedule-cache_reap-on-the-same-cpu +++ a/mm/slab.c @@ -4086,7 +4086,8 @@ next: next_reap_node(); out: /* Set up the next iteration */ - schedule_delayed_work(work, round_jiffies_relative(REAPTIMEOUT_AC)); + schedule_delayed_work_on(smp_processor_id(), work, + round_jiffies_relative(REAPTIMEOUT_AC)); } void get_slabinfo(struct kmem_cache *cachep, struct slabinfo *sinfo) _ Patches currently in -mm which might be from vbabka(a)suse.cz are mm-slab-reschedule-cache_reap-on-the-same-cpu.patch

7 years, 5 months

1
0
0 0

[PATCH 4.14 000/138] 4.14.34-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.14.34 release. There are 138 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu Apr 12 21:28:20 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.14.34-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.14.34-rc1 Moshe Shemesh <moshe(a)mellanox.com> net/mlx4_core: Fix memory leak while delete slave's resources Jason Wang <jasowang(a)redhat.com> vhost_net: add missing lock nesting notation Xin Long <lucien.xin(a)gmail.com> team: move dev_mc_sync after master_upper_dev_link in team_port_add Xin Long <lucien.xin(a)gmail.com> route: check sysctl_fib_multipath_use_neigh earlier than hash Jason Wang <jasowang(a)redhat.com> vhost: validate log when IOTLB is enabled Roi Dayan <roid(a)mellanox.com> net/mlx5e: Fix traffic being dropped on VF representor Eran Ben Elisha <eranbe(a)mellanox.com> net/mlx4_en: Fix mixed PFC and Global pause user control requests Dave Watson <davejwatson(a)fb.com> strparser: Fix sign of err codes Davide Caratti <dcaratti(a)redhat.com> net/sched: fix NULL dereference on the error path of tcf_skbmod_init() Davide Caratti <dcaratti(a)redhat.com> net/sched: fix NULL dereference in the error path of tunnel_key_init() Shahar Klein <shahark(a)mellanox.com> net/mlx5e: Sync netdev vxlan ports at open Jianbo Liu <jianbol(a)mellanox.com> net/mlx5e: Don't override vport admin link state in switchdev mode David Lebrun <dlebrun(a)google.com> ipv6: sr: fix seg6 encap performances with TSO enabled Dirk van der Merwe <dirk.vandermerwe(a)netronome.com> nfp: use full 40 bits of the NSP buffer address Jianbo Liu <jianbol(a)mellanox.com> net/mlx5e: Fix memory usage issues in offloading TC flows Or Gerlitz <ogerlitz(a)mellanox.com> net/mlx5e: Avoid using the ipv6 stub in the TC offload neigh update path Eric Dumazet <edumazet(a)google.com> vti6: better validate user provided tunnel names Eric Dumazet <edumazet(a)google.com> ip6_tunnel: better validate user provided tunnel names Eric Dumazet <edumazet(a)google.com> ip6_gre: better validate user provided tunnel names Eric Dumazet <edumazet(a)google.com> ipv6: sit: better validate user provided tunnel names Eric Dumazet <edumazet(a)google.com> ip_tunnel: better validate user provided tunnel names Eric Dumazet <edumazet(a)google.com> net: fool proof dev_valid_name() Xin Long <lucien.xin(a)gmail.com> bonding: process the err returned by dev_set_allmulti properly in bond_enslave Xin Long <lucien.xin(a)gmail.com> bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave Xin Long <lucien.xin(a)gmail.com> bonding: fix the err path for dev hwaddr sync in bond_enslave David Ahern <dsahern(a)gmail.com> vrf: Fix use after free and double free in vrf_finish_output Hangbin Liu <liuhangbin(a)gmail.com> vlan: also check phy_driver ts_info for vlan's real device Jason Wang <jasowang(a)redhat.com> vhost: correctly remove wait queue during poll failure Kai-Heng Feng <kai.heng.feng(a)canonical.com> sky2: Increase D3 delay to sky2 stops working after suspend Eric Dumazet <edumazet(a)google.com> sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 Eric Dumazet <edumazet(a)google.com> sctp: do not leak kernel memory to user space Heiner Kallweit <hkallweit1(a)gmail.com> r8169: fix setting driver_data after register_netdev Eric Dumazet <edumazet(a)google.com> pptp: remove a buggy dst release in pptp_connect() Davide Caratti <dcaratti(a)redhat.com> net/sched: fix NULL dereference in the error path of tcf_bpf_init() Craig Dillabaugh <cdillaba(a)mojatatu.com> net sched actions: fix dumping which requires several messages to user space Alexander Potapenko <glider(a)google.com> netlink: make sure nladdr has correct size in netlink_connect() Jeff Barnhill <0xeffeff(a)gmail.com> net/ipv6: Increment OUTxxx counters after netfilter hook David Ahern <dsahern(a)gmail.com> net/ipv6: Fix route leaking between VRFs Eric Dumazet <edumazet(a)google.com> net: fix possible out-of-bound read in skb_network_protocol() Raghuram Chary J <raghuramchary.jallipalli(a)microchip.com> lan78xx: Crash in lan78xx_writ_reg (Workqueue: events lan78xx_deferred_multicast_write) Paolo Abeni <pabeni(a)redhat.com> ipv6: the entire IPv6 header chain must fit the first fragment Miguel Fadon Perlines <mfadon(a)teldat.com> arp: fix arp_filter on l3slave devices Borislav Petkov <bp(a)suse.de> x86/microcode: Fix CPU synchronization routine Borislav Petkov <bp(a)suse.de> x86/microcode: Attempt late loading only when new microcode is present Ashok Raj <ashok.raj(a)intel.com> x86/microcode: Synchronize late microcode loading Borislav Petkov <bp(a)suse.de> x86/microcode: Request microcode on the BSP Borislav Petkov <bp(a)suse.de> x86/microcode/intel: Look into the patch cache first Ashok Raj <ashok.raj(a)intel.com> x86/microcode: Do not upload microcode if CPUs are offline Ashok Raj <ashok.raj(a)intel.com> x86/microcode/intel: Writeback and invalidate caches before updating microcode Ashok Raj <ashok.raj(a)intel.com> x86/microcode/intel: Check microcode revision before updating sibling threads Borislav Petkov <bp(a)suse.de> x86/microcode: Get rid of struct apply_microcode_ctx Borislav Petkov <bp(a)suse.de> x86/CPU: Check CPU feature bits after microcode upgrade Borislav Petkov <bp(a)suse.de> x86/CPU: Add a microcode loader callback Borislav Petkov <bp(a)suse.de> x86/microcode: Propagate return value from updating functions Ard Biesheuvel <ard.biesheuvel(a)linaro.org> crypto: arm64/aes-ce-cipher - move assembler code to .S file Josh Poimboeuf <jpoimboe(a)redhat.com> objtool: Add Clang support Alexey Khoroshilov <khoroshilov(a)ispras.ru> thermal: int3400_thermal: fix error handling in int3400_thermal_probe() Mike Christie <mchristi(a)redhat.com> tcmu: release blocks for partially setup cmds Jiri Olsa <jolsa(a)kernel.org> perf tools: Fix copyfile_offset update of output offset Arnd Bergmann <arnd(a)arndb.de> crypto: aes-generic - build with -Os on gcc-7+ Miquel Raynal <miquel.raynal(a)free-electrons.com> mtd: mtd_oobtest: Handle bitflips during reads Hans de Goede <hdegoede(a)redhat.com> Input: goodix - disable IRQs while suspended Nathan Fontenot <nfont(a)linux.vnet.ibm.com> ibmvnic: Don't handle RX interrupts when not up. Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> sdhci: Advertise 2.0v supply on SDIO host controller Jiri Bohac <jbohac(a)suse.cz> x86/gart: Exclude GART aperture from vmcore Wei Yongjun <weiyongjun1(a)huawei.com> gpio: thunderx: fix error return code in thunderx_gpio_probe() Parav Pandit <parav(a)mellanox.com> RDMA/cma: Fix rdma_cm path querying for RoCE Shivasharan S <shivasharan.srikanteshwara(a)broadcom.com> scsi: megaraid_sas: unload flag should be set after scsi_remove_host is called Shivasharan S <shivasharan.srikanteshwara(a)broadcom.com> scsi: megaraid_sas: Error handling for invalid ldcount provided by firmware in RAID map Arjun Vynipadath <arjun(a)chelsio.com> cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages Jacob Keller <jacob.e.keller(a)intel.com> i40evf: don't rely on netif_running() outside rtnl_lock() Stephen Hemminger <stephen(a)networkplumber.org> uio_hv_generic: check that host supports monitor page Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> EDAC, mv64x60: Fix an error handling path Paolo Valente <paolo.valente(a)linaro.org> block, bfq: put async queues for root bfq groups too Tony Lindgren <tony(a)atomide.com> tty: n_gsm: Allow ADM response in addition to UA for control dlci Ming Lei <ming.lei(a)redhat.com> blk-mq: fix kernel oops in blk_mq_tag_idle() chenxiang <chenxiang66(a)hisilicon.com> scsi: libsas: initialize sas_phy status according to response of DISCOVER Jason Yan <yanaijie(a)huawei.com> scsi: libsas: fix error when getting phy events Jason Yan <yanaijie(a)huawei.com> scsi: libsas: fix memory leak in sas_smp_get_phy_events() Tang Junhui <tang.junhui(a)zte.com.cn> bcache: segregate flash only volume write streams Tang Junhui <tang.junhui(a)zte.com.cn> bcache: stop writeback thread after detaching Rui Hua <huarui.dev(a)gmail.com> bcache: ret IOERR when read meets metadata error Fuyun Liang <liangfuyun1(a)huawei.com> net: hns3: fix for changing MTU Jian Shen <shenjian15(a)huawei.com> net: hns3: Fix an error macro definition of HNS3_TQP_STAT Jian Shen <shenjian15(a)huawei.com> net: hns3: Fix a loop index error of tqp statistics query Jian Shen <shenjian15(a)huawei.com> net: hns3: Fix an error of total drop packet statistics Daniel Jurgens <danielj(a)mellanox.com> net/mlx5: Fix race for multiple RoCE enable Colin Ian King <colin.king(a)canonical.com> wl1251: check return from call to wl1251_acx_arp_ip_filter Stanislaw Gruszka <sgruszka(a)redhat.com> rt2x00: do not pause queue unconditionally on error path Hans de Goede <hdegoede(a)redhat.com> power: supply: axp288_charger: Properly stop work on probe-error / remove Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> ASoC: Intel: sst: Fix the return value of 'sst_send_byte_stream_mrfld()' NeilBrown <neilb(a)suse.com> staging: lustre: disable preempt while sampling processor id. Jin Yao <yao.jin(a)linux.intel.com> perf report: Fix a no annotate browser displayed issue Javier Martinez Canillas <javierm(a)redhat.com> tpm: return a TPM_RC_COMMAND_CODE response if command is not implemented James Smart <jsmart2021(a)gmail.com> nvme_fcloop: fix abort race condition James Smart <jsmart2021(a)gmail.com> nvme_fcloop: disassocate local port structs Hans de Goede <hdegoede(a)redhat.com> pinctrl: baytrail: Enable glitch filter for GPIOs used as interrupts Robert Jarzmik <robert.jarzmik(a)free.fr> backlight: tdo24m: Fix the SPI CS between transfers Ming Lei <ming.lei(a)redhat.com> blk-mq: fix race between updating nr_hw_queues and switching io sched Ming Lei <ming.lei(a)redhat.com> blk-mq: avoid to map CPU into stale hw queue Mike Marciniszyn <mike.marciniszyn(a)intel.com> IB/rdmavt: Allocate CQ memory on the correct node Gautham R. Shenoy <ego(a)linux.vnet.ibm.com> powernv-cpufreq: Add helper to extract pstate from PMSR Linus Walleij <linus.walleij(a)linaro.org> gpio: label descriptors using the device name Pieter \"PoroCYon\" Sluys <pcy(a)national.shitposting.agency> vfb: fix video mode and line_length being set when loaded Peter Große <pegro(a)friiks.de> mac80211: Fix setting TX power on monitor interfaces Geert Uytterhoeven <geert+renesas(a)glider.be> ACPI: EC: Fix debugfs_create_*() usage Shanker Donthineni <shankerd(a)codeaurora.org> irqchip/gic-v3: Fix the driver probe() fail due to disabled GICC entry Chaitra P B <chaitra.basappa(a)broadcom.com> scsi: mpt3sas: Proper handling of set/clear of "ATA command pending" flag. Rafael David Tinoco <rafael.tinoco(a)canonical.com> scsi: libiscsi: Allow sd_shutdown on bad transport Geert Uytterhoeven <geert+renesas(a)glider.be> spi: sh-msiof: Fix timeout failures for TX-only DMA transfers Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: cht_bsw_rt5645: Analog Mic support Pardha Saradhi K <pardha.saradhi.kesapragada(a)intel.com> ASoC: Intel: Skylake: Disable clock gating during firmware and library download Mauro Carvalho Chehab <mchehab(a)kernel.org> media: videobuf2-core: don't go out of the buffer range Jernej Škrabec <jernej.skrabec(a)siol.net> clk: sunxi-ng: a83t: Add M divider to TCON1 clock Maciej Purski <m.purski(a)samsung.com> hwmon: (ina2xx) Make calibration register value fixed Leon Romanovsky <leonro(a)mellanox.com> RDMA/cma: Mark end of CMA ID messages Sowmini Varadhan <sowmini.varadhan(a)oracle.com> selftests/net: fix bugs in address and port initialization Gustavo A. R. Silva <garsilva(a)embeddedor.com> PM / devfreq: Fix potential NULL pointer dereference in governor_store Jerome Brunet <jbrunet(a)baylibre.com> clk: divider: fix incorrect usage of container_of Oleksij Rempel <o.rempel(a)pengutronix.de> watchdog: dw_wdt: add stop watchdog operation NeilBrown <neilb(a)suse.com> VFS: close race between getcwd() and d_move() Moni Shoua <monis(a)mellanox.com> net/mlx4_en: Change default QoS settings Hans de Goede <hdegoede(a)redhat.com> ACPI / video: Default lcd_only to true on Win8-ready and newer machines Sowmini Varadhan <sowmini.varadhan(a)oracle.com> rds; Reset rs->rs_bound_addr in rds_add_bound() failure path Hangbin Liu <liuhangbin(a)gmail.com> l2tp: fix missing print session offset info Fuyun Liang <liangfuyun1(a)huawei.com> net: hns3: fix for getting auto-negotiation state in hclge_get_autoneg Peng Li <lipeng321(a)huawei.com> net: hns3: free the ring_data structrue when change tqps Mengting Zhang <zhangmengting(a)huawei.com> perf evsel: Enable ignore_missing_thread for pid option Masami Hiramatsu <mhiramat(a)kernel.org> perf probe: Add warning message if there is unexpected event name Masami Hiramatsu <mhiramat(a)kernel.org> perf probe: Find versioned symbols from map Yi Zeng <yizeng(a)asrmicro.com> thermal: power_allocator: fix one race condition issue for thermal_instances list Tobias Brunner <tobias(a)strongswan.org> ipv6: Reinject IPv6 packets if IPsec policy matches after SNAT Ioan Moldovan <ioan.moldovan1999(a)gmail.com> Bluetooth: Add a new 04ca:3015 QCA_ROME device Rasmus Villemoes <rasmus.villemoes(a)prevas.dk> ARM: dts: ls1021a: add "fsl,ls1021a-esdhc" compatible string to esdhc node Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> clk: meson: mpll: use 64-bit maths in params_from_rate Tatyana Nikolova <tatyana.e.nikolova(a)intel.com> i40iw: Validate correct IRD/ORD connection parameters Shiraz Saleem <shiraz.saleem(a)intel.com> i40iw: Correct Q1/XF object count equation Shiraz Saleem <shiraz.saleem(a)intel.com> i40iw: Fix sequence number for the first partial FPDU ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/ls1021a.dtsi | 2 +- arch/arm64/crypto/Makefile | 2 +- arch/arm64/crypto/aes-ce-core.S | 87 ++++++++++ .../crypto/{aes-ce-cipher.c => aes-ce-glue.c} | 115 ++----------- arch/x86/include/asm/microcode.h | 10 +- arch/x86/include/asm/processor.h | 1 + arch/x86/kernel/aperture_64.c | 46 +++++- arch/x86/kernel/cpu/common.c | 30 ++++ arch/x86/kernel/cpu/microcode/amd.c | 44 +++-- arch/x86/kernel/cpu/microcode/core.c | 181 ++++++++++++++++----- arch/x86/kernel/cpu/microcode/intel.c | 62 +++++-- arch/x86/xen/mmu_hvm.c | 2 +- block/bfq-cgroup.c | 7 +- block/blk-mq.c | 29 +++- crypto/Makefile | 1 + drivers/acpi/acpi_video.c | 14 +- drivers/acpi/ec.c | 2 +- drivers/acpi/ec_sys.c | 2 +- drivers/acpi/internal.h | 2 +- drivers/bluetooth/btusb.c | 1 + drivers/char/tpm/tpm-interface.c | 28 +++- drivers/char/tpm/tpm.h | 5 + drivers/clk/clk-divider.c | 7 +- drivers/clk/hisilicon/clkdivider-hi6220.c | 2 +- drivers/clk/meson/clk-mpll.c | 2 +- drivers/clk/nxp/clk-lpc32xx.c | 2 +- drivers/clk/qcom/clk-regmap-divider.c | 2 +- drivers/clk/sunxi-ng/ccu-sun8i-a83t.c | 4 +- drivers/clk/sunxi-ng/ccu_div.c | 2 +- drivers/cpufreq/powernv-cpufreq.c | 37 +++-- drivers/devfreq/devfreq.c | 3 +- drivers/edac/mv64x60_edac.c | 2 +- drivers/gpio/gpio-thunderx.c | 4 +- drivers/gpio/gpiolib.c | 3 +- drivers/gpu/drm/msm/dsi/pll/dsi_pll_14nm.c | 2 +- drivers/hwmon/ina2xx.c | 87 +++++----- drivers/infiniband/core/cma.c | 1 + drivers/infiniband/core/ucma.c | 7 +- drivers/infiniband/hw/i40iw/i40iw_cm.c | 5 +- drivers/infiniband/hw/i40iw/i40iw_ctrl.c | 6 +- drivers/infiniband/hw/i40iw/i40iw_d.h | 1 + drivers/infiniband/hw/i40iw/i40iw_puda.c | 2 +- drivers/infiniband/sw/rdmavt/cq.c | 10 +- drivers/input/touchscreen/goodix.c | 8 +- drivers/irqchip/irq-gic-v3.c | 11 ++ drivers/md/bcache/alloc.c | 19 ++- drivers/md/bcache/request.c | 22 +++ drivers/md/bcache/super.c | 6 + drivers/media/v4l2-core/videobuf2-core.c | 4 + drivers/mmc/host/sdhci-pci-core.c | 2 + drivers/mmc/host/sdhci.c | 7 + drivers/mtd/tests/oobtest.c | 21 +++ drivers/net/bonding/bond_main.c | 73 +++++---- drivers/net/ethernet/chelsio/cxgb4vf/sge.c | 23 ++- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 + .../net/ethernet/hisilicon/hns3/hns3pf/hns3_enet.c | 17 +- .../ethernet/hisilicon/hns3/hns3pf/hns3_ethtool.c | 13 +- drivers/net/ethernet/ibm/ibmvnic.c | 6 + drivers/net/ethernet/intel/i40evf/i40evf_main.c | 20 ++- drivers/net/ethernet/marvell/sky2.c | 2 +- drivers/net/ethernet/mellanox/mlx4/en_dcb_nl.c | 77 +++++---- drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 33 ++-- drivers/net/ethernet/mellanox/mlx4/en_main.c | 4 +- drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 7 + drivers/net/ethernet/mellanox/mlx4/mlx4_en.h | 1 + .../net/ethernet/mellanox/mlx4/resource_tracker.c | 1 + drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 10 +- drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 26 +-- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 18 +- drivers/net/ethernet/mellanox/mlx5/core/vport.c | 33 +++- .../net/ethernet/netronome/nfp/nfpcore/nfp_nsp.c | 9 +- drivers/net/ethernet/realtek/r8169.c | 4 +- drivers/net/ppp/pptp.c | 1 - drivers/net/team/team.c | 12 +- drivers/net/usb/lan78xx.c | 23 ++- drivers/net/vrf.c | 5 +- drivers/net/wireless/ralink/rt2x00/rt2x00mac.c | 22 ++- drivers/net/wireless/ti/wl1251/main.c | 3 +- drivers/nvme/target/fcloop.c | 47 ++++-- drivers/pinctrl/intel/pinctrl-baytrail.c | 6 + drivers/power/supply/axp288_charger.c | 13 ++ drivers/rtc/rtc-ac100.c | 6 +- drivers/scsi/libiscsi.c | 24 ++- drivers/scsi/libsas/sas_expander.c | 4 +- drivers/scsi/megaraid/megaraid_sas_base.c | 2 +- drivers/scsi/megaraid/megaraid_sas_fp.c | 16 +- drivers/scsi/mpt3sas/mpt3sas_scsih.c | 28 ++-- drivers/spi/spi-sh-msiof.c | 12 +- .../staging/lustre/lnet/libcfs/linux/linux-cpu.c | 13 +- drivers/target/target_core_user.c | 7 + drivers/thermal/int340x_thermal/int3400_thermal.c | 10 +- drivers/thermal/power_allocator.c | 2 + drivers/tty/n_gsm.c | 17 +- drivers/uio/uio_hv_generic.c | 7 + drivers/vhost/net.c | 4 +- drivers/vhost/vhost.c | 17 +- drivers/video/backlight/corgi_lcd.c | 2 +- drivers/video/backlight/tdo24m.c | 2 +- drivers/video/backlight/tosa_lcd.c | 2 +- drivers/video/fbdev/vfb.c | 17 ++ drivers/watchdog/dw_wdt.c | 18 +- fs/dcache.c | 23 ++- include/linux/clk-provider.h | 2 +- include/linux/mlx5/driver.h | 2 +- net/8021q/vlan_dev.c | 6 +- net/core/dev.c | 4 +- net/ipv4/arp.c | 2 +- net/ipv4/fib_semantics.c | 20 ++- net/ipv4/ip_tunnel.c | 11 +- net/ipv6/ip6_gre.c | 8 +- net/ipv6/ip6_output.c | 28 +++- net/ipv6/ip6_tunnel.c | 11 +- net/ipv6/ip6_vti.c | 7 +- net/ipv6/route.c | 3 + net/ipv6/seg6_iptunnel.c | 16 +- net/ipv6/sit.c | 8 +- net/l2tp/l2tp_netlink.c | 2 + net/mac80211/cfg.c | 28 +++- net/mac80211/driver-ops.h | 3 +- net/netlink/af_netlink.c | 3 + net/rds/bind.c | 1 + net/sched/act_api.c | 4 +- net/sched/act_bpf.c | 12 +- net/sched/act_skbmod.c | 3 +- net/sched/act_tunnel_key.c | 9 +- net/sctp/ipv6.c | 4 +- net/sctp/socket.c | 13 +- net/strparser/strparser.c | 4 +- sound/soc/intel/atom/sst/sst_stream.c | 2 +- sound/soc/intel/boards/cht_bsw_rt5645.c | 7 + sound/soc/intel/skylake/skl-messages.c | 4 + sound/soc/intel/skylake/skl-pcm.c | 4 + tools/objtool/check.c | 11 ++ tools/perf/arch/powerpc/util/sym-handling.c | 8 + tools/perf/builtin-record.c | 4 +- tools/perf/builtin-report.c | 18 +- tools/perf/util/evsel.c | 47 +++++- tools/perf/util/probe-event.c | 28 +++- tools/perf/util/symbol.c | 5 + tools/perf/util/symbol.h | 1 + tools/perf/util/util.c | 2 +- tools/testing/selftests/net/msg_zerocopy.c | 21 ++- 143 files changed, 1485 insertions(+), 605 deletions(-)

7 years, 5 months

7
143
0 0

v4.15.16 build: 6 failures 2 warnings (v4.15.16)

by Build bot for Mark Brown

Tree/Branch: v4.15.16 Git describe: v4.15.16 Commit: 49859d3c55 Linux 4.15.16 Build Time: 85 min 9 sec Passed: 5 / 11 ( 45.45 %) Failed: 6 / 11 ( 54.55 %) Errors: 57 Warnings: 2 Section Mismatches: 0 Failed defconfigs: arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig arm-allmodconfig x86_64-allmodconfig arm64-defconfig Errors: arm64-allmodconfig ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../drivers/media/cec/cec-core.c:230:27: error: 'CEC_CAP_NEEDS_HPD' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/linux/build_bug.h:30:45: error: bit-field '<anonymous>' width not an integer constant ../drivers/media/cec/cec-adap.c:136:22: error: 'CEC_EVENT_FL_DROPPED_EVENTS' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:160:22: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:161:8: error: 'CEC_EVENT_PIN_CEC_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:167:28: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:178:8: error: 'CEC_EVENT_PIN_HPD_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:710:17: error: 'CEC_MSG_FL_REPLY_TO_FOLLOWERS' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1403:21: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1563:25: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1798:6: error: implicit declaration of function 'cec_is_cdc_only' [-Werror=implicit-function-declaration] ../drivers/media/cec/cec-adap.c:1878:33: error: 'CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:2019:33: error: 'CEC_MSG_FL_REPLY_TO_FOLLOWERS' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../drivers/media/cec/cec-api.c:168:7: error: 'CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:169:7: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:198:31: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:381:23: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:382:29: error: 'CEC_CAP_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:452:38: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:453:10: error: 'CEC_EVENT_PIN_CEC_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:610:27: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../drivers/media/platform/s5p-cec/s5p_cec.c:232:35: error: 'CEC_CAP_NEEDS_HPD' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../drivers/media/platform/vivid/vivid-cec.c:285:54: error: 'CEC_CAP_MONITOR_PIN' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) arm-multi_v5_defconfig ../net/socket.c:714:28: error: 'SCM_TIMESTAMPING_PKTINFO' undeclared (first use in this function) ../net/socket.c:770:30: error: 'SCM_TIMESTAMPING_OPT_STATS' undeclared (first use in this function) ../net/core/sock.c:727:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:930:7: error: 'SO_ATTACH_BPF' undeclared (first use in this function) ../net/core/sock.c:943:7: error: 'SO_ATTACH_REUSEPORT_CBPF' undeclared (first use in this function) ../net/core/sock.c:956:7: error: 'SO_ATTACH_REUSEPORT_EBPF' undeclared (first use in this function) ../net/core/sock.c:973:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:1012:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:1017:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:1030:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1040:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/core/sock.c:1044:7: error: 'SO_CNX_ADVICE' undeclared (first use in this function) ../net/core/sock.c:1049:7: error: 'SO_ZEROCOPY' undeclared (first use in this function) ../net/core/sock.c:1144:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:1250:7: error: 'SO_PEERGROUPS' undeclared (first use in this function) ../net/core/sock.c:1323:7: error: 'SO_GET_FILTER' undeclared (first use in this function) ../net/core/sock.c:1330:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:1334:7: error: 'SO_BPF_EXTENSIONS' undeclared (first use in this function) ../net/core/sock.c:1338:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:1343:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:1348:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1352:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/core/sock.c:1356:7: error: 'SO_MEMINFO' undeclared (first use in this function) ../net/core/sock.c:1373:7: error: 'SO_INCOMING_NAPI_ID' undeclared (first use in this function) ../net/core/sock.c:1383:7: error: 'SO_COOKIE' undeclared (first use in this function) ../net/core/sock.c:1390:7: error: 'SO_ZEROCOPY' undeclared (first use in this function) ../net/core/filter.c:3214:8: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/sunrpc/xprtsock.c:1774:38: error: 'SO_REUSEPORT' undeclared (first use in this function) arm-multi_v7_defconfig ../net/socket.c:714:28: error: 'SCM_TIMESTAMPING_PKTINFO' undeclared (first use in this function) ../net/socket.c:770:30: error: 'SCM_TIMESTAMPING_OPT_STATS' undeclared (first use in this function) ../net/core/sock.c:727:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:930:7: error: 'SO_ATTACH_BPF' undeclared (first use in this function) ../net/core/sock.c:943:7: error: 'SO_ATTACH_REUSEPORT_CBPF' undeclared (first use in this function) ../net/core/sock.c:956:7: error: 'SO_ATTACH_REUSEPORT_EBPF' undeclared (first use in this function) ../net/core/sock.c:973:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:1012:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:1017:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:1030:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1040:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/core/sock.c:1044:7: error: 'SO_CNX_ADVICE' undeclared (first use in this function) ../net/core/sock.c:1049:7: error: 'SO_ZEROCOPY' undeclared (first use in this function) ../net/core/sock.c:1144:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:1250:7: error: 'SO_PEERGROUPS' undeclared (first use in this function) ../net/core/sock.c:1323:7: error: 'SO_GET_FILTER' undeclared (first use in this function) ../net/core/sock.c:1330:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:1334:7: error: 'SO_BPF_EXTENSIONS' undeclared (first use in this function) ../net/core/sock.c:1338:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:1343:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:1348:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1352:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/core/sock.c:1356:7: error: 'SO_MEMINFO' undeclared (first use in this function) ../net/core/sock.c:1373:7: error: 'SO_INCOMING_NAPI_ID' undeclared (first use in this function) ../net/core/sock.c:1383:7: error: 'SO_COOKIE' undeclared (first use in this function) ../net/core/sock.c:1390:7: error: 'SO_ZEROCOPY' undeclared (first use in this function) ../net/core/filter.c:3214:8: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../drivers/media/cec/cec-core.c:230:27: error: 'CEC_CAP_NEEDS_HPD' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/linux/build_bug.h:30:45: error: bit-field '<anonymous>' width not an integer constant ../drivers/media/cec/cec-adap.c:136:22: error: 'CEC_EVENT_FL_DROPPED_EVENTS' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:160:22: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:161:8: error: 'CEC_EVENT_PIN_CEC_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:167:28: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:178:8: error: 'CEC_EVENT_PIN_HPD_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:710:17: error: 'CEC_MSG_FL_REPLY_TO_FOLLOWERS' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1403:21: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1563:25: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1798:6: error: implicit declaration of function 'cec_is_cdc_only' [-Werror=implicit-function-declaration] ../drivers/media/cec/cec-adap.c:1878:33: error: 'CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:2019:33: error: 'CEC_MSG_FL_REPLY_TO_FOLLOWERS' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../drivers/media/cec/cec-api.c:168:7: error: 'CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:169:7: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:198:31: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:381:23: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:382:29: error: 'CEC_CAP_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:452:38: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:453:10: error: 'CEC_EVENT_PIN_CEC_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:610:27: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../net/sunrpc/xprtsock.c:1774:38: error: 'SO_REUSEPORT' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) arm-allmodconfig ../net/socket.c:714:28: error: 'SCM_TIMESTAMPING_PKTINFO' undeclared (first use in this function) ../net/socket.c:770:30: error: 'SCM_TIMESTAMPING_OPT_STATS' undeclared (first use in this function) ../net/core/sock.c:727:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:930:7: error: 'SO_ATTACH_BPF' undeclared (first use in this function) ../net/core/sock.c:943:7: error: 'SO_ATTACH_REUSEPORT_CBPF' undeclared (first use in this function) ../net/core/sock.c:956:7: error: 'SO_ATTACH_REUSEPORT_EBPF' undeclared (first use in this function) ../net/core/sock.c:973:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:1012:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:1017:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:1030:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1040:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/core/sock.c:1044:7: error: 'SO_CNX_ADVICE' undeclared (first use in this function) ../net/core/sock.c:1049:7: error: 'SO_ZEROCOPY' undeclared (first use in this function) ../net/core/sock.c:1144:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:1250:7: error: 'SO_PEERGROUPS' undeclared (first use in this function) ../net/core/sock.c:1323:7: error: 'SO_GET_FILTER' undeclared (first use in this function) ../net/core/sock.c:1330:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:1334:7: error: 'SO_BPF_EXTENSIONS' undeclared (first use in this function) ../net/core/sock.c:1338:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:1343:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:1348:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1352:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/core/sock.c:1356:7: error: 'SO_MEMINFO' undeclared (first use in this function) ../net/core/sock.c:1373:7: error: 'SO_INCOMING_NAPI_ID' undeclared (first use in this function) ../net/core/sock.c:1383:7: error: 'SO_COOKIE' undeclared (first use in this function) ../net/core/sock.c:1390:7: error: 'SO_ZEROCOPY' undeclared (first use in this function) ../net/core/filter.c:3214:8: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../drivers/media/cec/cec-core.c:230:27: error: 'CEC_CAP_NEEDS_HPD' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/linux/build_bug.h:30:45: error: bit-field '<anonymous>' width not an integer constant ../drivers/media/cec/cec-adap.c:136:22: error: 'CEC_EVENT_FL_DROPPED_EVENTS' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:160:22: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:161:8: error: 'CEC_EVENT_PIN_CEC_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:167:28: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:178:8: error: 'CEC_EVENT_PIN_HPD_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:710:17: error: 'CEC_MSG_FL_REPLY_TO_FOLLOWERS' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1403:21: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1563:25: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1798:6: error: implicit declaration of function 'cec_is_cdc_only' [-Werror=implicit-function-declaration] ../drivers/media/cec/cec-adap.c:1878:33: error: 'CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:2019:33: error: 'CEC_MSG_FL_REPLY_TO_FOLLOWERS' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../drivers/media/cec/cec-api.c:168:7: error: 'CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:169:7: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:198:31: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:381:23: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:382:29: error: 'CEC_CAP_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:452:38: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:453:10: error: 'CEC_EVENT_PIN_CEC_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:581:7: error: 'CEC_EVENT_PIN_HPD_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:610:27: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../drivers/media/cec/cec-pin.c:797:37: error: 'CEC_CAP_MONITOR_PIN' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../net/sunrpc/xprtsock.c:1774:38: error: 'SO_REUSEPORT' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../drivers/media/platform/s5p-cec/s5p_cec.c:232:35: error: 'CEC_CAP_NEEDS_HPD' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../drivers/media/platform/vivid/vivid-cec.c:285:54: error: 'CEC_CAP_MONITOR_PIN' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../arch/arm/include/asm/parport.h:12:22: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'parport_pc_find_isa_ports' ../arch/arm/include/asm/parport.h:13:22: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'parport_pc_find_nonpci_ports' ../drivers/parport/parport_pc.c:3070:2: error: implicit declaration of function 'parport_pc_find_nonpci_ports' [-Werror=implicit-function-declaration] x86_64-allmodconfig ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../drivers/media/cec/cec-core.c:230:27: error: 'CEC_CAP_NEEDS_HPD' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/linux/build_bug.h:30:45: error: bit-field '<anonymous>' width not an integer constant ../drivers/media/cec/cec-adap.c:136:22: error: 'CEC_EVENT_FL_DROPPED_EVENTS' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:160:22: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:161:8: error: 'CEC_EVENT_PIN_CEC_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:167:28: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:178:8: error: 'CEC_EVENT_PIN_HPD_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:710:17: error: 'CEC_MSG_FL_REPLY_TO_FOLLOWERS' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1403:21: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1563:25: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1798:6: error: implicit declaration of function 'cec_is_cdc_only' [-Werror=implicit-function-declaration] ../drivers/media/cec/cec-adap.c:1878:33: error: 'CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:2019:33: error: 'CEC_MSG_FL_REPLY_TO_FOLLOWERS' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../drivers/media/cec/cec-api.c:168:7: error: 'CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:169:7: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:198:31: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:381:23: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:382:29: error: 'CEC_CAP_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:452:38: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:453:10: error: 'CEC_EVENT_PIN_CEC_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:610:27: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../drivers/media/platform/s5p-cec/s5p_cec.c:232:35: error: 'CEC_CAP_NEEDS_HPD' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../drivers/media/platform/vivid/vivid-cec.c:285:54: error: 'CEC_CAP_MONITOR_PIN' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) arm64-defconfig ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../drivers/media/cec/cec-core.c:230:27: error: 'CEC_CAP_NEEDS_HPD' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/linux/build_bug.h:30:45: error: bit-field '<anonymous>' width not an integer constant ../drivers/media/cec/cec-adap.c:136:22: error: 'CEC_EVENT_FL_DROPPED_EVENTS' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:160:22: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:161:8: error: 'CEC_EVENT_PIN_CEC_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:167:28: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:178:8: error: 'CEC_EVENT_PIN_HPD_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:710:17: error: 'CEC_MSG_FL_REPLY_TO_FOLLOWERS' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1403:21: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1563:25: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1798:6: error: implicit declaration of function 'cec_is_cdc_only' [-Werror=implicit-function-declaration] ../drivers/media/cec/cec-adap.c:1878:33: error: 'CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:2019:33: error: 'CEC_MSG_FL_REPLY_TO_FOLLOWERS' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../drivers/media/cec/cec-api.c:168:7: error: 'CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:169:7: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:198:31: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:381:23: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:382:29: error: 'CEC_CAP_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:452:38: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:453:10: error: 'CEC_EVENT_PIN_CEC_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:610:27: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 1 warnings 0 mismatches : arm64-allmodconfig 1 warnings 0 mismatches : arm-multi_v7_defconfig 1 warnings 0 mismatches : arm-allmodconfig 2 warnings 0 mismatches : x86_64-allmodconfig 1 warnings 0 mismatches : arm64-defconfig ------------------------------------------------------------------------------- Errors summary: 57 175 ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) 5 ../include/linux/build_bug.h:30:45: error: bit-field '<anonymous>' width not an integer constant 5 ../drivers/media/cec/cec-core.c:230:27: error: 'CEC_CAP_NEEDS_HPD' undeclared (first use in this function) 5 ../drivers/media/cec/cec-api.c:610:27: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) 5 ../drivers/media/cec/cec-api.c:453:10: error: 'CEC_EVENT_PIN_CEC_LOW' undeclared (first use in this function) 5 ../drivers/media/cec/cec-api.c:452:38: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared (first use in this function) 5 ../drivers/media/cec/cec-api.c:382:29: error: 'CEC_CAP_MONITOR_PIN' undeclared (first use in this function) 5 ../drivers/media/cec/cec-api.c:381:23: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) 5 ../drivers/media/cec/cec-api.c:198:31: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) 5 ../drivers/media/cec/cec-api.c:169:7: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) 5 ../drivers/media/cec/cec-api.c:168:7: error: 'CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU' undeclared (first use in this function) 5 ../drivers/media/cec/cec-adap.c:710:17: error: 'CEC_MSG_FL_REPLY_TO_FOLLOWERS' undeclared (first use in this function) 5 ../drivers/media/cec/cec-adap.c:2019:33: error: 'CEC_MSG_FL_REPLY_TO_FOLLOWERS' undeclared (first use in this function) 5 ../drivers/media/cec/cec-adap.c:1878:33: error: 'CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU' undeclared (first use in this function) 5 ../drivers/media/cec/cec-adap.c:1798:6: error: implicit declaration of function 'cec_is_cdc_only' [-Werror=implicit-function-declaration] 5 ../drivers/media/cec/cec-adap.c:178:8: error: 'CEC_EVENT_PIN_HPD_LOW' undeclared (first use in this function) 5 ../drivers/media/cec/cec-adap.c:167:28: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) 5 ../drivers/media/cec/cec-adap.c:161:8: error: 'CEC_EVENT_PIN_CEC_LOW' undeclared (first use in this function) 5 ../drivers/media/cec/cec-adap.c:160:22: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared (first use in this function) 5 ../drivers/media/cec/cec-adap.c:1563:25: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) 5 ../drivers/media/cec/cec-adap.c:1403:21: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) 5 ../drivers/media/cec/cec-adap.c:136:22: error: 'CEC_EVENT_FL_DROPPED_EVENTS' undeclared (first use in this function) 3 ../net/sunrpc/xprtsock.c:1774:38: error: 'SO_REUSEPORT' undeclared (first use in this function) 3 ../net/socket.c:770:30: error: 'SCM_TIMESTAMPING_OPT_STATS' undeclared (first use in this function) 3 ../net/socket.c:714:28: error: 'SCM_TIMESTAMPING_PKTINFO' undeclared (first use in this function) 3 ../net/core/sock.c:973:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) 3 ../net/core/sock.c:956:7: error: 'SO_ATTACH_REUSEPORT_EBPF' undeclared (first use in this function) 3 ../net/core/sock.c:943:7: error: 'SO_ATTACH_REUSEPORT_CBPF' undeclared (first use in this function) 3 ../net/core/sock.c:930:7: error: 'SO_ATTACH_BPF' undeclared (first use in this function) 3 ../net/core/sock.c:727:7: error: 'SO_REUSEPORT' undeclared (first use in this function) 3 ../net/core/sock.c:1390:7: error: 'SO_ZEROCOPY' undeclared (first use in this function) 3 ../net/core/sock.c:1383:7: error: 'SO_COOKIE' undeclared (first use in this function) 3 ../net/core/sock.c:1373:7: error: 'SO_INCOMING_NAPI_ID' undeclared (first use in this function) 3 ../net/core/sock.c:1356:7: error: 'SO_MEMINFO' undeclared (first use in this function) 3 ../net/core/sock.c:1352:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) 3 ../net/core/sock.c:1348:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) 3 ../net/core/sock.c:1343:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) 3 ../net/core/sock.c:1338:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) 3 ../net/core/sock.c:1334:7: error: 'SO_BPF_EXTENSIONS' undeclared (first use in this function) 3 ../net/core/sock.c:1330:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) 3 ../net/core/sock.c:1323:7: error: 'SO_GET_FILTER' undeclared (first use in this function) 3 ../net/core/sock.c:1250:7: error: 'SO_PEERGROUPS' undeclared (first use in this function) 3 ../net/core/sock.c:1144:7: error: 'SO_REUSEPORT' undeclared (first use in this function) 3 ../net/core/sock.c:1049:7: error: 'SO_ZEROCOPY' undeclared (first use in this function) 3 ../net/core/sock.c:1044:7: error: 'SO_CNX_ADVICE' undeclared (first use in this function) 3 ../net/core/sock.c:1040:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) 3 ../net/core/sock.c:1030:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) 3 ../net/core/sock.c:1017:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) 3 ../net/core/sock.c:1012:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) 3 ../net/core/filter.c:3214:8: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) 3 ../drivers/media/platform/vivid/vivid-cec.c:285:54: error: 'CEC_CAP_MONITOR_PIN' undeclared (first use in this function) 3 ../drivers/media/platform/s5p-cec/s5p_cec.c:232:35: error: 'CEC_CAP_NEEDS_HPD' undeclared (first use in this function) 1 ../drivers/parport/parport_pc.c:3070:2: error: implicit declaration of function 'parport_pc_find_nonpci_ports' [-Werror=implicit-function-declaration] 1 ../drivers/media/cec/cec-pin.c:797:37: error: 'CEC_CAP_MONITOR_PIN' undeclared (first use in this function) 1 ../drivers/media/cec/cec-api.c:581:7: error: 'CEC_EVENT_PIN_HPD_LOW' undeclared (first use in this function) 1 ../arch/arm/include/asm/parport.h:13:22: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'parport_pc_find_nonpci_ports' 1 ../arch/arm/include/asm/parport.h:12:22: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'parport_pc_find_isa_ports' Warnings Summary: 2 5 ../drivers/media/cec/cec-adap.c:88:18: warning: unused variable 'max_events' [-Wunused-variable] 1 drivers/target/iscsi/.tmp_iscsi_target.o: warning: objtool: iscsit_handle_task_mgt_cmd()+0x78f: sibling call from callable instruction with modified stack frame =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- arm64-allmodconfig : FAIL, 63 errors, 1 warnings, 0 section mismatches Errors: ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../drivers/media/cec/cec-core.c:230:27: error: 'CEC_CAP_NEEDS_HPD' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/linux/build_bug.h:30:45: error: bit-field '<anonymous>' width not an integer constant ../drivers/media/cec/cec-adap.c:136:22: error: 'CEC_EVENT_FL_DROPPED_EVENTS' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:160:22: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:161:8: error: 'CEC_EVENT_PIN_CEC_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:167:28: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:178:8: error: 'CEC_EVENT_PIN_HPD_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:710:17: error: 'CEC_MSG_FL_REPLY_TO_FOLLOWERS' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1403:21: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1563:25: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1798:6: error: implicit declaration of function 'cec_is_cdc_only' [-Werror=implicit-function-declaration] ../drivers/media/cec/cec-adap.c:1878:33: error: 'CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:2019:33: error: 'CEC_MSG_FL_REPLY_TO_FOLLOWERS' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../drivers/media/cec/cec-api.c:168:7: error: 'CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:169:7: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:198:31: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:381:23: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:382:29: error: 'CEC_CAP_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:452:38: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:453:10: error: 'CEC_EVENT_PIN_CEC_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:610:27: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../drivers/media/platform/s5p-cec/s5p_cec.c:232:35: error: 'CEC_CAP_NEEDS_HPD' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../drivers/media/platform/vivid/vivid-cec.c:285:54: error: 'CEC_CAP_MONITOR_PIN' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) Warnings: ../drivers/media/cec/cec-adap.c:88:18: warning: unused variable 'max_events' [-Wunused-variable] ------------------------------------------------------------------------------- arm-multi_v5_defconfig : FAIL, 28 errors, 0 warnings, 0 section mismatches Errors: ../net/socket.c:714:28: error: 'SCM_TIMESTAMPING_PKTINFO' undeclared (first use in this function) ../net/socket.c:770:30: error: 'SCM_TIMESTAMPING_OPT_STATS' undeclared (first use in this function) ../net/core/sock.c:727:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:930:7: error: 'SO_ATTACH_BPF' undeclared (first use in this function) ../net/core/sock.c:943:7: error: 'SO_ATTACH_REUSEPORT_CBPF' undeclared (first use in this function) ../net/core/sock.c:956:7: error: 'SO_ATTACH_REUSEPORT_EBPF' undeclared (first use in this function) ../net/core/sock.c:973:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:1012:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:1017:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:1030:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1040:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/core/sock.c:1044:7: error: 'SO_CNX_ADVICE' undeclared (first use in this function) ../net/core/sock.c:1049:7: error: 'SO_ZEROCOPY' undeclared (first use in this function) ../net/core/sock.c:1144:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:1250:7: error: 'SO_PEERGROUPS' undeclared (first use in this function) ../net/core/sock.c:1323:7: error: 'SO_GET_FILTER' undeclared (first use in this function) ../net/core/sock.c:1330:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:1334:7: error: 'SO_BPF_EXTENSIONS' undeclared (first use in this function) ../net/core/sock.c:1338:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:1343:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:1348:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1352:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/core/sock.c:1356:7: error: 'SO_MEMINFO' undeclared (first use in this function) ../net/core/sock.c:1373:7: error: 'SO_INCOMING_NAPI_ID' undeclared (first use in this function) ../net/core/sock.c:1383:7: error: 'SO_COOKIE' undeclared (first use in this function) ../net/core/sock.c:1390:7: error: 'SO_ZEROCOPY' undeclared (first use in this function) ../net/core/filter.c:3214:8: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/sunrpc/xprtsock.c:1774:38: error: 'SO_REUSEPORT' undeclared (first use in this function) ------------------------------------------------------------------------------- arm-multi_v7_defconfig : FAIL, 80 errors, 1 warnings, 0 section mismatches Errors: ../net/socket.c:714:28: error: 'SCM_TIMESTAMPING_PKTINFO' undeclared (first use in this function) ../net/socket.c:770:30: error: 'SCM_TIMESTAMPING_OPT_STATS' undeclared (first use in this function) ../net/core/sock.c:727:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:930:7: error: 'SO_ATTACH_BPF' undeclared (first use in this function) ../net/core/sock.c:943:7: error: 'SO_ATTACH_REUSEPORT_CBPF' undeclared (first use in this function) ../net/core/sock.c:956:7: error: 'SO_ATTACH_REUSEPORT_EBPF' undeclared (first use in this function) ../net/core/sock.c:973:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:1012:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:1017:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:1030:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1040:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/core/sock.c:1044:7: error: 'SO_CNX_ADVICE' undeclared (first use in this function) ../net/core/sock.c:1049:7: error: 'SO_ZEROCOPY' undeclared (first use in this function) ../net/core/sock.c:1144:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:1250:7: error: 'SO_PEERGROUPS' undeclared (first use in this function) ../net/core/sock.c:1323:7: error: 'SO_GET_FILTER' undeclared (first use in this function) ../net/core/sock.c:1330:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:1334:7: error: 'SO_BPF_EXTENSIONS' undeclared (first use in this function) ../net/core/sock.c:1338:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:1343:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:1348:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1352:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/core/sock.c:1356:7: error: 'SO_MEMINFO' undeclared (first use in this function) ../net/core/sock.c:1373:7: error: 'SO_INCOMING_NAPI_ID' undeclared (first use in this function) ../net/core/sock.c:1383:7: error: 'SO_COOKIE' undeclared (first use in this function) ../net/core/sock.c:1390:7: error: 'SO_ZEROCOPY' undeclared (first use in this function) ../net/core/filter.c:3214:8: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../drivers/media/cec/cec-core.c:230:27: error: 'CEC_CAP_NEEDS_HPD' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/linux/build_bug.h:30:45: error: bit-field '<anonymous>' width not an integer constant ../drivers/media/cec/cec-adap.c:136:22: error: 'CEC_EVENT_FL_DROPPED_EVENTS' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:160:22: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:161:8: error: 'CEC_EVENT_PIN_CEC_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:167:28: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:178:8: error: 'CEC_EVENT_PIN_HPD_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:710:17: error: 'CEC_MSG_FL_REPLY_TO_FOLLOWERS' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1403:21: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1563:25: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1798:6: error: implicit declaration of function 'cec_is_cdc_only' [-Werror=implicit-function-declaration] ../drivers/media/cec/cec-adap.c:1878:33: error: 'CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:2019:33: error: 'CEC_MSG_FL_REPLY_TO_FOLLOWERS' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../drivers/media/cec/cec-api.c:168:7: error: 'CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:169:7: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:198:31: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:381:23: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:382:29: error: 'CEC_CAP_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:452:38: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:453:10: error: 'CEC_EVENT_PIN_CEC_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:610:27: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../net/sunrpc/xprtsock.c:1774:38: error: 'SO_REUSEPORT' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) Warnings: ../drivers/media/cec/cec-adap.c:88:18: warning: unused variable 'max_events' [-Wunused-variable] ------------------------------------------------------------------------------- arm-allmodconfig : FAIL, 112 errors, 1 warnings, 0 section mismatches Errors: ../net/socket.c:714:28: error: 'SCM_TIMESTAMPING_PKTINFO' undeclared (first use in this function) ../net/socket.c:770:30: error: 'SCM_TIMESTAMPING_OPT_STATS' undeclared (first use in this function) ../net/core/sock.c:727:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:930:7: error: 'SO_ATTACH_BPF' undeclared (first use in this function) ../net/core/sock.c:943:7: error: 'SO_ATTACH_REUSEPORT_CBPF' undeclared (first use in this function) ../net/core/sock.c:956:7: error: 'SO_ATTACH_REUSEPORT_EBPF' undeclared (first use in this function) ../net/core/sock.c:973:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:1012:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:1017:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:1030:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1040:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/core/sock.c:1044:7: error: 'SO_CNX_ADVICE' undeclared (first use in this function) ../net/core/sock.c:1049:7: error: 'SO_ZEROCOPY' undeclared (first use in this function) ../net/core/sock.c:1144:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:1250:7: error: 'SO_PEERGROUPS' undeclared (first use in this function) ../net/core/sock.c:1323:7: error: 'SO_GET_FILTER' undeclared (first use in this function) ../net/core/sock.c:1330:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:1334:7: error: 'SO_BPF_EXTENSIONS' undeclared (first use in this function) ../net/core/sock.c:1338:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:1343:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:1348:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1352:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/core/sock.c:1356:7: error: 'SO_MEMINFO' undeclared (first use in this function) ../net/core/sock.c:1373:7: error: 'SO_INCOMING_NAPI_ID' undeclared (first use in this function) ../net/core/sock.c:1383:7: error: 'SO_COOKIE' undeclared (first use in this function) ../net/core/sock.c:1390:7: error: 'SO_ZEROCOPY' undeclared (first use in this function) ../net/core/filter.c:3214:8: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../drivers/media/cec/cec-core.c:230:27: error: 'CEC_CAP_NEEDS_HPD' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/linux/build_bug.h:30:45: error: bit-field '<anonymous>' width not an integer constant ../drivers/media/cec/cec-adap.c:136:22: error: 'CEC_EVENT_FL_DROPPED_EVENTS' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:160:22: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:161:8: error: 'CEC_EVENT_PIN_CEC_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:167:28: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:178:8: error: 'CEC_EVENT_PIN_HPD_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:710:17: error: 'CEC_MSG_FL_REPLY_TO_FOLLOWERS' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1403:21: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1563:25: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1798:6: error: implicit declaration of function 'cec_is_cdc_only' [-Werror=implicit-function-declaration] ../drivers/media/cec/cec-adap.c:1878:33: error: 'CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:2019:33: error: 'CEC_MSG_FL_REPLY_TO_FOLLOWERS' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../drivers/media/cec/cec-api.c:168:7: error: 'CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:169:7: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:198:31: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:381:23: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:382:29: error: 'CEC_CAP_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:452:38: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:453:10: error: 'CEC_EVENT_PIN_CEC_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:581:7: error: 'CEC_EVENT_PIN_HPD_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:610:27: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../drivers/media/cec/cec-pin.c:797:37: error: 'CEC_CAP_MONITOR_PIN' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../net/sunrpc/xprtsock.c:1774:38: error: 'SO_REUSEPORT' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../drivers/media/platform/s5p-cec/s5p_cec.c:232:35: error: 'CEC_CAP_NEEDS_HPD' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../drivers/media/platform/vivid/vivid-cec.c:285:54: error: 'CEC_CAP_MONITOR_PIN' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../arch/arm/include/asm/parport.h:12:22: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'parport_pc_find_isa_ports' ../arch/arm/include/asm/parport.h:13:22: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'parport_pc_find_nonpci_ports' ../drivers/parport/parport_pc.c:3070:2: error: implicit declaration of function 'parport_pc_find_nonpci_ports' [-Werror=implicit-function-declaration] Warnings: ../drivers/media/cec/cec-adap.c:88:18: warning: unused variable 'max_events' [-Wunused-variable] ------------------------------------------------------------------------------- x86_64-allmodconfig : FAIL, 60 errors, 2 warnings, 0 section mismatches Errors: ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../drivers/media/cec/cec-core.c:230:27: error: 'CEC_CAP_NEEDS_HPD' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/linux/build_bug.h:30:45: error: bit-field '<anonymous>' width not an integer constant ../drivers/media/cec/cec-adap.c:136:22: error: 'CEC_EVENT_FL_DROPPED_EVENTS' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:160:22: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:161:8: error: 'CEC_EVENT_PIN_CEC_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:167:28: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:178:8: error: 'CEC_EVENT_PIN_HPD_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:710:17: error: 'CEC_MSG_FL_REPLY_TO_FOLLOWERS' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1403:21: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1563:25: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1798:6: error: implicit declaration of function 'cec_is_cdc_only' [-Werror=implicit-function-declaration] ../drivers/media/cec/cec-adap.c:1878:33: error: 'CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:2019:33: error: 'CEC_MSG_FL_REPLY_TO_FOLLOWERS' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../drivers/media/cec/cec-api.c:168:7: error: 'CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:169:7: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:198:31: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:381:23: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:382:29: error: 'CEC_CAP_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:452:38: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:453:10: error: 'CEC_EVENT_PIN_CEC_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:610:27: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../drivers/media/platform/s5p-cec/s5p_cec.c:232:35: error: 'CEC_CAP_NEEDS_HPD' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../drivers/media/platform/vivid/vivid-cec.c:285:54: error: 'CEC_CAP_MONITOR_PIN' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) Warnings: ../drivers/media/cec/cec-adap.c:88:18: warning: unused variable 'max_events' [-Wunused-variable] drivers/target/iscsi/.tmp_iscsi_target.o: warning: objtool: iscsit_handle_task_mgt_cmd()+0x78f: sibling call from callable instruction with modified stack frame ------------------------------------------------------------------------------- arm64-defconfig : FAIL, 32 errors, 1 warnings, 0 section mismatches Errors: ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../drivers/media/cec/cec-core.c:230:27: error: 'CEC_CAP_NEEDS_HPD' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../include/linux/build_bug.h:30:45: error: bit-field '<anonymous>' width not an integer constant ../drivers/media/cec/cec-adap.c:136:22: error: 'CEC_EVENT_FL_DROPPED_EVENTS' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:160:22: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:161:8: error: 'CEC_EVENT_PIN_CEC_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:167:28: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:178:8: error: 'CEC_EVENT_PIN_HPD_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:710:17: error: 'CEC_MSG_FL_REPLY_TO_FOLLOWERS' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1403:21: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1563:25: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1798:6: error: implicit declaration of function 'cec_is_cdc_only' [-Werror=implicit-function-declaration] ../drivers/media/cec/cec-adap.c:1878:33: error: 'CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:2019:33: error: 'CEC_MSG_FL_REPLY_TO_FOLLOWERS' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) ../drivers/media/cec/cec-api.c:168:7: error: 'CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:169:7: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:198:31: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:381:23: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:382:29: error: 'CEC_CAP_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:452:38: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:453:10: error: 'CEC_EVENT_PIN_CEC_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:610:27: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_HPD_HIGH' undeclared here (not in a function) Warnings: ../drivers/media/cec/cec-adap.c:88:18: warning: unused variable 'max_events' [-Wunused-variable] ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: x86_64-allnoconfig arm64-allnoconfig arm-allnoconfig arm-multi_v4t_defconfig x86_64-defconfig

7 years, 5 months

3
3
0 0

FAILED: patch "[PATCH] vrf: Fix use after free and double free in vrf_finish_output" failed to apply to 4.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 82dd0d2a9a76fc8fa2b18d80b987d455728bf83a Mon Sep 17 00:00:00 2001 From: David Ahern <dsahern(a)gmail.com> Date: Thu, 29 Mar 2018 12:49:52 -0700 Subject: [PATCH] vrf: Fix use after free and double free in vrf_finish_output Miguel reported an skb use after free / double free in vrf_finish_output when neigh_output returns an error. The vrf driver should return after the call to neigh_output as it takes over the skb on error path as well. Patch is a simplified version of Miguel's patch which was written for 4.9, and updated to top of tree. Fixes: 8f58336d3f78a ("net: Add ethernet header for pass through VRF device") Signed-off-by: Miguel Fadon Perlines <mfadon(a)teldat.com> Signed-off-by: David Ahern <dsahern(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c index 139c61c8244a..ac40924fe437 100644 --- a/drivers/net/vrf.c +++ b/drivers/net/vrf.c @@ -578,12 +578,13 @@ static int vrf_finish_output(struct net *net, struct sock *sk, struct sk_buff *s if (!IS_ERR(neigh)) { sock_confirm_neigh(skb, neigh); ret = neigh_output(neigh, skb); + rcu_read_unlock_bh(); + return ret; } rcu_read_unlock_bh(); err: - if (unlikely(ret < 0)) - vrf_tx_error(skb->dev, skb); + vrf_tx_error(skb->dev, skb); return ret; }

7 years, 5 months

4
3
0 0

[PATCH v2 1/2] drm/i915/bios: filter out invalid DDC pins from VBT child devices

by Jani Nikula

The VBT contains the DDC pin to use for specific ports. Alas, sometimes the field appears to contain bogus data, and while we check for it later on in intel_gmbus_get_adapter() we fail to check the returned NULL on errors. Oops results. The simplest approach seems to be to catch and ignore the bogus DDC pins already at the VBT parsing phase, reverting to fixed per port default pins. This doesn't guarantee display working, but at least it prevents the oops. And we continue to be fuzzed by VBT. One affected machine is Dell Latitude 5590 where a BIOS upgrade added invalid DDC pins. Typical backtrace: [ 35.461411] WARN_ON(!intel_gmbus_is_valid_pin(dev_priv, pin)) [ 35.461432] WARNING: CPU: 6 PID: 411 at drivers/gpu/drm/i915/intel_i2c.c:844 intel_gmbus_get_adapter+0x32/0x37 [i915] [ 35.461437] Modules linked in: i915 ahci libahci dm_snapshot dm_bufio dm_raid raid456 async_raid6_recov async_pq raid6_pq async_xor xor async_memcpy async_tx [ 35.461445] CPU: 6 PID: 411 Comm: kworker/u16:2 Not tainted 4.16.0-rc7.x64-g1cda370ffded #1 [ 35.461447] Hardware name: Dell Inc. Latitude 5590/0MM81M, BIOS 1.1.9 03/13/2018 [ 35.461450] Workqueue: events_unbound async_run_entry_fn [ 35.461465] RIP: 0010:intel_gmbus_get_adapter+0x32/0x37 [i915] [ 35.461467] RSP: 0018:ffff9b4e43d47c40 EFLAGS: 00010286 [ 35.461469] RAX: 0000000000000000 RBX: ffff98f90639f800 RCX: ffffffffae051960 [ 35.461471] RDX: 0000000000000001 RSI: 0000000000000092 RDI: 0000000000000246 [ 35.461472] RBP: ffff98f905410000 R08: 0000004d062a83f6 R09: 00000000000003bd [ 35.461474] R10: 0000000000000031 R11: ffffffffad4eda58 R12: ffff98f905410000 [ 35.461475] R13: ffff98f9064c1000 R14: ffff9b4e43d47cf0 R15: ffff98f905410000 [ 35.461477] FS: 0000000000000000(0000) GS:ffff98f92e580000(0000) knlGS:0000000000000000 [ 35.461479] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 35.461481] CR2: 00007f5682359008 CR3: 00000001b700c005 CR4: 00000000003606e0 [ 35.461483] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 35.461484] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 35.461486] Call Trace: [ 35.461501] intel_hdmi_set_edid+0x37/0x27f [i915] [ 35.461515] intel_hdmi_detect+0x7c/0x97 [i915] [ 35.461518] drm_helper_probe_single_connector_modes+0xe1/0x6c0 [ 35.461521] drm_setup_crtcs+0x129/0xa6a [ 35.461523] ? __switch_to_asm+0x34/0x70 [ 35.461525] ? __switch_to_asm+0x34/0x70 [ 35.461527] ? __switch_to_asm+0x40/0x70 [ 35.461528] ? __switch_to_asm+0x34/0x70 [ 35.461529] ? __switch_to_asm+0x40/0x70 [ 35.461531] ? __switch_to_asm+0x34/0x70 [ 35.461532] ? __switch_to_asm+0x40/0x70 [ 35.461534] ? __switch_to_asm+0x34/0x70 [ 35.461536] __drm_fb_helper_initial_config_and_unlock+0x34/0x46f [ 35.461538] ? __switch_to_asm+0x40/0x70 [ 35.461541] ? _cond_resched+0x10/0x33 [ 35.461557] intel_fbdev_initial_config+0xf/0x1c [i915] [ 35.461560] async_run_entry_fn+0x2e/0xf5 [ 35.461563] process_one_work+0x15b/0x364 [ 35.461565] worker_thread+0x2c/0x3a0 [ 35.461567] ? process_one_work+0x364/0x364 [ 35.461568] kthread+0x10c/0x122 [ 35.461570] ? _kthread_create_on_node+0x5d/0x5d [ 35.461572] ret_from_fork+0x35/0x40 [ 35.461574] Code: 74 16 89 f6 48 8d 04 b6 48 c1 e0 05 48 29 f0 48 8d 84 c7 e8 11 00 00 c3 48 c7 c6 b0 19 1e c0 48 c7 c7 64 8a 1c c0 e8 47 88 ed ec <0f> 0b 31 c0 c3 8b 87 a4 04 00 00 80 e4 fc 09 c6 89 b7 a4 04 00 [ 35.461604] WARNING: CPU: 6 PID: 411 at drivers/gpu/drm/i915/intel_i2c.c:844 intel_gmbus_get_adapter+0x32/0x37 [i915] [ 35.461606] ---[ end trace 4fe1e63e2dd93373 ]--- [ 35.461609] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 [ 35.461613] IP: i2c_transfer+0x4/0x86 [ 35.461614] PGD 0 P4D 0 [ 35.461616] Oops: 0000 [#1] SMP PTI [ 35.461618] Modules linked in: i915 ahci libahci dm_snapshot dm_bufio dm_raid raid456 async_raid6_recov async_pq raid6_pq async_xor xor async_memcpy async_tx [ 35.461624] CPU: 6 PID: 411 Comm: kworker/u16:2 Tainted: G W 4.16.0-rc7.x64-g1cda370ffded #1 [ 35.461625] Hardware name: Dell Inc. Latitude 5590/0MM81M, BIOS 1.1.9 03/13/2018 [ 35.461628] Workqueue: events_unbound async_run_entry_fn [ 35.461630] RIP: 0010:i2c_transfer+0x4/0x86 [ 35.461631] RSP: 0018:ffff9b4e43d47b30 EFLAGS: 00010246 [ 35.461633] RAX: ffff9b4e43d47b6e RBX: 0000000000000005 RCX: 0000000000000001 [ 35.461635] RDX: 0000000000000002 RSI: ffff9b4e43d47b80 RDI: 0000000000000000 [ 35.461636] RBP: ffff9b4e43d47bd8 R08: 0000004d062a83f6 R09: 00000000000003bd [ 35.461638] R10: 0000000000000031 R11: ffffffffad4eda58 R12: 0000000000000002 [ 35.461639] R13: 0000000000000001 R14: ffff9b4e43d47b6f R15: ffff9b4e43d47c07 [ 35.461641] FS: 0000000000000000(0000) GS:ffff98f92e580000(0000) knlGS:0000000000000000 [ 35.461643] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 35.461645] CR2: 0000000000000010 CR3: 00000001b700c005 CR4: 00000000003606e0 [ 35.461646] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 35.461647] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 35.461649] Call Trace: [ 35.461652] drm_do_probe_ddc_edid+0xb3/0x128 [ 35.461654] drm_get_edid+0xe5/0x38d [ 35.461669] intel_hdmi_set_edid+0x45/0x27f [i915] [ 35.461684] intel_hdmi_detect+0x7c/0x97 [i915] [ 35.461687] drm_helper_probe_single_connector_modes+0xe1/0x6c0 [ 35.461689] drm_setup_crtcs+0x129/0xa6a [ 35.461691] ? __switch_to_asm+0x34/0x70 [ 35.461693] ? __switch_to_asm+0x34/0x70 [ 35.461694] ? __switch_to_asm+0x40/0x70 [ 35.461696] ? __switch_to_asm+0x34/0x70 [ 35.461697] ? __switch_to_asm+0x40/0x70 [ 35.461698] ? __switch_to_asm+0x34/0x70 [ 35.461700] ? __switch_to_asm+0x40/0x70 [ 35.461701] ? __switch_to_asm+0x34/0x70 [ 35.461703] __drm_fb_helper_initial_config_and_unlock+0x34/0x46f [ 35.461705] ? __switch_to_asm+0x40/0x70 [ 35.461707] ? _cond_resched+0x10/0x33 [ 35.461724] intel_fbdev_initial_config+0xf/0x1c [i915] [ 35.461727] async_run_entry_fn+0x2e/0xf5 [ 35.461729] process_one_work+0x15b/0x364 [ 35.461731] worker_thread+0x2c/0x3a0 [ 35.461733] ? process_one_work+0x364/0x364 [ 35.461734] kthread+0x10c/0x122 [ 35.461736] ? _kthread_create_on_node+0x5d/0x5d [ 35.461738] ret_from_fork+0x35/0x40 [ 35.461739] Code: 5c fa e1 ad 48 89 df e8 ea fb ff ff e9 2a ff ff ff 0f 1f 44 00 00 31 c0 e9 43 fd ff ff 31 c0 45 31 e4 e9 c5 fd ff ff 41 54 55 53 <48> 8b 47 10 48 83 78 10 00 74 70 41 89 d4 48 89 f5 48 89 fb 65 [ 35.461756] RIP: i2c_transfer+0x4/0x86 RSP: ffff9b4e43d47b30 [ 35.461757] CR2: 0000000000000010 [ 35.461759] ---[ end trace 4fe1e63e2dd93374 ]--- Based on a patch by Fei Li. v2: s/reverting/sticking/ (Chris) Cc: stable(a)vger.kernel.org Cc: Fei Li <fei.li(a)intel.com> Co-developed-by: Fei Li <fei.li(a)intel.com> Reported-by: Pavel Nakonechnyi <zorg1331(a)gmail.com> Reported-and-tested-by: Seweryn Kokot <sewkokot(a)gmail.com> Reported-and-tested-by: Laszlo Valko <valko(a)linux.karinthy.hu> Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=105549 Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=105961 Reviewed-by: Chris Wilson <chris(a)chris-wilson.co.uk> Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> --- drivers/gpu/drm/i915/intel_bios.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_bios.c b/drivers/gpu/drm/i915/intel_bios.c index c5c7530ba157..447b721c3be9 100644 --- a/drivers/gpu/drm/i915/intel_bios.c +++ b/drivers/gpu/drm/i915/intel_bios.c @@ -1256,7 +1256,6 @@ static void parse_ddi_port(struct drm_i915_private *dev_priv, enum port port, return; aux_channel = child->aux_channel; - ddc_pin = child->ddc_pin; is_dvi = child->device_type & DEVICE_TYPE_TMDS_DVI_SIGNALING; is_dp = child->device_type & DEVICE_TYPE_DISPLAYPORT_OUTPUT; @@ -1303,9 +1302,15 @@ static void parse_ddi_port(struct drm_i915_private *dev_priv, enum port port, DRM_DEBUG_KMS("Port %c is internal DP\n", port_name(port)); if (is_dvi) { - info->alternate_ddc_pin = map_ddc_pin(dev_priv, ddc_pin); - - sanitize_ddc_pin(dev_priv, port); + ddc_pin = map_ddc_pin(dev_priv, child->ddc_pin); + if (intel_gmbus_is_valid_pin(dev_priv, ddc_pin)) { + info->alternate_ddc_pin = ddc_pin; + sanitize_ddc_pin(dev_priv, port); + } else { + DRM_DEBUG_KMS("Port %c has invalid DDC pin %d, " + "sticking to defaults\n", + port_name(port), ddc_pin); + } } if (is_dp) { -- 2.11.0

7 years, 5 months

1
0
0 0

[PATCH] drm/i915/bios: filter out invalid DDC pins from VBT child devices

by Jani Nikula

The VBT contains the DDC pin to use for specific ports. Alas, sometimes the field appears to contain bogus data, and while we check for it later on in intel_gmbus_get_adapter() we fail to check the returned NULL on errors. Oops results. The simplest approach seems to be to catch and ignore the bogus DDC pins already at the VBT parsing phase, reverting to fixed per port default pins. This doesn't guarantee display working, but at least it prevents the oops. And we continue to be fuzzed by VBT. One affected machine is Dell Latitude 5590 where a BIOS upgrade added invalid DDC pins. Typical backtrace: [ 35.461411] WARN_ON(!intel_gmbus_is_valid_pin(dev_priv, pin)) [ 35.461432] WARNING: CPU: 6 PID: 411 at drivers/gpu/drm/i915/intel_i2c.c:844 intel_gmbus_get_adapter+0x32/0x37 [i915] [ 35.461437] Modules linked in: i915 ahci libahci dm_snapshot dm_bufio dm_raid raid456 async_raid6_recov async_pq raid6_pq async_xor xor async_memcpy async_tx [ 35.461445] CPU: 6 PID: 411 Comm: kworker/u16:2 Not tainted 4.16.0-rc7.x64-g1cda370ffded #1 [ 35.461447] Hardware name: Dell Inc. Latitude 5590/0MM81M, BIOS 1.1.9 03/13/2018 [ 35.461450] Workqueue: events_unbound async_run_entry_fn [ 35.461465] RIP: 0010:intel_gmbus_get_adapter+0x32/0x37 [i915] [ 35.461467] RSP: 0018:ffff9b4e43d47c40 EFLAGS: 00010286 [ 35.461469] RAX: 0000000000000000 RBX: ffff98f90639f800 RCX: ffffffffae051960 [ 35.461471] RDX: 0000000000000001 RSI: 0000000000000092 RDI: 0000000000000246 [ 35.461472] RBP: ffff98f905410000 R08: 0000004d062a83f6 R09: 00000000000003bd [ 35.461474] R10: 0000000000000031 R11: ffffffffad4eda58 R12: ffff98f905410000 [ 35.461475] R13: ffff98f9064c1000 R14: ffff9b4e43d47cf0 R15: ffff98f905410000 [ 35.461477] FS: 0000000000000000(0000) GS:ffff98f92e580000(0000) knlGS:0000000000000000 [ 35.461479] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 35.461481] CR2: 00007f5682359008 CR3: 00000001b700c005 CR4: 00000000003606e0 [ 35.461483] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 35.461484] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 35.461486] Call Trace: [ 35.461501] intel_hdmi_set_edid+0x37/0x27f [i915] [ 35.461515] intel_hdmi_detect+0x7c/0x97 [i915] [ 35.461518] drm_helper_probe_single_connector_modes+0xe1/0x6c0 [ 35.461521] drm_setup_crtcs+0x129/0xa6a [ 35.461523] ? __switch_to_asm+0x34/0x70 [ 35.461525] ? __switch_to_asm+0x34/0x70 [ 35.461527] ? __switch_to_asm+0x40/0x70 [ 35.461528] ? __switch_to_asm+0x34/0x70 [ 35.461529] ? __switch_to_asm+0x40/0x70 [ 35.461531] ? __switch_to_asm+0x34/0x70 [ 35.461532] ? __switch_to_asm+0x40/0x70 [ 35.461534] ? __switch_to_asm+0x34/0x70 [ 35.461536] __drm_fb_helper_initial_config_and_unlock+0x34/0x46f [ 35.461538] ? __switch_to_asm+0x40/0x70 [ 35.461541] ? _cond_resched+0x10/0x33 [ 35.461557] intel_fbdev_initial_config+0xf/0x1c [i915] [ 35.461560] async_run_entry_fn+0x2e/0xf5 [ 35.461563] process_one_work+0x15b/0x364 [ 35.461565] worker_thread+0x2c/0x3a0 [ 35.461567] ? process_one_work+0x364/0x364 [ 35.461568] kthread+0x10c/0x122 [ 35.461570] ? _kthread_create_on_node+0x5d/0x5d [ 35.461572] ret_from_fork+0x35/0x40 [ 35.461574] Code: 74 16 89 f6 48 8d 04 b6 48 c1 e0 05 48 29 f0 48 8d 84 c7 e8 11 00 00 c3 48 c7 c6 b0 19 1e c0 48 c7 c7 64 8a 1c c0 e8 47 88 ed ec <0f> 0b 31 c0 c3 8b 87 a4 04 00 00 80 e4 fc 09 c6 89 b7 a4 04 00 [ 35.461604] WARNING: CPU: 6 PID: 411 at drivers/gpu/drm/i915/intel_i2c.c:844 intel_gmbus_get_adapter+0x32/0x37 [i915] [ 35.461606] ---[ end trace 4fe1e63e2dd93373 ]--- [ 35.461609] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 [ 35.461613] IP: i2c_transfer+0x4/0x86 [ 35.461614] PGD 0 P4D 0 [ 35.461616] Oops: 0000 [#1] SMP PTI [ 35.461618] Modules linked in: i915 ahci libahci dm_snapshot dm_bufio dm_raid raid456 async_raid6_recov async_pq raid6_pq async_xor xor async_memcpy async_tx [ 35.461624] CPU: 6 PID: 411 Comm: kworker/u16:2 Tainted: G W 4.16.0-rc7.x64-g1cda370ffded #1 [ 35.461625] Hardware name: Dell Inc. Latitude 5590/0MM81M, BIOS 1.1.9 03/13/2018 [ 35.461628] Workqueue: events_unbound async_run_entry_fn [ 35.461630] RIP: 0010:i2c_transfer+0x4/0x86 [ 35.461631] RSP: 0018:ffff9b4e43d47b30 EFLAGS: 00010246 [ 35.461633] RAX: ffff9b4e43d47b6e RBX: 0000000000000005 RCX: 0000000000000001 [ 35.461635] RDX: 0000000000000002 RSI: ffff9b4e43d47b80 RDI: 0000000000000000 [ 35.461636] RBP: ffff9b4e43d47bd8 R08: 0000004d062a83f6 R09: 00000000000003bd [ 35.461638] R10: 0000000000000031 R11: ffffffffad4eda58 R12: 0000000000000002 [ 35.461639] R13: 0000000000000001 R14: ffff9b4e43d47b6f R15: ffff9b4e43d47c07 [ 35.461641] FS: 0000000000000000(0000) GS:ffff98f92e580000(0000) knlGS:0000000000000000 [ 35.461643] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 35.461645] CR2: 0000000000000010 CR3: 00000001b700c005 CR4: 00000000003606e0 [ 35.461646] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 35.461647] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 35.461649] Call Trace: [ 35.461652] drm_do_probe_ddc_edid+0xb3/0x128 [ 35.461654] drm_get_edid+0xe5/0x38d [ 35.461669] intel_hdmi_set_edid+0x45/0x27f [i915] [ 35.461684] intel_hdmi_detect+0x7c/0x97 [i915] [ 35.461687] drm_helper_probe_single_connector_modes+0xe1/0x6c0 [ 35.461689] drm_setup_crtcs+0x129/0xa6a [ 35.461691] ? __switch_to_asm+0x34/0x70 [ 35.461693] ? __switch_to_asm+0x34/0x70 [ 35.461694] ? __switch_to_asm+0x40/0x70 [ 35.461696] ? __switch_to_asm+0x34/0x70 [ 35.461697] ? __switch_to_asm+0x40/0x70 [ 35.461698] ? __switch_to_asm+0x34/0x70 [ 35.461700] ? __switch_to_asm+0x40/0x70 [ 35.461701] ? __switch_to_asm+0x34/0x70 [ 35.461703] __drm_fb_helper_initial_config_and_unlock+0x34/0x46f [ 35.461705] ? __switch_to_asm+0x40/0x70 [ 35.461707] ? _cond_resched+0x10/0x33 [ 35.461724] intel_fbdev_initial_config+0xf/0x1c [i915] [ 35.461727] async_run_entry_fn+0x2e/0xf5 [ 35.461729] process_one_work+0x15b/0x364 [ 35.461731] worker_thread+0x2c/0x3a0 [ 35.461733] ? process_one_work+0x364/0x364 [ 35.461734] kthread+0x10c/0x122 [ 35.461736] ? _kthread_create_on_node+0x5d/0x5d [ 35.461738] ret_from_fork+0x35/0x40 [ 35.461739] Code: 5c fa e1 ad 48 89 df e8 ea fb ff ff e9 2a ff ff ff 0f 1f 44 00 00 31 c0 e9 43 fd ff ff 31 c0 45 31 e4 e9 c5 fd ff ff 41 54 55 53 <48> 8b 47 10 48 83 78 10 00 74 70 41 89 d4 48 89 f5 48 89 fb 65 [ 35.461756] RIP: i2c_transfer+0x4/0x86 RSP: ffff9b4e43d47b30 [ 35.461757] CR2: 0000000000000010 [ 35.461759] ---[ end trace 4fe1e63e2dd93374 ]--- Based on a patch by Fei Li. Cc: stable(a)vger.kernel.org Cc: Fei Li <fei.li(a)intel.com> Co-developed-by: Fei Li <fei.li(a)intel.com> Reported-by: Pavel Nakonechnyi <zorg1331(a)gmail.com> Reported-by: Seweryn Kokot <sewkokot(a)gmail.com> Reported-by: Laszlo Valko <valko(a)linux.karinthy.hu> Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=105549 Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=105961 Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> --- drivers/gpu/drm/i915/intel_bios.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/i915/intel_bios.c b/drivers/gpu/drm/i915/intel_bios.c index c5c7530ba157..6db845991a69 100644 --- a/drivers/gpu/drm/i915/intel_bios.c +++ b/drivers/gpu/drm/i915/intel_bios.c @@ -1256,7 +1256,6 @@ static void parse_ddi_port(struct drm_i915_private *dev_priv, enum port port, return; aux_channel = child->aux_channel; - ddc_pin = child->ddc_pin; is_dvi = child->device_type & DEVICE_TYPE_TMDS_DVI_SIGNALING; is_dp = child->device_type & DEVICE_TYPE_DISPLAYPORT_OUTPUT; @@ -1303,9 +1302,15 @@ static void parse_ddi_port(struct drm_i915_private *dev_priv, enum port port, DRM_DEBUG_KMS("Port %c is internal DP\n", port_name(port)); if (is_dvi) { - info->alternate_ddc_pin = map_ddc_pin(dev_priv, ddc_pin); - - sanitize_ddc_pin(dev_priv, port); + ddc_pin = map_ddc_pin(dev_priv, child->ddc_pin); + if (intel_gmbus_is_valid_pin(dev_priv, ddc_pin)) { + info->alternate_ddc_pin = ddc_pin; + sanitize_ddc_pin(dev_priv, port); + } else { + DRM_DEBUG_KMS("Port %c has invalid DDC pin %d, " + "reverting to defaults\n", + port_name(port), ddc_pin); + } } if (is_dp) { -- 2.11.0

7 years, 5 months

2
4
0 0

Re: [PATCH] memcg, thp: do not invoke oom killer on thp charges

by Sasha Levin

Hi, [This is an automated email] This commit has been processed because it contains a "Fixes:" tag, fixing commit: 2516035499b9 mm, thp: remove __GFP_NORETRY from khugepaged and madvised allocations. The bot has also determined it's probably a bug fixing patch. (score: 12.0224) The bot has tested the following trees: v4.16, v4.15.15, v4.14.32, v4.9.92. v4.16: Build OK! v4.15.15: Build OK! v4.14.32: Build OK! v4.9.92: Build OK! -- Thanks, Sasha

7 years, 5 months

2
1
0 0

v4.9.93 build: 3 failures 2 warnings (v4.9.93)

by Build bot for Mark Brown

Tree/Branch: v4.9.93 Git describe: v4.9.93 Commit: d32da5bd9f Linux 4.9.93 Build Time: 82 min 46 sec Passed: 8 / 11 ( 72.73 %) Failed: 3 / 11 ( 27.27 %) Errors: 37 Warnings: 2 Section Mismatches: 0 Failed defconfigs: arm-multi_v7_defconfig arm-allmodconfig arm-multi_v5_defconfig Errors: arm-multi_v7_defconfig ../net/core/sock.c:691:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:890:7: error: 'SO_ATTACH_BPF' undeclared (first use in this function) ../net/core/sock.c:903:7: error: 'SO_ATTACH_REUSEPORT_CBPF' undeclared (first use in this function) ../net/core/sock.c:916:7: error: 'SO_ATTACH_REUSEPORT_EBPF' undeclared (first use in this function) ../net/core/sock.c:933:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:972:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:977:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:990:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:996:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/core/sock.c:1000:7: error: 'SO_CNX_ADVICE' undeclared (first use in this function) ../net/core/sock.c:1073:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:1231:7: error: 'SO_GET_FILTER' undeclared (first use in this function) ../net/core/sock.c:1238:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:1242:7: error: 'SO_BPF_EXTENSIONS' undeclared (first use in this function) ../net/core/sock.c:1246:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:1251:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:1256:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1260:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/sunrpc/xprtsock.c:1758:38: error: 'SO_REUSEPORT' undeclared (first use in this function) arm-allmodconfig ../net/core/sock.c:691:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:890:7: error: 'SO_ATTACH_BPF' undeclared (first use in this function) ../net/core/sock.c:903:7: error: 'SO_ATTACH_REUSEPORT_CBPF' undeclared (first use in this function) ../net/core/sock.c:916:7: error: 'SO_ATTACH_REUSEPORT_EBPF' undeclared (first use in this function) ../net/core/sock.c:933:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:972:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:977:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:990:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:996:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/core/sock.c:1000:7: error: 'SO_CNX_ADVICE' undeclared (first use in this function) ../net/core/sock.c:1073:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:1231:7: error: 'SO_GET_FILTER' undeclared (first use in this function) ../net/core/sock.c:1238:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:1242:7: error: 'SO_BPF_EXTENSIONS' undeclared (first use in this function) ../net/core/sock.c:1246:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:1251:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:1256:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1260:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) Error: ../arch/arm/boot/dts/tegra20.dtsi:1.1-9 syntax error Error: ../arch/arm/boot/dts/omap4.dtsi:9.1-9 syntax error Error: ../arch/arm/boot/dts/emev2.dtsi:11.1-9 syntax error Error: ../arch/arm/boot/dts/tegra20.dtsi:1.1-9 syntax error Error: ../arch/arm/boot/dts/tegra20.dtsi:1.1-9 syntax error ../arch/arm/boot/dts/omap3-gta04.dts:132:57: error: unterminated comment Error: ../arch/arm/boot/dts/r8a7740-armadillo800eva-reference.dts:203.16-17 syntax error Error: ../arch/arm/boot/dts/tegra30.dtsi:1.1-9 syntax error Error: ../arch/arm/boot/dts/tegra20.dtsi:1.1-9 syntax error ../arch/arm/boot/dts/ccu8540.dts:13:23: fatal error: dbx5x0.dtsi: No such file or directory Error: ../arch/arm/boot/dts/r8a7790.dtsi:13.1-9 syntax error Error: ../arch/arm/boot/dts/vf610-colibri.dts:91.5-6 syntax error Error: ../arch/arm/boot/dts/tegra30.dtsi:1.1-9 syntax error Error: ../arch/arm/boot/dts/omap4-panda.dts:10.1-9 syntax error Error: ../arch/arm/boot/dts/tegra20.dtsi:1.1-9 syntax error ../net/sunrpc/xprtsock.c:1758:38: error: 'SO_REUSEPORT' undeclared (first use in this function) ../arch/arm/include/asm/parport.h:12:22: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'parport_pc_find_isa_ports' ../arch/arm/include/asm/parport.h:13:22: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'parport_pc_find_nonpci_ports' ../drivers/parport/parport_pc.c:3070:2: error: implicit declaration of function 'parport_pc_find_nonpci_ports' [-Werror=implicit-function-declaration] ERROR (phandle_references): Reference to non-existent node or label "tc3589x_gpio" ERROR (phandle_references): Reference to non-existent node or label "tc3589x_gpio" ERROR (phandle_references): Reference to non-existent node or label "tc3589x_gpio" ERROR (phandle_references): Reference to non-existent node or label "tc3589x_gpio" ERROR: Input tree has errors, aborting (use -f to force output) ERROR (phandle_references): Reference to non-existent node or label "tc3589x_gpio" ERROR: Input tree has errors, aborting (use -f to force output) ERROR (phandle_references): Reference to non-existent node or label "mainpllclk" ERROR (phandle_references): Reference to non-existent node or label "refclksys" ERROR (phandle_references): Reference to non-existent node or label "papllclk" ERROR: Input tree has errors, aborting (use -f to force output) arm-multi_v5_defconfig ../net/core/sock.c:691:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:890:7: error: 'SO_ATTACH_BPF' undeclared (first use in this function) ../net/core/sock.c:903:7: error: 'SO_ATTACH_REUSEPORT_CBPF' undeclared (first use in this function) ../net/core/sock.c:916:7: error: 'SO_ATTACH_REUSEPORT_EBPF' undeclared (first use in this function) ../net/core/sock.c:933:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:972:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:977:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:990:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:996:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/core/sock.c:1000:7: error: 'SO_CNX_ADVICE' undeclared (first use in this function) ../net/core/sock.c:1073:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:1231:7: error: 'SO_GET_FILTER' undeclared (first use in this function) ../net/core/sock.c:1238:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:1242:7: error: 'SO_BPF_EXTENSIONS' undeclared (first use in this function) ../net/core/sock.c:1246:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:1251:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:1256:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1260:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/sunrpc/xprtsock.c:1758:38: error: 'SO_REUSEPORT' undeclared (first use in this function) ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 1 warnings 0 mismatches : x86_64-allmodconfig 1 warnings 0 mismatches : arm64-allmodconfig ------------------------------------------------------------------------------- Errors summary: 37 5 Error: ../arch/arm/boot/dts/tegra20.dtsi:1.1-9 syntax error 5 ERROR (phandle_references): Reference to non-existent node or label "tc3589x_gpio" 3 ERROR: Input tree has errors, aborting (use -f to force output) 3 ../net/sunrpc/xprtsock.c:1758:38: error: 'SO_REUSEPORT' undeclared (first use in this function) 3 ../net/core/sock.c:996:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) 3 ../net/core/sock.c:990:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) 3 ../net/core/sock.c:977:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) 3 ../net/core/sock.c:972:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) 3 ../net/core/sock.c:933:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) 3 ../net/core/sock.c:916:7: error: 'SO_ATTACH_REUSEPORT_EBPF' undeclared (first use in this function) 3 ../net/core/sock.c:903:7: error: 'SO_ATTACH_REUSEPORT_CBPF' undeclared (first use in this function) 3 ../net/core/sock.c:890:7: error: 'SO_ATTACH_BPF' undeclared (first use in this function) 3 ../net/core/sock.c:691:7: error: 'SO_REUSEPORT' undeclared (first use in this function) 3 ../net/core/sock.c:1260:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) 3 ../net/core/sock.c:1256:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) 3 ../net/core/sock.c:1251:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) 3 ../net/core/sock.c:1246:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) 3 ../net/core/sock.c:1242:7: error: 'SO_BPF_EXTENSIONS' undeclared (first use in this function) 3 ../net/core/sock.c:1238:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) 3 ../net/core/sock.c:1231:7: error: 'SO_GET_FILTER' undeclared (first use in this function) 3 ../net/core/sock.c:1073:7: error: 'SO_REUSEPORT' undeclared (first use in this function) 3 ../net/core/sock.c:1000:7: error: 'SO_CNX_ADVICE' undeclared (first use in this function) 2 Error: ../arch/arm/boot/dts/tegra30.dtsi:1.1-9 syntax error 1 Error: ../arch/arm/boot/dts/vf610-colibri.dts:91.5-6 syntax error 1 Error: ../arch/arm/boot/dts/r8a7790.dtsi:13.1-9 syntax error 1 Error: ../arch/arm/boot/dts/r8a7740-armadillo800eva-reference.dts:203.16-17 syntax error 1 Error: ../arch/arm/boot/dts/omap4.dtsi:9.1-9 syntax error 1 Error: ../arch/arm/boot/dts/omap4-panda.dts:10.1-9 syntax error 1 Error: ../arch/arm/boot/dts/emev2.dtsi:11.1-9 syntax error 1 ERROR (phandle_references): Reference to non-existent node or label "refclksys" 1 ERROR (phandle_references): Reference to non-existent node or label "papllclk" 1 ERROR (phandle_references): Reference to non-existent node or label "mainpllclk" 1 ../drivers/parport/parport_pc.c:3070:2: error: implicit declaration of function 'parport_pc_find_nonpci_ports' [-Werror=implicit-function-declaration] 1 ../arch/arm/include/asm/parport.h:13:22: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'parport_pc_find_nonpci_ports' 1 ../arch/arm/include/asm/parport.h:12:22: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'parport_pc_find_isa_ports' 1 ../arch/arm/boot/dts/omap3-gta04.dts:132:57: error: unterminated comment 1 ../arch/arm/boot/dts/ccu8540.dts:13:23: fatal error: dbx5x0.dtsi: No such file or directory Warnings Summary: 2 1 drivers/target/iscsi/iscsi_target.o: warning: objtool: iscsit_handle_task_mgt_cmd()+0x78b: sibling call from callable instruction with changed frame pointer 1 ../include/linux/sched.h:2348:56: warning: 'noio_flag' may be used uninitialized in this function [-Wmaybe-uninitialized] =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- x86_64-allmodconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: drivers/target/iscsi/iscsi_target.o: warning: objtool: iscsit_handle_task_mgt_cmd()+0x78b: sibling call from callable instruction with changed frame pointer ------------------------------------------------------------------------------- arm64-allmodconfig : PASS, 0 errors, 1 warnings, 0 section mismatches Warnings: ../include/linux/sched.h:2348:56: warning: 'noio_flag' may be used uninitialized in this function [-Wmaybe-uninitialized] ------------------------------------------------------------------------------- arm-multi_v7_defconfig : FAIL, 19 errors, 0 warnings, 0 section mismatches Errors: ../net/core/sock.c:691:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:890:7: error: 'SO_ATTACH_BPF' undeclared (first use in this function) ../net/core/sock.c:903:7: error: 'SO_ATTACH_REUSEPORT_CBPF' undeclared (first use in this function) ../net/core/sock.c:916:7: error: 'SO_ATTACH_REUSEPORT_EBPF' undeclared (first use in this function) ../net/core/sock.c:933:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:972:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:977:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:990:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:996:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/core/sock.c:1000:7: error: 'SO_CNX_ADVICE' undeclared (first use in this function) ../net/core/sock.c:1073:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:1231:7: error: 'SO_GET_FILTER' undeclared (first use in this function) ../net/core/sock.c:1238:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:1242:7: error: 'SO_BPF_EXTENSIONS' undeclared (first use in this function) ../net/core/sock.c:1246:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:1251:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:1256:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1260:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/sunrpc/xprtsock.c:1758:38: error: 'SO_REUSEPORT' undeclared (first use in this function) ------------------------------------------------------------------------------- arm-allmodconfig : FAIL, 48 errors, 0 warnings, 0 section mismatches Errors: ../net/core/sock.c:691:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:890:7: error: 'SO_ATTACH_BPF' undeclared (first use in this function) ../net/core/sock.c:903:7: error: 'SO_ATTACH_REUSEPORT_CBPF' undeclared (first use in this function) ../net/core/sock.c:916:7: error: 'SO_ATTACH_REUSEPORT_EBPF' undeclared (first use in this function) ../net/core/sock.c:933:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:972:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:977:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:990:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:996:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/core/sock.c:1000:7: error: 'SO_CNX_ADVICE' undeclared (first use in this function) ../net/core/sock.c:1073:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:1231:7: error: 'SO_GET_FILTER' undeclared (first use in this function) ../net/core/sock.c:1238:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:1242:7: error: 'SO_BPF_EXTENSIONS' undeclared (first use in this function) ../net/core/sock.c:1246:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:1251:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:1256:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1260:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) Error: ../arch/arm/boot/dts/tegra20.dtsi:1.1-9 syntax error Error: ../arch/arm/boot/dts/omap4.dtsi:9.1-9 syntax error Error: ../arch/arm/boot/dts/emev2.dtsi:11.1-9 syntax error Error: ../arch/arm/boot/dts/tegra20.dtsi:1.1-9 syntax error Error: ../arch/arm/boot/dts/tegra20.dtsi:1.1-9 syntax error ../arch/arm/boot/dts/omap3-gta04.dts:132:57: error: unterminated comment Error: ../arch/arm/boot/dts/r8a7740-armadillo800eva-reference.dts:203.16-17 syntax error Error: ../arch/arm/boot/dts/tegra30.dtsi:1.1-9 syntax error Error: ../arch/arm/boot/dts/tegra20.dtsi:1.1-9 syntax error ../arch/arm/boot/dts/ccu8540.dts:13:23: fatal error: dbx5x0.dtsi: No such file or directory Error: ../arch/arm/boot/dts/r8a7790.dtsi:13.1-9 syntax error Error: ../arch/arm/boot/dts/vf610-colibri.dts:91.5-6 syntax error Error: ../arch/arm/boot/dts/tegra30.dtsi:1.1-9 syntax error Error: ../arch/arm/boot/dts/omap4-panda.dts:10.1-9 syntax error Error: ../arch/arm/boot/dts/tegra20.dtsi:1.1-9 syntax error ../net/sunrpc/xprtsock.c:1758:38: error: 'SO_REUSEPORT' undeclared (first use in this function) ../arch/arm/include/asm/parport.h:12:22: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'parport_pc_find_isa_ports' ../arch/arm/include/asm/parport.h:13:22: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'parport_pc_find_nonpci_ports' ../drivers/parport/parport_pc.c:3070:2: error: implicit declaration of function 'parport_pc_find_nonpci_ports' [-Werror=implicit-function-declaration] ERROR (phandle_references): Reference to non-existent node or label "tc3589x_gpio" ERROR (phandle_references): Reference to non-existent node or label "tc3589x_gpio" ERROR (phandle_references): Reference to non-existent node or label "tc3589x_gpio" ERROR (phandle_references): Reference to non-existent node or label "tc3589x_gpio" ERROR: Input tree has errors, aborting (use -f to force output) ERROR (phandle_references): Reference to non-existent node or label "tc3589x_gpio" ERROR: Input tree has errors, aborting (use -f to force output) ERROR (phandle_references): Reference to non-existent node or label "mainpllclk" ERROR (phandle_references): Reference to non-existent node or label "refclksys" ERROR (phandle_references): Reference to non-existent node or label "papllclk" ERROR: Input tree has errors, aborting (use -f to force output) ------------------------------------------------------------------------------- arm-multi_v5_defconfig : FAIL, 19 errors, 0 warnings, 0 section mismatches Errors: ../net/core/sock.c:691:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:890:7: error: 'SO_ATTACH_BPF' undeclared (first use in this function) ../net/core/sock.c:903:7: error: 'SO_ATTACH_REUSEPORT_CBPF' undeclared (first use in this function) ../net/core/sock.c:916:7: error: 'SO_ATTACH_REUSEPORT_EBPF' undeclared (first use in this function) ../net/core/sock.c:933:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:972:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:977:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:990:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:996:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/core/sock.c:1000:7: error: 'SO_CNX_ADVICE' undeclared (first use in this function) ../net/core/sock.c:1073:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:1231:7: error: 'SO_GET_FILTER' undeclared (first use in this function) ../net/core/sock.c:1238:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:1242:7: error: 'SO_BPF_EXTENSIONS' undeclared (first use in this function) ../net/core/sock.c:1246:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:1251:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:1256:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1260:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/sunrpc/xprtsock.c:1758:38: error: 'SO_REUSEPORT' undeclared (first use in this function) ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig x86_64-defconfig arm-allnoconfig x86_64-allnoconfig arm-multi_v4t_defconfig arm64-defconfig

7 years, 5 months

1
0
0 0

Patch "vti6: better validate user provided tunnel names" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled vti6: better validate user provided tunnel names to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: vti6-better-validate-user-provided-tunnel-names.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Apr 11 10:26:56 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Thu, 5 Apr 2018 06:39:31 -0700 Subject: vti6: better validate user provided tunnel names From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit 537b361fbcbcc3cd6fe2bb47069fd292b9256d16 ] Use valid_name() to make sure user does not provide illegal device name. Fixes: ed1efb2aefbb ("ipv6: Add support for IPsec virtual tunnel interfaces") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Cc: Steffen Klassert <steffen.klassert(a)secunet.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv6/ip6_vti.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) --- a/net/ipv6/ip6_vti.c +++ b/net/ipv6/ip6_vti.c @@ -212,10 +212,13 @@ static struct ip6_tnl *vti6_tnl_create(s char name[IFNAMSIZ]; int err; - if (p->name[0]) + if (p->name[0]) { + if (!dev_valid_name(p->name)) + goto failed; strlcpy(name, p->name, IFNAMSIZ); - else + } else { sprintf(name, "ip6_vti%%d"); + } dev = alloc_netdev(sizeof(*t), name, NET_NAME_UNKNOWN, vti6_dev_setup); if (!dev) Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.9/tcp-better-validation-of-received-ack-sequences.patch queue-4.9/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.9/net-fix-possible-out-of-bound-read-in-skb_network_protocol.patch queue-4.9/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.9/x86-asm-don-t-use-rbp-as-a-temporary-register-in-csum_partial_copy_generic.patch queue-4.9/net-fool-proof-dev_valid_name.patch queue-4.9/ipv6-the-entire-ipv6-header-chain-must-fit-the-first-fragment.patch queue-4.9/vti6-better-validate-user-provided-tunnel-names.patch queue-4.9/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.9/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.9/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.9/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.9/skbuff-only-inherit-relevant-tx_flags.patch queue-4.9/netlink-make-sure-nladdr-has-correct-size-in-netlink_connect.patch queue-4.9/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "vhost_net: add missing lock nesting notation" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled vhost_net: add missing lock nesting notation to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: vhost_net-add-missing-lock-nesting-notation.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Apr 11 10:26:56 CEST 2018 From: Jason Wang <jasowang(a)redhat.com> Date: Mon, 26 Mar 2018 16:10:23 +0800 Subject: vhost_net: add missing lock nesting notation From: Jason Wang <jasowang(a)redhat.com> [ Upstream commit aaa3149bbee9ba9b4e6f0bd6e3e7d191edeae942 ] We try to hold TX virtqueue mutex in vhost_net_rx_peek_head_len() after RX virtqueue mutex is held in handle_rx(). This requires an appropriate lock nesting notation to calm down deadlock detector. Fixes: 0308813724606 ("vhost_net: basic polling support") Reported-by: syzbot+7f073540b1384a614e09(a)syzkaller.appspotmail.com Signed-off-by: Jason Wang <jasowang(a)redhat.com> Acked-by: Michael S. Tsirkin <mst(a)redhat.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/vhost/net.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/drivers/vhost/net.c +++ b/drivers/vhost/net.c @@ -524,7 +524,7 @@ static int vhost_net_rx_peek_head_len(st if (!len && vq->busyloop_timeout) { /* Both tx vq and rx socket were polled here */ - mutex_lock(&vq->mutex); + mutex_lock_nested(&vq->mutex, 1); vhost_disable_notify(&net->dev, vq); preempt_disable(); @@ -657,7 +657,7 @@ static void handle_rx(struct vhost_net * struct iov_iter fixup; __virtio16 num_buffers; - mutex_lock(&vq->mutex); + mutex_lock_nested(&vq->mutex, 0); sock = vq->private_data; if (!sock) goto out; Patches currently in stable-queue which might be from jasowang(a)redhat.com are queue-4.9/skbuff-return-emsgsize-in-skb_to_sgvec-to-prevent-overflow.patch queue-4.9/virtio_net-check-return-value-of-skb_to_sgvec-always.patch queue-4.9/vhost-validate-log-when-iotlb-is-enabled.patch queue-4.9/vhost_net-add-missing-lock-nesting-notation.patch queue-4.9/vhost-correctly-remove-wait-queue-during-poll-failure.patch queue-4.9/virtio_net-check-return-value-of-skb_to_sgvec-in-one-more-location.patch

7 years, 5 months

1
0
0 0

Patch "vlan: also check phy_driver ts_info for vlan's real device" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled vlan: also check phy_driver ts_info for vlan's real device to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: vlan-also-check-phy_driver-ts_info-for-vlan-s-real-device.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Apr 11 10:26:56 CEST 2018 From: Hangbin Liu <liuhangbin(a)gmail.com> Date: Fri, 30 Mar 2018 09:44:00 +0800 Subject: vlan: also check phy_driver ts_info for vlan's real device From: Hangbin Liu <liuhangbin(a)gmail.com> [ Upstream commit ec1d8ccb07deaf30fd0508af6755364ac47dc08d ] Just like function ethtool_get_ts_info(), we should also consider the phy_driver ts_info call back. For example, driver dp83640. Fixes: 37dd9255b2f6 ("vlan: Pass ethtool get_ts_info queries to real device.") Acked-by: Richard Cochran <richardcochran(a)gmail.com> Signed-off-by: Hangbin Liu <liuhangbin(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/8021q/vlan_dev.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) --- a/net/8021q/vlan_dev.c +++ b/net/8021q/vlan_dev.c @@ -29,6 +29,7 @@ #include <linux/net_tstamp.h> #include <linux/etherdevice.h> #include <linux/ethtool.h> +#include <linux/phy.h> #include <net/arp.h> #include <net/switchdev.h> @@ -658,8 +659,11 @@ static int vlan_ethtool_get_ts_info(stru { const struct vlan_dev_priv *vlan = vlan_dev_priv(dev); const struct ethtool_ops *ops = vlan->real_dev->ethtool_ops; + struct phy_device *phydev = vlan->real_dev->phydev; - if (ops->get_ts_info) { + if (phydev && phydev->drv && phydev->drv->ts_info) { + return phydev->drv->ts_info(phydev, info); + } else if (ops->get_ts_info) { return ops->get_ts_info(vlan->real_dev, info); } else { info->so_timestamping = SOF_TIMESTAMPING_RX_SOFTWARE | Patches currently in stable-queue which might be from liuhangbin(a)gmail.com are queue-4.9/vlan-also-check-phy_driver-ts_info-for-vlan-s-real-device.patch queue-4.9/l2tp-fix-missing-print-session-offset-info.patch

7 years, 5 months

1
0
0 0

Patch "vhost: validate log when IOTLB is enabled" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled vhost: validate log when IOTLB is enabled to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: vhost-validate-log-when-iotlb-is-enabled.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Apr 11 10:26:56 CEST 2018 From: Jason Wang <jasowang(a)redhat.com> Date: Thu, 29 Mar 2018 16:00:04 +0800 Subject: vhost: validate log when IOTLB is enabled From: Jason Wang <jasowang(a)redhat.com> [ Upstream commit d65026c6c62e7d9616c8ceb5a53b68bcdc050525 ] Vq log_base is the userspace address of bitmap which has nothing to do with IOTLB. So it needs to be validated unconditionally otherwise we may try use 0 as log_base which may lead to pin pages that will lead unexpected result (e.g trigger BUG_ON() in set_bit_to_user()). Fixes: 6b1e6cc7855b0 ("vhost: new device IOTLB API") Reported-by: syzbot+6304bf97ef436580fede(a)syzkaller.appspotmail.com Signed-off-by: Jason Wang <jasowang(a)redhat.com> Acked-by: Michael S. Tsirkin <mst(a)redhat.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/vhost/vhost.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c @@ -1175,14 +1175,12 @@ static int vq_log_access_ok(struct vhost /* Caller should have vq mutex and device mutex */ int vhost_vq_access_ok(struct vhost_virtqueue *vq) { - if (vq->iotlb) { - /* When device IOTLB was used, the access validation - * will be validated during prefetching. - */ - return 1; - } - return vq_access_ok(vq, vq->num, vq->desc, vq->avail, vq->used) && - vq_log_access_ok(vq, vq->log_base); + int ret = vq_log_access_ok(vq, vq->log_base); + + if (ret || vq->iotlb) + return ret; + + return vq_access_ok(vq, vq->num, vq->desc, vq->avail, vq->used); } EXPORT_SYMBOL_GPL(vhost_vq_access_ok); Patches currently in stable-queue which might be from jasowang(a)redhat.com are queue-4.9/skbuff-return-emsgsize-in-skb_to_sgvec-to-prevent-overflow.patch queue-4.9/virtio_net-check-return-value-of-skb_to_sgvec-always.patch queue-4.9/vhost-validate-log-when-iotlb-is-enabled.patch queue-4.9/vhost_net-add-missing-lock-nesting-notation.patch queue-4.9/vhost-correctly-remove-wait-queue-during-poll-failure.patch queue-4.9/virtio_net-check-return-value-of-skb_to_sgvec-in-one-more-location.patch

7 years, 5 months

1
0
0 0

Patch "vhost: correctly remove wait queue during poll failure" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled vhost: correctly remove wait queue during poll failure to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: vhost-correctly-remove-wait-queue-during-poll-failure.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Apr 11 10:26:56 CEST 2018 From: Jason Wang <jasowang(a)redhat.com> Date: Tue, 27 Mar 2018 20:50:52 +0800 Subject: vhost: correctly remove wait queue during poll failure From: Jason Wang <jasowang(a)redhat.com> [ Upstream commit dc6455a71c7fc5117977e197f67f71b49f27baba ] We tried to remove vq poll from wait queue, but do not check whether or not it was in a list before. This will lead double free. Fixing this by switching to use vhost_poll_stop() which zeros poll->wqh after removing poll from waitqueue to make sure it won't be freed twice. Cc: Darren Kenny <darren.kenny(a)oracle.com> Reported-by: syzbot+c0272972b01b872e604a(a)syzkaller.appspotmail.com Fixes: 2b8b328b61c79 ("vhost_net: handle polling errors when setting backend") Signed-off-by: Jason Wang <jasowang(a)redhat.com> Reviewed-by: Darren Kenny <darren.kenny(a)oracle.com> Acked-by: Michael S. Tsirkin <mst(a)redhat.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/vhost/vhost.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c @@ -211,8 +211,7 @@ int vhost_poll_start(struct vhost_poll * if (mask) vhost_poll_wakeup(&poll->wait, 0, 0, (void *)mask); if (mask & POLLERR) { - if (poll->wqh) - remove_wait_queue(poll->wqh, &poll->wait); + vhost_poll_stop(poll); ret = -EINVAL; } Patches currently in stable-queue which might be from jasowang(a)redhat.com are queue-4.9/skbuff-return-emsgsize-in-skb_to_sgvec-to-prevent-overflow.patch queue-4.9/virtio_net-check-return-value-of-skb_to_sgvec-always.patch queue-4.9/vhost-validate-log-when-iotlb-is-enabled.patch queue-4.9/vhost_net-add-missing-lock-nesting-notation.patch queue-4.9/vhost-correctly-remove-wait-queue-during-poll-failure.patch queue-4.9/virtio_net-check-return-value-of-skb_to_sgvec-in-one-more-location.patch

7 years, 5 months

1
0
0 0

Patch "team: move dev_mc_sync after master_upper_dev_link in team_port_add" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled team: move dev_mc_sync after master_upper_dev_link in team_port_add to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: team-move-dev_mc_sync-after-master_upper_dev_link-in-team_port_add.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Apr 11 10:26:56 CEST 2018 From: Xin Long <lucien.xin(a)gmail.com> Date: Mon, 26 Mar 2018 01:25:06 +0800 Subject: team: move dev_mc_sync after master_upper_dev_link in team_port_add From: Xin Long <lucien.xin(a)gmail.com> [ Upstream commit 982cf3b3999d39a2eaca0a65542df33c19b5d814 ] The same fix as in 'bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave' is needed for team driver. The panic can be reproduced easily: ip link add team1 type team ip link set team1 up ip link add link team1 vlan1 type vlan id 80 ip link set vlan1 master team1 Fixes: cb41c997d444 ("team: team should sync the port's uc/mc addrs when add a port") Signed-off-by: Xin Long <lucien.xin(a)gmail.com> Acked-by: Jiri Pirko <jiri(a)mellanox.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/team/team.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) --- a/drivers/net/team/team.c +++ b/drivers/net/team/team.c @@ -1203,11 +1203,6 @@ static int team_port_add(struct team *te goto err_dev_open; } - netif_addr_lock_bh(dev); - dev_uc_sync_multiple(port_dev, dev); - dev_mc_sync_multiple(port_dev, dev); - netif_addr_unlock_bh(dev); - err = vlan_vids_add_by_dev(port_dev, dev); if (err) { netdev_err(dev, "Failed to add vlan ids to device %s\n", @@ -1247,6 +1242,11 @@ static int team_port_add(struct team *te goto err_option_port_add; } + netif_addr_lock_bh(dev); + dev_uc_sync_multiple(port_dev, dev); + dev_mc_sync_multiple(port_dev, dev); + netif_addr_unlock_bh(dev); + port->index = -1; list_add_tail_rcu(&port->list, &team->port_list); team_port_enable(team, port); @@ -1271,8 +1271,6 @@ err_enable_netpoll: vlan_vids_del_by_dev(port_dev, dev); err_vids_add: - dev_uc_unsync(port_dev, dev); - dev_mc_unsync(port_dev, dev); dev_close(port_dev); err_dev_open: Patches currently in stable-queue which might be from lucien.xin(a)gmail.com are queue-4.9/team-move-dev_mc_sync-after-master_upper_dev_link-in-team_port_add.patch queue-4.9/bonding-process-the-err-returned-by-dev_set_allmulti-properly-in-bond_enslave.patch queue-4.9/bonding-fix-the-err-path-for-dev-hwaddr-sync-in-bond_enslave.patch queue-4.9/bonding-move-dev_mc_sync-after-master_upper_dev_link-in-bond_enslave.patch queue-4.9/route-check-sysctl_fib_multipath_use_neigh-earlier-than-hash.patch queue-4.9/sctp-fix-recursive-locking-warning-in-sctp_do_peeloff.patch

7 years, 5 months

1
0
0 0

Patch "strparser: Fix sign of err codes" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled strparser: Fix sign of err codes to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: strparser-fix-sign-of-err-codes.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Apr 11 10:26:56 CEST 2018 From: Dave Watson <davejwatson(a)fb.com> Date: Mon, 26 Mar 2018 12:31:21 -0700 Subject: strparser: Fix sign of err codes From: Dave Watson <davejwatson(a)fb.com> [ Upstream commit cd00edc179863848abab5cc5683de5b7b5f70954 ] strp_parser_err is called with a negative code everywhere, which then calls abort_parser with a negative code. strp_msg_timeout calls abort_parser directly with a positive code. Negate ETIMEDOUT to match signed-ness of other calls. The default abort_parser callback, strp_abort_strp, sets sk->sk_err to err. Also negate the error here so sk_err always holds a positive value, as the rest of the net code expects. Currently a negative sk_err can result in endless loops, or user code that thinks it actually sent/received err bytes. Found while testing net/tls_sw recv path. Fixes: 43a0c6751a322847 ("strparser: Stream parser for messages") Signed-off-by: Dave Watson <davejwatson(a)fb.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/strparser/strparser.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/net/strparser/strparser.c +++ b/net/strparser/strparser.c @@ -59,7 +59,7 @@ static void strp_abort_rx_strp(struct st strp->rx_stopped = 1; /* Report an error on the lower socket */ - csk->sk_err = err; + csk->sk_err = -err; csk->sk_error_report(csk); } @@ -422,7 +422,7 @@ static void strp_rx_msg_timeout(unsigned /* Message assembly timed out */ STRP_STATS_INCR(strp->stats.rx_msg_timeouts); lock_sock(strp->sk); - strp->cb.abort_parser(strp, ETIMEDOUT); + strp->cb.abort_parser(strp, -ETIMEDOUT); release_sock(strp->sk); } Patches currently in stable-queue which might be from davejwatson(a)fb.com are queue-4.9/strparser-fix-sign-of-err-codes.patch

7 years, 5 months

1
0
0 0

Patch "sky2: Increase D3 delay to sky2 stops working after suspend" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled sky2: Increase D3 delay to sky2 stops working after suspend to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: sky2-increase-d3-delay-to-sky2-stops-working-after-suspend.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Apr 11 10:26:56 CEST 2018 From: Kai-Heng Feng <kai.heng.feng(a)canonical.com> Date: Sat, 31 Mar 2018 23:42:03 +0800 Subject: sky2: Increase D3 delay to sky2 stops working after suspend From: Kai-Heng Feng <kai.heng.feng(a)canonical.com> [ Upstream commit afb133637071be6deeb8b3d0e55593ffbf63c527 ] The sky2 ethernet stops working after system resume from suspend: [ 582.852065] sky2 0000:04:00.0: Refused to change power state, currently in D3 The current 150ms delay is not enough, change it to 200ms can solve the issue. BugLink: https://bugs.launchpad.net/bugs/1758507 Cc: Stable <stable(a)vger.kernel.org> Signed-off-by: Kai-Heng Feng <kai.heng.feng(a)canonical.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/marvell/sky2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/net/ethernet/marvell/sky2.c +++ b/drivers/net/ethernet/marvell/sky2.c @@ -5079,7 +5079,7 @@ static int sky2_probe(struct pci_dev *pd INIT_WORK(&hw->restart_work, sky2_restart); pci_set_drvdata(pdev, hw); - pdev->d3_delay = 150; + pdev->d3_delay = 200; return 0; Patches currently in stable-queue which might be from kai.heng.feng(a)canonical.com are queue-4.9/sky2-increase-d3-delay-to-sky2-stops-working-after-suspend.patch

7 years, 5 months

1
0
0 0

Patch "sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Apr 11 10:26:56 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Sun, 8 Apr 2018 07:52:08 -0700 Subject: sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit 81e98370293afcb58340ce8bd71af7b97f925c26 ] Check must happen before call to ipv6_addr_v4mapped() syzbot report was : BUG: KMSAN: uninit-value in sctp_sockaddr_af net/sctp/socket.c:359 [inline] BUG: KMSAN: uninit-value in sctp_do_bind+0x60f/0xdc0 net/sctp/socket.c:384 CPU: 0 PID: 3576 Comm: syzkaller968804 Not tainted 4.16.0+ #82 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x185/0x1d0 lib/dump_stack.c:53 kmsan_report+0x142/0x240 mm/kmsan/kmsan.c:1067 __msan_warning_32+0x6c/0xb0 mm/kmsan/kmsan_instr.c:676 sctp_sockaddr_af net/sctp/socket.c:359 [inline] sctp_do_bind+0x60f/0xdc0 net/sctp/socket.c:384 sctp_bind+0x149/0x190 net/sctp/socket.c:332 inet6_bind+0x1fd/0x1820 net/ipv6/af_inet6.c:293 SYSC_bind+0x3f2/0x4b0 net/socket.c:1474 SyS_bind+0x54/0x80 net/socket.c:1460 do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 RIP: 0033:0x43fd49 RSP: 002b:00007ffe99df3d28 EFLAGS: 00000213 ORIG_RAX: 0000000000000031 RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fd49 RDX: 0000000000000010 RSI: 0000000020000000 RDI: 0000000000000003 RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 R10: 00000000004002c8 R11: 0000000000000213 R12: 0000000000401670 R13: 0000000000401700 R14: 0000000000000000 R15: 0000000000000000 Local variable description: ----address@SYSC_bind Variable was created at: SYSC_bind+0x6f/0x4b0 net/socket.c:1461 SyS_bind+0x54/0x80 net/socket.c:1460 Signed-off-by: Eric Dumazet <edumazet(a)google.com> Cc: Vlad Yasevich <vyasevich(a)gmail.com> Cc: Neil Horman <nhorman(a)tuxdriver.com> Reported-by: syzbot <syzkaller(a)googlegroups.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/sctp/socket.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -335,11 +335,14 @@ static struct sctp_af *sctp_sockaddr_af( if (!opt->pf->af_supported(addr->sa.sa_family, opt)) return NULL; - /* V4 mapped address are really of AF_INET family */ - if (addr->sa.sa_family == AF_INET6 && - ipv6_addr_v4mapped(&addr->v6.sin6_addr) && - !opt->pf->af_supported(AF_INET, opt)) - return NULL; + if (addr->sa.sa_family == AF_INET6) { + if (len < SIN6_LEN_RFC2133) + return NULL; + /* V4 mapped address are really of AF_INET family */ + if (ipv6_addr_v4mapped(&addr->v6.sin6_addr) && + !opt->pf->af_supported(AF_INET, opt)) + return NULL; + } /* If we get this far, af is valid. */ af = sctp_get_af_specific(addr->sa.sa_family); Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.9/tcp-better-validation-of-received-ack-sequences.patch queue-4.9/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.9/net-fix-possible-out-of-bound-read-in-skb_network_protocol.patch queue-4.9/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.9/x86-asm-don-t-use-rbp-as-a-temporary-register-in-csum_partial_copy_generic.patch queue-4.9/net-fool-proof-dev_valid_name.patch queue-4.9/ipv6-the-entire-ipv6-header-chain-must-fit-the-first-fragment.patch queue-4.9/vti6-better-validate-user-provided-tunnel-names.patch queue-4.9/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.9/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.9/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.9/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.9/skbuff-only-inherit-relevant-tx_flags.patch queue-4.9/netlink-make-sure-nladdr-has-correct-size-in-netlink_connect.patch queue-4.9/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "sctp: do not leak kernel memory to user space" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled sctp: do not leak kernel memory to user space to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: sctp-do-not-leak-kernel-memory-to-user-space.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Apr 11 10:26:56 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Sat, 7 Apr 2018 17:15:22 -0700 Subject: sctp: do not leak kernel memory to user space From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit 6780db244d6b1537d139dea0ec8aad10cf9e4adb ] syzbot produced a nice report [1] Issue here is that a recvmmsg() managed to leak 8 bytes of kernel memory to user space, because sin_zero (padding field) was not properly cleared. [1] BUG: KMSAN: uninit-value in copy_to_user include/linux/uaccess.h:184 [inline] BUG: KMSAN: uninit-value in move_addr_to_user+0x32e/0x530 net/socket.c:227 CPU: 1 PID: 3586 Comm: syzkaller481044 Not tainted 4.16.0+ #82 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x185/0x1d0 lib/dump_stack.c:53 kmsan_report+0x142/0x240 mm/kmsan/kmsan.c:1067 kmsan_internal_check_memory+0x164/0x1d0 mm/kmsan/kmsan.c:1176 kmsan_copy_to_user+0x69/0x160 mm/kmsan/kmsan.c:1199 copy_to_user include/linux/uaccess.h:184 [inline] move_addr_to_user+0x32e/0x530 net/socket.c:227 ___sys_recvmsg+0x4e2/0x810 net/socket.c:2211 __sys_recvmmsg+0x54e/0xdb0 net/socket.c:2313 SYSC_recvmmsg+0x29b/0x3e0 net/socket.c:2394 SyS_recvmmsg+0x76/0xa0 net/socket.c:2378 do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 RIP: 0033:0x4401c9 RSP: 002b:00007ffc56f73098 EFLAGS: 00000217 ORIG_RAX: 000000000000012b RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401c9 RDX: 0000000000000001 RSI: 0000000020003ac0 RDI: 0000000000000003 RBP: 00000000006ca018 R08: 0000000020003bc0 R09: 0000000000000010 R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401af0 R13: 0000000000401b80 R14: 0000000000000000 R15: 0000000000000000 Local variable description: ----addr@___sys_recvmsg Variable was created at: ___sys_recvmsg+0xd5/0x810 net/socket.c:2172 __sys_recvmmsg+0x54e/0xdb0 net/socket.c:2313 Bytes 8-15 of 16 are uninitialized ================================================================== Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 3586 Comm: syzkaller481044 Tainted: G B 4.16.0+ #82 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x185/0x1d0 lib/dump_stack.c:53 panic+0x39d/0x940 kernel/panic.c:183 kmsan_report+0x238/0x240 mm/kmsan/kmsan.c:1083 kmsan_internal_check_memory+0x164/0x1d0 mm/kmsan/kmsan.c:1176 kmsan_copy_to_user+0x69/0x160 mm/kmsan/kmsan.c:1199 copy_to_user include/linux/uaccess.h:184 [inline] move_addr_to_user+0x32e/0x530 net/socket.c:227 ___sys_recvmsg+0x4e2/0x810 net/socket.c:2211 __sys_recvmmsg+0x54e/0xdb0 net/socket.c:2313 SYSC_recvmmsg+0x29b/0x3e0 net/socket.c:2394 SyS_recvmmsg+0x76/0xa0 net/socket.c:2378 do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Cc: Vlad Yasevich <vyasevich(a)gmail.com> Cc: Neil Horman <nhorman(a)tuxdriver.com> Reported-by: syzbot <syzkaller(a)googlegroups.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/sctp/ipv6.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/net/sctp/ipv6.c +++ b/net/sctp/ipv6.c @@ -727,8 +727,10 @@ static int sctp_v6_addr_to_user(struct s sctp_v6_map_v4(addr); } - if (addr->sa.sa_family == AF_INET) + if (addr->sa.sa_family == AF_INET) { + memset(addr->v4.sin_zero, 0, sizeof(addr->v4.sin_zero)); return sizeof(struct sockaddr_in); + } return sizeof(struct sockaddr_in6); } Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.9/tcp-better-validation-of-received-ack-sequences.patch queue-4.9/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.9/net-fix-possible-out-of-bound-read-in-skb_network_protocol.patch queue-4.9/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.9/x86-asm-don-t-use-rbp-as-a-temporary-register-in-csum_partial_copy_generic.patch queue-4.9/net-fool-proof-dev_valid_name.patch queue-4.9/ipv6-the-entire-ipv6-header-chain-must-fit-the-first-fragment.patch queue-4.9/vti6-better-validate-user-provided-tunnel-names.patch queue-4.9/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.9/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.9/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.9/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.9/skbuff-only-inherit-relevant-tx_flags.patch queue-4.9/netlink-make-sure-nladdr-has-correct-size-in-netlink_connect.patch queue-4.9/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "route: check sysctl_fib_multipath_use_neigh earlier than hash" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled route: check sysctl_fib_multipath_use_neigh earlier than hash to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: route-check-sysctl_fib_multipath_use_neigh-earlier-than-hash.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Apr 11 10:26:56 CEST 2018 From: Xin Long <lucien.xin(a)gmail.com> Date: Sun, 1 Apr 2018 22:40:35 +0800 Subject: route: check sysctl_fib_multipath_use_neigh earlier than hash From: Xin Long <lucien.xin(a)gmail.com> [ Upstream commit 6174a30df1b902e1fedbd728f5343937e83e64e6 ] Prior to this patch, when one packet is hashed into path [1] (hash <= nh_upper_bound) and it's neigh is dead, it will try path [2]. However, if path [2]'s neigh is alive but it's hash > nh_upper_bound, it will not return this alive path. This packet will never be sent even if path [2] is alive. 3.3.3.1/24: nexthop via 1.1.1.254 dev eth1 weight 1 <--[1] (dead neigh) nexthop via 2.2.2.254 dev eth2 weight 1 <--[2] With sysctl_fib_multipath_use_neigh set is supposed to find an available path respecting to the l3/l4 hash. But if there is no available route with this hash, it should at least return an alive route even with other hash. This patch is to fix it by processing fib_multipath_use_neigh earlier than the hash check, so that it will at least return an alive route if there is when fib_multipath_use_neigh is enabled. It's also compatible with before when there are alive routes with the l3/l4 hash. Fixes: a6db4494d218 ("net: ipv4: Consider failed nexthops in multipath routes") Reported-by: Jianlin Shi <jishi(a)redhat.com> Signed-off-by: Xin Long <lucien.xin(a)gmail.com> Acked-by: David Ahern <dsa(a)cumulusnetworks.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv4/fib_semantics.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) --- a/net/ipv4/fib_semantics.c +++ b/net/ipv4/fib_semantics.c @@ -1611,18 +1611,20 @@ void fib_select_multipath(struct fib_res bool first = false; for_nexthops(fi) { + if (net->ipv4.sysctl_fib_multipath_use_neigh) { + if (!fib_good_nh(nh)) + continue; + if (!first) { + res->nh_sel = nhsel; + first = true; + } + } + if (hash > atomic_read(&nh->nh_upper_bound)) continue; - if (!net->ipv4.sysctl_fib_multipath_use_neigh || - fib_good_nh(nh)) { - res->nh_sel = nhsel; - return; - } - if (!first) { - res->nh_sel = nhsel; - first = true; - } + res->nh_sel = nhsel; + return; } endfor_nexthops(fi); } #endif Patches currently in stable-queue which might be from lucien.xin(a)gmail.com are queue-4.9/team-move-dev_mc_sync-after-master_upper_dev_link-in-team_port_add.patch queue-4.9/bonding-process-the-err-returned-by-dev_set_allmulti-properly-in-bond_enslave.patch queue-4.9/bonding-fix-the-err-path-for-dev-hwaddr-sync-in-bond_enslave.patch queue-4.9/bonding-move-dev_mc_sync-after-master_upper_dev_link-in-bond_enslave.patch queue-4.9/route-check-sysctl_fib_multipath_use_neigh-earlier-than-hash.patch queue-4.9/sctp-fix-recursive-locking-warning-in-sctp_do_peeloff.patch

7 years, 5 months

1
0
0 0

Patch "r8169: fix setting driver_data after register_netdev" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled r8169: fix setting driver_data after register_netdev to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: r8169-fix-setting-driver_data-after-register_netdev.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Apr 11 10:26:56 CEST 2018 From: Heiner Kallweit <hkallweit1(a)gmail.com> Date: Mon, 26 Mar 2018 19:19:30 +0200 Subject: r8169: fix setting driver_data after register_netdev From: Heiner Kallweit <hkallweit1(a)gmail.com> [ Upstream commit 19c9ea363a244f85f90a424f9936e6d56449e33c ] pci_set_drvdata() is called only after registering the net_device, therefore we could run into a NPE if one of the functions using driver_data is called before it's set. Fix this by calling pci_set_drvdata() before registering the net_device. This fix is a candidate for stable. As far as I can see the bug has been there in kernel version 3.2 already, therefore I can't provide a reference which commit is fixed by it. The fix may need small adjustments per kernel version because due to other changes the label which is jumped to if register_netdev() fails has changed over time. Reported-by: David Miller <davem(a)davemloft.net> Signed-off-by: Heiner Kallweit <hkallweit1(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/realtek/r8169.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/drivers/net/ethernet/realtek/r8169.c +++ b/drivers/net/ethernet/realtek/r8169.c @@ -8446,12 +8446,12 @@ static int rtl_init_one(struct pci_dev * goto err_out_msi_5; } + pci_set_drvdata(pdev, dev); + rc = register_netdev(dev); if (rc < 0) goto err_out_cnt_6; - pci_set_drvdata(pdev, dev); - netif_info(tp, probe, dev, "%s at 0x%p, %pM, XID %08x IRQ %d\n", rtl_chip_infos[chipset].name, ioaddr, dev->dev_addr, (u32)(RTL_R32(TxConfig) & 0x9cf0f8ff), pdev->irq); Patches currently in stable-queue which might be from hkallweit1(a)gmail.com are queue-4.9/r8169-fix-setting-driver_data-after-register_netdev.patch queue-4.9/pinctrl-meson-gxbb-remove-non-existing-pin-gpiox_22.patch

7 years, 5 months

1
0
0 0

Patch "pptp: remove a buggy dst release in pptp_connect()" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled pptp: remove a buggy dst release in pptp_connect() to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: pptp-remove-a-buggy-dst-release-in-pptp_connect.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Apr 11 10:26:56 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Mon, 2 Apr 2018 18:48:37 -0700 Subject: pptp: remove a buggy dst release in pptp_connect() From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit bfacfb457b36911a10140b8cb3ce76a74883ac5a ] Once dst has been cached in socket via sk_setup_caps(), it is illegal to call ip_rt_put() (or dst_release()), since sk_setup_caps() did not change dst refcount. We can still dereference it since we hold socket lock. Caugth by syzbot : BUG: KASAN: use-after-free in atomic_dec_return include/asm-generic/atomic-instrumented.h:198 [inline] BUG: KASAN: use-after-free in dst_release+0x27/0xa0 net/core/dst.c:185 Write of size 4 at addr ffff8801c54dc040 by task syz-executor4/20088 CPU: 1 PID: 20088 Comm: syz-executor4 Not tainted 4.16.0+ #376 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1a7/0x27d lib/dump_stack.c:53 print_address_description+0x73/0x250 mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report+0x23c/0x360 mm/kasan/report.c:412 check_memory_region_inline mm/kasan/kasan.c:260 [inline] check_memory_region+0x137/0x190 mm/kasan/kasan.c:267 kasan_check_write+0x14/0x20 mm/kasan/kasan.c:278 atomic_dec_return include/asm-generic/atomic-instrumented.h:198 [inline] dst_release+0x27/0xa0 net/core/dst.c:185 sk_dst_set include/net/sock.h:1812 [inline] sk_dst_reset include/net/sock.h:1824 [inline] sock_setbindtodevice net/core/sock.c:610 [inline] sock_setsockopt+0x431/0x1b20 net/core/sock.c:707 SYSC_setsockopt net/socket.c:1845 [inline] SyS_setsockopt+0x2ff/0x360 net/socket.c:1828 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x4552d9 RSP: 002b:00007f4878126c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 00007f48781276d4 RCX: 00000000004552d9 RDX: 0000000000000019 RSI: 0000000000000001 RDI: 0000000000000013 RBP: 000000000072bea0 R08: 0000000000000010 R09: 0000000000000000 R10: 00000000200010c0 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000526 R14: 00000000006fac30 R15: 0000000000000000 Allocated by task 20088: save_stack+0x43/0xd0 mm/kasan/kasan.c:447 set_track mm/kasan/kasan.c:459 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:552 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:489 kmem_cache_alloc+0x12e/0x760 mm/slab.c:3542 dst_alloc+0x11f/0x1a0 net/core/dst.c:104 rt_dst_alloc+0xe9/0x540 net/ipv4/route.c:1520 __mkroute_output net/ipv4/route.c:2265 [inline] ip_route_output_key_hash_rcu+0xa49/0x2c60 net/ipv4/route.c:2493 ip_route_output_key_hash+0x20b/0x370 net/ipv4/route.c:2322 __ip_route_output_key include/net/route.h:126 [inline] ip_route_output_flow+0x26/0xa0 net/ipv4/route.c:2577 ip_route_output_ports include/net/route.h:163 [inline] pptp_connect+0xa84/0x1170 drivers/net/ppp/pptp.c:453 SYSC_connect+0x213/0x4a0 net/socket.c:1639 SyS_connect+0x24/0x30 net/socket.c:1620 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 Freed by task 20082: save_stack+0x43/0xd0 mm/kasan/kasan.c:447 set_track mm/kasan/kasan.c:459 [inline] __kasan_slab_free+0x11a/0x170 mm/kasan/kasan.c:520 kasan_slab_free+0xe/0x10 mm/kasan/kasan.c:527 __cache_free mm/slab.c:3486 [inline] kmem_cache_free+0x83/0x2a0 mm/slab.c:3744 dst_destroy+0x266/0x380 net/core/dst.c:140 dst_destroy_rcu+0x16/0x20 net/core/dst.c:153 __rcu_reclaim kernel/rcu/rcu.h:178 [inline] rcu_do_batch kernel/rcu/tree.c:2675 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2930 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2897 [inline] rcu_process_callbacks+0xd6c/0x17b0 kernel/rcu/tree.c:2914 __do_softirq+0x2d7/0xb85 kernel/softirq.c:285 The buggy address belongs to the object at ffff8801c54dc000 which belongs to the cache ip_dst_cache of size 168 The buggy address is located 64 bytes inside of 168-byte region [ffff8801c54dc000, ffff8801c54dc0a8) The buggy address belongs to the page: page:ffffea0007153700 count:1 mapcount:0 mapping:ffff8801c54dc000 index:0x0 flags: 0x2fffc0000000100(slab) raw: 02fffc0000000100 ffff8801c54dc000 0000000000000000 0000000100000010 raw: ffffea0006b34b20 ffffea0006b6c1e0 ffff8801d674a1c0 0000000000000000 page dumped because: kasan: bad access detected Signed-off-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ppp/pptp.c | 1 - 1 file changed, 1 deletion(-) --- a/drivers/net/ppp/pptp.c +++ b/drivers/net/ppp/pptp.c @@ -465,7 +465,6 @@ static int pptp_connect(struct socket *s po->chan.mtu = dst_mtu(&rt->dst); if (!po->chan.mtu) po->chan.mtu = PPP_MRU; - ip_rt_put(rt); po->chan.mtu -= PPTP_HEADER_OVERHEAD; po->chan.hdrlen = 2 + sizeof(struct pptp_gre_header); Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.9/tcp-better-validation-of-received-ack-sequences.patch queue-4.9/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.9/net-fix-possible-out-of-bound-read-in-skb_network_protocol.patch queue-4.9/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.9/x86-asm-don-t-use-rbp-as-a-temporary-register-in-csum_partial_copy_generic.patch queue-4.9/net-fool-proof-dev_valid_name.patch queue-4.9/ipv6-the-entire-ipv6-header-chain-must-fit-the-first-fragment.patch queue-4.9/vti6-better-validate-user-provided-tunnel-names.patch queue-4.9/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.9/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.9/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.9/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.9/skbuff-only-inherit-relevant-tx_flags.patch queue-4.9/netlink-make-sure-nladdr-has-correct-size-in-netlink_connect.patch queue-4.9/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "netlink: make sure nladdr has correct size in netlink_connect()" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled netlink: make sure nladdr has correct size in netlink_connect() to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: netlink-make-sure-nladdr-has-correct-size-in-netlink_connect.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Apr 11 10:26:56 CEST 2018 From: Alexander Potapenko <glider(a)google.com> Date: Fri, 23 Mar 2018 13:49:02 +0100 Subject: netlink: make sure nladdr has correct size in netlink_connect() From: Alexander Potapenko <glider(a)google.com> [ Upstream commit 7880287981b60a6808f39f297bb66936e8bdf57a ] KMSAN reports use of uninitialized memory in the case when |alen| is smaller than sizeof(struct sockaddr_nl), and therefore |nladdr| isn't fully copied from the userspace. Signed-off-by: Alexander Potapenko <glider(a)google.com> Fixes: 1da177e4c3f41524 ("Linux-2.6.12-rc2") Reviewed-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/netlink/af_netlink.c | 3 +++ 1 file changed, 3 insertions(+) --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -1054,6 +1054,9 @@ static int netlink_connect(struct socket if (addr->sa_family != AF_NETLINK) return -EINVAL; + if (alen < sizeof(struct sockaddr_nl)) + return -EINVAL; + if ((nladdr->nl_groups || nladdr->nl_pid) && !netlink_allowed(sock, NL_CFG_F_NONROOT_SEND)) return -EPERM; Patches currently in stable-queue which might be from glider(a)google.com are queue-4.9/netlink-make-sure-nladdr-has-correct-size-in-netlink_connect.patch

7 years, 5 months

1
0
0 0

Patch "net/sched: fix NULL dereference on the error path of tcf_skbmod_init()" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/sched: fix NULL dereference on the error path of tcf_skbmod_init() to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-sched-fix-null-dereference-on-the-error-path-of-tcf_skbmod_init.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Apr 11 10:26:56 CEST 2018 From: Davide Caratti <dcaratti(a)redhat.com> Date: Fri, 16 Mar 2018 00:00:57 +0100 Subject: net/sched: fix NULL dereference on the error path of tcf_skbmod_init() From: Davide Caratti <dcaratti(a)redhat.com> [ Upstream commit 2d433610176d6569e8b3a28f67bc72235bf69efc ] when the following command # tc action replace action skbmod swap mac index 100 is run for the first time, and tcf_skbmod_init() fails to allocate struct tcf_skbmod_params, tcf_skbmod_cleanup() calls kfree_rcu(NULL), thus causing the following error: BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 IP: __call_rcu+0x23/0x2b0 PGD 8000000034057067 P4D 8000000034057067 PUD 74937067 PMD 0 Oops: 0002 [#1] SMP PTI Modules linked in: act_skbmod(E) psample ip6table_filter ip6_tables iptable_filter binfmt_misc ext4 snd_hda_codec_generic snd_hda_intel snd_hda_codec crct10dif_pclmul mbcache jbd2 crc32_pclmul snd_hda_core ghash_clmulni_intel snd_hwdep pcbc snd_seq snd_seq_device snd_pcm aesni_intel snd_timer crypto_simd glue_helper snd cryptd virtio_balloon joydev soundcore pcspkr i2c_piix4 nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c ata_generic pata_acpi qxl drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm drm virtio_console virtio_net virtio_blk ata_piix libata crc32c_intel virtio_pci serio_raw virtio_ring virtio i2c_core floppy dm_mirror dm_region_hash dm_log dm_mod [last unloaded: act_skbmod] CPU: 3 PID: 3144 Comm: tc Tainted: G E 4.16.0-rc4.act_vlan.orig+ #403 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:__call_rcu+0x23/0x2b0 RSP: 0018:ffffbd2e403e7798 EFLAGS: 00010246 RAX: ffffffffc0872080 RBX: ffff981d34bff780 RCX: 00000000ffffffff RDX: ffffffff922a5f00 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000001 R09: 000000000000021f R10: 000000003d003000 R11: 0000000000aaaaaa R12: 0000000000000000 R13: ffffffff922a5f00 R14: 0000000000000001 R15: ffff981d3b698c2c FS: 00007f3678292740(0000) GS:ffff981d3fd80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000008 CR3: 000000007c57a006 CR4: 00000000001606e0 Call Trace: __tcf_idr_release+0x79/0xf0 tcf_skbmod_init+0x1d1/0x210 [act_skbmod] tcf_action_init_1+0x2cc/0x430 tcf_action_init+0xd3/0x1b0 tc_ctl_action+0x18b/0x240 rtnetlink_rcv_msg+0x29c/0x310 ? _cond_resched+0x15/0x30 ? __kmalloc_node_track_caller+0x1b9/0x270 ? rtnl_calcit.isra.28+0x100/0x100 netlink_rcv_skb+0xd2/0x110 netlink_unicast+0x17c/0x230 netlink_sendmsg+0x2cd/0x3c0 sock_sendmsg+0x30/0x40 ___sys_sendmsg+0x27a/0x290 ? filemap_map_pages+0x34a/0x3a0 ? __handle_mm_fault+0xbfd/0xe20 __sys_sendmsg+0x51/0x90 do_syscall_64+0x6e/0x1a0 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 RIP: 0033:0x7f36776a3ba0 RSP: 002b:00007fff4703b618 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fff4703b740 RCX: 00007f36776a3ba0 RDX: 0000000000000000 RSI: 00007fff4703b690 RDI: 0000000000000003 RBP: 000000005aaaba36 R08: 0000000000000002 R09: 0000000000000000 R10: 00007fff4703b0a0 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff4703b754 R14: 0000000000000001 R15: 0000000000669f60 Code: 5d e9 42 da ff ff 66 90 0f 1f 44 00 00 41 57 41 56 41 55 49 89 d5 41 54 55 48 89 fd 53 48 83 ec 08 40 f6 c7 07 0f 85 19 02 00 00 <48> 89 75 08 48 c7 45 00 00 00 00 00 9c 58 0f 1f 44 00 00 49 89 RIP: __call_rcu+0x23/0x2b0 RSP: ffffbd2e403e7798 CR2: 0000000000000008 Fix it in tcf_skbmod_cleanup(), ensuring that kfree_rcu(p, ...) is called only when p is not NULL. Fixes: 86da71b57383 ("net_sched: Introduce skbmod action") Signed-off-by: Davide Caratti <dcaratti(a)redhat.com> Acked-by: Jiri Pirko <jiri(a)mellanox.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/sched/act_skbmod.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/net/sched/act_skbmod.c +++ b/net/sched/act_skbmod.c @@ -192,7 +192,8 @@ static void tcf_skbmod_cleanup(struct tc struct tcf_skbmod_params *p; p = rcu_dereference_protected(d->skbmod_p, 1); - kfree_rcu(p, rcu); + if (p) + kfree_rcu(p, rcu); } static int tcf_skbmod_dump(struct sk_buff *skb, struct tc_action *a, Patches currently in stable-queue which might be from dcaratti(a)redhat.com are queue-4.9/net-sched-fix-null-dereference-in-the-error-path-of-tcf_bpf_init.patch queue-4.9/net-sched-fix-null-dereference-on-the-error-path-of-tcf_skbmod_init.patch queue-4.9/net-sched-fix-null-dereference-in-the-error-path-of-tunnel_key_init.patch

7 years, 5 months

1
0
0 0

Patch "net/sched: fix NULL dereference in the error path of tunnel_key_init()" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/sched: fix NULL dereference in the error path of tunnel_key_init() to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-sched-fix-null-dereference-in-the-error-path-of-tunnel_key_init.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Apr 11 10:26:56 CEST 2018 From: Davide Caratti <dcaratti(a)redhat.com> Date: Fri, 16 Mar 2018 00:00:55 +0100 Subject: net/sched: fix NULL dereference in the error path of tunnel_key_init() From: Davide Caratti <dcaratti(a)redhat.com> [ Upstream commit abdadd3cfd3e7ea3da61ac774f84777d1f702058 ] when the following command # tc action add action tunnel_key unset index 100 is run for the first time, and tunnel_key_init() fails to allocate struct tcf_tunnel_key_params, tunnel_key_release() dereferences NULL pointers. This causes the following error: BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 IP: tunnel_key_release+0xd/0x40 [act_tunnel_key] PGD 8000000033787067 P4D 8000000033787067 PUD 74646067 PMD 0 Oops: 0000 [#1] SMP PTI Modules linked in: act_tunnel_key(E) act_csum ip6table_filter ip6_tables iptable_filter binfmt_misc ext4 mbcache jbd2 crct10dif_pclmul crc32_pclmul snd_hda_codec_generic ghash_clmulni_intel snd_hda_intel pcbc snd_hda_codec snd_hda_core snd_hwdep snd_seq aesni_intel snd_seq_device crypto_simd glue_helper snd_pcm cryptd joydev snd_timer pcspkr virtio_balloon snd i2c_piix4 soundcore nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c ata_generic pata_acpi qxl drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm virtio_net virtio_blk drm virtio_console crc32c_intel ata_piix serio_raw i2c_core virtio_pci libata virtio_ring virtio floppy dm_mirror dm_region_hash dm_log dm_mod CPU: 2 PID: 3101 Comm: tc Tainted: G E 4.16.0-rc4.act_vlan.orig+ #403 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:tunnel_key_release+0xd/0x40 [act_tunnel_key] RSP: 0018:ffffba46803b7768 EFLAGS: 00010286 RAX: ffffffffc09010a0 RBX: 0000000000000000 RCX: 0000000000000024 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff99ee336d7480 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000044 R10: 0000000000000220 R11: ffff99ee79d73131 R12: 0000000000000000 R13: ffff99ee32d67610 R14: ffff99ee7671dc38 R15: 00000000fffffff4 FS: 00007febcb2cd740(0000) GS:ffff99ee7fd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000010 CR3: 000000007c8e4005 CR4: 00000000001606e0 Call Trace: __tcf_idr_release+0x79/0xf0 tunnel_key_init+0xd9/0x460 [act_tunnel_key] tcf_action_init_1+0x2cc/0x430 tcf_action_init+0xd3/0x1b0 tc_ctl_action+0x18b/0x240 rtnetlink_rcv_msg+0x29c/0x310 ? _cond_resched+0x15/0x30 ? __kmalloc_node_track_caller+0x1b9/0x270 ? rtnl_calcit.isra.28+0x100/0x100 netlink_rcv_skb+0xd2/0x110 netlink_unicast+0x17c/0x230 netlink_sendmsg+0x2cd/0x3c0 sock_sendmsg+0x30/0x40 ___sys_sendmsg+0x27a/0x290 __sys_sendmsg+0x51/0x90 do_syscall_64+0x6e/0x1a0 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 RIP: 0033:0x7febca6deba0 RSP: 002b:00007ffe7b0dd128 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007ffe7b0dd250 RCX: 00007febca6deba0 RDX: 0000000000000000 RSI: 00007ffe7b0dd1a0 RDI: 0000000000000003 RBP: 000000005aaa90cb R08: 0000000000000002 R09: 0000000000000000 R10: 00007ffe7b0dcba0 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe7b0dd264 R14: 0000000000000001 R15: 0000000000669f60 Code: 44 00 00 8b 0d b5 23 00 00 48 8b 87 48 10 00 00 48 8b 3c c8 e9 a5 e5 d8 c3 0f 1f 44 00 00 0f 1f 44 00 00 53 48 8b 9f b0 00 00 00 <83> 7b 10 01 74 0b 48 89 df 31 f6 5b e9 f2 fa 7f c3 48 8b 7b 18 RIP: tunnel_key_release+0xd/0x40 [act_tunnel_key] RSP: ffffba46803b7768 CR2: 0000000000000010 Fix this in tunnel_key_release(), ensuring 'param' is not NULL before dereferencing it. Fixes: d0f6dd8a914f ("net/sched: Introduce act_tunnel_key") Signed-off-by: Davide Caratti <dcaratti(a)redhat.com> Acked-by: Jiri Pirko <jiri(a)mellanox.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/sched/act_tunnel_key.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) --- a/net/sched/act_tunnel_key.c +++ b/net/sched/act_tunnel_key.c @@ -196,11 +196,12 @@ static void tunnel_key_release(struct tc struct tcf_tunnel_key_params *params; params = rcu_dereference_protected(t->params, 1); + if (params) { + if (params->tcft_action == TCA_TUNNEL_KEY_ACT_SET) + dst_release(&params->tcft_enc_metadata->dst); - if (params->tcft_action == TCA_TUNNEL_KEY_ACT_SET) - dst_release(&params->tcft_enc_metadata->dst); - - kfree_rcu(params, rcu); + kfree_rcu(params, rcu); + } } static int tunnel_key_dump_addresses(struct sk_buff *skb, Patches currently in stable-queue which might be from dcaratti(a)redhat.com are queue-4.9/net-sched-fix-null-dereference-in-the-error-path-of-tcf_bpf_init.patch queue-4.9/net-sched-fix-null-dereference-on-the-error-path-of-tcf_skbmod_init.patch queue-4.9/net-sched-fix-null-dereference-in-the-error-path-of-tunnel_key_init.patch

7 years, 5 months

1
0
0 0

Patch "net/sched: fix NULL dereference in the error path of tcf_bpf_init()" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/sched: fix NULL dereference in the error path of tcf_bpf_init() to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-sched-fix-null-dereference-in-the-error-path-of-tcf_bpf_init.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Apr 11 10:26:56 CEST 2018 From: Davide Caratti <dcaratti(a)redhat.com> Date: Fri, 6 Apr 2018 01:19:37 +0200 Subject: net/sched: fix NULL dereference in the error path of tcf_bpf_init() From: Davide Caratti <dcaratti(a)redhat.com> [ Upstream commit 3239534a79ee6f20cffd974173a1e62e0730e8ac ] when tcf_bpf_init_from_ops() fails (e.g. because of program having invalid number of instructions), tcf_bpf_cfg_cleanup() calls bpf_prog_put(NULL) or bpf_prog_destroy(NULL). Unless CONFIG_BPF_SYSCALL is unset, this causes the following error: BUG: unable to handle kernel NULL pointer dereference at 0000000000000020 PGD 800000007345a067 P4D 800000007345a067 PUD 340e1067 PMD 0 Oops: 0000 [#1] SMP PTI Modules linked in: act_bpf(E) ip6table_filter ip6_tables iptable_filter binfmt_misc ext4 mbcache jbd2 crct10dif_pclmul crc32_pclmul ghash_clmulni_intel snd_hda_codec_generic pcbc snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_seq snd_seq_device snd_pcm aesni_intel crypto_simd glue_helper cryptd joydev snd_timer snd virtio_balloon pcspkr soundcore i2c_piix4 nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c ata_generic pata_acpi qxl drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm virtio_blk drm virtio_net virtio_console i2c_core crc32c_intel serio_raw virtio_pci ata_piix libata virtio_ring floppy virtio dm_mirror dm_region_hash dm_log dm_mod [last unloaded: act_bpf] CPU: 3 PID: 5654 Comm: tc Tainted: G E 4.16.0.bpf_test+ #408 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:__bpf_prog_put+0xc/0xc0 RSP: 0018:ffff9594003ef728 EFLAGS: 00010202 RAX: 0000000000000000 RBX: ffff9594003ef758 RCX: 0000000000000024 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000044 R10: 0000000000000220 R11: ffff8a7ab9f17131 R12: 0000000000000000 R13: ffff8a7ab7c3c8e0 R14: 0000000000000001 R15: ffff8a7ab88f1054 FS: 00007fcb2f17c740(0000) GS:ffff8a7abfd80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000020 CR3: 000000007c888006 CR4: 00000000001606e0 Call Trace: tcf_bpf_cfg_cleanup+0x2f/0x40 [act_bpf] tcf_bpf_cleanup+0x4c/0x70 [act_bpf] __tcf_idr_release+0x79/0x140 tcf_bpf_init+0x125/0x330 [act_bpf] tcf_action_init_1+0x2cc/0x430 ? get_page_from_freelist+0x3f0/0x11b0 tcf_action_init+0xd3/0x1b0 tc_ctl_action+0x18b/0x240 rtnetlink_rcv_msg+0x29c/0x310 ? _cond_resched+0x15/0x30 ? __kmalloc_node_track_caller+0x1b9/0x270 ? rtnl_calcit.isra.29+0x100/0x100 netlink_rcv_skb+0xd2/0x110 netlink_unicast+0x17c/0x230 netlink_sendmsg+0x2cd/0x3c0 sock_sendmsg+0x30/0x40 ___sys_sendmsg+0x27a/0x290 ? mem_cgroup_commit_charge+0x80/0x130 ? page_add_new_anon_rmap+0x73/0xc0 ? do_anonymous_page+0x2a2/0x560 ? __handle_mm_fault+0xc75/0xe20 __sys_sendmsg+0x58/0xa0 do_syscall_64+0x6e/0x1a0 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 RIP: 0033:0x7fcb2e58eba0 RSP: 002b:00007ffc93c496c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007ffc93c497f0 RCX: 00007fcb2e58eba0 RDX: 0000000000000000 RSI: 00007ffc93c49740 RDI: 0000000000000003 RBP: 000000005ac6a646 R08: 0000000000000002 R09: 0000000000000000 R10: 00007ffc93c49120 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc93c49804 R14: 0000000000000001 R15: 000000000066afa0 Code: 5f 00 48 8b 43 20 48 c7 c7 70 2f 7c b8 c7 40 10 00 00 00 00 5b e9 a5 8b 61 00 0f 1f 44 00 00 0f 1f 44 00 00 41 54 55 48 89 fd 53 <48> 8b 47 20 f0 ff 08 74 05 5b 5d 41 5c c3 41 89 f4 0f 1f 44 00 RIP: __bpf_prog_put+0xc/0xc0 RSP: ffff9594003ef728 CR2: 0000000000000020 Fix it in tcf_bpf_cfg_cleanup(), ensuring that bpf_prog_{put,destroy}(f) is called only when f is not NULL. Fixes: bbc09e7842a5 ("net/sched: fix idr leak on the error path of tcf_bpf_init()") Reported-by: Lucas Bates <lucasb(a)mojatatu.com> Signed-off-by: Davide Caratti <dcaratti(a)redhat.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/sched/act_bpf.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) --- a/net/sched/act_bpf.c +++ b/net/sched/act_bpf.c @@ -245,10 +245,14 @@ static int tcf_bpf_init_from_efd(struct static void tcf_bpf_cfg_cleanup(const struct tcf_bpf_cfg *cfg) { - if (cfg->is_ebpf) - bpf_prog_put(cfg->filter); - else - bpf_prog_destroy(cfg->filter); + struct bpf_prog *filter = cfg->filter; + + if (filter) { + if (cfg->is_ebpf) + bpf_prog_put(filter); + else + bpf_prog_destroy(filter); + } kfree(cfg->bpf_ops); kfree(cfg->bpf_name); Patches currently in stable-queue which might be from dcaratti(a)redhat.com are queue-4.9/net-sched-fix-null-dereference-in-the-error-path-of-tcf_bpf_init.patch queue-4.9/net-sched-fix-null-dereference-on-the-error-path-of-tcf_skbmod_init.patch queue-4.9/net-sched-fix-null-dereference-in-the-error-path-of-tunnel_key_init.patch

7 years, 5 months

1
0
0 0

Patch "net sched actions: fix dumping which requires several messages to user space" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net sched actions: fix dumping which requires several messages to user space to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-sched-actions-fix-dumping-which-requires-several-messages-to-user-space.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Apr 11 10:26:56 CEST 2018 From: Craig Dillabaugh <cdillaba(a)mojatatu.com> Date: Mon, 26 Mar 2018 14:58:32 -0400 Subject: net sched actions: fix dumping which requires several messages to user space From: Craig Dillabaugh <cdillaba(a)mojatatu.com> [ Upstream commit 734549eb550c0c720bc89e50501f1b1e98cdd841 ] Fixes a bug in the tcf_dump_walker function that can cause some actions to not be reported when dumping a large number of actions. This issue became more aggrevated when cookies feature was added. In particular this issue is manifest when large cookie values are assigned to the actions and when enough actions are created that the resulting table must be dumped in multiple batches. The number of actions returned in each batch is limited by the total number of actions and the memory buffer size. With small cookies the numeric limit is reached before the buffer size limit, which avoids the code path triggering this bug. When large cookies are used buffer fills before the numeric limit, and the erroneous code path is hit. For example after creating 32 csum actions with the cookie aaaabbbbccccdddd $ tc actions ls action csum total acts 26 action order 0: csum (tcp) action continue index 1 ref 1 bind 0 cookie aaaabbbbccccdddd ..... action order 25: csum (tcp) action continue index 26 ref 1 bind 0 cookie aaaabbbbccccdddd total acts 6 action order 0: csum (tcp) action continue index 28 ref 1 bind 0 cookie aaaabbbbccccdddd ...... action order 5: csum (tcp) action continue index 32 ref 1 bind 0 cookie aaaabbbbccccdddd Note that the action with index 27 is omitted from the report. Fixes: 4b3550ef530c ("[NET_SCHED]: Use nla_nest_start/nla_nest_end")" Signed-off-by: Craig Dillabaugh <cdillaba(a)mojatatu.com> Acked-by: Jamal Hadi Salim <jhs(a)mojatatu.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/sched/act_api.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/net/sched/act_api.c +++ b/net/sched/act_api.c @@ -95,8 +95,10 @@ static int tcf_dump_walker(struct tcf_ha continue; nest = nla_nest_start(skb, n_i); - if (nest == NULL) + if (nest == NULL) { + index--; goto nla_put_failure; + } err = tcf_action_dump_1(skb, p, 0, 0); if (err < 0) { index--; Patches currently in stable-queue which might be from cdillaba(a)mojatatu.com are queue-4.9/net-sched-actions-fix-dumping-which-requires-several-messages-to-user-space.patch

7 years, 5 months

1
0
0 0

Patch "net/mlx5e: Sync netdev vxlan ports at open" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/mlx5e: Sync netdev vxlan ports at open to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-mlx5e-sync-netdev-vxlan-ports-at-open.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Apr 11 10:26:56 CEST 2018 From: Shahar Klein <shahark(a)mellanox.com> Date: Tue, 20 Mar 2018 14:44:40 +0200 Subject: net/mlx5e: Sync netdev vxlan ports at open From: Shahar Klein <shahark(a)mellanox.com> [ Upstream commit a117f73dc2430443f23e18367fa545981129c1a6 ] When mlx5_core is loaded it is expected to sync ports with all vxlan devices so it can support vxlan encap/decap. This is done via udp_tunnel_get_rx_info(). Currently this call is set in mlx5e_nic_enable() and if the netdev is not in NETREG_REGISTERED state it will not be called. Normally on load the netdev state is not NETREG_REGISTERED so udp_tunnel_get_rx_info() will not be called. Moving udp_tunnel_get_rx_info() to mlx5e_open() so it will be called on netdev UP event and allow encap/decap. Fixes: 610e89e05c3f ("net/mlx5e: Don't sync netdev state when not registered") Signed-off-by: Shahar Klein <shahark(a)mellanox.com> Reviewed-by: Roi Dayan <roid(a)mellanox.com> Signed-off-by: Saeed Mahameed <saeedm(a)mellanox.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) --- a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c @@ -2741,6 +2741,9 @@ static int set_feature_lro(struct net_de mutex_unlock(&priv->state_lock); + if (mlx5e_vxlan_allowed(priv->mdev)) + udp_tunnel_get_rx_info(netdev); + return err; } @@ -3785,13 +3788,6 @@ static void mlx5e_nic_enable(struct mlx5 if (netdev->reg_state != NETREG_REGISTERED) return; - /* Device already registered: sync netdev system state */ - if (mlx5e_vxlan_allowed(mdev)) { - rtnl_lock(); - udp_tunnel_get_rx_info(netdev); - rtnl_unlock(); - } - queue_work(priv->wq, &priv->set_rx_mode_work); } Patches currently in stable-queue which might be from shahark(a)mellanox.com are queue-4.9/net-mlx5e-sync-netdev-vxlan-ports-at-open.patch

7 years, 5 months

1
0
0 0

Patch "net/mlx4_en: Fix mixed PFC and Global pause user control requests" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/mlx4_en: Fix mixed PFC and Global pause user control requests to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-mlx4_en-fix-mixed-pfc-and-global-pause-user-control-requests.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Apr 11 10:26:56 CEST 2018 From: Eran Ben Elisha <eranbe(a)mellanox.com> Date: Tue, 27 Mar 2018 14:41:18 +0300 Subject: net/mlx4_en: Fix mixed PFC and Global pause user control requests From: Eran Ben Elisha <eranbe(a)mellanox.com> [ Upstream commit 6e8814ceb7e8f468659ef9253bd212c07ae19584 ] Global pause and PFC configuration should be mutually exclusive (i.e. only one of them at most can be set). However, once PFC was turned off, driver automatically turned Global pause on. This is a bug. Fix the driver behaviour to turn off PFC/Global once the user turned the other on. This also fixed a weird behaviour that at a current time, the profile had both PFC and global pause configuration turned on, which is Hardware-wise impossible and caused returning false positive indication to query tools. In addition, fix error code when setting global pause or PFC to change metadata only upon successful change. Also, removed useless debug print. Fixes: af7d51852631 ("net/mlx4_en: Add DCB PFC support through CEE netlink commands") Fixes: c27a02cd94d6 ("mlx4_en: Add driver for Mellanox ConnectX 10GbE NIC") Signed-off-by: Eran Ben Elisha <eranbe(a)mellanox.com> Signed-off-by: Tariq Toukan <tariqt(a)mellanox.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/mellanox/mlx4/en_dcb_nl.c | 72 +++++++++++++----------- drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 33 ++++++----- drivers/net/ethernet/mellanox/mlx4/en_main.c | 4 - 3 files changed, 62 insertions(+), 47 deletions(-) --- a/drivers/net/ethernet/mellanox/mlx4/en_dcb_nl.c +++ b/drivers/net/ethernet/mellanox/mlx4/en_dcb_nl.c @@ -156,57 +156,63 @@ static int mlx4_en_dcbnl_getnumtcs(struc static u8 mlx4_en_dcbnl_set_all(struct net_device *netdev) { struct mlx4_en_priv *priv = netdev_priv(netdev); + struct mlx4_en_port_profile *prof = priv->prof; struct mlx4_en_dev *mdev = priv->mdev; + u8 tx_pause, tx_ppp, rx_pause, rx_ppp; if (!(priv->dcbx_cap & DCB_CAP_DCBX_VER_CEE)) return 1; if (priv->cee_config.pfc_state) { int tc; + rx_ppp = prof->rx_ppp; + tx_ppp = prof->tx_ppp; - priv->prof->rx_pause = 0; - priv->prof->tx_pause = 0; for (tc = 0; tc < CEE_DCBX_MAX_PRIO; tc++) { u8 tc_mask = 1 << tc; switch (priv->cee_config.dcb_pfc[tc]) { case pfc_disabled: - priv->prof->tx_ppp &= ~tc_mask; - priv->prof->rx_ppp &= ~tc_mask; + tx_ppp &= ~tc_mask; + rx_ppp &= ~tc_mask; break; case pfc_enabled_full: - priv->prof->tx_ppp |= tc_mask; - priv->prof->rx_ppp |= tc_mask; + tx_ppp |= tc_mask; + rx_ppp |= tc_mask; break; case pfc_enabled_tx: - priv->prof->tx_ppp |= tc_mask; - priv->prof->rx_ppp &= ~tc_mask; + tx_ppp |= tc_mask; + rx_ppp &= ~tc_mask; break; case pfc_enabled_rx: - priv->prof->tx_ppp &= ~tc_mask; - priv->prof->rx_ppp |= tc_mask; + tx_ppp &= ~tc_mask; + rx_ppp |= tc_mask; break; default: break; } } - en_dbg(DRV, priv, "Set pfc on\n"); + rx_pause = !!(rx_ppp || tx_ppp) ? 0 : prof->rx_pause; + tx_pause = !!(rx_ppp || tx_ppp) ? 0 : prof->tx_pause; } else { - priv->prof->rx_pause = 1; - priv->prof->tx_pause = 1; - en_dbg(DRV, priv, "Set pfc off\n"); + rx_ppp = 0; + tx_ppp = 0; + rx_pause = prof->rx_pause; + tx_pause = prof->tx_pause; } if (mlx4_SET_PORT_general(mdev->dev, priv->port, priv->rx_skb_size + ETH_FCS_LEN, - priv->prof->tx_pause, - priv->prof->tx_ppp, - priv->prof->rx_pause, - priv->prof->rx_ppp)) { + tx_pause, tx_ppp, rx_pause, rx_ppp)) { en_err(priv, "Failed setting pause params\n"); return 1; } + prof->tx_ppp = tx_ppp; + prof->rx_ppp = rx_ppp; + prof->tx_pause = tx_pause; + prof->rx_pause = rx_pause; + return 0; } @@ -408,6 +414,7 @@ static int mlx4_en_dcbnl_ieee_setpfc(str struct mlx4_en_priv *priv = netdev_priv(dev); struct mlx4_en_port_profile *prof = priv->prof; struct mlx4_en_dev *mdev = priv->mdev; + u32 tx_pause, tx_ppp, rx_pause, rx_ppp; int err; en_dbg(DRV, priv, "cap: 0x%x en: 0x%x mbc: 0x%x delay: %d\n", @@ -416,23 +423,26 @@ static int mlx4_en_dcbnl_ieee_setpfc(str pfc->mbc, pfc->delay); - prof->rx_pause = !pfc->pfc_en; - prof->tx_pause = !pfc->pfc_en; - prof->rx_ppp = pfc->pfc_en; - prof->tx_ppp = pfc->pfc_en; + rx_pause = prof->rx_pause && !pfc->pfc_en; + tx_pause = prof->tx_pause && !pfc->pfc_en; + rx_ppp = pfc->pfc_en; + tx_ppp = pfc->pfc_en; err = mlx4_SET_PORT_general(mdev->dev, priv->port, priv->rx_skb_size + ETH_FCS_LEN, - prof->tx_pause, - prof->tx_ppp, - prof->rx_pause, - prof->rx_ppp); - if (err) + tx_pause, tx_ppp, rx_pause, rx_ppp); + if (err) { en_err(priv, "Failed setting pause params\n"); - else - mlx4_en_update_pfc_stats_bitmap(mdev->dev, &priv->stats_bitmap, - prof->rx_ppp, prof->rx_pause, - prof->tx_ppp, prof->tx_pause); + return err; + } + + mlx4_en_update_pfc_stats_bitmap(mdev->dev, &priv->stats_bitmap, + rx_ppp, rx_pause, tx_ppp, tx_pause); + + prof->tx_ppp = tx_ppp; + prof->rx_ppp = rx_ppp; + prof->rx_pause = rx_pause; + prof->tx_pause = tx_pause; return err; } --- a/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c +++ b/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c @@ -1003,27 +1003,32 @@ static int mlx4_en_set_pauseparam(struct { struct mlx4_en_priv *priv = netdev_priv(dev); struct mlx4_en_dev *mdev = priv->mdev; + u8 tx_pause, tx_ppp, rx_pause, rx_ppp; int err; if (pause->autoneg) return -EINVAL; - priv->prof->tx_pause = pause->tx_pause != 0; - priv->prof->rx_pause = pause->rx_pause != 0; + tx_pause = !!(pause->tx_pause); + rx_pause = !!(pause->rx_pause); + rx_ppp = priv->prof->rx_ppp && !(tx_pause || rx_pause); + tx_ppp = priv->prof->tx_ppp && !(tx_pause || rx_pause); + err = mlx4_SET_PORT_general(mdev->dev, priv->port, priv->rx_skb_size + ETH_FCS_LEN, - priv->prof->tx_pause, - priv->prof->tx_ppp, - priv->prof->rx_pause, - priv->prof->rx_ppp); - if (err) - en_err(priv, "Failed setting pause params\n"); - else - mlx4_en_update_pfc_stats_bitmap(mdev->dev, &priv->stats_bitmap, - priv->prof->rx_ppp, - priv->prof->rx_pause, - priv->prof->tx_ppp, - priv->prof->tx_pause); + tx_pause, tx_ppp, rx_pause, rx_ppp); + if (err) { + en_err(priv, "Failed setting pause params, err = %d\n", err); + return err; + } + + mlx4_en_update_pfc_stats_bitmap(mdev->dev, &priv->stats_bitmap, + rx_ppp, rx_pause, tx_ppp, tx_pause); + + priv->prof->tx_pause = tx_pause; + priv->prof->rx_pause = rx_pause; + priv->prof->tx_ppp = tx_ppp; + priv->prof->rx_ppp = rx_ppp; return err; } --- a/drivers/net/ethernet/mellanox/mlx4/en_main.c +++ b/drivers/net/ethernet/mellanox/mlx4/en_main.c @@ -163,9 +163,9 @@ static int mlx4_en_get_profile(struct ml params->udp_rss = 0; } for (i = 1; i <= MLX4_MAX_PORTS; i++) { - params->prof[i].rx_pause = 1; + params->prof[i].rx_pause = !(pfcrx || pfctx); params->prof[i].rx_ppp = pfcrx; - params->prof[i].tx_pause = 1; + params->prof[i].tx_pause = !(pfcrx || pfctx); params->prof[i].tx_ppp = pfctx; params->prof[i].tx_ring_size = MLX4_EN_DEF_TX_RING_SIZE; params->prof[i].rx_ring_size = MLX4_EN_DEF_RX_RING_SIZE; Patches currently in stable-queue which might be from eranbe(a)mellanox.com are queue-4.9/net-mlx4_en-fix-mixed-pfc-and-global-pause-user-control-requests.patch

7 years, 5 months

1
0
0 0

Patch "net/mlx4_core: Fix memory leak while delete slave's resources" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/mlx4_core: Fix memory leak while delete slave's resources to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-mlx4_core-fix-memory-leak-while-delete-slave-s-resources.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Apr 11 10:26:56 CEST 2018 From: Moshe Shemesh <moshe(a)mellanox.com> Date: Tue, 27 Mar 2018 14:41:19 +0300 Subject: net/mlx4_core: Fix memory leak while delete slave's resources From: Moshe Shemesh <moshe(a)mellanox.com> [ Upstream commit 461d5f1b59490ce0096dfda45e10038c122a7892 ] mlx4_delete_all_resources_for_slave in resource tracker should free all memory allocated for a slave. While releasing memory of fs_rule, it misses releasing memory of fs_rule->mirr_mbox. Fixes: 78efed275117 ('net/mlx4_core: Support mirroring VF DMFS rules on both ports') Signed-off-by: Moshe Shemesh <moshe(a)mellanox.com> Signed-off-by: Tariq Toukan <tariqt(a)mellanox.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/mellanox/mlx4/resource_tracker.c | 1 + 1 file changed, 1 insertion(+) --- a/drivers/net/ethernet/mellanox/mlx4/resource_tracker.c +++ b/drivers/net/ethernet/mellanox/mlx4/resource_tracker.c @@ -5048,6 +5048,7 @@ static void rem_slave_fs_rule(struct mlx &tracker->res_tree[RES_FS_RULE]); list_del(&fs_rule->com.list); spin_unlock_irq(mlx4_tlock(dev)); + kfree(fs_rule->mirr_mbox); kfree(fs_rule); state = 0; break; Patches currently in stable-queue which might be from moshe(a)mellanox.com are queue-4.9/net-mlx4_core-fix-memory-leak-while-delete-slave-s-resources.patch

7 years, 5 months

1
0
0 0

Patch "net/ipv6: Increment OUTxxx counters after netfilter hook" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/ipv6: Increment OUTxxx counters after netfilter hook to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-ipv6-increment-outxxx-counters-after-netfilter-hook.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Apr 11 10:26:56 CEST 2018 From: Jeff Barnhill <0xeffeff(a)gmail.com> Date: Thu, 5 Apr 2018 21:29:47 +0000 Subject: net/ipv6: Increment OUTxxx counters after netfilter hook From: Jeff Barnhill <0xeffeff(a)gmail.com> [ Upstream commit 71a1c915238c970cd9bdd5bf158b1279d6b6d55b ] At the end of ip6_forward(), IPSTATS_MIB_OUTFORWDATAGRAMS and IPSTATS_MIB_OUTOCTETS are incremented immediately before the NF_HOOK call for NFPROTO_IPV6 / NF_INET_FORWARD. As a result, these counters get incremented regardless of whether or not the netfilter hook allows the packet to continue being processed. This change increments the counters in ip6_forward_finish() so that it will not happen if the netfilter hook chooses to terminate the packet, which is similar to how IPv4 works. Signed-off-by: Jeff Barnhill <0xeffeff(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv6/ip6_output.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -356,6 +356,11 @@ static int ip6_forward_proxy_check(struc static inline int ip6_forward_finish(struct net *net, struct sock *sk, struct sk_buff *skb) { + struct dst_entry *dst = skb_dst(skb); + + __IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS); + __IP6_ADD_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTOCTETS, skb->len); + return dst_output(net, sk, skb); } @@ -549,8 +554,6 @@ int ip6_forward(struct sk_buff *skb) hdr->hop_limit--; - __IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS); - __IP6_ADD_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTOCTETS, skb->len); return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD, net, NULL, skb, skb->dev, dst->dev, ip6_forward_finish); Patches currently in stable-queue which might be from 0xeffeff(a)gmail.com are queue-4.9/net-ipv6-increment-outxxx-counters-after-netfilter-hook.patch

7 years, 5 months

1
0
0 0

Patch "net/ipv6: Fix route leaking between VRFs" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/ipv6: Fix route leaking between VRFs to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-ipv6-fix-route-leaking-between-vrfs.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Apr 11 10:26:56 CEST 2018 From: David Ahern <dsahern(a)gmail.com> Date: Thu, 29 Mar 2018 17:44:57 -0700 Subject: net/ipv6: Fix route leaking between VRFs From: David Ahern <dsahern(a)gmail.com> [ Upstream commit b6cdbc85234b072340b8923e69f49ec293f905dc ] Donald reported that IPv6 route leaking between VRFs is not working. The root cause is the strict argument in the call to rt6_lookup when validating the nexthop spec. ip6_route_check_nh validates the gateway and device (if given) of a route spec. It in turn could call rt6_lookup (e.g., lookup in a given table did not succeed so it falls back to a full lookup) and if so sets the strict argument to 1. That means if the egress device is given, the route lookup needs to return a result with the same device. This strict requirement does not work with VRFs (IPv4 or IPv6) because the oif in the flow struct is overridden with the index of the VRF device to trigger a match on the l3mdev rule and force the lookup to its table. The right long term solution is to add an l3mdev index to the flow struct such that the oif is not overridden. That solution will not backport well, so this patch aims for a simpler solution to relax the strict argument if the route spec device is an l3mdev slave. As done in other places, use the FLOWI_FLAG_SKIP_NH_OIF to know that the RT6_LOOKUP_F_IFACE flag needs to be removed. Fixes: ca254490c8df ("net: Add VRF support to IPv6 stack") Reported-by: Donald Sharp <sharpd(a)cumulusnetworks.com> Signed-off-by: David Ahern <dsahern(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv6/route.c | 3 +++ 1 file changed, 3 insertions(+) --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -856,6 +856,9 @@ static struct rt6_info *ip6_pol_route_lo struct fib6_node *fn; struct rt6_info *rt; + if (fl6->flowi6_flags & FLOWI_FLAG_SKIP_NH_OIF) + flags &= ~RT6_LOOKUP_F_IFACE; + read_lock_bh(&table->tb6_lock); fn = fib6_lookup(&table->tb6_root, &fl6->daddr, &fl6->saddr); restart: Patches currently in stable-queue which might be from dsahern(a)gmail.com are queue-4.9/perf-report-fix-off-by-one-for-non-activation-frames.patch queue-4.9/perf-trace-add-mmap-alias-for-s390.patch queue-4.9/ipmr-vrf-find-vifs-using-the-actual-device.patch queue-4.9/perf-tools-fix-copyfile_offset-update-of-output-offset.patch queue-4.9/perf-tools-decompress-kernel-module-when-reading-dso-data.patch queue-4.9/ipv6-avoid-dad-failures-for-addresses-with-nodad.patch queue-4.9/net-ipv6-fix-route-leaking-between-vrfs.patch queue-4.9/perf-tests-decompress-kernel-module-before-objdump.patch queue-4.9/perf-header-set-proper-module-name-when-build-id-event-found.patch

7 years, 5 months

1
0
0 0

Patch "net: fool proof dev_valid_name()" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net: fool proof dev_valid_name() to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-fool-proof-dev_valid_name.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Apr 11 10:26:56 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Thu, 5 Apr 2018 06:39:26 -0700 Subject: net: fool proof dev_valid_name() From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit a9d48205d0aedda021fc3728972a9e9934c2b9de ] We want to use dev_valid_name() to validate tunnel names, so better use strnlen(name, IFNAMSIZ) than strlen(name) to make sure to not upset KASAN. Signed-off-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/core/dev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/core/dev.c +++ b/net/core/dev.c @@ -993,7 +993,7 @@ bool dev_valid_name(const char *name) { if (*name == '\0') return false; - if (strlen(name) >= IFNAMSIZ) + if (strnlen(name, IFNAMSIZ) == IFNAMSIZ) return false; if (!strcmp(name, ".") || !strcmp(name, "..")) return false; Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.9/tcp-better-validation-of-received-ack-sequences.patch queue-4.9/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.9/net-fix-possible-out-of-bound-read-in-skb_network_protocol.patch queue-4.9/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.9/x86-asm-don-t-use-rbp-as-a-temporary-register-in-csum_partial_copy_generic.patch queue-4.9/net-fool-proof-dev_valid_name.patch queue-4.9/ipv6-the-entire-ipv6-header-chain-must-fit-the-first-fragment.patch queue-4.9/vti6-better-validate-user-provided-tunnel-names.patch queue-4.9/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.9/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.9/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.9/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.9/skbuff-only-inherit-relevant-tx_flags.patch queue-4.9/netlink-make-sure-nladdr-has-correct-size-in-netlink_connect.patch queue-4.9/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "net: fix possible out-of-bound read in skb_network_protocol()" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net: fix possible out-of-bound read in skb_network_protocol() to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-fix-possible-out-of-bound-read-in-skb_network_protocol.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Apr 11 10:26:56 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Mon, 26 Mar 2018 08:08:07 -0700 Subject: net: fix possible out-of-bound read in skb_network_protocol() From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit 1dfe82ebd7d8fd43dba9948fdfb31f145014baa0 ] skb mac header is not necessarily set at the time skb_network_protocol() is called. Use skb->data instead. BUG: KASAN: slab-out-of-bounds in skb_network_protocol+0x46b/0x4b0 net/core/dev.c:2739 Read of size 2 at addr ffff8801b3097a0b by task syz-executor5/14242 CPU: 1 PID: 14242 Comm: syz-executor5 Not tainted 4.16.0-rc6+ #280 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x24d lib/dump_stack.c:53 print_address_description+0x73/0x250 mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report+0x23c/0x360 mm/kasan/report.c:412 __asan_report_load_n_noabort+0xf/0x20 mm/kasan/report.c:443 skb_network_protocol+0x46b/0x4b0 net/core/dev.c:2739 harmonize_features net/core/dev.c:2924 [inline] netif_skb_features+0x509/0x9b0 net/core/dev.c:3011 validate_xmit_skb+0x81/0xb00 net/core/dev.c:3084 validate_xmit_skb_list+0xbf/0x120 net/core/dev.c:3142 packet_direct_xmit+0x117/0x790 net/packet/af_packet.c:256 packet_snd net/packet/af_packet.c:2944 [inline] packet_sendmsg+0x3aed/0x60b0 net/packet/af_packet.c:2969 sock_sendmsg_nosec net/socket.c:629 [inline] sock_sendmsg+0xca/0x110 net/socket.c:639 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2047 __sys_sendmsg+0xe5/0x210 net/socket.c:2081 Fixes: 19acc327258a ("gso: Handle Trans-Ether-Bridging protocol in skb_network_protocol()") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Cc: Pravin B Shelar <pshelar(a)ovn.org> Reported-by: Reported-by: syzbot <syzkaller(a)googlegroups.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/core/dev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/core/dev.c +++ b/net/core/dev.c @@ -2667,7 +2667,7 @@ __be16 skb_network_protocol(struct sk_bu if (unlikely(!pskb_may_pull(skb, sizeof(struct ethhdr)))) return 0; - eth = (struct ethhdr *)skb_mac_header(skb); + eth = (struct ethhdr *)skb->data; type = eth->h_proto; } Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.9/tcp-better-validation-of-received-ack-sequences.patch queue-4.9/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.9/net-fix-possible-out-of-bound-read-in-skb_network_protocol.patch queue-4.9/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.9/x86-asm-don-t-use-rbp-as-a-temporary-register-in-csum_partial_copy_generic.patch queue-4.9/net-fool-proof-dev_valid_name.patch queue-4.9/ipv6-the-entire-ipv6-header-chain-must-fit-the-first-fragment.patch queue-4.9/vti6-better-validate-user-provided-tunnel-names.patch queue-4.9/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.9/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.9/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.9/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.9/skbuff-only-inherit-relevant-tx_flags.patch queue-4.9/netlink-make-sure-nladdr-has-correct-size-in-netlink_connect.patch queue-4.9/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "ipv6: the entire IPv6 header chain must fit the first fragment" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ipv6: the entire IPv6 header chain must fit the first fragment to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ipv6-the-entire-ipv6-header-chain-must-fit-the-first-fragment.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Apr 11 10:26:56 CEST 2018 From: Paolo Abeni <pabeni(a)redhat.com> Date: Fri, 23 Mar 2018 14:47:30 +0100 Subject: ipv6: the entire IPv6 header chain must fit the first fragment From: Paolo Abeni <pabeni(a)redhat.com> [ Upstream commit 10b8a3de603df7b96004179b1b33b1708c76d144 ] While building ipv6 datagram we currently allow arbitrary large extheaders, even beyond pmtu size. The syzbot has found a way to exploit the above to trigger the following splat: kernel BUG at ./include/linux/skbuff.h:2073! invalid opcode: 0000 [#1] SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: 4230 Comm: syzkaller672661 Not tainted 4.16.0-rc2+ #326 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__skb_pull include/linux/skbuff.h:2073 [inline] RIP: 0010:__ip6_make_skb+0x1ac8/0x2190 net/ipv6/ip6_output.c:1636 RSP: 0018:ffff8801bc18f0f0 EFLAGS: 00010293 RAX: ffff8801b17400c0 RBX: 0000000000000738 RCX: ffffffff84f01828 RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8801b415ac18 RBP: ffff8801bc18f360 R08: ffff8801b4576844 R09: 0000000000000000 R10: ffff8801bc18f380 R11: ffffed00367aee4e R12: 00000000000000d6 R13: ffff8801b415a740 R14: dffffc0000000000 R15: ffff8801b45767c0 FS: 0000000001535880(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000002000b000 CR3: 00000001b4123001 CR4: 00000000001606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ip6_finish_skb include/net/ipv6.h:969 [inline] udp_v6_push_pending_frames+0x269/0x3b0 net/ipv6/udp.c:1073 udpv6_sendmsg+0x2a96/0x3400 net/ipv6/udp.c:1343 inet_sendmsg+0x11f/0x5e0 net/ipv4/af_inet.c:764 sock_sendmsg_nosec net/socket.c:630 [inline] sock_sendmsg+0xca/0x110 net/socket.c:640 ___sys_sendmsg+0x320/0x8b0 net/socket.c:2046 __sys_sendmmsg+0x1ee/0x620 net/socket.c:2136 SYSC_sendmmsg net/socket.c:2167 [inline] SyS_sendmmsg+0x35/0x60 net/socket.c:2162 do_syscall_64+0x280/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x4404c9 RSP: 002b:00007ffdce35f948 EFLAGS: 00000217 ORIG_RAX: 0000000000000133 RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004404c9 RDX: 0000000000000003 RSI: 0000000020001f00 RDI: 0000000000000003 RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8 R10: 0000000020000080 R11: 0000000000000217 R12: 0000000000401df0 R13: 0000000000401e80 R14: 0000000000000000 R15: 0000000000000000 Code: ff e8 1d 5e b9 fc e9 15 e9 ff ff e8 13 5e b9 fc e9 44 e8 ff ff e8 29 5e b9 fc e9 c0 e6 ff ff e8 3f f3 80 fc 0f 0b e8 38 f3 80 fc <0f> 0b 49 8d 87 80 00 00 00 4d 8d 87 84 00 00 00 48 89 85 20 fe RIP: __skb_pull include/linux/skbuff.h:2073 [inline] RSP: ffff8801bc18f0f0 RIP: __ip6_make_skb+0x1ac8/0x2190 net/ipv6/ip6_output.c:1636 RSP: ffff8801bc18f0f0 As stated by RFC 7112 section 5: When a host fragments an IPv6 datagram, it MUST include the entire IPv6 Header Chain in the First Fragment. So this patch addresses the issue dropping datagrams with excessive extheader length. It also updates the error path to report to the calling socket nonnegative pmtu values. The issue apparently predates git history. v1 -> v2: cleanup error path, as per Eric's suggestion Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: syzbot+91e6f9932ff122fa4410(a)syzkaller.appspotmail.com Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv6/ip6_output.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -1291,7 +1291,7 @@ static int __ip6_append_data(struct sock const struct sockcm_cookie *sockc) { struct sk_buff *skb, *skb_prev = NULL; - unsigned int maxfraglen, fragheaderlen, mtu, orig_mtu; + unsigned int maxfraglen, fragheaderlen, mtu, orig_mtu, pmtu; int exthdrlen = 0; int dst_exthdrlen = 0; int hh_len; @@ -1327,6 +1327,12 @@ static int __ip6_append_data(struct sock sizeof(struct frag_hdr) : 0) + rt->rt6i_nfheader_len; + /* as per RFC 7112 section 5, the entire IPv6 Header Chain must fit + * the first fragment + */ + if (headersize + transhdrlen > mtu) + goto emsgsize; + if (cork->length + length > mtu - headersize && ipc6->dontfrag && (sk->sk_protocol == IPPROTO_UDP || sk->sk_protocol == IPPROTO_RAW)) { @@ -1342,9 +1348,8 @@ static int __ip6_append_data(struct sock if (cork->length + length > maxnonfragsize - headersize) { emsgsize: - ipv6_local_error(sk, EMSGSIZE, fl6, - mtu - headersize + - sizeof(struct ipv6hdr)); + pmtu = max_t(int, mtu - headersize + sizeof(struct ipv6hdr), 0); + ipv6_local_error(sk, EMSGSIZE, fl6, pmtu); return -EMSGSIZE; } Patches currently in stable-queue which might be from pabeni(a)redhat.com are queue-4.9/ipv6-the-entire-ipv6-header-chain-must-fit-the-first-fragment.patch

7 years, 5 months

1
0
0 0

Patch "ipv6: sit: better validate user provided tunnel names" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ipv6: sit: better validate user provided tunnel names to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ipv6-sit-better-validate-user-provided-tunnel-names.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Apr 11 10:26:56 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Thu, 5 Apr 2018 06:39:28 -0700 Subject: ipv6: sit: better validate user provided tunnel names From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit b95211e066fc3494b7c115060b2297b4ba21f025 ] Use dev_valid_name() to make sure user does not provide illegal device name. syzbot caught the following bug : BUG: KASAN: stack-out-of-bounds in strlcpy include/linux/string.h:300 [inline] BUG: KASAN: stack-out-of-bounds in ipip6_tunnel_locate+0x63b/0xaa0 net/ipv6/sit.c:254 Write of size 33 at addr ffff8801b64076d8 by task syzkaller932654/4453 CPU: 0 PID: 4453 Comm: syzkaller932654 Not tainted 4.16.0+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b9/0x29f lib/dump_stack.c:53 print_address_description+0x6c/0x20b mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.7+0xac/0x2f5 mm/kasan/report.c:412 check_memory_region_inline mm/kasan/kasan.c:260 [inline] check_memory_region+0x13e/0x1b0 mm/kasan/kasan.c:267 memcpy+0x37/0x50 mm/kasan/kasan.c:303 strlcpy include/linux/string.h:300 [inline] ipip6_tunnel_locate+0x63b/0xaa0 net/ipv6/sit.c:254 ipip6_tunnel_ioctl+0xe71/0x241b net/ipv6/sit.c:1221 dev_ifsioc+0x43e/0xb90 net/core/dev_ioctl.c:334 dev_ioctl+0x69a/0xcc0 net/core/dev_ioctl.c:525 sock_ioctl+0x47e/0x680 net/socket.c:1015 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x1cf/0x1650 fs/ioctl.c:684 ksys_ioctl+0xa9/0xd0 fs/ioctl.c:701 SYSC_ioctl fs/ioctl.c:708 [inline] SyS_ioctl+0x24/0x30 fs/ioctl.c:706 do_syscall_64+0x29e/0x9d0 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Reported-by: syzbot <syzkaller(a)googlegroups.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv6/sit.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) --- a/net/ipv6/sit.c +++ b/net/ipv6/sit.c @@ -244,11 +244,13 @@ static struct ip_tunnel *ipip6_tunnel_lo if (!create) goto failed; - if (parms->name[0]) + if (parms->name[0]) { + if (!dev_valid_name(parms->name)) + goto failed; strlcpy(name, parms->name, IFNAMSIZ); - else + } else { strcpy(name, "sit%d"); - + } dev = alloc_netdev(sizeof(*t), name, NET_NAME_UNKNOWN, ipip6_tunnel_setup); if (!dev) Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.9/tcp-better-validation-of-received-ack-sequences.patch queue-4.9/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.9/net-fix-possible-out-of-bound-read-in-skb_network_protocol.patch queue-4.9/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.9/x86-asm-don-t-use-rbp-as-a-temporary-register-in-csum_partial_copy_generic.patch queue-4.9/net-fool-proof-dev_valid_name.patch queue-4.9/ipv6-the-entire-ipv6-header-chain-must-fit-the-first-fragment.patch queue-4.9/vti6-better-validate-user-provided-tunnel-names.patch queue-4.9/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.9/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.9/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.9/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.9/skbuff-only-inherit-relevant-tx_flags.patch queue-4.9/netlink-make-sure-nladdr-has-correct-size-in-netlink_connect.patch queue-4.9/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "ip_tunnel: better validate user provided tunnel names" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ip_tunnel: better validate user provided tunnel names to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ip_tunnel-better-validate-user-provided-tunnel-names.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Apr 11 10:26:56 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Thu, 5 Apr 2018 06:39:27 -0700 Subject: ip_tunnel: better validate user provided tunnel names From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit 9cb726a212a82c88c98aa9f0037fd04777cd8fe5 ] Use dev_valid_name() to make sure user does not provide illegal device name. syzbot caught the following bug : BUG: KASAN: stack-out-of-bounds in strlcpy include/linux/string.h:300 [inline] BUG: KASAN: stack-out-of-bounds in __ip_tunnel_create+0xca/0x6b0 net/ipv4/ip_tunnel.c:257 Write of size 20 at addr ffff8801ac79f810 by task syzkaller268107/4482 CPU: 0 PID: 4482 Comm: syzkaller268107 Not tainted 4.16.0+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b9/0x29f lib/dump_stack.c:53 print_address_description+0x6c/0x20b mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.7+0xac/0x2f5 mm/kasan/report.c:412 check_memory_region_inline mm/kasan/kasan.c:260 [inline] check_memory_region+0x13e/0x1b0 mm/kasan/kasan.c:267 memcpy+0x37/0x50 mm/kasan/kasan.c:303 strlcpy include/linux/string.h:300 [inline] __ip_tunnel_create+0xca/0x6b0 net/ipv4/ip_tunnel.c:257 ip_tunnel_create net/ipv4/ip_tunnel.c:352 [inline] ip_tunnel_ioctl+0x818/0xd40 net/ipv4/ip_tunnel.c:861 ipip_tunnel_ioctl+0x1c5/0x420 net/ipv4/ipip.c:350 dev_ifsioc+0x43e/0xb90 net/core/dev_ioctl.c:334 dev_ioctl+0x69a/0xcc0 net/core/dev_ioctl.c:525 sock_ioctl+0x47e/0x680 net/socket.c:1015 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x1cf/0x1650 fs/ioctl.c:684 ksys_ioctl+0xa9/0xd0 fs/ioctl.c:701 SYSC_ioctl fs/ioctl.c:708 [inline] SyS_ioctl+0x24/0x30 fs/ioctl.c:706 do_syscall_64+0x29e/0x9d0 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 Fixes: c54419321455 ("GRE: Refactor GRE tunneling code.") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Reported-by: syzbot <syzkaller(a)googlegroups.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv4/ip_tunnel.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) --- a/net/ipv4/ip_tunnel.c +++ b/net/ipv4/ip_tunnel.c @@ -253,13 +253,14 @@ static struct net_device *__ip_tunnel_cr struct net_device *dev; char name[IFNAMSIZ]; - if (parms->name[0]) + err = -E2BIG; + if (parms->name[0]) { + if (!dev_valid_name(parms->name)) + goto failed; strlcpy(name, parms->name, IFNAMSIZ); - else { - if (strlen(ops->kind) > (IFNAMSIZ - 3)) { - err = -E2BIG; + } else { + if (strlen(ops->kind) > (IFNAMSIZ - 3)) goto failed; - } strlcpy(name, ops->kind, IFNAMSIZ); strncat(name, "%d", 2); } Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.9/tcp-better-validation-of-received-ack-sequences.patch queue-4.9/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.9/net-fix-possible-out-of-bound-read-in-skb_network_protocol.patch queue-4.9/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.9/x86-asm-don-t-use-rbp-as-a-temporary-register-in-csum_partial_copy_generic.patch queue-4.9/net-fool-proof-dev_valid_name.patch queue-4.9/ipv6-the-entire-ipv6-header-chain-must-fit-the-first-fragment.patch queue-4.9/vti6-better-validate-user-provided-tunnel-names.patch queue-4.9/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.9/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.9/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.9/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.9/skbuff-only-inherit-relevant-tx_flags.patch queue-4.9/netlink-make-sure-nladdr-has-correct-size-in-netlink_connect.patch queue-4.9/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "ip6_tunnel: better validate user provided tunnel names" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ip6_tunnel: better validate user provided tunnel names to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ip6_tunnel-better-validate-user-provided-tunnel-names.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Apr 11 10:26:56 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Thu, 5 Apr 2018 06:39:30 -0700 Subject: ip6_tunnel: better validate user provided tunnel names From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit db7a65e3ab78e5b1c4b17c0870ebee35a4ee3257 ] Use valid_name() to make sure user does not provide illegal device name. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv6/ip6_tunnel.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) --- a/net/ipv6/ip6_tunnel.c +++ b/net/ipv6/ip6_tunnel.c @@ -298,13 +298,16 @@ static struct ip6_tnl *ip6_tnl_create(st struct net_device *dev; struct ip6_tnl *t; char name[IFNAMSIZ]; - int err = -ENOMEM; + int err = -E2BIG; - if (p->name[0]) + if (p->name[0]) { + if (!dev_valid_name(p->name)) + goto failed; strlcpy(name, p->name, IFNAMSIZ); - else + } else { sprintf(name, "ip6tnl%%d"); - + } + err = -ENOMEM; dev = alloc_netdev(sizeof(*t), name, NET_NAME_UNKNOWN, ip6_tnl_dev_setup); if (!dev) Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.9/tcp-better-validation-of-received-ack-sequences.patch queue-4.9/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.9/net-fix-possible-out-of-bound-read-in-skb_network_protocol.patch queue-4.9/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.9/x86-asm-don-t-use-rbp-as-a-temporary-register-in-csum_partial_copy_generic.patch queue-4.9/net-fool-proof-dev_valid_name.patch queue-4.9/ipv6-the-entire-ipv6-header-chain-must-fit-the-first-fragment.patch queue-4.9/vti6-better-validate-user-provided-tunnel-names.patch queue-4.9/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.9/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.9/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.9/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.9/skbuff-only-inherit-relevant-tx_flags.patch queue-4.9/netlink-make-sure-nladdr-has-correct-size-in-netlink_connect.patch queue-4.9/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "ip6_gre: better validate user provided tunnel names" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ip6_gre: better validate user provided tunnel names to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ip6_gre-better-validate-user-provided-tunnel-names.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Apr 11 10:26:56 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Thu, 5 Apr 2018 06:39:29 -0700 Subject: ip6_gre: better validate user provided tunnel names From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit 5f42df013b8bc1b6511af7a04bf93b014884ae2a ] Use dev_valid_name() to make sure user does not provide illegal device name. syzbot caught the following bug : BUG: KASAN: stack-out-of-bounds in strlcpy include/linux/string.h:300 [inline] BUG: KASAN: stack-out-of-bounds in ip6gre_tunnel_locate+0x334/0x860 net/ipv6/ip6_gre.c:339 Write of size 20 at addr ffff8801afb9f7b8 by task syzkaller851048/4466 CPU: 1 PID: 4466 Comm: syzkaller851048 Not tainted 4.16.0+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b9/0x29f lib/dump_stack.c:53 print_address_description+0x6c/0x20b mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.7+0xac/0x2f5 mm/kasan/report.c:412 check_memory_region_inline mm/kasan/kasan.c:260 [inline] check_memory_region+0x13e/0x1b0 mm/kasan/kasan.c:267 memcpy+0x37/0x50 mm/kasan/kasan.c:303 strlcpy include/linux/string.h:300 [inline] ip6gre_tunnel_locate+0x334/0x860 net/ipv6/ip6_gre.c:339 ip6gre_tunnel_ioctl+0x69d/0x12e0 net/ipv6/ip6_gre.c:1195 dev_ifsioc+0x43e/0xb90 net/core/dev_ioctl.c:334 dev_ioctl+0x69a/0xcc0 net/core/dev_ioctl.c:525 sock_ioctl+0x47e/0x680 net/socket.c:1015 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x1cf/0x1650 fs/ioctl.c:684 ksys_ioctl+0xa9/0xd0 fs/ioctl.c:701 SYSC_ioctl fs/ioctl.c:708 [inline] SyS_ioctl+0x24/0x30 fs/ioctl.c:706 do_syscall_64+0x29e/0x9d0 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 Fixes: c12b395a4664 ("gre: Support GRE over IPv6") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Reported-by: syzbot <syzkaller(a)googlegroups.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv6/ip6_gre.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) --- a/net/ipv6/ip6_gre.c +++ b/net/ipv6/ip6_gre.c @@ -319,11 +319,13 @@ static struct ip6_tnl *ip6gre_tunnel_loc if (t || !create) return t; - if (parms->name[0]) + if (parms->name[0]) { + if (!dev_valid_name(parms->name)) + return NULL; strlcpy(name, parms->name, IFNAMSIZ); - else + } else { strcpy(name, "ip6gre%d"); - + } dev = alloc_netdev(sizeof(*t), name, NET_NAME_UNKNOWN, ip6gre_tunnel_setup); if (!dev) Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.9/tcp-better-validation-of-received-ack-sequences.patch queue-4.9/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.9/net-fix-possible-out-of-bound-read-in-skb_network_protocol.patch queue-4.9/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.9/x86-asm-don-t-use-rbp-as-a-temporary-register-in-csum_partial_copy_generic.patch queue-4.9/net-fool-proof-dev_valid_name.patch queue-4.9/ipv6-the-entire-ipv6-header-chain-must-fit-the-first-fragment.patch queue-4.9/vti6-better-validate-user-provided-tunnel-names.patch queue-4.9/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.9/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.9/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.9/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.9/skbuff-only-inherit-relevant-tx_flags.patch queue-4.9/netlink-make-sure-nladdr-has-correct-size-in-netlink_connect.patch queue-4.9/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "bonding: process the err returned by dev_set_allmulti properly in bond_enslave" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled bonding: process the err returned by dev_set_allmulti properly in bond_enslave to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: bonding-process-the-err-returned-by-dev_set_allmulti-properly-in-bond_enslave.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Apr 11 10:26:56 CEST 2018 From: Xin Long <lucien.xin(a)gmail.com> Date: Mon, 26 Mar 2018 01:16:47 +0800 Subject: bonding: process the err returned by dev_set_allmulti properly in bond_enslave From: Xin Long <lucien.xin(a)gmail.com> [ Upstream commit 9f5a90c107741b864398f4ac0014711a8c1d8474 ] When dev_set_promiscuity(1) succeeds but dev_set_allmulti(1) fails, dev_set_promiscuity(-1) should be done before going to the err path. Otherwise, dev->promiscuity will leak. Fixes: 7e1a1ac1fbaa ("bonding: Check return of dev_set_promiscuity/allmulti") Signed-off-by: Xin Long <lucien.xin(a)gmail.com> Acked-by: Andy Gospodarek <andy(a)greyhouse.net> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/bonding/bond_main.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) --- a/drivers/net/bonding/bond_main.c +++ b/drivers/net/bonding/bond_main.c @@ -1700,8 +1700,11 @@ int bond_enslave(struct net_device *bond /* set allmulti level to new slave */ if (bond_dev->flags & IFF_ALLMULTI) { res = dev_set_allmulti(slave_dev, 1); - if (res) + if (res) { + if (bond_dev->flags & IFF_PROMISC) + dev_set_promiscuity(slave_dev, -1); goto err_sysfs_del; + } } netif_addr_lock_bh(bond_dev); Patches currently in stable-queue which might be from lucien.xin(a)gmail.com are queue-4.9/team-move-dev_mc_sync-after-master_upper_dev_link-in-team_port_add.patch queue-4.9/bonding-process-the-err-returned-by-dev_set_allmulti-properly-in-bond_enslave.patch queue-4.9/bonding-fix-the-err-path-for-dev-hwaddr-sync-in-bond_enslave.patch queue-4.9/bonding-move-dev_mc_sync-after-master_upper_dev_link-in-bond_enslave.patch queue-4.9/route-check-sysctl_fib_multipath_use_neigh-earlier-than-hash.patch queue-4.9/sctp-fix-recursive-locking-warning-in-sctp_do_peeloff.patch

7 years, 5 months

1
0
0 0

Patch "bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: bonding-move-dev_mc_sync-after-master_upper_dev_link-in-bond_enslave.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Apr 11 10:26:56 CEST 2018 From: Xin Long <lucien.xin(a)gmail.com> Date: Mon, 26 Mar 2018 01:16:46 +0800 Subject: bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave From: Xin Long <lucien.xin(a)gmail.com> [ Upstream commit ae42cc62a9f07f1f6979054ed92606b9c30f4a2e ] Beniamino found a crash when adding vlan as slave of bond which is also the parent link: ip link add bond1 type bond ip link set bond1 up ip link add link bond1 vlan1 type vlan id 80 ip link set vlan1 master bond1 The call trace is as below: [<ffffffffa850842a>] queued_spin_lock_slowpath+0xb/0xf [<ffffffffa8515680>] _raw_spin_lock+0x20/0x30 [<ffffffffa83f6f07>] dev_mc_sync+0x37/0x80 [<ffffffffc08687dc>] vlan_dev_set_rx_mode+0x1c/0x30 [8021q] [<ffffffffa83efd2a>] __dev_set_rx_mode+0x5a/0xa0 [<ffffffffa83f7138>] dev_mc_sync_multiple+0x78/0x80 [<ffffffffc084127c>] bond_enslave+0x67c/0x1190 [bonding] [<ffffffffa8401909>] do_setlink+0x9c9/0xe50 [<ffffffffa8403bf2>] rtnl_newlink+0x522/0x880 [<ffffffffa8403ff7>] rtnetlink_rcv_msg+0xa7/0x260 [<ffffffffa8424ecb>] netlink_rcv_skb+0xab/0xc0 [<ffffffffa83fe498>] rtnetlink_rcv+0x28/0x30 [<ffffffffa8424850>] netlink_unicast+0x170/0x210 [<ffffffffa8424bf8>] netlink_sendmsg+0x308/0x420 [<ffffffffa83cc396>] sock_sendmsg+0xb6/0xf0 This is actually a dead lock caused by sync slave hwaddr from master when the master is the slave's 'slave'. This dead loop check is actually done by netdev_master_upper_dev_link. However, Commit 1f718f0f4f97 ("bonding: populate neighbour's private on enslave") moved it after dev_mc_sync. This patch is to fix it by moving dev_mc_sync after master_upper_dev_link, so that this loop check would be earlier than dev_mc_sync. It also moves if (mode == BOND_MODE_8023AD) into if (!bond_uses_primary) clause as an improvement. Note team driver also has this issue, I will fix it in another patch. Fixes: 1f718f0f4f97 ("bonding: populate neighbour's private on enslave") Reported-by: Beniamino Galvani <bgalvani(a)redhat.com> Signed-off-by: Xin Long <lucien.xin(a)gmail.com> Acked-by: Andy Gospodarek <andy(a)greyhouse.net> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/bonding/bond_main.c | 73 +++++++++++++++++++--------------------- 1 file changed, 35 insertions(+), 38 deletions(-) --- a/drivers/net/bonding/bond_main.c +++ b/drivers/net/bonding/bond_main.c @@ -1524,44 +1524,11 @@ int bond_enslave(struct net_device *bond goto err_close; } - /* If the mode uses primary, then the following is handled by - * bond_change_active_slave(). - */ - if (!bond_uses_primary(bond)) { - /* set promiscuity level to new slave */ - if (bond_dev->flags & IFF_PROMISC) { - res = dev_set_promiscuity(slave_dev, 1); - if (res) - goto err_close; - } - - /* set allmulti level to new slave */ - if (bond_dev->flags & IFF_ALLMULTI) { - res = dev_set_allmulti(slave_dev, 1); - if (res) - goto err_close; - } - - netif_addr_lock_bh(bond_dev); - - dev_mc_sync_multiple(slave_dev, bond_dev); - dev_uc_sync_multiple(slave_dev, bond_dev); - - netif_addr_unlock_bh(bond_dev); - } - - if (BOND_MODE(bond) == BOND_MODE_8023AD) { - /* add lacpdu mc addr to mc list */ - u8 lacpdu_multicast[ETH_ALEN] = MULTICAST_LACPDU_ADDR; - - dev_mc_add(slave_dev, lacpdu_multicast); - } - res = vlan_vids_add_by_dev(slave_dev, bond_dev); if (res) { netdev_err(bond_dev, "Couldn't add bond vlan ids to %s\n", slave_dev->name); - goto err_hwaddr_unsync; + goto err_close; } prev_slave = bond_last_slave(bond); @@ -1719,6 +1686,37 @@ int bond_enslave(struct net_device *bond goto err_upper_unlink; } + /* If the mode uses primary, then the following is handled by + * bond_change_active_slave(). + */ + if (!bond_uses_primary(bond)) { + /* set promiscuity level to new slave */ + if (bond_dev->flags & IFF_PROMISC) { + res = dev_set_promiscuity(slave_dev, 1); + if (res) + goto err_sysfs_del; + } + + /* set allmulti level to new slave */ + if (bond_dev->flags & IFF_ALLMULTI) { + res = dev_set_allmulti(slave_dev, 1); + if (res) + goto err_sysfs_del; + } + + netif_addr_lock_bh(bond_dev); + dev_mc_sync_multiple(slave_dev, bond_dev); + dev_uc_sync_multiple(slave_dev, bond_dev); + netif_addr_unlock_bh(bond_dev); + + if (BOND_MODE(bond) == BOND_MODE_8023AD) { + /* add lacpdu mc addr to mc list */ + u8 lacpdu_multicast[ETH_ALEN] = MULTICAST_LACPDU_ADDR; + + dev_mc_add(slave_dev, lacpdu_multicast); + } + } + bond->slave_cnt++; bond_compute_features(bond); bond_set_carrier(bond); @@ -1742,6 +1740,9 @@ int bond_enslave(struct net_device *bond return 0; /* Undo stages on error */ +err_sysfs_del: + bond_sysfs_slave_del(new_slave); + err_upper_unlink: bond_upper_dev_unlink(bond, new_slave); @@ -1762,10 +1763,6 @@ err_detach: synchronize_rcu(); slave_disable_netpoll(new_slave); -err_hwaddr_unsync: - if (!bond_uses_primary(bond)) - bond_hw_addr_flush(bond_dev, slave_dev); - err_close: slave_dev->priv_flags &= ~IFF_BONDING; dev_close(slave_dev); Patches currently in stable-queue which might be from lucien.xin(a)gmail.com are queue-4.9/team-move-dev_mc_sync-after-master_upper_dev_link-in-team_port_add.patch queue-4.9/bonding-process-the-err-returned-by-dev_set_allmulti-properly-in-bond_enslave.patch queue-4.9/bonding-fix-the-err-path-for-dev-hwaddr-sync-in-bond_enslave.patch queue-4.9/bonding-move-dev_mc_sync-after-master_upper_dev_link-in-bond_enslave.patch queue-4.9/route-check-sysctl_fib_multipath_use_neigh-earlier-than-hash.patch queue-4.9/sctp-fix-recursive-locking-warning-in-sctp_do_peeloff.patch

7 years, 5 months

1
0
0 0

Patch "bonding: fix the err path for dev hwaddr sync in bond_enslave" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled bonding: fix the err path for dev hwaddr sync in bond_enslave to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: bonding-fix-the-err-path-for-dev-hwaddr-sync-in-bond_enslave.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Apr 11 10:26:56 CEST 2018 From: Xin Long <lucien.xin(a)gmail.com> Date: Mon, 26 Mar 2018 01:16:45 +0800 Subject: bonding: fix the err path for dev hwaddr sync in bond_enslave From: Xin Long <lucien.xin(a)gmail.com> [ Upstream commit 5c78f6bfae2b10ff70e21d343e64584ea6280c26 ] vlan_vids_add_by_dev is called right after dev hwaddr sync, so on the err path it should unsync dev hwaddr. Otherwise, the slave dev's hwaddr will never be unsync when this err happens. Fixes: 1ff412ad7714 ("bonding: change the bond's vlan syncing functions with the standard ones") Signed-off-by: Xin Long <lucien.xin(a)gmail.com> Reviewed-by: Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> Acked-by: Andy Gospodarek <andy(a)greyhouse.net> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/bonding/bond_main.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) --- a/drivers/net/bonding/bond_main.c +++ b/drivers/net/bonding/bond_main.c @@ -1561,7 +1561,7 @@ int bond_enslave(struct net_device *bond if (res) { netdev_err(bond_dev, "Couldn't add bond vlan ids to %s\n", slave_dev->name); - goto err_close; + goto err_hwaddr_unsync; } prev_slave = bond_last_slave(bond); @@ -1749,9 +1749,6 @@ err_unregister: netdev_rx_handler_unregister(slave_dev); err_detach: - if (!bond_uses_primary(bond)) - bond_hw_addr_flush(bond_dev, slave_dev); - vlan_vids_del_by_dev(slave_dev, bond_dev); if (rcu_access_pointer(bond->primary_slave) == new_slave) RCU_INIT_POINTER(bond->primary_slave, NULL); @@ -1765,6 +1762,10 @@ err_detach: synchronize_rcu(); slave_disable_netpoll(new_slave); +err_hwaddr_unsync: + if (!bond_uses_primary(bond)) + bond_hw_addr_flush(bond_dev, slave_dev); + err_close: slave_dev->priv_flags &= ~IFF_BONDING; dev_close(slave_dev); Patches currently in stable-queue which might be from lucien.xin(a)gmail.com are queue-4.9/team-move-dev_mc_sync-after-master_upper_dev_link-in-team_port_add.patch queue-4.9/bonding-process-the-err-returned-by-dev_set_allmulti-properly-in-bond_enslave.patch queue-4.9/bonding-fix-the-err-path-for-dev-hwaddr-sync-in-bond_enslave.patch queue-4.9/bonding-move-dev_mc_sync-after-master_upper_dev_link-in-bond_enslave.patch queue-4.9/route-check-sysctl_fib_multipath_use_neigh-earlier-than-hash.patch queue-4.9/sctp-fix-recursive-locking-warning-in-sctp_do_peeloff.patch

7 years, 5 months

1
0
0 0

Patch "arp: fix arp_filter on l3slave devices" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled arp: fix arp_filter on l3slave devices to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arp-fix-arp_filter-on-l3slave-devices.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Apr 11 10:26:56 CEST 2018 From: Miguel Fadon Perlines <mfadon(a)teldat.com> Date: Thu, 5 Apr 2018 10:25:38 +0200 Subject: arp: fix arp_filter on l3slave devices From: Miguel Fadon Perlines <mfadon(a)teldat.com> [ Upstream commit 58b35f27689b5eb514fc293c332966c226b1b6e4 ] arp_filter performs an ip_route_output search for arp source address and checks if output device is the same where the arp request was received, if it is not, the arp request is not answered. This route lookup is always done on main route table so l3slave devices never find the proper route and arp is not answered. Passing l3mdev_master_ifindex_rcu(dev) return value as oif fixes the lookup for l3slave devices while maintaining same behavior for non l3slave devices as this function returns 0 in that case. Fixes: 613d09b30f8b ("net: Use VRF device index for lookups on TX") Signed-off-by: Miguel Fadon Perlines <mfadon(a)teldat.com> Acked-by: David Ahern <dsa(a)cumulusnetworks.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv4/arp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/ipv4/arp.c +++ b/net/ipv4/arp.c @@ -437,7 +437,7 @@ static int arp_filter(__be32 sip, __be32 /*unsigned long now; */ struct net *net = dev_net(dev); - rt = ip_route_output(net, sip, tip, 0, 0); + rt = ip_route_output(net, sip, tip, 0, l3mdev_master_ifindex_rcu(dev)); if (IS_ERR(rt)) return 1; if (rt->dst.dev != dev) { Patches currently in stable-queue which might be from mfadon(a)teldat.com are queue-4.9/arp-fix-arp_filter-on-l3slave-devices.patch

7 years, 5 months

1
0
0 0

Re: [PATCH] writeback: safer lock nesting

by Greg Thelen

On Tue, Apr 10, 2018 at 7:44 PM Wang Long <wanglong19(a)meituan.com> wrote: > > Hi, > > > > [This is an automated email] > > > > This commit has been processed by the -stable helper bot and determined > > to be a high probability candidate for -stable trees. (score: 44.5575) > > > > The bot has tested the following trees: v4.16.1, v4.15.16, v4.14.33, v4.9.93, v4.4.127. > > > > v4.16.1: Build OK! > > v4.15.16: Build OK! > > v4.14.33: Build OK! > > v4.9.93: Build OK! > > v4.4.127: Failed to apply! Possible dependencies: > > 62cccb8c8e7a ("mm: simplify lock_page_memcg()") > Hi Sasha, > I test the memory cgroup in lts v4.4, for this issue, 62cccb8c8e7a ("mm: > simplify lock_page_memcg()") > need to adjust and there are several other places that need to be fixed. > I will make the patch for lts v4.4 if no one did. I'm testing a 4.4-stable patch right now. ETA is a few hours.

7 years, 5 months

1
2
0 0

[PATCH v4] writeback: safer lock nesting

by Greg Thelen

lock_page_memcg()/unlock_page_memcg() use spin_lock_irqsave/restore() if the page's memcg is undergoing move accounting, which occurs when a process leaves its memcg for a new one that has memory.move_charge_at_immigrate set. unlocked_inode_to_wb_begin,end() use spin_lock_irq/spin_unlock_irq() if the given inode is switching writeback domains. Switches occur when enough writes are issued from a new domain. This existing pattern is thus suspicious: lock_page_memcg(page); unlocked_inode_to_wb_begin(inode, &locked); ... unlocked_inode_to_wb_end(inode, locked); unlock_page_memcg(page); If both inode switch and process memcg migration are both in-flight then unlocked_inode_to_wb_end() will unconditionally enable interrupts while still holding the lock_page_memcg() irq spinlock. This suggests the possibility of deadlock if an interrupt occurs before unlock_page_memcg(). truncate __cancel_dirty_page lock_page_memcg unlocked_inode_to_wb_begin unlocked_inode_to_wb_end <interrupts mistakenly enabled> <interrupt> end_page_writeback test_clear_page_writeback lock_page_memcg <deadlock> unlock_page_memcg Due to configuration limitations this deadlock is not currently possible because we don't mix cgroup writeback (a cgroupv2 feature) and memory.move_charge_at_immigrate (a cgroupv1 feature). If the kernel is hacked to always claim inode switching and memcg moving_account, then this script triggers lockup in less than a minute: cd /mnt/cgroup/memory mkdir a b echo 1 > a/memory.move_charge_at_immigrate echo 1 > b/memory.move_charge_at_immigrate ( echo $BASHPID > a/cgroup.procs while true; do dd if=/dev/zero of=/mnt/big bs=1M count=256 done ) & while true; do sync done & sleep 1h & SLEEP=$! while true; do echo $SLEEP > a/cgroup.procs echo $SLEEP > b/cgroup.procs done The deadlock does not seem possible, so it's debatable if there's any reason to modify the kernel. I suggest we should to prevent future surprises. And Wang Long said "this deadlock occurs three times in our environment", so there's more reason to apply this, even to stable. Stable 4.4 has minor conflicts applying this patch. For a clean 4.4 patch see "[PATCH for-4.4] writeback: safer lock nesting" https://lkml.org/lkml/2018/4/11/146 Fixes: 682aa8e1a6a1 ("writeback: implement unlocked_inode_to_wb transaction and use it for stat updates") Cc: stable(a)vger.kernel.org # v4.2+ Reported-by: Wang Long <wanglong19(a)meituan.com> Signed-off-by: Greg Thelen <gthelen(a)google.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Acked-by: Wang Long <wanglong19(a)meituan.com> --- Changelog since v3: - initialize wb_lock_cookie wiht {} rather than {0}. - comment grammar fix - commit log footer cleanup (-Change-Id, +Fixes, +Acks, +stable), though patch does not cleanly apply to 4.4. I'll post a 4.4-stable specific patch. Changelog since v2: - explicitly initialize wb_lock_cookie to silence compiler warnings. Changelog since v1: - add wb_lock_cookie to record lock context. fs/fs-writeback.c | 7 ++++--- include/linux/backing-dev-defs.h | 5 +++++ include/linux/backing-dev.h | 31 +++++++++++++++++-------------- mm/page-writeback.c | 18 +++++++++--------- 4 files changed, 35 insertions(+), 26 deletions(-) diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c index 1280f915079b..b1178acfcb08 100644 --- a/fs/fs-writeback.c +++ b/fs/fs-writeback.c @@ -745,11 +745,12 @@ int inode_congested(struct inode *inode, int cong_bits) */ if (inode && inode_to_wb_is_valid(inode)) { struct bdi_writeback *wb; - bool locked, congested; + struct wb_lock_cookie lock_cookie = {}; + bool congested; - wb = unlocked_inode_to_wb_begin(inode, &locked); + wb = unlocked_inode_to_wb_begin(inode, &lock_cookie); congested = wb_congested(wb, cong_bits); - unlocked_inode_to_wb_end(inode, locked); + unlocked_inode_to_wb_end(inode, &lock_cookie); return congested; } diff --git a/include/linux/backing-dev-defs.h b/include/linux/backing-dev-defs.h index bfe86b54f6c1..0bd432a4d7bd 100644 --- a/include/linux/backing-dev-defs.h +++ b/include/linux/backing-dev-defs.h @@ -223,6 +223,11 @@ static inline void set_bdi_congested(struct backing_dev_info *bdi, int sync) set_wb_congested(bdi->wb.congested, sync); } +struct wb_lock_cookie { + bool locked; + unsigned long flags; +}; + #ifdef CONFIG_CGROUP_WRITEBACK /** diff --git a/include/linux/backing-dev.h b/include/linux/backing-dev.h index 3e4ce54d84ab..96f4a3ddfb81 100644 --- a/include/linux/backing-dev.h +++ b/include/linux/backing-dev.h @@ -346,7 +346,7 @@ static inline struct bdi_writeback *inode_to_wb(const struct inode *inode) /** * unlocked_inode_to_wb_begin - begin unlocked inode wb access transaction * @inode: target inode - * @lockedp: temp bool output param, to be passed to the end function + * @cookie: output param, to be passed to the end function * * The caller wants to access the wb associated with @inode but isn't * holding inode->i_lock, mapping->tree_lock or wb->list_lock. This @@ -354,12 +354,12 @@ static inline struct bdi_writeback *inode_to_wb(const struct inode *inode) * association doesn't change until the transaction is finished with * unlocked_inode_to_wb_end(). * - * The caller must call unlocked_inode_to_wb_end() with *@lockdep - * afterwards and can't sleep during transaction. IRQ may or may not be - * disabled on return. + * The caller must call unlocked_inode_to_wb_end() with *@cookie afterwards and + * can't sleep during the transaction. IRQs may or may not be disabled on + * return. */ static inline struct bdi_writeback * -unlocked_inode_to_wb_begin(struct inode *inode, bool *lockedp) +unlocked_inode_to_wb_begin(struct inode *inode, struct wb_lock_cookie *cookie) { rcu_read_lock(); @@ -367,10 +367,10 @@ unlocked_inode_to_wb_begin(struct inode *inode, bool *lockedp) * Paired with store_release in inode_switch_wb_work_fn() and * ensures that we see the new wb if we see cleared I_WB_SWITCH. */ - *lockedp = smp_load_acquire(&inode->i_state) & I_WB_SWITCH; + cookie->locked = smp_load_acquire(&inode->i_state) & I_WB_SWITCH; - if (unlikely(*lockedp)) - spin_lock_irq(&inode->i_mapping->tree_lock); + if (unlikely(cookie->locked)) + spin_lock_irqsave(&inode->i_mapping->tree_lock, cookie->flags); /* * Protected by either !I_WB_SWITCH + rcu_read_lock() or tree_lock. @@ -382,12 +382,14 @@ unlocked_inode_to_wb_begin(struct inode *inode, bool *lockedp) /** * unlocked_inode_to_wb_end - end inode wb access transaction * @inode: target inode - * @locked: *@lockedp from unlocked_inode_to_wb_begin() + * @cookie: @cookie from unlocked_inode_to_wb_begin() */ -static inline void unlocked_inode_to_wb_end(struct inode *inode, bool locked) +static inline void unlocked_inode_to_wb_end(struct inode *inode, + struct wb_lock_cookie *cookie) { - if (unlikely(locked)) - spin_unlock_irq(&inode->i_mapping->tree_lock); + if (unlikely(cookie->locked)) + spin_unlock_irqrestore(&inode->i_mapping->tree_lock, + cookie->flags); rcu_read_unlock(); } @@ -434,12 +436,13 @@ static inline struct bdi_writeback *inode_to_wb(struct inode *inode) } static inline struct bdi_writeback * -unlocked_inode_to_wb_begin(struct inode *inode, bool *lockedp) +unlocked_inode_to_wb_begin(struct inode *inode, struct wb_lock_cookie *cookie) { return inode_to_wb(inode); } -static inline void unlocked_inode_to_wb_end(struct inode *inode, bool locked) +static inline void unlocked_inode_to_wb_end(struct inode *inode, + struct wb_lock_cookie *cookie) { } diff --git a/mm/page-writeback.c b/mm/page-writeback.c index 586f31261c83..8369572e1f7d 100644 --- a/mm/page-writeback.c +++ b/mm/page-writeback.c @@ -2501,13 +2501,13 @@ void account_page_redirty(struct page *page) if (mapping && mapping_cap_account_dirty(mapping)) { struct inode *inode = mapping->host; struct bdi_writeback *wb; - bool locked; + struct wb_lock_cookie cookie = {}; - wb = unlocked_inode_to_wb_begin(inode, &locked); + wb = unlocked_inode_to_wb_begin(inode, &cookie); current->nr_dirtied--; dec_node_page_state(page, NR_DIRTIED); dec_wb_stat(wb, WB_DIRTIED); - unlocked_inode_to_wb_end(inode, locked); + unlocked_inode_to_wb_end(inode, &cookie); } } EXPORT_SYMBOL(account_page_redirty); @@ -2613,15 +2613,15 @@ void __cancel_dirty_page(struct page *page) if (mapping_cap_account_dirty(mapping)) { struct inode *inode = mapping->host; struct bdi_writeback *wb; - bool locked; + struct wb_lock_cookie cookie = {}; lock_page_memcg(page); - wb = unlocked_inode_to_wb_begin(inode, &locked); + wb = unlocked_inode_to_wb_begin(inode, &cookie); if (TestClearPageDirty(page)) account_page_cleaned(page, mapping, wb); - unlocked_inode_to_wb_end(inode, locked); + unlocked_inode_to_wb_end(inode, &cookie); unlock_page_memcg(page); } else { ClearPageDirty(page); @@ -2653,7 +2653,7 @@ int clear_page_dirty_for_io(struct page *page) if (mapping && mapping_cap_account_dirty(mapping)) { struct inode *inode = mapping->host; struct bdi_writeback *wb; - bool locked; + struct wb_lock_cookie cookie = {}; /* * Yes, Virginia, this is indeed insane. @@ -2690,14 +2690,14 @@ int clear_page_dirty_for_io(struct page *page) * always locked coming in here, so we get the desired * exclusion. */ - wb = unlocked_inode_to_wb_begin(inode, &locked); + wb = unlocked_inode_to_wb_begin(inode, &cookie); if (TestClearPageDirty(page)) { dec_lruvec_page_state(page, NR_FILE_DIRTY); dec_zone_page_state(page, NR_ZONE_WRITE_PENDING); dec_wb_stat(wb, WB_RECLAIMABLE); ret = 1; } - unlocked_inode_to_wb_end(inode, locked); + unlocked_inode_to_wb_end(inode, &cookie); return ret; } return TestClearPageDirty(page); -- 2.17.0.484.g0c8726318c-goog

7 years, 5 months

1
0
0 0

FAILED: patch "[PATCH] vrf: Fix use after free and double free in vrf_finish_output" failed to apply to 4.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From 82dd0d2a9a76fc8fa2b18d80b987d455728bf83a Mon Sep 17 00:00:00 2001 From: David Ahern <dsahern(a)gmail.com> Date: Thu, 29 Mar 2018 12:49:52 -0700 Subject: [PATCH] vrf: Fix use after free and double free in vrf_finish_output Miguel reported an skb use after free / double free in vrf_finish_output when neigh_output returns an error. The vrf driver should return after the call to neigh_output as it takes over the skb on error path as well. Patch is a simplified version of Miguel's patch which was written for 4.9, and updated to top of tree. Fixes: 8f58336d3f78a ("net: Add ethernet header for pass through VRF device") Signed-off-by: Miguel Fadon Perlines <mfadon(a)teldat.com> Signed-off-by: David Ahern <dsahern(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c index 139c61c8244a..ac40924fe437 100644 --- a/drivers/net/vrf.c +++ b/drivers/net/vrf.c @@ -578,12 +578,13 @@ static int vrf_finish_output(struct net *net, struct sock *sk, struct sk_buff *s if (!IS_ERR(neigh)) { sock_confirm_neigh(skb, neigh); ret = neigh_output(neigh, skb); + rcu_read_unlock_bh(); + return ret; } rcu_read_unlock_bh(); err: - if (unlikely(ret < 0)) - vrf_tx_error(skb->dev, skb); + vrf_tx_error(skb->dev, skb); return ret; }

7 years, 5 months

1
0
0 0

[PATCH 0/4] usb: gadget: udc: renesas_usb3: fix some major issues

by Yoshihiro Shimoda

This patch set is based on v4.16. (I should have realized these issues in v4.16-rc cycle though...) Yoshihiro Shimoda (4): usb: gadget: udc: renesas_usb3: fix double phy_put() usb: gadget: udc: renesas_usb3: should remove debugfs usb: gadget: udc: renesas_usb3: should call pm_runtime_enable() before add udc usb: gadget: udc: renesas_usb3: should call devm_phy_get() before add udc drivers/usb/gadget/udc/renesas_usb3.c | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) -- 1.9.1

7 years, 5 months

3
16
0 0

v4.4.127 build: 3 failures 0 warnings (v4.4.127)

by Build bot for Mark Brown

Tree/Branch: v4.4.127 Git describe: v4.4.127 Commit: 2cad7a1d13 Linux 4.4.127 Build Time: 60 min 20 sec Passed: 7 / 10 ( 70.00 %) Failed: 3 / 10 ( 30.00 %) Errors: 37 Warnings: 0 Section Mismatches: 0 Failed defconfigs: arm-allmodconfig arm-multi_v7_defconfig arm-multi_v5_defconfig Errors: arm-allmodconfig ../net/core/sock.c:724:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:922:7: error: 'SO_ATTACH_BPF' undeclared (first use in this function) ../net/core/sock.c:939:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:978:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:983:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:996:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1002:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/core/sock.c:1075:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:1233:7: error: 'SO_GET_FILTER' undeclared (first use in this function) ../net/core/sock.c:1240:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:1244:7: error: 'SO_BPF_EXTENSIONS' undeclared (first use in this function) ../net/core/sock.c:1248:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:1253:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:1258:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1262:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) Error: ../arch/arm/boot/dts/uniphier-ph1-pro4-sanji.dts:0.55-1.1 syntax error Error: ../arch/arm/boot/dts/tegra30.dtsi:1.1-9 syntax error Error: ../arch/arm/boot/dts/omap4-panda.dts:10.1-9 syntax error Error: ../arch/arm/boot/dts/tegra20.dtsi:1.1-9 syntax error Error: ../arch/arm/boot/dts/emev2.dtsi:11.1-9 syntax error Error: ../arch/arm/boot/dts/tegra20.dtsi:1.1-9 syntax error Error: ../arch/arm/boot/dts/tegra20.dtsi:1.1-9 syntax error ../arch/arm/boot/dts/omap3-gta04.dts:132:57: error: unterminated comment ../arch/arm/boot/dts/ccu8540.dts:13:23: fatal error: dbx5x0.dtsi: No such file or directory Error: ../arch/arm/boot/dts/r8a7740-armadillo800eva-reference.dts:203.16-17 syntax error Error: ../arch/arm/boot/dts/uniphier-ph1-pro4-ace.dts:0.53-1.1 syntax error Error: ../arch/arm/boot/dts/arm-realview-eb-11mp-revb.dts:0.57-1.1 syntax error Error: ../arch/arm/boot/dts/tegra20.dtsi:1.1-9 syntax error Error: ../arch/arm/boot/dts/tegra30.dtsi:1.1-9 syntax error Error: ../arch/arm/boot/dts/tegra20.dtsi:1.1-9 syntax error Error: ../arch/arm/boot/dts/r8a7790.dtsi:13.1-9 syntax error Error: ../arch/arm/boot/dts/omap4.dtsi:9.1-9 syntax error Error: ../arch/arm/boot/dts/vf610-colibri.dts:91.5-6 syntax error ../net/sunrpc/xprtsock.c:1738:38: error: 'SO_REUSEPORT' undeclared (first use in this function) ../arch/arm/include/asm/parport.h:12:22: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'parport_pc_find_isa_ports' ../arch/arm/include/asm/parport.h:13:22: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'parport_pc_find_nonpci_ports' ../drivers/parport/parport_pc.c:3070:2: error: implicit declaration of function 'parport_pc_find_nonpci_ports' [-Werror=implicit-function-declaration] ERROR (phandle_references): Reference to non-existent node or label "tc3589x_gpio" ERROR (phandle_references): Reference to non-existent node or label "tc3589x_gpio" ERROR (phandle_references): Reference to non-existent node or label "tc3589x_gpio" ERROR (phandle_references): Reference to non-existent node or label "tc3589x_gpio" ERROR: Input tree has errors, aborting (use -f to force output) ERROR (phandle_references): Reference to non-existent node or label "tc3589x_gpio" ERROR: Input tree has errors, aborting (use -f to force output) ERROR (phandle_references): Reference to non-existent node or label "mainpllclk" ERROR (phandle_references): Reference to non-existent node or label "refclksys" ERROR (phandle_references): Reference to non-existent node or label "papllclk" ERROR: Input tree has errors, aborting (use -f to force output) arm-multi_v7_defconfig ../net/core/sock.c:724:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:922:7: error: 'SO_ATTACH_BPF' undeclared (first use in this function) ../net/core/sock.c:939:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:978:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:983:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:996:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1002:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/core/sock.c:1075:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:1233:7: error: 'SO_GET_FILTER' undeclared (first use in this function) ../net/core/sock.c:1240:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:1244:7: error: 'SO_BPF_EXTENSIONS' undeclared (first use in this function) ../net/core/sock.c:1248:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:1253:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:1258:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1262:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/sunrpc/xprtsock.c:1738:38: error: 'SO_REUSEPORT' undeclared (first use in this function) arm-multi_v5_defconfig ../net/core/sock.c:724:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:922:7: error: 'SO_ATTACH_BPF' undeclared (first use in this function) ../net/core/sock.c:939:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:978:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:983:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:996:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1002:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/core/sock.c:1075:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:1233:7: error: 'SO_GET_FILTER' undeclared (first use in this function) ../net/core/sock.c:1240:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:1244:7: error: 'SO_BPF_EXTENSIONS' undeclared (first use in this function) ../net/core/sock.c:1248:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:1253:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:1258:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1262:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/sunrpc/xprtsock.c:1738:38: error: 'SO_REUSEPORT' undeclared (first use in this function) ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): ------------------------------------------------------------------------------- Errors summary: 37 5 Error: ../arch/arm/boot/dts/tegra20.dtsi:1.1-9 syntax error 5 ERROR (phandle_references): Reference to non-existent node or label "tc3589x_gpio" 3 ERROR: Input tree has errors, aborting (use -f to force output) 3 ../net/sunrpc/xprtsock.c:1738:38: error: 'SO_REUSEPORT' undeclared (first use in this function) 3 ../net/core/sock.c:996:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) 3 ../net/core/sock.c:983:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) 3 ../net/core/sock.c:978:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) 3 ../net/core/sock.c:939:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) 3 ../net/core/sock.c:922:7: error: 'SO_ATTACH_BPF' undeclared (first use in this function) 3 ../net/core/sock.c:724:7: error: 'SO_REUSEPORT' undeclared (first use in this function) 3 ../net/core/sock.c:1262:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) 3 ../net/core/sock.c:1258:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) 3 ../net/core/sock.c:1253:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) 3 ../net/core/sock.c:1248:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) 3 ../net/core/sock.c:1244:7: error: 'SO_BPF_EXTENSIONS' undeclared (first use in this function) 3 ../net/core/sock.c:1240:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) 3 ../net/core/sock.c:1233:7: error: 'SO_GET_FILTER' undeclared (first use in this function) 3 ../net/core/sock.c:1075:7: error: 'SO_REUSEPORT' undeclared (first use in this function) 3 ../net/core/sock.c:1002:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) 2 Error: ../arch/arm/boot/dts/tegra30.dtsi:1.1-9 syntax error 1 Error: ../arch/arm/boot/dts/vf610-colibri.dts:91.5-6 syntax error 1 Error: ../arch/arm/boot/dts/uniphier-ph1-pro4-sanji.dts:0.55-1.1 syntax error 1 Error: ../arch/arm/boot/dts/uniphier-ph1-pro4-ace.dts:0.53-1.1 syntax error 1 Error: ../arch/arm/boot/dts/r8a7790.dtsi:13.1-9 syntax error 1 Error: ../arch/arm/boot/dts/r8a7740-armadillo800eva-reference.dts:203.16-17 syntax error 1 Error: ../arch/arm/boot/dts/omap4.dtsi:9.1-9 syntax error 1 Error: ../arch/arm/boot/dts/omap4-panda.dts:10.1-9 syntax error 1 Error: ../arch/arm/boot/dts/emev2.dtsi:11.1-9 syntax error 1 Error: ../arch/arm/boot/dts/arm-realview-eb-11mp-revb.dts:0.57-1.1 syntax error 1 ERROR (phandle_references): Reference to non-existent node or label "refclksys" 1 ERROR (phandle_references): Reference to non-existent node or label "papllclk" 1 ERROR (phandle_references): Reference to non-existent node or label "mainpllclk" 1 ../drivers/parport/parport_pc.c:3070:2: error: implicit declaration of function 'parport_pc_find_nonpci_ports' [-Werror=implicit-function-declaration] 1 ../arch/arm/include/asm/parport.h:13:22: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'parport_pc_find_nonpci_ports' 1 ../arch/arm/include/asm/parport.h:12:22: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'parport_pc_find_isa_ports' 1 ../arch/arm/boot/dts/omap3-gta04.dts:132:57: error: unterminated comment 1 ../arch/arm/boot/dts/ccu8540.dts:13:23: fatal error: dbx5x0.dtsi: No such file or directory =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- arm-allmodconfig : FAIL, 48 errors, 0 warnings, 0 section mismatches Errors: ../net/core/sock.c:724:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:922:7: error: 'SO_ATTACH_BPF' undeclared (first use in this function) ../net/core/sock.c:939:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:978:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:983:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:996:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1002:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/core/sock.c:1075:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:1233:7: error: 'SO_GET_FILTER' undeclared (first use in this function) ../net/core/sock.c:1240:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:1244:7: error: 'SO_BPF_EXTENSIONS' undeclared (first use in this function) ../net/core/sock.c:1248:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:1253:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:1258:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1262:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) Error: ../arch/arm/boot/dts/uniphier-ph1-pro4-sanji.dts:0.55-1.1 syntax error Error: ../arch/arm/boot/dts/tegra30.dtsi:1.1-9 syntax error Error: ../arch/arm/boot/dts/omap4-panda.dts:10.1-9 syntax error Error: ../arch/arm/boot/dts/tegra20.dtsi:1.1-9 syntax error Error: ../arch/arm/boot/dts/emev2.dtsi:11.1-9 syntax error Error: ../arch/arm/boot/dts/tegra20.dtsi:1.1-9 syntax error Error: ../arch/arm/boot/dts/tegra20.dtsi:1.1-9 syntax error ../arch/arm/boot/dts/omap3-gta04.dts:132:57: error: unterminated comment ../arch/arm/boot/dts/ccu8540.dts:13:23: fatal error: dbx5x0.dtsi: No such file or directory Error: ../arch/arm/boot/dts/r8a7740-armadillo800eva-reference.dts:203.16-17 syntax error Error: ../arch/arm/boot/dts/uniphier-ph1-pro4-ace.dts:0.53-1.1 syntax error Error: ../arch/arm/boot/dts/arm-realview-eb-11mp-revb.dts:0.57-1.1 syntax error Error: ../arch/arm/boot/dts/tegra20.dtsi:1.1-9 syntax error Error: ../arch/arm/boot/dts/tegra30.dtsi:1.1-9 syntax error Error: ../arch/arm/boot/dts/tegra20.dtsi:1.1-9 syntax error Error: ../arch/arm/boot/dts/r8a7790.dtsi:13.1-9 syntax error Error: ../arch/arm/boot/dts/omap4.dtsi:9.1-9 syntax error Error: ../arch/arm/boot/dts/vf610-colibri.dts:91.5-6 syntax error ../net/sunrpc/xprtsock.c:1738:38: error: 'SO_REUSEPORT' undeclared (first use in this function) ../arch/arm/include/asm/parport.h:12:22: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'parport_pc_find_isa_ports' ../arch/arm/include/asm/parport.h:13:22: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'parport_pc_find_nonpci_ports' ../drivers/parport/parport_pc.c:3070:2: error: implicit declaration of function 'parport_pc_find_nonpci_ports' [-Werror=implicit-function-declaration] ERROR (phandle_references): Reference to non-existent node or label "tc3589x_gpio" ERROR (phandle_references): Reference to non-existent node or label "tc3589x_gpio" ERROR (phandle_references): Reference to non-existent node or label "tc3589x_gpio" ERROR (phandle_references): Reference to non-existent node or label "tc3589x_gpio" ERROR: Input tree has errors, aborting (use -f to force output) ERROR (phandle_references): Reference to non-existent node or label "tc3589x_gpio" ERROR: Input tree has errors, aborting (use -f to force output) ERROR (phandle_references): Reference to non-existent node or label "mainpllclk" ERROR (phandle_references): Reference to non-existent node or label "refclksys" ERROR (phandle_references): Reference to non-existent node or label "papllclk" ERROR: Input tree has errors, aborting (use -f to force output) ------------------------------------------------------------------------------- arm-multi_v7_defconfig : FAIL, 16 errors, 0 warnings, 0 section mismatches Errors: ../net/core/sock.c:724:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:922:7: error: 'SO_ATTACH_BPF' undeclared (first use in this function) ../net/core/sock.c:939:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:978:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:983:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:996:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1002:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/core/sock.c:1075:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:1233:7: error: 'SO_GET_FILTER' undeclared (first use in this function) ../net/core/sock.c:1240:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:1244:7: error: 'SO_BPF_EXTENSIONS' undeclared (first use in this function) ../net/core/sock.c:1248:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:1253:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:1258:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1262:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/sunrpc/xprtsock.c:1738:38: error: 'SO_REUSEPORT' undeclared (first use in this function) ------------------------------------------------------------------------------- arm-multi_v5_defconfig : FAIL, 16 errors, 0 warnings, 0 section mismatches Errors: ../net/core/sock.c:724:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:922:7: error: 'SO_ATTACH_BPF' undeclared (first use in this function) ../net/core/sock.c:939:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:978:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:983:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:996:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1002:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/core/sock.c:1075:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:1233:7: error: 'SO_GET_FILTER' undeclared (first use in this function) ../net/core/sock.c:1240:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:1244:7: error: 'SO_BPF_EXTENSIONS' undeclared (first use in this function) ../net/core/sock.c:1248:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:1253:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:1258:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1262:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/sunrpc/xprtsock.c:1738:38: error: 'SO_REUSEPORT' undeclared (first use in this function) ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: arm64-allnoconfig arm64-allmodconfig x86_64-defconfig arm-allnoconfig x86_64-allnoconfig x86_64-allmodconfig arm64-defconfig

7 years, 5 months

1
0
0 0

[PATCH v2 1/2] Fix NULL pointer in page_cache_tree_insert

by Matthew Wilcox

From: Matthew Wilcox <mawilcox(a)microsoft.com> f2fs specifies the __GFP_ZERO flag for allocating some of its pages. Unfortunately, the page cache also uses the mapping's GFP flags for allocating radix tree nodes. It always masked off the __GFP_HIGHMEM flag, and masks off __GFP_ZERO in some paths, but not all. That causes radix tree nodes to be allocated with a NULL list_head, which causes backtraces like: [<ffffff80086f4de0>] __list_del_entry+0x30/0xd0 [<ffffff8008362018>] list_lru_del+0xac/0x1ac [<ffffff800830f04c>] page_cache_tree_insert+0xd8/0x110 The __GFP_DMA and __GFP_DMA32 flags would also be able to sneak through if they are ever used. Fix them all by using GFP_RECLAIM_MASK at the innermost location, and remove it from earlier in the callchain. Fixes: 449dd6984d0e ("mm: keep page cache radix tree nodes in check") Reported-by: Chris Fries <cfries(a)google.com> Debugged-by: Minchan Kim <minchan(a)kernel.org> Signed-off-by: Matthew Wilcox <mawilcox(a)microsoft.com> Acked-by: Johannes Weiner <hannes(a)cmpxchg.org> Acked-by: Michal Hocko <mhocko(a)suse.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Cc: stable(a)vger.kernel.org --- mm/filemap.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/mm/filemap.c b/mm/filemap.c index c2147682f4c3..1a4bfc5ed3dc 100644 --- a/mm/filemap.c +++ b/mm/filemap.c @@ -785,7 +785,7 @@ int replace_page_cache_page(struct page *old, struct page *new, gfp_t gfp_mask) VM_BUG_ON_PAGE(!PageLocked(new), new); VM_BUG_ON_PAGE(new->mapping, new); - error = radix_tree_preload(gfp_mask & ~__GFP_HIGHMEM); + error = radix_tree_preload(gfp_mask & GFP_RECLAIM_MASK); if (!error) { struct address_space *mapping = old->mapping; void (*freepage)(struct page *); @@ -841,7 +841,7 @@ static int __add_to_page_cache_locked(struct page *page, return error; } - error = radix_tree_maybe_preload(gfp_mask & ~__GFP_HIGHMEM); + error = radix_tree_maybe_preload(gfp_mask & GFP_RECLAIM_MASK); if (error) { if (!huge) mem_cgroup_cancel_charge(page, memcg, false); @@ -1574,8 +1574,7 @@ struct page *pagecache_get_page(struct address_space *mapping, pgoff_t offset, if (fgp_flags & FGP_ACCESSED) __SetPageReferenced(page); - err = add_to_page_cache_lru(page, mapping, offset, - gfp_mask & GFP_RECLAIM_MASK); + err = add_to_page_cache_lru(page, mapping, offset, gfp_mask); if (unlikely(err)) { put_page(page); page = NULL; @@ -2378,7 +2377,7 @@ static int page_cache_read(struct file *file, pgoff_t offset, gfp_t gfp_mask) if (!page) return -ENOMEM; - ret = add_to_page_cache_lru(page, mapping, offset, gfp_mask & GFP_KERNEL); + ret = add_to_page_cache_lru(page, mapping, offset, gfp_mask); if (ret == 0) ret = mapping->a_ops->readpage(file, page); else if (ret == -EEXIST) -- 2.16.3

7 years, 5 months

1
0
0 0

[patch 107/140] fs/reiserfs/journal.c: add missing resierfs_warning() arg

by akpm＠linux-foundation.org

From: Andrew Morton <akpm(a)linux-foundation.org> Subject: fs/reiserfs/journal.c: add missing resierfs_warning() arg One use of the reiserfs_warning() macro in journal_init_dev() is missing a parameter, causing the following warning: REISERFS warning (device loop0): journal_init_dev: Cannot open '%s': %i journal_init_dev: This also causes a WARN_ONCE() warning in the vsprintf code, and then a panic if panic_on_warn is set. Please remove unsupported %/ in format string WARNING: CPU: 1 PID: 4480 at lib/vsprintf.c:2138 format_decode+0x77f/0x830 lib/vsprintf.c:2138 Kernel panic - not syncing: panic_on_warn set ... Just add another string argument to the macro invocation. Addresses https://syzkaller.appspot.com/bug?id=0627d4551fdc39bf1ef5d82cd9eef587047f77… Link: http://lkml.kernel.org/r/d678ebe1-6f54-8090-df4c-b9affad62293@infradead.org Signed-off-by: Randy Dunlap <rdunlap(a)infradead.org> Reported-by: <syzbot+6bd77b88c1977c03f584(a)syzkaller.appspotmail.com> Tested-by: Randy Dunlap <rdunlap(a)infradead.org> Acked-by: Jeff Mahoney <jeffm(a)suse.com> Cc: Alexander Viro <viro(a)zeniv.linux.org.uk> Cc: Jan Kara <jack(a)suse.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/reiserfs/journal.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff -puN fs/reiserfs/journal.c~fs-reiserfs-journalc-add-missing-resierfs_warning-arg fs/reiserfs/journal.c --- a/fs/reiserfs/journal.c~fs-reiserfs-journalc-add-missing-resierfs_warning-arg +++ a/fs/reiserfs/journal.c @@ -2643,7 +2643,7 @@ static int journal_init_dev(struct super if (IS_ERR(journal->j_dev_bd)) { result = PTR_ERR(journal->j_dev_bd); journal->j_dev_bd = NULL; - reiserfs_warning(super, + reiserfs_warning(super, "sh-457", "journal_init_dev: Cannot open '%s': %i", jdev_name, result); return result; _

7 years, 5 months

1
0
0 0

[patch 085/140] task_struct: only use anon struct under randstruct plugin

by akpm＠linux-foundation.org

From: Kees Cook <keescook(a)chromium.org> Subject: task_struct: only use anon struct under randstruct plugin The original intent for always adding the anonymous struct in task_struct was to make sure we had compiler coverage. However, this caused pathological padding of 40 bytes at the start of task_struct. Instead, move the anonymous struct to being only used when struct layout randomization is enabled. Link: http://lkml.kernel.org/r/20180327213609.GA2964@beast Fixes: 29e48ce87f1e ("task_struct: Allow randomized") Signed-off-by: Kees Cook <keescook(a)chromium.org> Reported-by: Peter Zijlstra <peterz(a)infradead.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/compiler-clang.h | 3 --- include/linux/compiler-gcc.h | 12 +++--------- 2 files changed, 3 insertions(+), 12 deletions(-) diff -puN include/linux/compiler-clang.h~task_struct-only-use-anon-struct-under-randstruct-plugin include/linux/compiler-clang.h --- a/include/linux/compiler-clang.h~task_struct-only-use-anon-struct-under-randstruct-plugin +++ a/include/linux/compiler-clang.h @@ -17,9 +17,6 @@ */ #define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix), __COUNTER__) -#define randomized_struct_fields_start struct { -#define randomized_struct_fields_end }; - /* all clang versions usable with the kernel support KASAN ABI version 5 */ #define KASAN_ABI_VERSION 5 diff -puN include/linux/compiler-gcc.h~task_struct-only-use-anon-struct-under-randstruct-plugin include/linux/compiler-gcc.h --- a/include/linux/compiler-gcc.h~task_struct-only-use-anon-struct-under-randstruct-plugin +++ a/include/linux/compiler-gcc.h @@ -242,6 +242,9 @@ #if defined(RANDSTRUCT_PLUGIN) && !defined(__CHECKER__) #define __randomize_layout __attribute__((randomize_layout)) #define __no_randomize_layout __attribute__((no_randomize_layout)) +/* This anon struct can add padding, so only enable it under randstruct. */ +#define randomized_struct_fields_start struct { +#define randomized_struct_fields_end } __randomize_layout; #endif #endif /* GCC_VERSION >= 40500 */ @@ -256,15 +259,6 @@ */ #define __visible __attribute__((externally_visible)) -/* - * RANDSTRUCT_PLUGIN wants to use an anonymous struct, but it is only - * possible since GCC 4.6. To provide as much build testing coverage - * as possible, this is used for all GCC 4.6+ builds, and not just on - * RANDSTRUCT_PLUGIN builds. - */ -#define randomized_struct_fields_start struct { -#define randomized_struct_fields_end } __randomize_layout; - #endif /* GCC_VERSION >= 40600 */ _

7 years, 5 months

1
0
0 0

[patch 034/140] mm/ksm.c: fix inconsistent accounting of zero pages

by akpm＠linux-foundation.org

From: Claudio Imbrenda <imbrenda(a)linux.vnet.ibm.com> Subject: mm/ksm.c: fix inconsistent accounting of zero pages When using KSM with use_zero_pages, we replace anonymous pages containing only zeroes with actual zero pages, which are not anonymous. We need to do proper accounting of the mm counters, otherwise we will get wrong values in /proc and a BUG message in dmesg when tearing down the mm. Link: http://lkml.kernel.org/r/1522931274-15552-1-git-send-email-imbrenda@linux.v… Fixes: e86c59b1b1 ("mm/ksm: improve deduplication of zero pages with colouring") Signed-off-by: Claudio Imbrenda <imbrenda(a)linux.vnet.ibm.com> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: Minchan Kim <minchan(a)kernel.org> Cc: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Christian Borntraeger <borntraeger(a)de.ibm.com> Cc: Gerald Schaefer <gerald.schaefer(a)de.ibm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/ksm.c | 7 +++++++ 1 file changed, 7 insertions(+) diff -puN mm/ksm.c~mm-ksm-fix-inconsistent-accounting-of-zero-pages mm/ksm.c --- a/mm/ksm.c~mm-ksm-fix-inconsistent-accounting-of-zero-pages +++ a/mm/ksm.c @@ -1131,6 +1131,13 @@ static int replace_page(struct vm_area_s } else { newpte = pte_mkspecial(pfn_pte(page_to_pfn(kpage), vma->vm_page_prot)); + /* + * We're replacing an anonymous page with a zero page, which is + * not anonymous. We need to do proper accounting otherwise we + * will get wrong values in /proc, and a BUG message in dmesg + * when tearing down the mm. + */ + dec_mm_counter(mm, MM_ANONPAGES); } flush_cache_page(vma, addr, pte_pfn(*ptep)); _

7 years, 5 months

1
0
0 0

[patch 014/140] mm/hmm: hmm_pfns_bad() was accessing wrong struct

by akpm＠linux-foundation.org

From: Jérôme Glisse <jglisse(a)redhat.com> Subject: mm/hmm: hmm_pfns_bad() was accessing wrong struct The private field of mm_walk struct point to an hmm_vma_walk struct and not to the hmm_range struct desired. Fix to get proper struct pointer. Link: http://lkml.kernel.org/r/20180323005527.758-6-jglisse@redhat.com Signed-off-by: Jérôme Glisse <jglisse(a)redhat.com> Cc: Evgeny Baskakov <ebaskakov(a)nvidia.com> Cc: Ralph Campbell <rcampbell(a)nvidia.com> Cc: Mark Hairgrove <mhairgrove(a)nvidia.com> Cc: John Hubbard <jhubbard(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hmm.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff -puN mm/hmm.c~mm-hmm-hmm_pfns_bad-was-accessing-wrong-struct mm/hmm.c --- a/mm/hmm.c~mm-hmm-hmm_pfns_bad-was-accessing-wrong-struct +++ a/mm/hmm.c @@ -336,7 +336,8 @@ static int hmm_pfns_bad(unsigned long ad unsigned long end, struct mm_walk *walk) { - struct hmm_range *range = walk->private; + struct hmm_vma_walk *hmm_vma_walk = walk->private; + struct hmm_range *range = hmm_vma_walk->range; hmm_pfn_t *pfns = range->pfns; unsigned long i; _

7 years, 5 months

1
0
0 0

[patch 011/140] mm/hmm: fix header file if/else/endif maze

by akpm＠linux-foundation.org

From: Jérôme Glisse <jglisse(a)redhat.com> Subject: mm/hmm: fix header file if/else/endif maze The #if/#else/#endif for IS_ENABLED(CONFIG_HMM) were wrong. Because of this after multiple include there was multiple definition of both hmm_mm_init() and hmm_mm_destroy() leading to build failure if HMM was enabled (CONFIG_HMM set). Link: http://lkml.kernel.org/r/20180323005527.758-3-jglisse@redhat.com Signed-off-by: Jérôme Glisse <jglisse(a)redhat.com> Acked-by: Balbir Singh <bsingharora(a)gmail.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Ralph Campbell <rcampbell(a)nvidia.com> Cc: John Hubbard <jhubbard(a)nvidia.com> Cc: Evgeny Baskakov <ebaskakov(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/hmm.h | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff -puN include/linux/hmm.h~mm-hmm-fix-header-file-if-else-endif-maze-v2 include/linux/hmm.h --- a/include/linux/hmm.h~mm-hmm-fix-header-file-if-else-endif-maze-v2 +++ a/include/linux/hmm.h @@ -498,23 +498,16 @@ struct hmm_device { struct hmm_device *hmm_device_new(void *drvdata); void hmm_device_put(struct hmm_device *hmm_device); #endif /* CONFIG_DEVICE_PRIVATE || CONFIG_DEVICE_PUBLIC */ -#endif /* IS_ENABLED(CONFIG_HMM) */ /* Below are for HMM internal use only! Not to be used by device driver! */ -#if IS_ENABLED(CONFIG_HMM_MIRROR) void hmm_mm_destroy(struct mm_struct *mm); static inline void hmm_mm_init(struct mm_struct *mm) { mm->hmm = NULL; } -#else /* IS_ENABLED(CONFIG_HMM_MIRROR) */ -static inline void hmm_mm_destroy(struct mm_struct *mm) {} -static inline void hmm_mm_init(struct mm_struct *mm) {} -#endif /* IS_ENABLED(CONFIG_HMM_MIRROR) */ - - #else /* IS_ENABLED(CONFIG_HMM) */ static inline void hmm_mm_destroy(struct mm_struct *mm) {} static inline void hmm_mm_init(struct mm_struct *mm) {} +#endif /* IS_ENABLED(CONFIG_HMM) */ #endif /* LINUX_HMM_H */ _

7 years, 5 months

1
0
0 0

v4.14.33 build: 6 failures 2 warnings (v4.14.33)

by Build bot for Mark Brown

Tree/Branch: v4.14.33 Git describe: v4.14.33 Commit: b867b7a7e5 Linux 4.14.33 Build Time: 82 min 46 sec Passed: 5 / 11 ( 45.45 %) Failed: 6 / 11 ( 54.55 %) Errors: 75 Warnings: 2 Section Mismatches: 0 Failed defconfigs: arm64-allmodconfig arm-multi_v5_defconfig arm-multi_v7_defconfig arm-allmodconfig x86_64-allmodconfig arm64-defconfig Errors: arm64-allmodconfig Error: ../arch/arm64/boot/dts/socionext/uniphier-ph1-ld20-ref.dts:0.65-1.1 syntax error ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../drivers/media/cec/cec-core.c:234:27: error: 'CEC_CAP_NEEDS_HPD' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/linux/build_bug.h:30:45: error: bit-field '<anonymous>' width not an integer constant ../drivers/media/cec/cec-adap.c:136:22: error: 'CEC_EVENT_FL_DROPPED_EVENTS' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:161:8: error: 'CEC_EVENT_PIN_CEC_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:167:28: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:694:17: error: 'CEC_MSG_FL_REPLY_TO_FOLLOWERS' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1387:21: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1547:25: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1782:6: error: implicit declaration of function 'cec_is_cdc_only' [-Werror=implicit-function-declaration] ../drivers/media/cec/cec-adap.c:1862:33: error: 'CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:2003:33: error: 'CEC_MSG_FL_REPLY_TO_FOLLOWERS' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../drivers/media/cec/cec-api.c:167:7: error: 'CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:168:7: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:197:31: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:380:23: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:381:29: error: 'CEC_CAP_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:452:10: error: 'CEC_EVENT_PIN_CEC_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:599:27: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../drivers/media/platform/s5p-cec/s5p_cec.c:232:35: error: 'CEC_CAP_NEEDS_HPD' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../drivers/media/platform/vivid/vivid-cec.c:285:54: error: 'CEC_CAP_MONITOR_PIN' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) arm-multi_v5_defconfig ../net/socket.c:708:28: error: 'SCM_TIMESTAMPING_PKTINFO' undeclared (first use in this function) ../net/socket.c:764:30: error: 'SCM_TIMESTAMPING_OPT_STATS' undeclared (first use in this function) ../net/core/sock.c:727:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:930:7: error: 'SO_ATTACH_BPF' undeclared (first use in this function) ../net/core/sock.c:943:7: error: 'SO_ATTACH_REUSEPORT_CBPF' undeclared (first use in this function) ../net/core/sock.c:956:7: error: 'SO_ATTACH_REUSEPORT_EBPF' undeclared (first use in this function) ../net/core/sock.c:973:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:1012:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:1017:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:1030:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1040:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/core/sock.c:1044:7: error: 'SO_CNX_ADVICE' undeclared (first use in this function) ../net/core/sock.c:1049:7: error: 'SO_ZEROCOPY' undeclared (first use in this function) ../net/core/sock.c:1144:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:1250:7: error: 'SO_PEERGROUPS' undeclared (first use in this function) ../net/core/sock.c:1323:7: error: 'SO_GET_FILTER' undeclared (first use in this function) ../net/core/sock.c:1330:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:1334:7: error: 'SO_BPF_EXTENSIONS' undeclared (first use in this function) ../net/core/sock.c:1338:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:1343:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:1348:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1352:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/core/sock.c:1356:7: error: 'SO_MEMINFO' undeclared (first use in this function) ../net/core/sock.c:1373:7: error: 'SO_INCOMING_NAPI_ID' undeclared (first use in this function) ../net/core/sock.c:1383:7: error: 'SO_COOKIE' undeclared (first use in this function) ../net/core/sock.c:1390:7: error: 'SO_ZEROCOPY' undeclared (first use in this function) ../net/core/filter.c:3090:8: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/sunrpc/xprtsock.c:1772:38: error: 'SO_REUSEPORT' undeclared (first use in this function) arm-multi_v7_defconfig ../net/socket.c:708:28: error: 'SCM_TIMESTAMPING_PKTINFO' undeclared (first use in this function) ../net/socket.c:764:30: error: 'SCM_TIMESTAMPING_OPT_STATS' undeclared (first use in this function) ../net/core/sock.c:727:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:930:7: error: 'SO_ATTACH_BPF' undeclared (first use in this function) ../net/core/sock.c:943:7: error: 'SO_ATTACH_REUSEPORT_CBPF' undeclared (first use in this function) ../net/core/sock.c:956:7: error: 'SO_ATTACH_REUSEPORT_EBPF' undeclared (first use in this function) ../net/core/sock.c:973:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:1012:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:1017:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:1030:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1040:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/core/sock.c:1044:7: error: 'SO_CNX_ADVICE' undeclared (first use in this function) ../net/core/sock.c:1049:7: error: 'SO_ZEROCOPY' undeclared (first use in this function) ../net/core/sock.c:1144:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:1250:7: error: 'SO_PEERGROUPS' undeclared (first use in this function) ../net/core/sock.c:1323:7: error: 'SO_GET_FILTER' undeclared (first use in this function) ../net/core/sock.c:1330:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:1334:7: error: 'SO_BPF_EXTENSIONS' undeclared (first use in this function) ../net/core/sock.c:1338:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:1343:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:1348:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1352:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/core/sock.c:1356:7: error: 'SO_MEMINFO' undeclared (first use in this function) ../net/core/sock.c:1373:7: error: 'SO_INCOMING_NAPI_ID' undeclared (first use in this function) ../net/core/sock.c:1383:7: error: 'SO_COOKIE' undeclared (first use in this function) ../net/core/sock.c:1390:7: error: 'SO_ZEROCOPY' undeclared (first use in this function) ../net/core/filter.c:3090:8: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/sunrpc/xprtsock.c:1772:38: error: 'SO_REUSEPORT' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) arm-allmodconfig ../net/socket.c:708:28: error: 'SCM_TIMESTAMPING_PKTINFO' undeclared (first use in this function) ../net/socket.c:764:30: error: 'SCM_TIMESTAMPING_OPT_STATS' undeclared (first use in this function) Error: ../arch/arm/boot/dts/tegra20.dtsi:2.1-9 syntax error Error: ../arch/arm/boot/dts/uniphier-proxstream2-gentil.dts:0.59-1.1 syntax error Error: ../arch/arm/boot/dts/tegra20.dtsi:2.1-9 syntax error ../arch/arm/boot/dts/omap3-gta04.dts:132:57: error: unterminated comment Error: ../arch/arm/boot/dts/tegra20.dtsi:2.1-9 syntax error Error: ../arch/arm/boot/dts/r8a7740-armadillo800eva-reference.dts:203.16-17 syntax error Error: ../arch/arm/boot/dts/uniphier-ph1-pro4-ref.dts:0.53-1.1 syntax error Error: ../arch/arm/boot/dts/uniphier-ph1-sld8-ref.dts:0.53-1.1 syntax error Error: ../arch/arm/boot/dts/uniphier-ph1-ld6b-ref.dts:0.53-1.1 syntax error Error: ../arch/arm/boot/dts/uniphier-ph1-pro4-ace.dts:0.53-1.1 syntax error Error: ../arch/arm/boot/dts/uniphier-proxstream2-vodka.dts:0.58-1.1 syntax error Error: ../arch/arm/boot/dts/uniphier-ph1-pro4-sanji.dts:0.55-1.1 syntax error Error: ../arch/arm/boot/dts/tegra30.dtsi:2.1-9 syntax error Error: ../arch/arm/boot/dts/uniphier-ph1-ld4-ref.dts:0.52-1.1 syntax error Error: ../arch/arm/boot/dts/tegra20.dtsi:2.1-9 syntax error ../arch/arm/boot/dts/ccu8540.dts:13:23: fatal error: dbx5x0.dtsi: No such file or directory Error: ../arch/arm/boot/dts/r8a7790.dtsi:13.1-9 syntax error Error: ../arch/arm/boot/dts/arm-realview-eb-11mp-revb.dts:0.57-1.1 syntax error Error: ../arch/arm/boot/dts/vf610-colibri.dts:91.5-6 syntax error Error: ../arch/arm/boot/dts/uniphier-ph1-sld3-ref.dts:0.53-1.1 syntax error Error: ../arch/arm/boot/dts/tegra30.dtsi:2.1-9 syntax error Error: ../arch/arm/boot/dts/omap4-panda.dts:10.1-9 syntax error Error: ../arch/arm/boot/dts/tegra20.dtsi:2.1-9 syntax error Error: ../arch/arm/boot/dts/omap4.dtsi:9.1-9 syntax error Error: ../arch/arm/boot/dts/emev2.dtsi:11.1-9 syntax error ../net/core/sock.c:727:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:930:7: error: 'SO_ATTACH_BPF' undeclared (first use in this function) ../net/core/sock.c:943:7: error: 'SO_ATTACH_REUSEPORT_CBPF' undeclared (first use in this function) ../net/core/sock.c:956:7: error: 'SO_ATTACH_REUSEPORT_EBPF' undeclared (first use in this function) ../net/core/sock.c:973:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:1012:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:1017:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:1030:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1040:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/core/sock.c:1044:7: error: 'SO_CNX_ADVICE' undeclared (first use in this function) ../net/core/sock.c:1049:7: error: 'SO_ZEROCOPY' undeclared (first use in this function) ../net/core/sock.c:1144:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:1250:7: error: 'SO_PEERGROUPS' undeclared (first use in this function) ../net/core/sock.c:1323:7: error: 'SO_GET_FILTER' undeclared (first use in this function) ../net/core/sock.c:1330:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:1334:7: error: 'SO_BPF_EXTENSIONS' undeclared (first use in this function) ../net/core/sock.c:1338:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:1343:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:1348:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1352:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/core/sock.c:1356:7: error: 'SO_MEMINFO' undeclared (first use in this function) ../net/core/sock.c:1373:7: error: 'SO_INCOMING_NAPI_ID' undeclared (first use in this function) ../net/core/sock.c:1383:7: error: 'SO_COOKIE' undeclared (first use in this function) ../net/core/sock.c:1390:7: error: 'SO_ZEROCOPY' undeclared (first use in this function) ../net/core/filter.c:3090:8: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../net/sunrpc/xprtsock.c:1772:38: error: 'SO_REUSEPORT' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../drivers/media/cec/cec-core.c:234:27: error: 'CEC_CAP_NEEDS_HPD' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/linux/build_bug.h:30:45: error: bit-field '<anonymous>' width not an integer constant ../drivers/media/cec/cec-adap.c:136:22: error: 'CEC_EVENT_FL_DROPPED_EVENTS' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:161:8: error: 'CEC_EVENT_PIN_CEC_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:167:28: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:694:17: error: 'CEC_MSG_FL_REPLY_TO_FOLLOWERS' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1387:21: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1547:25: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1782:6: error: implicit declaration of function 'cec_is_cdc_only' [-Werror=implicit-function-declaration] ../drivers/media/cec/cec-adap.c:1862:33: error: 'CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:2003:33: error: 'CEC_MSG_FL_REPLY_TO_FOLLOWERS' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../drivers/media/cec/cec-api.c:167:7: error: 'CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:168:7: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:197:31: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:380:23: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:381:29: error: 'CEC_CAP_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:452:10: error: 'CEC_EVENT_PIN_CEC_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:599:27: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../drivers/media/cec/cec-pin.c:789:37: error: 'CEC_CAP_MONITOR_PIN' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../arch/arm/include/asm/parport.h:12:22: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'parport_pc_find_isa_ports' ../arch/arm/include/asm/parport.h:13:22: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'parport_pc_find_nonpci_ports' ../drivers/parport/parport_pc.c:3070:2: error: implicit declaration of function 'parport_pc_find_nonpci_ports' [-Werror=implicit-function-declaration] ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../drivers/media/platform/s5p-cec/s5p_cec.c:232:35: error: 'CEC_CAP_NEEDS_HPD' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../drivers/media/platform/vivid/vivid-cec.c:285:54: error: 'CEC_CAP_MONITOR_PIN' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ERROR: Input tree has errors, aborting (use -f to force output) ERROR: Input tree has errors, aborting (use -f to force output) ERROR: Input tree has errors, aborting (use -f to force output) x86_64-allmodconfig ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../drivers/media/cec/cec-core.c:234:27: error: 'CEC_CAP_NEEDS_HPD' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/linux/build_bug.h:30:45: error: bit-field '<anonymous>' width not an integer constant ../drivers/media/cec/cec-adap.c:136:22: error: 'CEC_EVENT_FL_DROPPED_EVENTS' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:161:8: error: 'CEC_EVENT_PIN_CEC_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:167:28: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:694:17: error: 'CEC_MSG_FL_REPLY_TO_FOLLOWERS' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1387:21: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1547:25: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1782:6: error: implicit declaration of function 'cec_is_cdc_only' [-Werror=implicit-function-declaration] ../drivers/media/cec/cec-adap.c:1862:33: error: 'CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:2003:33: error: 'CEC_MSG_FL_REPLY_TO_FOLLOWERS' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../drivers/media/cec/cec-api.c:167:7: error: 'CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:168:7: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:197:31: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:380:23: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:381:29: error: 'CEC_CAP_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:452:10: error: 'CEC_EVENT_PIN_CEC_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:599:27: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../drivers/media/platform/s5p-cec/s5p_cec.c:232:35: error: 'CEC_CAP_NEEDS_HPD' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../drivers/media/platform/vivid/vivid-cec.c:285:54: error: 'CEC_CAP_MONITOR_PIN' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) arm64-defconfig ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ------------------------------------------------------------------------------- defconfigs with issues (other than build errors): 1 warnings 0 mismatches : arm64-allmodconfig 1 warnings 0 mismatches : arm-allmodconfig 2 warnings 0 mismatches : x86_64-allmodconfig ------------------------------------------------------------------------------- Errors summary: 75 134 ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) 5 Error: ../arch/arm/boot/dts/tegra20.dtsi:2.1-9 syntax error 3 ERROR: Input tree has errors, aborting (use -f to force output) 3 ../net/sunrpc/xprtsock.c:1772:38: error: 'SO_REUSEPORT' undeclared (first use in this function) 3 ../net/socket.c:764:30: error: 'SCM_TIMESTAMPING_OPT_STATS' undeclared (first use in this function) 3 ../net/socket.c:708:28: error: 'SCM_TIMESTAMPING_PKTINFO' undeclared (first use in this function) 3 ../net/core/sock.c:973:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) 3 ../net/core/sock.c:956:7: error: 'SO_ATTACH_REUSEPORT_EBPF' undeclared (first use in this function) 3 ../net/core/sock.c:943:7: error: 'SO_ATTACH_REUSEPORT_CBPF' undeclared (first use in this function) 3 ../net/core/sock.c:930:7: error: 'SO_ATTACH_BPF' undeclared (first use in this function) 3 ../net/core/sock.c:727:7: error: 'SO_REUSEPORT' undeclared (first use in this function) 3 ../net/core/sock.c:1390:7: error: 'SO_ZEROCOPY' undeclared (first use in this function) 3 ../net/core/sock.c:1383:7: error: 'SO_COOKIE' undeclared (first use in this function) 3 ../net/core/sock.c:1373:7: error: 'SO_INCOMING_NAPI_ID' undeclared (first use in this function) 3 ../net/core/sock.c:1356:7: error: 'SO_MEMINFO' undeclared (first use in this function) 3 ../net/core/sock.c:1352:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) 3 ../net/core/sock.c:1348:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) 3 ../net/core/sock.c:1343:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) 3 ../net/core/sock.c:1338:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) 3 ../net/core/sock.c:1334:7: error: 'SO_BPF_EXTENSIONS' undeclared (first use in this function) 3 ../net/core/sock.c:1330:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) 3 ../net/core/sock.c:1323:7: error: 'SO_GET_FILTER' undeclared (first use in this function) 3 ../net/core/sock.c:1250:7: error: 'SO_PEERGROUPS' undeclared (first use in this function) 3 ../net/core/sock.c:1144:7: error: 'SO_REUSEPORT' undeclared (first use in this function) 3 ../net/core/sock.c:1049:7: error: 'SO_ZEROCOPY' undeclared (first use in this function) 3 ../net/core/sock.c:1044:7: error: 'SO_CNX_ADVICE' undeclared (first use in this function) 3 ../net/core/sock.c:1040:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) 3 ../net/core/sock.c:1030:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) 3 ../net/core/sock.c:1017:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) 3 ../net/core/sock.c:1012:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) 3 ../net/core/filter.c:3090:8: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) 3 ../include/linux/build_bug.h:30:45: error: bit-field '<anonymous>' width not an integer constant 3 ../drivers/media/platform/vivid/vivid-cec.c:285:54: error: 'CEC_CAP_MONITOR_PIN' undeclared (first use in this function) 3 ../drivers/media/platform/s5p-cec/s5p_cec.c:232:35: error: 'CEC_CAP_NEEDS_HPD' undeclared (first use in this function) 3 ../drivers/media/cec/cec-core.c:234:27: error: 'CEC_CAP_NEEDS_HPD' undeclared (first use in this function) 3 ../drivers/media/cec/cec-api.c:599:27: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) 3 ../drivers/media/cec/cec-api.c:452:10: error: 'CEC_EVENT_PIN_CEC_LOW' undeclared (first use in this function) 3 ../drivers/media/cec/cec-api.c:381:29: error: 'CEC_CAP_MONITOR_PIN' undeclared (first use in this function) 3 ../drivers/media/cec/cec-api.c:380:23: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) 3 ../drivers/media/cec/cec-api.c:197:31: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) 3 ../drivers/media/cec/cec-api.c:168:7: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) 3 ../drivers/media/cec/cec-api.c:167:7: error: 'CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU' undeclared (first use in this function) 3 ../drivers/media/cec/cec-adap.c:694:17: error: 'CEC_MSG_FL_REPLY_TO_FOLLOWERS' undeclared (first use in this function) 3 ../drivers/media/cec/cec-adap.c:2003:33: error: 'CEC_MSG_FL_REPLY_TO_FOLLOWERS' undeclared (first use in this function) 3 ../drivers/media/cec/cec-adap.c:1862:33: error: 'CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU' undeclared (first use in this function) 3 ../drivers/media/cec/cec-adap.c:1782:6: error: implicit declaration of function 'cec_is_cdc_only' [-Werror=implicit-function-declaration] 3 ../drivers/media/cec/cec-adap.c:167:28: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) 3 ../drivers/media/cec/cec-adap.c:161:8: error: 'CEC_EVENT_PIN_CEC_LOW' undeclared (first use in this function) 3 ../drivers/media/cec/cec-adap.c:1547:25: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) 3 ../drivers/media/cec/cec-adap.c:1387:21: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) 3 ../drivers/media/cec/cec-adap.c:136:22: error: 'CEC_EVENT_FL_DROPPED_EVENTS' undeclared (first use in this function) 2 Error: ../arch/arm/boot/dts/tegra30.dtsi:2.1-9 syntax error 1 Error: ../arch/arm64/boot/dts/socionext/uniphier-ph1-ld20-ref.dts:0.65-1.1 syntax error 1 Error: ../arch/arm/boot/dts/vf610-colibri.dts:91.5-6 syntax error 1 Error: ../arch/arm/boot/dts/uniphier-proxstream2-vodka.dts:0.58-1.1 syntax error 1 Error: ../arch/arm/boot/dts/uniphier-proxstream2-gentil.dts:0.59-1.1 syntax error 1 Error: ../arch/arm/boot/dts/uniphier-ph1-sld8-ref.dts:0.53-1.1 syntax error 1 Error: ../arch/arm/boot/dts/uniphier-ph1-sld3-ref.dts:0.53-1.1 syntax error 1 Error: ../arch/arm/boot/dts/uniphier-ph1-pro4-sanji.dts:0.55-1.1 syntax error 1 Error: ../arch/arm/boot/dts/uniphier-ph1-pro4-ref.dts:0.53-1.1 syntax error 1 Error: ../arch/arm/boot/dts/uniphier-ph1-pro4-ace.dts:0.53-1.1 syntax error 1 Error: ../arch/arm/boot/dts/uniphier-ph1-ld6b-ref.dts:0.53-1.1 syntax error 1 Error: ../arch/arm/boot/dts/uniphier-ph1-ld4-ref.dts:0.52-1.1 syntax error 1 Error: ../arch/arm/boot/dts/r8a7790.dtsi:13.1-9 syntax error 1 Error: ../arch/arm/boot/dts/r8a7740-armadillo800eva-reference.dts:203.16-17 syntax error 1 Error: ../arch/arm/boot/dts/omap4.dtsi:9.1-9 syntax error 1 Error: ../arch/arm/boot/dts/omap4-panda.dts:10.1-9 syntax error 1 Error: ../arch/arm/boot/dts/emev2.dtsi:11.1-9 syntax error 1 Error: ../arch/arm/boot/dts/arm-realview-eb-11mp-revb.dts:0.57-1.1 syntax error 1 ../drivers/parport/parport_pc.c:3070:2: error: implicit declaration of function 'parport_pc_find_nonpci_ports' [-Werror=implicit-function-declaration] 1 ../drivers/media/cec/cec-pin.c:789:37: error: 'CEC_CAP_MONITOR_PIN' undeclared (first use in this function) 1 ../arch/arm/include/asm/parport.h:13:22: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'parport_pc_find_nonpci_ports' 1 ../arch/arm/include/asm/parport.h:12:22: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'parport_pc_find_isa_ports' 1 ../arch/arm/boot/dts/omap3-gta04.dts:132:57: error: unterminated comment 1 ../arch/arm/boot/dts/ccu8540.dts:13:23: fatal error: dbx5x0.dtsi: No such file or directory Warnings Summary: 2 3 ../drivers/media/cec/cec-adap.c:88:18: warning: unused variable 'max_events' [-Wunused-variable] 1 drivers/target/iscsi/.tmp_iscsi_target.o: warning: objtool: iscsit_handle_task_mgt_cmd()+0x78f: sibling call from callable instruction with modified stack frame =============================================================================== Detailed per-defconfig build reports below: ------------------------------------------------------------------------------- arm64-allmodconfig : FAIL, 55 errors, 1 warnings, 0 section mismatches Errors: Error: ../arch/arm64/boot/dts/socionext/uniphier-ph1-ld20-ref.dts:0.65-1.1 syntax error ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../drivers/media/cec/cec-core.c:234:27: error: 'CEC_CAP_NEEDS_HPD' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/linux/build_bug.h:30:45: error: bit-field '<anonymous>' width not an integer constant ../drivers/media/cec/cec-adap.c:136:22: error: 'CEC_EVENT_FL_DROPPED_EVENTS' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:161:8: error: 'CEC_EVENT_PIN_CEC_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:167:28: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:694:17: error: 'CEC_MSG_FL_REPLY_TO_FOLLOWERS' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1387:21: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1547:25: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1782:6: error: implicit declaration of function 'cec_is_cdc_only' [-Werror=implicit-function-declaration] ../drivers/media/cec/cec-adap.c:1862:33: error: 'CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:2003:33: error: 'CEC_MSG_FL_REPLY_TO_FOLLOWERS' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../drivers/media/cec/cec-api.c:167:7: error: 'CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:168:7: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:197:31: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:380:23: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:381:29: error: 'CEC_CAP_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:452:10: error: 'CEC_EVENT_PIN_CEC_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:599:27: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../drivers/media/platform/s5p-cec/s5p_cec.c:232:35: error: 'CEC_CAP_NEEDS_HPD' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../drivers/media/platform/vivid/vivid-cec.c:285:54: error: 'CEC_CAP_MONITOR_PIN' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) Warnings: ../drivers/media/cec/cec-adap.c:88:18: warning: unused variable 'max_events' [-Wunused-variable] ------------------------------------------------------------------------------- arm-multi_v5_defconfig : FAIL, 28 errors, 0 warnings, 0 section mismatches Errors: ../net/socket.c:708:28: error: 'SCM_TIMESTAMPING_PKTINFO' undeclared (first use in this function) ../net/socket.c:764:30: error: 'SCM_TIMESTAMPING_OPT_STATS' undeclared (first use in this function) ../net/core/sock.c:727:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:930:7: error: 'SO_ATTACH_BPF' undeclared (first use in this function) ../net/core/sock.c:943:7: error: 'SO_ATTACH_REUSEPORT_CBPF' undeclared (first use in this function) ../net/core/sock.c:956:7: error: 'SO_ATTACH_REUSEPORT_EBPF' undeclared (first use in this function) ../net/core/sock.c:973:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:1012:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:1017:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:1030:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1040:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/core/sock.c:1044:7: error: 'SO_CNX_ADVICE' undeclared (first use in this function) ../net/core/sock.c:1049:7: error: 'SO_ZEROCOPY' undeclared (first use in this function) ../net/core/sock.c:1144:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:1250:7: error: 'SO_PEERGROUPS' undeclared (first use in this function) ../net/core/sock.c:1323:7: error: 'SO_GET_FILTER' undeclared (first use in this function) ../net/core/sock.c:1330:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:1334:7: error: 'SO_BPF_EXTENSIONS' undeclared (first use in this function) ../net/core/sock.c:1338:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:1343:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:1348:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1352:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/core/sock.c:1356:7: error: 'SO_MEMINFO' undeclared (first use in this function) ../net/core/sock.c:1373:7: error: 'SO_INCOMING_NAPI_ID' undeclared (first use in this function) ../net/core/sock.c:1383:7: error: 'SO_COOKIE' undeclared (first use in this function) ../net/core/sock.c:1390:7: error: 'SO_ZEROCOPY' undeclared (first use in this function) ../net/core/filter.c:3090:8: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/sunrpc/xprtsock.c:1772:38: error: 'SO_REUSEPORT' undeclared (first use in this function) ------------------------------------------------------------------------------- arm-multi_v7_defconfig : FAIL, 51 errors, 0 warnings, 0 section mismatches Errors: ../net/socket.c:708:28: error: 'SCM_TIMESTAMPING_PKTINFO' undeclared (first use in this function) ../net/socket.c:764:30: error: 'SCM_TIMESTAMPING_OPT_STATS' undeclared (first use in this function) ../net/core/sock.c:727:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:930:7: error: 'SO_ATTACH_BPF' undeclared (first use in this function) ../net/core/sock.c:943:7: error: 'SO_ATTACH_REUSEPORT_CBPF' undeclared (first use in this function) ../net/core/sock.c:956:7: error: 'SO_ATTACH_REUSEPORT_EBPF' undeclared (first use in this function) ../net/core/sock.c:973:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:1012:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:1017:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:1030:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1040:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/core/sock.c:1044:7: error: 'SO_CNX_ADVICE' undeclared (first use in this function) ../net/core/sock.c:1049:7: error: 'SO_ZEROCOPY' undeclared (first use in this function) ../net/core/sock.c:1144:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:1250:7: error: 'SO_PEERGROUPS' undeclared (first use in this function) ../net/core/sock.c:1323:7: error: 'SO_GET_FILTER' undeclared (first use in this function) ../net/core/sock.c:1330:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:1334:7: error: 'SO_BPF_EXTENSIONS' undeclared (first use in this function) ../net/core/sock.c:1338:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:1343:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:1348:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1352:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/core/sock.c:1356:7: error: 'SO_MEMINFO' undeclared (first use in this function) ../net/core/sock.c:1373:7: error: 'SO_INCOMING_NAPI_ID' undeclared (first use in this function) ../net/core/sock.c:1383:7: error: 'SO_COOKIE' undeclared (first use in this function) ../net/core/sock.c:1390:7: error: 'SO_ZEROCOPY' undeclared (first use in this function) ../net/core/filter.c:3090:8: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/sunrpc/xprtsock.c:1772:38: error: 'SO_REUSEPORT' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ------------------------------------------------------------------------------- arm-allmodconfig : FAIL, 121 errors, 1 warnings, 0 section mismatches Errors: ../net/socket.c:708:28: error: 'SCM_TIMESTAMPING_PKTINFO' undeclared (first use in this function) ../net/socket.c:764:30: error: 'SCM_TIMESTAMPING_OPT_STATS' undeclared (first use in this function) Error: ../arch/arm/boot/dts/tegra20.dtsi:2.1-9 syntax error Error: ../arch/arm/boot/dts/uniphier-proxstream2-gentil.dts:0.59-1.1 syntax error Error: ../arch/arm/boot/dts/tegra20.dtsi:2.1-9 syntax error ../arch/arm/boot/dts/omap3-gta04.dts:132:57: error: unterminated comment Error: ../arch/arm/boot/dts/tegra20.dtsi:2.1-9 syntax error Error: ../arch/arm/boot/dts/r8a7740-armadillo800eva-reference.dts:203.16-17 syntax error Error: ../arch/arm/boot/dts/uniphier-ph1-pro4-ref.dts:0.53-1.1 syntax error Error: ../arch/arm/boot/dts/uniphier-ph1-sld8-ref.dts:0.53-1.1 syntax error Error: ../arch/arm/boot/dts/uniphier-ph1-ld6b-ref.dts:0.53-1.1 syntax error Error: ../arch/arm/boot/dts/uniphier-ph1-pro4-ace.dts:0.53-1.1 syntax error Error: ../arch/arm/boot/dts/uniphier-proxstream2-vodka.dts:0.58-1.1 syntax error Error: ../arch/arm/boot/dts/uniphier-ph1-pro4-sanji.dts:0.55-1.1 syntax error Error: ../arch/arm/boot/dts/tegra30.dtsi:2.1-9 syntax error Error: ../arch/arm/boot/dts/uniphier-ph1-ld4-ref.dts:0.52-1.1 syntax error Error: ../arch/arm/boot/dts/tegra20.dtsi:2.1-9 syntax error ../arch/arm/boot/dts/ccu8540.dts:13:23: fatal error: dbx5x0.dtsi: No such file or directory Error: ../arch/arm/boot/dts/r8a7790.dtsi:13.1-9 syntax error Error: ../arch/arm/boot/dts/arm-realview-eb-11mp-revb.dts:0.57-1.1 syntax error Error: ../arch/arm/boot/dts/vf610-colibri.dts:91.5-6 syntax error Error: ../arch/arm/boot/dts/uniphier-ph1-sld3-ref.dts:0.53-1.1 syntax error Error: ../arch/arm/boot/dts/tegra30.dtsi:2.1-9 syntax error Error: ../arch/arm/boot/dts/omap4-panda.dts:10.1-9 syntax error Error: ../arch/arm/boot/dts/tegra20.dtsi:2.1-9 syntax error Error: ../arch/arm/boot/dts/omap4.dtsi:9.1-9 syntax error Error: ../arch/arm/boot/dts/emev2.dtsi:11.1-9 syntax error ../net/core/sock.c:727:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:930:7: error: 'SO_ATTACH_BPF' undeclared (first use in this function) ../net/core/sock.c:943:7: error: 'SO_ATTACH_REUSEPORT_CBPF' undeclared (first use in this function) ../net/core/sock.c:956:7: error: 'SO_ATTACH_REUSEPORT_EBPF' undeclared (first use in this function) ../net/core/sock.c:973:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:1012:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:1017:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:1030:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1040:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/core/sock.c:1044:7: error: 'SO_CNX_ADVICE' undeclared (first use in this function) ../net/core/sock.c:1049:7: error: 'SO_ZEROCOPY' undeclared (first use in this function) ../net/core/sock.c:1144:7: error: 'SO_REUSEPORT' undeclared (first use in this function) ../net/core/sock.c:1250:7: error: 'SO_PEERGROUPS' undeclared (first use in this function) ../net/core/sock.c:1323:7: error: 'SO_GET_FILTER' undeclared (first use in this function) ../net/core/sock.c:1330:7: error: 'SO_LOCK_FILTER' undeclared (first use in this function) ../net/core/sock.c:1334:7: error: 'SO_BPF_EXTENSIONS' undeclared (first use in this function) ../net/core/sock.c:1338:7: error: 'SO_SELECT_ERR_QUEUE' undeclared (first use in this function) ../net/core/sock.c:1343:7: error: 'SO_BUSY_POLL' undeclared (first use in this function) ../net/core/sock.c:1348:7: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../net/core/sock.c:1352:7: error: 'SO_INCOMING_CPU' undeclared (first use in this function) ../net/core/sock.c:1356:7: error: 'SO_MEMINFO' undeclared (first use in this function) ../net/core/sock.c:1373:7: error: 'SO_INCOMING_NAPI_ID' undeclared (first use in this function) ../net/core/sock.c:1383:7: error: 'SO_COOKIE' undeclared (first use in this function) ../net/core/sock.c:1390:7: error: 'SO_ZEROCOPY' undeclared (first use in this function) ../net/core/filter.c:3090:8: error: 'SO_MAX_PACING_RATE' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../net/sunrpc/xprtsock.c:1772:38: error: 'SO_REUSEPORT' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../drivers/media/cec/cec-core.c:234:27: error: 'CEC_CAP_NEEDS_HPD' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/linux/build_bug.h:30:45: error: bit-field '<anonymous>' width not an integer constant ../drivers/media/cec/cec-adap.c:136:22: error: 'CEC_EVENT_FL_DROPPED_EVENTS' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:161:8: error: 'CEC_EVENT_PIN_CEC_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:167:28: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:694:17: error: 'CEC_MSG_FL_REPLY_TO_FOLLOWERS' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1387:21: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1547:25: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1782:6: error: implicit declaration of function 'cec_is_cdc_only' [-Werror=implicit-function-declaration] ../drivers/media/cec/cec-adap.c:1862:33: error: 'CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:2003:33: error: 'CEC_MSG_FL_REPLY_TO_FOLLOWERS' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../drivers/media/cec/cec-api.c:167:7: error: 'CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:168:7: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:197:31: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:380:23: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:381:29: error: 'CEC_CAP_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:452:10: error: 'CEC_EVENT_PIN_CEC_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:599:27: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../drivers/media/cec/cec-pin.c:789:37: error: 'CEC_CAP_MONITOR_PIN' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../arch/arm/include/asm/parport.h:12:22: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'parport_pc_find_isa_ports' ../arch/arm/include/asm/parport.h:13:22: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'parport_pc_find_nonpci_ports' ../drivers/parport/parport_pc.c:3070:2: error: implicit declaration of function 'parport_pc_find_nonpci_ports' [-Werror=implicit-function-declaration] ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../drivers/media/platform/s5p-cec/s5p_cec.c:232:35: error: 'CEC_CAP_NEEDS_HPD' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../drivers/media/platform/vivid/vivid-cec.c:285:54: error: 'CEC_CAP_MONITOR_PIN' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ERROR: Input tree has errors, aborting (use -f to force output) ERROR: Input tree has errors, aborting (use -f to force output) ERROR: Input tree has errors, aborting (use -f to force output) Warnings: ../drivers/media/cec/cec-adap.c:88:18: warning: unused variable 'max_events' [-Wunused-variable] ------------------------------------------------------------------------------- x86_64-allmodconfig : FAIL, 53 errors, 2 warnings, 0 section mismatches Errors: ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../drivers/media/cec/cec-core.c:234:27: error: 'CEC_CAP_NEEDS_HPD' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/linux/build_bug.h:30:45: error: bit-field '<anonymous>' width not an integer constant ../drivers/media/cec/cec-adap.c:136:22: error: 'CEC_EVENT_FL_DROPPED_EVENTS' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:161:8: error: 'CEC_EVENT_PIN_CEC_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:167:28: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:694:17: error: 'CEC_MSG_FL_REPLY_TO_FOLLOWERS' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1387:21: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1547:25: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:1782:6: error: implicit declaration of function 'cec_is_cdc_only' [-Werror=implicit-function-declaration] ../drivers/media/cec/cec-adap.c:1862:33: error: 'CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU' undeclared (first use in this function) ../drivers/media/cec/cec-adap.c:2003:33: error: 'CEC_MSG_FL_REPLY_TO_FOLLOWERS' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../drivers/media/cec/cec-api.c:167:7: error: 'CEC_LOG_ADDRS_FL_ALLOW_RC_PASSTHRU' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:168:7: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:197:31: error: 'CEC_LOG_ADDRS_FL_CDC_ONLY' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:380:23: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:381:29: error: 'CEC_CAP_MONITOR_PIN' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:452:10: error: 'CEC_EVENT_PIN_CEC_LOW' undeclared (first use in this function) ../drivers/media/cec/cec-api.c:599:27: error: 'CEC_MODE_MONITOR_PIN' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../drivers/media/platform/s5p-cec/s5p_cec.c:232:35: error: 'CEC_CAP_NEEDS_HPD' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../drivers/media/platform/vivid/vivid-cec.c:285:54: error: 'CEC_CAP_MONITOR_PIN' undeclared (first use in this function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) Warnings: ../drivers/media/cec/cec-adap.c:88:18: warning: unused variable 'max_events' [-Wunused-variable] drivers/target/iscsi/.tmp_iscsi_target.o: warning: objtool: iscsit_handle_task_mgt_cmd()+0x78f: sibling call from callable instruction with modified stack frame ------------------------------------------------------------------------------- arm64-defconfig : FAIL, 3 errors, 0 warnings, 0 section mismatches Errors: ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ../include/media/cec.h:94:24: error: 'CEC_EVENT_PIN_CEC_HIGH' undeclared here (not in a function) ------------------------------------------------------------------------------- Passed with no errors, warnings or mismatches: x86_64-allnoconfig arm64-allnoconfig arm-allnoconfig arm-multi_v4t_defconfig x86_64-defconfig

7 years, 5 months

1
0
0 0

[PATCH 0/5] libnvdimm: fix locked status detection

by Dan Williams

The new ACPI _LSx methods moved the 'dimm locked' error status from the result of ND_CMD_GET_CONFIG_SIZE to an error status result of ND_CMD_GET_CONFIG_DATA. Error code translation prevents the proper error code from making it back to the 'nd_dimm' driver. Fix the error code propagation and add some unit test infrastructure for regression testing this case. --- Dan Williams (5): libnvdimm, dimm: handle EACCES failures from label reads tools/testing/nvdimm: allow custom error code injection tools/testing/nvdimm: support nfit_test_dimm attributes under nfit_test.1 tools/testing/nvdimm: fix missing newline in nfit_test_dimm 'handle' attribute tools/testing/nvdimm: enable labels for nfit_test.1 dimms drivers/nvdimm/dimm_devs.c | 22 +++++----- tools/testing/nvdimm/test/nfit.c | 84 +++++++++++++++++++++++++++++--------- 2 files changed, 77 insertions(+), 29 deletions(-)

7 years, 5 months

1
1
0 0

[PATCHES] Networking

by David Miller

Please queue up the following networking bug fixes for v4.14, v4.15, and v4.16 -stable, respectively. Thank you!

7 years, 5 months

2
1
0 0

Patch "clk: at91: fix clk-generated compilation" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled clk: at91: fix clk-generated compilation to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: clk-at91-fix-clk-generated-compilation.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 4a5f06a01cfd1f7a9141bdb760bf5b68cca7f224 Mon Sep 17 00:00:00 2001 From: Alexandre Belloni <alexandre.belloni(a)free-electrons.com> Date: Mon, 5 Jun 2017 00:02:57 +0200 Subject: clk: at91: fix clk-generated compilation From: Alexandre Belloni <alexandre.belloni(a)free-electrons.com> commit 4a5f06a01cfd1f7a9141bdb760bf5b68cca7f224 upstream. Fix missing } Signed-off-by: Alexandre Belloni <alexandre.belloni(a)free-electrons.com> Signed-off-by: Stephen Boyd <sboyd(a)codeaurora.org> Cc: Amit Pundir <amit.pundir(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/clk/at91/clk-generated.c | 1 + 1 file changed, 1 insertion(+) --- a/drivers/clk/at91/clk-generated.c +++ b/drivers/clk/at91/clk-generated.c @@ -266,6 +266,7 @@ at91_clk_register_generated(struct regma if (ret) { kfree(gck); hw = ERR_PTR(ret); + } return hw; } Patches currently in stable-queue which might be from alexandre.belloni(a)free-electrons.com are queue-4.9/clk-at91-fix-clk-generated-parenting.patch queue-4.9/rtc-interface-validate-alarm-time-before-handling-rollover.patch queue-4.9/rtc-m41t80-fix-sqw-dividers-override-when-setting-a-date.patch queue-4.9/rtc-snvs-fix-an-incorrect-check-of-return-value.patch queue-4.9/clk-at91-fix-clk-generated-compilation.patch queue-4.9/rtc-opal-handle-disabled-tpo-in-opal_get_tpo_time.patch

7 years, 5 months

1
0
0 0

Patch "vlan: also check phy_driver ts_info for vlan's real device" has been added to the 4.16-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled vlan: also check phy_driver ts_info for vlan's real device to the 4.16-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: vlan-also-check-phy_driver-ts_info-for-vlan-s-real-device.patch and it can be found in the queue-4.16 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:25 CEST 2018 From: Hangbin Liu <liuhangbin(a)gmail.com> Date: Fri, 30 Mar 2018 09:44:00 +0800 Subject: vlan: also check phy_driver ts_info for vlan's real device From: Hangbin Liu <liuhangbin(a)gmail.com> [ Upstream commit ec1d8ccb07deaf30fd0508af6755364ac47dc08d ] Just like function ethtool_get_ts_info(), we should also consider the phy_driver ts_info call back. For example, driver dp83640. Fixes: 37dd9255b2f6 ("vlan: Pass ethtool get_ts_info queries to real device.") Acked-by: Richard Cochran <richardcochran(a)gmail.com> Signed-off-by: Hangbin Liu <liuhangbin(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/8021q/vlan_dev.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) --- a/net/8021q/vlan_dev.c +++ b/net/8021q/vlan_dev.c @@ -29,6 +29,7 @@ #include <linux/net_tstamp.h> #include <linux/etherdevice.h> #include <linux/ethtool.h> +#include <linux/phy.h> #include <net/arp.h> #include <net/switchdev.h> @@ -665,8 +666,11 @@ static int vlan_ethtool_get_ts_info(stru { const struct vlan_dev_priv *vlan = vlan_dev_priv(dev); const struct ethtool_ops *ops = vlan->real_dev->ethtool_ops; + struct phy_device *phydev = vlan->real_dev->phydev; - if (ops->get_ts_info) { + if (phydev && phydev->drv && phydev->drv->ts_info) { + return phydev->drv->ts_info(phydev, info); + } else if (ops->get_ts_info) { return ops->get_ts_info(vlan->real_dev, info); } else { info->so_timestamping = SOF_TIMESTAMPING_RX_SOFTWARE | Patches currently in stable-queue which might be from liuhangbin(a)gmail.com are queue-4.16/vlan-also-check-phy_driver-ts_info-for-vlan-s-real-device.patch

7 years, 5 months

1
0
0 0

Patch "sky2: Increase D3 delay to sky2 stops working after suspend" has been added to the 4.16-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled sky2: Increase D3 delay to sky2 stops working after suspend to the 4.16-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: sky2-increase-d3-delay-to-sky2-stops-working-after-suspend.patch and it can be found in the queue-4.16 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:25 CEST 2018 From: Kai-Heng Feng <kai.heng.feng(a)canonical.com> Date: Sat, 31 Mar 2018 23:42:03 +0800 Subject: sky2: Increase D3 delay to sky2 stops working after suspend From: Kai-Heng Feng <kai.heng.feng(a)canonical.com> [ Upstream commit afb133637071be6deeb8b3d0e55593ffbf63c527 ] The sky2 ethernet stops working after system resume from suspend: [ 582.852065] sky2 0000:04:00.0: Refused to change power state, currently in D3 The current 150ms delay is not enough, change it to 200ms can solve the issue. BugLink: https://bugs.launchpad.net/bugs/1758507 Cc: Stable <stable(a)vger.kernel.org> Signed-off-by: Kai-Heng Feng <kai.heng.feng(a)canonical.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/marvell/sky2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/net/ethernet/marvell/sky2.c +++ b/drivers/net/ethernet/marvell/sky2.c @@ -5087,7 +5087,7 @@ static int sky2_probe(struct pci_dev *pd INIT_WORK(&hw->restart_work, sky2_restart); pci_set_drvdata(pdev, hw); - pdev->d3_delay = 150; + pdev->d3_delay = 200; return 0; Patches currently in stable-queue which might be from kai.heng.feng(a)canonical.com are queue-4.16/sky2-increase-d3-delay-to-sky2-stops-working-after-suspend.patch

7 years, 5 months

1
0
0 0

Patch "vti6: better validate user provided tunnel names" has been added to the 4.16-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled vti6: better validate user provided tunnel names to the 4.16-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: vti6-better-validate-user-provided-tunnel-names.patch and it can be found in the queue-4.16 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:25 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Thu, 5 Apr 2018 06:39:31 -0700 Subject: vti6: better validate user provided tunnel names From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit 537b361fbcbcc3cd6fe2bb47069fd292b9256d16 ] Use valid_name() to make sure user does not provide illegal device name. Fixes: ed1efb2aefbb ("ipv6: Add support for IPsec virtual tunnel interfaces") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Cc: Steffen Klassert <steffen.klassert(a)secunet.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv6/ip6_vti.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) --- a/net/ipv6/ip6_vti.c +++ b/net/ipv6/ip6_vti.c @@ -212,10 +212,13 @@ static struct ip6_tnl *vti6_tnl_create(s char name[IFNAMSIZ]; int err; - if (p->name[0]) + if (p->name[0]) { + if (!dev_valid_name(p->name)) + goto failed; strlcpy(name, p->name, IFNAMSIZ); - else + } else { sprintf(name, "ip6_vti%%d"); + } dev = alloc_netdev(sizeof(*t), name, NET_NAME_UNKNOWN, vti6_dev_setup); if (!dev) Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.16/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.16/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.16/net-fool-proof-dev_valid_name.patch queue-4.16/vti6-better-validate-user-provided-tunnel-names.patch queue-4.16/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.16/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.16/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.16/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.16/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6" has been added to the 4.16-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 to the 4.16-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch and it can be found in the queue-4.16 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:25 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Sun, 8 Apr 2018 07:52:08 -0700 Subject: sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit 81e98370293afcb58340ce8bd71af7b97f925c26 ] Check must happen before call to ipv6_addr_v4mapped() syzbot report was : BUG: KMSAN: uninit-value in sctp_sockaddr_af net/sctp/socket.c:359 [inline] BUG: KMSAN: uninit-value in sctp_do_bind+0x60f/0xdc0 net/sctp/socket.c:384 CPU: 0 PID: 3576 Comm: syzkaller968804 Not tainted 4.16.0+ #82 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x185/0x1d0 lib/dump_stack.c:53 kmsan_report+0x142/0x240 mm/kmsan/kmsan.c:1067 __msan_warning_32+0x6c/0xb0 mm/kmsan/kmsan_instr.c:676 sctp_sockaddr_af net/sctp/socket.c:359 [inline] sctp_do_bind+0x60f/0xdc0 net/sctp/socket.c:384 sctp_bind+0x149/0x190 net/sctp/socket.c:332 inet6_bind+0x1fd/0x1820 net/ipv6/af_inet6.c:293 SYSC_bind+0x3f2/0x4b0 net/socket.c:1474 SyS_bind+0x54/0x80 net/socket.c:1460 do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 RIP: 0033:0x43fd49 RSP: 002b:00007ffe99df3d28 EFLAGS: 00000213 ORIG_RAX: 0000000000000031 RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fd49 RDX: 0000000000000010 RSI: 0000000020000000 RDI: 0000000000000003 RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 R10: 00000000004002c8 R11: 0000000000000213 R12: 0000000000401670 R13: 0000000000401700 R14: 0000000000000000 R15: 0000000000000000 Local variable description: ----address@SYSC_bind Variable was created at: SYSC_bind+0x6f/0x4b0 net/socket.c:1461 SyS_bind+0x54/0x80 net/socket.c:1460 Signed-off-by: Eric Dumazet <edumazet(a)google.com> Cc: Vlad Yasevich <vyasevich(a)gmail.com> Cc: Neil Horman <nhorman(a)tuxdriver.com> Reported-by: syzbot <syzkaller(a)googlegroups.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/sctp/socket.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -354,11 +354,14 @@ static struct sctp_af *sctp_sockaddr_af( if (!opt->pf->af_supported(addr->sa.sa_family, opt)) return NULL; - /* V4 mapped address are really of AF_INET family */ - if (addr->sa.sa_family == AF_INET6 && - ipv6_addr_v4mapped(&addr->v6.sin6_addr) && - !opt->pf->af_supported(AF_INET, opt)) - return NULL; + if (addr->sa.sa_family == AF_INET6) { + if (len < SIN6_LEN_RFC2133) + return NULL; + /* V4 mapped address are really of AF_INET family */ + if (ipv6_addr_v4mapped(&addr->v6.sin6_addr) && + !opt->pf->af_supported(AF_INET, opt)) + return NULL; + } /* If we get this far, af is valid. */ af = sctp_get_af_specific(addr->sa.sa_family); Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.16/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.16/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.16/net-fool-proof-dev_valid_name.patch queue-4.16/vti6-better-validate-user-provided-tunnel-names.patch queue-4.16/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.16/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.16/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.16/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.16/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "sctp: do not leak kernel memory to user space" has been added to the 4.16-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled sctp: do not leak kernel memory to user space to the 4.16-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: sctp-do-not-leak-kernel-memory-to-user-space.patch and it can be found in the queue-4.16 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:25 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Sat, 7 Apr 2018 17:15:22 -0700 Subject: sctp: do not leak kernel memory to user space From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit 6780db244d6b1537d139dea0ec8aad10cf9e4adb ] syzbot produced a nice report [1] Issue here is that a recvmmsg() managed to leak 8 bytes of kernel memory to user space, because sin_zero (padding field) was not properly cleared. [1] BUG: KMSAN: uninit-value in copy_to_user include/linux/uaccess.h:184 [inline] BUG: KMSAN: uninit-value in move_addr_to_user+0x32e/0x530 net/socket.c:227 CPU: 1 PID: 3586 Comm: syzkaller481044 Not tainted 4.16.0+ #82 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x185/0x1d0 lib/dump_stack.c:53 kmsan_report+0x142/0x240 mm/kmsan/kmsan.c:1067 kmsan_internal_check_memory+0x164/0x1d0 mm/kmsan/kmsan.c:1176 kmsan_copy_to_user+0x69/0x160 mm/kmsan/kmsan.c:1199 copy_to_user include/linux/uaccess.h:184 [inline] move_addr_to_user+0x32e/0x530 net/socket.c:227 ___sys_recvmsg+0x4e2/0x810 net/socket.c:2211 __sys_recvmmsg+0x54e/0xdb0 net/socket.c:2313 SYSC_recvmmsg+0x29b/0x3e0 net/socket.c:2394 SyS_recvmmsg+0x76/0xa0 net/socket.c:2378 do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 RIP: 0033:0x4401c9 RSP: 002b:00007ffc56f73098 EFLAGS: 00000217 ORIG_RAX: 000000000000012b RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401c9 RDX: 0000000000000001 RSI: 0000000020003ac0 RDI: 0000000000000003 RBP: 00000000006ca018 R08: 0000000020003bc0 R09: 0000000000000010 R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401af0 R13: 0000000000401b80 R14: 0000000000000000 R15: 0000000000000000 Local variable description: ----addr@___sys_recvmsg Variable was created at: ___sys_recvmsg+0xd5/0x810 net/socket.c:2172 __sys_recvmmsg+0x54e/0xdb0 net/socket.c:2313 Bytes 8-15 of 16 are uninitialized ================================================================== Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 3586 Comm: syzkaller481044 Tainted: G B 4.16.0+ #82 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x185/0x1d0 lib/dump_stack.c:53 panic+0x39d/0x940 kernel/panic.c:183 kmsan_report+0x238/0x240 mm/kmsan/kmsan.c:1083 kmsan_internal_check_memory+0x164/0x1d0 mm/kmsan/kmsan.c:1176 kmsan_copy_to_user+0x69/0x160 mm/kmsan/kmsan.c:1199 copy_to_user include/linux/uaccess.h:184 [inline] move_addr_to_user+0x32e/0x530 net/socket.c:227 ___sys_recvmsg+0x4e2/0x810 net/socket.c:2211 __sys_recvmmsg+0x54e/0xdb0 net/socket.c:2313 SYSC_recvmmsg+0x29b/0x3e0 net/socket.c:2394 SyS_recvmmsg+0x76/0xa0 net/socket.c:2378 do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Cc: Vlad Yasevich <vyasevich(a)gmail.com> Cc: Neil Horman <nhorman(a)tuxdriver.com> Reported-by: syzbot <syzkaller(a)googlegroups.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/sctp/ipv6.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/net/sctp/ipv6.c +++ b/net/sctp/ipv6.c @@ -728,8 +728,10 @@ static int sctp_v6_addr_to_user(struct s sctp_v6_map_v4(addr); } - if (addr->sa.sa_family == AF_INET) + if (addr->sa.sa_family == AF_INET) { + memset(addr->v4.sin_zero, 0, sizeof(addr->v4.sin_zero)); return sizeof(struct sockaddr_in); + } return sizeof(struct sockaddr_in6); } Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.16/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.16/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.16/net-fool-proof-dev_valid_name.patch queue-4.16/vti6-better-validate-user-provided-tunnel-names.patch queue-4.16/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.16/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.16/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.16/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.16/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "pptp: remove a buggy dst release in pptp_connect()" has been added to the 4.16-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled pptp: remove a buggy dst release in pptp_connect() to the 4.16-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: pptp-remove-a-buggy-dst-release-in-pptp_connect.patch and it can be found in the queue-4.16 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:25 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Mon, 2 Apr 2018 18:48:37 -0700 Subject: pptp: remove a buggy dst release in pptp_connect() From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit bfacfb457b36911a10140b8cb3ce76a74883ac5a ] Once dst has been cached in socket via sk_setup_caps(), it is illegal to call ip_rt_put() (or dst_release()), since sk_setup_caps() did not change dst refcount. We can still dereference it since we hold socket lock. Caugth by syzbot : BUG: KASAN: use-after-free in atomic_dec_return include/asm-generic/atomic-instrumented.h:198 [inline] BUG: KASAN: use-after-free in dst_release+0x27/0xa0 net/core/dst.c:185 Write of size 4 at addr ffff8801c54dc040 by task syz-executor4/20088 CPU: 1 PID: 20088 Comm: syz-executor4 Not tainted 4.16.0+ #376 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1a7/0x27d lib/dump_stack.c:53 print_address_description+0x73/0x250 mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report+0x23c/0x360 mm/kasan/report.c:412 check_memory_region_inline mm/kasan/kasan.c:260 [inline] check_memory_region+0x137/0x190 mm/kasan/kasan.c:267 kasan_check_write+0x14/0x20 mm/kasan/kasan.c:278 atomic_dec_return include/asm-generic/atomic-instrumented.h:198 [inline] dst_release+0x27/0xa0 net/core/dst.c:185 sk_dst_set include/net/sock.h:1812 [inline] sk_dst_reset include/net/sock.h:1824 [inline] sock_setbindtodevice net/core/sock.c:610 [inline] sock_setsockopt+0x431/0x1b20 net/core/sock.c:707 SYSC_setsockopt net/socket.c:1845 [inline] SyS_setsockopt+0x2ff/0x360 net/socket.c:1828 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x4552d9 RSP: 002b:00007f4878126c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 00007f48781276d4 RCX: 00000000004552d9 RDX: 0000000000000019 RSI: 0000000000000001 RDI: 0000000000000013 RBP: 000000000072bea0 R08: 0000000000000010 R09: 0000000000000000 R10: 00000000200010c0 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000526 R14: 00000000006fac30 R15: 0000000000000000 Allocated by task 20088: save_stack+0x43/0xd0 mm/kasan/kasan.c:447 set_track mm/kasan/kasan.c:459 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:552 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:489 kmem_cache_alloc+0x12e/0x760 mm/slab.c:3542 dst_alloc+0x11f/0x1a0 net/core/dst.c:104 rt_dst_alloc+0xe9/0x540 net/ipv4/route.c:1520 __mkroute_output net/ipv4/route.c:2265 [inline] ip_route_output_key_hash_rcu+0xa49/0x2c60 net/ipv4/route.c:2493 ip_route_output_key_hash+0x20b/0x370 net/ipv4/route.c:2322 __ip_route_output_key include/net/route.h:126 [inline] ip_route_output_flow+0x26/0xa0 net/ipv4/route.c:2577 ip_route_output_ports include/net/route.h:163 [inline] pptp_connect+0xa84/0x1170 drivers/net/ppp/pptp.c:453 SYSC_connect+0x213/0x4a0 net/socket.c:1639 SyS_connect+0x24/0x30 net/socket.c:1620 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 Freed by task 20082: save_stack+0x43/0xd0 mm/kasan/kasan.c:447 set_track mm/kasan/kasan.c:459 [inline] __kasan_slab_free+0x11a/0x170 mm/kasan/kasan.c:520 kasan_slab_free+0xe/0x10 mm/kasan/kasan.c:527 __cache_free mm/slab.c:3486 [inline] kmem_cache_free+0x83/0x2a0 mm/slab.c:3744 dst_destroy+0x266/0x380 net/core/dst.c:140 dst_destroy_rcu+0x16/0x20 net/core/dst.c:153 __rcu_reclaim kernel/rcu/rcu.h:178 [inline] rcu_do_batch kernel/rcu/tree.c:2675 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2930 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2897 [inline] rcu_process_callbacks+0xd6c/0x17b0 kernel/rcu/tree.c:2914 __do_softirq+0x2d7/0xb85 kernel/softirq.c:285 The buggy address belongs to the object at ffff8801c54dc000 which belongs to the cache ip_dst_cache of size 168 The buggy address is located 64 bytes inside of 168-byte region [ffff8801c54dc000, ffff8801c54dc0a8) The buggy address belongs to the page: page:ffffea0007153700 count:1 mapcount:0 mapping:ffff8801c54dc000 index:0x0 flags: 0x2fffc0000000100(slab) raw: 02fffc0000000100 ffff8801c54dc000 0000000000000000 0000000100000010 raw: ffffea0006b34b20 ffffea0006b6c1e0 ffff8801d674a1c0 0000000000000000 page dumped because: kasan: bad access detected Signed-off-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ppp/pptp.c | 1 - 1 file changed, 1 deletion(-) --- a/drivers/net/ppp/pptp.c +++ b/drivers/net/ppp/pptp.c @@ -464,7 +464,6 @@ static int pptp_connect(struct socket *s po->chan.mtu = dst_mtu(&rt->dst); if (!po->chan.mtu) po->chan.mtu = PPP_MRU; - ip_rt_put(rt); po->chan.mtu -= PPTP_HEADER_OVERHEAD; po->chan.hdrlen = 2 + sizeof(struct pptp_gre_header); Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.16/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.16/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.16/net-fool-proof-dev_valid_name.patch queue-4.16/vti6-better-validate-user-provided-tunnel-names.patch queue-4.16/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.16/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.16/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.16/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.16/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "nfp: use full 40 bits of the NSP buffer address" has been added to the 4.16-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled nfp: use full 40 bits of the NSP buffer address to the 4.16-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: nfp-use-full-40-bits-of-the-nsp-buffer-address.patch and it can be found in the queue-4.16 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:25 CEST 2018 From: Dirk van der Merwe <dirk.vandermerwe(a)netronome.com> Date: Tue, 3 Apr 2018 17:24:23 -0700 Subject: nfp: use full 40 bits of the NSP buffer address From: Dirk van der Merwe <dirk.vandermerwe(a)netronome.com> [ Upstream commit 1489bbd10e16079ce30a53d3c22a431fd47af791 ] The NSP default buffer is a piece of NFP memory where additional command data can be placed. Its format has been copied from host buffer, but the PCIe selection bits do not make sense in this case. If those get masked out from a NFP address - writes to random place in the chip memory may be issued and crash the device. Even in the general NSP buffer case, it doesn't make sense to have the PCIe selection bits there anymore. These are unused at the moment, and when it becomes necessary, the PCIe selection bits should rather be moved to another register to utilise more bits for the buffer address. This has never been an issue because the buffer used to be allocated in memory with less-than-38-bit-long address but that is about to change. Fixes: 1a64821c6af7 ("nfp: add support for service processor access") Signed-off-by: Dirk van der Merwe <dirk.vandermerwe(a)netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski(a)netronome.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/netronome/nfp/nfpcore/nfp_nsp.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) --- a/drivers/net/ethernet/netronome/nfp/nfpcore/nfp_nsp.c +++ b/drivers/net/ethernet/netronome/nfp/nfpcore/nfp_nsp.c @@ -71,10 +71,11 @@ /* CPP address to retrieve the data from */ #define NSP_BUFFER 0x10 #define NSP_BUFFER_CPP GENMASK_ULL(63, 40) -#define NSP_BUFFER_PCIE GENMASK_ULL(39, 38) -#define NSP_BUFFER_ADDRESS GENMASK_ULL(37, 0) +#define NSP_BUFFER_ADDRESS GENMASK_ULL(39, 0) #define NSP_DFLT_BUFFER 0x18 +#define NSP_DFLT_BUFFER_CPP GENMASK_ULL(63, 40) +#define NSP_DFLT_BUFFER_ADDRESS GENMASK_ULL(39, 0) #define NSP_DFLT_BUFFER_CONFIG 0x20 #define NSP_DFLT_BUFFER_SIZE_MB GENMASK_ULL(7, 0) @@ -427,8 +428,8 @@ __nfp_nsp_command_buf(struct nfp_nsp *ns if (err < 0) return err; - cpp_id = FIELD_GET(NSP_BUFFER_CPP, reg) << 8; - cpp_buf = FIELD_GET(NSP_BUFFER_ADDRESS, reg); + cpp_id = FIELD_GET(NSP_DFLT_BUFFER_CPP, reg) << 8; + cpp_buf = FIELD_GET(NSP_DFLT_BUFFER_ADDRESS, reg); if (in_buf && in_size) { err = nfp_cpp_write(cpp, cpp_id, cpp_buf, in_buf, in_size); Patches currently in stable-queue which might be from dirk.vandermerwe(a)netronome.com are queue-4.16/nfp-use-full-40-bits-of-the-nsp-buffer-address.patch

7 years, 5 months

1
0
0 0

Patch "net_sched: fix a missing idr_remove() in u32_delete_key()" has been added to the 4.16-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net_sched: fix a missing idr_remove() in u32_delete_key() to the 4.16-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net_sched-fix-a-missing-idr_remove-in-u32_delete_key.patch and it can be found in the queue-4.16 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:25 CEST 2018 From: Cong Wang <xiyou.wangcong(a)gmail.com> Date: Fri, 6 Apr 2018 17:19:41 -0700 Subject: net_sched: fix a missing idr_remove() in u32_delete_key() From: Cong Wang <xiyou.wangcong(a)gmail.com> [ Upstream commit f12c643209db0626f2f54780d86bb93bfa7a9c2d ] When we delete a u32 key via u32_delete_key(), we forget to call idr_remove() to remove its handle from IDR. Fixes: e7614370d6f0 ("net_sched: use idr to allocate u32 filter handles") Reported-by: Marcin Kabiesz <admin(a)hostcenter.eu> Tested-by: Marcin Kabiesz <admin(a)hostcenter.eu> Signed-off-by: Cong Wang <xiyou.wangcong(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/sched/cls_u32.c | 1 + 1 file changed, 1 insertion(+) --- a/net/sched/cls_u32.c +++ b/net/sched/cls_u32.c @@ -489,6 +489,7 @@ static int u32_delete_key(struct tcf_pro RCU_INIT_POINTER(*kp, key->next); tcf_unbind_filter(tp, &key->res); + idr_remove(&ht->handle_idr, key->handle); tcf_exts_get_net(&key->exts); call_rcu(&key->rcu, u32_delete_key_freepf_rcu); return 0; Patches currently in stable-queue which might be from xiyou.wangcong(a)gmail.com are queue-4.16/net_sched-fix-a-missing-idr_remove-in-u32_delete_key.patch

7 years, 5 months

1
0
0 0

Patch "net/sched: fix NULL dereference in the error path of tcf_bpf_init()" has been added to the 4.16-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/sched: fix NULL dereference in the error path of tcf_bpf_init() to the 4.16-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-sched-fix-null-dereference-in-the-error-path-of-tcf_bpf_init.patch and it can be found in the queue-4.16 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:25 CEST 2018 From: Davide Caratti <dcaratti(a)redhat.com> Date: Fri, 6 Apr 2018 01:19:37 +0200 Subject: net/sched: fix NULL dereference in the error path of tcf_bpf_init() From: Davide Caratti <dcaratti(a)redhat.com> [ Upstream commit 3239534a79ee6f20cffd974173a1e62e0730e8ac ] when tcf_bpf_init_from_ops() fails (e.g. because of program having invalid number of instructions), tcf_bpf_cfg_cleanup() calls bpf_prog_put(NULL) or bpf_prog_destroy(NULL). Unless CONFIG_BPF_SYSCALL is unset, this causes the following error: BUG: unable to handle kernel NULL pointer dereference at 0000000000000020 PGD 800000007345a067 P4D 800000007345a067 PUD 340e1067 PMD 0 Oops: 0000 [#1] SMP PTI Modules linked in: act_bpf(E) ip6table_filter ip6_tables iptable_filter binfmt_misc ext4 mbcache jbd2 crct10dif_pclmul crc32_pclmul ghash_clmulni_intel snd_hda_codec_generic pcbc snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_seq snd_seq_device snd_pcm aesni_intel crypto_simd glue_helper cryptd joydev snd_timer snd virtio_balloon pcspkr soundcore i2c_piix4 nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c ata_generic pata_acpi qxl drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm virtio_blk drm virtio_net virtio_console i2c_core crc32c_intel serio_raw virtio_pci ata_piix libata virtio_ring floppy virtio dm_mirror dm_region_hash dm_log dm_mod [last unloaded: act_bpf] CPU: 3 PID: 5654 Comm: tc Tainted: G E 4.16.0.bpf_test+ #408 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:__bpf_prog_put+0xc/0xc0 RSP: 0018:ffff9594003ef728 EFLAGS: 00010202 RAX: 0000000000000000 RBX: ffff9594003ef758 RCX: 0000000000000024 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000044 R10: 0000000000000220 R11: ffff8a7ab9f17131 R12: 0000000000000000 R13: ffff8a7ab7c3c8e0 R14: 0000000000000001 R15: ffff8a7ab88f1054 FS: 00007fcb2f17c740(0000) GS:ffff8a7abfd80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000020 CR3: 000000007c888006 CR4: 00000000001606e0 Call Trace: tcf_bpf_cfg_cleanup+0x2f/0x40 [act_bpf] tcf_bpf_cleanup+0x4c/0x70 [act_bpf] __tcf_idr_release+0x79/0x140 tcf_bpf_init+0x125/0x330 [act_bpf] tcf_action_init_1+0x2cc/0x430 ? get_page_from_freelist+0x3f0/0x11b0 tcf_action_init+0xd3/0x1b0 tc_ctl_action+0x18b/0x240 rtnetlink_rcv_msg+0x29c/0x310 ? _cond_resched+0x15/0x30 ? __kmalloc_node_track_caller+0x1b9/0x270 ? rtnl_calcit.isra.29+0x100/0x100 netlink_rcv_skb+0xd2/0x110 netlink_unicast+0x17c/0x230 netlink_sendmsg+0x2cd/0x3c0 sock_sendmsg+0x30/0x40 ___sys_sendmsg+0x27a/0x290 ? mem_cgroup_commit_charge+0x80/0x130 ? page_add_new_anon_rmap+0x73/0xc0 ? do_anonymous_page+0x2a2/0x560 ? __handle_mm_fault+0xc75/0xe20 __sys_sendmsg+0x58/0xa0 do_syscall_64+0x6e/0x1a0 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 RIP: 0033:0x7fcb2e58eba0 RSP: 002b:00007ffc93c496c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007ffc93c497f0 RCX: 00007fcb2e58eba0 RDX: 0000000000000000 RSI: 00007ffc93c49740 RDI: 0000000000000003 RBP: 000000005ac6a646 R08: 0000000000000002 R09: 0000000000000000 R10: 00007ffc93c49120 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc93c49804 R14: 0000000000000001 R15: 000000000066afa0 Code: 5f 00 48 8b 43 20 48 c7 c7 70 2f 7c b8 c7 40 10 00 00 00 00 5b e9 a5 8b 61 00 0f 1f 44 00 00 0f 1f 44 00 00 41 54 55 48 89 fd 53 <48> 8b 47 20 f0 ff 08 74 05 5b 5d 41 5c c3 41 89 f4 0f 1f 44 00 RIP: __bpf_prog_put+0xc/0xc0 RSP: ffff9594003ef728 CR2: 0000000000000020 Fix it in tcf_bpf_cfg_cleanup(), ensuring that bpf_prog_{put,destroy}(f) is called only when f is not NULL. Fixes: bbc09e7842a5 ("net/sched: fix idr leak on the error path of tcf_bpf_init()") Reported-by: Lucas Bates <lucasb(a)mojatatu.com> Signed-off-by: Davide Caratti <dcaratti(a)redhat.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/sched/act_bpf.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) --- a/net/sched/act_bpf.c +++ b/net/sched/act_bpf.c @@ -248,10 +248,14 @@ static int tcf_bpf_init_from_efd(struct static void tcf_bpf_cfg_cleanup(const struct tcf_bpf_cfg *cfg) { - if (cfg->is_ebpf) - bpf_prog_put(cfg->filter); - else - bpf_prog_destroy(cfg->filter); + struct bpf_prog *filter = cfg->filter; + + if (filter) { + if (cfg->is_ebpf) + bpf_prog_put(filter); + else + bpf_prog_destroy(filter); + } kfree(cfg->bpf_ops); kfree(cfg->bpf_name); Patches currently in stable-queue which might be from dcaratti(a)redhat.com are queue-4.16/net-sched-fix-null-dereference-in-the-error-path-of-tcf_bpf_init.patch

7 years, 5 months

1
0
0 0

Patch "net/ipv6: Increment OUTxxx counters after netfilter hook" has been added to the 4.16-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/ipv6: Increment OUTxxx counters after netfilter hook to the 4.16-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-ipv6-increment-outxxx-counters-after-netfilter-hook.patch and it can be found in the queue-4.16 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:25 CEST 2018 From: Jeff Barnhill <0xeffeff(a)gmail.com> Date: Thu, 5 Apr 2018 21:29:47 +0000 Subject: net/ipv6: Increment OUTxxx counters after netfilter hook From: Jeff Barnhill <0xeffeff(a)gmail.com> [ Upstream commit 71a1c915238c970cd9bdd5bf158b1279d6b6d55b ] At the end of ip6_forward(), IPSTATS_MIB_OUTFORWDATAGRAMS and IPSTATS_MIB_OUTOCTETS are incremented immediately before the NF_HOOK call for NFPROTO_IPV6 / NF_INET_FORWARD. As a result, these counters get incremented regardless of whether or not the netfilter hook allows the packet to continue being processed. This change increments the counters in ip6_forward_finish() so that it will not happen if the netfilter hook chooses to terminate the packet, which is similar to how IPv4 works. Signed-off-by: Jeff Barnhill <0xeffeff(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv6/ip6_output.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -375,6 +375,11 @@ static int ip6_forward_proxy_check(struc static inline int ip6_forward_finish(struct net *net, struct sock *sk, struct sk_buff *skb) { + struct dst_entry *dst = skb_dst(skb); + + __IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS); + __IP6_ADD_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTOCTETS, skb->len); + return dst_output(net, sk, skb); } @@ -569,8 +574,6 @@ int ip6_forward(struct sk_buff *skb) hdr->hop_limit--; - __IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS); - __IP6_ADD_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTOCTETS, skb->len); return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD, net, NULL, skb, skb->dev, dst->dev, ip6_forward_finish); Patches currently in stable-queue which might be from 0xeffeff(a)gmail.com are queue-4.16/net-ipv6-increment-outxxx-counters-after-netfilter-hook.patch

7 years, 5 months

1
0
0 0

Patch "net: dsa: Discard frames from unused ports" has been added to the 4.16-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net: dsa: Discard frames from unused ports to the 4.16-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-dsa-discard-frames-from-unused-ports.patch and it can be found in the queue-4.16 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:25 CEST 2018 From: Andrew Lunn <andrew(a)lunn.ch> Date: Sat, 7 Apr 2018 20:37:40 +0200 Subject: net: dsa: Discard frames from unused ports From: Andrew Lunn <andrew(a)lunn.ch> [ Upstream commit fc5f33768cca7144f8d793205b229d46740d183b ] The Marvell switches under some conditions will pass a frame to the host with the port being the CPU port. Such frames are invalid, and should be dropped. Not dropping them can result in a crash when incrementing the receive statistics for an invalid port. Reported-by: Chris Healy <cphealy(a)gmail.com> Fixes: 91da11f870f0 ("net: Distributed Switch Architecture protocol support") Signed-off-by: Andrew Lunn <andrew(a)lunn.ch> Reviewed-by: Florian Fainelli <f.fainelli(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/dsa/dsa_priv.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) --- a/net/dsa/dsa_priv.h +++ b/net/dsa/dsa_priv.h @@ -126,6 +126,7 @@ static inline struct net_device *dsa_mas struct dsa_port *cpu_dp = dev->dsa_ptr; struct dsa_switch_tree *dst = cpu_dp->dst; struct dsa_switch *ds; + struct dsa_port *slave_port; if (device < 0 || device >= DSA_MAX_SWITCHES) return NULL; @@ -137,7 +138,12 @@ static inline struct net_device *dsa_mas if (port < 0 || port >= ds->num_ports) return NULL; - return ds->ports[port].slave; + slave_port = &ds->ports[port]; + + if (unlikely(slave_port->type != DSA_PORT_TYPE_USER)) + return NULL; + + return slave_port->slave; } /* port.c */ Patches currently in stable-queue which might be from andrew(a)lunn.ch are queue-4.16/net-dsa-discard-frames-from-unused-ports.patch

7 years, 5 months

1
0
0 0

Patch "net: fool proof dev_valid_name()" has been added to the 4.16-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net: fool proof dev_valid_name() to the 4.16-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-fool-proof-dev_valid_name.patch and it can be found in the queue-4.16 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:25 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Thu, 5 Apr 2018 06:39:26 -0700 Subject: net: fool proof dev_valid_name() From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit a9d48205d0aedda021fc3728972a9e9934c2b9de ] We want to use dev_valid_name() to validate tunnel names, so better use strnlen(name, IFNAMSIZ) than strlen(name) to make sure to not upset KASAN. Signed-off-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/core/dev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/core/dev.c +++ b/net/core/dev.c @@ -1027,7 +1027,7 @@ bool dev_valid_name(const char *name) { if (*name == '\0') return false; - if (strlen(name) >= IFNAMSIZ) + if (strnlen(name, IFNAMSIZ) == IFNAMSIZ) return false; if (!strcmp(name, ".") || !strcmp(name, "..")) return false; Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.16/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.16/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.16/net-fool-proof-dev_valid_name.patch queue-4.16/vti6-better-validate-user-provided-tunnel-names.patch queue-4.16/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.16/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.16/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.16/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.16/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "ipv6: sit: better validate user provided tunnel names" has been added to the 4.16-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ipv6: sit: better validate user provided tunnel names to the 4.16-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ipv6-sit-better-validate-user-provided-tunnel-names.patch and it can be found in the queue-4.16 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:25 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Thu, 5 Apr 2018 06:39:28 -0700 Subject: ipv6: sit: better validate user provided tunnel names From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit b95211e066fc3494b7c115060b2297b4ba21f025 ] Use dev_valid_name() to make sure user does not provide illegal device name. syzbot caught the following bug : BUG: KASAN: stack-out-of-bounds in strlcpy include/linux/string.h:300 [inline] BUG: KASAN: stack-out-of-bounds in ipip6_tunnel_locate+0x63b/0xaa0 net/ipv6/sit.c:254 Write of size 33 at addr ffff8801b64076d8 by task syzkaller932654/4453 CPU: 0 PID: 4453 Comm: syzkaller932654 Not tainted 4.16.0+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b9/0x29f lib/dump_stack.c:53 print_address_description+0x6c/0x20b mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.7+0xac/0x2f5 mm/kasan/report.c:412 check_memory_region_inline mm/kasan/kasan.c:260 [inline] check_memory_region+0x13e/0x1b0 mm/kasan/kasan.c:267 memcpy+0x37/0x50 mm/kasan/kasan.c:303 strlcpy include/linux/string.h:300 [inline] ipip6_tunnel_locate+0x63b/0xaa0 net/ipv6/sit.c:254 ipip6_tunnel_ioctl+0xe71/0x241b net/ipv6/sit.c:1221 dev_ifsioc+0x43e/0xb90 net/core/dev_ioctl.c:334 dev_ioctl+0x69a/0xcc0 net/core/dev_ioctl.c:525 sock_ioctl+0x47e/0x680 net/socket.c:1015 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x1cf/0x1650 fs/ioctl.c:684 ksys_ioctl+0xa9/0xd0 fs/ioctl.c:701 SYSC_ioctl fs/ioctl.c:708 [inline] SyS_ioctl+0x24/0x30 fs/ioctl.c:706 do_syscall_64+0x29e/0x9d0 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Reported-by: syzbot <syzkaller(a)googlegroups.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv6/sit.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) --- a/net/ipv6/sit.c +++ b/net/ipv6/sit.c @@ -250,11 +250,13 @@ static struct ip_tunnel *ipip6_tunnel_lo if (!create) goto failed; - if (parms->name[0]) + if (parms->name[0]) { + if (!dev_valid_name(parms->name)) + goto failed; strlcpy(name, parms->name, IFNAMSIZ); - else + } else { strcpy(name, "sit%d"); - + } dev = alloc_netdev(sizeof(*t), name, NET_NAME_UNKNOWN, ipip6_tunnel_setup); if (!dev) Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.16/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.16/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.16/net-fool-proof-dev_valid_name.patch queue-4.16/vti6-better-validate-user-provided-tunnel-names.patch queue-4.16/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.16/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.16/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.16/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.16/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "ip_tunnel: better validate user provided tunnel names" has been added to the 4.16-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ip_tunnel: better validate user provided tunnel names to the 4.16-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ip_tunnel-better-validate-user-provided-tunnel-names.patch and it can be found in the queue-4.16 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:25 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Thu, 5 Apr 2018 06:39:27 -0700 Subject: ip_tunnel: better validate user provided tunnel names From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit 9cb726a212a82c88c98aa9f0037fd04777cd8fe5 ] Use dev_valid_name() to make sure user does not provide illegal device name. syzbot caught the following bug : BUG: KASAN: stack-out-of-bounds in strlcpy include/linux/string.h:300 [inline] BUG: KASAN: stack-out-of-bounds in __ip_tunnel_create+0xca/0x6b0 net/ipv4/ip_tunnel.c:257 Write of size 20 at addr ffff8801ac79f810 by task syzkaller268107/4482 CPU: 0 PID: 4482 Comm: syzkaller268107 Not tainted 4.16.0+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b9/0x29f lib/dump_stack.c:53 print_address_description+0x6c/0x20b mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.7+0xac/0x2f5 mm/kasan/report.c:412 check_memory_region_inline mm/kasan/kasan.c:260 [inline] check_memory_region+0x13e/0x1b0 mm/kasan/kasan.c:267 memcpy+0x37/0x50 mm/kasan/kasan.c:303 strlcpy include/linux/string.h:300 [inline] __ip_tunnel_create+0xca/0x6b0 net/ipv4/ip_tunnel.c:257 ip_tunnel_create net/ipv4/ip_tunnel.c:352 [inline] ip_tunnel_ioctl+0x818/0xd40 net/ipv4/ip_tunnel.c:861 ipip_tunnel_ioctl+0x1c5/0x420 net/ipv4/ipip.c:350 dev_ifsioc+0x43e/0xb90 net/core/dev_ioctl.c:334 dev_ioctl+0x69a/0xcc0 net/core/dev_ioctl.c:525 sock_ioctl+0x47e/0x680 net/socket.c:1015 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x1cf/0x1650 fs/ioctl.c:684 ksys_ioctl+0xa9/0xd0 fs/ioctl.c:701 SYSC_ioctl fs/ioctl.c:708 [inline] SyS_ioctl+0x24/0x30 fs/ioctl.c:706 do_syscall_64+0x29e/0x9d0 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 Fixes: c54419321455 ("GRE: Refactor GRE tunneling code.") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Reported-by: syzbot <syzkaller(a)googlegroups.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv4/ip_tunnel.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) --- a/net/ipv4/ip_tunnel.c +++ b/net/ipv4/ip_tunnel.c @@ -253,13 +253,14 @@ static struct net_device *__ip_tunnel_cr struct net_device *dev; char name[IFNAMSIZ]; - if (parms->name[0]) + err = -E2BIG; + if (parms->name[0]) { + if (!dev_valid_name(parms->name)) + goto failed; strlcpy(name, parms->name, IFNAMSIZ); - else { - if (strlen(ops->kind) > (IFNAMSIZ - 3)) { - err = -E2BIG; + } else { + if (strlen(ops->kind) > (IFNAMSIZ - 3)) goto failed; - } strlcpy(name, ops->kind, IFNAMSIZ); strncat(name, "%d", 2); } Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.16/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.16/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.16/net-fool-proof-dev_valid_name.patch queue-4.16/vti6-better-validate-user-provided-tunnel-names.patch queue-4.16/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.16/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.16/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.16/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.16/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "ip6_tunnel: better validate user provided tunnel names" has been added to the 4.16-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ip6_tunnel: better validate user provided tunnel names to the 4.16-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ip6_tunnel-better-validate-user-provided-tunnel-names.patch and it can be found in the queue-4.16 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:25 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Thu, 5 Apr 2018 06:39:30 -0700 Subject: ip6_tunnel: better validate user provided tunnel names From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit db7a65e3ab78e5b1c4b17c0870ebee35a4ee3257 ] Use valid_name() to make sure user does not provide illegal device name. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv6/ip6_tunnel.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) --- a/net/ipv6/ip6_tunnel.c +++ b/net/ipv6/ip6_tunnel.c @@ -297,13 +297,16 @@ static struct ip6_tnl *ip6_tnl_create(st struct net_device *dev; struct ip6_tnl *t; char name[IFNAMSIZ]; - int err = -ENOMEM; + int err = -E2BIG; - if (p->name[0]) + if (p->name[0]) { + if (!dev_valid_name(p->name)) + goto failed; strlcpy(name, p->name, IFNAMSIZ); - else + } else { sprintf(name, "ip6tnl%%d"); - + } + err = -ENOMEM; dev = alloc_netdev(sizeof(*t), name, NET_NAME_UNKNOWN, ip6_tnl_dev_setup); if (!dev) Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.16/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.16/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.16/net-fool-proof-dev_valid_name.patch queue-4.16/vti6-better-validate-user-provided-tunnel-names.patch queue-4.16/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.16/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.16/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.16/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.16/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "ip6_gre: better validate user provided tunnel names" has been added to the 4.16-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ip6_gre: better validate user provided tunnel names to the 4.16-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ip6_gre-better-validate-user-provided-tunnel-names.patch and it can be found in the queue-4.16 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:25 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Thu, 5 Apr 2018 06:39:29 -0700 Subject: ip6_gre: better validate user provided tunnel names From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit 5f42df013b8bc1b6511af7a04bf93b014884ae2a ] Use dev_valid_name() to make sure user does not provide illegal device name. syzbot caught the following bug : BUG: KASAN: stack-out-of-bounds in strlcpy include/linux/string.h:300 [inline] BUG: KASAN: stack-out-of-bounds in ip6gre_tunnel_locate+0x334/0x860 net/ipv6/ip6_gre.c:339 Write of size 20 at addr ffff8801afb9f7b8 by task syzkaller851048/4466 CPU: 1 PID: 4466 Comm: syzkaller851048 Not tainted 4.16.0+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b9/0x29f lib/dump_stack.c:53 print_address_description+0x6c/0x20b mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.7+0xac/0x2f5 mm/kasan/report.c:412 check_memory_region_inline mm/kasan/kasan.c:260 [inline] check_memory_region+0x13e/0x1b0 mm/kasan/kasan.c:267 memcpy+0x37/0x50 mm/kasan/kasan.c:303 strlcpy include/linux/string.h:300 [inline] ip6gre_tunnel_locate+0x334/0x860 net/ipv6/ip6_gre.c:339 ip6gre_tunnel_ioctl+0x69d/0x12e0 net/ipv6/ip6_gre.c:1195 dev_ifsioc+0x43e/0xb90 net/core/dev_ioctl.c:334 dev_ioctl+0x69a/0xcc0 net/core/dev_ioctl.c:525 sock_ioctl+0x47e/0x680 net/socket.c:1015 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x1cf/0x1650 fs/ioctl.c:684 ksys_ioctl+0xa9/0xd0 fs/ioctl.c:701 SYSC_ioctl fs/ioctl.c:708 [inline] SyS_ioctl+0x24/0x30 fs/ioctl.c:706 do_syscall_64+0x29e/0x9d0 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 Fixes: c12b395a4664 ("gre: Support GRE over IPv6") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Reported-by: syzbot <syzkaller(a)googlegroups.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv6/ip6_gre.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) --- a/net/ipv6/ip6_gre.c +++ b/net/ipv6/ip6_gre.c @@ -335,11 +335,13 @@ static struct ip6_tnl *ip6gre_tunnel_loc if (t || !create) return t; - if (parms->name[0]) + if (parms->name[0]) { + if (!dev_valid_name(parms->name)) + return NULL; strlcpy(name, parms->name, IFNAMSIZ); - else + } else { strcpy(name, "ip6gre%d"); - + } dev = alloc_netdev(sizeof(*t), name, NET_NAME_UNKNOWN, ip6gre_tunnel_setup); if (!dev) Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.16/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.16/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.16/net-fool-proof-dev_valid_name.patch queue-4.16/vti6-better-validate-user-provided-tunnel-names.patch queue-4.16/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.16/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.16/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.16/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.16/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "arp: fix arp_filter on l3slave devices" has been added to the 4.16-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled arp: fix arp_filter on l3slave devices to the 4.16-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arp-fix-arp_filter-on-l3slave-devices.patch and it can be found in the queue-4.16 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:25 CEST 2018 From: Miguel Fadon Perlines <mfadon(a)teldat.com> Date: Thu, 5 Apr 2018 10:25:38 +0200 Subject: arp: fix arp_filter on l3slave devices From: Miguel Fadon Perlines <mfadon(a)teldat.com> [ Upstream commit 58b35f27689b5eb514fc293c332966c226b1b6e4 ] arp_filter performs an ip_route_output search for arp source address and checks if output device is the same where the arp request was received, if it is not, the arp request is not answered. This route lookup is always done on main route table so l3slave devices never find the proper route and arp is not answered. Passing l3mdev_master_ifindex_rcu(dev) return value as oif fixes the lookup for l3slave devices while maintaining same behavior for non l3slave devices as this function returns 0 in that case. Fixes: 613d09b30f8b ("net: Use VRF device index for lookups on TX") Signed-off-by: Miguel Fadon Perlines <mfadon(a)teldat.com> Acked-by: David Ahern <dsa(a)cumulusnetworks.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv4/arp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/ipv4/arp.c +++ b/net/ipv4/arp.c @@ -437,7 +437,7 @@ static int arp_filter(__be32 sip, __be32 /*unsigned long now; */ struct net *net = dev_net(dev); - rt = ip_route_output(net, sip, tip, 0, 0); + rt = ip_route_output(net, sip, tip, 0, l3mdev_master_ifindex_rcu(dev)); if (IS_ERR(rt)) return 1; if (rt->dst.dev != dev) { Patches currently in stable-queue which might be from mfadon(a)teldat.com are queue-4.16/arp-fix-arp_filter-on-l3slave-devices.patch

7 years, 5 months

1
0
0 0

Patch "vti6: better validate user provided tunnel names" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled vti6: better validate user provided tunnel names to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: vti6-better-validate-user-provided-tunnel-names.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Thu, 5 Apr 2018 06:39:31 -0700 Subject: vti6: better validate user provided tunnel names From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit 537b361fbcbcc3cd6fe2bb47069fd292b9256d16 ] Use valid_name() to make sure user does not provide illegal device name. Fixes: ed1efb2aefbb ("ipv6: Add support for IPsec virtual tunnel interfaces") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Cc: Steffen Klassert <steffen.klassert(a)secunet.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv6/ip6_vti.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) --- a/net/ipv6/ip6_vti.c +++ b/net/ipv6/ip6_vti.c @@ -212,10 +212,13 @@ static struct ip6_tnl *vti6_tnl_create(s char name[IFNAMSIZ]; int err; - if (p->name[0]) + if (p->name[0]) { + if (!dev_valid_name(p->name)) + goto failed; strlcpy(name, p->name, IFNAMSIZ); - else + } else { sprintf(name, "ip6_vti%%d"); + } dev = alloc_netdev(sizeof(*t), name, NET_NAME_UNKNOWN, vti6_dev_setup); if (!dev) Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.15/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.15/net-fix-possible-out-of-bound-read-in-skb_network_protocol.patch queue-4.15/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.15/net-fool-proof-dev_valid_name.patch queue-4.15/ipv6-the-entire-ipv6-header-chain-must-fit-the-first-fragment.patch queue-4.15/vti6-better-validate-user-provided-tunnel-names.patch queue-4.15/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.15/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.15/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.15/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.15/netlink-make-sure-nladdr-has-correct-size-in-netlink_connect.patch queue-4.15/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "vrf: Fix use after free and double free in vrf_finish_output" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled vrf: Fix use after free and double free in vrf_finish_output to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: vrf-fix-use-after-free-and-double-free-in-vrf_finish_output.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: David Ahern <dsahern(a)gmail.com> Date: Thu, 29 Mar 2018 12:49:52 -0700 Subject: vrf: Fix use after free and double free in vrf_finish_output From: David Ahern <dsahern(a)gmail.com> [ Upstream commit 82dd0d2a9a76fc8fa2b18d80b987d455728bf83a ] Miguel reported an skb use after free / double free in vrf_finish_output when neigh_output returns an error. The vrf driver should return after the call to neigh_output as it takes over the skb on error path as well. Patch is a simplified version of Miguel's patch which was written for 4.9, and updated to top of tree. Fixes: 8f58336d3f78a ("net: Add ethernet header for pass through VRF device") Signed-off-by: Miguel Fadon Perlines <mfadon(a)teldat.com> Signed-off-by: David Ahern <dsahern(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/vrf.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) --- a/drivers/net/vrf.c +++ b/drivers/net/vrf.c @@ -578,12 +578,13 @@ static int vrf_finish_output(struct net if (!IS_ERR(neigh)) { sock_confirm_neigh(skb, neigh); ret = neigh_output(neigh, skb); + rcu_read_unlock_bh(); + return ret; } rcu_read_unlock_bh(); err: - if (unlikely(ret < 0)) - vrf_tx_error(skb->dev, skb); + vrf_tx_error(skb->dev, skb); return ret; } Patches currently in stable-queue which might be from dsahern(a)gmail.com are queue-4.15/perf-evsel-fix-swap-for-samples-with-raw-data.patch queue-4.15/perf-tools-fix-copyfile_offset-update-of-output-offset.patch queue-4.15/net-ipv6-fix-route-leaking-between-vrfs.patch queue-4.15/vrf-fix-use-after-free-and-double-free-in-vrf_finish_output.patch

7 years, 5 months

1
0
0 0

Patch "vlan: also check phy_driver ts_info for vlan's real device" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled vlan: also check phy_driver ts_info for vlan's real device to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: vlan-also-check-phy_driver-ts_info-for-vlan-s-real-device.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Hangbin Liu <liuhangbin(a)gmail.com> Date: Fri, 30 Mar 2018 09:44:00 +0800 Subject: vlan: also check phy_driver ts_info for vlan's real device From: Hangbin Liu <liuhangbin(a)gmail.com> [ Upstream commit ec1d8ccb07deaf30fd0508af6755364ac47dc08d ] Just like function ethtool_get_ts_info(), we should also consider the phy_driver ts_info call back. For example, driver dp83640. Fixes: 37dd9255b2f6 ("vlan: Pass ethtool get_ts_info queries to real device.") Acked-by: Richard Cochran <richardcochran(a)gmail.com> Signed-off-by: Hangbin Liu <liuhangbin(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/8021q/vlan_dev.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) --- a/net/8021q/vlan_dev.c +++ b/net/8021q/vlan_dev.c @@ -29,6 +29,7 @@ #include <linux/net_tstamp.h> #include <linux/etherdevice.h> #include <linux/ethtool.h> +#include <linux/phy.h> #include <net/arp.h> #include <net/switchdev.h> @@ -665,8 +666,11 @@ static int vlan_ethtool_get_ts_info(stru { const struct vlan_dev_priv *vlan = vlan_dev_priv(dev); const struct ethtool_ops *ops = vlan->real_dev->ethtool_ops; + struct phy_device *phydev = vlan->real_dev->phydev; - if (ops->get_ts_info) { + if (phydev && phydev->drv && phydev->drv->ts_info) { + return phydev->drv->ts_info(phydev, info); + } else if (ops->get_ts_info) { return ops->get_ts_info(vlan->real_dev, info); } else { info->so_timestamping = SOF_TIMESTAMPING_RX_SOFTWARE | Patches currently in stable-queue which might be from liuhangbin(a)gmail.com are queue-4.15/vlan-also-check-phy_driver-ts_info-for-vlan-s-real-device.patch queue-4.15/l2tp-fix-missing-print-session-offset-info.patch

7 years, 5 months

1
0
0 0

Patch "vhost_net: add missing lock nesting notation" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled vhost_net: add missing lock nesting notation to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: vhost_net-add-missing-lock-nesting-notation.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Jason Wang <jasowang(a)redhat.com> Date: Mon, 26 Mar 2018 16:10:23 +0800 Subject: vhost_net: add missing lock nesting notation From: Jason Wang <jasowang(a)redhat.com> [ Upstream commit aaa3149bbee9ba9b4e6f0bd6e3e7d191edeae942 ] We try to hold TX virtqueue mutex in vhost_net_rx_peek_head_len() after RX virtqueue mutex is held in handle_rx(). This requires an appropriate lock nesting notation to calm down deadlock detector. Fixes: 0308813724606 ("vhost_net: basic polling support") Reported-by: syzbot+7f073540b1384a614e09(a)syzkaller.appspotmail.com Signed-off-by: Jason Wang <jasowang(a)redhat.com> Acked-by: Michael S. Tsirkin <mst(a)redhat.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/vhost/net.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/drivers/vhost/net.c +++ b/drivers/vhost/net.c @@ -618,7 +618,7 @@ static int vhost_net_rx_peek_head_len(st if (!len && vq->busyloop_timeout) { /* Both tx vq and rx socket were polled here */ - mutex_lock(&vq->mutex); + mutex_lock_nested(&vq->mutex, 1); vhost_disable_notify(&net->dev, vq); preempt_disable(); @@ -751,7 +751,7 @@ static void handle_rx(struct vhost_net * struct iov_iter fixup; __virtio16 num_buffers; - mutex_lock(&vq->mutex); + mutex_lock_nested(&vq->mutex, 0); sock = vq->private_data; if (!sock) goto out; Patches currently in stable-queue which might be from jasowang(a)redhat.com are queue-4.15/vhost-validate-log-when-iotlb-is-enabled.patch queue-4.15/vhost_net-add-missing-lock-nesting-notation.patch queue-4.15/vhost-correctly-remove-wait-queue-during-poll-failure.patch

7 years, 5 months

1
0
0 0

Patch "vhost: correctly remove wait queue during poll failure" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled vhost: correctly remove wait queue during poll failure to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: vhost-correctly-remove-wait-queue-during-poll-failure.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Jason Wang <jasowang(a)redhat.com> Date: Tue, 27 Mar 2018 20:50:52 +0800 Subject: vhost: correctly remove wait queue during poll failure From: Jason Wang <jasowang(a)redhat.com> [ Upstream commit dc6455a71c7fc5117977e197f67f71b49f27baba ] We tried to remove vq poll from wait queue, but do not check whether or not it was in a list before. This will lead double free. Fixing this by switching to use vhost_poll_stop() which zeros poll->wqh after removing poll from waitqueue to make sure it won't be freed twice. Cc: Darren Kenny <darren.kenny(a)oracle.com> Reported-by: syzbot+c0272972b01b872e604a(a)syzkaller.appspotmail.com Fixes: 2b8b328b61c79 ("vhost_net: handle polling errors when setting backend") Signed-off-by: Jason Wang <jasowang(a)redhat.com> Reviewed-by: Darren Kenny <darren.kenny(a)oracle.com> Acked-by: Michael S. Tsirkin <mst(a)redhat.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/vhost/vhost.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c @@ -213,8 +213,7 @@ int vhost_poll_start(struct vhost_poll * if (mask) vhost_poll_wakeup(&poll->wait, 0, 0, (void *)mask); if (mask & POLLERR) { - if (poll->wqh) - remove_wait_queue(poll->wqh, &poll->wait); + vhost_poll_stop(poll); ret = -EINVAL; } Patches currently in stable-queue which might be from jasowang(a)redhat.com are queue-4.15/vhost-validate-log-when-iotlb-is-enabled.patch queue-4.15/vhost_net-add-missing-lock-nesting-notation.patch queue-4.15/vhost-correctly-remove-wait-queue-during-poll-failure.patch

7 years, 5 months

1
0
0 0

Patch "vhost: validate log when IOTLB is enabled" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled vhost: validate log when IOTLB is enabled to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: vhost-validate-log-when-iotlb-is-enabled.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Jason Wang <jasowang(a)redhat.com> Date: Thu, 29 Mar 2018 16:00:04 +0800 Subject: vhost: validate log when IOTLB is enabled From: Jason Wang <jasowang(a)redhat.com> [ Upstream commit d65026c6c62e7d9616c8ceb5a53b68bcdc050525 ] Vq log_base is the userspace address of bitmap which has nothing to do with IOTLB. So it needs to be validated unconditionally otherwise we may try use 0 as log_base which may lead to pin pages that will lead unexpected result (e.g trigger BUG_ON() in set_bit_to_user()). Fixes: 6b1e6cc7855b0 ("vhost: new device IOTLB API") Reported-by: syzbot+6304bf97ef436580fede(a)syzkaller.appspotmail.com Signed-off-by: Jason Wang <jasowang(a)redhat.com> Acked-by: Michael S. Tsirkin <mst(a)redhat.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/vhost/vhost.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c @@ -1256,14 +1256,12 @@ static int vq_log_access_ok(struct vhost /* Caller should have vq mutex and device mutex */ int vhost_vq_access_ok(struct vhost_virtqueue *vq) { - if (vq->iotlb) { - /* When device IOTLB was used, the access validation - * will be validated during prefetching. - */ - return 1; - } - return vq_access_ok(vq, vq->num, vq->desc, vq->avail, vq->used) && - vq_log_access_ok(vq, vq->log_base); + int ret = vq_log_access_ok(vq, vq->log_base); + + if (ret || vq->iotlb) + return ret; + + return vq_access_ok(vq, vq->num, vq->desc, vq->avail, vq->used); } EXPORT_SYMBOL_GPL(vhost_vq_access_ok); Patches currently in stable-queue which might be from jasowang(a)redhat.com are queue-4.15/vhost-validate-log-when-iotlb-is-enabled.patch queue-4.15/vhost_net-add-missing-lock-nesting-notation.patch queue-4.15/vhost-correctly-remove-wait-queue-during-poll-failure.patch

7 years, 5 months

1
0
0 0

Patch "team: move dev_mc_sync after master_upper_dev_link in team_port_add" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled team: move dev_mc_sync after master_upper_dev_link in team_port_add to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: team-move-dev_mc_sync-after-master_upper_dev_link-in-team_port_add.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Xin Long <lucien.xin(a)gmail.com> Date: Mon, 26 Mar 2018 01:25:06 +0800 Subject: team: move dev_mc_sync after master_upper_dev_link in team_port_add From: Xin Long <lucien.xin(a)gmail.com> [ Upstream commit 982cf3b3999d39a2eaca0a65542df33c19b5d814 ] The same fix as in 'bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave' is needed for team driver. The panic can be reproduced easily: ip link add team1 type team ip link set team1 up ip link add link team1 vlan1 type vlan id 80 ip link set vlan1 master team1 Fixes: cb41c997d444 ("team: team should sync the port's uc/mc addrs when add a port") Signed-off-by: Xin Long <lucien.xin(a)gmail.com> Acked-by: Jiri Pirko <jiri(a)mellanox.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/team/team.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) --- a/drivers/net/team/team.c +++ b/drivers/net/team/team.c @@ -1197,11 +1197,6 @@ static int team_port_add(struct team *te goto err_dev_open; } - netif_addr_lock_bh(dev); - dev_uc_sync_multiple(port_dev, dev); - dev_mc_sync_multiple(port_dev, dev); - netif_addr_unlock_bh(dev); - err = vlan_vids_add_by_dev(port_dev, dev); if (err) { netdev_err(dev, "Failed to add vlan ids to device %s\n", @@ -1241,6 +1236,11 @@ static int team_port_add(struct team *te goto err_option_port_add; } + netif_addr_lock_bh(dev); + dev_uc_sync_multiple(port_dev, dev); + dev_mc_sync_multiple(port_dev, dev); + netif_addr_unlock_bh(dev); + port->index = -1; list_add_tail_rcu(&port->list, &team->port_list); team_port_enable(team, port); @@ -1265,8 +1265,6 @@ err_enable_netpoll: vlan_vids_del_by_dev(port_dev, dev); err_vids_add: - dev_uc_unsync(port_dev, dev); - dev_mc_unsync(port_dev, dev); dev_close(port_dev); err_dev_open: Patches currently in stable-queue which might be from lucien.xin(a)gmail.com are queue-4.15/team-move-dev_mc_sync-after-master_upper_dev_link-in-team_port_add.patch queue-4.15/bonding-process-the-err-returned-by-dev_set_allmulti-properly-in-bond_enslave.patch queue-4.15/bonding-fix-the-err-path-for-dev-hwaddr-sync-in-bond_enslave.patch queue-4.15/bonding-move-dev_mc_sync-after-master_upper_dev_link-in-bond_enslave.patch queue-4.15/route-check-sysctl_fib_multipath_use_neigh-earlier-than-hash.patch

7 years, 5 months

1
0
0 0

Patch "strparser: Fix sign of err codes" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled strparser: Fix sign of err codes to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: strparser-fix-sign-of-err-codes.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Dave Watson <davejwatson(a)fb.com> Date: Mon, 26 Mar 2018 12:31:21 -0700 Subject: strparser: Fix sign of err codes From: Dave Watson <davejwatson(a)fb.com> [ Upstream commit cd00edc179863848abab5cc5683de5b7b5f70954 ] strp_parser_err is called with a negative code everywhere, which then calls abort_parser with a negative code. strp_msg_timeout calls abort_parser directly with a positive code. Negate ETIMEDOUT to match signed-ness of other calls. The default abort_parser callback, strp_abort_strp, sets sk->sk_err to err. Also negate the error here so sk_err always holds a positive value, as the rest of the net code expects. Currently a negative sk_err can result in endless loops, or user code that thinks it actually sent/received err bytes. Found while testing net/tls_sw recv path. Fixes: 43a0c6751a322847 ("strparser: Stream parser for messages") Signed-off-by: Dave Watson <davejwatson(a)fb.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/strparser/strparser.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/net/strparser/strparser.c +++ b/net/strparser/strparser.c @@ -60,7 +60,7 @@ static void strp_abort_strp(struct strpa struct sock *sk = strp->sk; /* Report an error on the lower socket */ - sk->sk_err = err; + sk->sk_err = -err; sk->sk_error_report(sk); } } @@ -458,7 +458,7 @@ static void strp_msg_timeout(struct work /* Message assembly timed out */ STRP_STATS_INCR(strp->stats.msg_timeouts); strp->cb.lock(strp); - strp->cb.abort_parser(strp, ETIMEDOUT); + strp->cb.abort_parser(strp, -ETIMEDOUT); strp->cb.unlock(strp); } Patches currently in stable-queue which might be from davejwatson(a)fb.com are queue-4.15/strparser-fix-sign-of-err-codes.patch

7 years, 5 months

1
0
0 0

Patch "sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Sun, 8 Apr 2018 07:52:08 -0700 Subject: sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit 81e98370293afcb58340ce8bd71af7b97f925c26 ] Check must happen before call to ipv6_addr_v4mapped() syzbot report was : BUG: KMSAN: uninit-value in sctp_sockaddr_af net/sctp/socket.c:359 [inline] BUG: KMSAN: uninit-value in sctp_do_bind+0x60f/0xdc0 net/sctp/socket.c:384 CPU: 0 PID: 3576 Comm: syzkaller968804 Not tainted 4.16.0+ #82 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x185/0x1d0 lib/dump_stack.c:53 kmsan_report+0x142/0x240 mm/kmsan/kmsan.c:1067 __msan_warning_32+0x6c/0xb0 mm/kmsan/kmsan_instr.c:676 sctp_sockaddr_af net/sctp/socket.c:359 [inline] sctp_do_bind+0x60f/0xdc0 net/sctp/socket.c:384 sctp_bind+0x149/0x190 net/sctp/socket.c:332 inet6_bind+0x1fd/0x1820 net/ipv6/af_inet6.c:293 SYSC_bind+0x3f2/0x4b0 net/socket.c:1474 SyS_bind+0x54/0x80 net/socket.c:1460 do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 RIP: 0033:0x43fd49 RSP: 002b:00007ffe99df3d28 EFLAGS: 00000213 ORIG_RAX: 0000000000000031 RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fd49 RDX: 0000000000000010 RSI: 0000000020000000 RDI: 0000000000000003 RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 R10: 00000000004002c8 R11: 0000000000000213 R12: 0000000000401670 R13: 0000000000401700 R14: 0000000000000000 R15: 0000000000000000 Local variable description: ----address@SYSC_bind Variable was created at: SYSC_bind+0x6f/0x4b0 net/socket.c:1461 SyS_bind+0x54/0x80 net/socket.c:1460 Signed-off-by: Eric Dumazet <edumazet(a)google.com> Cc: Vlad Yasevich <vyasevich(a)gmail.com> Cc: Neil Horman <nhorman(a)tuxdriver.com> Reported-by: syzbot <syzkaller(a)googlegroups.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/sctp/socket.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -338,11 +338,14 @@ static struct sctp_af *sctp_sockaddr_af( if (!opt->pf->af_supported(addr->sa.sa_family, opt)) return NULL; - /* V4 mapped address are really of AF_INET family */ - if (addr->sa.sa_family == AF_INET6 && - ipv6_addr_v4mapped(&addr->v6.sin6_addr) && - !opt->pf->af_supported(AF_INET, opt)) - return NULL; + if (addr->sa.sa_family == AF_INET6) { + if (len < SIN6_LEN_RFC2133) + return NULL; + /* V4 mapped address are really of AF_INET family */ + if (ipv6_addr_v4mapped(&addr->v6.sin6_addr) && + !opt->pf->af_supported(AF_INET, opt)) + return NULL; + } /* If we get this far, af is valid. */ af = sctp_get_af_specific(addr->sa.sa_family); Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.15/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.15/net-fix-possible-out-of-bound-read-in-skb_network_protocol.patch queue-4.15/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.15/net-fool-proof-dev_valid_name.patch queue-4.15/ipv6-the-entire-ipv6-header-chain-must-fit-the-first-fragment.patch queue-4.15/vti6-better-validate-user-provided-tunnel-names.patch queue-4.15/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.15/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.15/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.15/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.15/netlink-make-sure-nladdr-has-correct-size-in-netlink_connect.patch queue-4.15/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "sky2: Increase D3 delay to sky2 stops working after suspend" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled sky2: Increase D3 delay to sky2 stops working after suspend to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: sky2-increase-d3-delay-to-sky2-stops-working-after-suspend.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Kai-Heng Feng <kai.heng.feng(a)canonical.com> Date: Sat, 31 Mar 2018 23:42:03 +0800 Subject: sky2: Increase D3 delay to sky2 stops working after suspend From: Kai-Heng Feng <kai.heng.feng(a)canonical.com> [ Upstream commit afb133637071be6deeb8b3d0e55593ffbf63c527 ] The sky2 ethernet stops working after system resume from suspend: [ 582.852065] sky2 0000:04:00.0: Refused to change power state, currently in D3 The current 150ms delay is not enough, change it to 200ms can solve the issue. BugLink: https://bugs.launchpad.net/bugs/1758507 Cc: Stable <stable(a)vger.kernel.org> Signed-off-by: Kai-Heng Feng <kai.heng.feng(a)canonical.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/marvell/sky2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/net/ethernet/marvell/sky2.c +++ b/drivers/net/ethernet/marvell/sky2.c @@ -5087,7 +5087,7 @@ static int sky2_probe(struct pci_dev *pd INIT_WORK(&hw->restart_work, sky2_restart); pci_set_drvdata(pdev, hw); - pdev->d3_delay = 150; + pdev->d3_delay = 200; return 0; Patches currently in stable-queue which might be from kai.heng.feng(a)canonical.com are queue-4.15/sky2-increase-d3-delay-to-sky2-stops-working-after-suspend.patch queue-4.15/drm-i915-cnp-properly-handle-vbt-ddc-pin-out-of-bounds.patch queue-4.15/drm-i915-cnp-ignore-vbt-request-for-know-invalid-ddc-pin.patch

7 years, 5 months

1
0
0 0

Patch "sctp: do not leak kernel memory to user space" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled sctp: do not leak kernel memory to user space to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: sctp-do-not-leak-kernel-memory-to-user-space.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Sat, 7 Apr 2018 17:15:22 -0700 Subject: sctp: do not leak kernel memory to user space From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit 6780db244d6b1537d139dea0ec8aad10cf9e4adb ] syzbot produced a nice report [1] Issue here is that a recvmmsg() managed to leak 8 bytes of kernel memory to user space, because sin_zero (padding field) was not properly cleared. [1] BUG: KMSAN: uninit-value in copy_to_user include/linux/uaccess.h:184 [inline] BUG: KMSAN: uninit-value in move_addr_to_user+0x32e/0x530 net/socket.c:227 CPU: 1 PID: 3586 Comm: syzkaller481044 Not tainted 4.16.0+ #82 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x185/0x1d0 lib/dump_stack.c:53 kmsan_report+0x142/0x240 mm/kmsan/kmsan.c:1067 kmsan_internal_check_memory+0x164/0x1d0 mm/kmsan/kmsan.c:1176 kmsan_copy_to_user+0x69/0x160 mm/kmsan/kmsan.c:1199 copy_to_user include/linux/uaccess.h:184 [inline] move_addr_to_user+0x32e/0x530 net/socket.c:227 ___sys_recvmsg+0x4e2/0x810 net/socket.c:2211 __sys_recvmmsg+0x54e/0xdb0 net/socket.c:2313 SYSC_recvmmsg+0x29b/0x3e0 net/socket.c:2394 SyS_recvmmsg+0x76/0xa0 net/socket.c:2378 do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 RIP: 0033:0x4401c9 RSP: 002b:00007ffc56f73098 EFLAGS: 00000217 ORIG_RAX: 000000000000012b RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401c9 RDX: 0000000000000001 RSI: 0000000020003ac0 RDI: 0000000000000003 RBP: 00000000006ca018 R08: 0000000020003bc0 R09: 0000000000000010 R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401af0 R13: 0000000000401b80 R14: 0000000000000000 R15: 0000000000000000 Local variable description: ----addr@___sys_recvmsg Variable was created at: ___sys_recvmsg+0xd5/0x810 net/socket.c:2172 __sys_recvmmsg+0x54e/0xdb0 net/socket.c:2313 Bytes 8-15 of 16 are uninitialized ================================================================== Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 3586 Comm: syzkaller481044 Tainted: G B 4.16.0+ #82 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x185/0x1d0 lib/dump_stack.c:53 panic+0x39d/0x940 kernel/panic.c:183 kmsan_report+0x238/0x240 mm/kmsan/kmsan.c:1083 kmsan_internal_check_memory+0x164/0x1d0 mm/kmsan/kmsan.c:1176 kmsan_copy_to_user+0x69/0x160 mm/kmsan/kmsan.c:1199 copy_to_user include/linux/uaccess.h:184 [inline] move_addr_to_user+0x32e/0x530 net/socket.c:227 ___sys_recvmsg+0x4e2/0x810 net/socket.c:2211 __sys_recvmmsg+0x54e/0xdb0 net/socket.c:2313 SYSC_recvmmsg+0x29b/0x3e0 net/socket.c:2394 SyS_recvmmsg+0x76/0xa0 net/socket.c:2378 do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Cc: Vlad Yasevich <vyasevich(a)gmail.com> Cc: Neil Horman <nhorman(a)tuxdriver.com> Reported-by: syzbot <syzkaller(a)googlegroups.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/sctp/ipv6.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/net/sctp/ipv6.c +++ b/net/sctp/ipv6.c @@ -728,8 +728,10 @@ static int sctp_v6_addr_to_user(struct s sctp_v6_map_v4(addr); } - if (addr->sa.sa_family == AF_INET) + if (addr->sa.sa_family == AF_INET) { + memset(addr->v4.sin_zero, 0, sizeof(addr->v4.sin_zero)); return sizeof(struct sockaddr_in); + } return sizeof(struct sockaddr_in6); } Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.15/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.15/net-fix-possible-out-of-bound-read-in-skb_network_protocol.patch queue-4.15/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.15/net-fool-proof-dev_valid_name.patch queue-4.15/ipv6-the-entire-ipv6-header-chain-must-fit-the-first-fragment.patch queue-4.15/vti6-better-validate-user-provided-tunnel-names.patch queue-4.15/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.15/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.15/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.15/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.15/netlink-make-sure-nladdr-has-correct-size-in-netlink_connect.patch queue-4.15/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "route: check sysctl_fib_multipath_use_neigh earlier than hash" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled route: check sysctl_fib_multipath_use_neigh earlier than hash to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: route-check-sysctl_fib_multipath_use_neigh-earlier-than-hash.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Xin Long <lucien.xin(a)gmail.com> Date: Sun, 1 Apr 2018 22:40:35 +0800 Subject: route: check sysctl_fib_multipath_use_neigh earlier than hash From: Xin Long <lucien.xin(a)gmail.com> [ Upstream commit 6174a30df1b902e1fedbd728f5343937e83e64e6 ] Prior to this patch, when one packet is hashed into path [1] (hash <= nh_upper_bound) and it's neigh is dead, it will try path [2]. However, if path [2]'s neigh is alive but it's hash > nh_upper_bound, it will not return this alive path. This packet will never be sent even if path [2] is alive. 3.3.3.1/24: nexthop via 1.1.1.254 dev eth1 weight 1 <--[1] (dead neigh) nexthop via 2.2.2.254 dev eth2 weight 1 <--[2] With sysctl_fib_multipath_use_neigh set is supposed to find an available path respecting to the l3/l4 hash. But if there is no available route with this hash, it should at least return an alive route even with other hash. This patch is to fix it by processing fib_multipath_use_neigh earlier than the hash check, so that it will at least return an alive route if there is when fib_multipath_use_neigh is enabled. It's also compatible with before when there are alive routes with the l3/l4 hash. Fixes: a6db4494d218 ("net: ipv4: Consider failed nexthops in multipath routes") Reported-by: Jianlin Shi <jishi(a)redhat.com> Signed-off-by: Xin Long <lucien.xin(a)gmail.com> Acked-by: David Ahern <dsa(a)cumulusnetworks.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv4/fib_semantics.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) --- a/net/ipv4/fib_semantics.c +++ b/net/ipv4/fib_semantics.c @@ -1746,18 +1746,20 @@ void fib_select_multipath(struct fib_res bool first = false; for_nexthops(fi) { + if (net->ipv4.sysctl_fib_multipath_use_neigh) { + if (!fib_good_nh(nh)) + continue; + if (!first) { + res->nh_sel = nhsel; + first = true; + } + } + if (hash > atomic_read(&nh->nh_upper_bound)) continue; - if (!net->ipv4.sysctl_fib_multipath_use_neigh || - fib_good_nh(nh)) { - res->nh_sel = nhsel; - return; - } - if (!first) { - res->nh_sel = nhsel; - first = true; - } + res->nh_sel = nhsel; + return; } endfor_nexthops(fi); } #endif Patches currently in stable-queue which might be from lucien.xin(a)gmail.com are queue-4.15/team-move-dev_mc_sync-after-master_upper_dev_link-in-team_port_add.patch queue-4.15/bonding-process-the-err-returned-by-dev_set_allmulti-properly-in-bond_enslave.patch queue-4.15/bonding-fix-the-err-path-for-dev-hwaddr-sync-in-bond_enslave.patch queue-4.15/bonding-move-dev_mc_sync-after-master_upper_dev_link-in-bond_enslave.patch queue-4.15/route-check-sysctl_fib_multipath_use_neigh-earlier-than-hash.patch

7 years, 5 months

1
0
0 0

Patch "r8169: fix setting driver_data after register_netdev" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled r8169: fix setting driver_data after register_netdev to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: r8169-fix-setting-driver_data-after-register_netdev.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Heiner Kallweit <hkallweit1(a)gmail.com> Date: Mon, 26 Mar 2018 19:19:30 +0200 Subject: r8169: fix setting driver_data after register_netdev From: Heiner Kallweit <hkallweit1(a)gmail.com> [ Upstream commit 19c9ea363a244f85f90a424f9936e6d56449e33c ] pci_set_drvdata() is called only after registering the net_device, therefore we could run into a NPE if one of the functions using driver_data is called before it's set. Fix this by calling pci_set_drvdata() before registering the net_device. This fix is a candidate for stable. As far as I can see the bug has been there in kernel version 3.2 already, therefore I can't provide a reference which commit is fixed by it. The fix may need small adjustments per kernel version because due to other changes the label which is jumped to if register_netdev() fails has changed over time. Reported-by: David Miller <davem(a)davemloft.net> Signed-off-by: Heiner Kallweit <hkallweit1(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/realtek/r8169.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/drivers/net/ethernet/realtek/r8169.c +++ b/drivers/net/ethernet/realtek/r8169.c @@ -8699,12 +8699,12 @@ static int rtl_init_one(struct pci_dev * goto err_out_msi_5; } + pci_set_drvdata(pdev, dev); + rc = register_netdev(dev); if (rc < 0) goto err_out_cnt_6; - pci_set_drvdata(pdev, dev); - netif_info(tp, probe, dev, "%s at 0x%p, %pM, XID %08x IRQ %d\n", rtl_chip_infos[chipset].name, ioaddr, dev->dev_addr, (u32)(RTL_R32(TxConfig) & 0x9cf0f8ff), pdev->irq); Patches currently in stable-queue which might be from hkallweit1(a)gmail.com are queue-4.15/r8169-fix-setting-driver_data-after-register_netdev.patch

7 years, 5 months

1
0
0 0

Patch "pptp: remove a buggy dst release in pptp_connect()" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled pptp: remove a buggy dst release in pptp_connect() to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: pptp-remove-a-buggy-dst-release-in-pptp_connect.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Mon, 2 Apr 2018 18:48:37 -0700 Subject: pptp: remove a buggy dst release in pptp_connect() From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit bfacfb457b36911a10140b8cb3ce76a74883ac5a ] Once dst has been cached in socket via sk_setup_caps(), it is illegal to call ip_rt_put() (or dst_release()), since sk_setup_caps() did not change dst refcount. We can still dereference it since we hold socket lock. Caugth by syzbot : BUG: KASAN: use-after-free in atomic_dec_return include/asm-generic/atomic-instrumented.h:198 [inline] BUG: KASAN: use-after-free in dst_release+0x27/0xa0 net/core/dst.c:185 Write of size 4 at addr ffff8801c54dc040 by task syz-executor4/20088 CPU: 1 PID: 20088 Comm: syz-executor4 Not tainted 4.16.0+ #376 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1a7/0x27d lib/dump_stack.c:53 print_address_description+0x73/0x250 mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report+0x23c/0x360 mm/kasan/report.c:412 check_memory_region_inline mm/kasan/kasan.c:260 [inline] check_memory_region+0x137/0x190 mm/kasan/kasan.c:267 kasan_check_write+0x14/0x20 mm/kasan/kasan.c:278 atomic_dec_return include/asm-generic/atomic-instrumented.h:198 [inline] dst_release+0x27/0xa0 net/core/dst.c:185 sk_dst_set include/net/sock.h:1812 [inline] sk_dst_reset include/net/sock.h:1824 [inline] sock_setbindtodevice net/core/sock.c:610 [inline] sock_setsockopt+0x431/0x1b20 net/core/sock.c:707 SYSC_setsockopt net/socket.c:1845 [inline] SyS_setsockopt+0x2ff/0x360 net/socket.c:1828 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x4552d9 RSP: 002b:00007f4878126c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 00007f48781276d4 RCX: 00000000004552d9 RDX: 0000000000000019 RSI: 0000000000000001 RDI: 0000000000000013 RBP: 000000000072bea0 R08: 0000000000000010 R09: 0000000000000000 R10: 00000000200010c0 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000526 R14: 00000000006fac30 R15: 0000000000000000 Allocated by task 20088: save_stack+0x43/0xd0 mm/kasan/kasan.c:447 set_track mm/kasan/kasan.c:459 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:552 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:489 kmem_cache_alloc+0x12e/0x760 mm/slab.c:3542 dst_alloc+0x11f/0x1a0 net/core/dst.c:104 rt_dst_alloc+0xe9/0x540 net/ipv4/route.c:1520 __mkroute_output net/ipv4/route.c:2265 [inline] ip_route_output_key_hash_rcu+0xa49/0x2c60 net/ipv4/route.c:2493 ip_route_output_key_hash+0x20b/0x370 net/ipv4/route.c:2322 __ip_route_output_key include/net/route.h:126 [inline] ip_route_output_flow+0x26/0xa0 net/ipv4/route.c:2577 ip_route_output_ports include/net/route.h:163 [inline] pptp_connect+0xa84/0x1170 drivers/net/ppp/pptp.c:453 SYSC_connect+0x213/0x4a0 net/socket.c:1639 SyS_connect+0x24/0x30 net/socket.c:1620 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 Freed by task 20082: save_stack+0x43/0xd0 mm/kasan/kasan.c:447 set_track mm/kasan/kasan.c:459 [inline] __kasan_slab_free+0x11a/0x170 mm/kasan/kasan.c:520 kasan_slab_free+0xe/0x10 mm/kasan/kasan.c:527 __cache_free mm/slab.c:3486 [inline] kmem_cache_free+0x83/0x2a0 mm/slab.c:3744 dst_destroy+0x266/0x380 net/core/dst.c:140 dst_destroy_rcu+0x16/0x20 net/core/dst.c:153 __rcu_reclaim kernel/rcu/rcu.h:178 [inline] rcu_do_batch kernel/rcu/tree.c:2675 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2930 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2897 [inline] rcu_process_callbacks+0xd6c/0x17b0 kernel/rcu/tree.c:2914 __do_softirq+0x2d7/0xb85 kernel/softirq.c:285 The buggy address belongs to the object at ffff8801c54dc000 which belongs to the cache ip_dst_cache of size 168 The buggy address is located 64 bytes inside of 168-byte region [ffff8801c54dc000, ffff8801c54dc0a8) The buggy address belongs to the page: page:ffffea0007153700 count:1 mapcount:0 mapping:ffff8801c54dc000 index:0x0 flags: 0x2fffc0000000100(slab) raw: 02fffc0000000100 ffff8801c54dc000 0000000000000000 0000000100000010 raw: ffffea0006b34b20 ffffea0006b6c1e0 ffff8801d674a1c0 0000000000000000 page dumped because: kasan: bad access detected Signed-off-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ppp/pptp.c | 1 - 1 file changed, 1 deletion(-) --- a/drivers/net/ppp/pptp.c +++ b/drivers/net/ppp/pptp.c @@ -464,7 +464,6 @@ static int pptp_connect(struct socket *s po->chan.mtu = dst_mtu(&rt->dst); if (!po->chan.mtu) po->chan.mtu = PPP_MRU; - ip_rt_put(rt); po->chan.mtu -= PPTP_HEADER_OVERHEAD; po->chan.hdrlen = 2 + sizeof(struct pptp_gre_header); Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.15/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.15/net-fix-possible-out-of-bound-read-in-skb_network_protocol.patch queue-4.15/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.15/net-fool-proof-dev_valid_name.patch queue-4.15/ipv6-the-entire-ipv6-header-chain-must-fit-the-first-fragment.patch queue-4.15/vti6-better-validate-user-provided-tunnel-names.patch queue-4.15/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.15/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.15/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.15/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.15/netlink-make-sure-nladdr-has-correct-size-in-netlink_connect.patch queue-4.15/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "nfp: use full 40 bits of the NSP buffer address" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled nfp: use full 40 bits of the NSP buffer address to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: nfp-use-full-40-bits-of-the-nsp-buffer-address.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Dirk van der Merwe <dirk.vandermerwe(a)netronome.com> Date: Tue, 3 Apr 2018 17:24:23 -0700 Subject: nfp: use full 40 bits of the NSP buffer address From: Dirk van der Merwe <dirk.vandermerwe(a)netronome.com> [ Upstream commit 1489bbd10e16079ce30a53d3c22a431fd47af791 ] The NSP default buffer is a piece of NFP memory where additional command data can be placed. Its format has been copied from host buffer, but the PCIe selection bits do not make sense in this case. If those get masked out from a NFP address - writes to random place in the chip memory may be issued and crash the device. Even in the general NSP buffer case, it doesn't make sense to have the PCIe selection bits there anymore. These are unused at the moment, and when it becomes necessary, the PCIe selection bits should rather be moved to another register to utilise more bits for the buffer address. This has never been an issue because the buffer used to be allocated in memory with less-than-38-bit-long address but that is about to change. Fixes: 1a64821c6af7 ("nfp: add support for service processor access") Signed-off-by: Dirk van der Merwe <dirk.vandermerwe(a)netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski(a)netronome.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/netronome/nfp/nfpcore/nfp_nsp.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) --- a/drivers/net/ethernet/netronome/nfp/nfpcore/nfp_nsp.c +++ b/drivers/net/ethernet/netronome/nfp/nfpcore/nfp_nsp.c @@ -68,10 +68,11 @@ /* CPP address to retrieve the data from */ #define NSP_BUFFER 0x10 #define NSP_BUFFER_CPP GENMASK_ULL(63, 40) -#define NSP_BUFFER_PCIE GENMASK_ULL(39, 38) -#define NSP_BUFFER_ADDRESS GENMASK_ULL(37, 0) +#define NSP_BUFFER_ADDRESS GENMASK_ULL(39, 0) #define NSP_DFLT_BUFFER 0x18 +#define NSP_DFLT_BUFFER_CPP GENMASK_ULL(63, 40) +#define NSP_DFLT_BUFFER_ADDRESS GENMASK_ULL(39, 0) #define NSP_DFLT_BUFFER_CONFIG 0x20 #define NSP_DFLT_BUFFER_SIZE_MB GENMASK_ULL(7, 0) @@ -412,8 +413,8 @@ static int nfp_nsp_command_buf(struct nf if (err < 0) return err; - cpp_id = FIELD_GET(NSP_BUFFER_CPP, reg) << 8; - cpp_buf = FIELD_GET(NSP_BUFFER_ADDRESS, reg); + cpp_id = FIELD_GET(NSP_DFLT_BUFFER_CPP, reg) << 8; + cpp_buf = FIELD_GET(NSP_DFLT_BUFFER_ADDRESS, reg); if (in_buf && in_size) { err = nfp_cpp_write(cpp, cpp_id, cpp_buf, in_buf, in_size); Patches currently in stable-queue which might be from dirk.vandermerwe(a)netronome.com are queue-4.15/nfp-use-full-40-bits-of-the-nsp-buffer-address.patch

7 years, 5 months

1
0
0 0

Patch "netlink: make sure nladdr has correct size in netlink_connect()" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled netlink: make sure nladdr has correct size in netlink_connect() to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: netlink-make-sure-nladdr-has-correct-size-in-netlink_connect.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Alexander Potapenko <glider(a)google.com> Date: Fri, 23 Mar 2018 13:49:02 +0100 Subject: netlink: make sure nladdr has correct size in netlink_connect() From: Alexander Potapenko <glider(a)google.com> [ Upstream commit 7880287981b60a6808f39f297bb66936e8bdf57a ] KMSAN reports use of uninitialized memory in the case when |alen| is smaller than sizeof(struct sockaddr_nl), and therefore |nladdr| isn't fully copied from the userspace. Signed-off-by: Alexander Potapenko <glider(a)google.com> Fixes: 1da177e4c3f41524 ("Linux-2.6.12-rc2") Reviewed-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/netlink/af_netlink.c | 3 +++ 1 file changed, 3 insertions(+) --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -1052,6 +1052,9 @@ static int netlink_connect(struct socket if (addr->sa_family != AF_NETLINK) return -EINVAL; + if (alen < sizeof(struct sockaddr_nl)) + return -EINVAL; + if ((nladdr->nl_groups || nladdr->nl_pid) && !netlink_allowed(sock, NL_CFG_F_NONROOT_SEND)) return -EPERM; Patches currently in stable-queue which might be from glider(a)google.com are queue-4.15/netlink-make-sure-nladdr-has-correct-size-in-netlink_connect.patch

7 years, 5 months

1
0
0 0

Patch "net_sched: fix a missing idr_remove() in u32_delete_key()" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net_sched: fix a missing idr_remove() in u32_delete_key() to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net_sched-fix-a-missing-idr_remove-in-u32_delete_key.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Cong Wang <xiyou.wangcong(a)gmail.com> Date: Fri, 6 Apr 2018 17:19:41 -0700 Subject: net_sched: fix a missing idr_remove() in u32_delete_key() From: Cong Wang <xiyou.wangcong(a)gmail.com> [ Upstream commit f12c643209db0626f2f54780d86bb93bfa7a9c2d ] When we delete a u32 key via u32_delete_key(), we forget to call idr_remove() to remove its handle from IDR. Fixes: e7614370d6f0 ("net_sched: use idr to allocate u32 filter handles") Reported-by: Marcin Kabiesz <admin(a)hostcenter.eu> Tested-by: Marcin Kabiesz <admin(a)hostcenter.eu> Signed-off-by: Cong Wang <xiyou.wangcong(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/sched/cls_u32.c | 1 + 1 file changed, 1 insertion(+) --- a/net/sched/cls_u32.c +++ b/net/sched/cls_u32.c @@ -478,6 +478,7 @@ static int u32_delete_key(struct tcf_pro RCU_INIT_POINTER(*kp, key->next); tcf_unbind_filter(tp, &key->res); + idr_remove(&ht->handle_idr, key->handle); tcf_exts_get_net(&key->exts); call_rcu(&key->rcu, u32_delete_key_freepf_rcu); return 0; Patches currently in stable-queue which might be from xiyou.wangcong(a)gmail.com are queue-4.15/net_sched-fix-a-missing-idr_remove-in-u32_delete_key.patch

7 years, 5 months

1
0
0 0

Patch "net/sched: fix NULL dereference on the error path of tcf_skbmod_init()" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/sched: fix NULL dereference on the error path of tcf_skbmod_init() to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-sched-fix-null-dereference-on-the-error-path-of-tcf_skbmod_init.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Davide Caratti <dcaratti(a)redhat.com> Date: Fri, 16 Mar 2018 00:00:57 +0100 Subject: net/sched: fix NULL dereference on the error path of tcf_skbmod_init() From: Davide Caratti <dcaratti(a)redhat.com> [ Upstream commit 2d433610176d6569e8b3a28f67bc72235bf69efc ] when the following command # tc action replace action skbmod swap mac index 100 is run for the first time, and tcf_skbmod_init() fails to allocate struct tcf_skbmod_params, tcf_skbmod_cleanup() calls kfree_rcu(NULL), thus causing the following error: BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 IP: __call_rcu+0x23/0x2b0 PGD 8000000034057067 P4D 8000000034057067 PUD 74937067 PMD 0 Oops: 0002 [#1] SMP PTI Modules linked in: act_skbmod(E) psample ip6table_filter ip6_tables iptable_filter binfmt_misc ext4 snd_hda_codec_generic snd_hda_intel snd_hda_codec crct10dif_pclmul mbcache jbd2 crc32_pclmul snd_hda_core ghash_clmulni_intel snd_hwdep pcbc snd_seq snd_seq_device snd_pcm aesni_intel snd_timer crypto_simd glue_helper snd cryptd virtio_balloon joydev soundcore pcspkr i2c_piix4 nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c ata_generic pata_acpi qxl drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm drm virtio_console virtio_net virtio_blk ata_piix libata crc32c_intel virtio_pci serio_raw virtio_ring virtio i2c_core floppy dm_mirror dm_region_hash dm_log dm_mod [last unloaded: act_skbmod] CPU: 3 PID: 3144 Comm: tc Tainted: G E 4.16.0-rc4.act_vlan.orig+ #403 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:__call_rcu+0x23/0x2b0 RSP: 0018:ffffbd2e403e7798 EFLAGS: 00010246 RAX: ffffffffc0872080 RBX: ffff981d34bff780 RCX: 00000000ffffffff RDX: ffffffff922a5f00 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000001 R09: 000000000000021f R10: 000000003d003000 R11: 0000000000aaaaaa R12: 0000000000000000 R13: ffffffff922a5f00 R14: 0000000000000001 R15: ffff981d3b698c2c FS: 00007f3678292740(0000) GS:ffff981d3fd80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000008 CR3: 000000007c57a006 CR4: 00000000001606e0 Call Trace: __tcf_idr_release+0x79/0xf0 tcf_skbmod_init+0x1d1/0x210 [act_skbmod] tcf_action_init_1+0x2cc/0x430 tcf_action_init+0xd3/0x1b0 tc_ctl_action+0x18b/0x240 rtnetlink_rcv_msg+0x29c/0x310 ? _cond_resched+0x15/0x30 ? __kmalloc_node_track_caller+0x1b9/0x270 ? rtnl_calcit.isra.28+0x100/0x100 netlink_rcv_skb+0xd2/0x110 netlink_unicast+0x17c/0x230 netlink_sendmsg+0x2cd/0x3c0 sock_sendmsg+0x30/0x40 ___sys_sendmsg+0x27a/0x290 ? filemap_map_pages+0x34a/0x3a0 ? __handle_mm_fault+0xbfd/0xe20 __sys_sendmsg+0x51/0x90 do_syscall_64+0x6e/0x1a0 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 RIP: 0033:0x7f36776a3ba0 RSP: 002b:00007fff4703b618 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fff4703b740 RCX: 00007f36776a3ba0 RDX: 0000000000000000 RSI: 00007fff4703b690 RDI: 0000000000000003 RBP: 000000005aaaba36 R08: 0000000000000002 R09: 0000000000000000 R10: 00007fff4703b0a0 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff4703b754 R14: 0000000000000001 R15: 0000000000669f60 Code: 5d e9 42 da ff ff 66 90 0f 1f 44 00 00 41 57 41 56 41 55 49 89 d5 41 54 55 48 89 fd 53 48 83 ec 08 40 f6 c7 07 0f 85 19 02 00 00 <48> 89 75 08 48 c7 45 00 00 00 00 00 9c 58 0f 1f 44 00 00 49 89 RIP: __call_rcu+0x23/0x2b0 RSP: ffffbd2e403e7798 CR2: 0000000000000008 Fix it in tcf_skbmod_cleanup(), ensuring that kfree_rcu(p, ...) is called only when p is not NULL. Fixes: 86da71b57383 ("net_sched: Introduce skbmod action") Signed-off-by: Davide Caratti <dcaratti(a)redhat.com> Acked-by: Jiri Pirko <jiri(a)mellanox.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/sched/act_skbmod.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/net/sched/act_skbmod.c +++ b/net/sched/act_skbmod.c @@ -190,7 +190,8 @@ static void tcf_skbmod_cleanup(struct tc struct tcf_skbmod_params *p; p = rcu_dereference_protected(d->skbmod_p, 1); - kfree_rcu(p, rcu); + if (p) + kfree_rcu(p, rcu); } static int tcf_skbmod_dump(struct sk_buff *skb, struct tc_action *a, Patches currently in stable-queue which might be from dcaratti(a)redhat.com are queue-4.15/net-sched-fix-null-dereference-in-the-error-path-of-tcf_vlan_init.patch queue-4.15/net-sched-fix-null-dereference-in-the-error-path-of-tcf_bpf_init.patch queue-4.15/net-sched-fix-null-dereference-on-the-error-path-of-tcf_skbmod_init.patch queue-4.15/net-sched-fix-null-dereference-in-the-error-path-of-tcf_sample_init.patch queue-4.15/net-sched-fix-null-dereference-in-the-error-path-of-tunnel_key_init.patch

7 years, 5 months

1
0
0 0

Patch "net/sched: fix NULL dereference in the error path of tunnel_key_init()" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/sched: fix NULL dereference in the error path of tunnel_key_init() to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-sched-fix-null-dereference-in-the-error-path-of-tunnel_key_init.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Davide Caratti <dcaratti(a)redhat.com> Date: Fri, 16 Mar 2018 00:00:55 +0100 Subject: net/sched: fix NULL dereference in the error path of tunnel_key_init() From: Davide Caratti <dcaratti(a)redhat.com> [ Upstream commit abdadd3cfd3e7ea3da61ac774f84777d1f702058 ] when the following command # tc action add action tunnel_key unset index 100 is run for the first time, and tunnel_key_init() fails to allocate struct tcf_tunnel_key_params, tunnel_key_release() dereferences NULL pointers. This causes the following error: BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 IP: tunnel_key_release+0xd/0x40 [act_tunnel_key] PGD 8000000033787067 P4D 8000000033787067 PUD 74646067 PMD 0 Oops: 0000 [#1] SMP PTI Modules linked in: act_tunnel_key(E) act_csum ip6table_filter ip6_tables iptable_filter binfmt_misc ext4 mbcache jbd2 crct10dif_pclmul crc32_pclmul snd_hda_codec_generic ghash_clmulni_intel snd_hda_intel pcbc snd_hda_codec snd_hda_core snd_hwdep snd_seq aesni_intel snd_seq_device crypto_simd glue_helper snd_pcm cryptd joydev snd_timer pcspkr virtio_balloon snd i2c_piix4 soundcore nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c ata_generic pata_acpi qxl drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm virtio_net virtio_blk drm virtio_console crc32c_intel ata_piix serio_raw i2c_core virtio_pci libata virtio_ring virtio floppy dm_mirror dm_region_hash dm_log dm_mod CPU: 2 PID: 3101 Comm: tc Tainted: G E 4.16.0-rc4.act_vlan.orig+ #403 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:tunnel_key_release+0xd/0x40 [act_tunnel_key] RSP: 0018:ffffba46803b7768 EFLAGS: 00010286 RAX: ffffffffc09010a0 RBX: 0000000000000000 RCX: 0000000000000024 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff99ee336d7480 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000044 R10: 0000000000000220 R11: ffff99ee79d73131 R12: 0000000000000000 R13: ffff99ee32d67610 R14: ffff99ee7671dc38 R15: 00000000fffffff4 FS: 00007febcb2cd740(0000) GS:ffff99ee7fd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000010 CR3: 000000007c8e4005 CR4: 00000000001606e0 Call Trace: __tcf_idr_release+0x79/0xf0 tunnel_key_init+0xd9/0x460 [act_tunnel_key] tcf_action_init_1+0x2cc/0x430 tcf_action_init+0xd3/0x1b0 tc_ctl_action+0x18b/0x240 rtnetlink_rcv_msg+0x29c/0x310 ? _cond_resched+0x15/0x30 ? __kmalloc_node_track_caller+0x1b9/0x270 ? rtnl_calcit.isra.28+0x100/0x100 netlink_rcv_skb+0xd2/0x110 netlink_unicast+0x17c/0x230 netlink_sendmsg+0x2cd/0x3c0 sock_sendmsg+0x30/0x40 ___sys_sendmsg+0x27a/0x290 __sys_sendmsg+0x51/0x90 do_syscall_64+0x6e/0x1a0 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 RIP: 0033:0x7febca6deba0 RSP: 002b:00007ffe7b0dd128 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007ffe7b0dd250 RCX: 00007febca6deba0 RDX: 0000000000000000 RSI: 00007ffe7b0dd1a0 RDI: 0000000000000003 RBP: 000000005aaa90cb R08: 0000000000000002 R09: 0000000000000000 R10: 00007ffe7b0dcba0 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe7b0dd264 R14: 0000000000000001 R15: 0000000000669f60 Code: 44 00 00 8b 0d b5 23 00 00 48 8b 87 48 10 00 00 48 8b 3c c8 e9 a5 e5 d8 c3 0f 1f 44 00 00 0f 1f 44 00 00 53 48 8b 9f b0 00 00 00 <83> 7b 10 01 74 0b 48 89 df 31 f6 5b e9 f2 fa 7f c3 48 8b 7b 18 RIP: tunnel_key_release+0xd/0x40 [act_tunnel_key] RSP: ffffba46803b7768 CR2: 0000000000000010 Fix this in tunnel_key_release(), ensuring 'param' is not NULL before dereferencing it. Fixes: d0f6dd8a914f ("net/sched: Introduce act_tunnel_key") Signed-off-by: Davide Caratti <dcaratti(a)redhat.com> Acked-by: Jiri Pirko <jiri(a)mellanox.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/sched/act_tunnel_key.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) --- a/net/sched/act_tunnel_key.c +++ b/net/sched/act_tunnel_key.c @@ -208,11 +208,12 @@ static void tunnel_key_release(struct tc struct tcf_tunnel_key_params *params; params = rcu_dereference_protected(t->params, 1); + if (params) { + if (params->tcft_action == TCA_TUNNEL_KEY_ACT_SET) + dst_release(&params->tcft_enc_metadata->dst); - if (params->tcft_action == TCA_TUNNEL_KEY_ACT_SET) - dst_release(&params->tcft_enc_metadata->dst); - - kfree_rcu(params, rcu); + kfree_rcu(params, rcu); + } } static int tunnel_key_dump_addresses(struct sk_buff *skb, Patches currently in stable-queue which might be from dcaratti(a)redhat.com are queue-4.15/net-sched-fix-null-dereference-in-the-error-path-of-tcf_vlan_init.patch queue-4.15/net-sched-fix-null-dereference-in-the-error-path-of-tcf_bpf_init.patch queue-4.15/net-sched-fix-null-dereference-on-the-error-path-of-tcf_skbmod_init.patch queue-4.15/net-sched-fix-null-dereference-in-the-error-path-of-tcf_sample_init.patch queue-4.15/net-sched-fix-null-dereference-in-the-error-path-of-tunnel_key_init.patch

7 years, 5 months

1
0
0 0

Patch "net/sched: fix NULL dereference in the error path of tcf_vlan_init()" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/sched: fix NULL dereference in the error path of tcf_vlan_init() to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-sched-fix-null-dereference-in-the-error-path-of-tcf_vlan_init.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Davide Caratti <dcaratti(a)redhat.com> Date: Fri, 16 Mar 2018 00:00:53 +0100 Subject: net/sched: fix NULL dereference in the error path of tcf_vlan_init() From: Davide Caratti <dcaratti(a)redhat.com> [ Upstream commit 1edf8abe04090c4f41a85e42c66638be1ee69156 ] when the following command # tc actions replace action vlan pop index 100 is run for the first time, and tcf_vlan_init() fails allocating struct tcf_vlan_params, tcf_vlan_cleanup() calls kfree_rcu(NULL, ...). This causes the following error: BUG: unable to handle kernel NULL pointer dereference at 0000000000000018 IP: __call_rcu+0x23/0x2b0 PGD 80000000760a2067 P4D 80000000760a2067 PUD 742c1067 PMD 0 Oops: 0002 [#1] SMP PTI Modules linked in: act_vlan(E) ip6table_filter ip6_tables iptable_filter binfmt_misc ext4 snd_hda_codec_generic snd_hda_intel mbcache snd_hda_codec jbd2 snd_hda_core crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc snd_hwdep snd_seq snd_seq_device snd_pcm aesni_intel crypto_simd snd_timer glue_helper snd cryptd joydev soundcore virtio_balloon pcspkr i2c_piix4 nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c ata_generic pata_acpi qxl drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm drm virtio_console virtio_blk virtio_net ata_piix crc32c_intel libata virtio_pci i2c_core virtio_ring serio_raw virtio floppy dm_mirror dm_region_hash dm_log dm_mod [last unloaded: act_vlan] CPU: 3 PID: 3119 Comm: tc Tainted: G E 4.16.0-rc4.act_vlan.orig+ #403 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:__call_rcu+0x23/0x2b0 RSP: 0018:ffffaac3005fb798 EFLAGS: 00010246 RAX: ffffffffc0704080 RBX: ffff97f2b4bbe900 RCX: 00000000ffffffff RDX: ffffffffabca5f00 RSI: 0000000000000010 RDI: 0000000000000010 RBP: 0000000000000010 R08: 0000000000000001 R09: 0000000000000044 R10: 00000000fd003000 R11: ffff97f2faab5b91 R12: 0000000000000000 R13: ffffffffabca5f00 R14: ffff97f2fb80202c R15: 00000000fffffff4 FS: 00007f68f75b4740(0000) GS:ffff97f2ffd80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000018 CR3: 0000000072b52001 CR4: 00000000001606e0 Call Trace: __tcf_idr_release+0x79/0xf0 tcf_vlan_init+0x168/0x270 [act_vlan] tcf_action_init_1+0x2cc/0x430 tcf_action_init+0xd3/0x1b0 tc_ctl_action+0x18b/0x240 rtnetlink_rcv_msg+0x29c/0x310 ? _cond_resched+0x15/0x30 ? __kmalloc_node_track_caller+0x1b9/0x270 ? rtnl_calcit.isra.28+0x100/0x100 netlink_rcv_skb+0xd2/0x110 netlink_unicast+0x17c/0x230 netlink_sendmsg+0x2cd/0x3c0 sock_sendmsg+0x30/0x40 ___sys_sendmsg+0x27a/0x290 ? filemap_map_pages+0x34a/0x3a0 ? __handle_mm_fault+0xbfd/0xe20 __sys_sendmsg+0x51/0x90 do_syscall_64+0x6e/0x1a0 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 RIP: 0033:0x7f68f69c5ba0 RSP: 002b:00007fffd79c1118 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fffd79c1240 RCX: 00007f68f69c5ba0 RDX: 0000000000000000 RSI: 00007fffd79c1190 RDI: 0000000000000003 RBP: 000000005aaa708e R08: 0000000000000002 R09: 0000000000000000 R10: 00007fffd79c0ba0 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fffd79c1254 R14: 0000000000000001 R15: 0000000000669f60 Code: 5d e9 42 da ff ff 66 90 0f 1f 44 00 00 41 57 41 56 41 55 49 89 d5 41 54 55 48 89 fd 53 48 83 ec 08 40 f6 c7 07 0f 85 19 02 00 00 <48> 89 75 08 48 c7 45 00 00 00 00 00 9c 58 0f 1f 44 00 00 49 89 RIP: __call_rcu+0x23/0x2b0 RSP: ffffaac3005fb798 CR2: 0000000000000018 fix this in tcf_vlan_cleanup(), ensuring that kfree_rcu(p, ...) is called only when p is not NULL. Fixes: 4c5b9d9642c8 ("act_vlan: VLAN action rewrite to use RCU lock/unlock and update") Acked-by: Jiri Pirko <jiri(a)mellanox.com> Acked-by: Manish Kurup <manish.kurup(a)verizon.com> Signed-off-by: Davide Caratti <dcaratti(a)redhat.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/sched/act_vlan.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/net/sched/act_vlan.c +++ b/net/sched/act_vlan.c @@ -225,7 +225,8 @@ static void tcf_vlan_cleanup(struct tc_a struct tcf_vlan_params *p; p = rcu_dereference_protected(v->vlan_p, 1); - kfree_rcu(p, rcu); + if (p) + kfree_rcu(p, rcu); } static int tcf_vlan_dump(struct sk_buff *skb, struct tc_action *a, Patches currently in stable-queue which might be from dcaratti(a)redhat.com are queue-4.15/net-sched-fix-null-dereference-in-the-error-path-of-tcf_vlan_init.patch queue-4.15/net-sched-fix-null-dereference-in-the-error-path-of-tcf_bpf_init.patch queue-4.15/net-sched-fix-null-dereference-on-the-error-path-of-tcf_skbmod_init.patch queue-4.15/net-sched-fix-null-dereference-in-the-error-path-of-tcf_sample_init.patch queue-4.15/net-sched-fix-null-dereference-in-the-error-path-of-tunnel_key_init.patch

7 years, 5 months

1
0
0 0

Patch "net/sched: fix NULL dereference in the error path of tcf_sample_init()" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/sched: fix NULL dereference in the error path of tcf_sample_init() to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-sched-fix-null-dereference-in-the-error-path-of-tcf_sample_init.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Davide Caratti <dcaratti(a)redhat.com> Date: Fri, 16 Mar 2018 00:00:56 +0100 Subject: net/sched: fix NULL dereference in the error path of tcf_sample_init() From: Davide Caratti <dcaratti(a)redhat.com> [ Upstream commit 1f110e7cae09e6c6a144616480d1a9dd99c5208a ] when the following command # tc action add action sample rate 100 group 100 index 100 is run for the first time, and psample_group_get(100) fails to create a new group, tcf_sample_cleanup() calls psample_group_put(NULL), thus causing the following error: BUG: unable to handle kernel NULL pointer dereference at 000000000000001c IP: psample_group_put+0x15/0x71 [psample] PGD 8000000075775067 P4D 8000000075775067 PUD 7453c067 PMD 0 Oops: 0002 [#1] SMP PTI Modules linked in: act_sample(E) psample ip6table_filter ip6_tables iptable_filter binfmt_misc ext4 snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hda_core mbcache jbd2 crct10dif_pclmul snd_hwdep crc32_pclmul snd_seq ghash_clmulni_intel pcbc snd_seq_device snd_pcm aesni_intel crypto_simd snd_timer glue_helper snd cryptd joydev pcspkr i2c_piix4 soundcore virtio_balloon nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c ata_generic pata_acpi qxl drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm drm virtio_net ata_piix virtio_console virtio_blk libata serio_raw crc32c_intel virtio_pci i2c_core virtio_ring virtio floppy dm_mirror dm_region_hash dm_log dm_mod [last unloaded: act_tunnel_key] CPU: 2 PID: 5740 Comm: tc Tainted: G E 4.16.0-rc4.act_vlan.orig+ #403 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:psample_group_put+0x15/0x71 [psample] RSP: 0018:ffffb8a80032f7d0 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000024 RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffffffc06d93c0 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000044 R10: 00000000bd003000 R11: ffff979fba04aa59 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff979fbba3f22c FS: 00007f7638112740(0000) GS:ffff979fbfd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000001c CR3: 00000000734ea001 CR4: 00000000001606e0 Call Trace: __tcf_idr_release+0x79/0xf0 tcf_sample_init+0x125/0x1d0 [act_sample] tcf_action_init_1+0x2cc/0x430 tcf_action_init+0xd3/0x1b0 tc_ctl_action+0x18b/0x240 rtnetlink_rcv_msg+0x29c/0x310 ? _cond_resched+0x15/0x30 ? __kmalloc_node_track_caller+0x1b9/0x270 ? rtnl_calcit.isra.28+0x100/0x100 netlink_rcv_skb+0xd2/0x110 netlink_unicast+0x17c/0x230 netlink_sendmsg+0x2cd/0x3c0 sock_sendmsg+0x30/0x40 ___sys_sendmsg+0x27a/0x290 ? filemap_map_pages+0x34a/0x3a0 ? __handle_mm_fault+0xbfd/0xe20 __sys_sendmsg+0x51/0x90 do_syscall_64+0x6e/0x1a0 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 RIP: 0033:0x7f7637523ba0 RSP: 002b:00007fff0473ef58 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fff0473f080 RCX: 00007f7637523ba0 RDX: 0000000000000000 RSI: 00007fff0473efd0 RDI: 0000000000000003 RBP: 000000005aaaac80 R08: 0000000000000002 R09: 0000000000000000 R10: 00007fff0473e9e0 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff0473f094 R14: 0000000000000001 R15: 0000000000669f60 Code: be 02 00 00 00 48 89 df e8 a9 fe ff ff e9 7c ff ff ff 0f 1f 40 00 0f 1f 44 00 00 53 48 89 fb 48 c7 c7 c0 93 6d c0 e8 db 20 8c ef <83> 6b 1c 01 74 10 48 c7 c7 c0 93 6d c0 ff 14 25 e8 83 83 b0 5b RIP: psample_group_put+0x15/0x71 [psample] RSP: ffffb8a80032f7d0 CR2: 000000000000001c Fix it in tcf_sample_cleanup(), ensuring that calls to psample_group_put(p) are done only when p is not NULL. Fixes: cadb9c9fdbc6 ("net/sched: act_sample: Fix error path in init") Signed-off-by: Davide Caratti <dcaratti(a)redhat.com> Acked-by: Jiri Pirko <jiri(a)mellanox.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/sched/act_sample.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/net/sched/act_sample.c +++ b/net/sched/act_sample.c @@ -103,7 +103,8 @@ static void tcf_sample_cleanup(struct tc psample_group = rtnl_dereference(s->psample_group); RCU_INIT_POINTER(s->psample_group, NULL); - psample_group_put(psample_group); + if (psample_group) + psample_group_put(psample_group); } static bool tcf_sample_dev_ok_push(struct net_device *dev) Patches currently in stable-queue which might be from dcaratti(a)redhat.com are queue-4.15/net-sched-fix-null-dereference-in-the-error-path-of-tcf_vlan_init.patch queue-4.15/net-sched-fix-null-dereference-in-the-error-path-of-tcf_bpf_init.patch queue-4.15/net-sched-fix-null-dereference-on-the-error-path-of-tcf_skbmod_init.patch queue-4.15/net-sched-fix-null-dereference-in-the-error-path-of-tcf_sample_init.patch queue-4.15/net-sched-fix-null-dereference-in-the-error-path-of-tunnel_key_init.patch

7 years, 5 months

1
0
0 0

Patch "net/sched: fix NULL dereference in the error path of tcf_bpf_init()" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/sched: fix NULL dereference in the error path of tcf_bpf_init() to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-sched-fix-null-dereference-in-the-error-path-of-tcf_bpf_init.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Davide Caratti <dcaratti(a)redhat.com> Date: Fri, 6 Apr 2018 01:19:37 +0200 Subject: net/sched: fix NULL dereference in the error path of tcf_bpf_init() From: Davide Caratti <dcaratti(a)redhat.com> [ Upstream commit 3239534a79ee6f20cffd974173a1e62e0730e8ac ] when tcf_bpf_init_from_ops() fails (e.g. because of program having invalid number of instructions), tcf_bpf_cfg_cleanup() calls bpf_prog_put(NULL) or bpf_prog_destroy(NULL). Unless CONFIG_BPF_SYSCALL is unset, this causes the following error: BUG: unable to handle kernel NULL pointer dereference at 0000000000000020 PGD 800000007345a067 P4D 800000007345a067 PUD 340e1067 PMD 0 Oops: 0000 [#1] SMP PTI Modules linked in: act_bpf(E) ip6table_filter ip6_tables iptable_filter binfmt_misc ext4 mbcache jbd2 crct10dif_pclmul crc32_pclmul ghash_clmulni_intel snd_hda_codec_generic pcbc snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_seq snd_seq_device snd_pcm aesni_intel crypto_simd glue_helper cryptd joydev snd_timer snd virtio_balloon pcspkr soundcore i2c_piix4 nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c ata_generic pata_acpi qxl drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm virtio_blk drm virtio_net virtio_console i2c_core crc32c_intel serio_raw virtio_pci ata_piix libata virtio_ring floppy virtio dm_mirror dm_region_hash dm_log dm_mod [last unloaded: act_bpf] CPU: 3 PID: 5654 Comm: tc Tainted: G E 4.16.0.bpf_test+ #408 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:__bpf_prog_put+0xc/0xc0 RSP: 0018:ffff9594003ef728 EFLAGS: 00010202 RAX: 0000000000000000 RBX: ffff9594003ef758 RCX: 0000000000000024 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000044 R10: 0000000000000220 R11: ffff8a7ab9f17131 R12: 0000000000000000 R13: ffff8a7ab7c3c8e0 R14: 0000000000000001 R15: ffff8a7ab88f1054 FS: 00007fcb2f17c740(0000) GS:ffff8a7abfd80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000020 CR3: 000000007c888006 CR4: 00000000001606e0 Call Trace: tcf_bpf_cfg_cleanup+0x2f/0x40 [act_bpf] tcf_bpf_cleanup+0x4c/0x70 [act_bpf] __tcf_idr_release+0x79/0x140 tcf_bpf_init+0x125/0x330 [act_bpf] tcf_action_init_1+0x2cc/0x430 ? get_page_from_freelist+0x3f0/0x11b0 tcf_action_init+0xd3/0x1b0 tc_ctl_action+0x18b/0x240 rtnetlink_rcv_msg+0x29c/0x310 ? _cond_resched+0x15/0x30 ? __kmalloc_node_track_caller+0x1b9/0x270 ? rtnl_calcit.isra.29+0x100/0x100 netlink_rcv_skb+0xd2/0x110 netlink_unicast+0x17c/0x230 netlink_sendmsg+0x2cd/0x3c0 sock_sendmsg+0x30/0x40 ___sys_sendmsg+0x27a/0x290 ? mem_cgroup_commit_charge+0x80/0x130 ? page_add_new_anon_rmap+0x73/0xc0 ? do_anonymous_page+0x2a2/0x560 ? __handle_mm_fault+0xc75/0xe20 __sys_sendmsg+0x58/0xa0 do_syscall_64+0x6e/0x1a0 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 RIP: 0033:0x7fcb2e58eba0 RSP: 002b:00007ffc93c496c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007ffc93c497f0 RCX: 00007fcb2e58eba0 RDX: 0000000000000000 RSI: 00007ffc93c49740 RDI: 0000000000000003 RBP: 000000005ac6a646 R08: 0000000000000002 R09: 0000000000000000 R10: 00007ffc93c49120 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc93c49804 R14: 0000000000000001 R15: 000000000066afa0 Code: 5f 00 48 8b 43 20 48 c7 c7 70 2f 7c b8 c7 40 10 00 00 00 00 5b e9 a5 8b 61 00 0f 1f 44 00 00 0f 1f 44 00 00 41 54 55 48 89 fd 53 <48> 8b 47 20 f0 ff 08 74 05 5b 5d 41 5c c3 41 89 f4 0f 1f 44 00 RIP: __bpf_prog_put+0xc/0xc0 RSP: ffff9594003ef728 CR2: 0000000000000020 Fix it in tcf_bpf_cfg_cleanup(), ensuring that bpf_prog_{put,destroy}(f) is called only when f is not NULL. Fixes: bbc09e7842a5 ("net/sched: fix idr leak on the error path of tcf_bpf_init()") Reported-by: Lucas Bates <lucasb(a)mojatatu.com> Signed-off-by: Davide Caratti <dcaratti(a)redhat.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/sched/act_bpf.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) --- a/net/sched/act_bpf.c +++ b/net/sched/act_bpf.c @@ -248,10 +248,14 @@ static int tcf_bpf_init_from_efd(struct static void tcf_bpf_cfg_cleanup(const struct tcf_bpf_cfg *cfg) { - if (cfg->is_ebpf) - bpf_prog_put(cfg->filter); - else - bpf_prog_destroy(cfg->filter); + struct bpf_prog *filter = cfg->filter; + + if (filter) { + if (cfg->is_ebpf) + bpf_prog_put(filter); + else + bpf_prog_destroy(filter); + } kfree(cfg->bpf_ops); kfree(cfg->bpf_name); Patches currently in stable-queue which might be from dcaratti(a)redhat.com are queue-4.15/net-sched-fix-null-dereference-in-the-error-path-of-tcf_vlan_init.patch queue-4.15/net-sched-fix-null-dereference-in-the-error-path-of-tcf_bpf_init.patch queue-4.15/net-sched-fix-null-dereference-on-the-error-path-of-tcf_skbmod_init.patch queue-4.15/net-sched-fix-null-dereference-in-the-error-path-of-tcf_sample_init.patch queue-4.15/net-sched-fix-null-dereference-in-the-error-path-of-tunnel_key_init.patch

7 years, 5 months

1
0
0 0

Patch "net sched actions: fix dumping which requires several messages to user space" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net sched actions: fix dumping which requires several messages to user space to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-sched-actions-fix-dumping-which-requires-several-messages-to-user-space.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Craig Dillabaugh <cdillaba(a)mojatatu.com> Date: Mon, 26 Mar 2018 14:58:32 -0400 Subject: net sched actions: fix dumping which requires several messages to user space From: Craig Dillabaugh <cdillaba(a)mojatatu.com> [ Upstream commit 734549eb550c0c720bc89e50501f1b1e98cdd841 ] Fixes a bug in the tcf_dump_walker function that can cause some actions to not be reported when dumping a large number of actions. This issue became more aggrevated when cookies feature was added. In particular this issue is manifest when large cookie values are assigned to the actions and when enough actions are created that the resulting table must be dumped in multiple batches. The number of actions returned in each batch is limited by the total number of actions and the memory buffer size. With small cookies the numeric limit is reached before the buffer size limit, which avoids the code path triggering this bug. When large cookies are used buffer fills before the numeric limit, and the erroneous code path is hit. For example after creating 32 csum actions with the cookie aaaabbbbccccdddd $ tc actions ls action csum total acts 26 action order 0: csum (tcp) action continue index 1 ref 1 bind 0 cookie aaaabbbbccccdddd ..... action order 25: csum (tcp) action continue index 26 ref 1 bind 0 cookie aaaabbbbccccdddd total acts 6 action order 0: csum (tcp) action continue index 28 ref 1 bind 0 cookie aaaabbbbccccdddd ...... action order 5: csum (tcp) action continue index 32 ref 1 bind 0 cookie aaaabbbbccccdddd Note that the action with index 27 is omitted from the report. Fixes: 4b3550ef530c ("[NET_SCHED]: Use nla_nest_start/nla_nest_end")" Signed-off-by: Craig Dillabaugh <cdillaba(a)mojatatu.com> Acked-by: Jamal Hadi Salim <jhs(a)mojatatu.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/sched/act_api.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/net/sched/act_api.c +++ b/net/sched/act_api.c @@ -135,8 +135,10 @@ static int tcf_dump_walker(struct tcf_id continue; nest = nla_nest_start(skb, n_i); - if (!nest) + if (!nest) { + index--; goto nla_put_failure; + } err = tcf_action_dump_1(skb, p, 0, 0); if (err < 0) { index--; Patches currently in stable-queue which might be from cdillaba(a)mojatatu.com are queue-4.15/net-sched-actions-fix-dumping-which-requires-several-messages-to-user-space.patch

7 years, 5 months

1
0
0 0

Patch "net/mlx5e: Sync netdev vxlan ports at open" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/mlx5e: Sync netdev vxlan ports at open to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-mlx5e-sync-netdev-vxlan-ports-at-open.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Shahar Klein <shahark(a)mellanox.com> Date: Tue, 20 Mar 2018 14:44:40 +0200 Subject: net/mlx5e: Sync netdev vxlan ports at open From: Shahar Klein <shahark(a)mellanox.com> [ Upstream commit a117f73dc2430443f23e18367fa545981129c1a6 ] When mlx5_core is loaded it is expected to sync ports with all vxlan devices so it can support vxlan encap/decap. This is done via udp_tunnel_get_rx_info(). Currently this call is set in mlx5e_nic_enable() and if the netdev is not in NETREG_REGISTERED state it will not be called. Normally on load the netdev state is not NETREG_REGISTERED so udp_tunnel_get_rx_info() will not be called. Moving udp_tunnel_get_rx_info() to mlx5e_open() so it will be called on netdev UP event and allow encap/decap. Fixes: 610e89e05c3f ("net/mlx5e: Don't sync netdev state when not registered") Signed-off-by: Shahar Klein <shahark(a)mellanox.com> Reviewed-by: Roi Dayan <roid(a)mellanox.com> Signed-off-by: Saeed Mahameed <saeedm(a)mellanox.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) --- a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c @@ -2715,6 +2715,9 @@ int mlx5e_open(struct net_device *netdev mlx5_set_port_admin_status(priv->mdev, MLX5_PORT_UP); mutex_unlock(&priv->state_lock); + if (mlx5e_vxlan_allowed(priv->mdev)) + udp_tunnel_get_rx_info(netdev); + return err; } @@ -4428,12 +4431,6 @@ static void mlx5e_nic_enable(struct mlx5 #ifdef CONFIG_MLX5_CORE_EN_DCB mlx5e_dcbnl_init_app(priv); #endif - /* Device already registered: sync netdev system state */ - if (mlx5e_vxlan_allowed(mdev)) { - rtnl_lock(); - udp_tunnel_get_rx_info(netdev); - rtnl_unlock(); - } queue_work(priv->wq, &priv->set_rx_mode_work); Patches currently in stable-queue which might be from shahark(a)mellanox.com are queue-4.15/net-mlx5e-sync-netdev-vxlan-ports-at-open.patch

7 years, 5 months

1
0
0 0

Patch "net/mlx5e: Verify coalescing parameters in range" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/mlx5e: Verify coalescing parameters in range to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-mlx5e-verify-coalescing-parameters-in-range.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Moshe Shemesh <moshe(a)mellanox.com> Date: Thu, 15 Feb 2018 12:41:48 +0200 Subject: net/mlx5e: Verify coalescing parameters in range From: Moshe Shemesh <moshe(a)mellanox.com> [ Upstream commit b392a2078b5e0094ff38aa0c9d2a31b3f607d4ef ] Add check of coalescing parameters received through ethtool are within range of values supported by the HW. Driver gets the coalescing rx/tx-usecs and rx/tx-frames as set by the users through ethtool. The ethtool support up to 32 bit value for each. However, mlx5 modify cq limits the coalescing time parameter to 12 bit and coalescing frames parameters to 16 bits. Return out of range error if user tries to set these parameters to higher values. Fixes: f62b8bb8f2d3 ('net/mlx5: Extend mlx5_core to support ConnectX-4 Ethernet functionality') Signed-off-by: Moshe Shemesh <moshe(a)mellanox.com> Signed-off-by: Saeed Mahameed <saeedm(a)mellanox.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/mellanox/mlx5/core/en_ethtool.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) --- a/drivers/net/ethernet/mellanox/mlx5/core/en_ethtool.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_ethtool.c @@ -492,6 +492,9 @@ static int mlx5e_get_coalesce(struct net return mlx5e_ethtool_get_coalesce(priv, coal); } +#define MLX5E_MAX_COAL_TIME MLX5_MAX_CQ_PERIOD +#define MLX5E_MAX_COAL_FRAMES MLX5_MAX_CQ_COUNT + static void mlx5e_set_priv_channels_coalesce(struct mlx5e_priv *priv, struct ethtool_coalesce *coal) { @@ -526,6 +529,20 @@ int mlx5e_ethtool_set_coalesce(struct ml if (!MLX5_CAP_GEN(mdev, cq_moderation)) return -EOPNOTSUPP; + if (coal->tx_coalesce_usecs > MLX5E_MAX_COAL_TIME || + coal->rx_coalesce_usecs > MLX5E_MAX_COAL_TIME) { + netdev_info(priv->netdev, "%s: maximum coalesce time supported is %lu usecs\n", + __func__, MLX5E_MAX_COAL_TIME); + return -ERANGE; + } + + if (coal->tx_max_coalesced_frames > MLX5E_MAX_COAL_FRAMES || + coal->rx_max_coalesced_frames > MLX5E_MAX_COAL_FRAMES) { + netdev_info(priv->netdev, "%s: maximum coalesced frames supported is %lu\n", + __func__, MLX5E_MAX_COAL_FRAMES); + return -ERANGE; + } + mutex_lock(&priv->state_lock); new_channels.params = priv->channels.params; Patches currently in stable-queue which might be from moshe(a)mellanox.com are queue-4.15/net-mlx4_core-fix-memory-leak-while-delete-slave-s-resources.patch queue-4.15/net-mlx5e-verify-coalescing-parameters-in-range.patch

7 years, 5 months

1
0
0 0

Patch "net/mlx5e: Set EQE based as default TX interrupt moderation mode" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/mlx5e: Set EQE based as default TX interrupt moderation mode to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-mlx5e-set-eqe-based-as-default-tx-interrupt-moderation-mode.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Tal Gilboa <talgi(a)mellanox.com> Date: Fri, 30 Mar 2018 15:50:08 -0700 Subject: net/mlx5e: Set EQE based as default TX interrupt moderation mode From: Tal Gilboa <talgi(a)mellanox.com> [ Upstream commit 48bfc39791b8b4a25f165e711f18b9c1617cefbc ] The default TX moderation mode was mistakenly set to CQE based. The intention was to add a control ability in order to improve some specific use-cases. In general, we prefer to use EQE based moderation as it gives much better numbers for the common cases. CQE based causes a degradation in the common case since it resets the moderation timer on CQE generation. This causes an issue when TSO is well utilized (large TSO sessions). The timer is set to 16us so traffic of ~64KB TSO sessions per second would mean timer reset (CQE per TSO session -> long time between CQEs). In this case we quickly reach the tcp_limit_output_bytes (256KB by default) and cause a halt in TX traffic. By setting EQE based moderation we make sure timer would expire after 16us regardless of the packet rate. This fixes an up to 40% packet rate and up to 23% bandwidth degradtions. Fixes: 0088cbbc4b66 ("net/mlx5e: Enable CQE based moderation on TX CQ") Signed-off-by: Tal Gilboa <talgi(a)mellanox.com> Signed-off-by: Saeed Mahameed <saeedm(a)mellanox.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) --- a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c @@ -4075,7 +4075,7 @@ void mlx5e_build_nic_params(struct mlx5_ struct mlx5e_params *params, u16 max_channels) { - u8 cq_period_mode = 0; + u8 rx_cq_period_mode; u32 link_speed = 0; u32 pci_bw = 0; @@ -4111,12 +4111,12 @@ void mlx5e_build_nic_params(struct mlx5_ params->lro_timeout = mlx5e_choose_lro_timeout(mdev, MLX5E_DEFAULT_LRO_TIMEOUT); /* CQ moderation params */ - cq_period_mode = MLX5_CAP_GEN(mdev, cq_period_start_from_cqe) ? + rx_cq_period_mode = MLX5_CAP_GEN(mdev, cq_period_start_from_cqe) ? MLX5_CQ_PERIOD_MODE_START_FROM_CQE : MLX5_CQ_PERIOD_MODE_START_FROM_EQE; params->rx_am_enabled = MLX5_CAP_GEN(mdev, cq_moderation); - mlx5e_set_rx_cq_mode_params(params, cq_period_mode); - mlx5e_set_tx_cq_mode_params(params, cq_period_mode); + mlx5e_set_rx_cq_mode_params(params, rx_cq_period_mode); + mlx5e_set_tx_cq_mode_params(params, MLX5_CQ_PERIOD_MODE_START_FROM_EQE); /* TX inline */ params->tx_max_inline = mlx5e_get_max_inline_cap(mdev); Patches currently in stable-queue which might be from talgi(a)mellanox.com are queue-4.15/net-mlx5e-set-eqe-based-as-default-tx-interrupt-moderation-mode.patch

7 years, 5 months

1
0
0 0

Patch "net/mlx5e: Fix traffic being dropped on VF representor" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/mlx5e: Fix traffic being dropped on VF representor to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-mlx5e-fix-traffic-being-dropped-on-vf-representor.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Roi Dayan <roid(a)mellanox.com> Date: Wed, 28 Feb 2018 12:56:42 +0200 Subject: net/mlx5e: Fix traffic being dropped on VF representor From: Roi Dayan <roid(a)mellanox.com> [ Upstream commit 4246f698dd58e3c6246fa919ef0b0a1d29a57e4a ] Increase representor netdev RQ size to avoid dropped packets. The current size (two) is just too small to keep up with conventional slow path traffic patterns. Also match the SQ size to the RQ size. Fixes: cb67b832921c ("net/mlx5e: Introduce SRIOV VF representors") Signed-off-by: Roi Dayan <roid(a)mellanox.com> Reviewed-by: Paul Blakey <paulb(a)mellanox.com> Reviewed-by: Or Gerlitz <ogerlitz(a)mellanox.com> Signed-off-by: Saeed Mahameed <saeedm(a)mellanox.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) --- a/drivers/net/ethernet/mellanox/mlx5/core/en_rep.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_rep.c @@ -44,6 +44,11 @@ #include "en_tc.h" #include "fs_core.h" +#define MLX5E_REP_PARAMS_LOG_SQ_SIZE \ + max(0x6, MLX5E_PARAMS_MINIMUM_LOG_SQ_SIZE) +#define MLX5E_REP_PARAMS_LOG_RQ_SIZE \ + max(0x6, MLX5E_PARAMS_MINIMUM_LOG_RQ_SIZE) + static const char mlx5e_rep_driver_name[] = "mlx5e_rep"; static void mlx5e_rep_get_drvinfo(struct net_device *dev, @@ -824,9 +829,9 @@ static void mlx5e_build_rep_params(struc MLX5_CQ_PERIOD_MODE_START_FROM_CQE : MLX5_CQ_PERIOD_MODE_START_FROM_EQE; - params->log_sq_size = MLX5E_PARAMS_MINIMUM_LOG_SQ_SIZE; + params->log_sq_size = MLX5E_REP_PARAMS_LOG_SQ_SIZE; params->rq_wq_type = MLX5_WQ_TYPE_LINKED_LIST; - params->log_rq_size = MLX5E_PARAMS_MINIMUM_LOG_RQ_SIZE; + params->log_rq_size = MLX5E_REP_PARAMS_LOG_RQ_SIZE; params->rx_am_enabled = MLX5_CAP_GEN(mdev, cq_moderation); mlx5e_set_rx_cq_mode_params(params, cq_period_mode); Patches currently in stable-queue which might be from roid(a)mellanox.com are queue-4.15/net-mlx5e-fix-memory-usage-issues-in-offloading-tc-flows.patch queue-4.15/net-mlx5e-fix-traffic-being-dropped-on-vf-representor.patch queue-4.15/net-mlx5e-sync-netdev-vxlan-ports-at-open.patch queue-4.15/net-mlx5e-don-t-override-vport-admin-link-state-in-switchdev-mode.patch

7 years, 5 months

1
0
0 0

Patch "net/mlx5e: Fix memory usage issues in offloading TC flows" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/mlx5e: Fix memory usage issues in offloading TC flows to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-mlx5e-fix-memory-usage-issues-in-offloading-tc-flows.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Jianbo Liu <jianbol(a)mellanox.com> Date: Thu, 8 Mar 2018 09:20:55 +0000 Subject: net/mlx5e: Fix memory usage issues in offloading TC flows From: Jianbo Liu <jianbol(a)mellanox.com> [ Upstream commit af1607c37d9d85a66fbcf43b7f11bf3d94b9bb69 ] For NIC flows, the parsed attributes are not freed when we exit successfully from mlx5e_configure_flower(). There is possible double free for eswitch flows. If error is returned from rhashtable_insert_fast(), the parse attrs will be freed in mlx5e_tc_del_flow(), but they will be freed again before exiting mlx5e_configure_flower(). To fix both issues we do the following: (1) change the condition that determines if to issue the free call to check if this flow is NIC flow, or it does not have encap action. (2) reorder the code such that that the check and free calls are done before we attempt to add into the hash table. Fixes: 232c001398ae ('net/mlx5e: Add support to neighbour update flow') Signed-off-by: Jianbo Liu <jianbol(a)mellanox.com> Reviewed-by: Or Gerlitz <ogerlitz(a)mellanox.com> Reviewed-by: Roi Dayan <roid(a)mellanox.com> Signed-off-by: Saeed Mahameed <saeedm(a)mellanox.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) --- a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c @@ -2102,19 +2102,19 @@ int mlx5e_configure_flower(struct mlx5e_ if (err != -EAGAIN) flow->flags |= MLX5E_TC_FLOW_OFFLOADED; + if (!(flow->flags & MLX5E_TC_FLOW_ESWITCH) || + !(flow->esw_attr->action & MLX5_FLOW_CONTEXT_ACTION_ENCAP)) + kvfree(parse_attr); + err = rhashtable_insert_fast(&tc->ht, &flow->node, tc->ht_params); - if (err) - goto err_del_rule; + if (err) { + mlx5e_tc_del_flow(priv, flow); + kfree(flow); + } - if (flow->flags & MLX5E_TC_FLOW_ESWITCH && - !(flow->esw_attr->action & MLX5_FLOW_CONTEXT_ACTION_ENCAP)) - kvfree(parse_attr); return err; -err_del_rule: - mlx5e_tc_del_flow(priv, flow); - err_free: kvfree(parse_attr); kfree(flow); Patches currently in stable-queue which might be from jianbol(a)mellanox.com are queue-4.15/net-mlx5e-fix-memory-usage-issues-in-offloading-tc-flows.patch queue-4.15/net-mlx5e-don-t-override-vport-admin-link-state-in-switchdev-mode.patch

7 years, 5 months

1
0
0 0

Patch "net/mlx5e: Avoid using the ipv6 stub in the TC offload neigh update path" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/mlx5e: Avoid using the ipv6 stub in the TC offload neigh update path to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-mlx5e-avoid-using-the-ipv6-stub-in-the-tc-offload-neigh-update-path.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Or Gerlitz <ogerlitz(a)mellanox.com> Date: Tue, 13 Mar 2018 21:43:43 +0200 Subject: net/mlx5e: Avoid using the ipv6 stub in the TC offload neigh update path From: Or Gerlitz <ogerlitz(a)mellanox.com> [ Upstream commit 423c9db29943cfc43e3a408192e9efa4178af6a1 ] Currently we use the global ipv6_stub var to access the ipv6 global nd table. This practice gets us to troubles when the stub is only partially set e.g when ipv6 is loaded under the disabled policy. In this case, as of commit 343d60aada5a ("ipv6: change ipv6_stub_impl.ipv6_dst_lookup to take net argument") the stub is not null, but stub->nd_tbl is and we crash. As we can access the ipv6 nd_tbl directly, the fix is just to avoid the reference through the stub. There is one place in the code where we issue ipv6 route lookup and keep doing it through the stub, but that mentioned commit makes sure we get -EAFNOSUPPORT from the stack. Fixes: 232c001398ae ("net/mlx5e: Add support to neighbour update flow") Signed-off-by: Or Gerlitz <ogerlitz(a)mellanox.com> Reviewed-by: Aviv Heller <avivh(a)mellanox.com> Signed-off-by: Saeed Mahameed <saeedm(a)mellanox.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 6 +++--- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) --- a/drivers/net/ethernet/mellanox/mlx5/core/en_rep.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_rep.c @@ -231,7 +231,7 @@ void mlx5e_remove_sqs_fwd_rules(struct m static void mlx5e_rep_neigh_update_init_interval(struct mlx5e_rep_priv *rpriv) { #if IS_ENABLED(CONFIG_IPV6) - unsigned long ipv6_interval = NEIGH_VAR(&ipv6_stub->nd_tbl->parms, + unsigned long ipv6_interval = NEIGH_VAR(&nd_tbl.parms, DELAY_PROBE_TIME); #else unsigned long ipv6_interval = ~0UL; @@ -367,7 +367,7 @@ static int mlx5e_rep_netevent_event(stru case NETEVENT_NEIGH_UPDATE: n = ptr; #if IS_ENABLED(CONFIG_IPV6) - if (n->tbl != ipv6_stub->nd_tbl && n->tbl != &arp_tbl) + if (n->tbl != &nd_tbl && n->tbl != &arp_tbl) #else if (n->tbl != &arp_tbl) #endif @@ -415,7 +415,7 @@ static int mlx5e_rep_netevent_event(stru * done per device delay prob time parameter. */ #if IS_ENABLED(CONFIG_IPV6) - if (!p->dev || (p->tbl != ipv6_stub->nd_tbl && p->tbl != &arp_tbl)) + if (!p->dev || (p->tbl != &nd_tbl && p->tbl != &arp_tbl)) #else if (!p->dev || p->tbl != &arp_tbl) #endif --- a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c @@ -495,7 +495,7 @@ void mlx5e_tc_update_neigh_used_value(st tbl = &arp_tbl; #if IS_ENABLED(CONFIG_IPV6) else if (m_neigh->family == AF_INET6) - tbl = ipv6_stub->nd_tbl; + tbl = &nd_tbl; #endif else return; Patches currently in stable-queue which might be from ogerlitz(a)mellanox.com are queue-4.15/net-mlx5e-fix-memory-usage-issues-in-offloading-tc-flows.patch queue-4.15/net-mlx5e-fix-traffic-being-dropped-on-vf-representor.patch queue-4.15/net-mlx5e-avoid-using-the-ipv6-stub-in-the-tc-offload-neigh-update-path.patch queue-4.15/net-mlx5e-don-t-override-vport-admin-link-state-in-switchdev-mode.patch

7 years, 5 months

1
0
0 0

Patch "net/mlx5e: Don't override vport admin link state in switchdev mode" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/mlx5e: Don't override vport admin link state in switchdev mode to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-mlx5e-don-t-override-vport-admin-link-state-in-switchdev-mode.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Jianbo Liu <jianbol(a)mellanox.com> Date: Fri, 2 Mar 2018 02:09:08 +0000 Subject: net/mlx5e: Don't override vport admin link state in switchdev mode From: Jianbo Liu <jianbol(a)mellanox.com> The vport admin original link state will be re-applied after returning back to legacy mode, it is not right to change the admin link state value when in switchdev mode. Use direct vport commands to alter logical vport state in netdev representor open/close flows rather than the administrative eswitch API. Fixes: 20a1ea674783 ('net/mlx5e: Support VF vport link state control for SRIOV switchdev mode') Signed-off-by: Jianbo Liu <jianbol(a)mellanox.com> Reviewed-by: Roi Dayan <roid(a)mellanox.com> Reviewed-by: Or Gerlitz <ogerlitz(a)mellanox.com> Signed-off-by: Saeed Mahameed <saeedm(a)mellanox.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) --- a/drivers/net/ethernet/mellanox/mlx5/core/en_rep.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_rep.c @@ -611,7 +611,6 @@ static int mlx5e_rep_open(struct net_dev struct mlx5e_priv *priv = netdev_priv(dev); struct mlx5e_rep_priv *rpriv = priv->ppriv; struct mlx5_eswitch_rep *rep = rpriv->rep; - struct mlx5_eswitch *esw = priv->mdev->priv.eswitch; int err; mutex_lock(&priv->state_lock); @@ -619,8 +618,9 @@ static int mlx5e_rep_open(struct net_dev if (err) goto unlock; - if (!mlx5_eswitch_set_vport_state(esw, rep->vport, - MLX5_ESW_VPORT_ADMIN_STATE_UP)) + if (!mlx5_modify_vport_admin_state(priv->mdev, + MLX5_QUERY_VPORT_STATE_IN_OP_MOD_ESW_VPORT, + rep->vport, MLX5_ESW_VPORT_ADMIN_STATE_UP)) netif_carrier_on(dev); unlock: @@ -633,11 +633,12 @@ static int mlx5e_rep_close(struct net_de struct mlx5e_priv *priv = netdev_priv(dev); struct mlx5e_rep_priv *rpriv = priv->ppriv; struct mlx5_eswitch_rep *rep = rpriv->rep; - struct mlx5_eswitch *esw = priv->mdev->priv.eswitch; int ret; mutex_lock(&priv->state_lock); - (void)mlx5_eswitch_set_vport_state(esw, rep->vport, MLX5_ESW_VPORT_ADMIN_STATE_DOWN); + mlx5_modify_vport_admin_state(priv->mdev, + MLX5_QUERY_VPORT_STATE_IN_OP_MOD_ESW_VPORT, + rep->vport, MLX5_ESW_VPORT_ADMIN_STATE_DOWN); ret = mlx5e_close_locked(dev); mutex_unlock(&priv->state_lock); return ret; Patches currently in stable-queue which might be from jianbol(a)mellanox.com are queue-4.15/net-mlx5e-fix-memory-usage-issues-in-offloading-tc-flows.patch queue-4.15/net-mlx5e-don-t-override-vport-admin-link-state-in-switchdev-mode.patch

7 years, 5 months

1
0
0 0

Patch "net/mlx4_en: Fix mixed PFC and Global pause user control requests" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/mlx4_en: Fix mixed PFC and Global pause user control requests to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-mlx4_en-fix-mixed-pfc-and-global-pause-user-control-requests.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Eran Ben Elisha <eranbe(a)mellanox.com> Date: Tue, 27 Mar 2018 14:41:18 +0300 Subject: net/mlx4_en: Fix mixed PFC and Global pause user control requests From: Eran Ben Elisha <eranbe(a)mellanox.com> [ Upstream commit 6e8814ceb7e8f468659ef9253bd212c07ae19584 ] Global pause and PFC configuration should be mutually exclusive (i.e. only one of them at most can be set). However, once PFC was turned off, driver automatically turned Global pause on. This is a bug. Fix the driver behaviour to turn off PFC/Global once the user turned the other on. This also fixed a weird behaviour that at a current time, the profile had both PFC and global pause configuration turned on, which is Hardware-wise impossible and caused returning false positive indication to query tools. In addition, fix error code when setting global pause or PFC to change metadata only upon successful change. Also, removed useless debug print. Fixes: af7d51852631 ("net/mlx4_en: Add DCB PFC support through CEE netlink commands") Fixes: c27a02cd94d6 ("mlx4_en: Add driver for Mellanox ConnectX 10GbE NIC") Signed-off-by: Eran Ben Elisha <eranbe(a)mellanox.com> Signed-off-by: Tariq Toukan <tariqt(a)mellanox.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/mellanox/mlx4/en_dcb_nl.c | 72 +++++++++++++----------- drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 33 ++++++----- drivers/net/ethernet/mellanox/mlx4/en_main.c | 4 - 3 files changed, 62 insertions(+), 47 deletions(-) --- a/drivers/net/ethernet/mellanox/mlx4/en_dcb_nl.c +++ b/drivers/net/ethernet/mellanox/mlx4/en_dcb_nl.c @@ -156,57 +156,63 @@ static int mlx4_en_dcbnl_getnumtcs(struc static u8 mlx4_en_dcbnl_set_all(struct net_device *netdev) { struct mlx4_en_priv *priv = netdev_priv(netdev); + struct mlx4_en_port_profile *prof = priv->prof; struct mlx4_en_dev *mdev = priv->mdev; + u8 tx_pause, tx_ppp, rx_pause, rx_ppp; if (!(priv->dcbx_cap & DCB_CAP_DCBX_VER_CEE)) return 1; if (priv->cee_config.pfc_state) { int tc; + rx_ppp = prof->rx_ppp; + tx_ppp = prof->tx_ppp; - priv->prof->rx_pause = 0; - priv->prof->tx_pause = 0; for (tc = 0; tc < CEE_DCBX_MAX_PRIO; tc++) { u8 tc_mask = 1 << tc; switch (priv->cee_config.dcb_pfc[tc]) { case pfc_disabled: - priv->prof->tx_ppp &= ~tc_mask; - priv->prof->rx_ppp &= ~tc_mask; + tx_ppp &= ~tc_mask; + rx_ppp &= ~tc_mask; break; case pfc_enabled_full: - priv->prof->tx_ppp |= tc_mask; - priv->prof->rx_ppp |= tc_mask; + tx_ppp |= tc_mask; + rx_ppp |= tc_mask; break; case pfc_enabled_tx: - priv->prof->tx_ppp |= tc_mask; - priv->prof->rx_ppp &= ~tc_mask; + tx_ppp |= tc_mask; + rx_ppp &= ~tc_mask; break; case pfc_enabled_rx: - priv->prof->tx_ppp &= ~tc_mask; - priv->prof->rx_ppp |= tc_mask; + tx_ppp &= ~tc_mask; + rx_ppp |= tc_mask; break; default: break; } } - en_dbg(DRV, priv, "Set pfc on\n"); + rx_pause = !!(rx_ppp || tx_ppp) ? 0 : prof->rx_pause; + tx_pause = !!(rx_ppp || tx_ppp) ? 0 : prof->tx_pause; } else { - priv->prof->rx_pause = 1; - priv->prof->tx_pause = 1; - en_dbg(DRV, priv, "Set pfc off\n"); + rx_ppp = 0; + tx_ppp = 0; + rx_pause = prof->rx_pause; + tx_pause = prof->tx_pause; } if (mlx4_SET_PORT_general(mdev->dev, priv->port, priv->rx_skb_size + ETH_FCS_LEN, - priv->prof->tx_pause, - priv->prof->tx_ppp, - priv->prof->rx_pause, - priv->prof->rx_ppp)) { + tx_pause, tx_ppp, rx_pause, rx_ppp)) { en_err(priv, "Failed setting pause params\n"); return 1; } + prof->tx_ppp = tx_ppp; + prof->rx_ppp = rx_ppp; + prof->tx_pause = tx_pause; + prof->rx_pause = rx_pause; + return 0; } @@ -408,6 +414,7 @@ static int mlx4_en_dcbnl_ieee_setpfc(str struct mlx4_en_priv *priv = netdev_priv(dev); struct mlx4_en_port_profile *prof = priv->prof; struct mlx4_en_dev *mdev = priv->mdev; + u32 tx_pause, tx_ppp, rx_pause, rx_ppp; int err; en_dbg(DRV, priv, "cap: 0x%x en: 0x%x mbc: 0x%x delay: %d\n", @@ -416,23 +423,26 @@ static int mlx4_en_dcbnl_ieee_setpfc(str pfc->mbc, pfc->delay); - prof->rx_pause = !pfc->pfc_en; - prof->tx_pause = !pfc->pfc_en; - prof->rx_ppp = pfc->pfc_en; - prof->tx_ppp = pfc->pfc_en; + rx_pause = prof->rx_pause && !pfc->pfc_en; + tx_pause = prof->tx_pause && !pfc->pfc_en; + rx_ppp = pfc->pfc_en; + tx_ppp = pfc->pfc_en; err = mlx4_SET_PORT_general(mdev->dev, priv->port, priv->rx_skb_size + ETH_FCS_LEN, - prof->tx_pause, - prof->tx_ppp, - prof->rx_pause, - prof->rx_ppp); - if (err) + tx_pause, tx_ppp, rx_pause, rx_ppp); + if (err) { en_err(priv, "Failed setting pause params\n"); - else - mlx4_en_update_pfc_stats_bitmap(mdev->dev, &priv->stats_bitmap, - prof->rx_ppp, prof->rx_pause, - prof->tx_ppp, prof->tx_pause); + return err; + } + + mlx4_en_update_pfc_stats_bitmap(mdev->dev, &priv->stats_bitmap, + rx_ppp, rx_pause, tx_ppp, tx_pause); + + prof->tx_ppp = tx_ppp; + prof->rx_ppp = rx_ppp; + prof->rx_pause = rx_pause; + prof->tx_pause = tx_pause; return err; } --- a/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c +++ b/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c @@ -1046,27 +1046,32 @@ static int mlx4_en_set_pauseparam(struct { struct mlx4_en_priv *priv = netdev_priv(dev); struct mlx4_en_dev *mdev = priv->mdev; + u8 tx_pause, tx_ppp, rx_pause, rx_ppp; int err; if (pause->autoneg) return -EINVAL; - priv->prof->tx_pause = pause->tx_pause != 0; - priv->prof->rx_pause = pause->rx_pause != 0; + tx_pause = !!(pause->tx_pause); + rx_pause = !!(pause->rx_pause); + rx_ppp = priv->prof->rx_ppp && !(tx_pause || rx_pause); + tx_ppp = priv->prof->tx_ppp && !(tx_pause || rx_pause); + err = mlx4_SET_PORT_general(mdev->dev, priv->port, priv->rx_skb_size + ETH_FCS_LEN, - priv->prof->tx_pause, - priv->prof->tx_ppp, - priv->prof->rx_pause, - priv->prof->rx_ppp); - if (err) - en_err(priv, "Failed setting pause params\n"); - else - mlx4_en_update_pfc_stats_bitmap(mdev->dev, &priv->stats_bitmap, - priv->prof->rx_ppp, - priv->prof->rx_pause, - priv->prof->tx_ppp, - priv->prof->tx_pause); + tx_pause, tx_ppp, rx_pause, rx_ppp); + if (err) { + en_err(priv, "Failed setting pause params, err = %d\n", err); + return err; + } + + mlx4_en_update_pfc_stats_bitmap(mdev->dev, &priv->stats_bitmap, + rx_ppp, rx_pause, tx_ppp, tx_pause); + + priv->prof->tx_pause = tx_pause; + priv->prof->rx_pause = rx_pause; + priv->prof->tx_ppp = tx_ppp; + priv->prof->rx_ppp = rx_ppp; return err; } --- a/drivers/net/ethernet/mellanox/mlx4/en_main.c +++ b/drivers/net/ethernet/mellanox/mlx4/en_main.c @@ -163,9 +163,9 @@ static void mlx4_en_get_profile(struct m params->udp_rss = 0; } for (i = 1; i <= MLX4_MAX_PORTS; i++) { - params->prof[i].rx_pause = 1; + params->prof[i].rx_pause = !(pfcrx || pfctx); params->prof[i].rx_ppp = pfcrx; - params->prof[i].tx_pause = 1; + params->prof[i].tx_pause = !(pfcrx || pfctx); params->prof[i].tx_ppp = pfctx; params->prof[i].tx_ring_size = MLX4_EN_DEF_TX_RING_SIZE; params->prof[i].rx_ring_size = MLX4_EN_DEF_RX_RING_SIZE; Patches currently in stable-queue which might be from eranbe(a)mellanox.com are queue-4.15/net-mlx4_en-fix-mixed-pfc-and-global-pause-user-control-requests.patch

7 years, 5 months

1
0
0 0

Patch "net/ipv6: Fix route leaking between VRFs" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/ipv6: Fix route leaking between VRFs to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-ipv6-fix-route-leaking-between-vrfs.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: David Ahern <dsahern(a)gmail.com> Date: Thu, 29 Mar 2018 17:44:57 -0700 Subject: net/ipv6: Fix route leaking between VRFs From: David Ahern <dsahern(a)gmail.com> [ Upstream commit b6cdbc85234b072340b8923e69f49ec293f905dc ] Donald reported that IPv6 route leaking between VRFs is not working. The root cause is the strict argument in the call to rt6_lookup when validating the nexthop spec. ip6_route_check_nh validates the gateway and device (if given) of a route spec. It in turn could call rt6_lookup (e.g., lookup in a given table did not succeed so it falls back to a full lookup) and if so sets the strict argument to 1. That means if the egress device is given, the route lookup needs to return a result with the same device. This strict requirement does not work with VRFs (IPv4 or IPv6) because the oif in the flow struct is overridden with the index of the VRF device to trigger a match on the l3mdev rule and force the lookup to its table. The right long term solution is to add an l3mdev index to the flow struct such that the oif is not overridden. That solution will not backport well, so this patch aims for a simpler solution to relax the strict argument if the route spec device is an l3mdev slave. As done in other places, use the FLOWI_FLAG_SKIP_NH_OIF to know that the RT6_LOOKUP_F_IFACE flag needs to be removed. Fixes: ca254490c8df ("net: Add VRF support to IPv6 stack") Reported-by: Donald Sharp <sharpd(a)cumulusnetworks.com> Signed-off-by: David Ahern <dsahern(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv6/route.c | 3 +++ 1 file changed, 3 insertions(+) --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -922,6 +922,9 @@ static struct rt6_info *ip6_pol_route_lo struct rt6_info *rt, *rt_cache; struct fib6_node *fn; + if (fl6->flowi6_flags & FLOWI_FLAG_SKIP_NH_OIF) + flags &= ~RT6_LOOKUP_F_IFACE; + rcu_read_lock(); fn = fib6_lookup(&table->tb6_root, &fl6->daddr, &fl6->saddr); restart: Patches currently in stable-queue which might be from dsahern(a)gmail.com are queue-4.15/perf-evsel-fix-swap-for-samples-with-raw-data.patch queue-4.15/perf-tools-fix-copyfile_offset-update-of-output-offset.patch queue-4.15/net-ipv6-fix-route-leaking-between-vrfs.patch queue-4.15/vrf-fix-use-after-free-and-double-free-in-vrf_finish_output.patch

7 years, 5 months

1
0
0 0

Patch "net/mlx4_core: Fix memory leak while delete slave's resources" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/mlx4_core: Fix memory leak while delete slave's resources to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-mlx4_core-fix-memory-leak-while-delete-slave-s-resources.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Moshe Shemesh <moshe(a)mellanox.com> Date: Tue, 27 Mar 2018 14:41:19 +0300 Subject: net/mlx4_core: Fix memory leak while delete slave's resources From: Moshe Shemesh <moshe(a)mellanox.com> [ Upstream commit 461d5f1b59490ce0096dfda45e10038c122a7892 ] mlx4_delete_all_resources_for_slave in resource tracker should free all memory allocated for a slave. While releasing memory of fs_rule, it misses releasing memory of fs_rule->mirr_mbox. Fixes: 78efed275117 ('net/mlx4_core: Support mirroring VF DMFS rules on both ports') Signed-off-by: Moshe Shemesh <moshe(a)mellanox.com> Signed-off-by: Tariq Toukan <tariqt(a)mellanox.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/mellanox/mlx4/resource_tracker.c | 1 + 1 file changed, 1 insertion(+) --- a/drivers/net/ethernet/mellanox/mlx4/resource_tracker.c +++ b/drivers/net/ethernet/mellanox/mlx4/resource_tracker.c @@ -5088,6 +5088,7 @@ static void rem_slave_fs_rule(struct mlx &tracker->res_tree[RES_FS_RULE]); list_del(&fs_rule->com.list); spin_unlock_irq(mlx4_tlock(dev)); + kfree(fs_rule->mirr_mbox); kfree(fs_rule); state = 0; break; Patches currently in stable-queue which might be from moshe(a)mellanox.com are queue-4.15/net-mlx4_core-fix-memory-leak-while-delete-slave-s-resources.patch queue-4.15/net-mlx5e-verify-coalescing-parameters-in-range.patch

7 years, 5 months

1
0
0 0

Patch "net/ipv6: Increment OUTxxx counters after netfilter hook" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/ipv6: Increment OUTxxx counters after netfilter hook to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-ipv6-increment-outxxx-counters-after-netfilter-hook.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Jeff Barnhill <0xeffeff(a)gmail.com> Date: Thu, 5 Apr 2018 21:29:47 +0000 Subject: net/ipv6: Increment OUTxxx counters after netfilter hook From: Jeff Barnhill <0xeffeff(a)gmail.com> [ Upstream commit 71a1c915238c970cd9bdd5bf158b1279d6b6d55b ] At the end of ip6_forward(), IPSTATS_MIB_OUTFORWDATAGRAMS and IPSTATS_MIB_OUTOCTETS are incremented immediately before the NF_HOOK call for NFPROTO_IPV6 / NF_INET_FORWARD. As a result, these counters get incremented regardless of whether or not the netfilter hook allows the packet to continue being processed. This change increments the counters in ip6_forward_finish() so that it will not happen if the netfilter hook chooses to terminate the packet, which is similar to how IPv4 works. Signed-off-by: Jeff Barnhill <0xeffeff(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv6/ip6_output.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -375,6 +375,11 @@ static int ip6_forward_proxy_check(struc static inline int ip6_forward_finish(struct net *net, struct sock *sk, struct sk_buff *skb) { + struct dst_entry *dst = skb_dst(skb); + + __IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS); + __IP6_ADD_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTOCTETS, skb->len); + return dst_output(net, sk, skb); } @@ -568,8 +573,6 @@ int ip6_forward(struct sk_buff *skb) hdr->hop_limit--; - __IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS); - __IP6_ADD_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTOCTETS, skb->len); return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD, net, NULL, skb, skb->dev, dst->dev, ip6_forward_finish); Patches currently in stable-queue which might be from 0xeffeff(a)gmail.com are queue-4.15/net-ipv6-increment-outxxx-counters-after-netfilter-hook.patch

7 years, 5 months

1
0
0 0

Patch "net: fool proof dev_valid_name()" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net: fool proof dev_valid_name() to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-fool-proof-dev_valid_name.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Thu, 5 Apr 2018 06:39:26 -0700 Subject: net: fool proof dev_valid_name() From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit a9d48205d0aedda021fc3728972a9e9934c2b9de ] We want to use dev_valid_name() to validate tunnel names, so better use strnlen(name, IFNAMSIZ) than strlen(name) to make sure to not upset KASAN. Signed-off-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/core/dev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/core/dev.c +++ b/net/core/dev.c @@ -1027,7 +1027,7 @@ bool dev_valid_name(const char *name) { if (*name == '\0') return false; - if (strlen(name) >= IFNAMSIZ) + if (strnlen(name, IFNAMSIZ) == IFNAMSIZ) return false; if (!strcmp(name, ".") || !strcmp(name, "..")) return false; Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.15/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.15/net-fix-possible-out-of-bound-read-in-skb_network_protocol.patch queue-4.15/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.15/net-fool-proof-dev_valid_name.patch queue-4.15/ipv6-the-entire-ipv6-header-chain-must-fit-the-first-fragment.patch queue-4.15/vti6-better-validate-user-provided-tunnel-names.patch queue-4.15/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.15/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.15/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.15/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.15/netlink-make-sure-nladdr-has-correct-size-in-netlink_connect.patch queue-4.15/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "net: fix possible out-of-bound read in skb_network_protocol()" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net: fix possible out-of-bound read in skb_network_protocol() to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-fix-possible-out-of-bound-read-in-skb_network_protocol.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Mon, 26 Mar 2018 08:08:07 -0700 Subject: net: fix possible out-of-bound read in skb_network_protocol() From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit 1dfe82ebd7d8fd43dba9948fdfb31f145014baa0 ] skb mac header is not necessarily set at the time skb_network_protocol() is called. Use skb->data instead. BUG: KASAN: slab-out-of-bounds in skb_network_protocol+0x46b/0x4b0 net/core/dev.c:2739 Read of size 2 at addr ffff8801b3097a0b by task syz-executor5/14242 CPU: 1 PID: 14242 Comm: syz-executor5 Not tainted 4.16.0-rc6+ #280 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x24d lib/dump_stack.c:53 print_address_description+0x73/0x250 mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report+0x23c/0x360 mm/kasan/report.c:412 __asan_report_load_n_noabort+0xf/0x20 mm/kasan/report.c:443 skb_network_protocol+0x46b/0x4b0 net/core/dev.c:2739 harmonize_features net/core/dev.c:2924 [inline] netif_skb_features+0x509/0x9b0 net/core/dev.c:3011 validate_xmit_skb+0x81/0xb00 net/core/dev.c:3084 validate_xmit_skb_list+0xbf/0x120 net/core/dev.c:3142 packet_direct_xmit+0x117/0x790 net/packet/af_packet.c:256 packet_snd net/packet/af_packet.c:2944 [inline] packet_sendmsg+0x3aed/0x60b0 net/packet/af_packet.c:2969 sock_sendmsg_nosec net/socket.c:629 [inline] sock_sendmsg+0xca/0x110 net/socket.c:639 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2047 __sys_sendmsg+0xe5/0x210 net/socket.c:2081 Fixes: 19acc327258a ("gso: Handle Trans-Ether-Bridging protocol in skb_network_protocol()") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Cc: Pravin B Shelar <pshelar(a)ovn.org> Reported-by: Reported-by: syzbot <syzkaller(a)googlegroups.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/core/dev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/core/dev.c +++ b/net/core/dev.c @@ -2719,7 +2719,7 @@ __be16 skb_network_protocol(struct sk_bu if (unlikely(!pskb_may_pull(skb, sizeof(struct ethhdr)))) return 0; - eth = (struct ethhdr *)skb_mac_header(skb); + eth = (struct ethhdr *)skb->data; type = eth->h_proto; } Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.15/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.15/net-fix-possible-out-of-bound-read-in-skb_network_protocol.patch queue-4.15/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.15/net-fool-proof-dev_valid_name.patch queue-4.15/ipv6-the-entire-ipv6-header-chain-must-fit-the-first-fragment.patch queue-4.15/vti6-better-validate-user-provided-tunnel-names.patch queue-4.15/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.15/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.15/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.15/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.15/netlink-make-sure-nladdr-has-correct-size-in-netlink_connect.patch queue-4.15/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "net: dsa: Discard frames from unused ports" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net: dsa: Discard frames from unused ports to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-dsa-discard-frames-from-unused-ports.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Andrew Lunn <andrew(a)lunn.ch> Date: Sat, 7 Apr 2018 20:37:40 +0200 Subject: net: dsa: Discard frames from unused ports From: Andrew Lunn <andrew(a)lunn.ch> [ Upstream commit fc5f33768cca7144f8d793205b229d46740d183b ] The Marvell switches under some conditions will pass a frame to the host with the port being the CPU port. Such frames are invalid, and should be dropped. Not dropping them can result in a crash when incrementing the receive statistics for an invalid port. Reported-by: Chris Healy <cphealy(a)gmail.com> Fixes: 91da11f870f0 ("net: Distributed Switch Architecture protocol support") Signed-off-by: Andrew Lunn <andrew(a)lunn.ch> Reviewed-by: Florian Fainelli <f.fainelli(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/dsa/dsa_priv.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) --- a/net/dsa/dsa_priv.h +++ b/net/dsa/dsa_priv.h @@ -117,6 +117,7 @@ static inline struct net_device *dsa_mas struct dsa_port *cpu_dp = dev->dsa_ptr; struct dsa_switch_tree *dst = cpu_dp->dst; struct dsa_switch *ds; + struct dsa_port *slave_port; if (device < 0 || device >= DSA_MAX_SWITCHES) return NULL; @@ -128,7 +129,12 @@ static inline struct net_device *dsa_mas if (port < 0 || port >= ds->num_ports) return NULL; - return ds->ports[port].slave; + slave_port = &ds->ports[port]; + + if (unlikely(slave_port->type != DSA_PORT_TYPE_USER)) + return NULL; + + return slave_port->slave; } /* port.c */ Patches currently in stable-queue which might be from andrew(a)lunn.ch are queue-4.15/net-dsa-discard-frames-from-unused-ports.patch

7 years, 5 months

1
0
0 0

Patch "lan78xx: Crash in lan78xx_writ_reg (Workqueue: events lan78xx_deferred_multicast_write)" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled lan78xx: Crash in lan78xx_writ_reg (Workqueue: events lan78xx_deferred_multicast_write) to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: lan78xx-crash-in-lan78xx_writ_reg-workqueue-events-lan78xx_deferred_multicast_write.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Raghuram Chary J <raghuramchary.jallipalli(a)microchip.com> Date: Tue, 27 Mar 2018 14:51:16 +0530 Subject: lan78xx: Crash in lan78xx_writ_reg (Workqueue: events lan78xx_deferred_multicast_write) From: Raghuram Chary J <raghuramchary.jallipalli(a)microchip.com> [ Upstream commit 2d2d99ec13f62d5d2cecb6169dfdb6bbe05356d0 ] Description: Crash was reported with syzkaller pointing to lan78xx_write_reg routine. Root-cause: Proper cleanup of workqueues and init/setup routines was not happening in failure conditions. Fix: Handled the error conditions by cleaning up the queues and init/setup routines. Fixes: 55d7de9de6c3 ("Microchip's LAN7800 family USB 2/3 to 10/100/1000 Ethernet device driver") Reported-by: Andrey Konovalov <andreyknvl(a)google.com> Signed-off-by: Raghuram Chary J <raghuramchary.jallipalli(a)microchip.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/usb/lan78xx.c | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) --- a/drivers/net/usb/lan78xx.c +++ b/drivers/net/usb/lan78xx.c @@ -2863,8 +2863,7 @@ static int lan78xx_bind(struct lan78xx_n if (ret < 0) { netdev_warn(dev->net, "lan78xx_setup_irq_domain() failed : %d", ret); - kfree(pdata); - return ret; + goto out1; } dev->net->hard_header_len += TX_OVERHEAD; @@ -2872,14 +2871,32 @@ static int lan78xx_bind(struct lan78xx_n /* Init all registers */ ret = lan78xx_reset(dev); + if (ret) { + netdev_warn(dev->net, "Registers INIT FAILED...."); + goto out2; + } ret = lan78xx_mdio_init(dev); + if (ret) { + netdev_warn(dev->net, "MDIO INIT FAILED....."); + goto out2; + } dev->net->flags |= IFF_MULTICAST; pdata->wol = WAKE_MAGIC; return ret; + +out2: + lan78xx_remove_irq_domain(dev); + +out1: + netdev_warn(dev->net, "Bind routine FAILED"); + cancel_work_sync(&pdata->set_multicast); + cancel_work_sync(&pdata->set_vlan); + kfree(pdata); + return ret; } static void lan78xx_unbind(struct lan78xx_net *dev, struct usb_interface *intf) @@ -2891,6 +2908,8 @@ static void lan78xx_unbind(struct lan78x lan78xx_remove_mdio(dev); if (pdata) { + cancel_work_sync(&pdata->set_multicast); + cancel_work_sync(&pdata->set_vlan); netif_dbg(dev, ifdown, dev->net, "free pdata"); kfree(pdata); pdata = NULL; Patches currently in stable-queue which might be from raghuramchary.jallipalli(a)microchip.com are queue-4.15/lan78xx-crash-in-lan78xx_writ_reg-workqueue-events-lan78xx_deferred_multicast_write.patch

7 years, 5 months

1
0
0 0

Patch "ipv6: the entire IPv6 header chain must fit the first fragment" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ipv6: the entire IPv6 header chain must fit the first fragment to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ipv6-the-entire-ipv6-header-chain-must-fit-the-first-fragment.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Paolo Abeni <pabeni(a)redhat.com> Date: Fri, 23 Mar 2018 14:47:30 +0100 Subject: ipv6: the entire IPv6 header chain must fit the first fragment From: Paolo Abeni <pabeni(a)redhat.com> [ Upstream commit 10b8a3de603df7b96004179b1b33b1708c76d144 ] While building ipv6 datagram we currently allow arbitrary large extheaders, even beyond pmtu size. The syzbot has found a way to exploit the above to trigger the following splat: kernel BUG at ./include/linux/skbuff.h:2073! invalid opcode: 0000 [#1] SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: 4230 Comm: syzkaller672661 Not tainted 4.16.0-rc2+ #326 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__skb_pull include/linux/skbuff.h:2073 [inline] RIP: 0010:__ip6_make_skb+0x1ac8/0x2190 net/ipv6/ip6_output.c:1636 RSP: 0018:ffff8801bc18f0f0 EFLAGS: 00010293 RAX: ffff8801b17400c0 RBX: 0000000000000738 RCX: ffffffff84f01828 RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8801b415ac18 RBP: ffff8801bc18f360 R08: ffff8801b4576844 R09: 0000000000000000 R10: ffff8801bc18f380 R11: ffffed00367aee4e R12: 00000000000000d6 R13: ffff8801b415a740 R14: dffffc0000000000 R15: ffff8801b45767c0 FS: 0000000001535880(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000002000b000 CR3: 00000001b4123001 CR4: 00000000001606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ip6_finish_skb include/net/ipv6.h:969 [inline] udp_v6_push_pending_frames+0x269/0x3b0 net/ipv6/udp.c:1073 udpv6_sendmsg+0x2a96/0x3400 net/ipv6/udp.c:1343 inet_sendmsg+0x11f/0x5e0 net/ipv4/af_inet.c:764 sock_sendmsg_nosec net/socket.c:630 [inline] sock_sendmsg+0xca/0x110 net/socket.c:640 ___sys_sendmsg+0x320/0x8b0 net/socket.c:2046 __sys_sendmmsg+0x1ee/0x620 net/socket.c:2136 SYSC_sendmmsg net/socket.c:2167 [inline] SyS_sendmmsg+0x35/0x60 net/socket.c:2162 do_syscall_64+0x280/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x4404c9 RSP: 002b:00007ffdce35f948 EFLAGS: 00000217 ORIG_RAX: 0000000000000133 RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004404c9 RDX: 0000000000000003 RSI: 0000000020001f00 RDI: 0000000000000003 RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8 R10: 0000000020000080 R11: 0000000000000217 R12: 0000000000401df0 R13: 0000000000401e80 R14: 0000000000000000 R15: 0000000000000000 Code: ff e8 1d 5e b9 fc e9 15 e9 ff ff e8 13 5e b9 fc e9 44 e8 ff ff e8 29 5e b9 fc e9 c0 e6 ff ff e8 3f f3 80 fc 0f 0b e8 38 f3 80 fc <0f> 0b 49 8d 87 80 00 00 00 4d 8d 87 84 00 00 00 48 89 85 20 fe RIP: __skb_pull include/linux/skbuff.h:2073 [inline] RSP: ffff8801bc18f0f0 RIP: __ip6_make_skb+0x1ac8/0x2190 net/ipv6/ip6_output.c:1636 RSP: ffff8801bc18f0f0 As stated by RFC 7112 section 5: When a host fragments an IPv6 datagram, it MUST include the entire IPv6 Header Chain in the First Fragment. So this patch addresses the issue dropping datagrams with excessive extheader length. It also updates the error path to report to the calling socket nonnegative pmtu values. The issue apparently predates git history. v1 -> v2: cleanup error path, as per Eric's suggestion Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: syzbot+91e6f9932ff122fa4410(a)syzkaller.appspotmail.com Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv6/ip6_output.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -1245,7 +1245,7 @@ static int __ip6_append_data(struct sock const struct sockcm_cookie *sockc) { struct sk_buff *skb, *skb_prev = NULL; - unsigned int maxfraglen, fragheaderlen, mtu, orig_mtu; + unsigned int maxfraglen, fragheaderlen, mtu, orig_mtu, pmtu; int exthdrlen = 0; int dst_exthdrlen = 0; int hh_len; @@ -1281,6 +1281,12 @@ static int __ip6_append_data(struct sock sizeof(struct frag_hdr) : 0) + rt->rt6i_nfheader_len; + /* as per RFC 7112 section 5, the entire IPv6 Header Chain must fit + * the first fragment + */ + if (headersize + transhdrlen > mtu) + goto emsgsize; + if (cork->length + length > mtu - headersize && ipc6->dontfrag && (sk->sk_protocol == IPPROTO_UDP || sk->sk_protocol == IPPROTO_RAW)) { @@ -1296,9 +1302,8 @@ static int __ip6_append_data(struct sock if (cork->length + length > maxnonfragsize - headersize) { emsgsize: - ipv6_local_error(sk, EMSGSIZE, fl6, - mtu - headersize + - sizeof(struct ipv6hdr)); + pmtu = max_t(int, mtu - headersize + sizeof(struct ipv6hdr), 0); + ipv6_local_error(sk, EMSGSIZE, fl6, pmtu); return -EMSGSIZE; } Patches currently in stable-queue which might be from pabeni(a)redhat.com are queue-4.15/ipv6-the-entire-ipv6-header-chain-must-fit-the-first-fragment.patch

7 years, 5 months

1
0
0 0

Patch "ipv6: sr: fix seg6 encap performances with TSO enabled" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ipv6: sr: fix seg6 encap performances with TSO enabled to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ipv6-sr-fix-seg6-encap-performances-with-tso-enabled.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: David Lebrun <dlebrun(a)google.com> Date: Thu, 29 Mar 2018 17:59:36 +0100 Subject: ipv6: sr: fix seg6 encap performances with TSO enabled From: David Lebrun <dlebrun(a)google.com> [ Upstream commit 5807b22c9164a21cd1077a9bc587f0bba361f72d ] Enabling TSO can lead to abysmal performances when using seg6 in encap mode, such as with the ixgbe driver. This patch adds a call to iptunnel_handle_offloads() to remove the encapsulation bit if needed. Before: root@comp4-seg6bpf:~# iperf3 -c fc00::55 Connecting to host fc00::55, port 5201 [ 4] local fc45::4 port 36592 connected to fc00::55 port 5201 [ ID] Interval Transfer Bandwidth Retr Cwnd [ 4] 0.00-1.00 sec 196 KBytes 1.60 Mbits/sec 47 6.66 KBytes [ 4] 1.00-2.00 sec 304 KBytes 2.49 Mbits/sec 100 5.33 KBytes [ 4] 2.00-3.00 sec 284 KBytes 2.32 Mbits/sec 92 5.33 KBytes After: root@comp4-seg6bpf:~# iperf3 -c fc00::55 Connecting to host fc00::55, port 5201 [ 4] local fc45::4 port 43062 connected to fc00::55 port 5201 [ ID] Interval Transfer Bandwidth Retr Cwnd [ 4] 0.00-1.00 sec 1.03 GBytes 8.89 Gbits/sec 0 743 KBytes [ 4] 1.00-2.00 sec 1.03 GBytes 8.87 Gbits/sec 0 743 KBytes [ 4] 2.00-3.00 sec 1.03 GBytes 8.87 Gbits/sec 0 743 KBytes Reported-by: Tom Herbert <tom(a)quantonium.net> Fixes: 6c8702c60b88 ("ipv6: sr: add support for SRH encapsulation and injection with lwtunnels") Signed-off-by: David Lebrun <dlebrun(a)google.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv6/seg6_iptunnel.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) --- a/net/ipv6/seg6_iptunnel.c +++ b/net/ipv6/seg6_iptunnel.c @@ -16,6 +16,7 @@ #include <linux/net.h> #include <linux/module.h> #include <net/ip.h> +#include <net/ip_tunnels.h> #include <net/lwtunnel.h> #include <net/netevent.h> #include <net/netns/generic.h> @@ -211,11 +212,6 @@ static int seg6_do_srh(struct sk_buff *s tinfo = seg6_encap_lwtunnel(dst->lwtstate); - if (likely(!skb->encapsulation)) { - skb_reset_inner_headers(skb); - skb->encapsulation = 1; - } - switch (tinfo->mode) { case SEG6_IPTUN_MODE_INLINE: if (skb->protocol != htons(ETH_P_IPV6)) @@ -224,10 +220,12 @@ static int seg6_do_srh(struct sk_buff *s err = seg6_do_srh_inline(skb, tinfo->srh); if (err) return err; - - skb_reset_inner_headers(skb); break; case SEG6_IPTUN_MODE_ENCAP: + err = iptunnel_handle_offloads(skb, SKB_GSO_IPXIP6); + if (err) + return err; + if (skb->protocol == htons(ETH_P_IPV6)) proto = IPPROTO_IPV6; else if (skb->protocol == htons(ETH_P_IP)) @@ -239,6 +237,8 @@ static int seg6_do_srh(struct sk_buff *s if (err) return err; + skb_set_inner_transport_header(skb, skb_transport_offset(skb)); + skb_set_inner_protocol(skb, skb->protocol); skb->protocol = htons(ETH_P_IPV6); break; case SEG6_IPTUN_MODE_L2ENCAP: @@ -262,8 +262,6 @@ static int seg6_do_srh(struct sk_buff *s ipv6_hdr(skb)->payload_len = htons(skb->len - sizeof(struct ipv6hdr)); skb_set_transport_header(skb, sizeof(struct ipv6hdr)); - skb_set_inner_protocol(skb, skb->protocol); - return 0; } Patches currently in stable-queue which might be from dlebrun(a)google.com are queue-4.15/ipv6-sr-fix-seg6-encap-performances-with-tso-enabled.patch

7 years, 5 months

1
0
0 0

Patch "ipv6: sit: better validate user provided tunnel names" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ipv6: sit: better validate user provided tunnel names to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ipv6-sit-better-validate-user-provided-tunnel-names.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Thu, 5 Apr 2018 06:39:28 -0700 Subject: ipv6: sit: better validate user provided tunnel names From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit b95211e066fc3494b7c115060b2297b4ba21f025 ] Use dev_valid_name() to make sure user does not provide illegal device name. syzbot caught the following bug : BUG: KASAN: stack-out-of-bounds in strlcpy include/linux/string.h:300 [inline] BUG: KASAN: stack-out-of-bounds in ipip6_tunnel_locate+0x63b/0xaa0 net/ipv6/sit.c:254 Write of size 33 at addr ffff8801b64076d8 by task syzkaller932654/4453 CPU: 0 PID: 4453 Comm: syzkaller932654 Not tainted 4.16.0+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b9/0x29f lib/dump_stack.c:53 print_address_description+0x6c/0x20b mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.7+0xac/0x2f5 mm/kasan/report.c:412 check_memory_region_inline mm/kasan/kasan.c:260 [inline] check_memory_region+0x13e/0x1b0 mm/kasan/kasan.c:267 memcpy+0x37/0x50 mm/kasan/kasan.c:303 strlcpy include/linux/string.h:300 [inline] ipip6_tunnel_locate+0x63b/0xaa0 net/ipv6/sit.c:254 ipip6_tunnel_ioctl+0xe71/0x241b net/ipv6/sit.c:1221 dev_ifsioc+0x43e/0xb90 net/core/dev_ioctl.c:334 dev_ioctl+0x69a/0xcc0 net/core/dev_ioctl.c:525 sock_ioctl+0x47e/0x680 net/socket.c:1015 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x1cf/0x1650 fs/ioctl.c:684 ksys_ioctl+0xa9/0xd0 fs/ioctl.c:701 SYSC_ioctl fs/ioctl.c:708 [inline] SyS_ioctl+0x24/0x30 fs/ioctl.c:706 do_syscall_64+0x29e/0x9d0 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Reported-by: syzbot <syzkaller(a)googlegroups.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv6/sit.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) --- a/net/ipv6/sit.c +++ b/net/ipv6/sit.c @@ -250,11 +250,13 @@ static struct ip_tunnel *ipip6_tunnel_lo if (!create) goto failed; - if (parms->name[0]) + if (parms->name[0]) { + if (!dev_valid_name(parms->name)) + goto failed; strlcpy(name, parms->name, IFNAMSIZ); - else + } else { strcpy(name, "sit%d"); - + } dev = alloc_netdev(sizeof(*t), name, NET_NAME_UNKNOWN, ipip6_tunnel_setup); if (!dev) Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.15/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.15/net-fix-possible-out-of-bound-read-in-skb_network_protocol.patch queue-4.15/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.15/net-fool-proof-dev_valid_name.patch queue-4.15/ipv6-the-entire-ipv6-header-chain-must-fit-the-first-fragment.patch queue-4.15/vti6-better-validate-user-provided-tunnel-names.patch queue-4.15/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.15/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.15/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.15/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.15/netlink-make-sure-nladdr-has-correct-size-in-netlink_connect.patch queue-4.15/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "ip_tunnel: better validate user provided tunnel names" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ip_tunnel: better validate user provided tunnel names to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ip_tunnel-better-validate-user-provided-tunnel-names.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Thu, 5 Apr 2018 06:39:27 -0700 Subject: ip_tunnel: better validate user provided tunnel names From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit 9cb726a212a82c88c98aa9f0037fd04777cd8fe5 ] Use dev_valid_name() to make sure user does not provide illegal device name. syzbot caught the following bug : BUG: KASAN: stack-out-of-bounds in strlcpy include/linux/string.h:300 [inline] BUG: KASAN: stack-out-of-bounds in __ip_tunnel_create+0xca/0x6b0 net/ipv4/ip_tunnel.c:257 Write of size 20 at addr ffff8801ac79f810 by task syzkaller268107/4482 CPU: 0 PID: 4482 Comm: syzkaller268107 Not tainted 4.16.0+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b9/0x29f lib/dump_stack.c:53 print_address_description+0x6c/0x20b mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.7+0xac/0x2f5 mm/kasan/report.c:412 check_memory_region_inline mm/kasan/kasan.c:260 [inline] check_memory_region+0x13e/0x1b0 mm/kasan/kasan.c:267 memcpy+0x37/0x50 mm/kasan/kasan.c:303 strlcpy include/linux/string.h:300 [inline] __ip_tunnel_create+0xca/0x6b0 net/ipv4/ip_tunnel.c:257 ip_tunnel_create net/ipv4/ip_tunnel.c:352 [inline] ip_tunnel_ioctl+0x818/0xd40 net/ipv4/ip_tunnel.c:861 ipip_tunnel_ioctl+0x1c5/0x420 net/ipv4/ipip.c:350 dev_ifsioc+0x43e/0xb90 net/core/dev_ioctl.c:334 dev_ioctl+0x69a/0xcc0 net/core/dev_ioctl.c:525 sock_ioctl+0x47e/0x680 net/socket.c:1015 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x1cf/0x1650 fs/ioctl.c:684 ksys_ioctl+0xa9/0xd0 fs/ioctl.c:701 SYSC_ioctl fs/ioctl.c:708 [inline] SyS_ioctl+0x24/0x30 fs/ioctl.c:706 do_syscall_64+0x29e/0x9d0 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 Fixes: c54419321455 ("GRE: Refactor GRE tunneling code.") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Reported-by: syzbot <syzkaller(a)googlegroups.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv4/ip_tunnel.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) --- a/net/ipv4/ip_tunnel.c +++ b/net/ipv4/ip_tunnel.c @@ -253,13 +253,14 @@ static struct net_device *__ip_tunnel_cr struct net_device *dev; char name[IFNAMSIZ]; - if (parms->name[0]) + err = -E2BIG; + if (parms->name[0]) { + if (!dev_valid_name(parms->name)) + goto failed; strlcpy(name, parms->name, IFNAMSIZ); - else { - if (strlen(ops->kind) > (IFNAMSIZ - 3)) { - err = -E2BIG; + } else { + if (strlen(ops->kind) > (IFNAMSIZ - 3)) goto failed; - } strlcpy(name, ops->kind, IFNAMSIZ); strncat(name, "%d", 2); } Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.15/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.15/net-fix-possible-out-of-bound-read-in-skb_network_protocol.patch queue-4.15/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.15/net-fool-proof-dev_valid_name.patch queue-4.15/ipv6-the-entire-ipv6-header-chain-must-fit-the-first-fragment.patch queue-4.15/vti6-better-validate-user-provided-tunnel-names.patch queue-4.15/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.15/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.15/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.15/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.15/netlink-make-sure-nladdr-has-correct-size-in-netlink_connect.patch queue-4.15/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "ip6_tunnel: better validate user provided tunnel names" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ip6_tunnel: better validate user provided tunnel names to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ip6_tunnel-better-validate-user-provided-tunnel-names.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Thu, 5 Apr 2018 06:39:30 -0700 Subject: ip6_tunnel: better validate user provided tunnel names From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit db7a65e3ab78e5b1c4b17c0870ebee35a4ee3257 ] Use valid_name() to make sure user does not provide illegal device name. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv6/ip6_tunnel.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) --- a/net/ipv6/ip6_tunnel.c +++ b/net/ipv6/ip6_tunnel.c @@ -297,13 +297,16 @@ static struct ip6_tnl *ip6_tnl_create(st struct net_device *dev; struct ip6_tnl *t; char name[IFNAMSIZ]; - int err = -ENOMEM; + int err = -E2BIG; - if (p->name[0]) + if (p->name[0]) { + if (!dev_valid_name(p->name)) + goto failed; strlcpy(name, p->name, IFNAMSIZ); - else + } else { sprintf(name, "ip6tnl%%d"); - + } + err = -ENOMEM; dev = alloc_netdev(sizeof(*t), name, NET_NAME_UNKNOWN, ip6_tnl_dev_setup); if (!dev) Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.15/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.15/net-fix-possible-out-of-bound-read-in-skb_network_protocol.patch queue-4.15/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.15/net-fool-proof-dev_valid_name.patch queue-4.15/ipv6-the-entire-ipv6-header-chain-must-fit-the-first-fragment.patch queue-4.15/vti6-better-validate-user-provided-tunnel-names.patch queue-4.15/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.15/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.15/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.15/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.15/netlink-make-sure-nladdr-has-correct-size-in-netlink_connect.patch queue-4.15/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "ip6_gre: better validate user provided tunnel names" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ip6_gre: better validate user provided tunnel names to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ip6_gre-better-validate-user-provided-tunnel-names.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Thu, 5 Apr 2018 06:39:29 -0700 Subject: ip6_gre: better validate user provided tunnel names From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit 5f42df013b8bc1b6511af7a04bf93b014884ae2a ] Use dev_valid_name() to make sure user does not provide illegal device name. syzbot caught the following bug : BUG: KASAN: stack-out-of-bounds in strlcpy include/linux/string.h:300 [inline] BUG: KASAN: stack-out-of-bounds in ip6gre_tunnel_locate+0x334/0x860 net/ipv6/ip6_gre.c:339 Write of size 20 at addr ffff8801afb9f7b8 by task syzkaller851048/4466 CPU: 1 PID: 4466 Comm: syzkaller851048 Not tainted 4.16.0+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b9/0x29f lib/dump_stack.c:53 print_address_description+0x6c/0x20b mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.7+0xac/0x2f5 mm/kasan/report.c:412 check_memory_region_inline mm/kasan/kasan.c:260 [inline] check_memory_region+0x13e/0x1b0 mm/kasan/kasan.c:267 memcpy+0x37/0x50 mm/kasan/kasan.c:303 strlcpy include/linux/string.h:300 [inline] ip6gre_tunnel_locate+0x334/0x860 net/ipv6/ip6_gre.c:339 ip6gre_tunnel_ioctl+0x69d/0x12e0 net/ipv6/ip6_gre.c:1195 dev_ifsioc+0x43e/0xb90 net/core/dev_ioctl.c:334 dev_ioctl+0x69a/0xcc0 net/core/dev_ioctl.c:525 sock_ioctl+0x47e/0x680 net/socket.c:1015 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x1cf/0x1650 fs/ioctl.c:684 ksys_ioctl+0xa9/0xd0 fs/ioctl.c:701 SYSC_ioctl fs/ioctl.c:708 [inline] SyS_ioctl+0x24/0x30 fs/ioctl.c:706 do_syscall_64+0x29e/0x9d0 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 Fixes: c12b395a4664 ("gre: Support GRE over IPv6") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Reported-by: syzbot <syzkaller(a)googlegroups.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv6/ip6_gre.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) --- a/net/ipv6/ip6_gre.c +++ b/net/ipv6/ip6_gre.c @@ -319,11 +319,13 @@ static struct ip6_tnl *ip6gre_tunnel_loc if (t || !create) return t; - if (parms->name[0]) + if (parms->name[0]) { + if (!dev_valid_name(parms->name)) + return NULL; strlcpy(name, parms->name, IFNAMSIZ); - else + } else { strcpy(name, "ip6gre%d"); - + } dev = alloc_netdev(sizeof(*t), name, NET_NAME_UNKNOWN, ip6gre_tunnel_setup); if (!dev) Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.15/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.15/net-fix-possible-out-of-bound-read-in-skb_network_protocol.patch queue-4.15/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.15/net-fool-proof-dev_valid_name.patch queue-4.15/ipv6-the-entire-ipv6-header-chain-must-fit-the-first-fragment.patch queue-4.15/vti6-better-validate-user-provided-tunnel-names.patch queue-4.15/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.15/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.15/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.15/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.15/netlink-make-sure-nladdr-has-correct-size-in-netlink_connect.patch queue-4.15/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: bonding-move-dev_mc_sync-after-master_upper_dev_link-in-bond_enslave.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Xin Long <lucien.xin(a)gmail.com> Date: Mon, 26 Mar 2018 01:16:46 +0800 Subject: bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave From: Xin Long <lucien.xin(a)gmail.com> [ Upstream commit ae42cc62a9f07f1f6979054ed92606b9c30f4a2e ] Beniamino found a crash when adding vlan as slave of bond which is also the parent link: ip link add bond1 type bond ip link set bond1 up ip link add link bond1 vlan1 type vlan id 80 ip link set vlan1 master bond1 The call trace is as below: [<ffffffffa850842a>] queued_spin_lock_slowpath+0xb/0xf [<ffffffffa8515680>] _raw_spin_lock+0x20/0x30 [<ffffffffa83f6f07>] dev_mc_sync+0x37/0x80 [<ffffffffc08687dc>] vlan_dev_set_rx_mode+0x1c/0x30 [8021q] [<ffffffffa83efd2a>] __dev_set_rx_mode+0x5a/0xa0 [<ffffffffa83f7138>] dev_mc_sync_multiple+0x78/0x80 [<ffffffffc084127c>] bond_enslave+0x67c/0x1190 [bonding] [<ffffffffa8401909>] do_setlink+0x9c9/0xe50 [<ffffffffa8403bf2>] rtnl_newlink+0x522/0x880 [<ffffffffa8403ff7>] rtnetlink_rcv_msg+0xa7/0x260 [<ffffffffa8424ecb>] netlink_rcv_skb+0xab/0xc0 [<ffffffffa83fe498>] rtnetlink_rcv+0x28/0x30 [<ffffffffa8424850>] netlink_unicast+0x170/0x210 [<ffffffffa8424bf8>] netlink_sendmsg+0x308/0x420 [<ffffffffa83cc396>] sock_sendmsg+0xb6/0xf0 This is actually a dead lock caused by sync slave hwaddr from master when the master is the slave's 'slave'. This dead loop check is actually done by netdev_master_upper_dev_link. However, Commit 1f718f0f4f97 ("bonding: populate neighbour's private on enslave") moved it after dev_mc_sync. This patch is to fix it by moving dev_mc_sync after master_upper_dev_link, so that this loop check would be earlier than dev_mc_sync. It also moves if (mode == BOND_MODE_8023AD) into if (!bond_uses_primary) clause as an improvement. Note team driver also has this issue, I will fix it in another patch. Fixes: 1f718f0f4f97 ("bonding: populate neighbour's private on enslave") Reported-by: Beniamino Galvani <bgalvani(a)redhat.com> Signed-off-by: Xin Long <lucien.xin(a)gmail.com> Acked-by: Andy Gospodarek <andy(a)greyhouse.net> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/bonding/bond_main.c | 73 +++++++++++++++++++--------------------- 1 file changed, 35 insertions(+), 38 deletions(-) --- a/drivers/net/bonding/bond_main.c +++ b/drivers/net/bonding/bond_main.c @@ -1528,44 +1528,11 @@ int bond_enslave(struct net_device *bond goto err_close; } - /* If the mode uses primary, then the following is handled by - * bond_change_active_slave(). - */ - if (!bond_uses_primary(bond)) { - /* set promiscuity level to new slave */ - if (bond_dev->flags & IFF_PROMISC) { - res = dev_set_promiscuity(slave_dev, 1); - if (res) - goto err_close; - } - - /* set allmulti level to new slave */ - if (bond_dev->flags & IFF_ALLMULTI) { - res = dev_set_allmulti(slave_dev, 1); - if (res) - goto err_close; - } - - netif_addr_lock_bh(bond_dev); - - dev_mc_sync_multiple(slave_dev, bond_dev); - dev_uc_sync_multiple(slave_dev, bond_dev); - - netif_addr_unlock_bh(bond_dev); - } - - if (BOND_MODE(bond) == BOND_MODE_8023AD) { - /* add lacpdu mc addr to mc list */ - u8 lacpdu_multicast[ETH_ALEN] = MULTICAST_LACPDU_ADDR; - - dev_mc_add(slave_dev, lacpdu_multicast); - } - res = vlan_vids_add_by_dev(slave_dev, bond_dev); if (res) { netdev_err(bond_dev, "Couldn't add bond vlan ids to %s\n", slave_dev->name); - goto err_hwaddr_unsync; + goto err_close; } prev_slave = bond_last_slave(bond); @@ -1725,6 +1692,37 @@ int bond_enslave(struct net_device *bond goto err_upper_unlink; } + /* If the mode uses primary, then the following is handled by + * bond_change_active_slave(). + */ + if (!bond_uses_primary(bond)) { + /* set promiscuity level to new slave */ + if (bond_dev->flags & IFF_PROMISC) { + res = dev_set_promiscuity(slave_dev, 1); + if (res) + goto err_sysfs_del; + } + + /* set allmulti level to new slave */ + if (bond_dev->flags & IFF_ALLMULTI) { + res = dev_set_allmulti(slave_dev, 1); + if (res) + goto err_sysfs_del; + } + + netif_addr_lock_bh(bond_dev); + dev_mc_sync_multiple(slave_dev, bond_dev); + dev_uc_sync_multiple(slave_dev, bond_dev); + netif_addr_unlock_bh(bond_dev); + + if (BOND_MODE(bond) == BOND_MODE_8023AD) { + /* add lacpdu mc addr to mc list */ + u8 lacpdu_multicast[ETH_ALEN] = MULTICAST_LACPDU_ADDR; + + dev_mc_add(slave_dev, lacpdu_multicast); + } + } + bond->slave_cnt++; bond_compute_features(bond); bond_set_carrier(bond); @@ -1748,6 +1746,9 @@ int bond_enslave(struct net_device *bond return 0; /* Undo stages on error */ +err_sysfs_del: + bond_sysfs_slave_del(new_slave); + err_upper_unlink: bond_upper_dev_unlink(bond, new_slave); @@ -1768,10 +1769,6 @@ err_detach: synchronize_rcu(); slave_disable_netpoll(new_slave); -err_hwaddr_unsync: - if (!bond_uses_primary(bond)) - bond_hw_addr_flush(bond_dev, slave_dev); - err_close: slave_dev->priv_flags &= ~IFF_BONDING; dev_close(slave_dev); Patches currently in stable-queue which might be from lucien.xin(a)gmail.com are queue-4.15/team-move-dev_mc_sync-after-master_upper_dev_link-in-team_port_add.patch queue-4.15/bonding-process-the-err-returned-by-dev_set_allmulti-properly-in-bond_enslave.patch queue-4.15/bonding-fix-the-err-path-for-dev-hwaddr-sync-in-bond_enslave.patch queue-4.15/bonding-move-dev_mc_sync-after-master_upper_dev_link-in-bond_enslave.patch queue-4.15/route-check-sysctl_fib_multipath_use_neigh-earlier-than-hash.patch

7 years, 5 months

1
0
0 0

Patch "bonding: process the err returned by dev_set_allmulti properly in bond_enslave" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled bonding: process the err returned by dev_set_allmulti properly in bond_enslave to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: bonding-process-the-err-returned-by-dev_set_allmulti-properly-in-bond_enslave.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Xin Long <lucien.xin(a)gmail.com> Date: Mon, 26 Mar 2018 01:16:47 +0800 Subject: bonding: process the err returned by dev_set_allmulti properly in bond_enslave From: Xin Long <lucien.xin(a)gmail.com> [ Upstream commit 9f5a90c107741b864398f4ac0014711a8c1d8474 ] When dev_set_promiscuity(1) succeeds but dev_set_allmulti(1) fails, dev_set_promiscuity(-1) should be done before going to the err path. Otherwise, dev->promiscuity will leak. Fixes: 7e1a1ac1fbaa ("bonding: Check return of dev_set_promiscuity/allmulti") Signed-off-by: Xin Long <lucien.xin(a)gmail.com> Acked-by: Andy Gospodarek <andy(a)greyhouse.net> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/bonding/bond_main.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) --- a/drivers/net/bonding/bond_main.c +++ b/drivers/net/bonding/bond_main.c @@ -1706,8 +1706,11 @@ int bond_enslave(struct net_device *bond /* set allmulti level to new slave */ if (bond_dev->flags & IFF_ALLMULTI) { res = dev_set_allmulti(slave_dev, 1); - if (res) + if (res) { + if (bond_dev->flags & IFF_PROMISC) + dev_set_promiscuity(slave_dev, -1); goto err_sysfs_del; + } } netif_addr_lock_bh(bond_dev); Patches currently in stable-queue which might be from lucien.xin(a)gmail.com are queue-4.15/team-move-dev_mc_sync-after-master_upper_dev_link-in-team_port_add.patch queue-4.15/bonding-process-the-err-returned-by-dev_set_allmulti-properly-in-bond_enslave.patch queue-4.15/bonding-fix-the-err-path-for-dev-hwaddr-sync-in-bond_enslave.patch queue-4.15/bonding-move-dev_mc_sync-after-master_upper_dev_link-in-bond_enslave.patch queue-4.15/route-check-sysctl_fib_multipath_use_neigh-earlier-than-hash.patch

7 years, 5 months

1
0
0 0

Patch "arp: fix arp_filter on l3slave devices" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled arp: fix arp_filter on l3slave devices to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arp-fix-arp_filter-on-l3slave-devices.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Miguel Fadon Perlines <mfadon(a)teldat.com> Date: Thu, 5 Apr 2018 10:25:38 +0200 Subject: arp: fix arp_filter on l3slave devices From: Miguel Fadon Perlines <mfadon(a)teldat.com> [ Upstream commit 58b35f27689b5eb514fc293c332966c226b1b6e4 ] arp_filter performs an ip_route_output search for arp source address and checks if output device is the same where the arp request was received, if it is not, the arp request is not answered. This route lookup is always done on main route table so l3slave devices never find the proper route and arp is not answered. Passing l3mdev_master_ifindex_rcu(dev) return value as oif fixes the lookup for l3slave devices while maintaining same behavior for non l3slave devices as this function returns 0 in that case. Fixes: 613d09b30f8b ("net: Use VRF device index for lookups on TX") Signed-off-by: Miguel Fadon Perlines <mfadon(a)teldat.com> Acked-by: David Ahern <dsa(a)cumulusnetworks.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv4/arp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/ipv4/arp.c +++ b/net/ipv4/arp.c @@ -437,7 +437,7 @@ static int arp_filter(__be32 sip, __be32 /*unsigned long now; */ struct net *net = dev_net(dev); - rt = ip_route_output(net, sip, tip, 0, 0); + rt = ip_route_output(net, sip, tip, 0, l3mdev_master_ifindex_rcu(dev)); if (IS_ERR(rt)) return 1; if (rt->dst.dev != dev) { Patches currently in stable-queue which might be from mfadon(a)teldat.com are queue-4.15/arp-fix-arp_filter-on-l3slave-devices.patch queue-4.15/vrf-fix-use-after-free-and-double-free-in-vrf_finish_output.patch

7 years, 5 months

1
0
0 0

Patch "bonding: fix the err path for dev hwaddr sync in bond_enslave" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled bonding: fix the err path for dev hwaddr sync in bond_enslave to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: bonding-fix-the-err-path-for-dev-hwaddr-sync-in-bond_enslave.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:19:36 CEST 2018 From: Xin Long <lucien.xin(a)gmail.com> Date: Mon, 26 Mar 2018 01:16:45 +0800 Subject: bonding: fix the err path for dev hwaddr sync in bond_enslave From: Xin Long <lucien.xin(a)gmail.com> [ Upstream commit 5c78f6bfae2b10ff70e21d343e64584ea6280c26 ] vlan_vids_add_by_dev is called right after dev hwaddr sync, so on the err path it should unsync dev hwaddr. Otherwise, the slave dev's hwaddr will never be unsync when this err happens. Fixes: 1ff412ad7714 ("bonding: change the bond's vlan syncing functions with the standard ones") Signed-off-by: Xin Long <lucien.xin(a)gmail.com> Reviewed-by: Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> Acked-by: Andy Gospodarek <andy(a)greyhouse.net> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/bonding/bond_main.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) --- a/drivers/net/bonding/bond_main.c +++ b/drivers/net/bonding/bond_main.c @@ -1565,7 +1565,7 @@ int bond_enslave(struct net_device *bond if (res) { netdev_err(bond_dev, "Couldn't add bond vlan ids to %s\n", slave_dev->name); - goto err_close; + goto err_hwaddr_unsync; } prev_slave = bond_last_slave(bond); @@ -1755,9 +1755,6 @@ err_unregister: netdev_rx_handler_unregister(slave_dev); err_detach: - if (!bond_uses_primary(bond)) - bond_hw_addr_flush(bond_dev, slave_dev); - vlan_vids_del_by_dev(slave_dev, bond_dev); if (rcu_access_pointer(bond->primary_slave) == new_slave) RCU_INIT_POINTER(bond->primary_slave, NULL); @@ -1771,6 +1768,10 @@ err_detach: synchronize_rcu(); slave_disable_netpoll(new_slave); +err_hwaddr_unsync: + if (!bond_uses_primary(bond)) + bond_hw_addr_flush(bond_dev, slave_dev); + err_close: slave_dev->priv_flags &= ~IFF_BONDING; dev_close(slave_dev); Patches currently in stable-queue which might be from lucien.xin(a)gmail.com are queue-4.15/team-move-dev_mc_sync-after-master_upper_dev_link-in-team_port_add.patch queue-4.15/bonding-process-the-err-returned-by-dev_set_allmulti-properly-in-bond_enslave.patch queue-4.15/bonding-fix-the-err-path-for-dev-hwaddr-sync-in-bond_enslave.patch queue-4.15/bonding-move-dev_mc_sync-after-master_upper_dev_link-in-bond_enslave.patch queue-4.15/route-check-sysctl_fib_multipath_use_neigh-earlier-than-hash.patch

7 years, 5 months

1
0
0 0

Patch "vti6: better validate user provided tunnel names" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled vti6: better validate user provided tunnel names to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: vti6-better-validate-user-provided-tunnel-names.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Thu, 5 Apr 2018 06:39:31 -0700 Subject: vti6: better validate user provided tunnel names From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit 537b361fbcbcc3cd6fe2bb47069fd292b9256d16 ] Use valid_name() to make sure user does not provide illegal device name. Fixes: ed1efb2aefbb ("ipv6: Add support for IPsec virtual tunnel interfaces") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Cc: Steffen Klassert <steffen.klassert(a)secunet.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv6/ip6_vti.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) --- a/net/ipv6/ip6_vti.c +++ b/net/ipv6/ip6_vti.c @@ -212,10 +212,13 @@ static struct ip6_tnl *vti6_tnl_create(s char name[IFNAMSIZ]; int err; - if (p->name[0]) + if (p->name[0]) { + if (!dev_valid_name(p->name)) + goto failed; strlcpy(name, p->name, IFNAMSIZ); - else + } else { sprintf(name, "ip6_vti%%d"); + } dev = alloc_netdev(sizeof(*t), name, NET_NAME_UNKNOWN, vti6_dev_setup); if (!dev) Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.14/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.14/net-fix-possible-out-of-bound-read-in-skb_network_protocol.patch queue-4.14/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.14/net-fool-proof-dev_valid_name.patch queue-4.14/ipv6-the-entire-ipv6-header-chain-must-fit-the-first-fragment.patch queue-4.14/vti6-better-validate-user-provided-tunnel-names.patch queue-4.14/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.14/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.14/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.14/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.14/netlink-make-sure-nladdr-has-correct-size-in-netlink_connect.patch queue-4.14/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "vrf: Fix use after free and double free in vrf_finish_output" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled vrf: Fix use after free and double free in vrf_finish_output to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: vrf-fix-use-after-free-and-double-free-in-vrf_finish_output.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: David Ahern <dsahern(a)gmail.com> Date: Thu, 29 Mar 2018 12:49:52 -0700 Subject: vrf: Fix use after free and double free in vrf_finish_output From: David Ahern <dsahern(a)gmail.com> [ Upstream commit 82dd0d2a9a76fc8fa2b18d80b987d455728bf83a ] Miguel reported an skb use after free / double free in vrf_finish_output when neigh_output returns an error. The vrf driver should return after the call to neigh_output as it takes over the skb on error path as well. Patch is a simplified version of Miguel's patch which was written for 4.9, and updated to top of tree. Fixes: 8f58336d3f78a ("net: Add ethernet header for pass through VRF device") Signed-off-by: Miguel Fadon Perlines <mfadon(a)teldat.com> Signed-off-by: David Ahern <dsahern(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/vrf.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) --- a/drivers/net/vrf.c +++ b/drivers/net/vrf.c @@ -579,12 +579,13 @@ static int vrf_finish_output(struct net if (!IS_ERR(neigh)) { sock_confirm_neigh(skb, neigh); ret = neigh_output(neigh, skb); + rcu_read_unlock_bh(); + return ret; } rcu_read_unlock_bh(); err: - if (unlikely(ret < 0)) - vrf_tx_error(skb->dev, skb); + vrf_tx_error(skb->dev, skb); return ret; } Patches currently in stable-queue which might be from dsahern(a)gmail.com are queue-4.14/perf-tools-fix-copyfile_offset-update-of-output-offset.patch queue-4.14/net-ipv6-fix-route-leaking-between-vrfs.patch queue-4.14/vrf-fix-use-after-free-and-double-free-in-vrf_finish_output.patch

7 years, 5 months

1
0
0 0

Patch "vhost_net: add missing lock nesting notation" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled vhost_net: add missing lock nesting notation to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: vhost_net-add-missing-lock-nesting-notation.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Jason Wang <jasowang(a)redhat.com> Date: Mon, 26 Mar 2018 16:10:23 +0800 Subject: vhost_net: add missing lock nesting notation From: Jason Wang <jasowang(a)redhat.com> [ Upstream commit aaa3149bbee9ba9b4e6f0bd6e3e7d191edeae942 ] We try to hold TX virtqueue mutex in vhost_net_rx_peek_head_len() after RX virtqueue mutex is held in handle_rx(). This requires an appropriate lock nesting notation to calm down deadlock detector. Fixes: 0308813724606 ("vhost_net: basic polling support") Reported-by: syzbot+7f073540b1384a614e09(a)syzkaller.appspotmail.com Signed-off-by: Jason Wang <jasowang(a)redhat.com> Acked-by: Michael S. Tsirkin <mst(a)redhat.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/vhost/net.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/drivers/vhost/net.c +++ b/drivers/vhost/net.c @@ -622,7 +622,7 @@ static int vhost_net_rx_peek_head_len(st if (!len && vq->busyloop_timeout) { /* Both tx vq and rx socket were polled here */ - mutex_lock(&vq->mutex); + mutex_lock_nested(&vq->mutex, 1); vhost_disable_notify(&net->dev, vq); preempt_disable(); @@ -755,7 +755,7 @@ static void handle_rx(struct vhost_net * struct iov_iter fixup; __virtio16 num_buffers; - mutex_lock(&vq->mutex); + mutex_lock_nested(&vq->mutex, 0); sock = vq->private_data; if (!sock) goto out; Patches currently in stable-queue which might be from jasowang(a)redhat.com are queue-4.14/vhost-validate-log-when-iotlb-is-enabled.patch queue-4.14/vhost_net-add-missing-lock-nesting-notation.patch queue-4.14/vhost-correctly-remove-wait-queue-during-poll-failure.patch

7 years, 5 months

1
0
0 0

Patch "vlan: also check phy_driver ts_info for vlan's real device" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled vlan: also check phy_driver ts_info for vlan's real device to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: vlan-also-check-phy_driver-ts_info-for-vlan-s-real-device.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Hangbin Liu <liuhangbin(a)gmail.com> Date: Fri, 30 Mar 2018 09:44:00 +0800 Subject: vlan: also check phy_driver ts_info for vlan's real device From: Hangbin Liu <liuhangbin(a)gmail.com> [ Upstream commit ec1d8ccb07deaf30fd0508af6755364ac47dc08d ] Just like function ethtool_get_ts_info(), we should also consider the phy_driver ts_info call back. For example, driver dp83640. Fixes: 37dd9255b2f6 ("vlan: Pass ethtool get_ts_info queries to real device.") Acked-by: Richard Cochran <richardcochran(a)gmail.com> Signed-off-by: Hangbin Liu <liuhangbin(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/8021q/vlan_dev.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) --- a/net/8021q/vlan_dev.c +++ b/net/8021q/vlan_dev.c @@ -29,6 +29,7 @@ #include <linux/net_tstamp.h> #include <linux/etherdevice.h> #include <linux/ethtool.h> +#include <linux/phy.h> #include <net/arp.h> #include <net/switchdev.h> @@ -665,8 +666,11 @@ static int vlan_ethtool_get_ts_info(stru { const struct vlan_dev_priv *vlan = vlan_dev_priv(dev); const struct ethtool_ops *ops = vlan->real_dev->ethtool_ops; + struct phy_device *phydev = vlan->real_dev->phydev; - if (ops->get_ts_info) { + if (phydev && phydev->drv && phydev->drv->ts_info) { + return phydev->drv->ts_info(phydev, info); + } else if (ops->get_ts_info) { return ops->get_ts_info(vlan->real_dev, info); } else { info->so_timestamping = SOF_TIMESTAMPING_RX_SOFTWARE | Patches currently in stable-queue which might be from liuhangbin(a)gmail.com are queue-4.14/vlan-also-check-phy_driver-ts_info-for-vlan-s-real-device.patch queue-4.14/l2tp-fix-missing-print-session-offset-info.patch

7 years, 5 months

1
0
0 0

Patch "vhost: validate log when IOTLB is enabled" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled vhost: validate log when IOTLB is enabled to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: vhost-validate-log-when-iotlb-is-enabled.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Jason Wang <jasowang(a)redhat.com> Date: Thu, 29 Mar 2018 16:00:04 +0800 Subject: vhost: validate log when IOTLB is enabled From: Jason Wang <jasowang(a)redhat.com> [ Upstream commit d65026c6c62e7d9616c8ceb5a53b68bcdc050525 ] Vq log_base is the userspace address of bitmap which has nothing to do with IOTLB. So it needs to be validated unconditionally otherwise we may try use 0 as log_base which may lead to pin pages that will lead unexpected result (e.g trigger BUG_ON() in set_bit_to_user()). Fixes: 6b1e6cc7855b0 ("vhost: new device IOTLB API") Reported-by: syzbot+6304bf97ef436580fede(a)syzkaller.appspotmail.com Signed-off-by: Jason Wang <jasowang(a)redhat.com> Acked-by: Michael S. Tsirkin <mst(a)redhat.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/vhost/vhost.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c @@ -1252,14 +1252,12 @@ static int vq_log_access_ok(struct vhost /* Caller should have vq mutex and device mutex */ int vhost_vq_access_ok(struct vhost_virtqueue *vq) { - if (vq->iotlb) { - /* When device IOTLB was used, the access validation - * will be validated during prefetching. - */ - return 1; - } - return vq_access_ok(vq, vq->num, vq->desc, vq->avail, vq->used) && - vq_log_access_ok(vq, vq->log_base); + int ret = vq_log_access_ok(vq, vq->log_base); + + if (ret || vq->iotlb) + return ret; + + return vq_access_ok(vq, vq->num, vq->desc, vq->avail, vq->used); } EXPORT_SYMBOL_GPL(vhost_vq_access_ok); Patches currently in stable-queue which might be from jasowang(a)redhat.com are queue-4.14/vhost-validate-log-when-iotlb-is-enabled.patch queue-4.14/vhost_net-add-missing-lock-nesting-notation.patch queue-4.14/vhost-correctly-remove-wait-queue-during-poll-failure.patch

7 years, 5 months

1
0
0 0

Patch "vhost: correctly remove wait queue during poll failure" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled vhost: correctly remove wait queue during poll failure to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: vhost-correctly-remove-wait-queue-during-poll-failure.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Jason Wang <jasowang(a)redhat.com> Date: Tue, 27 Mar 2018 20:50:52 +0800 Subject: vhost: correctly remove wait queue during poll failure From: Jason Wang <jasowang(a)redhat.com> [ Upstream commit dc6455a71c7fc5117977e197f67f71b49f27baba ] We tried to remove vq poll from wait queue, but do not check whether or not it was in a list before. This will lead double free. Fixing this by switching to use vhost_poll_stop() which zeros poll->wqh after removing poll from waitqueue to make sure it won't be freed twice. Cc: Darren Kenny <darren.kenny(a)oracle.com> Reported-by: syzbot+c0272972b01b872e604a(a)syzkaller.appspotmail.com Fixes: 2b8b328b61c79 ("vhost_net: handle polling errors when setting backend") Signed-off-by: Jason Wang <jasowang(a)redhat.com> Reviewed-by: Darren Kenny <darren.kenny(a)oracle.com> Acked-by: Michael S. Tsirkin <mst(a)redhat.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/vhost/vhost.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c @@ -213,8 +213,7 @@ int vhost_poll_start(struct vhost_poll * if (mask) vhost_poll_wakeup(&poll->wait, 0, 0, (void *)mask); if (mask & POLLERR) { - if (poll->wqh) - remove_wait_queue(poll->wqh, &poll->wait); + vhost_poll_stop(poll); ret = -EINVAL; } Patches currently in stable-queue which might be from jasowang(a)redhat.com are queue-4.14/vhost-validate-log-when-iotlb-is-enabled.patch queue-4.14/vhost_net-add-missing-lock-nesting-notation.patch queue-4.14/vhost-correctly-remove-wait-queue-during-poll-failure.patch

7 years, 5 months

1
0
0 0

Patch "team: move dev_mc_sync after master_upper_dev_link in team_port_add" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled team: move dev_mc_sync after master_upper_dev_link in team_port_add to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: team-move-dev_mc_sync-after-master_upper_dev_link-in-team_port_add.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Xin Long <lucien.xin(a)gmail.com> Date: Mon, 26 Mar 2018 01:25:06 +0800 Subject: team: move dev_mc_sync after master_upper_dev_link in team_port_add From: Xin Long <lucien.xin(a)gmail.com> [ Upstream commit 982cf3b3999d39a2eaca0a65542df33c19b5d814 ] The same fix as in 'bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave' is needed for team driver. The panic can be reproduced easily: ip link add team1 type team ip link set team1 up ip link add link team1 vlan1 type vlan id 80 ip link set vlan1 master team1 Fixes: cb41c997d444 ("team: team should sync the port's uc/mc addrs when add a port") Signed-off-by: Xin Long <lucien.xin(a)gmail.com> Acked-by: Jiri Pirko <jiri(a)mellanox.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/team/team.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) --- a/drivers/net/team/team.c +++ b/drivers/net/team/team.c @@ -1197,11 +1197,6 @@ static int team_port_add(struct team *te goto err_dev_open; } - netif_addr_lock_bh(dev); - dev_uc_sync_multiple(port_dev, dev); - dev_mc_sync_multiple(port_dev, dev); - netif_addr_unlock_bh(dev); - err = vlan_vids_add_by_dev(port_dev, dev); if (err) { netdev_err(dev, "Failed to add vlan ids to device %s\n", @@ -1241,6 +1236,11 @@ static int team_port_add(struct team *te goto err_option_port_add; } + netif_addr_lock_bh(dev); + dev_uc_sync_multiple(port_dev, dev); + dev_mc_sync_multiple(port_dev, dev); + netif_addr_unlock_bh(dev); + port->index = -1; list_add_tail_rcu(&port->list, &team->port_list); team_port_enable(team, port); @@ -1265,8 +1265,6 @@ err_enable_netpoll: vlan_vids_del_by_dev(port_dev, dev); err_vids_add: - dev_uc_unsync(port_dev, dev); - dev_mc_unsync(port_dev, dev); dev_close(port_dev); err_dev_open: Patches currently in stable-queue which might be from lucien.xin(a)gmail.com are queue-4.14/team-move-dev_mc_sync-after-master_upper_dev_link-in-team_port_add.patch queue-4.14/bonding-process-the-err-returned-by-dev_set_allmulti-properly-in-bond_enslave.patch queue-4.14/bonding-fix-the-err-path-for-dev-hwaddr-sync-in-bond_enslave.patch queue-4.14/bonding-move-dev_mc_sync-after-master_upper_dev_link-in-bond_enslave.patch queue-4.14/route-check-sysctl_fib_multipath_use_neigh-earlier-than-hash.patch

7 years, 5 months

1
0
0 0

Patch "strparser: Fix sign of err codes" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled strparser: Fix sign of err codes to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: strparser-fix-sign-of-err-codes.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Dave Watson <davejwatson(a)fb.com> Date: Mon, 26 Mar 2018 12:31:21 -0700 Subject: strparser: Fix sign of err codes From: Dave Watson <davejwatson(a)fb.com> [ Upstream commit cd00edc179863848abab5cc5683de5b7b5f70954 ] strp_parser_err is called with a negative code everywhere, which then calls abort_parser with a negative code. strp_msg_timeout calls abort_parser directly with a positive code. Negate ETIMEDOUT to match signed-ness of other calls. The default abort_parser callback, strp_abort_strp, sets sk->sk_err to err. Also negate the error here so sk_err always holds a positive value, as the rest of the net code expects. Currently a negative sk_err can result in endless loops, or user code that thinks it actually sent/received err bytes. Found while testing net/tls_sw recv path. Fixes: 43a0c6751a322847 ("strparser: Stream parser for messages") Signed-off-by: Dave Watson <davejwatson(a)fb.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/strparser/strparser.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/net/strparser/strparser.c +++ b/net/strparser/strparser.c @@ -60,7 +60,7 @@ static void strp_abort_strp(struct strpa struct sock *sk = strp->sk; /* Report an error on the lower socket */ - sk->sk_err = err; + sk->sk_err = -err; sk->sk_error_report(sk); } } @@ -458,7 +458,7 @@ static void strp_msg_timeout(struct work /* Message assembly timed out */ STRP_STATS_INCR(strp->stats.msg_timeouts); strp->cb.lock(strp); - strp->cb.abort_parser(strp, ETIMEDOUT); + strp->cb.abort_parser(strp, -ETIMEDOUT); strp->cb.unlock(strp); } Patches currently in stable-queue which might be from davejwatson(a)fb.com are queue-4.14/strparser-fix-sign-of-err-codes.patch

7 years, 5 months

1
0
0 0

Patch "sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Sun, 8 Apr 2018 07:52:08 -0700 Subject: sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit 81e98370293afcb58340ce8bd71af7b97f925c26 ] Check must happen before call to ipv6_addr_v4mapped() syzbot report was : BUG: KMSAN: uninit-value in sctp_sockaddr_af net/sctp/socket.c:359 [inline] BUG: KMSAN: uninit-value in sctp_do_bind+0x60f/0xdc0 net/sctp/socket.c:384 CPU: 0 PID: 3576 Comm: syzkaller968804 Not tainted 4.16.0+ #82 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x185/0x1d0 lib/dump_stack.c:53 kmsan_report+0x142/0x240 mm/kmsan/kmsan.c:1067 __msan_warning_32+0x6c/0xb0 mm/kmsan/kmsan_instr.c:676 sctp_sockaddr_af net/sctp/socket.c:359 [inline] sctp_do_bind+0x60f/0xdc0 net/sctp/socket.c:384 sctp_bind+0x149/0x190 net/sctp/socket.c:332 inet6_bind+0x1fd/0x1820 net/ipv6/af_inet6.c:293 SYSC_bind+0x3f2/0x4b0 net/socket.c:1474 SyS_bind+0x54/0x80 net/socket.c:1460 do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 RIP: 0033:0x43fd49 RSP: 002b:00007ffe99df3d28 EFLAGS: 00000213 ORIG_RAX: 0000000000000031 RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 000000000043fd49 RDX: 0000000000000010 RSI: 0000000020000000 RDI: 0000000000000003 RBP: 00000000006ca018 R08: 00000000004002c8 R09: 00000000004002c8 R10: 00000000004002c8 R11: 0000000000000213 R12: 0000000000401670 R13: 0000000000401700 R14: 0000000000000000 R15: 0000000000000000 Local variable description: ----address@SYSC_bind Variable was created at: SYSC_bind+0x6f/0x4b0 net/socket.c:1461 SyS_bind+0x54/0x80 net/socket.c:1460 Signed-off-by: Eric Dumazet <edumazet(a)google.com> Cc: Vlad Yasevich <vyasevich(a)gmail.com> Cc: Neil Horman <nhorman(a)tuxdriver.com> Reported-by: syzbot <syzkaller(a)googlegroups.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/sctp/socket.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -337,11 +337,14 @@ static struct sctp_af *sctp_sockaddr_af( if (!opt->pf->af_supported(addr->sa.sa_family, opt)) return NULL; - /* V4 mapped address are really of AF_INET family */ - if (addr->sa.sa_family == AF_INET6 && - ipv6_addr_v4mapped(&addr->v6.sin6_addr) && - !opt->pf->af_supported(AF_INET, opt)) - return NULL; + if (addr->sa.sa_family == AF_INET6) { + if (len < SIN6_LEN_RFC2133) + return NULL; + /* V4 mapped address are really of AF_INET family */ + if (ipv6_addr_v4mapped(&addr->v6.sin6_addr) && + !opt->pf->af_supported(AF_INET, opt)) + return NULL; + } /* If we get this far, af is valid. */ af = sctp_get_af_specific(addr->sa.sa_family); Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.14/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.14/net-fix-possible-out-of-bound-read-in-skb_network_protocol.patch queue-4.14/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.14/net-fool-proof-dev_valid_name.patch queue-4.14/ipv6-the-entire-ipv6-header-chain-must-fit-the-first-fragment.patch queue-4.14/vti6-better-validate-user-provided-tunnel-names.patch queue-4.14/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.14/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.14/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.14/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.14/netlink-make-sure-nladdr-has-correct-size-in-netlink_connect.patch queue-4.14/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "sky2: Increase D3 delay to sky2 stops working after suspend" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled sky2: Increase D3 delay to sky2 stops working after suspend to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: sky2-increase-d3-delay-to-sky2-stops-working-after-suspend.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Kai-Heng Feng <kai.heng.feng(a)canonical.com> Date: Sat, 31 Mar 2018 23:42:03 +0800 Subject: sky2: Increase D3 delay to sky2 stops working after suspend From: Kai-Heng Feng <kai.heng.feng(a)canonical.com> [ Upstream commit afb133637071be6deeb8b3d0e55593ffbf63c527 ] The sky2 ethernet stops working after system resume from suspend: [ 582.852065] sky2 0000:04:00.0: Refused to change power state, currently in D3 The current 150ms delay is not enough, change it to 200ms can solve the issue. BugLink: https://bugs.launchpad.net/bugs/1758507 Cc: Stable <stable(a)vger.kernel.org> Signed-off-by: Kai-Heng Feng <kai.heng.feng(a)canonical.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/marvell/sky2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/net/ethernet/marvell/sky2.c +++ b/drivers/net/ethernet/marvell/sky2.c @@ -5087,7 +5087,7 @@ static int sky2_probe(struct pci_dev *pd INIT_WORK(&hw->restart_work, sky2_restart); pci_set_drvdata(pdev, hw); - pdev->d3_delay = 150; + pdev->d3_delay = 200; return 0; Patches currently in stable-queue which might be from kai.heng.feng(a)canonical.com are queue-4.14/sky2-increase-d3-delay-to-sky2-stops-working-after-suspend.patch

7 years, 5 months

1
0
0 0

Patch "sctp: do not leak kernel memory to user space" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled sctp: do not leak kernel memory to user space to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: sctp-do-not-leak-kernel-memory-to-user-space.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Sat, 7 Apr 2018 17:15:22 -0700 Subject: sctp: do not leak kernel memory to user space From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit 6780db244d6b1537d139dea0ec8aad10cf9e4adb ] syzbot produced a nice report [1] Issue here is that a recvmmsg() managed to leak 8 bytes of kernel memory to user space, because sin_zero (padding field) was not properly cleared. [1] BUG: KMSAN: uninit-value in copy_to_user include/linux/uaccess.h:184 [inline] BUG: KMSAN: uninit-value in move_addr_to_user+0x32e/0x530 net/socket.c:227 CPU: 1 PID: 3586 Comm: syzkaller481044 Not tainted 4.16.0+ #82 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x185/0x1d0 lib/dump_stack.c:53 kmsan_report+0x142/0x240 mm/kmsan/kmsan.c:1067 kmsan_internal_check_memory+0x164/0x1d0 mm/kmsan/kmsan.c:1176 kmsan_copy_to_user+0x69/0x160 mm/kmsan/kmsan.c:1199 copy_to_user include/linux/uaccess.h:184 [inline] move_addr_to_user+0x32e/0x530 net/socket.c:227 ___sys_recvmsg+0x4e2/0x810 net/socket.c:2211 __sys_recvmmsg+0x54e/0xdb0 net/socket.c:2313 SYSC_recvmmsg+0x29b/0x3e0 net/socket.c:2394 SyS_recvmmsg+0x76/0xa0 net/socket.c:2378 do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 RIP: 0033:0x4401c9 RSP: 002b:00007ffc56f73098 EFLAGS: 00000217 ORIG_RAX: 000000000000012b RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004401c9 RDX: 0000000000000001 RSI: 0000000020003ac0 RDI: 0000000000000003 RBP: 00000000006ca018 R08: 0000000020003bc0 R09: 0000000000000010 R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000401af0 R13: 0000000000401b80 R14: 0000000000000000 R15: 0000000000000000 Local variable description: ----addr@___sys_recvmsg Variable was created at: ___sys_recvmsg+0xd5/0x810 net/socket.c:2172 __sys_recvmmsg+0x54e/0xdb0 net/socket.c:2313 Bytes 8-15 of 16 are uninitialized ================================================================== Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 3586 Comm: syzkaller481044 Tainted: G B 4.16.0+ #82 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x185/0x1d0 lib/dump_stack.c:53 panic+0x39d/0x940 kernel/panic.c:183 kmsan_report+0x238/0x240 mm/kmsan/kmsan.c:1083 kmsan_internal_check_memory+0x164/0x1d0 mm/kmsan/kmsan.c:1176 kmsan_copy_to_user+0x69/0x160 mm/kmsan/kmsan.c:1199 copy_to_user include/linux/uaccess.h:184 [inline] move_addr_to_user+0x32e/0x530 net/socket.c:227 ___sys_recvmsg+0x4e2/0x810 net/socket.c:2211 __sys_recvmmsg+0x54e/0xdb0 net/socket.c:2313 SYSC_recvmmsg+0x29b/0x3e0 net/socket.c:2394 SyS_recvmmsg+0x76/0xa0 net/socket.c:2378 do_syscall_64+0x309/0x430 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Cc: Vlad Yasevich <vyasevich(a)gmail.com> Cc: Neil Horman <nhorman(a)tuxdriver.com> Reported-by: syzbot <syzkaller(a)googlegroups.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/sctp/ipv6.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/net/sctp/ipv6.c +++ b/net/sctp/ipv6.c @@ -728,8 +728,10 @@ static int sctp_v6_addr_to_user(struct s sctp_v6_map_v4(addr); } - if (addr->sa.sa_family == AF_INET) + if (addr->sa.sa_family == AF_INET) { + memset(addr->v4.sin_zero, 0, sizeof(addr->v4.sin_zero)); return sizeof(struct sockaddr_in); + } return sizeof(struct sockaddr_in6); } Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.14/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.14/net-fix-possible-out-of-bound-read-in-skb_network_protocol.patch queue-4.14/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.14/net-fool-proof-dev_valid_name.patch queue-4.14/ipv6-the-entire-ipv6-header-chain-must-fit-the-first-fragment.patch queue-4.14/vti6-better-validate-user-provided-tunnel-names.patch queue-4.14/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.14/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.14/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.14/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.14/netlink-make-sure-nladdr-has-correct-size-in-netlink_connect.patch queue-4.14/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "route: check sysctl_fib_multipath_use_neigh earlier than hash" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled route: check sysctl_fib_multipath_use_neigh earlier than hash to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: route-check-sysctl_fib_multipath_use_neigh-earlier-than-hash.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Xin Long <lucien.xin(a)gmail.com> Date: Sun, 1 Apr 2018 22:40:35 +0800 Subject: route: check sysctl_fib_multipath_use_neigh earlier than hash From: Xin Long <lucien.xin(a)gmail.com> [ Upstream commit 6174a30df1b902e1fedbd728f5343937e83e64e6 ] Prior to this patch, when one packet is hashed into path [1] (hash <= nh_upper_bound) and it's neigh is dead, it will try path [2]. However, if path [2]'s neigh is alive but it's hash > nh_upper_bound, it will not return this alive path. This packet will never be sent even if path [2] is alive. 3.3.3.1/24: nexthop via 1.1.1.254 dev eth1 weight 1 <--[1] (dead neigh) nexthop via 2.2.2.254 dev eth2 weight 1 <--[2] With sysctl_fib_multipath_use_neigh set is supposed to find an available path respecting to the l3/l4 hash. But if there is no available route with this hash, it should at least return an alive route even with other hash. This patch is to fix it by processing fib_multipath_use_neigh earlier than the hash check, so that it will at least return an alive route if there is when fib_multipath_use_neigh is enabled. It's also compatible with before when there are alive routes with the l3/l4 hash. Fixes: a6db4494d218 ("net: ipv4: Consider failed nexthops in multipath routes") Reported-by: Jianlin Shi <jishi(a)redhat.com> Signed-off-by: Xin Long <lucien.xin(a)gmail.com> Acked-by: David Ahern <dsa(a)cumulusnetworks.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv4/fib_semantics.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) --- a/net/ipv4/fib_semantics.c +++ b/net/ipv4/fib_semantics.c @@ -1755,18 +1755,20 @@ void fib_select_multipath(struct fib_res bool first = false; for_nexthops(fi) { + if (net->ipv4.sysctl_fib_multipath_use_neigh) { + if (!fib_good_nh(nh)) + continue; + if (!first) { + res->nh_sel = nhsel; + first = true; + } + } + if (hash > atomic_read(&nh->nh_upper_bound)) continue; - if (!net->ipv4.sysctl_fib_multipath_use_neigh || - fib_good_nh(nh)) { - res->nh_sel = nhsel; - return; - } - if (!first) { - res->nh_sel = nhsel; - first = true; - } + res->nh_sel = nhsel; + return; } endfor_nexthops(fi); } #endif Patches currently in stable-queue which might be from lucien.xin(a)gmail.com are queue-4.14/team-move-dev_mc_sync-after-master_upper_dev_link-in-team_port_add.patch queue-4.14/bonding-process-the-err-returned-by-dev_set_allmulti-properly-in-bond_enslave.patch queue-4.14/bonding-fix-the-err-path-for-dev-hwaddr-sync-in-bond_enslave.patch queue-4.14/bonding-move-dev_mc_sync-after-master_upper_dev_link-in-bond_enslave.patch queue-4.14/route-check-sysctl_fib_multipath_use_neigh-earlier-than-hash.patch

7 years, 5 months

1
0
0 0

Patch "r8169: fix setting driver_data after register_netdev" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled r8169: fix setting driver_data after register_netdev to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: r8169-fix-setting-driver_data-after-register_netdev.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Heiner Kallweit <hkallweit1(a)gmail.com> Date: Mon, 26 Mar 2018 19:19:30 +0200 Subject: r8169: fix setting driver_data after register_netdev From: Heiner Kallweit <hkallweit1(a)gmail.com> [ Upstream commit 19c9ea363a244f85f90a424f9936e6d56449e33c ] pci_set_drvdata() is called only after registering the net_device, therefore we could run into a NPE if one of the functions using driver_data is called before it's set. Fix this by calling pci_set_drvdata() before registering the net_device. This fix is a candidate for stable. As far as I can see the bug has been there in kernel version 3.2 already, therefore I can't provide a reference which commit is fixed by it. The fix may need small adjustments per kernel version because due to other changes the label which is jumped to if register_netdev() fails has changed over time. Reported-by: David Miller <davem(a)davemloft.net> Signed-off-by: Heiner Kallweit <hkallweit1(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/realtek/r8169.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/drivers/net/ethernet/realtek/r8169.c +++ b/drivers/net/ethernet/realtek/r8169.c @@ -8466,12 +8466,12 @@ static int rtl_init_one(struct pci_dev * goto err_out_msi_5; } + pci_set_drvdata(pdev, dev); + rc = register_netdev(dev); if (rc < 0) goto err_out_cnt_6; - pci_set_drvdata(pdev, dev); - netif_info(tp, probe, dev, "%s at 0x%p, %pM, XID %08x IRQ %d\n", rtl_chip_infos[chipset].name, ioaddr, dev->dev_addr, (u32)(RTL_R32(TxConfig) & 0x9cf0f8ff), pdev->irq); Patches currently in stable-queue which might be from hkallweit1(a)gmail.com are queue-4.14/r8169-fix-setting-driver_data-after-register_netdev.patch

7 years, 5 months

1
0
0 0

Patch "pptp: remove a buggy dst release in pptp_connect()" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled pptp: remove a buggy dst release in pptp_connect() to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: pptp-remove-a-buggy-dst-release-in-pptp_connect.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Mon, 2 Apr 2018 18:48:37 -0700 Subject: pptp: remove a buggy dst release in pptp_connect() From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit bfacfb457b36911a10140b8cb3ce76a74883ac5a ] Once dst has been cached in socket via sk_setup_caps(), it is illegal to call ip_rt_put() (or dst_release()), since sk_setup_caps() did not change dst refcount. We can still dereference it since we hold socket lock. Caugth by syzbot : BUG: KASAN: use-after-free in atomic_dec_return include/asm-generic/atomic-instrumented.h:198 [inline] BUG: KASAN: use-after-free in dst_release+0x27/0xa0 net/core/dst.c:185 Write of size 4 at addr ffff8801c54dc040 by task syz-executor4/20088 CPU: 1 PID: 20088 Comm: syz-executor4 Not tainted 4.16.0+ #376 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1a7/0x27d lib/dump_stack.c:53 print_address_description+0x73/0x250 mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report+0x23c/0x360 mm/kasan/report.c:412 check_memory_region_inline mm/kasan/kasan.c:260 [inline] check_memory_region+0x137/0x190 mm/kasan/kasan.c:267 kasan_check_write+0x14/0x20 mm/kasan/kasan.c:278 atomic_dec_return include/asm-generic/atomic-instrumented.h:198 [inline] dst_release+0x27/0xa0 net/core/dst.c:185 sk_dst_set include/net/sock.h:1812 [inline] sk_dst_reset include/net/sock.h:1824 [inline] sock_setbindtodevice net/core/sock.c:610 [inline] sock_setsockopt+0x431/0x1b20 net/core/sock.c:707 SYSC_setsockopt net/socket.c:1845 [inline] SyS_setsockopt+0x2ff/0x360 net/socket.c:1828 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x4552d9 RSP: 002b:00007f4878126c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 00007f48781276d4 RCX: 00000000004552d9 RDX: 0000000000000019 RSI: 0000000000000001 RDI: 0000000000000013 RBP: 000000000072bea0 R08: 0000000000000010 R09: 0000000000000000 R10: 00000000200010c0 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000526 R14: 00000000006fac30 R15: 0000000000000000 Allocated by task 20088: save_stack+0x43/0xd0 mm/kasan/kasan.c:447 set_track mm/kasan/kasan.c:459 [inline] kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:552 kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:489 kmem_cache_alloc+0x12e/0x760 mm/slab.c:3542 dst_alloc+0x11f/0x1a0 net/core/dst.c:104 rt_dst_alloc+0xe9/0x540 net/ipv4/route.c:1520 __mkroute_output net/ipv4/route.c:2265 [inline] ip_route_output_key_hash_rcu+0xa49/0x2c60 net/ipv4/route.c:2493 ip_route_output_key_hash+0x20b/0x370 net/ipv4/route.c:2322 __ip_route_output_key include/net/route.h:126 [inline] ip_route_output_flow+0x26/0xa0 net/ipv4/route.c:2577 ip_route_output_ports include/net/route.h:163 [inline] pptp_connect+0xa84/0x1170 drivers/net/ppp/pptp.c:453 SYSC_connect+0x213/0x4a0 net/socket.c:1639 SyS_connect+0x24/0x30 net/socket.c:1620 do_syscall_64+0x281/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 Freed by task 20082: save_stack+0x43/0xd0 mm/kasan/kasan.c:447 set_track mm/kasan/kasan.c:459 [inline] __kasan_slab_free+0x11a/0x170 mm/kasan/kasan.c:520 kasan_slab_free+0xe/0x10 mm/kasan/kasan.c:527 __cache_free mm/slab.c:3486 [inline] kmem_cache_free+0x83/0x2a0 mm/slab.c:3744 dst_destroy+0x266/0x380 net/core/dst.c:140 dst_destroy_rcu+0x16/0x20 net/core/dst.c:153 __rcu_reclaim kernel/rcu/rcu.h:178 [inline] rcu_do_batch kernel/rcu/tree.c:2675 [inline] invoke_rcu_callbacks kernel/rcu/tree.c:2930 [inline] __rcu_process_callbacks kernel/rcu/tree.c:2897 [inline] rcu_process_callbacks+0xd6c/0x17b0 kernel/rcu/tree.c:2914 __do_softirq+0x2d7/0xb85 kernel/softirq.c:285 The buggy address belongs to the object at ffff8801c54dc000 which belongs to the cache ip_dst_cache of size 168 The buggy address is located 64 bytes inside of 168-byte region [ffff8801c54dc000, ffff8801c54dc0a8) The buggy address belongs to the page: page:ffffea0007153700 count:1 mapcount:0 mapping:ffff8801c54dc000 index:0x0 flags: 0x2fffc0000000100(slab) raw: 02fffc0000000100 ffff8801c54dc000 0000000000000000 0000000100000010 raw: ffffea0006b34b20 ffffea0006b6c1e0 ffff8801d674a1c0 0000000000000000 page dumped because: kasan: bad access detected Signed-off-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ppp/pptp.c | 1 - 1 file changed, 1 deletion(-) --- a/drivers/net/ppp/pptp.c +++ b/drivers/net/ppp/pptp.c @@ -464,7 +464,6 @@ static int pptp_connect(struct socket *s po->chan.mtu = dst_mtu(&rt->dst); if (!po->chan.mtu) po->chan.mtu = PPP_MRU; - ip_rt_put(rt); po->chan.mtu -= PPTP_HEADER_OVERHEAD; po->chan.hdrlen = 2 + sizeof(struct pptp_gre_header); Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.14/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.14/net-fix-possible-out-of-bound-read-in-skb_network_protocol.patch queue-4.14/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.14/net-fool-proof-dev_valid_name.patch queue-4.14/ipv6-the-entire-ipv6-header-chain-must-fit-the-first-fragment.patch queue-4.14/vti6-better-validate-user-provided-tunnel-names.patch queue-4.14/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.14/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.14/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.14/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.14/netlink-make-sure-nladdr-has-correct-size-in-netlink_connect.patch queue-4.14/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "netlink: make sure nladdr has correct size in netlink_connect()" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled netlink: make sure nladdr has correct size in netlink_connect() to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: netlink-make-sure-nladdr-has-correct-size-in-netlink_connect.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Alexander Potapenko <glider(a)google.com> Date: Fri, 23 Mar 2018 13:49:02 +0100 Subject: netlink: make sure nladdr has correct size in netlink_connect() From: Alexander Potapenko <glider(a)google.com> [ Upstream commit 7880287981b60a6808f39f297bb66936e8bdf57a ] KMSAN reports use of uninitialized memory in the case when |alen| is smaller than sizeof(struct sockaddr_nl), and therefore |nladdr| isn't fully copied from the userspace. Signed-off-by: Alexander Potapenko <glider(a)google.com> Fixes: 1da177e4c3f41524 ("Linux-2.6.12-rc2") Reviewed-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/netlink/af_netlink.c | 3 +++ 1 file changed, 3 insertions(+) --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -1053,6 +1053,9 @@ static int netlink_connect(struct socket if (addr->sa_family != AF_NETLINK) return -EINVAL; + if (alen < sizeof(struct sockaddr_nl)) + return -EINVAL; + if ((nladdr->nl_groups || nladdr->nl_pid) && !netlink_allowed(sock, NL_CFG_F_NONROOT_SEND)) return -EPERM; Patches currently in stable-queue which might be from glider(a)google.com are queue-4.14/netlink-make-sure-nladdr-has-correct-size-in-netlink_connect.patch

7 years, 5 months

1
0
0 0

Patch "nfp: use full 40 bits of the NSP buffer address" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled nfp: use full 40 bits of the NSP buffer address to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: nfp-use-full-40-bits-of-the-nsp-buffer-address.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Dirk van der Merwe <dirk.vandermerwe(a)netronome.com> Date: Tue, 3 Apr 2018 17:24:23 -0700 Subject: nfp: use full 40 bits of the NSP buffer address From: Dirk van der Merwe <dirk.vandermerwe(a)netronome.com> [ Upstream commit 1489bbd10e16079ce30a53d3c22a431fd47af791 ] The NSP default buffer is a piece of NFP memory where additional command data can be placed. Its format has been copied from host buffer, but the PCIe selection bits do not make sense in this case. If those get masked out from a NFP address - writes to random place in the chip memory may be issued and crash the device. Even in the general NSP buffer case, it doesn't make sense to have the PCIe selection bits there anymore. These are unused at the moment, and when it becomes necessary, the PCIe selection bits should rather be moved to another register to utilise more bits for the buffer address. This has never been an issue because the buffer used to be allocated in memory with less-than-38-bit-long address but that is about to change. Fixes: 1a64821c6af7 ("nfp: add support for service processor access") Signed-off-by: Dirk van der Merwe <dirk.vandermerwe(a)netronome.com> Reviewed-by: Jakub Kicinski <jakub.kicinski(a)netronome.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/netronome/nfp/nfpcore/nfp_nsp.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) --- a/drivers/net/ethernet/netronome/nfp/nfpcore/nfp_nsp.c +++ b/drivers/net/ethernet/netronome/nfp/nfpcore/nfp_nsp.c @@ -68,10 +68,11 @@ /* CPP address to retrieve the data from */ #define NSP_BUFFER 0x10 #define NSP_BUFFER_CPP GENMASK_ULL(63, 40) -#define NSP_BUFFER_PCIE GENMASK_ULL(39, 38) -#define NSP_BUFFER_ADDRESS GENMASK_ULL(37, 0) +#define NSP_BUFFER_ADDRESS GENMASK_ULL(39, 0) #define NSP_DFLT_BUFFER 0x18 +#define NSP_DFLT_BUFFER_CPP GENMASK_ULL(63, 40) +#define NSP_DFLT_BUFFER_ADDRESS GENMASK_ULL(39, 0) #define NSP_DFLT_BUFFER_CONFIG 0x20 #define NSP_DFLT_BUFFER_SIZE_MB GENMASK_ULL(7, 0) @@ -412,8 +413,8 @@ static int nfp_nsp_command_buf(struct nf if (err < 0) return err; - cpp_id = FIELD_GET(NSP_BUFFER_CPP, reg) << 8; - cpp_buf = FIELD_GET(NSP_BUFFER_ADDRESS, reg); + cpp_id = FIELD_GET(NSP_DFLT_BUFFER_CPP, reg) << 8; + cpp_buf = FIELD_GET(NSP_DFLT_BUFFER_ADDRESS, reg); if (in_buf && in_size) { err = nfp_cpp_write(cpp, cpp_id, cpp_buf, in_buf, in_size); Patches currently in stable-queue which might be from dirk.vandermerwe(a)netronome.com are queue-4.14/nfp-use-full-40-bits-of-the-nsp-buffer-address.patch

7 years, 5 months

1
0
0 0

Patch "net/sched: fix NULL dereference on the error path of tcf_skbmod_init()" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/sched: fix NULL dereference on the error path of tcf_skbmod_init() to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-sched-fix-null-dereference-on-the-error-path-of-tcf_skbmod_init.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Davide Caratti <dcaratti(a)redhat.com> Date: Fri, 16 Mar 2018 00:00:57 +0100 Subject: net/sched: fix NULL dereference on the error path of tcf_skbmod_init() From: Davide Caratti <dcaratti(a)redhat.com> [ Upstream commit 2d433610176d6569e8b3a28f67bc72235bf69efc ] when the following command # tc action replace action skbmod swap mac index 100 is run for the first time, and tcf_skbmod_init() fails to allocate struct tcf_skbmod_params, tcf_skbmod_cleanup() calls kfree_rcu(NULL), thus causing the following error: BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 IP: __call_rcu+0x23/0x2b0 PGD 8000000034057067 P4D 8000000034057067 PUD 74937067 PMD 0 Oops: 0002 [#1] SMP PTI Modules linked in: act_skbmod(E) psample ip6table_filter ip6_tables iptable_filter binfmt_misc ext4 snd_hda_codec_generic snd_hda_intel snd_hda_codec crct10dif_pclmul mbcache jbd2 crc32_pclmul snd_hda_core ghash_clmulni_intel snd_hwdep pcbc snd_seq snd_seq_device snd_pcm aesni_intel snd_timer crypto_simd glue_helper snd cryptd virtio_balloon joydev soundcore pcspkr i2c_piix4 nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c ata_generic pata_acpi qxl drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm drm virtio_console virtio_net virtio_blk ata_piix libata crc32c_intel virtio_pci serio_raw virtio_ring virtio i2c_core floppy dm_mirror dm_region_hash dm_log dm_mod [last unloaded: act_skbmod] CPU: 3 PID: 3144 Comm: tc Tainted: G E 4.16.0-rc4.act_vlan.orig+ #403 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:__call_rcu+0x23/0x2b0 RSP: 0018:ffffbd2e403e7798 EFLAGS: 00010246 RAX: ffffffffc0872080 RBX: ffff981d34bff780 RCX: 00000000ffffffff RDX: ffffffff922a5f00 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000001 R09: 000000000000021f R10: 000000003d003000 R11: 0000000000aaaaaa R12: 0000000000000000 R13: ffffffff922a5f00 R14: 0000000000000001 R15: ffff981d3b698c2c FS: 00007f3678292740(0000) GS:ffff981d3fd80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000008 CR3: 000000007c57a006 CR4: 00000000001606e0 Call Trace: __tcf_idr_release+0x79/0xf0 tcf_skbmod_init+0x1d1/0x210 [act_skbmod] tcf_action_init_1+0x2cc/0x430 tcf_action_init+0xd3/0x1b0 tc_ctl_action+0x18b/0x240 rtnetlink_rcv_msg+0x29c/0x310 ? _cond_resched+0x15/0x30 ? __kmalloc_node_track_caller+0x1b9/0x270 ? rtnl_calcit.isra.28+0x100/0x100 netlink_rcv_skb+0xd2/0x110 netlink_unicast+0x17c/0x230 netlink_sendmsg+0x2cd/0x3c0 sock_sendmsg+0x30/0x40 ___sys_sendmsg+0x27a/0x290 ? filemap_map_pages+0x34a/0x3a0 ? __handle_mm_fault+0xbfd/0xe20 __sys_sendmsg+0x51/0x90 do_syscall_64+0x6e/0x1a0 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 RIP: 0033:0x7f36776a3ba0 RSP: 002b:00007fff4703b618 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fff4703b740 RCX: 00007f36776a3ba0 RDX: 0000000000000000 RSI: 00007fff4703b690 RDI: 0000000000000003 RBP: 000000005aaaba36 R08: 0000000000000002 R09: 0000000000000000 R10: 00007fff4703b0a0 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fff4703b754 R14: 0000000000000001 R15: 0000000000669f60 Code: 5d e9 42 da ff ff 66 90 0f 1f 44 00 00 41 57 41 56 41 55 49 89 d5 41 54 55 48 89 fd 53 48 83 ec 08 40 f6 c7 07 0f 85 19 02 00 00 <48> 89 75 08 48 c7 45 00 00 00 00 00 9c 58 0f 1f 44 00 00 49 89 RIP: __call_rcu+0x23/0x2b0 RSP: ffffbd2e403e7798 CR2: 0000000000000008 Fix it in tcf_skbmod_cleanup(), ensuring that kfree_rcu(p, ...) is called only when p is not NULL. Fixes: 86da71b57383 ("net_sched: Introduce skbmod action") Signed-off-by: Davide Caratti <dcaratti(a)redhat.com> Acked-by: Jiri Pirko <jiri(a)mellanox.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/sched/act_skbmod.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/net/sched/act_skbmod.c +++ b/net/sched/act_skbmod.c @@ -190,7 +190,8 @@ static void tcf_skbmod_cleanup(struct tc struct tcf_skbmod_params *p; p = rcu_dereference_protected(d->skbmod_p, 1); - kfree_rcu(p, rcu); + if (p) + kfree_rcu(p, rcu); } static int tcf_skbmod_dump(struct sk_buff *skb, struct tc_action *a, Patches currently in stable-queue which might be from dcaratti(a)redhat.com are queue-4.14/net-sched-fix-null-dereference-in-the-error-path-of-tcf_bpf_init.patch queue-4.14/net-sched-fix-null-dereference-on-the-error-path-of-tcf_skbmod_init.patch queue-4.14/net-sched-fix-null-dereference-in-the-error-path-of-tunnel_key_init.patch

7 years, 5 months

1
0
0 0

Patch "net/sched: fix NULL dereference in the error path of tunnel_key_init()" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/sched: fix NULL dereference in the error path of tunnel_key_init() to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-sched-fix-null-dereference-in-the-error-path-of-tunnel_key_init.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Davide Caratti <dcaratti(a)redhat.com> Date: Fri, 16 Mar 2018 00:00:55 +0100 Subject: net/sched: fix NULL dereference in the error path of tunnel_key_init() From: Davide Caratti <dcaratti(a)redhat.com> [ Upstream commit abdadd3cfd3e7ea3da61ac774f84777d1f702058 ] when the following command # tc action add action tunnel_key unset index 100 is run for the first time, and tunnel_key_init() fails to allocate struct tcf_tunnel_key_params, tunnel_key_release() dereferences NULL pointers. This causes the following error: BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 IP: tunnel_key_release+0xd/0x40 [act_tunnel_key] PGD 8000000033787067 P4D 8000000033787067 PUD 74646067 PMD 0 Oops: 0000 [#1] SMP PTI Modules linked in: act_tunnel_key(E) act_csum ip6table_filter ip6_tables iptable_filter binfmt_misc ext4 mbcache jbd2 crct10dif_pclmul crc32_pclmul snd_hda_codec_generic ghash_clmulni_intel snd_hda_intel pcbc snd_hda_codec snd_hda_core snd_hwdep snd_seq aesni_intel snd_seq_device crypto_simd glue_helper snd_pcm cryptd joydev snd_timer pcspkr virtio_balloon snd i2c_piix4 soundcore nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c ata_generic pata_acpi qxl drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm virtio_net virtio_blk drm virtio_console crc32c_intel ata_piix serio_raw i2c_core virtio_pci libata virtio_ring virtio floppy dm_mirror dm_region_hash dm_log dm_mod CPU: 2 PID: 3101 Comm: tc Tainted: G E 4.16.0-rc4.act_vlan.orig+ #403 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:tunnel_key_release+0xd/0x40 [act_tunnel_key] RSP: 0018:ffffba46803b7768 EFLAGS: 00010286 RAX: ffffffffc09010a0 RBX: 0000000000000000 RCX: 0000000000000024 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff99ee336d7480 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000044 R10: 0000000000000220 R11: ffff99ee79d73131 R12: 0000000000000000 R13: ffff99ee32d67610 R14: ffff99ee7671dc38 R15: 00000000fffffff4 FS: 00007febcb2cd740(0000) GS:ffff99ee7fd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000010 CR3: 000000007c8e4005 CR4: 00000000001606e0 Call Trace: __tcf_idr_release+0x79/0xf0 tunnel_key_init+0xd9/0x460 [act_tunnel_key] tcf_action_init_1+0x2cc/0x430 tcf_action_init+0xd3/0x1b0 tc_ctl_action+0x18b/0x240 rtnetlink_rcv_msg+0x29c/0x310 ? _cond_resched+0x15/0x30 ? __kmalloc_node_track_caller+0x1b9/0x270 ? rtnl_calcit.isra.28+0x100/0x100 netlink_rcv_skb+0xd2/0x110 netlink_unicast+0x17c/0x230 netlink_sendmsg+0x2cd/0x3c0 sock_sendmsg+0x30/0x40 ___sys_sendmsg+0x27a/0x290 __sys_sendmsg+0x51/0x90 do_syscall_64+0x6e/0x1a0 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 RIP: 0033:0x7febca6deba0 RSP: 002b:00007ffe7b0dd128 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007ffe7b0dd250 RCX: 00007febca6deba0 RDX: 0000000000000000 RSI: 00007ffe7b0dd1a0 RDI: 0000000000000003 RBP: 000000005aaa90cb R08: 0000000000000002 R09: 0000000000000000 R10: 00007ffe7b0dcba0 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffe7b0dd264 R14: 0000000000000001 R15: 0000000000669f60 Code: 44 00 00 8b 0d b5 23 00 00 48 8b 87 48 10 00 00 48 8b 3c c8 e9 a5 e5 d8 c3 0f 1f 44 00 00 0f 1f 44 00 00 53 48 8b 9f b0 00 00 00 <83> 7b 10 01 74 0b 48 89 df 31 f6 5b e9 f2 fa 7f c3 48 8b 7b 18 RIP: tunnel_key_release+0xd/0x40 [act_tunnel_key] RSP: ffffba46803b7768 CR2: 0000000000000010 Fix this in tunnel_key_release(), ensuring 'param' is not NULL before dereferencing it. Fixes: d0f6dd8a914f ("net/sched: Introduce act_tunnel_key") Signed-off-by: Davide Caratti <dcaratti(a)redhat.com> Acked-by: Jiri Pirko <jiri(a)mellanox.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/sched/act_tunnel_key.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) --- a/net/sched/act_tunnel_key.c +++ b/net/sched/act_tunnel_key.c @@ -208,11 +208,12 @@ static void tunnel_key_release(struct tc struct tcf_tunnel_key_params *params; params = rcu_dereference_protected(t->params, 1); + if (params) { + if (params->tcft_action == TCA_TUNNEL_KEY_ACT_SET) + dst_release(&params->tcft_enc_metadata->dst); - if (params->tcft_action == TCA_TUNNEL_KEY_ACT_SET) - dst_release(&params->tcft_enc_metadata->dst); - - kfree_rcu(params, rcu); + kfree_rcu(params, rcu); + } } static int tunnel_key_dump_addresses(struct sk_buff *skb, Patches currently in stable-queue which might be from dcaratti(a)redhat.com are queue-4.14/net-sched-fix-null-dereference-in-the-error-path-of-tcf_bpf_init.patch queue-4.14/net-sched-fix-null-dereference-on-the-error-path-of-tcf_skbmod_init.patch queue-4.14/net-sched-fix-null-dereference-in-the-error-path-of-tunnel_key_init.patch

7 years, 5 months

1
0
0 0

Patch "net/sched: fix NULL dereference in the error path of tcf_bpf_init()" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/sched: fix NULL dereference in the error path of tcf_bpf_init() to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-sched-fix-null-dereference-in-the-error-path-of-tcf_bpf_init.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Davide Caratti <dcaratti(a)redhat.com> Date: Fri, 6 Apr 2018 01:19:37 +0200 Subject: net/sched: fix NULL dereference in the error path of tcf_bpf_init() From: Davide Caratti <dcaratti(a)redhat.com> [ Upstream commit 3239534a79ee6f20cffd974173a1e62e0730e8ac ] when tcf_bpf_init_from_ops() fails (e.g. because of program having invalid number of instructions), tcf_bpf_cfg_cleanup() calls bpf_prog_put(NULL) or bpf_prog_destroy(NULL). Unless CONFIG_BPF_SYSCALL is unset, this causes the following error: BUG: unable to handle kernel NULL pointer dereference at 0000000000000020 PGD 800000007345a067 P4D 800000007345a067 PUD 340e1067 PMD 0 Oops: 0000 [#1] SMP PTI Modules linked in: act_bpf(E) ip6table_filter ip6_tables iptable_filter binfmt_misc ext4 mbcache jbd2 crct10dif_pclmul crc32_pclmul ghash_clmulni_intel snd_hda_codec_generic pcbc snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_seq snd_seq_device snd_pcm aesni_intel crypto_simd glue_helper cryptd joydev snd_timer snd virtio_balloon pcspkr soundcore i2c_piix4 nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c ata_generic pata_acpi qxl drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm virtio_blk drm virtio_net virtio_console i2c_core crc32c_intel serio_raw virtio_pci ata_piix libata virtio_ring floppy virtio dm_mirror dm_region_hash dm_log dm_mod [last unloaded: act_bpf] CPU: 3 PID: 5654 Comm: tc Tainted: G E 4.16.0.bpf_test+ #408 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:__bpf_prog_put+0xc/0xc0 RSP: 0018:ffff9594003ef728 EFLAGS: 00010202 RAX: 0000000000000000 RBX: ffff9594003ef758 RCX: 0000000000000024 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000044 R10: 0000000000000220 R11: ffff8a7ab9f17131 R12: 0000000000000000 R13: ffff8a7ab7c3c8e0 R14: 0000000000000001 R15: ffff8a7ab88f1054 FS: 00007fcb2f17c740(0000) GS:ffff8a7abfd80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000020 CR3: 000000007c888006 CR4: 00000000001606e0 Call Trace: tcf_bpf_cfg_cleanup+0x2f/0x40 [act_bpf] tcf_bpf_cleanup+0x4c/0x70 [act_bpf] __tcf_idr_release+0x79/0x140 tcf_bpf_init+0x125/0x330 [act_bpf] tcf_action_init_1+0x2cc/0x430 ? get_page_from_freelist+0x3f0/0x11b0 tcf_action_init+0xd3/0x1b0 tc_ctl_action+0x18b/0x240 rtnetlink_rcv_msg+0x29c/0x310 ? _cond_resched+0x15/0x30 ? __kmalloc_node_track_caller+0x1b9/0x270 ? rtnl_calcit.isra.29+0x100/0x100 netlink_rcv_skb+0xd2/0x110 netlink_unicast+0x17c/0x230 netlink_sendmsg+0x2cd/0x3c0 sock_sendmsg+0x30/0x40 ___sys_sendmsg+0x27a/0x290 ? mem_cgroup_commit_charge+0x80/0x130 ? page_add_new_anon_rmap+0x73/0xc0 ? do_anonymous_page+0x2a2/0x560 ? __handle_mm_fault+0xc75/0xe20 __sys_sendmsg+0x58/0xa0 do_syscall_64+0x6e/0x1a0 entry_SYSCALL_64_after_hwframe+0x3d/0xa2 RIP: 0033:0x7fcb2e58eba0 RSP: 002b:00007ffc93c496c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007ffc93c497f0 RCX: 00007fcb2e58eba0 RDX: 0000000000000000 RSI: 00007ffc93c49740 RDI: 0000000000000003 RBP: 000000005ac6a646 R08: 0000000000000002 R09: 0000000000000000 R10: 00007ffc93c49120 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc93c49804 R14: 0000000000000001 R15: 000000000066afa0 Code: 5f 00 48 8b 43 20 48 c7 c7 70 2f 7c b8 c7 40 10 00 00 00 00 5b e9 a5 8b 61 00 0f 1f 44 00 00 0f 1f 44 00 00 41 54 55 48 89 fd 53 <48> 8b 47 20 f0 ff 08 74 05 5b 5d 41 5c c3 41 89 f4 0f 1f 44 00 RIP: __bpf_prog_put+0xc/0xc0 RSP: ffff9594003ef728 CR2: 0000000000000020 Fix it in tcf_bpf_cfg_cleanup(), ensuring that bpf_prog_{put,destroy}(f) is called only when f is not NULL. Fixes: bbc09e7842a5 ("net/sched: fix idr leak on the error path of tcf_bpf_init()") Reported-by: Lucas Bates <lucasb(a)mojatatu.com> Signed-off-by: Davide Caratti <dcaratti(a)redhat.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/sched/act_bpf.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) --- a/net/sched/act_bpf.c +++ b/net/sched/act_bpf.c @@ -248,10 +248,14 @@ static int tcf_bpf_init_from_efd(struct static void tcf_bpf_cfg_cleanup(const struct tcf_bpf_cfg *cfg) { - if (cfg->is_ebpf) - bpf_prog_put(cfg->filter); - else - bpf_prog_destroy(cfg->filter); + struct bpf_prog *filter = cfg->filter; + + if (filter) { + if (cfg->is_ebpf) + bpf_prog_put(filter); + else + bpf_prog_destroy(filter); + } kfree(cfg->bpf_ops); kfree(cfg->bpf_name); Patches currently in stable-queue which might be from dcaratti(a)redhat.com are queue-4.14/net-sched-fix-null-dereference-in-the-error-path-of-tcf_bpf_init.patch queue-4.14/net-sched-fix-null-dereference-on-the-error-path-of-tcf_skbmod_init.patch queue-4.14/net-sched-fix-null-dereference-in-the-error-path-of-tunnel_key_init.patch

7 years, 5 months

1
0
0 0

Patch "net sched actions: fix dumping which requires several messages to user space" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net sched actions: fix dumping which requires several messages to user space to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-sched-actions-fix-dumping-which-requires-several-messages-to-user-space.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Craig Dillabaugh <cdillaba(a)mojatatu.com> Date: Mon, 26 Mar 2018 14:58:32 -0400 Subject: net sched actions: fix dumping which requires several messages to user space From: Craig Dillabaugh <cdillaba(a)mojatatu.com> [ Upstream commit 734549eb550c0c720bc89e50501f1b1e98cdd841 ] Fixes a bug in the tcf_dump_walker function that can cause some actions to not be reported when dumping a large number of actions. This issue became more aggrevated when cookies feature was added. In particular this issue is manifest when large cookie values are assigned to the actions and when enough actions are created that the resulting table must be dumped in multiple batches. The number of actions returned in each batch is limited by the total number of actions and the memory buffer size. With small cookies the numeric limit is reached before the buffer size limit, which avoids the code path triggering this bug. When large cookies are used buffer fills before the numeric limit, and the erroneous code path is hit. For example after creating 32 csum actions with the cookie aaaabbbbccccdddd $ tc actions ls action csum total acts 26 action order 0: csum (tcp) action continue index 1 ref 1 bind 0 cookie aaaabbbbccccdddd ..... action order 25: csum (tcp) action continue index 26 ref 1 bind 0 cookie aaaabbbbccccdddd total acts 6 action order 0: csum (tcp) action continue index 28 ref 1 bind 0 cookie aaaabbbbccccdddd ...... action order 5: csum (tcp) action continue index 32 ref 1 bind 0 cookie aaaabbbbccccdddd Note that the action with index 27 is omitted from the report. Fixes: 4b3550ef530c ("[NET_SCHED]: Use nla_nest_start/nla_nest_end")" Signed-off-by: Craig Dillabaugh <cdillaba(a)mojatatu.com> Acked-by: Jamal Hadi Salim <jhs(a)mojatatu.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/sched/act_api.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/net/sched/act_api.c +++ b/net/sched/act_api.c @@ -133,8 +133,10 @@ static int tcf_dump_walker(struct tcf_id continue; nest = nla_nest_start(skb, n_i); - if (!nest) + if (!nest) { + index--; goto nla_put_failure; + } err = tcf_action_dump_1(skb, p, 0, 0); if (err < 0) { index--; Patches currently in stable-queue which might be from cdillaba(a)mojatatu.com are queue-4.14/net-sched-actions-fix-dumping-which-requires-several-messages-to-user-space.patch

7 years, 5 months

1
0
0 0

Patch "net/mlx5e: Sync netdev vxlan ports at open" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/mlx5e: Sync netdev vxlan ports at open to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-mlx5e-sync-netdev-vxlan-ports-at-open.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Shahar Klein <shahark(a)mellanox.com> Date: Tue, 20 Mar 2018 14:44:40 +0200 Subject: net/mlx5e: Sync netdev vxlan ports at open From: Shahar Klein <shahark(a)mellanox.com> [ Upstream commit a117f73dc2430443f23e18367fa545981129c1a6 ] When mlx5_core is loaded it is expected to sync ports with all vxlan devices so it can support vxlan encap/decap. This is done via udp_tunnel_get_rx_info(). Currently this call is set in mlx5e_nic_enable() and if the netdev is not in NETREG_REGISTERED state it will not be called. Normally on load the netdev state is not NETREG_REGISTERED so udp_tunnel_get_rx_info() will not be called. Moving udp_tunnel_get_rx_info() to mlx5e_open() so it will be called on netdev UP event and allow encap/decap. Fixes: 610e89e05c3f ("net/mlx5e: Don't sync netdev state when not registered") Signed-off-by: Shahar Klein <shahark(a)mellanox.com> Reviewed-by: Roi Dayan <roid(a)mellanox.com> Signed-off-by: Saeed Mahameed <saeedm(a)mellanox.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) --- a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c @@ -2718,6 +2718,9 @@ int mlx5e_open(struct net_device *netdev mlx5_set_port_admin_status(priv->mdev, MLX5_PORT_UP); mutex_unlock(&priv->state_lock); + if (mlx5e_vxlan_allowed(priv->mdev)) + udp_tunnel_get_rx_info(netdev); + return err; } @@ -4276,13 +4279,6 @@ static void mlx5e_nic_enable(struct mlx5 if (netdev->reg_state != NETREG_REGISTERED) return; - /* Device already registered: sync netdev system state */ - if (mlx5e_vxlan_allowed(mdev)) { - rtnl_lock(); - udp_tunnel_get_rx_info(netdev); - rtnl_unlock(); - } - queue_work(priv->wq, &priv->set_rx_mode_work); rtnl_lock(); Patches currently in stable-queue which might be from shahark(a)mellanox.com are queue-4.14/net-mlx5e-sync-netdev-vxlan-ports-at-open.patch

7 years, 5 months

1
0
0 0

Patch "net/mlx5e: Fix memory usage issues in offloading TC flows" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/mlx5e: Fix memory usage issues in offloading TC flows to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-mlx5e-fix-memory-usage-issues-in-offloading-tc-flows.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Jianbo Liu <jianbol(a)mellanox.com> Date: Thu, 8 Mar 2018 09:20:55 +0000 Subject: net/mlx5e: Fix memory usage issues in offloading TC flows From: Jianbo Liu <jianbol(a)mellanox.com> [ Upstream commit af1607c37d9d85a66fbcf43b7f11bf3d94b9bb69 ] For NIC flows, the parsed attributes are not freed when we exit successfully from mlx5e_configure_flower(). There is possible double free for eswitch flows. If error is returned from rhashtable_insert_fast(), the parse attrs will be freed in mlx5e_tc_del_flow(), but they will be freed again before exiting mlx5e_configure_flower(). To fix both issues we do the following: (1) change the condition that determines if to issue the free call to check if this flow is NIC flow, or it does not have encap action. (2) reorder the code such that that the check and free calls are done before we attempt to add into the hash table. Fixes: 232c001398ae ('net/mlx5e: Add support to neighbour update flow') Signed-off-by: Jianbo Liu <jianbol(a)mellanox.com> Reviewed-by: Or Gerlitz <ogerlitz(a)mellanox.com> Reviewed-by: Roi Dayan <roid(a)mellanox.com> Signed-off-by: Saeed Mahameed <saeedm(a)mellanox.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) --- a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c @@ -2091,19 +2091,19 @@ int mlx5e_configure_flower(struct mlx5e_ if (err != -EAGAIN) flow->flags |= MLX5E_TC_FLOW_OFFLOADED; + if (!(flow->flags & MLX5E_TC_FLOW_ESWITCH) || + !(flow->esw_attr->action & MLX5_FLOW_CONTEXT_ACTION_ENCAP)) + kvfree(parse_attr); + err = rhashtable_insert_fast(&tc->ht, &flow->node, tc->ht_params); - if (err) - goto err_del_rule; + if (err) { + mlx5e_tc_del_flow(priv, flow); + kfree(flow); + } - if (flow->flags & MLX5E_TC_FLOW_ESWITCH && - !(flow->esw_attr->action & MLX5_FLOW_CONTEXT_ACTION_ENCAP)) - kvfree(parse_attr); return err; -err_del_rule: - mlx5e_tc_del_flow(priv, flow); - err_free: kvfree(parse_attr); kfree(flow); Patches currently in stable-queue which might be from jianbol(a)mellanox.com are queue-4.14/net-mlx5e-fix-memory-usage-issues-in-offloading-tc-flows.patch queue-4.14/net-mlx5e-don-t-override-vport-admin-link-state-in-switchdev-mode.patch

7 years, 5 months

1
0
0 0

Patch "net/mlx5e: Fix traffic being dropped on VF representor" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/mlx5e: Fix traffic being dropped on VF representor to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-mlx5e-fix-traffic-being-dropped-on-vf-representor.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Roi Dayan <roid(a)mellanox.com> Date: Wed, 28 Feb 2018 12:56:42 +0200 Subject: net/mlx5e: Fix traffic being dropped on VF representor From: Roi Dayan <roid(a)mellanox.com> [ Upstream commit 4246f698dd58e3c6246fa919ef0b0a1d29a57e4a ] Increase representor netdev RQ size to avoid dropped packets. The current size (two) is just too small to keep up with conventional slow path traffic patterns. Also match the SQ size to the RQ size. Fixes: cb67b832921c ("net/mlx5e: Introduce SRIOV VF representors") Signed-off-by: Roi Dayan <roid(a)mellanox.com> Reviewed-by: Paul Blakey <paulb(a)mellanox.com> Reviewed-by: Or Gerlitz <ogerlitz(a)mellanox.com> Signed-off-by: Saeed Mahameed <saeedm(a)mellanox.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) --- a/drivers/net/ethernet/mellanox/mlx5/core/en_rep.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_rep.c @@ -43,6 +43,11 @@ #include "en_tc.h" #include "fs_core.h" +#define MLX5E_REP_PARAMS_LOG_SQ_SIZE \ + max(0x6, MLX5E_PARAMS_MINIMUM_LOG_SQ_SIZE) +#define MLX5E_REP_PARAMS_LOG_RQ_SIZE \ + max(0x6, MLX5E_PARAMS_MINIMUM_LOG_RQ_SIZE) + static const char mlx5e_rep_driver_name[] = "mlx5e_rep"; static void mlx5e_rep_get_drvinfo(struct net_device *dev, @@ -798,9 +803,9 @@ static void mlx5e_build_rep_params(struc MLX5_CQ_PERIOD_MODE_START_FROM_CQE : MLX5_CQ_PERIOD_MODE_START_FROM_EQE; - params->log_sq_size = MLX5E_PARAMS_MINIMUM_LOG_SQ_SIZE; + params->log_sq_size = MLX5E_REP_PARAMS_LOG_SQ_SIZE; params->rq_wq_type = MLX5_WQ_TYPE_LINKED_LIST; - params->log_rq_size = MLX5E_PARAMS_MINIMUM_LOG_RQ_SIZE; + params->log_rq_size = MLX5E_REP_PARAMS_LOG_RQ_SIZE; params->rx_am_enabled = MLX5_CAP_GEN(mdev, cq_moderation); mlx5e_set_rx_cq_mode_params(params, cq_period_mode); Patches currently in stable-queue which might be from roid(a)mellanox.com are queue-4.14/net-mlx5e-fix-memory-usage-issues-in-offloading-tc-flows.patch queue-4.14/net-mlx5e-fix-traffic-being-dropped-on-vf-representor.patch queue-4.14/net-mlx5e-sync-netdev-vxlan-ports-at-open.patch queue-4.14/net-mlx5e-don-t-override-vport-admin-link-state-in-switchdev-mode.patch

7 years, 5 months

1
0
0 0

Patch "net/mlx5e: Avoid using the ipv6 stub in the TC offload neigh update path" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/mlx5e: Avoid using the ipv6 stub in the TC offload neigh update path to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-mlx5e-avoid-using-the-ipv6-stub-in-the-tc-offload-neigh-update-path.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Or Gerlitz <ogerlitz(a)mellanox.com> Date: Tue, 13 Mar 2018 21:43:43 +0200 Subject: net/mlx5e: Avoid using the ipv6 stub in the TC offload neigh update path From: Or Gerlitz <ogerlitz(a)mellanox.com> [ Upstream commit 423c9db29943cfc43e3a408192e9efa4178af6a1 ] Currently we use the global ipv6_stub var to access the ipv6 global nd table. This practice gets us to troubles when the stub is only partially set e.g when ipv6 is loaded under the disabled policy. In this case, as of commit 343d60aada5a ("ipv6: change ipv6_stub_impl.ipv6_dst_lookup to take net argument") the stub is not null, but stub->nd_tbl is and we crash. As we can access the ipv6 nd_tbl directly, the fix is just to avoid the reference through the stub. There is one place in the code where we issue ipv6 route lookup and keep doing it through the stub, but that mentioned commit makes sure we get -EAFNOSUPPORT from the stack. Fixes: 232c001398ae ("net/mlx5e: Add support to neighbour update flow") Signed-off-by: Or Gerlitz <ogerlitz(a)mellanox.com> Reviewed-by: Aviv Heller <avivh(a)mellanox.com> Signed-off-by: Saeed Mahameed <saeedm(a)mellanox.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 6 +++--- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) --- a/drivers/net/ethernet/mellanox/mlx5/core/en_rep.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_rep.c @@ -230,7 +230,7 @@ void mlx5e_remove_sqs_fwd_rules(struct m static void mlx5e_rep_neigh_update_init_interval(struct mlx5e_rep_priv *rpriv) { #if IS_ENABLED(CONFIG_IPV6) - unsigned long ipv6_interval = NEIGH_VAR(&ipv6_stub->nd_tbl->parms, + unsigned long ipv6_interval = NEIGH_VAR(&nd_tbl.parms, DELAY_PROBE_TIME); #else unsigned long ipv6_interval = ~0UL; @@ -366,7 +366,7 @@ static int mlx5e_rep_netevent_event(stru case NETEVENT_NEIGH_UPDATE: n = ptr; #if IS_ENABLED(CONFIG_IPV6) - if (n->tbl != ipv6_stub->nd_tbl && n->tbl != &arp_tbl) + if (n->tbl != &nd_tbl && n->tbl != &arp_tbl) #else if (n->tbl != &arp_tbl) #endif @@ -414,7 +414,7 @@ static int mlx5e_rep_netevent_event(stru * done per device delay prob time parameter. */ #if IS_ENABLED(CONFIG_IPV6) - if (!p->dev || (p->tbl != ipv6_stub->nd_tbl && p->tbl != &arp_tbl)) + if (!p->dev || (p->tbl != &nd_tbl && p->tbl != &arp_tbl)) #else if (!p->dev || p->tbl != &arp_tbl) #endif --- a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c @@ -484,7 +484,7 @@ void mlx5e_tc_update_neigh_used_value(st tbl = &arp_tbl; #if IS_ENABLED(CONFIG_IPV6) else if (m_neigh->family == AF_INET6) - tbl = ipv6_stub->nd_tbl; + tbl = &nd_tbl; #endif else return; Patches currently in stable-queue which might be from ogerlitz(a)mellanox.com are queue-4.14/net-mlx5e-fix-memory-usage-issues-in-offloading-tc-flows.patch queue-4.14/net-mlx5e-fix-traffic-being-dropped-on-vf-representor.patch queue-4.14/net-mlx5e-avoid-using-the-ipv6-stub-in-the-tc-offload-neigh-update-path.patch queue-4.14/net-mlx5e-don-t-override-vport-admin-link-state-in-switchdev-mode.patch

7 years, 5 months

1
0
0 0

Patch "net/mlx5e: Don't override vport admin link state in switchdev mode" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/mlx5e: Don't override vport admin link state in switchdev mode to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-mlx5e-don-t-override-vport-admin-link-state-in-switchdev-mode.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Jianbo Liu <jianbol(a)mellanox.com> Date: Fri, 2 Mar 2018 02:09:08 +0000 Subject: net/mlx5e: Don't override vport admin link state in switchdev mode From: Jianbo Liu <jianbol(a)mellanox.com> The vport admin original link state will be re-applied after returning back to legacy mode, it is not right to change the admin link state value when in switchdev mode. Use direct vport commands to alter logical vport state in netdev representor open/close flows rather than the administrative eswitch API. Fixes: 20a1ea674783 ('net/mlx5e: Support VF vport link state control for SRIOV switchdev mode') Signed-off-by: Jianbo Liu <jianbol(a)mellanox.com> Reviewed-by: Roi Dayan <roid(a)mellanox.com> Reviewed-by: Or Gerlitz <ogerlitz(a)mellanox.com> Signed-off-by: Saeed Mahameed <saeedm(a)mellanox.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) --- a/drivers/net/ethernet/mellanox/mlx5/core/en_rep.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_rep.c @@ -610,7 +610,6 @@ static int mlx5e_rep_open(struct net_dev struct mlx5e_priv *priv = netdev_priv(dev); struct mlx5e_rep_priv *rpriv = priv->ppriv; struct mlx5_eswitch_rep *rep = rpriv->rep; - struct mlx5_eswitch *esw = priv->mdev->priv.eswitch; int err; mutex_lock(&priv->state_lock); @@ -618,8 +617,9 @@ static int mlx5e_rep_open(struct net_dev if (err) goto unlock; - if (!mlx5_eswitch_set_vport_state(esw, rep->vport, - MLX5_ESW_VPORT_ADMIN_STATE_UP)) + if (!mlx5_modify_vport_admin_state(priv->mdev, + MLX5_QUERY_VPORT_STATE_IN_OP_MOD_ESW_VPORT, + rep->vport, MLX5_ESW_VPORT_ADMIN_STATE_UP)) netif_carrier_on(dev); unlock: @@ -632,11 +632,12 @@ static int mlx5e_rep_close(struct net_de struct mlx5e_priv *priv = netdev_priv(dev); struct mlx5e_rep_priv *rpriv = priv->ppriv; struct mlx5_eswitch_rep *rep = rpriv->rep; - struct mlx5_eswitch *esw = priv->mdev->priv.eswitch; int ret; mutex_lock(&priv->state_lock); - (void)mlx5_eswitch_set_vport_state(esw, rep->vport, MLX5_ESW_VPORT_ADMIN_STATE_DOWN); + mlx5_modify_vport_admin_state(priv->mdev, + MLX5_QUERY_VPORT_STATE_IN_OP_MOD_ESW_VPORT, + rep->vport, MLX5_ESW_VPORT_ADMIN_STATE_DOWN); ret = mlx5e_close_locked(dev); mutex_unlock(&priv->state_lock); return ret; Patches currently in stable-queue which might be from jianbol(a)mellanox.com are queue-4.14/net-mlx5e-fix-memory-usage-issues-in-offloading-tc-flows.patch queue-4.14/net-mlx5e-don-t-override-vport-admin-link-state-in-switchdev-mode.patch

7 years, 5 months

1
0
0 0

Patch "net/mlx4_en: Fix mixed PFC and Global pause user control requests" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/mlx4_en: Fix mixed PFC and Global pause user control requests to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-mlx4_en-fix-mixed-pfc-and-global-pause-user-control-requests.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Eran Ben Elisha <eranbe(a)mellanox.com> Date: Tue, 27 Mar 2018 14:41:18 +0300 Subject: net/mlx4_en: Fix mixed PFC and Global pause user control requests From: Eran Ben Elisha <eranbe(a)mellanox.com> [ Upstream commit 6e8814ceb7e8f468659ef9253bd212c07ae19584 ] Global pause and PFC configuration should be mutually exclusive (i.e. only one of them at most can be set). However, once PFC was turned off, driver automatically turned Global pause on. This is a bug. Fix the driver behaviour to turn off PFC/Global once the user turned the other on. This also fixed a weird behaviour that at a current time, the profile had both PFC and global pause configuration turned on, which is Hardware-wise impossible and caused returning false positive indication to query tools. In addition, fix error code when setting global pause or PFC to change metadata only upon successful change. Also, removed useless debug print. Fixes: af7d51852631 ("net/mlx4_en: Add DCB PFC support through CEE netlink commands") Fixes: c27a02cd94d6 ("mlx4_en: Add driver for Mellanox ConnectX 10GbE NIC") Signed-off-by: Eran Ben Elisha <eranbe(a)mellanox.com> Signed-off-by: Tariq Toukan <tariqt(a)mellanox.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/mellanox/mlx4/en_dcb_nl.c | 72 +++++++++++++----------- drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 33 ++++++----- drivers/net/ethernet/mellanox/mlx4/en_main.c | 4 - 3 files changed, 62 insertions(+), 47 deletions(-) --- a/drivers/net/ethernet/mellanox/mlx4/en_dcb_nl.c +++ b/drivers/net/ethernet/mellanox/mlx4/en_dcb_nl.c @@ -156,57 +156,63 @@ static int mlx4_en_dcbnl_getnumtcs(struc static u8 mlx4_en_dcbnl_set_all(struct net_device *netdev) { struct mlx4_en_priv *priv = netdev_priv(netdev); + struct mlx4_en_port_profile *prof = priv->prof; struct mlx4_en_dev *mdev = priv->mdev; + u8 tx_pause, tx_ppp, rx_pause, rx_ppp; if (!(priv->dcbx_cap & DCB_CAP_DCBX_VER_CEE)) return 1; if (priv->cee_config.pfc_state) { int tc; + rx_ppp = prof->rx_ppp; + tx_ppp = prof->tx_ppp; - priv->prof->rx_pause = 0; - priv->prof->tx_pause = 0; for (tc = 0; tc < CEE_DCBX_MAX_PRIO; tc++) { u8 tc_mask = 1 << tc; switch (priv->cee_config.dcb_pfc[tc]) { case pfc_disabled: - priv->prof->tx_ppp &= ~tc_mask; - priv->prof->rx_ppp &= ~tc_mask; + tx_ppp &= ~tc_mask; + rx_ppp &= ~tc_mask; break; case pfc_enabled_full: - priv->prof->tx_ppp |= tc_mask; - priv->prof->rx_ppp |= tc_mask; + tx_ppp |= tc_mask; + rx_ppp |= tc_mask; break; case pfc_enabled_tx: - priv->prof->tx_ppp |= tc_mask; - priv->prof->rx_ppp &= ~tc_mask; + tx_ppp |= tc_mask; + rx_ppp &= ~tc_mask; break; case pfc_enabled_rx: - priv->prof->tx_ppp &= ~tc_mask; - priv->prof->rx_ppp |= tc_mask; + tx_ppp &= ~tc_mask; + rx_ppp |= tc_mask; break; default: break; } } - en_dbg(DRV, priv, "Set pfc on\n"); + rx_pause = !!(rx_ppp || tx_ppp) ? 0 : prof->rx_pause; + tx_pause = !!(rx_ppp || tx_ppp) ? 0 : prof->tx_pause; } else { - priv->prof->rx_pause = 1; - priv->prof->tx_pause = 1; - en_dbg(DRV, priv, "Set pfc off\n"); + rx_ppp = 0; + tx_ppp = 0; + rx_pause = prof->rx_pause; + tx_pause = prof->tx_pause; } if (mlx4_SET_PORT_general(mdev->dev, priv->port, priv->rx_skb_size + ETH_FCS_LEN, - priv->prof->tx_pause, - priv->prof->tx_ppp, - priv->prof->rx_pause, - priv->prof->rx_ppp)) { + tx_pause, tx_ppp, rx_pause, rx_ppp)) { en_err(priv, "Failed setting pause params\n"); return 1; } + prof->tx_ppp = tx_ppp; + prof->rx_ppp = rx_ppp; + prof->tx_pause = tx_pause; + prof->rx_pause = rx_pause; + return 0; } @@ -408,6 +414,7 @@ static int mlx4_en_dcbnl_ieee_setpfc(str struct mlx4_en_priv *priv = netdev_priv(dev); struct mlx4_en_port_profile *prof = priv->prof; struct mlx4_en_dev *mdev = priv->mdev; + u32 tx_pause, tx_ppp, rx_pause, rx_ppp; int err; en_dbg(DRV, priv, "cap: 0x%x en: 0x%x mbc: 0x%x delay: %d\n", @@ -416,23 +423,26 @@ static int mlx4_en_dcbnl_ieee_setpfc(str pfc->mbc, pfc->delay); - prof->rx_pause = !pfc->pfc_en; - prof->tx_pause = !pfc->pfc_en; - prof->rx_ppp = pfc->pfc_en; - prof->tx_ppp = pfc->pfc_en; + rx_pause = prof->rx_pause && !pfc->pfc_en; + tx_pause = prof->tx_pause && !pfc->pfc_en; + rx_ppp = pfc->pfc_en; + tx_ppp = pfc->pfc_en; err = mlx4_SET_PORT_general(mdev->dev, priv->port, priv->rx_skb_size + ETH_FCS_LEN, - prof->tx_pause, - prof->tx_ppp, - prof->rx_pause, - prof->rx_ppp); - if (err) + tx_pause, tx_ppp, rx_pause, rx_ppp); + if (err) { en_err(priv, "Failed setting pause params\n"); - else - mlx4_en_update_pfc_stats_bitmap(mdev->dev, &priv->stats_bitmap, - prof->rx_ppp, prof->rx_pause, - prof->tx_ppp, prof->tx_pause); + return err; + } + + mlx4_en_update_pfc_stats_bitmap(mdev->dev, &priv->stats_bitmap, + rx_ppp, rx_pause, tx_ppp, tx_pause); + + prof->tx_ppp = tx_ppp; + prof->rx_ppp = rx_ppp; + prof->rx_pause = rx_pause; + prof->tx_pause = tx_pause; return err; } --- a/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c +++ b/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c @@ -1046,27 +1046,32 @@ static int mlx4_en_set_pauseparam(struct { struct mlx4_en_priv *priv = netdev_priv(dev); struct mlx4_en_dev *mdev = priv->mdev; + u8 tx_pause, tx_ppp, rx_pause, rx_ppp; int err; if (pause->autoneg) return -EINVAL; - priv->prof->tx_pause = pause->tx_pause != 0; - priv->prof->rx_pause = pause->rx_pause != 0; + tx_pause = !!(pause->tx_pause); + rx_pause = !!(pause->rx_pause); + rx_ppp = priv->prof->rx_ppp && !(tx_pause || rx_pause); + tx_ppp = priv->prof->tx_ppp && !(tx_pause || rx_pause); + err = mlx4_SET_PORT_general(mdev->dev, priv->port, priv->rx_skb_size + ETH_FCS_LEN, - priv->prof->tx_pause, - priv->prof->tx_ppp, - priv->prof->rx_pause, - priv->prof->rx_ppp); - if (err) - en_err(priv, "Failed setting pause params\n"); - else - mlx4_en_update_pfc_stats_bitmap(mdev->dev, &priv->stats_bitmap, - priv->prof->rx_ppp, - priv->prof->rx_pause, - priv->prof->tx_ppp, - priv->prof->tx_pause); + tx_pause, tx_ppp, rx_pause, rx_ppp); + if (err) { + en_err(priv, "Failed setting pause params, err = %d\n", err); + return err; + } + + mlx4_en_update_pfc_stats_bitmap(mdev->dev, &priv->stats_bitmap, + rx_ppp, rx_pause, tx_ppp, tx_pause); + + priv->prof->tx_pause = tx_pause; + priv->prof->rx_pause = rx_pause; + priv->prof->tx_ppp = tx_ppp; + priv->prof->rx_ppp = rx_ppp; return err; } --- a/drivers/net/ethernet/mellanox/mlx4/en_main.c +++ b/drivers/net/ethernet/mellanox/mlx4/en_main.c @@ -163,9 +163,9 @@ static void mlx4_en_get_profile(struct m params->udp_rss = 0; } for (i = 1; i <= MLX4_MAX_PORTS; i++) { - params->prof[i].rx_pause = 1; + params->prof[i].rx_pause = !(pfcrx || pfctx); params->prof[i].rx_ppp = pfcrx; - params->prof[i].tx_pause = 1; + params->prof[i].tx_pause = !(pfcrx || pfctx); params->prof[i].tx_ppp = pfctx; params->prof[i].tx_ring_size = MLX4_EN_DEF_TX_RING_SIZE; params->prof[i].rx_ring_size = MLX4_EN_DEF_RX_RING_SIZE; Patches currently in stable-queue which might be from eranbe(a)mellanox.com are queue-4.14/net-mlx4_en-fix-mixed-pfc-and-global-pause-user-control-requests.patch

7 years, 5 months

1
0
0 0

Patch "net/mlx4_core: Fix memory leak while delete slave's resources" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/mlx4_core: Fix memory leak while delete slave's resources to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-mlx4_core-fix-memory-leak-while-delete-slave-s-resources.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Moshe Shemesh <moshe(a)mellanox.com> Date: Tue, 27 Mar 2018 14:41:19 +0300 Subject: net/mlx4_core: Fix memory leak while delete slave's resources From: Moshe Shemesh <moshe(a)mellanox.com> [ Upstream commit 461d5f1b59490ce0096dfda45e10038c122a7892 ] mlx4_delete_all_resources_for_slave in resource tracker should free all memory allocated for a slave. While releasing memory of fs_rule, it misses releasing memory of fs_rule->mirr_mbox. Fixes: 78efed275117 ('net/mlx4_core: Support mirroring VF DMFS rules on both ports') Signed-off-by: Moshe Shemesh <moshe(a)mellanox.com> Signed-off-by: Tariq Toukan <tariqt(a)mellanox.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/ethernet/mellanox/mlx4/resource_tracker.c | 1 + 1 file changed, 1 insertion(+) --- a/drivers/net/ethernet/mellanox/mlx4/resource_tracker.c +++ b/drivers/net/ethernet/mellanox/mlx4/resource_tracker.c @@ -5089,6 +5089,7 @@ static void rem_slave_fs_rule(struct mlx &tracker->res_tree[RES_FS_RULE]); list_del(&fs_rule->com.list); spin_unlock_irq(mlx4_tlock(dev)); + kfree(fs_rule->mirr_mbox); kfree(fs_rule); state = 0; break; Patches currently in stable-queue which might be from moshe(a)mellanox.com are queue-4.14/net-mlx4_core-fix-memory-leak-while-delete-slave-s-resources.patch

7 years, 5 months

1
0
0 0

Patch "net/ipv6: Increment OUTxxx counters after netfilter hook" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/ipv6: Increment OUTxxx counters after netfilter hook to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-ipv6-increment-outxxx-counters-after-netfilter-hook.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Jeff Barnhill <0xeffeff(a)gmail.com> Date: Thu, 5 Apr 2018 21:29:47 +0000 Subject: net/ipv6: Increment OUTxxx counters after netfilter hook From: Jeff Barnhill <0xeffeff(a)gmail.com> [ Upstream commit 71a1c915238c970cd9bdd5bf158b1279d6b6d55b ] At the end of ip6_forward(), IPSTATS_MIB_OUTFORWDATAGRAMS and IPSTATS_MIB_OUTOCTETS are incremented immediately before the NF_HOOK call for NFPROTO_IPV6 / NF_INET_FORWARD. As a result, these counters get incremented regardless of whether or not the netfilter hook allows the packet to continue being processed. This change increments the counters in ip6_forward_finish() so that it will not happen if the netfilter hook chooses to terminate the packet, which is similar to how IPv4 works. Signed-off-by: Jeff Barnhill <0xeffeff(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv6/ip6_output.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -375,6 +375,11 @@ static int ip6_forward_proxy_check(struc static inline int ip6_forward_finish(struct net *net, struct sock *sk, struct sk_buff *skb) { + struct dst_entry *dst = skb_dst(skb); + + __IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS); + __IP6_ADD_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTOCTETS, skb->len); + return dst_output(net, sk, skb); } @@ -568,8 +573,6 @@ int ip6_forward(struct sk_buff *skb) hdr->hop_limit--; - __IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS); - __IP6_ADD_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTOCTETS, skb->len); return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD, net, NULL, skb, skb->dev, dst->dev, ip6_forward_finish); Patches currently in stable-queue which might be from 0xeffeff(a)gmail.com are queue-4.14/net-ipv6-increment-outxxx-counters-after-netfilter-hook.patch

7 years, 5 months

1
0
0 0

Patch "net/ipv6: Fix route leaking between VRFs" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net/ipv6: Fix route leaking between VRFs to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-ipv6-fix-route-leaking-between-vrfs.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: David Ahern <dsahern(a)gmail.com> Date: Thu, 29 Mar 2018 17:44:57 -0700 Subject: net/ipv6: Fix route leaking between VRFs From: David Ahern <dsahern(a)gmail.com> [ Upstream commit b6cdbc85234b072340b8923e69f49ec293f905dc ] Donald reported that IPv6 route leaking between VRFs is not working. The root cause is the strict argument in the call to rt6_lookup when validating the nexthop spec. ip6_route_check_nh validates the gateway and device (if given) of a route spec. It in turn could call rt6_lookup (e.g., lookup in a given table did not succeed so it falls back to a full lookup) and if so sets the strict argument to 1. That means if the egress device is given, the route lookup needs to return a result with the same device. This strict requirement does not work with VRFs (IPv4 or IPv6) because the oif in the flow struct is overridden with the index of the VRF device to trigger a match on the l3mdev rule and force the lookup to its table. The right long term solution is to add an l3mdev index to the flow struct such that the oif is not overridden. That solution will not backport well, so this patch aims for a simpler solution to relax the strict argument if the route spec device is an l3mdev slave. As done in other places, use the FLOWI_FLAG_SKIP_NH_OIF to know that the RT6_LOOKUP_F_IFACE flag needs to be removed. Fixes: ca254490c8df ("net: Add VRF support to IPv6 stack") Reported-by: Donald Sharp <sharpd(a)cumulusnetworks.com> Signed-off-by: David Ahern <dsahern(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv6/route.c | 3 +++ 1 file changed, 3 insertions(+) --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -871,6 +871,9 @@ static struct rt6_info *ip6_pol_route_lo struct fib6_node *fn; struct rt6_info *rt; + if (fl6->flowi6_flags & FLOWI_FLAG_SKIP_NH_OIF) + flags &= ~RT6_LOOKUP_F_IFACE; + read_lock_bh(&table->tb6_lock); fn = fib6_lookup(&table->tb6_root, &fl6->daddr, &fl6->saddr); restart: Patches currently in stable-queue which might be from dsahern(a)gmail.com are queue-4.14/perf-tools-fix-copyfile_offset-update-of-output-offset.patch queue-4.14/net-ipv6-fix-route-leaking-between-vrfs.patch queue-4.14/vrf-fix-use-after-free-and-double-free-in-vrf_finish_output.patch

7 years, 5 months

1
0
0 0

Patch "net: fix possible out-of-bound read in skb_network_protocol()" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net: fix possible out-of-bound read in skb_network_protocol() to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-fix-possible-out-of-bound-read-in-skb_network_protocol.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Mon, 26 Mar 2018 08:08:07 -0700 Subject: net: fix possible out-of-bound read in skb_network_protocol() From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit 1dfe82ebd7d8fd43dba9948fdfb31f145014baa0 ] skb mac header is not necessarily set at the time skb_network_protocol() is called. Use skb->data instead. BUG: KASAN: slab-out-of-bounds in skb_network_protocol+0x46b/0x4b0 net/core/dev.c:2739 Read of size 2 at addr ffff8801b3097a0b by task syz-executor5/14242 CPU: 1 PID: 14242 Comm: syz-executor5 Not tainted 4.16.0-rc6+ #280 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x24d lib/dump_stack.c:53 print_address_description+0x73/0x250 mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report+0x23c/0x360 mm/kasan/report.c:412 __asan_report_load_n_noabort+0xf/0x20 mm/kasan/report.c:443 skb_network_protocol+0x46b/0x4b0 net/core/dev.c:2739 harmonize_features net/core/dev.c:2924 [inline] netif_skb_features+0x509/0x9b0 net/core/dev.c:3011 validate_xmit_skb+0x81/0xb00 net/core/dev.c:3084 validate_xmit_skb_list+0xbf/0x120 net/core/dev.c:3142 packet_direct_xmit+0x117/0x790 net/packet/af_packet.c:256 packet_snd net/packet/af_packet.c:2944 [inline] packet_sendmsg+0x3aed/0x60b0 net/packet/af_packet.c:2969 sock_sendmsg_nosec net/socket.c:629 [inline] sock_sendmsg+0xca/0x110 net/socket.c:639 ___sys_sendmsg+0x767/0x8b0 net/socket.c:2047 __sys_sendmsg+0xe5/0x210 net/socket.c:2081 Fixes: 19acc327258a ("gso: Handle Trans-Ether-Bridging protocol in skb_network_protocol()") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Cc: Pravin B Shelar <pshelar(a)ovn.org> Reported-by: Reported-by: syzbot <syzkaller(a)googlegroups.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/core/dev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/core/dev.c +++ b/net/core/dev.c @@ -2696,7 +2696,7 @@ __be16 skb_network_protocol(struct sk_bu if (unlikely(!pskb_may_pull(skb, sizeof(struct ethhdr)))) return 0; - eth = (struct ethhdr *)skb_mac_header(skb); + eth = (struct ethhdr *)skb->data; type = eth->h_proto; } Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.14/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.14/net-fix-possible-out-of-bound-read-in-skb_network_protocol.patch queue-4.14/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.14/net-fool-proof-dev_valid_name.patch queue-4.14/ipv6-the-entire-ipv6-header-chain-must-fit-the-first-fragment.patch queue-4.14/vti6-better-validate-user-provided-tunnel-names.patch queue-4.14/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.14/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.14/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.14/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.14/netlink-make-sure-nladdr-has-correct-size-in-netlink_connect.patch queue-4.14/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "net: fool proof dev_valid_name()" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled net: fool proof dev_valid_name() to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: net-fool-proof-dev_valid_name.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Thu, 5 Apr 2018 06:39:26 -0700 Subject: net: fool proof dev_valid_name() From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit a9d48205d0aedda021fc3728972a9e9934c2b9de ] We want to use dev_valid_name() to validate tunnel names, so better use strnlen(name, IFNAMSIZ) than strlen(name) to make sure to not upset KASAN. Signed-off-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/core/dev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/core/dev.c +++ b/net/core/dev.c @@ -1025,7 +1025,7 @@ bool dev_valid_name(const char *name) { if (*name == '\0') return false; - if (strlen(name) >= IFNAMSIZ) + if (strnlen(name, IFNAMSIZ) == IFNAMSIZ) return false; if (!strcmp(name, ".") || !strcmp(name, "..")) return false; Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.14/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.14/net-fix-possible-out-of-bound-read-in-skb_network_protocol.patch queue-4.14/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.14/net-fool-proof-dev_valid_name.patch queue-4.14/ipv6-the-entire-ipv6-header-chain-must-fit-the-first-fragment.patch queue-4.14/vti6-better-validate-user-provided-tunnel-names.patch queue-4.14/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.14/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.14/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.14/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.14/netlink-make-sure-nladdr-has-correct-size-in-netlink_connect.patch queue-4.14/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "ipv6: the entire IPv6 header chain must fit the first fragment" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ipv6: the entire IPv6 header chain must fit the first fragment to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ipv6-the-entire-ipv6-header-chain-must-fit-the-first-fragment.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Paolo Abeni <pabeni(a)redhat.com> Date: Fri, 23 Mar 2018 14:47:30 +0100 Subject: ipv6: the entire IPv6 header chain must fit the first fragment From: Paolo Abeni <pabeni(a)redhat.com> [ Upstream commit 10b8a3de603df7b96004179b1b33b1708c76d144 ] While building ipv6 datagram we currently allow arbitrary large extheaders, even beyond pmtu size. The syzbot has found a way to exploit the above to trigger the following splat: kernel BUG at ./include/linux/skbuff.h:2073! invalid opcode: 0000 [#1] SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: 4230 Comm: syzkaller672661 Not tainted 4.16.0-rc2+ #326 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:__skb_pull include/linux/skbuff.h:2073 [inline] RIP: 0010:__ip6_make_skb+0x1ac8/0x2190 net/ipv6/ip6_output.c:1636 RSP: 0018:ffff8801bc18f0f0 EFLAGS: 00010293 RAX: ffff8801b17400c0 RBX: 0000000000000738 RCX: ffffffff84f01828 RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8801b415ac18 RBP: ffff8801bc18f360 R08: ffff8801b4576844 R09: 0000000000000000 R10: ffff8801bc18f380 R11: ffffed00367aee4e R12: 00000000000000d6 R13: ffff8801b415a740 R14: dffffc0000000000 R15: ffff8801b45767c0 FS: 0000000001535880(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000002000b000 CR3: 00000001b4123001 CR4: 00000000001606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ip6_finish_skb include/net/ipv6.h:969 [inline] udp_v6_push_pending_frames+0x269/0x3b0 net/ipv6/udp.c:1073 udpv6_sendmsg+0x2a96/0x3400 net/ipv6/udp.c:1343 inet_sendmsg+0x11f/0x5e0 net/ipv4/af_inet.c:764 sock_sendmsg_nosec net/socket.c:630 [inline] sock_sendmsg+0xca/0x110 net/socket.c:640 ___sys_sendmsg+0x320/0x8b0 net/socket.c:2046 __sys_sendmmsg+0x1ee/0x620 net/socket.c:2136 SYSC_sendmmsg net/socket.c:2167 [inline] SyS_sendmmsg+0x35/0x60 net/socket.c:2162 do_syscall_64+0x280/0x940 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 RIP: 0033:0x4404c9 RSP: 002b:00007ffdce35f948 EFLAGS: 00000217 ORIG_RAX: 0000000000000133 RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004404c9 RDX: 0000000000000003 RSI: 0000000020001f00 RDI: 0000000000000003 RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8 R10: 0000000020000080 R11: 0000000000000217 R12: 0000000000401df0 R13: 0000000000401e80 R14: 0000000000000000 R15: 0000000000000000 Code: ff e8 1d 5e b9 fc e9 15 e9 ff ff e8 13 5e b9 fc e9 44 e8 ff ff e8 29 5e b9 fc e9 c0 e6 ff ff e8 3f f3 80 fc 0f 0b e8 38 f3 80 fc <0f> 0b 49 8d 87 80 00 00 00 4d 8d 87 84 00 00 00 48 89 85 20 fe RIP: __skb_pull include/linux/skbuff.h:2073 [inline] RSP: ffff8801bc18f0f0 RIP: __ip6_make_skb+0x1ac8/0x2190 net/ipv6/ip6_output.c:1636 RSP: ffff8801bc18f0f0 As stated by RFC 7112 section 5: When a host fragments an IPv6 datagram, it MUST include the entire IPv6 Header Chain in the First Fragment. So this patch addresses the issue dropping datagrams with excessive extheader length. It also updates the error path to report to the calling socket nonnegative pmtu values. The issue apparently predates git history. v1 -> v2: cleanup error path, as per Eric's suggestion Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Reported-by: syzbot+91e6f9932ff122fa4410(a)syzkaller.appspotmail.com Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Reviewed-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv6/ip6_output.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -1245,7 +1245,7 @@ static int __ip6_append_data(struct sock const struct sockcm_cookie *sockc) { struct sk_buff *skb, *skb_prev = NULL; - unsigned int maxfraglen, fragheaderlen, mtu, orig_mtu; + unsigned int maxfraglen, fragheaderlen, mtu, orig_mtu, pmtu; int exthdrlen = 0; int dst_exthdrlen = 0; int hh_len; @@ -1281,6 +1281,12 @@ static int __ip6_append_data(struct sock sizeof(struct frag_hdr) : 0) + rt->rt6i_nfheader_len; + /* as per RFC 7112 section 5, the entire IPv6 Header Chain must fit + * the first fragment + */ + if (headersize + transhdrlen > mtu) + goto emsgsize; + if (cork->length + length > mtu - headersize && ipc6->dontfrag && (sk->sk_protocol == IPPROTO_UDP || sk->sk_protocol == IPPROTO_RAW)) { @@ -1296,9 +1302,8 @@ static int __ip6_append_data(struct sock if (cork->length + length > maxnonfragsize - headersize) { emsgsize: - ipv6_local_error(sk, EMSGSIZE, fl6, - mtu - headersize + - sizeof(struct ipv6hdr)); + pmtu = max_t(int, mtu - headersize + sizeof(struct ipv6hdr), 0); + ipv6_local_error(sk, EMSGSIZE, fl6, pmtu); return -EMSGSIZE; } Patches currently in stable-queue which might be from pabeni(a)redhat.com are queue-4.14/ipv6-the-entire-ipv6-header-chain-must-fit-the-first-fragment.patch

7 years, 5 months

1
0
0 0

Patch "lan78xx: Crash in lan78xx_writ_reg (Workqueue: events lan78xx_deferred_multicast_write)" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled lan78xx: Crash in lan78xx_writ_reg (Workqueue: events lan78xx_deferred_multicast_write) to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: lan78xx-crash-in-lan78xx_writ_reg-workqueue-events-lan78xx_deferred_multicast_write.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Raghuram Chary J <raghuramchary.jallipalli(a)microchip.com> Date: Tue, 27 Mar 2018 14:51:16 +0530 Subject: lan78xx: Crash in lan78xx_writ_reg (Workqueue: events lan78xx_deferred_multicast_write) From: Raghuram Chary J <raghuramchary.jallipalli(a)microchip.com> [ Upstream commit 2d2d99ec13f62d5d2cecb6169dfdb6bbe05356d0 ] Description: Crash was reported with syzkaller pointing to lan78xx_write_reg routine. Root-cause: Proper cleanup of workqueues and init/setup routines was not happening in failure conditions. Fix: Handled the error conditions by cleaning up the queues and init/setup routines. Fixes: 55d7de9de6c3 ("Microchip's LAN7800 family USB 2/3 to 10/100/1000 Ethernet device driver") Reported-by: Andrey Konovalov <andreyknvl(a)google.com> Signed-off-by: Raghuram Chary J <raghuramchary.jallipalli(a)microchip.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/usb/lan78xx.c | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) --- a/drivers/net/usb/lan78xx.c +++ b/drivers/net/usb/lan78xx.c @@ -2863,8 +2863,7 @@ static int lan78xx_bind(struct lan78xx_n if (ret < 0) { netdev_warn(dev->net, "lan78xx_setup_irq_domain() failed : %d", ret); - kfree(pdata); - return ret; + goto out1; } dev->net->hard_header_len += TX_OVERHEAD; @@ -2872,14 +2871,32 @@ static int lan78xx_bind(struct lan78xx_n /* Init all registers */ ret = lan78xx_reset(dev); + if (ret) { + netdev_warn(dev->net, "Registers INIT FAILED...."); + goto out2; + } ret = lan78xx_mdio_init(dev); + if (ret) { + netdev_warn(dev->net, "MDIO INIT FAILED....."); + goto out2; + } dev->net->flags |= IFF_MULTICAST; pdata->wol = WAKE_MAGIC; return ret; + +out2: + lan78xx_remove_irq_domain(dev); + +out1: + netdev_warn(dev->net, "Bind routine FAILED"); + cancel_work_sync(&pdata->set_multicast); + cancel_work_sync(&pdata->set_vlan); + kfree(pdata); + return ret; } static void lan78xx_unbind(struct lan78xx_net *dev, struct usb_interface *intf) @@ -2891,6 +2908,8 @@ static void lan78xx_unbind(struct lan78x lan78xx_remove_mdio(dev); if (pdata) { + cancel_work_sync(&pdata->set_multicast); + cancel_work_sync(&pdata->set_vlan); netif_dbg(dev, ifdown, dev->net, "free pdata"); kfree(pdata); pdata = NULL; Patches currently in stable-queue which might be from raghuramchary.jallipalli(a)microchip.com are queue-4.14/lan78xx-crash-in-lan78xx_writ_reg-workqueue-events-lan78xx_deferred_multicast_write.patch

7 years, 5 months

1
0
0 0

Patch "ipv6: sr: fix seg6 encap performances with TSO enabled" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ipv6: sr: fix seg6 encap performances with TSO enabled to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ipv6-sr-fix-seg6-encap-performances-with-tso-enabled.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: David Lebrun <dlebrun(a)google.com> Date: Thu, 29 Mar 2018 17:59:36 +0100 Subject: ipv6: sr: fix seg6 encap performances with TSO enabled From: David Lebrun <dlebrun(a)google.com> [ Upstream commit 5807b22c9164a21cd1077a9bc587f0bba361f72d ] Enabling TSO can lead to abysmal performances when using seg6 in encap mode, such as with the ixgbe driver. This patch adds a call to iptunnel_handle_offloads() to remove the encapsulation bit if needed. Before: root@comp4-seg6bpf:~# iperf3 -c fc00::55 Connecting to host fc00::55, port 5201 [ 4] local fc45::4 port 36592 connected to fc00::55 port 5201 [ ID] Interval Transfer Bandwidth Retr Cwnd [ 4] 0.00-1.00 sec 196 KBytes 1.60 Mbits/sec 47 6.66 KBytes [ 4] 1.00-2.00 sec 304 KBytes 2.49 Mbits/sec 100 5.33 KBytes [ 4] 2.00-3.00 sec 284 KBytes 2.32 Mbits/sec 92 5.33 KBytes After: root@comp4-seg6bpf:~# iperf3 -c fc00::55 Connecting to host fc00::55, port 5201 [ 4] local fc45::4 port 43062 connected to fc00::55 port 5201 [ ID] Interval Transfer Bandwidth Retr Cwnd [ 4] 0.00-1.00 sec 1.03 GBytes 8.89 Gbits/sec 0 743 KBytes [ 4] 1.00-2.00 sec 1.03 GBytes 8.87 Gbits/sec 0 743 KBytes [ 4] 2.00-3.00 sec 1.03 GBytes 8.87 Gbits/sec 0 743 KBytes Reported-by: Tom Herbert <tom(a)quantonium.net> Fixes: 6c8702c60b88 ("ipv6: sr: add support for SRH encapsulation and injection with lwtunnels") Signed-off-by: David Lebrun <dlebrun(a)google.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv6/seg6_iptunnel.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) --- a/net/ipv6/seg6_iptunnel.c +++ b/net/ipv6/seg6_iptunnel.c @@ -16,6 +16,7 @@ #include <linux/net.h> #include <linux/module.h> #include <net/ip.h> +#include <net/ip_tunnels.h> #include <net/lwtunnel.h> #include <net/netevent.h> #include <net/netns/generic.h> @@ -211,11 +212,6 @@ static int seg6_do_srh(struct sk_buff *s tinfo = seg6_encap_lwtunnel(dst->lwtstate); - if (likely(!skb->encapsulation)) { - skb_reset_inner_headers(skb); - skb->encapsulation = 1; - } - switch (tinfo->mode) { case SEG6_IPTUN_MODE_INLINE: if (skb->protocol != htons(ETH_P_IPV6)) @@ -224,10 +220,12 @@ static int seg6_do_srh(struct sk_buff *s err = seg6_do_srh_inline(skb, tinfo->srh); if (err) return err; - - skb_reset_inner_headers(skb); break; case SEG6_IPTUN_MODE_ENCAP: + err = iptunnel_handle_offloads(skb, SKB_GSO_IPXIP6); + if (err) + return err; + if (skb->protocol == htons(ETH_P_IPV6)) proto = IPPROTO_IPV6; else if (skb->protocol == htons(ETH_P_IP)) @@ -239,6 +237,8 @@ static int seg6_do_srh(struct sk_buff *s if (err) return err; + skb_set_inner_transport_header(skb, skb_transport_offset(skb)); + skb_set_inner_protocol(skb, skb->protocol); skb->protocol = htons(ETH_P_IPV6); break; case SEG6_IPTUN_MODE_L2ENCAP: @@ -262,8 +262,6 @@ static int seg6_do_srh(struct sk_buff *s ipv6_hdr(skb)->payload_len = htons(skb->len - sizeof(struct ipv6hdr)); skb_set_transport_header(skb, sizeof(struct ipv6hdr)); - skb_set_inner_protocol(skb, skb->protocol); - return 0; } Patches currently in stable-queue which might be from dlebrun(a)google.com are queue-4.14/ipv6-sr-fix-seg6-encap-performances-with-tso-enabled.patch

7 years, 5 months

1
0
0 0

Patch "ipv6: sit: better validate user provided tunnel names" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ipv6: sit: better validate user provided tunnel names to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ipv6-sit-better-validate-user-provided-tunnel-names.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Thu, 5 Apr 2018 06:39:28 -0700 Subject: ipv6: sit: better validate user provided tunnel names From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit b95211e066fc3494b7c115060b2297b4ba21f025 ] Use dev_valid_name() to make sure user does not provide illegal device name. syzbot caught the following bug : BUG: KASAN: stack-out-of-bounds in strlcpy include/linux/string.h:300 [inline] BUG: KASAN: stack-out-of-bounds in ipip6_tunnel_locate+0x63b/0xaa0 net/ipv6/sit.c:254 Write of size 33 at addr ffff8801b64076d8 by task syzkaller932654/4453 CPU: 0 PID: 4453 Comm: syzkaller932654 Not tainted 4.16.0+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b9/0x29f lib/dump_stack.c:53 print_address_description+0x6c/0x20b mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.7+0xac/0x2f5 mm/kasan/report.c:412 check_memory_region_inline mm/kasan/kasan.c:260 [inline] check_memory_region+0x13e/0x1b0 mm/kasan/kasan.c:267 memcpy+0x37/0x50 mm/kasan/kasan.c:303 strlcpy include/linux/string.h:300 [inline] ipip6_tunnel_locate+0x63b/0xaa0 net/ipv6/sit.c:254 ipip6_tunnel_ioctl+0xe71/0x241b net/ipv6/sit.c:1221 dev_ifsioc+0x43e/0xb90 net/core/dev_ioctl.c:334 dev_ioctl+0x69a/0xcc0 net/core/dev_ioctl.c:525 sock_ioctl+0x47e/0x680 net/socket.c:1015 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x1cf/0x1650 fs/ioctl.c:684 ksys_ioctl+0xa9/0xd0 fs/ioctl.c:701 SYSC_ioctl fs/ioctl.c:708 [inline] SyS_ioctl+0x24/0x30 fs/ioctl.c:706 do_syscall_64+0x29e/0x9d0 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Reported-by: syzbot <syzkaller(a)googlegroups.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv6/sit.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) --- a/net/ipv6/sit.c +++ b/net/ipv6/sit.c @@ -244,11 +244,13 @@ static struct ip_tunnel *ipip6_tunnel_lo if (!create) goto failed; - if (parms->name[0]) + if (parms->name[0]) { + if (!dev_valid_name(parms->name)) + goto failed; strlcpy(name, parms->name, IFNAMSIZ); - else + } else { strcpy(name, "sit%d"); - + } dev = alloc_netdev(sizeof(*t), name, NET_NAME_UNKNOWN, ipip6_tunnel_setup); if (!dev) Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.14/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.14/net-fix-possible-out-of-bound-read-in-skb_network_protocol.patch queue-4.14/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.14/net-fool-proof-dev_valid_name.patch queue-4.14/ipv6-the-entire-ipv6-header-chain-must-fit-the-first-fragment.patch queue-4.14/vti6-better-validate-user-provided-tunnel-names.patch queue-4.14/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.14/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.14/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.14/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.14/netlink-make-sure-nladdr-has-correct-size-in-netlink_connect.patch queue-4.14/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "ip6_tunnel: better validate user provided tunnel names" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ip6_tunnel: better validate user provided tunnel names to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ip6_tunnel-better-validate-user-provided-tunnel-names.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Thu, 5 Apr 2018 06:39:30 -0700 Subject: ip6_tunnel: better validate user provided tunnel names From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit db7a65e3ab78e5b1c4b17c0870ebee35a4ee3257 ] Use valid_name() to make sure user does not provide illegal device name. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv6/ip6_tunnel.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) --- a/net/ipv6/ip6_tunnel.c +++ b/net/ipv6/ip6_tunnel.c @@ -297,13 +297,16 @@ static struct ip6_tnl *ip6_tnl_create(st struct net_device *dev; struct ip6_tnl *t; char name[IFNAMSIZ]; - int err = -ENOMEM; + int err = -E2BIG; - if (p->name[0]) + if (p->name[0]) { + if (!dev_valid_name(p->name)) + goto failed; strlcpy(name, p->name, IFNAMSIZ); - else + } else { sprintf(name, "ip6tnl%%d"); - + } + err = -ENOMEM; dev = alloc_netdev(sizeof(*t), name, NET_NAME_UNKNOWN, ip6_tnl_dev_setup); if (!dev) Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.14/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.14/net-fix-possible-out-of-bound-read-in-skb_network_protocol.patch queue-4.14/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.14/net-fool-proof-dev_valid_name.patch queue-4.14/ipv6-the-entire-ipv6-header-chain-must-fit-the-first-fragment.patch queue-4.14/vti6-better-validate-user-provided-tunnel-names.patch queue-4.14/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.14/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.14/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.14/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.14/netlink-make-sure-nladdr-has-correct-size-in-netlink_connect.patch queue-4.14/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "ip_tunnel: better validate user provided tunnel names" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ip_tunnel: better validate user provided tunnel names to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ip_tunnel-better-validate-user-provided-tunnel-names.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Thu, 5 Apr 2018 06:39:27 -0700 Subject: ip_tunnel: better validate user provided tunnel names From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit 9cb726a212a82c88c98aa9f0037fd04777cd8fe5 ] Use dev_valid_name() to make sure user does not provide illegal device name. syzbot caught the following bug : BUG: KASAN: stack-out-of-bounds in strlcpy include/linux/string.h:300 [inline] BUG: KASAN: stack-out-of-bounds in __ip_tunnel_create+0xca/0x6b0 net/ipv4/ip_tunnel.c:257 Write of size 20 at addr ffff8801ac79f810 by task syzkaller268107/4482 CPU: 0 PID: 4482 Comm: syzkaller268107 Not tainted 4.16.0+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b9/0x29f lib/dump_stack.c:53 print_address_description+0x6c/0x20b mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.7+0xac/0x2f5 mm/kasan/report.c:412 check_memory_region_inline mm/kasan/kasan.c:260 [inline] check_memory_region+0x13e/0x1b0 mm/kasan/kasan.c:267 memcpy+0x37/0x50 mm/kasan/kasan.c:303 strlcpy include/linux/string.h:300 [inline] __ip_tunnel_create+0xca/0x6b0 net/ipv4/ip_tunnel.c:257 ip_tunnel_create net/ipv4/ip_tunnel.c:352 [inline] ip_tunnel_ioctl+0x818/0xd40 net/ipv4/ip_tunnel.c:861 ipip_tunnel_ioctl+0x1c5/0x420 net/ipv4/ipip.c:350 dev_ifsioc+0x43e/0xb90 net/core/dev_ioctl.c:334 dev_ioctl+0x69a/0xcc0 net/core/dev_ioctl.c:525 sock_ioctl+0x47e/0x680 net/socket.c:1015 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x1cf/0x1650 fs/ioctl.c:684 ksys_ioctl+0xa9/0xd0 fs/ioctl.c:701 SYSC_ioctl fs/ioctl.c:708 [inline] SyS_ioctl+0x24/0x30 fs/ioctl.c:706 do_syscall_64+0x29e/0x9d0 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 Fixes: c54419321455 ("GRE: Refactor GRE tunneling code.") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Reported-by: syzbot <syzkaller(a)googlegroups.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv4/ip_tunnel.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) --- a/net/ipv4/ip_tunnel.c +++ b/net/ipv4/ip_tunnel.c @@ -253,13 +253,14 @@ static struct net_device *__ip_tunnel_cr struct net_device *dev; char name[IFNAMSIZ]; - if (parms->name[0]) + err = -E2BIG; + if (parms->name[0]) { + if (!dev_valid_name(parms->name)) + goto failed; strlcpy(name, parms->name, IFNAMSIZ); - else { - if (strlen(ops->kind) > (IFNAMSIZ - 3)) { - err = -E2BIG; + } else { + if (strlen(ops->kind) > (IFNAMSIZ - 3)) goto failed; - } strlcpy(name, ops->kind, IFNAMSIZ); strncat(name, "%d", 2); } Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.14/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.14/net-fix-possible-out-of-bound-read-in-skb_network_protocol.patch queue-4.14/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.14/net-fool-proof-dev_valid_name.patch queue-4.14/ipv6-the-entire-ipv6-header-chain-must-fit-the-first-fragment.patch queue-4.14/vti6-better-validate-user-provided-tunnel-names.patch queue-4.14/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.14/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.14/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.14/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.14/netlink-make-sure-nladdr-has-correct-size-in-netlink_connect.patch queue-4.14/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "ip6_gre: better validate user provided tunnel names" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled ip6_gre: better validate user provided tunnel names to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: ip6_gre-better-validate-user-provided-tunnel-names.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Eric Dumazet <edumazet(a)google.com> Date: Thu, 5 Apr 2018 06:39:29 -0700 Subject: ip6_gre: better validate user provided tunnel names From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit 5f42df013b8bc1b6511af7a04bf93b014884ae2a ] Use dev_valid_name() to make sure user does not provide illegal device name. syzbot caught the following bug : BUG: KASAN: stack-out-of-bounds in strlcpy include/linux/string.h:300 [inline] BUG: KASAN: stack-out-of-bounds in ip6gre_tunnel_locate+0x334/0x860 net/ipv6/ip6_gre.c:339 Write of size 20 at addr ffff8801afb9f7b8 by task syzkaller851048/4466 CPU: 1 PID: 4466 Comm: syzkaller851048 Not tainted 4.16.0+ #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b9/0x29f lib/dump_stack.c:53 print_address_description+0x6c/0x20b mm/kasan/report.c:256 kasan_report_error mm/kasan/report.c:354 [inline] kasan_report.cold.7+0xac/0x2f5 mm/kasan/report.c:412 check_memory_region_inline mm/kasan/kasan.c:260 [inline] check_memory_region+0x13e/0x1b0 mm/kasan/kasan.c:267 memcpy+0x37/0x50 mm/kasan/kasan.c:303 strlcpy include/linux/string.h:300 [inline] ip6gre_tunnel_locate+0x334/0x860 net/ipv6/ip6_gre.c:339 ip6gre_tunnel_ioctl+0x69d/0x12e0 net/ipv6/ip6_gre.c:1195 dev_ifsioc+0x43e/0xb90 net/core/dev_ioctl.c:334 dev_ioctl+0x69a/0xcc0 net/core/dev_ioctl.c:525 sock_ioctl+0x47e/0x680 net/socket.c:1015 vfs_ioctl fs/ioctl.c:46 [inline] file_ioctl fs/ioctl.c:500 [inline] do_vfs_ioctl+0x1cf/0x1650 fs/ioctl.c:684 ksys_ioctl+0xa9/0xd0 fs/ioctl.c:701 SYSC_ioctl fs/ioctl.c:708 [inline] SyS_ioctl+0x24/0x30 fs/ioctl.c:706 do_syscall_64+0x29e/0x9d0 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x42/0xb7 Fixes: c12b395a4664 ("gre: Support GRE over IPv6") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Reported-by: syzbot <syzkaller(a)googlegroups.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv6/ip6_gre.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) --- a/net/ipv6/ip6_gre.c +++ b/net/ipv6/ip6_gre.c @@ -319,11 +319,13 @@ static struct ip6_tnl *ip6gre_tunnel_loc if (t || !create) return t; - if (parms->name[0]) + if (parms->name[0]) { + if (!dev_valid_name(parms->name)) + return NULL; strlcpy(name, parms->name, IFNAMSIZ); - else + } else { strcpy(name, "ip6gre%d"); - + } dev = alloc_netdev(sizeof(*t), name, NET_NAME_UNKNOWN, ip6gre_tunnel_setup); if (!dev) Patches currently in stable-queue which might be from edumazet(a)google.com are queue-4.14/sctp-sctp_sockaddr_af-must-check-minimal-addr-length-for-af_inet6.patch queue-4.14/net-fix-possible-out-of-bound-read-in-skb_network_protocol.patch queue-4.14/pptp-remove-a-buggy-dst-release-in-pptp_connect.patch queue-4.14/net-fool-proof-dev_valid_name.patch queue-4.14/ipv6-the-entire-ipv6-header-chain-must-fit-the-first-fragment.patch queue-4.14/vti6-better-validate-user-provided-tunnel-names.patch queue-4.14/ipv6-sit-better-validate-user-provided-tunnel-names.patch queue-4.14/ip6_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.14/sctp-do-not-leak-kernel-memory-to-user-space.patch queue-4.14/ip_tunnel-better-validate-user-provided-tunnel-names.patch queue-4.14/netlink-make-sure-nladdr-has-correct-size-in-netlink_connect.patch queue-4.14/ip6_gre-better-validate-user-provided-tunnel-names.patch

7 years, 5 months

1
0
0 0

Patch "bonding: process the err returned by dev_set_allmulti properly in bond_enslave" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled bonding: process the err returned by dev_set_allmulti properly in bond_enslave to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: bonding-process-the-err-returned-by-dev_set_allmulti-properly-in-bond_enslave.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Xin Long <lucien.xin(a)gmail.com> Date: Mon, 26 Mar 2018 01:16:47 +0800 Subject: bonding: process the err returned by dev_set_allmulti properly in bond_enslave From: Xin Long <lucien.xin(a)gmail.com> [ Upstream commit 9f5a90c107741b864398f4ac0014711a8c1d8474 ] When dev_set_promiscuity(1) succeeds but dev_set_allmulti(1) fails, dev_set_promiscuity(-1) should be done before going to the err path. Otherwise, dev->promiscuity will leak. Fixes: 7e1a1ac1fbaa ("bonding: Check return of dev_set_promiscuity/allmulti") Signed-off-by: Xin Long <lucien.xin(a)gmail.com> Acked-by: Andy Gospodarek <andy(a)greyhouse.net> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/bonding/bond_main.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) --- a/drivers/net/bonding/bond_main.c +++ b/drivers/net/bonding/bond_main.c @@ -1702,8 +1702,11 @@ int bond_enslave(struct net_device *bond /* set allmulti level to new slave */ if (bond_dev->flags & IFF_ALLMULTI) { res = dev_set_allmulti(slave_dev, 1); - if (res) + if (res) { + if (bond_dev->flags & IFF_PROMISC) + dev_set_promiscuity(slave_dev, -1); goto err_sysfs_del; + } } netif_addr_lock_bh(bond_dev); Patches currently in stable-queue which might be from lucien.xin(a)gmail.com are queue-4.14/team-move-dev_mc_sync-after-master_upper_dev_link-in-team_port_add.patch queue-4.14/bonding-process-the-err-returned-by-dev_set_allmulti-properly-in-bond_enslave.patch queue-4.14/bonding-fix-the-err-path-for-dev-hwaddr-sync-in-bond_enslave.patch queue-4.14/bonding-move-dev_mc_sync-after-master_upper_dev_link-in-bond_enslave.patch queue-4.14/route-check-sysctl_fib_multipath_use_neigh-earlier-than-hash.patch

7 years, 5 months

1
0
0 0

Patch "bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: bonding-move-dev_mc_sync-after-master_upper_dev_link-in-bond_enslave.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Xin Long <lucien.xin(a)gmail.com> Date: Mon, 26 Mar 2018 01:16:46 +0800 Subject: bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave From: Xin Long <lucien.xin(a)gmail.com> [ Upstream commit ae42cc62a9f07f1f6979054ed92606b9c30f4a2e ] Beniamino found a crash when adding vlan as slave of bond which is also the parent link: ip link add bond1 type bond ip link set bond1 up ip link add link bond1 vlan1 type vlan id 80 ip link set vlan1 master bond1 The call trace is as below: [<ffffffffa850842a>] queued_spin_lock_slowpath+0xb/0xf [<ffffffffa8515680>] _raw_spin_lock+0x20/0x30 [<ffffffffa83f6f07>] dev_mc_sync+0x37/0x80 [<ffffffffc08687dc>] vlan_dev_set_rx_mode+0x1c/0x30 [8021q] [<ffffffffa83efd2a>] __dev_set_rx_mode+0x5a/0xa0 [<ffffffffa83f7138>] dev_mc_sync_multiple+0x78/0x80 [<ffffffffc084127c>] bond_enslave+0x67c/0x1190 [bonding] [<ffffffffa8401909>] do_setlink+0x9c9/0xe50 [<ffffffffa8403bf2>] rtnl_newlink+0x522/0x880 [<ffffffffa8403ff7>] rtnetlink_rcv_msg+0xa7/0x260 [<ffffffffa8424ecb>] netlink_rcv_skb+0xab/0xc0 [<ffffffffa83fe498>] rtnetlink_rcv+0x28/0x30 [<ffffffffa8424850>] netlink_unicast+0x170/0x210 [<ffffffffa8424bf8>] netlink_sendmsg+0x308/0x420 [<ffffffffa83cc396>] sock_sendmsg+0xb6/0xf0 This is actually a dead lock caused by sync slave hwaddr from master when the master is the slave's 'slave'. This dead loop check is actually done by netdev_master_upper_dev_link. However, Commit 1f718f0f4f97 ("bonding: populate neighbour's private on enslave") moved it after dev_mc_sync. This patch is to fix it by moving dev_mc_sync after master_upper_dev_link, so that this loop check would be earlier than dev_mc_sync. It also moves if (mode == BOND_MODE_8023AD) into if (!bond_uses_primary) clause as an improvement. Note team driver also has this issue, I will fix it in another patch. Fixes: 1f718f0f4f97 ("bonding: populate neighbour's private on enslave") Reported-by: Beniamino Galvani <bgalvani(a)redhat.com> Signed-off-by: Xin Long <lucien.xin(a)gmail.com> Acked-by: Andy Gospodarek <andy(a)greyhouse.net> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/bonding/bond_main.c | 73 +++++++++++++++++++--------------------- 1 file changed, 35 insertions(+), 38 deletions(-) --- a/drivers/net/bonding/bond_main.c +++ b/drivers/net/bonding/bond_main.c @@ -1524,44 +1524,11 @@ int bond_enslave(struct net_device *bond goto err_close; } - /* If the mode uses primary, then the following is handled by - * bond_change_active_slave(). - */ - if (!bond_uses_primary(bond)) { - /* set promiscuity level to new slave */ - if (bond_dev->flags & IFF_PROMISC) { - res = dev_set_promiscuity(slave_dev, 1); - if (res) - goto err_close; - } - - /* set allmulti level to new slave */ - if (bond_dev->flags & IFF_ALLMULTI) { - res = dev_set_allmulti(slave_dev, 1); - if (res) - goto err_close; - } - - netif_addr_lock_bh(bond_dev); - - dev_mc_sync_multiple(slave_dev, bond_dev); - dev_uc_sync_multiple(slave_dev, bond_dev); - - netif_addr_unlock_bh(bond_dev); - } - - if (BOND_MODE(bond) == BOND_MODE_8023AD) { - /* add lacpdu mc addr to mc list */ - u8 lacpdu_multicast[ETH_ALEN] = MULTICAST_LACPDU_ADDR; - - dev_mc_add(slave_dev, lacpdu_multicast); - } - res = vlan_vids_add_by_dev(slave_dev, bond_dev); if (res) { netdev_err(bond_dev, "Couldn't add bond vlan ids to %s\n", slave_dev->name); - goto err_hwaddr_unsync; + goto err_close; } prev_slave = bond_last_slave(bond); @@ -1721,6 +1688,37 @@ int bond_enslave(struct net_device *bond goto err_upper_unlink; } + /* If the mode uses primary, then the following is handled by + * bond_change_active_slave(). + */ + if (!bond_uses_primary(bond)) { + /* set promiscuity level to new slave */ + if (bond_dev->flags & IFF_PROMISC) { + res = dev_set_promiscuity(slave_dev, 1); + if (res) + goto err_sysfs_del; + } + + /* set allmulti level to new slave */ + if (bond_dev->flags & IFF_ALLMULTI) { + res = dev_set_allmulti(slave_dev, 1); + if (res) + goto err_sysfs_del; + } + + netif_addr_lock_bh(bond_dev); + dev_mc_sync_multiple(slave_dev, bond_dev); + dev_uc_sync_multiple(slave_dev, bond_dev); + netif_addr_unlock_bh(bond_dev); + + if (BOND_MODE(bond) == BOND_MODE_8023AD) { + /* add lacpdu mc addr to mc list */ + u8 lacpdu_multicast[ETH_ALEN] = MULTICAST_LACPDU_ADDR; + + dev_mc_add(slave_dev, lacpdu_multicast); + } + } + bond->slave_cnt++; bond_compute_features(bond); bond_set_carrier(bond); @@ -1744,6 +1742,9 @@ int bond_enslave(struct net_device *bond return 0; /* Undo stages on error */ +err_sysfs_del: + bond_sysfs_slave_del(new_slave); + err_upper_unlink: bond_upper_dev_unlink(bond, new_slave); @@ -1764,10 +1765,6 @@ err_detach: synchronize_rcu(); slave_disable_netpoll(new_slave); -err_hwaddr_unsync: - if (!bond_uses_primary(bond)) - bond_hw_addr_flush(bond_dev, slave_dev); - err_close: slave_dev->priv_flags &= ~IFF_BONDING; dev_close(slave_dev); Patches currently in stable-queue which might be from lucien.xin(a)gmail.com are queue-4.14/team-move-dev_mc_sync-after-master_upper_dev_link-in-team_port_add.patch queue-4.14/bonding-process-the-err-returned-by-dev_set_allmulti-properly-in-bond_enslave.patch queue-4.14/bonding-fix-the-err-path-for-dev-hwaddr-sync-in-bond_enslave.patch queue-4.14/bonding-move-dev_mc_sync-after-master_upper_dev_link-in-bond_enslave.patch queue-4.14/route-check-sysctl_fib_multipath_use_neigh-earlier-than-hash.patch

7 years, 5 months

1
0
0 0

Patch "bonding: fix the err path for dev hwaddr sync in bond_enslave" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled bonding: fix the err path for dev hwaddr sync in bond_enslave to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: bonding-fix-the-err-path-for-dev-hwaddr-sync-in-bond_enslave.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Xin Long <lucien.xin(a)gmail.com> Date: Mon, 26 Mar 2018 01:16:45 +0800 Subject: bonding: fix the err path for dev hwaddr sync in bond_enslave From: Xin Long <lucien.xin(a)gmail.com> [ Upstream commit 5c78f6bfae2b10ff70e21d343e64584ea6280c26 ] vlan_vids_add_by_dev is called right after dev hwaddr sync, so on the err path it should unsync dev hwaddr. Otherwise, the slave dev's hwaddr will never be unsync when this err happens. Fixes: 1ff412ad7714 ("bonding: change the bond's vlan syncing functions with the standard ones") Signed-off-by: Xin Long <lucien.xin(a)gmail.com> Reviewed-by: Nikolay Aleksandrov <nikolay(a)cumulusnetworks.com> Acked-by: Andy Gospodarek <andy(a)greyhouse.net> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/bonding/bond_main.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) --- a/drivers/net/bonding/bond_main.c +++ b/drivers/net/bonding/bond_main.c @@ -1561,7 +1561,7 @@ int bond_enslave(struct net_device *bond if (res) { netdev_err(bond_dev, "Couldn't add bond vlan ids to %s\n", slave_dev->name); - goto err_close; + goto err_hwaddr_unsync; } prev_slave = bond_last_slave(bond); @@ -1751,9 +1751,6 @@ err_unregister: netdev_rx_handler_unregister(slave_dev); err_detach: - if (!bond_uses_primary(bond)) - bond_hw_addr_flush(bond_dev, slave_dev); - vlan_vids_del_by_dev(slave_dev, bond_dev); if (rcu_access_pointer(bond->primary_slave) == new_slave) RCU_INIT_POINTER(bond->primary_slave, NULL); @@ -1767,6 +1764,10 @@ err_detach: synchronize_rcu(); slave_disable_netpoll(new_slave); +err_hwaddr_unsync: + if (!bond_uses_primary(bond)) + bond_hw_addr_flush(bond_dev, slave_dev); + err_close: slave_dev->priv_flags &= ~IFF_BONDING; dev_close(slave_dev); Patches currently in stable-queue which might be from lucien.xin(a)gmail.com are queue-4.14/team-move-dev_mc_sync-after-master_upper_dev_link-in-team_port_add.patch queue-4.14/bonding-process-the-err-returned-by-dev_set_allmulti-properly-in-bond_enslave.patch queue-4.14/bonding-fix-the-err-path-for-dev-hwaddr-sync-in-bond_enslave.patch queue-4.14/bonding-move-dev_mc_sync-after-master_upper_dev_link-in-bond_enslave.patch queue-4.14/route-check-sysctl_fib_multipath_use_neigh-earlier-than-hash.patch

7 years, 5 months

1
0
0 0

Patch "arp: fix arp_filter on l3slave devices" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled arp: fix arp_filter on l3slave devices to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: arp-fix-arp_filter-on-l3slave-devices.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 23:20:08 CEST 2018 From: Miguel Fadon Perlines <mfadon(a)teldat.com> Date: Thu, 5 Apr 2018 10:25:38 +0200 Subject: arp: fix arp_filter on l3slave devices From: Miguel Fadon Perlines <mfadon(a)teldat.com> [ Upstream commit 58b35f27689b5eb514fc293c332966c226b1b6e4 ] arp_filter performs an ip_route_output search for arp source address and checks if output device is the same where the arp request was received, if it is not, the arp request is not answered. This route lookup is always done on main route table so l3slave devices never find the proper route and arp is not answered. Passing l3mdev_master_ifindex_rcu(dev) return value as oif fixes the lookup for l3slave devices while maintaining same behavior for non l3slave devices as this function returns 0 in that case. Fixes: 613d09b30f8b ("net: Use VRF device index for lookups on TX") Signed-off-by: Miguel Fadon Perlines <mfadon(a)teldat.com> Acked-by: David Ahern <dsa(a)cumulusnetworks.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- net/ipv4/arp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/ipv4/arp.c +++ b/net/ipv4/arp.c @@ -437,7 +437,7 @@ static int arp_filter(__be32 sip, __be32 /*unsigned long now; */ struct net *net = dev_net(dev); - rt = ip_route_output(net, sip, tip, 0, 0); + rt = ip_route_output(net, sip, tip, 0, l3mdev_master_ifindex_rcu(dev)); if (IS_ERR(rt)) return 1; if (rt->dst.dev != dev) { Patches currently in stable-queue which might be from mfadon(a)teldat.com are queue-4.14/arp-fix-arp_filter-on-l3slave-devices.patch queue-4.14/vrf-fix-use-after-free-and-double-free-in-vrf_finish_output.patch

7 years, 5 months

1
0
0 0

Patch "mtd: nand: gpmi: Fix gpmi_nand_init() error path" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled mtd: nand: gpmi: Fix gpmi_nand_init() error path to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: mtd-nand-gpmi-fix-gpmi_nand_init-error-path.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 10:31:53 CEST 2018 From: Boris Brezillon <boris.brezillon(a)free-electrons.com> Date: Mon, 10 Apr 2017 10:35:17 +0200 Subject: mtd: nand: gpmi: Fix gpmi_nand_init() error path From: Boris Brezillon <boris.brezillon(a)free-electrons.com> [ Upstream commit 4d02423e9afe6c46142ce98bbcaf5167316dbfbf ] The GPMI driver is wrongly assuming that nand_release() can safely be called on an uninitialized/unregistered NAND device. Add a new err_nand_cleanup label in the error path and only execute if nand_scan_tail() succeeded. Note that we now call nand_cleanup() instead of nand_release() (nand_release() is actually grouping the mtd_device_unregister() and nand_cleanup() in one call) because there's no point in trying to unregister a device that has never been registered. Signed-off-by: Boris Brezillon <boris.brezillon(a)free-electrons.com> Reviewed-by: Marek Vasut <marek.vasut(a)gmail.com> Acked-by: Han Xu <han.xu(a)nxp.com> Reviewed-by: Marek Vasut <marek.vasut(a)gmail.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/mtd/nand/gpmi-nand/gpmi-nand.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) --- a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c +++ b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c @@ -1949,19 +1949,21 @@ static int gpmi_nand_init(struct gpmi_na ret = nand_boot_init(this); if (ret) - goto err_out; + goto err_nand_cleanup; ret = chip->scan_bbt(mtd); if (ret) - goto err_out; + goto err_nand_cleanup; ppdata.of_node = this->pdev->dev.of_node; ret = mtd_device_parse_register(mtd, NULL, &ppdata, NULL, 0); if (ret) - goto err_out; + goto err_nand_cleanup; return 0; +err_nand_cleanup: + nand_cleanup(chip); err_out: - gpmi_nand_exit(this); + gpmi_free_dma_buffer(this); return ret; } Patches currently in stable-queue which might be from boris.brezillon(a)free-electrons.com are queue-4.4/mtd-nand-gpmi-fix-gpmi_nand_init-error-path.patch

7 years, 5 months

3
2
0 0

Patch "signal/arm: Document conflicts with SI_USER and SIGFPE" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled signal/arm: Document conflicts with SI_USER and SIGFPE to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: signal-arm-document-conflicts-with-si_user-and-sigfpe.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Tue Apr 10 10:31:53 CEST 2018 From: "Eric W. Biederman" <ebiederm(a)xmission.com> Date: Thu, 17 Aug 2017 17:07:46 -0500 Subject: signal/arm: Document conflicts with SI_USER and SIGFPE From: "Eric W. Biederman" <ebiederm(a)xmission.com> [ Upstream commit 7771c66457004977b616bab785209f49d164f527 ] Setting si_code to 0 results in a userspace seeing an si_code of 0. This is the same si_code as SI_USER. Posix and common sense requires that SI_USER not be a signal specific si_code. As such this use of 0 for the si_code is a pretty horribly broken ABI. Further use of si_code == 0 guaranteed that copy_siginfo_to_user saw a value of __SI_KILL and now sees a value of SIL_KILL with the result that uid and pid fields are copied and which might copying the si_addr field by accident but certainly not by design. Making this a very flakey implementation. Utilizing FPE_FIXME, siginfo_layout will now return SIL_FAULT and the appropriate fields will be reliably copied. Possible ABI fixes includee: - Send the signal without siginfo - Don't generate a signal - Possibly assign and use an appropriate si_code - Don't handle cases which can't happen Cc: Russell King <rmk(a)flint.arm.linux.org.uk> Cc: linux-arm-kernel(a)lists.infradead.org Ref: 451436b7bbb2 ("[ARM] Add support code for ARM hardware vector floating point") History Tree: https://git.kernel.org/pub/scm/linux/kernel/git/tglx/history.git Signed-off-by: "Eric W. Biederman" <ebiederm(a)xmission.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/arm/include/uapi/asm/siginfo.h | 13 +++++++++++++ arch/arm/vfp/vfpmodule.c | 2 +- 2 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 arch/arm/include/uapi/asm/siginfo.h --- /dev/null +++ b/arch/arm/include/uapi/asm/siginfo.h @@ -0,0 +1,13 @@ +#ifndef __ASM_SIGINFO_H +#define __ASM_SIGINFO_H + +#include <asm-generic/siginfo.h> + +/* + * SIGFPE si_codes + */ +#ifdef __KERNEL__ +#define FPE_FIXME 0 /* Broken dup of SI_USER */ +#endif /* __KERNEL__ */ + +#endif --- a/arch/arm/vfp/vfpmodule.c +++ b/arch/arm/vfp/vfpmodule.c @@ -261,7 +261,7 @@ static void vfp_raise_exceptions(u32 exc if (exceptions == VFP_EXCEPTION_ERROR) { vfp_panic("unhandled bounce", inst); - vfp_raise_sigfpe(0, regs); + vfp_raise_sigfpe(FPE_FIXME, regs); return; } Patches currently in stable-queue which might be from ebiederm(a)xmission.com are queue-4.4/signal-metag-document-a-conflict-with-si_user-with-sigfpe.patch queue-4.4/pidns-disable-pid-allocation-if-pid_ns_prepare_proc-is-failed-in-alloc_pid.patch queue-4.4/signal-arm-document-conflicts-with-si_user-and-sigfpe.patch queue-4.4/signal-powerpc-document-conflicts-with-si_user-and-sigfpe-and-sigtrap.patch

7 years, 5 months

3
2
0 0

Patch "signal/metag: Document a conflict with SI_USER with SIGFPE" has been added to the 4.15-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled signal/metag: Document a conflict with SI_USER with SIGFPE to the 4.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: signal-metag-document-a-conflict-with-si_user-with-sigfpe.patch and it can be found in the queue-4.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Mon Apr 9 10:16:32 CEST 2018 From: "Eric W. Biederman" <ebiederm(a)xmission.com> Date: Tue, 1 Aug 2017 10:37:40 -0500 Subject: signal/metag: Document a conflict with SI_USER with SIGFPE From: "Eric W. Biederman" <ebiederm(a)xmission.com> [ Upstream commit b80328be53c215346b153769267b38f531d89b4f ] Setting si_code to 0 results in a userspace seeing an si_code of 0. This is the same si_code as SI_USER. Posix and common sense requires that SI_USER not be a signal specific si_code. As such this use of 0 for the si_code is a pretty horribly broken ABI. Further use of si_code == 0 guaranteed that copy_siginfo_to_user saw a value of __SI_KILL and now sees a value of SIL_KILL with the result hat uid and pid fields are copied and which might copying the si_addr field by accident but certainly not by design. Making this a very flakey implementation. Utilizing FPE_FIXME siginfo_layout will now return SIL_FAULT and the appropriate fields will reliably be copied. Possible ABI fixes includee: - Send the signal without siginfo - Don't generate a signal - Possibly assign and use an appropriate si_code - Don't handle cases which can't happen Cc: James Hogan <james.hogan(a)imgtec.com> Cc: linux-metag(a)vger.kernel.org Ref: ac919f0883e5 ("metag: Traps") Signed-off-by: "Eric W. Biederman" <ebiederm(a)xmission.com> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/metag/include/uapi/asm/siginfo.h | 7 +++++++ arch/metag/kernel/traps.c | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) --- a/arch/metag/include/uapi/asm/siginfo.h +++ b/arch/metag/include/uapi/asm/siginfo.h @@ -6,4 +6,11 @@ #include <asm-generic/siginfo.h> +/* + * SIGFPE si_codes + */ +#ifdef __KERNEL__ +#define FPE_FIXME 0 /* Broken dup of SI_USER */ +#endif /* __KERNEL__ */ + #endif --- a/arch/metag/kernel/traps.c +++ b/arch/metag/kernel/traps.c @@ -735,7 +735,7 @@ TBIRES fpe_handler(TBIRES State, int Sig else if (error_state & TXSTAT_FPE_INEXACT_BIT) info.si_code = FPE_FLTRES; else - info.si_code = 0; + info.si_code = FPE_FIXME; info.si_errno = 0; info.si_addr = (__force void __user *)regs->ctx.CurrPC; force_sig_info(SIGFPE, &info, current); Patches currently in stable-queue which might be from ebiederm(a)xmission.com are queue-4.15/signal-metag-document-a-conflict-with-si_user-with-sigfpe.patch queue-4.15/signal-arm-document-conflicts-with-si_user-and-sigfpe.patch queue-4.15/signal-powerpc-document-conflicts-with-si_user-and-sigfpe-and-sigtrap.patch

7 years, 5 months

3
2
0 0

Patch "clk: at91: fix clk-generated parenting" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled clk: at91: fix clk-generated parenting to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: clk-at91-fix-clk-generated-parenting.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Mon Apr 9 17:09:24 CEST 2018 From: Alexandre Belloni <alexandre.belloni(a)free-electrons.com> Date: Fri, 12 May 2017 16:25:30 +0200 Subject: clk: at91: fix clk-generated parenting From: Alexandre Belloni <alexandre.belloni(a)free-electrons.com> [ Upstream commit 8e56133e5c7b7a7a97f6a92d92f664d5ecd30745 ] clk_generated_startup is called after clk_hw_register. So the first call to get_parent will not have the correct value (i.e. 0) and because this is cached, it may never be updated. Signed-off-by: Alexandre Belloni <alexandre.belloni(a)free-electrons.com> Fixes: df70aeef6083 ("clk: at91: add generated clock driver") Signed-off-by: Stephen Boyd <sboyd(a)codeaurora.org> Signed-off-by: Sasha Levin <alexander.levin(a)microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/clk/at91/clk-generated.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) --- a/drivers/clk/at91/clk-generated.c +++ b/drivers/clk/at91/clk-generated.c @@ -260,13 +260,12 @@ at91_clk_register_generated(struct regma gck->lock = lock; gck->range = *range; + clk_generated_startup(gck); hw = &gck->hw; ret = clk_hw_register(NULL, &gck->hw); if (ret) { kfree(gck); hw = ERR_PTR(ret); - } else - clk_generated_startup(gck); return hw; } Patches currently in stable-queue which might be from alexandre.belloni(a)free-electrons.com are queue-4.9/clk-at91-fix-clk-generated-parenting.patch queue-4.9/rtc-interface-validate-alarm-time-before-handling-rollover.patch queue-4.9/rtc-m41t80-fix-sqw-dividers-override-when-setting-a-date.patch queue-4.9/rtc-snvs-fix-an-incorrect-check-of-return-value.patch queue-4.9/rtc-opal-handle-disabled-tpo-in-opal_get_tpo_time.patch

7 years, 5 months

4
3
0 0

[PATCH 15/21] drm/amd/display: HDMI has no sound after Panel power off/on

by Harry Wentland

From: Charlene Liu <charlene.liu(a)amd.com> Signed-off-by: Charlene Liu <charlene.liu(a)amd.com> Reviewed-by: Krunoslav Kovac <Krunoslav.Kovac(a)amd.com> Acked-by: Harry Wentland <harry.wentland(a)amd.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/amd/display/dc/dce/dce_stream_encoder.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/gpu/drm/amd/display/dc/dce/dce_stream_encoder.c b/drivers/gpu/drm/amd/display/dc/dce/dce_stream_encoder.c index 07c32421c226..84e26c894046 100644 --- a/drivers/gpu/drm/amd/display/dc/dce/dce_stream_encoder.c +++ b/drivers/gpu/drm/amd/display/dc/dce/dce_stream_encoder.c @@ -718,6 +718,8 @@ static void dce110_stream_encoder_update_hdmi_info_packets( if (info_frame->avi.valid) { const uint32_t *content = (const uint32_t *) &info_frame->avi.sb[0]; + /*we need turn on clock before programming AFMT block*/ + REG_UPDATE(AFMT_CNTL, AFMT_AUDIO_CLOCK_EN, 1); REG_WRITE(AFMT_AVI_INFO0, content[0]); -- 2.15.1

7 years, 5 months

1
0
0 0

Inbox SMTP, Inbox Webmail, I Sell Sure Spamming Toolz

by Mr Spamming

I Sell Sure Spamming Toolz What we have on Stock Daily Inbox Webmail Inbox SMTP Fresh USA email leads Fresh Canada email leads Fresh Loan email leads Fresh Business emails leads Real Eastate email leads Conference delegates email leads Fresh Job Seaker emails cPanel HTTP and HTTPs Shell Zip/Unzipp Mailer RDP All ScamPages Bank ScamPage Add me on whatsapp or call me Watsapp: +2348107268246 Only Real buyers

7 years, 5 months

1
0
0 0

+ resource-fix-integer-overflow-at-reallocation-v1.patch added to -mm tree

by akpm＠linux-foundation.org

The patch titled Subject: resource: fix integer overflow at reallocation has been added to the -mm tree. Its filename is resource-fix-integer-overflow-at-reallocation-v1.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/resource-fix-integer-overflow-at-r… and later at http://ozlabs.org/~akpm/mmotm/broken-out/resource-fix-integer-overflow-at-r… Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Takashi Iwai <tiwai(a)suse.de> Subject: resource: fix integer overflow at reallocation We've got a bug report indicating a kernel panic at booting on an x86-32 system, and it turned out to be the invalid PCI resource assigned after reallocation. __find_resource() first aligns the resource start address and resets the end address with start+size-1 accordingly, then checks whether it's contained. Here the end address may overflow the integer, although resource_contains() still returns true because the function validates only start and end address. So this ends up with returning an invalid resource (start > end). There was already an attempt to cover such a problem in the commit 47ea91b4052d ("Resource: fix wrong resource window calculation"), but this case is an overseen one. This patch adds the validity check of the newly calculated resource for avoiding the integer overflow problem. Bugzilla: http://bugzilla.opensuse.org/show_bug.cgi?id=1086739 Link: http://lkml.kernel.org/r/s5hpo37d5l8.wl-tiwai@suse.de Fixes: 23c570a67448 ("resource: ability to resize an allocated resource") Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Reported-by: Michael Henders <hendersm(a)shaw.ca> Tested-by: Michael Henders <hendersm(a)shaw.ca> Reviewed-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Ram Pai <linuxram(a)us.ibm.com> Cc: Bjorn Helgaas <bhelgaas(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/resource.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff -puN kernel/resource.c~resource-fix-integer-overflow-at-reallocation-v1 kernel/resource.c --- a/kernel/resource.c~resource-fix-integer-overflow-at-reallocation-v1 +++ a/kernel/resource.c @@ -651,7 +651,8 @@ static int __find_resource(struct resour alloc.start = constraint->alignf(constraint->alignf_data, &avail, size, constraint->align); alloc.end = alloc.start + size - 1; - if (resource_contains(&avail, &alloc)) { + if (alloc.start <= alloc.end && + resource_contains(&avail, &alloc)) { new->start = alloc.start; new->end = alloc.end; return 0; _ Patches currently in -mm which might be from tiwai(a)suse.de are resource-fix-integer-overflow-at-reallocation-v1.patch resource-fix-integer-overflow-at-reallocation.patch

7 years, 5 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror