Commit Graph

797497 Commits

Author SHA1 Message Date
Vasily Averin
0ad30ff67b nfs: fixed broken compilation in nfs_callback_up_net()
Patch fixes compilation error in nfs_callback_up_net()
serv->sv_bc_enabled is defined under enabled CONFIG_SUNRPC_BACKCHANNEL,
however nfs_callback_up_net() can access it even if this config option
was not set.

Fixes: a289ce5311 (sunrpc: replace svc_serv->sv_bc_xprt by boolean flag)
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2018-12-31 11:25:16 -05:00
Vasily Averin
91bd2ffa90 nfs: minor typo in nfs4_callback_up_net()
Closing ")" was lost in debug message.

Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2018-12-27 21:01:41 -05:00
Vasily Averin
9ac312888e sunrpc: fix debug message in svc_create_xprt()
_svc_create_xprt() returns positive port number
so its non-zero return value is not an error

Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2018-12-27 21:01:41 -05:00
Vasily Averin
8f7766c805 sunrpc: make visible processing error in bc_svc_process()
Force bc_svc_process() to generate debug message after processing errors

Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2018-12-27 21:01:41 -05:00
Vasily Averin
64e20ba204 sunrpc: remove unused xpo_prep_reply_hdr callback
xpo_prep_reply_hdr are not used now.

It was defined for tcp transport only, however it cannot be
called indirectly, so let's move it to its caller and
remove unused callback.

Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2018-12-27 21:01:41 -05:00
Vasily Averin
7ef88ff85f sunrpc: remove svc_rdma_bc_class
Remove svc_xprt_class svc_rdma_bc_class and related functions.

Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2018-12-27 21:01:41 -05:00
Vasily Averin
7f39154609 sunrpc: remove svc_tcp_bc_class
Remove svc_xprt_class svc_tcp_bc_class and related functions

Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2018-12-27 21:01:41 -05:00
Vasily Averin
4aa5cffefa sunrpc: remove unused bc_up operation from rpc_xprt_ops
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2018-12-27 21:01:41 -05:00
Vasily Averin
a289ce5311 sunrpc: replace svc_serv->sv_bc_xprt by boolean flag
svc_serv-> sv_bc_xprt is netns-unsafe and cannot be used as pointer.
To prevent its misuse in future it is replaced by new boolean flag.

Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2018-12-27 21:01:41 -05:00
Vasily Averin
d4b09acf92 sunrpc: use-after-free in svc_process_common()
if node have NFSv41+ mounts inside several net namespaces
it can lead to use-after-free in svc_process_common()

svc_process_common()
        /* Setup reply header */
        rqstp->rq_xprt->xpt_ops->xpo_prep_reply_hdr(rqstp); <<< HERE

svc_process_common() can use incorrect rqstp->rq_xprt,
its caller function bc_svc_process() takes it from serv->sv_bc_xprt.
The problem is that serv is global structure but sv_bc_xprt
is assigned per-netnamespace.

According to Trond, the whole "let's set up rqstp->rq_xprt
for the back channel" is nothing but a giant hack in order
to work around the fact that svc_process_common() uses it
to find the xpt_ops, and perform a couple of (meaningless
for the back channel) tests of xpt_flags.

All we really need in svc_process_common() is to be able to run
rqstp->rq_xprt->xpt_ops->xpo_prep_reply_hdr()

Bruce J Fields points that this xpo_prep_reply_hdr() call
is an awfully roundabout way just to do "svc_putnl(resv, 0);"
in the tcp case.

This patch does not initialiuze rqstp->rq_xprt in bc_svc_process(),
now it calls svc_process_common() with rqstp->rq_xprt = NULL.

To adjust reply header svc_process_common() just check
rqstp->rq_prot and calls svc_tcp_prep_reply_hdr() for tcp case.

To handle rqstp->rq_xprt = NULL case in functions called from
svc_process_common() patch intruduces net namespace pointer
svc_rqst->rq_bc_net and adjust SVC_NET() definition.
Some other function was also adopted to properly handle described case.

Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Cc: stable@vger.kernel.org
Fixes: 23c20ecd44 ("NFS: callback up - users counting cleanup")
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2018-12-27 21:00:58 -05:00
Vasily Averin
b8be5674fa sunrpc: use SVC_NET() in svcauth_gss_* functions
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2018-12-27 21:00:23 -05:00
Julia Lawall
8a68d3da50 nfsd: drop useless LIST_HEAD
Drop LIST_HEAD where the variable it declares is never used.

This was introduced in c5c707f96f ("nfsd: implement pNFS
layout recalls"), but was not used even in that commit.

The semantic patch that fixes this problem is as follows:
(http://coccinelle.lip6.fr/)

// <smpl>
@@
identifier x;
@@
- LIST_HEAD(x);
  ... when != x
// </smpl>

Fixes: c5c707f96f ("nfsd: implement pNFS layout recalls")
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2018-12-27 20:59:50 -05:00
Benjamin Coddington
b8eee0e90f lockd: Show pid of lockd for remote locks
Commit 9d5b86ac13 ("fs/locks: Remove fl_nspid and use fs-specific l_pid
for remote locks") specified that the l_pid returned for F_GETLK on a local
file that has a remote lock should be the pid of the lock manager process.
That commit, while updating other filesystems, failed to update lockd, such
that locks created by lockd had their fl_pid set to that of the remote
process holding the lock.  Fix that here to be the pid of lockd.

Also, fix the client case so that the returned lock pid is negative, which
indicates a remote lock on a remote file.

Fixes: 9d5b86ac13 ("fs/locks: Remove fl_nspid and use fs-specific...")
Cc: stable@vger.kernel.org

Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2018-12-14 12:52:16 -05:00
Olga Kornievskaia
03b31f4896 NFSD remove OP_CACHEME from 4.2 op_flags
OP_CACHEME is only for the 4.0 operations.

Signed-off-by: Olga Kornievskaia <kolga@netapp.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2018-12-14 12:52:15 -05:00
zhengbin
255fbca651 nfsd: Return EPERM, not EACCES, in some SETATTR cases
As the man(2) page for utime/utimes states, EPERM is returned when the
second parameter of utime or utimes is not NULL, the caller's effective UID
does not match the owner of the file, and the caller is not privileged.

However, in a NFS directory mounted from knfsd, it will return EACCES
(from nfsd_setattr-> fh_verify->nfsd_permission).  This patch fixes
that.

Signed-off-by: zhengbin <zhengbin13@huawei.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2018-12-04 20:48:07 -05:00
Vasily Averin
4ecd55ea07 sunrpc: fix cache_head leak due to queued request
After commit d202cce896, an expired cache_head can be removed from the
cache_detail's hash.

However, the expired cache_head may be waiting for a reply from a
previously submitted request. Such a cache_head has an increased
refcounter and therefore it won't be freed after cache_put(freeme).

Because the cache_head was removed from the hash it cannot be found
during cache_clean() and can be leaked forever, together with stalled
cache_request and other taken resources.

In our case we noticed it because an entry in the export cache was
holding a reference on a filesystem.

Fixes d202cce896 ("sunrpc: never return expired entries in sunrpc_cache_lookup")
Cc: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Cc: stable@kernel.org # 2.6.35
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Reviewed-by: NeilBrown <neilb@suse.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2018-12-04 15:42:08 -05:00
Colin Ian King
f50c9d797d nfsd: clean up indentation, increase indentation in switch statement
Trivial fix to clean up indentation, add in missing tabs.

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2018-11-28 18:36:03 -05:00
Chuck Lever
97bce63408 svcrdma: Optimize the logic that selects the R_key to invalidate
o Select the R_key to invalidate while the CPU cache still contains
  the received RPC Call transport header, rather than waiting until
  we're about to send the RPC Reply.

o Choose Send With Invalidate if there is exactly one distinct R_key
  in the received transport header. If there's more than one, the
  client will have to perform local invalidation after it has
  already waited for remote invalidation.

Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2018-11-28 18:36:03 -05:00
Scott Mayhew
b493fd31c0 nfsd: fix a warning in __cld_pipe_upcall()
__cld_pipe_upcall() emits a "do not call blocking ops when
!TASK_RUNNING" warning due to the dput() call in rpc_queue_upcall().
Fix it by using a completion instead of hand coding the wait.

Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2018-11-28 18:36:03 -05:00
J. Bruce Fields
62a063b8e7 nfsd4: fix crash on writing v4_end_grace before nfsd startup
Anatoly Trosinenko reports that this:

1) Checkout fresh master Linux branch (tested with commit e195ca6cb)
2) Copy x84_64-config-4.14 to .config, then enable NFS server v4 and build
3) From `kvm-xfstests shell`:

results in NULL dereference in locks_end_grace.

Check that nfsd has been started before trying to end the grace period.

Reported-by: Anatoly Trosinenko <anatoly.trosinenko@gmail.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2018-11-28 18:36:02 -05:00
J. Bruce Fields
b8db159239 lockd: fix decoding of TEST results
We fail to advance the read pointer when reading the stat.oh field that
identifies the lock-holder in a TEST result.

This turns out not to matter if the server is knfsd, which always
returns a zero-length field.  But other servers (Ganesha is an example)
may not do this.  The result is bad values in fcntl F_GETLK results.

Fix this.

Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2018-11-27 16:24:01 -05:00
J. Bruce Fields
0d4d6720ce nfsd4: skip unused assignment
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2018-11-27 16:24:01 -05:00
J. Bruce Fields
f8f71d0065 nfsd4: forbid all renames during grace period
The idea here was that renaming a file on a nosubtreecheck export would
make lookups of the old filehandle return STALE, making it impossible
for clients to reclaim opens.

But during the grace period I think we should also hold off on
operations that would break delegations.

Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2018-11-27 16:24:01 -05:00
J. Bruce Fields
d8836f7724 nfsd4: remove unused nfs4_check_olstateid parameter
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2018-11-27 16:24:01 -05:00
J. Bruce Fields
fdec6114ee nfsd4: zero-length WRITE should succeed
Zero-length writes are legal; from 5661 section 18.32.3: "If the count
is zero, the WRITE will succeed and return a count of zero subject to
permissions checking".

This check is unnecessary and is causing zero-length reads to return
EINVAL.

Cc: stable@vger.kernel.org
Fixes: 3fd9557aec "NFSD: Refactor the generic write vector fill helper"
Cc: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2018-11-27 16:23:12 -05:00
Linus Torvalds
2e6e902d18 Linux 4.20-rc4 2018-11-25 14:19:31 -08:00
Linus Torvalds
d6d460b893 Two dma-direct / swiotlb regressions fixes
- 0 is a valid physical address on some arm boards, we can't use
    0 as the error value
  - don't try to cache flush the error return value (no matter what it is)
 -----BEGIN PGP SIGNATURE-----
 
 iQI/BAABCgApFiEEgdbnc3r/njty3Iq9D55TZVIEUYMFAlv6XegLHGhjaEBsc3Qu
 ZGUACgkQD55TZVIEUYPD+Q//W76b8OZa4pOP4dd3PK068l+JkmTKeB6GKJgeCVX5
 lgwA+aD0rJEM9OhTk5aPHZ6rdxRmqga4nf2zt7/VhhHUQRlyPxCB486paXUkt5F/
 fMOuSDSX9F0feguAoanARV4zusvX/Dj6Aqwvhyv76UG7AMlN8w8dGSpKhGJWz7c7
 92Wo1U0Mp0JkefqA0V9pmhUnbHZW3p4MykW/mebBsSpmybhCUfK/WFEiBQinB2JR
 Yn/48uopzUsuTwMSOfLKjCeG0VSi9361CPL6m7nFBlHNhkF+lub4VZDxsoMWweFX
 ggnd/iit+qZVvUI28Th1lnda+Y3LrzMcyqUPxzSnVZvYoZRQU5psm27uQzJ13Gkr
 ivbauGZqbOmcFqAsbnJbSETOZ7/e4b2MmyPbb/zTUrXQgJyPfK0E1CF642XMnk/N
 Wt/0BJq2VbafpNB5a2Jjzve0WGzU3p9ILWkDrBb/GI70FOQpls3SAK6kIwZFOfzV
 8ZswmgsM3Z6ZAcN9tsyCP5hcabjwEANCfLIkfFENO+TKk9saQ3XOov6zckudAF1k
 ox1wo48E46uq68/TammuOXI2K+ORRnAhOyDnN50bH8M2+A7SemlIFs974qCSZo9z
 1t1+8zipabizQdkFsMVf5CcRoPCs5AfxKA95iUY5Dsh8OdM54fnlQ9XTbnmMk2+c
 fOU=
 =mdIx
 -----END PGP SIGNATURE-----

Merge tag 'dma-mapping-4.20-3' of git://git.infradead.org/users/hch/dma-mapping

Pull dma-mapping fixes from Christoph Hellwig:
 "Two dma-direct / swiotlb regressions fixes:

   - zero is a valid physical address on some arm boards, we can't use
     it as the error value

   - don't try to cache flush the error return value (no matter what it
     is)"

* tag 'dma-mapping-4.20-3' of git://git.infradead.org/users/hch/dma-mapping:
  swiotlb: Skip cache maintenance on map error
  dma-direct: Make DIRECT_MAPPING_ERROR viable for SWIOTLB
2018-11-25 09:24:40 -08:00
Linus Torvalds
17c2f54086 NFS client bugfixes for Linux 4.20
Highlights include:
 
 Bugfixes:
  - Fix a NFSv4 state manager deadlock when returning a delegation
  - NFSv4.2 copy do not allocate memory under the lock
  - flexfiles: Use the correct stateid for IO in the tightly coupled case
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJb+hCNAAoJEA4mA3inWBJc8ZQP/jR+uemJycwgyWINvnn6PEtE
 hyiSwL+c3jhBHwX2IroF1KvaHIa8GXMbIWj+DfW1iB2htYnIJYz4IFJOGpfN1S7n
 bKCgonV0V06+dFF4DqcL3HcM1L6bo26n16voi3otgY0R5U5HGwB1tocZPCbR6DpK
 meiRbrmB6O962zluUlTuu9zFSvsALyZR0h4tYMGYA0MlgWQJVLH6+dufyG2Zgp2Z
 OH9tUzRFknD/Q4KrJv7zrMY198mHa+RQovsO2Jc/iE4bbrSMyVNtrPuVJphsP1BD
 lZ5SvvWLXjNepUMsDCK+Es7i6dUmtHsGPS6gNDwUwY9/UlwOPYlp44VJzmEYmQcz
 /VrrHn3LSoKDSAVNrksghto9O4T1NPnuVja1Q+SHf5hVX5OlsxyDkvX23ZUdgdkW
 BeXeNWZuAJdDTI1KU+ahm2ilfUnuFpRGRHUrH2sYczV2okC38cO5YCIRI3Tckz6e
 jrhmJcw+zCWv3Yl3h2Rbf8fVRcWJHA+qLWT3Str5nCyZiqPCag7Z7br9r5316zDv
 Yma7nITZO7HH1cZUv+byA0PVHU96kDsMhhpxYISrSr4lf2BcZNnjQC/0IHb7qdWz
 FgpYzv/BsIi+KxyZKshiR5E60kOmVxv2wIhre8uLOuuabcGsh/wit6URVnQJ+GDp
 7klRY1t1P24XaIbgBR9U
 =hqbe
 -----END PGP SIGNATURE-----

Merge tag 'nfs-for-4.20-4' of git://git.linux-nfs.org/projects/trondmy/linux-nfs

Pull NFS client bugfixes from Trond Myklebust:

 - Fix a NFSv4 state manager deadlock when returning a delegation

 - NFSv4.2 copy do not allocate memory under the lock

 - flexfiles: Use the correct stateid for IO in the tightly coupled case

* tag 'nfs-for-4.20-4' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
  flexfiles: use per-mirror specified stateid for IO
  NFSv4.2 copy do not allocate memory under the lock
  NFSv4: Fix a NFSv4 state manager deadlock
2018-11-25 09:19:58 -08:00
Luc Van Oostenryck
4e962ff6e3 MAINTAINERS: change Sparse's maintainer
I'm taking over the maintainance of Sparse so add myself as
maintainer and move Christopher's info to CREDITS.

Signed-off-by: Luc Van Oostenryck <luc.vanoostenryck@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-11-25 09:17:43 -08:00
Linus Torvalds
e2125dac22 XArray updates for 4.20-rc4
We found some bugs in the DAX conversion to XArray (and one bug which
 predated the XArray conversion).  There were a couple of bugs in some of
 the higher-level functions, which aren't actually being called in today's
 kernel, but surfaced as a result of converting existing radix tree &
 IDR users over to the XArray.  Some of the other changes to how the
 higher-level APIs work were also motivated by converting various users;
 again, they're not in use in today's kernel, so changing them has a low
 probability of introducing a bug.
 
 Dan can still trigger a bug in the DAX code with hot-offline/online,
 and we're working on tracking that down.
 -----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCgAyFiEEejHryeLBw/spnjHrDpNsjXcpgj4FAlv542AUHHdpbGx5QGlu
 ZnJhZGVhZC5vcmcACgkQDpNsjXcpgj5BoAf/QZzbBcYuYMLMDYofvHKGlmk2yx/a
 ObUlxlQtXGHvPp3oC3rdwAvcN/KAMDpU0u+PXab2MnrNw5okhpS6ZwGODlkarNA4
 XbVQNGbtEbACr1V3CWc0NzLbYm6JtGpMum0Wx9MVR/VdTnGArBLBYQMYa/c1YhKA
 vEBPf+w0j0QoCTAgPiIvq0aksuBQERUvjhlUvoaMY7F4sAhnaW558lvaEcc1xGxq
 70+3cRPT6Uh12tEvi0LKP1NNEXebvQSftMvFEUPF2xo5z2v//KEobzv/anbojxQ8
 BtxouIGSr4tME9g3xSpd9rTbUcW3bwDAhuWZvpP/ViRwW2UkEQonpApdaw==
 =0Ert
 -----END PGP SIGNATURE-----

Merge tag 'xarray-4.20-rc4' of git://git.infradead.org/users/willy/linux-dax

Pull XArray updates from Matthew Wilcox:
 "We found some bugs in the DAX conversion to XArray (and one bug which
  predated the XArray conversion). There were a couple of bugs in some
  of the higher-level functions, which aren't actually being called in
  today's kernel, but surfaced as a result of converting existing radix
  tree & IDR users over to the XArray.

  Some of the other changes to how the higher-level APIs work were also
  motivated by converting various users; again, they're not in use in
  today's kernel, so changing them has a low probability of introducing
  a bug.

  Dan can still trigger a bug in the DAX code with hot-offline/online,
  and we're working on tracking that down"

* tag 'xarray-4.20-rc4' of git://git.infradead.org/users/willy/linux-dax:
  XArray tests: Add missing locking
  dax: Avoid losing wakeup in dax_lock_mapping_entry
  dax: Fix huge page faults
  dax: Fix dax_unlock_mapping_entry for PMD pages
  dax: Reinstate RCU protection of inode
  dax: Make sure the unlocking entry isn't locked
  dax: Remove optimisation from dax_lock_mapping_entry
  XArray tests: Correct some 64-bit assumptions
  XArray: Correct xa_store_range
  XArray: Fix Documentation
  XArray: Handle NULL pointers differently for allocation
  XArray: Unify xa_store and __xa_store
  XArray: Add xa_store_bh() and xa_store_irq()
  XArray: Turn xa_erase into an exported function
  XArray: Unify xa_cmpxchg and __xa_cmpxchg
  XArray: Regularise xa_reserve
  nilfs2: Use xa_erase_irq
  XArray: Export __xa_foo to non-GPL modules
  XArray: Fix xa_for_each with a single element at 0
2018-11-24 18:44:01 -08:00
Linus Torvalds
e195ca6cb6 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid
Pull HID fixes from Jiri Kosina:

 - revert of the high-resolution scrolling feature, as it breaks certain
   hardware due to incompatibilities between Logitech and Microsoft
   worlds. Peter Hutterer is working on a fixed implementation. Until
   that is finished, revert by Benjamin Tissoires.

 - revert of incorrect strncpy->strlcpy conversion in uhid, from David
   Herrmann

 - fix for buggy sendfile() implementation on uhid device node, from
   Eric Biggers

 - a few assorted device-ID specific quirks

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid:
  Revert "Input: Add the `REL_WHEEL_HI_RES` event code"
  Revert "HID: input: Create a utility class for counting scroll events"
  Revert "HID: logitech: Add function to enable HID++ 1.0 "scrolling acceleration""
  Revert "HID: logitech: Enable high-resolution scrolling on Logitech mice"
  Revert "HID: logitech: Use LDJ_DEVICE macro for existing Logitech mice"
  Revert "HID: logitech: fix a used uninitialized GCC warning"
  Revert "HID: input: simplify/fix high-res scroll event handling"
  HID: Add quirk for Primax PIXART OEM mice
  HID: i2c-hid: Disable runtime PM for LG touchscreen
  HID: multitouch: Add pointstick support for Cirque Touchpad
  HID: steam: remove input device when a hid client is running.
  Revert "HID: uhid: use strlcpy() instead of strncpy()"
  HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges
  HID: input: Ignore battery reported by Symbol DS4308
  HID: Add quirk for Microsoft PIXART OEM mouse
2018-11-24 12:58:47 -08:00
Linus Torvalds
d146194f31 arm64 fixes:
- Fix wrong conflict resolution around CONFIG_ARM64_SSBD
 
 - Fix sparse warning on unsigned long constant
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE5RElWfyWxS+3PLO2a9axLQDIXvEFAlv5PPsACgkQa9axLQDI
 XvGQFhAAjNu9Fmd+++/XhDnWqi9ZgIvC4+2MZhpx9kVZovl7c9cVBLMBIKSkd9Pw
 d07LlidLa9cKthRmV4Jg+ofckwcbcXq8VO6eMwW1t9Uxm+M9xcJzWaiRFEkOMCTo
 5AS0Xh4J/hiZM84NGJuvToT3UpUk/xrMWYzYWg/pUox6VlvjELEdFYiStsuVp4/i
 wA7qIafX5o3NGRci0nqcBFEDCt46Yrs7TOxpgh/Ybf2jDU+dKw1UBNRQynUos2gl
 HxxhaAwEfZffBICMhv0noWxxlDoBqtalz86yFeP4ZQlUtl7S2UBPL+XNbecXNCLx
 SMK7x5cwRqYUiuzUifnEvnSTKcz71dwHAFrYL03dmqjWThzJn5YAYh2ibCy/XMkf
 excQHF3JGHczkefpDcJcPRmMC3tWXv2A/vpO/EmoOAv+2P9pdFip3tf5qlUSTySi
 B2hD0MI9hpIvDQCJ7v6TwRc3Y9xXn0zrPmzGHiuwMxiI8O6bGLaZxPu/+I2fgdhk
 IBKnRArPVfKEGKnG7dZlONr98ayWLZdyD5nOhUyuzHwYSbm8cZiCKq8RUJFfSxAn
 6WlL2XI25LqwNZ2OYF0uIkeb3wjLDxYMjt5cegrelLKZAMgVYj6t8X3gk6aR+97O
 I1OJGBgjPkM81OxLKg67Pc7cmwoQNWgSjGmkRsg4wygkBtylUKg=
 =2OAx
 -----END PGP SIGNATURE-----

Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux

Pull arm64 fixes from Catalin Marinas::

 - Fix wrong conflict resolution around CONFIG_ARM64_SSBD

 - Fix sparse warning on unsigned long constant

* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
  arm64: cpufeature: Fix mismerge of CONFIG_ARM64_SSBD block
  arm64: sysreg: fix sparse warnings
2018-11-24 09:42:32 -08:00
Linus Torvalds
857fa628bb Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:

 1) Need to take mutex in ath9k_add_interface(), from Dan Carpenter.

 2) Fix mt76 build without CONFIG_LEDS_CLASS, from Arnd Bergmann.

 3) Fix socket wmem accounting in SCTP, from Xin Long.

 4) Fix failed resume crash in ena driver, from Arthur Kiyanovski.

 5) qed driver passes bytes instead of bits into second arg of
    bitmap_weight(). From Denis Bolotin.

 6) Fix reset deadlock in ibmvnic, from Juliet Kim.

 7) skb_scrube_packet() needs to scrub the fwd marks too, from Petr
    Machata.

 8) Make sure older TCP stacks see enough dup ACKs, and avoid doing SACK
    compression during this period, from Eric Dumazet.

 9) Add atomicity to SMC protocol cursor handling, from Ursula Braun.

10) Don't leave dangling error pointer if bpf_prog_add() fails in
    thunderx driver, from Lorenzo Bianconi. Also, when we unmap TSO
    headers, set sq->tso_hdrs to NULL.

11) Fix race condition over state variables in act_police, from Davide
    Caratti.

12) Disable guest csum in the presence of XDP in virtio_net, from Jason
    Wang.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (64 commits)
  net: gemini: Fix copy/paste error
  net: phy: mscc: fix deadlock in vsc85xx_default_config
  dt-bindings: dsa: Fix typo in "probed"
  net: thunderx: set tso_hdrs pointer to NULL in nicvf_free_snd_queue
  net: amd: add missing of_node_put()
  team: no need to do team_notify_peers or team_mcast_rejoin when disabling port
  virtio-net: fail XDP set if guest csum is negotiated
  virtio-net: disable guest csum during XDP set
  net/sched: act_police: add missing spinlock initialization
  net: don't keep lonely packets forever in the gro hash
  net/ipv6: re-do dad when interface has IFF_NOARP flag change
  packet: copy user buffers before orphan or clone
  ibmvnic: Update driver queues after change in ring size support
  ibmvnic: Fix RX queue buffer cleanup
  net: thunderx: set xdp_prog to NULL if bpf_prog_add fails
  net/dim: Update DIM start sample after each DIM iteration
  net: faraday: ftmac100: remove netif_running(netdev) check before disabling interrupts
  net/smc: use after free fix in smc_wr_tx_put_slot()
  net/smc: atomic SMCD cursor handling
  net/smc: add SMC-D shutdown signal
  ...
2018-11-24 09:19:38 -08:00
Linus Torvalds
abe72ff413 Changes since last update:
- Numerous corruption fixes for copy on write
 - Numerous corruption fixes for blocksize < pagesize writes
 - Don't miscalculate AG reservations for small final AGs
 - Fix page cache truncation to work properly for reflink and extent
   shifting
 - Fix use-after-free when retrying failed inode/dquot buffer logging
 - Fix corruptions seen when using copy_file_range in directio mode
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEUzaAxoMeQq6m2jMV+H93GTRKtOsFAlv1oroACgkQ+H93GTRK
 tOu+1RAAnteFwaq3WLDYmSrMia/4m52sxvatxlCCSjCGdvfvuZozTwbTdB6FFfuc
 Ql6Z6F2Lx1sHDNJvwBCsO8qPB0qOhjSnBI/wPe2kz/NETGYNp88vHX7OZvkPVONl
 jDaCWTcu0BWNiOGi17uTY8sBa8u1izbo5F+pEQIyUjoCgUc9JB2di9dVnUJ0byrh
 wZjrmPD95ojqOozqppXfFQ0QIbozpTXR3kyU9S0EhHmbnWJZ9t08Iuhd2LjOoDB4
 cUFG/1qDXuFvALyM8m1mA7xSBZpA/glFgNeAtmz53aIOZ9Tl8w8cLJJBRx5AqUDU
 bpBU1y08Bm3OIw+uiTMkiPkCQRMDgtiHKlPxuiKqlsNY0KqYgwWlWcbU/OTvHly8
 In+CnbEBqLejKyEIz3nEQ4YimfvHbAlC/3V+nx2qO45hvTXA5lEIGAbBmiLW0ni8
 6eBXGeIjKAw0zYOoXC4OuKIiHlQh7AHJB25i9xJTzknRI9jqwZFGkxgdl33Vrq8W
 gTnfgOhMX2dGmcPrgMgtu+aiBwKf+GJv94/2EJwligExnWXQSsQmGCwKl7ysoE1g
 iU/MhJT5IYYP/TDqldkahUPSwD2FN4UFtzNfpeDX3H6kxM1R41l+aerdu64UPNji
 G98U+cWyyUmbu9ziLyREM/XyWz4UhNAz7lRId3ryeu8GPUm2AoY=
 =TiLQ
 -----END PGP SIGNATURE-----

Merge tag 'xfs-4.20-fixes-2' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux

Pull xfs fixes from Darrick Wong:
 "Dave and I have continued our work fixing corruption problems that can
  be found when running long-term burn-in exercisers on xfs. Here are
  some patches fixing most of the problems, but there will likely be
  more. :/

   - Numerous corruption fixes for copy on write

   - Numerous corruption fixes for blocksize < pagesize writes

   - Don't miscalculate AG reservations for small final AGs

   - Fix page cache truncation to work properly for reflink and extent
     shifting

   - Fix use-after-free when retrying failed inode/dquot buffer logging

   - Fix corruptions seen when using copy_file_range in directio mode"

* tag 'xfs-4.20-fixes-2' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
  iomap: readpages doesn't zero page tail beyond EOF
  vfs: vfs_dedupe_file_range() doesn't return EOPNOTSUPP
  iomap: dio data corruption and spurious errors when pipes fill
  iomap: sub-block dio needs to zeroout beyond EOF
  iomap: FUA is wrong for DIO O_DSYNC writes into unwritten extents
  xfs: delalloc -> unwritten COW fork allocation can go wrong
  xfs: flush removing page cache in xfs_reflink_remap_prep
  xfs: extent shifting doesn't fully invalidate page cache
  xfs: finobt AG reserves don't consider last AG can be a runt
  xfs: fix transient reference count error in xfs_buf_resubmit_failed_buffers
  xfs: uncached buffer tracing needs to print bno
  xfs: make xfs_file_remap_range() static
  xfs: fix shared extent data corruption due to missing cow reservation
2018-11-24 09:11:52 -08:00
Andreas Fiedler
07093b7647 net: gemini: Fix copy/paste error
The TX stats should be started with the tx_stats_syncp,
there seems to be a copy/paste error in the driver.

Signed-off-by: Andreas Fiedler <andreas.fiedler@gmx.net>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-11-23 22:35:38 -08:00
Quentin Schulz
3fa528b768 net: phy: mscc: fix deadlock in vsc85xx_default_config
The vsc85xx_default_config function called in the vsc85xx_config_init
function which is used by VSC8530, VSC8531, VSC8540 and VSC8541 PHYs
mistakenly calls phy_read and phy_write in-between phy_select_page and
phy_restore_page.

phy_select_page and phy_restore_page actually take and release the MDIO
bus lock and phy_write and phy_read take and release the lock to write
or read to a PHY register.

Let's fix this deadlock by using phy_modify_paged which handles
correctly a read followed by a write in a non-standard page.

Fixes: 6a0bfbbe20 ("net: phy: mscc: migrate to phy_select/restore_page functions")
Signed-off-by: Quentin Schulz <quentin.schulz@bootlin.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-11-23 22:34:40 -08:00
Fabio Estevam
e7b9fb4f54 dt-bindings: dsa: Fix typo in "probed"
The correct form is "can be probed", so fix the typo.

Signed-off-by: Fabio Estevam <festevam@gmail.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-11-23 22:33:55 -08:00
Lorenzo Bianconi
ef2a7cf1d8 net: thunderx: set tso_hdrs pointer to NULL in nicvf_free_snd_queue
Reset snd_queue tso_hdrs pointer to NULL in nicvf_free_snd_queue routine
since it is used to check if tso dma descriptor queue has been previously
allocated. The issue can be triggered with the following reproducer:

$ip link set dev enP2p1s0v0 xdpdrv obj xdp_dummy.o
$ip link set dev enP2p1s0v0 xdpdrv off

[  341.467649] WARNING: CPU: 74 PID: 2158 at mm/vmalloc.c:1511 __vunmap+0x98/0xe0
[  341.515010] Hardware name: GIGABYTE H270-T70/MT70-HD0, BIOS T49 02/02/2018
[  341.521874] pstate: 60400005 (nZCv daif +PAN -UAO)
[  341.526654] pc : __vunmap+0x98/0xe0
[  341.530132] lr : __vunmap+0x98/0xe0
[  341.533609] sp : ffff00001c5db860
[  341.536913] x29: ffff00001c5db860 x28: 0000000000020000
[  341.542214] x27: ffff810feb5090b0 x26: ffff000017e57000
[  341.547515] x25: 0000000000000000 x24: 00000000fbd00000
[  341.552816] x23: 0000000000000000 x22: ffff810feb5090b0
[  341.558117] x21: 0000000000000000 x20: 0000000000000000
[  341.563418] x19: ffff000017e57000 x18: 0000000000000000
[  341.568719] x17: 0000000000000000 x16: 0000000000000000
[  341.574020] x15: 0000000000000010 x14: ffffffffffffffff
[  341.579321] x13: ffff00008985eb27 x12: ffff00000985eb2f
[  341.584622] x11: ffff0000096b3000 x10: ffff00001c5db510
[  341.589923] x9 : 00000000ffffffd0 x8 : ffff0000086868e8
[  341.595224] x7 : 3430303030303030 x6 : 00000000000006ef
[  341.600525] x5 : 00000000003fffff x4 : 0000000000000000
[  341.605825] x3 : 0000000000000000 x2 : ffffffffffffffff
[  341.611126] x1 : ffff0000096b3728 x0 : 0000000000000038
[  341.616428] Call trace:
[  341.618866]  __vunmap+0x98/0xe0
[  341.621997]  vunmap+0x3c/0x50
[  341.624961]  arch_dma_free+0x68/0xa0
[  341.628534]  dma_direct_free+0x50/0x80
[  341.632285]  nicvf_free_resources+0x160/0x2d8 [nicvf]
[  341.637327]  nicvf_config_data_transfer+0x174/0x5e8 [nicvf]
[  341.642890]  nicvf_stop+0x298/0x340 [nicvf]
[  341.647066]  __dev_close_many+0x9c/0x108
[  341.650977]  dev_close_many+0xa4/0x158
[  341.654720]  rollback_registered_many+0x140/0x530
[  341.659414]  rollback_registered+0x54/0x80
[  341.663499]  unregister_netdevice_queue+0x9c/0xe8
[  341.668192]  unregister_netdev+0x28/0x38
[  341.672106]  nicvf_remove+0xa4/0xa8 [nicvf]
[  341.676280]  nicvf_shutdown+0x20/0x30 [nicvf]
[  341.680630]  pci_device_shutdown+0x44/0x88
[  341.684720]  device_shutdown+0x144/0x250
[  341.688640]  kernel_restart_prepare+0x44/0x50
[  341.692986]  kernel_restart+0x20/0x68
[  341.696638]  __se_sys_reboot+0x210/0x238
[  341.700550]  __arm64_sys_reboot+0x24/0x30
[  341.704555]  el0_svc_handler+0x94/0x110
[  341.708382]  el0_svc+0x8/0xc
[  341.711252] ---[ end trace 3f4019c8439959c9 ]---
[  341.715874] page:ffff7e0003ef4000 count:0 mapcount:0 mapping:0000000000000000 index:0x4
[  341.723872] flags: 0x1fffe000000000()
[  341.727527] raw: 001fffe000000000 ffff7e0003f1a008 ffff7e0003ef4048 0000000000000000
[  341.735263] raw: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[  341.742994] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0)

where xdp_dummy.c is a simple bpf program that forwards the incoming
frames to the network stack (available here:
https://github.com/altoor/xdp_walkthrough_examples/blob/master/sample_1/xdp_dummy.c)

Fixes: 05c773f52b ("net: thunderx: Add basic XDP support")
Fixes: 4863dea3fa ("net: Adding support for Cavium ThunderX network controller")
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-11-23 22:31:56 -08:00
Yangtao Li
c44c749d3b net: amd: add missing of_node_put()
of_find_node_by_path() acquires a reference to the node
returned by it and that reference needs to be dropped by its caller.
This place doesn't do that, so fix it.

Signed-off-by: Yangtao Li <tiny.windzz@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-11-23 17:24:24 -08:00
Hangbin Liu
5ed9dc9910 team: no need to do team_notify_peers or team_mcast_rejoin when disabling port
team_notify_peers() will send ARP and NA to notify peers. team_mcast_rejoin()
will send multicast join group message to notify peers. We should do this when
enabling/changed to a new port. But it doesn't make sense to do it when a port
is disabled.

On the other hand, when we set mcast_rejoin_count to 2, and do a failover,
team_port_disable() will increase mcast_rejoin.count_pending to 2 and then
team_port_enable() will increase mcast_rejoin.count_pending to 4. We will send
4 mcast rejoin messages at latest, which will make user confused. The same
with notify_peers.count.

Fix it by deleting team_notify_peers() and team_mcast_rejoin() in
team_port_disable().

Reported-by: Liang Li <liali@redhat.com>
Fixes: fc423ff00d ("team: add peer notification")
Fixes: 492b200efd ("team: add support for sending multicast rejoins")
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-11-23 17:18:15 -08:00
Jason Wang
18ba58e1c2 virtio-net: fail XDP set if guest csum is negotiated
We don't support partial csumed packet since its metadata will be lost
or incorrect during XDP processing. So fail the XDP set if guest_csum
feature is negotiated.

Fixes: f600b69050 ("virtio_net: Add XDP support")
Reported-by: Jesper Dangaard Brouer <brouer@redhat.com>
Cc: Jesper Dangaard Brouer <brouer@redhat.com>
Cc: Pavel Popa <pashinho1990@gmail.com>
Cc: David Ahern <dsahern@gmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-11-23 11:59:40 -08:00
Jason Wang
e59ff2c49a virtio-net: disable guest csum during XDP set
We don't disable VIRTIO_NET_F_GUEST_CSUM if XDP was set. This means we
can receive partial csumed packets with metadata kept in the
vnet_hdr. This may have several side effects:

- It could be overridden by header adjustment, thus is might be not
  correct after XDP processing.
- There's no way to pass such metadata information through
  XDP_REDIRECT to another driver.
- XDP does not support checksum offload right now.

So simply disable guest csum if possible in this the case of XDP.

Fixes: 3f93522ffa ("virtio-net: switch off offloads on demand if possible on XDP set")
Reported-by: Jesper Dangaard Brouer <brouer@redhat.com>
Cc: Jesper Dangaard Brouer <brouer@redhat.com>
Cc: Pavel Popa <pashinho1990@gmail.com>
Cc: David Ahern <dsahern@gmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-11-23 11:59:40 -08:00
Linus Torvalds
7c98a42618 A messenger fix, marked for stable.
-----BEGIN PGP SIGNATURE-----
 
 iQFHBAABCAAxFiEEydHwtzie9C7TfviiSn/eOAIR84sFAlv4ScMTHGlkcnlvbW92
 QGdtYWlsLmNvbQAKCRBKf944AhHzi1AlCACGgnN3hy/1AS2/fWVkPNZmfAyNC2vb
 1MZcYY2eXV+gx5MGr9/DKAGgvlxDRjn+FQAXqTVGNGULTNBEujWa4Z+Hl/gzYXfX
 LdK90pBe/E2WwcuDMK8WrMSuumJYElLpAcvEoxmAdJCDSXZ4ZGLfktGuaBqBGEJm
 9NftKpJzqavuhVMt3wlNnaiZCD++BzMXTnMvcgpSWZIdlGpAXYYfeyFkPu5s1tUl
 0PnsS2fP53JPR3nUz5EOksJidn0A9RYnYz/jKMvKFDLwURuRouHbugaZw/tXqUB3
 atcd6u+XV3v7RS/fhIybJ7yoO5bE0TehcP7D7qY2R4R8bG+yWc1L124g
 =yrY2
 -----END PGP SIGNATURE-----

Merge tag 'ceph-for-4.20-rc4' of https://github.com/ceph/ceph-client

Pullk ceph fix from Ilya Dryomov:
 "A messenger fix, marked for stable"

* tag 'ceph-for-4.20-rc4' of https://github.com/ceph/ceph-client:
  libceph: fall back to sendmsg for slab pages
2018-11-23 11:24:55 -08:00
Linus Torvalds
3381918fec for-linus-20181123
-----BEGIN PGP SIGNATURE-----
 
 iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAlv4RQUQHGF4Ym9lQGtl
 cm5lbC5kawAKCRD301j7KXHgprfJEACnPxJfX+v1nGan+Al5gwdL4/2nU7yOXmb9
 6KLs27fbFfRuB+1HxPM4GOgPyfNUmzwdcwMEt/slrPQ85Zykl2ooDv48xmFh3Orr
 zRdHi00CRoIOhqRcobfXiBak8VwwBxxb8TNp1WbcbCxeaURRETSqylxRhyzVoNYL
 2h5AqcnrnHzDRdYWW7iNmoj5D+opUoV8oiRWeq5t+g3lDFt73w9IAxFM+OD9edSm
 wXvFVcCaijAAGlESww+DjfAl9g7JiJlvrP+y1Yz2HR4ZPvFFX+PP7rr2Mx+FV7rn
 lluA2NBE2I+I6KrErmwrpWbonWOH1tgTvaGeNemXy1FWbLLdhoCInbkmqyPnDHnD
 GTzaWuMe6nbtp3Wr+rnHwdqpjLxMjik9eGvI5JsLMFHfT0n9BjCJuqLBjU+QARU/
 D3rKLoKZeIVasM0NFhd/vPzK1P2kVPjszJ48orksnIvkjxzoG/YKzlN6wYMW+/z3
 eEWzO9u9BDUjA7ayShmzL6LjRsOts0IRtVU3fYJIsvtKUbwo6JXTiqDpNQWLYUIj
 qspuu0TehMy4mDq9ynNpRjL/PIQ7KUMb7OMtyheLVBpqbJ2GK+wohxU/wKZws4WM
 8IfYcvsnOfR0muMFCBZyPefO9q4wKrVqp4VP48R2lZ7S9YOndLBCxeDw/5xYAsH7
 ht/GCtxfOA==
 =7Ur6
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-20181123' of git://git.kernel.dk/linux-block

Pull block fix from Jens Axboe:
 "Just a single fix for this week, fixing an issue with nvme-fc"

* tag 'for-linus-20181123' of git://git.kernel.dk/linux-block:
  nvme-fc: resolve io failures during connect
2018-11-23 11:20:14 -08:00
Davide Caratti
484afd1bd3 net/sched: act_police: add missing spinlock initialization
commit f2cbd48528 ("net/sched: act_police: fix race condition on state
variables") introduces a new spinlock, but forgets its initialization.
Ensure that tcf_police_init() initializes 'tcfp_lock' every time a 'police'
action is newly created, to avoid the following lockdep splat:

 INFO: trying to register non-static key.
 the code is fine but needs lockdep annotation.
 turning off the locking correctness validator.
 <...>
 Call Trace:
  dump_stack+0x85/0xcb
  register_lock_class+0x581/0x590
  __lock_acquire+0xd4/0x1330
  ? tcf_police_init+0x2fa/0x650 [act_police]
  ? lock_acquire+0x9e/0x1a0
  lock_acquire+0x9e/0x1a0
  ? tcf_police_init+0x2fa/0x650 [act_police]
  ? tcf_police_init+0x55a/0x650 [act_police]
  _raw_spin_lock_bh+0x34/0x40
  ? tcf_police_init+0x2fa/0x650 [act_police]
  tcf_police_init+0x2fa/0x650 [act_police]
  tcf_action_init_1+0x384/0x4c0
  tcf_action_init+0xf6/0x160
  tcf_action_add+0x73/0x170
  tc_ctl_action+0x122/0x160
  rtnetlink_rcv_msg+0x2a4/0x490
  ? netlink_deliver_tap+0x99/0x400
  ? validate_linkmsg+0x370/0x370
  netlink_rcv_skb+0x4d/0x130
  netlink_unicast+0x196/0x230
  netlink_sendmsg+0x2e5/0x3e0
  sock_sendmsg+0x36/0x40
  ___sys_sendmsg+0x280/0x2f0
  ? _raw_spin_unlock+0x24/0x30
  ? handle_pte_fault+0xafe/0xf30
  ? find_held_lock+0x2d/0x90
  ? syscall_trace_enter+0x1df/0x360
  ? __sys_sendmsg+0x5e/0xa0
  __sys_sendmsg+0x5e/0xa0
  do_syscall_64+0x60/0x210
  entry_SYSCALL_64_after_hwframe+0x49/0xbe
 RIP: 0033:0x7f1841c7cf10
 Code: c3 48 8b 05 82 6f 2c 00 f7 db 64 89 18 48 83 cb ff eb dd 0f 1f 80 00 00 00 00 83 3d 8d d0 2c 00 00 75 10 b8 2e 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 ae cc 00 00 48 89 04 24
 RSP: 002b:00007ffcf9df4d68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
 RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1841c7cf10
 RDX: 0000000000000000 RSI: 00007ffcf9df4dc0 RDI: 0000000000000003
 RBP: 000000005bf56105 R08: 0000000000000002 R09: 00007ffcf9df8edc
 R10: 00007ffcf9df47e0 R11: 0000000000000246 R12: 0000000000671be0
 R13: 00007ffcf9df4e84 R14: 0000000000000008 R15: 0000000000000000

Fixes: f2cbd48528 ("net/sched: act_police: fix race condition on state variables")
Reported-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-11-23 11:20:02 -08:00
Paolo Abeni
605108acfe net: don't keep lonely packets forever in the gro hash
Eric noted that with UDP GRO and NAPI timeout, we could keep a single
UDP packet inside the GRO hash forever, if the related NAPI instance
calls napi_gro_complete() at an higher frequency than the NAPI timeout.
Willem noted that even TCP packets could be trapped there, till the
next retransmission.
This patch tries to address the issue, flushing the old packets -
those with a NAPI_GRO_CB age before the current jiffy - before scheduling
the NAPI timeout. The rationale is that such a timeout should be
well below a jiffy and we are not flushing packets eligible for sane GRO.

v1  -> v2:
 - clarified the commit message and comment

RFC -> v1:
 - added 'Fixes tags', cleaned-up the wording.

Reported-by: Eric Dumazet <eric.dumazet@gmail.com>
Fixes: 3b47d30396 ("net: gro: add a per device gro flush timer")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Acked-by: Willem de Bruijn <willemb@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-11-23 11:18:53 -08:00
Hangbin Liu
896585d48e net/ipv6: re-do dad when interface has IFF_NOARP flag change
When we add a new IPv6 address, we should also join corresponding solicited-node
multicast address, unless the interface has IFF_NOARP flag, as function
addrconf_join_solict() did. But if we remove IFF_NOARP flag later, we do
not do dad and add the mcast address. So we will drop corresponding neighbour
discovery message that came from other nodes.

A typical example is after creating a ipvlan with mode l3, setting up an ipv6
address and changing the mode to l2. Then we will not be able to ping this
address as the interface doesn't join related solicited-node mcast address.

Fix it by re-doing dad when interface changed IFF_NOARP flag. Then we will add
corresponding mcast group and check if there is a duplicate address on the
network.

Reported-by: Jianlin Shi <jishi@redhat.com>
Reviewed-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-11-23 11:17:56 -08:00
Linus Torvalds
d88783b9c8 IOMMU Fixes for Linux v4.20-rc3
Including:
 
 	- Two fixes for the Intel VT-d driver to fix a NULL-ptr
 	  dereference and an unbalance in an allocate/free path
 	  (allocated with memremap, freed with iounmap)
 
 	- Fix for a crash in the Renesas IOMMU driver
 
 	- Fix for the Advanced Virtual Interrupt Controler (AVIC) code
 	  in the AMD IOMMU driver
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABAgAGBQJb+CxJAAoJECvwRC2XARrjKYoQAMWv6cWDNzr8phjTS8Lj53XN
 H2uQDCu4V7ysDrmUuN1zWn5R3MPbD3/1XlJuen7cKaI7Uwx1/ivzOi8f+MAfGEY2
 SSy/uJsGr8z0qh+QiIUyju8hK3iZe0WWntkwQ//LoJcZyF6JgpaaBwnXvU9KIkId
 m8wr38hgzYz/KoRZwMQ2rD/5wTG1AcEaR/gQC2UUaSXNmiFuh0MiHQqB46nCFUNx
 5fvpRI+Df3pqYXwC0TTic9BI5DAeZgz2j/r5BPOYorLMZm1cgSMaGvnJkGGVlxKJ
 LDcxKcvuZQbJXTtZ9mumtx6Z9sBhhCLhJcX2eJHmWA/9caSzBJsCEgzh0ZBvRhf+
 23zH0MvxP8IcddIGNzteCcr31GFXPtnLaXEJyRDJ3xuDIr4IwMwUBcvyGhzohDPQ
 G5SyNG8MP0PYvcypMARcpvn+zldGb5sZZXykrkRYY7y0jxwLBQ5P3mYjEYlGDhhN
 yHftLid9bAyoSIizSyNUlHf1NmPMamT0d/L4v96JSuC2a1fTgboXC2R7qrkzrx0+
 RH2zkEIVfITPDX6/r5zZsHEf1raRtGGnUOyvxJOkAV2zsxoCEQC1xBR8BpeyDjHn
 plfKBTCdAD8WrQKOgo4kVIgZtTGlc1bNwTgpN0N+SNTrNCsRq8a9tyoXGjGWcFxc
 C7Q67vcD4TfRxQgx0CF7
 =28EU
 -----END PGP SIGNATURE-----

Merge tag 'iommu-fixes-v4.20-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu

Pull IOMMU fixes from Joerg Roedel:

 - Two fixes for the Intel VT-d driver to fix a NULL-ptr dereference and
   an unbalance in an allocate/free path (allocated with memremap, freed
   with iounmap)

 - Fix for a crash in the Renesas IOMMU driver

 - Fix for the Advanced Virtual Interrupt Controler (AVIC) code in the
   AMD IOMMU driver

* tag 'iommu-fixes-v4.20-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
  iommu/vt-d: Use memunmap to free memremap
  amd/iommu: Fix Guest Virtual APIC Log Tail Address Register
  iommu/ipmmu-vmsa: Fix crash on early domain free
  iommu/vt-d: Fix NULL pointer dereference in prq_event_thread()
2018-11-23 11:15:27 -08:00
Willem de Bruijn
5cd8d46ea1 packet: copy user buffers before orphan or clone
tpacket_snd sends packets with user pages linked into skb frags. It
notifies that pages can be reused when the skb is released by setting
skb->destructor to tpacket_destruct_skb.

This can cause data corruption if the skb is orphaned (e.g., on
transmit through veth) or cloned (e.g., on mirror to another psock).

Create a kernel-private copy of data in these cases, same as tun/tap
zerocopy transmission. Reuse that infrastructure: mark the skb as
SKBTX_ZEROCOPY_FRAG, which will trigger copy in skb_orphan_frags(_rx).

Unlike other zerocopy packets, do not set shinfo destructor_arg to
struct ubuf_info. tpacket_destruct_skb already uses that ptr to notify
when the original skb is released and a timestamp is recorded. Do not
change this timestamp behavior. The ubuf_info->callback is not needed
anyway, as no zerocopy notification is expected.

Mark destructor_arg as not-a-uarg by setting the lower bit to 1. The
resulting value is not a valid ubuf_info pointer, nor a valid
tpacket_snd frame address. Add skb_zcopy_.._nouarg helpers for this.

The fix relies on features introduced in commit 52267790ef ("sock:
add MSG_ZEROCOPY"), so can be backported as is only to 4.14.

Tested with from `./in_netns.sh ./txring_overwrite` from
http://github.com/wdebruij/kerneltools/tests

Fixes: 69e3c75f4d ("net: TX_RING and packet mmap")
Reported-by: Anand H. Krishnan <anandhkrishnan@gmail.com>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-11-23 11:08:03 -08:00
Linus Torvalds
a03bac580a ACPI fix for 4.20-rc4
Prevent the ACPI core from registering a platform device for
 the SMB0001 HID to avoid IRQ allocation issues (Hans de Goede).
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABCAAGBQJb98+6AAoJEILEb/54YlRx7YEP/0qU1ZBzNojPOu6fQZW9M2SD
 LWu4QY0/2Cv1mzt8D9/7aiu7V1saGfXRlKzcWmJKkfvrc80WPaSPXktiKz5IWGid
 fMQory7czTuuEuYZS1HyZ+qJ7OLwOAXFIxb6t87/KgT9I4nUGtCUk2C+W+aqYvY4
 4AVApDT/EHrU3SzF6BO5NXgDgz2IRs9kA//hrtn4Vo7uh1qHdrhvEjODsj1Wotlc
 f/ypHHHqp/8cFBv5eTnIjFKht0ErWC4GKN/BX5ufRVxHsJcuV4o+vS6aCS8faCTO
 G6iDL+qZoW86Afz2kFCQUD+KZiZ+s0ZQZZf4kMACRCXz/WtEPB1fVhBMtnFmHygX
 mp7OMX+Iyj+H0BOz3ohPEb+iLSoWPSkG2imbqxI9TQ38/JWkqAy6lMJcfTc7h8KM
 gV2XO1d1m2QcD6NWSulaEikzn+4Ig+Iv+iEsQ14HCcAV5TOF8BU2ad/I4G5n03hM
 z2wucVMK2cxzJC8ikn6EpVBzXt7+oNvfoUtVBFpzk0yMWjrqpC2ZbzZjxlGlR35N
 9A8YHfXpxPkF4wJKb2vK/7DYxR4zuOXmwKspalBdJB2BqvcIClj0fz8dmA8UtU1i
 3H1Pwp9q6MkVrHDGx4Jg1djatjHTtr0Kip5MEuyssZ2NbrPsIPfNAv0hNK0Jw+XK
 yvh1+DHI183Z3DmwKwRn
 =bTMI
 -----END PGP SIGNATURE-----

Merge tag 'acpi-4.20-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

Pull ACPI fix from Rafael Wysocki:
 "Prevent the ACPI core from registering a platform device for the
  SMB0001 HID to avoid IRQ allocation issues (Hans de Goede)"

* tag 'acpi-4.20-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  ACPI / platform: Add SMB0001 HID to forbidden_id_list
2018-11-23 10:56:16 -08:00