1. 26 Feb, 2017 2 commits
  2. 25 Feb, 2017 2 commits
  3. 23 Feb, 2017 24 commits
  4. 22 Feb, 2017 12 commits
    • Alexey Kodanev's avatar
      tcp: account for ts offset only if tsecr not zero · eee2faab
      Alexey Kodanev authored
      We can get SYN with zero tsecr, don't apply offset in this case.
      
      Fixes: ee684b6f ("tcp: send packets with a socket timestamp")
      Signed-off-by: default avatarAlexey Kodanev <alexey.kodanev@oracle.com>
      Acked-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      eee2faab
    • Alexey Kodanev's avatar
      tcp: setup timestamp offset when write_seq already set · 00355fa5
      Alexey Kodanev authored
      Found that when randomized tcp offsets are enabled (by default)
      TCP client can still start new connections without them. Later,
      if server does active close and re-uses sockets in TIME-WAIT
      state, new SYN from client can be rejected on PAWS check inside
      tcp_timewait_state_process(), because either tw_ts_recent or
      rcv_tsval doesn't really have an offset set.
      
      Here is how to reproduce it with LTP netstress tool:
          netstress -R 1 &
          netstress -H 127.0.0.1 -lr 1000000 -a1
      
          [...]
          < S  seq 1956977072 win 43690 TS val 295618 ecr 459956970
          > .  ack 1956911535 win 342 TS val 459967184 ecr 1547117608
          < R  seq 1956911535 win 0 length 0
      +1. < S  seq 1956977072 win 43690 TS val 296640 ecr 459956970
          > S. seq 657450664 ack 1956977073 win 43690 TS val 459968205 ecr 296640
      
      Fixes: 95a22cae ("tcp: randomize tcp timestamp offsets for each connection")
      Signed-off-by: default avatarAlexey Kodanev <alexey.kodanev@oracle.com>
      Acked-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      00355fa5
    • Andrey Ryabinin's avatar
      net/dccp: fix use after free in tw_timer_handler() · ec7cb62d
      Andrey Ryabinin authored
      DCCP doesn't purge timewait sockets on network namespace shutdown.
      So, after net namespace destroyed we could still have an active timer
      which will trigger use after free in tw_timer_handler():
      
          BUG: KASAN: use-after-free in tw_timer_handler+0x4a/0xa0 at addr ffff88010e0d1e10
          Read of size 8 by task swapper/1/0
          Call Trace:
           __asan_load8+0x54/0x90
           tw_timer_handler+0x4a/0xa0
           call_timer_fn+0x127/0x480
           expire_timers+0x1db/0x2e0
           run_timer_softirq+0x12f/0x2a0
           __do_softirq+0x105/0x5b4
           irq_exit+0xdd/0xf0
           smp_apic_timer_interrupt+0x57/0x70
           apic_timer_interrupt+0x90/0xa0
      
          Object at ffff88010e0d1bc0, in cache net_namespace size: 6848
          Allocated:
           save_stack_trace+0x1b/0x20
           kasan_kmalloc+0xee/0x180
           kasan_slab_alloc+0x12/0x20
           kmem_cache_alloc+0x134/0x310
           copy_net_ns+0x8d/0x280
           create_new_namespaces+0x23f/0x340
           unshare_nsproxy_namespaces+0x75/0xf0
           SyS_unshare+0x299/0x4f0
           entry_SYSCALL_64_fastpath+0x18/0xad
          Freed:
           save_stack_trace+0x1b/0x20
           kasan_slab_free+0xae/0x180
           kmem_cache_free+0xb4/0x350
           net_drop_ns+0x3f/0x50
           cleanup_net+0x3df/0x450
           process_one_work+0x419/0xbb0
           worker_thread+0x92/0x850
           kthread+0x192/0x1e0
           ret_from_fork+0x2e/0x40
      
      Add .exit_batch hook to dccp_v4_ops()/dccp_v6_ops() which will purge
      timewait sockets on net namespace destruction and prevent above issue.
      
      Fixes: f2bf415c ("mib: add net to NET_ADD_STATS_BH")
      Reported-by: default avatarDmitry Vyukov <dvyukov@google.com>
      Signed-off-by: default avatarAndrey Ryabinin <aryabinin@virtuozzo.com>
      Acked-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ec7cb62d
    • Dmitry V. Levin's avatar
      uapi: fix linux/if.h userspace compilation errors · 2618be7d
      Dmitry V. Levin authored
      Include <sys/socket.h> (guarded by ifndef __KERNEL__) to fix
      the following linux/if.h userspace compilation errors:
      
      /usr/include/linux/if.h:234:19: error: field 'ifru_addr' has incomplete type
         struct sockaddr ifru_addr;
      /usr/include/linux/if.h:235:19: error: field 'ifru_dstaddr' has incomplete type
         struct sockaddr ifru_dstaddr;
      /usr/include/linux/if.h:236:19: error: field 'ifru_broadaddr' has incomplete type
         struct sockaddr ifru_broadaddr;
      /usr/include/linux/if.h:237:19: error: field 'ifru_netmask' has incomplete type
         struct sockaddr ifru_netmask;
      /usr/include/linux/if.h:238:20: error: field 'ifru_hwaddr' has incomplete type
         struct  sockaddr ifru_hwaddr;
      
      This also fixes userspace compilation of the following uapi headers:
        linux/atmbr2684.h
        linux/gsmmux.h
        linux/if_arp.h
        linux/if_bonding.h
        linux/if_frad.h
        linux/if_pppox.h
        linux/if_tunnel.h
        linux/netdevice.h
        linux/route.h
        linux/wireless.h
      
      As no uapi header provides a definition of struct sockaddr, inclusion
      of <sys/socket.h> seems to be the most conservative and the only safe
      fix available.
      
      All current users of <linux/if.h> are very likely to be including
      <sys/socket.h> already because the latter is the sole provider
      of struct sockaddr definition in libc, so adding a uapi header
      with a definition of struct sockaddr would create a potential
      conflict with <sys/socket.h>.
      
      Replacing struct sockaddr in the definition of struct ifreq with
      a different type would create a potential incompatibility with current
      users of struct ifreq who might rely on ifru_addr et al members being
      of type struct sockaddr.
      Signed-off-by: default avatarDmitry V. Levin <ldv@altlinux.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2618be7d
    • Ridge Kennedy's avatar
      l2tp: Avoid schedule while atomic in exit_net · 12d656af
      Ridge Kennedy authored
      While destroying a network namespace that contains a L2TP tunnel a
      "BUG: scheduling while atomic" can be observed.
      
      Enabling lockdep shows that this is happening because l2tp_exit_net()
      is calling l2tp_tunnel_closeall() (via l2tp_tunnel_delete()) from
      within an RCU critical section.
      
      l2tp_exit_net() takes rcu_read_lock_bh()
        << list_for_each_entry_rcu() >>
        l2tp_tunnel_delete()
          l2tp_tunnel_closeall()
            __l2tp_session_unhash()
              synchronize_rcu() << Illegal inside RCU critical section >>
      
      BUG: sleeping function called from invalid context
      in_atomic(): 1, irqs_disabled(): 0, pid: 86, name: kworker/u16:2
      INFO: lockdep is turned off.
      CPU: 2 PID: 86 Comm: kworker/u16:2 Tainted: G        W  O    4.4.6-at1 #2
      Hardware name: Xen HVM domU, BIOS 4.6.1-xs125300 05/09/2016
      Workqueue: netns cleanup_net
       0000000000000000 ffff880202417b90 ffffffff812b0013 ffff880202410ac0
       ffffffff81870de8 ffff880202417bb8 ffffffff8107aee8 ffffffff81870de8
       0000000000000c51 0000000000000000 ffff880202417be0 ffffffff8107b024
      Call Trace:
       [<ffffffff812b0013>] dump_stack+0x85/0xc2
       [<ffffffff8107aee8>] ___might_sleep+0x148/0x240
       [<ffffffff8107b024>] __might_sleep+0x44/0x80
       [<ffffffff810b21bd>] synchronize_sched+0x2d/0xe0
       [<ffffffff8109be6d>] ? trace_hardirqs_on+0xd/0x10
       [<ffffffff8105c7bb>] ? __local_bh_enable_ip+0x6b/0xc0
       [<ffffffff816a1b00>] ? _raw_spin_unlock_bh+0x30/0x40
       [<ffffffff81667482>] __l2tp_session_unhash+0x172/0x220
       [<ffffffff81667397>] ? __l2tp_session_unhash+0x87/0x220
       [<ffffffff8166888b>] l2tp_tunnel_closeall+0x9b/0x140
       [<ffffffff81668c74>] l2tp_tunnel_delete+0x14/0x60
       [<ffffffff81668dd0>] l2tp_exit_net+0x110/0x270
       [<ffffffff81668d5c>] ? l2tp_exit_net+0x9c/0x270
       [<ffffffff815001c3>] ops_exit_list.isra.6+0x33/0x60
       [<ffffffff81501166>] cleanup_net+0x1b6/0x280
       ...
      
      This bug can easily be reproduced with a few steps:
      
       $ sudo unshare -n bash  # Create a shell in a new namespace
       # ip link set lo up
       # ip addr add 127.0.0.1 dev lo
       # ip l2tp add tunnel remote 127.0.0.1 local 127.0.0.1 tunnel_id 1 \
          peer_tunnel_id 1 udp_sport 50000 udp_dport 50000
       # ip l2tp add session name foo tunnel_id 1 session_id 1 \
          peer_session_id 1
       # ip link set foo up
       # exit  # Exit the shell, in turn exiting the namespace
       $ dmesg
       ...
       [942121.089216] BUG: scheduling while atomic: kworker/u16:3/13872/0x00000200
       ...
      
      To fix this, move the call to l2tp_tunnel_closeall() out of the RCU
      critical section, and instead call it from l2tp_tunnel_del_work(), which
      is running from the l2tp_wq workqueue.
      
      Fixes: 2b551c6e ("l2tp: close sessions before initiating tunnel delete")
      Signed-off-by: default avatarRidge Kennedy <ridge.kennedy@alliedtelesis.co.nz>
      Acked-by: default avatarGuillaume Nault <g.nault@alphalink.fr>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      12d656af
    • Bhumika Goyal's avatar
      qlogic: netxen: constify bin_attribute structures · ff292458
      Bhumika Goyal authored
      Declare bin_attribute structures as const as they are only passed as an
      arguments to the functions device_remove_bin_file and
      device_create_bin_file. These function arguments are of type const, so
      bin_attribute structures having this property can be made const too.
      Done using Coccinelle:
      
      @r1 disable optional_qualifier @
      identifier i;
      position p;
      @@
      static struct bin_attribute i@p = {...};
      
      @ok1@
      identifier r1.i;
      position p,p1;
      @@
      (
      device_remove_bin_file(...,&i@p)
      |
      device_create_bin_file(..., &i@p1)
      )
      
      @bad@
      position p!={r1.p,ok1.p,ok1.p1};
      identifier r1.i;
      @@
      i@p
      
      @depends on !bad disable optional_qualifier@
      identifier r1.i;
      @@
      +const
      struct bin_attribute i;
      Signed-off-by: default avatarBhumika Goyal <bhumirks@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ff292458
    • Bhumika Goyal's avatar
      qlogic: qlcnic_sysfs: constify bin_attribute structures · 0ccea221
      Bhumika Goyal authored
      Declare bin_attribute structures as const as they are only passed as an
      arguments to the functions device_remove_bin_file and
      device_create_bin_file. These function arguments are of type const, so
      bin_attribute structures having this property can be made const too.
      Done using Coccinelle:
      
      @r1 disable optional_qualifier @
      identifier i;
      position p;
      @@
      static struct bin_attribute i@p = {...};
      
      @ok1@
      identifier r1.i;
      position p,p1;
      @@
      (
      device_remove_bin_file(...,&i@p)
      |
      device_create_bin_file(..., &i@p1)
      )
      
      @bad@
      position p!={r1.p,ok1.p,ok1.p1};
      identifier r1.i;
      @@
      i@p
      
      @depends on !bad disable optional_qualifier@
      identifier r1.i;
      @@
      +const
      struct bin_attribute i;
      Signed-off-by: default avatarBhumika Goyal <bhumirks@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0ccea221
    • Christian Lamparter's avatar
      net: emac: add support for device-tree based PHY discovery and setup · a577ca6b
      Christian Lamparter authored
      This patch adds glue-code that allows the EMAC driver to interface
      with the existing dt-supported PHYs in drivers/net/phy.
      
      Because currently, the emac driver maintains a small library of
      supported phys for in a private phy.c file located in the drivers
      directory.
      
      The support is limited to mostly single ethernet transceiver like the:
      CIS8201, BCM5248, ET1011C, Marvell 88E1111 and 88E1112, AR8035.
      
      However, routers like the Netgear WNDR4700 and Cisco Meraki MX60(W)
      have a 5-port switch (AR8327N) attached to the EMAC. The switch chip
      is supported by the qca8k mdio driver, which uses the generic phy
      library. Another reason is that PHYLIB also supports the BCM54610,
      which was used for the Western Digital My Book Live.
      
      This will now also make EMAC select PHYLIB.
      Signed-off-by: default avatarChristian Lamparter <chunkeey@googlemail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a577ca6b
    • Linus Torvalds's avatar
      Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · ca78d317
      Linus Torvalds authored
      Pull arm64 updates from Will Deacon:
       - Errata workarounds for Qualcomm's Falkor CPU
       - Qualcomm L2 Cache PMU driver
       - Qualcomm SMCCC firmware quirk
       - Support for DEBUG_VIRTUAL
       - CPU feature detection for userspace via MRS emulation
       - Preliminary work for the Statistical Profiling Extension
       - Misc cleanups and non-critical fixes
      
      * tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: (74 commits)
        arm64/kprobes: consistently handle MRS/MSR with XZR
        arm64: cpufeature: correctly handle MRS to XZR
        arm64: traps: correctly handle MRS/MSR with XZR
        arm64: ptrace: add XZR-safe regs accessors
        arm64: include asm/assembler.h in entry-ftrace.S
        arm64: fix warning about swapper_pg_dir overflow
        arm64: Work around Falkor erratum 1003
        arm64: head.S: Enable EL1 (host) access to SPE when entered at EL2
        arm64: arch_timer: document Hisilicon erratum 161010101
        arm64: use is_vmalloc_addr
        arm64: use linux/sizes.h for constants
        arm64: uaccess: consistently check object sizes
        perf: add qcom l2 cache perf events driver
        arm64: remove wrong CONFIG_PROC_SYSCTL ifdef
        ARM: smccc: Update HVC comment to describe new quirk parameter
        arm64: do not trace atomic operations
        ACPI/IORT: Fix the error return code in iort_add_smmu_platform_device()
        ACPI/IORT: Fix iort_node_get_id() mapping entries indexing
        arm64: mm: enable CONFIG_HOLES_IN_ZONE for NUMA
        perf: xgene: Include module.h
        ...
      ca78d317
    • Linus Torvalds's avatar
      Merge tag 'arc-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc · a4ee7bac
      Linus Torvalds authored
      Pull ARC updates from Vineet Gupta:
      
       - Intc imporvements [Yuriy]
      
       - VDK platform updates [Alexey]
      
      * tag 'arc-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc:
        ARC: [plat-*] ARC_HAS_COH_CACHES no longer relevant
        ARCv2: intc: Delete useless comments in Device Trees
        ARCv2: IDU-intc: Delete deprecated parameters in Device Trees
        ARCv2: IDU-intc: mask all common interrupts by default
        ARCv2: IDU-intc: Use build registers for getting numbers of interrupts
        ARCv2: intc: Set default priority for all core interrupts
        ARCv2: intc: Use runtime value of irq count for setting up intc
        ARCv2: intc: Rework the build time irq count information
        ARC: [intc-*]: confine NR_CPU_IRQS to intc code
        ARCv2: intc: Use ARC_REG_STATUS32 for addressing STATUS32 reg
        arc: vdk: Add support of UIO
        arc: vdk: Add support of MMC controller
        arc: vdk: Disable halt on reset
      a4ee7bac
    • Linus Torvalds's avatar
      Merge tag 'powerpc-4.11-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · 38705613
      Linus Torvalds authored
      Pull powerpc updates from Michael Ellerman:
       "Highlights include:
      
         - Support for direct mapped LPC on POWER9, giving Linux direct access
           to devices that may be on there such as a UART.
      
         - Memory hotplug support for the Power9 Radix MMU.
      
         - Add new AUX vectors describing the processor's cache geometry, to
           be used by glibc.
      
         - The ability for a guest to ask the hypervisor to resize the guest's
           hash table, and in addition support for doing so automatically when
           memory is hotplugged into/out-of the guest. This allows the hash
           table to be sized based on the current memory usage of the guest,
           rather than the maximum possible memory usage.
      
         - Implementation of optprobes (kprobe optimisation) for powerpc.
      
        In addition there's the topic branch shared with the KVM tree, which
        includes support for guests to use the Radix MMU on Power9.
      
        Thanks to:
          Alistair Popple, Andrew Donnellan, Aneesh Kumar K.V, Anju T, Anton
          Blanchard, Benjamin Herrenschmidt, Chris Packham, Daniel Axtens,
          Daniel Borkmann, David Gibson, Finn Thain, Gautham R. Shenoy, Gavin
          Shan, Greg Kurz, Joel Stanley, John Allen, Madhavan Srinivasan,
          Mahesh Salgaonkar, Markus Elfring, Michael Neuling, Nathan Fontenot,
          Naveen N. Rao, Nicholas Piggin, Paul Mackerras, Ravi Bangoria, Reza
          Arbab, Shailendra Singh, Vaibhav Jain, Wei Yongjun"
      
      * tag 'powerpc-4.11-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: (129 commits)
        powerpc/mm/radix: Skip ptesync in pte update helpers
        powerpc/mm/radix: Use ptep_get_and_clear_full when clearing pte for full mm
        powerpc/mm/radix: Update pte update sequence for pte clear case
        powerpc/mm: Update PROTFAULT handling in the page fault path
        powerpc/xmon: Fix data-breakpoint
        powerpc/mm: Fix build break with BOOK3S_64=n and MEMORY_HOTPLUG=y
        powerpc/mm: Fix build break when CMA=n && SPAPR_TCE_IOMMU=y
        powerpc/mm: Fix build break with RADIX=y & HUGETLBFS=n
        powerpc/pseries: Fix typo in parameter description
        powerpc/kprobes: Remove kprobe_exceptions_notify()
        kprobes: Introduce weak variant of kprobe_exceptions_notify()
        powerpc/ftrace: Fix confusing help text for DISABLE_MPROFILE_KERNEL
        powerpc/powernv: Fix opal_exit tracepoint opcode
        powerpc: Add a prototype for mcount() so it can be versioned
        powerpc: Drop GPL from of_node_to_nid() export to match other arches
        powerpc/kprobes: Optimize kprobe in kretprobe_trampoline()
        powerpc/kprobes: Implement Optprobes
        powerpc/kprobes: Fixes for kprobe_lookup_name() on BE
        powerpc: Add helper to check if offset is within relative branch range
        powerpc/bpf: Introduce __PPC_SH64()
        ...
      38705613
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux · ff47d8c0
      Linus Torvalds authored
      Pull s390 updates from Martin Schwidefsky:
      
       - New entropy generation for the pseudo random number generator.
      
       - Early boot printk output via sclp to help debug crashes on boot. This
         needs to be enabled with a kernel parameter.
      
       - Add proper no-execute support with a bit in the page table entry.
      
       - Bug fixes and cleanups.
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: (65 commits)
        s390/syscall: fix single stepped system calls
        s390/zcrypt: make ap_bus explicitly non-modular
        s390/zcrypt: Removed unneeded debug feature directory creation.
        s390: add missing "do {} while (0)" loop constructs to multiline macros
        s390/mm: add cond_resched call to kernel page table dumper
        s390: get rid of MACHINE_HAS_PFMF and MACHINE_HAS_HPAGE
        s390/mm: make memory_block_size_bytes available for !MEMORY_HOTPLUG
        s390: replace ACCESS_ONCE with READ_ONCE
        s390: Audit and remove any remaining unnecessary uses of module.h
        s390: mm: Audit and remove any unnecessary uses of module.h
        s390: kernel: Audit and remove any unnecessary uses of module.h
        s390/kdump: Use "LINUX" ELF note name instead of "CORE"
        s390: add no-execute support
        s390: report new vector facilities
        s390: use correct input data address for setup_randomness
        s390/sclp: get rid of common response code handling
        s390/sclp: don't add new lines to each printed string
        s390/sclp: make early sclp code readable
        s390/sclp: disable early sclp code as soon as the base sclp driver is active
        s390/sclp: move early printk code to drivers
        ...
      ff47d8c0