1. 19 Dec, 2017 1 commit
  2. 11 Dec, 2017 2 commits
  3. 06 Dec, 2017 2 commits
  4. 01 Dec, 2017 12 commits
    • David S. Miller's avatar
      Merge branch 'sfp-phylink-fixes' · ccab371f
      David S. Miller authored
      Russell King says:
      
      ====================
      SFP/phylink fixes
      
      Here are four phylink fixes:
      - the "options" is a big-endian value, we must test the bits taking the
        endian-ness into account.
      - improve the handling of RX_LOS polarity, taking no RX_LOS polarity
        bits set to mean there is no RX_LOS functionality provided.
      - do not report modules that require the address mode switching as
        supporting SFF8472.
      - ensure that the mac_link_down() function is called when phylink_stop()
        is called.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ccab371f
    • Russell King's avatar
      phylink: ensure we take the link down when phylink_stop() is called · 2012b7d6
      Russell King authored
      Ensure that we tell the MAC to take the link down when phylink_stop()
      is called, and that this completes prior to phylink_stop() returns.
      Reported-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Tested-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarRussell King <rmk+kernel@armlinux.org.uk>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2012b7d6
    • Russell King's avatar
      sfp: warn about modules requiring address change sequence · ec7681bd
      Russell King authored
      We do not support SFP modules which require the address change sequence
      as detailed by SFF 8472 revision 1.22 section 8.9.  Warn when these
      modules are inserted, and treat them as SFF8079 modules for ethtool.
      Signed-off-by: default avatarRussell King <rmk+kernel@armlinux.org.uk>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ec7681bd
    • Russell King's avatar
      sfp: improve RX_LOS handling · 710dfbb0
      Russell King authored
      There are two bits in the option word for the RX_LOS signal.  One
      reports that the RX_LOS signal is active high, the other reports that
      it is active low.  When both or neither are set, the result is not
      well defined in the specification.
      
      Rather than assuming that neither set means normal RX_LOS, take this
      as meaning no RX_LOS signal available, thereby ignoring the signal.
      Signed-off-by: default avatarRussell King <rmk+kernel@armlinux.org.uk>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      710dfbb0
    • Russell King's avatar
      sfp: fix RX_LOS signal handling · acf1c02f
      Russell King authored
      The options word is a be16 quantity, so we need to test the flags
      having converted the endian-ness.  Convert the flag bits to be16,
      which can be optimised by the compiler, rather than converting a
      variable at runtime.
      Reported-by: default avatarFlorian Fainelli <f.fainelli@gmail.com>
      Signed-off-by: default avatarRussell King <rmk+kernel@armlinux.org.uk>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      acf1c02f
    • Max Uvarov's avatar
      net: phy-micrel: check return code in flp center function · a0da456b
      Max Uvarov authored
      Fix obvious typo that first return value is set but not checked.
      Signed-off-by: default avatarMax Uvarov <muvarov@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a0da456b
    • Tommi Rantala's avatar
      tipc: call tipc_rcv() only if bearer is up in tipc_udp_recv() · c7799c06
      Tommi Rantala authored
      Remove the second tipc_rcv() call in tipc_udp_recv(). We have just
      checked that the bearer is not up, and calling tipc_rcv() with a bearer
      that is not up leads to a TIPC div-by-zero crash in
      tipc_node_calculate_timer(). The crash is rare in practice, but can
      happen like this:
      
        We're enabling a bearer, but it's not yet up and fully initialized.
        At the same time we receive a discovery packet, and in tipc_udp_recv()
        we end up calling tipc_rcv() with the not-yet-initialized bearer,
        causing later the div-by-zero crash in tipc_node_calculate_timer().
      
      Jon Maloy explains the impact of removing the second tipc_rcv() call:
        "link setup in the worst case will be delayed until the next arriving
         discovery messages, 1 sec later, and this is an acceptable delay."
      
      As the tipc_rcv() call is removed, just leave the function via the
      rcu_out label, so that we will kfree_skb().
      
      [   12.590450] Own node address <1.1.1>, network identity 1
      [   12.668088] divide error: 0000 [#1] SMP
      [   12.676952] CPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.14.2-dirty #1
      [   12.679225] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-2.fc27 04/01/2014
      [   12.682095] task: ffff8c2a761edb80 task.stack: ffffa41cc0cac000
      [   12.684087] RIP: 0010:tipc_node_calculate_timer.isra.12+0x45/0x60 [tipc]
      [   12.686486] RSP: 0018:ffff8c2a7fc838a0 EFLAGS: 00010246
      [   12.688451] RAX: 0000000000000000 RBX: ffff8c2a5b382600 RCX: 0000000000000000
      [   12.691197] RDX: 0000000000000000 RSI: ffff8c2a5b382600 RDI: ffff8c2a5b382600
      [   12.693945] RBP: ffff8c2a7fc838b0 R08: 0000000000000001 R09: 0000000000000001
      [   12.696632] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8c2a5d8949d8
      [   12.699491] R13: ffffffff95ede400 R14: 0000000000000000 R15: ffff8c2a5d894800
      [   12.702338] FS:  0000000000000000(0000) GS:ffff8c2a7fc80000(0000) knlGS:0000000000000000
      [   12.705099] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [   12.706776] CR2: 0000000001bb9440 CR3: 00000000bd009001 CR4: 00000000003606e0
      [   12.708847] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      [   12.711016] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      [   12.712627] Call Trace:
      [   12.713390]  <IRQ>
      [   12.714011]  tipc_node_check_dest+0x2e8/0x350 [tipc]
      [   12.715286]  tipc_disc_rcv+0x14d/0x1d0 [tipc]
      [   12.716370]  tipc_rcv+0x8b0/0xd40 [tipc]
      [   12.717396]  ? minmax_running_min+0x2f/0x60
      [   12.718248]  ? dst_alloc+0x4c/0xa0
      [   12.718964]  ? tcp_ack+0xaf1/0x10b0
      [   12.719658]  ? tipc_udp_is_known_peer+0xa0/0xa0 [tipc]
      [   12.720634]  tipc_udp_recv+0x71/0x1d0 [tipc]
      [   12.721459]  ? dst_alloc+0x4c/0xa0
      [   12.722130]  udp_queue_rcv_skb+0x264/0x490
      [   12.722924]  __udp4_lib_rcv+0x21e/0x990
      [   12.723670]  ? ip_route_input_rcu+0x2dd/0xbf0
      [   12.724442]  ? tcp_v4_rcv+0x958/0xa40
      [   12.725039]  udp_rcv+0x1a/0x20
      [   12.725587]  ip_local_deliver_finish+0x97/0x1d0
      [   12.726323]  ip_local_deliver+0xaf/0xc0
      [   12.726959]  ? ip_route_input_noref+0x19/0x20
      [   12.727689]  ip_rcv_finish+0xdd/0x3b0
      [   12.728307]  ip_rcv+0x2ac/0x360
      [   12.728839]  __netif_receive_skb_core+0x6fb/0xa90
      [   12.729580]  ? udp4_gro_receive+0x1a7/0x2c0
      [   12.730274]  __netif_receive_skb+0x1d/0x60
      [   12.730953]  ? __netif_receive_skb+0x1d/0x60
      [   12.731637]  netif_receive_skb_internal+0x37/0xd0
      [   12.732371]  napi_gro_receive+0xc7/0xf0
      [   12.732920]  receive_buf+0x3c3/0xd40
      [   12.733441]  virtnet_poll+0xb1/0x250
      [   12.733944]  net_rx_action+0x23e/0x370
      [   12.734476]  __do_softirq+0xc5/0x2f8
      [   12.734922]  irq_exit+0xfa/0x100
      [   12.735315]  do_IRQ+0x4f/0xd0
      [   12.735680]  common_interrupt+0xa2/0xa2
      [   12.736126]  </IRQ>
      [   12.736416] RIP: 0010:native_safe_halt+0x6/0x10
      [   12.736925] RSP: 0018:ffffa41cc0cafe90 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff4d
      [   12.737756] RAX: 0000000000000000 RBX: ffff8c2a761edb80 RCX: 0000000000000000
      [   12.738504] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
      [   12.739258] RBP: ffffa41cc0cafe90 R08: 0000014b5b9795e5 R09: ffffa41cc12c7e88
      [   12.740118] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000002
      [   12.740964] R13: ffff8c2a761edb80 R14: 0000000000000000 R15: 0000000000000000
      [   12.741831]  default_idle+0x2a/0x100
      [   12.742323]  arch_cpu_idle+0xf/0x20
      [   12.742796]  default_idle_call+0x28/0x40
      [   12.743312]  do_idle+0x179/0x1f0
      [   12.743761]  cpu_startup_entry+0x1d/0x20
      [   12.744291]  start_secondary+0x112/0x120
      [   12.744816]  secondary_startup_64+0xa5/0xa5
      [   12.745367] Code: b9 f4 01 00 00 48 89 c2 48 c1 ea 02 48 3d d3 07 00
      00 48 0f 47 d1 49 8b 0c 24 48 39 d1 76 07 49 89 14 24 48 89 d1 31 d2 48
      89 df <48> f7 f1 89 c6 e8 81 6e ff ff 5b 41 5c 5d c3 66 90 66 2e 0f 1f
      [   12.747527] RIP: tipc_node_calculate_timer.isra.12+0x45/0x60 [tipc] RSP: ffff8c2a7fc838a0
      [   12.748555] ---[ end trace 1399ab83390650fd ]---
      [   12.749296] Kernel panic - not syncing: Fatal exception in interrupt
      [   12.750123] Kernel Offset: 0x13200000 from 0xffffffff82000000
      (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
      [   12.751215] Rebooting in 60 seconds..
      
      Fixes: c9b64d49 ("tipc: add replicast peer discovery")
      Signed-off-by: default avatarTommi Rantala <tommi.t.rantala@nokia.com>
      Cc: Jon Maloy <jon.maloy@ericsson.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c7799c06
    • Eric Dumazet's avatar
      tcp/dccp: block bh before arming time_wait timer · cfac7f83
      Eric Dumazet authored
      Maciej Żenczykowski reported some panics in tcp_twsk_destructor()
      that might be caused by the following bug.
      
      timewait timer is pinned to the cpu, because we want to transition
      timwewait refcount from 0 to 4 in one go, once everything has been
      initialized.
      
      At the time commit ed2e9239 ("tcp/dccp: fix timewait races in timer
      handling") was merged, TCP was always running from BH habdler.
      
      After commit 5413d1ba ("net: do not block BH while processing
      socket backlog") we definitely can run tcp_time_wait() from process
      context.
      
      We need to block BH in the critical section so that the pinned timer
      has still its purpose.
      
      This bug is more likely to happen under stress and when very small RTO
      are used in datacenter flows.
      
      Fixes: 5413d1ba ("net: do not block BH while processing socket backlog")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarMaciej Żenczykowski <maze@google.com>
      Acked-by: default avatarMaciej Żenczykowski <maze@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      cfac7f83
    • David S. Miller's avatar
      Merge branch 'sctp-prsctp-chunk-fixes' · b484d8a5
      David S. Miller authored
      Xin Long says:
      
      ====================
      sctp: a couple of fixes for chunks abandoned in prsctp
      
      Now when abandoning chunks in prsctp, it doesn't consider for frags in
      one msg, which would cause peer can never receive the whole frags for
      one msg to get them reassembled, these pieces of this msg will stay in
      the reasm queue forever and block the following chunks' receiving.
      
      This patchset is to fix them in patch 2 and 3, and also fix another
      issue for prsctp in patch 1.
      ====================
      Acked-by: default avatarNeil Horman <nhorman@tuxdriver.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b484d8a5
    • Xin Long's avatar
      sctp: do not abandon the other frags in unsent outq if one msg has outstanding frags · 779edd73
      Xin Long authored
      Now for the abandoned chunks in unsent outq, it would just free the chunks.
      Because no tsn is assigned to them yet, there's no need to send fwd tsn to
      peer, unlike for the abandoned chunks in sent outq.
      
      The problem is when parts of the msg have been sent and the other frags
      are still in unsent outq, if they are abandoned/dropped, the peer would
      never get this msg reassembled.
      
      So these frags in unsent outq can't be dropped if this msg already has
      outstanding frags.
      
      This patch does the check in sctp_chunk_abandoned and
      sctp_prsctp_prune_unsent.
      Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Acked-by: default avatarMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      779edd73
    • Xin Long's avatar
      sctp: abandon the whole msg if one part of a fragmented message is abandoned · e5f61296
      Xin Long authored
      As rfc3758#section-3.1 demands:
      
         A3) When a TSN is "abandoned", if it is part of a fragmented message,
             all other TSN's within that fragmented message MUST be abandoned
             at the same time.
      
      Besides, if it couldn't handle this, the rest frags would never get
      assembled in peer side.
      
      This patch supports it by adding abandoned flag in sctp_datamsg, when
      one chunk is being abandoned, set chunk->msg->abandoned as well. Next
      time when checking for abandoned, go checking chunk->msg->abandoned
      first.
      Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Acked-by: default avatarMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e5f61296
    • Xin Long's avatar
      sctp: only update outstanding_bytes for transmitted queue when doing prsctp_prune · d30fc512
      Xin Long authored
      Now outstanding_bytes is only increased when appending chunks into one
      packet and sending it at 1st time, while decreased when it is about to
      move into retransmit queue. It means outstanding_bytes value is already
      decreased for all chunks in retransmit queue.
      
      However sctp_prsctp_prune_sent is a common function to check the chunks
      in both transmitted and retransmit queue, it decrease outstanding_bytes
      when moving a chunk into abandoned queue from either of them.
      
      It could cause outstanding_bytes underflow, as it also decreases it's
      value for the chunks in retransmit queue.
      
      This patch fixes it by only updating outstanding_bytes for transmitted
      queue when pruning queues for prsctp prio policy, the same fix is also
      needed in sctp_check_transmitted.
      
      Fixes: 8dbdf1f5 ("sctp: implement prsctp PRIO policy")
      Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Acked-by: default avatarMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d30fc512
  5. 30 Nov, 2017 8 commits
  6. 29 Nov, 2017 15 commits
    • Linus Torvalds's avatar
      Merge tag 'nfsd-4.15-1' of git://linux-nfs.org/~bfields/linux · b9151761
      Linus Torvalds authored
      Pull nfsd fixes from Bruce Fields:
       "I screwed up my merge window pull request; I only sent half of what I
        meant to.
      
        There were no new features, just bugfixes of various importance and
        some very minor cleanup, so I think it's all still appropriate for
        -rc2.
      
        Highlights:
      
         - Fixes from Trond for some races in the NFSv4 state code.
      
         - Fix from Naofumi Honda for a typo in the blocked lock notificiation
           code
      
         - Fixes from Vasily Averin for some problems starting and stopping
           lockd especially in network namespaces"
      
      * tag 'nfsd-4.15-1' of git://linux-nfs.org/~bfields/linux: (23 commits)
        lockd: fix "list_add double add" caused by legacy signal interface
        nlm_shutdown_hosts_net() cleanup
        race of nfsd inetaddr notifiers vs nn->nfsd_serv change
        race of lockd inetaddr notifiers vs nlmsvc_rqst change
        SUNRPC: make cache_detail structures const
        NFSD: make cache_detail structures const
        sunrpc: make the function arg as const
        nfsd: check for use of the closed special stateid
        nfsd: fix panic in posix_unblock_lock called from nfs4_laundromat
        lockd: lost rollback of set_grace_period() in lockd_down_net()
        lockd: added cleanup checks in exit_net hook
        grace: replace BUG_ON by WARN_ONCE in exit_net hook
        nfsd: fix locking validator warning on nfs4_ol_stateid->st_mutex class
        lockd: remove net pointer from messages
        nfsd: remove net pointer from debug messages
        nfsd: Fix races with check_stateid_generation()
        nfsd: Ensure we check stateid validity in the seqid operation checks
        nfsd: Fix race in lock stateid creation
        nfsd4: move find_lock_stateid
        nfsd: Ensure we don't recognise lock stateids after freeing them
        ...
      b9151761
    • Linus Torvalds's avatar
      Merge tag 'for-4.15-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux · 26cd9474
      Linus Torvalds authored
      Pull btrfs fixes from David Sterba:
       "We've collected some fixes in since the pre-merge window freeze.
      
        There's technically only one regression fix for 4.15, but the rest
        seems important and candidates for stable.
      
         - fix missing flush bio puts in error cases (is serious, but rarely
           happens)
      
         - fix reporting stat::st_blocks for buffered append writes
      
         - fix space cache invalidation
      
         - fix out of bound memory access when setting zlib level
      
         - fix potential memory corruption when fsync fails in the middle
      
         - fix crash in integrity checker
      
         - incremetnal send fix, path mixup for certain unlink/rename
           combination
      
         - pass flags to writeback so compressed writes can be throttled
           properly
      
         - error handling fixes"
      
      * tag 'for-4.15-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
        Btrfs: incremental send, fix wrong unlink path after renaming file
        btrfs: tree-checker: Fix false panic for sanity test
        Btrfs: fix list_add corruption and soft lockups in fsync
        btrfs: Fix wild memory access in compression level parser
        btrfs: fix deadlock when writing out space cache
        btrfs: clear space cache inode generation always
        Btrfs: fix reported number of inode blocks after buffered append writes
        Btrfs: move definition of the function btrfs_find_new_delalloc_bytes
        Btrfs: bail out gracefully rather than BUG_ON
        btrfs: dev_alloc_list is not protected by RCU, use normal list_del
        btrfs: add missing device::flush_bio puts
        btrfs: Fix transaction abort during failure in btrfs_rm_dev_item
        Btrfs: add write_flags for compression bio
      26cd9474
    • Linus Torvalds's avatar
      Merge tag 'microblaze-4.15-rc2' of git://git.monstr.eu/linux-2.6-microblaze · 198e0c0c
      Linus Torvalds authored
      Pull Microblaze fix from Michal Simek:
       "Add missing header to mmu_context_mm.h"
      
      * tag 'microblaze-4.15-rc2' of git://git.monstr.eu/linux-2.6-microblaze:
        microblaze: add missing include to mmu_context_mm.h
      198e0c0c
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc · fccfde44
      Linus Torvalds authored
      Pull sparc fix from David Miller:
       "Sparc T4 and later cpu bootup regression fix"
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
        sparc64: Fix boot on T4 and later.
      fccfde44
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 96c22a49
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) The forcedeth conversion from pci_*() DMA interfaces to dma_*() ones
          missed one spot. From Zhu Yanjun.
      
       2) Missing CRYPTO_SHA256 Kconfig dep in cfg80211, from Johannes Berg.
      
       3) Fix checksum offloading in thunderx driver, from Sunil Goutham.
      
       4) Add SPDX to vm_sockets_diag.h, from Stephen Hemminger.
      
       5) Fix use after free of packet headers in TIPC, from Jon Maloy.
      
       6) "sizeof(ptr)" vs "sizeof(*ptr)" bug in i40e, from Gustavo A R Silva.
      
       7) Tunneling fixes in mlxsw driver, from Petr Machata.
      
       8) Fix crash in fanout_demux_rollover() of AF_PACKET, from Mike
          Maloney.
      
       9) Fix race in AF_PACKET bind() vs. NETDEV_UP notifier, from Eric
          Dumazet.
      
      10) Fix regression in sch_sfq.c due to one of the timer_setup()
          conversions. From Paolo Abeni.
      
      11) SCTP does list_for_each_entry() using wrong struct member, fix from
          Xin Long.
      
      12) Don't use big endian netlink attribute read for
          IFLA_BOND_AD_ACTOR_SYSTEM, it is in cpu endianness. Also from Xin
          Long.
      
      13) Fix mis-initialization of q->link.clock in CBQ scheduler, preventing
          adding filters there. From Jiri Pirko.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (67 commits)
        ethernet: dwmac-stm32: Fix copyright
        net: via: via-rhine: use %p to format void * address instead of %x
        net: ethernet: xilinx: Mark XILINX_LL_TEMAC broken on 64-bit
        myri10ge: Update MAINTAINERS
        net: sched: cbq: create block for q->link.block
        atm: suni: remove extraneous space to fix indentation
        atm: lanai: use %p to format kernel addresses instead of %x
        VSOCK: Don't set sk_state to TCP_CLOSE before testing it
        atm: fore200e: use %pK to format kernel addresses instead of %x
        ambassador: fix incorrect indentation of assignment statement
        vxlan: use __be32 type for the param vni in __vxlan_fdb_delete
        bonding: use nla_get_u64 to extract the value for IFLA_BOND_AD_ACTOR_SYSTEM
        sctp: use right member as the param of list_for_each_entry
        sch_sfq: fix null pointer dereference at timer expiration
        cls_bpf: don't decrement net's refcount when offload fails
        net/packet: fix a race in packet_bind() and packet_notifier()
        packet: fix crash in fanout_demux_rollover()
        sctp: remove extern from stream sched
        sctp: force the params with right types for sctp csum apis
        sctp: force SCTP_ERROR_INV_STRM with __u32 when calling sctp_chunk_fail
        ...
      96c22a49
    • David S. Miller's avatar
      sparc64: Fix boot on T4 and later. · e5372cd5
      David S. Miller authored
      If we don't put the NG4fls.o object into the same part of
      the link as the generic sparc64 objects for fls() and __fls()
      then the relocation in the branch we use for patching will
      not fit.
      
      Move NG4fls.o into lib-y to fix this problem.
      
      Fixes: 46ad8d2d ("sparc64: Use sparc optimized fls and __fls for T4 and above")
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Reported-by: default avatarAnatoly Pugachev <matorola@gmail.com>
      Tested-by: default avatarAnatoly Pugachev <matorola@gmail.com>
      e5372cd5
    • Linus Torvalds's avatar
      vsprintf: don't use 'restricted_pointer()' when not restricting · ef0010a3
      Linus Torvalds authored
      Instead, just fall back on the new '%p' behavior which hashes the
      pointer.
      
      Otherwise, '%pK' - that was intended to mark a pointer as restricted -
      just ends up leaking pointers that a normal '%p' wouldn't leak.  Which
      just make the whole thing pointless.
      
      I suspect we should actually get rid of '%pK' entirely, and make it just
      work as '%p' regardless, but this is the minimal obvious fix.  People
      who actually use 'kptr_restrict' should weigh in on which behavior they
      want.
      
      Cc: Tobin Harding <me@tobin.cc>
      Cc: Kees Cook <keescook@chromium.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      ef0010a3
    • Linus Torvalds's avatar
      kallsyms: take advantage of the new '%px' format · 668533dc
      Linus Torvalds authored
      The conditional kallsym hex printing used a special fixed-width '%lx'
      output (KALLSYM_FMT) in preparation for the hashing of %p, but that
      series ended up adding a %px specifier to help with the conversions.
      
      Use it, and avoid the "print pointer as an unsigned long" code.
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      668533dc
    • Linus Torvalds's avatar
      Merge tag 'printk-hash-pointer-4.15-rc2' of git://github.com/tcharding/linux · da6af54d
      Linus Torvalds authored
      Pull printk pointer hashing update from Tobin Harding:
       "Here is the patch set that implements hashing of printk specifier %p.
      
        First we have two clean up patches then we do the hashing. Hashing is
        done via the SipHash algorithm. The next patch adds printk specifier
        %px for printing pointers when we _really_ want to see the address i.e
        %px is functionally equivalent to %lx. Final patch in the set fixes
        KASAN since we break it by hashing %p.
      
        For the record here is the justification for the series:
      
          Currently there exist approximately 14 000 places in the Kernel
          where addresses are being printed using an unadorned %p. This
          potentially leaks sensitive information about the Kernel layout in
          memory. Many of these calls are stale, instead of fixing every call
          we hash the address by default before printing. We then add %px to
          provide a way to print the actual address. Although this is
          achievable using %lx, using %px will assist us if we ever want to
          change pointer printing behaviour. %px is more uniquely grep'able
          (there are already >50 000 uses of %lx).
      
          The added advantage of hashing %p is that security is now opt-out,
          if you _really_ want the address you have to work a little harder
          and use %px.
      
        This will of course break some users, forcing code printing needed
        addresses to be updated"
      
      [ I do expect this to be an annoyance, and a number of %px users to be
        added for debuggability. But nobody is willing to audit existing %p
        users for information leaks, and a number of places really only use
        the pointer as an object identifier rather than really 'I need the
        address'.
      
        IOW - sorry for the inconvenience, but it's the least inconvenient of
        the options.    - Linus ]
      
      * tag 'printk-hash-pointer-4.15-rc2' of git://github.com/tcharding/linux:
        kasan: use %px to print addresses instead of %p
        vsprintf: add printk specifier %px
        printk: hash addresses printed with %p
        vsprintf: refactor %pK code out of pointer()
        docs: correct documentation for %pK
      da6af54d
    • Linus Torvalds's avatar
      Revert "mm, thp: Do not make pmd/pud dirty without a reason" · f55e1014
      Linus Torvalds authored
      This reverts commit 152e93af.
      
      It was a nice cleanup in theory, but as Nicolai Stange points out, we do
      need to make the page dirty for the copy-on-write case even when we
      didn't end up making it writable, since the dirty bit is what we use to
      check that we've gone through a COW cycle.
      Reported-by: default avatarMichal Hocko <mhocko@kernel.org>
      Acked-by: default avatarKirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      f55e1014
    • Benjamin Gaignard's avatar
      ethernet: dwmac-stm32: Fix copyright · f6454f80
      Benjamin Gaignard authored
      Uniformize STMicroelectronics copyrights header
      Signed-off-by: default avatarBenjamin Gaignard <benjamin.gaignard@st.com>
      CC: Alexandre Torgue <alexandre.torgue@st.com>
      Acked-by: default avatarAlexandre TORGUE <alexandre.torgue@st.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f6454f80
    • Colin Ian King's avatar
      net: via: via-rhine: use %p to format void * address instead of %x · a7e4fbbf
      Colin Ian King authored
      Don't use %x and casting to print out an address, instead use %p
      and remove the casting.  Cleans up smatch warnings:
      
      drivers/net/ethernet/via/via-rhine.c:998 rhine_init_one_common()
      warn: argument 4 to %lx specifier is cast from pointer
      Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a7e4fbbf
    • Gustavo A. R. Silva's avatar
      rxrpc: Fix variable overwrite · 282ef472
      Gustavo A. R. Silva authored
      Values assigned to both variable resend_at and ack_at are overwritten
      before they can be used.
      
      The correct fix here is to add 'now' to the previously computed value in
      resend_at and ack_at.
      
      Addresses-Coverity-ID: 1462262
      Addresses-Coverity-ID: 1462263
      Addresses-Coverity-ID: 1462264
      Fixes: beb8e5e4 ("rxrpc: Express protocol timeouts in terms of RTT")
      Link: https://marc.info/?i=17004.1511808959%40warthog.procyon.org.ukSigned-off-by: default avatarGustavo A. R. Silva <garsilva@embeddedor.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      282ef472
    • Geert Uytterhoeven's avatar
      net: ethernet: xilinx: Mark XILINX_LL_TEMAC broken on 64-bit · 15bfe05c
      Geert Uytterhoeven authored
      On 64-bit (e.g. powerpc64/allmodconfig):
      
          drivers/net/ethernet/xilinx/ll_temac_main.c: In function 'temac_start_xmit_done':
          drivers/net/ethernet/xilinx/ll_temac_main.c:633:22: warning: cast to pointer from integer of different size [-Wint-to-pointer-cast]
      	dev_kfree_skb_irq((struct sk_buff *)cur_p->app4);
      			  ^
      
      cdmac_bd.app4 is u32, so it is too small to hold a kernel pointer.
      
      Note that several other fields in struct cdmac_bd are also too small to
      hold physical addresses on 64-bit platforms.
      Signed-off-by: default avatarGeert Uytterhoeven <geert+renesas@glider.be>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      15bfe05c
    • David Howells's avatar
      rxrpc: Fix ACK generation from the connection event processor · 5fc62f6a
      David Howells authored
      Repeat terminal ACKs and now terminal ACKs are now generated from the
      connection event processor rather from call handling as this allows us to
      discard client call structures as soon as possible and free up the channel
      for a follow on call.
      
      However, in ACKs so generated, the additional information trailer is
      malformed because the padding that's meant to be in the middle isn't
      included in what's transmitted.
      
      Fix it so that the 3 bytes of padding are included in the transmission.
      
      Further, the trailer is misaligned because of the padding, so assigment to
      the u16 and u32 fields inside it might cause problems on some arches, so
      fix this by breaking the padding and the trailer out of the packed struct.
      
      (This also deals with potential compiler weirdies where some of the nested
      structs are packed and some aren't).
      
      The symptoms can be seen in wireshark as terminal DUPLICATE or IDLE ACK
      packets in which the Max MTU, Interface MTU and rwind fields have weird
      values and the Max Packets field is apparently missing.
      Reported-by: default avatarJeffrey Altman <jaltman@auristor.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      5fc62f6a