1. 19 Jul, 2016 4 commits
  2. 30 Jun, 2016 14 commits
  3. 29 Jun, 2016 22 commits
    • Linus Torvalds's avatar
      Merge tag 'nfs-for-4.7-2' of git://git.linux-nfs.org/projects/anna/linux-nfs · e7bdea77
      Linus Torvalds authored
      Pull NFS client bugfixes from Anna Schumaker:
       "Stable bugfixes:
         - Fix _cancel_empty_pagelist
         - Fix a double page unlock
         - Make nfs_atomic_open() call d_drop() on all ->open_context() errors.
         - Fix another OPEN_DOWNGRADE bug
      
        Other bugfixes:
         - Ensure we handle delegation errors in nfs4_proc_layoutget()
         - Layout stateids start out as being invalid
         - Add sparse lock annotations for pnfs_find_alloc_layout
         - Handle bad delegation stateids in nfs4_layoutget_handle_exception
         - Fix up O_DIRECT results
         - Fix potential use after free of state in nfs4_do_reclaim.
         - Mark the layout stateid invalid when all segments are removed
         - Don't let readdirplus revalidate an inode that was marked as stale
         - Fix potential race in nfs_fhget()
         - Fix an unused variable warning"
      
      * tag 'nfs-for-4.7-2' of git://git.linux-nfs.org/projects/anna/linux-nfs:
        NFS: Fix another OPEN_DOWNGRADE bug
        make nfs_atomic_open() call d_drop() on all ->open_context() errors.
        NFS: Fix an unused variable warning
        NFS: Fix potential race in nfs_fhget()
        NFS: Don't let readdirplus revalidate an inode that was marked as stale
        NFSv4.1/pnfs: Mark the layout stateid invalid when all segments are removed
        NFS: Fix a double page unlock
        pnfs_nfs: fix _cancel_empty_pagelist
        nfs4: Fix potential use after free of state in nfs4_do_reclaim.
        NFS: Fix up O_DIRECT results
        NFS/pnfs: handle bad delegation stateids in nfs4_layoutget_handle_exception
        NFSv4.1/pnfs: Add sparse lock annotations for pnfs_find_alloc_layout
        NFSv4.1/pnfs: Layout stateids start out as being invalid
        NFSv4.1/pnfs: Ensure we handle delegation errors in nfs4_proc_layoutget()
      e7bdea77
    • Linus Torvalds's avatar
      Merge branch 'stable-4.7' of git://git.infradead.org/users/pcmoore/audit · 89a82a92
      Linus Torvalds authored
      Pull audit fixes from Paul Moore:
       "Two small patches to fix audit problems in 4.7-rcX: the first fixes a
        potential kref leak, the second removes some header file noise.
      
        The first is an important bug fix that really should go in before 4.7
        is released, the second is not critical, but falls into the very-nice-
        to-have category so I'm including in the pull request.
      
        Both patches are straightforward, self-contained, and pass our
        testsuite without problem"
      
      * 'stable-4.7' of git://git.infradead.org/users/pcmoore/audit:
        audit: move audit_get_tty to reduce scope and kabi changes
        audit: move calcs after alloc and check when logging set loginuid
      89a82a92
    • Lee Jones's avatar
      reset: TRIVIAL: Add line break at same place for similar APIs · 0bcc0eab
      Lee Jones authored
      Standardise the way inline functions:
      
        devm_reset_control_get_shared_by_index
        devm_reset_control_get_exclusive_by_index
      
      ... are formatted.
      Signed-off-by: default avatarLee Jones <lee.jones@linaro.org>
      Signed-off-by: default avatarPhilipp Zabel <p.zabel@pengutronix.de>
      0bcc0eab
    • Lee Jones's avatar
      reset: Supply *_shared variant calls when using *_optional APIs · c33d61a0
      Lee Jones authored
      Consumers need to be able to specify whether they are requesting an
      'exclusive' or 'shared' reset line no matter which API (of_*, devm_*,
      etc) they are using.  This change allows users of the optional_* API
      in particular to specify that their request is for a 'shared' line.
      Signed-off-by: default avatarLee Jones <lee.jones@linaro.org>
      Signed-off-by: default avatarPhilipp Zabel <p.zabel@pengutronix.de>
      c33d61a0
    • Lee Jones's avatar
      reset: Supply *_shared variant calls when using of_* API · 40faee8e
      Lee Jones authored
      Consumers need to be able to specify whether they are requesting an
      'exclusive' or 'shared' reset line no matter which API (of_*, devm_*,
      etc) they are using.  This change allows users of the of_* API in
      particular to specify that their request is for a 'shared' line.
      Signed-off-by: default avatarLee Jones <lee.jones@linaro.org>
      Signed-off-by: default avatarPhilipp Zabel <p.zabel@pengutronix.de>
      40faee8e
    • Lee Jones's avatar
      reset: Ensure drivers are explicit when requesting reset lines · a53e35db
      Lee Jones authored
      Phasing out generic reset line requests enables us to make some better
      decisions on when and how to (de)assert said lines.  If an 'exclusive'
      line is requested, we know a device *requires* a reset and that it's
      preferable to act upon a request right away.  However, if a 'shared'
      reset line is requested, we can reasonably assume sure that placing a
      device into reset isn't a hard requirement, but probably a measure to
      save power and is thus able to cope with not being asserted if another
      device is still in use.
      
      In order allow gentle adoption and not to forcing all consumers to
      move to the API immediately, causing administration headache between
      subsystems, this patch adds some temporary stand-in shim-calls.  This
      will ease the burden at merge time and allow subsystems to migrate over
      to the new API in a more realistic time-frame.
      Signed-off-by: default avatarLee Jones <lee.jones@linaro.org>
      Signed-off-by: default avatarPhilipp Zabel <p.zabel@pengutronix.de>
      a53e35db
    • Lee Jones's avatar
      reset: Reorder inline reset_control_get*() wrappers · 3c35f6ed
      Lee Jones authored
      We're about to split the current API into two, where consumers will
      be forced to be explicit when requesting reset lines.  The choice
      will be to either the call the *_exclusive or *_shared variant
      depending on whether they can actually tolorate not being asserted
      when that request is made.
      
      The new API will look like this once reorded and complete:
      
        reset_control_get_exclusive()
        reset_control_get_shared()
        reset_control_get_optional_exclusive()
        reset_control_get_optional_shared()
        of_reset_control_get_exclusive()
        of_reset_control_get_shared()
        of_reset_control_get_exclusive_by_index()
        of_reset_control_get_shared_by_index()
        devm_reset_control_get_exclusive()
        devm_reset_control_get_shared()
        devm_reset_control_get_optional_exclusive()
        devm_reset_control_get_optional_shared()
        devm_reset_control_get_exclusive_by_index()
        devm_reset_control_get_shared_by_index()
      Signed-off-by: default avatarLee Jones <lee.jones@linaro.org>
      Signed-off-by: default avatarPhilipp Zabel <p.zabel@pengutronix.de>
      3c35f6ed
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 32826ac4
      Linus Torvalds authored
      Pull networking fixes from David Miller:
       "I've been traveling so this accumulates more than week or so of bug
        fixing.  It perhaps looks a little worse than it really is.
      
         1) Fix deadlock in ath10k driver, from Ben Greear.
      
         2) Increase scan timeout in iwlwifi, from Luca Coelho.
      
         3) Unbreak STP by properly reinjecting STP packets back into the
            stack.  Regression fix from Ido Schimmel.
      
         4) Mediatek driver fixes (missing malloc failure checks, leaking of
            scratch memory, wrong indexing when mapping TX buffers, etc.) from
            John Crispin.
      
         5) Fix endianness bug in icmpv6_err() handler, from Hannes Frederic
            Sowa.
      
         6) Fix hashing of flows in UDP in the ruseport case, from Xuemin Su.
      
         7) Fix netlink notifications in ovs for tunnels, delete link messages
            are never emitted because of how the device registry state is
            handled.  From Nicolas Dichtel.
      
         8) Conntrack module leaks kmemcache on unload, from Florian Westphal.
      
         9) Prevent endless jump loops in nft rules, from Liping Zhang and
            Pablo Neira Ayuso.
      
        10) Not early enough spinlock initialization in mlx4, from Eric
            Dumazet.
      
        11) Bind refcount leak in act_ipt, from Cong WANG.
      
        12) Missing RCU locking in HTB scheduler, from Florian Westphal.
      
        13) Several small MACSEC bug fixes from Sabrina Dubroca (missing RCU
            barrier, using heap for SG and IV, and erroneous use of async flag
            when allocating AEAD conext.)
      
        14) RCU handling fix in TIPC, from Ying Xue.
      
        15) Pass correct protocol down into ipv4_{update_pmtu,redirect}() in
            SIT driver, from Simon Horman.
      
        16) Socket timer deadlock fix in TIPC from Jon Paul Maloy.
      
        17) Fix potential deadlock in team enslave, from Ido Schimmel.
      
        18) Memory leak in KCM procfs handling, from Jiri Slaby.
      
        19) ESN generation fix in ipv4 ESP, from Herbert Xu.
      
        20) Fix GFP_KERNEL allocations with locks held in act_ife, from Cong
            WANG.
      
        21) Use after free in netem, from Eric Dumazet.
      
        22) Uninitialized last assert time in multicast router code, from Tom
            Goff.
      
        23) Skip raw sockets in sock_diag destruction broadcast, from Willem
            de Bruijn.
      
        24) Fix link status reporting in thunderx, from Sunil Goutham.
      
        25) Limit resegmentation of retransmit queue so that we do not
            retransmit too large GSO frames.  From Eric Dumazet.
      
        26) Delay bpf program release after grace period, from Daniel
            Borkmann"
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (141 commits)
        openvswitch: fix conntrack netlink event delivery
        qed: Protect the doorbell BAR with the write barriers.
        neigh: Explicitly declare RCU-bh read side critical section in neigh_xmit()
        e1000e: keep VLAN interfaces functional after rxvlan off
        cfg80211: fix proto in ieee80211_data_to_8023 for frames without LLC header
        qlcnic: use the correct ring in qlcnic_83xx_process_rcv_ring_diag()
        bpf, perf: delay release of BPF prog after grace period
        net: bridge: fix vlan stats continue counter
        tcp: do not send too big packets at retransmit time
        ibmvnic: fix to use list_for_each_safe() when delete items
        net: thunderx: Fix TL4 configuration for secondary Qsets
        net: thunderx: Fix link status reporting
        net/mlx5e: Reorganize ethtool statistics
        net/mlx5e: Fix number of PFC counters reported to ethtool
        net/mlx5e: Prevent adding the same vxlan port
        net/mlx5e: Check for BlueFlame capability before allocating SQ uar
        net/mlx5e: Change enum to better reflect usage
        net/mlx5: Add ConnectX-5 PCIe 4.0 to list of supported devices
        net/mlx5: Update command strings
        net: marvell: Add separate config ANEG function for Marvell 88E1111
        ...
      32826ac4
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux · 653c574a
      Linus Torvalds authored
      Pull s390 fixes from Martin Schwidefsky:
       "Another two bug fixes for 4.7:
      
         - The revert of patch which removed boot information for systems
           using an intermediate boot kernel, e.g. the SLES12 grub setup.
      
         - A fix for an incorrect inline assembly constraint that causes
           broken code to be generated with gcc 4.8.5"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
        s390: fix test_fp_ctl inline assembly contraints
        Revert "s390/kdump: Clear subchannel ID to signal non-CCW/SCSI IPL"
      653c574a
    • Linus Torvalds's avatar
      Merge tag 'pinctrl-v4.7-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl · 00bf377d
      Linus Torvalds authored
      Pull pin control fixes from Linus Walleij:
       "Here are a bunch of fixes for pin control.  Just drivers and a
        MAINTAINERS fixup:
      
         - Driver fixes for i.MX, single register, Tegra and BayTrail.
      
         - MAINTAINERS entry for the documentation"
      
      * tag 'pinctrl-v4.7-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
        pinctrl: baytrail: Fix mingled clock pins
        MAINTAINERS: belong Documentation/pinctrl.txt properly
        pinctrl: tegra: Fix build dependency
        gpio: tegra: Make lockdep class file-scoped
        pinctrl: single: Fix missing flush of posted write for a wakeirq
        pinctrl: imx: Do not treat a PIN without MUX register as an error
      00bf377d
    • Linus Torvalds's avatar
      Merge branch 'for-4.7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup · 52827f38
      Linus Torvalds authored
      Pull cgroup fixes from Tejun Heo:
       "Three fix patches.  Two are for cgroup / css init failure path.  The
        last one makes css_set_lock irq-safe as the deadline scheduler ends up
        calling put_css_set() from irq context"
      
      * 'for-4.7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup:
        cgroup: Disable IRQs while holding css_set_lock
        cgroup: set css->id to -1 during init
        cgroup: remove redundant cleanup in css_create
      52827f38
    • David S. Miller's avatar
      Merge tag 'mac80211-for-davem-2016-06-29-v2' of... · 751ad819
      David S. Miller authored
      Merge tag 'mac80211-for-davem-2016-06-29-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211
      
      Johannes Berg says:
      
      ====================
      Just two small fixes
       * fix mesh peer link counter, decrement wasn't always done at all
       * fix ethertype (length) for packets without RFC 1042 or bridge
         tunnel header
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      751ad819
    • Samuel Gauthier's avatar
      openvswitch: fix conntrack netlink event delivery · d913d3a7
      Samuel Gauthier authored
      Only the first and last netlink message for a particular conntrack are
      actually sent. The first message is sent through nf_conntrack_confirm when
      the conntrack is committed. The last one is sent when the conntrack is
      destroyed on timeout. The other conntrack state change messages are not
      advertised.
      
      When the conntrack subsystem is used from netfilter, nf_conntrack_confirm
      is called for each packet, from the postrouting hook, which in turn calls
      nf_ct_deliver_cached_events to send the state change netlink messages.
      
      This commit fixes the problem by calling nf_ct_deliver_cached_events in the
      non-commit case as well.
      
      Fixes: 7f8a436e ("openvswitch: Add conntrack action")
      CC: Joe Stringer <joestringer@nicira.com>
      CC: Justin Pettit <jpettit@nicira.com>
      CC: Andy Zhou <azhou@nicira.com>
      CC: Thomas Graf <tgraf@suug.ch>
      Signed-off-by: default avatarSamuel Gauthier <samuel.gauthier@6wind.com>
      Acked-by: default avatarJoe Stringer <joe@ovn.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d913d3a7
    • Sudarsana Reddy Kalluru's avatar
      qed: Protect the doorbell BAR with the write barriers. · 34c7bb47
      Sudarsana Reddy Kalluru authored
      SPQ doorbell is currently protected with the compilation barrier. Under the
      stress scenarios, we may get into a state where (due to the weak ordering)
      several ramrod doorbells were written to the BAR with an out-of-order
      producer values. Need to change the barrier type to a write barrier to make
      sure that the write buffer is flushed after each doorbell.
      Signed-off-by: default avatarSudarsana Reddy Kalluru <sudarsana.kalluru@qlogic.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      34c7bb47
    • David Barroso's avatar
      neigh: Explicitly declare RCU-bh read side critical section in neigh_xmit() · b560f03d
      David Barroso authored
      neigh_xmit() expects to be called inside an RCU-bh read side critical
      section, and while one of its two current callers gets this right, the
      other one doesn't.
      
      More specifically, neigh_xmit() has two callers, mpls_forward() and
      mpls_output(), and while both callers call neigh_xmit() under
      rcu_read_lock(), this provides sufficient protection for neigh_xmit()
      only in the case of mpls_forward(), as that is always called from
      softirq context and therefore doesn't need explicit BH protection,
      while mpls_output() can be called from process context with softirqs
      enabled.
      
      When mpls_output() is called from process context, with softirqs
      enabled, we can be preempted by a softirq at any time, and RCU-bh
      considers the completion of a softirq as signaling the end of any
      pending read-side critical sections, so if we do get a softirq
      while we are in the part of neigh_xmit() that expects to be run inside
      an RCU-bh read side critical section, we can end up with an unexpected
      RCU grace period running right in the middle of that critical section,
      making things go boom.
      
      This patch fixes this impedance mismatch in the callee, by making
      neigh_xmit() always take rcu_read_{,un}lock_bh() around the code that
      expects to be treated as an RCU-bh read side critical section, as this
      seems a safer option than fixing it in the callers.
      
      Fixes: 4fd3d7d9 ("neigh: Add helper function neigh_xmit")
      Signed-off-by: default avatarDavid Barroso <dbarroso@fastly.com>
      Signed-off-by: default avatarLennert Buytenhek <lbuytenhek@fastly.com>
      Acked-by: default avatarDavid Ahern <dsa@cumulusnetworks.com>
      Acked-by: default avatarRobert Shearman <rshearma@brocade.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b560f03d
    • Jarod Wilson's avatar
      e1000e: keep VLAN interfaces functional after rxvlan off · 889ad456
      Jarod Wilson authored
      I've got a bug report about an e1000e interface, where a VLAN interface is
      set up on top of it:
      
      $ ip link add link ens1f0 name ens1f0.99 type vlan id 99
      $ ip link set ens1f0 up
      $ ip link set ens1f0.99 up
      $ ip addr add 192.168.99.92 dev ens1f0.99
      
      At this point, I can ping another host on vlan 99, ip 192.168.99.91.
      However, if I do the following:
      
      $ ethtool -K ens1f0 rxvlan off
      
      Then no traffic passes on ens1f0.99. It comes back if I toggle rxvlan on
      again. I'm not sure if this is actually intended behavior, or if there's a
      lack of software VLAN stripping fallback, or what, but things continue to
      work if I simply don't call e1000e_vlan_strip_disable() if there are
      active VLANs (plagiarizing a function from the e1000 driver here) on the
      interface.
      
      Also slipped a related-ish fix to the kerneldoc text for
      e1000e_vlan_strip_disable here...
      Signed-off-by: default avatarJarod Wilson <jarod@redhat.com>
      Tested-by: default avatarAaron Brown <aaron.f.brown@intel.com>
      Signed-off-by: default avatarJeff Kirsher <jeffrey.t.kirsher@intel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      889ad456
    • Felix Fietkau's avatar
      cfg80211: fix proto in ieee80211_data_to_8023 for frames without LLC header · c041778c
      Felix Fietkau authored
      The PDU length of incoming LLC frames is set to the total skb payload size
      in __ieee80211_data_to_8023() of net/wireless/util.c which incorrectly
      includes the length of the IEEE 802.11 header.
      
      The resulting LLC frame header has a too large PDU length, causing the
      llc_fixup_skb() function of net/llc/llc_input.c to reject the incoming
      skb, effectively breaking STP.
      
      Solve the problem by properly substracting the IEEE 802.11 frame header size
      from the PDU length, allowing the LLC processor to pick up the incoming
      control messages.
      
      Special thanks to Gerry Rozema for tracking down the regression and proposing
      a suitable patch.
      
      Fixes: 2d1c304c ("cfg80211: add function for 802.3 conversion with separate output buffer")
      Cc: stable@vger.kernel.org
      Reported-by: default avatarGerry Rozema <gerryr@rozeware.com>
      Signed-off-by: default avatarFelix Fietkau <nbd@nbd.name>
      Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
      c041778c
    • Dan Carpenter's avatar
      qlcnic: use the correct ring in qlcnic_83xx_process_rcv_ring_diag() · 5b4d10f5
      Dan Carpenter authored
      There is a static checker warning here "warn: mask and shift to zero"
      and the code sets "ring" to zero every time.  From looking at how
      QLCNIC_FETCH_RING_ID() is used in qlcnic_83xx_process_rcv_ring() the
      qlcnic_83xx_hndl() should be removed.
      
      Fixes: 4be41e92 ('qlcnic: 83xx data path routines')
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5b4d10f5
    • Daniel Borkmann's avatar
      bpf, perf: delay release of BPF prog after grace period · ceb56070
      Daniel Borkmann authored
      Commit dead9f29 ("perf: Fix race in BPF program unregister") moved
      destruction of BPF program from free_event_rcu() callback to __free_event(),
      which is problematic if used with tail calls: if prog A is attached as
      trace event directly, but at the same time present in a tail call map used
      by another trace event program elsewhere, then we need to delay destruction
      via RCU grace period since it can still be in use by the program doing the
      tail call (the prog first needs to be dropped from the tail call map, then
      trace event with prog A attached destroyed, so we get immediate destruction).
      
      Fixes: dead9f29 ("perf: Fix race in BPF program unregister")
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Acked-by: default avatarAlexei Starovoitov <ast@kernel.org>
      Cc: Jann Horn <jann@thejh.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ceb56070
    • Nikolay Aleksandrov's avatar
      net: bridge: fix vlan stats continue counter · 565ce8f3
      Nikolay Aleksandrov authored
      I made a dumb off-by-one mistake when I added the vlan stats counter
      dumping code. The increment should happen before the check, not after
      otherwise we miss one entry when we continue dumping.
      
      Fixes: a60c0903 ("bridge: netlink: export per-vlan stats")
      Signed-off-by: default avatarNikolay Aleksandrov <nikolay@cumulusnetworks.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      565ce8f3
    • Eric Dumazet's avatar
      tcp: do not send too big packets at retransmit time · a3d2e9f8
      Eric Dumazet authored
      Arjun reported a bug in TCP stack and bisected it to a recent commit.
      
      In case where we process SACK, we can coalesce multiple skbs
      into fat ones (tcp_shift_skb_data()), to lower write queue
      overhead, because we do not expect to retransmit these packets.
      
      However, SACK reneging can happen, forcing the sender to retransmit
      all these packets. If skb->len is above 64KB, we then send buggy
      IP packets that could hang TSO engine on cxgb4.
      
      Neal suggested to use tcp_tso_autosize() instead of tp->gso_segs
      so that we cook packets of optimal size vs TCP/pacing.
      
      Thanks to Arjun for reporting the bug and running the tests !
      
      Fixes: 10d3be56 ("tcp-tso: do not split TSO packets at retransmit time")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarArjun V <arjun@chelsio.com>
      Tested-by: default avatarArjun V <arjun@chelsio.com>
      Acked-by: default avatarNeal Cardwell <ncardwell@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a3d2e9f8
    • Wei Yongjun's avatar
      ibmvnic: fix to use list_for_each_safe() when delete items · 96183182
      Wei Yongjun authored
      Since we will remove items off the list using list_del() we need
      to use a safe version of the list_for_each() macro aptly named
      list_for_each_safe().
      Signed-off-by: default avatarWei Yongjun <yongjun_wei@trendmicro.com.cn>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      96183182