platform/kernel/linux-rpi.git
5 years agonet: dsa: bcm_sf2: Prepare for adding CFP statistics
Florian Fainelli [Wed, 6 Feb 2019 20:45:58 +0000 (12:45 -0800)]
net: dsa: bcm_sf2: Prepare for adding CFP statistics

In preparation for adding CFP statistics, we will need to overlay the
standard B53 statistics, so create specific bcm_sf2_sw_* functions to
call into their b53_common.c counterpart.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agonet: dsa: bcm_sf2: Remove stats mutex
Florian Fainelli [Wed, 6 Feb 2019 20:45:57 +0000 (12:45 -0800)]
net: dsa: bcm_sf2: Remove stats mutex

We no longer need a dedicated statistics mutex since we leverage
b53_common for statistics now.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agonet: phy: consider latched link-down status in polling mode
Heiner Kallweit [Wed, 6 Feb 2019 18:39:52 +0000 (19:39 +0100)]
net: phy: consider latched link-down status in polling mode

The link status value latches link-down events. To get the current
status we read the register twice in genphy_update_link(). There's
a potential risk that we miss a link-down event in polling mode.
This may cause issues if the user e.g. connects his machine to a
different network.

On the other hand reading the latched value may cause issues in
interrupt mode. Following scenario:

- After boot link goes up
- phy_start() is called triggering an aneg restart, hence link goes
  down and link-down info is latched.
- After aneg has finished link goes up and triggers an interrupt.
  Interrupt handler reads link status, means it reads the latched
  "link is down" info. But there won't be another interrupt as long
  as link stays up, therefore phylib will never recognize that link
  is up.

Deal with both scenarios by reading the register twice in interrupt
mode only.

Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agonet: macb: add sam9x60-macb compatibility string
Nicolas Ferre [Wed, 6 Feb 2019 17:56:10 +0000 (18:56 +0100)]
net: macb: add sam9x60-macb compatibility string

Add a new compatibility string for this product. It's using
at91sam9260-macb layout but has a newer hardware revision: it's safer
to use its own string.

Signed-off-by: Nicolas Ferre <nicolas.ferre@microchip.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agonet/macb: bindings doc: add sam9x60 binding
Nicolas Ferre [Wed, 6 Feb 2019 17:56:09 +0000 (18:56 +0100)]
net/macb: bindings doc: add sam9x60 binding

Add the compatibility sting documentation for sam9x60 10/100 interface.

Signed-off-by: Nicolas Ferre <nicolas.ferre@microchip.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agonet/macb: bindings doc/trivial: fix documentation for sama5d3 10/100 interface
Nicolas Ferre [Wed, 6 Feb 2019 17:56:08 +0000 (18:56 +0100)]
net/macb: bindings doc/trivial: fix documentation for sama5d3 10/100 interface

This removes a line left while adding the correct compatibility string for
sama5d3 10/100 interface. Now use the "atmel,sama5d3-macb" string.

Signed-off-by: Nicolas Ferre <nicolas.ferre@microchip.com>
Reviewed-by: Rob Herring <robh@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agoMerge branch 'mlxsw-Implement-periodic-ERP-rehash'
David S. Miller [Fri, 8 Feb 2019 23:02:50 +0000 (15:02 -0800)]
Merge branch 'mlxsw-Implement-periodic-ERP-rehash'

Ido Schimmel says:

====================
mlxsw: Implement periodic ERP rehash

Currently, an ERP set is created for each region according to rules
inserted and order of their insertion. However that might lead to
suboptimal ERP sets and possible unnecessary spillage into C-TCAM.
This patchset aims to fix this problem and introduces periodical checking
of used ERP sets and in case a better ERP set is possible for the given
set of rules, it rehashes the region to use the better ERP set.

Patch 1 prepares devlink params infra in order to fix the
        init/fini sequences.
Patch 2 implements hints infra in objagg library.
Patch 3 fixes a typo
Patch 4 adds number of root objects directly into objagg stats.
Patches 5-7 do split of multiple structs in Spectrum TCAM code.
Patch 8 introduces initial implementation of ERP rehash logic,
         according to objagg hints.
Patch 9 adds hints priv passing trought the layers.
Patch 10 adds multi field into PAGT reg. (new patch)
Patch 11 implements actual region rules migration in TCAM code.
Patch 12 adds a devlink param so user is able to control
         rehash interval.
Patch 13 adds couple of tracepoints in order to track
         rehash procedures.
Patch 14 adds a simple selftest to test region rehash.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agoselftests: mlxsw: spectrum-2: Add simple delta rehash test
Jiri Pirko [Thu, 7 Feb 2019 11:22:57 +0000 (11:22 +0000)]
selftests: mlxsw: spectrum-2: Add simple delta rehash test

Track the basic codepaths of delta rehash handling,
using mlxsw tracepoints.

Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agomlxsw: spectrum_acl: Add couple of vregion rehash tracepoints
Jiri Pirko [Thu, 7 Feb 2019 11:22:55 +0000 (11:22 +0000)]
mlxsw: spectrum_acl: Add couple of vregion rehash tracepoints

As vregion rehash is happening in delayed work, add some visibility to
the process using a few tracepoints.

Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agomlxsw: spectrum: add "acl_region_rehash_interval" devlink param
Jiri Pirko [Thu, 7 Feb 2019 11:22:55 +0000 (11:22 +0000)]
mlxsw: spectrum: add "acl_region_rehash_interval" devlink param

Expose new driver-specific "acl_region_rehash_interval" devlink param
which would allow user to alter default ACL region rehash interval.

Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agomlxsw: spectrum_acl: Implement region migration according to hints
Jiri Pirko [Thu, 7 Feb 2019 11:22:54 +0000 (11:22 +0000)]
mlxsw: spectrum_acl: Implement region migration according to hints

If the hints are returned, the migration should be started. For that to
happen, there is a need to create a second physical region in TCAM with
new ERP set by passing the hints and then move chunk by chunk,
entry by entry.

During the transition, two lookups will occur. One in old region and
another in new region. The highest priority rule will be chosen.

In an unlikely case that the migration will fail and also rollback to
original region will fail the vregion will become in bad state.
Everything will work, only no future rehash will be possible. In a
follow-up work, this can be resolved by trying to resume the rollback
in delayed work and repair the vregion.

Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agomlxsw: reg: Add multi field to PAGT register
Jiri Pirko [Thu, 7 Feb 2019 11:22:53 +0000 (11:22 +0000)]
mlxsw: reg: Add multi field to PAGT register

For Spectrum-2 this allows parallel lookups in multiple regions.

Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agomlxsw: spectrum_acl: Pass hints priv all the way to ERP code
Jiri Pirko [Thu, 7 Feb 2019 11:22:52 +0000 (11:22 +0000)]
mlxsw: spectrum_acl: Pass hints priv all the way to ERP code

The hints priv comes from ERP code and it is possible to obtain it from
TCAM code. Add arg to appropriate functions so the hints
priv could be passed back down to ERP code. Pass NULL now as the
follow-up patches would pass an actual hints priv pointer.

Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agomlxsw: spectrum_acl: Implement basic ERP rehash hits creation
Jiri Pirko [Thu, 7 Feb 2019 11:22:51 +0000 (11:22 +0000)]
mlxsw: spectrum_acl: Implement basic ERP rehash hits creation

Introduce an initial implementation of rehash logic in ERP code.
Currently, the rehash is considered as needed only in case number of
roots in the hints is smaller than the number of roots actually in use.
In that case return hints pointer and let it be obtained through the
callpath through the Spectrum-2 TCAM op.

Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agomlxsw: spectrum_acl: Split entry struct into entry and ventry
Jiri Pirko [Thu, 7 Feb 2019 11:22:50 +0000 (11:22 +0000)]
mlxsw: spectrum_acl: Split entry struct into entry and ventry

Do the split of entry struct so the new entry struct is related to the
actual HW entry, whereas ventry struct is a SW abstration of that.
This split prepares possibility for ventry to hold 2 HW entries which
is needed for region ERP rehash flow.

Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agomlxsw: spectrum_acl: Split chunk struct into chunk and vchunk
Jiri Pirko [Thu, 7 Feb 2019 11:22:49 +0000 (11:22 +0000)]
mlxsw: spectrum_acl: Split chunk struct into chunk and vchunk

Do the split of chunk struct so the new chunk struct is related to the
actual HW chunk (differs between Spectrum and Spectrum-2),
whereas vchunk struct is a SW abstraction of that. This split
prepares possibility for vchunk to hold 2 HW chunks which is needed
for region ERP rehash flow.

Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agomlxsw: spectrum_acl: Split region struct into region and vregion
Jiri Pirko [Thu, 7 Feb 2019 11:22:48 +0000 (11:22 +0000)]
mlxsw: spectrum_acl: Split region struct into region and vregion

Do the split of region struct so the new region struct is related to the
actual HW region, whereas vregion struct is a SW abstration of that.
This split prepares possibility for vregion to hold 2 HW regions which
is needed for region ERP rehash flow.

Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agolib: objagg: add root count to stats
Jiri Pirko [Thu, 7 Feb 2019 11:22:47 +0000 (11:22 +0000)]
lib: objagg: add root count to stats

Count number of roots and add it to stats. It is handy for the library
user to have this stats available as it can act upon it without
counting roots itself.

Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agolib: objagg: implement optimization hints assembly and use hints for object creation
Jiri Pirko [Thu, 7 Feb 2019 11:22:46 +0000 (11:22 +0000)]
lib: objagg: implement optimization hints assembly and use hints for object creation

Implement simple greedy algo to find more optimized root-delta tree for
a given objagg instance. This "hints" can be used by a driver to:
1) check if the hints are better (driver's choice) than the original
   objagg tree. Driver does comparison of objagg stats and hints stats.
2) use the hints to create a new objagg instance which will construct
   the root-delta tree according to the passed hints. Currently, only a
   simple greedy algorithm is implemented. Basically it finds the roots
   according to the maximal possible user count including deltas.

Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agolib: objagg: fix typo in objagg_stats_put() docstring
Jiri Pirko [Thu, 7 Feb 2019 11:22:46 +0000 (11:22 +0000)]
lib: objagg: fix typo in objagg_stats_put() docstring

Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agodevlink: publish params only after driver init is done
Jiri Pirko [Thu, 7 Feb 2019 11:22:45 +0000 (11:22 +0000)]
devlink: publish params only after driver init is done

Currently, user can do dump or get of param values right after the
devlink params are registered. However the driver may not be initialized
which is an issue. The same problem happens during notification
upon param registration. Allow driver to publish devlink params
whenever it is ready to handle get() ops. Note that this cannot
be resolved by init reordering, as the "driverinit" params have
to be available before the driver is initialized (it needs the param
values there).

Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Cc: Michael Chan <michael.chan@broadcom.com>
Cc: Tariq Toukan <tariqt@mellanox.com>
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
David S. Miller [Fri, 8 Feb 2019 23:00:17 +0000 (15:00 -0800)]
Merge git://git./linux/kernel/git/davem/net

An ipvlan bug fix in 'net' conflicted with the abstraction away
of the IPV6 specific support in 'net-next'.

Similarly, a bug fix for mlx5 in 'net' conflicted with the flow
action conversion in 'net-next'.

Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agoxen-netback: mark expected switch fall-through
Gustavo A. R. Silva [Fri, 8 Feb 2019 19:58:38 +0000 (13:58 -0600)]
xen-netback: mark expected switch fall-through

In preparation to enabling -Wimplicit-fallthrough, mark switch
cases where we are expecting to fall through.

Warning level 3 was used: -Wimplicit-fallthrough=3

This patch is part of the ongoing efforts to enabling
-Wimplicit-fallthrough.

Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agonet: wimax/i2400m: mark expected switch fall-through
Gustavo A. R. Silva [Fri, 8 Feb 2019 19:16:47 +0000 (13:16 -0600)]
net: wimax/i2400m: mark expected switch fall-through

In preparation to enabling -Wimplicit-fallthrough, mark switch
cases where we are expecting to fall through.

Warning level 3 was used: -Wimplicit-fallthrough=3

This patch is part of the ongoing efforts to enabling
-Wimplicit-fallthrough.

Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agonet: fddi: skfp: Mark expected switch fall-through
Gustavo A. R. Silva [Fri, 8 Feb 2019 19:14:12 +0000 (13:14 -0600)]
net: fddi: skfp: Mark expected switch fall-through

In preparation to enabling -Wimplicit-fallthrough, mark switch
cases where we are expecting to fall through.

Warning level 3 was used: -Wimplicit-fallthrough=3

This patch is part of the ongoing efforts to enabling
-Wimplicit-fallthrough.

Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agonet: usb: rtl8150: mark expected switch fall-through
Gustavo A. R. Silva [Fri, 8 Feb 2019 19:09:06 +0000 (13:09 -0600)]
net: usb: rtl8150: mark expected switch fall-through

In preparation to enabling -Wimplicit-fallthrough, mark switch
cases where we are expecting to fall through.

Warning level 3 was used: -Wimplicit-fallthrough=3

This patch is part of the ongoing efforts to enabling
-Wimplicit-fallthrough.

Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agonet: usb: pegasus: Mark expected switch fall-through
Gustavo A. R. Silva [Fri, 8 Feb 2019 19:07:29 +0000 (13:07 -0600)]
net: usb: pegasus: Mark expected switch fall-through

In preparation to enabling -Wimplicit-fallthrough, mark switch
cases where we are expecting to fall through.

Warning level 3 was used: -Wimplicit-fallthrough=3

This patch is part of the ongoing efforts to enabling
-Wimplicit-fallthrough.

Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agonet: appletalk: cops: mark expected switch fall-through
Gustavo A. R. Silva [Fri, 8 Feb 2019 18:53:56 +0000 (12:53 -0600)]
net: appletalk: cops: mark expected switch fall-through

In preparation to enabling -Wimplicit-fallthrough, mark switch
cases where we are expecting to fall through.

Notice that, in this particular case, the fall-through annotation
is placed at the beginning of the code comment, which is what
GCC is expecting to find.

Warning level 3 was used: -Wimplicit-fallthrough=3

This patch is part of the ongoing efforts to enabling
-Wimplicit-fallthrough.

Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agoveth: Mark expected switch fall-throughs
Gustavo A. R. Silva [Fri, 8 Feb 2019 18:37:33 +0000 (12:37 -0600)]
veth: Mark expected switch fall-throughs

In preparation to enabling -Wimplicit-fallthrough, mark switch
cases where we are expecting to fall through.

Warning level 3 was used: -Wimplicit-fallthrough=3

This patch is part of the ongoing efforts to enabling
-Wimplicit-fallthrough.

Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agonfp: flower: remove unused index from nfp_fl_pedit()
Pablo Neira Ayuso [Fri, 8 Feb 2019 16:41:13 +0000 (17:41 +0100)]
nfp: flower: remove unused index from nfp_fl_pedit()

Static checker warning complains on uninitialized variable:

        drivers/net/ethernet/netronome/nfp/flower/action.c:618 nfp_fl_pedit()
        error: uninitialized symbol 'idx'.

Which is actually never used from the functions that take it as
parameter. Remove it.

Fixes: 738678817573 ("drivers: net: use flow action infrastructure")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agosfc: add bundle partition definitions to mtd
Paul Fox [Fri, 8 Feb 2019 16:25:37 +0000 (16:25 +0000)]
sfc: add bundle partition definitions to mtd

Signed-off-by: Paul Fox <pfox@solarflare.com>
Signed-off-by: Bert Kenward <bkenward@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Linus Torvalds [Fri, 8 Feb 2019 19:21:54 +0000 (11:21 -0800)]
Merge git://git./linux/kernel/git/davem/net

Pull networking fixes from David Miller:
 "This pull request is dedicated to the upcoming snowpocalypse parts 2
  and 3 in the Pacific Northwest:

   1) Drop profiles are broken because some drivers use dev_kfree_skb*
      instead of dev_consume_skb*, from Yang Wei.

   2) Fix IWLWIFI kconfig deps, from Luca Coelho.

   3) Fix percpu maps updating in bpftool, from Paolo Abeni.

   4) Missing station release in batman-adv, from Felix Fietkau.

   5) Fix some networking compat ioctl bugs, from Johannes Berg.

   6) ucc_geth must reset the BQL queue state when stopping the device,
      from Mathias Thore.

   7) Several XDP bug fixes in virtio_net from Toshiaki Makita.

   8) TSO packets must be sent always on queue 0 in stmmac, from Jose
      Abreu.

   9) Fix socket refcounting bug in RDS, from Eric Dumazet.

  10) Handle sparse cpu allocations in bpf selftests, from Martynas
      Pumputis.

  11) Make sure mgmt frames have enough tailroom in mac80211, from Felix
      Feitkau.

  12) Use safe list walking in sctp_sendmsg() asoc list traversal, from
      Greg Kroah-Hartman.

  13) Make DCCP's ccid_hc_[rt]x_parse_options always check for NULL
      ccid, from Eric Dumazet.

  14) Need to reload WoL password into bcmsysport device after deep
      sleeps, from Florian Fainelli.

  15) Remove filter from mask before freeing in cls_flower, from Petr
      Machata.

  16) Missing release and use after free in error paths of s390 qeth
      code, from Julian Wiedmann.

  17) Fix lockdep false positive in dsa code, from Marc Zyngier.

  18) Fix counting of ATU violations in mv88e6xxx, from Andrew Lunn.

  19) Fix EQ firmware assert in qed driver, from Manish Chopra.

  20) Don't default Caivum PTP to Y in kconfig, from Bjorn Helgaas"

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (116 commits)
  net: dsa: b53: Fix for failure when irq is not defined in dt
  sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach()
  geneve: should not call rt6_lookup() when ipv6 was disabled
  net: Don't default Cavium PTP driver to 'y'
  net: broadcom: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles
  net: via-velocity: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles
  net: tehuti: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles
  net: sun: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles
  net: fsl_ucc_hdlc: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles
  net: fec_mpc52xx: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles
  net: smsc: epic100: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles
  net: dscc4: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles
  net: tulip: de2104x: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles
  net: defxx: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles
  net/mlx5e: Don't overwrite pedit action when multiple pedit used
  net/mlx5e: Update hw flows when encap source mac changed
  qed*: Advance drivers version to 8.37.0.20
  qed: Change verbosity for coalescing message.
  qede: Fix system crash on configuring channels.
  qed: Consider TX tcs while deriving the max num_queues for PF.
  ...

5 years agoipvlan: decouple l3s mode dependencies from other modes
Daniel Borkmann [Fri, 8 Feb 2019 12:55:31 +0000 (13:55 +0100)]
ipvlan: decouple l3s mode dependencies from other modes

Right now ipvlan has a hard dependency on CONFIG_NETFILTER and
otherwise it cannot be built. However, the only ipvlan operation
mode that actually depends on netfilter is l3s, everything else
is independent of it. Break this hard dependency such that users
are able to use ipvlan l3 mode on systems where netfilter is not
compiled in.

Therefore, this adds a hidden CONFIG_IPVLAN_L3S bool which is
defaulting to y when CONFIG_NETFILTER is set in order to retain
existing behavior for l3s. All l3s related code is refactored
into ipvlan_l3s.c that is compiled in when enabled.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Cc: Mahesh Bandewar <maheshb@google.com>
Cc: Florian Westphal <fw@strlen.de>
Cc: Martynas Pumputis <m@lambda.lt>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agoMerge tag 'char-misc-5.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh...
Linus Torvalds [Fri, 8 Feb 2019 18:56:31 +0000 (10:56 -0800)]
Merge tag 'char-misc-5.0-rc6' of git://git./linux/kernel/git/gregkh/char-misc

Pull char/misc fixes from Greg KH:
 "Here are some small char and misc driver fixes for 5.0-rc6.

  Nothing huge here, some more binderfs fixups found as people use it,
  and there is a "large" selftest added to validate the binderfs code,
  which makes up the majority of this pull request.

  There's also some small mei and mic fixes to resolve some reported
  issues.

  All of these have been in linux-next for over a week with no reported
  issues"

* tag 'char-misc-5.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
  mic: vop: Fix crash on remove
  mic: vop: Fix use-after-free on remove
  binderfs: remove separate device_initcall()
  fpga: stratix10-soc: fix wrong of_node_put() in init function
  mic: vop: Fix broken virtqueues
  mei: free read cb on ctrl_wr list flush
  samples: mei: use /dev/mei0 instead of /dev/mei
  mei: me: add ice lake point device id.
  binderfs: respect limit on binder control creation
  binder: fix CONFIG_ANDROID_BINDER_DEVICES
  selftests: add binderfs selftests

5 years agoMerge tag 'driver-core-5.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git...
Linus Torvalds [Fri, 8 Feb 2019 18:53:44 +0000 (10:53 -0800)]
Merge tag 'driver-core-5.0-rc6' of git://git./linux/kernel/git/gregkh/driver-core

Pull driver core fixes from Greg KH:
 "Here are some driver core fixes for 5.0-rc6.

  Well, not so much "driver core" as "debugfs". There's a lot of
  outstanding debugfs cleanup patches coming in through different
  subsystem trees, and in that process the debugfs core was found that
  it really should return errors when something bad happens, to prevent
  random files from showing up in the root of debugfs afterward. So
  debugfs was fixed up to handle this properly, and then two fixes for
  the relay and blk-mq code was needed as it was making invalid
  assumptions about debugfs return values.

  There's also a cacheinfo fix in here that resolves a tiny issue.

  All of these have been in linux-next for over a week with no reported
  problems"

* tag 'driver-core-5.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
  blk-mq: protect debugfs_create_files() from failures
  relay: check return of create_buf_file() properly
  debugfs: debugfs_lookup() should return NULL if not found
  debugfs: return error values, not NULL
  debugfs: fix debugfs_rename parameter checking
  cacheinfo: Keep the old value if of_property_read_u32 fails

5 years agoMerge tag 'staging-5.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh...
Linus Torvalds [Fri, 8 Feb 2019 18:51:59 +0000 (10:51 -0800)]
Merge tag 'staging-5.0-rc6' of git://git./linux/kernel/git/gregkh/staging

Pull staging/IIO driver fixes from Greg KH:
 "Here are some small iio and staging driver fixes for 5.0-rc6.

  Nothing big, just resolve some reported IIO driver issues, and one
  staging driver bug. One staging driver patch was added and then
  reverted as well.

  All of these have been in linux-next for a while with no reported
  issues"

* tag 'staging-5.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
  Revert "staging: erofs: keep corrupted fs from crashing kernel in erofs_namei()"
  staging: erofs: keep corrupted fs from crashing kernel in erofs_namei()
  staging: octeon: fix broken phylib usage
  iio: ti-ads8688: Update buffer allocation for timestamps
  tools: iio: iio_generic_buffer: make num_loops signed
  iio: adc: axp288: Fix TS-pin handling
  iio: chemical: atlas-ph-sensor: correct IIO_TEMP values to millicelsius

5 years agoMerge tag 'tty-5.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty
Linus Torvalds [Fri, 8 Feb 2019 18:49:55 +0000 (10:49 -0800)]
Merge tag 'tty-5.0-rc6' of git://git./linux/kernel/git/gregkh/tty

Pull tty/serial fixes from Greg KH:
 "Here are some small tty and serial fixes for 5.0-rc6.

  Nothing huge, just a few small fixes for reported issues. The speakup
  fix is in here as it is a tty operation issue.

  All of these have been in linux-next for a while with no reported
  problems"

* tag 'tty-5.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
  serial: fix race between flush_to_ldisc and tty_open
  staging: speakup: fix tty-operation NULL derefs
  serial: sh-sci: Do not free irqs that have already been freed
  serial: 8250_pci: Make PCI class test non fatal
  tty: serial: 8250_mtk: Fix potential NULL pointer dereference

5 years agoMerge tag 'usb-5.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
Linus Torvalds [Fri, 8 Feb 2019 18:48:26 +0000 (10:48 -0800)]
Merge tag 'usb-5.0-rc6' of git://git./linux/kernel/git/gregkh/usb

Pull USB fixes from Grek KH:
 "Here are some small USB fixes for 5.0-rc6.

  Nothing huge, the normal amount of USB gadget fixes as well as some
  USB phy fixes. There's also a typec fix as well. Full details are in
  the shortlog.

  All of these have been in linux-next for a while with no reported
  issues"

* tag 'usb-5.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
  usb: typec: tcpm: Correct the PPS out_volt calculation
  usb: gadget: musb: fix short isoc packets with inventra dma
  usb: phy: am335x: fix race condition in _probe
  usb: dwc3: exynos: Fix error handling of clk_prepare_enable
  usb: phy: fix link errors
  usb: gadget: udc: net2272: Fix bitwise and boolean operations
  usb: dwc3: gadget: Handle 0 xfer length for OUT EP

5 years agoMerge tag 'xfs-5.0-fixes-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux
Linus Torvalds [Fri, 8 Feb 2019 18:46:14 +0000 (10:46 -0800)]
Merge tag 'xfs-5.0-fixes-1' of git://git./fs/xfs/xfs-linux

Pull xfs fixes from Darrick Wong:
 "Here are a handful of XFS fixes to fix a data corruption problem, a
  crasher bug, and a deadlock.

  Summary:

   - Fix cache coherency problem with writeback mappings

   - Fix buffer deadlock when shutting fs down

   - Fix a null pointer dereference when running online repair"

* tag 'xfs-5.0-fixes-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
  xfs: set buffer ops when repair probes for btree type
  xfs: end sync buffer I/O properly on shutdown error
  xfs: eof trim writeback mapping as soon as it is cached

5 years agoMerge tag 'drm-fixes-2019-02-08' of git://anongit.freedesktop.org/drm/drm
Linus Torvalds [Fri, 8 Feb 2019 18:43:15 +0000 (10:43 -0800)]
Merge tag 'drm-fixes-2019-02-08' of git://anongit.freedesktop.org/drm/drm

Pull drm fixes from Dave Airlie:
 "Missed fixes last week as had nothing until amdgpu showed up on
  Saturday. Other stuff has since rolled in along with some more amdgpu
  fixes, so we have two weeks of those, and some i915, vmwgfx, sun4i,
  rockchip and omap fixes.

  amdgpu/radeon:
   - fix crash on passthrough for SI
   - fencing fix for shared buffers
   - APU hwmon fix
   - API powerplay fix
   - eDP freesync fix
   - PASID mgr locking fix
   - KFD warning fix
   - DC/powerplay fix
   - raven revision ids fix
   - vega20 doorbell fix

  i915:
   - SNB display fix
   - SKL srckey mask fix
   - ICL DDI clock selection fix

  vmwgfx:
   - DMA API fix
   - IOMMU detection fix
   - display fixes

  sun4i:
   - tcon clock fix

  rockchip:
   - SPDX identifier fix

  omap:
   - DSI fixes"

* tag 'drm-fixes-2019-02-08' of git://anongit.freedesktop.org/drm/drm: (28 commits)
  drm/omap: dsi: Hack-fix DSI bus flags
  drm/omap: dsi: Fix OF platform depopulate
  drm/omap: dsi: Fix crash in DSI debug dumps
  drm/i915: Try to sanitize bogus DPLL state left over by broken SNB BIOSen
  drm/amd/display: Attach VRR properties for eDP connectors
  drm/amdkfd: Fix if preprocessor statement above kfd_fill_iolink_info_for_cpu
  drm/amdgpu: use spin_lock_irqsave to protect vm_manager.pasid_idr
  drm/i915: always return something on DDI clock selection
  drm/i915: Fix skl srckey mask bits
  drm/vmwgfx: Improve on IOMMU detection
  drm/vmwgfx: Fix setting of dma masks
  drm/vmwgfx: Also check for crtc status while checking for DU active
  drm/vmwgfx: Fix an uninitialized fence handle value
  drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user
  drm/sun4i: tcon: Prepare and enable TCON channel 0 clock at init
  drm/amdgpu: fix the incorrect external id for raven series
  drm/amdgpu: Implement doorbell self-ring for NBIO 7.4
  drm/amd/display: Fix fclk idle state
  drm/amdgpu: Transfer fences to dmabuf importer
  drm/amd/powerplay: Fix missing break in switch
  ...

5 years agonet: dsa: b53: Fix for failure when irq is not defined in dt
Arun Parameswaran [Fri, 8 Feb 2019 00:01:18 +0000 (16:01 -0800)]
net: dsa: b53: Fix for failure when irq is not defined in dt

Fixes the issues with non BCM58XX chips in the b53 driver
failing, when the irq is not specified in the device tree.

Removed the check for BCM58XX in b53_srab_prepare_irq(),
so the 'port->irq' will be set to '-EXIO' if the irq is not
specified in the device tree.

Fixes: 16994374a6fc ("net: dsa: b53: Make SRAB driver manage port interrupts")
Fixes: b2ddc48a81b5 ("net: dsa: b53: Do not fail when IRQ are not initialized")
Signed-off-by: Arun Parameswaran <arun.parameswaran@broadcom.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agonet: phy: let genphy_c45_read_link manage the devices to check
Heiner Kallweit [Thu, 7 Feb 2019 20:41:46 +0000 (21:41 +0100)]
net: phy: let genphy_c45_read_link manage the devices to check

Let genphy_c45_read_link manage the devices to check, this removes
overhead from callers. Add C22EXT to the list of excluded devices
because it doesn't implement the status register. According to the
802.3 clause 45 spec registers 29.0 - 29.4 are reserved.

At the moment we have very few clause 45 PHY drivers, so we are
lacking experience whether other drivers will have to exclude further
devices, or may need to check PHY XS. If we should figure out that
list of devices to check needs to be configurable, I think best will
be to add a device list member to struct phy_driver.

v2:
- adjusted commit message
- exclude also device C22EXT from link checking

Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agonet: fixed-phy: Add fixed_phy_register_with_gpiod() API
Moritz Fischer [Thu, 7 Feb 2019 17:52:10 +0000 (09:52 -0800)]
net: fixed-phy: Add fixed_phy_register_with_gpiod() API

Add fixed_phy_register_with_gpiod() API. It lets users create a
fixed_phy instance that uses a GPIO descriptor which was obtained
externally e.g. through platform data.
This enables platform devices (non-DT based) to use GPIOs for link
status.

Signed-off-by: Moritz Fischer <mdf@kernel.org>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agoMerge branch 'Add-comphy-support-for-Armada-38x'
David S. Miller [Fri, 8 Feb 2019 02:10:26 +0000 (18:10 -0800)]
Merge branch 'Add-comphy-support-for-Armada-38x'

Russell King says:

====================
Add comphy support for Armada 38x

This series adds support for the comphy for Armada 38x, which allows
these SoCs to use 2500BASE-X mode with appropriate SFP modules.

Tested on SolidRun Clearfog after updating for the 5.0 merge window
changes.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agoARM: dts: clearfog: add comphy settings for Ethernet interfaces
Russell King [Thu, 7 Feb 2019 16:19:31 +0000 (16:19 +0000)]
ARM: dts: clearfog: add comphy settings for Ethernet interfaces

Add the comphy settings for the Ethernet interfaces.

Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agonet: marvell: neta: add comphy support
Russell King [Thu, 7 Feb 2019 16:19:26 +0000 (16:19 +0000)]
net: marvell: neta: add comphy support

Add support for the common phy binding, so that we can reconfigure the
comphy according to the desired ethernet speed.  This will allow us to
support 1000base-X and 2500base-X SFPs dynamically on SolidRun Clearfog.

Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agodt-bindings: net: mvneta: add phys property
Russell King [Thu, 7 Feb 2019 16:19:21 +0000 (16:19 +0000)]
dt-bindings: net: mvneta: add phys property

Add an optional phys property to the mvneta binding documentation for
the common phy.

Reviewed-by: Rob Herring <robh@kernel.org>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agoARM: dts: add description for Armada 38x common phy
Russell King [Thu, 7 Feb 2019 16:19:15 +0000 (16:19 +0000)]
ARM: dts: add description for Armada 38x common phy

Add the DT description for the Armada 38x common phy.

Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agophy: armada38x: add common phy support
Russell King [Thu, 7 Feb 2019 16:19:10 +0000 (16:19 +0000)]
phy: armada38x: add common phy support

Add support for the Armada 38x common phy to allow us to change the
speed of the Ethernet serdes lane.  This driver only supports
manipulation of the speed, it does not support configuration of the
common phy.

Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agodt-bindings: phy: Armada 38x common phy bindings
Russell King [Thu, 7 Feb 2019 16:19:05 +0000 (16:19 +0000)]
dt-bindings: phy: Armada 38x common phy bindings

Add the Marvell Armada 38x common phy bindings.

Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agoMerge branch 'smc-next'
David S. Miller [Fri, 8 Feb 2019 02:06:19 +0000 (18:06 -0800)]
Merge branch 'smc-next'

Ursula Braun says:

====================
net/smc: patches 2019-02-07

here are patches for SMC:
* patches 1, 3, and 6 are cleanups without functional change
* patch 2 postpones closing of internal clcsock
* patches 4 and 5 improve link group creation locking
* patch 7 restores AF_SMC as diag_family field
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agonet/smc: original socket family in inet_sock_diag
Karsten Graul [Thu, 7 Feb 2019 14:56:20 +0000 (15:56 +0100)]
net/smc: original socket family in inet_sock_diag

Commit ed75986f4aae ("net/smc: ipv6 support for smc_diag.c") changed the
value of the diag_family field. The idea was to indicate the family of
the IP address in the inet_diag_sockid field. But the change makes it
impossible to distinguish an inet_sock_diag response message from SMC
sock_diag response. This patch restores the original behaviour and sends
AF_SMC as value of the diag_family field.

Fixes: ed75986f4aae ("net/smc: ipv6 support for smc_diag.c")
Reported-by: Eugene Syromiatnikov <esyr@redhat.com>
Signed-off-by: Karsten Graul <kgraul@linux.ibm.com>
Signed-off-by: Ursula Braun <ubraun@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agonet/smc: move code to clear the conn->lgr field
Karsten Graul [Thu, 7 Feb 2019 14:56:19 +0000 (15:56 +0100)]
net/smc: move code to clear the conn->lgr field

The lgr field of an smc_connection is set in smc_conn_create() and
should be cleared in smc_conn_free() for consistency reasons, so move
the responsible code.

Signed-off-by: Karsten Graul <kgraul@linux.ibm.com>
Signed-off-by: Ursula Braun <ubraun@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agonet/smc: use client and server LGR pending locks for SMC-R
Hans Wippel [Thu, 7 Feb 2019 14:56:18 +0000 (15:56 +0100)]
net/smc: use client and server LGR pending locks for SMC-R

If SMC client and server connections are both established at the same
time, smc_connect_rdma() cannot send a CLC confirm message while
smc_listen_work() is waiting for one due to lock contention. This can
result in timeouts in smc_clc_wait_msg() and failed SMC connections.

In case of SMC-R, there are two types of LGRs (client and server LGRs)
which can be protected by separate locks. So, this patch splits the LGR
pending lock into two separate locks for client and server to avoid the
locking issue for SMC-R.

Signed-off-by: Hans Wippel <hwippel@linux.ibm.com>
Signed-off-by: Ursula Braun <ubraun@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agonet/smc: unlock LGR pending lock earlier for SMC-D
Hans Wippel [Thu, 7 Feb 2019 14:56:17 +0000 (15:56 +0100)]
net/smc: unlock LGR pending lock earlier for SMC-D

If SMC client and server connections are both established at the same
time, smc_connect_ism() cannot send a CLC confirm message while
smc_listen_work() is waiting for one due to lock contention. This can
result in timeouts in smc_clc_wait_msg() and failed SMC connections.

In case of SMC-D, the LGR pending lock is not needed while
smc_listen_work() is waiting for the CLC confirm message. So, this patch
releases the lock earlier for SMC-D to avoid the locking issue.

Signed-off-by: Hans Wippel <hwippel@linux.ibm.com>
Signed-off-by: Ursula Braun <ubraun@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agonet/smc: use smc_curs_copy() for SMC-D
Ursula Braun [Thu, 7 Feb 2019 14:56:16 +0000 (15:56 +0100)]
net/smc: use smc_curs_copy() for SMC-D

SMC already provides a wrapper for atomic64 calls to be
architecture independent. Use this wrapper for SMC-D as well.

Reported-by: Jens Remus <jremus@linux.ibm.com>
Signed-off-by: Ursula Braun <ubraun@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agonet/smc: postpone release of clcsock
Ursula Braun [Thu, 7 Feb 2019 14:56:15 +0000 (15:56 +0100)]
net/smc: postpone release of clcsock

According to RFC7609 (http://www.rfc-editor.org/info/rfc7609)
first the SMC-R connection is shut down and then the normal TCP
connection FIN processing drives cleanup of the internal TCP connection.
The unconditional release of the clcsock during active socket closing
has to be postponed if the peer has not yet signalled socket closing.

Signed-off-by: Ursula Braun <ubraun@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agos390/net: move pnet constants
Ursula Braun [Thu, 7 Feb 2019 14:56:14 +0000 (15:56 +0100)]
s390/net: move pnet constants

There is no need to define these PNETID related constants in
the pnet.h file, since they are just used locally within pnet.c.
Just code cleanup, no functional change.

Signed-off-by: Ursula Braun <ubraun@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agoMerge tag 'drm-misc-fixes-2019-02-07' of git://anongit.freedesktop.org/drm/drm-misc...
Dave Airlie [Fri, 8 Feb 2019 00:32:47 +0000 (10:32 +1000)]
Merge tag 'drm-misc-fixes-2019-02-07' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes

drm-misc-fixes for v5.0-rc6:
- Fixes to omap/dsi encoder.
- Clock fix for sun4i.
- Licensing header fix for rockchip.
- Fix division by zero in the mode when trying to set a mode on
  i915 with GVT-g enabled.

Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/84462cef-609f-e2af-084a-f9fe2b05c53e@linux.intel.com
5 years agoMerge tag 'drm-intel-fixes-2019-02-07-1' of git://anongit.freedesktop.org/drm/drm...
Dave Airlie [Fri, 8 Feb 2019 00:30:29 +0000 (10:30 +1000)]
Merge tag 'drm-intel-fixes-2019-02-07-1' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes

drm/i915 fixes for v5.0-rc6:
- SNB DPLL sanitize
- ICL DDI clock selection
- SLK srckey mask

Signed-off-by: Dave Airlie <airlied@redhat.com>
From: Jani Nikula <jani.nikula@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/87lg2s6nur.fsf@intel.com
5 years agoMerge tag 'platform-drivers-x86-v5.0-2' of git://git.infradead.org/linux-platform...
Linus Torvalds [Thu, 7 Feb 2019 22:54:45 +0000 (15:54 -0700)]
Merge tag 'platform-drivers-x86-v5.0-2' of git://git.infradead.org/linux-platform-drivers-x86

Pull x86 platform driver fixlet from Darren Hart:
 "Correct Documentation/ABI 4.21 KernelVersion to 5.0"

* tag 'platform-drivers-x86-v5.0-2' of git://git.infradead.org/linux-platform-drivers-x86:
  Documentation/ABI: Correct mlxreg-io KernelVersion for 5.0

5 years agoMerge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Linus Torvalds [Thu, 7 Feb 2019 22:53:26 +0000 (15:53 -0700)]
Merge tag 'for-linus' of git://git./virt/kvm/kvm

Pull KVM fixes from Paolo Bonzini:
 "Three security fixes"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221)
  KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222)
  kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974)

5 years agoMerge tag 'nfsd-5.0-1' of git://linux-nfs.org/~bfields/linux
Linus Torvalds [Thu, 7 Feb 2019 22:44:45 +0000 (15:44 -0700)]
Merge tag 'nfsd-5.0-1' of git://linux-nfs.org/~bfields/linux

Pull nfsd fixes from Bruce Fields:
 "Two small nfsd bugfixes for 5.0, for an RDMA bug and a file clone bug"

* tag 'nfsd-5.0-1' of git://linux-nfs.org/~bfields/linux:
  svcrdma: Remove max_sge check at connect time
  nfsd: Fix error return values for nfsd4_clone_file_range()

5 years agoMerge tag 'for-5.0/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/devic...
Linus Torvalds [Thu, 7 Feb 2019 22:42:43 +0000 (15:42 -0700)]
Merge tag 'for-5.0/dm-fixes-2' of git://git./linux/kernel/git/device-mapper/linux-dm

Pull device mapper fixes from Mike Snitzer:
 "Both of these fixes address issues in changes merged for 5.0-rc4:

   - Fix DM core's missing memory barrier before waitqueue_active()
     calls.

   - Fix DM core's clone_bio() to work when cloning a subset of a bio
     with an integrity payload; bio_integrity_trim() wasn't getting
     called due to bio_trim()'s early return"

* tag 'for-5.0/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
  dm: don't use bio_trim() afterall
  dm: add memory barrier before waitqueue_active

5 years agonet: vxlan: Free a leaked vetoed multicast rdst
Petr Machata [Thu, 7 Feb 2019 12:18:02 +0000 (12:18 +0000)]
net: vxlan: Free a leaked vetoed multicast rdst

When an rdst is rejected by a driver, the current code removes it from
the remote list, but neglects to free it. This is triggered by
tools/testing/selftests/drivers/net/mlxsw/vxlan_fdb_veto.sh and shows as
the following kmemleak trace:

unreferenced object 0xffff88817fa3d888 (size 96):
  comm "softirq", pid 0, jiffies 4372702718 (age 165.252s)
  hex dump (first 32 bytes):
    02 00 00 00 c6 33 64 03 80 f5 a2 61 81 88 ff ff  .....3d....a....
    06 df 71 ae ff ff ff ff 0c 00 00 00 04 d2 6a 6b  ..q...........jk
  backtrace:
    [<00000000296b27ac>] kmem_cache_alloc_trace+0x1ae/0x370
    [<0000000075c86dc6>] vxlan_fdb_append.part.12+0x62/0x3b0 [vxlan]
    [<00000000e0414b63>] vxlan_fdb_update+0xc61/0x1020 [vxlan]
    [<00000000f330c4bd>] vxlan_fdb_add+0x2e8/0x3d0 [vxlan]
    [<0000000008f81c2c>] rtnl_fdb_add+0x4c2/0xa10
    [<00000000bdc4b270>] rtnetlink_rcv_msg+0x6dd/0x970
    [<000000006701f2ce>] netlink_rcv_skb+0x290/0x410
    [<00000000c08a5487>] rtnetlink_rcv+0x15/0x20
    [<00000000d5f54b1e>] netlink_unicast+0x43f/0x5e0
    [<00000000db4336bb>] netlink_sendmsg+0x789/0xcd0
    [<00000000e1ee26b6>] sock_sendmsg+0xba/0x100
    [<00000000ba409802>] ___sys_sendmsg+0x631/0x960
    [<000000003c332113>] __sys_sendmsg+0xea/0x180
    [<00000000f4139144>] __x64_sys_sendmsg+0x78/0xb0
    [<000000006d1ddc59>] do_syscall_64+0x94/0x410
    [<00000000c8defa9a>] entry_SYSCALL_64_after_hwframe+0x49/0xbe

Move vxlan_dst_free() up and schedule a call thereof to plug this leak.

Fixes: 61f46fe8c646 ("vxlan: Allow vetoing of FDB notifications")
Signed-off-by: Petr Machata <petrm@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agoMerge branch 'ipv6-fixes'
David S. Miller [Thu, 7 Feb 2019 18:48:42 +0000 (10:48 -0800)]
Merge branch 'ipv6-fixes'

Hangbin Liu says:

====================
fix two kernel panics when disabled IPv6 on boot up

When disabled IPv6 on boot up, since there is no ipv6 route tables, we should
not call rt6_lookup. Fix them by checking if we have inet6_dev pointer on
netdevice.

v2: Fix idev reference leak, declarations and code mixing as Stefano,
    Eric pointed. Since we only want to check if idev exists and not
    reference it, use __in6_dev_get() insteand of in6_dev_get().
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agosit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach()
Hangbin Liu [Thu, 7 Feb 2019 10:36:11 +0000 (18:36 +0800)]
sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach()

If we disabled IPv6 from the kernel command line (ipv6.disable=1), we should
not call ip6_err_gen_icmpv6_unreach(). This:

  ip link add sit1 type sit local 192.0.2.1 remote 192.0.2.2 ttl 1
  ip link set sit1 up
  ip addr add 198.51.100.1/24 dev sit1
  ping 198.51.100.2

if IPv6 is disabled at boot time, will crash the kernel.

v2: there's no need to use in6_dev_get(), use __in6_dev_get() instead,
    as we only need to check that idev exists and we are under
    rcu_read_lock() (from netif_receive_skb_internal()).

Reported-by: Jianlin Shi <jishi@redhat.com>
Fixes: ca15a078bd90 ("sit: generate icmpv6 error when receiving icmpv4 error")
Cc: Oussama Ghorbel <ghorbel@pivasoftware.com>
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Reviewed-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agogeneve: should not call rt6_lookup() when ipv6 was disabled
Hangbin Liu [Thu, 7 Feb 2019 10:36:10 +0000 (18:36 +0800)]
geneve: should not call rt6_lookup() when ipv6 was disabled

When we add a new GENEVE device with IPv6 remote, checking only for
IS_ENABLED(CONFIG_IPV6) is not enough as we may disable IPv6 in the
kernel command line (ipv6.disable=1), and calling rt6_lookup() would
cause a NULL pointer dereference.

v2:
- don't mix declarations and code (reported by Stefano Brivio, Eric Dumazet)
- there's no need to use in6_dev_get() as we only need to check that
  idev exists (reported by David Ahern). This is under RTNL, so we can
  simply use __in6_dev_get() instead (Stefano, Eric).

Reported-by: Jianlin Shi <jishi@redhat.com>
Fixes: c40e89fd358e9 ("geneve: configure MTU based on a lower device")
Cc: Alexey Kodanev <alexey.kodanev@oracle.com>
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Reviewed-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agoMerge branch 'devlink-health'
David S. Miller [Thu, 7 Feb 2019 18:34:39 +0000 (10:34 -0800)]
Merge branch 'devlink-health'

Eran Ben Elisha says:

====================
Devlink health reporting and recovery system

The health mechanism is targeted for Real Time Alerting, in order to know when
something bad had happened to a PCI device
- Provide alert debug information
- Self healing
- If problem needs vendor support, provide a way to gather all needed debugging
  information.

The main idea is to unify and centralize driver health reports in the
generic devlink instance and allow the user to set different
attributes of the health reporting and recovery procedures.

The devlink health reporter:
Device driver creates a "health reporter" per each error/health type.
Error/Health type can be a known/generic (eg pci error, fw error, rx/tx error)
or unknown (driver specific).
For each registered health reporter a driver can issue error/health reports
asynchronously. All health reports handling is done by devlink.
Device driver can provide specific callbacks for each "health reporter", e.g.
 - Recovery procedures
 - Diagnostics and object dump procedures
 - OOB initial attributes
Different parts of the driver can register different types of health reporters
with different handlers.

Once an error is reported, devlink health will do the following actions:
  * A log is being send to the kernel trace events buffer
  * Health status and statistics are being updated for the reporter instance
  * Object dump is being taken and saved at the reporter instance (as long as
    there is no other dump which is already stored)
  * Auto recovery attempt is being done. Depends on:
    - Auto-recovery configuration
    - Grace period vs. time passed since last recover

The user interface:
User can access/change each reporter attributes and driver specific callbacks
via devlink, e.g per error type (per health reporter)
 - Configure reporter's generic attributes (like: Disable/enable auto recovery)
 - Invoke recovery procedure
 - Run diagnostics
 - Object dump

The devlink health interface (via netlink):
DEVLINK_CMD_HEALTH_REPORTER_GET
  Retrieves status and configuration info per DEV and reporter.
DEVLINK_CMD_HEALTH_REPORTER_SET
  Allows reporter-related configuration setting.
DEVLINK_CMD_HEALTH_REPORTER_RECOVER
  Triggers a reporter's recovery procedure.
DEVLINK_CMD_HEALTH_REPORTER_DIAGNOSE
  Retrieves diagnostics data from a reporter on a device.
DEVLINK_CMD_HEALTH_REPORTER_DUMP_GET
  Retrieves the last stored dump. Devlink health
  saves a single dump. If an dump is not already stored by the devlink
  for this reporter, devlink generates a new dump.
  dump output is defined by the reporter.
DEVLINK_CMD_HEALTH_REPORTER_DUMP_CLEAR
  Clears the last saved dump file for the specified reporter.

                                               netlink
                                      +--------------------------+
                                      |                          |
                                      |            +             |
                                      |            |             |
                                      +--------------------------+
                                                   |request for ops
                                                   |(diagnose,
 mlx5_core                             devlink     |recover,
                                                   |dump)
+--------+                            +--------------------------+
|        |                            |    reporter|             |
|        |                            |  +---------v----------+  |
|        |   ops execution            |  |                    |  |
|     <----------------------------------+                    |  |
|        |                            |  |                    |  |
|        |                            |  + ^------------------+  |
|        |                            |    | request for ops     |
|        |                            |    | (recover, dump)     |
|        |                            |    |                     |
|        |                            |  +-+------------------+  |
|        |     health report          |  | health handler     |  |
|        +------------------------------->                    |  |
|        |                            |  +--------------------+  |
|        |     health reporter create |                          |
|        +---------------------------->                          |
+--------+                            +--------------------------+

In this patchset, mlx5e TX reporter is implemented.

Cmdline format:
    devlink health show [DEV reporter REPORTE_NAME]
    devlink health recover DEV reporter REPORTER_NAME
    devlink health diagnose DEV reporter REPORTER_NAME
    devlink health dump show DEV reporter REPORTER_NAME
    devlink health dump clear DEV reporter REPORTER_NAME
    devlink health set DEV reporter REPORTER_NAME NAME VALUE

Cmdline examples:
$devlink health show
pci/0000:00:09.0:
  name tx
    state healthy #err 1 #recover 0 last_dump_ts N/A
    parameters:
      grace_period 500 auto_recover false

$devlink health diagnose pci/0000:00:09.0 reporter tx -j -p
{
    "SQs": [ {
            "sqn": 138,
            "HW state": 1,
            "stopped": false
        },{
            "sqn": 142,
            "HW state": 1,
            "stopped": false
        } ]
}

$devlink health diagnose pci/0000:00:09.0 reporter tx
SQs:
  sqn: 138 HW state: 1 stopped: false
  sqn: 142 HW state: 1 stopped: false

$devlink health recover pci/0000:00:09 reporter tx

$devlink health set pci/0000:00:09.0 reporter tx grace_period 3500

$devlink health set pci/0000:00:09.0 reporter tx auto_recover false

Changelog:
v4:
- Rebase on latest net-next
- Remove trace_devlink_health signature exposure in case CONFIG_NET_DEVLINK is
  not defined as it shall only be used from devlink.

v3:
- Redesign of devlink <-> driver fmsg API
- Various bug fixes

v2:
- Remove FW* reporters to decrease the amount of patches in the patchset
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agodevlink: Add Documentation/networking/devlink-health.txt
Aya Levin [Thu, 7 Feb 2019 09:36:42 +0000 (11:36 +0200)]
devlink: Add Documentation/networking/devlink-health.txt

This patch adds a new file to add information about devlink health
mechanism.

Signed-off-by: Aya Levin <ayal@mellanox.com>
Signed-off-by: Eran Ben Elisha <eranbe@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agonet/mlx5e: Add tx timeout support for mlx5e tx reporter
Eran Ben Elisha [Thu, 7 Feb 2019 09:36:41 +0000 (11:36 +0200)]
net/mlx5e: Add tx timeout support for mlx5e tx reporter

With this patch, ndo_tx_timeout callback will be redirected to the tx
reporter in order to detect a tx timeout error and report it to the
devlink health. (The watchdog detects tx timeouts, but the driver verify
the issue still exists before launching any recover method).

In addition, recover from tx timeout in case of lost interrupt was added
to the tx reporter recover method. The tx timeout recover from lost
interrupt is not a new feature in the driver, this patch re-organize the
functionality and move it to the tx reporter recovery flow.

tx timeout example:
(with auto_recover set to false, if set to true, the manual recover and
diagnose sections are irrelevant)

$cat /sys/kernel/debug/tracing/trace
...
devlink_health_report: bus_name=pci dev_name=0000:00:09.0
driver_name=mlx5_core reporter_name=tx: TX timeout on queue: 0, SQ: 0x8a,
CQ: 0x35, SQ Cons: 0x2 SQ Prod: 0x2, usecs since last trans: 14912000

$devlink health show
pci/0000:00:09.0:
  name tx
    state healthy #err 1 #recover 0 last_dump_ts N/A
    parameters:
      grace_period 500 auto_recover false

$devlink health diagnose pci/0000:00:09.0 reporter tx -j -p
{
    "SQs": [ {
            "sqn": 138,
            "HW state": 1,
            "stopped": true
        },{
            "sqn": 142,
            "HW state": 1,
            "stopped": false
        } ]
}

$devlink health diagnose pci/0000:00:09.0 reporter tx
SQs:
  sqn: 138 HW state: 1 stopped: true
  sqn: 142 HW state: 1 stopped: false

$devlink health recover pci/0000:00:09 reporter tx
$devlink health show
pci/0000:00:09.0:
  name tx
    state healthy #err 1 #recover 1 last_dump_ts N/A
    parameters:
      grace_period 500 auto_recover false

Signed-off-by: Eran Ben Elisha <eranbe@mellanox.com>
Reviewed-by: Moshe Shemesh <moshe@mellanox.com>
Acked-by: Saeed Mahameed <saeedm@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agonet/mlx5e: Add tx reporter support
Eran Ben Elisha [Thu, 7 Feb 2019 09:36:40 +0000 (11:36 +0200)]
net/mlx5e: Add tx reporter support

Add mlx5e tx reporter to devlink health reporters. This reporter will be
responsible for diagnosing, reporting and recovering of tx errors.
This patch declares the TX reporter operations and creates it using the
devlink health API. Currently, this reporter supports reporting and
recovering from send error CQE only. In addition, it adds diagnose
information for the open SQs.

For a local SQ recover (due to driver error report), in case of SQ recover
failure, the recover operation will be considered as a failure.
For a full tx recover, an attempt to close and open the channels will be
done. If this one passed successfully, it will be considered as a
successful recover.

The SQ recover from error CQE flow is not a new feature in the driver,
this patch re-organize the functions and adapt them for the devlink
health API. For this purpose, move code from en_main.c to a new file
named reporter_tx.c.

Diagnose output:
$devlink health diagnose pci/0000:00:09.0 reporter tx -j -p
{
    "SQs": [ {
            "sqn": 138,
            "HW state": 1,
            "stopped": false
        },{
            "sqn": 142,
            "HW state": 1,
            "stopped": false
        } ]
}

$devlink health diagnose pci/0000:00:09.0 reporter tx
SQs:
  sqn: 138 HW state: 1 stopped: false
  sqn: 142 HW state: 1 stopped: false

Signed-off-by: Eran Ben Elisha <eranbe@mellanox.com>
Reviewed-by: Moshe Shemesh <moshe@mellanox.com>
Acked-by: Saeed Mahameed <saeedm@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agodevlink: Add health dump {get,clear} commands
Eran Ben Elisha [Thu, 7 Feb 2019 09:36:39 +0000 (11:36 +0200)]
devlink: Add health dump {get,clear} commands

Add devlink health dump commands, in order to run an dump operation
over a specific reporter.

The supported operations are dump_get in order to get last saved
dump (if not exist, dump now) and dump_clear to clear last saved
dump.

It is expected from driver's callback for diagnose command to fill it
via the devlink fmsg API. Devlink will parse it and convert it to
netlink nla API in order to pass it to the user.

Signed-off-by: Eran Ben Elisha <eranbe@mellanox.com>
Reviewed-by: Moshe Shemesh <moshe@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agodevlink: Add health diagnose command
Eran Ben Elisha [Thu, 7 Feb 2019 09:36:38 +0000 (11:36 +0200)]
devlink: Add health diagnose command

Add devlink health diagnose command, in order to run a diagnose
operation over a specific reporter.

It is expected from driver's callback for diagnose command to fill it
via the devlink fmsg API. Devlink will parse it and convert it to
netlink nla API in order to pass it to the user.

Signed-off-by: Eran Ben Elisha <eranbe@mellanox.com>
Reviewed-by: Moshe Shemesh <moshe@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agodevlink: Add health recover command
Eran Ben Elisha [Thu, 7 Feb 2019 09:36:37 +0000 (11:36 +0200)]
devlink: Add health recover command

Add devlink health recover command to the uapi, in order to allow the user
to execute a recover operation over a specific reporter.

Signed-off-by: Eran Ben Elisha <eranbe@mellanox.com>
Reviewed-by: Moshe Shemesh <moshe@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agodevlink: Add health set command
Eran Ben Elisha [Thu, 7 Feb 2019 09:36:36 +0000 (11:36 +0200)]
devlink: Add health set command

Add devlink health set command, in order to set configuration parameters
for a specific reporter.
Supported parameters are:
- graceful_period: Time interval between auto recoveries (in msec)
- auto_recover: Determines if the devlink shall execute recover upon
receiving error for the reporter

Signed-off-by: Eran Ben Elisha <eranbe@mellanox.com>
Reviewed-by: Moshe Shemesh <moshe@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agodevlink: Add health get command
Eran Ben Elisha [Thu, 7 Feb 2019 09:36:35 +0000 (11:36 +0200)]
devlink: Add health get command

Add devlink health get command to provide reporter/s data for user space.
Add the ability to get data per reporter or dump data from all available
reporters.

Signed-off-by: Eran Ben Elisha <eranbe@mellanox.com>
Reviewed-by: Moshe Shemesh <moshe@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agodevlink: Add health report functionality
Eran Ben Elisha [Thu, 7 Feb 2019 09:36:34 +0000 (11:36 +0200)]
devlink: Add health report functionality

Upon error discover, every driver can report it to the devlink health
mechanism via devlink_health_report function, using the appropriate
reporter registered to it. Driver can pass error specific context which
will be delivered to it as part of the dump / recovery callbacks.

Once an error is reported, devlink health will do the following actions:
* A log is being send to the kernel trace events buffer
* Health status and statistics are being updated for the reporter instance
* Object dump is being taken and stored at the reporter instance (as long
  as there is no other dump which is already stored)
* Auto recovery attempt is being done. Depends on:
  - Auto Recovery configuration
  - Grace period vs. Time since last recover

Signed-off-by: Eran Ben Elisha <eranbe@mellanox.com>
Reviewed-by: Moshe Shemesh <moshe@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agodevlink: Add health reporter create/destroy functionality
Eran Ben Elisha [Thu, 7 Feb 2019 09:36:33 +0000 (11:36 +0200)]
devlink: Add health reporter create/destroy functionality

Devlink health reporter is an instance for reporting, diagnosing and
recovering from run time errors discovered by the reporters.
Define it's data structure and supported operations.
In addition, expose devlink API to create and destroy a reporter.
Each devlink instance will hold it's own reporters list.

As part of the allocation, driver shall provide a set of callbacks which
will be used by devlink in order to handle health reports and user
commands related to this reporter. In addition, driver is entitled to
provide some priv pointer, which can be fetched from the reporter by
devlink_health_reporter_priv function.

For each reporter, devlink will hold a metadata of statistics,
dump msg and status.

For passing dumps and diagnose data to the user-space, it will use devlink
fmsg API.

Signed-off-by: Eran Ben Elisha <eranbe@mellanox.com>
Reviewed-by: Moshe Shemesh <moshe@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agodevlink: Add devlink formatted message (fmsg) API
Eran Ben Elisha [Thu, 7 Feb 2019 09:36:32 +0000 (11:36 +0200)]
devlink: Add devlink formatted message (fmsg) API

Devlink fmsg is a mechanism to pass descriptors between drivers and
devlink, in json-like format. The API allows the driver to add nested
attributes such as object, object pair and value array, in addition to
attributes such as name and value.

Driver can use this API to fill the fmsg context in a format which will be
translated by the devlink to the netlink message later.
There is no memory allocation in advance (other than the initial list
head), and it dynamically allocates messages descriptors and add them to
the list on the fly.

When it needs to send the data using SKBs to the netlink layer, it
fragments the data between different SKBs. In order to do this
fragmentation, it uses virtual nests attributes, to avoid actual
nesting use which cannot be divided between different SKBs.

Signed-off-by: Eran Ben Elisha <eranbe@mellanox.com>
Reviewed-by: Moshe Shemesh <moshe@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agoKVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221)
Peter Shier [Thu, 11 Oct 2018 18:46:46 +0000 (11:46 -0700)]
KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221)

Bugzilla: 1671904

There are multiple code paths where an hrtimer may have been started to
emulate an L1 VMX preemption timer that can result in a call to free_nested
without an intervening L2 exit where the hrtimer is normally
cancelled. Unconditionally cancel in free_nested to cover all cases.

Embargoed until Feb 7th 2019.

Signed-off-by: Peter Shier <pshier@google.com>
Reported-by: Jim Mattson <jmattson@google.com>
Reviewed-by: Jim Mattson <jmattson@google.com>
Reported-by: Felix Wilhelm <fwilhelm@google.com>
Cc: stable@kernel.org
Message-Id: <20181011184646.154065-1-pshier@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years agoKVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222)
Paolo Bonzini [Tue, 29 Jan 2019 17:41:16 +0000 (18:41 +0100)]
KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222)

Bugzilla: 1671930

Emulation of certain instructions (VMXON, VMCLEAR, VMPTRLD, VMWRITE with
memory operand, INVEPT, INVVPID) can incorrectly inject a page fault
when passed an operand that points to an MMIO address.  The page fault
will use uninitialized kernel stack memory as the CR2 and error code.

The right behavior would be to abort the VM with a KVM_EXIT_INTERNAL_ERROR
exit to userspace; however, it is not an easy fix, so for now just
ensure that the error code and CR2 are zero.

Embargoed until Feb 7th 2019.

Reported-by: Felix Wilhelm <fwilhelm@google.com>
Cc: stable@kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years agokvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974)
Jann Horn [Sat, 26 Jan 2019 00:54:33 +0000 (01:54 +0100)]
kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974)

kvm_ioctl_create_device() does the following:

1. creates a device that holds a reference to the VM object (with a borrowed
   reference, the VM's refcount has not been bumped yet)
2. initializes the device
3. transfers the reference to the device to the caller's file descriptor table
4. calls kvm_get_kvm() to turn the borrowed reference to the VM into a real
   reference

The ownership transfer in step 3 must not happen before the reference to the VM
becomes a proper, non-borrowed reference, which only happens in step 4.
After step 3, an attacker can close the file descriptor and drop the borrowed
reference, which can cause the refcount of the kvm object to drop to zero.

This means that we need to grab a reference for the device before
anon_inode_getfd(), otherwise the VM can disappear from under us.

Fixes: 852b6d57dc7f ("kvm: add device control API")
Cc: stable@kernel.org
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
5 years agonet: phy: fixed_phy: Fix fixed_phy not checking GPIO
Moritz Fischer [Thu, 7 Feb 2019 05:45:29 +0000 (21:45 -0800)]
net: phy: fixed_phy: Fix fixed_phy not checking GPIO

Fix fixed_phy not checking GPIO if no link_update callback
is registered.

In the original version all users registered a link_update
callback so the issue was masked.

Fixes: a5597008dbc2 ("phy: fixed_phy: Add gpio to determine link up/down.")
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Moritz Fischer <mdf@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid
Linus Torvalds [Thu, 7 Feb 2019 11:51:31 +0000 (11:51 +0000)]
Merge branch 'for-linus' of git://git./linux/kernel/git/hid/hid

Pull HID fix from Jiri Kosina:
 "A fix for a bug in hid-debug that can lock up the kernel in infinite
  loop (CVE-2019-3819), from Vladis Dronov"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid:
  HID: debug: fix the ring buffer implementation

5 years agoMerge tag 'sound-5.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai...
Linus Torvalds [Thu, 7 Feb 2019 08:33:56 +0000 (08:33 +0000)]
Merge tag 'sound-5.0-rc6' of git://git./linux/kernel/git/tiwai/sound

Pull sound fixes from Takashi Iwai:
 "A collection of a few small fixes.

  The most significant one is the fix for the possible race at loading
  HD-audio drivers. This has been present for long time and surfaced
  only in a rare occasion, but finally spotted out"

* tag 'sound-5.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ALSA: hda/ca0132 - Fix build error without CONFIG_PCI
  ALSA: compress: Fix stop handling on compressed capture streams
  ALSA: usb-audio: Add support for new T+A USB DAC
  ALSA: hda - Serialize codec registrations
  ALSA: hda/realtek - Use a common helper for hp pin reference
  ALSA: hda/realtek - Fix lose hp_pins for disable auto mute
  ALSA: hda/realtek - Headset microphone support for System76 darp5

5 years agoMerge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost
Linus Torvalds [Thu, 7 Feb 2019 08:05:28 +0000 (08:05 +0000)]
Merge tag 'for_linus' of git://git./linux/kernel/git/mst/vhost

Pull virtio fixes from Michael Tsirkin:
 "A small fix for a uapi header, and a fix for VDPA for non-x86 guests"

* tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
  virtio: drop internal struct from UAPI
  virtio: support VIRTIO_F_ORDER_PLATFORM

5 years agoMerge tag 'trace-v5.0-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt...
Linus Torvalds [Thu, 7 Feb 2019 07:59:01 +0000 (07:59 +0000)]
Merge tag 'trace-v5.0-rc3' of git://git./linux/kernel/git/rostedt/linux-trace

Pull tracing fixes from Steven Rostedt:
 "This has two fixes for uprobe code.

   - Cut and paste fix to have uprobe printks say "uprobe" and not
     "kprobe"

   - Add terminating '\0' byte when copying function arguments"

* tag 'trace-v5.0-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
  tracing/uprobes: Fix output for multiple string arguments
  tracing: uprobes: Fix typo in pr_fmt string

5 years agoMerge tag 'fuse-fixes-5.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/mszer...
Linus Torvalds [Thu, 7 Feb 2019 07:52:08 +0000 (07:52 +0000)]
Merge tag 'fuse-fixes-5.0-rc6' of git://git./linux/kernel/git/mszeredi/fuse

Pull fuse fixes from Miklos Szeredi:
 "A fix for a CUSE regression introduced in v4.20, as well as fixes for
  a couple of old bugs"

* tag 'fuse-fixes-5.0-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
  fuse: decrement NR_WRITEBACK_TEMP on the right page
  fuse: call pipe_buf_release() under pipe lock
  cuse: fix ioctl
  fuse: handle zero sized retrieve correctly

5 years agoMerge tag 'pinctrl-v5.0-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw...
Linus Torvalds [Thu, 7 Feb 2019 07:47:08 +0000 (07:47 +0000)]
Merge tag 'pinctrl-v5.0-2' of git://git./linux/kernel/git/linusw/linux-pinctrl

Pull pin control fixes from Linus Walleij:

 - Mediatek Kconfig fix

 - Sunxi regulator, IRQ banks and pin base fixup

 - Intel Cherryview Strago DMI workaround

 - Potential regmap problem on mcp23s08

* tag 'pinctrl-v5.0-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
  pinctrl: sunxi: Correct number of IRQ banks on H6 main pin controller
  pinctrl: mcp23s08: spi: Fix regmap allocation for mcp23s18
  pinctrl: cherryview: fix Strago DMI workaround
  pinctrl: sunxi: Consider pin_base when calculating regulator array index
  pinctrl: sunxi: Fix and simplify pin bank regulator handling
  pinctrl: mediatek: fix Kconfig build errors for moore core

5 years agonet: emac: remove IBM_EMAC_RX_SKB_HEADROOM
Christian Lamparter [Tue, 5 Feb 2019 21:20:09 +0000 (22:20 +0100)]
net: emac: remove IBM_EMAC_RX_SKB_HEADROOM

The EMAC driver had a custom IBM_EMAC_RX_SKB_HEADROOM
Kconfig option that reserved additional skb headroom for RX.
This patch removes the option and migrates the code
to use napi_alloc_skb() and netdev_alloc_skb_ip_align()
in its place.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agonet: Don't default Cavium PTP driver to 'y'
Bjorn Helgaas [Tue, 5 Feb 2019 20:47:21 +0000 (14:47 -0600)]
net: Don't default Cavium PTP driver to 'y'

8c56df372bc1 ("net: add support for Cavium PTP coprocessor") added the
Cavium PTP coprocessor driver and enabled it by default.  Remove the
"default y" because the driver only applies to Cavium ThunderX processors.

Fixes: 8c56df372bc1 ("net: add support for Cavium PTP coprocessor")
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agonet: phy: improve genphy_c45_read_link
Heiner Kallweit [Tue, 5 Feb 2019 19:41:37 +0000 (20:41 +0100)]
net: phy: improve genphy_c45_read_link

Let's make genphy_c45_read_link behave the same as genphy_update_link
and set phydev->link in the function directly. This allows to simplify
the callers. In addition don't check further devices once we detect
that at least one device reports link as down.

v2:
- remove an unused variable

Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agonet: broadcom: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles
Yang Wei [Tue, 5 Feb 2019 16:25:54 +0000 (00:25 +0800)]
net: broadcom: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles

dev_consume_skb_irq() should be called in sbdma_tx_process() when
skb xmit done. It makes drop profiles(dropwatch, perf) more
friendly.

Signed-off-by: Yang Wei <yang.wei9@zte.com.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agonet: via-velocity: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles
Yang Wei [Tue, 5 Feb 2019 16:22:54 +0000 (00:22 +0800)]
net: via-velocity: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles

dev_consume_skb_irq() should be called in velocity_free_tx_buf()
when skb xmit done. It makes drop profiles(dropwatch, perf) more
friendly.

Signed-off-by: Yang Wei <yang.wei9@zte.com.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agonet: tehuti: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles
Yang Wei [Tue, 5 Feb 2019 16:21:31 +0000 (00:21 +0800)]
net: tehuti: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles

dev_consume_skb_irq() should be called in bdx_tx_cleanup() when skb
xmit done. It makes drop profiles(dropwatch, perf) more friendly.

Signed-off-by: Yang Wei <yang.wei9@zte.com.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agonet: sun: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles
Yang Wei [Tue, 5 Feb 2019 16:19:44 +0000 (00:19 +0800)]
net: sun: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles

dev_consume_skb_irq() should be called when skb xmit done. It makes
drop profiles(dropwatch, perf) more friendly.

Signed-off-by: Yang Wei <yang.wei9@zte.com.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agonet: fsl_ucc_hdlc: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles
Yang Wei [Tue, 5 Feb 2019 16:14:51 +0000 (00:14 +0800)]
net: fsl_ucc_hdlc: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles

dev_consume_skb_irq() should be called in hdlc_tx_done() when skb
xmit done. It makes drop profiles(dropwatch, perf) more friendly.

Signed-off-by: Yang Wei <yang.wei9@zte.com.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agonet: fec_mpc52xx: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles
Yang Wei [Tue, 5 Feb 2019 16:12:04 +0000 (00:12 +0800)]
net: fec_mpc52xx: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles

dev_consume_skb_irq() should be called in mpc52xx_fec_tx_interrupt()
when skb xmit done. It makes drop profiles(dropwatch, perf) more
friendly.

Signed-off-by: Yang Wei <yang.wei9@zte.com.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
5 years agonet: smsc: epic100: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles
Yang Wei [Tue, 5 Feb 2019 16:09:41 +0000 (00:09 +0800)]
net: smsc: epic100: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop profiles

dev_consume_skb_irq() should be called in epic_tx() when skb xmit
done. It makes drop profiles(dropwatch, perf) more friendly.

Signed-off-by: Yang Wei <yang.wei9@zte.com.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>