Naftali Goldstein [Wed, 29 May 2019 12:25:30 +0000 (15:25 +0300)]
mac80211: do not start any work during reconfigure flow
It is not a good idea to try to perform any work (e.g. send an auth
frame) during reconfigure flow.
Prevent this from happening, and at the end of the reconfigure flow
requeue all the works.
Signed-off-by: Naftali Goldstein <naftali.goldstein@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Luca Coelho [Wed, 29 May 2019 12:25:29 +0000 (15:25 +0300)]
cfg80211: use BIT_ULL in cfg80211_parse_mbssid_data()
The seen_indices variable is u64 and in other parts of the code we
assume mbssid_index_ie[2] can be up to 45, so we should use the 64-bit
versions of BIT, namely, BIT_ULL().
Reported-by: Dan Carpented <dan.carpenter@oracle.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Yibo Zhao [Fri, 14 Jun 2019 11:01:52 +0000 (19:01 +0800)]
mac80211: only warn once on chanctx_conf being NULL
In multiple SSID cases, it takes time to prepare every AP interface
to be ready in initializing phase. If a sta already knows everything it
needs to join one of the APs and sends authentication to the AP which
is not fully prepared at this point of time, AP's channel context
could be NULL. As a result, warning message occurs.
Even worse, if the AP is under attack via tools such as MDK3 and massive
authentication requests are received in a very short time, console will
be hung due to kernel warning messages.
WARN_ON_ONCE() could be a better way for indicating warning messages
without duplicate messages to flood the console.
Johannes: We still need to address the underlying problem, but we
don't really have a good handle on it yet. Suppress the
worst side-effects for now.
Signed-off-by: Zhi Chen <zhichen@codeaurora.org>
Signed-off-by: Yibo Zhao <yiboz@codeaurora.org>
[johannes: add note, change subject]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Wed, 13 Feb 2019 14:13:30 +0000 (15:13 +0100)]
mac80211: drop robust management frames from unknown TA
When receiving a robust management frame, drop it if we don't have
rx->sta since then we don't have a security association and thus
couldn't possibly validate the frame.
Cc: stable@vger.kernel.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Tue, 28 May 2019 12:19:07 +0000 (14:19 +0200)]
nl80211: fill all policy .type entries
For old commands, it's fine to have .type = NLA_UNSPEC and it
behaves the same as NLA_MIN_LEN. However, for new commands with
strict validation this is no longer true, and for policy export
to userspace these are also ignored.
Fix up the remaining ones that don't have a type.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Pradeep Kumar Chitrapu [Tue, 28 May 2019 23:36:16 +0000 (16:36 -0700)]
mac80211: free peer keys before vif down in mesh
freeing peer keys after vif down is resulting in peer key uninstall
to fail due to interface lookup failure. so fix that.
Signed-off-by: Pradeep Kumar Chitrapu <pradeepc@codeaurora.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Thomas Pedersen [Sat, 25 May 2019 04:16:24 +0000 (21:16 -0700)]
mac80211: mesh: fix RCU warning
ifmsh->csa is an RCU-protected pointer. The writer context
in ieee80211_mesh_finish_csa() is already mutually
exclusive with wdev->sdata.mtx, but the RCU checker did
not know this. Use rcu_dereference_protected() to avoid a
warning.
fixes the following warning:
[ 12.519089] =============================
[ 12.520042] WARNING: suspicious RCU usage
[ 12.520652] 5.1.0-rc7-wt+ #16 Tainted: G W
[ 12.521409] -----------------------------
[ 12.521972] net/mac80211/mesh.c:1223 suspicious rcu_dereference_check() usage!
[ 12.522928] other info that might help us debug this:
[ 12.523984] rcu_scheduler_active = 2, debug_locks = 1
[ 12.524855] 5 locks held by kworker/u8:2/152:
[ 12.525438] #0:
00000000057be08c ((wq_completion)phy0){+.+.}, at: process_one_work+0x1a2/0x620
[ 12.526607] #1:
0000000059c6b07a ((work_completion)(&sdata->csa_finalize_work)){+.+.}, at: process_one_work+0x1a2/0x620
[ 12.528001] #2:
00000000f184ba7d (&wdev->mtx){+.+.}, at: ieee80211_csa_finalize_work+0x2f/0x90
[ 12.529116] #3:
00000000831a1f54 (&local->mtx){+.+.}, at: ieee80211_csa_finalize_work+0x47/0x90
[ 12.530233] #4:
00000000fd06f988 (&local->chanctx_mtx){+.+.}, at: ieee80211_csa_finalize_work+0x51/0x90
Signed-off-by: Thomas Pedersen <thomas@eero.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Andy Strohman [Sat, 25 May 2019 06:27:29 +0000 (23:27 -0700)]
nl80211: fix station_info pertid memory leak
When dumping stations, memory allocated for station_info's
pertid member will leak if the nl80211 header cannot be added to
the sk_buff due to insufficient tail room.
I noticed this leak in the kmalloc-2048 cache.
Cc: stable@vger.kernel.org
Fixes: 8689c051a201 ("cfg80211: dynamically allocate per-tid stats for station info")
Signed-off-by: Andy Strohman <andy@uplevelsystems.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Jouni Malinen [Mon, 27 May 2019 22:46:43 +0000 (01:46 +0300)]
mac80211: Do not use stack memory with scatterlist for GMAC
ieee80211_aes_gmac() uses the mic argument directly in sg_set_buf() and
that does not allow use of stack memory (e.g., BUG_ON() is hit in
sg_set_buf() with CONFIG_DEBUG_SG). BIP GMAC TX side is fine for this
since it can use the skb data buffer, but the RX side was using a stack
variable for deriving the local MIC value to compare against the
received one.
Fix this by allocating heap memory for the mic buffer.
This was found with hwsim test case ap_cipher_bip_gmac_128 hitting that
BUG_ON() and kernel panic.
Cc: stable@vger.kernel.org
Signed-off-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Manikanta Pubbisetty [Wed, 8 May 2019 09:25:33 +0000 (14:55 +0530)]
{nl,mac}80211: allow 4addr AP operation on crypto controlled devices
As per the current design, in the case of sw crypto controlled devices,
it is the device which advertises the support for AP/VLAN iftype based
on it's ability to tranmsit packets encrypted in software
(In VLAN functionality, group traffic generated for a specific
VLAN group is always encrypted in software). Commit
db3bdcb9c3ff
("mac80211: allow AP_VLAN operation on crypto controlled devices")
has introduced this change.
Since 4addr AP operation also uses AP/VLAN iftype, this conditional
way of advertising AP/VLAN support has broken 4addr AP mode operation on
crypto controlled devices which do not support VLAN functionality.
In the case of ath10k driver, not all firmwares have support for VLAN
functionality but all can support 4addr AP operation. Because AP/VLAN
support is not advertised for these devices, 4addr AP operations are
also blocked.
Fix this by allowing 4addr operation on devices which do not support
AP/VLAN iftype but can support 4addr AP operation (decision is based on
the wiphy flag WIPHY_FLAG_4ADDR_AP).
Cc: stable@vger.kernel.org
Fixes: db3bdcb9c3ff ("mac80211: allow AP_VLAN operation on crypto controlled devices")
Signed-off-by: Manikanta Pubbisetty <mpubbise@codeaurora.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Gustavo A. R. Silva [Mon, 29 Apr 2019 18:19:50 +0000 (13:19 -0500)]
mac80211_hwsim: mark expected switch fall-through
In preparation to enabling -Wimplicit-fallthrough, mark switch
cases where we are expecting to fall through.
This patch fixes the following warning:
drivers/net/wireless/mac80211_hwsim.c: In function ‘init_mac80211_hwsim’:
drivers/net/wireless/mac80211_hwsim.c:3853:21: warning: this statement may fall through [-Wimplicit-fallthrough=]
param.reg_strict = true;
~~~~~~~~~~~~~~~~~^~~~~~
drivers/net/wireless/mac80211_hwsim.c:3854:3: note: here
case HWSIM_REGTEST_DRIVER_REG_ALL:
^~~~
Warning level 3 was used: -Wimplicit-fallthrough=3
This patch is part of the ongoing efforts to enable
-Wimplicit-fallthrough.
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
John Crispin [Thu, 23 May 2019 08:27:24 +0000 (10:27 +0200)]
mac80211: fix rate reporting inside cfg80211_calculate_bitrate_he()
The reported rate is not scaled down correctly. After applying this patch,
the function will behave just like the v/ht equivalents.
Signed-off-by: Shashidhar Lakkavalli <slakkavalli@datto.com>
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
YueHaibing [Mon, 29 Apr 2019 14:07:54 +0000 (14:07 +0000)]
mac80211: remove set but not used variable 'old'
Fixes gcc '-Wunused-but-set-variable' warning:
net/mac80211/key.c: In function 'ieee80211_set_tx_key':
net/mac80211/key.c:271:24: warning:
variable 'old' set but not used [-Wunused-but-set-variable]
It is not used since introduction in
commit
96fc6efb9ad9 ("mac80211: IEEE 802.11 Extended Key ID support")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Yu Wang [Fri, 10 May 2019 09:04:52 +0000 (17:04 +0800)]
mac80211: handle deauthentication/disassociation from TDLS peer
When receiving a deauthentication/disassociation frame from a TDLS
peer, a station should not disconnect the current AP, but only
disable the current TDLS link if it's enabled.
Without this change, a TDLS issue can be reproduced by following the
steps as below:
1. STA-1 and STA-2 are connected to AP, bidirection traffic is running
between STA-1 and STA-2.
2. Set up TDLS link between STA-1 and STA-2, stay for a while, then
teardown TDLS link.
3. Repeat step #2 and monitor the connection between STA and AP.
During the test, one STA may send a deauthentication/disassociation
frame to another, after TDLS teardown, with reason code 6/7, which
means: Class 2/3 frame received from nonassociated STA.
On receive this frame, the receiver STA will disconnect the current
AP and then reconnect. It's not a expected behavior, purpose of this
frame should be disabling the TDLS link, not the link with AP.
Cc: stable@vger.kernel.org
Signed-off-by: Yu Wang <yyuwang@codeaurora.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Maxim Mikityanskiy [Tue, 7 May 2019 17:28:15 +0000 (20:28 +0300)]
wireless: Skip directory when generating certificates
Commit
715a12334764 ("wireless: don't write C files on failures") drops
the `test -f $$f` check. The list of targets contains the
CONFIG_CFG80211_EXTRA_REGDB_KEYDIR directory itself, and this check used
to filter it out. After the check was removed, the extra keydir option
no longer works, failing with the following message:
od: 'standard input': read error: Is a directory
This commit restores the check to make extra keydir work again.
Fixes: 715a12334764 ("wireless: don't write C files on failures")
Signed-off-by: Maxim Mikityanskiy <maxtram95@gmail.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Linus Torvalds [Mon, 13 May 2019 23:01:52 +0000 (16:01 -0700)]
Merge tag 'gcc-plugins-v5.2-rc1' of ssh://gitolite./linux/kernel/git/kees/linux
Pull gcc plugin fix from Kees Cook:
"Fix ARM stack-protector-per-task plugin build for older GCC < 6 (Chris
Packham)"
* tag 'gcc-plugins-v5.2-rc1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/kees/linux:
gcc-plugins: arm_ssp_per_task_plugin: Fix for older GCC < 6
Tobin C. Harding [Mon, 13 May 2019 19:59:04 +0000 (21:59 +0200)]
gfs2: Fix error path kobject memory leak
If a call to kobject_init_and_add() fails we must call kobject_put()
otherwise we leak memory.
Function gfs2_sys_fs_add always calls kobject_init_and_add() which
always calls kobject_init().
It is safe to leave object destruction up to the kobject release
function and never free it manually.
Remove call to kfree() and always call kobject_put() in the error path.
Signed-off-by: Tobin C. Harding <tobin@kernel.org>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Mon, 13 May 2019 22:34:03 +0000 (15:34 -0700)]
Merge branch 'for-5.2' of git://git./linux/kernel/git/dennis/percpu
Pull percpu updates from Dennis Zhou:
- scan hint update which helps address performance issues with heavily
fragmented blocks
- lockdep fix when freeing an allocation causes balance work to be
scheduled
* 'for-5.2' of git://git.kernel.org/pub/scm/linux/kernel/git/dennis/percpu:
percpu: remove spurious lock dependency between percpu and sched
percpu: use chunk scan_hint to skip some scanning
percpu: convert chunk hints to be based on pcpu_block_md
percpu: make pcpu_block_md generic
percpu: use block scan_hint to only scan forward
percpu: remember largest area skipped during allocation
percpu: add block level scan_hint
percpu: set PCPU_BITMAP_BLOCK_SIZE to PAGE_SIZE
percpu: relegate chunks unusable when failing small allocations
percpu: manage chunks based on contig_bits instead of free_bytes
percpu: introduce helper to determine if two regions overlap
percpu: do not search past bitmap when allocating an area
percpu: update free path with correct new free region
Linus Torvalds [Mon, 13 May 2019 22:21:48 +0000 (15:21 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/dtor/input
Pull input updates from Dmitry Torokhov:
"A few new drivers:
- driver for Azoteq IQS550/572/525 touch controllers
- driver for Microchip AT42QT1050 keys
- driver for GPIO controllable vibrators
- support for GT5663 in Goodix driver
... along with miscellaneous driver fixes"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
Input: libps2 - mark expected switch fall-through
Input: qt1050 - add Microchip AT42QT1050 support
Input: add support for Azoteq IQS550/572/525
Input: add a driver for GPIO controllable vibrators
Input: synaptics-rmi4 - fix enum_fmt
Input: synaptics-rmi4 - fill initial format
HID: input: add mapping for KEY_KBD_LAYOUT_NEXT
Input: add KEY_KBD_LAYOUT_NEXT
Input: hyperv-keyboard - add module description
Input: olpc_apsp - depend on ARCH_MMP
Input: sun4i-a10-lradc-keys - add support for A83T
Input: snvs_pwrkey - use dev_pm_set_wake_irq() to simplify code
Input: lpc32xx-key - add clocks property and fix DT binding example
Input: i8042 - signal wakeup from atkbd/psmouse
Input: goodix - add GT5663 CTP support
Input: goodix - add regulators suppot
Input: evdev - use struct_size() in kzalloc() and vzalloc()
Input: edt-ft5x06 - convert to use SPDX identifier
Input: edt-ft5x06 - enable ACPI enumeration
Linus Torvalds [Mon, 13 May 2019 22:15:00 +0000 (15:15 -0700)]
Merge git://git./linux/kernel/git/davem/net
Pull networking fixes from David Miller:
"Fixes all over:
1) Netdev refcnt leak in nf_flow_table, from Taehee Yoo.
2) Fix RCU usage in nf_tables, from Florian Westphal.
3) Fix DSA build when NET_DSA_TAG_BRCM_PREPEND is not set, from Yue
Haibing.
4) Add missing page read/write ops to realtek driver, from Heiner
Kallweit.
5) Endianness fix in qrtr code, from Nicholas Mc Guire.
6) Fix various bugs in DSA_SKB_* macros, from Vladimir Oltean.
7) Several BPF documentation cures, from Quentin Monnet.
8) Fix undefined behavior in narrow load handling of BPF verifier,
from Krzesimir Nowak.
9) DMA ops crash in SGI Seeq driver due to not set netdev parent
device pointer, from Thomas Bogendoerfer.
10) Flow dissector has to disable preemption when invoking BPF
program, from Eric Dumazet"
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (48 commits)
net: ethernet: stmmac: dwmac-sun8i: enable support of unicast filtering
net: ethernet: ti: netcp_ethss: fix build
flow_dissector: disable preemption around BPF calls
bonding: fix arp_validate toggling in active-backup mode
net: meson: fixup g12a glue ephy id
net: phy: realtek: Replace phy functions with non-locked version in rtl8211e_config_init()
net: seeq: fix crash caused by not set dev.parent
of_net: Fix missing of_find_device_by_node ref count drop
net: mvpp2: cls: Add missing NETIF_F_NTUPLE flag
bpf: fix undefined behavior in narrow load handling
libbpf: detect supported kernel BTF features and sanitize BTF
selftests: bpf: Add files generated after build to .gitignore
tools: bpf: synchronise BPF UAPI header with tools
bpf: fix minor issues in documentation for BPF helpers.
bpf: fix recurring typo in documentation for BPF helpers
bpf: fix script for generating man page on BPF helpers
bpf: add various test cases for backward jumps
net: dccp : proto: remove Unneeded variable "err"
net: dsa: Remove the now unused DSA_SKB_CB_COPY() macro
net: dsa: Remove dangerous DSA_SKB_CLONE() macro
...
Linus Torvalds [Mon, 13 May 2019 22:08:16 +0000 (15:08 -0700)]
Merge tag 'fsnotify_for_v5.2-rc1' of ssh://gitolite./linux/kernel/git/jack/linux-fs
Pull fsnotify fixes from Jan Kara:
"Two fsnotify fixes"
* tag 'fsnotify_for_v5.2-rc1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
fsnotify: fix unlink performance regression
fsnotify: Clarify connector assignment in fsnotify_add_mark_list()
Linus Torvalds [Mon, 13 May 2019 21:59:55 +0000 (14:59 -0700)]
Merge tag 'fs_for_v5.2-rc1' of ssh://gitolite./linux/kernel/git/jack/linux-fs
Pull misc filesystem updates from Jan Kara:
"A couple of small bugfixes and cleanups for quota, udf, ext2, and
reiserfs"
* tag 'fs_for_v5.2-rc1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
quota: check time limit when back out space/inode change
fs/quota: erase unused but set variable warning
quota: fix wrong indentation
udf: fix an uninitialized read bug and remove dead code
fs/reiserfs/journal.c: Make remove_journal_hash static
quota: remove trailing whitespaces
quota: code cleanup for __dquot_alloc_space()
ext2: Adjust the comment of function ext2_alloc_branch
udf: Explain handling of load_nls() failure
Corentin Labbe [Mon, 13 May 2019 13:06:39 +0000 (13:06 +0000)]
net: ethernet: stmmac: dwmac-sun8i: enable support of unicast filtering
When adding more MAC addresses to a dwmac-sun8i interface, the device goes
directly in promiscuous mode.
This is due to IFF_UNICAST_FLT missing flag.
So since the hardware support unicast filtering, let's add IFF_UNICAST_FLT.
Fixes: 9f93ac8d4085 ("net-next: stmmac: Add dwmac-sun8i")
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Grygorii Strashko [Mon, 13 May 2019 13:16:36 +0000 (16:16 +0300)]
net: ethernet: ti: netcp_ethss: fix build
Fix reported build fail:
ERROR: "cpsw_ale_flush_multicast" [drivers/net/ethernet/ti/keystone_netcp_ethss.ko] undefined!
ERROR: "cpsw_ale_create" [drivers/net/ethernet/ti/keystone_netcp_ethss.ko] undefined!
ERROR: "cpsw_ale_add_vlan" [drivers/net/ethernet/ti/keystone_netcp_ethss.ko] undefined!
Fixes: 16f54164828b ("net: ethernet: ti: cpsw: drop CONFIG_TI_CPSW_ALE config option")
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Mon, 13 May 2019 16:38:55 +0000 (09:38 -0700)]
flow_dissector: disable preemption around BPF calls
Various things in eBPF really require us to disable preemption
before running an eBPF program.
syzbot reported :
BUG: assuming atomic context at net/core/flow_dissector.c:737
in_atomic(): 0, irqs_disabled(): 0, pid: 24710, name: syz-executor.3
2 locks held by syz-executor.3/24710:
#0:
00000000e81a4bf1 (&tfile->napi_mutex){+.+.}, at: tun_get_user+0x168e/0x3ff0 drivers/net/tun.c:1850
#1:
00000000254afebd (rcu_read_lock){....}, at: __skb_flow_dissect+0x1e1/0x4bb0 net/core/flow_dissector.c:822
CPU: 1 PID: 24710 Comm: syz-executor.3 Not tainted 5.1.0+ #6
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x172/0x1f0 lib/dump_stack.c:113
__cant_sleep kernel/sched/core.c:6165 [inline]
__cant_sleep.cold+0xa3/0xbb kernel/sched/core.c:6142
bpf_flow_dissect+0xfe/0x390 net/core/flow_dissector.c:737
__skb_flow_dissect+0x362/0x4bb0 net/core/flow_dissector.c:853
skb_flow_dissect_flow_keys_basic include/linux/skbuff.h:1322 [inline]
skb_probe_transport_header include/linux/skbuff.h:2500 [inline]
skb_probe_transport_header include/linux/skbuff.h:2493 [inline]
tun_get_user+0x2cfe/0x3ff0 drivers/net/tun.c:1940
tun_chr_write_iter+0xbd/0x156 drivers/net/tun.c:2037
call_write_iter include/linux/fs.h:1872 [inline]
do_iter_readv_writev+0x5fd/0x900 fs/read_write.c:693
do_iter_write fs/read_write.c:970 [inline]
do_iter_write+0x184/0x610 fs/read_write.c:951
vfs_writev+0x1b3/0x2f0 fs/read_write.c:1015
do_writev+0x15b/0x330 fs/read_write.c:1058
__do_sys_writev fs/read_write.c:1131 [inline]
__se_sys_writev fs/read_write.c:1128 [inline]
__x64_sys_writev+0x75/0xb0 fs/read_write.c:1128
do_syscall_64+0x103/0x670 arch/x86/entry/common.c:298
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Fixes: d58e468b1112 ("flow_dissector: implements flow dissector BPF hook")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: Petar Penkov <ppenkov@google.com>
Cc: Stanislav Fomichev <sdf@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jarod Wilson [Fri, 10 May 2019 21:57:09 +0000 (17:57 -0400)]
bonding: fix arp_validate toggling in active-backup mode
There's currently a problem with toggling arp_validate on and off with an
active-backup bond. At the moment, you can start up a bond, like so:
modprobe bonding mode=1 arp_interval=100 arp_validate=0 arp_ip_targets=192.168.1.1
ip link set bond0 down
echo "ens4f0" > /sys/class/net/bond0/bonding/slaves
echo "ens4f1" > /sys/class/net/bond0/bonding/slaves
ip link set bond0 up
ip addr add 192.168.1.2/24 dev bond0
Pings to 192.168.1.1 work just fine. Now turn on arp_validate:
echo 1 > /sys/class/net/bond0/bonding/arp_validate
Pings to 192.168.1.1 continue to work just fine. Now when you go to turn
arp_validate off again, the link falls flat on it's face:
echo 0 > /sys/class/net/bond0/bonding/arp_validate
dmesg
...
[133191.911987] bond0: Setting arp_validate to none (0)
[133194.257793] bond0: bond_should_notify_peers: slave ens4f0
[133194.258031] bond0: link status definitely down for interface ens4f0, disabling it
[133194.259000] bond0: making interface ens4f1 the new active one
[133197.330130] bond0: link status definitely down for interface ens4f1, disabling it
[133197.331191] bond0: now running without any active interface!
The problem lies in bond_options.c, where passing in arp_validate=0
results in bond->recv_probe getting set to NULL. This flies directly in
the face of commit
3fe68df97c7f, which says we need to set recv_probe =
bond_arp_recv, even if we're not using arp_validate. Said commit fixed
this in bond_option_arp_interval_set, but missed that we can get to that
same state in bond_option_arp_validate_set as well.
One solution would be to universally set recv_probe = bond_arp_recv here
as well, but I don't think bond_option_arp_validate_set has any business
touching recv_probe at all, and that should be left to the arp_interval
code, so we can just make things much tidier here.
Fixes: 3fe68df97c7f ("bonding: always set recv_probe to bond_arp_rcv in arp monitor")
CC: Jay Vosburgh <j.vosburgh@gmail.com>
CC: Veaceslav Falico <vfalico@gmail.com>
CC: Andy Gospodarek <andy@greyhouse.net>
CC: "David S. Miller" <davem@davemloft.net>
CC: netdev@vger.kernel.org
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Signed-off-by: Jay Vosburgh <jay.vosburgh@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jerome Brunet [Sun, 12 May 2019 21:12:37 +0000 (23:12 +0200)]
net: meson: fixup g12a glue ephy id
The phy id chosen by Amlogic is incorrectly set in the mdio mux and
does not match the phy driver.
It was not detected before because DT forces the use the correct driver
for the internal PHY.
Fixes: 7090425104db ("net: phy: add amlogic g12a mdio mux support")
Reported-by: Qi Duan <qi.duan@amlogic.com>
Signed-off-by: Jerome Brunet <jbrunet@baylibre.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Kunihiko Hayashi [Mon, 13 May 2019 06:41:45 +0000 (15:41 +0900)]
net: phy: realtek: Replace phy functions with non-locked version in rtl8211e_config_init()
After calling phy_select_page() and until calling phy_restore_page(),
the mutex 'mdio_lock' is already locked, so the driver should use
non-locked version of phy functions. Or there will be a deadlock with
'mdio_lock'.
This replaces phy functions called from rtl8211e_config_init() to avoid
the deadlock issue.
Fixes: f81dadbcf7fd ("net: phy: realtek: Add rtl8211e rx/tx delays config")
Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Bogendoerfer [Mon, 13 May 2019 11:15:17 +0000 (13:15 +0200)]
net: seeq: fix crash caused by not set dev.parent
The old MIPS implementation of dma_cache_sync() didn't use the dev argument,
but commit
c9eb6172c328 ("dma-mapping: turn dma_cache_sync into a
dma_map_ops method") changed that, so we now need to set dev.parent.
Signed-off-by: Thomas Bogendoerfer <tbogendoerfer@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Mon, 13 May 2019 15:55:15 +0000 (08:55 -0700)]
Merge git://git./pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says:
====================
Netfilter fixes for net
The following patchset contains Netfilter fixes for net:
1) Postpone chain policy update to drop after transaction is complete,
from Florian Westphal.
2) Add entry to flowtable after confirmation to fix UDP flows with
packets going in one single direction.
3) Reference count leak in dst object, from Taehee Yoo.
4) Check for TTL field in flowtable datapath, from Taehee Yoo.
5) Fix h323 conntrack helper due to incorrect boundary check,
from Jakub Jankowski.
6) Fix incorrect rcu dereference when fetching basechain stats,
from Florian Westphal.
7) Missing error check when adding new entries to flowtable,
from Taehee Yoo.
8) Use version field in nfnetlink message to honor the nfgen_family
field, from Kristian Evensen.
9) Remove incorrect configuration check for CONFIG_NF_CONNTRACK_IPV6,
from Subash Abhinov Kasiviswanathan.
10) Prevent dying entries from being added to the flowtable,
from Taehee Yoo.
11) Don't hit WARN_ON() with malformed blob in ebtables with
trailing data after last rule, reported by syzbot, patch
from Florian Westphal.
12) Remove NFT_CT_TIMEOUT enumeration, never used in the kernel
code.
13) Fix incorrect definition for NFT_LOGLEVEL_MAX, from Florian
Westphal.
This batch comes with a conflict that can be fixed with this patch:
diff --cc include/uapi/linux/netfilter/nf_tables.h
index
7bdb234f3d8c,
f0cf7b0f4f35..
505393c6e959
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@@ -966,6 -966,8 +966,7 @@@ enum nft_socket_keys
* @NFT_CT_DST_IP: conntrack layer 3 protocol destination (IPv4 address)
* @NFT_CT_SRC_IP6: conntrack layer 3 protocol source (IPv6 address)
* @NFT_CT_DST_IP6: conntrack layer 3 protocol destination (IPv6 address)
- * @NFT_CT_TIMEOUT: connection tracking timeout policy assigned to conntrack
+ * @NFT_CT_ID: conntrack id
*/
enum nft_ct_keys {
NFT_CT_STATE,
@@@ -991,6 -993,8 +992,7 @@@
NFT_CT_DST_IP,
NFT_CT_SRC_IP6,
NFT_CT_DST_IP6,
- NFT_CT_TIMEOUT,
+ NFT_CT_ID,
__NFT_CT_MAX
};
#define NFT_CT_MAX (__NFT_CT_MAX - 1)
That replaces the unused NFT_CT_TIMEOUT definition by NFT_CT_ID. If you prefer,
I can also solve this conflict here, just let me know.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Petr Štetiar [Mon, 13 May 2019 09:41:39 +0000 (11:41 +0200)]
of_net: Fix missing of_find_device_by_node ref count drop
of_find_device_by_node takes a reference to the embedded struct device
which needs to be dropped after use.
Fixes: d01f449c008a ("of_net: add NVMEM support to of_get_mac_address")
Reported-by: kbuild test robot <lkp@intel.com>
Reported-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Maxime Chevallier [Mon, 13 May 2019 07:30:33 +0000 (09:30 +0200)]
net: mvpp2: cls: Add missing NETIF_F_NTUPLE flag
Now that the mvpp2 driver supports classification offloading, we must
add the NETIF_F_NTUPLE to the features list.
Since the current code doesn't allow disabling the feature, we don't set
the flag in dev->hw_features.
Fixes: 90b509b39ac9 ("net: mvpp2: cls: Add Classification offload support")
Reported-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Acked-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Mon, 13 May 2019 13:23:18 +0000 (09:23 -0400)]
Merge tag 'iommu-updates-v5.2' of ssh://gitolite./linux/kernel/git/joro/iommu
Pull IOMMU updates from Joerg Roedel:
- ATS support for ARM-SMMU-v3.
- AUX domain support in the IOMMU-API and the Intel VT-d driver. This
adds support for multiple DMA address spaces per (PCI-)device. The
use-case is to multiplex devices between host and KVM guests in a
more flexible way than supported by SR-IOV.
- the rest are smaller cleanups and fixes, two of which needed to be
reverted after testing in linux-next.
* tag 'iommu-updates-v5.2' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/joro/iommu: (45 commits)
Revert "iommu/amd: Flush not present cache in iommu_map_page"
Revert "iommu/amd: Remove the leftover of bypass support"
iommu/vt-d: Fix leak in intel_pasid_alloc_table on error path
iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU
iommu/vt-d: Set intel_iommu_gfx_mapped correctly
iommu/amd: Flush not present cache in iommu_map_page
iommu/vt-d: Cleanup: no spaces at the start of a line
iommu/vt-d: Don't request page request irq under dmar_global_lock
iommu/vt-d: Use struct_size() helper
iommu/mediatek: Fix leaked of_node references
iommu/amd: Remove amd_iommu_pd_list
iommu/arm-smmu: Log CBFRSYNRA register on context fault
iommu/arm-smmu-v3: Don't disable SMMU in kdump kernel
iommu/arm-smmu-v3: Disable tagged pointers
iommu/arm-smmu-v3: Add support for PCI ATS
iommu/arm-smmu-v3: Link domains and devices
iommu/arm-smmu-v3: Add a master->domain pointer
iommu/arm-smmu-v3: Store SteamIDs in master
iommu/arm-smmu-v3: Rename arm_smmu_master_data to arm_smmu_master
ACPI/IORT: Check ATS capability in root complex nodes
...
Linus Torvalds [Mon, 13 May 2019 13:20:42 +0000 (09:20 -0400)]
Merge tag 'linux-watchdog-5.2-rc1' of git://linux-watchdog.org/linux-watchdog
Pull watchdog updates from Wim Van Sebroeck:
- a new watchdog driver for the ROHM
BD70528 watchdog block
- a new watchdog driver for the i.MX system controller watchdog
- conversions to use device managed functions and other improvements
- refactor watchdog_init_timeout
- make watchdog core configurable as module
- pretimeout governors improvements
- a lot of other fixes
* tag 'linux-watchdog-5.2-rc1' of git://www.linux-watchdog.org/linux-watchdog: (114 commits)
watchdog: Enforce that at least one pretimeout governor is enabled
watchdog: stm32: add dynamic prescaler support
watchdog: Improve Kconfig entry ordering and dependencies
watchdog: npcm: Enable modular builds
watchdog: Make watchdog core configurable as module
watchdog: Move pretimeout governor configuration up
watchdog: Use depends instead of select for pretimeout governors
watchdog: rtd119x: drop unused module.h include
watchdog: intel_scu: make it explicitly non-modular
watchdog: coh901327: make it explicitly non-modular
watchdog: ziirave_wdt: drop warning after calling watchdog_init_timeout
watchdog: xen_wdt: drop warning after calling watchdog_init_timeout
watchdog: stm32_iwdg: drop warning after calling watchdog_init_timeout
watchdog: st_lpc_wdt: drop warning after calling watchdog_init_timeout
watchdog: sp5100_tco: drop warning after calling watchdog_init_timeout
watchdog: renesas_wdt: drop warning after calling watchdog_init_timeout
watchdog: nic7018_wdt: drop warning after calling watchdog_init_timeout
watchdog: ni903x_wdt: drop warning after calling watchdog_init_timeout
watchdog: imx_sc_wdt: drop warning after calling watchdog_init_timeout
watchdog: i6300esb: drop warning after calling watchdog_init_timeout
...
David S. Miller [Mon, 13 May 2019 03:03:35 +0000 (20:03 -0700)]
Merge git://git./pub/scm/linux/kernel/git/bpf/bpf
Daniel Borkmann says:
====================
pull-request: bpf 2019-05-13
The following pull-request contains BPF updates for your *net* tree.
The main changes are:
1) Fix out of bounds backwards jumps due to a bug in dead code
removal, from Daniel.
2) Fix libbpf users by detecting unsupported BTF kernel features
and sanitize them before load, from Andrii.
3) Fix undefined behavior in narrow load handling of context
fields, from Krzesimir.
4) Various BPF uapi header doc/man page fixes, from Quentin.
5) Misc .gitignore fixups to exclude built files, from Kelsey.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Krzesimir Nowak [Wed, 8 May 2019 16:08:58 +0000 (18:08 +0200)]
bpf: fix undefined behavior in narrow load handling
Commit
31fd85816dbe ("bpf: permits narrower load from bpf program
context fields") made the verifier add AND instructions to clear the
unwanted bits with a mask when doing a narrow load. The mask is
computed with
(1 << size * 8) - 1
where "size" is the size of the narrow load. When doing a 4 byte load
of a an 8 byte field the verifier shifts the literal 1 by 32 places to
the left. This results in an overflow of a signed integer, which is an
undefined behavior. Typically, the computed mask was zero, so the
result of the narrow load ended up being zero too.
Cast the literal to long long to avoid overflows. Note that narrow
load of the 4 byte fields does not have the undefined behavior,
because the load size can only be either 1 or 2 bytes, so shifting 1
by 8 or 16 places will not overflow it. And reading 4 bytes would not
be a narrow load of a 4 bytes field.
Fixes: 31fd85816dbe ("bpf: permits narrower load from bpf program context fields")
Reviewed-by: Alban Crequy <alban@kinvolk.io>
Reviewed-by: Iago López Galeiras <iago@kinvolk.io>
Signed-off-by: Krzesimir Nowak <krzesimir@kinvolk.io>
Cc: Yonghong Song <yhs@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Andrii Nakryiko [Fri, 10 May 2019 21:13:15 +0000 (14:13 -0700)]
libbpf: detect supported kernel BTF features and sanitize BTF
Depending on used versions of libbpf, Clang, and kernel, it's possible to
have valid BPF object files with valid BTF information, that still won't
load successfully due to Clang emitting newer BTF features (e.g.,
BTF_KIND_FUNC, .BTF.ext's line_info/func_info, BTF_KIND_DATASEC, etc), that
are not yet supported by older kernel.
This patch adds detection of BTF features and sanitizes BPF object's BTF
by substituting various supported BTF kinds, which have compatible layout:
- BTF_KIND_FUNC -> BTF_KIND_TYPEDEF
- BTF_KIND_FUNC_PROTO -> BTF_KIND_ENUM
- BTF_KIND_VAR -> BTF_KIND_INT
- BTF_KIND_DATASEC -> BTF_KIND_STRUCT
Replacement is done in such a way as to preserve as much information as
possible (names, sizes, etc) where possible without violating kernel's
validation rules.
v2->v3:
- remove duplicate #defines from libbpf_util.h
v1->v2:
- add internal libbpf_internal.h w/ common stuff
- switch SK storage BTF to use new libbpf__probe_raw_btf()
Reported-by: Alexei Starovoitov <ast@fb.com>
Signed-off-by: Andrii Nakryiko <andriin@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Kelsey Skunberg [Sun, 12 May 2019 07:29:18 +0000 (01:29 -0600)]
selftests: bpf: Add files generated after build to .gitignore
The following files are generated after building /selftests/bpf/ and
should be added to .gitignore:
- libbpf.pc
- libbpf.so.*
Signed-off-by: Kelsey Skunberg <skunberg.kelsey@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Daniel Borkmann [Sun, 12 May 2019 23:12:46 +0000 (01:12 +0200)]
Merge branch 'bpf-uapi-doc-fixes'
Quentin Monnet says:
====================
Another round of fixes for the doc in the BPF UAPI header, which can be
turned into a manual page. First patch is the most important, as it fixes
parsing for the bpf_strtoul() helper doc. Following patches are formatting
fixes (nitpicks, mostly). The last one updates the copy of the header,
located under tools/.
====================
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Quentin Monnet [Fri, 10 May 2019 14:51:25 +0000 (15:51 +0100)]
tools: bpf: synchronise BPF UAPI header with tools
Synchronise the bpf.h header under tools, to report the fixes and
additions recently brought to the documentation for the BPF helpers.
Signed-off-by: Quentin Monnet <quentin.monnet@netronome.com>
Acked-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Quentin Monnet [Fri, 10 May 2019 14:51:24 +0000 (15:51 +0100)]
bpf: fix minor issues in documentation for BPF helpers.
This commit brings many minor fixes to the documentation for BPF helper
functions. Mostly, this is limited to formatting fixes and improvements.
In particular, fix broken formatting for bpf_skb_adjust_room().
Besides formatting, replace the mention of "bpf_fullsock()" (that is not
associated with any function or type exposed to the user) in the
description of bpf_sk_storage_get() by "full socket".
Signed-off-by: Quentin Monnet <quentin.monnet@netronome.com>
Acked-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Quentin Monnet [Fri, 10 May 2019 14:51:23 +0000 (15:51 +0100)]
bpf: fix recurring typo in documentation for BPF helpers
"Underlaying packet buffer" should be an "underlying" one, in the
warning about invalidated data and data_end pointers. Through
copy-and-paste, the typo occurred no fewer than 19 times in the
documentation. Let's fix it.
Signed-off-by: Quentin Monnet <quentin.monnet@netronome.com>
Acked-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Quentin Monnet [Fri, 10 May 2019 14:51:22 +0000 (15:51 +0100)]
bpf: fix script for generating man page on BPF helpers
The script broke on parsing function prototype for bpf_strtoul(). This
is because the last argument for the function is a pointer to an
"unsigned long". The current version of the script only accepts "const"
and "struct", but not "unsigned", at the beginning of argument types
made of several words.
One solution could be to add "unsigned" to the list, but the issue could
come up again in the future (what about "long int"?). It turns out we do
not need to have such restrictions on the words: so let's simply accept
any series of words instead.
Reported-by: Yonghong Song <yhs@fb.com>
Signed-off-by: Quentin Monnet <quentin.monnet@netronome.com>
Acked-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Daniel Borkmann [Fri, 10 May 2019 22:51:33 +0000 (22:51 +0000)]
bpf: add various test cases for backward jumps
Add a couple of tests to make sure branch(/call) offset adjustments
are correctly performed.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Linus Torvalds [Sun, 12 May 2019 22:16:31 +0000 (18:16 -0400)]
Merge tag 'upstream-5.2-rc1' of ssh://gitolite./linux/kernel/git/rw/ubifs
Pull UBI/UBIFS updates from Richard Weinberger:
- fscrypt framework usage updates
- One huge fix for xattr unlink
- Cleanup of fscrypt ifdefs
- Fix for our new UBIFS auth feature
* tag 'upstream-5.2-rc1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/rw/ubifs:
ubi: wl: Fix uninitialized variable
ubifs: Drop unnecessary setting of zbr->znode
ubifs: Remove ifdefs around CONFIG_UBIFS_ATIME_SUPPORT
ubifs: Remove #ifdef around CONFIG_FS_ENCRYPTION
ubifs: Limit number of xattrs per inode
ubifs: orphan: Handle xattrs like files
ubifs: journal: Handle xattrs like files
ubifs: find.c: replace swap function with built-in one
ubifs: Do not skip hash checking in data nodes
ubifs: work around high stack usage with clang
ubifs: remove unused function __ubifs_shash_final
ubifs: remove unnecessary #ifdef around fscrypt_ioctl_get_policy()
ubifs: remove unnecessary calls to set up directory key
Linus Torvalds [Sun, 12 May 2019 21:57:52 +0000 (17:57 -0400)]
Merge tag 'mtd/for-5.2' of ssh://gitolite./linux/kernel/git/mtd/linux
Pull MTD updates from Richard Weinberger:
"MTD core changes:
- New AFS partition parser
- Update MAINTAINERS entry
- Use of fall-throughs markers
NAND core changes:
- Support having the bad block markers in either the first, second or
last page of a block. The combination of all three location is now
possible.
- Constification of NAND_OP_PARSER(_PATTERN) elements.
- Generic NAND DT bindings changed to yaml format (can be used to
check the proposed bindings. First platform to be fully supported:
sunxi.
- Stopped using several legacy hooks.
- Preparation to use the generic NAND layer with the addition of
several helpers and the removal of the struct nand_chip from
generic functions.
- Kconfig cleanup to prepare the introduction of external ECC engines
support.
- Fallthrough comments.
- Introduction of the SPI-mem dirmap API for SPI-NAND devices.
Raw NAND controller drivers changes:
- nandsim:
- Switch to ->exec-op().
- meson:
- Misc cleanups and fixes.
- New OOB layout.
- Sunxi:
- A23/A33 NAND DMA support.
- Ingenic:
- Full reorganization and cleanup.
- Clear separation between NAND controller and ECC engine.
- Support JZ4740 an JZ4725B.
- Denali:
- Clear controller/chip separation.
- ->exec_op() migration.
- Various cleanups.
- fsl_elbc:
- Enable software ECC support.
- Atmel:
- Sam9x60 support.
- GPMI:
- Introduce the GPMI_IS_MXS() macro.
- Various trivial/spelling/coding style fixes.
SPI NOR core changes:
- Print all JEDEC ID bytes on error
- Fix comment of spi_nor_find_best_erase_type()
- Add region locking flags for s25fl512s
SPI NOR controller drivers changes:
- intel-spi:
- Avoid crossing 4K address boundary on read/write
- Add support for Intel Comet Lake SPI serial flash"
* tag 'mtd/for-5.2' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/mtd/linux: (120 commits)
mtd: part: fix incorrect format specifier for an unsigned long long
mtd: lpddr_cmds: Mark expected switch fall-through
mtd: phram: Mark expected switch fall-throughs
mtd: cfi_cmdset_0002: Mark expected switch fall-throughs
mtd: cfi_util: mark expected switch fall-throughs
MAINTAINERS: MTD Git repository is hosted on kernel.org
MAINTAINERS: Update jffs2 entry
mtd: afs: add v2 partition parsing
mtd: afs: factor the IIS read into partition parser
mtd: afs: factor footer parsing into the v1 part parsing
mtd: factor out v1 partition parsing
mtd: afs: simplify partition detection
mtd: afs: simplify partition parsing
mtd: partitions: Add OF support to AFS partitions
mtd: partitions: Add AFS partitions DT bindings
mtd: afs: Move AFS partition parser to parsers subdir
mtd: maps: Make uclinux_ram_map static
mtd: maps: Allow MTD_PHYSMAP with MTD_RAM
MAINTAINERS: Add myself as MTD maintainer
MAINTAINERS: Remove my name from the MTD and NAND entries
...
Linus Torvalds [Sun, 12 May 2019 21:52:13 +0000 (17:52 -0400)]
Merge tag 'for-linus-5.2-rc1' of ssh://gitolite./linux/kernel/git/rw/uml
Pull UML updates from Richard Weinberger:
- Kconfig cleanups
- Fix cpu_all_mask() usage
- Various bug fixes
* tag 'for-linus-5.2-rc1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/rw/uml:
um: irq: don't set the chip for all irqs
um: define set_pte_at() as a static inline function, not a macro
um: remove uses of variable length arrays
um: remove unused variable
uml: fix a boot splat wrt use of cpu_all_mask
um: Do not unlock mutex that is not hold.
hostfs: fix mismatch between link_file definition and declaration
arch: um: drivers: Kconfig: pedantic formatting
arch: um: Kconfig: pedantic indention cleanups
um: Revert to using stack for pt_regs in signal handling
Hariprasad Kelam [Sun, 12 May 2019 10:39:49 +0000 (16:09 +0530)]
net: dccp : proto: remove Unneeded variable "err"
Fix below issue reported by coccicheck
net/dccp/proto.c:266:5-8: Unneeded variable: "err". Return "0" on line
310
Signed-off-by: Hariprasad Kelam <hariprasad.kelam@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Sun, 12 May 2019 20:19:46 +0000 (13:19 -0700)]
Merge branch 'dsa-Fix-a-bug-and-avoid-dangerous-usage-patterns'
Vladimir Oltean says:
====================
Fix a bug and avoid dangerous usage patterns around DSA_SKB_CB
Making DSA use the sk_buff control block was my idea during the
'Traffic-support-for-SJA1105-DSA-driver' patchset, and I had also
introduced a series of macro helpers that turned out to not be so
helpful:
1. DSA_SKB_ZERO() zeroizes the 48-byte skb->cb area, but due to the high
performance impact in the hotpath it was only intended to be called
from the timestamping path. But it turns out that not zeroizing it
has uncovered the reading of an uninitialized member field of
DSA_SKB_CB, so in the future just be careful about what needs
initialization and remove this macro.
2. DSA_SKB_CLONE() contains a flaw in its body definition (originally
put there to silence checkpatch.pl) and is unusable at this point
(will only cause NPE's when used). So remove it.
3. For DSA_SKB_COPY() the same performance considerations apply as above
and therefore it's best to prune this function before it reaches a
stable kernel and potentially any users.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Vladimir Oltean [Sat, 11 May 2019 20:14:47 +0000 (23:14 +0300)]
net: dsa: Remove the now unused DSA_SKB_CB_COPY() macro
It's best to not expose this, due to the performance hit it may cause
when calling it.
Fixes: b68b0dd0fb2d ("net: dsa: Keep private info in the skb->cb")
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Vladimir Oltean [Sat, 11 May 2019 20:14:46 +0000 (23:14 +0300)]
net: dsa: Remove dangerous DSA_SKB_CLONE() macro
This does not cause any bug now because it has no users, but its body
contains two pointer definitions within a code block:
struct sk_buff *clone = _clone; \
struct sk_buff *skb = _skb; \
When calling the macro as DSA_SKB_CLONE(clone, skb), these variables
would obscure the arguments that the macro was called with, and the
initializers would be a no-op instead of doing their job (undefined
behavior, by the way, but GCC nicely puts NULL pointers instead).
So simply remove this broken macro and leave users to simply call
"DSA_SKB_CB(skb)->clone = clone" by hand when needed.
There is one functional difference when doing what I just suggested
above: the control block won't be transferred from the original skb into
the clone. Since there's no foreseen need for the control block in the
clone ATM, this is ok.
Fixes: b68b0dd0fb2d ("net: dsa: Keep private info in the skb->cb")
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Vladimir Oltean [Sat, 11 May 2019 20:14:45 +0000 (23:14 +0300)]
net: dsa: Initialize DSA_SKB_CB(skb)->deferred_xmit variable
The sk_buff control block can have any contents on xmit put there by the
stack, so initialization is mandatory, since we are checking its value
after the actual DSA xmit (the tagger may have changed it).
The DSA_SKB_ZERO() macro could have been used for this purpose, but:
- Zeroizing a 48-byte memory region in the hotpath is best avoided.
- It would have triggered a warning with newer compilers since
__dsa_skb_cb contains a structure within a structure, and the {0}
initializer was incorrect for that purpose.
So simply remove the DSA_SKB_ZERO() macro and initialize the
deferred_xmit variable by hand (which should be done for all further
dsa_skb_cb variables which need initialization - currently none - to
avoid the performance penalty).
Fixes: 97a69a0dea9a ("net: dsa: Add support for deferred xmit")
Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Florian Westphal [Sun, 12 May 2019 18:42:37 +0000 (20:42 +0200)]
netfilter: nf_tables: correct NFT_LOGLEVEL_MAX value
should be same as NFT_LOGLEVEL_AUDIT, so use -, not +.
Fixes: 7eced5ab5a73 ("netfilter: nf_tables: add NFT_LOGLEVEL_* enumeration and use it")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Linus Torvalds [Sun, 12 May 2019 11:00:21 +0000 (07:00 -0400)]
Merge tag 'tag-chrome-platform-for-v5.2' of ssh://gitolite./linux/kernel/git/chrome-platform/linux
Pull chrome platform updates from Benson Leung:
"CrOS EC:
- Add EC host command support using rpmsg
- Add new CrOS USB PD logging driver
- Transfer spi messages at high priority
- Add support to trace CrOS EC commands
- Minor fixes and cleanups in protocol and debugfs
Wilco EC:
- Standardize Wilco EC mailbox interface
- Add h1_gpio status to debugfs"
* tag 'tag-chrome-platform-for-v5.2' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/chrome-platform/linux:
platform/chrome: cros_ec_proto: Add trace event to trace EC commands
platform/chrome: cros_ec_debugfs: Use cros_ec_cmd_xfer_status helper
platform/chrome: cros_ec: Add EC host command support using rpmsg
platform/chrome: wilco_ec: Add h1_gpio status to debugfs
platform/chrome: wilco_ec: Standardize mailbox interface
platform/chrome: cros_ec_proto: check for NULL transfer function
platform/chrome: Add CrOS USB PD logging driver
platform/chrome: cros_ec_spi: Transfer messages at high priority
platform/chrome: cros_ec_debugfs: no need to check return value of debugfs_create functions
platform/chrome: cros_ec_debugfs: Remove dev_warn when console log is not supported
Heiner Kallweit [Sat, 11 May 2019 05:44:48 +0000 (07:44 +0200)]
net: phy: realtek: fix double page ops in generic Realtek driver
When adding missing callbacks I missed that one had them set already.
Interesting that the compiler didn't complain.
Fixes: daf3ddbe11a2 ("net: phy: realtek: add missing page operations")
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Nicholas Mc Guire [Sat, 11 May 2019 00:56:33 +0000 (02:56 +0200)]
net: qrtr: use protocol endiannes variable
sparse was unable to verify endiannes correctness due to reassignment
from le32_to_cpu to the same variable - fix this warning up by providing
a proper __le32 type and initializing it. This is not actually fixing
any bug - rather just addressing the sparse warning.
Signed-off-by: Nicholas Mc Guire <hofrat@osadl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Sat, 11 May 2019 14:54:43 +0000 (10:54 -0400)]
Merge tag 'gpio-v5.2-1' of git://git./linux/kernel/git/linusw/linux-gpio
Pull gpio updates from Linus Walleij:
"This is the bulk of the GPIO changes for the v5.2 kernel cycle. A bit
later than usual because I was ironing out my own mistakes. I'm
holding some stuff back for the next kernel as a result, and this
should be a healthy and well tested batch.
Core changes:
- The gpiolib MMIO driver has been enhanced to handle two direction
registers, i.e. one register to set lines as input and one register
to set lines as output. It turns out some silicon engineer thinks
the ability to configure a line as input and output at the same
time makes sense, this can be debated but includes a lot of analog
electronics reasoning, and the registers are there and need to be
handled consistently. Unsurprisingly, we enforce the lines to be
either inputs or outputs in such schemes.
- Send in the proper argument value to .set_config() dispatched to
the pin control subsystem. Nobody used it before, now someone does,
so fix it to work as expected.
- The ACPI gpiolib portions can now handle pin bias setting (pull up
or pull down). This has been in the ACPI spec for years and we
finally have it properly integrated with Linux GPIOs. It was based
on an observation from Andy Schevchenko that Thomas Petazzoni's
changes to the core for biasing the PCA950x GPIO expander actually
happen to fit hand-in-glove with what the ACPI core needed. Such
nice synergies happen sometimes.
New drivers:
- A new driver for the Mellanox BlueField GPIO controller. This is
using 64bit MMIO registers and can configure lines as inputs and
outputs at the same time and after improving the MMIO library we
handle it just fine. Interesting.
- A new IXP4xx proper gpiochip driver with hierarchical interrupts
should be coming in from the ARM SoC tree as well.
Driver enhancements:
- The PCA053x driver handles the CAT9554 GPIO expander.
- The PCA053x driver handles the NXP PCAL6416 GPIO expander.
- Wake-up support on PCA053x GPIO lines.
- OMAP now does a nice asynchronous IRQ handling on wake-ups by
letting everything wake up on edges, and this makes runtime PM work
as expected too.
Misc:
- Several cleanups such as devres fixes.
- Get rid of some languager comstructs that cause problems when
compiling with LLVMs clang.
- Documentation review and update"
* tag 'gpio-v5.2-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio: (85 commits)
gpio: Update documentation
docs: gpio: convert docs to ReST and rename to *.rst
gpio: sch: Remove write-only core_base
gpio: pxa: Make two symbols static
gpiolib: acpi: Respect pin bias setting
gpiolib: acpi: Add acpi_gpio_update_gpiod_lookup_flags() helper
gpiolib: acpi: Set pin value, based on bias, more accurately
gpiolib: acpi: Change type of dflags
gpiolib: Introduce GPIO_LOOKUP_FLAGS_DEFAULT
gpiolib: Make use of enum gpio_lookup_flags consistent
gpiolib: Indent entry values of enum gpio_lookup_flags
gpio: pca953x: add support for pca6416
dt-bindings: gpio: pca953x: document the nxp,pca6416
gpio: pca953x: add pcal6416 to the of_device_id table
gpio: gpio-omap: Remove conditional pm_runtime handling for GPIO interrupts
gpio: gpio-omap: configure edge detection for level IRQs for idle wakeup
tracing: stop making gpio tracing configurable
gpio: pca953x: Configure wake-up path when wake-up is enabled
gpio: of: Optimize quirk checks
gpio: mmio: Drop bgpio_dir_inverted
...
Linus Torvalds [Sat, 11 May 2019 14:47:46 +0000 (10:47 -0400)]
Merge tag 'vfio-v5.2-rc1' of git://github.com/awilliam/linux-vfio
Pull VFIO updates from Alex Williamson:
- Improve dev_printk() usage (Bjorn Helgaas)
- Fix issue with blocking in !TASK_RUNNING state while waiting for
userspace to release devices (Farhan Ali)
- Fix error path cleanup in nvlink setup (Greg Kurz)
- mdev-core cleanups and fixes in preparation for more use cases (Parav
Pandit)
- Cornelia has volunteered as an official vfio reviewer (Cornelia Huck)
* tag 'vfio-v5.2-rc1' of git://github.com/awilliam/linux-vfio:
vfio: Add Cornelia Huck as reviewer
vfio/mdev: Avoid inline get and put parent helpers
vfio/mdev: Fix aborting mdev child device removal if one fails
vfio/mdev: Follow correct remove sequence
vfio/mdev: Avoid masking error code to EBUSY
vfio/mdev: Drop redundant extern for exported symbols
vfio/mdev: Removed unused kref
vfio/mdev: Avoid release parent reference during error path
vfio-pci/nvlink2: Fix potential VMA leak
vfio: Fix WARNING "do not call blocking ops when !TASK_RUNNING"
vfio: Use dev_printk() when possible
Linus Torvalds [Sat, 11 May 2019 14:38:59 +0000 (10:38 -0400)]
Merge branch 'next-tomoyo2' of git://git./linux/kernel/git/jmorris/linux-security
Pull tomoyo updates from James Morris:
"Fixes to enable fuzz testing, and a fix for calculating whether a
filesystem is user-modifiable"
* 'next-tomoyo2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
tomoyo: Don't emit WARNING: string while fuzzing testing.
tomoyo: Change pathname calculation for read-only filesystems.
tomoyo: Check address length before reading address family
tomoyo: Add a kernel config option for fuzzing testing.
Linus Torvalds [Sat, 11 May 2019 14:27:34 +0000 (10:27 -0400)]
Merge tag 'xtensa-
20190510' of git://github.com/jcmvbkbc/linux-xtensa
Pull xtensa updates from Max Filippov:
- implement atomic operations using exclusive access Xtensa option
operations
- add support for Xtensa cores with memory protection unit (MPU)
- clean up xtensa-specific kernel-only headers
- fix error path in simdisk_setup
* tag 'xtensa-
20190510' of git://github.com/jcmvbkbc/linux-xtensa:
xtensa: implement initialize_cacheattr for MPU cores
xtensa: add exclusive atomics support
xtensa: clean up inline assembly in futex.h
xtensa: replace variant/core.h with asm/core.h
xtensa: drop ifdef __KERNEL__ from kernel-only headers
xtensa: set proper error code for simdisk_setup()
xtensa: fix incorrect fd close in error case of simdisk_setup()
Daniel Borkmann [Sat, 11 May 2019 01:03:09 +0000 (03:03 +0200)]
bpf: fix out of bounds backwards jmps due to dead code removal
systemtap folks reported the following splat recently:
[ 7790.862212] WARNING: CPU: 3 PID: 26759 at arch/x86/kernel/kprobes/core.c:1022 kprobe_fault_handler+0xec/0xf0
[...]
[ 7790.864113] CPU: 3 PID: 26759 Comm: sshd Not tainted 5.1.0-0.rc7.git1.1.fc31.x86_64 #1
[ 7790.864198] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS[...]
[ 7790.864314] RIP: 0010:kprobe_fault_handler+0xec/0xf0
[ 7790.864375] Code: 48 8b 50 [...]
[ 7790.864714] RSP: 0018:
ffffc06800bdbb48 EFLAGS:
00010082
[ 7790.864812] RAX:
ffff9e2b75a16320 RBX:
0000000000000000 RCX:
0000000000000000
[ 7790.865306] RDX:
ffffffffffffffff RSI:
000000000000000e RDI:
ffffc06800bdbbf8
[ 7790.865514] RBP:
ffffc06800bdbbf8 R08:
0000000000000000 R09:
0000000000000000
[ 7790.865960] R10:
0000000000000000 R11:
0000000000000000 R12:
ffffc06800bdbbf8
[ 7790.866037] R13:
ffff9e2ab56a0418 R14:
ffff9e2b6d0bb400 R15:
ffff9e2b6d268000
[ 7790.866114] FS:
00007fde49937d80(0000) GS:
ffff9e2b75a00000(0000) knlGS:
0000000000000000
[ 7790.866193] CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
[ 7790.866318] CR2:
0000000000000000 CR3:
000000012f312000 CR4:
00000000000006e0
[ 7790.866419] Call Trace:
[ 7790.866677] do_user_addr_fault+0x64/0x480
[ 7790.867513] do_page_fault+0x33/0x210
[ 7790.868002] async_page_fault+0x1e/0x30
[ 7790.868071] RIP: 0010: (null)
[ 7790.868144] Code: Bad RIP value.
[ 7790.868229] RSP: 0018:
ffffc06800bdbca8 EFLAGS:
00010282
[ 7790.868362] RAX:
ffff9e2b598b60f8 RBX:
ffffc06800bdbe48 RCX:
0000000000000004
[ 7790.868629] RDX:
0000000000000004 RSI:
ffffc06800bdbc6c RDI:
ffff9e2b598b60f0
[ 7790.868834] RBP:
ffffc06800bdbcf8 R08:
0000000000000000 R09:
0000000000000004
[ 7790.870432] R10:
00000000ff6f7a03 R11:
0000000000000000 R12:
0000000000000001
[ 7790.871859] R13:
ffffc06800bdbcb8 R14:
0000000000000000 R15:
ffff9e2acd0a5310
[ 7790.873455] ? vfs_read+0x5/0x170
[ 7790.874639] ? vfs_read+0x1/0x170
[ 7790.875834] ? trace_call_bpf+0xf6/0x260
[ 7790.877044] ? vfs_read+0x1/0x170
[ 7790.878208] ? vfs_read+0x5/0x170
[ 7790.879345] ? kprobe_perf_func+0x233/0x260
[ 7790.880503] ? vfs_read+0x1/0x170
[ 7790.881632] ? vfs_read+0x5/0x170
[ 7790.882751] ? kprobe_ftrace_handler+0x92/0xf0
[ 7790.883926] ? __vfs_read+0x30/0x30
[ 7790.885050] ? ftrace_ops_assist_func+0x94/0x100
[ 7790.886183] ? vfs_read+0x1/0x170
[ 7790.887283] ? vfs_read+0x5/0x170
[ 7790.888348] ? ksys_read+0x5a/0xe0
[ 7790.889389] ? do_syscall_64+0x5c/0xa0
[ 7790.890401] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
After some debugging, turns out that the logic in
2cbd95a5c4fb
("bpf: change parameters of call/branch offset adjustment") has
a bug that is exposed after
52875a04f4b2 ("bpf: verifier: remove
dead code") in that we miss some of the jump offset adjustments
after code patching when we remove dead code, more concretely,
upon backward jump spanning over the area that is being removed.
BPF insns of a case that was hit pre
52875a04f4b2:
[...]
676: (85) call bpf_perf_event_output#-47616
677: (05) goto pc-636
678: (62) *(u32 *)(r10 -64) = 0
679: (bf) r7 = r10
680: (07) r7 += -64
681: (05) goto pc-44
682: (05) goto pc-1
683: (05) goto pc-1
BPF insns afterwards:
[...]
618: (85) call bpf_perf_event_output#-47616
619: (05) goto pc-638
620: (62) *(u32 *)(r10 -64) = 0
621: (bf) r7 = r10
622: (07) r7 += -64
623: (05) goto pc-44
To illustrate the bug, situation looks as follows:
____
0 | | <-- foo: [...]
1 |____|
2 |____| <-- pos / end_new ^
3 | | |
4 | | | len
5 |____| | (remove region)
6 | | <-- end_old v
7 | |
8 | | <-- curr (jmp foo)
9 |____|
The condition curr >= end_new && curr + off + 1 < end_new in the
branch delta adjustments is never hit because curr + off + 1 <
end_new is compared as unsigned and therefore curr + off + 1 >
end_new in unsigned realm as curr + off + 1 becomes negative
since the insns are memmove()'d before the offset adjustments.
Correct BPF insns after this fix:
[...]
618: (85) call bpf_perf_event_output#-47216
619: (05) goto pc-578
620: (62) *(u32 *)(r10 -64) = 0
621: (bf) r7 = r10
622: (07) r7 += -64
623: (05) goto pc-44
Note that unprivileged case is not affected from this.
Fixes: 52875a04f4b2 ("bpf: verifier: remove dead code")
Fixes: 2cbd95a5c4fb ("bpf: change parameters of call/branch offset adjustment")
Reported-by: Frank Ch. Eigler <fche@redhat.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Chris Packham [Fri, 10 May 2019 09:00:25 +0000 (21:00 +1200)]
gcc-plugins: arm_ssp_per_task_plugin: Fix for older GCC < 6
Use gen_rtx_set instead of gen_rtx_SET. The former is a wrapper macro
that handles the difference between GCC versions implementing
the latter.
This fixes the following error on my system with g++ 5.4.0 as the host
compiler
HOSTCXX -fPIC scripts/gcc-plugins/arm_ssp_per_task_plugin.o
scripts/gcc-plugins/arm_ssp_per_task_plugin.c:42:14: error: macro "gen_rtx_SET" requires 3 arguments, but only 2 given
mask)),
^
scripts/gcc-plugins/arm_ssp_per_task_plugin.c: In function ‘unsigned int arm_pertask_ssp_rtl_execute()’:
scripts/gcc-plugins/arm_ssp_per_task_plugin.c:39:20: error: ‘gen_rtx_SET’ was not declared in this scope
emit_insn_before(gen_rtx_SET
Signed-off-by: Chris Packham <chris.packham@alliedtelesis.co.nz>
Fixes: 189af4657186 ("ARM: smp: add support for per-task stack canaries")
Cc: stable@vger.kernel.org
Tested-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Heiner Kallweit [Fri, 10 May 2019 20:11:26 +0000 (22:11 +0200)]
net: phy: realtek: add missing page operations
Add missing page operation callbacks to few Realtek drivers.
This also fixes a NPE after the referenced commit added code to the
RTL8211E driver that uses phy_select_page().
Fixes: f81dadbcf7fd ("net: phy: realtek: Add rtl8211e rx/tx delays config")
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Reported-by: Vicente Bergas <vicencb@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Fri, 10 May 2019 22:14:30 +0000 (15:14 -0700)]
Merge branch 'of_get_mac_address-fixes'
Petr Štetiar says:
====================
of_get_mac_address fixes
this patch series is hopefuly the last series of the fixes which are related
to the introduction of NVMEM support into of_get_mac_address.
First patch is removing `nvmem-mac-address` property which was wrong idea as
I've allocated the property with devm_kzalloc and then added it to DT, so then
2 entities would be refcounting the allocation. So if the driver unbinds, the
buffer is freed, but DT code would be still referencing that memory.
Second patch fixes some unwanted references to the Linux API in the DT
bindings documentation.
Patches 3-5 should hopefully make compilers and thus kbuild test robot happy.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Petr Štetiar [Fri, 10 May 2019 09:35:18 +0000 (11:35 +0200)]
net: wireless: mt76: fix similar warning reported by kbuild test robot
This patch fixes following (similar) warning reported by kbuild test robot:
In function ‘memcpy’,
inlined from ‘smsc75xx_init_mac_address’ at drivers/net/usb/smsc75xx.c:778:3,
inlined from ‘smsc75xx_bind’ at drivers/net/usb/smsc75xx.c:1501:2:
./include/linux/string.h:355:9: warning: argument 2 null where non-null expected [-Wnonnull]
return __builtin_memcpy(p, q, size);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/net/usb/smsc75xx.c: In function ‘smsc75xx_bind’:
./include/linux/string.h:355:9: note: in a call to built-in function ‘__builtin_memcpy’
I've replaced the offending memcpy with ether_addr_copy, because I'm
100% sure, that of_get_mac_address can't return NULL as it returns valid
pointer or ERR_PTR encoded value, nothing else.
I'm hesitant to just change IS_ERR into IS_ERR_OR_NULL check, as this
would make the warning disappear also, but it would be confusing to
check for impossible return value just to make a compiler happy.
I'm now changing all occurencies of memcpy to ether_addr_copy after the
of_get_mac_address call, as it's very likely, that we're going to get
similar reports from kbuild test robot in the future.
Fixes: d31a36b5f407 ("net: wireless: support of_get_mac_address new ERR_PTR error")
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
Petr Štetiar [Fri, 10 May 2019 09:35:17 +0000 (11:35 +0200)]
net: ethernet: fix similar warning reported by kbuild test robot
This patch fixes following (similar) warning reported by kbuild test robot:
In function ‘memcpy’,
inlined from ‘smsc75xx_init_mac_address’ at drivers/net/usb/smsc75xx.c:778:3,
inlined from ‘smsc75xx_bind’ at drivers/net/usb/smsc75xx.c:1501:2:
./include/linux/string.h:355:9: warning: argument 2 null where non-null expected [-Wnonnull]
return __builtin_memcpy(p, q, size);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/net/usb/smsc75xx.c: In function ‘smsc75xx_bind’:
./include/linux/string.h:355:9: note: in a call to built-in function ‘__builtin_memcpy’
I've replaced the offending memcpy with ether_addr_copy, because I'm
100% sure, that of_get_mac_address can't return NULL as it returns valid
pointer or ERR_PTR encoded value, nothing else.
I'm hesitant to just change IS_ERR into IS_ERR_OR_NULL check, as this
would make the warning disappear also, but it would be confusing to
check for impossible return value just to make a compiler happy.
I'm now changing all occurencies of memcpy to ether_addr_copy after the
of_get_mac_address call, as it's very likely, that we're going to get
similar reports from kbuild test robot in the future.
Fixes: a51645f70f63 ("net: ethernet: support of_get_mac_address new ERR_PTR error")
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
Petr Štetiar [Fri, 10 May 2019 09:35:16 +0000 (11:35 +0200)]
powerpc: tsi108: fix similar warning reported by kbuild test robot
This patch fixes following (similar) warning reported by kbuild test robot:
In function ‘memcpy’,
inlined from ‘smsc75xx_init_mac_address’ at drivers/net/usb/smsc75xx.c:778:3,
inlined from ‘smsc75xx_bind’ at drivers/net/usb/smsc75xx.c:1501:2:
./include/linux/string.h:355:9: warning: argument 2 null where non-null expected [-Wnonnull]
return __builtin_memcpy(p, q, size);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/net/usb/smsc75xx.c: In function ‘smsc75xx_bind’:
./include/linux/string.h:355:9: note: in a call to built-in function ‘__builtin_memcpy’
I've replaced the offending memcpy with ether_addr_copy, because I'm
100% sure, that of_get_mac_address can't return NULL as it returns valid
pointer or ERR_PTR encoded value, nothing else.
I'm hesitant to just change IS_ERR into IS_ERR_OR_NULL check, as this
would make the warning disappear also, but it would be confusing to
check for impossible return value just to make a compiler happy.
I'm now changing all occurencies of memcpy to ether_addr_copy after the
of_get_mac_address call, as it's very likely, that we're going to get
similar reports from kbuild test robot in the future.
Fixes: ea168cdf1299 ("powerpc: tsi108: support of_get_mac_address new ERR_PTR error")
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
Petr Štetiar [Fri, 10 May 2019 09:35:15 +0000 (11:35 +0200)]
dt-bindings: doc: net: remove Linux API references
In commit
687e3d5550c7 ("dt-bindings: doc: reflect new NVMEM
of_get_mac_address behaviour") I've kept or added references to Linux
of_get_mac_address API which is unwanted so this patch fixes that by
removing those references.
Fixes: 687e3d5550c7 ("dt-bindings: doc: reflect new NVMEM of_get_mac_address behaviour")
Suggested-by: Rob Herring <robh@kernel.org>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
Petr Štetiar [Fri, 10 May 2019 09:35:14 +0000 (11:35 +0200)]
of_net: remove nvmem-mac-address property
In commit
d01f449c008a ("of_net: add NVMEM support to
of_get_mac_address") I've added `nvmem-mac-address` property which was
wrong idea as I've allocated the property with devm_kzalloc and then
added it to DT, so then 2 entities would be refcounting the allocation.
So if the driver unbinds, the buffer is freed, but DT code would be
still referencing that memory.
I'm removing this property completely instead of fixing it, as it's not
needed to have it.
Fixes: d01f449c008a ("of_net: add NVMEM support to of_get_mac_address")
Suggested-by: Rob Herring <robh@kernel.org>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Falcon [Fri, 10 May 2019 04:13:44 +0000 (23:13 -0500)]
net/ibmvnic: Update carrier state after link state change
Only set the device carrier state to on after receiving an up link
state indication from the underlying adapter. Likewise, if a down
link indication is receieved, update the carrier state accordingly.
This fix ensures that accurate carrier state is reported by the driver
following a link state update by the underlying adapter.
Signed-off-by: Thomas Falcon <tlfalcon@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Thomas Falcon [Fri, 10 May 2019 04:13:43 +0000 (23:13 -0500)]
net/ibmvnic: Update MAC address settings after adapter reset
It was discovered in testing that the underlying hardware MAC
address will revert to initial settings following a device reset,
but the driver fails to resend the current OS MAC settings. This
oversight can result in dropped packets should the scenario occur.
Fix this by informing hardware of current MAC address settings
following any adapter initialization or resets.
Signed-off-by: Thomas Falcon <tlfalcon@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
YueHaibing [Fri, 10 May 2019 03:00:28 +0000 (11:00 +0800)]
dsa: tag_brcm: Fix build error without CONFIG_NET_DSA_TAG_BRCM_PREPEND
Fix gcc build error:
net/dsa/tag_brcm.c:211:16: error: brcm_prepend_netdev_ops undeclared here (not in a function); did you mean brcm_netdev_ops?
DSA_TAG_DRIVER(brcm_prepend_netdev_ops);
^
./include/net/dsa.h:708:10: note: in definition of macro DSA_TAG_DRIVER
.ops = &__ops, \
^~~~~
./include/net/dsa.h:701:36: warning: dsa_tag_driver_brcm_prepend_netdev_ops defined but not used [-Wunused-variable]
#define DSA_TAG_DRIVER_NAME(__ops) dsa_tag_driver ## _ ## __ops
^
./include/net/dsa.h:707:30: note: in expansion of macro DSA_TAG_DRIVER_NAME
static struct dsa_tag_driver DSA_TAG_DRIVER_NAME(__ops) = { \
^~~~~~~~~~~~~~~~~~~
net/dsa/tag_brcm.c:211:1: note: in expansion of macro DSA_TAG_DRIVER
DSA_TAG_DRIVER(brcm_prepend_netdev_ops);
Like the CONFIG_NET_DSA_TAG_BRCM case,
brcm_prepend_netdev_ops and DSA_TAG_PROTO_BRCM_PREPEND
should be wrappeed by CONFIG_NET_DSA_TAG_BRCM_PREPEND.
Reported-by: Hulk Robot <hulkci@huawei.com>
Fixes: b74b70c44986 ("net: dsa: Support prepended Broadcom tag")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Tobin C. Harding [Fri, 10 May 2019 02:52:12 +0000 (12:52 +1000)]
bridge: Fix error path for kobject_init_and_add()
Currently error return from kobject_init_and_add() is not followed by a
call to kobject_put(). This means there is a memory leak. We currently
set p to NULL so that kfree() may be called on it as a noop, the code is
arguably clearer if we move the kfree() up closer to where it is
called (instead of after goto jump).
Remove a goto label 'err1' and jump to call to kobject_put() in error
return from kobject_init_and_add() fixing the memory leak. Re-name goto
label 'put_back' to 'err1' now that we don't use err1, following current
nomenclature (err1, err2 ...). Move call to kfree out of the error
code at bottom of function up to closer to where memory was allocated.
Add comment to clarify call to kfree().
Signed-off-by: Tobin C. Harding <tobin@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Tetsuo Handa [Tue, 7 May 2019 11:34:22 +0000 (20:34 +0900)]
tomoyo: Don't emit WARNING: string while fuzzing testing.
Commit
cff0e6c3ec3e6230 ("tomoyo: Add a kernel config option for fuzzing
testing.") enabled the learning mode, but syzkaller is detecting any
"WARNING:" string as a crash. Thus, disable TOMOYO's quota warning if
built for fuzzing testing.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: James Morris <jamorris@linux.microsoft.com>
Tetsuo Handa [Wed, 27 Feb 2019 14:19:24 +0000 (23:19 +0900)]
tomoyo: Change pathname calculation for read-only filesystems.
Commit
5625f2e3266319fd ("TOMOYO: Change pathname for non-rename()able
filesystems.") intended to be applied to filesystems where the content is
not controllable from the userspace (e.g. proc, sysfs, securityfs), based
on an assumption that such filesystems do not support rename() operation.
But it turned out that read-only filesystems also do not support rename()
operation despite the content is controllable from the userspace, and that
commit is annoying TOMOYO users who want to use e.g. squashfs as the root
filesystem due to use of local name which does not start with '/'.
Therefore, based on an assumption that filesystems which require the
device argument upon mount() request is an indication that the content
is controllable from the userspace, do not use local name if a filesystem
does not support rename() operation but requires the device argument upon
mount() request.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jamorris@linux.microsoft.com>
Tetsuo Handa [Fri, 12 Apr 2019 10:59:36 +0000 (19:59 +0900)]
tomoyo: Check address length before reading address family
KMSAN will complain if valid address length passed to bind()/connect()/
sendmsg() is shorter than sizeof("struct sockaddr"->sa_family) bytes.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jamorris@linux.microsoft.com>
Tetsuo Handa [Fri, 12 Apr 2019 11:04:54 +0000 (20:04 +0900)]
tomoyo: Add a kernel config option for fuzzing testing.
syzbot is reporting kernel panic triggered by memory allocation fault
injection before loading TOMOYO's policy [1]. To make the fuzzing tests
useful, we need to assign a profile other than "disabled" (no-op) mode.
Therefore, let's allow syzbot to load TOMOYO's built-in policy for
"learning" mode using a kernel config option. This option must not be
enabled for kernels built for production system, for this option also
disables domain/program checks when modifying policy configuration via
/sys/kernel/security/tomoyo/ interface.
[1] https://syzkaller.appspot.com/bug?extid=
29569ed06425fcf67a95
Reported-by: syzbot <syzbot+e1b8084e532b6ee7afab@syzkaller.appspotmail.com>
Reported-by: syzbot <syzbot+29569ed06425fcf67a95@syzkaller.appspotmail.com>
Reported-by: syzbot <syzbot+2ee3f8974c2e7dc69feb@syzkaller.appspotmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jamorris@linux.microsoft.com>
Dmitry Torokhov [Fri, 10 May 2019 18:40:35 +0000 (11:40 -0700)]
Merge branch 'next' into for-linus
Prepare input updates for 5.2 merge window.
Linus Torvalds [Fri, 10 May 2019 17:24:53 +0000 (13:24 -0400)]
Merge tag 'docs-5.2a' of git://git.lwn.net/linux
Pull more documentation updates from Jonathan Corbet:
"Some late arriving documentation changes. In particular, this contains
the conversion of the x86 docs to RST, which has been in the works for
some time but needed a couple of final tweaks"
* tag 'docs-5.2a' of git://git.lwn.net/linux: (29 commits)
Documentation: x86: convert x86_64/machinecheck to reST
Documentation: x86: convert x86_64/cpu-hotplug-spec to reST
Documentation: x86: convert x86_64/fake-numa-for-cpusets to reST
Documentation: x86: convert x86_64/5level-paging.txt to reST
Documentation: x86: convert x86_64/mm.txt to reST
Documentation: x86: convert x86_64/uefi.txt to reST
Documentation: x86: convert x86_64/boot-options.txt to reST
Documentation: x86: convert i386/IO-APIC.txt to reST
Documentation: x86: convert usb-legacy-support.txt to reST
Documentation: x86: convert orc-unwinder.txt to reST
Documentation: x86: convert resctrl_ui.txt to reST
Documentation: x86: convert microcode.txt to reST
Documentation: x86: convert pti.txt to reST
Documentation: x86: convert amd-memory-encryption.txt to reST
Documentation: x86: convert intel_mpx.txt to reST
Documentation: x86: convert protection-keys.txt to reST
Documentation: x86: convert pat.txt to reST
Documentation: x86: convert mtrr.txt to reST
Documentation: x86: convert tlb.txt to reST
Documentation: x86: convert zero-page.txt to reST
...
Linus Torvalds [Fri, 10 May 2019 17:14:07 +0000 (13:14 -0400)]
Merge tag 'printk-for-5.2-fixes' of ssh://gitolite./linux/kernel/git/pmladek/printk
Pull printk fixup from Petr Mladek:
"Replace the problematic probe_kernel_read() with original simple
pointer checks in vsprintf()"
* tag 'printk-for-5.2-fixes' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/pmladek/printk:
vsprintf: Do not break early boot with probing addresses
Linus Torvalds [Fri, 10 May 2019 17:07:55 +0000 (13:07 -0400)]
Merge tag 'pidfd-fixes-v5.2-rc1' of gitolite.pub/scm/linux/kernel/git/brauner/linux
Pull pidfd fixes from Christian Brauner:
"This fixes two bugs:
- The first one reported by Linus whereby the pidfd-metadata binary
was not placed in a .gitignore file.
- The second one is rather urgent and fixes a locking issue found by
syzkaller.
What happened is that during process creation we need to check
whether the cgroup we are in allows us to fork. To perform this
check the cgroup needs to guard itself against threadgroup changes
and takes a lock.
Prior to CLONE_PIDFD the cleanup target "bad_fork_free_pid" would
also need to release said lock. That's not true anymore since
CLONE_PIDFD so this is fixed here.
Syzkaller has tested the patch and was not able to reproduce the
issue"
* tag 'pidfd-fixes-v5.2-rc1' of gitolite.kernel.org:pub/scm/linux/kernel/git/brauner/linux:
fork: do not release lock that wasn't taken
samples: add .gitignore for pidfd-metadata
Linus Torvalds [Fri, 10 May 2019 17:03:47 +0000 (13:03 -0400)]
Merge tag 'platform-drivers-x86-v5.2-1' of git://git.infradead.org/linux-platform-drivers-x86
Pull x86 platform driver updates from Andy Shevchenko:
"Gathered pile of patches for Platform Drivers x86. No surprises and no
merge conflicts. Business as usual.
Summary:
- New driver of power button for Basin Cove PMIC.
- ASUS WMI driver has got a Fn lock mode switch support.
- Resolve a never end story with non working Wi-Fi on newer Lenovo
Ideapad computers. Now the black list is replaced with white list.
- New facility to debug S0ix failures on Intel Atom platforms. The
Intel PMC and accompanying drivers are cleaned up.
- Mellanox got a new TmFifo driver. Besides tachometer sensor and
watchdog are enabled on Mellanox platforms.
- The information of embedded controller is now recognized on new
Thinkpads. Bluetooth driver on Thinkpads is blacklisted for some
models.
- Touchscreen DMI driver extended to support 'jumper ezpad 6 pro b'
and Myria MY8307 2-in-1.
- Additionally few small fixes here and there for WMI and ACPI laptop
drivers.
- The following is an automated git shortlog grouped by driver:
- alienware-wmi:
- printing the wrong error code
- fix kfree on potentially uninitialized pointer
- asus-wmi:
- Add fn-lock mode switch support
- dell-laptop:
- fix rfkill functionality
- dell-rbtn:
- Add missing #include
- ideapad-laptop:
- Remove no_hw_rfkill_list
- intel_pmc_core:
- Allow to dump debug registers on S0ix failure
- Convert to a platform_driver
- Mark local function static
- intel_pmc_ipc:
- Don't map non-used optional resources
- Apply same width for offset definitions
- Use BIT() macro
- adding error handling
- intel_punit_ipc:
- Revert "Fix resource ioremap warning"
- mlx-platform:
- Add mlx-wdt platform driver activation
- Add support for tachometer speed register
- Add TmFifo driver for Mellanox BlueField Soc
- sony-laptop:
- Fix unintentional fall-through
- thinkpad_acpi:
- cleanup for Thinkpad ACPI led
- Mark expected switch fall-throughs
- fix spelling mistake "capabilites" -> "capabilities"
- Read EC information on newer models
- Disable Bluetooth for some machines
- touchscreen_dmi:
- Add info for 'jumper ezpad 6 pro b' touchscreen
- Add info for Myria MY8307 2-in-1"
* tag 'platform-drivers-x86-v5.2-1' of git://git.infradead.org/linux-platform-drivers-x86: (26 commits)
platform/x86: Add support for Basin Cove power button
platform/x86: asus-wmi: Add fn-lock mode switch support
platform/x86: ideapad-laptop: Remove no_hw_rfkill_list
platform/x86: touchscreen_dmi: Add info for 'jumper ezpad 6 pro b' touchscreen
platform/x86: thinkpad_acpi: cleanup for Thinkpad ACPI led
platform/x86: thinkpad_acpi: Mark expected switch fall-throughs
platform/x86: sony-laptop: Fix unintentional fall-through
platform/x86: alienware-wmi: printing the wrong error code
platform/x86: intel_pmc_core: Allow to dump debug registers on S0ix failure
platform/x86: intel_pmc_core: Convert to a platform_driver
platform/x86: mlx-platform: Add mlx-wdt platform driver activation
platform/x86: mlx-platform: Add support for tachometer speed register
platform/mellanox: Add TmFifo driver for Mellanox BlueField Soc
platform/x86: thinkpad_acpi: fix spelling mistake "capabilites" -> "capabilities"
platform/x86: intel_punit_ipc: Revert "Fix resource ioremap warning"
platform/x86: intel_pmc_ipc: Don't map non-used optional resources
platform/x86: intel_pmc_ipc: Apply same width for offset definitions
platform/x86: intel_pmc_ipc: Use BIT() macro
platform/x86: alienware-wmi: fix kfree on potentially uninitialized pointer
platform/x86: dell-laptop: fix rfkill functionality
...
Linus Torvalds [Fri, 10 May 2019 16:59:51 +0000 (12:59 -0400)]
Merge tag 'fbdev-v5.2' of git://github.com/bzolnier/linux
Pull fbdev updates from Bartlomiej Zolnierkiewicz:
"Four small fixes for fb core, updates for udlfb, sm712fb, macfb and
atafb drivers. Redundant code removals from amba-clcd and atmel_lcdfb
drivers. Minor fixes/cleanups for other fb drivers
Detailed summary:
- fix regression in fbcon logo handling on 'quiet' boots (Andreas
Schwab)
- fix divide-by-zero error in fb_var_to_videomode() (Shile Zhang)
- fix 'WARNING in __alloc_pages_nodemask' bug (Jiufei Xue)
- list all PCI memory BARs as conflicting apertures (Gerd Hoffmann)
- update udlfb driver: fix sleeping inside spinlock, add mutex around
rendering calls and remove redundant code (Mikulas Patocka)
- update sm712fb driver: fix SM720 support related issues (Yifeng Li)
- update macfb driver: fix DAFB colour table pointer initialization
and remove redundant code (Finn Thain)
- update atafb driver: fix kexec support, use dev_*() calls instead
of printk() and remove obsolete module support (Geert Uytterhoeven)
- add support to mxsfb driver for skipping display initialization for
flicker-free display takeover from bootloader (Melchior Franz)
- remove Versatile and Nomadik board families support from amba-clcd
driver as they are handled by DRM driver nowadays (Linus Walleij)
- remove no longer needed AVR and platform_data support from
atmel_lcdfb driver (Alexandre Belloni)
- misc fixes (Colin Ian King, Julia Lawall, Gustavo A. R. Silva,
Aditya Pakki, Kangjie Lu, YueHaibing)
- misc cleanups (Enrico Weigelt, Kefeng Wang)"
* tag 'fbdev-v5.2' of git://github.com/bzolnier/linux: (38 commits)
video: fbdev: Use dev_get_drvdata()
fbcon: Don't reset logo_shown when logo is currently shown
video: fbdev: atmel_lcdfb: remove set but not used variable 'pdata'
video: fbdev: mxsfb: remove set but not used variable 'line_count'
video: fbdev: pvr2fb: remove set but not used variable 'size'
fbdev: fix WARNING in __alloc_pages_nodemask bug
video: amba-clcd: Decomission Versatile and Nomadik
fbdev: sm712fb: fix memory frequency by avoiding a switch/case fallthrough
fbdev: fix divide error in fb_var_to_videomode
fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display
fbdev: sm712fb: fix support for 1024x768-16 mode
fbdev: sm712fb: fix crashes and garbled display during DPMS modesetting
fbdev: sm712fb: fix crashes during framebuffer writes by correctly mapping VRAM
fbdev: sm712fb: fix boot screen glitch when sm712fb replaces VGA
fbdev: sm712fb: fix VRAM detection, don't set SR70/71/74/75
fbdev: sm712fb: fix brightness control on reboot, don't set SR30
fbdev: sm712fb: fix white screen of death on reboot, don't set CR3B-CR3F
video: imsttfb: fix potential NULL pointer dereferences
video: hgafb: fix potential NULL pointer dereference
fbdev: list all pci memory bars as conflicting apertures
...
Linus Torvalds [Fri, 10 May 2019 16:57:15 +0000 (12:57 -0400)]
Merge tag 'pwm/for-5.2-rc1' of ssh://gitolite./linux/kernel/git/thierry.reding/linux-pwm
Pull pwm updates from Thierry Reding:
"Nothing out of the ordinary this cycle.
The bulk of this is a collection of fixes for existing drivers and
some cleanups. There's one new driver for i.MX SoCs and addition of
support for some new variants to existing drivers"
* tag 'pwm/for-5.2-rc1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm:
pwm: meson: Add clock source configuration for Meson G12A
dt-bindings: pwm: Update bindings for the Meson G12A Family
pwm: samsung: Don't uses devm_*() functions in ->request()
pwm: Clear chip_data in pwm_put()
pwm: Add i.MX TPM PWM driver support
dt-bindings: pwm: Add i.MX TPM PWM binding
pwm: imx27: Use devm_platform_ioremap_resource() to simplify code
pwm: meson: Use the spin-lock only to protect register modifications
pwm: meson: Don't disable PWM when setting duty repeatedly
pwm: meson: Consider 128 a valid pre-divider
pwm: sysfs: fix typo "its" -> "it's"
pwm: tiehrpwm: Enable compilation for ARCH_K3
dt-bindings: pwm: tiehrpwm: Add TI AM654 SoC specific compatible
pwm: tiehrpwm: Update shadow register for disabling PWMs
pwm: img: Turn final 'else if' into 'else' in img_pwm_config
pwm: Fix deadlock warning when removing PWM device
Linus Torvalds [Fri, 10 May 2019 16:55:16 +0000 (12:55 -0400)]
Merge tag 'mailbox-v5.2' of git://git.linaro.org/landing-teams/working/fujitsu/integration
Pull mailbox updates from Jassi Brar:
- New driver: Armada 37xx mailbox controller
- Misc: Use devm_ api for imx and platform_get_irq for stm32
* tag 'mailbox-v5.2' of git://git.linaro.org/landing-teams/working/fujitsu/integration:
mailbox: Add support for Armada 37xx rWTM mailbox
dt-bindings: mailbox: Document armada-3700-rwtm-mailbox binding
mailbox: stm32-ipcc: check invalid irq
mailbox: imx: use devm_platform_ioremap_resource() to simplify code
Paolo Abeni [Fri, 10 May 2019 09:37:58 +0000 (11:37 +0200)]
Revert "selinux: do not report error on connect(AF_UNSPEC)"
This reverts commit
c7e0d6cca86581092cbbf2cd868b3601495554cf.
It was agreed a slightly different fix via the selinux tree.
v1 -> v2:
- use the correct reverted commit hash
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Petr Mladek [Fri, 10 May 2019 08:42:13 +0000 (10:42 +0200)]
vsprintf: Do not break early boot with probing addresses
The commit
3e5903eb9cff70730 ("vsprintf: Prevent crash when dereferencing
invalid pointers") broke boot on several architectures. The common
pattern is that probe_kernel_read() is not working during early
boot because userspace access framework is not ready.
It is a generic problem. We have to avoid any complex external
functions in vsprintf() code, especially in the common path.
They might break printk() easily and are hard to debug.
Replace probe_kernel_read() with some simple checks for obvious
problems.
Details:
1. Report on Power:
Kernel crashes very early during boot with with CONFIG_PPC_KUAP and
CONFIG_JUMP_LABEL_FEATURE_CHECK_DEBUG
The problem is the combination of some new code called via printk(),
check_pointer() which calls probe_kernel_read(). That then calls
allow_user_access() (PPC_KUAP) and that uses mmu_has_feature() too early
(before we've patched features). With the JUMP_LABEL debug enabled that
causes us to call printk() & dump_stack() and we end up recursing and
overflowing the stack.
Because it happens so early you don't get any output, just an apparently
dead system.
The stack trace (which you don't see) is something like:
...
dump_stack+0xdc
probe_kernel_read+0x1a4
check_pointer+0x58
string+0x3c
vsnprintf+0x1bc
vscnprintf+0x20
printk_safe_log_store+0x7c
printk+0x40
dump_stack_print_info+0xbc
dump_stack+0x8
probe_kernel_read+0x1a4
probe_kernel_read+0x19c
check_pointer+0x58
string+0x3c
vsnprintf+0x1bc
vscnprintf+0x20
vprintk_store+0x6c
vprintk_emit+0xec
vprintk_func+0xd4
printk+0x40
cpufeatures_process_feature+0xc8
scan_cpufeatures_subnodes+0x380
of_scan_flat_dt_subnodes+0xb4
dt_cpu_ftrs_scan_callback+0x158
of_scan_flat_dt+0xf0
dt_cpu_ftrs_scan+0x3c
early_init_devtree+0x360
early_setup+0x9c
2. Report on s390:
vsnprintf invocations, are broken on s390. For example, the early boot
output now looks like this where the first (efault) should be
the linux_banner:
[ 0.099985] (efault)
[ 0.099985] setup: Linux is running as a z/VM guest operating system in 64-bit mode
[ 0.100066] setup: The maximum memory size is 8192MB
[ 0.100070] cma: Reserved 4 MiB at (efault)
[ 0.100100] numa: NUMA mode: (efault)
The reason for this, is that the code assumes that
probe_kernel_address() works very early. This however is not true on
at least s390. Uaccess on KERNEL_DS works only after page tables have
been setup on s390, which happens with setup_arch()->paging_init().
Any probe_kernel_address() invocation before that will return -EFAULT.
Fixes: 3e5903eb9cff70730 ("vsprintf: Prevent crash when dereferencing invalid pointers")
Link: http://lkml.kernel.org/r/20190510084213.22149-1-pmladek@suse.com
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: "Tobin C . Harding" <me@tobin.cc>
Cc: Michal Hocko <mhocko@suse.cz>
Cc: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: linux-kernel@vger.kernel.org
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: linuxppc-dev@lists.ozlabs.org
Cc: Russell Currey <ruscur@russell.cc>
Cc: Christophe Leroy <christophe.leroy@c-s.fr>
Cc: Stephen Rothwell <sfr@ozlabs.org>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: linux-arch@vger.kernel.org
Cc: linux-s390@vger.kernel.org
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Petr Mladek <pmladek@suse.com>
Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Signed-off-by: Petr Mladek <pmladek@suse.com>
Linus Torvalds [Fri, 10 May 2019 12:29:27 +0000 (05:29 -0700)]
Merge tag 'powerpc-5.2-1' of ssh://gitolite./linux/kernel/git/powerpc/linux
Pull powerpc updates from Michael Ellerman:
"Slightly delayed due to the issue with printk() calling
probe_kernel_read() interacting with our new user access prevention
stuff, but all fixed now.
The only out-of-area changes are the addition of a cpuhp_state, small
additions to Documentation and MAINTAINERS updates.
Highlights:
- Support for Kernel Userspace Access/Execution Prevention (like
SMAP/SMEP/PAN/PXN) on some 64-bit and 32-bit CPUs. This prevents
the kernel from accidentally accessing userspace outside
copy_to/from_user(), or ever executing userspace.
- KASAN support on 32-bit.
- Rework of where we map the kernel, vmalloc, etc. on 64-bit hash to
use the same address ranges we use with the Radix MMU.
- A rewrite into C of large parts of our idle handling code for
64-bit Book3S (ie. power8 & power9).
- A fast path entry for syscalls on 32-bit CPUs, for a 12-17% speedup
in the null_syscall benchmark.
- On 64-bit bare metal we have support for recovering from errors
with the time base (our clocksource), however if that fails
currently we hang in __delay() and never crash. We now have support
for detecting that case and short circuiting __delay() so we at
least panic() and reboot.
- Add support for optionally enabling the DAWR on Power9, which had
to be disabled by default due to a hardware erratum. This has the
effect of enabling hardware breakpoints for GDB, the downside is a
badly behaved program could crash the machine by pointing the DAWR
at cache inhibited memory. This is opt-in obviously.
- xmon, our crash handler, gets support for a read only mode where
operations that could change memory or otherwise disturb the system
are disabled.
Plus many clean-ups, reworks and minor fixes etc.
Thanks to: Christophe Leroy, Akshay Adiga, Alastair D'Silva, Alexey
Kardashevskiy, Andrew Donnellan, Aneesh Kumar K.V, Anju T Sudhakar,
Anton Blanchard, Ben Hutchings, Bo YU, Breno Leitao, Cédric Le Goater,
Christopher M. Riedl, Christoph Hellwig, Colin Ian King, David Gibson,
Ganesh Goudar, Gautham R. Shenoy, George Spelvin, Greg Kroah-Hartman,
Greg Kurz, Horia Geantă, Jagadeesh Pagadala, Joel Stanley, Joe
Perches, Julia Lawall, Laurentiu Tudor, Laurent Vivier, Lukas Bulwahn,
Madhavan Srinivasan, Mahesh Salgaonkar, Mathieu Malaterre, Michael
Neuling, Mukesh Ojha, Nathan Fontenot, Nathan Lynch, Nicholas Piggin,
Nick Desaulniers, Oliver O'Halloran, Peng Hao, Qian Cai, Ravi
Bangoria, Rick Lindsley, Russell Currey, Sachin Sant, Stewart Smith,
Sukadev Bhattiprolu, Thomas Huth, Tobin C. Harding, Tyrel Datwyler,
Valentin Schneider, Wei Yongjun, Wen Yang, YueHaibing"
* tag 'powerpc-5.2-1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: (205 commits)
powerpc/64s: Use early_mmu_has_feature() in set_kuap()
powerpc/book3s/64: check for NULL pointer in pgd_alloc()
powerpc/mm: Fix hugetlb page initialization
ocxl: Fix return value check in afu_ioctl()
powerpc/mm: fix section mismatch for setup_kup()
powerpc/mm: fix redundant inclusion of pgtable-frag.o in Makefile
powerpc/mm: Fix makefile for KASAN
powerpc/kasan: add missing/lost Makefile
selftests/powerpc: Add a signal fuzzer selftest
powerpc/booke64: set RI in default MSR
ocxl: Provide global MMIO accessors for external drivers
ocxl: move event_fd handling to frontend
ocxl: afu_irq only deals with IRQ IDs, not offsets
ocxl: Allow external drivers to use OpenCAPI contexts
ocxl: Create a clear delineation between ocxl backend & frontend
ocxl: Don't pass pci_dev around
ocxl: Split pci.c
ocxl: Remove some unused exported symbols
ocxl: Remove superfluous 'extern' from headers
ocxl: read_pasid never returns an error, so make it void
...
Christian Brauner [Fri, 10 May 2019 09:53:46 +0000 (11:53 +0200)]
fork: do not release lock that wasn't taken
Avoid calling cgroup_threadgroup_change_end() without having called
cgroup_threadgroup_change_begin() first.
During process creation we need to check whether the cgroup we are in
allows us to fork. To perform this check the cgroup needs to guard itself
against threadgroup changes and takes a lock.
Prior to CLONE_PIDFD the cleanup target "bad_fork_free_pid" would also need
to call cgroup_threadgroup_change_end() because said lock had already been
taken.
However, this is not the case anymore with the addition of CLONE_PIDFD. We
are now allocating a pidfd before we check whether the cgroup we're in can
fork and thus prior to taking the lock. So when copy_process() fails at the
right step it would release a lock we haven't taken.
This bug is not even very subtle to be honest. It's just not very clear
from the naming of cgroup_threadgroup_change_{begin,end}() that a lock is
taken.
Here's the relevant splat:
entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139
RIP: 0023:0xf7fec849
Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90
90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90
90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 002b:
00000000ffed5a8c EFLAGS:
00000246 ORIG_RAX:
0000000000000078
RAX:
ffffffffffffffda RBX:
0000000000003ffc RCX:
0000000000000000
RDX:
00000000200005c0 RSI:
0000000000000000 RDI:
0000000000000000
RBP:
0000000000000012 R08:
0000000000000000 R09:
0000000000000000
R10:
0000000000000000 R11:
0000000000000000 R12:
0000000000000000
R13:
0000000000000000 R14:
0000000000000000 R15:
0000000000000000
------------[ cut here ]------------
DEBUG_LOCKS_WARN_ON(depth <= 0)
WARNING: CPU: 1 PID: 7744 at kernel/locking/lockdep.c:4052 __lock_release
kernel/locking/lockdep.c:4052 [inline]
WARNING: CPU: 1 PID: 7744 at kernel/locking/lockdep.c:4052
lock_release+0x667/0xa00 kernel/locking/lockdep.c:4321
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 7744 Comm: syz-executor007 Not tainted 5.1.0+ #4
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x172/0x1f0 lib/dump_stack.c:113
panic+0x2cb/0x65c kernel/panic.c:214
__warn.cold+0x20/0x45 kernel/panic.c:566
report_bug+0x263/0x2b0 lib/bug.c:186
fixup_bug arch/x86/kernel/traps.c:179 [inline]
fixup_bug arch/x86/kernel/traps.c:174 [inline]
do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:272
do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:291
invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:972
RIP: 0010:__lock_release kernel/locking/lockdep.c:4052 [inline]
RIP: 0010:lock_release+0x667/0xa00 kernel/locking/lockdep.c:4321
Code: 0f 85 a0 03 00 00 8b 35 77 66 08 08 85 f6 75 23 48 c7 c6 a0 55 6b 87
48 c7 c7 40 25 6b 87 4c 89 85 70 ff ff ff e8 b7 a9 eb ff <0f> 0b 4c 8b 85
70 ff ff ff 4c 89 ea 4c 89 e6 4c 89 c7 e8 52 63 ff
RSP: 0018:
ffff888094117b48 EFLAGS:
00010086
RAX:
0000000000000000 RBX:
1ffff11012822f6f RCX:
0000000000000000
RDX:
0000000000000000 RSI:
ffffffff815af236 RDI:
ffffed1012822f5b
RBP:
ffff888094117c00 R08:
ffff888092bfc400 R09:
fffffbfff113301d
R10:
fffffbfff113301c R11:
ffffffff889980e3 R12:
ffffffff8a451df8
R13:
ffffffff8142e71f R14:
ffffffff8a44cc80 R15:
ffff888094117bd8
percpu_up_read.constprop.0+0xcb/0x110 include/linux/percpu-rwsem.h:92
cgroup_threadgroup_change_end include/linux/cgroup-defs.h:712 [inline]
copy_process.part.0+0x47ff/0x6710 kernel/fork.c:2222
copy_process kernel/fork.c:1772 [inline]
_do_fork+0x25d/0xfd0 kernel/fork.c:2338
__do_compat_sys_x86_clone arch/x86/ia32/sys_ia32.c:240 [inline]
__se_compat_sys_x86_clone arch/x86/ia32/sys_ia32.c:236 [inline]
__ia32_compat_sys_x86_clone+0xbc/0x140 arch/x86/ia32/sys_ia32.c:236
do_syscall_32_irqs_on arch/x86/entry/common.c:334 [inline]
do_fast_syscall_32+0x281/0xd54 arch/x86/entry/common.c:405
entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139
RIP: 0023:0xf7fec849
Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 14 24 c3 8b 3c 24 c3 90 90
90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90
90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 002b:
00000000ffed5a8c EFLAGS:
00000246 ORIG_RAX:
0000000000000078
RAX:
ffffffffffffffda RBX:
0000000000003ffc RCX:
0000000000000000
RDX:
00000000200005c0 RSI:
0000000000000000 RDI:
0000000000000000
RBP:
0000000000000012 R08:
0000000000000000 R09:
0000000000000000
R10:
0000000000000000 R11:
0000000000000000 R12:
0000000000000000
R13:
0000000000000000 R14:
0000000000000000 R15:
0000000000000000
Kernel Offset: disabled
Rebooting in 86400 seconds..
Reported-and-tested-by: syzbot+3286e58549edc479faae@syzkaller.appspotmail.com
Fixes: b3e583825266 ("clone: add CLONE_PIDFD")
Signed-off-by: Christian Brauner <christian@brauner.io>
Christian Brauner [Wed, 8 May 2019 11:02:30 +0000 (13:02 +0200)]
samples: add .gitignore for pidfd-metadata
Ignore the pidfd-metadata binary so it doesn't show up in unwanted
scenarios.
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Christian Brauner <christian@brauner.io>
Linus Torvalds [Fri, 10 May 2019 02:35:41 +0000 (19:35 -0700)]
Merge branch 'fixes' of git://git./linux/kernel/git/viro/vfs
Pull vfs mount fix from Al Viro:
"Fix for umount -l/mount --move race caught by syzbot yesterday..."
* 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
do_move_mount(): fix an unsafe use of is_anon_ns()
Linus Torvalds [Fri, 10 May 2019 00:00:51 +0000 (17:00 -0700)]
Merge git://git./linux/kernel/git/davem/net
Pull networking fixes from David Miller:
"Several bug fixes, many are quick merge-window regression cures:
- When NLM_F_EXCL is not set, allow same fib rule insertion. From
Hangbin Liu.
- Several cures in sja1105 DSA driver (while loop exit condition fix,
return of negative u8, etc.) from Vladimir Oltean.
- Handle tx/rx delays in realtek PHY driver properly, from Serge
Semin.
- Double free in cls_matchall, from Pieter Jansen van Vuuren.
- Disable SIOCSHWTSTAMP in macvlan/vlan containers, from Hangbin Liu.
- Endainness fixes in aqc111, from Oliver Neukum.
- Handle errors in packet_init properly, from Haibing Yue.
- Various W=1 warning fixes in kTLS, from Jakub Kicinski"
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (34 commits)
nfp: add missing kdoc
net/tls: handle errors from padding_length()
net/tls: remove set but not used variables
docs/btf: fix the missing section marks
nfp: bpf: fix static check error through tightening shift amount adjustment
selftests: bpf: initialize bpf_object pointers where needed
packet: Fix error path in packet_init
net/tcp: use deferred jump label for TCP acked data hook
net: aquantia: fix undefined devm_hwmon_device_register_with_info reference
aqc111: fix double endianness swap on BE
aqc111: fix writing to the phy on BE
aqc111: fix endianness issue in aqc111_change_mtu
vlan: disable SIOCSHWTSTAMP in container
macvlan: disable SIOCSHWTSTAMP in container
tipc: fix hanging clients using poll with EPOLLOUT flag
tuntap: synchronize through tfiles array instead of tun->numqueues
tuntap: fix dividing by zero in ebpf queue selection
dwmac4_prog_mtl_tx_algorithms() missing write operation
ptp_qoriq: fix NULL access if ptp dt node missing
net/sched: avoid double free on matchall reoffload
...
Jakub Kicinski [Thu, 9 May 2019 23:19:34 +0000 (16:19 -0700)]
nfp: add missing kdoc
Add missing kdoc for app member.
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Thu, 9 May 2019 23:37:40 +0000 (16:37 -0700)]
Merge branch 'tls-warnings'
Jakub Kicinski says:
====================
net/tls: fix W=1 build warnings
This small series cleans up two outstanding W=1 build
warnings in tls code. Both are set but not used variables.
The first case looks fairly straightforward. In the second
I think it's better to propagate the error code, even if
not doing some does not lead to a crash with current code.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Jakub Kicinski [Thu, 9 May 2019 23:14:07 +0000 (16:14 -0700)]
net/tls: handle errors from padding_length()
At the time padding_length() is called the record header
is still part of the message. If malicious TLS 1.3 peer
sends an all-zero record padding_length() will stop at
the record header, and return full length of the data
including the tail_size.
Subsequent subtraction of prot->overhead_size from rxm->full_len
will cause rxm->full_len to turn negative. skb accessors,
however, will always catch resulting out-of-bounds operation,
so in practice this fix comes down to returning the correct
error code. It also fixes a set but not used warning.
This code was added by commit
130b392c6cd6 ("net: tls: Add tls 1.3 support").
CC: Dave Watson <davejwatson@fb.com>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jakub Kicinski [Thu, 9 May 2019 23:14:06 +0000 (16:14 -0700)]
net/tls: remove set but not used variables
Commit
4504ab0e6eb8 ("net/tls: Inform user space about send buffer availability")
made us report write_space regardless whether partial record
push was successful or not. Remove the now unused return value
to clean up the following W=1 warning:
net/tls/tls_device.c: In function ‘tls_device_write_space’:
net/tls/tls_device.c:546:6: warning: variable ‘rc’ set but not used [-Wunused-but-set-variable]
int rc = 0;
^~
CC: Vakul Garg <vakul.garg@nxp.com>
CC: Boris Pismenny <borisp@mellanox.com>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Thu, 9 May 2019 23:25:08 +0000 (16:25 -0700)]
Merge git://git./pub/scm/linux/kernel/git/bpf/bpf
Alexei Starovoitov says:
====================
pull-request: bpf 2019-05-09
The following pull-request contains BPF updates for your *net* tree.
The main changes are:
1) three small fixes from Gary, Jiong and Lorenz.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Gary Lin [Wed, 8 May 2019 07:54:48 +0000 (15:54 +0800)]
docs/btf: fix the missing section marks
The section titles of 3.4 and 3.5 are not marked correctly.
Signed-off-by: Gary Lin <glin@suse.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Jiong Wang [Tue, 7 May 2019 16:41:30 +0000 (17:41 +0100)]
nfp: bpf: fix static check error through tightening shift amount adjustment
NFP shift instruction has something special. If shift direction is left
then shift amount of 1 to 31 is specified as 32 minus the amount to shift.
But no need to do this for indirect shift which has shift amount be 0. Even
after we do this subtraction, shift amount 0 will be turned into 32 which
will eventually be encoded the same as 0 because only low 5 bits are
encoded, but shift amount be 32 will fail the FIELD_PREP check done later
on shift mask (0x1f), due to 32 is out of mask range. Such error has been
observed when compiling nfp/bpf/jit.c using gcc 8.3 + O3.
This issue has started when indirect shift support added after which the
incoming shift amount to __emit_shf could be 0, therefore it is at that
time shift amount adjustment inside __emit_shf should have been tightened.
Fixes: 991f5b3651f6 ("nfp: bpf: support logic indirect shifts (BPF_[L|R]SH | BPF_X)")
Reported-by: Oleksandr Natalenko <oleksandr@natalenko.name>
Reported-by: Pablo Cascón <pablo.cascon@netronome.com
Reviewed-by: Quentin Monnet <quentin.monnet@netronome.com>
Reviewed-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Jiong Wang <jiong.wang@netronome.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Lorenz Bauer [Wed, 8 May 2019 16:49:32 +0000 (17:49 +0100)]
selftests: bpf: initialize bpf_object pointers where needed
There are a few tests which call bpf_object__close on uninitialized
bpf_object*, which may segfault. Explicitly zero-initialise these pointers
to avoid this.
Signed-off-by: Lorenz Bauer <lmb@cloudflare.com>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>