Commit Graph

809733 Commits

Author SHA1 Message Date
Gustavo A. R. Silva
f87d8ad923 tipc: fix memory leak in tipc_nl_compat_publ_dump
There is a memory leak in case genlmsg_put fails.

Fix this by freeing *args* before return.

Addresses-Coverity-ID: 1476406 ("Resource leak")
Fixes: 46273cf7e0 ("tipc: fix a missing check of genlmsg_put")
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Acked-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-07 11:42:08 -05:00
Bjørn Mork
a29c3c09ba cdc_ether: trivial whitespace readability fix
This function is unreadable enough without indenting mismatches
and unnecessary line breaks.

Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-07 11:33:18 -05:00
Jacob Wen
eeb2c4fb6a rds: use DIV_ROUND_UP instead of ceil
Yes indeed, DIV_ROUND_UP is in kernel.h.

Signed-off-by: Jacob Wen <jian.w.wen@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-07 07:22:36 -08:00
Heiner Kallweit
10262b0b53 r8169: don't try to read counters if chip is in a PCI power-save state
Avoid log spam caused by trying to read counters from the chip whilst
it is in a PCI power-save state.

Reference: https://bugzilla.kernel.org/show_bug.cgi?id=107421

Fixes: 1ef7286e7f ("r8169: Dereference MMIO address immediately before use")
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-07 07:19:25 -08:00
Oliver Hartkopp
0aaa81377c can: gw: ensure DLC boundaries after CAN frame modification
Muyu Yu provided a POC where user root with CAP_NET_ADMIN can create a CAN
frame modification rule that makes the data length code a higher value than
the available CAN frame data size. In combination with a configured checksum
calculation where the result is stored relatively to the end of the data
(e.g. cgw_csum_xor_rel) the tail of the skb (e.g. frag_list pointer in
skb_shared_info) can be rewritten which finally can cause a system crash.

Michael Kubecek suggested to drop frames that have a DLC exceeding the
available space after the modification process and provided a patch that can
handle CAN FD frames too. Within this patch we also limit the length for the
checksum calculations to the maximum of Classic CAN data length (8).

CAN frames that are dropped by these additional checks are counted with the
CGW_DELETED counter which indicates misconfigurations in can-gw rules.

This fixes CVE-2019-3701.

Reported-by: Muyu Yu <ieatmuttonchuan@gmail.com>
Reported-by: Marcus Meissner <meissner@suse.de>
Suggested-by: Michal Kubecek <mkubecek@suse.cz>
Tested-by: Muyu Yu <ieatmuttonchuan@gmail.com>
Tested-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
Cc: linux-stable <stable@vger.kernel.org> # >= v3.2
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-07 05:17:51 -08:00
Stephen Warren
01cd364a15 net/mlx4: replace pci_{,un}map_sg with dma_{,un}map_sg
pci_{,un}map_sg are deprecated and replaced by dma_{,un}map_sg. This is
especially relevant since the rest of the driver uses the DMA API. Fix
the driver to use the replacement APIs.

Signed-off-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Tariq Toukan <tariqt@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-07 05:14:17 -08:00
Stephen Warren
f65e192af3 net/mlx4: Get rid of page operation after dma_alloc_coherent
This patch solves a crash at the time of mlx4 driver unload or system
shutdown. The crash occurs because dma_alloc_coherent() returns one
value in mlx4_alloc_icm_coherent(), but a different value is passed to
dma_free_coherent() in mlx4_free_icm_coherent(). In turn this is because
when allocated, that pointer is passed to sg_set_buf() to record it,
then when freed it is re-calculated by calling
lowmem_page_address(sg_page()) which returns a different value. Solve
this by recording the value that dma_alloc_coherent() returns, and
passing this to dma_free_coherent().

This patch is roughly equivalent to commit 378efe798e ("RDMA/hns: Get
rid of page operation after dma_alloc_coherent").

Based-on-code-from: Christoph Hellwig <hch@lst.de>
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Reviewed-by: Tariq Toukan <tariqt@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-07 05:14:17 -08:00
David Ahern
d4a7e9bb74 ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses
I realized the last patch calls dev_get_by_index_rcu in a branch not
holding the rcu lock. Add the calls to rcu_read_lock and rcu_read_unlock.

Fixes: ec90ad3349 ("ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address")
Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-05 14:17:07 -08:00
David Ahern
ec90ad3349 ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address
Similar to c5ee066333 ("ipv6: Consider sk_bound_dev_if when binding a
socket to an address"), binding a socket to v4 mapped addresses needs to
consider if the socket is bound to a device.

This problem also exists from the beginning of git history.

Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-04 17:18:58 -08:00
Jeff Kirsher
ae84e4a8eb ixgbe: fix Kconfig when driver is not a module
The new ability added to the driver to use mii_bus to handle MII related
ioctls is causing compile issues when the driver is compiled into the
kernel (i.e. not a module).

The problem was in selecting MDIO_DEVICE instead of the preferred PHYLIB
Kconfig option.  The reason being that MDIO_DEVICE had a dependency on
PHYLIB and would be compiled as a module when PHYLIB was a module, no
matter whether ixgbe was compiled into the kernel.

CC: Dave Jones <davej@codemonkey.org.uk>
CC: Steve Douthit <stephend@silicom-usa.com>
CC: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Reviewed-by: Stephen Douthit <stephend@silicom-usa.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-04 14:02:16 -08:00
Eric Dumazet
8d93367045 ipv6: make icmp6_send() robust against null skb->dev
syzbot was able to crash one host with the following stack trace :

kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 8625 Comm: syz-executor4 Not tainted 4.20.0+ #8
RIP: 0010:dev_net include/linux/netdevice.h:2169 [inline]
RIP: 0010:icmp6_send+0x116/0x2d30 net/ipv6/icmp.c:426
 icmpv6_send
 smack_socket_sock_rcv_skb
 security_sock_rcv_skb
 sk_filter_trim_cap
 __sk_receive_skb
 dccp_v6_do_rcv
 release_sock

This is because a RX packet found socket owned by user and
was stored into socket backlog. Before leaving RCU protected section,
skb->dev was cleared in __sk_receive_skb(). When socket backlog
was finally handled at release_sock() time, skb was fed to
smack_socket_sock_rcv_skb() then icmp6_send()

We could fix the bug in smack_socket_sock_rcv_skb(), or simply
make icmp6_send() more robust against such possibility.

In the future we might provide to icmp6_send() the net pointer
instead of infering it.

Fixes: d66a8acbda ("Smack: Inform peer that IPv6 traffic has been blocked")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Piotr Sawicki <p.sawicki2@partner.samsung.com>
Cc: Casey Schaufler <casey@schaufler-ca.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-04 13:40:03 -08:00
Peter Oskolkov
3271a48218 selftests: net: fix/improve ip_defrag selftest
Commit ade446403b ("net: ipv4: do not handle duplicate fragments as
overlapping") changed IPv4 defragmentation so that duplicate fragments,
as well as _some_ fragments completely covered by previously delivered
fragments, do not lead to the whole frag queue being discarded. This
makes the existing ip_defrag selftest flaky.

This patch
* makes sure that negative IPv4 defrag tests generate truly overlapping
  fragments that trigger defrag queue drops;
* tests that duplicate IPv4 fragments do not trigger defrag queue drops;
* makes a couple of minor tweaks to the test aimed at increasing its code
  coverage and reduce flakiness.

Signed-off-by: Peter Oskolkov <posk@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-04 13:38:39 -08:00
Daniele Palmas
f87118d576 qmi_wwan: add MTU default to qmap network interface
This patch adds MTU default value to qmap network interface in
order to avoid "RTNETLINK answers: No buffer space available"
error when setting an ipv6 address.

Signed-off-by: Daniele Palmas <dnlplm@gmail.com>
Acked-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-04 13:35:42 -08:00
David S. Miller
75e7fb0a87 Merge branch 'hns-fixes'
Huazhong Tan says:

====================
net: hns: Bugfixes for HNS driver

This patchset includes bugfixes for the HNS ethernet controller driver.

Every patch is independent.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-04 13:33:57 -08:00
Yonglong Liu
bb989501ab net: hns: Fix use after free identified by SLUB debug
When enable SLUB debug, than remove hns_enet_drv module, SLUB debug will
identify a use after free bug:

[134.189505] Unable to handle kernel paging request at virtual address
		006b6b6b6b6b6b6b
[134.197553] Mem abort info:
[134.200381]   ESR = 0x96000004
[134.203487]   Exception class = DABT (current EL), IL = 32 bits
[134.209497]   SET = 0, FnV = 0
[134.212596]   EA = 0, S1PTW = 0
[134.215777] Data abort info:
[134.218701]   ISV = 0, ISS = 0x00000004
[134.222596]   CM = 0, WnR = 0
[134.225606] [006b6b6b6b6b6b6b] address between user and kernel address ranges
[134.232851] Internal error: Oops: 96000004 [#1] SMP
[134.237798] CPU: 21 PID: 27834 Comm: rmmod Kdump: loaded Tainted: G
		OE     4.19.5-1.2.34.aarch64 #1
[134.247856] Hardware name: Huawei TaiShan 2280 /BC11SPCD, BIOS 1.58 10/24/2018
[134.255181] pstate: 20000005 (nzCv daif -PAN -UAO)
[134.260044] pc : hns_ae_put_handle+0x38/0x60
[134.264372] lr : hns_ae_put_handle+0x24/0x60
[134.268700] sp : ffff00001be93c50
[134.272054] x29: ffff00001be93c50 x28: ffff802faaec8040
[134.277442] x27: 0000000000000000 x26: 0000000000000000
[134.282830] x25: 0000000056000000 x24: 0000000000000015
[134.288284] x23: ffff0000096fe098 x22: ffff000001050070
[134.293671] x21: ffff801fb3c044a0 x20: ffff80afb75ec098
[134.303287] x19: ffff80afb75ec098 x18: 0000000000000000
[134.312945] x17: 0000000000000000 x16: 0000000000000000
[134.322517] x15: 0000000000000002 x14: 0000000000000000
[134.332030] x13: dead000000000100 x12: ffff7e02bea3c988
[134.341487] x11: ffff80affbee9e68 x10: 0000000000000000
[134.351033] x9 : 6fffff8000008101 x8 : 0000000000000000
[134.360569] x7 : dead000000000100 x6 : ffff000009579748
[134.370059] x5 : 0000000000210d00 x4 : 0000000000000000
[134.379550] x3 : 0000000000000001 x2 : 0000000000000000
[134.388813] x1 : 6b6b6b6b6b6b6b6b x0 : 0000000000000000
[134.397993] Process rmmod (pid: 27834, stack limit = 0x00000000d474b7fd)
[134.408498] Call trace:
[134.414611]  hns_ae_put_handle+0x38/0x60
[134.422208]  hnae_put_handle+0xd4/0x108
[134.429563]  hns_nic_dev_remove+0x60/0xc0 [hns_enet_drv]
[134.438342]  platform_drv_remove+0x2c/0x70
[134.445958]  device_release_driver_internal+0x174/0x208
[134.454810]  driver_detach+0x70/0xd8
[134.461913]  bus_remove_driver+0x64/0xe8
[134.469396]  driver_unregister+0x34/0x60
[134.476822]  platform_driver_unregister+0x20/0x30
[134.485130]  hns_nic_dev_driver_exit+0x14/0x6e4 [hns_enet_drv]
[134.494634]  __arm64_sys_delete_module+0x238/0x290

struct hnae_handle is a member of struct hnae_vf_cb, so when vf_cb is
freed, than use hnae_handle will cause use after free panic.

This patch frees vf_cb after hnae_handle used.

Signed-off-by: Yonglong Liu <liuyonglong@huawei.com>
Signed-off-by: Huazhong Tan <tanhuazhong@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-04 13:33:57 -08:00
Yonglong Liu
c77804be53 net: hns: Fix WARNING when hns modules installed
Commit 308c6cafde ("net: hns: All ports can not work when insmod hns ko
after rmmod.") add phy_stop in hns_nic_init_phy(), In the branch of "net",
this method is effective, but in the branch of "net-next", it will cause
a WARNING when hns modules loaded, reference to commit 2b3e88ea65 ("net:
phy: improve phy state checking"):

[10.092168] ------------[ cut here ]------------
[10.092171] called from state READY
[10.092189] WARNING: CPU: 4 PID: 1 at ../drivers/net/phy/phy.c:854
                phy_stop+0x90/0xb0
[10.092192] Modules linked in:
[10.092197] CPU: 4 PID:1 Comm:swapper/0 Not tainted 4.20.0-rc7-next-20181220 #1
[10.092200] Hardware name: Huawei TaiShan 2280 /D05, BIOS Hisilicon D05 UEFI
                16.12 Release 05/15/2017
[10.092202] pstate: 60000005 (nZCv daif -PAN -UAO)
[10.092205] pc : phy_stop+0x90/0xb0
[10.092208] lr : phy_stop+0x90/0xb0
[10.092209] sp : ffff00001159ba90
[10.092212] x29: ffff00001159ba90 x28: 0000000000000007
[10.092215] x27: ffff000011180068 x26: ffff0000110a5620
[10.092218] x25: ffff0000113b6000 x24: ffff842f96dac000
[10.092221] x23: 0000000000000000 x22: 0000000000000000
[10.092223] x21: ffff841fb8425e18 x20: ffff801fb3a56438
[10.092226] x19: ffff801fb3a56000 x18: ffffffffffffffff
[10.092228] x17: 0000000000000000 x16: 0000000000000000
[10.092231] x15: ffff00001122d6c8 x14: ffff00009159b7b7
[10.092234] x13: ffff00001159b7c5 x12: ffff000011245000
[10.092236] x11: 0000000005f5e0ff x10: ffff00001159b750
[10.092239] x9 : 00000000ffffffd0 x8 : 0000000000000465
[10.092242] x7 : ffff0000112457f8 x6 : ffff0000113bd7ce
[10.092245] x5 : 0000000000000000 x4 : 0000000000000000
[10.092247] x3 : 00000000ffffffff x2 : ffff000011245828
[10.092250] x1 : 4b5860bd05871300 x0 : 0000000000000000
[10.092253] Call trace:
[10.092255]  phy_stop+0x90/0xb0
[10.092260]  hns_nic_init_phy+0xf8/0x110
[10.092262]  hns_nic_try_get_ae+0x4c/0x3b0
[10.092264]  hns_nic_dev_probe+0x1fc/0x480
[10.092268]  platform_drv_probe+0x50/0xa0
[10.092271]  really_probe+0x1f4/0x298
[10.092273]  driver_probe_device+0x58/0x108
[10.092275]  __driver_attach+0xdc/0xe0
[10.092278]  bus_for_each_dev+0x74/0xc8
[10.092280]  driver_attach+0x20/0x28
[10.092283]  bus_add_driver+0x1b8/0x228
[10.092285]  driver_register+0x60/0x110
[10.092288]  __platform_driver_register+0x40/0x48
[10.092292]  hns_nic_dev_driver_init+0x18/0x20
[10.092296]  do_one_initcall+0x5c/0x180
[10.092299]  kernel_init_freeable+0x198/0x240
[10.092303]  kernel_init+0x10/0x108
[10.092306]  ret_from_fork+0x10/0x18
[10.092308] ---[ end trace 1396dd0278e397eb ]---

This WARNING occurred because of calling phy_stop before phy_start.

The root cause of the problem in commit '308c6cafde01' is:

Reference to hns_nic_init_phy, the flag phydev->supported is changed after
phy_connect_direct. The flag phydev->supported is 0x6ff when hns modules is
loaded, so will not change Fiber Port power(Reference to marvell.c), which
is power on at default.
Then the flag phydev->supported is changed to 0x6f, so Fiber Port power is
off when removing hns modules.
When hns modules installed again, the flag phydev->supported is default
value 0x6ff, so will not change Fiber Port power(now is off), causing mac
link not up problem.

So the solution is change phy flags before phy_connect_direct.

Fixes: 308c6cafde ("net: hns: All ports can not work when insmod hns ko after rmmod.")
Signed-off-by: Yonglong Liu <liuyonglong@huawei.com>
Signed-off-by: Huazhong Tan <tanhuazhong@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-04 13:33:57 -08:00
Linus Walleij
cff1e01f16 net: dsa: mt7530: Drop unused GPIO include
This driver uses GPIO descriptors only, <linux/of_gpio.h>
is not used so drop the include.

Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Reviewed-by: Vivien Didelot <vivien.didelot@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-04 13:07:23 -08:00
David S. Miller
0c06a09197 Merge branch 'GUE-error-recursion'
Stefano Brivio says:

====================
Fix two further potential unbounded recursions in GUE error handlers

Patch 1/2 takes care of preventing the issue fixed by commit 11789039da
("fou: Prevent unbounded recursion in GUE error handler") also with
UDP-Lite payloads -- I just realised this might happen from a syzbot
report.

Patch 2/2 fixes the issue for both UDP and UDP-Lite on IPv6, which I also
forgot to deal with in that same commit.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-04 13:06:07 -08:00
Stefano Brivio
44039e0017 fou6: Prevent unbounded recursion in GUE error handler
I forgot to deal with IPv6 in commit 11789039da ("fou: Prevent unbounded
recursion in GUE error handler").

Now syzbot reported what might be the same type of issue, caused by
gue6_err(), that is, handling exceptions for direct UDP encapsulation in
GUE (UDP-in-UDP) leads to unbounded recursion in the GUE exception
handler.

As it probably doesn't make sense to set up GUE this way, and it's
currently not even possible to configure this, skip exception handling for
UDP (or UDP-Lite) packets encapsulated in UDP (or UDP-Lite) packets with
GUE on IPv6.

Reported-by: syzbot+4ad25edc7a33e4ab91e0@syzkaller.appspotmail.com
Reported-by: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
Reported-by: Eric Dumazet <eric.dumazet@gmail.com>
Fixes: b8a51b38e4 ("fou, fou6: ICMP error handlers for FoU and GUE")
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-04 13:06:07 -08:00
Stefano Brivio
bc6e019b6e fou: Prevent unbounded recursion in GUE error handler also with UDP-Lite
In commit 11789039da ("fou: Prevent unbounded recursion in GUE error
handler"), I didn't take care of the case where UDP-Lite is encapsulated
into UDP or UDP-Lite with GUE. From a syzbot report about a possibly
similar issue with GUE on IPv6, I just realised the same thing might
happen with a UDP-Lite inner payload.

Also skip exception handling for inner UDP-Lite protocol.

Fixes: 11789039da ("fou: Prevent unbounded recursion in GUE error handler")
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-04 13:06:07 -08:00
Yi-Hung Wei
41e4e2cd75 openvswitch: Fix IPv6 later frags parsing
The previous commit fa642f0883
("openvswitch: Derive IP protocol number for IPv6 later frags")
introduces IP protocol number parsing for IPv6 later frags that can mess
up the network header length calculation logic, i.e. nh_len < 0.
However, the network header length calculation is mainly for deriving
the transport layer header in the key extraction process which the later
fragment does not apply.

Therefore, this commit skips the network header length calculation to
fix the issue.

Reported-by: Chris Mi <chrism@mellanox.com>
Reported-by: Greg Rose <gvrose8192@gmail.com>
Fixes: fa642f0883 ("openvswitch: Derive IP protocol number for IPv6 later frags")
Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-04 13:00:02 -08:00
Claudiu Beznea
ba3e1847d6 net: macb: remove unnecessary code
Commit 653e92a917 ("net: macb: add support for padding and fcs
computation") introduced a bug fixed by commit 899ecaedd1 ("net:
ethernet: cadence: fix socket buffer corruption problem"). Code removed
in this patch is not reachable at all so remove it.

Fixes: 653e92a917 ("net: macb: add support for padding and fcs computation")
Cc: Tristram Ha <Tristram.Ha@microchip.com>
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-04 12:59:09 -08:00
Linus Walleij
a09b42ba1a net: dsa: microchip: Drop unused GPIO includes
This driver does not use the old GPIO includes so drop
them.

Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Reviewed-by: Vivien Didelot <vivien.didelot@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-04 12:58:25 -08:00
David S. Miller
ebdefe4656 Merge branch 'qed-fixes'
Denis Bolotin says:

====================
qed: Misc fixes in qed

This patch series fixes 2 potential bugs in qed.
Please consider applying to net.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-04 12:57:31 -08:00
Denis Bolotin
46721c3d9e qed: Fix qed_ll2_post_rx_buffer_notify_fw() by adding a write memory barrier
Make sure chain element is updated before ringing the doorbell.

Signed-off-by: Denis Bolotin <dbolotin@marvell.com>
Signed-off-by: Ariel Elior <aelior@marvell.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-04 12:57:30 -08:00
Denis Bolotin
2d533a9287 qed: Fix qed_chain_set_prod() for PBL chains with non power of 2 page count
In PBL chains with non power of 2 page count, the producer is not at the
beginning of the chain when index is 0 after a wrap. Therefore, after the
producer index wrap around, page index should be calculated more carefully.

Signed-off-by: Denis Bolotin <dbolotin@marvell.com>
Signed-off-by: Ariel Elior <aelior@marvell.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-04 12:57:30 -08:00
David Rientjes
f8c468e853 net, skbuff: do not prefer skb allocation fails early
Commit dcda9b0471 ("mm, tree wide: replace __GFP_REPEAT by
__GFP_RETRY_MAYFAIL with more useful semantic") replaced __GFP_REPEAT in
alloc_skb_with_frags() with __GFP_RETRY_MAYFAIL when the allocation may
directly reclaim.

The previous behavior would require reclaim up to 1 << order pages for
skb aligned header_len of order > PAGE_ALLOC_COSTLY_ORDER before failing,
otherwise the allocations in alloc_skb() would loop in the page allocator
looking for memory.  __GFP_RETRY_MAYFAIL makes both allocations failable
under memory pressure, including for the HEAD allocation.

This can cause, among many other things, write() to fail with ENOTCONN
during RPC when under memory pressure.

These allocations should succeed as they did previous to dcda9b0471
even if it requires calling the oom killer and additional looping in the
page allocator to find memory.  There is no way to specify the previous
behavior of __GFP_REPEAT, but it's unlikely to be necessary since the
previous behavior only guaranteed that 1 << order pages would be reclaimed
before failing for order > PAGE_ALLOC_COSTLY_ORDER.  That reclaim is not
guaranteed to be contiguous memory, so repeating for such large orders is
usually not beneficial.

Removing the setting of __GFP_RETRY_MAYFAIL to restore the previous
behavior, specifically not allowing alloc_skb() to fail for small orders
and oom kill if necessary rather than allowing RPCs to fail.

Fixes: dcda9b0471 ("mm, tree wide: replace __GFP_REPEAT by __GFP_RETRY_MAYFAIL with more useful semantic")
Signed-off-by: David Rientjes <rientjes@google.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-04 12:53:16 -08:00
Wen Yang
8d68100ab4 soc/fsl/qe: fix err handling of ucc_of_parse_tdm
Currently there are some issues with the ucc_of_parse_tdm function:
1, a possible null pointer dereference in ucc_of_parse_tdm,
detected by the semantic patch deref_null.cocci,
with the following warning:
drivers/soc/fsl/qe/qe_tdm.c:177:21-24: ERROR: pdev is NULL but dereferenced.
2, dev gets modified, so in any case that devm_iounmap() will fail
even when the new pdev is valid, because the iomap was done with a
 different pdev.
3, there is no driver bind with the "fsl,t1040-qe-si" or
"fsl,t1040-qe-siram" device. So allocating resources using devm_*()
with these devices won't provide a cleanup path for these resources
when the caller fails.

This patch fixes them.

Suggested-by: Li Yang <leoyang.li@nxp.com>
Suggested-by: Christophe LEROY <christophe.leroy@c-s.fr>
Signed-off-by: Wen Yang <wen.yang99@zte.com.cn>
Reviewed-by: Peng Hao <peng.hao2@zte.com.cn>
CC: Julia Lawall <julia.lawall@lip6.fr>
CC: Zhao Qiang <qiang.zhao@nxp.com>
CC: David S. Miller <davem@davemloft.net>
CC: netdev@vger.kernel.org
CC: linuxppc-dev@lists.ozlabs.org
CC: linux-kernel@vger.kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-04 12:50:43 -08:00
Kai-Heng Feng
3635299183 r8169: Add support for new Realtek Ethernet
There are two new Realtek Ethernet devices which are re-branded r8168h.
Add the IDs to to support them.

Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Reviewed-by: Heiner Kallweit <hkallweit1@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-04 12:49:37 -08:00
Arthur Gautier
7c1e8a3817 netlink: fixup regression in RTM_GETADDR
This commit fixes a regression in AF_INET/RTM_GETADDR and
AF_INET6/RTM_GETADDR.

Before this commit, the kernel would stop dumping addresses once the first
skb was full and end the stream with NLMSG_DONE(-EMSGSIZE). The error
shouldn't be sent back to netlink_dump so the callback is kept alive. The
userspace is expected to call back with a new empty skb.

Changes from V1:
 - The error is not handled in netlink_dump anymore but rather in
   inet_dump_ifaddr and inet6_dump_addr directly as suggested by
   David Ahern.

Fixes: d7e38611b8 ("net/ipv4: Put target net when address dump fails due to bad attributes")
Fixes: 242afaa696 ("net/ipv6: Put target net when address dump fails due to bad attributes")

Cc: David Ahern <dsahern@gmail.com>
Cc: "David S . Miller" <davem@davemloft.net>
Cc: netdev@vger.kernel.org
Signed-off-by: Arthur Gautier <baloo@gandi.net>
Reviewed-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-04 12:47:06 -08:00
Christophe JAILLET
1492623e83 octeontx2-af: Fix a resource leak in an error handling path in 'cgx_probe()'
If an error occurs after the call to 'pci_alloc_irq_vectors()', we must
call 'pci_free_irq_vectors()' in order to avoid a	resource leak.

The same sequence is already in place in the corresponding 'cgx_remove()'
function.

Fixes: 1463f382f5 ("octeontx2-af: Add support for CGX link management")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-04 12:44:50 -08:00
Linus Torvalds
96d4f267e4 Remove 'type' argument from access_ok() function
Nobody has actually used the type (VERIFY_READ vs VERIFY_WRITE) argument
of the user address range verification function since we got rid of the
old racy i386-only code to walk page tables by hand.

It existed because the original 80386 would not honor the write protect
bit when in kernel mode, so you had to do COW by hand before doing any
user access.  But we haven't supported that in a long time, and these
days the 'type' argument is a purely historical artifact.

A discussion about extending 'user_access_begin()' to do the range
checking resulted this patch, because there is no way we're going to
move the old VERIFY_xyz interface to that model.  And it's best done at
the end of the merge window when I've done most of my merges, so let's
just get this done once and for all.

This patch was mostly done with a sed-script, with manual fix-ups for
the cases that weren't of the trivial 'access_ok(VERIFY_xyz' form.

There were a couple of notable cases:

 - csky still had the old "verify_area()" name as an alias.

 - the iter_iov code had magical hardcoded knowledge of the actual
   values of VERIFY_{READ,WRITE} (not that they mattered, since nothing
   really used it)

 - microblaze used the type argument for a debug printout

but other than those oddities this should be a total no-op patch.

I tried to fix up all architectures, did fairly extensive grepping for
access_ok() uses, and the changes are trivial, but I may have missed
something.  Any missed conversion should be trivially fixable, though.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-01-03 18:57:57 -08:00
Linus Torvalds
135143b2ca File locking bugfix for v4.21
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJcLfFMAAoJEAAOaEEZVoIVjFAP/33l7xDEbrYRMUuzjcGQEHW0
 aOblkkt+Mo8yuSEgsy0yOcfi0NXuPMdVSEp5nqgwI9YsSULhpDEai/ogP86kb2f7
 xdo9H43cPMZS+pDx/avRyICjBYGZE4qwpSEs0d2zSHNT0dCX5Asuughb0tRtfOwo
 TIUw+8xz3lrUf0+4XAgFHOZ1/1vvC/hlXmHL61e9ZBijafb7t0qbIbIkbmnQp4vN
 0njRpcRck1i1o6FhsVcC8mm+gL/Fu4uXbK3CtkInzMom6M3ecm2FU/Es3yL5qzdV
 UMBwU+G+RLAZnkZ3dGUv89gwQIDaZk43g/lQJLTGv46eY8ghx4kBeT78Iaooav/o
 Ml0ormpc71/iMHRQ8iMXMkhSdx8uKhp/TL+M8nx1UM3E/VloQj8SNMJi2jhnQA5h
 mkNlZGSIERgr8XZF5uRHQa/XFQb5FUAMlfa4wE4sTC4urkAOwlZDQ+qENFEuikkP
 EjNquVjCtLp8BW58WNXyaIv1gc/6A0ZIo2v/TXxcXM6hiH+U4GW72FeDXSDkPmqN
 1rGgMI6blKpE4JmHSJjaHJP2Lo8TsyX6k64z3cV0fPigmAAAQQC+Mhtl8GkL670k
 L4sRxXh0HRR2H7HLrW/nbnbL4A3F8U7a1QmpXu4Be/FetUSbRTx3FOiiS6eyIXWu
 dPoocH9cfRcGXQ+gYg8Z
 =MagU
 -----END PGP SIGNATURE-----

Merge tag 'locks-v4.21-2' of git://git.kernel.org/pub/scm/linux/kernel/git/jlayton/linux

Pull file locking bugfix from Jeff Layton:
 "This is a one-line fix for a bug that syzbot turned up in the new
  patches to mitigate the thundering herd when a lock is released"

* tag 'locks-v4.21-2' of git://git.kernel.org/pub/scm/linux/kernel/git/jlayton/linux:
  locks: fix error in locks_move_blocks()
2019-01-03 14:33:46 -08:00
Linus Torvalds
810574ca7e sound fixes for 4.21-rc1 (or whatever the next)
Among a few HD-audio fixes, the only significant one is the
 regression fix on some machines like Dell XPS due to the default
 binding changes.  We ended up reverting the whole since the fix for
 ASoC HD-audio driver won't be available immediately.
 -----BEGIN PGP SIGNATURE-----
 
 iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAlwtD5IOHHRpd2FpQHN1
 c2UuZGUACgkQLtJE4w1nLE+9VBAAnOS5eOOyQw4TUDAUHjiOaVPqVG53+W9p8a8J
 nGIv024PihDtL53TrTw6d8xDJfav2BrfUFyifOD12/wwn9D5Y06E6xMbV1/2aEgS
 0uLl6TDQo1/BKhu/7MyNpmghcwkpSEGzjDOtQb8JI+j6FwCCl7+ub7ErvP1ytYLe
 5ikTvW1f2jFAf3Hg+4SPkjPT7NOAwfsvbMDXE0BcxrNJ9+feqPL9DtNBerVgVIZ0
 nBXyl9GLGwsNV/BBRoWtALGdsvScjVrtXvmFd0xxKH9kdJj9kZHNcJfhlL2LMlap
 D2cUaUpHj1wHDwlhKSvslkXTZjtpjIjDfdeLRCqofj+02puSLEzSqdII30vVmAUy
 wj5IgwuCzAH5yNSC2/AoQjACa84bDhAuRUuidMOkZD2zqhr7/kSfqKf8aXAnHGrr
 gngE70cR2fK+bU4d4DR+5lxgbvYm/9HTsiSYqGSYhSe56NylA6BYit4RZV2wu1N5
 Pbw/mrMMnZ3FL4Pn/koC2mwdjPyGDn3lAIkRH6FISuSvK19/9qqFRyzqZgtHXPbV
 hmZ0zweDs3p7zAMQapmnqQzYjOp/5PJSyhLvx4lhFgP8gqWwaJN9jvHTHP0OyN9/
 3lBxgWKjGX/l6R9th4sau1Bl6DybV1r2KGB+HZd+LtXLb2GYKoTUqDrBJQowP5zT
 Bh6PPyE=
 =93xe
 -----END PGP SIGNATURE-----

Merge tag 'sound-fix-4.21-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

Pull sound fixes from Takashi Iwai:
 "Among a few HD-audio fixes, the only significant one is the regression
  fix on some machines like Dell XPS due to the default binding changes.
  We ended up reverting the whole since the fix for ASoC HD-audio driver
  won't be available immediately"

* tag 'sound-fix-4.21-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ALSA: hda - Revert DSP detection on legacy HD-audio driver
  ALSA: hda/tegra: clear pending irq handlers
  ALSA: hda/realtek: Enable the headset mic auto detection for ASUS laptops
2019-01-03 13:08:00 -08:00
Linus Torvalds
43d86ee8c6 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:
 "Several fixes here. Basically split down the line between newly
  introduced regressions and long existing problems:

   1) Double free in tipc_enable_bearer(), from Cong Wang.

   2) Many fixes to nf_conncount, from Florian Westphal.

   3) op->get_regs_len() can throw an error, check it, from Yunsheng
      Lin.

   4) Need to use GFP_ATOMIC in *_add_hash_mac_address() of fsl/fman
      driver, from Scott Wood.

   5) Inifnite loop in fib_empty_table(), from Yue Haibing.

   6) Use after free in ax25_fillin_cb(), from Cong Wang.

   7) Fix socket locking in nr_find_socket(), also from Cong Wang.

   8) Fix WoL wakeup enable in r8169, from Heiner Kallweit.

   9) On 32-bit sock->sk_stamp is not thread-safe, from Deepa Dinamani.

  10) Fix ptr_ring wrap during queue swap, from Cong Wang.

  11) Missing shutdown callback in hinic driver, from Xue Chaojing.

  12) Need to return NULL on error from ip6_neigh_lookup(), from Stefano
      Brivio.

  13) BPF out of bounds speculation fixes from Daniel Borkmann"

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (57 commits)
  ipv6: Consider sk_bound_dev_if when binding a socket to an address
  ipv6: Fix dump of specific table with strict checking
  bpf: add various test cases to selftests
  bpf: prevent out of bounds speculation on pointer arithmetic
  bpf: fix check_map_access smin_value test when pointer contains offset
  bpf: restrict unknown scalars of mixed signed bounds for unprivileged
  bpf: restrict stack pointer arithmetic for unprivileged
  bpf: restrict map value pointer arithmetic for unprivileged
  bpf: enable access to ax register also from verifier rewrite
  bpf: move tmp variable into ax register in interpreter
  bpf: move {prev_,}insn_idx into verifier env
  isdn: fix kernel-infoleak in capi_unlocked_ioctl
  ipv6: route: Fix return value of ip6_neigh_lookup() on neigh_create() error
  net/hamradio/6pack: use mod_timer() to rearm timers
  net-next/hinic:add shutdown callback
  net: hns3: call hns3_nic_net_open() while doing HNAE3_UP_CLIENT
  ip: validate header length on virtual device xmit
  tap: call skb_probe_transport_header after setting skb->dev
  ptr_ring: wrap back ->producer in __ptr_ring_swap_queue()
  net: rds: remove unnecessary NULL check
  ...
2019-01-03 12:53:47 -08:00
David Ahern
c5ee066333 ipv6: Consider sk_bound_dev_if when binding a socket to an address
IPv6 does not consider if the socket is bound to a device when binding
to an address. The result is that a socket can be bound to eth0 and then
bound to the address of eth1. If the device is a VRF, the result is that
a socket can only be bound to an address in the default VRF.

Resolve by considering the device if sk_bound_dev_if is set.

This problem exists from the beginning of git history.

Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-02 20:16:37 -08:00
David Ahern
73155879b3 ipv6: Fix dump of specific table with strict checking
Dump of a specific table with strict checking enabled is looping. The
problem is that the end of the table dump is not marked in the cb. When
dumping a specific table, cb args 0 and 1 are not used (they are the hash
index and entry with an hash table index when dumping all tables). Re-use
args[0] to hold a 'done' flag for the specific table dump.

Fixes: 13e38901d4 ("net/ipv6: Plumb support for filtering route dumps")
Reported-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-02 20:15:43 -08:00
Linus Torvalds
645ff1e8e7 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
Pull input updates from Dmitry Torokhov:
 "A tiny pull request this merge window unfortunately, should get more
  material in for the next release:

   - new driver for Raspberry Pi's touchscreen (firmware interface)

   - miscellaneous input driver fixes"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
  Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G
  Input: atmel_mxt_ts - don't try to free unallocated kernel memory
  Input: drv2667 - fix indentation issues
  Input: touchscreen - fix coding style issue
  Input: add official Raspberry Pi's touchscreen driver
  Input: nomadik-ske-keypad - fix a loop timeout test
  Input: rotary-encoder - don't log EPROBE_DEFER to kernel log
  Input: olpc_apsp - remove set but not used variable 'np'
  Input: olpc_apsp - enable the SP clock
  Input: olpc_apsp - check FIFO status on open(), not probe()
  Input: olpc_apsp - drop CONFIG_OLPC dependency
  clk: mmp2: add SP clock
  dt-bindings: marvell,mmp2: Add clock id for the SP clock
  Input: ad7879 - drop platform data support
2019-01-02 18:56:59 -08:00
Linus Torvalds
d548e65904 virtio, vhost: features, fixes, cleanups
discard in virtio blk
 misc fixes and cleanups
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABAgAGBQJcLSujAAoJECgfDbjSjVRpguUH/jHFcIR0egb9k0nEx2ETxoPw
 HKjV3zzWW+WKYu7NNXyF4qiIedlQvTLUt1gRNtNa/G0C+AFKKPl+ynBNmBFfM3Lt
 RCpt0ctAaJDpr8xABC4PRoAU2Vga9Glkt9SobZ7kBDCXcCl6PDYk3zLryG87N5Rf
 pQJeTOpYtE8OgQaO7w3+7u5YmfGWaCrsxMWuq43ry9mn0J6QaJ6FYrz5+V90uOcT
 o5NtauCyTzIj+wrsh75qg6KWG8zLFwrskCxX8CmYd+j7ZTDZc5U9eaYJRx3HdqOE
 //aXqXy17trgy5GGTw9IPKE30JOztEhER9HzQASNVkmjYTq7q8DTMlnVIMSLRF0=
 =NI+Y
 -----END PGP SIGNATURE-----

Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost

Pull virtio/vhost updates from Michael Tsirkin:
"Features, fixes, cleanups:

   - discard in virtio blk

   - misc fixes and cleanups"

* tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
  vhost: correct the related warning message
  vhost: split structs into a separate header file
  virtio: remove deprecated VIRTIO_PCI_CONFIG()
  vhost/vsock: switch to a mutex for vhost_vsock_hash
  virtio_blk: add discard and write zeroes support
2019-01-02 18:54:45 -08:00
Linus Torvalds
77d0b194b2 for-4.21/block-20190102
-----BEGIN PGP SIGNATURE-----
 
 iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAlwtClAQHGF4Ym9lQGtl
 cm5lbC5kawAKCRD301j7KXHgpicLEACpQalDy7tUp+0/5VUMTiYksBqimtCoOu59
 K9BsrRwdXnhAxBdD3a6cn442axKelg5NozdTAXFTNAFkuDUci0eBvVZFNBhuRaqY
 Cp/ub8rF81viivDvF5kO8wWC745Zj63/BQjethXrTssVI3ZOV4lK+haiuJeXOegN
 LwM64P5lHlhQkOn/FV5oDSWyrlffMrjtcqJ22Em0mxeHgneZXI0wVeJgGbbY8e33
 GWGUb+sYpDM41ZDl7vyVSIDNHKzYMSbN7hdLh3fD+EWVFwI/F+lZU/LHbO+lKt1f
 LU/mPXLrIkEvzhFwwGLQy10u6lo1US6sMoKfFcpKu8KRY4p7DyvoCLyGH2PtK2sR
 +vX1LlWPHJsN9x/5TlfOnXrR0qChzqwMU3tgzQaCF7HOEx+3Xt7HpKRffJmVMNZP
 anMqevN2OfjvpcBEs2jktAqiwmBZIPSQJ9OMqkPJIalIW4h3qDKXRKttpmWTWMeV
 sDWNGj3hpukWba01vTxYOkz8/V58+ikzM26UAjTmTU9YvQ+TZBmu+azAuisedhqE
 b66gXz8YLp6r10psSBnh1IThvhuDyjmofouWGuSWJRcEngzXbL6jDQhgqWWCzKUn
 cW8Cs4ymvSwE5Qwwgs4wY8XYwyl5L9QGgfwLx+toMvSKq/G+ONA6FQ1Crp7zx4jq
 bnNqy1iWNg==
 =KYFj
 -----END PGP SIGNATURE-----

Merge tag 'for-4.21/block-20190102' of git://git.kernel.dk/linux-block

Pull more block updates from Jens Axboe:

 - Dead code removal for loop/sunvdc (Chengguang)

 - Mark BIDI support for bsg as deprecated, logging a single dmesg
   warning if anyone is actually using it (Christoph)

 - blkcg cleanup, killing a dead function and making the tryget_closest
   variant easier to read (Dennis)

 - Floppy fixes, one fixing a regression in swim3 (Finn)

 - lightnvm use-after-free fix (Gustavo)

 - gdrom leak fix (Wenwen)

 - a set of drbd updates (Lars, Luc, Nathan, Roland)

* tag 'for-4.21/block-20190102' of git://git.kernel.dk/linux-block: (28 commits)
  block/swim3: Fix regression on PowerBook G3
  block/swim3: Fix -EBUSY error when re-opening device after unmount
  block/swim3: Remove dead return statement
  block/amiflop: Don't log error message on invalid ioctl
  gdrom: fix a memory leak bug
  lightnvm: pblk: fix use-after-free bug
  block: sunvdc: remove redundant code
  block: loop: remove redundant code
  bsg: deprecate BIDI support in bsg
  blkcg: remove unused __blkg_release_rcu()
  blkcg: clean up blkg_tryget_closest()
  drbd: Change drbd_request_detach_interruptible's return type to int
  drbd: Avoid Clang warning about pointless switch statment
  drbd: introduce P_ZEROES (REQ_OP_WRITE_ZEROES on the "wire")
  drbd: skip spurious timeout (ping-timeo) when failing promote
  drbd: don't retry connection if peers do not agree on "authentication" settings
  drbd: fix print_st_err()'s prototype to match the definition
  drbd: avoid spurious self-outdating with concurrent disconnect / down
  drbd: do not block when adjusting "disk-options" while IO is frozen
  drbd: fix comment typos
  ...
2019-01-02 18:49:58 -08:00
Linus Torvalds
b79f9f93eb for-4.21/libata-20190102
-----BEGIN PGP SIGNATURE-----
 
 iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAlwtCj4QHGF4Ym9lQGtl
 cm5lbC5kawAKCRD301j7KXHgppLHD/46junIMUmhANlWwx+f87aqIqxZtg9a2XLB
 E6gll7EXg0EJDIzzWXIdUPFtg/iZ/7+78slB+o6VK2R2SCc72/g1cbCiNgS4OmYK
 djxvakNwLNAEATp6OYT8z21C8SiqUMExUwP4Vcld6BU7BB3sOmVtPP1Y/siYGY80
 yc5E/UeKuRVHWyixwhnpCMJuJGXBwIQjgywt20jVsPXkjlv11fyupCMIrthkmWax
 K6TgwULxA00BHqxjHCdRGbMrcN6vLidrkDPlfJOXFyrupLf9V4+iXop9q9716Fxm
 H/1MsH4VEAiTwg8erzCh9dt9j6sTMd1RJsL3/fKywYxhPzi6CHnN+K6ONIKO7j0i
 AkwcXRepHvOyGb/CYQYWhbPyplSn6exTcHiPafUqK+ENKVRGdGTdccktMRAewVrT
 sFik2oU6ZFzTcF9IPH+9tCOB25xQ/CA8wiIsi8/GWKSsFMqFNYKRurp2pCE3X1Ev
 RqSD6YchdImFddQAqz4mrHyC3iS557xzegRqGsg6lzzTARmAwG54d6/GibTCZchj
 vtjcs7de9B7GedLDQ3tcuP/XkBCNi/ZYsg4FRcYcoykNgocILm12+d9hTrp9h8gv
 I1mqLfQVbousaYuVT8ufDHtZvGxEKRcYEC95fY+geNHVCl1UvlxwPy0Sm4aXNXWe
 EVCDyAwZaA==
 =NDqT
 -----END PGP SIGNATURE-----

Merge tag 'for-4.21/libata-20190102' of git://git.kernel.dk/linux-block

Pull libata fix from Jens Axboe:
 "This libata change missed the original libata pull request.

  Just a single fix in here, fixing a missed reference drop"

* tag 'for-4.21/libata-20190102' of git://git.kernel.dk/linux-block:
  ata: pata_macio: add of_node_put()
2019-01-02 18:47:56 -08:00
Linus Torvalds
0f2107daec One more patch to generalize a set of DT binding defines now before -rc1
comes out. This way the SoC DTS files can use the proper defines from a
 stable tag.
 -----BEGIN PGP SIGNATURE-----
 
 iQJFBAABCgAvFiEE9L57QeeUxqYDyoaDrQKIl8bklSUFAlwmdjIRHHNib3lkQGtl
 cm5lbC5vcmcACgkQrQKIl8bklSX8Iw//RZ3fJWCV5HdYO938SRl8mdn+kKc+8bfO
 Ng6abLS7hV79oB8G5sapYxS5BaoHw9O59NM2wldu+9vtM1s3cPlvPXJN60NQMHrA
 9Bv8r5xOARKzcyou+0vCtWOVL0xt92KKU4fuPCgdP62OkeNppUeZqpoeVILZyOsz
 txfNX1CN6WdxPHWG4mxted8i1sX873EAdLsE+n8zEchfPk0ADZ/TEfKDlqHV9wAB
 XgFzk8W/ZyKg2zlNCwWIUBIk9IlqRUTnPArA9bzAgxMO6x0DT7W5LSgEHN0nk2kl
 uhLDjxcXUtQKic14hzlnBHDN+aSaCtrdUsoxxlgoyyq+cDh8eC9keh4DsBu32nBk
 ETQ00DteZWaPSMuqphQ6rOye3X/ff42cQREZCxo5anuUt2ekgwdCiS64XU/id+tk
 1YdTGgiwiZTBZCTlvWqvoOpU2OannD7c2dEML9X7evM0H35f2KjNFODtWEDedDSg
 BFyP62gFs7063Pdz02wUdS37m6iC2WDbZioSUw+NJjSnnX4N4Uz7zI/Xh2AhwLwT
 9bECXexsg2qUTSFbEvLsTTasE551bSqOJ5VzJuDwTL6OdmeLYEv+H+ZY5z/8lYkF
 gLx2rfo63P/2YljkVjKFxValu3jDUbt26ePEa0J9N4WK17CS28L6BXnC7TdEqNhP
 +Hs380jUFXw=
 =mZr0
 -----END PGP SIGNATURE-----

Merge tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux

Pull more clk updates from Stephen Boyd:
 "One more patch to generalize a set of DT binding defines now before
  -rc1 comes out.

  This way the SoC DTS files can use the proper defines from a stable
  tag"

* tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux:
  clk: imx8qxp: make the name of clock ID generic
2019-01-02 18:45:50 -08:00
Linus Torvalds
01766d27d2 Device properties framework fixes for 4.21-rc1
Fix two potential NULL pointer dereferences found by Coverity in
 the software nodes code introduced recently (Colin Ian King).
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABCAAGBQJcLI57AAoJEILEb/54YlRxX4QP/RTWeeYLVPfA6le6K67SDpdG
 wN7rJpKLJqC15gJPbMiPRwaxMrq1j/iJ8ntw2aCS9ZxEhaaXpKnIg7zLYaG/CW2Q
 ops0pbFqL2m8CdN0UJKSp8OidXxDevmvbg/G2ebgOflYHyUKmHk8pXre2nw49rf2
 TJtwlvWmHEK4YFdOXJRG3PIZ6U1qLnFkukvWOnNYsa4NXU6T8L9JWSg2NmsU27Ni
 aRH1FNshCWy96WeCr2vY8AeDiRjAfbT08LAxeiJpOolCoN2ejjp7NgWU4RTeKwpo
 TWJ/6Hll98i6Oi105rlQxGq19yu5lM87Ti5xbmATd5NLKR0yL1oF0T5FTtUxge3q
 ISIThK4KWZT3tCP0G7SkaOItlPxFgk2fkPRhS+WmmEDK0zWOxXq31N2dX49U9Hty
 8qpnic4hsjk1oVsc1IcO8Vd8xTKZo+KnE5a3aWXlJ9Bi8GIrlX9q+Fy9YOBKzvA7
 GQkU/oZPUNIiS2+SrEL5f+6HG7nY2L2gCQcRSqJKUBJ98nSFcYYOFYgJmUYzoh5s
 je/XxnkGdRSKJno0NOkQOdAxLl8OV2c5zrH5OGqdUX9PoNbujJEEGk9dT8fN5suD
 MjRcAkjIutq3ELCQMqiJLqXfEibjo64hnjU5zZFurbztFk8LUZpk5AsLCiaEtfAH
 sYtRppt56ok85PFH2weN
 =RZzu
 -----END PGP SIGNATURE-----

Merge tag 'devprop-4.21-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

Pull device properties framework fixes from Rafael Wysocki:
 "Fix two potential NULL pointer dereferences found by Coverity in the
  software nodes code introduced recently (Colin Ian King)"

* tag 'devprop-4.21-rc1-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  drivers: base: swnode: check if swnode is NULL before dereferencing it
  drivers: base: swnode: check if pointer p is NULL before dereferencing it
2019-01-02 18:43:57 -08:00
Linus Torvalds
35ddb06a46 - Introduce device-managed registration devm_mbox_controller_un/register and convert drivers to use it
- Introduce flush api to support clients that must busy-wait in atomic context
 - Support multiple controllers per device
 - Hi3660: a bugfix and constify ops structure
 - TI-MsgMgr: off by one bugfix.
 - BCM: switch to spdx license
 - Tegra-HSP: support for shared mailboxes and suspend/resume.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEE6EwehDt/SOnwFyTyf9lkf8eYP5UFAlwsSx4ACgkQf9lkf8eY
 P5V7VBAAkYp05XY1IsH5x1nSqhFb+cco0pv0kwO3Sr+IhYgC3i5aD2JMtIGu3N34
 8lFrNXbrodDFsY37dAd8YDP4zoJ6LGmB9Z7brjuce/Mlgj63Z7EV5R+PW6UC/thP
 ul9RVM3d0YoRfutHz0p8+0vgB2d90Npng6f1XhNBwniWNtzFm1QoDl/rr5QI/126
 tdgpuC/79fl1ymuzrBxMx7Yn5LG4P5B834gip16qiKlhaawL98nmWoF0EyIFwSMN
 Oo4yxpiMPsLC1Jt9EygXOHyybt1WSgCGlKV0fk6iiugR2YmDfVaiASq8e1gBN9W8
 8ILFxEFkfbR4uat3fDErymGmdQrt0pFeSBnwej30JS/GTASz5i0XAIfpVYL113t9
 WzsMR8YZGW3hk1Z+ZXJhecszYhDg4GAfew2kADqmdBeG6JX8eBn0wYFRFYjYPsXR
 idrsWkuzYmNXUaFg10Un3OgVwmpnhB7QmiKXTeqpWkcYlrI8MiljwAK+wXh2/23S
 vxM+hdbKLQ++0m6iMz/9HE3b5LJlJtXwz5UDagWvgr6t0UTxviPK7xpjvgvRlUny
 OYd2UuC0X3dHWWflST6eWR4hWqc96KHLsTAn3X9nm+S41ijZHU+MS3B/F1Z5R1LS
 tU3V0JK5Q+61Va5brSr7/XO3TEy+5n1jWl92SGnayFuqnVaXZyQ=
 =b4QB
 -----END PGP SIGNATURE-----

Merge tag 'mailbox-v4.21' of git://git.linaro.org/landing-teams/working/fujitsu/integration

Pull mailbox updates from Jassi Brar:

 - Introduce device-managed registration
   devm_mbox_controller_un/register and convert drivers to use it

 - Introduce flush api to support clients that must busy-wait in atomic
   context

 - Support multiple controllers per device

 - Hi3660: a bugfix and constify ops structure

 - TI-MsgMgr: off by one bugfix.

 - BCM: switch to spdx license

 - Tegra-HSP: support for shared mailboxes and suspend/resume.

* tag 'mailbox-v4.21' of git://git.linaro.org/landing-teams/working/fujitsu/integration: (30 commits)
  mailbox: tegra-hsp: Use device-managed registration API
  mailbox: tegra-hsp: use devm_kstrdup_const()
  mailbox: tegra-hsp: Add suspend/resume support
  mailbox: tegra-hsp: Add support for shared mailboxes
  dt-bindings: tegra186-hsp: Add shared mailboxes
  mailbox: Allow multiple controllers per device
  mailbox: Support blocking transfers in atomic context
  mailbox: ti-msgmgr: Use device-managed registration API
  mailbox: stm32-ipcc: Use device-managed registration API
  mailbox: rockchip: Use device-managed registration API
  mailbox: qcom-apcs: Use device-managed registration API
  mailbox: platform-mhu: Use device-managed registration API
  mailbox: omap: Use device-managed registration API
  mailbox: mtk-cmdq: Remove needless devm_kfree() calls
  mailbox: mtk-cmdq: Use device-managed registration API
  mailbox: xgene-slimpro: Use device-managed registration API
  mailbox: sti: Use device-managed registration API
  mailbox: altera: Use device-managed registration API
  mailbox: imx: Use device-managed registration API
  mailbox: hi6220: Use device-managed registration API
  ...
2019-01-02 18:41:38 -08:00
Linus Torvalds
6aa293d8ff Merge branch 'for-linus-4.21-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml
Pull UML updates from Richard Weinberger:

 - DISCARD support for our block device driver

 - Many TLB flush optimizations

 - Various smaller fixes

 - And most important, Anton agreed to help me maintaining UML

* 'for-linus-4.21-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml:
  um: Remove obsolete reenable_XX calls
  um: writev needs <sys/uio.h>
  Add Anton Ivanov to UML maintainers
  um: remove redundant generic-y
  um: Optimize Flush TLB for force/fork case
  um: Avoid marking pages with "changed protection"
  um: Skip TLB flushing where not needed
  um: Optimize TLB operations v2
  um: Remove unnecessary faulted check in uaccess.c
  um: Add support for DISCARD in the UBD Driver
  um: Remove unsafe printks from the io thread
  um: Clean-up command processing in UML UBD driver
  um: Switch to block-mq constants in the UML UBD driver
  um: Make GCOV depend on !KCOV
  um: Include sys/uio.h to have writev()
  um: Add HAVE_DEBUG_BUGVERBOSE
  um: Update maintainers file entry
2019-01-02 18:39:22 -08:00
Linus Torvalds
04a17edeca s390 updates for the 4.21 merge window
- A larger update for the zcrypt / AP bus code
    + Update two inline assemblies in the zcrypt driver to make gcc happy
    + Add a missing reply code for invalid special commands for zcrypt
    + Allow AP device reset to be triggered from user space
    + Split the AP scan function into smaller, more readable functions
 
  - Updates for vfio-ccw and vfio-ap
    + Add maintainers and reviewer for vfio-ccw
    + Include facility.h in vfio_ap_drv.c to avoid fragile include chain
    + Simplicy vfio-ccw state machine
 
  - Use the common code version of bust_spinlocks
 
  - Make use of the DEFINE_SHOW_ATTRIBUTE
 
  - Fix three incorrect file permissions in the DASD driver
 
  - Remove bit spin-lock from the PCI interrupt handler
 
  - Fix GFP_ATOMIC vs GFP_KERNEL in the PCI code
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQEcBAABCAAGBQJcLGoIAAoJEDjwexyKj9rgyN8IANaQvHbVBA3vz/Ssb6ZiR/K6
 rTBoXjJQqyJ/cf6RZeFi1b4Douv4QWJw3s06KXbrdmK/ONm5rypXVfXlAhY71pg5
 40BUb92MGXhJw6JFDQ50Udd6Z5r7r6RYR1puyg4tzHmBuNVL7FB5RqFm92UOkMOD
 ZI03G1sfA6/1XUKhNfCfNBB6Jt6V+iAAex8bgrp09wAeoGnAO20oFuis9u7pLlNm
 a5Cp9n7faXEN+qes1iBtVDr5o7opuhanwWKnhvsYTAbpOo7jGJ/47IPKT2Wfmurd
 wkMZBEC+Ntk/IfkaBzp7azeISZD5EbucTcgo/I9nzq/aWeflfXXeYl7My0aQB48=
 =Lqrh
 -----END PGP SIGNATURE-----

Merge tag 's390-4.21-1' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux

Pull s390 updates from Martin Schwidefsky:

 - A larger update for the zcrypt / AP bus code:
    + Update two inline assemblies in the zcrypt driver to make gcc happy
    + Add a missing reply code for invalid special commands for zcrypt
    + Allow AP device reset to be triggered from user space
    + Split the AP scan function into smaller, more readable functions

 - Updates for vfio-ccw and vfio-ap
    + Add maintainers and reviewer for vfio-ccw
    + Include facility.h in vfio_ap_drv.c to avoid fragile include chain
    + Simplicy vfio-ccw state machine

 - Use the common code version of bust_spinlocks

 - Make use of the DEFINE_SHOW_ATTRIBUTE

 - Fix three incorrect file permissions in the DASD driver

 - Remove bit spin-lock from the PCI interrupt handler

 - Fix GFP_ATOMIC vs GFP_KERNEL in the PCI code

* tag 's390-4.21-1' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
  s390/zcrypt: rework ap scan bus code
  s390/zcrypt: make sysfs reset attribute trigger queue reset
  s390/pci: fix sleeping in atomic during hotplug
  s390/pci: remove bit_lock usage in interrupt handler
  s390/drivers: fix proc/debugfs file permissions
  s390: convert to DEFINE_SHOW_ATTRIBUTE
  MAINTAINERS/vfio-ccw: add Farhan and Eric, make Halil Reviewer
  vfio: ccw: Merge BUSY and BOXED states
  s390: use common bust_spinlocks()
  s390/zcrypt: improve special ap message cmd handling
  s390/ap: rework assembler functions to use unions for in/out register variables
  s390: vfio-ap: include <asm/facility> for test_facility()
2019-01-02 18:37:01 -08:00
NeilBrown
bf77ae4c98 locks: fix error in locks_move_blocks()
After moving all requests from
   fl->fl_blocked_requests
to
   new->fl_blocked_requests

it is nonsensical to do anything to all the remaining elements, there
aren't any.  This should do something to all the requests that have been
moved. For simplicity, it does it to all requests in the target list.

Setting "f->fl_blocker = new" to all members of new->fl_blocked_requests
is "obviously correct" as it preserves the invariant of the linkage
among requests.

Reported-by: syzbot+239d99847eb49ecb3899@syzkaller.appspotmail.com
Fixes: 5946c4319e ("fs/locks: allow a lock request to block other requests.")
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Jeff Layton <jlayton@kernel.org>
2019-01-02 20:14:50 -05:00
David S. Miller
be63004336 Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf
Alexei Starovoitov says:

====================
pull-request: bpf 2019-01-02

The following pull-request contains BPF updates for your *net* tree.

The main changes are:

1) prevent out of bounds speculation on pointer arithmetic, from Daniel.

2) typo fix, from Xiaozhou.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-02 16:38:59 -08:00
Linus Torvalds
e6b9257280 NFS client updates for Linux 4.21
Note that there is a conflict with the rdma tree in this pull request, since
 we delete a file that has been changed in the rdma tree.  Hopefully that's
 easy enough to resolve!
 
 We also were unable to track down a maintainer for Neil Brown's changes to
 the generic cred code that are prerequisites to his RPC cred cleanup patches.
 We've been asking around for several months without any response, so
 hopefully it's okay to include those patches in this pull request.
 
 Stable bugfixes:
 - xprtrdma: Yet another double DMA-unmap # v4.20
 
 Features:
 - Allow some /proc/sys/sunrpc entries without CONFIG_SUNRPC_DEBUG
 - Per-xprt rdma receive workqueues
 - Drop support for FMR memory registration
 - Make port= mount option optional for RDMA mounts
 
 Other bugfixes and cleanups:
 - Remove unused nfs4_xdev_fs_type declaration
 - Fix comments for behavior that has changed
 - Remove generic RPC credentials by switching to 'struct cred'
 - Fix crossing mountpoints with different auth flavors
 - Various xprtrdma fixes from testing and auditing the close code
 - Fixes for disconnect issues when using xprtrdma with krb5
 - Clean up and improve xprtrdma trace points
 - Fix NFS v4.2 async copy reboot recovery
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEnZ5MQTpR7cLU7KEp18tUv7ClQOsFAlwtO50ACgkQ18tUv7Cl
 QOtZWQ//e5Hhp2TnQZ6U+99YKedjwBHP6psH3GKSEdeHSNdlSpZ5ckgHxvMb9TBa
 6t4ecgv5P/uYLIePQ0u2ubUFc9+TlyGi7Iacx13/YhK7kihGHDPnZhfl0QbYixV7
 rwa9bFcKmOrXs8ld+Hw3P2UL22G1gMf/LHDhPNshbW7LFZmcshKz+mKTk70kwkq9
 v7tFC59p6GwV8Sr2YI2NXn2fOWsUS00sQfgj2jceJYJ8PsNa+wHYF4wPj2IY5NsE
 D5Oq2kLPbytBhCllOHgopNZaf4qb5BfqhVETyc1O+kDF3BZKUhQ1PoDi2FPinaHM
 5/d8hS+5fr3eMBsQrPWQLXYjWQFUXnkQQJvU3Bo52AIgomsk/8uBq3FvH7XmFcBd
 C8sgnuUAkAS8feMes8GCS50BTxclnGuYGdyFJyCRXoG9Kn9rMrw9EKitky6EVq0v
 NmXhW79jK84a3yDXVlAIpZ8Y9BU/HQ3GviGX8lQEdZU9YiYRzDIHvpMFwzMgqaBi
 XvLbr8PlLOm8GZokThS8QYT/G2Wu6IwfUq/AufVjVD4+HiL3duKKfWSGAvcm6aAa
 GoRF6UG+OmjWlzKojtRc1dI+sy22Fzh+DW+Mx6tuf/b/66wkmYnW7eKcV4rt6Tm5
 /JEhvTMo9q7elL/4FgCoMCcdoc5eXqQyXRXrQiOU7YHLzn2aWU0=
 =DvVW
 -----END PGP SIGNATURE-----

Merge tag 'nfs-for-4.21-1' of git://git.linux-nfs.org/projects/anna/linux-nfs

Pull NFS client updates from Anna Schumaker:
 "Stable bugfixes:
   - xprtrdma: Yet another double DMA-unmap # v4.20

  Features:
   - Allow some /proc/sys/sunrpc entries without CONFIG_SUNRPC_DEBUG
   - Per-xprt rdma receive workqueues
   - Drop support for FMR memory registration
   - Make port= mount option optional for RDMA mounts

  Other bugfixes and cleanups:
   - Remove unused nfs4_xdev_fs_type declaration
   - Fix comments for behavior that has changed
   - Remove generic RPC credentials by switching to 'struct cred'
   - Fix crossing mountpoints with different auth flavors
   - Various xprtrdma fixes from testing and auditing the close code
   - Fixes for disconnect issues when using xprtrdma with krb5
   - Clean up and improve xprtrdma trace points
   - Fix NFS v4.2 async copy reboot recovery"

* tag 'nfs-for-4.21-1' of git://git.linux-nfs.org/projects/anna/linux-nfs: (63 commits)
  sunrpc: convert to DEFINE_SHOW_ATTRIBUTE
  sunrpc: Add xprt after nfs4_test_session_trunk()
  sunrpc: convert unnecessary GFP_ATOMIC to GFP_NOFS
  sunrpc: handle ENOMEM in rpcb_getport_async
  NFS: remove unnecessary test for IS_ERR(cred)
  xprtrdma: Prevent leak of rpcrdma_rep objects
  NFSv4.2 fix async copy reboot recovery
  xprtrdma: Don't leak freed MRs
  xprtrdma: Add documenting comment for rpcrdma_buffer_destroy
  xprtrdma: Replace outdated comment for rpcrdma_ep_post
  xprtrdma: Update comments in frwr_op_send
  SUNRPC: Fix some kernel doc complaints
  SUNRPC: Simplify defining common RPC trace events
  NFS: Fix NFSv4 symbolic trace point output
  xprtrdma: Trace mapping, alloc, and dereg failures
  xprtrdma: Add trace points for calls to transport switch methods
  xprtrdma: Relocate the xprtrdma_mr_map trace points
  xprtrdma: Clean up of xprtrdma chunk trace points
  xprtrdma: Remove unused fields from rpcrdma_ia
  xprtrdma: Cull dprintk() call sites
  ...
2019-01-02 16:35:23 -08:00
Linus Torvalds
e45428a436 Thanks to Vasily Averin for fixing a use-after-free in the containerized
NFSv4.2 client, and cleaning up some convoluted backchannel server code
 in the process.  Otherwise, miscellaneous smaller bugfixes and cleanup.
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJcLR3nAAoJECebzXlCjuG+oyAQALrPSTH9Qg2AwP2eGm+AevUj
 u/VFmimImIO9dYuT02t4w42w4qMIQ0/Y7R0UjT3DxG5Oixy/zA+ZaNXCCEKwSMIX
 abGF4YalUISbDc6n0Z8J14/T33wDGslhy3IQ9Jz5aBCDCocbWlzXvFlmrowbb3ak
 vtB0Fc3Xo6Z/Pu2GzNzlqR+f69IAmwQGJrRrAEp3JUWSIBKiSWBXTujDuVBqJNYj
 ySLzbzyAc7qJfI76K635XziULR2ueM3y5JbPX7kTZ0l3OJ6Yc0PtOj16sIv5o0XK
 DBYPrtvw3ZbxQE/bXqtJV9Zn6MG5ODGxKszG1zT1J3dzotc9l/LgmcAY8xVSaO+H
 QNMdU9QuwmyUG20A9rMoo/XfUb5KZBHzH7HIYOmkfBidcaygwIInIKoIDtzimm4X
 OlYq3TL/3QDY6rgTCZv6n2KEnwiIDpc5+TvFhXRWclMOJMcMSHJfKFvqERSv9V3o
 90qrCebPA0K8Dnc0HMxcBXZ+0TqZ2QeXp/wfIjibCXqMwlg+BZhmbeA0ngZ7x7qf
 2F33E9bfVJjL+VI5FcVYQf43bOTWZgD6ZKGk4T7keYl0CPH+9P70bfhl4KKy9dqc
 GwYooy/y5FPb2CvJn/EETeILRJ9OyIHUrw7HBkpz9N8n9z+V6Qbp9yW7LKgaMphW
 1T+GpHZhQjwuBPuJhDK0
 =dRLp
 -----END PGP SIGNATURE-----

Merge tag 'nfsd-4.21' of git://linux-nfs.org/~bfields/linux

Pull nfsd updates from Bruce Fields:
 "Thanks to Vasily Averin for fixing a use-after-free in the
  containerized NFSv4.2 client, and cleaning up some convoluted
  backchannel server code in the process.

  Otherwise, miscellaneous smaller bugfixes and cleanup"

* tag 'nfsd-4.21' of git://linux-nfs.org/~bfields/linux: (25 commits)
  nfs: fixed broken compilation in nfs_callback_up_net()
  nfs: minor typo in nfs4_callback_up_net()
  sunrpc: fix debug message in svc_create_xprt()
  sunrpc: make visible processing error in bc_svc_process()
  sunrpc: remove unused xpo_prep_reply_hdr callback
  sunrpc: remove svc_rdma_bc_class
  sunrpc: remove svc_tcp_bc_class
  sunrpc: remove unused bc_up operation from rpc_xprt_ops
  sunrpc: replace svc_serv->sv_bc_xprt by boolean flag
  sunrpc: use-after-free in svc_process_common()
  sunrpc: use SVC_NET() in svcauth_gss_* functions
  nfsd: drop useless LIST_HEAD
  lockd: Show pid of lockd for remote locks
  NFSD remove OP_CACHEME from 4.2 op_flags
  nfsd: Return EPERM, not EACCES, in some SETATTR cases
  sunrpc: fix cache_head leak due to queued request
  nfsd: clean up indentation, increase indentation in switch statement
  svcrdma: Optimize the logic that selects the R_key to invalidate
  nfsd: fix a warning in __cld_pipe_upcall()
  nfsd4: fix crash on writing v4_end_grace before nfsd startup
  ...
2019-01-02 16:21:50 -08:00