1. 27 May, 2015 14 commits
    • Luis R. Rodriguez's avatar
      kernel/params.c: generalize bool_enable_only · d19f05d8
      Luis R. Rodriguez authored
      This takes out the bool_enable_only implementation from
      the module loading code and generalizes it so that others
      can make use of it.
      
      Cc: Rusty Russell <rusty@rustcorp.com.au>
      Cc: Jani Nikula <jani.nikula@intel.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Tejun Heo <tj@kernel.org>
      Cc: Ingo Molnar <mingo@kernel.org>
      Cc: linux-kernel@vger.kernel.org
      Cc: cocci@systeme.lip6.fr
      Signed-off-by: default avatarLuis R. Rodriguez <mcgrof@suse.com>
      Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      d19f05d8
    • Luis R. Rodriguez's avatar
      kernel/module.c: use generic module param operaters for sig_enforce · 05f408dd
      Luis R. Rodriguez authored
      We're directly checking and modifying sig_enforce when needed instead
      of using the generic helpers. This prevents us from generalizing this
      helper so that others can use it. Use indirect helpers to allow us
      to generalize this code a bit and to make it a bit more clear what
      this is doing.
      
      Cc: Rusty Russell <rusty@rustcorp.com.au>
      Cc: Jani Nikula <jani.nikula@intel.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Tejun Heo <tj@kernel.org>
      Cc: Ingo Molnar <mingo@kernel.org>
      Cc: linux-kernel@vger.kernel.org
      Cc: cocci@systeme.lip6.fr
      Signed-off-by: default avatarLuis R. Rodriguez <mcgrof@suse.com>
      Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      05f408dd
    • Luis R. Rodriguez's avatar
      kernel/params: constify struct kernel_param_ops uses · 9c27847d
      Luis R. Rodriguez authored
      Most code already uses consts for the struct kernel_param_ops,
      sweep the kernel for the last offending stragglers. Other than
      include/linux/moduleparam.h and kernel/params.c all other changes
      were generated with the following Coccinelle SmPL patch. Merge
      conflicts between trees can be handled with Coccinelle.
      
      In the future git could get Coccinelle merge support to deal with
      patch --> fail --> grammar --> Coccinelle --> new patch conflicts
      automatically for us on patches where the grammar is available and
      the patch is of high confidence. Consider this a feature request.
      
      Test compiled on x86_64 against:
      
      	* allnoconfig
      	* allmodconfig
      	* allyesconfig
      
      @ const_found @
      identifier ops;
      @@
      
      const struct kernel_param_ops ops = {
      };
      
      @ const_not_found depends on !const_found @
      identifier ops;
      @@
      
      -struct kernel_param_ops ops = {
      +const struct kernel_param_ops ops = {
      };
      
      Generated-by: Coccinelle SmPL
      Cc: Rusty Russell <rusty@rustcorp.com.au>
      Cc: Junio C Hamano <gitster@pobox.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Tejun Heo <tj@kernel.org>
      Cc: Ingo Molnar <mingo@kernel.org>
      Cc: cocci@systeme.lip6.fr
      Cc: linux-kernel@vger.kernel.org
      Signed-off-by: default avatarLuis R. Rodriguez <mcgrof@suse.com>
      Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      9c27847d
    • Gobinda Charan Maji's avatar
      sysfs: tightened sysfs permission checks · 28b8d0c8
      Gobinda Charan Maji authored
      There were some inconsistency in restriction to VERIFY_OCTAL_PERMISSIONS().
      Previously the test was "User perms >= group perms >= other perms". The
      permission field of User, Group or Other consists of three bits. LSB is
      EXECUTE permission, MSB is READ permission and the middle bit is WRITE
      permission. But logically WRITE is "more privileged" than READ.
      
      Say for example, permission value is "0430". Here User has only READ
      permission whereas Group has both WRITE and EXECUTE permission.
      
      So, the checks could be tightened and the tests are separated to
      USER_READABLE >= GROUP_READABLE >= OTHER_READABLE,
      USER_WRITABLE >= GROUP_WRITABLE and OTHER_WRITABLE is not permitted.
      Signed-off-by: default avatarGobinda Charan Maji <gobinda.cemk07@gmail.com>
      Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      28b8d0c8
    • Peter Zijlstra's avatar
      module: Rework module_addr_{min,max} · 4f666546
      Peter Zijlstra authored
      __module_address() does an initial bound check before doing the
      {list/tree} iteration to find the actual module. The bound variables
      are nowhere near the mod_tree cacheline, in fact they're nowhere near
      one another.
      
      module_addr_min lives in .data while module_addr_max lives in .bss
      (smarty pants GCC thinks the explicit 0 assignment is a mistake).
      
      Rectify this by moving the two variables into a structure together
      with the latch_tree_root to guarantee they all share the same
      cacheline and avoid hitting two extra cachelines for the lookup.
      
      While reworking the bounds code, move the bound update from allocation
      to insertion time, this avoids updating the bounds for a few error
      paths.
      
      Cc: Rusty Russell <rusty@rustcorp.com.au>
      Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
      Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      4f666546
    • Peter Zijlstra's avatar
      module: Use __module_address() for module_address_lookup() · b7df4d1b
      Peter Zijlstra authored
      Use the generic __module_address() addr to struct module lookup
      instead of open coding it once more.
      
      Cc: Rusty Russell <rusty@rustcorp.com.au>
      Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
      Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      b7df4d1b
    • Peter Zijlstra's avatar
      module: Make the mod_tree stuff conditional on PERF_EVENTS || TRACING · 6c9692e2
      Peter Zijlstra authored
      Andrew worried about the overhead on small systems; only use the fancy
      code when either perf or tracing is enabled.
      
      Cc: Rusty Russell <rusty@rustcorp.com.au>
      Cc: Steven Rostedt <rostedt@goodmis.org>
      Requested-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
      Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      6c9692e2
    • Peter Zijlstra's avatar
      module: Optimize __module_address() using a latched RB-tree · 93c2e105
      Peter Zijlstra authored
      Currently __module_address() is using a linear search through all
      modules in order to find the module corresponding to the provided
      address. With a lot of modules this can take a lot of time.
      
      One of the users of this is kernel_text_address() which is employed
      in many stack unwinders; which in turn are used by perf-callchain and
      ftrace (possibly from NMI context).
      
      So by optimizing __module_address() we optimize many stack unwinders
      which are used by both perf and tracing in performance sensitive code.
      
      Cc: Rusty Russell <rusty@rustcorp.com.au>
      Cc: Steven Rostedt <rostedt@goodmis.org>
      Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
      Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
      Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      93c2e105
    • Peter Zijlstra's avatar
      rbtree: Implement generic latch_tree · ade3f510
      Peter Zijlstra authored
      Implement a latched RB-tree in order to get unconditional RCU/lockless
      lookups.
      
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Michel Lespinasse <walken@google.com>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Cc: David Woodhouse <David.Woodhouse@intel.com>
      Cc: Rik van Riel <riel@redhat.com>
      Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
      Cc: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
      Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
      Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      ade3f510
    • Peter Zijlstra's avatar
      seqlock: Introduce raw_read_seqcount_latch() · 7fc26327
      Peter Zijlstra authored
      Because with latches there is a strict data dependency on the seq load
      we can avoid the rmb in favour of a read_barrier_depends.
      Suggested-by: default avatarIngo Molnar <mingo@kernel.org>
      Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
      Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      7fc26327
    • Peter Zijlstra's avatar
      rcu: Move lockless_dereference() out of rcupdate.h · 0a04b016
      Peter Zijlstra authored
      I want to use lockless_dereference() from seqlock.h, which would mean
      including rcupdate.h from it, however rcupdate.h already includes
      seqlock.h.
      
      Avoid this by moving lockless_dereference() into compiler.h. This is
      somewhat tricky since it uses smp_read_barrier_depends() which isn't
      available there, but its a CPP macro so we can get away with it.
      
      The alternative would be moving it into asm/barrier.h, but that would
      be updating each arch (I can do if people feel that is more
      appropriate).
      
      Cc: Paul McKenney <paulmck@linux.vnet.ibm.com>
      Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
      Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      0a04b016
    • Peter Zijlstra's avatar
      seqlock: Better document raw_write_seqcount_latch() · 6695b92a
      Peter Zijlstra authored
      Improve the documentation of the latch technique as used in the
      current timekeeping code, such that it can be readily employed
      elsewhere.
      
      Borrow from the comments in timekeeping and replace those with a
      reference to this more generic comment.
      
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Cc: David Woodhouse <David.Woodhouse@intel.com>
      Cc: Rik van Riel <riel@redhat.com>
      Cc: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Reviewed-by: default avatarMathieu Desnoyers <mathieu.desnoyers@efficios.com>
      Acked-by: default avatarMichel Lespinasse <walken@google.com>
      Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
      Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      6695b92a
    • Peter Zijlstra's avatar
      rbtree: Make lockless searches non-fatal · d72da4a4
      Peter Zijlstra authored
      Change the insert and erase code such that lockless searches are
      non-fatal.
      
      In and of itself an rbtree cannot be correctly searched while
      in-modification, we can however provide weaker guarantees that will
      allow the rbtree to be used in conjunction with other techniques, such
      as latches; see 9b0fd802 ("seqcount: Add raw_write_seqcount_latch()").
      
      For this to work we need the following guarantees from the rbtree
      code:
      
       1) a lockless reader must not see partial stores, this would allow it
          to observe nodes that are invalid memory.
      
       2) there must not be (temporary) loops in the tree structure in the
          modifier's program order, this would cause a lookup which
          interrupts the modifier to get stuck indefinitely.
      
      For 1) we must use WRITE_ONCE() for all updates to the tree structure;
      in particular this patch only does rb_{left,right} as those are the
      only element required for simple searches.
      
      It generates slightly worse code, probably because volatile. But in
      pointer chasing heavy code a few instructions more should not matter.
      
      For 2) I have carefully audited the code and drawn every intermediate
      link state and not found a loop.
      
      Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
      Cc: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Cc: Andrea Arcangeli <aarcange@redhat.com>
      Cc: David Woodhouse <David.Woodhouse@intel.com>
      Cc: Rik van Riel <riel@redhat.com>
      Reviewed-by: default avatarMichel Lespinasse <walken@google.com>
      Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
      Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      d72da4a4
    • Peter Zijlstra's avatar
      module: Sanitize RCU usage and locking · 0be964be
      Peter Zijlstra authored
      Currently the RCU usage in module is an inconsistent mess of RCU and
      RCU-sched, this is broken for CONFIG_PREEMPT where synchronize_rcu()
      does not imply synchronize_sched().
      
      Most usage sites use preempt_{dis,en}able() which is RCU-sched, but
      (most of) the modification sites use synchronize_rcu(). With the
      exception of the module bug list, which actually uses RCU.
      
      Convert everything over to RCU-sched.
      
      Furthermore add lockdep asserts to all sites, because it's not at all
      clear to me the required locking is observed, esp. on exported
      functions.
      
      Cc: Rusty Russell <rusty@rustcorp.com.au>
      Acked-by: default avatar"Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
      Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
      Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      0be964be
  2. 26 May, 2015 2 commits
    • Peter Zijlstra's avatar
      module, jump_label: Fix module locking · bed831f9
      Peter Zijlstra authored
      As per the module core lockdep annotations in the coming patch:
      
      [   18.034047] ---[ end trace 9294429076a9c673 ]---
      [   18.047760] Hardware name: Intel Corporation S2600GZ/S2600GZ, BIOS SE5C600.86B.02.02.0002.122320131210 12/23/2013
      [   18.059228]  ffffffff817d8676 ffff880036683c38 ffffffff8157e98b 0000000000000001
      [   18.067541]  0000000000000000 ffff880036683c78 ffffffff8105fbc7 ffff880036683c68
      [   18.075851]  ffffffffa0046b08 0000000000000000 ffffffffa0046d00 ffffffffa0046cc8
      [   18.084173] Call Trace:
      [   18.086906]  [<ffffffff8157e98b>] dump_stack+0x4f/0x7b
      [   18.092649]  [<ffffffff8105fbc7>] warn_slowpath_common+0x97/0xe0
      [   18.099361]  [<ffffffff8105fc2a>] warn_slowpath_null+0x1a/0x20
      [   18.105880]  [<ffffffff810ee502>] __module_address+0x1d2/0x1e0
      [   18.112400]  [<ffffffff81161153>] jump_label_module_notify+0x143/0x1e0
      [   18.119710]  [<ffffffff810814bf>] notifier_call_chain+0x4f/0x70
      [   18.126326]  [<ffffffff8108160e>] __blocking_notifier_call_chain+0x5e/0x90
      [   18.134009]  [<ffffffff81081656>] blocking_notifier_call_chain+0x16/0x20
      [   18.141490]  [<ffffffff810f0f00>] load_module+0x1b50/0x2660
      [   18.147720]  [<ffffffff810f1ade>] SyS_init_module+0xce/0x100
      [   18.154045]  [<ffffffff81587429>] system_call_fastpath+0x12/0x17
      [   18.160748] ---[ end trace 9294429076a9c674 ]---
      
      Jump labels is not doing it right; fix this.
      
      Cc: Rusty Russell <rusty@rustcorp.com.au>
      Cc: Jason Baron <jbaron@akamai.com>
      Acked-by: default avatarPaul E. McKenney <paulmck@linux.vnet.ibm.com>
      Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
      Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      bed831f9
    • Peter Zijlstra's avatar
      module: Annotate module version magic · 926a59b1
      Peter Zijlstra authored
      Due to the new lockdep checks in the coming patch, we go:
      
      [    9.759380] ------------[ cut here ]------------
      [    9.759389] WARNING: CPU: 31 PID: 597 at ../kernel/module.c:216 each_symbol_section+0x121/0x130()
      [    9.759391] Modules linked in:
      [    9.759393] CPU: 31 PID: 597 Comm: modprobe Not tainted 4.0.0-rc1+ #65
      [    9.759393] Hardware name: Intel Corporation S2600GZ/S2600GZ, BIOS SE5C600.86B.02.02.0002.122320131210 12/23/2013
      [    9.759396]  ffffffff817d8676 ffff880424567ca8 ffffffff8157e98b 0000000000000001
      [    9.759398]  0000000000000000 ffff880424567ce8 ffffffff8105fbc7 ffff880424567cd8
      [    9.759400]  0000000000000000 ffffffff810ec160 ffff880424567d40 0000000000000000
      [    9.759400] Call Trace:
      [    9.759407]  [<ffffffff8157e98b>] dump_stack+0x4f/0x7b
      [    9.759410]  [<ffffffff8105fbc7>] warn_slowpath_common+0x97/0xe0
      [    9.759412]  [<ffffffff810ec160>] ? section_objs+0x60/0x60
      [    9.759414]  [<ffffffff8105fc2a>] warn_slowpath_null+0x1a/0x20
      [    9.759415]  [<ffffffff810ed9c1>] each_symbol_section+0x121/0x130
      [    9.759417]  [<ffffffff810eda01>] find_symbol+0x31/0x70
      [    9.759420]  [<ffffffff810ef5bf>] load_module+0x20f/0x2660
      [    9.759422]  [<ffffffff8104ef10>] ? __do_page_fault+0x190/0x4e0
      [    9.759426]  [<ffffffff815880ec>] ? retint_restore_args+0x13/0x13
      [    9.759427]  [<ffffffff815880ec>] ? retint_restore_args+0x13/0x13
      [    9.759433]  [<ffffffff810ae73d>] ? trace_hardirqs_on_caller+0x11d/0x1e0
      [    9.759437]  [<ffffffff812fcc0e>] ? trace_hardirqs_on_thunk+0x3a/0x3f
      [    9.759439]  [<ffffffff815880ec>] ? retint_restore_args+0x13/0x13
      [    9.759441]  [<ffffffff810f1ade>] SyS_init_module+0xce/0x100
      [    9.759443]  [<ffffffff81587429>] system_call_fastpath+0x12/0x17
      [    9.759445] ---[ end trace 9294429076a9c644 ]---
      
      As per the comment this site should be fine, but lets wrap it in
      preempt_disable() anyhow to placate lockdep.
      
      Cc: Rusty Russell <rusty@rustcorp.com.au>
      Acked-by: default avatarPaul E. McKenney <paulmck@linux.vnet.ibm.com>
      Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
      Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      926a59b1
  3. 25 May, 2015 2 commits
  4. 24 May, 2015 2 commits
    • Linus Torvalds's avatar
      Linux 4.1-rc5 · ba155e2d
      Linus Torvalds authored
      ba155e2d
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 5b139666
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "This is a set of five fixes: Two MAINTAINER email updates (urgent
        because the non-avagotech emails will start bouncing) an lpfc big
        endian oops fix, a 256 byte sector hang fix (to eliminate 256 byte
        sectors) and a storvsc fix which could cause test unit ready failures
        on bringup"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        MAINTAINERS: Revise lpfc maintainers for Avago Technologies ownership of Emulex
        MAINTAINERS, be2iscsi: change email domain
        sd: Disable support for 256 byte/sector disks
        lpfc: Fix breakage on big endian kernels
        storvsc: Set the SRB flags correctly when no data transfer is needed
      5b139666
  5. 23 May, 2015 4 commits
  6. 22 May, 2015 16 commits
    • Linus Torvalds's avatar
      Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux · cf539cbd
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "Radeon has two displayport fixes, one for a regression.
      
        i915 regression flicker fix needed so 4.0 can get fixed.
      
        A bunch of msm fixes and a bunch of exynos fixes, these two are
        probably a bit larger than I'd like, but most of them seems pretty
        good"
      
      * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: (29 commits)
        drm/radeon: fix error flag checking in native aux path
        drm/radeon: retry dcpd fetch
        drm/msm/mdp5: fix incorrect parameter for msm_framebuffer_iova()
        drm/exynos: dp: Lower level of EDID read success message
        drm/exynos: cleanup exynos_drm_plane
        drm/exynos: 'win' is always unsigned
        drm/exynos: mixer: don't dump registers under spinlock
        drm/exynos: Consolidate return statements in fimd_bind()
        drm/exynos: Constify exynos_drm_crtc_ops
        drm/exynos: Fix build breakage on !DRM_EXYNOS_FIMD
        drm/exynos: mixer: Constify platform_device_id
        drm/exynos: mixer: cleanup pixelformat handling
        drm/exynos: mixer: also allow NV21 for the video processor
        drm/exynos: mixer: remove buffer count handling in vp_video_buffer()
        drm/exynos: plane: honor buffer offset for dma_addr
        drm/exynos: fb: use drm_format_num_planes to get buffer count
        drm/i915: fix screen flickering
        drm/msm: fix locking inconsistencies in gpu->destroy()
        drm/msm/dsi: Simplify the code to get the number of read byte
        drm/msm: Attach assigned encoder to eDP and DSI connectors
        ...
      cf539cbd
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 0b6280c6
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Don't leak ipvs->sysctl_tbl, from Tommi Rentala.
      
       2) Fix neighbour table entry leak in rocker driver, from Ying Xue.
      
       3) Do not emit bonding notifications for unregistered interfaces, from
          Nicolas Dichtel.
      
       4) Set ipv6 flow label properly when in TIME_WAIT state, from Florent
          Fourcot.
      
       5) Fix regression in ipv6 multicast filter test, from Henning Rogge.
      
       6) do_replace() in various footables netfilter modules is missing a
          check for 0 counters in the datastructure provided by the user.  Fix
          from Dave Jones, and found with trinity.
      
       7) Fix RCU bug in packet scheduler classifier module unloads, from
          Daniel Borkmann.
      
       8) Avoid deadlock in tcp_get_info() by using u64_sync.  From Eric
          Dumzaet.
      
       9) Input packet processing can race with inetdev_destroy() teardown,
          fix potential OOPS in ip_error() by explicitly testing whether the
          inetdev is still attached.  From Eric W Biederman.
      
      10) MLDv2 parser in bridge multicast code breaks too early while
          parsing.  Fix from Thadeu Lima de Souza Cascardo.
      
      11) Asking for settings on non-zero PHYID doesn't work because we do not
          import the command structure from the user and use the PHYID
          provided there.  Fix from Arun Parameswaran.
      
      12) Fix UDP checksums with IPV6 RAW sockets, from Vlad Yasevich.
      
      13) Missing NF_TABLES depends for TPROXY etc can cause build failures,
          fix from Florian Westphal.
      
      14) Fix netfilter conntrack to handle RFC5961 challenge ACKs properly,
          from Jesper Dangaard Brouer.
      
      15) If netlink autobind retry fails, we have to reset the sockets portid
          back to zero.  From Herbert Xu.
      
      16) VXLAN netns exit code unregisters using wrong device, from John W
          Linville.
      
      17) Add some USB device IDs to ath3k and btusb bluetooth drivers, from
          Dmitry Tunin and Wen-chien Jesse Sung.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (44 commits)
        bridge: fix lockdep splat
        net: core: 'ethtool' issue with querying phy settings
        bridge: fix parsing of MLDv2 reports
        ARM: zynq: DT: Use the zynq binding with macb
        net: macb: Disable half duplex gigabit on Zynq
        net: macb: Document zynq gem dt binding
        ipv4: fill in table id when replacing a route
        cdc_ncm: Fix tx_bytes statistics
        ipv4: Avoid crashing in ip_error
        tcp: fix a potential deadlock in tcp_get_info()
        net: sched: fix call_rcu() race on classifier module unloads
        net: phy: Make sure phy_start() always re-enables the phy interrupts
        ipv6: fix ECMP route replacement
        ipv6: do not delete previously existing ECMP routes if add fails
        Revert "netfilter: bridge: query conntrack about skb dnat"
        netfilter: ensure number of counters is >0 in do_replace()
        netfilter: nfnetlink_{log,queue}: Register pernet in first place
        tcp: don't over-send F-RTO probes
        tcp: only undo on partial ACKs in CA_Loss
        net/ipv6/udp: Fix ipv6 multicast socket filter regression
        ...
      0b6280c6
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.dk/linux-block · 1c8df7bd
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
       "Three small fixes that have been picked up the last few weeks.
        Specifically:
      
         - Fix a memory corruption issue in NVMe with malignant user
           constructed request.  From Christoph.
      
         - Kill (now) unused blk_queue_bio(), dm was changed to not need this
           anymore.  From Mike Snitzer.
      
         - Always use blk_schedule_flush_plug() from the io_schedule() path
           when flushing a plug, fixing a !TASK_RUNNING warning with md.  From
           Shaohua"
      
      * 'for-linus' of git://git.kernel.dk/linux-block:
        sched: always use blk_schedule_flush_plug in io_schedule_out
        nvme: fix kernel memory corruption with short INQUIRY buffers
        block: remove export for blk_queue_bio
      1c8df7bd
    • Linus Torvalds's avatar
      Merge tag 'md/4.1-rc4-fixes' of git://neil.brown.name/md · a30ec4b3
      Linus Torvalds authored
      Pull md bugfixes from Neil Brown:
       "I have a few more raid5 bugfixes pending, but I want them to get a bit
        more review first.  In the meantime:
      
         - one serious RAID0 data corruption - caused by recent bugfix that
           wasn't reviewed properly.
      
         - one raid5 fix in new code (a couple more of those to come).
      
         - one little fix to stop static analysis complaining about silly rcu
           annotation"
      
      * tag 'md/4.1-rc4-fixes' of git://neil.brown.name/md:
        md/bitmap: remove rcu annotation from pointer arithmetic.
        md/raid0: fix restore to sector variable in raid0_make_request
        raid5: fix broken async operation chain
      a30ec4b3
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input · 1d82b0ba
      Linus Torvalds authored
      Pull input fixes from Dmitry Torokhov:
       "Updates for the input subsystem.
      
        The main change is that we tell joydev not to touch "absolute mice",
        such as VMware virtual mouse, as that produced bad result (cursor
        stuck in upper right corner) with games"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
        Input: smtpe-ts - wait 50mS until polling for pen-up
        Input: smtpe-ts - use msecs_to_jiffies() instead of HZ
        Input: joydev - don't classify the vmmouse as a joystick
        Input: vmmouse - do not reference non-existing version of X driver
        Input: alps - fix finger jumps on lifting 2 fingers on v7 touchpad
        Input: elantech - fix semi-mt protocol for v3 HW
        Input: sx8654 - fix memory allocation check
      1d82b0ba
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · 2a058f38
      Linus Torvalds authored
      Pull another crypto fix from Herbert Xu:
       "Fix ICV corruption in s390/ghash when the same tfm is used by more
        than one thread"
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
        crypto: s390/ghash - Fix incorrect ghash icv buffer handling.
      2a058f38
    • Eric Dumazet's avatar
      bridge: fix lockdep splat · 93a33a58
      Eric Dumazet authored
      Following lockdep splat was reported :
      
      [   29.382286] ===============================
      [   29.382315] [ INFO: suspicious RCU usage. ]
      [   29.382344] 4.1.0-0.rc0.git11.1.fc23.x86_64 #1 Not tainted
      [   29.382380] -------------------------------
      [   29.382409] net/bridge/br_private.h:626 suspicious
      rcu_dereference_check() usage!
      [   29.382455]
                     other info that might help us debug this:
      
      [   29.382507]
                     rcu_scheduler_active = 1, debug_locks = 0
      [   29.382549] 2 locks held by swapper/0/0:
      [   29.382576]  #0:  (((&p->forward_delay_timer))){+.-...}, at:
      [<ffffffff81139f75>] call_timer_fn+0x5/0x4f0
      [   29.382660]  #1:  (&(&br->lock)->rlock){+.-...}, at:
      [<ffffffffa0450dc1>] br_forward_delay_timer_expired+0x31/0x140
      [bridge]
      [   29.382754]
                     stack backtrace:
      [   29.382787] CPU: 0 PID: 0 Comm: swapper/0 Not tainted
      4.1.0-0.rc0.git11.1.fc23.x86_64 #1
      [   29.382838] Hardware name: LENOVO 422916G/LENOVO, BIOS A1KT53AUS 04/07/2015
      [   29.382882]  0000000000000000 3ebfc20364115825 ffff880666603c48
      ffffffff81892d4b
      [   29.382943]  0000000000000000 ffffffff81e124e0 ffff880666603c78
      ffffffff8110bcd7
      [   29.383004]  ffff8800785c9d00 ffff88065485ac58 ffff880c62002800
      ffff880c5fc88ac0
      [   29.383065] Call Trace:
      [   29.383084]  <IRQ>  [<ffffffff81892d4b>] dump_stack+0x4c/0x65
      [   29.383130]  [<ffffffff8110bcd7>] lockdep_rcu_suspicious+0xe7/0x120
      [   29.383178]  [<ffffffffa04520f9>] br_fill_ifinfo+0x4a9/0x6a0 [bridge]
      [   29.383225]  [<ffffffffa045266b>] br_ifinfo_notify+0x11b/0x4b0 [bridge]
      [   29.383271]  [<ffffffffa0450d90>] ? br_hold_timer_expired+0x70/0x70 [bridge]
      [   29.383320]  [<ffffffffa0450de8>]
      br_forward_delay_timer_expired+0x58/0x140 [bridge]
      [   29.383371]  [<ffffffffa0450d90>] ? br_hold_timer_expired+0x70/0x70 [bridge]
      [   29.383416]  [<ffffffff8113a033>] call_timer_fn+0xc3/0x4f0
      [   29.383454]  [<ffffffff81139f75>] ? call_timer_fn+0x5/0x4f0
      [   29.383493]  [<ffffffff8110a90f>] ? lock_release_holdtime.part.29+0xf/0x200
      [   29.383541]  [<ffffffffa0450d90>] ? br_hold_timer_expired+0x70/0x70 [bridge]
      [   29.383587]  [<ffffffff8113a6a4>] run_timer_softirq+0x244/0x490
      [   29.383629]  [<ffffffff810b68cc>] __do_softirq+0xec/0x670
      [   29.383666]  [<ffffffff810b70d5>] irq_exit+0x145/0x150
      [   29.383703]  [<ffffffff8189f506>] smp_apic_timer_interrupt+0x46/0x60
      [   29.383744]  [<ffffffff8189d523>] apic_timer_interrupt+0x73/0x80
      [   29.383782]  <EOI>  [<ffffffff816f131f>] ? cpuidle_enter_state+0x5f/0x2f0
      [   29.383832]  [<ffffffff816f131b>] ? cpuidle_enter_state+0x5b/0x2f0
      
      Problem here is that br_forward_delay_timer_expired() is a timer
      handler, calling br_ifinfo_notify() which assumes either rcu_read_lock()
      or RTNL are held.
      
      Simplest fix seems to add rcu read lock section.
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarJosh Boyer <jwboyer@fedoraproject.org>
      Reported-by: default avatarDominick Grift <dac.override@gmail.com>
      Cc: Vlad Yasevich <vyasevich@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      93a33a58
    • Arun Parameswaran's avatar
      net: core: 'ethtool' issue with querying phy settings · f96dee13
      Arun Parameswaran authored
      When trying to configure the settings for PHY1, using commands
      like 'ethtool -s eth0 phyad 1 speed 100', the 'ethtool' seems to
      modify other settings apart from the speed of the PHY1, in the
      above case.
      
      The ethtool seems to query the settings for PHY0, and use this
      as the base to apply the new settings to the PHY1. This is
      causing the other settings of the PHY 1 to be wrongly
      configured.
      
      The issue is caused by the '_ethtool_get_settings()' API, which
      gets called because of the 'ETHTOOL_GSET' command, is clearing
      the 'cmd' pointer (of type 'struct ethtool_cmd') by calling
      memset. This clears all the parameters (if any) passed for the
      'ETHTOOL_GSET' cmd. So the driver's callback is always invoked
      with 'cmd->phy_address' as '0'.
      
      The '_ethtool_get_settings()' is called from other files in the
      'net/core'. So the fix is applied to the 'ethtool_get_settings()'
      which is only called in the context of the 'ethtool'.
      Signed-off-by: default avatarArun Parameswaran <aparames@broadcom.com>
      Reviewed-by: default avatarRay Jui <rjui@broadcom.com>
      Reviewed-by: default avatarScott Branden <sbranden@broadcom.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f96dee13
    • Thadeu Lima de Souza Cascardo's avatar
      bridge: fix parsing of MLDv2 reports · 47cc84ce
      Thadeu Lima de Souza Cascardo authored
      When more than a multicast address is present in a MLDv2 report, all but
      the first address is ignored, because the code breaks out of the loop if
      there has not been an error adding that address.
      
      This has caused failures when two guests connected through the bridge
      tried to communicate using IPv6. Neighbor discoveries would not be
      transmitted to the other guest when both used a link-local address and a
      static address.
      
      This only happens when there is a MLDv2 querier in the network.
      
      The fix will only break out of the loop when there is a failure adding a
      multicast address.
      
      The mdb before the patch:
      
      dev ovirtmgmt port vnet0 grp ff02::1:ff7d:6603 temp
      dev ovirtmgmt port vnet1 grp ff02::1:ff7d:6604 temp
      dev ovirtmgmt port bond0.86 grp ff02::2 temp
      
      After the patch:
      
      dev ovirtmgmt port vnet0 grp ff02::1:ff7d:6603 temp
      dev ovirtmgmt port vnet1 grp ff02::1:ff7d:6604 temp
      dev ovirtmgmt port bond0.86 grp ff02::fb temp
      dev ovirtmgmt port bond0.86 grp ff02::2 temp
      dev ovirtmgmt port bond0.86 grp ff02::d temp
      dev ovirtmgmt port vnet0 grp ff02::1:ff00:76 temp
      dev ovirtmgmt port bond0.86 grp ff02::16 temp
      dev ovirtmgmt port vnet1 grp ff02::1:ff00:77 temp
      dev ovirtmgmt port bond0.86 grp ff02::1:ff00:def temp
      dev ovirtmgmt port bond0.86 grp ff02::1:ffa1:40bf temp
      
      Fixes: 08b202b6 ("bridge br_multicast: IPv6 MLD support.")
      Reported-by: default avatarRik Theys <Rik.Theys@esat.kuleuven.be>
      Signed-off-by: default avatarThadeu Lima de Souza Cascardo <cascardo@redhat.com>
      Tested-by: default avatarRik Theys <Rik.Theys@esat.kuleuven.be>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      47cc84ce
    • Nathan Sullivan's avatar
      ARM: zynq: DT: Use the zynq binding with macb · 9eeb5161
      Nathan Sullivan authored
      Use the new zynq binding for macb ethernet, since it will disable half
      duplex gigabit like the Zynq TRM says to do.
      Signed-off-by: default avatarNathan Sullivan <nathan.sullivan@ni.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9eeb5161
    • Nathan Sullivan's avatar
      net: macb: Disable half duplex gigabit on Zynq · 222ca8e0
      Nathan Sullivan authored
      According to the Zynq TRM, gigabit half duplex is not supported.  Add a
      new cap and compatible string so Zynq can avoid advertising that mode.
      Signed-off-by: default avatarNathan Sullivan <nathan.sullivan@ni.com>
      Acked-by: default avatarNicolas Ferre <nicolas.ferre@atmel.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      222ca8e0
    • Nathan Sullivan's avatar
    • Michal Kubeček's avatar
      ipv4: fill in table id when replacing a route · d4e64c29
      Michal Kubeček authored
      When replacing an IPv4 route, tb_id member of the new fib_alias
      structure is not set in the replace code path so that the new route is
      ignored.
      
      Fixes: 0ddcf43d ("ipv4: FIB Local/MAIN table collapse")
      Signed-off-by: default avatarMichal Kubecek <mkubecek@suse.cz>
      Acked-by: default avatarAlexander Duyck <alexander.h.duyck@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d4e64c29
    • Bjørn Mork's avatar
      cdc_ncm: Fix tx_bytes statistics · 44f6731d
      Bjørn Mork authored
      The tx_curr_frame_payload field is u32. When we try to calculate a
      small negative delta based on it, we end up with a positive integer
      close to 2^32 instead.  So the tx_bytes pointer increases by about
      2^32 for every transmitted frame.
      
      Fix by calculating the delta as a signed long.
      
      Cc: Ben Hutchings <ben.hutchings@codethink.co.uk>
      Reported-by: default avatarFlorian Bruhin <me@the-compiler.org>
      Fixes: 7a1e890e ("usbnet: Fix tx_bytes statistic running backward in cdc_ncm")
      Signed-off-by: default avatarBjørn Mork <bjorn@mork.no>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      44f6731d
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf · 572152ad
      David S. Miller authored
      Pablo Neira Ayuso says:
      
      ====================
      Netfilter fixes for net
      
      The following patchset contain Netfilter fixes for your net tree, they are:
      
      1) Fix a race in nfnetlink_log and nfnetlink_queue that can lead to a crash.
         This problem is due to wrong order in the per-net registration and netlink
         socket events. Patch from Francesco Ruggeri.
      
      2) Make sure that counters that userspace pass us are higher than 0 in all the
         x_tables frontends. Discovered via Trinity, patch from Dave Jones.
      
      3) Revert a patch for br_netfilter to rely on the conntrack status bits. This
         breaks stateless IPv6 NAT transformations. Patch from Florian Westphal.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      572152ad
    • Eric W. Biederman's avatar
      ipv4: Avoid crashing in ip_error · 381c759d
      Eric W. Biederman authored
      ip_error does not check if in_dev is NULL before dereferencing it.
      
      IThe following sequence of calls is possible:
      CPU A                          CPU B
      ip_rcv_finish
          ip_route_input_noref()
              ip_route_input_slow()
                                     inetdev_destroy()
          dst_input()
      
      With the result that a network device can be destroyed while processing
      an input packet.
      
      A crash was triggered with only unicast packets in flight, and
      forwarding enabled on the only network device.   The error condition
      was created by the removal of the network device.
      
      As such it is likely the that error code was -EHOSTUNREACH, and the
      action taken by ip_error (if in_dev had been accessible) would have
      been to not increment any counters and to have tried and likely failed
      to send an icmp error as the network device is going away.
      
      Therefore handle this weird case by just dropping the packet if
      !in_dev.  It will result in dropping the packet sooner, and will not
      result in an actual change of behavior.
      
      Fixes: 251da413 ("ipv4: Cache ip_error() routes even when not forwarding.")
      Reported-by: default avatarVittorio Gambaletta <linuxbugs@vittgam.net>
      Tested-by: default avatarVittorio Gambaletta <linuxbugs@vittgam.net>
      Signed-off-by: default avatarVittorio Gambaletta <linuxbugs@vittgam.net>
      Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
      Acked-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      381c759d