Commit Graph

739402 Commits

Author SHA1 Message Date
Torsten Hilbrich f3d801baf1 net/usb/qmi_wwan.c: Add USB id for lt4120 modem
This is needed to support the modem found in HP EliteBook 820 G3.

Signed-off-by: Torsten Hilbrich <torsten.hilbrich@secunet.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-03-26 12:54:59 -04:00
Xin Long 982cf3b399 team: move dev_mc_sync after master_upper_dev_link in team_port_add
The same fix as in 'bonding: move dev_mc_sync after master_upper_dev_link
in bond_enslave' is needed for team driver.

The panic can be reproduced easily:

  ip link add team1 type team
  ip link set team1 up
  ip link add link team1 vlan1 type vlan id 80
  ip link set vlan1 master team1

Fixes: cb41c997d4 ("team: team should sync the port's uc/mc addrs when add a port")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-03-26 12:51:45 -04:00
David S. Miller e49c78f4aa Merge branch 'bond-hwaddr-sync-fixes'
Xin Long says:

====================
bonding: a bunch of fixes for dev hwaddr sync in bond_enslave

This patchset is mainly to fix a crash when adding vlan as slave of
bond which is also the parent link in patch 2/3,  and also fix some
err process problems in bond_enslave in patch 1/3 and 3/3.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2018-03-26 12:51:06 -04:00
Xin Long 9f5a90c107 bonding: process the err returned by dev_set_allmulti properly in bond_enslave
When dev_set_promiscuity(1) succeeds but dev_set_allmulti(1) fails,
dev_set_promiscuity(-1) should be done before going to the err path.
Otherwise, dev->promiscuity will leak.

Fixes: 7e1a1ac1fb ("bonding: Check return of dev_set_promiscuity/allmulti")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Andy Gospodarek <andy@greyhouse.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-03-26 12:51:06 -04:00
Xin Long ae42cc62a9 bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave
Beniamino found a crash when adding vlan as slave of bond which is also
the parent link:

  ip link add bond1 type bond
  ip link set bond1 up
  ip link add link bond1 vlan1 type vlan id 80
  ip link set vlan1 master bond1

The call trace is as below:

  [<ffffffffa850842a>] queued_spin_lock_slowpath+0xb/0xf
  [<ffffffffa8515680>] _raw_spin_lock+0x20/0x30
  [<ffffffffa83f6f07>] dev_mc_sync+0x37/0x80
  [<ffffffffc08687dc>] vlan_dev_set_rx_mode+0x1c/0x30 [8021q]
  [<ffffffffa83efd2a>] __dev_set_rx_mode+0x5a/0xa0
  [<ffffffffa83f7138>] dev_mc_sync_multiple+0x78/0x80
  [<ffffffffc084127c>] bond_enslave+0x67c/0x1190 [bonding]
  [<ffffffffa8401909>] do_setlink+0x9c9/0xe50
  [<ffffffffa8403bf2>] rtnl_newlink+0x522/0x880
  [<ffffffffa8403ff7>] rtnetlink_rcv_msg+0xa7/0x260
  [<ffffffffa8424ecb>] netlink_rcv_skb+0xab/0xc0
  [<ffffffffa83fe498>] rtnetlink_rcv+0x28/0x30
  [<ffffffffa8424850>] netlink_unicast+0x170/0x210
  [<ffffffffa8424bf8>] netlink_sendmsg+0x308/0x420
  [<ffffffffa83cc396>] sock_sendmsg+0xb6/0xf0

This is actually a dead lock caused by sync slave hwaddr from master when
the master is the slave's 'slave'. This dead loop check is actually done
by netdev_master_upper_dev_link. However, Commit 1f718f0f4f ("bonding:
populate neighbour's private on enslave") moved it after dev_mc_sync.

This patch is to fix it by moving dev_mc_sync after master_upper_dev_link,
so that this loop check would be earlier than dev_mc_sync. It also moves
if (mode == BOND_MODE_8023AD) into if (!bond_uses_primary) clause as an
improvement.

Note team driver also has this issue, I will fix it in another patch.

Fixes: 1f718f0f4f ("bonding: populate neighbour's private on enslave")
Reported-by: Beniamino Galvani <bgalvani@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Andy Gospodarek <andy@greyhouse.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-03-26 12:51:05 -04:00
Xin Long 5c78f6bfae bonding: fix the err path for dev hwaddr sync in bond_enslave
vlan_vids_add_by_dev is called right after dev hwaddr sync, so on
the err path it should unsync dev hwaddr. Otherwise, the slave
dev's hwaddr will never be unsync when this err happens.

Fixes: 1ff412ad77 ("bonding: change the bond's vlan syncing functions with the standard ones")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Reviewed-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Acked-by: Andy Gospodarek <andy@greyhouse.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-03-26 12:51:05 -04:00
John Fastabend eb82a99447 net: sched, fix OOO packets with pfifo_fast
After the qdisc lock was dropped in pfifo_fast we allow multiple
enqueue threads and dequeue threads to run in parallel. On the
enqueue side the skb bit ooo_okay is used to ensure all related
skbs are enqueued in-order. On the dequeue side though there is
no similar logic. What we observe is with fewer queues than CPUs
it is possible to re-order packets when two instances of
__qdisc_run() are running in parallel. Each thread will dequeue
a skb and then whichever thread calls the ndo op first will
be sent on the wire. This doesn't typically happen because
qdisc_run() is usually triggered by the same core that did the
enqueue. However, drivers will trigger __netif_schedule()
when queues are transitioning from stopped to awake using the
netif_tx_wake_* APIs. When this happens netif_schedule() calls
qdisc_run() on the same CPU that did the netif_tx_wake_* which
is usually done in the interrupt completion context. This CPU
is selected with the irq affinity which is unrelated to the
enqueue operations.

To resolve this we add a RUNNING bit to the qdisc to ensure
only a single dequeue per qdisc is running. Enqueue and dequeue
operations can still run in parallel and also on multi queue
NICs we can still have a dequeue in-flight per qdisc, which
is typically per CPU.

Fixes: c5ad119fb6 ("net: sched: pfifo_fast use skb_array")
Reported-by: Jakob Unterwurzacher <jakob.unterwurzacher@theobroma-systems.com>
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-03-26 12:36:23 -04:00
Pawel Dembicki 743989254e net: qmi_wwan: add BroadMobi BM806U 2020:2033
BroadMobi BM806U is an Qualcomm MDM9225 based 3G/4G modem.
Tested hardware BM806U is mounted on D-Link DWR-921-C3 router.
The USB id is added to qmi_wwan.c to allow QMI communication with
the BM806U.

Tested on 4.14 kernel and OpenWRT.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-03-26 12:35:42 -04:00
Sanjeev Gupta 16e693c55e Documentation/isdn: check and fix dead links ...
and switch to https where possible.

All links have been eyeballed to verify that the domains have
not changed, etc.

Signed-off-by: Sanjeev Gupta <ghane0@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-03-26 12:31:13 -04:00
Stefan Roese 9066ae7ff5 ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent()
When trying to use the driver (e.g. aplay *.wav), the 4MiB DMA buffer
will get mmapp'ed in 16KiB chunks. But this fails with the 2nd 16KiB
area, as the page offset is outside of the VMA range (size), which is
currently used as size parameter in snd_pcm_lib_default_mmap(). By
using the DMA buffer size (dma_bytes) instead, the complete DMA buffer
can be mmapp'ed and the issue is fixed.

This issue was detected on an ARM platform (TI AM57xx) using the RME
HDSP MADI PCIe soundcard.

Fixes: 657b1989da ("ALSA: pcm - Use dma_mmap_coherent() if available")
Signed-off-by: Stefan Roese <sr@denx.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2018-03-26 16:33:50 +02:00
David S. Miller c87308b169 wireless-drivers fixes for 4.16
Some fixes for 4.16, only for iwlwifi and brcmfmac this time. All
 pretty small.
 
 iwlwifi
 
 * fix an issue with the multicast queue
 
 * fix IGTK handling
 
 * fix some missing return value checks
 
 * add support for a HW workaround for issues on some platforms
 
 * a couple of fixes for channel-switch
 
 * a few fixes for the aggregation handling code
 
 brcmfmac
 
 * drop Inter-Access Point Protocol packets by default
 
 * fix check for ISO3166 regulatory code
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJatiw3AAoJEG4XJFUm622bU7IH/0sIrhxJw+RJhTFQhRIx+WdN
 XPWCb1bUXMwb3+4a+Z3cPuLsKHsv4TJTXtglSvZtihpasr6zALNeoZCb6md5mHz8
 lLRWmMsyPQqnVy7mC7CO7qY5u8M6cZFvJgmn3pU8TAcok2r0skFiKCjqhY6A5ZUM
 V6dlmjld08i5Y8xGlFPFQwCK9NFNoe2YK5k7U5GeY+0PXK9koT7H7amXcYSnU+Nl
 Vrv/MZCGsOYa5E93IhPYkGRBasKqnLcS8+Rf+0zJl1eZuumyMr1+eqgaF1gVRC8w
 rTvGyHUMv5OXxw6UHItHlQbW+Wgypdo1qRCfsxsAWOj6W5L1uj258CgSiMcwp1o=
 =YWna
 -----END PGP SIGNATURE-----

Merge tag 'wireless-drivers-for-davem-2018-03-24' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers

Kalle Valo says:

====================
wireless-drivers fixes for 4.16

Some fixes for 4.16, only for iwlwifi and brcmfmac this time. All
pretty small.

iwlwifi

* fix an issue with the multicast queue

* fix IGTK handling

* fix some missing return value checks

* add support for a HW workaround for issues on some platforms

* a couple of fixes for channel-switch

* a few fixes for the aggregation handling code

brcmfmac

* drop Inter-Access Point Protocol packets by default

* fix check for ISO3166 regulatory code
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2018-03-25 21:26:07 -04:00
Paolo Abeni 10b8a3de60 ipv6: the entire IPv6 header chain must fit the first fragment
While building ipv6 datagram we currently allow arbitrary large
extheaders, even beyond pmtu size. The syzbot has found a way
to exploit the above to trigger the following splat:

kernel BUG at ./include/linux/skbuff.h:2073!
invalid opcode: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
    (ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 4230 Comm: syzkaller672661 Not tainted 4.16.0-rc2+ #326
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:__skb_pull include/linux/skbuff.h:2073 [inline]
RIP: 0010:__ip6_make_skb+0x1ac8/0x2190 net/ipv6/ip6_output.c:1636
RSP: 0018:ffff8801bc18f0f0 EFLAGS: 00010293
RAX: ffff8801b17400c0 RBX: 0000000000000738 RCX: ffffffff84f01828
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8801b415ac18
RBP: ffff8801bc18f360 R08: ffff8801b4576844 R09: 0000000000000000
R10: ffff8801bc18f380 R11: ffffed00367aee4e R12: 00000000000000d6
R13: ffff8801b415a740 R14: dffffc0000000000 R15: ffff8801b45767c0
FS:  0000000001535880(0000) GS:ffff8801db300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000002000b000 CR3: 00000001b4123001 CR4: 00000000001606e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
  ip6_finish_skb include/net/ipv6.h:969 [inline]
  udp_v6_push_pending_frames+0x269/0x3b0 net/ipv6/udp.c:1073
  udpv6_sendmsg+0x2a96/0x3400 net/ipv6/udp.c:1343
  inet_sendmsg+0x11f/0x5e0 net/ipv4/af_inet.c:764
  sock_sendmsg_nosec net/socket.c:630 [inline]
  sock_sendmsg+0xca/0x110 net/socket.c:640
  ___sys_sendmsg+0x320/0x8b0 net/socket.c:2046
  __sys_sendmmsg+0x1ee/0x620 net/socket.c:2136
  SYSC_sendmmsg net/socket.c:2167 [inline]
  SyS_sendmmsg+0x35/0x60 net/socket.c:2162
  do_syscall_64+0x280/0x940 arch/x86/entry/common.c:287
  entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x4404c9
RSP: 002b:00007ffdce35f948 EFLAGS: 00000217 ORIG_RAX: 0000000000000133
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004404c9
RDX: 0000000000000003 RSI: 0000000020001f00 RDI: 0000000000000003
RBP: 00000000006cb018 R08: 00000000004002c8 R09: 00000000004002c8
R10: 0000000020000080 R11: 0000000000000217 R12: 0000000000401df0
R13: 0000000000401e80 R14: 0000000000000000 R15: 0000000000000000
Code: ff e8 1d 5e b9 fc e9 15 e9 ff ff e8 13 5e b9 fc e9 44 e8 ff ff e8 29
5e b9 fc e9 c0 e6 ff ff e8 3f f3 80 fc 0f 0b e8 38 f3 80 fc <0f> 0b 49 8d
87 80 00 00 00 4d 8d 87 84 00 00 00 48 89 85 20 fe
RIP: __skb_pull include/linux/skbuff.h:2073 [inline] RSP: ffff8801bc18f0f0
RIP: __ip6_make_skb+0x1ac8/0x2190 net/ipv6/ip6_output.c:1636 RSP:
ffff8801bc18f0f0

As stated by RFC 7112 section 5:

   When a host fragments an IPv6 datagram, it MUST include the entire
   IPv6 Header Chain in the First Fragment.

So this patch addresses the issue dropping datagrams with excessive
extheader length. It also updates the error path to report to the
calling socket nonnegative pmtu values.

The issue apparently predates git history.

v1 -> v2: cleanup error path, as per Eric's suggestion

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Reported-by: syzbot+91e6f9932ff122fa4410@syzkaller.appspotmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-03-25 21:17:20 -04:00
Alexander Potapenko 7880287981 netlink: make sure nladdr has correct size in netlink_connect()
KMSAN reports use of uninitialized memory in the case when |alen| is
smaller than sizeof(struct sockaddr_nl), and therefore |nladdr| isn't
fully copied from the userspace.

Signed-off-by: Alexander Potapenko <glider@google.com>
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-03-25 21:14:51 -04:00
Raghuram Chary J e69647a19c lan78xx: Set ASD in MAC_CR when EEE is enabled.
Description:
EEE does not work with lan7800 when AutoSpeed is not set.
(This can happen when EEPROM is not populated or configured incorrectly)

Root-Cause:
When EEE is enabled, the mac config register ASD is not set
i.e. in default state, causing EEE fail.

Fix:
Set the register when eeprom is not present.

Fixes: 55d7de9de6 ("Microchip's LAN7800 family USB 2/3 to 10/100/1000 Ethernet device driver")
Signed-off-by: Raghuram Chary J <raghuramchary.jallipalli@microchip.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-03-25 21:06:49 -04:00
Hans Wippel bc58a1baf2 net/ipv4: disable SMC TCP option with SYN Cookies
Currently, the SMC experimental TCP option in a SYN packet is lost on
the server side when SYN Cookies are active. However, the corresponding
SYNACK sent back to the client contains the SMC option. This causes an
inconsistent view of the SMC capabilities on the client and server.

This patch disables the SMC option in the SYNACK when SYN Cookies are
active to avoid this issue.

Fixes: 60e2a77807 ("tcp: TCP experimental option for SMC")
Signed-off-by: Hans Wippel <hwippel@linux.vnet.ibm.com>
Signed-off-by: Ursula Braun <ubraun@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-03-25 20:53:54 -04:00
Linus Torvalds 3eb2ce825e Linux 4.16-rc7 2018-03-25 12:44:30 -10:00
Nicholas Piggin 52396500f9 powerpc/64s: Fix i-side SLB miss bad address handler saving nonvolatile GPRs
The SLB bad address handler's trap number fixup does not preserve the
low bit that indicates nonvolatile GPRs have not been saved. This
leads save_nvgprs to skip saving them, and subsequent functions and
return from interrupt will think they are saved.

This causes kernel branch-to-garbage debugging to not have correct
registers, can also cause userspace to have its registers clobbered
after a segfault.

Fixes: f0f558b131 ("powerpc/mm: Preserve CFAR value on SLB miss caused by access to bogus address")
Cc: stable@vger.kernel.org # v4.9+
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2018-03-26 07:40:17 +11:00
Linus Torvalds cb6416592b dmaengine fixes for v4.16-rc7
One small fix for stm32-dmamux fixing buffer overflow.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJat2RrAAoJEHwUBw8lI4NH1ZoQAMled80WTAY6lj1MTcstAfis
 fE47ZAv277RLpmdBCgibjja+9KL0PiQrWdBGryKGnLGEuI3vCZjY9F+H5gaHoOtM
 W6xQ5cEpuOlRDjwvYt1WXDSEJH2IYfoiJx/ATdG063oCDricUte3FTVxQhI//7l8
 2zkVBKtp1qG9Zn3DOTLmjoWTdJ7omGlCZW1KiBJs4lxGR6Hu8ZnmZoiCxp1lpLuM
 CaRcynw9dN9L+Ro9JshE9uaFYY8UTZO/XLYYs/uQn+eCIJVYi6xyQH0HLgELb+NR
 hnnEi+hfujV/mGfhWfWYjQa4/2u0hu9MCmV5ZsWS4jULhfkXcMzFOhzEat9/arRE
 TOUjDjkfBQJeoOnrQebvWf9Bh19AXhmz3/2xFDPQfhbLaaRiZ4muv3ZVEsQRNUnQ
 uxgyAJ36cG9Ft0aMotYey3A3grCxdeex0OdE1oEtSvJmYzTiwaCYUwYWYdiWyab6
 hkpwYFdvyWgmCrac46JFddsajlXPOkYJhS7Rbvdi8grRf22ICQBEeAeP4wCZPwaZ
 KGbZ2R8LerHsnqYuT7/hQTvOArBx41+0ZK6LWvCQ45NCaUIn7994KG1gCoRM+cxm
 /rrZRjoEE5BYtdA//UBs5OM6xYyk3CkTSknRZw7kgYWesA219G8t4ftaOQOhb4QF
 zupV8XpPZbTTh+FbViaN
 =AIMK
 -----END PGP SIGNATURE-----

Merge tag 'dmaengine-fix-4.16-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/slave-dma

Pull dmaengine fix from Vinod Koul:
 "One small fix for stm32-dmamux fixing buffer overflow"

* tag 'dmaengine-fix-4.16-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/slave-dma:
  dmaengine: stm32-dmamux: fix a potential buffer overflow
2018-03-25 07:45:10 -10:00
Linus Torvalds d2862360bf Merge branch 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 and PTI fixes from Ingo Molnar:
 "Misc fixes:

   - fix EFI pagetables freeing

   - fix vsyscall pagetable setting on Xen PV guests

   - remove ancient CONFIG_X86_PPRO_FENCE=y - x86 is TSO again

   - fix two binutils (ld) development version related incompatibilities

   - clean up breakpoint handling

   - fix an x86 self-test"

* 'x86-pti-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/entry/64: Don't use IST entry for #BP stack
  x86/efi: Free efi_pgd with free_pages()
  x86/vsyscall/64: Use proper accessor to update P4D entry
  x86/cpu: Remove the CONFIG_X86_PPRO_FENCE=y quirk
  x86/boot/64: Verify alignment of the LOAD segment
  x86/build/64: Force the linker to use 2MB page size
  selftests/x86/ptrace_syscall: Fix for yet more glibc interference
2018-03-25 07:36:02 -10:00
Linus Torvalds 9fd64e8ac2 Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull timer fix from Ingo Molnar:
 "Make posix clock ID usage Spectre-safe"

* 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  posix-timers: Protect posix clock array access against speculation
2018-03-25 07:34:50 -10:00
Linus Torvalds bf45bae961 Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull scheduler fixes from Ingo Molnar:
 "Two sched debug output related fixes: a console output fix and
  formatting fixes"

* 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  sched/debug: Adjust newlines for better alignment
  sched/debug: Fix per-task line continuation for console output
2018-03-25 07:33:30 -10:00
Linus Torvalds eaf67993f5 Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull perf fixes from Ingo Molnar:
 "Misc kernel side fixes.

  Generic:
   - cgroup events counting fix

  x86:
   - Intel PMU truncated-parameter fix

   - RDPMC fix

   - API naming fix/rename

   - uncore driver big-hardware PCI enumeration fix

   - uncore driver filter constraint fix"

* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  perf/cgroup: Fix child event counting bug
  perf/x86/intel/uncore: Fix multi-domain PCI CHA enumeration bug on Skylake servers
  perf/x86/intel: Rename confusing 'freerunning PEBS' API and implementation to 'large PEBS'
  perf/x86/intel/uncore: Add missing filter constraint for SKX CHA event
  perf/x86/intel: Don't accidentally clear high bits in bdw_limit_period()
  perf/x86/intel: Disable userspace RDPMC usage for large PEBS
2018-03-25 07:27:32 -10:00
Linus Torvalds 6bacf66077 Merge branch 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull locking fixes from Ingo Molnar:
 "Two fixes: tighten up a jump-labels warning to not trigger on certain
  modules and fix confusing (and non-existent) mutex API documentation"

* 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  jump_label: Disable jump labels in __exit code
  locking/mutex: Improve documentation
2018-03-25 07:18:31 -10:00
Linus Torvalds f1869a890c tty: vt: fix up tabstops properly
Tabs on a console with long lines do not wrap properly, so correctly
account for the line length when computing the tab placement location.

Reported-by: James Holderness <j4_james@hotmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2018-03-25 07:04:00 -10:00
Sven Wegener e847f6aaf6 x86/purgatory: Avoid creating stray .<pid>.d files, remove -MD from KBUILD_CFLAGS
The kernel build system already takes care of generating the dependency
files. Having the additional -MD in KBUILD_CFLAGS leads to stray
.<pid>.d files in the build directory when we call the cc-option macro.

Signed-off-by: Sven Wegener <sven.wegener@stealer.net>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matthias Kaehlcke <mka@chromium.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Sam Ravnborg <sam@ravnborg.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vivek Goyal <vgoyal@redhat.com>
Link: http://lkml.kernel.org/r/alpine.LNX.2.21.1803242219380.30139@titan.int.lan.stealer.net
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2018-03-25 11:04:02 +02:00
Linus Torvalds e43d40b321 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
Pull mqueuefs revert from Eric Biederman:
 "This fixes a regression that came in the merge window for v4.16.

  The problem is that the permissions for mounting and using the
  mqueuefs filesystem are broken. The necessary permission check is
  missing letting people who should not be able to mount mqueuefs mount
  mqueuefs. The field sb->s_user_ns is set incorrectly not allowing the
  mounter of mqueuefs to remount and otherwise have proper control over
  the filesystem.

  Al Viro and I see the path to the necessary fixes differently and I am
  not even certain at this point he actually sees all of the necessary
  fixes. Given a couple weeks we can probably work something out but I
  don't see the review being resolved in time for the final v4.16. I
  don't want v4.16 shipping with a nasty regression. So unfortunately I
  am sending a revert"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
  Revert "mqueue: switch to on-demand creation of internal mount"
2018-03-24 23:29:15 -07:00
Eric W. Biederman cfb2f6f6e0 Revert "mqueue: switch to on-demand creation of internal mount"
This reverts commit 36735a6a2b.

Aleksa Sarai <asarai@suse.de> writes:
> [REGRESSION v4.16-rc6] [PATCH] mqueue: forbid unprivileged user access to internal mount
>
> Felix reported weird behaviour on 4.16.0-rc6 with regards to mqueue[1],
> which was introduced by 36735a6a2b ("mqueue: switch to on-demand
> creation of internal mount").
>
> Basically, the reproducer boils down to being able to mount mqueue if
> you create a new user namespace, even if you don't unshare the IPC
> namespace.
>
> Previously this was not possible, and you would get an -EPERM. The mount
> is the *host* mqueue mount, which is being cached and just returned from
> mqueue_mount(). To be honest, I'm not sure if this is safe or not (or if
> it was intentional -- since I'm not familiar with mqueue).
>
> To me it looks like there is a missing permission check. I've included a
> patch below that I've compile-tested, and should block the above case.
> Can someone please tell me if I'm missing something? Is this actually
> safe?
>
> [1]: https://github.com/docker/docker/issues/36674

The issue is a lot deeper than a missing permission check.  sb->s_user_ns
was is improperly set as well.  So in addition to the filesystem being
mounted when it should not be mounted, so things are not allow that should
be.

We are practically to the release of 4.16 and there is no agreement between
Al Viro and myself on what the code should looks like to fix things properly.
So revert the code to what it was before so that we can take our time
and discuss this properly.

Fixes: 36735a6a2b ("mqueue: switch to on-demand creation of internal mount")
Reported-by: Felix Abecassis <fabecassis@nvidia.com>
Reported-by: Aleksa Sarai <asarai@suse.de>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
2018-03-24 19:34:23 -05:00
David S. Miller b9ee96b45f Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following patchset contains Netfilter fixes for your net tree,
they are:

1) Don't pick fixed hash implementation for NFT_SET_EVAL sets, otherwise
   userspace hits EOPNOTSUPP with valid rules using the meter statement,
   from Florian Westphal.

2) If you send a batch that flushes the existing ruleset (that contains
   a NAT chain) and the new ruleset definition comes with a new NAT
   chain, don't bogusly hit EBUSY. Also from Florian.

3) Missing netlink policy attribute validation, from Florian.

4) Detach conntrack template from skbuff if IP_NODEFRAG is set on,
   from Paolo Abeni.

5) Cache device names in flowtable object, otherwise we may end up
   walking over devices going aways given no rtnl_lock is held.

6) Fix incorrect net_device ingress with ingress hooks.

7) Fix crash when trying to read more data than available in UDP
   packets from the nf_socket infrastructure, from Subash.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2018-03-24 17:10:01 -04:00
Subash Abhinov Kasiviswanathan 32c1733f0d netfilter: nf_socket: Fix out of bounds access in nf_sk_lookup_slow_v{4,6}
skb_header_pointer will copy data into a buffer if data is non linear,
otherwise it will return a pointer in the linear section of the data.
nf_sk_lookup_slow_v{4,6} always copies data of size udphdr but later
accesses memory within the size of tcphdr (th->doff) in case of TCP
packets. This causes a crash when running with KASAN with the following
call stack -

BUG: KASAN: stack-out-of-bounds in xt_socket_lookup_slow_v4+0x524/0x718
net/netfilter/xt_socket.c:178
Read of size 2 at addr ffffffe3d417a87c by task syz-executor/28971
CPU: 2 PID: 28971 Comm: syz-executor Tainted: G    B   W  O    4.9.65+ #1
Call trace:
[<ffffff9467e8d390>] dump_backtrace+0x0/0x428 arch/arm64/kernel/traps.c:76
[<ffffff9467e8d7e0>] show_stack+0x28/0x38 arch/arm64/kernel/traps.c:226
[<ffffff946842d9b8>] __dump_stack lib/dump_stack.c:15 [inline]
[<ffffff946842d9b8>] dump_stack+0xd4/0x124 lib/dump_stack.c:51
[<ffffff946811d4b0>] print_address_description+0x68/0x258 mm/kasan/report.c:248
[<ffffff946811d8c8>] kasan_report_error mm/kasan/report.c:347 [inline]
[<ffffff946811d8c8>] kasan_report.part.2+0x228/0x2f0 mm/kasan/report.c:371
[<ffffff946811df44>] kasan_report+0x5c/0x70 mm/kasan/report.c:372
[<ffffff946811bebc>] check_memory_region_inline mm/kasan/kasan.c:308 [inline]
[<ffffff946811bebc>] __asan_load2+0x84/0x98 mm/kasan/kasan.c:739
[<ffffff94694d6f04>] __tcp_hdrlen include/linux/tcp.h:35 [inline]
[<ffffff94694d6f04>] xt_socket_lookup_slow_v4+0x524/0x718 net/netfilter/xt_socket.c:178

Fix this by copying data into appropriate size headers based on protocol.

Fixes: a583636a83 ("inet: refactor inet[6]_lookup functions to take skb")
Signed-off-by: Tejaswi Tanikella <tejaswit@codeaurora.org>
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2018-03-24 21:17:14 +01:00
Jakub Kicinski e8a4796ee2 nfp: bpf: fix check of program max insn count
NFP program allocation length is in bytes and NFP program length
is in instructions, fix the comparison of the two.

Fixes: 9314c442d7 ("nfp: bpf: move translation prepare to offload.c")
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Jiong Wang <jiong.wang@netronome.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2018-03-24 10:41:24 -07:00
Jakub Kicinski 4b6eca9d68 tools: bpftool: don't use hex numbers in JSON output
JSON does not accept hex numbers with 0x prefix.  Simply print
as decimal numbers, JSON should be primarily machine-readable.

Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Quentin Monnet <quentin.monnet@netronome.com>
Fixes: 831a0aafe5 ("tools: bpftool: add JSON output for `bpftool map *` commands")
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2018-03-24 10:38:59 -07:00
Linus Torvalds bcfc1f4554 Pin control fixes for v4.16:
- One fix to the Renesas SH-PFC driver removing a duplicate clkout pin
   which was causing crashes.
 - One fix to the Samsung driver for out of bounds exceptions.
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJatSn5AAoJEEEQszewGV1zh6cP/2Lib4XM+mJXGMaiBNOHkT5l
 ZWJ+6jbicVl2q0b0bmqA4VgxWmXayVPHaXwo52IuITWX4wizsXen4ihlIS8EEHug
 ot7jjLK3D4E4eWNe30T34NoR3bQ+lfEyDEwb1nwXmixvUT0s6Otc7zBeZqGMubw1
 D55TlcsURGG0C+iJLmmRLRrw1FIwfK/XatFeV9JHoPLch5KsUz+YnrhQ6LGb1ZQT
 9JE7cJzHFYeApEiY5Trc94gD2xCmjjECwAQ6j+80fKl7X0tASk6piZR8l3f0e7dN
 RoSrR2F8H6uHnkzrN/ZLA0YwdLqU7hljmULorj7IaFc7JjoCMbpaK++Ylo/bqYAO
 MKtnzAVJQNcE1u0RURHAteZ/iTgwaulfIR5n0431pnEt9RvdBgbwTSiTnAGqZmTM
 m7pt2+wEpUUPZdtTIvWp9OCQmh/1qeLNGhBmaagfXZ3WW6jHf/qVphZDEgta4VVs
 oqNW4nBkfRjp4rtcN3QMY4+8ZMMMI7DUM0v1oidqSeti/PaOGFQ/8oHU7aLetxnc
 SmoymwHfRQCFPHXzilDiaDqB+WXwyXC1JiWAM1mzUs/pgEor31W6gEfcUtPJ2szo
 LbyOLhKaNVfXuUHiMU+w7GnLZEu8FRzb7xt9o1AguPt16IzNUhXvmq0Ig8ijoYWP
 +MJXKqcGmKC/MQ/YXArC
 =1Y8Z
 -----END PGP SIGNATURE-----

Merge tag 'pinctrl-v4.16-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl

Pull pin control fixes from Linus Walleij:
 "Two fixes for pin control for v4.16:

   - Renesas SH-PFC: remove a duplicate clkout pin which was causing
     crashes

   - fix Samsung out of bounds exceptions"

* tag 'pinctrl-v4.16-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
  pinctrl: samsung: Validate alias coming from DT
  pinctrl: sh-pfc: r8a7795: remove duplicate of CLKOUT pin in pinmux_pins[]
2018-03-24 09:50:12 -07:00
Nicolas Pitre 1b8837b617 ARM: 8750/1: deflate_xip_data.sh: minor fixes
Send nm complaints about broken pipe (when sed exits early) to /dev/null.
All errors should be printed to stderr.
Don't trap on normal exit so the trap can return an error code.

Signed-off-by: Nicolas Pitre <nico@linaro.org>
Tested-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
2018-03-24 14:27:50 +00:00
Jinbum Park 73b9160d0d ARM: 8748/1: mm: Define vdso_start, vdso_end as array
Define vdso_start, vdso_end as array to avoid compile-time analysis error
for the case of built with CONFIG_FORTIFY_SOURCE.

and, since vdso_start, vdso_end are used in vdso.c only,
move extern-declaration from vdso.h to vdso.c.

If kernel is built with CONFIG_FORTIFY_SOURCE,
compile-time error happens at this code.
- if (memcmp(&vdso_start, "177ELF", 4))

The size of "&vdso_start" is recognized as 1 byte, but n is 4,
So that compile-time error is reported.

Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Jinbum Park <jinb.park7@gmail.com>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
2018-03-24 14:27:49 +00:00
Arnd Bergmann ad43fc9aa2 ARM: 8747/1: make CONFIG_DEBUG_WX depend on MMU
Without CONFIG_MMU, this results in a build failure:

./arch/arm/include/asm/memory.h:92:23: error: initializer element is not constant
 #define VECTORS_BASE  vectors_base
arch/arm/mm/dump.c:32:4: note: in expansion of macro 'VECTORS_BASE'
  { VECTORS_BASE, "Vectors" },

arch/arm/mm/dump.c:71:11: error: 'L_PTE_USER' undeclared here (not in a function); did you mean 'VTIME_USER'?
   .mask = L_PTE_USER,
           ^~~~~~~~~~

Obviously the feature only makes sense with an MMU, so let's add the
dependency here.

Fixes: a8e53c151f ("ARM: 8737/1: mm: dump: add checking for writable and executable")
Acked-by: Laura Abbott <labbott@redhat.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
2018-03-24 14:27:48 +00:00
Fabio Estevam 1328f02005 ARM: 8746/1: vfp: Go back to clearing vfp_current_hw_state[]
Commit 384b38b669 ("ARM: 7873/1: vfp: clear vfp_current_hw_state
for dying cpu") fixed the cpu dying notifier by clearing
vfp_current_hw_state[]. However commit e5b61bafe7 ("arm: Convert VFP
hotplug notifiers to state machine") incorrectly used the original
vfp_force_reload() function in the cpu dying notifier.

Fix it by going back to clearing vfp_current_hw_state[].

Fixes: e5b61bafe7 ("arm: Convert VFP hotplug notifiers to state machine")
Cc: linux-stable <stable@vger.kernel.org>
Reported-by: Kohji Okuno <okuno.kohji@jp.panasonic.com>
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
2018-03-24 14:27:48 +00:00
Pierre-Yves MORDRET 771b7bf053 i2c: i2c-stm32f7: fix no check on returned setup
Before assigning returned setup structure check if not null

Fixes: 463a9215f3 ("i2c: stm32f7: fix setup structure")
Signed-off-by: Pierre-Yves MORDRET <pierre-yves.mordret@st.com>
Acked-by: Alexandre TORGUE <alexandre.torgue@st.com>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Cc: stable@kernel.org
2018-03-24 13:37:41 +01:00
Linus Lüssing a752c0a452 batman-adv: fix packet loss for broadcasted DHCP packets to a server
DHCP connectivity issues can currently occur if the following conditions
are met:

1) A DHCP packet from a client to a server
2) This packet has a multicast destination
3) This destination has a matching entry in the translation table
   (FF:FF:FF:FF:FF:FF for IPv4, 33:33:00:01:00:02/33:33:00:01:00:03
    for IPv6)
4) The orig-node determined by TT for the multicast destination
   does not match the orig-node determined by best-gateway-selection

In this case the DHCP packet will be dropped.

The "gateway-out-of-range" check is supposed to only be applied to
unicasted DHCP packets to a specific DHCP server.

In that case dropping the the unicasted frame forces the client to
retry via a broadcasted one, but now directed to the new best
gateway.

A DHCP packet with broadcast/multicast destination is already ensured to
always be delivered to the best gateway. Dropping a multicasted
DHCP packet here will only prevent completing DHCP as there is no
other fallback.

So far, it seems the unicast check was implicitly performed by
expecting the batadv_transtable_search() to return NULL for multicast
destinations. However, a multicast address could have always ended up in
the translation table and in fact is now common.

To fix this potential loss of a DHCP client-to-server packet to a
multicast address this patch adds an explicit multicast destination
check to reliably bail out of the gateway-out-of-range check for such
destinations.

The issue and fix were tested in the following three node setup:

- Line topology, A-B-C
- A: gateway client, DHCP client
- B: gateway server, hop-penalty increased: 30->60, DHCP server
- C: gateway server, code modifications to announce FF:FF:FF:FF:FF:FF

Without this patch, A would never transmit its DHCP Discover packet
due to an always "out-of-range" condition. With this patch,
a full DHCP handshake between A and B was possible again.

Fixes: be7af5cf9c ("batman-adv: refactoring gateway handling code")
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
2018-03-24 10:25:49 +01:00
Linus Lüssing f8fb3419ea batman-adv: fix multicast-via-unicast transmission with AP isolation
For multicast frames AP isolation is only supposed to be checked on
the receiving nodes and never on the originating one.

Furthermore, the isolation or wifi flag bits should only be intepreted
as such for unicast and never multicast TT entries.

By injecting flags to the multicast TT entry claimed by a single
target node it was verified in tests that this multicast address
becomes unreachable, leading to packet loss.

Omitting the "src" parameter to the batadv_transtable_search() call
successfully skipped the AP isolation check and made the target
reachable again.

Fixes: 1d8ab8d3c1 ("batman-adv: Modified forwarding behaviour for multicast packets")
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
2018-03-24 10:25:07 +01:00
Linus Torvalds 99fec39e77 The documentation for kprobe events says that symbol offets can
take both a + and - sign to get to befor and after the symbol address.
 But in actuality, the code does not support the minus. This fixes
 that issue, and adds a few more selftests to kprobe events.
 -----BEGIN PGP SIGNATURE-----
 
 iQHIBAABCgAyFiEEPm6V/WuN2kyArTUe1a05Y9njSUkFAlq1e6IUHHJvc3RlZHRA
 Z29vZG1pcy5vcmcACgkQ1a05Y9njSUlA2gv/WJiLQC8NvZhjIuQAmhohoW2ejkf/
 rxW8AWCArcUwtqPxpeXAg+SzDIxqtkpUw2PkuivVkzugV/9cAdM+o4yogV8aV32w
 IYix77NxdaIiFNkMCrPYIBH8Bv7TubKUNEe5j+ChFGv90E98Cy2qFLXLXM8wkapq
 FMQ9PlLr9KumRwGeCSqGx1grVLv3uWlv85XY+pTHdtoeivL/maiemISgg0HE4UVc
 ovdZBMmiQBKjc727VgdRpkXWVA+sCoIhAzlkB5cSdDoYx5pHZi23qi5ZHjvlIIRz
 dD50lI41svFd4Q+WxcKxgMWqSS0NytnjQGfO4rU+3A4ZGYbjjWPtrTGxluX6Tx3C
 vOL6SYmD8FtU9c4WvgRLUsDzUrH2plDZOeL2jJSKFHwmB3USKLhYo7I4M/VYBXII
 K3kq/8ln3vq5NbyCcpQSHC5PuRW9pSKjiLUuXMEEKTlK+Aa+Jmvx7SJWp0l6gY0q
 BSMxInLOk5E+eechCkO/S9bugwlJYw2i7Oiq
 =SWSP
 -----END PGP SIGNATURE-----

Merge tag 'trace-v4.16-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace

Pull kprobe fixes from Steven Rostedt:
 "The documentation for kprobe events says that symbol offets can take
  both a + and - sign to get to befor and after the symbol address.

  But in actuality, the code does not support the minus. This fixes that
  issue, and adds a few more selftests to kprobe events"

* tag 'trace-v4.16-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
  selftests: ftrace: Add a testcase for probepoint
  selftests: ftrace: Add a testcase for string type with kprobe_event
  selftests: ftrace: Add probe event argument syntax testcase
  tracing: probeevent: Fix to support minus offset from symbol
2018-03-23 15:34:18 -07:00
Nobutaka Okabe b00214865d ALSA: usb-audio: Add native DSD support for TEAC UD-301
Add native DSD support quirk for TEAC UD-301 DAC,
by adding the PID/VID 0644:804a.

Signed-off-by: Nobutaka Okabe <nob77413@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2018-03-23 21:59:12 +01:00
Andy Lutomirski d8ba61ba58 x86/entry/64: Don't use IST entry for #BP stack
There's nothing IST-worthy about #BP/int3.  We don't allow kprobes
in the small handful of places in the kernel that run at CPL0 with
an invalid stack, and 32-bit kernels have used normal interrupt
gates for #BP forever.

Furthermore, we don't allow kprobes in places that have usergs while
in kernel mode, so "paranoid" is also unnecessary.

Signed-off-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
2018-03-23 21:10:36 +01:00
Felix Kuehling 72a01d231d drm/amdkfd: Deallocate SDMA queues correctly
Deallocate SDMA queues during abnormal process termination and when
queue creation fails after the SDMA allocation.

Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
Reviewed-by: Oded Gabbay <oded.gabbay@gmail.com>
Signed-off-by: Oded Gabbay <oded.gabbay@gmail.com>
2018-03-23 15:30:34 -04:00
Felix Kuehling c70a362687 drm/amdkfd: Fix scratch memory with HWS enabled
Program sh_hidden_private_base_vmid correctly in the map-process
PM4 packet.

Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
Reviewed-by: Oded Gabbay <oded.gabbay@gmail.com>
Signed-off-by: Oded Gabbay <oded.gabbay@gmail.com>
2018-03-23 15:30:33 -04:00
Waiman Long 06ace26f4e x86/efi: Free efi_pgd with free_pages()
The efi_pgd is allocated as PGD_ALLOCATION_ORDER pages and therefore must
also be freed as PGD_ALLOCATION_ORDER pages with free_pages().

Fixes: d9e9a64180 ("x86/mm/pti: Allocate a separate user PGD")
Signed-off-by: Waiman Long <longman@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/1521746333-19593-1-git-send-email-longman@redhat.com
2018-03-23 20:18:31 +01:00
Linus Torvalds 86d043d47c MIPS fixes for 4.16-rc7
Another miscellaneous pile of MIPS fixes for 4.16:
 
  - lantiq: fixes for clocks and Amazon SE (4.14)
 
  - ralink: fix booting on MT7621 (4.5)
 
  - ralink: fix halt (3.9)
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEd80NauSabkiESfLYbAtpk944dnoFAlq00w4ACgkQbAtpk944
 dnpDcQ//SdhTT5qp+ZeD7R7Xb9o3uxdpttQynPFNYputfZnfozvxqoXSTCHPX9Y/
 revuLCshu2qNXhW244jizs9znNjKtj2RspaqHgA63TD5wN8nTaRQI6LtdtcxlSqP
 siElcBQU50IIMT2IErrfl4FB3SPQF69kgF6JcZL/UUBprgSQePT2wxQnDcAUPP3X
 VQFIDGdgOBczAIQehUaiRCk1ODeBXsSVOgwwkbQIDPw3vBvisGBqT3LULthw1Lbn
 dKrBga6vMh7RSQla7XTSXwzjGVkvFO6xMHpKyONWlx+YQWWAV+W2G+ejyp3fX9Li
 T5NXswVdQfi5j6owS3C33M+KQGIily/S7Qt93ne1VU5oUBTcDNd0zb9Pei4cLSgt
 /RD5D9VwzkBejBeC3J/8O1JG6pHGHxZS1QBnupRpC1HFIKmyiTg+RwxQl+WO+Gv2
 HbDj1InEDZdjlByvBpwUzx7rU5R8x0dzZI9J8VSBQDb9ncYTKkc8V44hC/lkevUD
 bENNrXHwbDZj5PURR4DXXbDIhD9KRw8lJZvUhGrYkmsQe4URFAcuxiU5CZD0xklz
 MQKPsRRRJwOOQLHrBVXzmvWT10evfa2xa7mJUSWFXWc485OOOL0cV+mrJsIUqN42
 9Y2jQ5jjWOX74RZoQQVyQvm+eWAg03eM+mobl3mHLVONCF8tLtw=
 =77d7
 -----END PGP SIGNATURE-----

Merge tag 'mips_fixes_4.16_5' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/mips

Pull MIPS fixes from James Hogan:
 "Another miscellaneous pile of MIPS fixes for 4.16:

   - lantiq: fixes for clocks and Amazon SE (4.14)

   - ralink: fix booting on MT7621 (4.5)

   - ralink: fix halt (3.9)"

* tag 'mips_fixes_4.16_5' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/mips:
  MIPS: ralink: Fix booting on MT7621
  MIPS: ralink: Remove ralink_halt()
  MIPS: lantiq: ase: Enable MFD_SYSCON
  MIPS: lantiq: Enable AHB Bus for USB
  MIPS: lantiq: Fix Danube USB clock
2018-03-23 11:30:52 -07:00
Linus Torvalds 095fe49fd5 VFIO fix for v4.16-rc7
- Revert masking INTx where it cannot be enabled, plays poorly with
    SR-IOV VFs and presumes DisINTx support.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.14 (GNU/Linux)
 
 iQIcBAABAgAGBQJatRaRAAoJECObm247sIsiudoP/iokDym50s2KJPho9q3t6pT2
 8qxcgztrigfSKH/siYbfOZhxvtprfoP1bm3+zsrQIeCjVnJCA0IiBakzHZqef24F
 ECMh5xU08inxQwBdXCCsvrzebnWDgOQJS3k0Y9gUPzFbJBxdKdZVN2NvxGllzmX6
 vfoXnuwogGNJ3hO3YwIJDuQctd9IcRZ9mojbYvTMpcw6bRh2O5IVbKsq0Pleu4F3
 JlNGNW/tWi0IE1Rixw4RJXqTrig8KhUhVmIpgd8TTHqXJehZdI171bBBZdpkPLiL
 L17yH1Jbbtpinx48qrbP1aqGe5MJsyx9SPLqrT0/uv3vi7LFdwu9yYzUOA4+koFv
 YcaXEB4iOLmEVrTVgypg72idke7n4xIlwvy/4h1ibnILkvDcp/0x+f0anqo1j7GL
 3JgMc4kqIRhQ2zTI7HrzkHo3GBZd1nPmVPSQUIZ0iCmVSqpS3ph8+3dwjVZuOqEt
 Q+mDn1GY1w1N/Znw6RMRfNCeVquClUQDSB7po0/94QbLi+FmiunvAFSAdxyMgPGu
 grpZ7j0pXSjznh7qa7tQpJBCMygUctGK4jreHdgGTmBISJRFKslfsHXbTB5nBASY
 QXH6IQq3l0dsMGATndIFz+Ci5VLWaENbM88Fb4de+g1GS3QjEulBn9n6o0YCy2MZ
 tBVL4EUlYO+tXWhrlVAy
 =+3LK
 -----END PGP SIGNATURE-----

Merge tag 'vfio-v4.16-rc7' of git://github.com/awilliam/linux-vfio

Pull VFIO fix from Alex Williamson:
 "Revert masking INTx where it cannot be enabled - it plays poorly with
  SR-IOV VFs and presumes DisINTx support"

* tag 'vfio-v4.16-rc7' of git://github.com/awilliam/linux-vfio:
  Revert: "vfio-pci: Mask INTx if a device is not capabable of enabling it"
2018-03-23 11:18:43 -07:00
Linus Torvalds a580657ad7 * Fix several problems in the fsl_ifc NAND controller driver
* Fix misuse of mtd_ooblayout_ecc() in mtdchar.c
 -----BEGIN PGP SIGNATURE-----
 
 iQI5BAABCAAjBQJatQnqHBxib3Jpcy5icmV6aWxsb25AYm9vdGxpbi5jb20ACgkQ
 Ze02AX4ItwBG8w/+OrE7XJmOK+I48v8cJRqdZgixOLbje2hBp/cCN300uSJzAQKS
 5LtOvZNYqlHyeCokrUKxP5l4M6PghuTAmexmzYcSFsTSGkhb2Mk5CgDODBPg9j/N
 9B+fK0+3G0LzPPYBt906B57PUrdH71eAqtafpvGZY81Mk6cBN6P8YxPhBbMwVywk
 XlgkrP/V4BhrraSfexGug8L1UndVYicxt/rG/dTQTjoQ5ccqzrlA1xD7k5gDVN0G
 lNOUx0BT29Qfd29FUtR6opr6K+cdnbnDGA53dlS+EF7+/sxanhyUnZFWOdHrFrqK
 qZ5+F/gLVEZVU3uQ5+8/o8Uth9lTq+lnobHcl6xqUTuORm8/BlPzoy7FgQR8gOCI
 7tcUwdHDNnUi3+Y3ln/plDjQWpqxxSzHdh43FPf6xR7GN/mfAfWp0KzhzLVNwRA1
 L+Wnvku2BUky9oZVcHMtQvfyZ93UsEP346QnSkpZL47MbxfGx6PkhGqUX1nl7R9i
 0sUJxXSOQnDXzWE+bdgTU7zSMOvbID+C78Q8XrJ22dbHV68PNQsZamdzgVvGLFRn
 GaZ4KaDVJ2ni8Sn/6ztEsohZPrQyYtbARorV52JUnAo/W32+vKOUFvJsknYvB63g
 DjCfgMqIfzxEuf0FyTDBBXPxpZgs93rEcP0MlKCnn3QBN4rj0IIw8I/NSEE=
 =M9Yy
 -----END PGP SIGNATURE-----

Merge tag 'mtd/fixes-for-4.16-rc7' of git://git.infradead.org/linux-mtd

Pull MTD fixes from Boris Brezillon:

 - Fix several problems in the fsl_ifc NAND controller driver

 - Fix misuse of mtd_ooblayout_ecc() in mtdchar.c

* tag 'mtd/fixes-for-4.16-rc7' of git://git.infradead.org/linux-mtd:
  mtd: nand: fsl_ifc: Read ECCSTAT0 and ECCSTAT1 registers for IFC 2.0
  mtd: nand: fsl_ifc: Fix eccstat array overflow for IFC ver >= 2.0.0
  mtd: nand: fsl_ifc: Fix nand waitfunc return value
  mtdchar: fix usage of mtd_ooblayout_ecc()
2018-03-23 11:15:36 -07:00
Linus Torvalds 935c200aa7 Staging/IIO fixes for 4.16-rc7
Here are a few small Staging and IIO fixes for various reported issues.
 
 All of them are tiny, the majority being iio driver fixes for small
 issues, and one staging driver fix for a memory corruption issue.
 
 All have been in linux-next with no reported issues.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCWrUALw8cZ3JlZ0Brcm9h
 aC5jb20ACgkQMUfUDdst+ymorwCffuZhZWs6fVk4W9L1NAOqGmNOLmwAn3cQb9XE
 FQM0o0L0QvERfvFSpdDd
 =tU/Q
 -----END PGP SIGNATURE-----

Merge tag 'staging-4.16-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging

Pull staging/IIO fixes from Greg KH:
 "Here are a few small staging and IIO fixes for various reported
  issues.

  All of them are tiny, the majority being iio driver fixes for small
  issues, and one staging driver fix for a memory corruption issue.

  All have been in linux-next with no reported issues"

* tag 'staging-4.16-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
  staging: ncpfs: memory corruption in ncp_read_kernel()
  iio: st_pressure: st_accel: pass correct platform data to init
  Revert "iio: accel: st_accel: remove redundant pointer pdata"
  iio: adc: meson-saradc: unlock on error in meson_sar_adc_lock()
  dt-bindings: iio: adc: sd-modulator: fix io-channel-cells
  iio: adc: stm32-dfsdm: fix multiple channel initialization
  iio: adc: stm32-dfsdm: fix clock source selection
  iio: adc: stm32-dfsdm: fix call to stop channel
  iio: adc: stm32-dfsdm: fix compatible data use
  iio: chemical: ccs811: Corrected firmware boot/application mode transition
2018-03-23 11:11:32 -07:00
Linus Torvalds 97235e74c3 Char/Misc fix for 4.16-rc7
This is a single hyperv bugfix for 4.16-rc7.
 
 It resolves an issue with the ring-buffer signaling to resolve reported
 problems.
 
 It's been in linux-next for a while now with no reported issues.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 
 iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCWrUA+Q8cZ3JlZ0Brcm9h
 aC5jb20ACgkQMUfUDdst+ylV9wCfQp5v//SugTZcAHuJIGIH1EQ5pnsAoLMWvxP3
 /9Gjr8z7wXtihDQ9+slR
 =PbHR
 -----END PGP SIGNATURE-----

Merge tag 'char-misc-4.16-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc

Pull hyperv fix from Greg KH:
 "This is a single hyperv bugfix for 4.16-rc7.

  It resolves an issue with the ring-buffer signaling to resolve
  reported problems.

  It's been in linux-next for a while now with no reported issues"

* tag 'char-misc-4.16-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
  Drivers: hv: vmbus: Fix ring buffer signaling
2018-03-23 11:08:40 -07:00