vic-testing
629 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Michael Bestas
|
ca67080531 |
Merge remote-tracking branch 'common/android-4.9-q' into android-msm-pixel-4.9
* 'android-4.9-q': Linux 4.9.325 net: usb: ax88179_178a needs FLAG_SEND_ZLP tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push() tty: drop tty_schedule_flip() tty: the rest, stop using tty_schedule_flip() tty: drivers/tty/, stop using tty_schedule_flip() ALSA: memalloc: Align buffer allocations in page size bpf: Make sure mac_header was set before using it mm/mempolicy: fix uninit-value in mpol_rebind_policy() Revert "Revert "char/random: silence a lockdep splat with printk()"" be2net: Fix buffer overflow in be_get_module_eeprom tcp: Fix a data-race around sysctl_tcp_notsent_lowat. igmp: Fix a data-race around sysctl_igmp_max_memberships. igmp: Fix data-races around sysctl_igmp_llm_reports. i2c: cadence: Change large transfer count reset logic to be unconditional tcp: Fix a data-race around sysctl_tcp_probe_threshold. tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept. ip: Fix a data-race around sysctl_fwmark_reflect. perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() misc: rtsx_usb: set return value in rsp_buf alloc err path misc: rtsx_usb: use separate command and response buffers misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE security,selinux,smack: kill security_task_wait hook FROMGIT: arm64: fix oops in concurrently setting insn_emulation sysctls Linux 4.9.324 can: m_can: m_can_tx_handler(): fix use after free of skb mm: invalidate hwpoison page cache page in fault path serial: 8250: fix return error code in serial8250_request_std_resource() tty: serial: samsung_tty: set dma burst_size to 1 usb: dwc3: gadget: Fix event pending check USB: serial: ftdi_sio: add Belimo device ids signal handling: don't use BUG_ON() for debugging x86: Clear .brk area at early boot ASoC: wm5110: Fix DRE control ASoC: ops: Fix off by one in range control validation NFC: nxp-nci: don't print header length mismatch on i2c error net: tipc: fix possible refcount leak in tipc_sk_create() cpufreq: pmac32-cpufreq: Fix refcount leak bug virtio_mmio: Restore guest page size on resume virtio_mmio: Add missing PM calls to freeze/restore sfc: fix kernel panic when creating VF sfc: fix use after free when disabling sriov ipv4: Fix data-races around sysctl_ip_dynaddr. icmp: Fix data-races around sysctl. cipso: Fix data-races around sysctl. ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle net: dsa: bcm_sf2: force pause link settings nilfs2: fix incorrect masking of permission flags for symlinks ARM: 9213/1: Print message about disabled Spectre workarounds only once net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue ALSA: hda - Add fixup for Dell Latitidue E5430 arm64: entry: Restore tramp_map_kernel ISB Linux 4.9.323 dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly ida: don't use BUG_ON() for debugging i2c: cadence: Unregister the clk notifier in error path pinctrl: sunxi: a83t: Fix NAND function name for some pins xfs: remove incorrect ASSERT in xfs_rename video: of_display_timing.h: include errno.h iommu/vt-d: Fix PCI bus rescan device hot add net: rose: fix UAF bug caused by rose_t0timer_expiry usbnet: fix memory leak in error case can: gs_usb: gs_usb_open/close(): fix memory leak can: grcan: grcan_probe(): remove extra of_node_get() mm/slub: add missing TID updates on slab deactivation Linux 4.9.322 net: usb: qmi_wwan: add Telit 0x1070 composition net: usb: qmi_wwan: add Telit 0x1060 composition net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions qmi_wwan: Added support for Telit LN940 series xen/arm: Fix race in RB-tree based P2M accounting xen/blkfront: force data bouncing when backend is untrusted xen/netfront: force data bouncing when backend is untrusted xen/netfront: fix leaking data in shared pages xen/blkfront: fix leaking data in shared pages net: Rename and export copy_skb_header ipv6/sit: fix ipip6_tunnel_get_prl return value sit: use min hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails xen/gntdev: Avoid blocking in unmap_grant_pages() NFC: nxp-nci: Don't issue a zero length i2c_master_read() nfc: nfcmrvl: Fix irq_of_parse_and_map() return value net: bonding: fix use-after-free after 802.3ad slave unbind net: bonding: fix possible NULL deref in rlb code netfilter: nft_dynset: restore set element counter when failing to update caif_virtio: fix race between virtio_device_ready() and ndo_open() powerpc/powernv: wire up rng during setup_arch usbnet: fix memory allocation in helpers usbnet: make sure no NULL pointer is passed through net: usb: ax88179_178a: Fix packet receiving net: rose: fix UAF bugs caused by timer handler SUNRPC: Fix READ_PLUS crasher dm raid: fix KASAN warning in raid5_add_disks Conflicts: drivers/usb/dwc3/gadget.c security/selinux/hooks.c Change-Id: I7d629589a379fa6fdbc9913c60f64849b80b3b40 |
||
|
Ilya Lesokhin
|
b0740b251e |
net: Rename and export copy_skb_header
commit 08303c189581c985e60f588ad92a041e46b6e307 upstream. [ jgross@suse.com: added as needed by XSA-403 mitigation ] copy_skb_header is renamed to skb_copy_header and exported. Exposing this function give more flexibility in copying SKBs. skb_copy and skb_copy_expand do not give enough control over which parts are copied. Signed-off-by: Ilya Lesokhin <ilyal@mellanox.com> Signed-off-by: Boris Pismenny <borisp@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Wilson Sung
|
fa8bc31678 |
Merge android-4.9-q (4.9.284) into android-msm-pixel-4.9-sc-lts
Merge 4.9.284 into android-4.9-q
Linux 4.9.284
* sctp: validate from_addr_param return
include/net/sctp/structs.h
drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV
blk-throttle: fix UAF by deleteing timer in blk_throtl_exit()
nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group
nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group
nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group
nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group
nilfs2: fix NULL pointer in nilfs_##name##_attr_release
nilfs2: fix memory leak in nilfs_sysfs_create_device_group
ceph: lockdep annotations for try_nonblocking_invalidate
dmaengine: xilinx_dma: Set DMA mask for coherent APIs
* dmaengine: ioat: depends on !UML
drivers/dma/Kconfig
parisc: Move pci_dev_is_behind_card_dino to where it is used
pwm: lpc32xx: Don't modify HW state in .probe() after the PWM chip was registered
* profiling: fix shift-out-of-bounds bugs
kernel/profile.c
* prctl: allow to setup brk for et_dyn executables
kernel/sys.c
9p/trans_virtio: Remove sysfs file on probe failure
thermal/drivers/exynos: Fix an error code in exynos_tmu_probe()
dmaengine: acpi: Avoid comparison GSI with Linux vIRQ
sctp: add param size validation for SCTP_PARAM_SET_PRIMARY
sctp: validate chunk size in __rcv_asconf_lookup
* staging: android: ion: fix page is NULL
drivers/staging/android/ion/ion_system_heap.c
crypto: talitos - fix max key size for sha384 and sha512
* PM / wakeirq: Fix unbalanced IRQ enable for wakeirq
drivers/base/power/wakeirq.c
s390/bpf: Fix optimizing out zero-extensions
Merge 4.9.283 into android-4.9-q
Linux 4.9.283
s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant
net: renesas: sh_eth: Fix freeing wrong tx descriptor
qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom
net: dsa: b53: Fix calculating number of switch ports
ARC: export clear_user_page() for modules
mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()'
* PCI: Sync __pci_register_driver() stub for CONFIG_PCI=n
include/linux/pci.h
ethtool: Fix an error code in cxgb2.c
net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920
mfd: Don't use irq_create_mapping() to resolve a mapping
dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation
x86/mm: Fix kern_addr_valid() to cope with existing but not present entries
* tcp: fix tp->undo_retrans accounting in tcp_sacktag_one()
net/ipv4/tcp_input.c
* net/af_unix: fix a data-race in unix_dgram_poll
include/linux/skbuff.h
net/unix/af_unix.c
* events: Reuse value read using READ_ONCE instead of re-reading it
kernel/events/core.c
tipc: increase timeout in tipc_sk_enqueue()
r6040: Restore MDIO clock frequency after MAC reset
* net/l2tp: Fix reference count leak in l2tp_udp_recv_core
net/l2tp/l2tp_core.c
dccp: don't duplicate ccid when cloning dccp sock
ptp: dp83640: don't define PAGE0
net-caif: avoid user-triggerable WARN_ON(1)
bnx2x: Fix enabling network interfaces without VFs
xen: reset legacy rtc flag for PV domU
platform/chrome: cros_ec_proto: Send command again when timeout occurs
memcg: enable accounting for pids in nested pid namespaces
* mm/hugetlb: initialize hugetlb_usage in mm_init
include/linux/hugetlb.h
kernel/fork.c
scsi: BusLogic: Fix missing pr_cont() use
parisc: fix crash with signals and alloca
net: w5100: check return value after calling platform_get_resource()
* net: fix NULL pointer reference in cipso_v4_doi_free
net/netlabel/netlabel_cipso_v4.c
ath9k: fix sleeping in atomic context
ath9k: fix OOB read ar9300_eeprom_restore_internal
parport: remove non-zero check on count
usbip: give back URBs for unsent unlink requests during cleanup
* Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set"
drivers/usb/host/xhci.c
cifs: fix wrong release in sess_alloc_buffer() failed path
mmc: rtsx_pci: Fix long reads when clock is prescaled
gfs2: Don't call dlm after protocol is unmounted
rpc: fix gss_svc_init cleanup on failure
ARM: tegra: tamonten: Fix UART pad setting
gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port()
* Bluetooth: avoid circular locks in sco_sock_connect
net/bluetooth/sco.c
net: ethernet: stmmac: Do not use unreachable() in ipq806x_gmac_probe()
ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for the matching in-/output
* Bluetooth: skip invalid hci_sync_conn_complete_evt
net/bluetooth/hci_event.c
ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init()
staging: ks7010: Fix the initialization of the 'sleep_status' structure
serial: 8250_pci: make setup_port() parameters explicitly unsigned
hvsi: don't panic on tty_register_driver failure
xtensa: ISS: don't panic in rs_init
serial: 8250: Define RX trigger levels for OxSemi 950 devices
s390/jump_label: print real address in a case of a jump label bug
* flow_dissector: Fix out-of-bounds warnings
net/core/flow_dissector.c
* ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs()
net/ipv4/ip_output.c
video: fbdev: riva: Error out if 'pixclock' equals zero
video: fbdev: kyro: Error out if 'pixclock' equals zero
video: fbdev: asiliantfb: Error out if 'pixclock' equals zero
bpf/tests: Do not PASS tests without actually testing the result
bpf/tests: Fix copy-and-paste error in double word test
tty: serial: jsm: hold port lock when reporting modem line changes
staging: board: Fix uninitialized spinlock when attaching genpd
* usb: gadget: composite: Allow bMaxPower=0 if self-powered
drivers/usb/gadget/composite.c
* usb: gadget: u_ether: fix a potential null pointer dereference
drivers/usb/gadget/function/u_ether.c
usb: host: fotg210: fix the actual_length of an iso packet
usb: host: fotg210: fix the endpoint's transactional opportunities calculation
* Smack: Fix wrong semantics in smk_access_entry()
security/smack/smack_access.c
* netlink: Deal with ESRCH error in nlmsg_notify()
net/netlink/af_netlink.c
video: fbdev: kyro: fix a DoS bug by restricting user input
iio: dac: ad5624r: Fix incorrect handling of an optional regulator.
* PCI: Use pci_update_current_state() in pci_enable_device_flags()
drivers/pci/pci.c
crypto: mxs-dcp - Use sg_mapping_iter to copy data
MIPS: Malta: fix alignment of the devicetree buffer
pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry()
openrisc: don't printk() unconditionally
* vfio: Use config not menuconfig for VFIO_NOIOMMU
drivers/vfio/Kconfig
* PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure
drivers/pci/syscall.c
* PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported
drivers/pci/quirks.c
ARM: 9105/1: atags_to_fdt: don't warn about stack size
libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs
media: rc-loopback: return number of emitters rather than error
media: uvc: don't do DMA on stack
VMCI: fix NULL pointer dereference when unmapping queue pair
power: supply: max17042: handle fails of reading status register
crypto: public_key: fix overflow during implicit conversion
xen: fix setting of max_pfn in shared_info
powerpc/perf/hv-gpci: Fix counter value parsing
* PCI/MSI: Skip masking MSI-X on Xen PV
drivers/pci/msi.c
rtc: tps65910: Correct driver module alias
* fbmem: don't allow too huge resolutions
drivers/video/fbdev/core/fbmem.c
clk: kirkwood: Fix a clocking boot regression
IMA: remove -Wmissing-prototypes warning
KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted
* tty: Fix data race between tiocsti() and flush_to_ldisc()
drivers/tty/tty_io.c
* ipv4: make exception cache less predictible
net/ipv4/route.c
bcma: Fix memory leak for internally-handled cores
ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point()
usb: ehci-orion: Handle errors of clk_prepare_enable() in probe
i2c: mt65xx: fix IRQ check
CIFS: Fix a potencially linear read overflow
mmc: moxart: Fix issue with uninitialized dma_slave_config
mmc: dw_mmc: Fix issue with uninitialized dma_slave_config
i2c: s3c2410: fix IRQ check
i2c: iop3xx: fix deferred probing
* Bluetooth: add timeout sanity check to hci_inquiry
net/bluetooth/hci_core.c
usb: gadget: mv_u3d: request_irq() after initializing UDC
usb: phy: tahvo: add IRQ check
usb: host: ohci-tmio: add IRQ check
* Bluetooth: Move shutdown callback before flushing tx and rx queue
net/bluetooth/hci_core.c
usb: phy: twl6030: add IRQ checks
usb: phy: fsl-usb: add IRQ check
usb: gadget: udc: at91: add IRQ check
drm/msm/dsi: Fix some reference counted resource leaks
* Bluetooth: fix repeated calls to sco_sock_kill
net/bluetooth/sco.c
arm64: dts: exynos: correct GIC CPU interfaces address range on Exynos7
Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow
soc: qcom: smsm: Fix missed interrupts if state changes while masked
* PCI: PM: Enable PME if it can be signaled from D3cold
drivers/pci/pci.c
i2c: highlander: add IRQ check
* net: cipso: fix warnings in netlbl_cipsov4_add_std
net/netlabel/netlabel_cipso_v4.c
* tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos
net/ipv4/tcp_ipv4.c
* Bluetooth: sco: prevent information leak in sco_conn_defer_accept()
net/bluetooth/sco.c
media: go7007: remove redundant initialization
media: dvb-usb: fix uninit-value in vp702x_read_mac_addr
media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init
* certs: Trigger creation of RSA module signing key if it's not an RSA key
certs/Makefile
crypto: qat - use proper type for vf_mask
spi: spi-pic32: Fix issue with uninitialized dma_slave_config
m68k: emu: Fix invalid free in nfeth_cleanup()
udf_get_extendedattr() had no boundary checks.
crypto: qat - do not export adf_iov_putmsg()
crypto: qat - fix naming for init/shutdown VF to PF notifications
crypto: qat - fix reuse of completion variable
crypto: qat - handle both source of interrupt in VF ISR
crypto: qat - do not ignore errors from enable_vf2pf_comms()
libata: fix ata_host_start()
power: supply: max17042_battery: fix typo in MAx17042_TOFF
udf: Check LVID earlier
crypto: omap-sham - clear dma flags only after omap_sham_update_dma_stop()
power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors
crypto: mxs-dcp - Check for DMA mapping errors
* regmap: fix the offset of register error log
drivers/base/regmap/regmap.c
* PCI: Call Max Payload Size-related fixup quirks early
drivers/pci/quirks.c
x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
Revert "btrfs: compression: don't try to compress if we don't have enough pages"
* mm/page_alloc: speed up the iteration of max_order
mm/page_alloc.c
net: ll_temac: Remove left-over debug message
powerpc/boot: Delete unneeded .globl _zimage_start
powerpc/module64: Fix comment in R_PPC64_ENTRY handling
crypto: talitos - reduce max key size for SEC1
mm/kmemleak.c: make cond_resched() rate-limiting more efficient
s390/disassembler: correct disassembly lines alignment
* ipv4/icmp: l3mdev: Perform icmp error route lookup on source device routing table (v2)
net/ipv4/icmp.c
gfs2: Don't clear SGID when inheriting ACLs
nvme-pci: Fix an error handling path in 'nvme_probe()'
tc358743: fix register i2c_rd/wr function fix
* PM / wakeirq: Enable dedicated wakeirq for suspend
drivers/base/power/wakeirq.c
net/sched: cls_flower: Use mask for addr_type
USB: serial: mos7720: improve OOM-handling in read_mos_reg()
usb: phy: isp1301: Fix build warning when CONFIG_OF is disabled
* igmp: Add ip_mc_list lock in ip_check_mc_rcu
net/ipv4/igmp.c
media: stkwebcam: fix memory leak in stk_camera_probe
ath9k: Postpone key cache entry deletion for TXQ frames reference it
ath: Modify ath_key_delete() to not need full key entry
ath: Export ath_hw_keysetmac()
ath9k: Clear key cache explicitly on disabling hardware
ath: Use safer key clearing with key cache entries
* ALSA: pcm: fix divide error in snd_pcm_lib_ioctl
sound/core/pcm_lib.c
ARM: 8918/2: only build return_address() if needed
* cryptoloop: add a deprecation warning
drivers/block/Kconfig
perf/x86/amd/ibs: Work around erratum #1197
qede: Fix memset corruption
qed: Fix the VF msix vectors flow
xtensa: fix kconfig unmet dependency warning for HAVE_FUTEX_CMPXCHG
mtd: nand: atmel_nand: remove build warning in atmel_nand_remove()
* ext4: fix race writing to an inline_data file while its xattrs are changing
fs/ext4/inline.c
Merge 4.9.282 into android-4.9-q
Linux 4.9.282
Revert "floppy: reintroduce O_NDELAY fix"
KVM: x86/mmu: Treat NX as used (not reserved) for all !TDP shadow MMUs
* fbmem: add margin check to fb_check_caps()
drivers/video/fbdev/core/fbmem.c
* vt_kdsetmode: extend console locking
drivers/tty/vt/vt_ioctl.c
net/rds: dma_map_sg is entitled to merge entries
vringh: Use wiov->used to check for read/write desc order
virtio: Improve vq->broken access to avoid any compiler optimization
net: marvell: fix MVNETA_TX_IN_PRGRS bit number
ip_gre: add validation for csum_start
e1000e: Fix the max snoop/no-snoop latency for 10M
IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs()
* usb: dwc3: gadget: Fix dwc3_calc_trbs_left()
drivers/usb/dwc3/gadget.c
USB: serial: option: add new VID/PID to support Fibocom FG150
Revert "USB: serial: ch341: fix character loss at high transfer rates"
can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters
ARC: Fix CONFIG_STACKDEPOT
Bug: 201722185
Change-Id: Ia09164e3bcbce03e2a295154246ba064c9c35795
Signed-off-by: Wilson Sung <wilsonsung@google.com>
|
||
|
Eric Dumazet
|
69407175c6 |
net/af_unix: fix a data-race in unix_dgram_poll
commit 04f08eb44b5011493d77b602fdec29ff0f5c6cd5 upstream. syzbot reported another data-race in af_unix [1] Lets change __skb_insert() to use WRITE_ONCE() when changing skb head qlen. Also, change unix_dgram_poll() to use lockless version of unix_recvq_full() It is verry possible we can switch all/most unix_recvq_full() to the lockless version, this will be done in a future kernel version. [1] HEAD commit: 8596e589b787732c8346f0482919e83cc9362db1 BUG: KCSAN: data-race in skb_queue_tail / unix_dgram_poll write to 0xffff88814eeb24e0 of 4 bytes by task 25815 on cpu 0: __skb_insert include/linux/skbuff.h:1938 [inline] __skb_queue_before include/linux/skbuff.h:2043 [inline] __skb_queue_tail include/linux/skbuff.h:2076 [inline] skb_queue_tail+0x80/0xa0 net/core/skbuff.c:3264 unix_dgram_sendmsg+0xff2/0x1600 net/unix/af_unix.c:1850 sock_sendmsg_nosec net/socket.c:703 [inline] sock_sendmsg net/socket.c:723 [inline] ____sys_sendmsg+0x360/0x4d0 net/socket.c:2392 ___sys_sendmsg net/socket.c:2446 [inline] __sys_sendmmsg+0x315/0x4b0 net/socket.c:2532 __do_sys_sendmmsg net/socket.c:2561 [inline] __se_sys_sendmmsg net/socket.c:2558 [inline] __x64_sys_sendmmsg+0x53/0x60 net/socket.c:2558 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae read to 0xffff88814eeb24e0 of 4 bytes by task 25834 on cpu 1: skb_queue_len include/linux/skbuff.h:1869 [inline] unix_recvq_full net/unix/af_unix.c:194 [inline] unix_dgram_poll+0x2bc/0x3e0 net/unix/af_unix.c:2777 sock_poll+0x23e/0x260 net/socket.c:1288 vfs_poll include/linux/poll.h:90 [inline] ep_item_poll fs/eventpoll.c:846 [inline] ep_send_events fs/eventpoll.c:1683 [inline] ep_poll fs/eventpoll.c:1798 [inline] do_epoll_wait+0x6ad/0xf00 fs/eventpoll.c:2226 __do_sys_epoll_wait fs/eventpoll.c:2238 [inline] __se_sys_epoll_wait fs/eventpoll.c:2233 [inline] __x64_sys_epoll_wait+0xf6/0x120 fs/eventpoll.c:2233 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae value changed: 0x0000001b -> 0x00000001 Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 25834 Comm: syz-executor.1 Tainted: G W 5.14.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Fixes: 86b18aaa2b5b ("skbuff: fix a data race in skb_queue_len()") Cc: Qian Cai <cai@lca.pw> Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
lucaswei
|
474475fa1d |
Merge android-4.9-q (4.9.241) into android-msm-pixel-4.9-lts
Merge 4.9.241 into android-4.9-q
Linux 4.9.241
usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets.
eeprom: at25: set minimum read/write access stride to 1
USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync().
usb: cdc-acm: add quirk to blacklist ETAS ES58X devices
net: korina: cast KSEG0 address to pointer in kfree
ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n()
* usb: core: Solve race condition in anchor cleanup functions
drivers/usb/core/urb.c
brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach
reiserfs: Fix memory leak in reiserfs_parse_options()
ipvs: Fix uninit-value in do_ip_vs_set_ctl()
tty: ipwireless: fix error handling
Fix use after free in get_capset_info callback.
rtl8xxxu: prevent potential memory leak
brcmsmac: fix memory leak in wlc_phy_attach_lcnphy
scsi: ibmvfc: Fix error return in ibmvfc_probe()
* Bluetooth: Only mark socket zapped after unlocking
net/bluetooth/l2cap_sock.c
usb: ohci: Default to per-port over-current protection
xfs: make sure the rt allocator doesn't run off the end
reiserfs: only call unlock_new_inode() if I_NEW
misc: rtsx: Fix memory leak in rtsx_pci_probe
ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs()
USB: cdc-acm: handle broken union descriptors
udf: Avoid accessing uninitialized data on failed inode read
udf: Limit sparing table size
usb: gadget: function: printer: fix use-after-free in __lock_acquire
misc: vop: add round_up(x,4) for vring_size to avoid kernel panic
mic: vop: copy data to kernel space then write to io memory
* scsi: target: core: Add CONTROL field for trace events
include/scsi/scsi_common.h
scsi: mvumi: Fix error return in mvumi_io_attach()
PM: hibernate: remove the bogus call to get_gendisk() in software_resume()
ntfs: add check for mft record size in superblock
fs: dlm: fix configfs memory leak
media: saa7134: avoid a shift overflow
* mmc: sdio: Check for CISTPL_VERS_1 buffer size
drivers/mmc/core/sdio_cis.c
media: uvcvideo: Ensure all probed info is returned to v4l2
media: media/pci: prevent memory leak in bttv_probe
media: bdisp: Fix runtime PM imbalance on error
media: platform: sti: hva: Fix runtime PM imbalance on error
media: platform: s3c-camif: Fix runtime PM imbalance on error
media: vsp1: Fix runtime PM imbalance on error
media: exynos4-is: Fix a reference count leak
media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync
media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync
media: ati_remote: sanity check for both endpoints
media: firewire: fix memory leak
crypto: ccp - fix error handling
NTB: hw: amd: fix an issue about leak system resources
nvmet: fix uninitialized work for zero kato
powerpc/powernv/dump: Fix race while processing OPAL dump
arm64: dts: zynqmp: Remove additional compatible string for i2c IPs
arm64: dts: qcom: msm8916: Fix MDP/DSI interrupts
memory: fsl-corenet-cf: Fix handling of platform_get_irq() error
memory: omap-gpmc: Fix a couple off by ones
KVM: x86: emulating RDPID failure shall return #UD rather than #GP
Input: sun4i-ps2 - fix handling of platform_get_irq() error
Input: twl4030_keypad - fix handling of platform_get_irq() error
Input: omap4-keypad - fix handling of platform_get_irq() error
Input: ep93xx_keypad - fix handling of platform_get_irq() error
Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume()
vfio/pci: Clear token on bypass registration failure
clk: bcm2835: add missing release if devm_clk_hw_register fails
clk: at91: clk-main: update key before writing AT91_CKGR_MOR
rapidio: fix the missed put_device() for rio_mport_add_riodev
rapidio: fix error handling path
* lib/crc32.c: fix trivial typo in preprocessor condition
lib/crc32.c
IB/rdmavt: Fix sizeof mismatch
cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_reboot_notifier
powerpc/perf/hv-gpci: Fix starting index value
powerpc/perf: Exclude pmc5/6 from the irrelevant PMU group constraints
* overflow: Include header file with SIZE_MAX declaration
include/linux/overflow.h
* kdb: Fix pager search for multi-line strings
kernel/debug/kdb/kdb_io.c
RDMA/hns: Set the unsupported wr opcode
perf intel-pt: Fix "context_switch event has no tid" error
powerpc/tau: Disable TAU between measurements
powerpc/tau: Remove duplicated set_thresholds() call
powerpc/tau: Use appropriate temperature sample interval
RDMA/qedr: Fix use of uninitialized field
ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT values
mtd: mtdoops: Don't write panic data twice
mtd: lpddr: fix excessive stack usage with clang
powerpc/icp-hv: Fix missing of_node_put() in success path
powerpc/pseries: Fix missing of_node_put() in rng_init()
IB/mlx4: Adjust delayed work when a dup is observed
IB/mlx4: Fix starvation in paravirt mux/demux
net: korina: fix kfree of rx/tx descriptor array
mwifiex: fix double free
scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()
* nl80211: fix non-split wiphy information
net/wireless/nl80211.c
* usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well
drivers/usb/gadget/function/u_ether.c
usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above.
iwlwifi: mvm: split a print to avoid a WARNING in ROC
mfd: sm501: Fix leaks in probe()
net: enic: Cure the enic api locking trainwreck
* quota: clear padding in v2r1_mem2diskdqb()
fs/quota/quota_v2.c
ALSA: seq: oss: Avoid mutex lock for a long-time ioctl
misc: mic: scif: Fix error handling path
ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd()
HID: roccat: add bounds checking in kone_sysfs_write_settings()
video: fbdev: sis: fix null ptr dereference
video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error
drivers/virt/fsl_hypervisor: Fix error handling path
* pty: do tty_flip_buffer_push without port->lock in pty_write
drivers/tty/pty.c
tty: hvcs: Don't NULL tty->driver_data until hvcs_cleanup()
* tty: serial: earlycon dependency
drivers/tty/serial/Kconfig
VMCI: check return value of get_user_pages_fast() for errors
backlight: sky81452-backlight: Fix refcount imbalance on error
scsi: csiostor: Fix wrong return value in csio_hw_prep_fw()
scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()'
drm/gma500: fix error check
mwifiex: Do not use GFP_KERNEL in atomic context
ASoC: qcom: lpass-platform: fix memory leak
wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680
ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb()
ath6kl: prevent potential array overflow in ath6kl_add_new_sta()
ath10k: provide survey info as accumulated data
* regulator: resolve supply after creating regulator
drivers/regulator/core.c
media: ti-vpe: Fix a missing check and reference count leak
media: platform: fcp: Fix a reference count leak.
media: tc358743: initialize variable
crypto: omap-sham - fix digcnt register handling with export/import
media: omap3isp: Fix memleak in isp_probe
media: m5mols: Check function pointer in m5mols_sensor_power
media: Revert "media: exynos4-is: Add missed check for pinctrl_lookup_state()"
crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call
EDAC/i5100: Fix error handling order in i5100_init_one()
crypto: algif_aead - Do not set MAY_BACKLOG on the async path
ima: Don't ignore errors from crypto_shash_update()
KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages
cifs: remove bogus debug code
* icmp: randomize the global rate limiter
net/ipv4/icmp.c
* tcp: fix to update snd_wl1 in bulk receiver fast path
net/ipv4/tcp_input.c
nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download()
net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup
net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device
ALSA: bebob: potential info leak in hwdep_read()
r8169: fix data corruption issue on RTL8402
* net/ipv4: always honour route mtu during forwarding
include/net/ip.h
tipc: fix the skb_unshare() in tipc_buf_append()
ibmveth: Identify ingress large send packets.
* UPSTREAM: binder: fix UAF when releasing todo list
drivers/android/binder.c
* ANDROID: namespace'ify tcp_default_init_rwnd implementation
include/net/netns/ipv4.h
include/net/tcp.h
net/ipv4/sysctl_net_ipv4.c
net/ipv4/tcp_input.c
net/ipv4/tcp_ipv4.c
net/ipv4/tcp_minisocks.c
net/ipv4/tcp_output.c
Merge 4.9.240 into android-4.9-q
Linux 4.9.240
crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA
reiserfs: Fix oops during mount
reiserfs: Initialize inode keys properly
USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters
USB: serial: pl2303: add device-id for HP GC device
staging: comedi: check validity of wMaxPacketSize of usb endpoints found
USB: serial: option: Add Telit FT980-KS composition
USB: serial: option: add Cellient MPL200 card
media: usbtv: Fix refcounting mixup
* Bluetooth: Disconnect if E0 is used for Level 4
include/net/bluetooth/hci_core.h
net/bluetooth/hci_conn.c
net/bluetooth/hci_event.c
* Bluetooth: Fix update of connection state in `hci_encrypt_cfm`
include/net/bluetooth/hci_core.h
* Bluetooth: Consolidate encryption handling in hci_encrypt_cfm
include/net/bluetooth/hci_core.h
net/bluetooth/hci_event.c
* Bluetooth: fix kernel oops in store_pending_adv_report
net/bluetooth/hci_event.c
* Bluetooth: MGMT: Fix not checking if BT_HS is enabled
net/bluetooth/mgmt.c
* Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel
include/net/bluetooth/l2cap.h
net/bluetooth/l2cap_core.c
net/bluetooth/l2cap_sock.c
* Bluetooth: A2MP: Fix not initializing all members
net/bluetooth/a2mp.c
Merge 4.9.239 into android-4.9-q
Linux 4.9.239
* net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails
drivers/net/usb/rtl8150.c
* mm: khugepaged: recalculate min_free_kbytes after memory hotplug as expected by khugepaged
include/linux/khugepaged.h
mm/page_alloc.c
* perf: Fix task_function_call() error handling
kernel/events/core.c
rxrpc: Fix server keyring leak
rxrpc: Fix some missing _bh annotations on locking conn->state_lock
rxrpc: Downgrade the BUG() for unsupported token type in rxrpc_read()
rxrpc: Fix rxkad token xdr encoding
* mdio: fix mdio-thunder.c dependency & build error
drivers/net/phy/Kconfig
* bonding: set dev->needed_headroom in bond_setup_by_slave()
drivers/net/bonding/bond_main.c
* xfrm: Use correct address family in xfrm_state_find
net/xfrm/xfrm_state.c
net: stmmac: removed enabling eee in EEE set callback
* xfrm: clone whole liftime_cur structure in xfrm_do_migrate
net/xfrm/xfrm_state.c
* xfrm: clone XFRMA_REPLAY_ESN_VAL in xfrm_do_migrate
include/net/xfrm.h
drm/amdgpu: prevent double kfree ttm->sg
openvswitch: handle DNAT tuple collision
net: team: fix memory leak in __team_options_register
team: set dev->needed_headroom in team_setup_by_port()
sctp: fix sctp_auth_init_hmacs() error path
mm/khugepaged: fix filemap page_to_pgoff(page) != offset
macsec: avoid use-after-free in macsec_handle_frame()
ftrace: Move RCU is watching check after recursion check
mtd: rawnand: sunxi: Fix the probe error path
perf top: Fix stdio interface input handling with glibc 2.28+
* driver core: Fix probe_count imbalance in really_probe()
drivers/base/dd.c
platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse
platform/x86: thinkpad_acpi: initialize tp_nvram_state variable
* usermodehelper: reset umask to default before executing user process
kernel/kmod.c
* net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key()
net/wireless/nl80211.c
fbcon: Fix global-out-of-bounds read in fbcon_get_font()
Revert "ravb: Fixed to be able to unload modules"
* Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts
include/linux/font.h
* fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h
include/linux/font.h
* netfilter: ctnetlink: add a range check for l3/l4 protonum
net/netfilter/nf_conntrack_netlink.c
* ep_create_wakeup_source(): dentry name can change under you...
fs/eventpoll.c
* epoll: EPOLL_CTL_ADD: close the race in decision to take fast path
fs/eventpoll.c
* epoll: replace ->visited/visited_list with generation count
fs/eventpoll.c
* epoll: do not insert into poll queues until all sanity checks are done
fs/eventpoll.c
* net/packet: fix overflow in tpacket_rcv
net/packet/af_packet.c
* random32: Restore __latent_entropy attribute on net_rand_state
lib/random32.c
i2c: cpm: Fix i2c_ram structure
iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate()
clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED
nfs: Fix security label length not being reset
mac80211: do not allow bigger VHT MPDUs than the hardware supports
drivers/net/wan/hdlc: Set skb->protocol before transmitting
drivers/net/wan/lapbether: Make skb->protocol consistent with the header
rndis_host: increase sleep time in the query-response loop
net: dec: de2104x: Increase receive ring size for Tulip
drm/amdgpu: restore proper ref count in amdgpu_display_crtc_set_config
Input: i8042 - add nopnp quirk for Acer Aspire 5 A515
gpio: tc35894: fix up tc35894 interrupt configuration
USB: gadget: f_ncm: Fix NDP16 datagram validation
vsock/virtio: stop workers during the .remove()
vsock/virtio: use RCU to avoid use-after-free on the_virtio_vsock
Merge 4.9.238 into android-4.9-q
Linux 4.9.238
ata: sata_mv, avoid trigerrable BUG_ON
ata: make qc_prep return ata_completion_errors
ata: define AC_ERR_OK
* lib/string.c: implement stpcpy
lib/string.c
kprobes: Fix to check probe enabled before disarm_kprobe_ftrace()
MIPS: Add the missing 'CPU_1074K' into __get_cpu_type()
ALSA: asihpi: fix iounmap in error handler
batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh
batman-adv: Add missing include for in_interrupt()
mac802154: tx: fix use-after-free
batman-adv: mcast/TT: fix wrongly dropped or rerouted packets
atm: eni: fix the missed pci_disable_device() for eni_init_one()
batman-adv: bla: fix type misuse for backbone_gw hash indexing
mwifiex: Increase AES key storage size to 256 bits
clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init()
ieee802154/adf7242: check status of adf7242_read_reg
objtool: Fix noreturn detection for ignored functions
* i2c: core: Call i2c_acpi_install_space_handler() before i2c_acpi_register_devices()
drivers/i2c/i2c-core.c
s390/init: add missing __init annotations
vfio/pci: fix racy on error and request eventfd ctx
selftests/x86/syscall_nt: Clear weird flags after each test
cifs: Fix double add page to memcg when cifs_readpages
vfio/pci: Clear error and request eventfd ctx after releasing
x86/speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline
mtd: parser: cmdline: Support MTD names containing one or more colons
ceph: fix potential race in ceph_check_caps
mtd: rawnand: omap_elm: Fix runtime PM imbalance on error
perf kcore_copy: Fix module map when there are no modules loaded
perf util: Fix memory leak of prefix_if_not_in
vfio/pci: fix memory leaks of eventfd ctx
btrfs: don't force read-only after error in drop snapshot
* printk: handle blank console arguments passed in.
kernel/printk/printk.c
e1000: Do not perform reset in reset_task if we are already down
USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int
* fuse: don't check refcount after stealing page
fs/fuse/dev.c
ALSA: hda: Fix potential race in unsol event handler
tty: serial: samsung: Correct clock selection logic
USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe()
* Bluetooth: Handle Inquiry Cancel error after Inquiry Complete
net/bluetooth/hci_event.c
phy: samsung: s5pv210-usb2: Add delay after reset
atm: fix a memory leak of vcc->user_back
dt-bindings: sound: wm8994: Correct required supplies based on actual implementaion
drivers: char: tlclk.c: Avoid data race between init and interrupt handler
* bdev: Reduce time holding bd_mutex in sync in blkdev_close()
fs/block_dev.c
KVM: Remove CREATE_IRQCHIP/SET_PIT2 race
* mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area
mm/mmap.c
* mm/filemap.c: clear page error before actual read
mm/filemap.c
* ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra endpoint descriptor
sound/usb/midi.c
ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len
svcrdma: Fix leak of transport addresses
SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()'
tools: gpio-hammer: Avoid potential overflow in main
cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn
serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout
serial: 8250_omap: Fix sleeping function called from invalid context during probe
serial: 8250_port: Don't service RX FIFO if throttled
* tracing: Use address-of operator on section symbols
kernel/trace/trace.c
tpm: ibmvtpm: Wait for buffer to be set before proceeding
xfs: don't ever return a stale pointer from __xfs_dir3_free_read
media: tda10071: fix unsigned sign extension overflow
* Bluetooth: L2CAP: handle l2cap config request during open state
net/bluetooth/l2cap_core.c
drm/amdgpu: increase atombios cmd timeout
* timekeeping: Prevent 32bit truncation in scale64_check_overflow()
kernel/time/timekeeping.c
* Bluetooth: guard against controllers sending zero'd events
net/bluetooth/hci_event.c
media: go7007: Fix URB type for interrupt handling
dmaengine: tegra-apb: Prevent race conditions on channel's freeing
* bpf: Remove recursion prevention from rcu free callback
kernel/bpf/hashtab.c
x86/pkeys: Add check for pkey "overflow"
KVM: x86: fix incorrect comparison in trace event
RDMA/rxe: Fix configuration of atomic queue pair attributes
drm/omap: fix possible object reference leak
scsi: lpfc: Fix coverity errors in fmdi attribute handling
scsi: lpfc: Fix RQ buffer leakage when no IOCBs available
* selinux: sel_avc_get_stat_idx should increase position index
security/selinux/selinuxfs.c
audit: CONFIG_CHANGE don't log internal bookkeeping as an event
* skbuff: fix a data race in skb_queue_len()
include/linux/skbuff.h
net/unix/af_unix.c
ALSA: hda: Clear RIRB status before reading WP
KVM: fix overflow of zero page refcount with ksm running
* Bluetooth: prefetch channel before killing sock
net/bluetooth/l2cap_sock.c
* mm: pagewalk: fix termination condition in walk_pte_range()
mm/pagewalk.c
* Bluetooth: Fix refcount use-after-free issue
net/bluetooth/l2cap_core.c
net/bluetooth/l2cap_sock.c
ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter
* tracing: Set kernel_stack's caller size properly
kernel/trace/trace_entries.h
dmaengine: zynqmp_dma: fix burst length configuration
ACPI: EC: Reference count query handlers under lock
media: ti-vpe: cal: Restrict DMA to avoid memory corruption
* seqlock: Require WRITE_ONCE surrounding raw_seqcount_barrier
include/linux/seqlock.h
* rt_cpu_seq_next should increase position index
net/ipv4/route.c
* neigh_stat_seq_next() should increase position index
net/core/neighbour.c
* kernel/sys.c: avoid copying possible padding bytes in copy_to_user
kernel/sys.c
CIFS: Properly process SMB3 lease breaks
* debugfs: Fix !DEBUG_FS debugfs_create_automount
include/linux/debugfs.h
RDMA/iw_cgxb4: Fix an error handling path in 'c4iw_connect()'
xfs: fix attr leaf header freemap.size underflow
RDMA/i40iw: Fix potential use after free
bcache: fix a lost wake-up problem caused by mca_cannibalize_lock
* tracing: Adding NULL checks for trace_array descriptor pointer
kernel/trace/trace.c
kernel/trace/trace_events.c
* mfd: mfd-core: Protect against NULL call-back function pointer
drivers/mfd/mfd-core.c
mtd: cfi_cmdset_0002: don't free cfi->cfiq in error path of cfi_amdstd_setup()
clk/ti/adpll: allocate room for terminating null
PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out
* ALSA: usb-audio: Add delay quirk for H570e USB headsets
sound/usb/quirks.c
ASoC: kirkwood: fix IRQ error handling
gma/gma500: fix a memory disclosure bug due to uninitialized bytes
m68k: q40: Fix info-leak in rtc_ioctl
scsi: aacraid: fix illegal IO beyond last LBA
serial: 8250: Avoid error message on reprobe
* net: add __must_check to skb_put_padto()
include/linux/skbuff.h
net/hsr: Check skb_put_padto() return value
* net: phy: Avoid NPD upon phy_detach() when driver is unbound
drivers/net/phy/phy_device.c
bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex.
tipc: use skb_unshare() instead in tipc_buf_append()
* ip: fix tos reflection in ack and reset packets
net/ipv4/ip_output.c
hdlc_ppp: add range checks in ppp_cp_parse_cr()
mtd: Fix comparison in map_word_andequal()
RDMA/ucma: ucma_context reference leak in error path
kprobes: fix kill kprobe which has been marked as gone
KVM: fix memory leak in kvm_io_bus_unregister_dev()
* af_key: pfkey_dump needs parameter validation
net/key/af_key.c
Change-Id: Ic405992aa26bd9ce6da4fdcf67ab341ef9427b53
Signed-off-by: lucaswei <lucaswei@google.com>
|
||
|
Qian Cai
|
ce5d34a316 |
skbuff: fix a data race in skb_queue_len()
[ Upstream commit 86b18aaa2b5b5bb48e609cd591b3d2d0fdbe0442 ]
sk_buff.qlen can be accessed concurrently as noticed by KCSAN,
BUG: KCSAN: data-race in __skb_try_recv_from_queue / unix_dgram_sendmsg
read to 0xffff8a1b1d8a81c0 of 4 bytes by task 5371 on cpu 96:
unix_dgram_sendmsg+0x9a9/0xb70 include/linux/skbuff.h:1821
net/unix/af_unix.c:1761
____sys_sendmsg+0x33e/0x370
___sys_sendmsg+0xa6/0xf0
__sys_sendmsg+0x69/0xf0
__x64_sys_sendmsg+0x51/0x70
do_syscall_64+0x91/0xb47
entry_SYSCALL_64_after_hwframe+0x49/0xbe
write to 0xffff8a1b1d8a81c0 of 4 bytes by task 1 on cpu 99:
__skb_try_recv_from_queue+0x327/0x410 include/linux/skbuff.h:2029
__skb_try_recv_datagram+0xbe/0x220
unix_dgram_recvmsg+0xee/0x850
____sys_recvmsg+0x1fb/0x210
___sys_recvmsg+0xa2/0xf0
__sys_recvmsg+0x66/0xf0
__x64_sys_recvmsg+0x51/0x70
do_syscall_64+0x91/0xb47
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Since only the read is operating as lockless, it could introduce a logic
bug in unix_recvq_full() due to the load tearing. Fix it by adding
a lockless variant of skb_queue_len() and unix_recvq_full() where
READ_ONCE() is on the read while WRITE_ONCE() is on the write similar to
the commit d7d16a89350a ("net: add skb_queue_empty_lockless()").
Signed-off-by: Qian Cai <cai@lca.pw>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Eric Dumazet
|
48668eb1ed |
net: add __must_check to skb_put_padto()
[ Upstream commit 4a009cb04aeca0de60b73f37b102573354214b52 ] skb_put_padto() and __skb_put_padto() callers must check return values or risk use-after-free. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
lucaswei
|
fe4d25c70e |
Merge android-4.9-q (4.9.200) into android-msm-pixel-4.9-lts
Merge 4.9.200 into android-4.9-q
Linux 4.9.200
* alarmtimer: Change remaining ENOTSUPP to EOPNOTSUPP
kernel/time/alarmtimer.c
dmaengine: qcom: bam_dma: Fix resource leak
* net/flow_dissector: switch to siphash
include/linux/skbuff.h
include/net/flow_dissector.h
net/core/flow_dissector.c
net/sched/sch_fq_codel.c
* kbuild: add -fcf-protection=none when using retpoline flags
Makefile
* kbuild: use -fmacro-prefix-map to make __FILE__ a relative path
Makefile
* Kbuild: make designated_init attribute fatal
Makefile
* inet: stop leaking jiffies on the wire
net/ipv4/datagram.c
net/ipv4/tcp_ipv4.c
net/mlx4_core: Dynamically set guaranteed amount of counters per VF
vxlan: check tun_info options_len properly
net: bcmgenet: reset 40nm EPHY on energy detect
net: dsa: fix switch tree list
* net: add READ_ONCE() annotation in __skb_wait_for_more_packets()
net/core/datagram.c
selftests: net: reuseport_dualstack: fix uninitalized parameter
* net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol()
net/core/ethtool.c
net: hisilicon: Fix ping latency when deal with high throughput
* net: fix sk_page_frag() recursion from memory reclaim
include/linux/gfp.h
include/net/sock.h
dccp: do not leak jiffies on the wire
cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs
MIPS: bmips: mark exception vectors as char arrays
of: unittest: fix memory leak in unittest_data_add
scsi: target: core: Do not overwrite CDB byte 1
ARM: davinci: dm365: Fix McBSP dma_slave_map entry
perf kmem: Fix memory leak in compact_gfp_flags()
ARM: dts: imx7s: Correct GPT's ipg clock source
* scsi: fix kconfig dependency warning related to 53C700_LE_ON_BE
drivers/scsi/Kconfig
scsi: sni_53c710: fix compilation error
scsi: scsi_dh_alua: handle RTPG sense code correctly during state transitions
ARM: mm: fix alignment handler faults under memory pressure
pinctrl: ns2: Fix off by one bugs in ns2_pinmux_enable()
ARM: dts: logicpd-torpedo-som: Remove twl_keypad
ASoc: rockchip: i2s: Fix RPM imbalance
ASoC: wm_adsp: Don't generate kcontrols without READ flags
regulator: pfuze100-regulator: Variable "val" in pfuze100_regulator_probe() could be uninitialized
regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/ti_abb_clear_all_txdone
UPSTREAM: HID: steam: fix deadlock with input devices.
UPSTREAM: HID: steam: fix boot loop with bluetooth firmware
UPSTREAM: HID: steam: remove input device when a hid client is running.
UPSTREAM: HID: steam: use hid_device.driver_data instead of hid_set_drvdata()
UPSTREAM: HID: steam: add missing fields in client initialization
UPSTREAM: HID: steam: add battery device.
* UPSTREAM: HID: add driver for Valve Steam Controller
drivers/hid/Kconfig
drivers/hid/Makefile
drivers/hid/hid-core.c
drivers/hid/hid-ids.h
include/linux/hid.h
* UPSTREAM: HID: sony: Fix memory corruption issue on cleanup.
drivers/hid/hid-sony.c
* UPSTREAM: HID: sony: Fix race condition between rumble and device remove.
drivers/hid/hid-sony.c
Merge 4.9.199 into android-4.9-q
Linux 4.9.199
Revert "ALSA: hda: Flush interrupts on disabling"
* ALSA: timer: Fix mutex deadlock at releasing card
sound/core/timer.c
* ALSA: timer: Simplify error path in snd_timer_open()
sound/core/timer.c
* ALSA: timer: Limit max instances per timer
include/sound/timer.h
sound/core/timer.c
* ALSA: timer: Follow standard EXPORT_SYMBOL() declarations
sound/core/timer.c
xfs: Correctly invert xfs_buftarg LRU isolation logic
sctp: not bind the socket in sctp_connect
* sctp: fix the issue that flags are ignored when using kernel_connect
include/net/sctp/sctp.h
* sch_netem: fix rcu splat in netem_enqueue()
include/net/sch_generic.h
net/sched/sch_netem.c
net: usb: sr9800: fix uninitialized local variable
* bonding: fix potential NULL deref in bond_update_slave_arr
drivers/net/bonding/bond_main.c
llc: fix sk_buff leak in llc_conn_service()
llc: fix sk_buff leak in llc_sap_state_process()
dmaengine: cppi41: Fix cppi41_dma_prep_slave_sg() when idle
rtlwifi: Fix potential overflow on P2P code
s390/cmm: fix information leak in cmm_timeout_handler()
* nl80211: fix validation of mesh path nexthop
net/wireless/nl80211.c
* HID: fix error message in hid_open_report()
drivers/hid/hid-core.c
* HID: Fix assumption that devices have inputs
drivers/hid/hid-dr.c
drivers/hid/hid-gaff.c
drivers/hid/hid-sony.c
HID: i2c-hid: add Trekstor Primebook C11B to descriptor override
USB: serial: whiteheat: fix line-speed endianness
USB: serial: whiteheat: fix potential slab corruption
USB: ldusb: fix control-message timeout
USB: ldusb: fix ring-buffer locking
* usb-storage: Revert commit 747668dbc061 ("usb-storage: Set virt_boundary_mask to avoid SG overflows")
drivers/usb/storage/scsiglue.c
* USB: gadget: Reject endpoints with 0 maxpacket value
drivers/usb/gadget/udc/core.c
UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather segments")
ALSA: bebob: Fix prototype of helper function to return negative value
* fuse: truncate pending writes on O_TRUNC
fs/fuse/file.c
* fuse: flush dirty data/metadata before non-truncate setattr
fs/fuse/dir.c
ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()
thunderbolt: Use 32-bit writes when writing ring producer/consumer
USB: legousbtower: fix a signedness bug in tower_probe()
* tracing: Initialize iter->seq after zeroing in tracing_read_pipe()
kernel/trace/trace.c
s390/uaccess: avoid (false positive) compiler warnings
NFSv4: Fix leak of clp->cl_acceptor string
MIPS: fw: sni: Fix out of bounds init of o32 stack
fs: ocfs2: fix a possible null-pointer dereference in ocfs2_info_scan_inode_alloc()
fs: ocfs2: fix a possible null-pointer dereference in ocfs2_write_end_nolock()
fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry()
ocfs2: clear zero in unaligned direct IO
efi/x86: Do not clean dummy variable in kexec path
efi/cper: Fix endianness of PCIe class code
serial: mctrl_gpio: Check for NULL pointer
fs: cifs: mute -Wunused-const-variable message
gpio: max77620: Use correct unit for debounce times
RDMA/iwcm: Fix a lock inversion issue
staging: rtl8188eu: fix null dereference when kzalloc fails
perf jevents: Fix period for Intel fixed counters
perf map: Fix overlapped map handling
iio: fix center temperature of bmc150-accel-core
* exec: load_script: Do not exec truncated interpreter path
fs/binfmt_script.c
rtc: pcf8523: set xtal load capacitance from DT
* usb: handle warm-reset port requests on hub resume
drivers/usb/core/hub.c
* scripts/setlocalversion: Improve -dirty check with git-status --no-optional-locks
scripts/setlocalversion
HID: i2c-hid: Add Odys Winbook 13 to descriptor override
x86/cpu: Add Atom Tremont (Jacobsville)
HID: i2c-hid: add Direkt-Tek DTLAPY133-1 to descriptor override
sc16is7xx: Fix for "Unexpected interrupt: 8"
* dm: Use kzalloc for all structs with embedded biosets/mempools
drivers/md/dm-io.c
drivers/md/dm-kcopyd.c
dm snapshot: rework COW throttling to fix deadlock
dm snapshot: introduce account_start_copy() and account_end_copy()
dm snapshot: use mutex instead of rw_semaphore
* binder: binder: fix possible UAF when freeing buffer
drivers/android/binder.c
* BACKPORT: dm bufio: introduce a global cache replacement
drivers/md/dm-bufio.c
* BACKPORT: dm bufio: remove old-style buffer cleanup
drivers/md/dm-bufio.c
* BACKPORT: dm bufio: introduce a global queue
drivers/md/dm-bufio.c
* BACKPORT: dm bufio: refactor adjust_total_allocated
drivers/md/dm-bufio.c
* BACKPORT: dm bufio: call adjust_total_allocated from __link_buffer and __unlink_buffer
drivers/md/dm-bufio.c
cuttlefish-4.9: Enable CONFIG_DM_SNAPSHOT
Merge 4.9.198 into android-4.9-q
Linux 4.9.198
RDMA/cxgb4: Do not dma memory off of the stack
* Revert "net: sit: fix memory leak in sit_init_net()"
net/ipv6/sit.c
* PCI: PM: Fix pci_power_up()
drivers/pci/pci.c
xen/netback: fix error path of xenvif_connect_data()
* cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown
drivers/base/core.c
drivers/cpufreq/cpufreq.c
memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()'
btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group()
CIFS: avoid using MID 0xFFFF
parisc: Fix vmap memory leak in ioremap()/iounmap()
xtensa: drop EXPORT_SYMBOL for outs*/ins*
* mm/slub: fix a deadlock in show_slab_objects()
mm/slub.c
scsi: zfcp: fix reaction on bit error threshold notification
* drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50
drivers/gpu/drm/drm_edid.c
mac80211: Reject malformed SSID elements
cfg80211: wext: avoid copying malformed SSIDs
ASoC: rsnd: Reinitialize bit clock inversion flag for every format setting
Input: da9063 - fix capability and drop KEY_SLEEP
* scsi: core: try to get module before removing device
drivers/scsi/scsi_sysfs.c
staging: wlan-ng: fix exit return when sme->key_idx >= NUM_WEPKEYS
MIPS: tlbex: Fix build_restore_pagemask KScratch restore
USB: ldusb: fix read info leaks
USB: usblp: fix use-after-free on disconnect
USB: ldusb: fix memleak on disconnect
USB: serial: ti_usb_3410_5052: fix port-close races
usb: udc: lpc32xx: fix bad bit shift operation
ALSA: hda/realtek - Add support for ALC711
USB: legousbtower: fix memleak on disconnect
* memfd: Fix locking when tagging pins
mm/shmem.c
* ipv4: Return -ENETUNREACH if we can't create route but saddr is valid
net/ipv4/route.c
* net: avoid potential infinite loop in tc_ctl_action()
net/sched/act_api.c
sctp: change sctp_prot .no_autobind with true
net: bcmgenet: Set phydev->dev_flags only for internal PHYs
net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3
* loop: Add LOOP_SET_DIRECT_IO to compat ioctl
drivers/block/loop.c
ocfs2: fix panic due to ocfs2_wq is null
Revert "drm/radeon: Fix EEH during kexec"
namespace: fix namespace.pl script to support relative paths
net: hisilicon: Fix usage of uninitialized variable in function mdio_sc_cfg_reg_write()
mips: Loongson: Fix the link time qualifier of 'serial_exit()'
mac80211: fix txq null pointer dereference
* nl80211: fix null pointer dereference
net/wireless/nl80211.c
MIPS: dts: ar9331: fix interrupt-controller size
ARM: dts: am4372: Set memory bandwidth limit for DISPC
ARM: OMAP2+: Fix missing reset done flag for am3 and am43
scsi: qla2xxx: Fix unbound sleep in fcport delete path.
scsi: megaraid: disable device when probe failed after enabled device
* scsi: ufs: skip shutdown if hba is not powered
drivers/scsi/ufs/ufshcd.c
rtlwifi: Fix potential overflow on P2P code
ANDROID: clang: update to 9.0.8 based on r365631c
* ANDROID: move up spin_unlock_bh() ahead of remove_proc_entry()
net/netfilter/xt_quota2.c
ANDROID: refactor build.config files to remove duplication
Merge 4.9.197 into android-4.9-q
Linux 4.9.197
xfs: clear sb->s_fs_info on mount failure
x86/asm: Fix MWAITX C-state hint value
* tracing: Get trace_array reference for available_tracers files
kernel/trace/trace.c
tracing/hwlat: Don't ignore outer-loop duration when calculating max_latency
tracing/hwlat: Report total time spent in all NMIs during the sample
media: stkwebcam: fix runtime PM after driver unbind
* Fix the locking in dcache_readdir() and friends
fs/libfs.c
MIPS: Disable Loongson MMI instructions for kernel build
Staging: fbtft: fix memory leak in fbtft_framebuffer_alloc
staging: fbtft: Stop using BL_CORE_DRIVER1
* kernel/sysctl.c: do not override max_threads provided by userspace
kernel/fork.c
CIFS: Force reval dentry if LOOKUP_REVAL flag is set
CIFS: Force revalidate inode when dentry is stale
CIFS: Gracefully handle QueryInfo errors during open
perf inject jit: Fix JIT_CODE_MOVE filename
perf llvm: Don't access out-of-scope array
efivar/ssdt: Don't iterate over EFI vars if no SSDT override was specified
iio: light: opt3001: fix mutex unlock race
iio: adc: ad799x: fix probe error handling
staging: vt6655: Fix memory leak in vt6655_probe
USB: legousbtower: fix use-after-free on release
USB: legousbtower: fix open after failed reset request
USB: legousbtower: fix potential NULL-deref on disconnect
USB: legousbtower: fix deadlock on disconnect
USB: legousbtower: fix slab info leak at probe
usb: renesas_usbhs: gadget: Fix usb_ep_set_{halt,wedge}() behavior
usb: renesas_usbhs: gadget: Do not discard queues in usb_ep_set_{halt,wedge}()
USB: dummy-hcd: fix power budget for SuperSpeed mode
USB: microtek: fix info-leak at probe
USB: usblcd: fix I/O after disconnect
USB: serial: fix runtime PM after driver unbind
USB: serial: option: add support for Cinterion CLS8 devices
USB: serial: option: add Telit FN980 compositions
USB: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20
USB: serial: keyspan: fix NULL-derefs on open() and write()
serial: uartlite: fix exit path null pointer
USB: ldusb: fix NULL-derefs on driver unbind
USB: chaoskey: fix use-after-free on release
USB: usblp: fix runtime PM after driver unbind
USB: iowarrior: fix use-after-free after driver unbind
USB: iowarrior: fix use-after-free on release
USB: iowarrior: fix use-after-free on disconnect
USB: adutux: fix use-after-free on release
USB: adutux: fix NULL-derefs on disconnect
USB: adutux: fix use-after-free on disconnect
USB: adutux: remove redundant variable minor
* xhci: Increase STS_SAVE timeout in xhci_suspend()
drivers/usb/host/xhci.c
* usb: xhci: wait for CNR controller not ready bit in xhci resume
drivers/usb/host/xhci.c
* xhci: Check all endpoints for LPM timeout
drivers/usb/host/xhci.c
* xhci: Prevent device initiated U1/U2 link pm if exit latency is too long
drivers/usb/host/xhci.c
* xhci: Fix false warning message about wrong bounce buffer write length
drivers/usb/host/xhci-ring.c
USB: usb-skeleton: fix NULL-deref on disconnect
USB: usb-skeleton: fix runtime PM after driver unbind
USB: yurex: fix NULL-derefs on disconnect
USB: yurex: Don't retry on unexpected errors
* USB: rio500: Remove Rio 500 kernel driver
drivers/usb/misc/Kconfig
drivers/usb/misc/Makefile
* panic: ensure preemption is disabled during panic()
kernel/panic.c
ASoC: sgtl5000: Improve VAG power and mute control
* nl80211: validate beacon head
net/wireless/nl80211.c
* cfg80211: Use const more consistently in for_each_element macros
include/linux/ieee80211.h
* cfg80211: add and use strongly typed element iteration macros
include/linux/ieee80211.h
net/wireless/scan.c
coresight: etm4x: Use explicit barriers on enable/disable
crypto: caam - fix concurrency issue in givencrypt descriptor
perf stat: Reset previous counts on repeat with interval
perf stat: Fix a segmentation fault when using repeat forever
perf tools: Fix segfault in cpu_cache_level__read()
tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure
* kernel/elfcore.c: include proper prototypes
kernel/elfcore.c
* sched/core: Fix migration to invalid CPU in __set_cpus_allowed_ptr()
kernel/sched/core.c
fuse: fix memleak in cuse_channel_open
* thermal: Fix use-after-free when unregistering thermal zone device
drivers/thermal/thermal_core.c
drm/amdgpu: Check for valid number of registers to read
ceph: reconnect connection if session hang in opening state
ceph: fix directories inode i_blkbits initialization
xen/pci: reserve MCFG areas earlier
9p: avoid attaching writeback_fid on mmap with type PRIVATE
fs: nfs: Fix possible null-pointer dereferences in encode_attrs()
ima: always return negative code for error
* cfg80211: initialize on-stack chandefs
net/wireless/nl80211.c
net/wireless/reg.c
ieee802154: atusb: fix use-after-free at disconnect
watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout
* timer: Read jiffies once when forwarding base clk
kernel/time/timer.c
* usercopy: Avoid HIGHMEM pfn warning
mm/usercopy.c
crypto: qat - Silence smp_processor_id() warning
can: mcp251x: mcp251x_hw_reset(): allow more time after a reset
powerpc/powernv: Restrict OPAL symbol map to only be readable by root
* ASoC: Define a set of DAPM pre/post-up events
include/sound/soc-dapm.h
KVM: nVMX: handle page fault in vmread fix
s390/cio: exclude subchannels with no parent from pseudo check
s390/cio: avoid calling strlen on null pointer
s390/topology: avoid firing events before kobjs are created
KVM: s390: Test for bad access register and size at the start of S390_MEM_OP
ANDROID: cuttlefish_defconfig: Enable BPF_JIT and BPF_JIT_ALWAYS_ON
Change-Id: Ie9c99a9fcb1ee411aea4da0b1c4a454989142343
Signed-off-by: lucaswei <lucaswei@google.com>
|
||
|
Eric Dumazet
|
1f94465d13 |
net/flow_dissector: switch to siphash
commit 55667441c84fa5e0911a0aac44fb059c15ba6da2 upstream.
UDP IPv6 packets auto flowlabels are using a 32bit secret
(static u32 hashrnd in net/core/flow_dissector.c) and
apply jhash() over fields known by the receivers.
Attackers can easily infer the 32bit secret and use this information
to identify a device and/or user, since this 32bit secret is only
set at boot time.
Really, using jhash() to generate cookies sent on the wire
is a serious security concern.
Trying to change the rol32(hash, 16) in ip6_make_flowlabel() would be
a dead end. Trying to periodically change the secret (like in sch_sfq.c)
could change paths taken in the network for long lived flows.
Let's switch to siphash, as we did in commit df453700e8d8
("inet: switch IP ID generator to siphash")
Using a cryptographically strong pseudo random function will solve this
privacy issue and more generally remove other weak points in the stack.
Packet schedulers using skb_get_hash_perturb() benefit from this change.
Fixes:
|
||
|
Petri Gynther
|
c7cb7ae16c |
Merge android-4.9 (4.9.159) into android-msm-bluecross-4.9-lts
Merge 4.9.159 into android-4.9
Linux 4.9.159
Revert "scsi: aic94xx: fix module loading"
* uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define
include/uapi/linux/if_ether.h
include/uapi/linux/libc-compat.h
* mm: stop leaking PageTables
mm/memory.c
* pinctrl: msm: fix gpio-hog related boot issues
drivers/pinctrl/qcom/pinctrl-msm.c
netfilter: nf_tables: fix mismatch in big-endian system
usb: dwc2: Remove unnecessary kfree
kaweth: use skb_cow_head() to deal with cloned skbs
ch9200: use skb_cow_head() to deal with cloned skbs
smsc95xx: Use skb_cow_head to deal with cloned skbs
drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set
dm thin: fix bug where bio that overwrites thin block ignores FUA
x86/a.out: Clear the dump structure initially
* signal: Restore the stop PTRACE_EVENT_EXIT
kernel/signal.c
x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls
tracing/uprobes: Fix output for multiple string arguments
alpha: Fix Eiger NR_IRQS to 128
alpha: fix page fault handling for r16-r18 targets
Input: elantech - enable 3rd button support on Fujitsu CELSIUS H780
Input: bma150 - register input device after setting private data
kvm: vmx: Fix entry number check for add_atomic_switch_msr()
* ALSA: usb-audio: Fix implicit fb endpoint setup by quirk
sound/usb/pcm.c
ALSA: hda - Add quirk for HP EliteBook 840 G5
* perf/x86: Add check_period PMU callback
include/linux/perf_event.h
kernel/events/core.c
* perf/core: Fix impossible ring-buffer sizes warning
kernel/events/ring_buffer.c
Input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK
Revert "Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G"
perf report: Include partial stacks unwound with libdw
cifs: Limit memory used by lock request calls to a page
gpio: pl061: handle failed allocations
ARM: dts: kirkwood: Fix polarity of GPIO fan lines
ARM: dts: da850-lcdk: Correct the sound card name
ARM: dts: da850-evm: Correct the sound card name
drm/bridge: tc358767: fix output H/V syncs
drm/bridge: tc358767: reject modes which require too much BW
drm/bridge: tc358767: fix initial DP0/1_SRCCTRL value
drm/bridge: tc358767: fix single lane configuration
drm/bridge: tc358767: add defines for DP1_SRCCTRL & PHY_2LANE
* cpufreq: check if policy is inactive early in __cpufreq_get()
drivers/cpufreq/cpufreq.c
ACPI: NUMA: Use correct type for printing addresses on i386-PAE
bnx2x: disable GSO where gso_size is too big for hardware
* net: create skb_gso_validate_mac_len()
include/linux/skbuff.h
net/core/skbuff.c
ARM: fix the cockup in the previous patch
ARM: ensure that processor vtables is not lost after boot
ARM: spectre-v2: per-CPU vtables to work around big.Little systems
ARM: add PROC_VTABLE and PROC_TABLE macros
ARM: clean up per-processor check_bugs method call
ARM: split out processor lookup
ARM: make lookup_processor_type() non-__init
ARM: 8810/1: vfp: Fix wrong assignement to ufp_exc
ARM: 8797/1: spectre-v1.1: harden __copy_to_user
ARM: 8796/1: spectre-v1,v1.1: provide helpers for address sanitization
ARM: 8795/1: spectre-v1.1: use put_user() for __put_user()
ARM: 8794/1: uaccess: Prevent speculative use of the current addr_limit
ARM: 8793/1: signal: replace __put_user_error with __put_user
ARM: 8792/1: oabi-compat: copy oabi events using __copy_to_user()
ARM: 8791/1: vfp: use __copy_to_user() when saving VFP state
ARM: 8789/1: signal: copy registers using __copy_to_user()
* uapi/if_ether.h: prevent redefinition of struct ethhdr
include/uapi/linux/if_ether.h
include/uapi/linux/libc-compat.h
* eeprom: at24: add support for 24c2048
drivers/misc/eeprom/Kconfig
dt-bindings: eeprom: at24: add "atmel,24c2048" compatible string
BACKPORT: userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas
ANDROID: cuttlefish_defconfig: Enable DEBUG_SET_MODULE_RONX
Merge 4.9.158 into android-4.9
Linux 4.9.158
* Revert "exec: load_script: don't blindly truncate shebang string"
fs/binfmt_script.c
Merge 4.9.157 into android-4.9
Linux 4.9.157
batman-adv: Force mac header to start of data on xmit
batman-adv: Avoid WARN on net_device without parent in netns
* xfrm: refine validation of template and selector families
net/xfrm/xfrm_user.c
libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive()
* Revert "cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs)"
fs/cifs/Kconfig
* HID: debug: fix the ring buffer implementation
drivers/hid/hid-debug.c
include/linux/hid-debug.h
nfsd4: catch some false session retries
nfsd4: fix cached replies to solo SEQUENCE compounds
drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user
drm/vmwgfx: Fix setting of dma masks
* drm/modes: Prevent division by zero htotal
drivers/gpu/drm/drm_modes.c
mac80211: ensure that mgmt tx skbs have tailroom for encryption
ARM: tango: Improve ARCH_MULTIPLATFORM compatibility
ARM: iop32x/n2100: fix PCI IRQ mapping
MIPS: VDSO: Include $(ccflags-vdso) in o32,n32 .lds builds
MIPS: OCTEON: don't set octeon_dma_bar_type if PCI is disabled
mips: cm: reprime error cause
* debugfs: fix debugfs_rename parameter checking
fs/debugfs/inode.c
samples: mei: use /dev/mei0 instead of /dev/mei
misc: vexpress: Off by one in vexpress_syscfg_exec()
* signal: Better detection of synchronous signals
kernel/signal.c
* signal: Always notice exiting tasks
kernel/signal.c
iio: chemical: atlas-ph-sensor: correct IIO_TEMP values to millicelsius
mtd: rawnand: gpmi: fix MX28 bus master lockup problem
ANDROID: cuttlefish: enable CONFIG_NET_SCH_NETEM=y
Add XFRM-I to cuttlefish defconfigs
ANDROID: Move from clang r346389b to r349610.
Change-Id: I000fc05db9aa733cfa7027025d690d5e0fd0e683
Signed-off-by: Petri Gynther <pgynther@google.com>
|
||
|
Daniel Axtens
|
84d8c3a7e1 |
net: create skb_gso_validate_mac_len()
commit 2b16f048729bf35e6c28a40cbfad07239f9dcd90 upstream If you take a GSO skb, and split it into packets, will the MAC length (L2 + L3 + L4 headers + payload) of those packets be small enough to fit within a given length? Move skb_gso_mac_seglen() to skbuff.h with other related functions like skb_gso_network_seglen() so we can use it, and then create skb_gso_validate_mac_len to do the full calculation. Signed-off-by: Daniel Axtens <dja@axtens.net> Signed-off-by: David S. Miller <davem@davemloft.net> [jwang: cherry pick for CVE-2018-1000026] Signed-off-by: Jack Wang <jinpu.wang@cloud.ionos.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
43a47d8a93 |
Merge 4.9.154 into android-msm-bluecross-4.9-lts
Linux 4.9.154
btrfs: dev-replace: go back to suspended state if target device is missing
btrfs: fix error handling in btrfs_dev_replace_start
* f2fs: read page index before freeing
fs/f2fs/node.c
nvmet-rdma: fix null dereference under heavy load
nvmet-rdma: Add unlikely for response allocated check
s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU
* irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size
drivers/irqchip/irq-gic-v3-its.c
perf unwind: Take pgoff into account when reporting elf to libdwfl
perf unwind: Unwind with libdw doesn't take symfs into account
vt: invoke notifier on screen size change
can: bcm: check timer values before ktime conversion
can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it
x86/kaslr: Fix incorrect i8254 outb() parameters
x86/selftests/pkeys: Fork() to check for state being preserved
KVM: x86: Fix single-step debugging
dm thin: fix passdown_double_checking_shared_status()
acpi/nfit: Fix command-supported detection
acpi/nfit: Block function zero DSMs
* Input: uinput - fix undefined behavior in uinput_validate_absinfo()
drivers/input/misc/uinput.c
* compiler.h: enable builtin overflow checkers and add fallback code
include/linux/compiler-clang.h
include/linux/compiler-gcc.h
include/linux/compiler-intel.h
Input: xpad - add support for SteelSeries Stratus Duo
CIFS: Fix possible hang during async MTU reads and writes
tty/n_hdlc: fix __might_sleep warning
* uart: Fix crash in uart_write and uart_put_char
drivers/tty/serial/serial_core.c
* tty: Handle problem if line discipline does not have receive_buf
drivers/tty/tty_io.c
staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1
char/mwave: fix potential Spectre v1 vulnerability
s390/smp: fix CPU hotplug deadlock with CPU rescan
s390/early: improve machine detection
* ARC: perf: map generic branches to correct hardware condition
arch/arc/include/asm/perf_event.h
ARCv2: lib: memeset: fix doing prefetchw outside of buffer
ASoC: rt5514-spi: Fix potential NULL pointer dereference
ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages
USB: serial: pl2303: add new PID to support PL2303TB
USB: serial: simple: add Motorola Tetra TPG2200 device id
* ipfrag: really prevent allocation on netns exit
net/ipv4/inet_fragment.c
* net_sched: refetch skb protocol for each filter
net/sched/sch_api.c
* net: ipv4: Fix memory leak in network namespace dismantle
include/net/ip_fib.h
net/ipv4/fib_frontend.c
net/ipv4/fib_trie.c
vhost: log dirty page correctly
openvswitch: Avoid OOB read when parsing flow nlattrs
* net: Fix usage of pskb_trim_rcsum
drivers/net/ppp/pppoe.c
include/linux/skbuff.h
net/ipv4/ip_input.c
* net: bridge: Fix ethernet header pointer before check skb forwardable
net/bridge/br_forward.c
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Ross Lagerwall
|
04663e84f0 |
net: Fix usage of pskb_trim_rcsum
[ Upstream commit 6c57f0458022298e4da1729c67bd33ce41c14e7a ] In certain cases, pskb_trim_rcsum() may change skb pointers. Reinitialize header pointers afterwards to avoid potential use-after-frees. Add a note in the documentation of pskb_trim_rcsum(). Found by KASAN. Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Petri Gynther
|
5cdb13f3cd |
Merge 4.9.140 into android-msm-bluecross-4.9-lts
Linux 4.9.140
* Revert "ipv6: set rt6i_protocol properly in the route when it is installed"
net/ipv6/route.c
* Revert "x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation"
kernel/cpu.c
Linux 4.9.139
ARM: spectre-v1: mitigate user accesses
ARM: spectre-v1: use get_user() for __get_user()
ARM: use __inttype() in get_user()
ARM: oabi-compat: copy semops using __copy_from_user()
ARM: vfp: use __copy_from_user() when restoring VFP state
ARM: signal: copy registers using __copy_from_user()
ARM: spectre-v1: fix syscall entry
ARM: spectre-v1: add array_index_mask_nospec() implementation
ARM: spectre-v1: add speculation barrier (csdb) macros
ARM: KVM: report support for SMCCC_ARCH_WORKAROUND_1
ARM: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling
ARM: spectre-v2: KVM: invalidate icache on guest exit for Brahma B15
ARM: KVM: invalidate icache on guest exit for Cortex-A15
ARM: KVM: invalidate BTB on guest exit for Cortex-A12/A17
ARM: spectre-v2: warn about incorrect context switching functions
ARM: spectre-v2: add firmware based hardening
ARM: spectre-v2: harden user aborts in kernel space
ARM: spectre-v2: add Cortex A8 and A15 validation of the IBE bit
ARM: spectre-v2: harden branch predictor on context switches
ARM: spectre: add Kconfig symbol for CPUs vulnerable to Spectre
ARM: bugs: add support for per-processor bug checking
ARM: bugs: hook processor bug checking into SMP and suspend paths
ARM: bugs: prepare processor bug infrastructure
ARM: add more CPU part numbers for Cortex and Brahma B15 CPUs
* arm64: uaccess: suppress spurious clang warning
arch/arm64/include/asm/uaccess.h
* Kbuild: use -fshort-wchar globally
Makefile
x86/build: Use cc-option to validate stack alignment parameter
x86/build: Fix stack alignment for CLang
efi/libstub/arm64: Set -fpie when building the EFI stub
efi/libstub: Preserve .debug sections after absolute relocation check
efi/libstub/arm64: Force 'hidden' visibility for section markers
* efi/libstub/arm64: Use hidden attribute for struct screen_info reference
arch/arm64/include/asm/efi.h
x86/boot: #undef memcpy() et al in string.c
* crypto: arm64/sha - avoid non-standard inline asm tricks
arch/arm64/crypto/sha1-ce-core.S
arch/arm64/crypto/sha1-ce-glue.c
arch/arm64/crypto/sha2-ce-core.S
arch/arm64/crypto/sha2-ce-glue.c
* kbuild: clang: Disable 'address-of-packed-member' warning
Makefile
x86/build: Specify stack alignment for clang
x86/build: Use __cc-option for boot code compiler options
* kbuild: Add __cc-option macro
Makefile
scripts/Kbuild.include
scripts/Makefile.host
crypto, x86: aesni - fix token pasting for clang
x86/kbuild: Use cc-option to enable -falign-{jumps/loops}
* modules: mark __inittest/__exittest as __maybe_unused
include/linux/module.h
* kbuild: Add support to generate LLVM assembly files
Makefile
scripts/Makefile.build
* kbuild: use -Oz instead of -Os when using clang
Makefile
* kbuild, LLVMLinux: Add -Werror to cc-option to support clang
scripts/Kbuild.include
* kbuild: drop -Wno-unknown-warning-option from clang options
Makefile
scripts/Makefile.extrawarn
* kbuild: fix asm-offset generation to work with clang
include/linux/kbuild.h
scripts/Makefile.lib
* kbuild: consolidate redundant sed script ASM offset generation
scripts/Makefile.lib
* kbuild: Consolidate header generation from ASM offset information
Kbuild
scripts/Makefile.lib
scripts/mod/Makefile
* kbuild: clang: add -no-integrated-as to KBUILD_[AC]FLAGS
Makefile
* kbuild: Add better clang cross build support
Makefile
* ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF
net/ipv6/route.c
* inet: frags: better deal with smp races
net/ipv4/inet_fragment.c
usbnet: smsc95xx: disable carrier check while suspending
tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths
sctp: not allow to set asoc prsctp_enable by sockopt
* net-gro: reset skb->pkt_type in napi_reuse_skb()
net/core/dev.c
* ip_tunnel: don't force DF when MTU is locked
net/ipv4/ip_tunnel_core.c
* flow_dissector: do not dissect l4 ports for fragments
net/core/flow_dissector.c
Linux 4.9.138
KVM: arm64: Fix caching of host MDCR_EL2 value
drm/i915/execlists: Force write serialisation into context image vs execution
drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values
* drm/dp_mst: Check if primary mstb is null
drivers/gpu/drm/drm_dp_mst_topology.c
drm/rockchip: Allow driver to be shutdown on reboot/kexec
* mm: migration: fix migration of huge PMD shared pages
include/linux/hugetlb.h
include/linux/mm.h
mm/rmap.c
hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444!
lib/ubsan.c: don't mark __ubsan_handle_builtin_unreachable as noreturn
* configfs: replace strncpy with memcpy
fs/configfs/symlink.c
* fuse: fix leaked notify reply
fs/fuse/dev.c
* fuse: fix use-after-free in fuse_direct_IO()
fs/fuse/file.c
* rtc: hctosys: Add missing range error reporting
drivers/rtc/hctosys.c
nfsd: COPY and CLONE operations require the saved filehandle to be set
sunrpc: correct the computation for page_ptr when truncating
* mount: Prevent MNT_DETACH from disconnecting locked mounts
fs/namespace.c
* mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts
fs/namespace.c
* mount: Retest MNT_LOCKED in do_umount
fs/namespace.c
* ext4: fix buffer leak in __ext4_read_dirblock() on error path
fs/ext4/namei.c
* ext4: fix buffer leak in ext4_xattr_move_to_block() on error path
fs/ext4/xattr.c
* ext4: release bs.bh before re-using in ext4_xattr_block_find()
fs/ext4/xattr.c
* ext4: fix possible leak of s_journal_flag_rwsem in error path
fs/ext4/super.c
* ext4: fix possible leak of sbi->s_group_desc_leak in error path
fs/ext4/super.c
* ext4: avoid possible double brelse() in add_new_gdb() on error path
fs/ext4/resize.c
* ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing
fs/ext4/resize.c
* ext4: avoid buffer leak in ext4_orphan_add() after prior errors
fs/ext4/namei.c
* ext4: fix possible inode leak in the retry loop of ext4_resize_fs()
fs/ext4/resize.c
* ext4: avoid potential extra brelse in setup_new_flex_group_blocks()
fs/ext4/resize.c
* ext4: add missing brelse() add_new_gdb_meta_bg()'s error path
fs/ext4/resize.c
* ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path
fs/ext4/resize.c
* ext4: add missing brelse() update_backups()'s error path
fs/ext4/resize.c
clockevents/drivers/i8253: Add support for PIT shutdown quirk
Btrfs: fix data corruption due to cloning of eof block
Btrfs: fix cur_offset in the error case for nocow
arch/alpha, termios: implement BOTHER, IBSHIFT and termios2
* termios, tty/tty_baudrate.c: fix buffer overrun
drivers/tty/tty_ioctl.c
of, numa: Validate some distance map rules
* mtd: docg3: don't set conflicting BCH_CONST_PARAMS option
drivers/mtd/devices/Kconfig
* netfilter: conntrack: fix calculation of next bucket number in early_drop
net/netfilter/nf_conntrack_core.c
mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings
ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry
vhost/scsi: truncate T10 PI iov_iter to prot_bytes
reset: hisilicon: fix potential NULL pointer dereference
mach64: fix image corruption due to reading accelerator registers
mach64: fix display corruption on big endian machines
Revert "ceph: fix dentry leak in splice_dentry()"
libceph: bump CEPH_MSG_MAX_DATA_LEN
clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call
clk: at91: Fix division by zero in PLL recalc_rate()
clk: s2mps11: Fix matching when built as module and DT node contains compatible
xtensa: fix boot parameters address translation
xtensa: make sure bFLT stack is 16 byte aligned
xtensa: add NOTES section to the linker script
MIPS: Loongson-3: Fix BRIDGE irq delivery problem
MIPS: Loongson-3: Fix CPU UART irq delivery problem
parisc: Fix exported address of os_hpmc handler
parisc: Fix HPMC handler by increasing size to multiple of 16 bytes
parisc: Align os_hpmc_size on word boundary
bna: ethtool: Avoid reading past end of buffer
e1000: fix race condition between e1000_down() and e1000_watchdog
e1000: avoid null pointer dereference on invalid stat type
* mm: do not bug_on on incorrect length in __mm_populate()
mm/gup.c
mm/mmap.c
* fuse: set FR_SENT while locked
fs/fuse/dev.c
* fuse: fix blocked_waitq wakeup
fs/fuse/dev.c
* fuse: Fix use-after-free in fuse_dev_do_write()
fs/fuse/dev.c
* fuse: Fix use-after-free in fuse_dev_do_read()
fs/fuse/dev.c
scsi: qla2xxx: shutdown chip if reset fail
scsi: qla2xxx: Fix incorrect port speed being set for FC adapters
cdrom: fix improper type cast, which can leat to information leak.
9p: clear dangling pointers in p9stat_free
9p locks: fix glock.client_id leak in do_lock
powerpc/selftests: Wait all threads to join
media: tvp5150: fix width alignment during set_selection()
sc16is7xx: Fix for multi-channel stall
MIPS/PCI: Call pcie_bus_configure_settings() to set MPS/MRRS
powerpc/boot: Ensure _zimage_start is a weak symbol
MIPS: kexec: Mark CPU offline before disabling local IRQ
media: pci: cx23885: handle adding to list failure
drm/omap: fix memory barrier bug in DMM driver
powerpc/nohash: fix undefined behaviour when testing page size support
ARM: imx_v6_v7_defconfig: Select CONFIG_TMPFS_POSIX_ACL
* tty: check name length in tty_find_polling_driver()
drivers/tty/tty_io.c
powerpc/eeh: Fix possible null deref in eeh_dump_dev_log()
Linux 4.9.137
MD: fix invalid stored role for a disk - try2
btrfs: set max_extent_size properly
Btrfs: fix null pointer dereference on compressed write path error
btrfs: qgroup: Dirty all qgroups before rescan
Btrfs: fix wrong dentries after fsync of file that got its parent replaced
btrfs: make sure we create all new block groups
btrfs: reset max_extent_size on clear in a bitmap
btrfs: wait on caching when putting the bg cache
btrfs: don't attempt to trim devices that don't support it
btrfs: iterate all devices during trim, instead of fs_devices::alloc_list
btrfs: fix error handling in free_log_tree
btrfs: locking: Add extra check in btrfs_init_new_buffer() to avoid deadlock
btrfs: Handle owner mismatch gracefully when walking up tree
soc/tegra: pmc: Fix child-node lookup
arm64: dts: stratix10: Correct System Manager register size
Cramfs: fix abad comparison when wrap-arounds occur
rpmsg: smd: fix memory leak on channel create
* arm64: lse: remove -fcall-used-x0 flag
arch/arm64/lib/Makefile
media: em28xx: make v4l2-compliance happier by starting sequence on zero
media: em28xx: fix input name for Terratec AV 350
media: tvp5150: avoid going past array on v4l2_querymenu()
media: em28xx: use a default format if TRY_FMT fails
xen: fix xen_qlock_wait()
kgdboc: Passing ekgdboc to command line causes panic
media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD
TC: Set DMA masks for devices
MIPS: OCTEON: fix out of bounds array access on CN68XX
powerpc/msi: Fix compile error on mpc83xx
* dm ioctl: harden copy_params()'s copy_from_user() from malicious users
drivers/md/dm-ioctl.c
lockd: fix access beyond unterminated strings in prints
nfsd: Fix an Oops in free_session()
NFSv4.1: Fix the r/wsize checking
* genirq: Fix race on spurious interrupt detection
kernel/irq/manage.c
* printk: Fix panic caused by passing log_buf_len to command line
kernel/printk/printk.c
smb3: on kerberos mount if server doesn't specify auth type use krb5
smb3: do not attempt cifs operation in smb3 query info error path
smb3: allow stats which track session and share reconnects to be reset
w1: omap-hdq: fix missing bus unregister at removal
iio: adc: at91: fix wrong channel number in triggered buffer mode
iio: adc: at91: fix acking DRDY irq on simple conversions
iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs()
iio: ad5064: Fix regulator handling
* kbuild: fix kernel/bounds.c 'W=1' warning
kernel/bounds.c
hugetlbfs: dirty pages as they are added to pagecache
ima: fix showing large 'violations' or 'runtime_measurements_count'
crypto: tcrypt - fix ghash-generic speed test
crypto: lrw - Fix out-of bounds access on counter overflow
signal/GenWQE: Fix sending of SIGKILL
* PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk
drivers/pci/quirks.c
EDAC, skx_edac: Fix logical channel intermediate decoding
EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting
HID: hiddev: fix potential Spectre v1
* ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR
fs/ext4/ioctl.c
* ext4: initialize retries variable in ext4_da_write_inline_data_begin()
fs/ext4/inline.c
gfs2_meta: ->mount() can get NULL dev_name
* jbd2: fix use after free in jbd2_log_do_checkpoint()
fs/jbd2/checkpoint.c
ASoC: intel: skylake: Add missing break in skl_tplg_get_token()
libnvdimm: Hold reference on parent while scheduling async init
* net/ipv4: defensive cipso option parsing
net/ipv4/cipso_ipv4.c
iwlwifi: mvm: check return value of rs_rate_from_ucode_rate()
usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten
libertas: don't set URB_ZERO_PACKET on IN USB transfer
xen: make xen_qlock_wait() nestable
xen: fix race in xen_qlock_wait()
xen/blkfront: avoid NULL blkfront_info dereference on device removal
tpm: Restore functionality to xen vtpm driver.
xen-swiotlb: use actually allocated size on check physical continuous
ARM: dts: exynos: Mark 1 GHz CPU OPP as suspend OPP on Exynos5250
ARM: dts: exynos: Convert exynos5250.dtsi to opp-v2 bindings
arm: dts: exynos: Add missing cooling device properties for CPUs
ARM: dts: exynos: Remove "cooling-{min|max}-level" for CPU nodes
ALSA: hda: Check the non-cached stream buffers more explicitly
dmaengine: dma-jz4780: Return error if not probed from DT
* signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init
kernel/signal.c
scsi: lpfc: Correct soft lockup when running mds diagnostics
* uio: ensure class is registered before devices
drivers/uio/uio.c
driver/dma/ioat: Call del_timer_sync() without holding prep_lock
usb: chipidea: Prevent unbalanced IRQ disable
crypto: caam - fix implicit casts in endianness helpers
coresight: etb10: Fix handling of perf mode
* PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice
drivers/pci/msi.c
MD: fix invalid stored role for a disk
* ext4: fix argument checking in EXT4_IOC_MOVE_EXT
fs/ext4/move_extent.c
usb: gadget: udc: atmel: handle at91sam9rl PMC
VMCI: Resource wildcard match fixed
tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated
IB/ipoib: Clear IPCB before icmp_send
RDMA/core: Do not expose unsupported counters
scsi: megaraid_sas: fix a missing-check bug
scsi: esp_scsi: Track residual for PIO transfers
cgroup, netclassid: add a preemption point to write_classid
ath10k: schedule hardware restart if WMI command times out
ixgbevf: VF2VF TCP RSS
pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant
* pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant
drivers/pinctrl/qcom/pinctrl-spmi-mpp.c
* pinctrl: qcom: spmi-mpp: Fix drive strength setting
drivers/pinctrl/qcom/pinctrl-spmi-mpp.c
ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers
* kprobes: Return error if we fail to reuse kprobe instead of BUG_ON()
kernel/kprobes.c
brcmfmac: fix for proper support of 160MHz bandwidth
* pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux
drivers/pinctrl/qcom/pinctrl-spmi-mpp.c
x86: boot: Fix EFI stub alignment
Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth
cpufreq: dt: Try freeing static OPPs only if we have added them
x86/olpc: Indicate that legacy PC XO-1 platform should not register RTC
iwlwifi: pcie: avoid empty free RB queue
mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01
perf strbuf: Match va_{add,copy} with va_end
perf tools: Cleanup trace-event-info 'tdata' leak
perf tools: Free temporary 'sys' string in read_event_files()
hwmon: (pwm-fan) Set fan speed to 0 on suspend
s390/sthyi: Fix machine name validity indication
* tun: Consistently configure generic netdev params via rtnetlink
drivers/net/tun.c
swim: fix cleanup on setup error
ataflop: fix error handling during setup
* locking/lockdep: Fix debug_locks off performance problem
lib/debug_locks.c
i2c: rcar: cleanup DMA for all kinds of failure
selftests: ftrace: Add synthetic event syntax testcase
net: qla3xxx: Remove overflowing shift statement
x86/fpu: Remove second definition of fpu in __fpu__restore_sig()
perf cpu_map: Align cpu map synthesized events properly.
* sched/fair: Fix the min_vruntime update logic in dequeue_entity()
kernel/sched/fair.c
sparc64: Make proc_id signed.
sparc: Fix single-pcr perf event counter management.
* xfrm: policy: use hlist rcu variants on insert
net/xfrm/xfrm_policy.c
Revert "perf tools: Fix PMU term format max value calculation"
bpf: do not blindly change rlimit in reuseport net selftest
x86/speculation: Support Enhanced IBRS on future CPUs
x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided
* x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
kernel/cpu.c
ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops
ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905)
ALSA: hda - Fix headphone pin config for ASUS G751
ALSA: hda - Add quirk for ASUS G751 laptop
parisc: Fix map_pages() to not overwrite existing pte entries
parisc: Fix address in HPMC IVA
ipmi: Fix timer race with module unload
pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges
jffs2: free jffs2_sb_info through jffs2_kill_sb()
hwmon: (pmbus) Fix page count auto-detection.
bcache: fix miss key refill->end in writeback
Linux 4.9.136
* posix-timers: Sanitize overrun handling
include/linux/posix-timers.h
kernel/time/posix-cpu-timers.c
kernel/time/posix-timers.c
net: fs_enet: do not call phy_stop() in interrupts
x86/time: Correct the attribute on jiffies' definition
x86/percpu: Fix this_cpu_read()
* sched/fair: Fix throttle_list starvation with low CFS quota
kernel/sched/fair.c
kernel/sched/sched.h
Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM
* USB: fix the usbfs flag sanitization for control transfers
drivers/usb/core/devio.c
* usb: gadget: storage: Fix Spectre v1 vulnerability
drivers/usb/gadget/function/f_mass_storage.c
cdc-acm: correct counting of UART states in serial state notification
IB/ucm: Fix Spectre v1 vulnerability
RDMA/ucma: Fix Spectre v1 vulnerability
* drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl
drivers/gpu/drm/drm_edid.c
ptp: fix Spectre v1 vulnerability
cachefiles: fix the race between cachefiles_bury_object() and rmdir(2)
xfs: truncate transaction does not modify the inobt
gpio: mxs: Get rid of external API call
ahci: don't ignore result code of ahci_reset_controller()
* crypto: shash - Fix a sleep-in-atomic bug in shash_setkey_unaligned
crypto/shash.c
Revert "x86/mm: Expand static page table for fixmap space"
* ip6_tunnel: Fix encapsulation layout
net/ipv6/ip6_tunnel.c
* rtnetlink: Disallow FDB configuration for non-Ethernet device
net/core/rtnetlink.c
* net: fix pskb_trim_rcsum_slow() with odd trim offset
net/core/skbuff.c
* net: drop skb on failure in ip_check_defrag()
net/ipv4/ip_fragment.c
* bonding: fix length of actor system
drivers/net/bonding/bond_netlink.c
* ethtool: fix a privilege escalation bug
net/core/ethtool.c
vhost: Fix Spectre V1 vulnerability
sctp: fix race on sctp_id2asoc
r8169: fix NAPI handling under high load
* net: udp: fix handling of CHECKSUM_COMPLETE packets
net/core/datagram.c
net/ipv4/udp.c
net/ipv6/ip6_checksum.c
net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules
* net: socket: fix a missing-check bug
net/socket.c
net: sched: gred: pass the right attribute to gred_change_table_def()
* net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs
net/ipv6/addrconf.c
llc: set SOCK_RCU_FREE in llc_sap_add_socket()
* ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called
net/ipv6/ndisc.c
* ipv6: mcast: fix a use-after-free in inet6_mc_check
net/ipv6/mcast.c
* net: bridge: remove ipv6 zero address check in mcast queries
net/bridge/br_multicast.c
* bridge: do not add port to router list when receives query with source 0.0.0.0
net/bridge/br_multicast.c
perf tools: Disable parallelism for 'make clean'
* Revert "netfilter: ipv6: nf_defrag: drop skb dst before queueing"
net/ipv6/netfilter/nf_conntrack_reasm.c
mtd: spi-nor: Add support for is25wp series chips
* fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters()
fs/fat/fatent.c
net: ena: fix NULL dereference due to untimely napi initialization
rxrpc: Only take the rwind and mtu values from latest ACK
rxrpc: Don't check RXRPC_CALL_TX_LAST after calling rxrpc_rotate_tx_window()
ARM: dts: imx53-qsb: disable 1.2GHz OPP
perf tests: Fix indexing when invoking subtests
* xhci: Fix USB3 NULL pointer dereference at logical disconnect.
drivers/usb/host/xhci-hub.c
libertas: call into generic suspend code before turning off power
IB/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()'
x86/paravirt: Fix some warning messages
iio: buffer: fix the function signature to match implementation
nvmet: fix space padding in serial number
* bonding: ratelimit failed speed/duplex update warning
drivers/net/bonding/bond_main.c
enic: do not overwrite error code
xen-netfront: Fix mismatched rtnl_unlock
sparc64: Fix regression in pmdp_invalidate().
xen-netfront: Update features after registering netdev
test_bpf: Fix testing with CONFIG_BPF_JIT_ALWAYS_ON=y on other arches
ALSA: hda - Fix incorrect usage of IS_REACHABLE()
* futex: futex_wake_op, do not fail on invalid op
kernel/futex.c
cifs: Use ULL suffix for 64-bit constant
* perf/core: Fix locking for children siblings group read
kernel/events/core.c
macsec: fix memory leaks when skb_to_sgvec fails
* l2tp: remove configurable payload offset
net/l2tp/l2tp_core.c
net/l2tp/l2tp_core.h
net/l2tp/l2tp_netlink.c
iio: pressure: zpa2326: Remove always-true check which confuses gcc
* module: fix DEBUG_SET_MODULE_RONX typo
init/main.c
* drm/msm: Fix possible null dereference on failure of get_pages()
drivers/gpu/drm/msm/msm_gem.c
Btrfs: incremental send, fix invalid memory access
Revert "IB/ipoib: Update broadcast object if PKey value was changed in index 0"
i40e: avoid NVM acquire deadlock during NVM update
drm: bochs: Don't remove uninitialized fbdev framebuffer
scsi: qla2xxx: Avoid double completion of abort command
IB/mlx5: Avoid passing an invalid QP type to firmware
mm/frame_vector.c: release a semaphore in 'get_vaddr_frames()'
nbd: only set MSG_MORE when we have more to send
IB/rxe: put the pool on allocation failure
IB/ipoib: Fix lockdep issue found on ipoib_ib_dev_heavy_flush
* ipv6: fix cleanup ordering for ip6_mr failure
net/ipv6/af_inet6.c
ath10k: convert warning about non-existent OTP board id to debug message
ALSA: hda - No loopback on ALC299 codec
sctp: use right member as the param of list_for_each_entry
* net: cdc_ncm: GetNtbFormat endian fix
drivers/net/usb/cdc_ncm.c
ocfs2: fix deadlock caused by recursive locking in xattr
qed: Warn PTT usage by wrong hw-function
iio: adc: Revert "axp288: Drop bogus AXP288_ADC_TS_PIN_CTRL register modifications"
rds: ib: Fix missing call to rds_ib_dev_put in rds_ib_setup_qp
staging: wilc1000: Fix problem with wrong vif index
ptr_ring: fix up after recent ptr_ring changes
clk: samsung: Fix m2m scaler clock on Exynos542x
usb: dwc3: omap: remove IRQ_NOAUTOEN used with shared irq
usb: renesas_usbhs: gadget: fix unused-but-set-variable warning
usb: renesas_usbhs: gadget: fix spin_lock_init() for &uep->lock
net/mlx5: Fix health work queue spin lock to IRQ safe
perf probe: Fix probe definition for inlined functions
perf evsel: Fix probing of precise_ip level for default cycles event
net/mlx5: Fix driver load error flow when firmware is stuck
* ip6_tunnel: Correct tos value in collect_md mode
net/ipv6/ip6_tunnel.c
net/mlx5e: Fix fixpoint divide exception in mlx5e_am_stats_compare
ufs: we need to sync inode before freeing it
Btrfs: clear EXTENT_DEFRAG bits in finish_ordered_io
net: stmmac: ensure jumbo_frm error return is correctly checked for -ve value
* elevator: fix truncation of icq_cache_name
include/linux/elevator.h
gpu: ipu-v3: Fix CSI selection for VDIC
ARM: 8677/1: boot/compressed: fix decompressor header layout for v7-M
x86/cpu/cyrix: Add alternative Device ID of Geode GX1 SoC
qlcnic: Fix tunnel offload for 82xx adapters
net: ethernet: stmmac: Fix altr_tse_pcs SGMII Initialization
libata: fix error checking in in ata_parse_force_one()
mac80211: fix TX aggregation start/stop callback race
arch/sparc: increase CONFIG_NODES_SHIFT on SPARC64 to 5
ASoC: Intel: Skylake: Fix to parse consecutive string tkns in manifest
reset: hi6220: Set module license so that it can be loaded
ata: sata_rcar: Handle return value of clk_prepare_enable
btrfs: fiemap: Cache and merge fiemap extent before submit it to user
ARM: dts: bcm283x: Reserve first page for firmware
ath10k: fix NAPI enable/disable symmetry for AHB interface
bnxt_en: Don't use rtnl lock to protect link change logic in workqueue.
tipc: fix a race condition of releasing subscriber object
tipc: Fix tipc_sk_reinit handling of -EAGAIN
net/mlx5: Fix command completion after timeout access invalid structure
net: phy: marvell: Limit 88m1101 autoneg errata to 88E1145 as well.
nvme-pci: fix CMB sysfs file removal in reset path
rxe: Fix a sleep-in-atomic bug in post_one_send
orangefs: off by ones in xattr size checks
IB/core: Fix the validations of a multicast LID in attach or detach operations
IB/ipoib: Do not warn if IPoIB debugfs doesn't exist
platform/x86: acer-wmi: setup accelerometer when ACPI device was found
* ipv6: set rt6i_protocol properly in the route when it is installed
net/ipv6/route.c
efi/fb: Correct PCI_STD_RESOURCE_END usage
i2c: bcm2835: Avoid possible NULL ptr dereference
* PCI: Disable MSI for HiSilicon Hip06/Hip07 only in Root Port mode
drivers/pci/quirks.c
ACPI: sysfs: Make ACPI GPE mask kernel parameter cover all GPEs
igb: Remove superfluous reset to PHY and page 0 selection
* f2fs: fix multiple f2fs_add_link() having same name for inline dentry
fs/f2fs/dir.c
scsi: aacraid: Fix typo in blink status
MIPS: Handle non word sized instructions when examining frame
MIPS: microMIPS: Fix decoding of swsp16 instruction
mm/memory_hotplug.c: fix overflow in test_pages_in_a_zone()
perf symbols: Fix memory corruption because of zero length symbols
net: cxgb3_main: fix a missing-check bug
declance: Fix continuation with the adapter identification message
net: fec: fix rare tx timeout
perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX
* perf/ring_buffer: Prevent concurent ring buffer access
kernel/events/core.c
smsc95xx: Check for Wake-on-LAN modes
smsc75xx: Check for Wake-on-LAN modes
r8152: Check for supported Wake-on-LAN Modes
sr9800: Check for supported Wake-on-LAN modes
lan78xx: Check for supported Wake-on-LAN modes
* ax88179_178a: Check for supported Wake-on-LAN modes
drivers/net/usb/ax88179_178a.c
* asix: Check for supported Wake-on-LAN modes
drivers/net/usb/asix_common.c
qed: Avoid constant logical operation warning in qed_vf_pf_acquire
qed: Avoid implicit enum conversion in qed_roce_mode_to_flavor
pxa168fb: prepare the clock
* Bluetooth: SMP: fix crash in unpairing
net/bluetooth/mgmt.c
net/bluetooth/smp.c
net/bluetooth/smp.h
mac80211_hwsim: do not omit multicast announce of first added radio
* nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT
net/wireless/nl80211.c
soc: fsl: qe: Fix copy/paste bug in ucc_get_tdm_sync_shift()
soc: fsl: qbman: qman: avoid allocating from non existing gen_pool
net: macb: Clean 64b dma addresses if they are not detected
ARM: dts: BCM63xx: Fix incorrect interrupt specifiers
* xfrm: validate template mode
net/xfrm/xfrm_user.c
ARM: 8799/1: mm: fix pci_ioremap_io() offset check
mac80211: TDLS: fix skb queue/priority assignment
* cfg80211: Address some corner cases in scan result channel updating
net/wireless/scan.c
mac80211: fix pending queue hang due to TX_DROP
* cfg80211: reg: Init wiphy_idx in regulatory_hint_core()
net/wireless/reg.c
mac80211: Always report TX status
* xfrm6: call kfree_skb when skb is toobig
net/ipv6/xfrm6_output.c
* xfrm: Validate address prefix lengths in the xfrm selector.
net/xfrm/xfrm_user.c
Linux 4.9.135
HV: properly delay KVP packets when negotiation is in progress
* ext4: avoid running out of journal credits when appending to an inline file
fs/ext4/ext4.h
fs/ext4/inline.c
fs/ext4/xattr.c
* sched/cputime: Fix ksoftirqd cputime accounting regression
kernel/sched/cputime.c
kernel/sched/sched.h
* sched/cputime: Increment kcpustat directly on irqtime account
kernel/sched/cputime.c
kernel/sched/sched.h
macintosh/rack-meter: Convert cputime64_t use to u64
* sched/cputime: Convert kcpustat to nsecs
drivers/cpufreq/cpufreq.c
drivers/cpufreq/cpufreq_governor.c
drivers/cpufreq/cpufreq_stats.c
fs/proc/stat.c
fs/proc/uptime.c
kernel/sched/cpuacct.c
kernel/sched/cputime.c
usb: gadget: serial: fix oops when data rx'd after close
* HID: quirks: fix support for Apple Magic Keyboards
drivers/hid/hid-core.c
ARC: build: Don't set CROSS_COMPILE in arch's Makefile
ARC: build: Get rid of toolchain check
* netfilter: check for seqadj ext existence before adding it in nf_nat_setup_info
net/netfilter/nf_nat_core.c
mm: Preserve _PAGE_DEVMAP across mprotect() calls
* mremap: properly flush TLB before releasing the page
include/linux/huge_mm.h
mm/mremap.c
iommu/amd: Return devid as alias for ACPI HID devices
powerpc/tm: Avoid possible userspace r1 corruption on reclaim
powerpc/tm: Fix userspace r13 corruption
net/mlx4: Use cpumask_available for eq->affinity_mask
* scsi: sd: don't crash the host on invalid commands
drivers/scsi/sd.c
drm: mali-dp: Call drm_crtc_vblank_reset on device init
ravb: do not write 1 to reserved bits
Input: atakbd - fix Atari CapsLock behaviour
Input: atakbd - fix Atari keymap
scsi: ibmvscsis: Ensure partition name is properly NUL terminated
scsi: ibmvscsis: Fix a stringop-overflow warning
clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs
batman-adv: fix hardif_neigh refcount on queue_work() failure
batman-adv: fix backbone_gw refcount on queue_work() failure
batman-adv: Prevent duplicated tvlv handler
batman-adv: Prevent duplicated global TT entry
batman-adv: Prevent duplicated softif_vlan entry
batman-adv: Prevent duplicated nc_node entry
batman-adv: Fix segfault when writing to sysfs elp_interval
batman-adv: Fix segfault when writing to throughput_override
media: af9035: prevent buffer overflow on write
Linux 4.9.134
* ipv4: frags: precedence bug in ip_expire()
net/ipv4/ip_fragment.c
* ip: frags: fix crash in ip_do_fragment()
net/ipv4/ip_fragment.c
net/ipv6/netfilter/nf_conntrack_reasm.c
* ip: process in-order fragments efficiently
net/ipv4/inet_fragment.c
net/ipv4/ip_fragment.c
* ip: add helpers to process in-order fragments faster.
include/net/inet_frag.h
net/ipv4/ip_fragment.c
* ip: use rb trees for IP frag queue.
include/linux/skbuff.h
include/net/inet_frag.h
net/ipv4/inet_fragment.c
net/ipv4/ip_fragment.c
net/ipv6/netfilter/nf_conntrack_reasm.c
net/ipv6/reassembly.c
* net: add rb_to_skb() and other rb tree helpers
include/linux/skbuff.h
net/ipv4/tcp_input.c
* net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends
include/linux/skbuff.h
net/core/skbuff.c
* ipv6: defrag: drop non-last frags smaller than min mtu
net/ipv6/netfilter/nf_conntrack_reasm.c
net/ipv6/reassembly.c
* net: modify skb_rbtree_purge to return the truesize of all purged skbs.
include/linux/skbuff.h
net/core/skbuff.c
* net: speed up skb_rbtree_purge()
net/core/skbuff.c
* ip: discard IPv4 datagrams with overlapping segments.
include/uapi/linux/snmp.h
net/ipv4/ip_fragment.c
net/ipv4/proc.c
* inet: frags: fix ip6frag_low_thresh boundary
net/ipv4/ip_fragment.c
net/ipv6/netfilter/nf_conntrack_reasm.c
net/ipv6/reassembly.c
* inet: frags: get rid of ipfrag_skb_cb/FRAG_CB
include/linux/skbuff.h
* inet: frags: reorganize struct netns_frags
include/net/inet_frag.h
* rhashtable: reorganize struct rhashtable layout
include/linux/rhashtable.h
* ipv6: frags: rewrite ip6_expire_frag_queue()
net/ipv6/reassembly.c
* inet: frags: do not clone skb in ip_expire()
net/ipv4/ip_fragment.c
* inet: frags: break the 2GB limit for frags storage
include/net/inet_frag.h
net/ipv4/ip_fragment.c
net/ipv4/proc.c
net/ipv6/netfilter/nf_conntrack_reasm.c
net/ipv6/proc.c
net/ipv6/reassembly.c
* inet: frags: remove inet_frag_maybe_warn_overflow()
include/net/inet_frag.h
net/ipv4/inet_fragment.c
net/ipv4/ip_fragment.c
net/ipv6/netfilter/nf_conntrack_reasm.c
net/ipv6/reassembly.c
* inet: frags: get rif of inet_frag_evicting()
include/net/inet_frag.h
net/ipv4/ip_fragment.c
net/ipv6/reassembly.c
* inet: frags: remove some helpers
include/net/inet_frag.h
include/net/ip.h
include/net/ipv6.h
net/ipv4/ip_fragment.c
net/ipv4/proc.c
net/ipv6/proc.c
* inet: frags: use rhashtables for reassembly units
include/net/inet_frag.h
include/net/ipv6.h
net/ipv4/inet_fragment.c
net/ipv4/ip_fragment.c
net/ipv6/netfilter/nf_conntrack_reasm.c
net/ipv6/reassembly.c
* rhashtable: add schedule points
lib/rhashtable.c
* ipv6: export ip6 fragments sysctl to unprivileged users
net/ipv6/reassembly.c
inet: frags: refactor lowpan_net_frag_init()
* inet: frags: refactor ipv6_frag_init()
net/ipv6/reassembly.c
* inet: frags: refactor ipfrag_init()
net/ipv4/ip_fragment.c
* inet: frags: add a pointer to struct netns_frags
include/net/inet_frag.h
include/net/ipv6.h
net/ipv4/inet_fragment.c
net/ipv4/ip_fragment.c
net/ipv6/netfilter/nf_conntrack_reasm.c
net/ipv6/reassembly.c
* inet: frags: change inet_frags_init_net() return value
include/net/inet_frag.h
net/ipv4/ip_fragment.c
net/ipv6/netfilter/nf_conntrack_reasm.c
net/ipv6/reassembly.c
* inet: make sure to grab rcu_read_lock before using ireq->ireq_opt
include/net/inet_sock.h
net/ipv4/inet_connection_sock.c
net/ipv4/tcp_ipv4.c
* tcp/dccp: fix lockdep issue when SYN is backlogged
include/net/inet_sock.h
net/ipv4/tcp_input.c
* rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096
net/core/rtnetlink.c
net: systemport: Fix wake-up interrupt race during resume
net: mvpp2: Extract the correct ethtype from the skb for tx csum offload
net: dsa: bcm_sf2: Fix unbind ordering
team: Forbid enslaving team device to itself
qmi_wwan: Added support for Gemalto's Cinterion ALASxx WWAN interface
qlcnic: fix Tx descriptor corruption on 82xx devices
net/usb: cancel pending work when unbinding smsc75xx
* netlabel: check for IPV4MASK in addrinfo_get
net/netlabel/netlabel_unlabeled.c
* net/ipv6: Display all addresses in output of /proc/net/if_inet6
net/ipv6/addrconf.c
* net: ipv4: update fnhe_pmtu when first hop's MTU changes
include/linux/netdevice.h
include/net/ip_fib.h
net/core/dev.c
net/ipv4/fib_frontend.c
net/ipv4/fib_semantics.c
net: hns: fix for unmapping problem when SMMU is on
net: dsa: bcm_sf2: Call setup during switch resume
* ipv6: take rcu lock in rawv6_send_hdrinc()
net/ipv6/raw.c
* ipv4: fix use-after-free in ip_cmsg_recv_dstaddr()
net/ipv4/ip_sockglue.c
* ip_tunnel: be careful when accessing the inner header
net/ipv4/ip_tunnel.c
* ip6_tunnel: be careful when accessing the inner header
net/ipv6/ip6_tunnel.c
* bonding: avoid possible dead-lock
drivers/net/bonding/bond_main.c
include/net/bonding.h
bnxt_en: Fix TX timeout during netpoll.
* xhci: Don't print a warning when setting link state for disabled ports
drivers/usb/host/xhci-hub.c
i2c: i2c-scmi: fix for i2c_smbus_write_block_data
perf script python: Fix export-to-postgresql.py occasional failure
mach64: detect the dot clock divider correctly on sparc
* mm/vmstat.c: fix outdated vmstat_text
mm/vmstat.c
* ext4: Fix error code in ext4_xattr_set_entry()
fs/ext4/xattr.c
drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7
x86/kvm/lapic: always disable MMIO interface in x2APIC mode
ARM: dts: at91: add new compatibility string for macb on sama5d3
net: macb: disable scatter-gather for macb on sama5d3
stmmac: fix valid numbers of unicast filter entries
sound: enable interrupt after dma buffer initialization
scsi: qla2xxx: Fix an endian bug in fcpcmd_is_corrupted()
scsi: iscsi: target: Don't use stack buffer for scatterlist
mfd: omap-usb-host: Fix dts probe of children
selftests: memory-hotplug: add required configs
selftests/efivarfs: add required kernel configs
ASoC: sigmadsp: safeload should not have lower byte limit
ASoC: wm8804: Add ACPI support
Linux 4.9.133
x86/fpu: Finish excising 'eagerfpu'
Revert "perf: sync up x86/.../cpufeatures.h"
x86/fpu: Remove struct fpu::counter
x86/fpu: Remove use_eager_fpu()
* ebtables: arpreply: Add the standard target sanity check
include/linux/netfilter_bridge/ebtables.h
ath10k: fix scan crash due to incorrect length calculation
ubifs: Check for name being NULL while mounting
ucma: fix a use-after-free in ucma_resolve_ip()
* f2fs: fix invalid memory access
fs/f2fs/checkpoint.c
x86/mm: Expand static page table for fixmap space
ARC: clone syscall to setp r25 as thread pointer
powerpc/fadump: Return error when fadump registration fails
ath10k: fix kernel panic issue during pci probe
ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait
* cgroup: Fix deadlock in cpu hotplug path
kernel/cgroup.c
* ext4: always verify the magic number in xattr blocks
fs/ext4/xattr.c
* ext4: add corruption check in ext4_xattr_set_entry()
fs/ext4/xattr.c
of: unittest: Disable interrupt node tests for old world MAC systems
* tty: Drop tty->count on tty_reopen() failure
drivers/tty/tty_io.c
USB: serial: simple: add Motorola Tetra MTP6550 id
usb: xhci-mtk: resume USB3 roothub first
* xhci: Add missing CAS workaround for Intel Sunrise Point xHCI
drivers/usb/host/xhci-pci.c
dm cache: fix resize crash if user doesn't reload cache table
dm cache metadata: ignore hints array being too small during resize
* PM / core: Clear the direct_complete flag on errors
drivers/base/power/main.c
mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys
* PCI: Reprogram bridge prefetch registers on resume
drivers/pci/pci.c
x86/vdso: Fix vDSO syscall fallback asm constraint regression
x86/vdso: Fix asm constraints on vDSO syscall fallbacks
xen-netback: fix input validation in xenvif_set_hash_mapping()
fbdev/omapfb: fix omapfb_memory_read infoleak
* mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly
mm/vmstat.c
Linux 4.9.132
dm thin metadata: fix __udivdi3 undefined on 32-bit
ocfs2: fix locking for res->tracking and dlm->tracking_list
* proc: restrict kernel stack dumps to root
fs/proc/base.c
* gpiolib: Free the last requested descriptor
drivers/gpio/gpiolib.c
crypto: mxs-dcp - Fix wait logic on chan threads
crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe()
ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760
smb2: fix missing files in root share directory listing
* sysfs: Do not return POSIX ACL xattrs via listxattr
fs/xattr.c
xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage
xen: avoid crash in disable_hotplug_cpu
xen/manage: don't complain about an empty value in control/sysrq node
cifs: read overflow in is_valid_oplock_break()
s390/qeth: don't dump past end of unknown HW header
s390/qeth: use vzalloc for QUERY OAT buffer
r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED
arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto"
hexagon: modify ffs() and fls() to return int
arch/hexagon: fix kernel/dma.c build warning
dm thin metadata: try to avoid ever aborting transactions
perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs
net: ena: fix driver when PAGE_SIZE == 64kB
fs/cifs: suppress a string overflow warning
dm raid: fix rebuild of specific devices by updating superblock
drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS
net/mlx5: Consider PCI domain in search for next dev
nvmet-rdma: fix possible bogus dereference under heavy load
USB: yurex: Check for truncation in yurex_read()
RDMA/ucma: check fd type in ucma_migrate_id()
perf probe powerpc: Ignore SyS symbols irrespective of endianness
perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx()
* HID: hid-saitek: Add device ID for RAT 7 Contagion
drivers/hid/hid-ids.h
usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i]
* HID: add support for Apple Magic Keyboards
drivers/hid/hid-apple.c
drivers/hid/hid-ids.h
* mm: madvise(MADV_DODUMP): allow hugetlbfs pages
mm/madvise.c
tools/vm/page-types.c: fix "defined but not used" warning
tools/vm/slabinfo.c: fix sign-compare warning
mac80211: shorten the IBSS debug messages
mac80211: don't Tx a deauth frame if the AP forbade Tx
mac80211: Fix station bandwidth setting after channel switch
mac80211: fix a race between restart and CSA flows
* cfg80211: fix a type issue in ieee80211_chandef_to_operating_class()
net/wireless/util.c
fs/cifs: don't translate SFM_SLASH (U+F026) to backslash
net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx()
i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP
i2c: uniphier: issue STOP only for last message or I2C_M_STOP
RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0
ARC: atomics: unbork atomic_fetch_##op()
* gpio: Fix crash due to registration race
drivers/gpio/gpiolib-of.c
* cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE
net/wireless/nl80211.c
net: hns: add netif_carrier_off before change speed and duplex
mac80211: mesh: fix HWMP sequence numbering to follow standard
gpio: adp5588: Fix sleep-in-atomic-context bug
mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X
mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X
KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function
mac80211: Run TXQ teardown code before de-registering interfaces
* time: Introduce jiffies64_to_nsecs()
include/linux/jiffies.h
kernel/time/time.c
kernel/time/timeconst.bc
serial: mvebu-uart: Fix reporting of effective CSIZE to userspace
Linux 4.9.131
* media: v4l: event: Prevent freeing event subscriptions while accessed
drivers/media/v4l2-core/v4l2-event.c
drivers/media/v4l2-core/v4l2-fh.c
include/media/v4l2-fh.h
arm64: KVM: Sanitize PSTATE.M when being set from userspace
i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus
* arm/arm64: smccc-1.1: Handle function result as parameters
include/linux/arm-smccc.h
* arm/arm64: smccc-1.1: Make return values unsigned long
include/linux/arm-smccc.h
drm/amdgpu: Update power state at the end of smu hw_init.
drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode
hwmon: (adt7475) Make adt7475_read_word() return errors
hwmon: (ina2xx) fix sysfs shunt resistor read access
e1000: ensure to free old tx/rx rings in set_ringparam()
e1000: check on netif_running() before calling e1000_up()
net: hns: fix skb->truesize underestimation
net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES
* thermal: of-thermal: disable passive polling when thermal zone is disabled
drivers/thermal/of-thermal.c
qed: Wait for MCP halt and resume commands to take place
qed: Wait for ready indication before rereading the shmem
* ext4: never move the system.data xattr out of the inode body
fs/ext4/xattr.c
arm64: KVM: Tighten guest core register access from userspace
IB/hfi1: Fix SL array bounds check
serial: imx: restore handshaking irq for imx1
scsi: target: iscsi: Use bin2hex instead of a re-implementation
IB/hfi1: Fix context recovery when PBC has an UnsupportedVL
IB/hfi1: Invalid user input can result in crash
IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop
Input: elantech - enable middle button of touchpad on ThinkPad P72
* USB: remove LPM management from usb_driver_claim_interface()
drivers/usb/core/driver.c
Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()"
* USB: usbdevfs: restore warning for nonsensical flags
drivers/usb/core/devio.c
* USB: usbdevfs: sanitize flags more
drivers/usb/core/devio.c
media: uvcvideo: Support realtek's UVC 1.5 device
* slub: make ->cpu_partial unsigned int
include/linux/slub_def.h
mm/slub.c
* USB: handle NULL config in usb_find_alt_setting()
drivers/usb/core/usb.c
* USB: fix error handling in usb_driver_claim_interface()
drivers/usb/core/driver.c
* regulator: fix crash caused by null driver data
drivers/regulator/core.c
spi: rspi: Fix interrupted DMA transfers
spi: rspi: Fix invalid SPI use during system suspend
spi: sh-msiof: Fix handling of write value for SISTR register
spi: sh-msiof: Fix invalid SPI use during system suspend
spi: tegra20-slink: explicitly enable/disable clock
serial: cpm_uart: return immediately from console poll
tty: serial: lpuart: avoid leaking struct tty_struct
floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl
ARM: dts: dra7: fix DCAN node addresses
* EDAC: Fix memleak in module init error path
drivers/edac/edac_mc_sysfs.c
nfsd: fix corrupted reply to badly ordered compound
gpio: Fix wrong rounding in gpio-menz127
* module: exclude SHN_UNDEF symbols from kallsyms api
kernel/module.c
* ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs
sound/soc/soc-dapm.c
EDAC, i7core: Fix memleaks and use-after-free on probe and remove
scsi: megaraid_sas: Update controller info during resume
scsi: bnx2i: add error handling for ioremap_nocache
perf/x86/intel/lbr: Fix incomplete LBR call stack
HID: hid-ntrig: add error handling for sysfs_create_group
ARM: mvebu: declare asm symbols as character arrays in pmsu.c
wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout()
rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication()
drm/sun4i: Fix releasing node when enumerating enpoints
net: phy: xgmiitorgmii: Check phy_driver ready before accessing
ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock
net: phy: xgmiitorgmii: Check read_status results
ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge
media: tm6000: add error handling for dvb_register_adapter
drivers/tty: add error handling for pcmcia_loop_config
* staging: android: ashmem: Fix mmap size validation
drivers/staging/android/ashmem.c
media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data
media: soc_camera: ov772x: correct setting of banding filter
media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power
ALSA: snd-aoa: add of_node_put() in error path
s390/extmem: fix gcc 8 stringop-overflow warning
* alarmtimer: Prevent overflow for relative nanosleep
kernel/time/alarmtimer.c
powerpc/powernv/ioda2: Reduce upper limit for DMA window size
usb: wusbcore: security: cast sizeof to int for comparison
scsi: ibmvscsi: Improve strings handling
* scsi: klist: Make it safe to use klists in atomic context
lib/klist.c
scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size
x86/entry/64: Add two more instruction suffixes
ARM: hwmod: RTC: Don't assume lock/unlock will be called with irq enabled
x86/tsc: Add missing header to tsc_msr.c
media: fsl-viu: fix error handling in viu_of_probe()
powerpc/kdump: Handle crashkernel memory reservation failure
media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt()
IB/core: type promotion bug in rdma_rw_init_one_mr()
md-cluster: clear another node's suspend_area after the copy is finished
* power: remove possible deadlock when unregistering power_supply
drivers/power/supply/power_supply_core.c
include/linux/power_supply.h
s390/mm: correct allocate_pgste proc_handler callback
6lowpan: iphc: reset mac_header after decompress to fix panic
USB: serial: kobil_sct: fix modem-status error handling
Bluetooth: Add a new Realtek 8723DE ID 0bda:b009
iommu/amd: make sure TLB to be flushed before IOVA freed
power: vexpress: fix corruption in notifier registration
uwb: hwa-rc: fix memory leak at probe
staging: rts5208: fix missing error check on call to rtsx_write_register
x86/numa_emulation: Fix emulated-to-physical node mapping
vmci: type promotion bug in qp_host_get_user_memory()
tsl2550: fix lux1_input error in low light
* crypto: skcipher - Fix -Wstringop-truncation warnings
crypto/ablkcipher.c
crypto/blkcipher.c
Change-Id: I20f8975728186d16d30d0be15426ff5a732935d1
Signed-off-by: Petri Gynther <pgynther@google.com>
|
||
|
Peter Oskolkov
|
10043954ea |
ip: use rb trees for IP frag queue.
(commit fa0f527358bd900ef92f925878ed6bfbd51305cc upstream)
Similar to TCP OOO RX queue, it makes sense to use rb trees to store
IP fragments, so that OOO fragments are inserted faster.
Tested:
- a follow-up patch contains a rather comprehensive ip defrag
self-test (functional)
- ran neper `udp_stream -c -H <host> -F 100 -l 300 -T 20`:
netstat --statistics
Ip:
282078937 total packets received
0 forwarded
0 incoming packets discarded
946760 incoming packets delivered
18743456 requests sent out
101 fragments dropped after timeout
282077129 reassemblies required
944952 packets reassembled ok
262734239 packet reassembles failed
(The numbers/stats above are somewhat better re:
reassemblies vs a kernel without this patchset. More
comprehensive performance testing TBD).
Reported-by: Jann Horn <jannh@google.com>
Reported-by: Juha-Matti Tilli <juha-matti.tilli@iki.fi>
Suggested-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Peter Oskolkov <posk@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Eric Dumazet
|
b475cf3bf1 |
net: add rb_to_skb() and other rb tree helpers
Geeralize private netem_rb_to_skb() TCP rtx queue will soon be converted to rb-tree, so we will need skb_rbtree_walk() helpers. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit 18a4c0eab2623cc95be98a1e6af1ad18e7695977) Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Eric Dumazet
|
791521e2e3 |
net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends
After working on IP defragmentation lately, I found that some large packets defeat CHECKSUM_COMPLETE optimization because of NIC adding zero paddings on the last (small) fragment. While removing the padding with pskb_trim_rcsum(), we set skb->ip_summed to CHECKSUM_NONE, forcing a full csum validation, even if all prior fragments had CHECKSUM_COMPLETE set. We can instead compute the checksum of the part we are trimming, usually smaller than the part we keep. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit 88078d98d1bb085d72af8437707279e203524fa5) Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Peter Oskolkov
|
871695951e |
net: modify skb_rbtree_purge to return the truesize of all purged skbs.
Tested: see the next patch is the series. Suggested-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Peter Oskolkov <posk@google.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Florian Westphal <fw@strlen.de> Signed-off-by: David S. Miller <davem@davemloft.net> (cherry picked from commit 385114dec8a49b5e5945e77ba7de6356106713f4) Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Eric Dumazet
|
316986fe4d |
inet: frags: get rid of ipfrag_skb_cb/FRAG_CB
ip_defrag uses skb->cb[] to store the fragment offset, and unfortunately
this integer is currently in a different cache line than skb->next,
meaning that we use two cache lines per skb when finding the insertion point.
By aliasing skb->ip_defrag_offset and skb->dev, we pack all the fields
in a single cache line and save precious memory bandwidth.
Note that after the fast path added by Changli Gao in commit
|
||
|
Petri Gynther
|
d22594b555 |
Merge 4.9.116 into android-msm-bluecross-4.9-lts
Linux 4.9.116
* exec: avoid gcc-8 warning for get_task_comm
fs/exec.c
include/linux/sched.h
* turn off -Wattribute-alias
Makefile
can: xilinx_can: fix RX overflow interrupt not being enabled
can: xilinx_can: fix incorrect clear of non-processed interrupts
can: xilinx_can: keep only 1-2 frames in TX FIFO to fix TX accounting
can: xilinx_can: fix device dropping off bus on RX overrun
can: xilinx_can: fix recovery from error states not being propagated
can: xilinx_can: fix power management handling
can: xilinx_can: fix RX loop if RXNEMP is asserted without RXOK
* driver core: Partially revert "driver core: correct device's shutdown order"
drivers/base/dd.c
* usb: gadget: f_fs: Only return delayed status when len is 0
drivers/usb/gadget/function/f_fs.c
* usb: core: handle hub C_PORT_OVER_CURRENT condition
drivers/usb/core/hub.c
usb: cdc_acm: Add quirk for Castles VEGA3000
* tcp: call tcp_drop() from tcp_data_queue_ofo()
net/ipv4/tcp_input.c
* tcp: detect malicious patterns in tcp_collapse_ofo_queue()
net/ipv4/tcp_input.c
* tcp: avoid collapses in tcp_prune_queue() if possible
net/ipv4/tcp_input.c
* tcp: free batches of packets in tcp_prune_ofo_queue()
include/linux/skbuff.h
net/ipv4/tcp_input.c
* tcp: do not delay ACK in DCTCP upon CE status change
include/net/tcp.h
net/ipv4/tcp_input.c
* tcp: do not cancel delay-AcK on DCTCP special ACK
include/net/tcp.h
net/ipv4/tcp_output.c
* tcp: helpers to send special DCTCP ack
net/ipv4/tcp_output.c
tcp: fix dctcp delayed ACK schedule
* rtnetlink: add rtnl_link_state check in rtnl_configure_link
net/core/rtnetlink.c
* net: phy: consider PHY_IGNORE_INTERRUPT in phy_start_aneg_priv
drivers/net/phy/phy.c
* multicast: do not restore deleted record source filter mode to new one
net/ipv4/igmp.c
net/ipv6/mcast.c
net/mlx5e: Fix quota counting in aRFS expire flow
net/mlx5e: Don't allow aRFS for encapsulated packets
net/mlx5: Adjust clock overflow work period
* net: skb_segment() should not return NULL
net/core/skbuff.c
net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper
* ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull
net/ipv4/ip_sockglue.c
net/ipv6/datagram.c
* ip: hash fragments consistently
net/ipv4/ip_output.c
net/ipv6/ip6_output.c
MIPS: Fix off-by-one in pci_resource_to_user()
MIPS: ath79: fix register address in ath79_ddr_wb_flush()
Change-Id: Iff3c05d299a946f5925e4377010faee1dcefc999
Signed-off-by: Petri Gynther <pgynther@google.com>
|
||
|
Petri Gynther
|
d53b0ad699 |
Merge 4.9.115 into android-msm-bluecross-4.9-lts
Linux 4.9.115
* block: do not use interruptible wait anywhere
block/blk-core.c
xprtrdma: Return -ENOBUFS when no pages are available
* xhci: Fix perceived dead host due to runtime suspend race with event handler
drivers/usb/host/xhci.c
drivers/usb/host/xhci.h
* skbuff: Unconditionally copy pfmemalloc in __skb_clone()
net/core/skbuff.c
* net: Don't copy pfmemalloc flag in __copy_skb_header()
include/linux/skbuff.h
net/core/skbuff.c
* net: usb: asix: replace mii_nway_restart in resume path
drivers/net/usb/asix_devices.c
tg3: Add higher cpu clock for 5762.
qmi_wwan: add support for Quectel EG91
ptp: fix missing break in switch
* net: phy: fix flag masking in __set_phy_supported
drivers/net/phy/phy_device.c
* net/ipv4: Set oif in fib_compute_spec_dst
net/ipv4/fib_frontend.c
* net: diag: Don't double-free TCP_NEW_SYN_RECV sockets in tcp_abort
net/ipv4/tcp.c
* lib/rhashtable: consider param->min_size when setting initial table size
lib/rhashtable.c
* ipv6: fix useless rol32 call on hash
include/net/ipv6.h
* ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns
net/ipv4/sysctl_net_ipv4.c
* gen_stats: Fix netlink stats dumping in the presence of padding
net/core/gen_stats.c
drm/i915: Fix hotplug irq ack on i965/g4x
vfio/pci: Fix potential Spectre v1
mm/huge_memory.c: fix data loss when splitting a file pmd
* mm: memcg: fix use after free in mem_cgroup_iter()
mm/memcontrol.c
ARC: configs: Remove CONFIG_INITRAMFS_SOURCE from defconfigs
ARC: mm: allow mprotect to make stack mappings executable
ARC: Fix CONFIG_SWAP
* ALSA: rawmidi: Change resized buffers atomically
sound/core/rawmidi.c
* fat: fix memory allocation failure handling of match_strdup()
fs/fat/inode.c
x86/MCE: Remove min interval polling limitation
x86/apm: Don't access __preempt_count with zeroed fs
KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel.
Change-Id: I8f2988f038ab5c313a62d019dc4ace4a23bba3d1
Signed-off-by: Petri Gynther <pgynther@google.com>
|
||
|
Eric Dumazet
|
2d08921c8d |
tcp: free batches of packets in tcp_prune_ofo_queue()
[ Upstream commit 72cd43ba64fc172a443410ce01645895850844c8 ]
Juha-Matti Tilli reported that malicious peers could inject tiny
packets in out_of_order_queue, forcing very expensive calls
to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for
every incoming packet. out_of_order_queue rb-tree can contain
thousands of nodes, iterating over all of them is not nice.
Before linux-4.9, we would have pruned all packets in ofo_queue
in one go, every XXXX packets. XXXX depends on sk_rcvbuf and skbs
truesize, but is about 7000 packets with tcp_rmem[2] default of 6 MB.
Since we plan to increase tcp_rmem[2] in the future to cope with
modern BDP, can not revert to the old behavior, without great pain.
Strategy taken in this patch is to purge ~12.5 % of the queue capacity.
Fixes:
|
||
|
Stefano Brivio
|
cad99229aa |
net: Don't copy pfmemalloc flag in __copy_skb_header()
[ Upstream commit 8b7008620b8452728cadead460a36f64ed78c460 ] The pfmemalloc flag indicates that the skb was allocated from the PFMEMALLOC reserves, and the flag is currently copied on skb copy and clone. However, an skb copied from an skb flagged with pfmemalloc wasn't necessarily allocated from PFMEMALLOC reserves, and on the other hand an skb allocated that way might be copied from an skb that wasn't. So we should not copy the flag on skb copy, and rather decide whether to allow an skb to be associated with sockets unrelated to page reclaim depending only on how it was allocated. Move the pfmemalloc flag before headers_start[0] using an existing 1-bit hole, so that __copy_skb_header() doesn't copy it. When cloning, we'll now take care of this flag explicitly, contravening to the warning comment of __skb_clone(). While at it, restore the newline usage introduced by commit |
||
|
Blagovest Kolenichev
|
2e229cb024 |
Merge android-4.9.94 (8683408) into msm-4.9
* refs/heads/tmp-8683408: ANDROID: Add build server config for cuttlefish. ANDROID: Add defconfig for cuttlefish. FROMLIST: staging: Android: Add 'vsoc' driver for cuttlefish. Revert "ANDROID: proc: make oom adjustment files user read-only" Revert "ANDROID: fixup! proc: make oom adjustment files user read-only" Linux 4.9.94 Revert "xhci: plat: Register shutdown for xhci_plat" vrf: Fix use after free and double free in vrf_finish_output net sched actions: fix dumping which requires several messages to user space strparser: Fix sign of err codes net/mlx4_core: Fix memory leak while delete slave's resources vhost_net: add missing lock nesting notation team: move dev_mc_sync after master_upper_dev_link in team_port_add route: check sysctl_fib_multipath_use_neigh earlier than hash vhost: validate log when IOTLB is enabled net/mlx4_en: Fix mixed PFC and Global pause user control requests net/sched: fix NULL dereference on the error path of tcf_skbmod_init() net/sched: fix NULL dereference in the error path of tunnel_key_init() net/mlx5e: Sync netdev vxlan ports at open vti6: better validate user provided tunnel names ip6_tunnel: better validate user provided tunnel names ip6_gre: better validate user provided tunnel names ipv6: sit: better validate user provided tunnel names ip_tunnel: better validate user provided tunnel names net: fool proof dev_valid_name() bonding: process the err returned by dev_set_allmulti properly in bond_enslave bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave bonding: fix the err path for dev hwaddr sync in bond_enslave vlan: also check phy_driver ts_info for vlan's real device vhost: correctly remove wait queue during poll failure sky2: Increase D3 delay to sky2 stops working after suspend sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 sctp: do not leak kernel memory to user space r8169: fix setting driver_data after register_netdev pptp: remove a buggy dst release in pptp_connect() net/sched: fix NULL dereference in the error path of tcf_bpf_init() netlink: make sure nladdr has correct size in netlink_connect() net/ipv6: Increment OUTxxx counters after netfilter hook net/ipv6: Fix route leaking between VRFs net: fix possible out-of-bound read in skb_network_protocol() ipv6: the entire IPv6 header chain must fit the first fragment arp: fix arp_filter on l3slave devices clk: at91: fix clk-generated compilation random: use lockless method of accessing and updating f->reg_idx virtio_net: check return value of skb_to_sgvec in one more location virtio_net: check return value of skb_to_sgvec always rxrpc: check return value of skb_to_sgvec always ipsec: check return value of skb_to_sgvec always perf tools: Fix copyfile_offset update of output offset mtd: mtd_oobtest: Handle bitflips during reads Input: goodix - disable IRQs while suspended sdhci: Advertise 2.0v supply on SDIO host controller cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages EDAC, mv64x60: Fix an error handling path tty: n_gsm: Allow ADM response in addition to UA for control dlci blk-mq: fix kernel oops in blk_mq_tag_idle() scsi: libsas: initialize sas_phy status according to response of DISCOVER scsi: libsas: fix error when getting phy events scsi: libsas: fix memory leak in sas_smp_get_phy_events() bcache: segregate flash only volume write streams bcache: stop writeback thread after detaching drm/vc4: Fix resource leak in 'vc4_get_hang_state_ioctl()' in error handling path selftests: kselftest_harness: Fix compile warning hsr: fix incorrect warning vxlan: dont migrate permanent fdb entries during learn s390/dasd: fix hanging safe offline ACPICA: Disassembler: Abort on an invalid/unknown AML opcode ACPICA: Events: Add runtime stub support for event APIs ACPICA: OSL: Add support to exclude stdarg.h cpuidle: dt: Add missing 'of_node_put()' Bluetooth: Send HCI Set Event Mask Page 2 command only when needed clk: meson: meson8b: add compatibles for Meson8 and Meson8m2 net: ena: disable admin msix while working in polling mode net: ena: add missing unmap bars on device removal net: ena: add missing return when ena_com_get_io_handlers() fails net: ena: fix race condition between submit and completion admin command net: ena: fix rare uncompleted admin command false alarm iio: magnetometer: st_magn_spi: fix spi_device_id table sparc64: ldc abort during vds iso boot net: fec: Add a fec_enet_clear_ethtool_stats() stub for CONFIG_M5272 sctp: fix recursive locking warning in sctp_do_peeloff bnx2x: Allow vfs to disable txvlan offload crypto: omap-sham - fix closing of hash with separate finalize call crypto: omap-sham - buffer handling fixes for hashing later geneve: add missing rx stats accounting stmmac: fix ptp header for GMAC3 hw timestamp coresight: tmc: Configure DMA mask appropriately coresight: Fix reference count for software sources pinctrl: meson-gxbb: remove non-existing pin GPIOX_22 X.509: Fix error code in x509_cert_parse() xen: avoid type warning in xchg_xen_ulong skbuff: only inherit relevant tx_flags perf tests: Decompress kernel module before objdump perf tools: Decompress kernel module when reading DSO data net: emac: fix reset timeout with AR8035 phy Fix loop device flush before configure v3 ARM: dts: armadillo800eva: Split LCD mux and gpio MIPS: kprobes: flush_insn_slot should flush only if probe initialised MIPS: mm: adjust PKMAP location MIPS: mm: fixed mappings: correct initialisation sched/deadline: Use the revised wakeup rule for suspending constrained dl tasks perf/core: Correct event creation with PERF_FORMAT_GROUP e1000e: Undo e1000e_pm_freeze if __e1000_shutdown fails KVM: nVMX: Update vmcs12->guest_linear_address on nested VM-exit nvme: fix hang in remove path nvme-pci: fix multiple ctrl removal scheduling ARM: imx: Add MXC_CPU_IMX6ULL and cpu_is_imx6ull net: phy: avoid genphy_aneg_done() for PHYs without clause 22 support mceusb: sporadic RX truncation corruption fix cx25840: fix unchecked return values cxl: Unlock on error in probe igb: fix race condition with PTP_TX_IN_PROGRESS bits e1000e: fix race condition around skb_tstamp_tx() ARM: dts: qcom: ipq4019: fix i2c_0 node tags: honor COMPILED_SOURCE with apart output directory iwlwifi: fix min API version for 7265D, 3168, 8000 and 8265 iwlwifi: pcie: only use d0i3 in suspend/resume if system_pm is set to d0i3 iwlwifi: tt: move ucode_loaded check under mutex iwlwifi: mvm: Fix command queue number on d0i3 flow watchdog: f71808e_wdt: Add F71868 support iwlwifi: mvm: fix firmware debug restart recording perf report: Ensure the perf DSO mapping matches what libdw sees perf header: Set proper module name when build-id event found net/mlx4: Check if Granular QoS per VF has been enabled before updating QP qos_vport net/mlx4: Fix the check in attaching steering rules sit: reload iphdr in ipip6_rcv macsec: check return value of skb_to_sgvec always skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow ip6_tunnel: fix traffic class routing for tunnels bio-integrity: Do not allocate integrity context for bio w/o data Fix serial console on SNI RM400 machines cxgb4: fix incorrect cim_la output for T6 powerpc/8xx: fix mpc8xx_get_irq() return on no irq drm/omap: fix tiled buffer stride calculations RDMA/hfi1: fix array termination by appending NULL to attr array RDMA/iw_cxgb4: Avoid touch after free error in ARP failure handlers net: phy: micrel: Restore led_mode and clk_sel on resume mISDN: Fix a sleep-in-atomic bug arm64: kernel: restrict /dev/mem read() calls to linear region qlcnic: Fix a sleep-in-atomic bug in qlcnic_82xx_hw_write_wx_2M and qlcnic_82xx_hw_read_wx_2M perf trace: Add mmap alias for s390 ath10k: add BMI parameters to fix calibration from DT/pre-cal drm/amdkfd: NULL dereference involving create_process() powerpc/spufs: Fix coredump of SPU contexts clk: Fix __set_clk_rates error print-string clk: scpi: fix return type of __scpi_dvfs_round_rate KVM: SVM: do not zero out segment attributes if segment is unusable or not present mtd: nand: check ecc->total sanity in nand_scan_tail mtd: nand: gpmi: Fix gpmi_nand_init() error path dt-bindings: display: sun4i: Add allwinner,tcon-channel property drm/sun4i: Ignore the generic connectors for components clk: at91: fix clk-generated parenting net: freescale: fix potential null pointer dereference SUNRPC: ensure correct error is reported by xs_tcp_setup_socket() rtc: interface: Validate alarm-time before handling rollover rtc: opal: Handle disabled TPO in opal_get_tpo_time() i40evf: fix merge error in older patch rtc: m41t80: fix SQW dividers override when setting a date cxgb4: Fix netdev_features flag cxgb4: FW upgrade fixes net/mlx5: avoid build warning for uniprocessor arm64: futex: Fix undefined behaviour with FUTEX_OP_OPARG_SHIFT usage backlight: Report error on failure dmaengine: imx-sdma: Handle return value of clk_prepare_enable powerpc/[booke|4xx]: Don't clobber TCR[WP] when setting TCR[DIE] ovl: filter trusted xattr for non-admin HID: i2c: Call acpi_device_fix_up_power for ACPI-enumerated devices netfilter: conntrack: don't call iter for non-confirmed conntracks x86/efi: Disable runtime services on kexec kernel if booted with efi=old_map hdlcdrv: Fix divide by zero in hdlcdrv_ioctl wl1251: check return from call to wl1251_acx_arp_ip_filter rt2x00: do not pause queue unconditionally on error path ASoC: Intel: sst: Fix the return value of 'sst_send_byte_stream_mrfld()' pinctrl: baytrail: Enable glitch filter for GPIOs used as interrupts backlight: tdo24m: Fix the SPI CS between transfers blk-mq: fix race between updating nr_hw_queues and switching io sched IB/rdmavt: Allocate CQ memory on the correct node gpio: label descriptors using the device name vfb: fix video mode and line_length being set when loaded mac80211: Fix setting TX power on monitor interfaces ACPI: EC: Fix debugfs_create_*() usage irqchip/gic-v3: Fix the driver probe() fail due to disabled GICC entry scsi: mpt3sas: Proper handling of set/clear of "ATA command pending" flag. scsi: libiscsi: Allow sd_shutdown on bad transport ASoC: Intel: cht_bsw_rt5645: Analog Mic support ASoC: Intel: Skylake: Disable clock gating during firmware and library download media: videobuf2-core: don't go out of the buffer range hwmon: (ina2xx) Make calibration register value fixed PM / devfreq: Fix potential NULL pointer dereference in governor_store VFS: close race between getcwd() and d_move() net/mlx4_en: Change default QoS settings ACPI / video: Default lcd_only to true on Win8-ready and newer machines rds; Reset rs->rs_bound_addr in rds_add_bound() failure path l2tp: fix missing print session offset info perf probe: Add warning message if there is unexpected event name thermal: power_allocator: fix one race condition issue for thermal_instances list ARM: dts: ls1021a: add "fsl,ls1021a-esdhc" compatible string to esdhc node i40iw: Correct Q1/XF object count equation i40iw: Fix sequence number for the first partial FPDU drm/msm: Take the mutex before calling msm_gem_new_impl net: llc: add lock_sock in llc_ui_bind to avoid a race condition KVM: nVMX: Fix handling of lmsw instruction KVM: X86: Fix preempt the preemption timer cancel PCI/msi: fix the pci_alloc_irq_vectors_affinity stub cpuhotplug: Link lock stacks for hotplug callbacks bonding: Don't update slave->link until ready to commit Input: elan_i2c - clear INT before resetting controller net: move somaxconn init from sysctl code tcp: better validation of received ack sequences ARM64: PCI: Fix struct acpi_pci_root_ops allocation failure path ext4: fix off-by-one on max nr_pages in ext4_find_unwritten_pgoff() fix race in drivers/char/random.c:get_reg() scsi: bnx2fc: fix race condition in bnx2fc_get_host_stats() ASoC: rsnd: SSI PIO adjust to 24bit mode pNFS/flexfiles: missing error code in ff_layout_alloc_lseg() netfilter: ctnetlink: fix incorrect nf_ct_put during hash resize perf report: Fix off-by-one for non-activation frames libceph: NULL deref on crush_decode() error path net: ieee802154: fix net_device reference release too early mlx5: fix bug reading rss_hash_type from CQE block: fix an error code in add_partition() selinux: do not check open permission on sockets net/mlx5: Tolerate irq_set_affinity_hint() failures gpio: crystalcove: Do not write regular gpio registers for virtual GPIOs sched/numa: Use down_read_trylock() for the mmap_sem perf/core: Fix error handling in perf_event_alloc() leds: pca955x: Correct I2C Functionality net/wan/fsl_ucc_hdlc: fix muram allocation error ray_cs: Avoid reading past end of buffer ARM: davinci: da8xx: Create DSP device only when assigned memory md-cluster: fix potential lock issue in add_new_disk ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors iio: light: rpr0521 poweroff for probe fails iio: hi8435: cleanup reset gpio iio: hi8435: avoid garbage event at first enable ASoC: simple-card: fix mic jack initialization xfrm: fix state migration copy replay sequence numbers selftests/powerpc: Fix TM resched DSCR test with some compilers ath5k: fix memory leak on buf on failed eeprom read powerpc/mm: Fix virt_addr_valid() etc. on 64-bit hash scsi: csiostor: fix use after free in csio_hw_use_fwconfig() mlxsw: spectrum: Avoid possible NULL pointer dereference sh_eth: Use platform device for printing before register_netdev() fsl/qe: add bit description for SYNL register for GUMR net/wan/fsl_ucc_hdlc: fix incorrect memory allocation net/wan/fsl_ucc_hdlc: fix unitialized variable warnings serial: sh-sci: Fix race condition causing garbage during shutdown serial: 8250: omap: Disable DMA for console UART USB: ene_usb6250: fix SCSI residue overwriting net: x25: fix one potential use-after-free issue USB: ene_usb6250: fix first command execution pxa_camera: fix module remove codepath for v4l2 clock usb: chipidea: properly handle host or gadget initialization failure ARM: dts: rockchip: fix rk322x i2s1 pinctrl error arp: honour gratuitous ARP _replies_ neighbour: update neigh timestamps iff update is effective uio: fix incorrect memory leak cleanup ipmr: vrf: Find VIFs using the actual device ata: libahci: properly propagate return value of platform_get_irq() btrfs: fix incorrect error return ret being passed to mapping_set_error usb: dwc3: keystone: check return value KVM: arm64: Restore host physical timer access on hyp_panic() KVM: arm: Restore banked registers and physical timer access on hyp_panic() async_tx: Fix DMA_PREP_FENCE usage in do_async_gen_syndrome() ipv6: avoid dad-failures for addresses with NODAD mdio: mux: fix device_node_continue.cocci warnings arm64: perf: Ignore exclude_hv when kernel is running in HYP i2c: mux: reg: put away the parent i2c adapter on probe failure ARM: dts: imx6qdl-wandboard: Fix audio channel swap powerpc/modules: If mprofile-kernel is enabled add it to vermagic x86/tsc: Provide 'tsc=unstable' boot parameter clk: renesas: rcar-gen2: Fix PLL0 on R-Car V2H and E2 staging: wlan-ng: prism2mgmt.c: fixed a double endian conversion before calling hfa384x_drvr_setconfig16, also fixes relative sparse warning ARM: dts: imx53-qsrb: Pulldown PMIC IRQ pin iio: pressure: zpa2326: report interrupted case as failure PowerCap: Fix an error code in powercap_register_zone() bus: brcmstb_gisb: correct support for 64-bit address output bus: brcmstb_gisb: Use register offsets with writes too SMB2: Fix share type handling mm, vmstat: Remove spurious WARN() during zoneinfo print vmxnet3: ensure that adapter is in proper state during force_close irqchip/mbigen: Fix the clear register offset calculation KVM: PPC: Book3S PR: Check copy_to/from_user return values Input: elantech - force relative mode on a certain module Input: elan_i2c - check if device is there before really probing mdio: mux: Correct mdio_mux_init error path issues netxen_nic: set rcode to the return status from the call to netxen_issue_cmd net: qca_spi: Fix alignment issues in rx path blk-mq: NVMe 512B/4K+T10 DIF/DIX format returns I/O error on dd with split op perf/callchain: Force USER_DS when invoking perf_callchain_user() CIFS: silence lockdep splat in cifs_relock_file() NFSv4.1: Work around a Linux server bug... qed: Correct doorbell configuration for !4Kb pages net/mlx4_en: Avoid adding steering rules with invalid ring s390: move _text symbol to address higher than zero pidns: disable pid allocation if pid_ns_prepare_proc() is failed in alloc_pid() drivers/misc/vmw_vmci/vmci_queue_pair.c: fix a couple integer overflow tests lockd: fix lockd shutdown race net: ethernet: ti: cpsw: adjust cpsw fifos depth for fullduplex flow control net: cdc_ncm: Fix TX zero padding ipmi_ssif: unlock on allocation failure ubi: fastmap: Fix slab corruption qlge: Avoid reading past end of buffer bna: Avoid reading past end of buffer mac80211: bail out from prep_connection() if a reconfig is ongoing af_key: Fix slab-out-of-bounds in pfkey_compile_policy. IB/srpt: Avoid that aborting a command triggers a kernel warning IB/srpt: Fix abort handling x86/boot: Declare error() as noreturn NFSv4.1: RECLAIM_COMPLETE must handle NFS4ERR_CONN_NOT_BOUND_TO_SESSION ovl: persistent inode numbers for upper hardlinks x86/mm/kaslr: Use the _ASM_MUL macro for multiplication to work around Clang incompatibility x86/asm: Don't use RBP as a temporary register in csum_partial_copy_generic() rtc: snvs: fix an incorrect check of return value md/raid5: make use of spin_lock_irq over local_irq_disable + spin_lock cfg80211: make RATE_INFO_BW_20 the default qed: Fix overriding of supported autoneg value. ANDROID: proc: add null check in proc_uid_init f2fs/fscrypt: updates to v4.17-rc1 Revert "ANDROID: sched/tune: Initialize raw_spin_lock in boosted_groups" ANDROID: uid_sys_stats: Replace tasklist lock with RCU in uid_cputime_show ANDROID: arm64: mark kpti_install_ng_mappings as __nocfi Conflicts: arch/arm64/kernel/perf_event.c drivers/gpu/drm/msm/msm_gem.c drivers/hwtracing/coresight/coresight-tmc.c drivers/hwtracing/coresight/coresight.c Change-Id: I3a1bd6216f55601cff0a2b4344c480b2e1a771a6 Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> |
||
|
Jason A. Donenfeld
|
2cd3aa5a3a |
skbuff: return -EMSGSIZE in skb_to_sgvec to prevent overflow
[ Upstream commit 48a1df65334b74bd7531f932cca5928932abf769 ]
This is a defense-in-depth measure in response to bugs like
4d6fa57b4dab ("macsec: avoid heap overflow in skb_to_sgvec"). There's
not only a potential overflow of sglist items, but also a stack overflow
potential, so we fix this by limiting the amount of recursion this function
is allowed to do. Not actually providing a bounded base case is a future
disaster that we can easily avoid here.
As a small matter of house keeping, we take this opportunity to move the
documentation comment over the actual function the documentation is for.
While this could be implemented by using an explicit stack of skbuffs,
when implementing this, the function complexity increased considerably,
and I don't think such complexity and bloat is actually worth it. So,
instead I built this and tested it on x86, x86_64, ARM, ARM64, and MIPS,
and measured the stack usage there. I also reverted the recent MIPS
changes that give it a separate IRQ stack, so that I could experience
some worst-case situations. I found that limiting it to 24 layers deep
yielded a good stack usage with room for safety, as well as being much
deeper than any driver actually ever creates.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: David Howells <dhowells@redhat.com>
Cc: Sabrina Dubroca <sd@queasysnail.net>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Kyle Yan
|
01bff91034 |
Merge remote-tracking branch '4.9/tmp-8cca21f' into 4.9
* 4.9/tmp-8cca21f: Linux 4.9.65 mm/pagewalk.c: report holes in hugetlb ranges coda: fix 'kernel memory exposure attempt' in fsync mm/page_alloc.c: broken deferred calculation ipmi: fix unsigned long underflow ocfs2: should wait dio before inode lock in ocfs2_setattr() ocfs2: fix cluster hang after a node dies dmaengine: dmatest: warn user when dma test times out serial: 8250_fintek: Fix finding base_port with activated SuperIO serial: omap: Fix EFR write on RTS deassertion ima: do not update security.ima if appraisal status is not INTEGRITY_PASS crypto: dh - Fix double free of ctx->p crypto: dh - fix memleak in setkey net/sctp: Always set scope_id in sctp_inet6_skb_msgname fealnx: Fix building error on MIPS sctp: do not peel off an assoc from one netns to another one af_netlink: ensure that NLMSG_DONE never fails in dumps vlan: fix a use-after-free in vlan_device_event() net: usb: asix: fill null-ptr-deref in asix_suspend qmi_wwan: Add missing skb_reset_mac_header-call net: qmi_wwan: fix divide by 0 on bad descriptors net: cdc_ether: fix divide by 0 on bad descriptors bonding: discard lowest hash bit for 802.3ad layer3+4 netfilter/ipvs: clear ipvs_property flag when SKB net namespace changed tcp: do not mangle skb->cb[] in tcp_make_synack() net: vrf: correct FRA_L3MDEV encode type tcp_nv: fix division by zero in tcpnv_acked() Linux 4.9.64 staging: greybus: spilib: fix use-after-free after deregistration brcmfmac: don't preset all channels as disabled x86/MCE/AMD: Always give panic severity for UC errors in kernel context USB: serial: garmin_gps: fix memory leak on probe errors USB: serial: garmin_gps: fix I/O after failed probe and remove USB: serial: qcserial: add pid/vid for Sierra Wireless EM7355 fw update usb: gadget: f_fs: Fix use-after-free in ffs_free_inst USB: Add delay-init quirk for Corsair K70 LUX keyboards USB: usbfs: compute urb->actual_length for isochronous crypto: dh - Don't permit 'key' or 'g' size longer than 'p' crypto: dh - Don't permit 'p' to be 0 Revert "dt-bindings: Add LEGO MINDSTORMS EV3 compatible specification" Revert "dt-bindings: Add vendor prefix for LEGO" uapi: fix linux/rds.h userspace compilation errors uapi: fix linux/rds.h userspace compilation error Revert "uapi: fix linux/rds.h userspace compilation errors" Revert "crypto: xts - Add ECB dependency" MIPS: Netlogic: Exclude netlogic,xlp-pic code from XLR builds MIPS: traps: Ensure L1 & L2 ECC checking match for CM3 systems MIPS: init: Ensure reserved memory regions are not added to bootmem MIPS: init: Ensure bootmem does not corrupt reserved memory MIPS: End asm function prologue macros with .insn staging: greybus: add host device function pointer checks staging: wilc1000: Fix endian sparse warning staging: rtl8712: fixed little endian problem ixgbe: do not disable FEC from the driver ixgbe: add mask for 64 RSS queues ixgbe: Reduce I2C retry count on X550 devices ixgbe: Fix reporting of 100Mb capability ixgbe: handle close/suspend race with netif_device_detach/present ixgbe: fix AER error handling ixgbe: Configure advertised speeds correctly for KR/KX backplane arm64: dts: NS2: reserve memory for Nitro firmware ALSA: hda/realtek - Add new codec ID ALC299 gpu: drm: mgag200: mgag200_main:- Handle error from pci_iomap backlight: adp5520: Fix error handling in adp5520_bl_probe() backlight: lcd: Fix race condition during register drm/omap: panel-sony-acx565akm.c: Add MODULE_ALIAS ALSA: vx: Fix possible transfer overflow ALSA: vx: Don't try to update capture stream before running power: supply: axp288_fuel_gauge: Read 12 bit values 2 registers at a time power: supply: axp288_fuel_gauge: Read 15 bit values 2 registers at a time rtc: rx8010: change lock mechanism scsi: lpfc: Clear the VendorVersion in the PLOGI/PLOGI ACC payload scsi: lpfc: Correct issue leading to oops during link reset scsi: lpfc: Correct host name in symbolic_name field scsi: lpfc: FCoE VPort enable-disable does not bring up the VPort scsi: lpfc: Add missing memory barrier x86/irq, trace: Add __irq_entry annotation to x86's platform IRQ handlers staging: rtl8188eu: fix incorrect ERROR tags from logs tcp: provide timestamps for partial writes scsi: ufs: add capability to keep auto bkops always enabled scsi: ufs-qcom: Fix module autoload igb: Fix hw_dbg logging in igb_update_flash_i210 igb: close/suspend race in netif_device_detach igb: reset the PHY before reading the PHY ID drm/sti: sti_vtg: Handle return NULL error from devm_ioremap_nocache ata: SATA_MV should depend on HAS_DMA ata: SATA_HIGHBANK should depend on HAS_DMA ata: ATA_BMDMA should depend on HAS_DMA ARM: dts: omap5-uevm: Allow bootloader to configure USB Ethernet MAC ARM: dts: Fix omap3 off mode pull defines ARM: OMAP2+: Fix init for multiple quirks for the same SoC ARM: dts: Fix am335x and dm814x scm syscon to probe children ARM: dts: Fix compatible for ti81xx uarts for 8250 fm10k: request reset when mbx->state changes extcon: palmas: Check the parent instance to prevent the NULL extcon: Remove potential problem when calling extcon_register_notifier() Bluetooth: btusb: fix QCA Rome suspend/resume arm: crypto: reduce priority of bit-sliced AES cipher media: dib0700: fix invalid dvb_detach argument media: imon: Fix null-ptr-deref in imon_probe Linux 4.9.63 misc: panel: properly restore atomic counter on error path qla2xxx: Fix incorrect tcm_qla2xxx_free_cmd use during TMR ABORT (v2) target/iscsi: Fix iSCSI task reassignment handling brcmfmac: remove setting IBSS mode when stopping AP security/keys: add CONFIG_KEYS_COMPAT to Kconfig netfilter: nat: Revert "netfilter: nat: convert nat bysrc hash to rhashtable" netfilter: nat: avoid use of nf_conn_nat extension Revert "ARM: dts: imx53-qsb-common: fix FEC pinmux config" ALSA: seq: Cancel pending autoload work at unbinding device Input: ims-psu - check if CDC union descriptor is sane usb: usbtest: fix NULL pointer dereference mac80211: don't compare TKIP TX MIC key in reinstall prevention mac80211: use constant time comparison with keys mac80211: accept key reinstall without changing anything ppp: fix race in ppp device destruction net_sched: avoid matching qdisc with zero handle sctp: reset owner sk for data chunks on out queues when migrating a sock tun: allow positive return values on dev_get_valid_name() call ip6_gre: update dst pmtu if dev mtu has been updated by toobig in __gre6_xmit ip6_gre: only increase err_count for some certain type icmpv6 in ip6gre_err ipip: only increase err_count for some certain type icmp in ipip_err tap: double-free in error path in tap_open() net/unix: don't show information about sockets from other namespaces tcp/dccp: fix other lockdep splats accessing ireq_opt tcp/dccp: fix lockdep splat in inet_csk_route_req() sctp: full support for ipv6 ip_nonlocal_bind & IP_FREEBIND ipv6: flowlabel: do not leave opt->tot_len with garbage soreuseport: fix initialization race packet: avoid panic in packet_getsockopt() tcp/dccp: fix ireq->opt races sctp: add the missing sock_owned_by_user check in sctp_icmp_redirect tun: call dev_get_valid_name() before register_netdevice() l2tp: check ps->sock before running pppol2tp_session_ioctl() tcp: fix tcp_mtu_probe() vs highest_sack net: call cgroup_sk_alloc() earlier in sk_clone_lock() netlink: do not set cb_running if dump's start() errs ipv6: addrconf: increment ifp refcount before ipv6_del_addr() tun/tap: sanitize TUNSETSNDBUF input gso: fix payload length when gso_size is zero FROMLIST: binder: fix proc->files use-after-free Conflicts: drivers/scsi/ufs/ufshcd.h include/net/netfilter/nf_conntrack.h Change-Id: I38fd3aa5f077a7bde0a8de4ebe9dc9316075f199 Signed-off-by: Kyle Yan <kyan@codeaurora.org> |
||
|
Ye Yin
|
afd9fa6619 |
netfilter/ipvs: clear ipvs_property flag when SKB net namespace changed
[ Upstream commit 2b5ec1a5f9738ee7bf8f5ec0526e75e00362c48f ]
When run ipvs in two different network namespace at the same host, and one
ipvs transport network traffic to the other network namespace ipvs.
'ipvs_property' flag will make the second ipvs take no effect. So we should
clear 'ipvs_property' when SKB network namespace changed.
Fixes:
|
||
|
Mohammed Javid
|
9c84341cf3 |
net: Changes to support Shortcut Forward Engine
Shortcut forward Engine (SFE) is a software packet accelerator which works on packet tuple entires (SFE entry) based on conntrack information. net:core has changes to invoke SFE module during packet traversal. net:netfilter has changes to remove SFE Entries when conntrack is deleted or expires. Also has changes to avoid tcp window check for incoming packets. Change-Id: I1622677e472870f8100c72221d9b1fab7fa768be Signed-off-by: Mohammed Javid <mjavid@codeaurora.org> |
||
|
Stephen Hemminger
|
293de7dee4 |
doc: update docbook annotations for socket and skb
The skbuff and sock structure both had missing parameter annotation values. Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Linus Torvalds
|
d1f5323370 |
Merge branch 'work.splice_read' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull VFS splice updates from Al Viro: "There's a bunch of branches this cycle, both mine and from other folks and I'd rather send pull requests separately. This one is the conversion of ->splice_read() to ITER_PIPE iov_iter (and introduction of such). Gets rid of a lot of code in fs/splice.c and elsewhere; there will be followups, but these are for the next cycle... Some pipe/splice-related cleanups from Miklos in the same branch as well" * 'work.splice_read' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: pipe: fix comment in pipe_buf_operations pipe: add pipe_buf_steal() helper pipe: add pipe_buf_confirm() helper pipe: add pipe_buf_release() helper pipe: add pipe_buf_get() helper relay: simplify relay_file_read() switch default_file_splice_read() to use of pipe-backed iov_iter switch generic_file_splice_read() to use of ->read_iter() new iov_iter flavour: pipe-backed fuse_dev_splice_read(): switch to add_to_pipe() skb_splice_bits(): get rid of callback new helper: add_to_pipe() splice: lift pipe_lock out of splice_to_pipe() splice: switch get_iovec_page_array() to iov_iter splice_to_pipe(): don't open-code wakeup_pipe_readers() consistent treatment of EFAULT on O_DIRECT read/write |
||
|
Al Viro
|
25869262ef |
skb_splice_bits(): get rid of callback
since pipe_lock is the outermost now, we don't need to drop/regain socket locks around the call of splice_to_pipe() from skb_splice_bits(), which kills the need to have a socket-specific callback; we can just call splice_to_pipe() and be done with that. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> |
||
|
Shmulik Ladkani
|
bfca4c520f |
net: skbuff: Export __skb_vlan_pop
This exports the functionality of extracting the tag from the payload, without moving next vlan tag into hw accel tag. Signed-off-by: Shmulik Ladkani <shmulik.ladkani@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Daniel Borkmann
|
36bbef52c7 |
bpf: direct packet write and access for helpers for clsact progs
This work implements direct packet access for helpers and direct packet write in a similar fashion as already available for XDP types via commits |
||
|
Yaogong Wang
|
9f5afeae51 |
tcp: use an RB tree for ooo receive queue
Over the years, TCP BDP has increased by several orders of magnitude, and some people are considering to reach the 2 Gbytes limit. Even with current window scale limit of 14, ~1 Gbytes maps to ~740,000 MSS. In presence of packet losses (or reorders), TCP stores incoming packets into an out of order queue, and number of skbs sitting there waiting for the missing packets to be received can be in the 10^5 range. Most packets are appended to the tail of this queue, and when packets can finally be transferred to receive queue, we scan the queue from its head. However, in presence of heavy losses, we might have to find an arbitrary point in this queue, involving a linear scan for every incoming packet, throwing away cpu caches. This patch converts it to a RB tree, to get bounded latencies. Yaogong wrote a preliminary patch about 2 years ago. Eric did the rebase, added ofo_last_skb cache, polishing and tests. Tested with network dropping between 1 and 10 % packets, with good success (about 30 % increase of throughput in stress tests) Next step would be to also use an RB tree for the write queue at sender side ;) Signed-off-by: Yaogong Wang <wygivan@google.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Yuchung Cheng <ycheng@google.com> Cc: Neal Cardwell <ncardwell@google.com> Cc: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Acked-By: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Ido Schimmel
|
6bc506b4fb |
bridge: switchdev: Add forward mark support for stacked devices
switchdev_port_fwd_mark_set() is used to set the 'offload_fwd_mark' of port netdevs so that packets being flooded by the device won't be flooded twice. It works by assigning a unique identifier (the ifindex of the first bridge port) to bridge ports sharing the same parent ID. This prevents packets from being flooded twice by the same switch, but will flood packets through bridge ports belonging to a different switch. This method is problematic when stacked devices are taken into account, such as VLANs. In such cases, a physical port netdev can have upper devices being members in two different bridges, thus requiring two different 'offload_fwd_mark's to be configured on the port netdev, which is impossible. The main problem is that packet and netdev marking is performed at the physical netdev level, whereas flooding occurs between bridge ports, which are not necessarily port netdevs. Instead, packet and netdev marking should really be done in the bridge driver with the switch driver only telling it which packets it already forwarded. The bridge driver will mark such packets using the mark assigned to the ingress bridge port and will prevent the packet from being forwarded through any bridge port sharing the same mark (i.e. having the same parent ID). Remove the current switchdev 'offload_fwd_mark' implementation and instead implement the proposed method. In addition, make rocker - the sole user of the mark - use the proposed method. Signed-off-by: Ido Schimmel <idosch@mellanox.com> Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Daniel Borkmann
|
5293efe62d |
bpf: add bpf_skb_change_tail helper
This work adds a bpf_skb_change_tail() helper for tc BPF programs. The basic idea is to expand or shrink the skb in a controlled manner. The eBPF program can then rewrite the rest via helpers like bpf_skb_store_bytes(), bpf_lX_csum_replace() and others rather than passing a raw buffer for writing here. bpf_skb_change_tail() is really a slow path helper and intended for replies with f.e. ICMP control messages. Concept is similar to other helpers like bpf_skb_change_proto() helper to keep the helper without protocol specifics and let the BPF program mangle the remaining parts. A flags field has been added and is reserved for now should we extend the helper in future. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Daniel Borkmann
|
479ffcccef |
bpf: fix checksum fixups on bpf_skb_store_bytes
bpf_skb_store_bytes() invocations above L2 header need BPF_F_RECOMPUTE_CSUM
flag for updates, so that CHECKSUM_COMPLETE will be fixed up along the way.
Where we ran into an issue with bpf_skb_store_bytes() is when we did a
single-byte update on the IPv6 hoplimit despite using BPF_F_RECOMPUTE_CSUM
flag; simple ping via ICMPv6 triggered a hw csum failure as a result. The
underlying issue has been tracked down to a buffer alignment issue.
Meaning, that csum_partial() computations via skb_postpull_rcsum() and
skb_postpush_rcsum() pair invoked had a wrong result since they operated on
an odd address for the hoplimit, while other computations were done on an
even address. This mix doesn't work as-is with skb_postpull_rcsum(),
skb_postpush_rcsum() pair as it always expects at least half-word alignment
of input buffers, which is normally the case. Thus, instead of these helpers
using csum_sub() and (implicitly) csum_add(), we need to use csum_block_sub(),
csum_block_add(), respectively. For unaligned offsets, they rotate the sum
to align it to a half-word boundary again, otherwise they work the same as
csum_sub() and csum_add().
Adding __skb_postpull_rcsum(), __skb_postpush_rcsum() variants that take the
offset as an input and adapting bpf_skb_store_bytes() to them fixes the hw
csum failures again. The skb_postpull_rcsum(), skb_postpush_rcsum() helpers
use a 0 constant for offset so that the compiler optimizes the offset & 1
test away and generates the same code as with csum_sub()/_add().
Fixes:
|
||
|
David S. Miller
|
30d0844bdc |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Conflicts: drivers/net/ethernet/mellanox/mlx5/core/en.h drivers/net/ethernet/mellanox/mlx5/core/en_main.c drivers/net/usb/r8152.c All three conflicts were overlapping changes. Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Jamal Hadi Salim
|
8b10cab64c |
net: simplify and make pkt_type_ok() available for other users
Suggested-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com> Acked-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
WANG Cong
|
82a31b9231 |
net_sched: fix mirrored packets checksum
Similar to commit
|
||
|
David S. Miller
|
eb70db8756 |
packet: Use symmetric hash for PACKET_FANOUT_HASH.
People who use PACKET_FANOUT_HASH want a symmetric hash, meaning that they want packets going in both directions on a flow to hash to the same bucket. The core kernel SKB hash became non-symmetric when the ipv6 flow label and other entities were incorporated into the standard flow hash order to increase entropy. But there are no users of PACKET_FANOUT_HASH who want an assymetric hash, they all want a symmetric one. Therefore, use the flow dissector to compute a flat symmetric hash over only the protocol, addresses and ports. This hash does not get installed into and override the normal skb hash, so this change has no effect whatsoever on the rest of the stack. Reported-by: Eric Leblond <eric@regit.org> Tested-by: Eric Leblond <eric@regit.org> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Marcelo Ricardo Leitner
|
90017accff |
sctp: Add GSO support
SCTP has this pecualiarity that its packets cannot be just segmented to
(P)MTU. Its chunks must be contained in IP segments, padding respected.
So we can't just generate a big skb, set gso_size to the fragmentation
point and deliver it to IP layer.
This patch takes a different approach. SCTP will now build a skb as it
would be if it was received using GRO. That is, there will be a cover
skb with protocol headers and children ones containing the actual
segments, already segmented to a way that respects SCTP RFCs.
With that, we can tell skb_segment() to just split based on frag_list,
trusting its sizes are already in accordance.
This way SCTP can benefit from GSO and instead of passing several
packets through the stack, it can pass a single large packet.
v2:
- Added support for receiving GSO frames, as requested by Dave Miller.
- Clear skb->cb if packet is GSO (otherwise it's not used by SCTP)
- Added heuristics similar to what we have in TCP for not generating
single GSO packets that fills cwnd.
v3:
- consider sctphdr size in skb_gso_transport_seglen()
- rebased due to
|
||
|
Marcelo Ricardo Leitner
|
ae7ef81ef0 |
skbuff: introduce skb_gso_validate_mtu
skb_gso_network_seglen is not enough for checking fragment sizes if skb is using GSO_BY_FRAGS as we have to check frag per frag. This patch introduces skb_gso_validate_mtu, based on the former, which will wrap the use case inside it as all calls to skb_gso_network_seglen were to validate if it fits on a given TMU, and improve the check. Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Tested-by: Xin Long <lucien.xin@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Marcelo Ricardo Leitner
|
3953c46c3a |
sk_buff: allow segmenting based on frag sizes
This patch allows segmenting a skb based on its frags sizes instead of based on a fixed value. Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Tested-by: Xin Long <lucien.xin@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Neil Horman
|
95829b3a9c |
net: suppress warnings on dev_alloc_skb
Noticed an allocation failure in a network driver the other day on a 32 bit system: DMA-API: debugging out of memory - disabling bnx2fc: adapter_lookup: hba NULL lldpad: page allocation failure. order:0, mode:0x4120 Pid: 4556, comm: lldpad Not tainted 2.6.32-639.el6.i686.debug #1 Call Trace: [<c08a4086>] ? printk+0x19/0x23 [<c05166a4>] ? __alloc_pages_nodemask+0x664/0x830 [<c0649d02>] ? free_object+0x82/0xa0 [<fb4e2c9b>] ? ixgbe_alloc_rx_buffers+0x10b/0x1d0 [ixgbe] [<fb4e2fff>] ? ixgbe_configure_rx_ring+0x29f/0x420 [ixgbe] [<fb4e228c>] ? ixgbe_configure_tx_ring+0x15c/0x220 [ixgbe] [<fb4e3709>] ? ixgbe_configure+0x589/0xc00 [ixgbe] [<fb4e7be7>] ? ixgbe_open+0xa7/0x5c0 [ixgbe] [<fb503ce6>] ? ixgbe_init_interrupt_scheme+0x5b6/0x970 [ixgbe] [<fb4e8e54>] ? ixgbe_setup_tc+0x1a4/0x260 [ixgbe] [<fb505a9f>] ? ixgbe_dcbnl_set_state+0x7f/0x90 [ixgbe] [<c088d80d>] ? dcb_doit+0x10ed/0x16d0 ... Thought that perhaps the big splat in the logs wasn't really necessecary, as all call sites for dev_alloc_skb: a) check the return code for the function and b) either print their own error message or have a recovery path that makes the warning moot. Fix it by modifying dev_alloc_pages to pass __GFP_NOWARN as a gfp flag to suppress the warning applies to the net tree Signed-off-by: Neil Horman <nhorman@tuxdriver.com> CC: "David S. Miller" <davem@davemloft.net> CC: Eric Dumazet <eric.dumazet@gmail.com> CC: Alexander Duyck <alexander.duyck@gmail.com> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Tom Herbert
|
7e13318daa |
net: define gso types for IPx over IPv4 and IPv6
This patch defines two new GSO definitions SKB_GSO_IPXIP4 and SKB_GSO_IPXIP6 along with corresponding NETIF_F_GSO_IPXIP4 and NETIF_F_GSO_IPXIP6. These are used to described IP in IP tunnel and what the outer protocol is. The inner protocol can be deduced from other GSO types (e.g. SKB_GSO_TCPV4 and SKB_GSO_TCPV6). The GSO types of SKB_GSO_IPIP and SKB_GSO_SIT are removed (these are both instances of SKB_GSO_IPXIP4). SKB_GSO_IPXIP6 will be used when support for GSO with IP encapsulation over IPv6 is added. Signed-off-by: Tom Herbert <tom@herbertland.com> Acked-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Eric Dumazet
|
9580bf2edb |
net: relax expensive skb_unclone() in iptunnel_handle_offloads()
Locally generated TCP GSO packets having to go through a GRE/SIT/IPIP tunnel have to go through an expensive skb_unclone() Reallocating skb->head is a lot of work. Test should really check if a 'real clone' of the packet was done. TCP does not care if the original gso_type is changed while the packet travels in the stack. This adds skb_header_unclone() which is a variant of skb_clone() using skb_header_cloned() check instead of skb_cloned(). This variant can probably be used from other points. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Soheil Hassas Yeganeh
|
0a2cf20c3f |
tcp: remove SKBTX_ACK_TSTAMP since it is redundant
The SKBTX_ACK_TSTAMP flag is set in skb_shinfo->tx_flags when the timestamp of the TCP acknowledgement should be reported on error queue. Since accessing skb_shinfo is likely to incur a cache-line miss at the time of receiving the ack, the txstamp_ack bit was added in tcp_skb_cb, which is set iff the SKBTX_ACK_TSTAMP flag is set for an skb. This makes SKBTX_ACK_TSTAMP flag redundant. Remove the SKBTX_ACK_TSTAMP and instead use the txstamp_ack bit everywhere. Note that this frees one bit in shinfo->tx_flags. Signed-off-by: Soheil Hassas Yeganeh <soheil@google.com> Acked-by: Martin KaFai Lau <kafai@fb.com> Suggested-by: Willem de Bruijn <willemb@google.com> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Sowmini Varadhan
|
6fa01ccd88 |
skbuff: Add pskb_extract() helper function
A pattern of skb usage seen in modules such as RDS-TCP is to extract `to_copy' bytes from the received TCP segment, starting at some offset `off' into a new skb `clone'. This is done in the ->data_ready callback, where the clone skb is queued up for rx on the PF_RDS socket, while the parent TCP segment is returned unchanged back to the TCP engine. The existing code uses the sequence clone = skb_clone(..); pskb_pull(clone, off, ..); pskb_trim(clone, to_copy, ..); with the intention of discarding the first `off' bytes. However, skb_clone() + pskb_pull() implies pksb_expand_head(), which ends up doing a redundant memcpy of bytes that will then get discarded in __pskb_pull_tail(). To avoid this inefficiency, this commit adds pskb_extract() that creates the clone, and memcpy's only the relevant header/frag/frag_list to the start of `clone'. pskb_trim() is then invoked to trim clone down to the requested to_copy bytes. Signed-off-by: Sowmini Varadhan <sowmini.varadhan@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Alexander Duyck
|
802ab55adc |
GSO: Support partial segmentation offload
This patch adds support for something I am referring to as GSO partial. The basic idea is that we can support a broader range of devices for segmentation if we use fixed outer headers and have the hardware only really deal with segmenting the inner header. The idea behind the naming is due to the fact that everything before csum_start will be fixed headers, and everything after will be the region that is handled by hardware. With the current implementation it allows us to add support for the following GSO types with an inner TSO_MANGLEID or TSO6 offload: NETIF_F_GSO_GRE NETIF_F_GSO_GRE_CSUM NETIF_F_GSO_IPIP NETIF_F_GSO_SIT NETIF_F_UDP_TUNNEL NETIF_F_UDP_TUNNEL_CSUM In the case of hardware that already supports tunneling we may be able to extend this further to support TSO_TCPV4 without TSO_MANGLEID if the hardware can support updating inner IPv4 headers. Signed-off-by: Alexander Duyck <aduyck@mirantis.com> Signed-off-by: David S. Miller <davem@davemloft.net> |