The driver extended capabilities may differ for different
interface types which the userspace needs to know (for
example the fine timing measurement initiator and responder
bits might differ for a station and AP). Add a new nl80211
attribute to provide extended capabilities per interface type
to userspace.
Signed-off-by: Vidyullatha Kanchanapally <vkanchan@qti.qualcomm.com>
Reviewed-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Git-commit: 019ae3a918811715192b22c400ac78d54acc26a9
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next.git
CRs-fixed: 1030694
Change-Id: I816b21d8433aea9407a14a8c8a5098701ee53b8c
[pkushwah@codeaurora.org: backport to 4.4-This commit includes the
changes from following commits in include/uapi/linux/nl80211.h to compile
for msm-4.4.
38de03d2a28925b489c11546804e2f5418cc17a4 :
nl80211: add feature for BSS selection support.
17b942478643c5a90c06d978479bd326040bfa19 :
cfg80211: allow userspace to specify client P2P PS support.
9b95fe59b18bcc891a6c60ae11d725c9c679574b :
nl80211: add missing kerneldoc for new *_PAD attributes.
2dad624e6dd65c6048a9bbe0e16559fce182c87c :
wireless: use nla_put_u64_64bit().]
Signed-off-by: Purushottam Kushwaha <pkushwah@codeaurora.org>
In an issue very similar to 4e461c777e (xt_qtaguid: Fix panic
caused by synack processing), we were seeing panics on occasion
in testing.
In this case, it was the same issue, but caused by a different
call path, as the sk being returned from qtaguid_find_sk() was
not a full socket. Resulting in the sk->sk_socket deref to fail.
This patch adds an extra check to ensure the sk being retuned
is a full socket, and if not it returns NULL.
Change-Id: Icee0df589ea8d61a999e8c7ea3afdcf4a40b412b
CRs-Fixed: 1035969
Reported-by: Milosz Wasilewski <milosz.wasilewski@linaro.org>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Git-commit: cc0063b8eb
Git-repo: https://android.googlesource.com/kernel/common/
Signed-off-by: Bryse Flowers <bflowers@codeaurora.org>
In upstream commit ca6fb06518
(tcp: attach SYNACK messages to request sockets instead of
listener)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca6fb0651883
The building of synack messages was changed, which made it so
the skb->sk points to a casted request_sock. This is problematic,
as there is no sk_socket in a request_sock. So when the qtaguid_mt
function tries to access the sk->sk_socket, it accesses uninitialized
memory.
After looking at how other netfilter implementations handle this,
I realized there was a skb_to_full_sk() helper added, which the
xt_qtaguid code isn't yet using.
This patch adds its use, and resovles panics seen when accessing
uninitialzed memory when processing synack packets.
Change-Id: Id0dbb7853aba221c1926e44616524fed90677602
CRs-Fixed: 1035969
Reported-by: YongQin Liu <yongquin.liu@linaro.org>
Signed-off-by: John Stultz <john.stultz@linaro.org>
Git-commit: 4e461c777e
Git-repo: https://android.googlesource.com/kernel/common/
Signed-off-by: Bryse Flowers <bflowers@codeaurora.org>
* msm-4.4/tmp-2bf7955:
Linux 4.4.8
Revert "usb: hub: do not clear BOS field during reset device"
usbvision: fix crash on detecting device with invalid configuration
staging: android: ion: Set the length of the DMA sg entries in buffer
Revert "PCI, x86: Implement pcibios_alloc_irq() and pcibios_free_irq()"
Revert "PCI: Add helpers to manage pci_dev->irq and pci_dev->irq_managed"
Revert "x86/PCI: Don't alloc pcibios-irq when MSI is enabled"
HID: usbhid: fix inconsistent reset/resume/reset-resume behavior
HID: wacom: fix Bamboo ONE oops
ALSA: usb-audio: Skip volume controls triggers hangup on Dell USB Dock
ALSA: usb-audio: Add a quirk for Plantronics BT300
ALSA: usb-audio: Add a sample rate quirk for Phoenix Audio TMX320
ALSA: hda/realtek - Enable the ALC292 dock fixup on the Thinkpad T460s
ALSA: hda - fix front mic problem for a HP desktop
ALSA: hda - Fix headset support and noise on HP EliteBook 755 G2
ALSA: hda - Fixup speaker pass-through control for nid 0x14 on ALC225
mmc: sdhci-pci: Add support and PCI IDs for more Broxton host controllers
perf: Cure event->pending_disable race
perf: Do not double free
arm64: replace read_lock to rcu lock in call_step_hook
Btrfs: fix file/data loss caused by fsync after rename and new inode
iommu: Don't overwrite domain pointer when there is no default_domain
ext4: ignore quota mount options if the quota feature is enabled
ext4: add lockdep annotations for i_data_sem
btrfs: fix crash/invalid memory access on fsync when using overlayfs
nfs: use file_dentry()
fs: add file_dentry()
sd: Fix excessive capacity printing on devices with blocks bigger than 512 bytes
iio: gyro: bmg160: fix endianness when reading axes
iio: gyro: bmg160: fix buffer read values
iio: accel: bmc150: fix endianness when reading axes
iio: st_magn: always define ST_MAGN_TRIGGER_SET_STATE
usb: renesas_usbhs: fix to avoid using a disabled ep in usbhsg_queue_done()
usb: renesas_usbhs: disable TX IRQ before starting TX DMAC transfer
usb: renesas_usbhs: avoid NULL pointer derefernce in usbhsf_pkt_handler()
mac80211: fix txq queue related crashes
mac80211: fix unnecessary frame drops in mesh fwding
mac80211: fix ibss scan parameters
mac80211: avoid excessive stack usage in sta_info
mac80211: properly deal with station hashtable insert errors
virtio: virtio 1.0 cs04 spec compliance for reset
rbd: use GFP_NOIO consistently for request allocations
pcmcia: db1xxx_ss: fix last irq_to_gpio user
v4l: vsp1: Set the SRU CTRL0 register when starting the stream
coda: fix error path in case of missing pdata on non-DT platform
au0828: Fix dev_state handling
au0828: fix au0828_v4l2_close() dev_state race condition
pinctrl: freescale: imx: fix bogus check of of_iomap() return value
pinctrl: nomadik: fix pull debug print inversion
pinctrl: sunxi: Fix A33 external interrupts not working
pinctrl: sh-pfc: only use dummy states for non-DT platforms
pinctrl: pistachio: fix mfio84-89 function description and pinmux.
MIPS: Fix MSA ld unaligned failure cases
KVM: x86: reduce default value of halt_poll_ns parameter
KVM: x86: Inject pending interrupt even if pending nmi exist
cdc-acm: fix NULL pointer reference
USB: uas: Add a new NO_REPORT_LUNS quirk
USB: uas: Limit qdepth at the scsi-host level
mpls: find_outdev: check for err ptr in addition to NULL check
ipv6: Count in extension headers in skb->network_header
ip6_tunnel: set rtnl_link_ops before calling register_netdevice
ipv6: l2tp: fix a potential issue in l2tp_ip6_recv
ipv4: l2tp: fix a potential issue in l2tp_ip_recv
tuntap: restore default qdisc
tun, bpf: fix suspicious RCU usage in tun_{attach, detach}_filter
rtnl: fix msg size calculation in if_nlmsg_size()
bridge: Allow set bridge ageing time when switchdev disabled
ipv6: udp: fix UDP_MIB_IGNOREDMULTI updates
qmi_wwan: add "D-Link DWM-221 B1" device id
xfrm: Fix crash observed during device unregistration and decryption
ppp: take reference on channels netns
ipv4: initialize flowi4_flags before calling fib_lookup()
ipv4: fix broadcast packets reception
bonding: fix bond_get_stats()
net: bcmgenet: fix dma api length mismatch
qlge: Fix receive packets drop.
tcp/dccp: remove obsolete WARN_ON() in icmp handlers
ppp: ensure file->private_data can't be overridden
ath9k: fix buffer overrun for ar9287
farsync: fix off-by-one bug in fst_add_one
mlx4: add missing braces in verify_qp_parameters
net: Fix use after free in the recvmmsg exit path
ipv4: Don't do expensive useless work during inetdev destroy.
bridge: allow zero ageing time
rocker: set FDB cleanup timer according to lowest ageing time
mlxsw: spectrum: Check requested ageing time is valid
macvtap: always pass ethernet header in linear
qlcnic: Fix mailbox completion handling during spurious interrupt
qlcnic: Remove unnecessary usage of atomic_t
sh_eth: advance 'rxdesc' later in sh_eth_ring_format()
sh_eth: fix NULL pointer dereference in sh_eth_ring_format()
bpf: avoid copying junk bytes in bpf_get_current_comm()
packet: validate variable length ll headers
ax25: add link layer header validation function
net: validate variable length ll headers
ppp: release rtnl mutex when interface creation fails
tcp: fix tcpi_segs_in after connection establishment
udp6: fix UDP/IPv6 encap resubmit path
usbnet: cleanup after bind() in probe()
cdc_ncm: toggle altsetting to force reset before setup
vxlan: fix missing options_len update on RX with collect metadata
ipv6: re-enable fragment header matching in ipv6_find_hdr
qmi_wwan: add Sierra Wireless EM74xx device ID
tipc: Revert "tipc: use existing sk_write_queue for outgoing packet chain"
mld, igmp: Fix reserved tailroom calculation
sctp: lack the check for ports in sctp_v6_cmp_addr
net: fix bridge multicast packet checksum validation
net: qca_spi: clear IFF_TX_SKB_SHARING
net: qca_spi: Don't clear IFF_BROADCAST
net: vrf: Remove direct access to skb->data
net: jme: fix suspend/resume on JMC260
ipv4: only create late gso-skb if skb is already set up with CHECKSUM_PARTIAL
tunnel: Clear IPCB(skb)->opt before dst_link_failure called
tcp: convert cached rtt from usec to jiffies when feeding initial rto
xen/events: Mask a moving irq
drm/amdgpu/gmc: use proper register for vram type on Fiji
drm/amdgpu/gmc: move vram type fetching into sw_init
drm/radeon: add a dpm quirk for all R7 370 parts
drm/radeon: add another R7 370 quirk
drm/radeon: add a dpm quirk for sapphire Dual-X R7 370 2G D5
drm/udl: Use unlocked gem unreferencing
drm/dp: move hw_mutex up the call stack
arm64: opcodes.h: Add arm big-endian config options before including arm header
compiler-gcc: disable -ftracer for __noclone functions
libnvdimm, pfn: fix uuid validation
libnvdimm: fix smart data retrieval
powerpc/mm: Fixup preempt underflow with huge pages
mm: fix invalid node in alloc_migrate_target()
ALSA: hda - Apply fix for white noise on Asus N550JV, too
ALSA: hda - Fix white noise on Asus N750JV headphone
ALSA: hda - Asus N750JV external subwoofer fixup
ALSA: timer: Use mod_timer() for rearming the system timer
parisc: Unbreak handling exceptions from kernel modules
parisc: Fix kernel crash with reversed copy_from_user()
parisc: Avoid function pointers for kernel exception routines
PKCS#7: pkcs7_validate_trust(): initialize the _trusted output argument
hwmon: (max1111) Return -ENODEV from max1111_read_channel if not instantiated
Linux 4.4.7
perf/x86/intel: Fix PEBS data source interpretation on Nehalem/Westmere
perf/x86/intel: Use PAGE_SIZE for PEBS buffer size on Core2
perf/x86/intel: Fix PEBS warning by only restoring active PMU in pmi
perf/x86/pebs: Add workaround for broken OVFL status on HSW+
sched/cputime: Fix steal time accounting vs. CPU hotplug
scsi_common: do not clobber fixed sense information
PM / sleep: Clear pm_suspend_global_flags upon hibernate
intel_idle: prevent SKL-H boot failure when C8+C9+C10 enabled
mtd: onenand: fix deadlock in onenand_block_markbad
mm/page_alloc: prevent merging between isolated and other pageblocks
ocfs2/dlm: fix BUG in dlm_move_lockres_to_recovery_list
ocfs2/dlm: fix race between convert and recovery
Input: ati_remote2 - fix crashes on detecting device with invalid descriptor
Input: ims-pcu - sanity check against missing interfaces
Input: synaptics - handle spurious release of trackstick buttons, again
writeback, cgroup: fix use of the wrong bdi_writeback which mismatches the inode
writeback, cgroup: fix premature wb_put() in locked_inode_to_wb_and_lock_list()
ACPI / PM: Runtime resume devices when waking from hibernate
ARM: dts: at91: sama5d4 Xplained: don't disable hsmci regulator
ARM: dts: at91: sama5d3 Xplained: don't disable hsmci regulator
nfsd: fix deadlock secinfo+readdir compound
nfsd4: fix bad bounds checking
iser-target: Rework connection termination
iser-target: Separate flows for np listeners and connections cma events
iser-target: Add new state ISER_CONN_BOUND to isert_conn
iser-target: Fix identification of login rx descriptor type
target: Fix target_release_cmd_kref shutdown comp leak
clk: bcm2835: Fix setting of PLL divider clock rates
clk: rockchip: add hclk_cpubus to the list of rk3188 critical clocks
clk: rockchip: rk3368: fix hdmi_cec gate-register
clk: rockchip: rk3368: fix parents of video encoder/decoder
clk: rockchip: rk3368: fix cpuclk core dividers
clk: rockchip: rk3368: fix cpuclk mux bit of big cpu-cluster
mmc: sdhci: Fix override of timeout clk wrt max_busy_timeout
mmc: sdhci: fix data timeout (part 2)
mmc: sdhci: fix data timeout (part 1)
mmc: mmc_spi: Add Card Detect comments and fix CD GPIO case
mmc: block: fix ABI regression of mmc_blk_ioctl
ideapad-laptop: Add ideapad Y700 (15) to the no_hw_rfkill DMI list
MAINTAINERS: Update mailing list and web page for hwmon subsystem
kbuild/mkspec: fix grub2 installkernel issue
scripts/kconfig: allow building with make 3.80 again
scripts/coccinelle: modernize &
bitops: Do not default to __clear_bit() for __clear_bit_unlock()
tracing: Fix trace_printk() to print when not using bprintk()
tracing: Fix crash from reading trace_pipe with sendfile
tracing: Have preempt(irqs)off trace preempt disabled functions
IB/ipoib: fix for rare multicast join race condition
drm/amdgpu: include the right version of gmc header files for iceland
drm/amdgpu: disable runtime pm on PX laptops without dGPU power control
drm/radeon: Don't drop DP 2.7 Ghz link setup on some cards.
drm/radeon: disable runtime pm on PX laptops without dGPU power control
iwlwifi: mvm: Fix paging memory leak
ipr: Fix regression when loading firmware
ipr: Fix out-of-bounds null overwrite
rapidio/rionet: fix deadlock on SMP
fs/coredump: prevent fsuid=0 dumps into user-controlled directories
fuse: Add reference counting for fuse_io_priv
fuse: do not use iocb after it may have been freed
md: multipath: don't hardcopy bio in .make_request path
md/raid5: preserve STRIPE_PREREAD_ACTIVE in break_stripe_batch_list
raid10: include bio_end_io_list in nr_queued to prevent freeze_array hang
RAID5: revert e9e4c377e2 to fix a livelock
RAID5: check_reshape() shouldn't call mddev_suspend
md/raid5: Compare apples to apples (or sectors to sectors)
raid1: include bio_end_io_list in nr_queued to prevent freeze_array hang
xfs: fix two memory leaks in xfs_attr_list.c error paths
quota: Fix possible GPF due to uninitialised pointers
ARC: bitops: Remove non relevant comments
ARC: [BE] readl()/writel() to work in Big Endian CPU configuration
xtensa: clear all DBREAKC registers on start
xtensa: fix preemption in {clear,copy}_user_highpage
xtensa: ISS: don't hang if stdin EOF is reached
splice: handle zero nr_pages in splice_to_pipe()
vfs: show_vfsstat: do not ignore errors from show_devname method
of: alloc anywhere from memblock if range not specified
net: mvneta: enable change MAC address when interface is up
cgroup: ignore css_sets associated with dead cgroups during migration
Bluetooth: Fix potential buffer overflow with Add Advertising
Bluetooth: Add new AR3012 ID 0489:e095
watchdog: rc32434_wdt: fix ioctl error handling
watchdog: don't run proc_watchdog_update if new value is same as old
ia64: define ioremap_uc()
mm: memcontrol: reclaim and OOM kill when shrinking memory.max below usage
mm: memcontrol: reclaim when shrinking memory.high below usage
bcache: fix cache_set_flush() NULL pointer dereference on OOM
bcache: fix race of writeback thread starting before complete initialization
bcache: cleaned up error handling around register_cache()
IB/srpt: Simplify srpt_handle_tsk_mgmt()
brd: Fix discard request processing
jbd2: fix FS corruption possibility in jbd2_journal_destroy() on umount path
tools/hv: Use include/uapi with __EXPORTED_HEADERS__
ALSA: hda - Fix unconditional GPIO toggle via automute
ALSA: hda - fix the mic mute button and led problem for a Lenovo AIO
ALSA: hda - Don't handle ELD notify from invalid port
ALSA: intel8x0: Add clock quirk entry for AD1981B on IBM ThinkPad X41.
ALSA: pcm: Avoid "BUG:" string for warnings again
ALSA: hda - Apply reboot D3 fix for CX20724 codec, too
mtip32xx: Cleanup queued requests after surprise removal
mtip32xx: Implement timeout handler
mtip32xx: Handle FTL rebuild failure state during device initialization
mtip32xx: Handle safe removal during IO
mtip32xx: Fix for rmmod crash when drive is in FTL rebuild
mtip32xx: Print exact time when an internal command is interrupted
mtip32xx: Remove unwanted code from taskfile error handler
mtip32xx: Fix broken service thread handling
mtip32xx: Avoid issuing standby immediate cmd during FTL rebuild
media: v4l2-compat-ioctl32: fix missing length copy in put_v4l2_buffer32
coda: fix first encoded frame payload
bttv: Width must be a multiple of 16 when capturing planar formats
adv7511: TX_EDID_PRESENT is still 1 after a disconnect
saa7134: Fix bytesperline not being set correctly for planar formats
8250: use callbacks to access UART_DLL/UART_DLM
net: irda: Fix use-after-free in irtty_open()
tty: Fix GPF in flush_to_ldisc(), part 2
staging: comedi: ni_mio_common: fix the ni_write[blw]() functions
staging: android: ion_test: fix check of platform_device_register_simple() error code
staging: comedi: ni_tiocmd: change mistaken use of start_src for start_arg
HID: fix hid_ignore_special_drivers module parameter
HID: multitouch: force retrieving of Win8 signature blob
HID: i2c-hid: fix OOB write in i2c_hid_set_or_send_report()
HID: logitech: fix Dual Action gamepad support
tpm: fix the cleanup of struct tpm_chip
tpm_eventlog.c: fix binary_bios_measurements
tpm_crb: tpm2_shutdown() must be called before tpm_chip_unregister()
tpm: fix the rollback in tpm_chip_register()
mei: bus: check if the device is enabled before data transfer
X.509: Fix leap year handling again
crypto: marvell/cesa - forward devm_ioremap_resource() error code
crypto: ux500 - fix checks of error code returned by devm_ioremap_resource()
crypto: atmel - fix checks of error code returned by devm_ioremap_resource()
crypto: keywrap - memzero the correct memory
crypto: ccp - memset request context to zero during import
crypto: ccp - Don't assume export/import areas are aligned
crypto: ccp - Limit the amount of information exported
crypto: ccp - Add hash state import and export support
Bluetooth: btusb: Add a new AR3012 ID 13d3:3472
Bluetooth: btusb: Add a new AR3012 ID 04ca:3014
Bluetooth: btusb: Add new AR3012 ID 13d3:3395
ALSA: usb-audio: Fix double-free in error paths after snd_usb_add_audio_stream() call
ALSA: usb-audio: Minor code cleanup in create_fixed_stream_quirk()
ALSA: usb-audio: add Microsoft HD-5001 to quirks
ALSA: usb-audio: Add sanity checks for endpoint accesses
ALSA: usb-audio: Fix NULL dereference in create_fixed_stream_quirk()
Input: powermate - fix oops with malicious USB descriptors
pwc: Add USB id for Philips Spc880nc webcam
USB: option: add "D-Link DWM-221 B1" device id
USB: serial: ftdi_sio: Add support for ICP DAS I-756xU devices
USB: serial: cp210x: Adding GE Healthcare Device ID
USB: cypress_m8: add endpoint sanity check
USB: digi_acceleport: do sanity checking for the number of ports
USB: mct_u232: add sanity checking in probe
USB: usb_driver_claim_interface: add sanity checking
USB: iowarrior: fix oops with malicious USB descriptors
USB: cdc-acm: more sanity checking
USB: uas: Reduce can_queue to MAX_CMNDS
usb: hub: fix a typo in hub_port_init() leading to wrong logic
usb: retry reset if a device times out
dm: fix rq_end_stats() NULL pointer in dm_requeue_original_request()
dm cache: make sure every metadata function checks fail_io
dm thin metadata: don't issue prefetches if a transaction abort has failed
dm: fix excessive dm-mq context switching
dm snapshot: disallow the COW and origin devices from being identical
libnvdimm: Fix security issue with DSM IOCTL.
aic7xxx: Fix queue depth handling
be2iscsi: set the boot_kset pointer to NULL in case of failure
scsi: storvsc: fix SRB_STATUS_ABORTED handling
sd: Fix discard granularity when LBPRZ=1
aacraid: Set correct msix count for EEH recovery
aacraid: Fix memory leak in aac_fib_map_free
aacraid: Fix RRQ overload
sg: fix dxferp in from_to case
x86/mm: TLB_REMOTE_SEND_IPI should count pages
x86/iopl: Fix iopl capability check on Xen PV
x86/iopl/64: Properly context-switch IOPL on Xen PV
x86/apic: Fix suspicious RCU usage in smp_trace_call_function_interrupt()
x86/irq: Cure live lock in fixup_irqs()
PCI: ACPI: IA64: fix IO port generic range check
PCI: Disable IO/MEM decoding for devices with non-compliant BARs
pinctrl-bcm2835: Fix cut-and-paste error in "pull" parsing
s390/pci: enforce fmb page boundary rule
s390/cpumf: add missing lpp magic initialization
s390: fix floating pointer register corruption (again)
EDAC, amd64_edac: Shift wrapping issue in f1x_get_norm_dct_addr()
EDAC/sb_edac: Fix computation of channel address
sched/preempt, sh: kmap_coherent relies on disabled preemption
sched/cputime: Fix steal_account_process_tick() to always return jiffies
Thermal: Ignore invalid trip points
perf tools: Fix python extension build
perf tools: Fix checking asprintf return value
perf tools: Dont stop PMU parsing on alias parse error
perf/core: Fix perf_sched_count derailment
KVM: VMX: fix nested vpid for old KVM guests
KVM: VMX: avoid guest hang on invalid invvpid instruction
KVM: VMX: avoid guest hang on invalid invept instruction
KVM: fix spin_lock_init order on x86
KVM: i8254: change PIT discard tick policy
KVM: x86: fix missed hardware breakpoints
x86/PCI: Mark Broadwell-EP Home Agent & PCU as having non-compliant BARs
perf/x86/intel: Add definition for PT PMI bit
x86/entry/compat: Keep TS_COMPAT set during signal delivery
x86/microcode: Untangle from BLK_DEV_INITRD
x86/microcode/intel: Make early loader look for builtin microcode too
mmc: sh_mmcif: Correct TX DMA channel allocation
mmc: sh_mmcif: rework dma channel handling
ASoC: samsung: pass DMA channels as pointers
regulator: core: Fix nested locking of supplies
regulator: core: avoid unused variable warning
s390/cpumf: Fix lpp detection
cpufreq: dt: No need to allocate resources anymore
cpufreq: dt: No need to fetch voltage-tolerance
cpufreq: dt: Use dev_pm_opp_set_rate() to switch frequency
cpufreq: dt: Reuse dev_pm_opp_get_max_transition_latency()
cpufreq: dt: Unsupported OPPs are already disabled
cpufreq: dt: Pass regulator name to the OPP core
cpufreq: dt: OPP layers handles clock-latency for V1 bindings as well
cpufreq: dt: Rename 'need_update' to 'opp_v1'
cpufreq: dt: Convert few pr_debug/err() calls to dev_dbg/err()
cpufreq-dt: fix handling regulator_get_voltage() result
cpufreq-dt: Supply power coefficient when registering cooling devices
PM / OPP: Rename structures for clarity
PM / OPP: Fix incorrect comments
PM / OPP: Initialize regulator pointer to an error value
PM / OPP: Initialize u_volt_min/max to a valid value
PM / OPP: Fix NULL pointer dereference crash when disabling OPPs
PM / OPP: Add dev_pm_opp_set_rate()
PM / OPP: Manage device clk
PM / OPP: Parse clock-latency and voltage-tolerance for v1 bindings
PM / OPP: Introduce dev_pm_opp_get_max_transition_latency()
PM / OPP: Introduce dev_pm_opp_get_max_volt_latency()
PM / OPP: Disable OPPs that aren't supported by the regulator
PM / OPP: get/put regulators from OPP core
cpufreq: cpufreq-dt: avoid uninitialized variable warnings:
PM / OPP: Use snprintf() instead of sprintf()
PM / OPP: Set cpu_dev->id in cpumask first
PM / OPP: Fix parsing of opp-microvolt and opp-microamp properties
PM / OPP: Parse 'opp-<prop>-<name>' bindings
PM / OPP: Parse 'opp-supported-hw' binding
PM / OPP: Add missing doc comments
PM / OPP: Rename OPP nodes as opp@<opp-hz>
PM / OPP: Remove 'operating-points-names' binding
PM / OPP: Add {opp-microvolt|opp-microamp}-<name> binding
PM / OPP: Add "opp-supported-hw" binding
PM / OPP: Add debugfs support
arm64: vdso: Mark vDSO code as read-only
Conflicts:
drivers/staging/android/ion/ion.c
mm/page_alloc.c
CRs-Fixed: 1010239
Change-Id: Id59539cad642885e1e41340cebae4159ba1f7eaf
Signed-off-by: Trilok Soni <tsoni@codeaurora.org>
This reverts the following -
commit f1900fb5ec ("net: Really fix vti6 with oif in dst
lookups")
'commit 4148987a51 ("net: Fix vti use case with oif in dst
lookups for IPv6")
commit 42a7b32b73 ("xfrm: Add oif to dst lookups")
Routing in tunneled scenarios are completely broken due to these
upstream commits. Revert these changes as a workaround till a
solution is determined internally and is accepted upstream.
CRs-Fixed: 1039009
Change-Id: I4e02573bc6dadf8d1a2ce50313e6d0c6e6a0e599
Acked-by: Abhinav Kannan <kannana@qti.qualcomm.com>
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
This reverts commit 5c7566a29b.
This patch revert some changes in net/netfilter/xt_qtaguid.c as well.
I'll submit another patch to restore those changes.
Change-Id: I2d9251867235a6566b4c676de0546ce046848c91
CRs-Fixed: 1035969
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Git-commit: cdb6973ae1
Git-repo: https://android.googlesource.com/kernel/common/
Signed-off-by: Bryse Flowers <bflowers@codeaurora.org>
It has been observed that default values for some of key tcp/ip
parameters are affecting the tput/performance of the system. Hence
extending configuration capabilities to TCP/Ip stack through
sysctl interface
Change-Id: I4287e9103769535f43e0934bac08435a524ee6a4
CRs-Fixed: 507581
Signed-off-by: Ravi Joshi <ravij@codeaurora.org>
Signed-off-by: Ganesh Babu Kumaravel <kganesh@codeaurora.org>
Signed-off-by: Mohit Khanna <mkhannaqca@codeaurora.org>
* tmp-917a9:
ARM/vdso: Mark the vDSO code read-only after init
x86/vdso: Mark the vDSO code read-only after init
lkdtm: Verify that '__ro_after_init' works correctly
arch: Introduce post-init read-only memory
x86/mm: Always enable CONFIG_DEBUG_RODATA and remove the Kconfig option
mm/init: Add 'rodata=off' boot cmdline parameter to disable read-only kernel mappings
asm-generic: Consolidate mark_rodata_ro()
Linux 4.4.6
ld-version: Fix awk regex compile failure
target: Drop incorrect ABORT_TASK put for completed commands
block: don't optimize for non-cloned bio in bio_get_last_bvec()
MIPS: smp.c: Fix uninitialised temp_foreign_map
MIPS: Fix build error when SMP is used without GIC
ovl: fix getcwd() failure after unsuccessful rmdir
ovl: copy new uid/gid into overlayfs runtime inode
userfaultfd: don't block on the last VM updates at exit time
powerpc/powernv: Fix OPAL_CONSOLE_FLUSH prototype and usages
powerpc/powernv: Add a kmsg_dumper that flushes console output on panic
powerpc: Fix dedotify for binutils >= 2.26
Revert "drm/radeon/pm: adjust display configuration after powerstate"
drm/radeon: Fix error handling in radeon_flip_work_func.
drm/amdgpu: Fix error handling in amdgpu_flip_work_func.
Revert "drm/radeon: call hpd_irq_event on resume"
x86/mm: Fix slow_virt_to_phys() for X86_PAE again
gpu: ipu-v3: Do not bail out on missing optional port nodes
mac80211: Fix Public Action frame RX in AP mode
mac80211: check PN correctly for GCMP-encrypted fragmented MPDUs
mac80211: minstrel_ht: fix a logic error in RTS/CTS handling
mac80211: minstrel_ht: set default tx aggregation timeout to 0
mac80211: fix use of uninitialised values in RX aggregation
mac80211: minstrel: Change expected throughput unit back to Kbps
iwlwifi: mvm: inc pending frames counter also when txing non-sta
can: gs_usb: fixed disconnect bug by removing erroneous use of kfree()
cfg80211/wext: fix message ordering
wext: fix message delay/ordering
ovl: fix working on distributed fs as lower layer
ovl: ignore lower entries when checking purity of non-directory entries
ASoC: wm8958: Fix enum ctl accesses in a wrong type
ASoC: wm8994: Fix enum ctl accesses in a wrong type
ASoC: samsung: Use IRQ safe spin lock calls
ASoC: dapm: Fix ctl value accesses in a wrong type
ncpfs: fix a braino in OOM handling in ncp_fill_cache()
jffs2: reduce the breakage on recovery from halfway failed rename()
dmaengine: at_xdmac: fix residue computation
tracing: Fix check for cpu online when event is disabled
s390/dasd: fix diag 0x250 inline assembly
s390/mm: four page table levels vs. fork
KVM: MMU: fix reserved bit check for ept=0/CR0.WP=0/CR4.SMEP=1/EFER.NX=0
KVM: MMU: fix ept=0/pte.u=1/pte.w=0/CR0.WP=0/CR4.SMEP=1/EFER.NX=0 combo
KVM: PPC: Book3S HV: Sanitize special-purpose register values on guest exit
KVM: s390: correct fprs on SIGP (STOP AND) STORE STATUS
KVM: VMX: disable PEBS before a guest entry
kvm: cap halt polling at exactly halt_poll_ns
PCI: Allow a NULL "parent" pointer in pci_bus_assign_domain_nr()
ARM: OMAP2+: hwmod: Introduce ti,no-idle dt property
ARM: dts: dra7: do not gate cpsw clock due to errata i877
ARM: mvebu: fix overlap of Crypto SRAM with PCIe memory window
arm64: account for sparsemem section alignment when choosing vmemmap offset
Linux 4.4.5
drm/amdgpu: fix topaz/tonga gmc assignment in 4.4 stable
modules: fix longstanding /proc/kallsyms vs module insertion race.
drm/i915: refine qemu south bridge detection
drm/i915: more virtual south bridge detection
block: get the 1st and last bvec via helpers
block: check virt boundary in bio_will_gap()
drm/amdgpu: Use drm_calloc_large for VM page_tables array
thermal: cpu_cooling: fix out of bounds access in time_in_idle
i2c: brcmstb: allocate correct amount of memory for regmap
ubi: Fix out of bounds write in volume update code
cxl: Fix PSL timebase synchronization detection
MIPS: traps: Fix SIGFPE information leak from `do_ov' and `do_trap_or_bp'
MIPS: scache: Fix scache init with invalid line size.
USB: serial: option: add support for Quectel UC20
USB: serial: option: add support for Telit LE922 PID 0x1045
USB: qcserial: add Sierra Wireless EM74xx device ID
USB: qcserial: add Dell Wireless 5809e Gobi 4G HSPA+ (rev3)
USB: cp210x: Add ID for Parrot NMEA GPS Flight Recorder
usb: chipidea: otg: change workqueue ci_otg as freezable
ALSA: timer: Fix broken compat timer user status ioctl
ALSA: hdspm: Fix zero-division
ALSA: hdsp: Fix wrong boolean ctl value accesses
ALSA: hdspm: Fix wrong boolean ctl value accesses
ALSA: seq: oss: Don't drain at closing a client
ALSA: pcm: Fix ioctls for X32 ABI
ALSA: timer: Fix ioctls for X32 ABI
ALSA: rawmidi: Fix ioctls X32 ABI
ALSA: hda - Fix mic issues on Acer Aspire E1-472
ALSA: ctl: Fix ioctls for X32 ABI
ALSA: usb-audio: Add a quirk for Plantronics DA45
adv7604: fix tx 5v detect regression
dmaengine: pxa_dma: fix cyclic transfers
Fix directory hardlinks from deleted directories
jffs2: Fix page lock / f->sem deadlock
Revert "jffs2: Fix lock acquisition order bug in jffs2_write_begin"
Btrfs: fix loading of orphan roots leading to BUG_ON
pata-rb532-cf: get rid of the irq_to_gpio() call
tracing: Do not have 'comm' filter override event 'comm' field
ata: ahci: don't mark HotPlugCapable Ports as external/removable
PM / sleep / x86: Fix crash on graph trace through x86 suspend
arm64: vmemmap: use virtual projection of linear region
Adding Intel Lewisburg device IDs for SATA
writeback: flush inode cgroup wb switches instead of pinning super_block
block: bio: introduce helpers to get the 1st and last bvec
libata: Align ata_device's id on a cacheline
libata: fix HDIO_GET_32BIT ioctl
drm/amdgpu: return from atombios_dp_get_dpcd only when error
drm/amdgpu/gfx8: specify which engine to wait before vm flush
drm/amdgpu: apply gfx_v8 fixes to gfx_v7 as well
drm/amdgpu/pm: update current crtc info after setting the powerstate
drm/radeon/pm: update current crtc info after setting the powerstate
drm/ast: Fix incorrect register check for DRAM width
target: Fix WRITE_SAME/DISCARD conversion to linux 512b sectors
iommu/vt-d: Use BUS_NOTIFY_REMOVED_DEVICE in hotplug path
iommu/amd: Fix boot warning when device 00:00.0 is not iommu covered
iommu/amd: Apply workaround for ATS write permission check
arm/arm64: KVM: Fix ioctl error handling
KVM: x86: fix root cause for missed hardware breakpoints
vfio: fix ioctl error handling
Fix cifs_uniqueid_to_ino_t() function for s390x
CIFS: Fix SMB2+ interim response processing for read requests
cifs: fix out-of-bounds access in lease parsing
fbcon: set a default value to blink interval
kvm: x86: Update tsc multiplier on change.
mips/kvm: fix ioctl error handling
parisc: Fix ptrace syscall number and return value modification
PCI: keystone: Fix MSI code that retrieves struct pcie_port pointer
block: Initialize max_dev_sectors to 0
drm/amdgpu: mask out WC from BO on unsupported arches
btrfs: async-thread: Fix a use-after-free error for trace
btrfs: Fix no_space in write and rm loop
Btrfs: fix deadlock running delayed iputs at transaction commit time
drivers: sh: Restore legacy clock domain on SuperH platforms
use ->d_seq to get coherency between ->d_inode and ->d_flags
Linux 4.4.4
iwlwifi: mvm: don't allow sched scans without matches to be started
iwlwifi: update and fix 7265 series PCI IDs
iwlwifi: pcie: properly configure the debug buffer size for 8000
iwlwifi: dvm: fix WoWLAN
security: let security modules use PTRACE_MODE_* with bitmasks
IB/cma: Fix RDMA port validation for iWarp
x86/irq: Plug vector cleanup race
x86/irq: Call irq_force_move_complete with irq descriptor
x86/irq: Remove outgoing CPU from vector cleanup mask
x86/irq: Remove the cpumask allocation from send_cleanup_vector()
x86/irq: Clear move_in_progress before sending cleanup IPI
x86/irq: Remove offline cpus from vector cleanup
x86/irq: Get rid of code duplication
x86/irq: Copy vectormask instead of an AND operation
x86/irq: Check vector allocation early
x86/irq: Reorganize the search in assign_irq_vector
x86/irq: Reorganize the return path in assign_irq_vector
x86/irq: Do not use apic_chip_data.old_domain as temporary buffer
x86/irq: Validate that irq descriptor is still active
x86/irq: Fix a race in x86_vector_free_irqs()
x86/irq: Call chip->irq_set_affinity in proper context
x86/entry/compat: Add missing CLAC to entry_INT80_32
x86/mpx: Fix off-by-one comparison with nr_registers
hpfs: don't truncate the file when delete fails
do_last(): ELOOP failure exit should be done after leaving RCU mode
should_follow_link(): validate ->d_seq after having decided to follow
xen/pcifront: Fix mysterious crashes when NUMA locality information was extracted.
xen/pciback: Save the number of MSI-X entries to be copied later.
xen/pciback: Check PF instead of VF for PCI_COMMAND_MEMORY
xen/scsiback: correct frontend counting
xen/arm: correctly handle DMA mapping of compound pages
ARM: at91/dt: fix typo in sama5d2 pinmux descriptions
ARM: OMAP2+: Fix onenand initialization to avoid filesystem corruption
do_last(): don't let a bogus return value from ->open() et.al. to confuse us
kernel/resource.c: fix muxed resource handling in __request_region()
sunrpc/cache: fix off-by-one in qword_get()
tracing: Fix showing function event in available_events
powerpc/eeh: Fix partial hotplug criterion
KVM: x86: MMU: fix ubsan index-out-of-range warning
KVM: x86: fix conversion of addresses to linear in 32-bit protected mode
KVM: x86: fix missed hardware breakpoints
KVM: arm/arm64: vgic: Ensure bitmaps are long enough
KVM: async_pf: do not warn on page allocation failures
of/irq: Fix msi-map calculation for nonzero rid-base
NFSv4: Fix a dentry leak on alias use
nfs: fix nfs_size_to_loff_t
block: fix use-after-free in dio_bio_complete
bio: return EINTR if copying to user space got interrupted
i2c: i801: Adding Intel Lewisburg support for iTCO
phy: core: fix wrong err handle for phy_power_on
writeback: keep superblock pinned during cgroup writeback association switches
cgroup: make sure a parent css isn't offlined before its children
cpuset: make mm migration asynchronous
PCI/AER: Flush workqueue on device remove to avoid use-after-free
ARCv2: SMP: Emulate IPI to self using software triggered interrupt
ARCv2: STAR 9000950267: Handle return from intr to Delay Slot #2
libata: fix sff host state machine locking while polling
qla2xxx: Fix stale pointer access.
spi: atmel: fix gpio chip-select in case of non-DT platform
target: Fix race with SCF_SEND_DELAYED_TAS handling
target: Fix remote-port TMR ABORT + se_cmd fabric stop
target: Fix TAS handling for multi-session se_node_acls
target: Fix LUN_RESET active TMR descriptor handling
target: Fix LUN_RESET active I/O handling for ACK_KREF
ALSA: hda - Fixing background noise on Dell Inspiron 3162
ALSA: hda - Apply clock gate workaround to Skylake, too
Revert "workqueue: make sure delayed work run in local cpu"
workqueue: handle NUMA_NO_NODE for unbound pool_workqueue lookup
mac80211: Requeue work after scan complete for all VIF types.
rfkill: fix rfkill_fop_read wait_event usage
tick/nohz: Set the correct expiry when switching to nohz/lowres mode
perf stat: Do not clean event's private stats
cdc-acm:exclude Samsung phone 04e8:685d
Revert "Staging: panel: usleep_range is preferred over udelay"
Staging: speakup: Fix getting port information
sd: Optimal I/O size is in bytes, not sectors
libceph: don't spam dmesg with stray reply warnings
libceph: use the right footer size when skipping a message
libceph: don't bail early from try_read() when skipping a message
libceph: fix ceph_msg_revoke()
seccomp: always propagate NO_NEW_PRIVS on tsync
cpufreq: Fix NULL reference crash while accessing policy->governor_data
cpufreq: pxa2xx: fix pxa_cpufreq_change_voltage prototype
hwmon: (ads1015) Handle negative conversion values correctly
hwmon: (gpio-fan) Remove un-necessary speed_index lookup for thermal hook
hwmon: (dell-smm) Blacklist Dell Studio XPS 8000
Thermal: do thermal zone update after a cooling device registered
Thermal: handle thermal zone device properly during system sleep
Thermal: initialize thermal zone device correctly
IB/mlx5: Expose correct maximum number of CQE capacity
IB/qib: Support creating qps with GFP_NOIO flag
IB/qib: fix mcast detach when qp not attached
IB/cm: Fix a recently introduced deadlock
dmaengine: dw: disable BLOCK IRQs for non-cyclic xfer
dmaengine: at_xdmac: fix resume for cyclic transfers
dmaengine: dw: fix cyclic transfer callbacks
dmaengine: dw: fix cyclic transfer setup
nfit: fix multi-interface dimm handling, acpi6.1 compatibility
ACPI / PCI / hotplug: unlock in error path in acpiphp_enable_slot()
ACPI: Revert "ACPI / video: Add Dell Inspiron 5737 to the blacklist"
ACPI / video: Add disable_backlight_sysfs_if quirk for the Toshiba Satellite R830
ACPI / video: Add disable_backlight_sysfs_if quirk for the Toshiba Portege R700
lib: sw842: select crc32
uapi: update install list after nvme.h rename
ideapad-laptop: Add Lenovo Yoga 700 to no_hw_rfkill dmi list
ideapad-laptop: Add Lenovo ideapad Y700-17ISK to no_hw_rfkill dmi list
toshiba_acpi: Fix blank screen at boot if transflective backlight is supported
make sure that freeing shmem fast symlinks is RCU-delayed
drm/radeon/pm: adjust display configuration after powerstate
drm/radeon: Don't hang in radeon_flip_work_func on disabled crtc. (v2)
drm: Fix treatment of drm_vblank_offdelay in drm_vblank_on() (v2)
drm: Fix drm_vblank_pre/post_modeset regression from Linux 4.4
drm: Prevent vblank counter bumps > 1 with active vblank clients. (v2)
drm: No-Op redundant calls to drm_vblank_off() (v2)
drm/radeon: use post-decrement in error handling
drm/qxl: use kmalloc_array to alloc reloc_info in qxl_process_single_command
drm/i915: fix error path in intel_setup_gmbus()
drm/i915/dsi: don't pass arbitrary data to sideband
drm/i915/dsi: defend gpio table against out of bounds access
drm/i915/skl: Don't skip mst encoders in skl_ddi_pll_select()
drm/i915: Don't reject primary plane windowing with color keying enabled on SKL+
drm/i915/dp: fall back to 18 bpp when sink capability is unknown
drm/i915: Make sure DC writes are coherent on flush.
drm/i915: Init power domains early in driver load
drm/i915: intel_hpd_init(): Fix suspend/resume reprobing
drm/i915: Restore inhibiting the load of the default context
drm: fix missing reference counting decrease
drm/radeon: hold reference to fences in radeon_sa_bo_new
drm/radeon: mask out WC from BO on unsupported arches
drm: add helper to check for wc memory support
drm/radeon: fix DP audio support for APU with DCE4.1 display engine
drm/radeon: Add a common function for DFS handling
drm/radeon: cleaned up VCO output settings for DP audio
drm/radeon: properly byte swap vce firmware setup
drm/radeon: clean up fujitsu quirks
drm/radeon: Fix "slow" audio over DP on DCE8+
drm/radeon: call hpd_irq_event on resume
drm/radeon: Fix off-by-one errors in radeon_vm_bo_set_addr
drm/dp/mst: deallocate payload on port destruction
drm/dp/mst: Reverse order of MST enable and clearing VC payload table.
drm/dp/mst: move GUID storage from mgr, port to only mst branch
drm/dp/mst: Calculate MST PBN with 31.32 fixed point
drm: Add drm_fixp_from_fraction and drm_fixp2int_ceil
drm/dp/mst: fix in RAD element access
drm/dp/mst: fix in MSTB RAD initialization
drm/dp/mst: always send reply for UP request
drm/dp/mst: process broadcast messages correctly
drm/nouveau: platform: Fix deferred probe
drm/nouveau/disp/dp: ensure sink is powered up before attempting link training
drm/nouveau/display: Enable vblank irqs after display engine is on again.
drm/nouveau/kms: take mode_config mutex in connector hotplug path
drm/amdgpu/pm: adjust display configuration after powerstate
drm/amdgpu: Don't hang in amdgpu_flip_work_func on disabled crtc.
drm/amdgpu: use post-decrement in error handling
drm/amdgpu: fix issue with overlapping userptrs
drm/amdgpu: hold reference to fences in amdgpu_sa_bo_new (v2)
drm/amdgpu: remove unnecessary forward declaration
drm/amdgpu: fix s4 resume
drm/amdgpu: remove exp hardware support from iceland
drm/amdgpu: don't load MEC2 on topaz
drm/amdgpu: drop topaz support from gmc8 module
drm/amdgpu: pull topaz gmc bits into gmc_v7
drm/amdgpu: The VI specific EXE bit should only apply to GMC v8.0 above
drm/amdgpu: iceland use CI based MC IP
drm/amdgpu: move gmc7 support out of CIK dependency
drm/amdgpu: no need to load MC firmware on fiji
drm/amdgpu: fix amdgpu_bo_pin_restricted VRAM placing v2
drm/amdgpu: fix tonga smu resume
drm/amdgpu: fix lost sync_to if scheduler is enabled.
drm/amdgpu: call hpd_irq_event on resume
drm/amdgpu: Fix off-by-one errors in amdgpu_vm_bo_map
drm/vmwgfx: respect 'nomodeset'
drm/vmwgfx: Fix a width / pitch mismatch on framebuffer updates
drm/vmwgfx: Fix an incorrect lock check
virtio_pci: fix use after free on release
virtio_balloon: fix race between migration and ballooning
virtio_balloon: fix race by fill and leak
regulator: mt6311: MT6311_REGULATOR needs to select REGMAP_I2C
regulator: axp20x: Fix GPIO LDO enable value for AXP22x
clk: exynos: use irqsave version of spin_lock to avoid deadlock with irqs
cxl: use correct operator when writing pcie config space values
sparc64: fix incorrect sign extension in sys_sparc64_personality
EDAC, mc_sysfs: Fix freeing bus' name
EDAC: Robustify workqueues destruction
MIPS: Fix buffer overflow in syscall_get_arguments()
MIPS: Fix some missing CONFIG_CPU_MIPSR6 #ifdefs
MIPS: hpet: Choose a safe value for the ETIME check
MIPS: Loongson-3: Fix SMP_ASK_C0COUNT IPI handler
Revert "MIPS: Fix PAGE_MASK definition"
cputime: Prevent 32bit overflow in time[val|spec]_to_cputime()
time: Avoid signed overflow in timekeeping_get_ns()
Bluetooth: 6lowpan: Fix handling of uncompressed IPv6 packets
Bluetooth: 6lowpan: Fix kernel NULL pointer dereferences
Bluetooth: Fix incorrect removing of IRKs
Bluetooth: Add support of Toshiba Broadcom based devices
Bluetooth: Use continuous scanning when creating LE connections
Drivers: hv: vmbus: Fix a Host signaling bug
tools: hv: vss: fix the write()'s argument: error -> vss_msg
mmc: sdhci: Allow override of get_cd() called from sdhci_request()
mmc: sdhci: Allow override of mmc host operations
mmc: sdhci-pci: Fix card detect race for Intel BXT/APL
mmc: pxamci: fix again read-only gpio detection polarity
mmc: sdhci-acpi: Fix card detect race for Intel BXT/APL
mmc: mmci: fix an ages old detection error
mmc: core: Enable tuning according to the actual timing
mmc: sdhci: Fix sdhci_runtime_pm_bus_on/off()
mmc: mmc: Fix incorrect use of driver strength switching HS200 and HS400
mmc: sdio: Fix invalid vdd in voltage switch power cycle
mmc: sdhci: Fix DMA descriptor with zero data length
mmc: sdhci-pci: Do not default to 33 Ohm driver strength for Intel SPT
mmc: usdhi6rol0: handle NULL data in timeout
clockevents/tcb_clksrc: Prevent disabling an already disabled clock
posix-clock: Fix return code on the poll method's error path
irqchip/gic-v3-its: Fix double ICC_EOIR write for LPI in EOImode==1
irqchip/atmel-aic: Fix wrong bit operation for IRQ priority
irqchip/mxs: Add missing set_handle_irq()
irqchip/omap-intc: Add support for spurious irq handling
coresight: checking for NULL string in coresight_name_match()
dm: fix dm_rq_target_io leak on faults with .request_fn DM w/ blk-mq paths
dm snapshot: fix hung bios when copy error occurs
dm space map metadata: remove unused variable in brb_pop()
tda1004x: only update the frontend properties if locked
vb2: fix a regression in poll() behavior for output,streams
gspca: ov534/topro: prevent a division by 0
si2157: return -EINVAL if firmware blob is too big
media: dvb-core: Don't force CAN_INVERSION_AUTO in oneshot mode
rc: sunxi-cir: Initialize the spinlock properly
namei: ->d_inode of a pinned dentry is stable only for positives
mei: validate request value in client notify request ioctl
mei: fix fasync return value on error
rtlwifi: rtl8723be: Fix module parameter initialization
rtlwifi: rtl8188ee: Fix module parameter initialization
rtlwifi: rtl8192se: Fix module parameter initialization
rtlwifi: rtl8723ae: Fix initialization of module parameters
rtlwifi: rtl8192de: Fix incorrect module parameter descriptions
rtlwifi: rtl8192ce: Fix handling of module parameters
rtlwifi: rtl8192cu: Add missing parameter setup
rtlwifi: rtl_pci: Fix kernel panic
locks: fix unlock when fcntl_setlk races with a close
um: link with -lpthread
uml: fix hostfs mknod()
uml: flush stdout before forking
s390/fpu: signals vs. floating point control register
s390/compat: correct restore of high gprs on signal return
s390/dasd: fix performance drop
s390/dasd: fix refcount for PAV reassignment
s390/dasd: prevent incorrect length error under z/VM after PAV changes
s390: fix normalization bug in exception table sorting
btrfs: initialize the seq counter in struct btrfs_device
Btrfs: Initialize btrfs_root->highest_objectid when loading tree root and subvolume roots
Btrfs: fix transaction handle leak on failure to create hard link
Btrfs: fix number of transaction units required to create symlink
Btrfs: send, don't BUG_ON() when an empty symlink is found
btrfs: statfs: report zero available if metadata are exhausted
Btrfs: igrab inode in writepage
Btrfs: add missing brelse when superblock checksum fails
KVM: s390: fix memory overwrites when vx is disabled
s390/kvm: remove dependency on struct save_area definition
clocksource/drivers/vt8500: Increase the minimum delta
genirq: Validate action before dereferencing it in handle_irq_event_percpu()
mm: numa: quickly fail allocations for NUMA balancing on full nodes
mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED
ocfs2: unlock inode if deleting inode from orphan fails
drm/i915: shut up gen8+ SDE irq dmesg noise
iw_cxgb3: Fix incorrectly returning error on success
spi: omap2-mcspi: Prevent duplicate gpio_request
drivers: android: correct the size of struct binder_uintptr_t for BC_DEAD_BINDER_DONE
USB: option: add "4G LTE usb-modem U901"
USB: option: add support for SIM7100E
USB: cp210x: add IDs for GE B650V3 and B850V3 boards
usb: dwc3: Fix assignment of EP transfer resources
can: ems_usb: Fix possible tx overflow
dm thin: fix race condition when destroying thin pool workqueue
bcache: Change refill_dirty() to always scan entire disk if necessary
bcache: prevent crash on changing writeback_running
bcache: allows use of register in udev to avoid "device_busy" error.
bcache: unregister reboot notifier if bcache fails to unregister device
bcache: fix a leak in bch_cached_dev_run()
bcache: clear BCACHE_DEV_UNLINK_DONE flag when attaching a backing device
bcache: Add a cond_resched() call to gc
bcache: fix a livelock when we cause a huge number of cache misses
lib/ucs2_string: Correct ucs2 -> utf8 conversion
efi: Add pstore variables to the deletion whitelist
efi: Make efivarfs entries immutable by default
efi: Make our variable validation list include the guid
efi: Do variable name validation tests in utf8
efi: Use ucs2_as_utf8 in efivarfs instead of open coding a bad version
lib/ucs2_string: Add ucs2 -> utf8 helper functions
ARM: 8457/1: psci-smp is built only for SMP
drm/gma500: Use correct unref in the gem bo create function
devm_memremap: Fix error value when memremap failed
KVM: s390: fix guest fprs memory leak
arm64: errata: Add -mpc-relative-literal-loads to build flags
ARM: debug-ll: fix BCM63xx entry for multiplatform
ext4: fix bh->b_state corruption
sctp: Fix port hash table size computation
unix_diag: fix incorrect sign extension in unix_lookup_by_ino
tipc: unlock in error path
rtnl: RTM_GETNETCONF: fix wrong return value
IFF_NO_QUEUE: Fix for drivers not calling ether_setup()
tcp/dccp: fix another race at listener dismantle
route: check and remove route cache when we get route
net_sched fix: reclassification needs to consider ether protocol changes
pppoe: fix reference counting in PPPoE proxy
l2tp: Fix error creating L2TP tunnels
net/mlx4_en: Avoid changing dev->features directly in run-time
net/mlx4_en: Choose time-stamping shift value according to HW frequency
net/mlx4_en: Count HW buffer overrun only once
qmi_wwan: add "4G LTE usb-modem U901"
tcp: md5: release request socket instead of listener
tipc: fix premature addition of node to lookup table
af_unix: Guard against other == sk in unix_dgram_sendmsg
af_unix: Don't set err in unix_stream_read_generic unless there was an error
ipv4: fix memory leaks in ip_cmsg_send() callers
bonding: Fix ARP monitor validation
bpf: fix branch offset adjustment on backjumps after patching ctx expansion
flow_dissector: Fix unaligned access in __skb_flow_dissector when used by eth_get_headlen
net: Copy inner L3 and L4 headers as unaligned on GRE TEB
sctp: translate network order to host order when users get a hmacid
enic: increment devcmd2 result ring in case of timeout
tg3: Fix for tg3 transmit queue 0 timed out when too many gso_segs
net:Add sysctl_max_skb_frags
tcp: do not drop syn_recv on all icmp reports
unix: correctly track in-flight fds in sending process user_struct
ipv6: fix a lockdep splat
ipv6: addrconf: Fix recursive spin lock call
ipv6/udp: use sticky pktinfo egress ifindex on connect()
ipv6: enforce flowi6_oif usage in ip6_dst_lookup_tail()
tcp: beware of alignments in tcp_get_info()
switchdev: Require RTNL mutex to be held when sending FDB notifications
inet: frag: Always orphan skbs inside ip_defrag()
tipc: fix connection abort during subscription cancel
net: dsa: fix mv88e6xxx switches
sctp: allow setting SCTP_SACK_IMMEDIATELY by the application
pptp: fix illegal memory access caused by multiple bind()s
af_unix: fix struct pid memory leak
tcp: fix NULL deref in tcp_v4_send_ack()
lwt: fix rx checksum setting for lwt devices tunneling over ipv6
tunnels: Allow IPv6 UDP checksums to be correctly controlled.
net: dp83640: Fix tx timestamp overflow handling.
gro: Make GRO aware of lightweight tunnels.
af_iucv: Validate socket address length in iucv_sock_bind()
Conflicts:
arch/arm64/Makefile
arch/arm64/include/asm/cacheflush.h
drivers/mmc/host/sdhci.c
drivers/usb/dwc3/ep0.c
drivers/usb/dwc3/gadget.c
kernel/module.c
sound/core/pcm_compat.c
CRs-Fixed: 1010239
Signed-off-by: Runmin Wang <runminw@codeaurora.org>
Change-Id: I41a28636fc9ad91f9d979b191784609476294cdf
No support for pbss results in a memory leak for the acl_data
(if parse_acl_data succeeds). Fix this by moving the ACL parsing later.
Cc: stable@vger.kernel.org
Fixes: 34d505193bd10 ("cfg80211: basic support for PBSS network type")
Signed-off-by: Purushottam Kushwaha <pkushwah@qti.qualcomm.com>
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Git-repo: git://git.kernel.org/cgit/linux/kernel/git/jberg/mac80211.git
Git-commit: 6e8ef842223b90a33efd570128bb566a9ae6f5ad
CRs-fixed: 1024951
Change-Id: I5750ae9091ca349e98bba4b24c78ef9446278c5a
Signed-off-by: Purushottam Kushwaha <pkushwah@codeaurora.org>
This change extends the existing LRO module to use the
hardware assits provided by certain NICs thereby reducing
the CPU utilization.
CRs-Fixed: 1035499
Change-Id: I4ed497c69042a4d15f9340f91d60c262ca79a36b
Signed-off-by: Dhanashri Atre <datre@codeaurora.org>
The %pK restrictions are used to eliminate exposing kernel addresses.
When kptr_restrict is set to "0" there are no restrictions. When
kptr_restrict is set to "1", kernel pointers printed using the %pK
format specifier will be replaced with 0's unless the user has
CAP_SYSLOG. When kptr_restrict is set to "2", kernel pointers printed
using %pK will be replaced with 0's regardless of privileges.
Change-Id: Iacd8f7b7cdafed3a111507d3da899be9261ff09f
Signed-off-by: Dibyendu Roy <dibyen@codeaurora.org>
When WIPHY_FLAG_DFS_OFFLOAD is defined, driver would take care the
DFS related operation, hence the Kernel needs to ignore the DFS
states checking.
CRs-fixed:1032889
Change-Id: I02fa5e3e25427c0ca474455fa2d2be9eb6ea4bd9
Signed-off-by: Ryan Hsu <ryanhsu@codeaurora.org>
IPC Router assigns NULL to write_space callback for all sockets in its
family by defaults. The setsockopt operation with SO_SNDBUF option
accesses write_space callback without checking its validity. This may
lead to a NULL pointer dereferencing when that operation is performed.
Assign a dummy write_space callback operation by default to all IPC Router
sockets.
CRs-Fixed: 1025150
Change-Id: Id2454683116c948b7bb4fa3c50a91a5a9585a491
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@codeaurora.org>
Regulatory updates for countries Egypt, Russia, Namibia
Indonesia, Guam and Pakistan.
Change-Id: I96345f025e0da99d595e60b37f34bf581927c153
CRs-Fixed: 1023830
Signed-off-by: Amar Singhal <asinghal@codeaurora.org>
Increase the Tx Power for ETSI1 regulatory domain countries. ETSI1
controls the Tx Power for 5 GHz channels. Due to presence of TPC,
the Tx power can be increased by 3 dBm.
Change-Id: I3c450ceae589ec8758eb0f0323140faab0cbc43b
CRs-Fixed: 1023830
Signed-off-by: Amar Singhal <asinghal@codeaurora.org>
Driver configures the default country code during bootup.
When STA disconnects, cfg80211 restore the regulatory setting
to world domain.cfg80211 should remain in the default country
code and not restore to world reg domain.
Change-Id: I01ccdc4d2831cf252a4b35f9f856f3256d9b7429
CRs-Fixed: 1023778
Signed-off-by: Sachin Ahuja <sahuja@codeaurora.org>
[joshc: fixed hunk in disconnect_work() - moved
cfg80211_is_all_countryie_ignore() check into new location, collapsed
conditional and use upstream REGULATORY_COUNTRY_IE_IGNORE regulatory
flag]
Signed-off-by: Josh Cartwright <joshc@codeaurora.org>
If the driver is loaded when cfg80211_regdom is intersected then
user hint will fail for the first time since cfg80211 does not
have a check to see if cfg80211_regdom is intersected. Add
a check to see if cf80211_regdom is intersected and allow the
user hint to be processed.
Change-Id: Iba9cdd32470e29d35d3bb35012eb404b7c78d601
CRs-Fixed: 639538
Signed-off-by: Mihir Shete <smihir@codeaurora.org>
Print format %p displays the kernel address while bypassing the
kptr_restrict sysctl settings.
Change the print format for addresses from %p to %pK. If
kptr_restrict is enabled, addresses are printed as zeroes. To view
the actual addresses, disable kptr_restrict by -
echo 0 > /proc/sys/kernel/kptr_restrict
CRs-Fixed: 987041
Change-Id: I2eb33c63168ab26818dfdb3e11315f2ce8f24fa5
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Following stack trace was seen while doing a data transfer
Unable to handle kernel paging request at virtual address
6b6b6b6b6b6b6ef3
pgd = ffffffc01c7c5000 [6b6b6b6b6b6b6ef3] *pgd=0000000000000000,
*pud=0000000000000000
Internal error: Oops: 96000004 [#1] PREEMPT SMP
Call trace:
[<ffffffc000f669ac>] rmnet_map_command+0x19c/0x238
[<ffffffc000f6504c>] _rmnet_map_ingress_handler+0x3c/0x264
[<ffffffc000f65500>] rmnet_ingress_handler+0x1b4/0x3a4
[<ffffffc000f65704>] rmnet_rx_handler+0x14/0x2c
[<ffffffc000d8b5ac>] __netif_receive_skb_core+0x514/0x71c
[<ffffffc000d8c270>] __netif_receive_skb+0x30/0x98
[<ffffffc000d8d3bc>] process_backlog+0xb0/0x184
[<ffffffc000d8d1f8>] net_rx_action+0xfc/0x210
[<ffffffc00016a2e0>] __do_softirq+0x1c0/0x39c
[<ffffffc00016a824>] irq_exit+0x88/0xf4
[<ffffffc0001565e8>] handle_IPI+0x340/0x4b4
[<ffffffc0001455e8>] gic_handle_irq+0xc4/0xec
This is because an invalid MAP command was received and was freed
and rmnet_data was trying to send the freed skb as an ACK. Fix this
by returning if an invalid MAP command is detected.
CRs-Fixed: 1019188
Change-Id: Ib52e6551ac67215dab2bc5770ddcf037568f8b77
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
GRO is currently enabled only on SMP systems so move the check for
cloned packets from commit b8a7d12f33ecba4 ("net: Warn for cloned
packets in ingress path") within CONFIG_RPS to prevent printing an
unnecessary warning on single core systems.
CRs-Fixed: 1006937
Change-Id: Ib8cb979136def6696861a7835bcde763dabe874f
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
commit 31b0b385f69d8d5491a4bca288e25e63f1d945d0 upstream.
The slab name ends up being visible in the directory structure under
/sys, and even if you don't have access rights to the file you can see
the filenames.
Just use a 64-bit counter instead of the pointer to the 'net' structure
to generate a unique name.
This code will go away in 4.7 when the conntrack code moves to a single
kmemcache, but this is the backportable simple solution to avoiding
leaking kernel pointers to user space.
Fixes: 5b3501faa8 ("netfilter: nf_conntrack: per netns nf_conntrack_cachep")
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 626abd59e51d4d8c6367e03aae252a8aa759ac78 ]
Currently, when creating or updating a route, no check is performed
in both ipv4 and ipv6 code to the hoplimit value.
The caller can i.e. set hoplimit to 256, and when such route will
be used, packets will be sent with hoplimit/ttl equal to 0.
This commit adds checks for the RTAX_HOPLIMIT value, in both ipv4
ipv6 route code, substituting any value greater than 255 with 255.
This is consistent with what is currently done for ADVMSS and MTU
in the ipv4 code.
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 10a81980fc47e64ffac26a073139813d3f697b64 ]
In the very unlikely case __tcp_retransmit_skb() can not use the cloning
done in tcp_transmit_skb(), we need to refresh skb_mstamp before doing
the copy and transmit, otherwise TCP TS val will be an exact copy of
original transmit.
Fixes: 7faee5c0d5 ("tcp: remove TCP_SKB_CB(skb)->when")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Yuchung Cheng <ycheng@google.com>
Acked-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 79e48650320e6fba48369fccf13fd045315b19b8 ]
Stack object "dte_facilities" is allocated in x25_rx_call_request(),
which is supposed to be initialized in x25_negotiate_facilities.
However, 5 fields (8 bytes in total) are not initialized. This
object is then copied to userland via copy_to_user, thus infoleak
occurs.
Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 856ce5d083e14571d051301fe3c65b32b8cbe321 ]
With the newly introduced helper functions the skb pulling is hidden
in the checksumming function - and undone before returning to the
caller.
The IGMP and MLD query parsing functions in the bridge still
assumed that the skb is pointing to the beginning of the IGMP/MLD
message while it is now kept at the beginning of the IPv4/6 header.
If there is a querier somewhere else, then this either causes
the multicast snooping to stay disabled even though it could be
enabled. Or, if we have the querier enabled too, then this can
create unnecessary IGMP / MLD query messages on the link.
Fixing this by taking the offset between IP and IGMP/MLD header into
account, too.
Fixes: 9afd85c9e4 ("net: Export IGMP/MLD message validation code")
Reported-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 31ca0458a61a502adb7ed192bf9716c6d05791a5 ]
get_bridge_ifindices() is used from the old "deviceless" bridge ioctl
calls which aren't called with rtnl held. The comment above says that it is
called with rtnl but that is not really the case.
Here's a sample output from a test ASSERT_RTNL() which I put in
get_bridge_ifindices and executed "brctl show":
[ 957.422726] RTNL: assertion failed at net/bridge//br_ioctl.c (30)
[ 957.422925] CPU: 0 PID: 1862 Comm: brctl Tainted: G W O
4.6.0-rc4+ #157
[ 957.423009] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.8.1-20150318_183358- 04/01/2014
[ 957.423009] 0000000000000000 ffff880058adfdf0 ffffffff8138dec5
0000000000000400
[ 957.423009] ffffffff81ce8380 ffff880058adfe58 ffffffffa05ead32
0000000000000001
[ 957.423009] 00007ffec1a444b0 0000000000000400 ffff880053c19130
0000000000008940
[ 957.423009] Call Trace:
[ 957.423009] [<ffffffff8138dec5>] dump_stack+0x85/0xc0
[ 957.423009] [<ffffffffa05ead32>]
br_ioctl_deviceless_stub+0x212/0x2e0 [bridge]
[ 957.423009] [<ffffffff81515beb>] sock_ioctl+0x22b/0x290
[ 957.423009] [<ffffffff8126ba75>] do_vfs_ioctl+0x95/0x700
[ 957.423009] [<ffffffff8126c159>] SyS_ioctl+0x79/0x90
[ 957.423009] [<ffffffff8163a4c0>] entry_SYSCALL_64_fastpath+0x23/0xc1
Since it only reads bridge ifindices, we can use rcu to safely walk the net
device list. Also remove the wrong rtnl comment above.
Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit dedc58e067d8c379a15a8a183c5db318201295bb ]
The peer may be expecting a reply having sent a request and then done a
shutdown(SHUT_WR), so tearing down the whole socket at this point seems
wrong and breaks for me with a client which does a SHUT_WR.
Looking at other socket family's stream_recvmsg callbacks doing a shutdown
here does not seem to be the norm and removing it does not seem to have
had any adverse effects that I can see.
I'm using Stefan's RFC virtio transport patches, I'm unsure of the impact
on the vmci transport.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Stefan Hajnoczi <stefanha@redhat.com>
Cc: Claudio Imbrenda <imbrenda@linux.vnet.ibm.com>
Cc: Andy King <acking@vmware.com>
Cc: Dmitry Torokhov <dtor@vmware.com>
Cc: Jorgen Hansen <jhansen@vmware.com>
Cc: Adit Ranadive <aditr@vmware.com>
Cc: netdev@vger.kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 5f8e44741f9f216e33736ea4ec65ca9ac03036e6 ]
The stack object “map” has a total size of 32 bytes. Its last 4
bytes are padding generated by compiler. These padding bytes are
not initialized and sent out via “nla_put”.
Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit b8670c09f37bdf2847cc44f36511a53afc6161fd ]
The stack object “info” has a total size of 12 bytes. Its last byte
is padding which is not initialized and leaked via “put_cmsg”.
Signed-off-by: Kangjie Lu <kjlu@gatech.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 6071bd1aa13ed9e41824bafad845b7b7f4df5cfd ]
This was recently reported to me, and reproduced on the latest net kernel,
when attempting to run netperf from a host that had a netem qdisc attached
to the egress interface:
[ 788.073771] ---------------------[ cut here ]---------------------------
[ 788.096716] WARNING: at net/core/dev.c:2253 skb_warn_bad_offload+0xcd/0xda()
[ 788.129521] bnx2: caps=(0x00000001801949b3, 0x0000000000000000) len=2962
data_len=0 gso_size=1448 gso_type=1 ip_summed=3
[ 788.182150] Modules linked in: sch_netem kvm_amd kvm crc32_pclmul ipmi_ssif
ghash_clmulni_intel sp5100_tco amd64_edac_mod aesni_intel lrw gf128mul
glue_helper ablk_helper edac_mce_amd cryptd pcspkr sg edac_core hpilo ipmi_si
i2c_piix4 k10temp fam15h_power hpwdt ipmi_msghandler shpchp acpi_power_meter
pcc_cpufreq nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c
sd_mod crc_t10dif crct10dif_generic mgag200 syscopyarea sysfillrect sysimgblt
i2c_algo_bit drm_kms_helper ahci ata_generic pata_acpi ttm libahci
crct10dif_pclmul pata_atiixp tg3 libata crct10dif_common drm crc32c_intel ptp
serio_raw bnx2 r8169 hpsa pps_core i2c_core mii dm_mirror dm_region_hash dm_log
dm_mod
[ 788.465294] CPU: 16 PID: 0 Comm: swapper/16 Tainted: G W
------------ 3.10.0-327.el7.x86_64 #1
[ 788.511521] Hardware name: HP ProLiant DL385p Gen8, BIOS A28 12/17/2012
[ 788.542260] ffff880437c036b8 f7afc56532a53db9 ffff880437c03670
ffffffff816351f1
[ 788.576332] ffff880437c036a8 ffffffff8107b200 ffff880633e74200
ffff880231674000
[ 788.611943] 0000000000000001 0000000000000003 0000000000000000
ffff880437c03710
[ 788.647241] Call Trace:
[ 788.658817] <IRQ> [<ffffffff816351f1>] dump_stack+0x19/0x1b
[ 788.686193] [<ffffffff8107b200>] warn_slowpath_common+0x70/0xb0
[ 788.713803] [<ffffffff8107b29c>] warn_slowpath_fmt+0x5c/0x80
[ 788.741314] [<ffffffff812f92f3>] ? ___ratelimit+0x93/0x100
[ 788.767018] [<ffffffff81637f49>] skb_warn_bad_offload+0xcd/0xda
[ 788.796117] [<ffffffff8152950c>] skb_checksum_help+0x17c/0x190
[ 788.823392] [<ffffffffa01463a1>] netem_enqueue+0x741/0x7c0 [sch_netem]
[ 788.854487] [<ffffffff8152cb58>] dev_queue_xmit+0x2a8/0x570
[ 788.880870] [<ffffffff8156ae1d>] ip_finish_output+0x53d/0x7d0
...
The problem occurs because netem is not prepared to handle GSO packets (as it
uses skb_checksum_help in its enqueue path, which cannot manipulate these
frames).
The solution I think is to simply segment the skb in a simmilar fashion to the
way we do in __dev_queue_xmit (via validate_xmit_skb), with some minor changes.
When we decide to corrupt an skb, if the frame is GSO, we segment it, corrupt
the first segment, and enqueue the remaining ones.
tested successfully by myself on the latest net kernel, to which this applies
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
CC: Jamal Hadi Salim <jhs@mojatatu.com>
CC: "David S. Miller" <davem@davemloft.net>
CC: netem@lists.linux-foundation.org
CC: eric.dumazet@gmail.com
CC: stephen@networkplumber.org
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit bdf17661f63a79c3cb4209b970b1cc39e34f7543 ]
Similarly, we need to update backlog too when we update qlen.
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 431e3a8e36a05a37126f34b41aa3a5a6456af04e ]
We saw qlen!=0 but backlog==0 on our production machine:
qdisc htb 1: dev eth0 root refcnt 2 r2q 10 default 1 direct_packets_stat 0 ver 3.17
Sent 172680457356 bytes 222469449 pkt (dropped 0, overlimits 123575834 requeues 0)
backlog 0b 72p requeues 0
The problem is we only count qlen for HTB qdisc but not backlog.
We need to update backlog too when we update qlen, so that we
can at least know the average packet length.
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 2ccccf5fb43ff62b2b96cc58d95fc0b3596516e4 ]
When the bottom qdisc decides to, for example, drop some packet,
it calls qdisc_tree_decrease_qlen() to update the queue length
for all its ancestors, we need to update the backlog too to
keep the stats on root qdisc accurate.
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 86a7996cc8a078793670d82ed97d5a99bb4e8496 ]
Remove nearly duplicated code and prepare for the following patch.
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit b7f8fe251e4609e2a437bd2c2dea01e61db6849c ]
iptunnel_pull_header expects that IP header was already pulled; with this
expectation, it pulls the tunnel header. This is not true in gre_err.
Furthermore, ipv4_update_pmtu and ipv4_redirect expect that skb->data points
to the IP header.
We cannot pull the tunnel header in this path. It's just a matter of not
calling iptunnel_pull_header - we don't need any of its effects.
Fixes: bda7bb4634 ("gre: Allow multiple protocol listener for gre protocol.")
Signed-off-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 391a20333b8393ef2e13014e6e59d192c5594471 ]
After commit fbd40ea0180a ("ipv4: Don't do expensive useless work
during inetdev destroy.") when deleting an interface,
fib_del_ifaddr() can be executed without any primary address
present on the dead interface.
The above is safe, but triggers some "bug: prim == NULL" warnings.
This commit avoids warning if the in_dev is dead
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit b4f70527f052b0c00be4d7cac562baa75b212df5 ]
When using masked actions the ipv6_proto field of an action
to set IPv6 fields may be zero rather than the prevailing protocol
which will result in skipping checksum recalculation.
This patch resolves the problem by relying on the protocol
in the flow key rather than that in the set field action.
Fixes: 83d2b9ba1a ("net: openvswitch: Support masked set actions.")
Cc: Jarno Rajahalme <jrajahalme@nicira.com>
Signed-off-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 9241e2df4fbc648a92ea0752918e05c26255649e ]
When __vlan_insert_tag() fails from skb_vlan_push() path due to the
skb_cow_head(), we need to undo the __skb_push() in the error path
as well that was done earlier to move skb->data pointer to mac header.
Moreover, I noticed that when in the non-error path the __skb_pull()
is done and the original offset to mac header was non-zero, we fixup
from a wrong skb->data offset in the checksum complete processing.
So the skb_postpush_rcsum() really needs to be done before __skb_pull()
where skb->data still points to the mac header start and thus operates
under the same conditions as in __vlan_insert_tag().
Fixes: 93515d53b1 ("net: move vlan pop/push functions into common code")
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Reviewed-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
