The function sctp_diag_dump_one() currently performs a memcpy()
of 64 bytes from a 16 byte field into another 16 byte field. Fix
by using correct size, use sizeof to obtain correct size instead
of using a hard-coded constant.
Fixes: 8f840e47f1 ("sctp: add the sctp_diag.c file")
Signed-off-by: Lance Richardson <lrichard@redhat.com>
Reviewed-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
We currently enable interrupts before we enable NAPI. If an RX interrupt
hits before we enabled NAPI then the NAPI callback is never called and
we leave the hardware with RX interrupts disabled, which of course leads
us to never handling received packets. Fix this by moving the interrupt
enable to after we've enable NAPI and the reclaim tasklet.
Fixes: cd5e412347 ("dwc_eth_qos: do phy_start before resetting hardware")
Signed-off-by: Rabin Vincent <rabinv@axis.com>
Signed-off-by: Lars Persson <larper@axis.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
clk_prepare_enable() may fail, so we should better check its return
value and propagate it in the case of failure
While at it, replace __lpc_eth_clock_enable() with a plain
clk_prepare_enable/clk_disable_unprepare() call in order to
simplify the code.
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Acked-by: Vladimir Zapolskiy <vz@mleia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The PORT_RATE_CONTROL register works differently on 88e6095/6095f/6131
in comparison to 6123/61/65, and 0x0 disables. The distinction was lost
Linux 4.1 --> 4.2
Signed-off-by: Jamie Lentin <jm@lentin.co.uk>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Like the ksz8081, the ksz9031 has the behavior where it will clear the
interrupt enable bits when leaving power down. This takes advantage of the
solution provided by f5aba91.
Signed-off-by: Xander Huff <xander.huff@ni.com>
Signed-off-by: Nathan Sullivan <nathan.sullivan@ni.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The current scatter-gather logic in gianfar is flawed, since
it does not consider the eTSEC's RxBD 'Data Length' field is
context depening: for the last fragment it contains the full
frame size, while fragments contain the fragment size, which
equals the value written to register MRBLR.
This causes data corruption as soon as the hardware starts
to fragment receiving frames. As a result, the size of
fragmented frames is increased by
(nr_frags - 1) * MRBLR
We first noticed this issue working with DSA, where an ICMP
request sized 1472 bytes causes the scatter-gather logic to
kick in. The full Ethernet frame (1518) gets increased by
DSA (4), GMAC_FCB_LEN (8), and FSL_GIANFAR_DEV_HAS_TIMER
(priv->padding=8) to a total of 1538 octets, which is
fragmented by the hardware and reconstructed by the driver
to a 3074 octet frame.
This patch fixes the problem by adjusting the size of
the last fragment.
It was tested by setting MRBLR to different multiples of
64, proving correct scatter-gather operation on frames
with up to 9000 octets in size.
Signed-off-by: Zefir Kurtisi <zefir.kurtisi@neratec.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The eTSEC register MRBLR defines the maximum space in
the RX buffers and is set to 1536 by gianfar. This
reasonably covers the common use case where the MTU
is kept at default 1500. In that case, the largest
Ethernet frame size of 1518 plus an optional
GMAC_FCB_LEN of 8, and an additional padding of 8
to handle FSL_GIANFAR_DEV_HAS_TIMER totals to 1534
and nicely fit within the chosen MRBLR.
Alas, if the eTSEC is attached to a DSA enabled switch,
the (E)DSA header extension (4 or 8 bytes) causes every
maximum sized frame to be fragmented by the hardware.
This patch increases the maximum RX buffer size by 8
and rounds up to the next multiple of 64, which the
hardware's defines as RX buffer granularity.
Signed-off-by: Zefir Kurtisi <zefir.kurtisi@neratec.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Laura tracked poll() [and friends] regression caused by commit
e6afc8ace6 ("udp: remove headers from UDP packets before queueing")
udp_poll() needs to know if there is a valid packet in receive queue,
even if its payload length is 0.
Change first_packet_length() to return an signed int, and use -1
as the indication of an empty queue.
Fixes: e6afc8ace6 ("udp: remove headers from UDP packets before queueing")
Reported-by: Laura Abbott <labbott@redhat.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Tested-by: Laura Abbott <labbott@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This is somewhat of a bumper set due to my unavailabilty earlier in the
month. The only slightly unusual ones are the dts updates for the
rockchip adc reset. The fix in the driver only makes sense with these
and the rockchip maintainer is happy with them going through IIO to
reach mainline.
Core stuff
* Fix an issue with a blocking op when !TASK_RUNNING. This been there
a while and snuck in with seemingly minor additions to some core
code paths.
* Tools
- generic_buffer failed to initialize the channel array pointer thus
in the case of no channels blows up trying to free a random memory
address.
* sw-trigger:
- Fix config group initialization when configfs is built as a module.
Drivers
* ad5933
- Fix an incorrect overwrite of an error value.
* ad799x
- A missed assignment of the update_scan_mode callback means buffered mode
doesn't work on the ad7991, ad7995 or ad7999.
* ads1015
- wrong pointer returned from i2c_get_clientdata (missmatch of assumptions)
* am2315
- Timestamps are reported, but never actually acquired from anywhere
(so always 0)
- missing buffer selects in Kconfig
* am335x adc
- Protect fifo1 from concurrent access.
- Increase timeout waiting for ADC to be long enough in all cases.
* as3935
- Timestamps are reported, but never actually acquired from anywhere
(so always 0)
* at91
- Fix reading of channel 3.
* atlas-ph-sensor
- Typo means that the scale of electrical conductivity readings is way off.
* bma220
- Timestamps are reported, but never actually acquired from anywhere
(so always 0)
- Missing buffer selects in Kconfig
* bmp280
- pass the write pointer to PTR_ERR (i.e. the one that was just checked
with IS_ERR).
- suspend /resume crash due to wrong assumption about what dev_get_drvdata
would return.
* hdc100x
- It superficially appeared that smbus_read_byte commands would allow
reading of the outputs in two goes. In reality it doesn't work, but
instead returns the same for the upper and lower bytes (nice catch from
Alison!)
* kxsd9
- Fix raw read return value to ensure it actually reports the value rather
than a blank string.
* max44000
- Missing buffer selects in Kconfig
* rockchip_saradc
- Add use of reset controller to enforce a clean state of the ADC.
Some bootloaders can leave it in an 'intersting' state and effectively
frozen without this. A couple of associated dts updates.
* stk8ba50
- Missing buffer selects in Kconfig
* stx104
- Fix a possible race due to use of devm_iio_device_register when there
was other stuff in the remove function.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIuBAABCAAYBQJXvJbQERxqaWMyM0BrZXJuZWwub3JnAAoJEFSFNJnE9BaIgQoP
/05c7WzyhRxobrQGMIJShTA5/SMwrZa8Lc9z5rbjc7WEB0oPk+gw53ajWoEJYrj0
oC5V2iYWhqsQOQ52OgD7jng85Z1LOXW2gWZW/rd4H27iCpBJqDQNjdOo8tbFjfDe
oOVyhXvqmq8TPddAjX1gWJS9QC46rMAbTQpKtyJ75acttsRS+Hmn12ZdTiz6SDjm
SGKgZM9RvhBephb33u75S4u8kkcsv3M+1dAOz4Uf1lSzTZq2wBdSoePwaPCb35sL
9fbo8qTGUUa85rkwWmnGqnds0/v6ZNW0rcLaChb5YE8eQBQ+JCNDDF+p9HqQestj
gzBHKOGampc/feNY4kB/aClzq/9fmS+eYPGUOiCM5Lv5Ck9lko/kUbequJbXgOoS
87/BOTytNMmd5K4Sagm92vOl0piXSZAzhxiq2njaipIeqo0nfdNSrpWn91pEKWag
sjcoPKhHukxXXJutaWRXNey1pGGJjflkFC9T6RJUVBS4/IuBvRCTQGvxVidzsgrT
2bZ3ZIzz/nFjQ0dub+YEtN2t+tESKZDBuFgyYefULIpUKTmoSgrq0R8Pa8XZLNxq
BpHbHQuJjL/hcFz6h8wgv16IFhjK3qT71VcGF78XQDyQhHXdwHAr/ioZ5M6kIgU4
tRzBe0+wQsVqAr0cryptlWXsMskDzC9prRf5viYYiNuu
=Hra7
-----END PGP SIGNATURE-----
Merge tag 'iio-fixes-for-4.8a' of git://git.kernel.org/pub/scm/linux/kernel/git/jic23/iio into work-linus
Jonathan writes:
First round of IIO fixes for the 4.8 cycle.
This is somewhat of a bumper set due to my unavailabilty earlier in the
month. The only slightly unusual ones are the dts updates for the
rockchip adc reset. The fix in the driver only makes sense with these
and the rockchip maintainer is happy with them going through IIO to
reach mainline.
Core stuff
* Fix an issue with a blocking op when !TASK_RUNNING. This been there
a while and snuck in with seemingly minor additions to some core
code paths.
* Tools
- generic_buffer failed to initialize the channel array pointer thus
in the case of no channels blows up trying to free a random memory
address.
* sw-trigger:
- Fix config group initialization when configfs is built as a module.
Drivers
* ad5933
- Fix an incorrect overwrite of an error value.
* ad799x
- A missed assignment of the update_scan_mode callback means buffered mode
doesn't work on the ad7991, ad7995 or ad7999.
* ads1015
- wrong pointer returned from i2c_get_clientdata (missmatch of assumptions)
* am2315
- Timestamps are reported, but never actually acquired from anywhere
(so always 0)
- missing buffer selects in Kconfig
* am335x adc
- Protect fifo1 from concurrent access.
- Increase timeout waiting for ADC to be long enough in all cases.
* as3935
- Timestamps are reported, but never actually acquired from anywhere
(so always 0)
* at91
- Fix reading of channel 3.
* atlas-ph-sensor
- Typo means that the scale of electrical conductivity readings is way off.
* bma220
- Timestamps are reported, but never actually acquired from anywhere
(so always 0)
- Missing buffer selects in Kconfig
* bmp280
- pass the write pointer to PTR_ERR (i.e. the one that was just checked
with IS_ERR).
- suspend /resume crash due to wrong assumption about what dev_get_drvdata
would return.
* hdc100x
- It superficially appeared that smbus_read_byte commands would allow
reading of the outputs in two goes. In reality it doesn't work, but
instead returns the same for the upper and lower bytes (nice catch from
Alison!)
* kxsd9
- Fix raw read return value to ensure it actually reports the value rather
than a blank string.
* max44000
- Missing buffer selects in Kconfig
* rockchip_saradc
- Add use of reset controller to enforce a clean state of the ADC.
Some bootloaders can leave it in an 'intersting' state and effectively
frozen without this. A couple of associated dts updates.
* stk8ba50
- Missing buffer selects in Kconfig
* stx104
- Fix a possible race due to use of devm_iio_device_register when there
was other stuff in the remove function.
We can't initialize the list head on deletion as this causes the node to
point to itself, which causes an infinite loop if vmd_irq() happens to be
servicing that node.
The list initialization was trying to fix a bug from multiple calls to
disable the same IRQ. Fix this instead by having the VMD driver track if
the interrupt is enabled.
[bhelgaas: changelog, add "Fixes"]
Fixes: 97e9230635 ("x86/PCI: VMD: Initialize list item in IRQ disable")
Reported-by: Grzegorz Koczot <grzegorz.koczot@intel.com>
Tested-by: Miroslaw Drost <miroslaw.drost@intel.com>
Signed-off-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by Jon Derrick: <jonathan.derrick@intel.com>
Commit e41f501d39 ("vmlinux.lds: account for destructor sections")
added '.text.exit' to EXIT_TEXT which is discarded at link time by default.
This breaks compilation of UML:
`.text.exit' referenced in section `.fini_array' of
/usr/lib/gcc/x86_64-linux-gnu/6/../../../x86_64-linux-gnu/libc.a(sdlerror.o):
defined in discarded section `.text.exit' of
/usr/lib/gcc/x86_64-linux-gnu/6/../../../x86_64-linux-gnu/libc.a(sdlerror.o)
Apparently UML doesn't want to discard exit text, so let's place all EXIT_TEXT
sections in .exit.text.
Fixes: e41f501d39 ("vmlinux.lds: account for destructor sections")
Reported-by: Stefan Traby <stefan@hello-penguin.com>
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: <stable@vger.kernel.org>
Acked-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
UBIFS uses full names to work with xattrs, therefore we have to use
xattr_full_name() to obtain the xattr prefix as string.
Cc: <stable@vger.kernel.org>
Cc: Andreas Gruenbacher <agruenba@redhat.com>
Fixes: 2b88fc21ca ("ubifs: Switch to generic xattr handlers")
Signed-off-by: Richard Weinberger <richard@nod.at>
Reviewed-by: Andreas Gruenbacher <agruenba@redhat.com>
Tested-by: Dongsheng Yang <dongsheng081251@gmail.com>
An assertion in layout_in_gaps() verifies that the gap_lebs pointer is
below the maximum bound. When computing this maximum bound the idx_lebs
count is multiplied by sizeof(int), while C pointers arithmetic does take
into account the size of the pointed elements implicitly already. Remove
the multiplication to fix the assertion.
Fixes: 1e51764a3c ("UBIFS: add new flash file system")
Cc: <stable@vger.kernel.org>
Signed-off-by: Vincent Stehlé <vincent.stehle@intel.com>
Cc: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
UBSAN complains about a left shift by -1 in proc_do_submiturb(). This
can occur when an URB is submitted for a bulk or control endpoint on
a high-speed device, since the code doesn't bother to check the
endpoint type; normally only interrupt or isochronous endpoints have
a nonzero bInterval value.
Aside from the fact that the operation is illegal, it shouldn't matter
because the result isn't used. Still, in theory it could cause a
hardware exception or other problem, so we should work around it.
This patch avoids doing the left shift unless the shift amount is >= 0.
The same piece of code has another problem. When checking the device
speed (the exponential encoding for interrupt endpoints is used only
by high-speed or faster devices), we need to look for speed >=
USB_SPEED_SUPER as well as speed == USB_SPEED HIGH. The patch adds
this check.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-by: Vittorio Zecca <zeccav@gmail.com>
Tested-by: Vittorio Zecca <zeccav@gmail.com>
Suggested-by: Bjørn Mork <bjorn@mork.no>
CC: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
- avoid signed math problems on unexpected compilers
- avoid false positives at very end of kernel text range checks
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Kees Cook <kees@outflux.net>
iQIcBAABCgAGBQJXu7MGAAoJEIly9N/cbcAmARgP/ArvNIY66hLgESmerZlvDjJC
Iip8497f9bsKYgz+6DmHyRzJwJafN2hwIrRh2rnS1oHI48KLTFYP5N8RigPGvn8u
ixHpCMlEBV2zIkne1rtPDUkAHFgDc3j5zvg0ra/YGmFbhTlwTci67COYsq0PaSY/
LLMRt7gK5NjHxD+X6H7ORyL34gLtQOgAQw96wPeaO4HZ8YEecOR8LsMUw+IrGbbo
KclXNO+v2t+ROCUOZukKG+2h02EuMzW3BLnX+FAVLeJgwrjgsd/6mRVkBlnjYDRP
GDKlw2X5QlyDj+Kz/mHiYVuAJTMbN18y2kns7MQoPmozmtVet4YYXtGL/MRmHHW3
fh5KLuLyF59HY/1OLqQ/6Nxz7ggm5MuPMCF8brfFPlblFBO/OLKOrry/lptKzvwm
/5Lp2tVmH/w5+WdKsZM6gNbTsaC7HxKMlXodi+kHpCO7BF23j+fJLsCCPgNjwRyH
B6pxN4bk5gK2Xd1yRxSPt64BJ+Jt995EddP0dY6+UIhliSrQPHtilTe9Ht0nTFnG
Ar1pei3iSPpp91euVt6Glc5nLktryJ8AL6OEyp847he6C84k/R8lk2gu14iHO/U6
WLa9nOCVuQBLifHOv/oKQSBHt6dezjvmi93cY9/3B//SYC5SxzA6vqoNgmLaBEle
Hb3ZTQ77FCq3PE7Ty712
=5CiX
-----END PGP SIGNATURE-----
Merge tag 'usercopy-v4.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull hardened usercopy fixes from Kees Cook:
- avoid signed math problems on unexpected compilers
- avoid false positives at very end of kernel text range checks
* tag 'usercopy-v4.8-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
usercopy: fix overlap check for kernel text
usercopy: avoid potentially undefined behavior in pointer math
Pull crypto fixes from Herbert Xu:
"This fixes a number of memory corruption bugs in the newly added
sha256-mb/sha256-mb code"
* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
crypto: sha512-mb - fix ctx pointer
crypto: sha256-mb - fix ctx pointer and digest copy
SARADC controller needs to be reset before programming it, otherwise
it will not function properly.
Signed-off-by: Caesar Wang <wxt@rock-chips.com>
Acked-by: Heiko Stuebner <heiko@sntech.de>
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
SARADC controller needs to be reset before programming it, otherwise
it will not function properly.
Signed-off-by: Caesar Wang <wxt@rock-chips.com>
Acked-by: Heiko Stuebner <heiko@sntech.de>
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
SARADC controller needs to be reset before programming it, otherwise
it will not function properly.
Signed-off-by: Caesar Wang <wxt@rock-chips.com>
Cc: Jonathan Cameron <jic23@kernel.org>
Cc: Heiko Stuebner <heiko@sntech.de>
Cc: Rob Herring <robh+dt@kernel.org>
Cc: linux-iio@vger.kernel.org
Cc: linux-rockchip@lists.infradead.org
Tested-by: Guenter Roeck <linux@roeck-us.net>
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Current cxgb4 arm CQ logic ignores IB_CQ_REPORT_MISSED_EVENTS for
request completion notification on a CQ. Due to this ib_poll_handler()
assumes all events polled and avoids further iopoll scheduling.
This patch adds logic to cxgb4 ib_req_notify_cq() handler to check if
CQ is not empty and return accordingly. Based on the return value of
ib_req_notify_cq() handler, ib_poll_handler() will schedule a run of
iopoll handler.
Signed-off-by: Potnuri Bharat Teja <bharat@chelsio.com>
Reviewed-by: Steve Wise <swise@opengridcomputing.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
In i40iw_open(), check if interface is already open
and return success if it is.
Fixes: 8e06af711b ("i40iw: add main, hdr, status")
Reported-by: Stefan Assmann <sassmann@redhat.com>
Signed-off-by: Mustafa Ismail <mustafa.ismail@intel.com>
Signed-off-by: Shiraz Saleem <shiraz.saleem@intel.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
In i40iw_alloc_resource(), ensure that the update to
req_resource_num is protected by the lock.
Fixes: 8e06af711b ("i40iw: add main, hdr, status")
Reported-by: Stefan Assmann <sassmann@redhat.com>
Signed-off-by: Mustafa Ismail <mustafa.ismail@intel.com>
Signed-off-by: Shiraz Saleem <shiraz.saleem@intel.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
iwdev->mem_resources is incorrectly defined as an unsigned
long instead of u8. As a result, the offset into the dynamic
allocated structures in i40iw_initialize_hw_resources() is
incorrectly calculated and would lead to writing of memory
regions outside of the allocated buffer.
Fixes: 8e06af711b ("i40iw: add main, hdr, status")
Reported-by: Stefan Assmann <sassmann@redhat.com>
Signed-off-by: Mustafa Ismail <mustafa.ismail@intel.com>
Signed-off-by: Shiraz Saleem <shiraz.saleem@intel.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
* Reuse existing functionality from memdup_user() instead of keeping
duplicate source code.
This issue was detected by using the Coccinelle software.
* The local variable "ret" will be set to an appropriate value a bit later.
Thus omit the explicit initialisation at the beginning.
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Reuse existing functionality from memdup_user() instead of keeping
duplicate source code.
This issue was detected by using the Coccinelle software.
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Reviewed-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Block/SCSI layout write completion may add committable extents to the
extent tree before updating the layout's last-written byte under the inode
lock. If a sync happens before this value is updated, then
prepare_layoutcommit may find and encode these extents which would produce
a LAYOUTCOMMIT request whose encoded extents are larger than the request's
loca_length.
Fix this by using a last-written byte value that is updated atomically with
the extent tree so that commitable extents always match.
Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Ensure that the client conforms to the normative behaviour described in
RFC5661 Section 12.7.2: "If a client believes its lease has expired,
it MUST NOT send I/O to the storage device until it has validated its
lease."
So ensure that we wait for the lease to be validated before using
the layout.
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
Cc: stable@vger.kernel.org # v3.20+
The address of the iovec &vq->iov[out] is not guaranteed to contain the scsi
command's response iovec throughout the lifetime of the command. Rather, it
is more likely to contain an iovec from an immediately following command
after looping back around to vhost_get_vq_desc(). Pass along the iovec
entirely instead.
Fixes: 79c14141a4 ("vhost/scsi: Convert completion path to use copy_to_iter")
Cc: stable@vger.kernel.org
Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Fixes: ddd17531ad ("ASoC: omap-mcpdm: Clean up with devm_* function")
Managed irq request will not doing any good in ASoC probe level as it is
not going to free up the irq when the driver is unbound from the sound
card.
Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
Reported-by: Russell King <linux@armlinux.org.uk>
Signed-off-by: Mark Brown <broonie@kernel.org>
The maximum value allowed for wMaxPacketSize of a high-speed interrupt
endpoint is 1024 bytes, not 1023.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Fixes: aed9d65ac3 ("USB: validate wMaxPacketValue entries in endpoint descriptors")
CC: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Encoding of the metadata was using the padded length as opposed to
the real length of the data which is a bug per specification.
This has not been an issue todate because all metadatum specified
so far has been 32 bit where aligned and data length are the same width.
This also includes a bug fix for validating the length of a u16 field.
But since there is no metadata of size u16 yes we are fine to include it
here.
While at it get rid of magic numbers.
Fixes: ef6980b6be ("net sched: introduce IFE action")
Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
check_bogus_address() checked for pointer overflow using this expression,
where 'ptr' has type 'const void *':
ptr + n < ptr
Since pointer wraparound is undefined behavior, gcc at -O2 by default
treats it like the following, which would not behave as intended:
(long)n < 0
Fortunately, this doesn't currently happen for kernel code because kernel
code is compiled with -fno-strict-overflow. But the expression should be
fixed anyway to use well-defined integer arithmetic, since it could be
treated differently by different compilers in the future or could be
reported by tools checking for undefined behavior.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Driver never bothered marking the VF's vport with the VF's sw_fid.
As a result, FLR flows are not going to clean those vports.
If the vport was active when FLRed, re-activating it would lead
to a FW assertion.
Fixes: dacd88d6f6 ("qed: IOV l2 functionality")
Signed-off-by: Yuval Mintz <Yuval.Mintz@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
In b8247f095e,
"net: ip_finish_output_gso: If skb_gso_network_seglen exceeds MTU, allow segmentation for local udp tunneled skbs"
gso skbs arriving from an ingress interface that go through UDP
tunneling, are allowed to be fragmented if the resulting encapulated
segments exceed the dst mtu of the egress interface.
This aligned the behavior of gso skbs to non-gso skbs going through udp
encapsulation path.
However the non-gso vs gso anomaly is present also in the following
cases of a GRE tunnel:
- ip_gre in collect_md mode, where TUNNEL_DONT_FRAGMENT is not set
(e.g. OvS vport-gre with df_default=false)
- ip_gre in nopmtudisc mode, where IFLA_GRE_IGNORE_DF is set
In both of the above cases, the non-gso skbs get fragmented, whereas the
gso skbs (having skb_gso_network_seglen that exceeds dst mtu) get dropped,
as they don't go through the segment+fragment code path.
Fix: Setting IPSKB_FRAG_SEGS if the tunnel specified IP_DF bit is NOT set.
Tunnels that do set IP_DF, will not go to fragmentation of segments.
This preserves behavior of ip_gre in (the default) pmtudisc mode.
Fixes: b8247f095e ("net: ip_finish_output_gso: If skb_gso_network_seglen exceeds MTU, allow segmentation for local udp tunneled skbs")
Reported-by: wenxu <wenxu@ucloud.cn>
Cc: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: Shmulik Ladkani <shmulik.ladkani@gmail.com>
Tested-by: wenxu <wenxu@ucloud.cn>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
If DAD fails with accept_dad set to 2, global addresses and host routes
are incorrectly left in place. Even though disable_ipv6 is set,
contrary to documentation, the addresses are not dynamically deleted
from the interface. It is only on a subsequent link down/up that these
are removed. The fix is not only to set the disable_ipv6 flag, but
also to call addrconf_ifdown(), which is the action to carry out when
disabling IPv6. This results in the addresses and routes being deleted
immediately. The DAD failure for the LL addr is determined as before
via netlink, or by the absence of the LL addr (which also previously
would have had to be checked for in case of an intervening link down
and up). As the call to addrconf_ifdown() requires an rtnl lock, the
logic to disable IPv6 when DAD fails is moved to addrconf_dad_work().
Previous behavior:
root@vm1:/# sysctl net.ipv6.conf.eth3.accept_dad=2
net.ipv6.conf.eth3.accept_dad = 2
root@vm1:/# ip -6 addr add 2000::10/64 dev eth3
root@vm1:/# ip link set up eth3
root@vm1:/# ip -6 addr show dev eth3
5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
inet6 2000::10/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe43:dd5a/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
root@vm1:/# ip -6 route show dev eth3
2000::/64 proto kernel metric 256
fe80::/64 proto kernel metric 256
root@vm1:/# ip link set down eth3
root@vm1:/# ip link set up eth3
root@vm1:/# ip -6 addr show dev eth3
root@vm1:/# ip -6 route show dev eth3
root@vm1:/#
New behavior:
root@vm1:/# sysctl net.ipv6.conf.eth3.accept_dad=2
net.ipv6.conf.eth3.accept_dad = 2
root@vm1:/# ip -6 addr add 2000::10/64 dev eth3
root@vm1:/# ip link set up eth3
root@vm1:/# ip -6 addr show dev eth3
root@vm1:/# ip -6 route show dev eth3
root@vm1:/#
Signed-off-by: Mike Manning <mmanning@brocade.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Fixes these compiler warnings via libc-compat.h when glibc netipx/ipx.h is
included before linux/ipx.h:
./linux/ipx.h:9:8: error: redefinition of ‘struct sockaddr_ipx’
./linux/ipx.h:26:8: error: redefinition of ‘struct ipx_route_definition’
./linux/ipx.h:32:8: error: redefinition of ‘struct ipx_interface_definition’
./linux/ipx.h:49:8: error: redefinition of ‘struct ipx_config_data’
./linux/ipx.h:58:8: error: redefinition of ‘struct ipx_route_def’
Signed-off-by: Mikko Rapeli <mikko.rapeli@iki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Kernel uapi header are supposed to use them. Fixes userspace compile error:
linux/openvswitch.h:583:2: error: unknown type name ‘uint32_t’
Signed-off-by: Mikko Rapeli <mikko.rapeli@iki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Fixes userspace compile error:
error: field ‘real’ has incomplete type
struct timeval real; /* real (wall-clock) time */
Signed-off-by: Mikko Rapeli <mikko.rapeli@iki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Fixes userspace compiler error:
error: unknown type name ‘uint32_t’
Signed-off-by: Mikko Rapeli <mikko.rapeli@iki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Fixes userspace compilation errors:
error: field ‘addr’ has incomplete type
struct sockaddr_in addr; /* IP address and port to send to */
error: field ‘addr’ has incomplete type
struct sockaddr_in6 addr; /* IP address and port to send to */
Signed-off-by: Mikko Rapeli <mikko.rapeli@iki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Fixes userspace compilation errors like:
error: field ‘addr’ has incomplete type
struct sockaddr_in addr; /* IP address and port to send to */
^
error: field ‘addr’ has incomplete type
struct sockaddr_in6 addr; /* IP address and port to send to */
Signed-off-by: Mikko Rapeli <mikko.rapeli@iki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Fixes userspace compilation errors like:
error: field ‘iph’ has incomplete type
error: field ‘prefix’ has incomplete type
Signed-off-by: Mikko Rapeli <mikko.rapeli@iki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Fixes userspace compilation error:
error: ‘IFNAMSIZ’ undeclared here (not in a function)
Signed-off-by: Mikko Rapeli <mikko.rapeli@iki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
- Support for Syscall ABI v4 with upstream gcc 6.x
- Lockdep fix (Daniel Mentz)
- gdb register clobber (Liav Rehana)
- Couple of missing exports for modules
- Other fixes here and there
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJXuz5EAAoJEGnX8d3iisJeGmAP/AjKaBVrSsQCJW9S9Xg5Tcx8
30UPJOqRI25HkQVmeQaehNgtFPx2nN8oqOeUA4edFMJXoE44cBvPPvuBeAKYj7qV
ROv6ssomJt/DdoRdkbnUZqh0nLrQwR0srYkiWLqQp9zlxUpwfCM2tHah2RB3xV0d
Tet7nIAgUxEt42+rfSNbhZUphwHebvh7fbu1czDRr1L78fp266XM84n3uQj8aTpC
3QK4ddWJU8qPU24kVa7kLg45cCw4W2KUHGBzJmZWeUtv/04+t6wCZQu0tOeZ4/Mm
WnbCRnJrvYi+LjnXi+7ymmMN/qd+FOeRQ4MWLHcC7GBCChQ/2WCJVM4bDSfWCzWa
qe3aDRd7cq9Yjyzf3j34tDwhYQirwNRkYI7ps9fjsSmDMDM6hlXwNry+a6Y27Z4O
AFfBCHJDFhKAflm34ryskiDWQotZ30JtuFRgKKK3oWLeAOL/foDW8nbLea5AB2Rd
CtPIZTwKq+MQW6l/24V4F5kQNZZA6IuaqwSwugNAZLaONm/OsxXMMomo9RTfV+xH
Z4i3dQHvwNrGfBoYABdP+QBDibkqdX0a3y5H/4wIyZAe4pKw4VntsYhV/bsCHTp8
GuFeaR86ii48RmwR40gtaYQ4/CZFKsw3eQk+aAcCPsONVy3hIpsgeaAceIlQxuDD
LDvbsaUU4a1xm5PhtbUN
=1WGt
-----END PGP SIGNATURE-----
Merge tag 'arc-4.8-rc4-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc
Pull ARC fixes from Vineet Gupta:
- support for Syscall ABI v4 with upstream gcc 6.x
- lockdep fix (Daniel Mentz)
- gdb register clobber (Liav Rehana)
- couple of missing exports for modules
- other fixes here and there
* tag 'arc-4.8-rc4-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc:
ARC: export __udivdi3 for modules
ARC: mm: fix build breakage with STRICT_MM_TYPECHECKS
ARC: export kmap
ARC: Support syscall ABI v4
ARC: use correct offset in pt_regs for saving/restoring user mode r25
ARC: Elide redundant setup of DMA callbacks
ARC: Call trace_hardirqs_on() before enabling irqs
This fixes a Kconfig issue with UM: when I made GPIOLIB
available to all archs, that included UM, but the OF part
of GPIOLIB requires HAS_IOMEM, so we add HAS_IOMEM as a
dependency to OF_GPIO.
This in turn exposed the fact that a few GPIO drivers were
implicitly assuming OF_GPIO as their dependency but instead
depended on OF alone (the typical problem being a pointer
inside gpio_chip not existing unless OF_GPIO is selected)
and then UM would fail to compile with these drivers
instead. Then I lost patience and made any GPIO driver
depending on just OF depend on OF_GPIO instead, that is
certainly what they meant and the only thing that makes
sense anyway. GPIO with just OF but !OF_GPIO does not make
sense.
Also a fix for the max730x driver data pointer, and a minor
comment fix for the GPIO tools.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJXurpEAAoJEEEQszewGV1zOEgP/2I4hI8eojOeMC7U89EWl3HG
0sa3NGw8c+Vrdh37NDZsia24mQs2ntixFFW/sHYSkTJcTXSDD+QeN0IilnRKOmvw
XRIJakdZy9+903crZ8GP2SU0juSNjUyVf7eq83M4DEVeu/lmUOgrlc12CqR7eUxR
NnJdx8l8H7LZQXJO+F64SLFmc2P+wmWSWZtYHP4Jt3fwlEBRbHqcSB70P67IIOdM
LvhVB4TcOoYwALzyqY2wrQtfQ37wmfUYTuT7Mnw5PHPk7FhktwrObHdMdENusHCn
0BanmpCGqCZ0z9vWisaVWd+j8k1M3X0ObsTfyGmO+YVmYxdneNCjZdaFvH3LqCBL
k6kcKFKfIu9sl3qFZr/3jHpN4QgZeLhdu3P3gllNtiLcPba7d2gDprjGiCCMtw6c
5nYmfN1bTqWB7a2wlRZLMUE57lvsgLJtJ2dNx6HwcUyBLY7YDB5IVYh40fRwpEvH
5gs6NuBDEJOGbEAYZ1lvo9LfRlogHUlYkkw+/G2FKOUCscf4Os2qEaLkirCPAaP/
q4tkZPWxjt27Hw0bvANCVG5wkAJfbsX12iQMd8KU9RKwAFw6Q2e2iPGzH3M5Tdaw
T35uYiWrPA6S+gLBMuT5UhUfQ5o+sc2zFi3Qq3aak86GAQYwSYTaoWHN/7EbpDZ/
cssmpMpfL7hPYCzAo6sv
=isIb
-----END PGP SIGNATURE-----
Merge tag 'gpio-v4.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio
Pull GPIO fixes from Linus Walleij:
"Here are a few GPIO fixes for v4.8.
I was expecting some fallout from the new chardev rework but nothing
like that turned up att all. Instead a Kconfig confusion that I think
I have finally nailed, then some ordinary driver noise and trivia.
This fixes a Kconfig issue with UM: when I made GPIOLIB available to
all archs, that included UM, but the OF part of GPIOLIB requires
HAS_IOMEM, so we add HAS_IOMEM as a dependency to OF_GPIO.
This in turn exposed the fact that a few GPIO drivers were implicitly
assuming OF_GPIO as their dependency but instead depended on OF alone
(the typical problem being a pointer inside gpio_chip not existing
unless OF_GPIO is selected) and then UM would fail to compile with
these drivers instead. Then I lost patience and made any GPIO driver
depending on just OF depend on OF_GPIO instead, that is certainly what
they meant and the only thing that makes sense anyway. GPIO with just
OF but !OF_GPIO does not make sense.
Also a fix for the max730x driver data pointer, and a minor comment
fix for the GPIO tools"
* tag 'gpio-v4.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
gpio: make any OF dependent driver depend on OF_GPIO
gpio: Fix OF build problem on UM
gpio: max730x: set gpiochip data pointer before using it
tools/gpio: fix gpio-event-mon header comment
ADS7846 regulator is disabled twice in a row in ads7846_remove(). Valid
one is in ads7846_disable().
Removing the ads7846 module causes warning about unbalanced disables.
...
WARNING: CPU: 0 PID: 29269 at drivers/regulator/core.c:2251 _regulator_disable+0xf8/0x130
unbalanced disables for vads7846
CPU: 0 PID: 29269 Comm: rmmod Tainted: G D W 4.7.0+ #3
Hardware name: HTC Magician
...
show_stack+0x10/0x14
__warn+0xd8/0x100
warn_slowpath_fmt+0x38/0x48
_regulator_disable+0xf8/0x130
regulator_disable+0x34/0x60
ads7846_remove+0x58/0xd4 [ads7846]
spi_drv_remove+0x1c/0x34
__device_release_driver+0x84/0x114
driver_detach+0x8c/0x90
bus_remove_driver+0x5c/0xc8
SyS_delete_module+0x1a0/0x238
ret_fast_syscall+0x0/0x38
Signed-off-by: Petr Cvek <petr.cvek@tul.cz>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
The map_offset variable is specific to the register and needs to be reset
in the loop. Otherwise, subsequent register's subpacket maps will have
their bits set at the wrong index.
Signed-off-by: Andrew Duggan <aduggan@synaptics.com>
Tested-by: Nitin Chaudhary <nitinchaudhary1289@gmail.com>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Commit fe6b0dfaba ("Input: tegra-kbc - use reset framework")
accidentally converted _deassert to _assert, so there is no code
to wake up this hardware.
Fixes: fe6b0dfaba ("Input: tegra-kbc - use reset framework")
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Acked-by: Thierry Reding <treding@nvidia.com>
Acked-by: Laxman Dewangan <ldewangan@nvidia.com>
Cc: stable@vger.kernel.org
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
