Permalink
Switch branches/tags
Commits on May 24, 2017
  1. bonding: sane default value for MAX_BONDS

    koenkooi committed Jan 17, 2017
    This fixes many, many networking scripts.
    
    Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
Commits on May 23, 2017
  1. Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/…

    torvalds committed May 23, 2017
    …kernel/git/wsa/linux
    
    Pull i2c fixes from Wolfram Sang:
     "Fix the i2c-designware regression of rc2.
    
      Also, a DMA buffer fix for the tiny-usb driver where the USB core now
      loudly complains about the non DMA-capable buffer"
    
    [ I had cherry-picked the designware fix separately because it hit my
      laptop, but here is the proper sync with the i2c tree   - Linus ]
    
    * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
      i2c: designware: Fix bogus sda_hold_time due to uninitialized vars
      i2c: i2c-tiny-usb: fix buffer not being DMA capable
  2. Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git…

    torvalds committed May 23, 2017
    …/herbert/crypto-2.6
    
    Pull crypto fix from Herbert Xu:
     "This fixes a regression in the skcipher interface that allows bogus
      key parameters to hit underlying implementations which can cause
      crashes"
    
    * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
      crypto: skcipher - Add missing API setkey checks
  3. Merge tag 'pstore-v4.12-rc3' of git://git.kernel.org/pub/scm/linux/ke…

    torvalds committed May 23, 2017
    …rnel/git/kees/linux
    
    Pull pstore fix from Kees Cook:
     "Marta noticed another misbehavior in EFI pstore, which this fixes.
    
      Hopefully this is the last of the v4.12 fixes for pstore!"
    
    * tag 'pstore-v4.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
      efi-pstore: Fix write/erase id tracking
  4. Merge tag 'acpi-4.12-rc3' of git://git.kernel.org/pub/scm/linux/kerne…

    torvalds committed May 23, 2017
    …l/git/rafael/linux-pm
    
    Pull ACPI fixes from Rafael Wysocki:
     "These revert a 4.11 change that turned out to be problematic and add a
      .gitignore file.
    
      Specifics:
    
       - Revert a 4.11 commit related to the ACPI-based handling of laptop
         lids that made changes incompatible with existing user space stacks
         and broke things there (Lv Zheng).
    
       - Add .gitignore to the ACPI tools directory (Prarit Bhargava)"
    
    * tag 'acpi-4.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
      Revert "ACPI / button: Remove lid_init_state=method mode"
      tools/power/acpi: Add .gitignore file
  5. Merge tag 'pm-4.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/…

    torvalds committed May 23, 2017
    …git/rafael/linux-pm
    
    Pull power management fixes from Rafael Wysocki:
     "These fix RTC wakeup from suspend-to-idle broken recently, fix CPU
      idleness detection condition in the schedutil cpufreq governor, fix a
      cpufreq driver build failure, fix an error code path in the power
      capping framework, clean up the hibernate core and update the
      intel_pstate documentation.
    
      Specifics:
    
       - Fix RTC wakeup from suspend-to-idle broken by the recent rework of
         ACPI wakeup handling (Rafael Wysocki).
    
       - Update intel_pstate driver documentation to reflect the current
         code and explain how it works in more detail (Rafael Wysocki).
    
       - Fix an issue related to CPU idleness detection on systems with
         shared cpufreq policies in the schedutil governor (Juri Lelli).
    
       - Fix a possible build issue in the dbx500 cpufreq driver (Arnd
         Bergmann).
    
       - Fix a function in the power capping framework core to return an
         error code instead of 0 when there's an error (Dan Carpenter).
    
       - Clean up variable definition in the hibernation core (Pushkar
         Jambhlekar)"
    
    * tag 'pm-4.12-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
      cpufreq: dbx500: add a Kconfig symbol
      PM / hibernate: Declare variables as static
      PowerCap: Fix an error code in powercap_register_zone()
      RTC: rtc-cmos: Fix wakeup from suspend-to-idle
      PM / wakeup: Fix up wakeup_source_report_event()
      cpufreq: intel_pstate: Document the current behavior and user interface
      cpufreq: schedutil: use now as reference when aggregating shared policy requests
  6. i2c: designware: Fix bogus sda_hold_time due to uninitialized vars

    jan-kiszka authored and torvalds committed May 22, 2017
    We need to initializes those variables to 0 for platforms that do not
    provide ACPI parameters. Otherwise, we set sda_hold_time to random
    values, breaking e.g. Galileo and IOT2000 boards.
    
    Reported-and-tested-by: Linus Torvalds <torvalds@linux-foundation.org>
    Reported-by: Tobias Klausmann <tobias.johannes.klausmann@mni.thm.de>
    Fixes: 9d64084 ("i2c: designware: don't infer timings described by ACPI from clock rate")
    Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
    Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
    Acked-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
    Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Commits on May 22, 2017
  1. efi-pstore: Fix write/erase id tracking

    kees committed May 18, 2017
    Prior to the pstore interface refactoring, the "id" generated during
    a backend pstore_write() was only retained by the internal pstore
    inode tracking list. Additionally the "part" was ignored, so EFI
    would encode this in the id. This corrects the misunderstandings
    and correctly sets "id" during pstore_write(), and uses "part"
    directly during pstore_erase().
    
    Reported-by: Marta Lofstedt <marta.lofstedt@intel.com>
    Fixes: 76cc958 ("pstore: Replace arguments for write() API")
    Fixes: a61072a ("pstore: Replace arguments for erase() API")
    Signed-off-by: Kees Cook <keescook@chromium.org>
    Tested-by: Marta Lofstedt <marta.lofstedt@intel.com>
  2. Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

    torvalds committed May 22, 2017
    Pull networking fixes from David Miller:
     "Mostly netfilter bug fixes in here, but we have some bits elsewhere as
      well.
    
       1) Don't do SNAT replies for non-NATed connections in IPVS, from
          Julian Anastasov.
    
       2) Don't delete conntrack helpers while they are still in use, from
          Liping Zhang.
    
       3) Fix zero padding in xtables's xt_data_to_user(), from Willem de
          Bruijn.
    
       4) Add proper RCU protection to nf_tables_dump_set() because we
          cannot guarantee that we hold the NFNL_SUBSYS_NFTABLES lock. From
          Liping Zhang.
    
       5) Initialize rcv_mss in tcp_disconnect(), from Wei Wang.
    
       6) smsc95xx devices can't handle IPV6 checksums fully, so don't
          advertise support for offloading them. From Nisar Sayed.
    
       7) Fix out-of-bounds access in __ip6_append_data(), from Eric
          Dumazet.
    
       8) Make atl2_probe() propagate the error code properly on failures,
          from Alexey Khoroshilov.
    
       9) arp_target[] in bond_check_params() is used uninitialized. This
          got changes from a global static to a local variable, which is how
          this mistake happened. Fix from Jarod Wilson.
    
      10) Fix fallout from unnecessary NULL check removal in cls_matchall,
          from Jiri Pirko. This is definitely brown paper bag territory..."
    
    * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (26 commits)
      net: sched: cls_matchall: fix null pointer dereference
      vsock: use new wait API for vsock_stream_sendmsg()
      bonding: fix randomly populated arp target array
      net: Make IP alignment calulations clearer.
      bonding: fix accounting of active ports in 3ad
      net: atheros: atl2: don't return zero on failure path in atl2_probe()
      ipv6: fix out of bound writes in __ip6_append_data()
      bridge: start hello_timer when enabling KERNEL_STP in br_stp_start
      smsc95xx: Support only IPv4 TCP/UDP csum offload
      arp: always override existing neigh entries with gratuitous ARP
      arp: postpone addr_type calculation to as late as possible
      arp: decompose is_garp logic into a separate function
      arp: fixed error in a comment
      tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0
      netfilter: xtables: fix build failure from COMPAT_XT_ALIGN outside CONFIG_COMPAT
      ebtables: arpreply: Add the standard target sanity check
      netfilter: nf_tables: revisit chain/object refcounting from elements
      netfilter: nf_tables: missing sanitization in data from userspace
      netfilter: nf_tables: can't assume lock is acquired when dumping set elems
      netfilter: synproxy: fix conntrackd interaction
      ...
  3. net: sched: cls_matchall: fix null pointer dereference

    jpirko authored and davem330 committed May 22, 2017
    Since the head is guaranteed by the check above to be null, the call_rcu
    would explode. Remove the previously logically dead code that was made
    logically very much alive and kicking.
    
    Fixes: 985538e ("net/sched: remove redundant null check on head")
    Signed-off-by: Jiri Pirko <jiri@mellanox.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
  4. vsock: use new wait API for vsock_stream_sendmsg()

    congwang authored and davem330 committed May 19, 2017
    As reported by Michal, vsock_stream_sendmsg() could still
    sleep at vsock_stream_has_space() after prepare_to_wait():
    
      vsock_stream_has_space
        vmci_transport_stream_has_space
          vmci_qpair_produce_free_space
            qp_lock
              qp_acquire_queue_mutex
                mutex_lock
    
    Just switch to the new wait API like we did for commit
    d9dc8b0 ("net: fix sleeping for sk_wait_event()").
    
    Reported-by: Michal Kubecek <mkubecek@suse.cz>
    Cc: Stefan Hajnoczi <stefanha@redhat.com>
    Cc: Jorgen Hansen <jhansen@vmware.com>
    Cc: "Michael S. Tsirkin" <mst@redhat.com>
    Cc: Claudio Imbrenda <imbrenda@linux.vnet.ibm.com>
    Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
    Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
  5. bonding: fix randomly populated arp target array

    jarodwilson authored and davem330 committed May 19, 2017
    In commit dc9c4d0, the arp_target array moved from a static global
    to a local variable. By the nature of static globals, the array used to
    be initialized to all 0. At present, it's full of random data, which
    that gets interpreted as arp_target values, when none have actually been
    specified. Systems end up booting with spew along these lines:
    
    [   32.161783] IPv6: ADDRCONF(NETDEV_UP): lacp0: link is not ready
    [   32.168475] IPv6: ADDRCONF(NETDEV_UP): lacp0: link is not ready
    [   32.175089] 8021q: adding VLAN 0 to HW filter on device lacp0
    [   32.193091] IPv6: ADDRCONF(NETDEV_UP): lacp0: link is not ready
    [   32.204892] lacp0: Setting MII monitoring interval to 100
    [   32.211071] lacp0: Removing ARP target 216.124.228.17
    [   32.216824] lacp0: Removing ARP target 218.160.255.255
    [   32.222646] lacp0: Removing ARP target 185.170.136.184
    [   32.228496] lacp0: invalid ARP target 255.255.255.255 specified for removal
    [   32.236294] lacp0: option arp_ip_target: invalid value (-255.255.255.255)
    [   32.243987] lacp0: Removing ARP target 56.125.228.17
    [   32.249625] lacp0: Removing ARP target 218.160.255.255
    [   32.255432] lacp0: Removing ARP target 15.157.233.184
    [   32.261165] lacp0: invalid ARP target 255.255.255.255 specified for removal
    [   32.268939] lacp0: option arp_ip_target: invalid value (-255.255.255.255)
    [   32.276632] lacp0: Removing ARP target 16.0.0.0
    [   32.281755] lacp0: Removing ARP target 218.160.255.255
    [   32.287567] lacp0: Removing ARP target 72.125.228.17
    [   32.293165] lacp0: Removing ARP target 218.160.255.255
    [   32.298970] lacp0: Removing ARP target 8.125.228.17
    [   32.304458] lacp0: Removing ARP target 218.160.255.255
    
    None of these were actually specified as ARP targets, and the driver does
    seem to clean up the mess okay, but it's rather noisy and confusing, leaks
    values to userspace, and the 255.255.255.255 spew shows up even when debug
    prints are disabled.
    
    The fix: just zero out arp_target at init time.
    
    While we're in here, init arp_all_targets_value in the right place.
    
    Fixes: dc9c4d0 ("bonding: reduce scope of some global variables")
    CC: Mahesh Bandewar <maheshb@google.com>
    CC: Jay Vosburgh <j.vosburgh@gmail.com>
    CC: Veaceslav Falico <vfalico@gmail.com>
    CC: Andy Gospodarek <andy@greyhouse.net>
    CC: netdev@vger.kernel.org
    CC: stable@vger.kernel.org
    Signed-off-by: Jarod Wilson <jarod@redhat.com>
    Acked-by: Andy Gospodarek <andy@greyhouse.net>
    Signed-off-by: David S. Miller <davem@davemloft.net>
  6. Merge branches 'pm-sleep' and 'powercap'

    Rafael J. Wysocki
    Rafael J. Wysocki committed May 22, 2017
    * pm-sleep:
      PM / hibernate: Declare variables as static
      RTC: rtc-cmos: Fix wakeup from suspend-to-idle
      PM / wakeup: Fix up wakeup_source_report_event()
    
    * powercap:
      PowerCap: Fix an error code in powercap_register_zone()
  7. Merge branches 'acpi-button' and 'acpi-tools'

    Rafael J. Wysocki
    Rafael J. Wysocki committed May 22, 2017
    * acpi-button:
      Revert "ACPI / button: Remove lid_init_state=method mode"
    
    * acpi-tools:
      tools/power/acpi: Add .gitignore file
  8. Merge branches 'intel_pstate', 'pm-cpufreq' and 'pm-cpufreq-sched'

    Rafael J. Wysocki
    Rafael J. Wysocki committed May 22, 2017
    * intel_pstate:
      cpufreq: intel_pstate: Document the current behavior and user interface
    
    * pm-cpufreq:
      cpufreq: dbx500: add a Kconfig symbol
    
    * pm-cpufreq-sched:
      cpufreq: schedutil: use now as reference when aggregating shared policy requests
  9. net: Make IP alignment calulations clearer.

    davem330 committed May 22, 2017
    The assignmnet:
    
    	ip_align = strict ? 2 : NET_IP_ALIGN;
    
    in compare_pkt_ptr_alignment() trips up Coverity because we can only
    get to this code when strict is true, therefore ip_align will always
    be 2 regardless of NET_IP_ALIGN's value.
    
    So just assign directly to '2' and explain the situation in the
    comment above.
    
    Reported-by: "Gustavo A. R. Silva" <garsilva@embeddedor.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
  10. bonding: fix accounting of active ports in 3ad

    jarodwilson authored and davem330 committed May 19, 2017
    As of 7bb11dc and 0622cab, bond slaves in a 3ad bond are not
    removed from the aggregator when they are down, and the active slave count
    is NOT equal to number of ports in the aggregator, but rather the number
    of ports in the aggregator that are still enabled. The sysfs spew for
    bonding_show_ad_num_ports() has a comment that says "Show number of active
    802.3ad ports.", but it's currently showing total number of ports, both
    active and inactive. Remedy it by using the same logic introduced in
    0622cab in __bond_3ad_get_active_agg_info(), so sysfs, procfs and
    netlink all report the number of active ports. Note that this means that
    IFLA_BOND_AD_INFO_NUM_PORTS really means NUM_ACTIVE_PORTS instead of
    NUM_PORTS, and thus perhaps should be renamed for clarity.
    
    Lightly tested on a dual i40e lacp bond, simulating link downs with an ip
    link set dev <slave2> down, was able to produce the state where I could
    see both in the same aggregator, but a number of ports count of 1.
    
    MII Status: up
    Active Aggregator Info:
            Aggregator ID: 1
            Number of ports: 2 <---
    Slave Interface: ens10
    MII Status: up <---
    Aggregator ID: 1
    Slave Interface: ens11
    MII Status: up
    Aggregator ID: 1
    
    MII Status: up
    Active Aggregator Info:
            Aggregator ID: 1
            Number of ports: 1 <---
    Slave Interface: ens10
    MII Status: down <---
    Aggregator ID: 1
    Slave Interface: ens11
    MII Status: up
    Aggregator ID: 1
    
    CC: Jay Vosburgh <j.vosburgh@gmail.com>
    CC: Veaceslav Falico <vfalico@gmail.com>
    CC: Andy Gospodarek <andy@greyhouse.net>
    CC: netdev@vger.kernel.org
    Signed-off-by: Jarod Wilson <jarod@redhat.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
  11. net: atheros: atl2: don't return zero on failure path in atl2_probe()

    khoroshilov authored and davem330 committed May 19, 2017
    If dma mask checks fail in atl2_probe(), it breaks off initialization,
    deallocates all resources, but returns zero.
    
    The patch adds proper error code return value and
    make error code setup unified.
    
    Found by Linux Driver Verification project (linuxtesting.org).
    
    Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
    Signed-off-by: David S. Miller <davem@davemloft.net>
  12. ipv6: fix out of bound writes in __ip6_append_data()

    Eric Dumazet authored and davem330 committed May 19, 2017
    Andrey Konovalov and idaifish@gmail.com reported crashes caused by
    one skb shared_info being overwritten from __ip6_append_data()
    
    Andrey program lead to following state :
    
    copy -4200 datalen 2000 fraglen 2040
    maxfraglen 2040 alloclen 2048 transhdrlen 0 offset 0 fraggap 6200
    
    The skb_copy_and_csum_bits(skb_prev, maxfraglen, data + transhdrlen,
    fraggap, 0); is overwriting skb->head and skb_shared_info
    
    Since we apparently detect this rare condition too late, move the
    code earlier to even avoid allocating skb and risking crashes.
    
    Once again, many thanks to Andrey and syzkaller team.
    
    Signed-off-by: Eric Dumazet <edumazet@google.com>
    Reported-by: Andrey Konovalov <andreyknvl@google.com>
    Tested-by: Andrey Konovalov <andreyknvl@google.com>
    Reported-by: <idaifish@gmail.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
  13. i2c: designware: Fix bogus sda_hold_time due to uninitialized vars

    jan-kiszka authored and Wolfram Sang committed May 22, 2017
    We need to initializes those variables to 0 for platforms that do not
    provide ACPI parameters. Otherwise, we set sda_hold_time to random
    values, breaking e.g. Galileo and IOT2000 boards.
    
    Fixes: 9d64084 ("i2c: designware: don't infer timings described by ACPI from clock rate")
    Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
    Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
    Acked-by: Jarkko Nikula <jarkko.nikula@linux.intel.com>
    Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
  14. i2c: i2c-tiny-usb: fix buffer not being DMA capable

    sre authored and Wolfram Sang committed May 5, 2017
    Since v4.9 i2c-tiny-usb generates the below call trace
    and longer works, since it can't communicate with the
    USB device. The reason is, that since v4.9 the USB
    stack checks, that the buffer it should transfer is DMA
    capable. This was a requirement since v2.2 days, but it
    usually worked nevertheless.
    
    [   17.504959] ------------[ cut here ]------------
    [   17.505488] WARNING: CPU: 0 PID: 93 at drivers/usb/core/hcd.c:1587 usb_hcd_map_urb_for_dma+0x37c/0x570
    [   17.506545] transfer buffer not dma capable
    [   17.507022] Modules linked in:
    [   17.507370] CPU: 0 PID: 93 Comm: i2cdetect Not tainted 4.11.0-rc8+ #10
    [   17.508103] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
    [   17.509039] Call Trace:
    [   17.509320]  ? dump_stack+0x5c/0x78
    [   17.509714]  ? __warn+0xbe/0xe0
    [   17.510073]  ? warn_slowpath_fmt+0x5a/0x80
    [   17.510532]  ? nommu_map_sg+0xb0/0xb0
    [   17.510949]  ? usb_hcd_map_urb_for_dma+0x37c/0x570
    [   17.511482]  ? usb_hcd_submit_urb+0x336/0xab0
    [   17.511976]  ? wait_for_completion_timeout+0x12f/0x1a0
    [   17.512549]  ? wait_for_completion_timeout+0x65/0x1a0
    [   17.513125]  ? usb_start_wait_urb+0x65/0x160
    [   17.513604]  ? usb_control_msg+0xdc/0x130
    [   17.514061]  ? usb_xfer+0xa4/0x2a0
    [   17.514445]  ? __i2c_transfer+0x108/0x3c0
    [   17.514899]  ? i2c_transfer+0x57/0xb0
    [   17.515310]  ? i2c_smbus_xfer_emulated+0x12f/0x590
    [   17.515851]  ? _raw_spin_unlock_irqrestore+0x11/0x20
    [   17.516408]  ? i2c_smbus_xfer+0x125/0x330
    [   17.516876]  ? i2c_smbus_xfer+0x125/0x330
    [   17.517329]  ? i2cdev_ioctl_smbus+0x1c1/0x2b0
    [   17.517824]  ? i2cdev_ioctl+0x75/0x1c0
    [   17.518248]  ? do_vfs_ioctl+0x9f/0x600
    [   17.518671]  ? vfs_write+0x144/0x190
    [   17.519078]  ? SyS_ioctl+0x74/0x80
    [   17.519463]  ? entry_SYSCALL_64_fastpath+0x1e/0xad
    [   17.519959] ---[ end trace d047c04982f5ac50 ]---
    
    Cc: <stable@vger.kernel.org>
    Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.co.uk>
    Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Acked-by: Till Harbaum <till@harbaum.org>
    Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
  15. Linux 4.12-rc2

    torvalds committed May 22, 2017
  16. x86: fix 32-bit case of __get_user_asm_u64()

    torvalds committed May 22, 2017
    The code to fetch a 64-bit value from user space was entirely buggered,
    and has been since the code was merged in early 2016 in commit
    b2f6803 ("x86/mm/32: Add support for 64-bit __get_user() on 32-bit
    kernels").
    
    Happily the buggered routine is almost certainly entirely unused, since
    the normal way to access user space memory is just with the non-inlined
    "get_user()", and the inlined version didn't even historically exist.
    
    The normal "get_user()" case is handled by external hand-written asm in
    arch/x86/lib/getuser.S that doesn't have either of these issues.
    
    There were two independent bugs in __get_user_asm_u64():
    
     - it still did the STAC/CLAC user space access marking, even though
       that is now done by the wrapper macros, see commit 11f1a4b
       ("x86: reorganize SMAP handling in user space accesses").
    
       This didn't result in a semantic error, it just means that the
       inlined optimized version was hugely less efficient than the
       allegedly slower standard version, since the CLAC/STAC overhead is
       quite high on modern Intel CPU's.
    
     - the double register %eax/%edx was marked as an output, but the %eax
       part of it was touched early in the asm, and could thus clobber other
       inputs to the asm that gcc didn't expect it to touch.
    
       In particular, that meant that the generated code could look like
       this:
    
            mov    (%eax),%eax
            mov    0x4(%eax),%edx
    
       where the load of %edx obviously was _supposed_ to be from the 32-bit
       word that followed the source of %eax, but because %eax was
       overwritten by the first instruction, the source of %edx was
       basically random garbage.
    
    The fixes are trivial: remove the extraneous STAC/CLAC entries, and mark
    the 64-bit output as early-clobber to let gcc know that no inputs should
    alias with the output register.
    
    Cc: Al Viro <viro@zeniv.linux.org.uk>
    Cc: Benjamin LaHaise <bcrl@kvack.org>
    Cc: Ingo Molnar <mingo@kernel.org>
    Cc: stable@kernel.org   # v4.8+
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Commits on May 21, 2017
  1. Clean up x86 unsafe_get/put_user() type handling

    torvalds committed May 21, 2017
    Al noticed that unsafe_put_user() had type problems, and fixed them in
    commit a7cc722 ("fix unsafe_put_user()"), which made me look more
    at those functions.
    
    It turns out that unsafe_get_user() had a type issue too: it limited the
    largest size of the type it could handle to "unsigned long".  Which is
    fine with the current users, but doesn't match our existing normal
    get_user() semantics, which can also handle "u64" even when that does
    not fit in a long.
    
    While at it, also clean up the type cast in unsafe_put_user().  We
    actually want to just make it an assignment to the expected type of the
    pointer, because we actually do want warnings from types that don't
    convert silently.  And it makes the code more readable by not having
    that one very long and complex line.
    
    [ This patch might become stable material if we ever end up back-porting
      any new users of the unsafe uaccess code, but as things stand now this
      doesn't matter for any current existing uses. ]
    
    Cc: Al Viro <viro@zeniv.linux.org.uk>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
  2. Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel…

    torvalds committed May 21, 2017
    …/git/viro/vfs
    
    Pull misc uaccess fixes from Al Viro:
     "Fix for unsafe_put_user() (no callers currently in mainline, but
      anyone starting to use it will step into that) + alpha osf_wait4()
      infoleak fix"
    
    * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
      osf_wait4(): fix infoleak
      fix unsafe_put_user()
  3. Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm…

    torvalds committed May 21, 2017
    …/linux/kernel/git/tip/tip
    
    Pull scheduler fix from Thomas Gleixner:
     "A single scheduler fix:
    
      Prevent idle task from ever being preempted. That makes sure that
      synchronize_rcu_tasks() which is ignoring idle task does not pretend
      that no task is stuck in preempted state. If that happens and idle was
      preempted on a ftrace trampoline the machine crashes due to
      inconsistent state"
    
    * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
      sched/core: Call __schedule() from do_idle() without enabling preemption
  4. Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/l…

    torvalds committed May 21, 2017
    …inux/kernel/git/tip/tip
    
    Pull irq fixes from Thomas Gleixner:
     "A set of small fixes for the irq subsystem:
    
       - Cure a data ordering problem with chained interrupts
    
       - Three small fixlets for the mbigen irq chip"
    
    * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
      genirq: Fix chained interrupt data ordering
      irqchip/mbigen: Fix the clear register offset calculation
      irqchip/mbigen: Fix potential NULL dereferencing
      irqchip/mbigen: Fix memory mapping code
  5. bridge: start hello_timer when enabling KERNEL_STP in br_stp_start

    lxin authored and davem330 committed May 19, 2017
    Since commit 76b91c3 ("bridge: stp: when using userspace stp stop
    kernel hello and hold timers"), bridge would not start hello_timer if
    stp_enabled is not KERNEL_STP when br_dev_open.
    
    The problem is even if users set stp_enabled with KERNEL_STP later,
    the timer will still not be started. It causes that KERNEL_STP can
    not really work. Users have to re-ifup the bridge to avoid this.
    
    This patch is to fix it by starting br->hello_timer when enabling
    KERNEL_STP in br_stp_start.
    
    As an improvement, it's also to start hello_timer again only when
    br->stp_enabled is KERNEL_STP in br_hello_timer_expired, there is
    no reason to start the timer again when it's NO_STP.
    
    Fixes: 76b91c3 ("bridge: stp: when using userspace stp stop kernel hello and hold timers")
    Reported-by: Haidong Li <haili@redhat.com>
    Signed-off-by: Xin Long <lucien.xin@gmail.com>
    Acked-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
    Reviewed-by: Ivan Vecera <cera@cera.cz>
    Signed-off-by: David S. Miller <davem@davemloft.net>
  6. smsc95xx: Support only IPv4 TCP/UDP csum offload

    Nisar Sayed authored and davem330 committed May 19, 2017
    When TX checksum offload is used, if the computed checksum is 0 the
    LAN95xx device do not alter the checksum to 0xffff.  In the case of ipv4
    UDP checksum, it indicates to receiver that no checksum is calculated.
    Under ipv6, UDP checksum yields a result of zero must be changed to
    0xffff. Hence disabling checksum offload for ipv6 packets.
    
    Signed-off-by: Nisar Sayed <Nisar.Sayed@microchip.com>
    
    Reported-by: popcorn mix <popcornmix@gmail.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
  7. Merge branch 'arp-always-override-existing-neigh-entries-with-gratuit…

    davem330 committed May 21, 2017
    …ous-ARP'
    
    Ihar Hrachyshka says:
    
    ====================
    arp: always override existing neigh entries with gratuitous ARP
    
    This patchset is spurred by discussion started at
    https://patchwork.ozlabs.org/patch/760372/ where we figured that there is no
    real reason for enforcing override by gratuitous ARP packets only when
    arp_accept is 1. Same should happen when it's 0 (the default value).
    
    changelog v2: handled review comments by Julian Anastasov
    - fixed a mistake in a comment;
    - postponed addr_type calculation to as late as possible.
    ====================
    
    Signed-off-by: David S. Miller <davem@davemloft.net>
  8. arp: always override existing neigh entries with gratuitous ARP

    booxter authored and davem330 committed May 18, 2017
    Currently, when arp_accept is 1, we always override existing neigh
    entries with incoming gratuitous ARP replies. Otherwise, we override
    them only if new replies satisfy _locktime_ conditional (packets arrive
    not earlier than _locktime_ seconds since the last update to the neigh
    entry).
    
    The idea behind locktime is to pick the very first (=> close) reply
    received in a unicast burst when ARP proxies are used. This helps to
    avoid ARP thrashing where Linux would switch back and forth from one
    proxy to another.
    
    This logic has nothing to do with gratuitous ARP replies that are
    generally not aligned in time when multiple IP address carriers send
    them into network.
    
    This patch enforces overriding of existing neigh entries by all incoming
    gratuitous ARP packets, irrespective of their time of arrival. This will
    make the kernel honour all incoming gratuitous ARP packets.
    
    Signed-off-by: Ihar Hrachyshka <ihrachys@redhat.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
  9. arp: postpone addr_type calculation to as late as possible

    booxter authored and davem330 committed May 18, 2017
    The addr_type retrieval can be costly, so it's worth trying to avoid its
    calculation as much as possible. This patch makes it calculated only
    for gratuitous ARP packets. This is especially important since later we
    may want to move is_garp calculation outside of arp_accept block, at
    which point the costly operation will be executed for all setups.
    
    The patch is the result of a discussion in net-dev:
    http://marc.info/?l=linux-netdev&m=149506354216994
    
    Suggested-by: Julian Anastasov <ja@ssi.bg>
    Signed-off-by: Ihar Hrachyshka <ihrachys@redhat.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
  10. arp: decompose is_garp logic into a separate function

    booxter authored and davem330 committed May 18, 2017
    The code is quite involving already to earn a separate function for
    itself. If anything, it helps arp_process readability.
    
    Signed-off-by: Ihar Hrachyshka <ihrachys@redhat.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
  11. arp: fixed error in a comment

    booxter authored and davem330 committed May 18, 2017
    the is_garp code deals just with gratuitous ARP packets, not every
    unsolicited packet.
    
    This patch is a result of a discussion in netdev:
    http://marc.info/?l=linux-netdev&m=149506354216994
    
    Suggested-by: Julian Anastasov <ja@ssi.bg>
    Signed-off-by: Ihar Hrachyshka <ihrachys@redhat.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
  12. tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0

    Wei Wang authored and davem330 committed May 18, 2017
    When tcp_disconnect() is called, inet_csk_delack_init() sets
    icsk->icsk_ack.rcv_mss to 0.
    This could potentially cause tcp_recvmsg() => tcp_cleanup_rbuf() =>
    __tcp_select_window() call path to have division by 0 issue.
    So this patch initializes rcv_mss to TCP_MIN_MSS instead of 0.
    
    Reported-by: Andrey Konovalov  <andreyknvl@google.com>
    Signed-off-by: Wei Wang <weiwan@google.com>
    Signed-off-by: Eric Dumazet <edumazet@google.com>
    Signed-off-by: Neal Cardwell <ncardwell@google.com>
    Signed-off-by: Yuchung Cheng <ycheng@google.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>