summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-07-07tpm: do not suspend/resume if power stays onEnric Balletbo i Serra3-0/+7
The suspend/resume behavior of the TPM can be controlled by setting "powered-while-suspended" in the DTS. This is useful for the cases when hardware does not power-off the TPM. Signed-off-by: Sonny Rao <sonnyrao@chromium.org> Signed-off-by: Enric Balletbo i Serra <enric.balletbo@collabora.com> Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
2017-07-07tpm: use tpm2_pcr_read() in tpm2_do_selftest()Roberto Sassu1-30/+1
tpm2_do_selftest() performs a PCR read during the TPM initialization phase. This patch replaces the PCR read code with a call to tpm2_pcr_read(). Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkine@linux.intel.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
2017-07-07tpm: use tpm_buf functions in tpm2_pcr_read()Roberto Sassu1-30/+30
tpm2_pcr_read() now builds the PCR read command buffer with tpm_buf functions. This solution is preferred to using a tpm2_cmd structure, as tpm_buf functions provide protection against buffer overflow. Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
2017-07-07tpm_tis: make ilb_base_addr staticColin Ian King1-1/+1
The pointer ilb_base_addr does not need to be in global scope, so make it static. Cleans up sparse warning: "symbol 'ilb_base_addr' was not declared. Should it be static?" Signed-off-by: Colin Ian King <colin.king@canonical.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
2017-07-07tpm: consolidate the TPM startup codeJarkko Sakkinen3-61/+44
Consolidated all the "manual" TPM startup code to a single function in order to make code flows a bit cleaner and migrate to tpm_buf. Tested-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
2017-07-07tpm: Enable CLKRUN protocol for Braswell systemsAzhar Shaikh2-0/+117
To overcome a hardware limitation on Intel Braswell systems, disable CLKRUN protocol during TPM transactions and re-enable once the transaction is completed. Signed-off-by: Azhar Shaikh <azhar.shaikh@intel.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
2017-07-07tpm/tpm_crb: fix priv->cmd_size initialisationManuel Lauss1-2/+3
priv->cmd_size is never initialised if the cmd and rsp buffers reside at different addresses. Initialise it in the exit path of the function when rsp buffer has also been successfully allocated. Fixes: aa77ea0e43dc ("tpm/tpm_crb: cache cmd_size register value."). Signed-off-by: Manuel Lauss <manuel.lauss@gmail.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
2017-07-07tpm: fix a kernel memory leak in tpm-sysfs.cJarkko Sakkinen1-1/+2
While cleaning up sysfs callback that prints EK we discovered a kernel memory leak. This commit fixes the issue by zeroing the buffer used for TPM command/response. The leak happen when we use either tpm_vtpm_proxy, tpm_ibmvtpm or xen-tpmfront. Cc: stable@vger.kernel.org Fixes: 0883743825e3 ("TPM: sysfs functions consolidation") Reported-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com> Tested-by: Stefan Berger <stefanb@linux.vnet.ibm.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
2017-07-07tpm: Issue a TPM2_Shutdown for TPM2 devices.Josh Zimmerman2-0/+37
If a TPM2 loses power without a TPM2_Shutdown command being issued (a "disorderly reboot"), it may lose some state that has yet to be persisted to NVRam, and will increment the DA counter. After the DA counter gets sufficiently large, the TPM will lock the user out. NOTE: This only changes behavior on TPM2 devices. Since TPM1 uses sysfs, and sysfs relies on implicit locking on chip->ops, it is not safe to allow this code to run in TPM1, or to add sysfs support to TPM2, until that locking is made explicit. Signed-off-by: Josh Zimmerman <joshz@google.com> Cc: stable@vger.kernel.org Fixes: 74d6b3ceaa17 ("tpm: fix suspend/resume paths for TPM 2.0") Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
2017-07-07Add "shutdown" to "struct class".Josh Zimmerman2-1/+7
The TPM class has some common shutdown code that must be executed for all drivers. This adds some needed functionality for that. Signed-off-by: Josh Zimmerman <joshz@google.com> Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: stable@vger.kernel.org Fixes: 74d6b3ceaa17 ("tpm: fix suspend/resume paths for TPM 2.0") Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
2017-07-05Cavium CNN55XX: fix broken default Kconfig entryLinus Torvalds1-1/+0
Every developer always thinks that _their_ code is so special and magical that it should be enabled by default. And most of them are completely and utterly wrong. That's definitely the case when you write a specialty driver for a very unsual "security processor". It does *not* get to mark itself as "default m". If you solve world hunger, and make a driver that cures people of cancer, by all means enable it by default. But afaik, the Cavium CNN55XX does neither. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2017-07-05Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-nextLinus Torvalds1901-35701/+98363
Pull networking updates from David Miller: "Reasonably busy this cycle, but perhaps not as busy as in the 4.12 merge window: 1) Several optimizations for UDP processing under high load from Paolo Abeni. 2) Support pacing internally in TCP when using the sch_fq packet scheduler for this is not practical. From Eric Dumazet. 3) Support mutliple filter chains per qdisc, from Jiri Pirko. 4) Move to 1ms TCP timestamp clock, from Eric Dumazet. 5) Add batch dequeueing to vhost_net, from Jason Wang. 6) Flesh out more completely SCTP checksum offload support, from Davide Caratti. 7) More plumbing of extended netlink ACKs, from David Ahern, Pablo Neira Ayuso, and Matthias Schiffer. 8) Add devlink support to nfp driver, from Simon Horman. 9) Add RTM_F_FIB_MATCH flag to RTM_GETROUTE queries, from Roopa Prabhu. 10) Add stack depth tracking to BPF verifier and use this information in the various eBPF JITs. From Alexei Starovoitov. 11) Support XDP on qed device VFs, from Yuval Mintz. 12) Introduce BPF PROG ID for better introspection of installed BPF programs. From Martin KaFai Lau. 13) Add bpf_set_hash helper for TC bpf programs, from Daniel Borkmann. 14) For loads, allow narrower accesses in bpf verifier checking, from Yonghong Song. 15) Support MIPS in the BPF selftests and samples infrastructure, the MIPS eBPF JIT will be merged in via the MIPS GIT tree. From David Daney. 16) Support kernel based TLS, from Dave Watson and others. 17) Remove completely DST garbage collection, from Wei Wang. 18) Allow installing TCP MD5 rules using prefixes, from Ivan Delalande. 19) Add XDP support to Intel i40e driver, from Björn Töpel 20) Add support for TC flower offload in nfp driver, from Simon Horman, Pieter Jansen van Vuuren, Benjamin LaHaise, Jakub Kicinski, and Bert van Leeuwen. 21) IPSEC offloading support in mlx5, from Ilan Tayari. 22) Add HW PTP support to macb driver, from Rafal Ozieblo. 23) Networking refcount_t conversions, From Elena Reshetova. 24) Add sock_ops support to BPF, from Lawrence Brako. This is useful for tuning the TCP sockopt settings of a group of applications, currently via CGROUPs" * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1899 commits) net: phy: dp83867: add workaround for incorrect RX_CTRL pin strap dt-bindings: phy: dp83867: provide a workaround for incorrect RX_CTRL pin strap cxgb4: Support for get_ts_info ethtool method cxgb4: Add PTP Hardware Clock (PHC) support cxgb4: time stamping interface for PTP nfp: default to chained metadata prepend format nfp: remove legacy MAC address lookup nfp: improve order of interfaces in breakout mode net: macb: remove extraneous return when MACB_EXT_DESC is defined bpf: add missing break in for the TCP_BPF_SNDCWND_CLAMP case bpf: fix return in load_bpf_file mpls: fix rtm policy in mpls_getroute net, ax25: convert ax25_cb.refcount from atomic_t to refcount_t net, ax25: convert ax25_route.refcount from atomic_t to refcount_t net, ax25: convert ax25_uid_assoc.refcount from atomic_t to refcount_t net, sctp: convert sctp_ep_common.refcnt from atomic_t to refcount_t net, sctp: convert sctp_transport.refcnt from atomic_t to refcount_t net, sctp: convert sctp_chunk.refcnt from atomic_t to refcount_t net, sctp: convert sctp_datamsg.refcnt from atomic_t to refcount_t net, sctp: convert sctp_auth_bytes.refcnt from atomic_t to refcount_t ...
2017-07-05Merge branch 'linus' of ↵Linus Torvalds127-1535/+12841
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto updates from Herbert Xu: "Algorithms: - add private key generation to ecdh Drivers: - add generic gcm(aes) to aesni-intel - add SafeXcel EIP197 crypto engine driver - add ecb(aes), cfb(aes) and ecb(des3_ede) to cavium - add support for CNN55XX adapters in cavium - add ctr mode to chcr - add support for gcm(aes) to omap" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (140 commits) crypto: testmgr - Reenable sha1/aes in FIPS mode crypto: ccp - Release locks before returning crypto: cavium/nitrox - dma_mapping_error() returns bool crypto: doc - fix typo in docs Documentation/bindings: Document the SafeXel cryptographic engine driver crypto: caam - fix gfp allocation flags (part II) crypto: caam - fix gfp allocation flags (part I) crypto: drbg - Fixes panic in wait_for_completion call crypto: caam - make of_device_ids const. crypto: vmx - remove unnecessary check crypto: n2 - make of_device_ids const crypto: inside-secure - use the base_end pointer in ring rollback crypto: inside-secure - increase the batch size crypto: inside-secure - only dequeue when needed crypto: inside-secure - get the backlog before dequeueing the request crypto: inside-secure - stop requeueing failed requests crypto: inside-secure - use one queue per hw ring crypto: inside-secure - update the context and request later crypto: inside-secure - align the cipher and hash send functions crypto: inside-secure - optimize DSE bufferability control ...
2017-07-05Merge tag 'gcc-plugins-v4.13-rc1' of ↵Linus Torvalds14-9/+1146
git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull GCC plugin updates from Kees Cook: "The big part is the randstruct plugin infrastructure. This is the first of two expected pull requests for randstruct since there are dependencies in other trees that would be easier to merge once those have landed. Notably, the IPC allocation refactoring in -mm, and many trivial merge conflicts across several trees when applying the __randomize_layout annotation. As a result, it seemed like I should send this now since it is relatively self-contained, and once the rest of the trees have landed, send the annotation patches. I'm expecting the final phase of randstruct (automatic struct selection) will land for v4.14, but if its other tree dependencies actually make it for v4.13, I can send that merge request too. Summary: - typo fix in Kconfig (Jean Delvare) - randstruct infrastructure" * tag 'gcc-plugins-v4.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: ARM: Prepare for randomized task_struct randstruct: Whitelist NIU struct page overloading randstruct: Whitelist big_key path struct overloading randstruct: Whitelist UNIXCB cast randstruct: Whitelist struct security_hook_heads cast gcc-plugins: Add the randstruct plugin Fix English in description of GCC_PLUGIN_STRUCTLEAK compiler: Add __designated_init annotation gcc-plugins: Detail c-common.h location for GCC 4.6
2017-07-05Merge tag 'pstore-v4.13-rc1' of ↵Linus Torvalds8-111/+114
git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull pstore updates from Kees Cook: "Various fixes and tweaks for the pstore subsystem. Highlights: - use memdup_user() instead of open-coded copies (Geliang Tang) - fix record memory leak during initialization (Douglas Anderson) - avoid confused compressed record warning (Ankit Kumar) - prepopulate record timestamp and remove redundant logic from backends" * tag 'pstore-v4.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: powerpc/nvram: use memdup_user pstore: use memdup_user pstore: Fix format string to use %u for record id pstore: Populate pstore record->time field pstore: Create common record initializer efi-pstore: Refactor erase routine pstore: Avoid potential infinite loop pstore: Fix leaked pstore_record in pstore_get_backend_records() pstore: Don't warn if data is uncompressed and type is not PSTORE_TYPE_DMESG
2017-07-05Merge branch 'next' of ↵Linus Torvalds101-2395/+9902
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security Pull security layer updates from James Morris: - a major update for AppArmor. From JJ: * several bug fixes and cleanups * the patch to add symlink support to securityfs that was floated on the list earlier and the apparmorfs changes that make use of securityfs symlinks * it introduces the domain labeling base code that Ubuntu has been carrying for several years, with several cleanups applied. And it converts the current mediation over to using the domain labeling base, which brings domain stacking support with it. This finally will bring the base upstream code in line with Ubuntu and provide a base to upstream the new feature work that Ubuntu carries. * This does _not_ contain any of the newer apparmor mediation features/controls (mount, signals, network, keys, ...) that Ubuntu is currently carrying, all of which will be RFC'd on top of this. - Notable also is the Infiniband work in SELinux, and the new file:map permission. From Paul: "While we're down to 21 patches for v4.13 (it was 31 for v4.12), the diffstat jumps up tremendously with over 2k of line changes. Almost all of these changes are the SELinux/IB work done by Daniel Jurgens; some other noteworthy changes include a NFS v4.2 labeling fix, a new file:map permission, and reporting of policy capabilities on policy load" There's also now genfscon labeling support for tracefs, which was lost in v4.1 with the separation from debugfs. - Smack incorporates a safer socket check in file_receive, and adds a cap_capable call in privilege check. - TPM as usual has a bunch of fixes and enhancements. - Multiple calls to security_add_hooks() can now be made for the same LSM, to allow LSMs to have hook declarations across multiple files. - IMA now supports different "ima_appraise=" modes (eg. log, fix) from the boot command line. * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (126 commits) apparmor: put back designators in struct initialisers seccomp: Switch from atomic_t to recount_t seccomp: Adjust selftests to avoid double-join seccomp: Clean up core dump logic IMA: update IMA policy documentation to include pcr= option ima: Log the same audit cause whenever a file has no signature ima: Simplify policy_func_show. integrity: Small code improvements ima: fix get_binary_runtime_size() ima: use ima_parse_buf() to parse template data ima: use ima_parse_buf() to parse measurements headers ima: introduce ima_parse_buf() ima: Add cgroups2 to the defaults list ima: use memdup_user_nul ima: fix up #endif comments IMA: Correct Kconfig dependencies for hash selection ima: define is_ima_appraise_enabled() ima: define Kconfig IMA_APPRAISE_BOOTPARAM option ima: define a set of appraisal rules requiring file signatures ima: extend the "ima_policy" boot command line to support multiple policies ...
2017-07-05Merge branch 'stable-4.13' of git://git.infradead.org/users/pcmoore/auditLinus Torvalds3-49/+53
Pull audit updates from Paul Moore: "Things are relatively quiet on the audit front for v4.13, just five patches for a total diffstat of 102 lines. There are two patches from Richard to consistently record the POSIX capabilities and add the ambient capability information as well. I also chipped in two patches to fix a race condition with the auditd tracking code and ensure we don't skip sending any records to the audit multicast group. Finally a single style fix that I accepted because I must have been in a good mood that day. Everything passes our test suite, and should be relatively harmless, please merge for v4.13" * 'stable-4.13' of git://git.infradead.org/users/pcmoore/audit: audit: make sure we never skip the multicast broadcast audit: fix a race condition with the auditd tracking code audit: style fix audit: add ambient capabilities to CAPSET and BPRM_FCAPS records audit: unswing cap_* fields in PATH records
2017-07-05Merge branch 'for-linus' of ↵Linus Torvalds4-14/+50
git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk Pull printk updates from Petr Mladek: - Store printk() messages into the main log buffer directly even in NMI when the lock is available. It is the best effort to print even large chunk of text. It is handy, for example, when all ftrace messages are printed during the system panic in NMI. - Add missing annotations to calm down compiler warnings * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk: printk: add __printf attributes to internal functions printk: Use the main logbuf in NMI when logbuf_lock is available
2017-07-05Merge branch 'phy-dp83867-workaround-incorrect-RX_CTRL-pin-strap'David S. Miller2-0/+18
Sekhar Nori says: ==================== net: phy: dp83867: workaround incorrect RX_CTRL pin strap This patch series adds workaround for incorrect RX_CTRL pin strap setting that can be found on some TI boards. This is required to be complaint to PHY datamanual specification. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2017-07-05net: phy: dp83867: add workaround for incorrect RX_CTRL pin strapMurali Karicheri1-0/+11
The data manual for DP83867IR/CR, SNLS484E[1], revised march 2017, advises that strapping RX_DV/RX_CTRL pin in mode 1 and 2 is not supported (see note below Table 5 (4-Level Strap Pins)). There are some boards which have the pin strapped this way and need software workaround suggested by the data manual. Bit[7] of Configuration Register 4 (address 0x0031) must be cleared to 0. This ensures proper operation of the PHY. Implement driver support for device-tree property meant to advertise the wrong strapping. [1] http://www.ti.com/lit/ds/snls484e/snls484e.pdf Signed-off-by: Murali Karicheri <m-karicheri2@ti.com> [nsekhar@ti.com: rebase to mainline, code simplification] Signed-off-by: Sekhar Nori <nsekhar@ti.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2017-07-05dt-bindings: phy: dp83867: provide a workaround for incorrect RX_CTRL pin strapMurali Karicheri1-0/+7
The data manual for DP83867IR/CR, SNLS484E[1], revised march 2017, advises that strapping RX_DV/RX_CTRL pin in mode 1 and 2 is not supported (see note below Table 5 (4-Level Strap Pins)). It further advises that if a board has this pin strapped in mode 1 and mode 2, then to ensure proper operation of the PHY, a software workaround must be implemented. Since it is not possible to detect in software if RX_DV/RX_CTRL pin is incorrectly strapped, add a device-tree property for the board to advertise this and allow corrective action in software. [1] http://www.ti.com/lit/ds/snls484e/snls484e.pdf Signed-off-by: Murali Karicheri <m-karicheri2@ti.com> [nsekhar@ti.com: rebase to mainline, split documentation into separate patch] Signed-off-by: Sekhar Nori <nsekhar@ti.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2017-07-05Merge branch 'cxgb4-ptp'David S. Miller10-14/+900
Atul Gupta says: ==================== cxgb4: Add PTP Hardware Clock (PHC) support V4: Splitting the patch again V3: Releasing lock in the exit paths V2: Splitting the patch ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2017-07-05cxgb4: Support for get_ts_info ethtool methodAtul Gupta1-1/+18
Cc: Richard Cochran <richardcochran@gmail.com> Signed-off-by: Atul Gupta <atul.gupta@chelsio.com> Signed-off-by: Ganesh Goudar <ganeshgr@chelsio.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2017-07-05cxgb4: Add PTP Hardware Clock (PHC) supportAtul Gupta2-0/+287
Add PTP IEEE-1588 support and make it accessible via PHC subsystem. The functionality is enabled for T5/T6 adapters. Driver interfaces with Firmware to program and adjust the clock offset. Cc: Richard Cochran <richardcochran@gmail.com> Signed-off-by: Atul Gupta <atul.gupta@chelsio.com> Signed-off-by: Ganesh Goudar <ganeshgr@chelsio.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2017-07-05cxgb4: time stamping interface for PTPAtul Gupta9-13/+595
Supports hardware and software time stamping via the Linux SO_TIMESTAMPING socket option. Cc: Richard Cochran <richardcochran@gmail.com> Signed-off-by: Atul Gupta <atul.gupta@chelsio.com> Signed-off-by: Ganesh Goudar <ganeshgr@chelsio.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2017-07-05Merge branch 'nfp-port-enumeration-change-and-FW-ABI-adjustment'David S. Miller6-49/+28
Jakub Kicinski says: ==================== nfp: port enumeration change and FW ABI adjustment This set changes the way ports are numbered internally to avoid MAC address changes and invalid link information when breakout is configured. Second patch gets rid of old way of looking up MAC addresses in device information which caused all this confusion. Patch 3 is a small adjustment to the new FW ABI version we introduced in this release cycle. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2017-07-05nfp: default to chained metadata prepend formatJakub Kicinski1-1/+8
ABI 4.x introduced the chained metadata format and made it the only one possible. There are cases, however, where the old format is preferred - mostly to make interoperation with VFs using ABI 3.x easier for the datapath. In ABI 5.x we allowed for more flexibility by selecting the metadata format based on capabilities. The default was left to non-chained. In case of fallback traffic, there is no capability telling the driver there may be chained metadata. With a very stripped- -down FW the default old metadata format would be selected making the driver drop all fallback traffic. This patch changes the default selection in the driver. It should not hurt with old firmwares, because if they don't advertise RSS they will not produce metadata anyway. New firmwares advertising ABI 5.x, however, can depend on the driver defaulting to chained format. Fixes: f9380629fafc ("nfp: advertise support for NFD ABI 0.5") Suggested-by: Michael Rapson <michael.rapson@netronome.com> Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2017-07-05nfp: remove legacy MAC address lookupJakub Kicinski4-34/+8
The legacy MAC address lookup doesn't work well with breakout cables. We are probably better off picking random addresses than the wrong ones in the theoretical scenario where management FW didn't tell us what the port config is. Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2017-07-05nfp: improve order of interfaces in breakout modeJakub Kicinski3-14/+12
For historical reasons we enumerate the vNICs in order. This means that if user configures breakout on a multiport card, the first interface of the second port will have its MAC address changed. What's worse, when moved from static information (HWInfo) to using management FW (NSP), more features started depending on the port ids. Right now in case of breakout first subport of the second port and second subport of the first port will have their link info swapped. Revise the ordering scheme so that first subport maintains its address. Side effect of this change is that we will use base lane ids in devlink (i.e. 40G ports will be 4 ids apart), e.g.: pci/0000:04:00.0/0: type eth netdev p6p1 pci/0000:04:00.0/4: type eth netdev p6p2 Note that behaviour of phys_port_id is not changed since there is a separate id number for the subport there. Fixes: ec8b1fbe682d ("nfp: support port splitting via devlink") Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2017-07-05net: macb: remove extraneous return when MACB_EXT_DESC is definedColin Ian King1-1/+0
When macro MACB_EXT_DESC is defined we end up with two identical return statements and just one is sufficient. Remove the extra return. Detected by CoverityScan, CID#1449361 ("Structurally dead code") Signed-off-by: Colin Ian King <colin.king@canonical.com> Acked-by: Nicolas Ferre <nicolas.ferre@microchip.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2017-07-05bpf: add missing break in for the TCP_BPF_SNDCWND_CLAMP caseColin Ian King1-0/+1
There appears to be a missing break in the TCP_BPF_SNDCWND_CLAMP case. Currently the non-error path where val is greater than zero falls through to the default case that sets the error return to -EINVAL. Add in the missing break. Detected by CoverityScan, CID#1449376 ("Missing break in switch") Fixes: 13bf96411ad2 ("bpf: Adds support for setting sndcwnd clamp") Signed-off-by: Colin Ian King <colin.king@canonical.com> Acked-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Lawrence Brakmo <brakmo@fb.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2017-07-05bpf: fix return in load_bpf_fileLawrence Brakmo1-2/+6
The function load_bpf_file ignores the return value of load_and_attach(), so even if load_and_attach() returns an error, load_bpf_file() will return 0. Now, load_bpf_file() can call load_and_attach() multiple times and some can succeed and some could fail. I think the correct behavor is to return error on the first failed load_and_attach(). v2: Added missing SOB Signed-off-by: Lawrence Brakmo <brakmo@fb.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2017-07-05mpls: fix rtm policy in mpls_getrouteRoopa Prabhu2-2/+1
fix rtm policy name typo in mpls_getroute and also remove export of rtm_ipv4_policy Fixes: 397fc9e5cefe ("mpls: route get support") Reported-by: David S. Miller <davem@davemloft.net> Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2017-07-05Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6Herbert Xu11-43/+47
Merge the crypto tree to pull in fixes for the next merge window.
2017-07-04Merge branch 'merge/randstruct' into for-next/gcc-pluginsKees Cook14-9/+1146
2017-07-04Merge branch 'for-next/gcc-plugin-infrastructure' into merge/randstructKees Cook1-1/+1
2017-07-04Merge tag 'armsoc-arm64' of ↵Linus Torvalds3-6/+48
git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC 64-bit updates from Arnd Bergmann: "Changes to platform code for 64-bit ARM platforms. Andreas Färber adds two new platforms with initial code: Realtek RTD1295 and Action Semi S900. Both are fairly similar chips, used mainly in set-top-boxes, but with other possible applications, and additional members in the respective product families that could be added in the future. The code here is fairly minimal, as all the interesting parts are in device drivers and dts files. The Broadcom Vulcan platform gets dropped, as no products ever became available, and Cavium integrated the platform under a new name. Among some other defconfig changes, Timur Tabi enables a number of options that are typically required for server platforms" * tag 'armsoc-arm64' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: arm64: defconfig: remove duplicate entry arm64: defconfig: enable Qualcomm Technologies EMAC and some PHY drivers arm64: defconfig: enable QCOM_L2_PMU and QCOM_L3_PMU arm64: defconfig: enable EDAC options arm64: defconfig: enable APEI and GHES features arm64: defconfig: enable support for PCIe hotplug arm64: defconfig: enable EFI_CAPSULE_LOADER arm64: defconfig: enable BLK_DEV_NVME arm64: defconfig: enable ACPI_CPPC_CPUFREQ arm64: marvell: enable ICU and GICP drivers arm64: marvell: enable the Armada 7K/8K pinctrl driver arm64: Prepare Actions Semi S900 ARM64: defconfig: enable meson SPICC as module ARM64: defconfig: enable IR core, decoders and Meson IR device arm64: defconfig: enable Simple Sound Card support arm64: defconfig: Enable ARCH_BRCMSTB arm64: defconfig: drop ARCH_VULCAN arm64: disable Broadcom Vulcan platform MAINTAINERS: Add Realtek section ARM64: Prepare Realtek RTD1295
2017-07-04Merge tag 'armsoc-dt64' of ↵Linus Torvalds171-2365/+11429
git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM 64-bit DT updates from Arnd Bergmann: "Device-tree updates for arm64 platforms. For the first time I can remember, this is actually larger than the corresponding branch for 32-bit platforms overall, though that has more individual changes. A significant portion this time is due to added machine support: - Initial support for the Realtek RTD1295 SoC, along with the Zidoo X9S set-top-box - Initial support for Actions Semi S900 and the Bubblegum-96 single-board-cёmputer. - Rockchips support for the rk3399-Firefly single-board-computer gets added, this one stands out for being relatively fast, affordable and well₋supported, compared to many boards that only fall into one or two of the above categories. - Mediatek gains support for the mt6797 mobile-phone SoC platform and corresponding evaluation board. - Amlogic board support gets added for the NanoPi K2 and S905x LibreTech CC single-board computers and the R-Box Pro set-top-box - Allwinner board support gets added for the OrangePi Win, Orangepi Zero Plus 2, NanoPi NEO2 and Orange Pi Prime single board computers and the SoPine system-on-module. - Renesas board support for Salvator-XS and H3ULCB automotive development systems. - Socionext Uniphier board support for LD11-global and LD20-global, whatever those may be. - Broadcom adds support for the new Stingray communication processor in its iProc family, along with two reference boards. Other updates include: - For the hisicon platform, support for Hi3660-Hikey960 gets extended significantly. - Lots of smaller updates for Renesas, Amlogic, Rockchip, UniPhier, Broadcom, Allwinner, Hisilicon, Qualcomm, Marvell, and NXP" * tag 'armsoc-dt64' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (243 commits) ARM64: dts: marvell: armada37xx: Fix timer interrupt specifiers Revert "arm64: dts: marvell: add dma-mask in crypto nodes for 7k/8k" arm64: dts: mediatek: don't include missing file ARM64: dts: meson-gxl: Add Libre Technology CC support dt-bindings: arm: amlogic: Add Libre Technology CC board dt-bindings: add Libre Technology vendor prefix arm64: dts: marvell: enable GICP and ICU on Armada 7K/8K arm64: dts: zte: Use - instead of @ for DT OPP entries arm64: dts: marvell: add gpio support for Armada 7K/8K arm64: dts: marvell: add pinctrl support for Armada 7K/8K arm64: dts: marvell: use new binding for the system controller on cp110 arm64: dts: marvell: remove *-clock-output-names on cp110 arm64: dts: marvell: use new bindings for xor clocks on ap806 arm64: dts: marvell: mcbin: enable the mdio node arm64: dts: Add Actions Semi S900 and Bubblegum-96 dt-bindings: Add vendor prefix for uCRobotics arm64: dts: marvell: add xmdio nodes for 7k/8k arm64: dts: marvell: add a comment on the cp110 slave node status arm64: dts: marvell: remove cpm crypto nodes from dts files arm64: dts: marvell: cp110: enable the crypto engine at the SoC level ...
2017-07-04Merge tag 'armsoc-drivers' of ↵Linus Torvalds42-198/+2059
git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC driver updates from Arnd Bergmann: "New SoC specific drivers: - NVIDIA Tegra PM Domain support for newer SoCs (Tegra186 and later) based on the "BPMP" firmware - Clocksource and system controller drivers for the newly added Action Semi platforms (both arm and arm64). Reset subsystem, merged through arm-soc by tradition: - New drivers for Altera Stratix10, TI Keystone and Cortina Gemini SoCs - Various subsystem-wide cleanups Updates for existing SoC-specific drivers - TI GPMC (General Purpose Memory Controller) - Mediatek "scpsys" system controller support for MT6797 - Broadcom "brcmstb_gisb" bus arbitrer - ARM SCPI firmware - Renesas "SYSC" system controller One more driver update was submitted for the Freescale/NXP DPAA data path acceleration that has previously been used on PowerPC chips. I ended up postponing the merge until some API questions for its unusual MMIO access are resolved" * tag 'armsoc-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (35 commits) clocksource: owl: Add S900 support clocksource: Add Owl timer soc: renesas: rcar-sysc: Use GENPD_FLAG_ALWAYS_ON firmware: tegra: Fix locking bugs in BPMP soc/tegra: flowctrl: Fix error handling soc/tegra: bpmp: Implement generic PM domains soc/tegra: bpmp: Update ABI header PM / Domains: Allow overriding the ->xlate() callback soc: brcmstb: enable drivers for ARM64 and BMIPS soc: renesas: Rework Kconfig and Makefile logic reset: Add the TI SCI reset driver dt-bindings: reset: Add TI SCI reset binding reset: use kref for reference counting soc: qcom: smsm: Improve error handling, quiesce probe deferral cpufreq: scpi: use new scpi_ops functions to remove duplicate code firmware: arm_scpi: add support to populate OPPs and get transition latency dt-bindings: reset: Add reset manager offsets for Stratix10 memory: omap-gpmc: add error message if bank-width property is absent memory: omap-gpmc: make dts snippet include semicolon reset: Add a Gemini reset controller ...
2017-07-04Merge tag 'armsoc-defconfig' of ↵Linus Torvalds91-601/+104
git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC defconfig updates from Arnd Bergmann: "The main changes this time are from a cleanup series that Krzysztof Kozłowski did, looking for config options in the defconfig files that got removed or renamed. He tracked them down to make sure we don't lose information unintentionally after an update. Aside from that, there is the usual driver enablement, this time for davinci, samsung, stm32, bcm2835, qualcomm, at91, imx, mvebu, and omap" * tag 'armsoc-defconfig' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (37 commits) multi_v7_defconfig: Enable OMAP MTD and DM816 AHCI ARM: qcom_defconfig: enable RPMSG_QCOM_SMD ARM: imx_v6_v7_defconfig: Select CONFIG_IMX7D_ADC ARM: mvebu: Enable SENSORS_PWM_FAN in defconfig ARM: davinci_all_defconfig: enable USB CDC NCM gadget ARM: davinci_all_defconfig: enable mtdtests ARM: imx_v6_v7_defconfig: Set THERMAL_WRITABLE_TRIPS=y for testing ARM: bcm2835_defconfig: Enable serial & ethernet USB gadget support ARM: tct_hammer_defconfig: Save defconfig ARM: s5pv210_defconfig: Save defconfig ARM: s3c6400_defconfig: Save defconfig ARM: mini2440_defconfig: Save defconfig ARM: s3c2410_defconfig: Save defconfig ARM: exynos_defconfig: Save defconfig ARM: s5pv210_defconfig: Bring back lost (but wanted) options ARM: s3c6400_defconfig: Bring back lost (but wanted) options ARM: s3c2410_defconfig: Bring back lost (but wanted) options ARM: tct_hammer_defconfig: Bring back lost (but wanted) options ARM: mini2440_defconfig: Bring back lost (but wanted) options ARM: defconfig: samsung: Re-order entries to match savedefconfig ...
2017-07-04Merge tag 'armsoc-dt' of ↵Linus Torvalds424-4106/+11527
git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM device-tree updates from Arnd Bergmann: "Device-tree continues to see lots of updates. The majority of patches here are smaller changes for new hardware on existing platforms, and there are a few larger changes worth pointing out. New machines: - The new Action Semi S500 platform is added along with initial support for the LeMaker Guitar board. - STM32 gains support for three new boards: stm32h743-disco, stm32f746-disco, and stm32f769-disco, along with new device support for the existing stm32f429 boards. - Renesas adds two new boards, the tiny GR-Peach based on RZ/A1H with 10MB on-chip SRAM, and the iWave G20D-Q7 System-on-Module plus board. - On Marvell "mvebu", we gain support for the Linksys WRT3200ACM wireless router. - For NXP i.MX, we gain support for the Gateworks Ventana GW5600 and the Technexion Pico i.MX7D single-board computers. - The BeagleBone Blue is added for OMAP, it's the latest variation of the popular Beaglebone Black single-board computer. - The Allwinner based Lichee Pi Zero and NanoPi M1 Plus boards are added, these are the latest variations of a seemingly endless supply of similar single-board computers. Other updates: - Linus Walleij improves support for the "Faraday" based SoC platforms from various SoC makers (Moxart, Aspeed, Gemini) - The ARM Mali GPU is now describe on Rockchips SoCs - Mediatek MT7623 is extended significantly, making it much more useful. - Lots of individual updates on Renesas, OMAP, Rockchips, Broadcom, Allwinner, Qualcomm, iMX - For Amlogic, the clock support is extended a lot on meson8b. - We now build the devicetree file for the Raspberry Pi 3 on 32-bit ARM, in addition to the existing ARM64 support, to help users wanting to run a 32-bit system on it" * tag 'armsoc-dt' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (345 commits) ARM: dts: socfpga: set the i2c frequency ARM: dts: socfpga: Add second ethernet alias to VINING FPGA ARM: dts: socfpga: Drop LED node from VINING FPGA ARM: dts: socfpga: Remove I2C EEPROMs from VINING FPGA ARM: dts: socfpga: Enable QSPI support on VINING FPGA ARM: dts: socfpga: Fix the ethernet clock phandle ARM: pxa: Use - instead of @ for DT OPP entries ARM: dts: owl-s500: Add SPS node ARM: dts: owl-s500: Set CPU enable-method dt-bindings: arm: cpus: Add S500 enable-method ARM: dts: Add Actions Semi S500 and LeMaker Guitar dt-bindings: arm: Document Actions Semi S900 dt-bindings: timer: Document Owl timer ARM: dts: imx6q-cm-fx6: add sdio wifi/bt nodes dt-bindings: arm: Document Actions Semi S500 dt-bindings: Add vendor prefix for Actions Semi ARM: dts: turris-omnia: Add generic compatible string for I2C EEPROM ARM: dts: mvebu: add support for Linksys WRT3200ACM (Rango) ARM: dts: armada-385-linksys: fixup button node names ARM: dts: armada-385-linksys: group pins in pinctrl ...
2017-07-04Merge branch 'net-subsystem-misc-refcounter-conversions'David S. Miller61-209/+223
Elena Reshetova says: ==================== v2 net subsystem misc refcounter conversions Changes in v2: * rebase on top of net-next * currently by default refcount_t = atomic_t (*) and uses all atomic standard operations unless CONFIG_REFCOUNT_FULL is enabled. This is a compromise for the systems that are critical on performance (such as net) and cannot accept even slight delay on the refcounter operations. This series, for various misc network components, replaces atomic_t reference counters with the new refcount_t type and API (see include/linux/refcount.h). By doing this we prevent intentional or accidental underflows or overflows that can led to use-after-free vulnerabilities. These are the last networking-related conversions with the exception of network drivers (to be send separately). Please excuse the long patch set, but seems like breaking it up won't save that much on CC list and most of the changes are trivial. The patches are fully independent and can be cherry-picked separately. In order to try with refcount functionality enabled in run-time, CONFIG_REFCOUNT_FULL must be enabled. NOTE: automatic kernel builder for some reason doesn't like all my network branches and regularly times out the builds on these branches. Suggestion for "waiting a day for a good coverage" doesn't work, as we have seen with generic network conversions. So please wait for the full report from kernel test rebot before merging further up. This has been compile-tested in 116 configs, but 71 timed out (including all s390-related configs again). I am trying to see if they can fix build coverage for me in meanwhile. * The respective change is currently merged into -next as "locking/refcount: Create unchecked atomic_t implementation". ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2017-07-04net, ax25: convert ax25_cb.refcount from atomic_t to refcount_tReshetova, Elena2-4/+4
refcount_t type and corresponding API should be used instead of atomic_t when the variable is used as a reference counter. This allows to avoid accidental refcounter overflows that might lead to use-after-free situations. Signed-off-by: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: David Windsor <dwindsor@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2017-07-04net, ax25: convert ax25_route.refcount from atomic_t to refcount_tReshetova, Elena2-4/+4
refcount_t type and corresponding API should be used instead of atomic_t when the variable is used as a reference counter. This allows to avoid accidental refcounter overflows that might lead to use-after-free situations. Signed-off-by: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: David Windsor <dwindsor@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2017-07-04net, ax25: convert ax25_uid_assoc.refcount from atomic_t to refcount_tReshetova, Elena2-5/+5
refcount_t type and corresponding API should be used instead of atomic_t when the variable is used as a reference counter. This allows to avoid accidental refcounter overflows that might lead to use-after-free situations. Signed-off-by: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: David Windsor <dwindsor@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2017-07-04net, sctp: convert sctp_ep_common.refcnt from atomic_t to refcount_tReshetova, Elena3-7/+7
refcount_t type and corresponding API should be used instead of atomic_t when the variable is used as a reference counter. This allows to avoid accidental refcounter overflows that might lead to use-after-free situations. Signed-off-by: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: David Windsor <dwindsor@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2017-07-04net, sctp: convert sctp_transport.refcnt from atomic_t to refcount_tReshetova, Elena2-5/+5
refcount_t type and corresponding API should be used instead of atomic_t when the variable is used as a reference counter. This allows to avoid accidental refcounter overflows that might lead to use-after-free situations. Signed-off-by: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: David Windsor <dwindsor@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2017-07-04net, sctp: convert sctp_chunk.refcnt from atomic_t to refcount_tReshetova, Elena2-4/+4
refcount_t type and corresponding API should be used instead of atomic_t when the variable is used as a reference counter. This allows to avoid accidental refcounter overflows that might lead to use-after-free situations. Signed-off-by: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: David Windsor <dwindsor@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2017-07-04net, sctp: convert sctp_datamsg.refcnt from atomic_t to refcount_tReshetova, Elena2-4/+4
refcount_t type and corresponding API should be used instead of atomic_t when the variable is used as a reference counter. This allows to avoid accidental refcounter overflows that might lead to use-after-free situations. Signed-off-by: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: David Windsor <dwindsor@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2017-07-04net, sctp: convert sctp_auth_bytes.refcnt from atomic_t to refcount_tReshetova, Elena2-4/+5
refcount_t type and corresponding API should be used instead of atomic_t when the variable is used as a reference counter. This allows to avoid accidental refcounter overflows that might lead to use-after-free situations. Signed-off-by: Elena Reshetova <elena.reshetova@intel.com> Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: David Windsor <dwindsor@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>