Age | Commit message (Collapse) | Author | Files | Lines |
|
The suspend/resume behavior of the TPM can be controlled by setting
"powered-while-suspended" in the DTS. This is useful for the cases
when hardware does not power-off the TPM.
Signed-off-by: Sonny Rao <sonnyrao@chromium.org>
Signed-off-by: Enric Balletbo i Serra <enric.balletbo@collabora.com>
Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
|
|
tpm2_do_selftest() performs a PCR read during the TPM initialization phase.
This patch replaces the PCR read code with a call to tpm2_pcr_read().
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkine@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
|
|
tpm2_pcr_read() now builds the PCR read command buffer with tpm_buf
functions. This solution is preferred to using a tpm2_cmd structure,
as tpm_buf functions provide protection against buffer overflow.
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
|
|
The pointer ilb_base_addr does not need to be in global scope, so make
it static.
Cleans up sparse warning:
"symbol 'ilb_base_addr' was not declared. Should it be static?"
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
|
|
Consolidated all the "manual" TPM startup code to a single function
in order to make code flows a bit cleaner and migrate to tpm_buf.
Tested-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
|
|
To overcome a hardware limitation on Intel Braswell systems,
disable CLKRUN protocol during TPM transactions and re-enable
once the transaction is completed.
Signed-off-by: Azhar Shaikh <azhar.shaikh@intel.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
|
|
priv->cmd_size is never initialised if the cmd and rsp buffers reside
at different addresses. Initialise it in the exit path of the function
when rsp buffer has also been successfully allocated.
Fixes: aa77ea0e43dc ("tpm/tpm_crb: cache cmd_size register value.").
Signed-off-by: Manuel Lauss <manuel.lauss@gmail.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
|
|
While cleaning up sysfs callback that prints EK we discovered a kernel
memory leak. This commit fixes the issue by zeroing the buffer used for
TPM command/response.
The leak happen when we use either tpm_vtpm_proxy, tpm_ibmvtpm or
xen-tpmfront.
Cc: stable@vger.kernel.org
Fixes: 0883743825e3 ("TPM: sysfs functions consolidation")
Reported-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Tested-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
|
|
If a TPM2 loses power without a TPM2_Shutdown command being issued (a
"disorderly reboot"), it may lose some state that has yet to be
persisted to NVRam, and will increment the DA counter. After the DA
counter gets sufficiently large, the TPM will lock the user out.
NOTE: This only changes behavior on TPM2 devices. Since TPM1 uses sysfs,
and sysfs relies on implicit locking on chip->ops, it is not safe to
allow this code to run in TPM1, or to add sysfs support to TPM2, until
that locking is made explicit.
Signed-off-by: Josh Zimmerman <joshz@google.com>
Cc: stable@vger.kernel.org
Fixes: 74d6b3ceaa17 ("tpm: fix suspend/resume paths for TPM 2.0")
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
|
|
The TPM class has some common shutdown code that must be executed for
all drivers. This adds some needed functionality for that.
Signed-off-by: Josh Zimmerman <joshz@google.com>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: stable@vger.kernel.org
Fixes: 74d6b3ceaa17 ("tpm: fix suspend/resume paths for TPM 2.0")
Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
|
|
Every developer always thinks that _their_ code is so special and
magical that it should be enabled by default.
And most of them are completely and utterly wrong. That's definitely
the case when you write a specialty driver for a very unsual "security
processor". It does *not* get to mark itself as "default m".
If you solve world hunger, and make a driver that cures people of
cancer, by all means enable it by default. But afaik, the Cavium
CNN55XX does neither.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
Pull networking updates from David Miller:
"Reasonably busy this cycle, but perhaps not as busy as in the 4.12
merge window:
1) Several optimizations for UDP processing under high load from
Paolo Abeni.
2) Support pacing internally in TCP when using the sch_fq packet
scheduler for this is not practical. From Eric Dumazet.
3) Support mutliple filter chains per qdisc, from Jiri Pirko.
4) Move to 1ms TCP timestamp clock, from Eric Dumazet.
5) Add batch dequeueing to vhost_net, from Jason Wang.
6) Flesh out more completely SCTP checksum offload support, from
Davide Caratti.
7) More plumbing of extended netlink ACKs, from David Ahern, Pablo
Neira Ayuso, and Matthias Schiffer.
8) Add devlink support to nfp driver, from Simon Horman.
9) Add RTM_F_FIB_MATCH flag to RTM_GETROUTE queries, from Roopa
Prabhu.
10) Add stack depth tracking to BPF verifier and use this information
in the various eBPF JITs. From Alexei Starovoitov.
11) Support XDP on qed device VFs, from Yuval Mintz.
12) Introduce BPF PROG ID for better introspection of installed BPF
programs. From Martin KaFai Lau.
13) Add bpf_set_hash helper for TC bpf programs, from Daniel Borkmann.
14) For loads, allow narrower accesses in bpf verifier checking, from
Yonghong Song.
15) Support MIPS in the BPF selftests and samples infrastructure, the
MIPS eBPF JIT will be merged in via the MIPS GIT tree. From David
Daney.
16) Support kernel based TLS, from Dave Watson and others.
17) Remove completely DST garbage collection, from Wei Wang.
18) Allow installing TCP MD5 rules using prefixes, from Ivan
Delalande.
19) Add XDP support to Intel i40e driver, from Björn Töpel
20) Add support for TC flower offload in nfp driver, from Simon
Horman, Pieter Jansen van Vuuren, Benjamin LaHaise, Jakub
Kicinski, and Bert van Leeuwen.
21) IPSEC offloading support in mlx5, from Ilan Tayari.
22) Add HW PTP support to macb driver, from Rafal Ozieblo.
23) Networking refcount_t conversions, From Elena Reshetova.
24) Add sock_ops support to BPF, from Lawrence Brako. This is useful
for tuning the TCP sockopt settings of a group of applications,
currently via CGROUPs"
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1899 commits)
net: phy: dp83867: add workaround for incorrect RX_CTRL pin strap
dt-bindings: phy: dp83867: provide a workaround for incorrect RX_CTRL pin strap
cxgb4: Support for get_ts_info ethtool method
cxgb4: Add PTP Hardware Clock (PHC) support
cxgb4: time stamping interface for PTP
nfp: default to chained metadata prepend format
nfp: remove legacy MAC address lookup
nfp: improve order of interfaces in breakout mode
net: macb: remove extraneous return when MACB_EXT_DESC is defined
bpf: add missing break in for the TCP_BPF_SNDCWND_CLAMP case
bpf: fix return in load_bpf_file
mpls: fix rtm policy in mpls_getroute
net, ax25: convert ax25_cb.refcount from atomic_t to refcount_t
net, ax25: convert ax25_route.refcount from atomic_t to refcount_t
net, ax25: convert ax25_uid_assoc.refcount from atomic_t to refcount_t
net, sctp: convert sctp_ep_common.refcnt from atomic_t to refcount_t
net, sctp: convert sctp_transport.refcnt from atomic_t to refcount_t
net, sctp: convert sctp_chunk.refcnt from atomic_t to refcount_t
net, sctp: convert sctp_datamsg.refcnt from atomic_t to refcount_t
net, sctp: convert sctp_auth_bytes.refcnt from atomic_t to refcount_t
...
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull crypto updates from Herbert Xu:
"Algorithms:
- add private key generation to ecdh
Drivers:
- add generic gcm(aes) to aesni-intel
- add SafeXcel EIP197 crypto engine driver
- add ecb(aes), cfb(aes) and ecb(des3_ede) to cavium
- add support for CNN55XX adapters in cavium
- add ctr mode to chcr
- add support for gcm(aes) to omap"
* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (140 commits)
crypto: testmgr - Reenable sha1/aes in FIPS mode
crypto: ccp - Release locks before returning
crypto: cavium/nitrox - dma_mapping_error() returns bool
crypto: doc - fix typo in docs
Documentation/bindings: Document the SafeXel cryptographic engine driver
crypto: caam - fix gfp allocation flags (part II)
crypto: caam - fix gfp allocation flags (part I)
crypto: drbg - Fixes panic in wait_for_completion call
crypto: caam - make of_device_ids const.
crypto: vmx - remove unnecessary check
crypto: n2 - make of_device_ids const
crypto: inside-secure - use the base_end pointer in ring rollback
crypto: inside-secure - increase the batch size
crypto: inside-secure - only dequeue when needed
crypto: inside-secure - get the backlog before dequeueing the request
crypto: inside-secure - stop requeueing failed requests
crypto: inside-secure - use one queue per hw ring
crypto: inside-secure - update the context and request later
crypto: inside-secure - align the cipher and hash send functions
crypto: inside-secure - optimize DSE bufferability control
...
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull GCC plugin updates from Kees Cook:
"The big part is the randstruct plugin infrastructure.
This is the first of two expected pull requests for randstruct since
there are dependencies in other trees that would be easier to merge
once those have landed. Notably, the IPC allocation refactoring in
-mm, and many trivial merge conflicts across several trees when
applying the __randomize_layout annotation.
As a result, it seemed like I should send this now since it is
relatively self-contained, and once the rest of the trees have landed,
send the annotation patches. I'm expecting the final phase of
randstruct (automatic struct selection) will land for v4.14, but if
its other tree dependencies actually make it for v4.13, I can send
that merge request too.
Summary:
- typo fix in Kconfig (Jean Delvare)
- randstruct infrastructure"
* tag 'gcc-plugins-v4.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
ARM: Prepare for randomized task_struct
randstruct: Whitelist NIU struct page overloading
randstruct: Whitelist big_key path struct overloading
randstruct: Whitelist UNIXCB cast
randstruct: Whitelist struct security_hook_heads cast
gcc-plugins: Add the randstruct plugin
Fix English in description of GCC_PLUGIN_STRUCTLEAK
compiler: Add __designated_init annotation
gcc-plugins: Detail c-common.h location for GCC 4.6
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull pstore updates from Kees Cook:
"Various fixes and tweaks for the pstore subsystem.
Highlights:
- use memdup_user() instead of open-coded copies (Geliang Tang)
- fix record memory leak during initialization (Douglas Anderson)
- avoid confused compressed record warning (Ankit Kumar)
- prepopulate record timestamp and remove redundant logic from
backends"
* tag 'pstore-v4.13-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
powerpc/nvram: use memdup_user
pstore: use memdup_user
pstore: Fix format string to use %u for record id
pstore: Populate pstore record->time field
pstore: Create common record initializer
efi-pstore: Refactor erase routine
pstore: Avoid potential infinite loop
pstore: Fix leaked pstore_record in pstore_get_backend_records()
pstore: Don't warn if data is uncompressed and type is not PSTORE_TYPE_DMESG
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security layer updates from James Morris:
- a major update for AppArmor. From JJ:
* several bug fixes and cleanups
* the patch to add symlink support to securityfs that was floated
on the list earlier and the apparmorfs changes that make use of
securityfs symlinks
* it introduces the domain labeling base code that Ubuntu has been
carrying for several years, with several cleanups applied. And it
converts the current mediation over to using the domain labeling
base, which brings domain stacking support with it. This finally
will bring the base upstream code in line with Ubuntu and provide
a base to upstream the new feature work that Ubuntu carries.
* This does _not_ contain any of the newer apparmor mediation
features/controls (mount, signals, network, keys, ...) that
Ubuntu is currently carrying, all of which will be RFC'd on top
of this.
- Notable also is the Infiniband work in SELinux, and the new file:map
permission. From Paul:
"While we're down to 21 patches for v4.13 (it was 31 for v4.12),
the diffstat jumps up tremendously with over 2k of line changes.
Almost all of these changes are the SELinux/IB work done by
Daniel Jurgens; some other noteworthy changes include a NFS v4.2
labeling fix, a new file:map permission, and reporting of policy
capabilities on policy load"
There's also now genfscon labeling support for tracefs, which was
lost in v4.1 with the separation from debugfs.
- Smack incorporates a safer socket check in file_receive, and adds a
cap_capable call in privilege check.
- TPM as usual has a bunch of fixes and enhancements.
- Multiple calls to security_add_hooks() can now be made for the same
LSM, to allow LSMs to have hook declarations across multiple files.
- IMA now supports different "ima_appraise=" modes (eg. log, fix) from
the boot command line.
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (126 commits)
apparmor: put back designators in struct initialisers
seccomp: Switch from atomic_t to recount_t
seccomp: Adjust selftests to avoid double-join
seccomp: Clean up core dump logic
IMA: update IMA policy documentation to include pcr= option
ima: Log the same audit cause whenever a file has no signature
ima: Simplify policy_func_show.
integrity: Small code improvements
ima: fix get_binary_runtime_size()
ima: use ima_parse_buf() to parse template data
ima: use ima_parse_buf() to parse measurements headers
ima: introduce ima_parse_buf()
ima: Add cgroups2 to the defaults list
ima: use memdup_user_nul
ima: fix up #endif comments
IMA: Correct Kconfig dependencies for hash selection
ima: define is_ima_appraise_enabled()
ima: define Kconfig IMA_APPRAISE_BOOTPARAM option
ima: define a set of appraisal rules requiring file signatures
ima: extend the "ima_policy" boot command line to support multiple policies
...
|
|
Pull audit updates from Paul Moore:
"Things are relatively quiet on the audit front for v4.13, just five
patches for a total diffstat of 102 lines.
There are two patches from Richard to consistently record the POSIX
capabilities and add the ambient capability information as well.
I also chipped in two patches to fix a race condition with the auditd
tracking code and ensure we don't skip sending any records to the
audit multicast group.
Finally a single style fix that I accepted because I must have been in
a good mood that day.
Everything passes our test suite, and should be relatively harmless,
please merge for v4.13"
* 'stable-4.13' of git://git.infradead.org/users/pcmoore/audit:
audit: make sure we never skip the multicast broadcast
audit: fix a race condition with the auditd tracking code
audit: style fix
audit: add ambient capabilities to CAPSET and BPRM_FCAPS records
audit: unswing cap_* fields in PATH records
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk
Pull printk updates from Petr Mladek:
- Store printk() messages into the main log buffer directly even in NMI
when the lock is available. It is the best effort to print even large
chunk of text. It is handy, for example, when all ftrace messages are
printed during the system panic in NMI.
- Add missing annotations to calm down compiler warnings
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk:
printk: add __printf attributes to internal functions
printk: Use the main logbuf in NMI when logbuf_lock is available
|
|
Sekhar Nori says:
====================
net: phy: dp83867: workaround incorrect RX_CTRL pin strap
This patch series adds workaround for incorrect RX_CTRL pin strap
setting that can be found on some TI boards.
This is required to be complaint to PHY datamanual specification.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The data manual for DP83867IR/CR, SNLS484E[1], revised march 2017,
advises that strapping RX_DV/RX_CTRL pin in mode 1 and 2 is not
supported (see note below Table 5 (4-Level Strap Pins)).
There are some boards which have the pin strapped this way and need
software workaround suggested by the data manual. Bit[7] of
Configuration Register 4 (address 0x0031) must be cleared to 0. This
ensures proper operation of the PHY.
Implement driver support for device-tree property meant to advertise
the wrong strapping.
[1] http://www.ti.com/lit/ds/snls484e/snls484e.pdf
Signed-off-by: Murali Karicheri <m-karicheri2@ti.com>
[nsekhar@ti.com: rebase to mainline, code simplification]
Signed-off-by: Sekhar Nori <nsekhar@ti.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The data manual for DP83867IR/CR, SNLS484E[1], revised march 2017,
advises that strapping RX_DV/RX_CTRL pin in mode 1 and 2 is not
supported (see note below Table 5 (4-Level Strap Pins)).
It further advises that if a board has this pin strapped in mode 1 and
mode 2, then to ensure proper operation of the PHY, a software workaround
must be implemented.
Since it is not possible to detect in software if RX_DV/RX_CTRL pin is
incorrectly strapped, add a device-tree property for the board to
advertise this and allow corrective action in software.
[1] http://www.ti.com/lit/ds/snls484e/snls484e.pdf
Signed-off-by: Murali Karicheri <m-karicheri2@ti.com>
[nsekhar@ti.com: rebase to mainline, split documentation into separate patch]
Signed-off-by: Sekhar Nori <nsekhar@ti.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Atul Gupta says:
====================
cxgb4: Add PTP Hardware Clock (PHC) support
V4:
Splitting the patch again
V3:
Releasing lock in the exit paths
V2:
Splitting the patch
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Cc: Richard Cochran <richardcochran@gmail.com>
Signed-off-by: Atul Gupta <atul.gupta@chelsio.com>
Signed-off-by: Ganesh Goudar <ganeshgr@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Add PTP IEEE-1588 support and make it accessible via PHC subsystem.
The functionality is enabled for T5/T6 adapters. Driver interfaces with
Firmware to program and adjust the clock offset.
Cc: Richard Cochran <richardcochran@gmail.com>
Signed-off-by: Atul Gupta <atul.gupta@chelsio.com>
Signed-off-by: Ganesh Goudar <ganeshgr@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Supports hardware and software time stamping via the
Linux SO_TIMESTAMPING socket option.
Cc: Richard Cochran <richardcochran@gmail.com>
Signed-off-by: Atul Gupta <atul.gupta@chelsio.com>
Signed-off-by: Ganesh Goudar <ganeshgr@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Jakub Kicinski says:
====================
nfp: port enumeration change and FW ABI adjustment
This set changes the way ports are numbered internally to avoid MAC address
changes and invalid link information when breakout is configured. Second
patch gets rid of old way of looking up MAC addresses in device information
which caused all this confusion.
Patch 3 is a small adjustment to the new FW ABI version we introduced in
this release cycle.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
ABI 4.x introduced the chained metadata format and made it the
only one possible. There are cases, however, where the old
format is preferred - mostly to make interoperation with VFs
using ABI 3.x easier for the datapath. In ABI 5.x we allowed
for more flexibility by selecting the metadata format based
on capabilities. The default was left to non-chained.
In case of fallback traffic, there is no capability telling the
driver there may be chained metadata. With a very stripped-
-down FW the default old metadata format would be selected
making the driver drop all fallback traffic.
This patch changes the default selection in the driver. It
should not hurt with old firmwares, because if they don't
advertise RSS they will not produce metadata anyway. New
firmwares advertising ABI 5.x, however, can depend on the
driver defaulting to chained format.
Fixes: f9380629fafc ("nfp: advertise support for NFD ABI 0.5")
Suggested-by: Michael Rapson <michael.rapson@netronome.com>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The legacy MAC address lookup doesn't work well with breakout
cables. We are probably better off picking random addresses
than the wrong ones in the theoretical scenario where management
FW didn't tell us what the port config is.
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
For historical reasons we enumerate the vNICs in order. This means
that if user configures breakout on a multiport card, the first
interface of the second port will have its MAC address changed.
What's worse, when moved from static information (HWInfo) to using
management FW (NSP), more features started depending on the port ids.
Right now in case of breakout first subport of the second port and
second subport of the first port will have their link info swapped.
Revise the ordering scheme so that first subport maintains its address.
Side effect of this change is that we will use base lane ids in
devlink (i.e. 40G ports will be 4 ids apart), e.g.:
pci/0000:04:00.0/0: type eth netdev p6p1
pci/0000:04:00.0/4: type eth netdev p6p2
Note that behaviour of phys_port_id is not changed since there is
a separate id number for the subport there.
Fixes: ec8b1fbe682d ("nfp: support port splitting via devlink")
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
When macro MACB_EXT_DESC is defined we end up with two identical
return statements and just one is sufficient. Remove the extra
return.
Detected by CoverityScan, CID#1449361 ("Structurally dead code")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Nicolas Ferre <nicolas.ferre@microchip.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
There appears to be a missing break in the TCP_BPF_SNDCWND_CLAMP case.
Currently the non-error path where val is greater than zero falls through
to the default case that sets the error return to -EINVAL. Add in
the missing break.
Detected by CoverityScan, CID#1449376 ("Missing break in switch")
Fixes: 13bf96411ad2 ("bpf: Adds support for setting sndcwnd clamp")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Lawrence Brakmo <brakmo@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The function load_bpf_file ignores the return value of
load_and_attach(), so even if load_and_attach() returns an error,
load_bpf_file() will return 0.
Now, load_bpf_file() can call load_and_attach() multiple times and some
can succeed and some could fail. I think the correct behavor is to
return error on the first failed load_and_attach().
v2: Added missing SOB
Signed-off-by: Lawrence Brakmo <brakmo@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
fix rtm policy name typo in mpls_getroute and also remove
export of rtm_ipv4_policy
Fixes: 397fc9e5cefe ("mpls: route get support")
Reported-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Merge the crypto tree to pull in fixes for the next merge window.
|
|
|
|
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
Pull ARM SoC 64-bit updates from Arnd Bergmann:
"Changes to platform code for 64-bit ARM platforms.
Andreas Färber adds two new platforms with initial code: Realtek
RTD1295 and Action Semi S900. Both are fairly similar chips, used
mainly in set-top-boxes, but with other possible applications, and
additional members in the respective product families that could be
added in the future. The code here is fairly minimal, as all the
interesting parts are in device drivers and dts files.
The Broadcom Vulcan platform gets dropped, as no products ever became
available, and Cavium integrated the platform under a new name.
Among some other defconfig changes, Timur Tabi enables a number of
options that are typically required for server platforms"
* tag 'armsoc-arm64' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
arm64: defconfig: remove duplicate entry
arm64: defconfig: enable Qualcomm Technologies EMAC and some PHY drivers
arm64: defconfig: enable QCOM_L2_PMU and QCOM_L3_PMU
arm64: defconfig: enable EDAC options
arm64: defconfig: enable APEI and GHES features
arm64: defconfig: enable support for PCIe hotplug
arm64: defconfig: enable EFI_CAPSULE_LOADER
arm64: defconfig: enable BLK_DEV_NVME
arm64: defconfig: enable ACPI_CPPC_CPUFREQ
arm64: marvell: enable ICU and GICP drivers
arm64: marvell: enable the Armada 7K/8K pinctrl driver
arm64: Prepare Actions Semi S900
ARM64: defconfig: enable meson SPICC as module
ARM64: defconfig: enable IR core, decoders and Meson IR device
arm64: defconfig: enable Simple Sound Card support
arm64: defconfig: Enable ARCH_BRCMSTB
arm64: defconfig: drop ARCH_VULCAN
arm64: disable Broadcom Vulcan platform
MAINTAINERS: Add Realtek section
ARM64: Prepare Realtek RTD1295
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
Pull ARM 64-bit DT updates from Arnd Bergmann:
"Device-tree updates for arm64 platforms. For the first time I can
remember, this is actually larger than the corresponding branch for
32-bit platforms overall, though that has more individual changes.
A significant portion this time is due to added machine support:
- Initial support for the Realtek RTD1295 SoC, along with the Zidoo
X9S set-top-box
- Initial support for Actions Semi S900 and the Bubblegum-96
single-board-cёmputer.
- Rockchips support for the rk3399-Firefly single-board-computer gets
added, this one stands out for being relatively fast, affordable
and well₋supported, compared to many boards that only fall into one
or two of the above categories.
- Mediatek gains support for the mt6797 mobile-phone SoC platform and
corresponding evaluation board.
- Amlogic board support gets added for the NanoPi K2 and S905x
LibreTech CC single-board computers and the R-Box Pro set-top-box
- Allwinner board support gets added for the OrangePi Win, Orangepi
Zero Plus 2, NanoPi NEO2 and Orange Pi Prime single board computers
and the SoPine system-on-module.
- Renesas board support for Salvator-XS and H3ULCB automotive
development systems.
- Socionext Uniphier board support for LD11-global and LD20-global,
whatever those may be.
- Broadcom adds support for the new Stingray communication processor
in its iProc family, along with two reference boards.
Other updates include:
- For the hisicon platform, support for Hi3660-Hikey960 gets extended
significantly.
- Lots of smaller updates for Renesas, Amlogic, Rockchip, UniPhier,
Broadcom, Allwinner, Hisilicon, Qualcomm, Marvell, and NXP"
* tag 'armsoc-dt64' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (243 commits)
ARM64: dts: marvell: armada37xx: Fix timer interrupt specifiers
Revert "arm64: dts: marvell: add dma-mask in crypto nodes for 7k/8k"
arm64: dts: mediatek: don't include missing file
ARM64: dts: meson-gxl: Add Libre Technology CC support
dt-bindings: arm: amlogic: Add Libre Technology CC board
dt-bindings: add Libre Technology vendor prefix
arm64: dts: marvell: enable GICP and ICU on Armada 7K/8K
arm64: dts: zte: Use - instead of @ for DT OPP entries
arm64: dts: marvell: add gpio support for Armada 7K/8K
arm64: dts: marvell: add pinctrl support for Armada 7K/8K
arm64: dts: marvell: use new binding for the system controller on cp110
arm64: dts: marvell: remove *-clock-output-names on cp110
arm64: dts: marvell: use new bindings for xor clocks on ap806
arm64: dts: marvell: mcbin: enable the mdio node
arm64: dts: Add Actions Semi S900 and Bubblegum-96
dt-bindings: Add vendor prefix for uCRobotics
arm64: dts: marvell: add xmdio nodes for 7k/8k
arm64: dts: marvell: add a comment on the cp110 slave node status
arm64: dts: marvell: remove cpm crypto nodes from dts files
arm64: dts: marvell: cp110: enable the crypto engine at the SoC level
...
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
Pull ARM SoC driver updates from Arnd Bergmann:
"New SoC specific drivers:
- NVIDIA Tegra PM Domain support for newer SoCs (Tegra186 and later)
based on the "BPMP" firmware
- Clocksource and system controller drivers for the newly added
Action Semi platforms (both arm and arm64).
Reset subsystem, merged through arm-soc by tradition:
- New drivers for Altera Stratix10, TI Keystone and Cortina Gemini
SoCs
- Various subsystem-wide cleanups
Updates for existing SoC-specific drivers
- TI GPMC (General Purpose Memory Controller)
- Mediatek "scpsys" system controller support for MT6797
- Broadcom "brcmstb_gisb" bus arbitrer
- ARM SCPI firmware
- Renesas "SYSC" system controller
One more driver update was submitted for the Freescale/NXP DPAA data
path acceleration that has previously been used on PowerPC chips. I
ended up postponing the merge until some API questions for its unusual
MMIO access are resolved"
* tag 'armsoc-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (35 commits)
clocksource: owl: Add S900 support
clocksource: Add Owl timer
soc: renesas: rcar-sysc: Use GENPD_FLAG_ALWAYS_ON
firmware: tegra: Fix locking bugs in BPMP
soc/tegra: flowctrl: Fix error handling
soc/tegra: bpmp: Implement generic PM domains
soc/tegra: bpmp: Update ABI header
PM / Domains: Allow overriding the ->xlate() callback
soc: brcmstb: enable drivers for ARM64 and BMIPS
soc: renesas: Rework Kconfig and Makefile logic
reset: Add the TI SCI reset driver
dt-bindings: reset: Add TI SCI reset binding
reset: use kref for reference counting
soc: qcom: smsm: Improve error handling, quiesce probe deferral
cpufreq: scpi: use new scpi_ops functions to remove duplicate code
firmware: arm_scpi: add support to populate OPPs and get transition latency
dt-bindings: reset: Add reset manager offsets for Stratix10
memory: omap-gpmc: add error message if bank-width property is absent
memory: omap-gpmc: make dts snippet include semicolon
reset: Add a Gemini reset controller
...
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
Pull ARM SoC defconfig updates from Arnd Bergmann:
"The main changes this time are from a cleanup series that Krzysztof
Kozłowski did, looking for config options in the defconfig files that
got removed or renamed. He tracked them down to make sure we don't
lose information unintentionally after an update.
Aside from that, there is the usual driver enablement, this time for
davinci, samsung, stm32, bcm2835, qualcomm, at91, imx, mvebu, and
omap"
* tag 'armsoc-defconfig' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (37 commits)
multi_v7_defconfig: Enable OMAP MTD and DM816 AHCI
ARM: qcom_defconfig: enable RPMSG_QCOM_SMD
ARM: imx_v6_v7_defconfig: Select CONFIG_IMX7D_ADC
ARM: mvebu: Enable SENSORS_PWM_FAN in defconfig
ARM: davinci_all_defconfig: enable USB CDC NCM gadget
ARM: davinci_all_defconfig: enable mtdtests
ARM: imx_v6_v7_defconfig: Set THERMAL_WRITABLE_TRIPS=y for testing
ARM: bcm2835_defconfig: Enable serial & ethernet USB gadget support
ARM: tct_hammer_defconfig: Save defconfig
ARM: s5pv210_defconfig: Save defconfig
ARM: s3c6400_defconfig: Save defconfig
ARM: mini2440_defconfig: Save defconfig
ARM: s3c2410_defconfig: Save defconfig
ARM: exynos_defconfig: Save defconfig
ARM: s5pv210_defconfig: Bring back lost (but wanted) options
ARM: s3c6400_defconfig: Bring back lost (but wanted) options
ARM: s3c2410_defconfig: Bring back lost (but wanted) options
ARM: tct_hammer_defconfig: Bring back lost (but wanted) options
ARM: mini2440_defconfig: Bring back lost (but wanted) options
ARM: defconfig: samsung: Re-order entries to match savedefconfig
...
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
Pull ARM device-tree updates from Arnd Bergmann:
"Device-tree continues to see lots of updates. The majority of patches
here are smaller changes for new hardware on existing platforms, and
there are a few larger changes worth pointing out.
New machines:
- The new Action Semi S500 platform is added along with initial
support for the LeMaker Guitar board.
- STM32 gains support for three new boards: stm32h743-disco,
stm32f746-disco, and stm32f769-disco, along with new device support
for the existing stm32f429 boards.
- Renesas adds two new boards, the tiny GR-Peach based on RZ/A1H with
10MB on-chip SRAM, and the iWave G20D-Q7 System-on-Module plus
board.
- On Marvell "mvebu", we gain support for the Linksys WRT3200ACM
wireless router.
- For NXP i.MX, we gain support for the Gateworks Ventana GW5600 and
the Technexion Pico i.MX7D single-board computers.
- The BeagleBone Blue is added for OMAP, it's the latest variation of
the popular Beaglebone Black single-board computer.
- The Allwinner based Lichee Pi Zero and NanoPi M1 Plus boards are
added, these are the latest variations of a seemingly endless
supply of similar single-board computers.
Other updates:
- Linus Walleij improves support for the "Faraday" based SoC
platforms from various SoC makers (Moxart, Aspeed, Gemini)
- The ARM Mali GPU is now describe on Rockchips SoCs
- Mediatek MT7623 is extended significantly, making it much more
useful.
- Lots of individual updates on Renesas, OMAP, Rockchips, Broadcom,
Allwinner, Qualcomm, iMX
- For Amlogic, the clock support is extended a lot on meson8b.
- We now build the devicetree file for the Raspberry Pi 3 on 32-bit
ARM, in addition to the existing ARM64 support, to help users
wanting to run a 32-bit system on it"
* tag 'armsoc-dt' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (345 commits)
ARM: dts: socfpga: set the i2c frequency
ARM: dts: socfpga: Add second ethernet alias to VINING FPGA
ARM: dts: socfpga: Drop LED node from VINING FPGA
ARM: dts: socfpga: Remove I2C EEPROMs from VINING FPGA
ARM: dts: socfpga: Enable QSPI support on VINING FPGA
ARM: dts: socfpga: Fix the ethernet clock phandle
ARM: pxa: Use - instead of @ for DT OPP entries
ARM: dts: owl-s500: Add SPS node
ARM: dts: owl-s500: Set CPU enable-method
dt-bindings: arm: cpus: Add S500 enable-method
ARM: dts: Add Actions Semi S500 and LeMaker Guitar
dt-bindings: arm: Document Actions Semi S900
dt-bindings: timer: Document Owl timer
ARM: dts: imx6q-cm-fx6: add sdio wifi/bt nodes
dt-bindings: arm: Document Actions Semi S500
dt-bindings: Add vendor prefix for Actions Semi
ARM: dts: turris-omnia: Add generic compatible string for I2C EEPROM
ARM: dts: mvebu: add support for Linksys WRT3200ACM (Rango)
ARM: dts: armada-385-linksys: fixup button node names
ARM: dts: armada-385-linksys: group pins in pinctrl
...
|
|
Elena Reshetova says:
====================
v2 net subsystem misc refcounter conversions
Changes in v2:
* rebase on top of net-next
* currently by default refcount_t = atomic_t (*) and uses all
atomic standard operations unless CONFIG_REFCOUNT_FULL is enabled.
This is a compromise for the systems that are critical on
performance (such as net) and cannot accept even slight delay
on the refcounter operations.
This series, for various misc network components, replaces atomic_t reference
counters with the new refcount_t type and API (see include/linux/refcount.h).
By doing this we prevent intentional or accidental
underflows or overflows that can led to use-after-free vulnerabilities.
These are the last networking-related conversions with the exception of
network drivers (to be send separately).
Please excuse the long patch set, but seems like breaking it up
won't save that much on CC list and most of the changes are
trivial.
The patches are fully independent and can be cherry-picked separately.
In order to try with refcount functionality enabled in run-time,
CONFIG_REFCOUNT_FULL must be enabled.
NOTE: automatic kernel builder for some reason doesn't like all my
network branches and regularly times out the builds on these branches.
Suggestion for "waiting a day for a good coverage" doesn't work, as
we have seen with generic network conversions. So please wait for the
full report from kernel test rebot before merging further up.
This has been compile-tested in 116 configs, but 71 timed out (including
all s390-related configs again). I am trying to see if they can fix
build coverage for me in meanwhile.
* The respective change is currently merged into -next as
"locking/refcount: Create unchecked atomic_t implementation".
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.
Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.
Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.
Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.
Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.
Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.
Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.
Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.
Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|