"meta pkttype set" is only supported on prerouting chain with bridge
family and ingress chain with netdev family.
But the validate check is incomplete, and the user can add the nft
rules on input chain with bridge family, for example:
# nft add table bridge filter
# nft add chain bridge filter input {type filter hook input \
priority 0 \;}
# nft add chain bridge filter test
# nft add rule bridge filter test meta pkttype set unicast
# nft add rule bridge filter input jump test
This patch fixes the problem.
Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
After I add the nft rule "nft add rule filter prerouting reject
with tcp reset", kernel panic happened on my system:
NULL pointer dereference at ...
IP: [<ffffffff81b9db2f>] nf_send_reset+0xaf/0x400
Call Trace:
[<ffffffff81b9da80>] ? nf_reject_ip_tcphdr_get+0x160/0x160
[<ffffffffa0928061>] nft_reject_ipv4_eval+0x61/0xb0 [nft_reject_ipv4]
[<ffffffffa08e836a>] nft_do_chain+0x1fa/0x890 [nf_tables]
[<ffffffffa08e8170>] ? __nft_trace_packet+0x170/0x170 [nf_tables]
[<ffffffffa06e0900>] ? nf_ct_invert_tuple+0xb0/0xc0 [nf_conntrack]
[<ffffffffa07224d4>] ? nf_nat_setup_info+0x5d4/0x650 [nf_nat]
[...]
Because in the PREROUTING chain, routing information is not exist,
then we will dereference the NULL pointer and oops happen.
So we restrict reject expression to INPUT, FORWARD and OUTPUT chain.
This is consistent with iptables REJECT target.
Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
First drm-next pull for radeon and amdgpu for 4.9. Highlights:
- powerplay support for iceland asics
- improved GPU reset (both full asic and per block)
- UVD and VCE powergating for CZ and ST
- VCE clockgating for CZ and ST
- Support for pre-initialized (e.g., zeroed) vram buffers
- ttm cleanups
- virtual display support
- core and radeon/amdgpu support for page_flip_target
- lots of bug fixes and clean ups
* 'drm-next-4.9' of git://people.freedesktop.org/~agd5f/linux: (171 commits)
drm/amdgpu: use memcpy_toio for VCE firmware upload
drm/amdgpu: use memcpy_to/fromio for UVD fw upload
drm/amd/powerplay: delete useless code in iceland_hwmgr.c.
drm/radeon: switch UVD code to use UVD_NO_OP for padding
drm/amdgpu: switch UVD code to use UVD_NO_OP for padding
drm/radeon: add support for UVD_NO_OP register
drm/amdgpu: add support for UVD_NO_OP register
drm/amdgpu: fix VCE ib alignment value
drm/amdgpu: fix IB alignment for UVD
drm/amd/amdgpu: Print ring name in amdgpu_ib_schedule()
drm/radeon: remove dead code, si_mc_load_microcode (v2)
drm/radeon/cik: remove dead code (v2)
drm/amd/powerplay: avoid NULL dereference, cz_hwmgr.c
drm/amd/powerplay: avoid NULL pointer dereference
drm/amdgpu/gmc8: remove dead code (v2)
drm/amdgpu/gmc7: remove dead code (v2)
drm/amdgpu: Fix indentation in dce_v8_0_audio_write_sad_regs()
drm/amdgpu: Use correct mask in dce_v8_0_afmt_setmode() and fix comment typos.
drm/amdgpu: cleanup amdgpu_vm_bo_update params
drm/amdgpu: stop adding dummy entry in amdgpu_ttm_placement_init
...
drm/tegra: Fixes for v4.8-rc4
This contains one fix for DSI runtime power management support that was
introduced in v4.8-rc1. This is slightly more elaborate than I would've
wished, but there are a few corner cases that needed fixing.
* tag 'drm/tegra/for-4.8-rc4' of git://anongit.freedesktop.org/tegra/linux:
drm/tegra: dsi: Enhance runtime power management
drm-intel-next-2016-08-22:
- bugfixes and cleanups for rcu-protected requests (Chris)
- atomic modeset fixes for gpu reset on pre-g4x (Maarten&Ville)
- guc submission improvements (Dave Gordon)
- panel power sequence cleanup (Imre)
- better use of stolen and unmappable ggtt (Chris), plus prep work to make that
happen
- rework of framebuffer offsets, prep for multi-plane framebuffers (Ville)
- fully partial ggtt vmaps, including fenced ones (Chris)
- move lots more of the gem tracking from the object to the vma (Chris)
- tune the command parser (Chris)
- allow fbc without fences on recent platforms (Chris)
- fbc frontbuffer tracking fixes (Chris)
- fast prefaulting using io-mappping.h pgprot caching (Chris)
* 'drm-intel-next' of git://anongit.freedesktop.org/drm-intel: (141 commits)
io-mapping: Fixup for different names of writecombine
io-mapping.h: s/PAGE_KERNEL_IO/PAGE_KERNEL/
drm/i915: Update DRIVER_DATE to 20160822
drm/i915: Use remap_io_mapping() to prefault all PTE in a single pass
drm/i915: Embed the io-mapping struct inside drm_i915_private
io-mapping: Always create a struct to hold metadata about the io-mapping
drm/i915/fbc: Allow on unfenced surfaces, for recent gen
drm/i915/fbc: Don't set an illegal fence if unfenced
drm/i915: Flush delayed fence releases after reset
drm/i915: Reattach comment, complete type specification
drm/i915/cmdparser: Accelerate copies from WC memory
drm/i915/cmdparser: Use binary search for faster register lookup
drm/i915/cmdparser: Check for SKIP descriptors first
drm/i915/cmdparser: Compare against the previous command descriptor
drm/i915/cmdparser: Improve hash function
drm/i915/cmdparser: Only cache the dst vmap
drm/i915/cmdparser: Use cached vmappings
drm/i915/cmdparser: Add the TIMESTAMP register for the other engines
drm/i915/cmdparser: Make initialisation failure non-fatal
drm/i915: Stop discarding GTT cache-domain on unbind vma
...
This pull request contains the following rockchip drm changes:
- Introduce support for rk3399 vop/crtc
- Add PSR framework to the rockchip driver
- Implement PSR in the rockchip analogix edp driver
- Fix panel on/off in analogix to avoid damaging panels
- Some miscellaneous fixes to clean up logs and code readability
* 'for-next' of git://people.freedesktop.org/~seanpaul/dogwood:
drm/rockchip: analogix_dp: drop unnecessary probe deferral "error" print
drm/rockchip: Enable vblank without event
drm/rockchip: Improve analogix-dp psr handling
drm/rockchip: A couple small fixes to psr
drm/rockchip: Use a spinlock to protect psr state
drm/rockchip: Don't use a delayed worker for psr state changes
drm/rockchip: Convert psr_list_mutex to spinlock and use it
drm/rockchip: analogix_dp: implement PSR function
drm/bridge: analogix_dp: add the PSR function support
drm/rockchip: add an common abstracted PSR driver
drm/rockchip: vop: export line flag function
drm/bridge: analogix_dp: Ensure the panel is properly prepared/unprepared
dt-bindings: add compatible strings for big/little rockchip vops
dt-bindings: sort Rockchip vop compatible by chip's number
drm/rockchip: vop: add rk3399 vop support
drm/rockchip: vop: introduce VOP_REG_MASK
drm/rockchip: sort registers define by chip's number
We pass xen_vcpu_id mapping information to hypercalls which require
uint32_t type so it would be cleaner to have it as uint32_t. The
initializer to -1 can be dropped as we always do the mapping before using
it and we never check the 'not set' value anyway.
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
The MIPI DSI output on Tegra SoCs requires some external logic to
calibrate the MIPI pads before a video signal can be transmitted. This
MIPI calibration logic requires to be powered on while the MIPI pads are
being used, which is currently done as part of the DSI driver's probe
implementation.
This is suboptimal because it will leave the MIPI calibration logic
powered up even if the DSI output is never used.
On Tegra114 and earlier this behaviour also causes the driver to hang
while trying to power up the MIPI calibration logic because the power
partition that contains the MIPI calibration logic will be powered on
by the display controller at output pipeline configuration time. Thus
the power up sequence for the MIPI calibration logic happens before
it's power partition is guaranteed to be enabled.
Fix this by splitting up the API into a request/free pair of functions
that manage the runtime dependency between the DSI and the calibration
modules (no registers are accessed) and a set of enable, calibrate and
disable functions that program the MIPI calibration logic at points in
time where the power partition is really enabled.
While at it, make sure that the runtime power management also works in
ganged mode, which is currently also broken.
Reported-by: Jonathan Hunter <jonathanh@nvidia.com>
Tested-by: Jonathan Hunter <jonathanh@nvidia.com>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Most of these helpers had been introduced in the correct order, but some
were simply appended, which wasn't detected when they were applied.
Signed-off-by: Thierry Reding <treding@nvidia.com>
Jonathan writes:
First round of IIO fixes for the 4.8 cycle.
This is somewhat of a bumper set due to my unavailabilty earlier in the
month. The only slightly unusual ones are the dts updates for the
rockchip adc reset. The fix in the driver only makes sense with these
and the rockchip maintainer is happy with them going through IIO to
reach mainline.
Core stuff
* Fix an issue with a blocking op when !TASK_RUNNING. This been there
a while and snuck in with seemingly minor additions to some core
code paths.
* Tools
- generic_buffer failed to initialize the channel array pointer thus
in the case of no channels blows up trying to free a random memory
address.
* sw-trigger:
- Fix config group initialization when configfs is built as a module.
Drivers
* ad5933
- Fix an incorrect overwrite of an error value.
* ad799x
- A missed assignment of the update_scan_mode callback means buffered mode
doesn't work on the ad7991, ad7995 or ad7999.
* ads1015
- wrong pointer returned from i2c_get_clientdata (missmatch of assumptions)
* am2315
- Timestamps are reported, but never actually acquired from anywhere
(so always 0)
- missing buffer selects in Kconfig
* am335x adc
- Protect fifo1 from concurrent access.
- Increase timeout waiting for ADC to be long enough in all cases.
* as3935
- Timestamps are reported, but never actually acquired from anywhere
(so always 0)
* at91
- Fix reading of channel 3.
* atlas-ph-sensor
- Typo means that the scale of electrical conductivity readings is way off.
* bma220
- Timestamps are reported, but never actually acquired from anywhere
(so always 0)
- Missing buffer selects in Kconfig
* bmp280
- pass the write pointer to PTR_ERR (i.e. the one that was just checked
with IS_ERR).
- suspend /resume crash due to wrong assumption about what dev_get_drvdata
would return.
* hdc100x
- It superficially appeared that smbus_read_byte commands would allow
reading of the outputs in two goes. In reality it doesn't work, but
instead returns the same for the upper and lower bytes (nice catch from
Alison!)
* kxsd9
- Fix raw read return value to ensure it actually reports the value rather
than a blank string.
* max44000
- Missing buffer selects in Kconfig
* rockchip_saradc
- Add use of reset controller to enforce a clean state of the ADC.
Some bootloaders can leave it in an 'intersting' state and effectively
frozen without this. A couple of associated dts updates.
* stk8ba50
- Missing buffer selects in Kconfig
* stx104
- Fix a possible race due to use of devm_iio_device_register when there
was other stuff in the remove function.
* Reuse existing functionality from memdup_user() instead of keeping
duplicate source code.
This issue was detected by using the Coccinelle software.
* The local variable "ret" will be set to an appropriate value a bit later.
Thus omit the explicit initialisation at the beginning.
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: Doug Ledford <dledford@redhat.com>
The full name of PSR is Panel Self Refresh, panel device could refresh
itself with the hardware framebuffer in panel, this would make lots of
sense to save the power consumption.
This patch have exported two symbols for platform driver to implement
the PSR function in hardware side:
- analogix_dp_active_psr()
- analogix_dp_inactive_psr()
Reviewed-by: Archit Taneja <architt@codeaurora.org>
Signed-off-by: Yakir Yang <ykk@rock-chips.com>
Signed-off-by: Sean Paul <seanpaul@chromium.org>
Fixes these compiler warnings via libc-compat.h when glibc netipx/ipx.h is
included before linux/ipx.h:
./linux/ipx.h:9:8: error: redefinition of ‘struct sockaddr_ipx’
./linux/ipx.h:26:8: error: redefinition of ‘struct ipx_route_definition’
./linux/ipx.h:32:8: error: redefinition of ‘struct ipx_interface_definition’
./linux/ipx.h:49:8: error: redefinition of ‘struct ipx_config_data’
./linux/ipx.h:58:8: error: redefinition of ‘struct ipx_route_def’
Signed-off-by: Mikko Rapeli <mikko.rapeli@iki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Kernel uapi header are supposed to use them. Fixes userspace compile error:
linux/openvswitch.h:583:2: error: unknown type name ‘uint32_t’
Signed-off-by: Mikko Rapeli <mikko.rapeli@iki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Fixes userspace compile error:
error: field ‘real’ has incomplete type
struct timeval real; /* real (wall-clock) time */
Signed-off-by: Mikko Rapeli <mikko.rapeli@iki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Fixes userspace compiler error:
error: unknown type name ‘uint32_t’
Signed-off-by: Mikko Rapeli <mikko.rapeli@iki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Fixes userspace compilation errors:
error: field ‘addr’ has incomplete type
struct sockaddr_in addr; /* IP address and port to send to */
error: field ‘addr’ has incomplete type
struct sockaddr_in6 addr; /* IP address and port to send to */
Signed-off-by: Mikko Rapeli <mikko.rapeli@iki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Fixes userspace compilation errors like:
error: field ‘addr’ has incomplete type
struct sockaddr_in addr; /* IP address and port to send to */
^
error: field ‘addr’ has incomplete type
struct sockaddr_in6 addr; /* IP address and port to send to */
Signed-off-by: Mikko Rapeli <mikko.rapeli@iki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Fixes userspace compilation errors like:
error: field ‘iph’ has incomplete type
error: field ‘prefix’ has incomplete type
Signed-off-by: Mikko Rapeli <mikko.rapeli@iki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Fixes userspace compilation error:
error: ‘IFNAMSIZ’ undeclared here (not in a function)
Signed-off-by: Mikko Rapeli <mikko.rapeli@iki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
The cec-funcs.h header was missing support for these three vendor-specific messages:
CEC_MSG_VENDOR_COMMAND
CEC_MSG_VENDOR_COMMAND_WITH_ID
CEC_MSG_VENDOR_REMOTE_BUTTON_DOWN
Add wrappers for these messages.
I originally postponed adding these wrappers due to the fact that the argument is
just a byte array which cec-ctl couldn't handle at the time, and then I just forgot
to add them once the CEC framework was finalized.
It wasn't until an attempt to transmit a vendor specific command was made that I
realized that these wrappers were missing.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Currently if none of the requested logical addresses can be claimed, the
framework will fall back to the Unregistered logical address.
Add a flag to enable this explicitly. By default it will just go back to
the unconfigured state.
Usually Unregistered is not something you want since the functionality is
very limited. Unless the application has support for this, it will fail
to work correctly. So require that the application explicitly requests
this.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
A reply parameter is added to the cec_msg_record_on/off functions in
cec-funcs.h. The standard mandates that Record Status shall be replied
to Record On, and it may be replied to Record Off.
Signed-off-by: Johan Fjeldtvedt <jaffe1@gmail.com>
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
This lock will be used to protect more than just the fhs list.
So rename it to just 'lock'.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Now that open delay and sample delay for each channel is configurable
via DT, the default IDLE_TIMEOUT value is not enough as this is
calculated based on hardcoded macros. This results in driver returning
EBUSY sometimes. Fix this by increasing the timeout
value based on maximum value possible to open delay and sample delays
for each channel.
Fixes: 5dc11e8106 ("iio: adc: ti_am335x_adc: make sample delay, open delay, averaging DT parameters")
Signed-off-by: Vignesh R <vigneshr@ti.com>
Acked-by: Lee Jones <lee.jones@linaro.org>
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Fix excess fields in kernel-doc notation in <linux/fence.h>
after some struct fields were removed.
Fixes these kernel-doc warnings:
..//include/linux/fence.h:85: warning: Excess struct/union/enum/typedef member 'child_list' description in 'fence'
..//include/linux/fence.h:85: warning: Excess struct/union/enum/typedef member 'active_list' description in 'fence'
Fixes: 0431b9065f ("staging/android: bring struct sync_pt back")
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: Sumit Semwal <sumit.semwal@linaro.org>
Cc: Luis de Bethencourt <luisbg@osg.samsung.com>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reviewed-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
NVM Express 1.2.1 section 7.9, NVMe Qualified Names, specifies that the
UUID format of NQN uses a UUID based on RFC 4122.
RFC 4122 specifies that the UUID is encoded in big-endian byte order.
Switch the NVMe over Fabrics host ID field from little-endian UUID to
big-endian UUID to match the specification.
Signed-off-by: Daniel Verkamp <daniel.verkamp@intel.com>
Reviewed-by: Jay Freyensee <james_p_freyensee@linux.intel.com>
Signed-off-by: Sagi Grimberg <sagi@grimberg.me>
When tcp_sendmsg() allocates a fresh and empty skb, it puts it at the
tail of the write queue using tcp_add_write_queue_tail()
Then it attempts to copy user data into this fresh skb.
If the copy fails, we undo the work and remove the fresh skb.
Unfortunately, this undo lacks the change done to tp->highest_sack and
we can leave a dangling pointer (to a freed skb)
Later, tcp_xmit_retransmit_queue() can dereference this pointer and
access freed memory. For regular kernels where memory is not unmapped,
this might cause SACK bugs because tcp_highest_sack_seq() is buggy,
returning garbage instead of tp->snd_nxt, but with various debug
features like CONFIG_DEBUG_PAGEALLOC, this can crash the kernel.
This bug was found by Marco Grassi thanks to syzkaller.
Fixes: 6859d49475 ("[TCP]: Abstract tp->highest_sack accessing & point to next skb")
Reported-by: Marco Grassi <marco.gra@gmail.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Cc: Yuchung Cheng <ycheng@google.com>
Cc: Neal Cardwell <ncardwell@google.com>
Acked-by: Neal Cardwell <ncardwell@google.com>
Reviewed-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Pablo Neira Ayuso says:
====================
Netfilter fixes for net
The following patchset contains Netfilter updates for your net tree,
they are:
1) Dump only conntrack that belong to this namespace via /proc file.
This is some fallout from the conversion to single conntrack table
for all netns, patch from Liping Zhang.
2) Missing MODULE_ALIAS_NF_LOGGER() for the ARP family that prevents
module autoloading, also from Liping Zhang.
3) Report overquota event to the right netnamespace, again from Liping.
4) Fix tproxy listener sk refcount that leads to crash, from
Eric Dumazet.
5) Fix racy refcounting on object deletion from nfnetlink and rule
removal both for nfacct and cttimeout, from Liping Zhang.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
KVM/ARM Fixes for v4.8-rc3
This tag contains the following fixes on top of v4.8-rc1:
- ITS init issues
- ITS error handling issues
- ITS IRQ leakage fix
- Plug a couple of ITS race conditions
- An erratum workaround for timers
- Some removal of misleading use of errors and comments
- A fix for GICv3 on 32-bit guests
Pull networking fixes from David Miller:
1) Buffers powersave frame test is reversed in cfg80211, fix from Felix
Fietkau.
2) Remove bogus WARN_ON in openvswitch, from Jarno Rajahalme.
3) Fix some tg3 ethtool logic bugs, and one that would cause no
interrupts to be generated when rx-coalescing is set to 0. From
Satish Baddipadige and Siva Reddy Kallam.
4) QLCNIC mailbox corruption and napi budget handling fix from Manish
Chopra.
5) Fix fib_trie logic when walking the trie during /proc/net/route
output than can access a stale node pointer. From David Forster.
6) Several sctp_diag fixes from Phil Sutter.
7) PAUSE frame handling fixes in mlxsw driver from Ido Schimmel.
8) Checksum fixup fixes in bpf from Daniel Borkmann.
9) Memork leaks in nfnetlink, from Liping Zhang.
10) Use after free in rxrpc, from David Howells.
11) Use after free in new skb_array code of macvtap driver, from Jason
Wang.
12) Calipso resource leak, from Colin Ian King.
13) mediatek bug fixes (missing stats sync init, etc.) from Sean Wang.
14) Fix bpf non-linear packet write helpers, from Daniel Borkmann.
15) Fix lockdep splats in macsec, from Sabrina Dubroca.
16) hv_netvsc bug fixes from Vitaly Kuznetsov, mostly to do with VF
handling.
17) Various tc-action bug fixes, from CONG Wang.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (116 commits)
net_sched: allow flushing tc police actions
net_sched: unify the init logic for act_police
net_sched: convert tcf_exts from list to pointer array
net_sched: move tc offload macros to pkt_cls.h
net_sched: fix a typo in tc_for_each_action()
net_sched: remove an unnecessary list_del()
net_sched: remove the leftover cleanup_a()
mlxsw: spectrum: Allow packets to be trapped from any PG
mlxsw: spectrum: Unmap 802.1Q FID before destroying it
mlxsw: spectrum: Add missing rollbacks in error path
mlxsw: reg: Fix missing op field fill-up
mlxsw: spectrum: Trap loop-backed packets
mlxsw: spectrum: Add missing packet traps
mlxsw: spectrum: Mark port as active before registering it
mlxsw: spectrum: Create PVID vPort before registering netdevice
mlxsw: spectrum: Remove redundant errors from the code
mlxsw: spectrum: Don't return upon error in removal path
i40e: check for and deal with non-contiguous TCs
ixgbe: Re-enable ability to toggle VLAN filtering
ixgbe: Force VLNCTRL.VFE to be set in all VMDq paths
...
