<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/include, branch v4.8.13</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>PCI: Export pcie_find_root_port</title>
<updated>2016-12-08T06:16:18+00:00</updated>
<author>
<name>Johannes Thumshirn</name>
<email>jthumshirn@suse.de</email>
</author>
<published>2016-11-02T22:35:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=4f4857148b4ae50b2936b0aed991fd18e8c3ba44'/>
<id>4f4857148b4ae50b2936b0aed991fd18e8c3ba44</id>
<content type='text'>
commit e784930bd645e7df78c66e7872fec282b0620075 upstream.

Export pcie_find_root_port() so we can use it outside of PCIe-AER error
injection.

Signed-off-by: Johannes Thumshirn &lt;jthumshirn@suse.de&gt;
Signed-off-by: Bjorn Helgaas &lt;bhelgaas@google.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit e784930bd645e7df78c66e7872fec282b0620075 upstream.

Export pcie_find_root_port() so we can use it outside of PCIe-AER error
injection.

Signed-off-by: Johannes Thumshirn &lt;jthumshirn@suse.de&gt;
Signed-off-by: Bjorn Helgaas &lt;bhelgaas@google.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>Input: change KEY_DATA from 0x275 to 0x277</title>
<updated>2016-12-08T06:16:18+00:00</updated>
<author>
<name>Ping Cheng</name>
<email>pinglinux@gmail.com</email>
</author>
<published>2016-11-28T21:20:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=6ca8ab7052c4d16a3ea9b8eb9cea0b41b6ffb562'/>
<id>6ca8ab7052c4d16a3ea9b8eb9cea0b41b6ffb562</id>
<content type='text'>
commit 2425f1808123bf69a8f66d4ec90e0d0e302c2613 upstream.

0x275 is used by KEY_FASTREVERSE.

Fixes: 488326947cd1 ("Input: add HDMI CEC specific keycodes")
Signed-off-by: Ping Cheng &lt;ping.cheng@wacom.com&gt;
Acked-by: Hans Verkuil &lt;hans.verkuil@cisco.com&gt;
Signed-off-by: Dmitry Torokhov &lt;dmitry.torokhov@gmail.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 2425f1808123bf69a8f66d4ec90e0d0e302c2613 upstream.

0x275 is used by KEY_FASTREVERSE.

Fixes: 488326947cd1 ("Input: add HDMI CEC specific keycodes")
Signed-off-by: Ping Cheng &lt;ping.cheng@wacom.com&gt;
Acked-by: Hans Verkuil &lt;hans.verkuil@cisco.com&gt;
Signed-off-by: Dmitry Torokhov &lt;dmitry.torokhov@gmail.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>mm: fix false-positive WARN_ON() in truncate/invalidate for hugetlb</title>
<updated>2016-12-08T06:16:18+00:00</updated>
<author>
<name>Kirill A. Shutemov</name>
<email>kirill.shutemov@linux.intel.com</email>
</author>
<published>2016-11-30T23:54:19+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=5661a69268715cde3489a668251926b314a59173'/>
<id>5661a69268715cde3489a668251926b314a59173</id>
<content type='text'>
commit 5cbc198ae08d84bd416b672ad8bd1222acd0855c upstream.

Hugetlb pages have -&gt;index in size of the huge pages (PMD_SIZE or
PUD_SIZE), not in PAGE_SIZE as other types of pages.  This means we
cannot user page_to_pgoff() to check whether we've got the right page
for the radix-tree index.

Let's introduce page_to_index() which would return radix-tree index for
given page.

We will be able to get rid of this once hugetlb will be switched to
multi-order entries.

Fixes: fc127da085c2 ("truncate: handle file thp")
Link: http://lkml.kernel.org/r/20161123093053.mjbnvn5zwxw5e6lk@black.fi.intel.com
Signed-off-by: Kirill A. Shutemov &lt;kirill.shutemov@linux.intel.com&gt;
Reported-by: Doug Nelson &lt;doug.nelson@intel.com&gt;
Tested-by: Doug Nelson &lt;doug.nelson@intel.com&gt;
Reviewed-by: Naoya Horiguchi &lt;n-horiguchi@ah.jp.nec.com&gt;
Signed-off-by: Andrew Morton &lt;akpm@linux-foundation.org&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 5cbc198ae08d84bd416b672ad8bd1222acd0855c upstream.

Hugetlb pages have -&gt;index in size of the huge pages (PMD_SIZE or
PUD_SIZE), not in PAGE_SIZE as other types of pages.  This means we
cannot user page_to_pgoff() to check whether we've got the right page
for the radix-tree index.

Let's introduce page_to_index() which would return radix-tree index for
given page.

We will be able to get rid of this once hugetlb will be switched to
multi-order entries.

Fixes: fc127da085c2 ("truncate: handle file thp")
Link: http://lkml.kernel.org/r/20161123093053.mjbnvn5zwxw5e6lk@black.fi.intel.com
Signed-off-by: Kirill A. Shutemov &lt;kirill.shutemov@linux.intel.com&gt;
Reported-by: Doug Nelson &lt;doug.nelson@intel.com&gt;
Tested-by: Doug Nelson &lt;doug.nelson@intel.com&gt;
Reviewed-by: Naoya Horiguchi &lt;n-horiguchi@ah.jp.nec.com&gt;
Signed-off-by: Andrew Morton &lt;akpm@linux-foundation.org&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>kasan: update kasan_global for gcc 7</title>
<updated>2016-12-08T06:16:18+00:00</updated>
<author>
<name>Dmitry Vyukov</name>
<email>dvyukov@google.com</email>
</author>
<published>2016-11-30T23:54:13+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=48b6b50a2ba5fa74399e9fb0abf3c26982a0048e'/>
<id>48b6b50a2ba5fa74399e9fb0abf3c26982a0048e</id>
<content type='text'>
commit 045d599a286bc01daa3510d59272440a17b23c2e upstream.

kasan_global struct is part of compiler/runtime ABI.  gcc revision
241983 has added a new field to kasan_global struct.  Update kernel
definition of kasan_global struct to include the new field.

Without this patch KASAN is broken with gcc 7.

Link: http://lkml.kernel.org/r/1479219743-28682-1-git-send-email-dvyukov@google.com
Signed-off-by: Dmitry Vyukov &lt;dvyukov@google.com&gt;
Acked-by: Andrey Ryabinin &lt;aryabinin@virtuozzo.com&gt;
Cc: Alexander Potapenko &lt;glider@google.com&gt;
Signed-off-by: Andrew Morton &lt;akpm@linux-foundation.org&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 045d599a286bc01daa3510d59272440a17b23c2e upstream.

kasan_global struct is part of compiler/runtime ABI.  gcc revision
241983 has added a new field to kasan_global struct.  Update kernel
definition of kasan_global struct to include the new field.

Without this patch KASAN is broken with gcc 7.

Link: http://lkml.kernel.org/r/1479219743-28682-1-git-send-email-dvyukov@google.com
Signed-off-by: Dmitry Vyukov &lt;dvyukov@google.com&gt;
Acked-by: Andrey Ryabinin &lt;aryabinin@virtuozzo.com&gt;
Cc: Alexander Potapenko &lt;glider@google.com&gt;
Signed-off-by: Andrew Morton &lt;akpm@linux-foundation.org&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>iommu/vt-d: Fix PASID table allocation</title>
<updated>2016-12-02T08:10:30+00:00</updated>
<author>
<name>David Woodhouse</name>
<email>dwmw2@infradead.org</email>
</author>
<published>2016-09-12T02:49:11+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=8b23f16343f6e1b7ffc3d4f2cd2239bcb97bfbb3'/>
<id>8b23f16343f6e1b7ffc3d4f2cd2239bcb97bfbb3</id>
<content type='text'>
commit 910170442944e1f8674fd5ddbeeb8ccd1877ea98 upstream.

Somehow I ended up with an off-by-three error in calculating the size of
the PASID and PASID State tables, which triggers allocations failures as
those tables unfortunately have to be physically contiguous.

In fact, even the *correct* maximum size of 8MiB is problematic and is
wont to lead to allocation failures. Since I have extracted a promise
that this *will* be fixed in hardware, I'm happy to limit it on the
current hardware to a maximum of 0x20000 PASIDs, which gives us 1MiB
tables — still not ideal, but better than before.

Reported by Mika Kuoppala &lt;mika.kuoppala@linux.intel.com&gt; and also by
Xunlei Pang &lt;xlpang@redhat.com&gt; who submitted a simpler patch to fix
only the allocation (and not the free) to the "correct" limit... which
was still problematic.

Signed-off-by: David Woodhouse &lt;dwmw2@infradead.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 910170442944e1f8674fd5ddbeeb8ccd1877ea98 upstream.

Somehow I ended up with an off-by-three error in calculating the size of
the PASID and PASID State tables, which triggers allocations failures as
those tables unfortunately have to be physically contiguous.

In fact, even the *correct* maximum size of 8MiB is problematic and is
wont to lead to allocation failures. Since I have extracted a promise
that this *will* be fixed in hardware, I'm happy to limit it on the
current hardware to a maximum of 0x20000 PASIDs, which gives us 1MiB
tables — still not ideal, but better than before.

Reported by Mika Kuoppala &lt;mika.kuoppala@linux.intel.com&gt; and also by
Xunlei Pang &lt;xlpang@redhat.com&gt; who submitted a simpler patch to fix
only the allocation (and not the free) to the "correct" limit... which
was still problematic.

Signed-off-by: David Woodhouse &lt;dwmw2@infradead.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>sunrpc: svc_age_temp_xprts_now should not call setsockopt non-tcp transports</title>
<updated>2016-11-26T08:56:57+00:00</updated>
<author>
<name>Scott Mayhew</name>
<email>smayhew@redhat.com</email>
</author>
<published>2016-11-11T18:16:22+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=ab17baeaea9108fc9ad22955bf8bba8ed363577f'/>
<id>ab17baeaea9108fc9ad22955bf8bba8ed363577f</id>
<content type='text'>
commit ea08e39230e898844d9de5b60cdbb30067cebfe7 upstream.

This fixes the following panic that can occur with NFSoRDMA.

general protection fault: 0000 [#1] SMP
Modules linked in: rpcrdma ib_isert iscsi_target_mod ib_iser libiscsi
scsi_transport_iscsi ib_srpt target_core_mod ib_srp scsi_transport_srp
scsi_tgt ib_ipoib rdma_ucm ib_ucm ib_uverbs ib_umad rdma_cm ib_cm iw_cm
mlx5_ib ib_core intel_powerclamp coretemp kvm_intel kvm sg ioatdma
ipmi_devintf ipmi_ssif dcdbas iTCO_wdt iTCO_vendor_support pcspkr
irqbypass sb_edac shpchp dca crc32_pclmul ghash_clmulni_intel edac_core
lpc_ich aesni_intel lrw gf128mul glue_helper ablk_helper mei_me mei
ipmi_si cryptd wmi ipmi_msghandler acpi_pad acpi_power_meter nfsd
auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c sd_mod
crc_t10dif crct10dif_generic mgag200 i2c_algo_bit drm_kms_helper
syscopyarea sysfillrect sysimgblt ahci fb_sys_fops ttm libahci mlx5_core
tg3 crct10dif_pclmul drm crct10dif_common
ptp i2c_core libata crc32c_intel pps_core fjes dm_mirror dm_region_hash
dm_log dm_mod
CPU: 1 PID: 120 Comm: kworker/1:1 Not tainted 3.10.0-514.el7.x86_64 #1
Hardware name: Dell Inc. PowerEdge R320/0KM5PX, BIOS 2.4.2 01/29/2015
Workqueue: events check_lifetime
task: ffff88031f506dd0 ti: ffff88031f584000 task.ti: ffff88031f584000
RIP: 0010:[&lt;ffffffff8168d847&gt;]  [&lt;ffffffff8168d847&gt;]
_raw_spin_lock_bh+0x17/0x50
RSP: 0018:ffff88031f587ba8  EFLAGS: 00010206
RAX: 0000000000020000 RBX: 20041fac02080072 RCX: ffff88031f587fd8
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 20041fac02080072
RBP: ffff88031f587bb0 R08: 0000000000000008 R09: ffffffff8155be77
R10: ffff880322a59b00 R11: ffffea000bf39f00 R12: 20041fac02080072
R13: 000000000000000d R14: ffff8800c4fbd800 R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff880322a40000(0000)
knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f3c52d4547e CR3: 00000000019ba000 CR4: 00000000001407e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Stack:
20041fac02080002 ffff88031f587bd0 ffffffff81557830 20041fac02080002
ffff88031f587c78 ffff88031f587c40 ffffffff8155ae08 000000010157df32
0000000800000001 ffff88031f587c20 ffffffff81096acb ffffffff81aa37d0
Call Trace:
[&lt;ffffffff81557830&gt;] lock_sock_nested+0x20/0x50
[&lt;ffffffff8155ae08&gt;] sock_setsockopt+0x78/0x940
[&lt;ffffffff81096acb&gt;] ? lock_timer_base.isra.33+0x2b/0x50
[&lt;ffffffff8155397d&gt;] kernel_setsockopt+0x4d/0x50
[&lt;ffffffffa0386284&gt;] svc_age_temp_xprts_now+0x174/0x1e0 [sunrpc]
[&lt;ffffffffa03b681d&gt;] nfsd_inetaddr_event+0x9d/0xd0 [nfsd]
[&lt;ffffffff81691ebc&gt;] notifier_call_chain+0x4c/0x70
[&lt;ffffffff810b687d&gt;] __blocking_notifier_call_chain+0x4d/0x70
[&lt;ffffffff810b68b6&gt;] blocking_notifier_call_chain+0x16/0x20
[&lt;ffffffff815e8538&gt;] __inet_del_ifa+0x168/0x2d0
[&lt;ffffffff815e8cef&gt;] check_lifetime+0x25f/0x270
[&lt;ffffffff810a7f3b&gt;] process_one_work+0x17b/0x470
[&lt;ffffffff810a8d76&gt;] worker_thread+0x126/0x410
[&lt;ffffffff810a8c50&gt;] ? rescuer_thread+0x460/0x460
[&lt;ffffffff810b052f&gt;] kthread+0xcf/0xe0
[&lt;ffffffff810b0460&gt;] ? kthread_create_on_node+0x140/0x140
[&lt;ffffffff81696418&gt;] ret_from_fork+0x58/0x90
[&lt;ffffffff810b0460&gt;] ? kthread_create_on_node+0x140/0x140
Code: ca 75 f1 5d c3 0f 1f 80 00 00 00 00 eb d9 66 0f 1f 44 00 00 0f 1f
44 00 00 55 48 89 e5 53 48 89 fb e8 7e 04 a0 ff b8 00 00 02 00 &lt;f0&gt; 0f
c1 03 89 c2 c1 ea 10 66 39 c2 75 03 5b 5d c3 83 e2 fe 0f
RIP  [&lt;ffffffff8168d847&gt;] _raw_spin_lock_bh+0x17/0x50
RSP &lt;ffff88031f587ba8&gt;

Signed-off-by: Scott Mayhew &lt;smayhew@redhat.com&gt;
Fixes: c3d4879e ("sunrpc: Add a function to close temporary transports immediately")
Reviewed-by: Chuck Lever &lt;chuck.lever@oracle.com&gt;
Signed-off-by: J. Bruce Fields &lt;bfields@redhat.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit ea08e39230e898844d9de5b60cdbb30067cebfe7 upstream.

This fixes the following panic that can occur with NFSoRDMA.

general protection fault: 0000 [#1] SMP
Modules linked in: rpcrdma ib_isert iscsi_target_mod ib_iser libiscsi
scsi_transport_iscsi ib_srpt target_core_mod ib_srp scsi_transport_srp
scsi_tgt ib_ipoib rdma_ucm ib_ucm ib_uverbs ib_umad rdma_cm ib_cm iw_cm
mlx5_ib ib_core intel_powerclamp coretemp kvm_intel kvm sg ioatdma
ipmi_devintf ipmi_ssif dcdbas iTCO_wdt iTCO_vendor_support pcspkr
irqbypass sb_edac shpchp dca crc32_pclmul ghash_clmulni_intel edac_core
lpc_ich aesni_intel lrw gf128mul glue_helper ablk_helper mei_me mei
ipmi_si cryptd wmi ipmi_msghandler acpi_pad acpi_power_meter nfsd
auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c sd_mod
crc_t10dif crct10dif_generic mgag200 i2c_algo_bit drm_kms_helper
syscopyarea sysfillrect sysimgblt ahci fb_sys_fops ttm libahci mlx5_core
tg3 crct10dif_pclmul drm crct10dif_common
ptp i2c_core libata crc32c_intel pps_core fjes dm_mirror dm_region_hash
dm_log dm_mod
CPU: 1 PID: 120 Comm: kworker/1:1 Not tainted 3.10.0-514.el7.x86_64 #1
Hardware name: Dell Inc. PowerEdge R320/0KM5PX, BIOS 2.4.2 01/29/2015
Workqueue: events check_lifetime
task: ffff88031f506dd0 ti: ffff88031f584000 task.ti: ffff88031f584000
RIP: 0010:[&lt;ffffffff8168d847&gt;]  [&lt;ffffffff8168d847&gt;]
_raw_spin_lock_bh+0x17/0x50
RSP: 0018:ffff88031f587ba8  EFLAGS: 00010206
RAX: 0000000000020000 RBX: 20041fac02080072 RCX: ffff88031f587fd8
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 20041fac02080072
RBP: ffff88031f587bb0 R08: 0000000000000008 R09: ffffffff8155be77
R10: ffff880322a59b00 R11: ffffea000bf39f00 R12: 20041fac02080072
R13: 000000000000000d R14: ffff8800c4fbd800 R15: 0000000000000001
FS:  0000000000000000(0000) GS:ffff880322a40000(0000)
knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f3c52d4547e CR3: 00000000019ba000 CR4: 00000000001407e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Stack:
20041fac02080002 ffff88031f587bd0 ffffffff81557830 20041fac02080002
ffff88031f587c78 ffff88031f587c40 ffffffff8155ae08 000000010157df32
0000000800000001 ffff88031f587c20 ffffffff81096acb ffffffff81aa37d0
Call Trace:
[&lt;ffffffff81557830&gt;] lock_sock_nested+0x20/0x50
[&lt;ffffffff8155ae08&gt;] sock_setsockopt+0x78/0x940
[&lt;ffffffff81096acb&gt;] ? lock_timer_base.isra.33+0x2b/0x50
[&lt;ffffffff8155397d&gt;] kernel_setsockopt+0x4d/0x50
[&lt;ffffffffa0386284&gt;] svc_age_temp_xprts_now+0x174/0x1e0 [sunrpc]
[&lt;ffffffffa03b681d&gt;] nfsd_inetaddr_event+0x9d/0xd0 [nfsd]
[&lt;ffffffff81691ebc&gt;] notifier_call_chain+0x4c/0x70
[&lt;ffffffff810b687d&gt;] __blocking_notifier_call_chain+0x4d/0x70
[&lt;ffffffff810b68b6&gt;] blocking_notifier_call_chain+0x16/0x20
[&lt;ffffffff815e8538&gt;] __inet_del_ifa+0x168/0x2d0
[&lt;ffffffff815e8cef&gt;] check_lifetime+0x25f/0x270
[&lt;ffffffff810a7f3b&gt;] process_one_work+0x17b/0x470
[&lt;ffffffff810a8d76&gt;] worker_thread+0x126/0x410
[&lt;ffffffff810a8c50&gt;] ? rescuer_thread+0x460/0x460
[&lt;ffffffff810b052f&gt;] kthread+0xcf/0xe0
[&lt;ffffffff810b0460&gt;] ? kthread_create_on_node+0x140/0x140
[&lt;ffffffff81696418&gt;] ret_from_fork+0x58/0x90
[&lt;ffffffff810b0460&gt;] ? kthread_create_on_node+0x140/0x140
Code: ca 75 f1 5d c3 0f 1f 80 00 00 00 00 eb d9 66 0f 1f 44 00 00 0f 1f
44 00 00 55 48 89 e5 53 48 89 fb e8 7e 04 a0 ff b8 00 00 02 00 &lt;f0&gt; 0f
c1 03 89 c2 c1 ea 10 66 39 c2 75 03 5b 5d c3 83 e2 fe 0f
RIP  [&lt;ffffffff8168d847&gt;] _raw_spin_lock_bh+0x17/0x50
RSP &lt;ffff88031f587ba8&gt;

Signed-off-by: Scott Mayhew &lt;smayhew@redhat.com&gt;
Fixes: c3d4879e ("sunrpc: Add a function to close temporary transports immediately")
Reviewed-by: Chuck Lever &lt;chuck.lever@oracle.com&gt;
Signed-off-by: J. Bruce Fields &lt;bfields@redhat.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;

</pre>
</div>
</content>
</entry>
<entry>
<title>Revert "include/uapi/linux/atm_zatm.h: include linux/time.h"</title>
<updated>2016-11-21T09:11:36+00:00</updated>
<author>
<name>Mike Frysinger</name>
<email>vapier@gentoo.org</email>
</author>
<published>2016-11-11T00:08:39+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=5712922773b59684c943c52d4925e4fb25c26c8c'/>
<id>5712922773b59684c943c52d4925e4fb25c26c8c</id>
<content type='text'>
[ Upstream commit 7b5b74efcca00f15c2aec1dc7175bfe34b6ec643 ]

This reverts commit cf00713a655d ("include/uapi/linux/atm_zatm.h: include
linux/time.h").

This attempted to fix userspace breakage that no longer existed when
the patch was merged.  Almost one year earlier, commit 70ba07b675b5
("atm: remove 'struct zatm_t_hist'") deleted the struct in question.

After this patch was merged, we now have to deal with people being
unable to include this header in conjunction with standard C library
headers like stdlib.h (which linux-atm does).  Example breakage:
x86_64-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I../.. -I./../q2931 -I./../saal \
	-I.  -DCPPFLAGS_TEST  -I../../src/include -O2 -march=native -pipe -g \
	-frecord-gcc-switches -freport-bug -Wimplicit-function-declaration \
	-Wnonnull -Wstrict-aliasing -Wparentheses -Warray-bounds \
	-Wfree-nonheap-object -Wreturn-local-addr -fno-strict-aliasing -Wall \
	-Wshadow -Wpointer-arith -Wwrite-strings -Wstrict-prototypes -c zntune.c
In file included from /usr/include/linux/atm_zatm.h:17:0,
                 from zntune.c:17:
/usr/include/linux/time.h:9:8: error: redefinition of ‘struct timespec’
 struct timespec {
        ^
In file included from /usr/include/sys/select.h:43:0,
                 from /usr/include/sys/types.h:219,
                 from /usr/include/stdlib.h:314,
                 from zntune.c:9:
/usr/include/time.h:120:8: note: originally defined here
 struct timespec
        ^

Signed-off-by: Mike Frysinger &lt;vapier@gentoo.org&gt;
Acked-by: Mikko Rapeli &lt;mikko.rapeli@iki.fi&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 7b5b74efcca00f15c2aec1dc7175bfe34b6ec643 ]

This reverts commit cf00713a655d ("include/uapi/linux/atm_zatm.h: include
linux/time.h").

This attempted to fix userspace breakage that no longer existed when
the patch was merged.  Almost one year earlier, commit 70ba07b675b5
("atm: remove 'struct zatm_t_hist'") deleted the struct in question.

After this patch was merged, we now have to deal with people being
unable to include this header in conjunction with standard C library
headers like stdlib.h (which linux-atm does).  Example breakage:
x86_64-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I../.. -I./../q2931 -I./../saal \
	-I.  -DCPPFLAGS_TEST  -I../../src/include -O2 -march=native -pipe -g \
	-frecord-gcc-switches -freport-bug -Wimplicit-function-declaration \
	-Wnonnull -Wstrict-aliasing -Wparentheses -Warray-bounds \
	-Wfree-nonheap-object -Wreturn-local-addr -fno-strict-aliasing -Wall \
	-Wshadow -Wpointer-arith -Wwrite-strings -Wstrict-prototypes -c zntune.c
In file included from /usr/include/linux/atm_zatm.h:17:0,
                 from zntune.c:17:
/usr/include/linux/time.h:9:8: error: redefinition of ‘struct timespec’
 struct timespec {
        ^
In file included from /usr/include/sys/select.h:43:0,
                 from /usr/include/sys/types.h:219,
                 from /usr/include/stdlib.h:314,
                 from zntune.c:9:
/usr/include/time.h:120:8: note: originally defined here
 struct timespec
        ^

Signed-off-by: Mike Frysinger &lt;vapier@gentoo.org&gt;
Acked-by: Mikko Rapeli &lt;mikko.rapeli@iki.fi&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>tcp: take care of truncations done by sk_filter()</title>
<updated>2016-11-21T09:11:36+00:00</updated>
<author>
<name>Eric Dumazet</name>
<email>edumazet@google.com</email>
</author>
<published>2016-11-10T21:12:35+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=2b5f22e4f7fd208c8d392e5c3755cea1f562cb98'/>
<id>2b5f22e4f7fd208c8d392e5c3755cea1f562cb98</id>
<content type='text'>
[ Upstream commit ac6e780070e30e4c35bd395acfe9191e6268bdd3 ]

With syzkaller help, Marco Grassi found a bug in TCP stack,
crashing in tcp_collapse()

Root cause is that sk_filter() can truncate the incoming skb,
but TCP stack was not really expecting this to happen.
It probably was expecting a simple DROP or ACCEPT behavior.

We first need to make sure no part of TCP header could be removed.
Then we need to adjust TCP_SKB_CB(skb)-&gt;end_seq

Many thanks to syzkaller team and Marco for giving us a reproducer.

Signed-off-by: Eric Dumazet &lt;edumazet@google.com&gt;
Reported-by: Marco Grassi &lt;marco.gra@gmail.com&gt;
Reported-by: Vladis Dronov &lt;vdronov@redhat.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit ac6e780070e30e4c35bd395acfe9191e6268bdd3 ]

With syzkaller help, Marco Grassi found a bug in TCP stack,
crashing in tcp_collapse()

Root cause is that sk_filter() can truncate the incoming skb,
but TCP stack was not really expecting this to happen.
It probably was expecting a simple DROP or ACCEPT behavior.

We first need to make sure no part of TCP header could be removed.
Then we need to adjust TCP_SKB_CB(skb)-&gt;end_seq

Many thanks to syzkaller team and Marco for giving us a reproducer.

Signed-off-by: Eric Dumazet &lt;edumazet@google.com&gt;
Reported-by: Marco Grassi &lt;marco.gra@gmail.com&gt;
Reported-by: Vladis Dronov &lt;vdronov@redhat.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>dccp: do not release listeners too soon</title>
<updated>2016-11-21T09:11:34+00:00</updated>
<author>
<name>Eric Dumazet</name>
<email>edumazet@google.com</email>
</author>
<published>2016-11-03T00:14:41+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=72b03e549b9582ab257219cbe4236a6e0f683ad0'/>
<id>72b03e549b9582ab257219cbe4236a6e0f683ad0</id>
<content type='text'>
[ Upstream commit c3f24cfb3e508c70c26ee8569d537c8ca67a36c6 ]

Andrey Konovalov reported following error while fuzzing with syzkaller :

IPv4: Attempt to release alive inet socket ffff880068e98940
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
Modules linked in:
CPU: 1 PID: 3905 Comm: a.out Not tainted 4.9.0-rc3+ #333
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
task: ffff88006b9e0000 task.stack: ffff880068770000
RIP: 0010:[&lt;ffffffff819ead5f&gt;]  [&lt;ffffffff819ead5f&gt;]
selinux_socket_sock_rcv_skb+0xff/0x6a0 security/selinux/hooks.c:4639
RSP: 0018:ffff8800687771c8  EFLAGS: 00010202
RAX: ffff88006b9e0000 RBX: 1ffff1000d0eee3f RCX: 1ffff1000d1d312a
RDX: 1ffff1000d1d31a6 RSI: dffffc0000000000 RDI: 0000000000000010
RBP: ffff880068777360 R08: 0000000000000000 R09: 0000000000000002
R10: dffffc0000000000 R11: 0000000000000006 R12: ffff880068e98940
R13: 0000000000000002 R14: ffff880068777338 R15: 0000000000000000
FS:  00007f00ff760700(0000) GS:ffff88006cd00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020008000 CR3: 000000006a308000 CR4: 00000000000006e0
Stack:
 ffff8800687771e0 ffffffff812508a5 ffff8800686f3168 0000000000000007
 ffff88006ac8cdfc ffff8800665ea500 0000000041b58ab3 ffffffff847b5480
 ffffffff819eac60 ffff88006b9e0860 ffff88006b9e0868 ffff88006b9e07f0
Call Trace:
 [&lt;ffffffff819c8dd5&gt;] security_sock_rcv_skb+0x75/0xb0 security/security.c:1317
 [&lt;ffffffff82c2a9e7&gt;] sk_filter_trim_cap+0x67/0x10e0 net/core/filter.c:81
 [&lt;ffffffff82b81e60&gt;] __sk_receive_skb+0x30/0xa00 net/core/sock.c:460
 [&lt;ffffffff838bbf12&gt;] dccp_v4_rcv+0xdb2/0x1910 net/dccp/ipv4.c:873
 [&lt;ffffffff83069d22&gt;] ip_local_deliver_finish+0x332/0xad0
net/ipv4/ip_input.c:216
 [&lt;     inline     &gt;] NF_HOOK_THRESH ./include/linux/netfilter.h:232
 [&lt;     inline     &gt;] NF_HOOK ./include/linux/netfilter.h:255
 [&lt;ffffffff8306abd2&gt;] ip_local_deliver+0x1c2/0x4b0 net/ipv4/ip_input.c:257
 [&lt;     inline     &gt;] dst_input ./include/net/dst.h:507
 [&lt;ffffffff83068500&gt;] ip_rcv_finish+0x750/0x1c40 net/ipv4/ip_input.c:396
 [&lt;     inline     &gt;] NF_HOOK_THRESH ./include/linux/netfilter.h:232
 [&lt;     inline     &gt;] NF_HOOK ./include/linux/netfilter.h:255
 [&lt;ffffffff8306b82f&gt;] ip_rcv+0x96f/0x12f0 net/ipv4/ip_input.c:487
 [&lt;ffffffff82bd9fb7&gt;] __netif_receive_skb_core+0x1897/0x2a50 net/core/dev.c:4213
 [&lt;ffffffff82bdb19a&gt;] __netif_receive_skb+0x2a/0x170 net/core/dev.c:4251
 [&lt;ffffffff82bdb493&gt;] netif_receive_skb_internal+0x1b3/0x390 net/core/dev.c:4279
 [&lt;ffffffff82bdb6b8&gt;] netif_receive_skb+0x48/0x250 net/core/dev.c:4303
 [&lt;ffffffff8241fc75&gt;] tun_get_user+0xbd5/0x28a0 drivers/net/tun.c:1308
 [&lt;ffffffff82421b5a&gt;] tun_chr_write_iter+0xda/0x190 drivers/net/tun.c:1332
 [&lt;     inline     &gt;] new_sync_write fs/read_write.c:499
 [&lt;ffffffff8151bd44&gt;] __vfs_write+0x334/0x570 fs/read_write.c:512
 [&lt;ffffffff8151f85b&gt;] vfs_write+0x17b/0x500 fs/read_write.c:560
 [&lt;     inline     &gt;] SYSC_write fs/read_write.c:607
 [&lt;ffffffff81523184&gt;] SyS_write+0xd4/0x1a0 fs/read_write.c:599
 [&lt;ffffffff83fc02c1&gt;] entry_SYSCALL_64_fastpath+0x1f/0xc2

It turns out DCCP calls __sk_receive_skb(), and this broke when
lookups no longer took a reference on listeners.

Fix this issue by adding a @refcounted parameter to __sk_receive_skb(),
so that sock_put() is used only when needed.

Fixes: 3b24d854cb35 ("tcp/dccp: do not touch listener sk_refcnt under synflood")
Signed-off-by: Eric Dumazet &lt;edumazet@google.com&gt;
Reported-by: Andrey Konovalov &lt;andreyknvl@google.com&gt;
Tested-by: Andrey Konovalov &lt;andreyknvl@google.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit c3f24cfb3e508c70c26ee8569d537c8ca67a36c6 ]

Andrey Konovalov reported following error while fuzzing with syzkaller :

IPv4: Attempt to release alive inet socket ffff880068e98940
kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
Modules linked in:
CPU: 1 PID: 3905 Comm: a.out Not tainted 4.9.0-rc3+ #333
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
task: ffff88006b9e0000 task.stack: ffff880068770000
RIP: 0010:[&lt;ffffffff819ead5f&gt;]  [&lt;ffffffff819ead5f&gt;]
selinux_socket_sock_rcv_skb+0xff/0x6a0 security/selinux/hooks.c:4639
RSP: 0018:ffff8800687771c8  EFLAGS: 00010202
RAX: ffff88006b9e0000 RBX: 1ffff1000d0eee3f RCX: 1ffff1000d1d312a
RDX: 1ffff1000d1d31a6 RSI: dffffc0000000000 RDI: 0000000000000010
RBP: ffff880068777360 R08: 0000000000000000 R09: 0000000000000002
R10: dffffc0000000000 R11: 0000000000000006 R12: ffff880068e98940
R13: 0000000000000002 R14: ffff880068777338 R15: 0000000000000000
FS:  00007f00ff760700(0000) GS:ffff88006cd00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020008000 CR3: 000000006a308000 CR4: 00000000000006e0
Stack:
 ffff8800687771e0 ffffffff812508a5 ffff8800686f3168 0000000000000007
 ffff88006ac8cdfc ffff8800665ea500 0000000041b58ab3 ffffffff847b5480
 ffffffff819eac60 ffff88006b9e0860 ffff88006b9e0868 ffff88006b9e07f0
Call Trace:
 [&lt;ffffffff819c8dd5&gt;] security_sock_rcv_skb+0x75/0xb0 security/security.c:1317
 [&lt;ffffffff82c2a9e7&gt;] sk_filter_trim_cap+0x67/0x10e0 net/core/filter.c:81
 [&lt;ffffffff82b81e60&gt;] __sk_receive_skb+0x30/0xa00 net/core/sock.c:460
 [&lt;ffffffff838bbf12&gt;] dccp_v4_rcv+0xdb2/0x1910 net/dccp/ipv4.c:873
 [&lt;ffffffff83069d22&gt;] ip_local_deliver_finish+0x332/0xad0
net/ipv4/ip_input.c:216
 [&lt;     inline     &gt;] NF_HOOK_THRESH ./include/linux/netfilter.h:232
 [&lt;     inline     &gt;] NF_HOOK ./include/linux/netfilter.h:255
 [&lt;ffffffff8306abd2&gt;] ip_local_deliver+0x1c2/0x4b0 net/ipv4/ip_input.c:257
 [&lt;     inline     &gt;] dst_input ./include/net/dst.h:507
 [&lt;ffffffff83068500&gt;] ip_rcv_finish+0x750/0x1c40 net/ipv4/ip_input.c:396
 [&lt;     inline     &gt;] NF_HOOK_THRESH ./include/linux/netfilter.h:232
 [&lt;     inline     &gt;] NF_HOOK ./include/linux/netfilter.h:255
 [&lt;ffffffff8306b82f&gt;] ip_rcv+0x96f/0x12f0 net/ipv4/ip_input.c:487
 [&lt;ffffffff82bd9fb7&gt;] __netif_receive_skb_core+0x1897/0x2a50 net/core/dev.c:4213
 [&lt;ffffffff82bdb19a&gt;] __netif_receive_skb+0x2a/0x170 net/core/dev.c:4251
 [&lt;ffffffff82bdb493&gt;] netif_receive_skb_internal+0x1b3/0x390 net/core/dev.c:4279
 [&lt;ffffffff82bdb6b8&gt;] netif_receive_skb+0x48/0x250 net/core/dev.c:4303
 [&lt;ffffffff8241fc75&gt;] tun_get_user+0xbd5/0x28a0 drivers/net/tun.c:1308
 [&lt;ffffffff82421b5a&gt;] tun_chr_write_iter+0xda/0x190 drivers/net/tun.c:1332
 [&lt;     inline     &gt;] new_sync_write fs/read_write.c:499
 [&lt;ffffffff8151bd44&gt;] __vfs_write+0x334/0x570 fs/read_write.c:512
 [&lt;ffffffff8151f85b&gt;] vfs_write+0x17b/0x500 fs/read_write.c:560
 [&lt;     inline     &gt;] SYSC_write fs/read_write.c:607
 [&lt;ffffffff81523184&gt;] SyS_write+0xd4/0x1a0 fs/read_write.c:599
 [&lt;ffffffff83fc02c1&gt;] entry_SYSCALL_64_fastpath+0x1f/0xc2

It turns out DCCP calls __sk_receive_skb(), and this broke when
lookups no longer took a reference on listeners.

Fix this issue by adding a @refcounted parameter to __sk_receive_skb(),
so that sock_put() is used only when needed.

Fixes: 3b24d854cb35 ("tcp/dccp: do not touch listener sk_refcnt under synflood")
Signed-off-by: Eric Dumazet &lt;edumazet@google.com&gt;
Reported-by: Andrey Konovalov &lt;andreyknvl@google.com&gt;
Tested-by: Andrey Konovalov &lt;andreyknvl@google.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ipv4: allow local fragmentation in ip_finish_output_gso()</title>
<updated>2016-11-21T09:11:34+00:00</updated>
<author>
<name>Lance Richardson</name>
<email>lrichard@redhat.com</email>
</author>
<published>2016-11-02T20:36:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=1f49cc6fa91c703b9a2cbb6fe7176cc44e930c8d'/>
<id>1f49cc6fa91c703b9a2cbb6fe7176cc44e930c8d</id>
<content type='text'>
[ Upstream commit 9ee6c5dc816aa8256257f2cd4008a9291ec7e985 ]

Some configurations (e.g. geneve interface with default
MTU of 1500 over an ethernet interface with 1500 MTU) result
in the transmission of packets that exceed the configured MTU.
While this should be considered to be a "bad" configuration,
it is still allowed and should not result in the sending
of packets that exceed the configured MTU.

Fix by dropping the assumption in ip_finish_output_gso() that
locally originated gso packets will never need fragmentation.
Basic testing using iperf (observing CPU usage and bandwidth)
have shown no measurable performance impact for traffic not
requiring fragmentation.

Fixes: c7ba65d7b649 ("net: ip: push gso skb forwarding handling down the stack")
Reported-by: Jan Tluka &lt;jtluka@redhat.com&gt;
Signed-off-by: Lance Richardson &lt;lrichard@redhat.com&gt;
Acked-by: Hannes Frederic Sowa &lt;hannes@stressinduktion.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 9ee6c5dc816aa8256257f2cd4008a9291ec7e985 ]

Some configurations (e.g. geneve interface with default
MTU of 1500 over an ethernet interface with 1500 MTU) result
in the transmission of packets that exceed the configured MTU.
While this should be considered to be a "bad" configuration,
it is still allowed and should not result in the sending
of packets that exceed the configured MTU.

Fix by dropping the assumption in ip_finish_output_gso() that
locally originated gso packets will never need fragmentation.
Basic testing using iperf (observing CPU usage and bandwidth)
have shown no measurable performance impact for traffic not
requiring fragmentation.

Fixes: c7ba65d7b649 ("net: ip: push gso skb forwarding handling down the stack")
Reported-by: Jan Tluka &lt;jtluka@redhat.com&gt;
Signed-off-by: Lance Richardson &lt;lrichard@redhat.com&gt;
Acked-by: Hannes Frederic Sowa &lt;hannes@stressinduktion.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
</feed>
