Linux/linux 8113a85fs/ceph mds_client.c inode.c

Merge tag 'ceph-for-5.1-rc7' of git://github.com/ceph/ceph-client

Pull ceph fixes from Ilya Dryomov:
 "dentry name handling fixes from Jeff and a memory leak fix from Zheng.

  Both are old issues, marked for stable"

* tag 'ceph-for-5.1-rc7' of git://github.com/ceph/ceph-client:
  ceph: fix ci->i_head_snapc leak
  ceph: handle the case where a dentry has been renamed on outstanding req
  ceph: ensure d_name stability in ceph_dentry_hash()
  ceph: only use d_name directly when parent is locked

Linux/linux f6f3e74crypto xts.c lrw.c

Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

Pull crypto fixes from Herbert Xu:
 "This fixes a bug in xts and lrw where they may sleep in an atomic
  context"

* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
  crypto: lrw - Fix atomic sleep when walking skcipher
  crypto: xts - Fix atomic sleep when walking skcipher
DeltaFile
+5-1crypto/xts.c
+5-1crypto/lrw.c
+10-22 files

Linux/linux cd8deadnet/ipv4 route.c, net/netfilter nf_conntrack_proto_icmp.c nf_conntrack_proto_icmpv6.c

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

Pull networking fixes from David Miller:
 "Just the usual assortment of small'ish fixes:

   1) Conntrack timeout is sometimes not initialized properly, from
      Alexander Potapenko.

   2) Add a reasonable range limit to tcp_min_rtt_wlen to avoid
      undefined behavior. From ZhangXiaoxu.

   3) des1 field of descriptor in stmmac driver is initialized with the
      wrong variable. From Yue Haibing.

   4) Increase mlxsw pci sw reset timeout a little bit more, from Ido
      Schimmel.

   5) Match IOT2000 stmmac devices more accurately, from Su Bao Cheng.

   6) Fallback refcount fix in TLS code, from Jakub Kicinski.

   7) Fix max MTU check when using XDP in mlx5, from Maxim Mikityanskiy.

   8) Fix recursive locking in team driver, from Hangbin Liu.


    [35 lines not shown]

Linux/linux 11bfe64. MAINTAINERS

Merge tag 'leds-for-5.1-rc7' of 
git://git.kernel.org/pub/scm/linux/kernel/git/j.anaszewski/linux-leds

Pull LED update from Jacek Anaszewski:
 "A single change to MAINTAINERS:

  We announce a new LED reviewer - Dan Murphy"

* tag 'leds-for-5.1-rc7' of 
git://git.kernel.org/pub/scm/linux/kernel/git/j.anaszewski/linux-leds:
  MAINTAINERS: LEDs: Add designated reviewer for LED subsystem
DeltaFile
+1-0MAINTAINERS
+1-01 files

Linux/linux 20ff83fnet/ipv4 route.c

ipv4: add sanity checks in ipv4_link_failure()

Before calling __ip_options_compile(), we need to ensure the network
header is a an IPv4 one, and that it is already pulled in skb->head.

RAW sockets going through a tunnel can end up calling ipv4_link_failure()
with total garbage in the skb, or arbitrary lengthes.

syzbot report :

BUG: KASAN: stack-out-of-bounds in memcpy include/linux/string.h:355 [inline]
BUG: KASAN: stack-out-of-bounds in __ip_options_echo+0x294/0x1120 
net/ipv4/ip_options.c:123
Write of size 69 at addr ffff888096abf068 by task syz-executor.4/9204

CPU: 0 PID: 9204 Comm: syz-executor.4 Not tainted 5.1.0-rc5+ #77
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 print_address_description.cold+0x7c/0x20d mm/kasan/report.c:187
 kasan_report.cold+0x1b/0x40 mm/kasan/report.c:317
 check_memory_region_inline mm/kasan/generic.c:185 [inline]
 check_memory_region+0x123/0x190 mm/kasan/generic.c:191
 memcpy+0x38/0x50 mm/kasan/common.c:133

    [68 lines not shown]
DeltaFile
+24-10net/ipv4/route.c
+24-101 files

Linux/linux 0453c68net/rose rose_loopback.c

net/rose: fix unbound loop in rose_loopback_timer()

This patch adds a limit on the number of skbs that fuzzers can queue
into loopback_queue. 1000 packets for rose loopback seems more than enough.

Then, since we now have multiple cpus in most linux hosts,
we also need to limit the number of skbs rose_loopback_timer()
can dequeue at each round.

rose_loopback_queue() can be drop-monitor friendly, calling
consume_skb() or kfree_skb() appropriately.

Finally, use mod_timer() instead of del_timer() + add_timer()

syzbot report was :

rcu: INFO: rcu_preempt self-detected stall on CPU
rcu:    0-...!: (10499 ticks this GP) idle=536/1/0x4000000000000002 softirq=103291/103291 
fqs=34
rcu:     (t=10500 jiffies g=140321 q=323)
rcu: rcu_preempt kthread starved for 10426 jiffies! g140321 f0x0 RCU_GP_WAIT_FQS(5) 
->state=0x402 ->cpu=1
rcu: RCU grace-period kthread stack dump:
rcu_preempt     I29168    10      2 0x80000000
Call Trace:

    [57 lines not shown]
DeltaFile
+16-11net/rose/rose_loopback.c
+16-111 files

Linux/linux 032be5fnet/rxrpc input.c local_object.c

rxrpc: fix race condition in rxrpc_input_packet()

After commit 5271953cad31 ("rxrpc: Use the UDP encap_rcv hook"),
rxrpc_input_packet() is directly called from lockless UDP receive
path, under rcu_read_lock() protection.

It must therefore use RCU rules :

- udp_sk->sk_user_data can be cleared at any point in this function.
  rcu_dereference_sk_user_data() is what we need here.

- Also, since sk_user_data might have been set in rxrpc_open_socket()
  we must observe a proper RCU grace period before kfree(local) in
  rxrpc_lookup_local()

v4: @local can be NULL in xrpc_lookup_local() as reported by kbuild test robot 
<lkp at intel.com>
        and Julia Lawall <julia.lawall at lip6.fr>, thanks !

v3,v2 : addressed David Howells feedback, thanks !

syzbot reported :

kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access

    [62 lines not shown]

Linux/linux 52fb56f. MAINTAINERS

MAINTAINERS: LEDs: Add designated reviewer for LED subsystem

Add a designated reviewer for the LED subsystem as there
are already two maintainers assigned.

Signed-off-by: Dan Murphy <dmurphy at ti.com>
Acked-by: Pavel Machek <pavel at ucw.cz>
Signed-off-by: Jacek Anaszewski <jacek.anaszewski at gmail.com>
DeltaFile
+1-0MAINTAINERS
+1-01 files

Linux/linux 4b9fc71net/rds ib_fmr.c ib_rdma.c

net: rds: exchange of 8K and 1M pool

Before the commit 490ea5967b0d ("RDS: IB: move FMR code to its own file"),
when the dirty_count is greater than 9/10 of max_items of 8K pool,
1M pool is used, Vice versa. After the commit 490ea5967b0d ("RDS: IB: move
FMR code to its own file"), the above is removed. When we make the
following tests.

Server:
  rds-stress -r 1.1.1.16 -D 1M

Client:
  rds-stress -r 1.1.1.14 -s 1.1.1.16 -D 1M

The following will appear.
"
connecting to 1.1.1.16:4000
negotiated options, tasks will start in 2 seconds
Starting up..header from 1.1.1.166:4001 to id 4001 bogus
..
tsks  tx/s  rx/s tx+rx K/s  mbi K/s  mbo K/s tx us/c  rtt us
cpu %
   1    0    0     0.00     0.00     0.00    0.00 0.00 -1.00
   1    0    0     0.00     0.00     0.00    0.00 0.00 -1.00
   1    0    0     0.00     0.00     0.00    0.00 0.00 -1.00

    [10 lines not shown]

Linux/linux 6819e3fdrivers/net vrf.c

net: vrf: Fix operation not supported when set vrf mac

Vrf device is not able to change mac address now because lack of
ndo_set_mac_address. Complete this in case some apps need to do
this.

Reported-by: Hui Wang <wanghui104 at huawei.com>
Signed-off-by: Miaohe Lin <linmiaohe at huawei.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
DeltaFile
+2-0drivers/net/vrf.c
+2-01 files

Linux/linux 1c5c12einclude/linux etherdevice.h, net/ncsi ncsi-rsp.c

net/ncsi: handle overflow when incrementing mac address

Previously BMC's MAC address is calculated by simply adding 1 to the
last byte of network controller's MAC address, and it produces incorrect
result when network controller's MAC address ends with 0xFF.

The problem can be fixed by calling eth_addr_inc() function to increment
MAC address; besides, the MAC address is also validated before assigning
to BMC.

Fixes: cb10c7c0dfd9 ("net/ncsi: Add NCSI Broadcom OEM command")
Signed-off-by: Tao Ren <taoren at fb.com>
Acked-by: Jakub Kicinski <jakub.kicinski at netronome.com>
Acked-by: Samuel Mendoza-Jonas <sam at mendozajonas.com>
Signed-off-by: David S. Miller <davem at davemloft.net>

Linux/linux ba25b50drivers/gpu/drm/i915 intel_fbdev.c, drivers/gpu/drm/virtio virtgpu_prime.c virtgpu_drv.h

Merge tag 'drm-fixes-2019-04-24' of git://anongit.freedesktop.org/drm/drm

Pull drm regression fixes from Dave Airlie:
 "We interrupt your regularly scheduled drm fixes for a regression
  special.

  The first is for a fix in i915 that had unexpected side effects
  fallout in the userspace X.org modesetting driver where X would no
  longer start. I got tired of the nitpicking and issued a large hammer
  on it. The X.org driver is buggy, but blackscreen regressions are
  worse.

  The second was an oversight that myself and Gerd should have noticed
  better, Gerd is trying to fix this properly, but the regression is too
  large to leave, even if the original behaviour is bad in some cases,
  it's clearly bad to break a bunch of working use cases.

  I'll likely have a regular fixes pull later, but I really wanted to
  highlight these"

* tag 'drm-fixes-2019-04-24' of git://anongit.freedesktop.org/drm/drm:
  Revert "drm/virtio: drop prime import/export callbacks"
  Revert "drm/i915/fbdev: Actually configure untiled displays"

Linux/linux ffbf987drivers/net/ethernet/socionext netsec.c

net: socionext: replace napi_alloc_frag with the netdev variant on init

The netdev variant is usable on any context since it disables interrupts.
The napi variant of the call should only be used within softirq context.
Replace napi_alloc_frag on driver init with the correct netdev_alloc_frag
call

Changes since v1:
- Adjusted commit message

Acked-by: Ard Biesheuvel <ard.biesheuvel at linaro.org>
Acked-by: Jassi Brar <jaswinder.singh at linaro.org>
Fixes: 4acb20b46214 ("net: socionext: different approach on DMA")
Signed-off-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
Signed-off-by: David S. Miller <davem at davemloft.net>

Linux/linux 66c0317drivers/net/ethernet/atheros/atlx atl1.c atl2.h

net: atheros: fix spelling mistake "underun" -> "underrun"

There are spelling mistakes in structure elements, fix these.

Signed-off-by: Colin Ian King <colin.king at canonical.com>
Signed-off-by: David S. Miller <davem at davemloft.net>

Linux/linux a0cecc2drivers/gpu/drm/virtio virtgpu_prime.c virtgpu_drv.c

Revert "drm/virtio: drop prime import/export callbacks"

This patch does more harm than good, as it breaks both Xwayland and
gnome-shell with X11.

Xwayland requires DRI3 & DRI3 requires PRIME.

X11 crash for obscure double-free reason which are hard to debug
(starting X11 by hand doesn't trigger the crash).

I don't see an apparent problem implementing those stub prime
functions, they may return an error at run-time, and it seems to be
handled fine by GNOME at least.

This reverts commit b318e3ff7ca065d6b107e424c85a63d7a6798a69.
[airlied:
This broke userspace for virtio-gpus, and regressed things from DRI3 to DRI2.

This brings back the original problem, but it's better than regressions.]

Fixes: b318e3ff7ca065d6b107e424c85a63d7a6798a ("drm/virtio: drop prime import/export 
callbacks")
Signed-off-by: Marc-André Lureau <marcandre.lureau at redhat.com>
Signed-off-by: Dave Airlie <airlied at redhat.com>

Linux/linux 9fa2462drivers/gpu/drm/i915 intel_fbdev.c

Revert "drm/i915/fbdev: Actually configure untiled displays"

This reverts commit d179b88deb3bf6fed4991a31fd6f0f2cad21fab5.

This commit is documented to break userspace X.org modesetting driver in certain 
configurations.

The X.org modesetting userspace driver is broken. No fixes are available yet. In order for 
this patch to be applied it either needs a config option or a workaround developed.

This has been reported a few times, saying it's a userspace problem is clearly against the 
regression rules.

Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=109806
Signed-off-by: Dave Airlie <airlied at redhat.com>
Cc: <stable at vger.kernel.org> # v3.19+

Linux/linux 12a54b1fs/nfsd nfs3proc.c nfs4state.c, net/sunrpc cache.c

Merge tag 'nfsd-5.1-1' of git://linux-nfs.org/~bfields/linux

Pull nfsd bugfixes from Bruce Fields:
 "Fix miscellaneous nfsd bugs, in NFSv4.1 callbacks, NFSv4.1
  lock-notification callbacks, NFSv3 readdir encoding, and the
  cache/upcall code"

* tag 'nfsd-5.1-1' of git://linux-nfs.org/~bfields/linux:
  nfsd: wake blocked file lock waiters before sending callback
  nfsd: wake waiters blocked on file_lock before deleting it
  nfsd: Don't release the callback slot unless it was actually held
  nfsd/nfsd3_proc_readdir: fix buffer count and page pointers
  sunrpc: don't mark uninitialised items as VALID.

Linux/linux d286e13arch/arm64/include/asm unistd32.h, arch/ia64/kernel/syscalls syscall.tbl

Merge tag 'syscalls-5.1' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/asm-generic

Pull syscall numbering updates from Arnd Bergmann:
 "arch: add pidfd and io_uring syscalls everywhere

  This comes a bit late, but should be in 5.1 anyway: we want the newly
  added system calls to be synchronized across all architectures in the
  release.

  I hope that in the future, any newly added system calls can be added
  to all architectures at the same time, and tested there while they are
  in linux-next, avoiding dependencies between the architecture
  maintainer trees and the tree that contains the new system call"

* tag 'syscalls-5.1' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/asm-generic:
  arch: add pidfd and io_uring syscalls everywhere

Linux/linux 3765918fs/ceph mds_client.c snap.c

ceph: fix ci->i_head_snapc leak

We missed two places that i_wrbuffer_ref_head, i_wr_ref, i_dirty_caps
and i_flushing_caps may change. When they are all zeros, we should free
i_head_snapc.

Cc: stable at vger.kernel.org
Link: https://tracker.ceph.com/issues/38224
Reported-and-tested-by: Luis Henriques <lhenriques at suse.com>
Signed-off-by: "Yan, Zheng" <zyan at redhat.com>
Signed-off-by: Ilya Dryomov <idryomov at gmail.com>

Linux/linux 1bcb344fs/ceph mds_client.c

ceph: only use d_name directly when parent is locked

Ben reported tripping the BUG_ON in create_request_message during some
performance testing. Analysis of the vmcore showed that the length of
the r_dentry->d_name string changed after we allocated the buffer, but
before we encoded it.

build_dentry_path returns pointers to d_name in the common case of
non-snapped dentries, but this optimization isn't safe unless the parent
directory is locked. When it isn't, have the code make a copy of the
d_name while holding the d_lock.

Cc: stable at vger.kernel.org
Reported-by: Ben England <bengland at redhat.com>
Signed-off-by: Jeff Layton <jlayton at kernel.org>
Reviewed-by: "Yan, Zheng" <zyan at redhat.com>
Signed-off-by: Ilya Dryomov <idryomov at gmail.com>
DeltaFile
+50-11fs/ceph/mds_client.c
+50-111 files

Linux/linux 4b82228fs/ceph inode.c

ceph: handle the case where a dentry has been renamed on outstanding req

It's possible for us to issue a lookup to revalidate a dentry
concurrently with a rename. If done in the right order, then we could
end up processing dentry info in the reply that no longer reflects the
state of the dentry.

If req->r_dentry->d_name differs from the one in the trace, then just
ignore the trace in the reply. We only need to do this however if the
parent's i_rwsem is not held.

Signed-off-by: Jeff Layton <jlayton at kernel.org>
Reviewed-by: "Yan, Zheng" <zyan at redhat.com>
Signed-off-by: Ilya Dryomov <idryomov at gmail.com>
DeltaFile
+15-1fs/ceph/inode.c
+15-11 files

Linux/linux 76a495dfs/ceph dir.c

ceph: ensure d_name stability in ceph_dentry_hash()

Take the d_lock here to ensure that d_name doesn't change.

Cc: stable at vger.kernel.org
Signed-off-by: Jeff Layton <jlayton at kernel.org>
Reviewed-by: "Yan, Zheng" <zyan at redhat.com>
Signed-off-by: Ilya Dryomov <idryomov at gmail.com>
DeltaFile
+5-1fs/ceph/dir.c
+5-11 files

Linux/linux 2f23a2adrivers/net/phy spi_ks8995.c

spi: Micrel eth switch: declare missing of table

Add missing <of_device_id> table for SPI driver relying on SPI
device match since compatible is in a DT binding or in a DTS.

Before this patch:
modinfo drivers/net/phy/spi_ks8995.ko | grep alias
alias:          spi:ksz8795
alias:          spi:ksz8864
alias:          spi:ks8995

After this patch:
modinfo drivers/net/phy/spi_ks8995.ko | grep alias
alias:          spi:ksz8795
alias:          spi:ksz8864
alias:          spi:ks8995
alias:          of:N*T*Cmicrel,ksz8795C*
alias:          of:N*T*Cmicrel,ksz8795
alias:          of:N*T*Cmicrel,ksz8864C*
alias:          of:N*T*Cmicrel,ksz8864
alias:          of:N*T*Cmicrel,ks8995C*
alias:          of:N*T*Cmicrel,ks8995

Reported-by: Javier Martinez Canillas <javier at dowhile0.org>
Signed-off-by: Daniel Gomez <dagmcr at gmail.com>
Signed-off-by: David S. Miller <davem at davemloft.net>

Linux/linux d048305drivers/nfc/st95hf core.c

spi: ST ST95HF NFC: declare missing of table

Add missing <of_device_id> table for SPI driver relying on SPI
device match since compatible is in a DT binding or in a DTS.

Before this patch:
modinfo drivers/nfc/st95hf/st95hf.ko | grep alias
alias:          spi:st95hf

After this patch:
modinfo drivers/nfc/st95hf/st95hf.ko | grep alias
alias:          spi:st95hf
alias:          of:N*T*Cst,st95hfC*
alias:          of:N*T*Cst,st95hf

Reported-by: Javier Martinez Canillas <javier at dowhile0.org>
Signed-off-by: Daniel Gomez <dagmcr at gmail.com>
Signed-off-by: David S. Miller <davem at davemloft.net>

Linux/linux b561af3drivers/net/ethernet/stmicro/stmmac stmmac_main.c

net: stmmac: move stmmac_check_ether_addr() to driver probe

stmmac_check_ether_addr() checks the MAC address and assigns one in
driver open(). In many cases when we create slave netdevice, the dev
addr is inherited from master but the master dev addr maybe NULL at
that time, so move this call to driver probe so that address is
always valid.

Signed-off-by: Xiaofei Shen <xiaofeis at codeaurora.org>
Tested-by: Xiaofei Shen <xiaofeis at codeaurora.org>
Signed-off-by: Sneh Shah <snehshah at codeaurora.org>
Signed-off-by: Vinod Koul <vkoul at kernel.org>
Reviewed-by: Andrew Lunn <andrew at lunn.ch>
Signed-off-by: David S. Miller <davem at davemloft.net>

Linux/linux acced9dnet/netfilter nf_conntrack_proto_icmp.c nf_conntrack_proto_icmpv6.c, tools/testing/selftests/netfilter conntrack_icmp_related.sh nft_nat.sh

Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf

Pablo Neira Ayuso says:

====================
Netfilter/IPVS fixes for net

The following patchset contains Netfilter/IPVS fixes for your net tree:

1) Add a selftest for icmp packet too big errors with conntrack, from
   Florian Westphal.

2) Validate inner header in ICMP error message does not lie to us
   in conntrack, also from Florian.

3) Initialize ct->timeout to calm down KASAN, from Alexander Potapenko.

4) Skip ICMP error messages from tunnels in IPVS, from Julian Anastasov.

5) Use a hash to expose conntrack and expectation ID, from Florian Westphal.

6) Prevent shift wrap in nft_chain_parse_hook(), from Dan Carpenter.

7) Fix broken ICMP ID randomization with NAT, also from Florian.


    [10 lines not shown]

Linux/linux f456458fs/nfsd nfs4state.c

nfsd: wake blocked file lock waiters before sending callback

When a blocked NFS lock is "awoken" we send a callback to the server and
then wake any hosts waiting on it. If a client attempts to get a lock
and then drops off the net, we could end up waiting for a long time
until we end up waking locks blocked on that request.

So, wake any other waiting lock requests before sending the callback.
Do this by calling locks_delete_block in a new "prepare" phase for
CB_NOTIFY_LOCK callbacks.

URL: https://bugzilla.kernel.org/show_bug.cgi?id=203363
Fixes: 16306a61d3b7 ("fs/locks: always delete_block after waiting.")
Reported-by: Slawomir Pryczek <slawek1211 at gmail.com>
Cc: Neil Brown <neilb at suse.com>
Cc: stable at vger.kernel.org
Signed-off-by: Jeff Layton <jlayton at kernel.org>
Signed-off-by: J. Bruce Fields <bfields at redhat.com>

Linux/linux 6aaafc4fs/nfsd nfs4state.c

nfsd: wake waiters blocked on file_lock before deleting it

After a blocked nfsd file_lock request is deleted, knfsd will send a
callback to the client and then free the request. Commit 16306a61d3b7
("fs/locks: always delete_block after waiting.") changed it such that
locks_delete_block is always called on a request after it is awoken,
but that patch missed fixing up blocked nfsd request handling.

Call locks_delete_block on the block to wake up any locks still blocked
on the nfsd lock request before freeing it. Some of its callers already
do this however, so just remove those calls.

URL: https://bugzilla.kernel.org/show_bug.cgi?id=203363
Fixes: 16306a61d3b7 ("fs/locks: always delete_block after waiting.")
Reported-by: Slawomir Pryczek <slawek1211 at gmail.com>
Cc: Neil Brown <neilb at suse.com>
Cc: stable at vger.kernel.org
Signed-off-by: Jeff Layton <jlayton at kernel.org>
Signed-off-by: J. Bruce Fields <bfields at redhat.com>

Linux/linux 7142eaa. MAINTAINERS, arch/mips/ath79 setup.c

Merge tag 'mips_fixes_5.1_3' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux

Pull MIPS fixes from Paul Burton:
 "A couple more MIPS fixes:

   - Fix indirect syscall tracing & seccomp filtering for big endian
     MIPS64 kernels, which previously loaded the syscall number
     incorrectly & would always use zero.

   - Fix performance counter IRQ setup for Atheros/ath79 SoCs, allowing
     perf to function on those systems.

  And not really a fix, but a useful addition:

   - Add a Broadcom mailing list to the MAINTAINERS entry for BMIPS
     systems to allow relevant engineers to track patch submissions"

* tag 'mips_fixes_5.1_3' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux:
  MIPS: perf: ath79: Fix perfcount IRQ assignment
  MIPS: scall64-o32: Fix indirect syscall number load
  MAINTAINERS: BMIPS: Add internal Broadcom mailing list

Linux/linux d486680net/netfilter nf_conntrack_proto.c

netfilter: fix nf_l4proto_log_invalid to log invalid packets

It doesn't log a packet if sysctl_log_invalid isn't equal to protonum
OR sysctl_log_invalid isn't equal to IPPROTO_RAW. This sentence is
always true. I believe we need to replace OR to AND.

Cc: Florian Westphal <fw at strlen.de>
Fixes: c4f3db1595827 ("netfilter: conntrack: add and use nf_l4proto_log_invalid")
Signed-off-by: Andrei Vagin <avagin at gmail.com>
Acked-by: Florian Westphal <fw at strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

Linux/linux 7caa56fnet/bridge/netfilter ebtables.c

netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON

It means userspace gave us a ruleset where there is some other
data after the ebtables target but before the beginning of the next rule.

Fixes: 81e675c227ec ("netfilter: ebtables: add CONFIG_COMPAT support")
Reported-by: syzbot+659574e7bcc7f7eb4df7 at syzkaller.appspotmail.com
Signed-off-by: Florian Westphal <fw at strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

Linux/linux 916f6efnet/netfilter xt_time.c nf_conntrack_core.c

netfilter: never get/set skb->tstamp

setting net.netfilter.nf_conntrack_timestamp=1 breaks xmit with fq
scheduler.  skb->tstamp might be "refreshed" using ktime_get_real(),
but fq expects CLOCK_MONOTONIC.

This patch removes all places in netfilter that check/set skb->tstamp:

1. To fix the bogus "start" time seen with conntrack timestamping for
   outgoing packets, never use skb->tstamp and always use current time.
2. In nfqueue and nflog, only use skb->tstamp for incoming packets,
   as determined by current hook (prerouting, input, forward).
3. xt_time has to use system clock as well rather than skb->tstamp.
   We could still use skb->tstamp for prerouting/input/foward, but
   I see no advantage to make this conditional.

Fixes: fb420d5d91c1 ("tcp/fq: move back to CLOCK_MONOTONIC")
Cc: Eric Dumazet <edumazet at google.com>
Reported-by: Michal Soltys <soltys at ziu.info>
Signed-off-by: Florian Westphal <fw at strlen.de>
Acked-by: Eric Dumazet <edumazet at google.com>
Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

Linux/linux 26d1b85Documentation/networking decnet.txt

Documentation: decnet: remove reference to CONFIG_DECNET_ROUTE_FWMARK

CONFIG_DECNET_ROUTE_FWMARK was removed in commit 47dcf0cb1005 ("[NET]: Rethink mark field 
in struct flowi")
Since nothing replace it (and nothindg need to replace it, simply remove
it from documentation.

Signed-off-by: Corentin Labbe <clabbe at baylibre.com>
Signed-off-by: David S. Miller <davem at davemloft.net>

Linux/linux 39420feDocumentation/devicetree/bindings/net ethernet.txt

dt-bindings: add an explanation for internal phy-mode

When working on the Allwinner internal PHY, the first work was to use
the "internal" mode, but some answer was made my mail on what are really
internal mean for PHY.

This patch write that in the doc.

Signed-off-by: Corentin Labbe <clabbe at baylibre.com>
Reviewed-by: Andrew Lunn <andrew at lunn.ch>
Signed-off-by: David S. Miller <davem at davemloft.net>

Linux/linux 085b775. Makefile

Linux 5.1-rc6
DeltaFile
+1-1Makefile
+1-11 files

Linux/linux 12c7686net/tls tls_main.c tls_sw.c

net/tls: don't leak IV and record seq when offload fails

When device refuses the offload in tls_set_device_offload_rx()
it calls tls_sw_free_resources_rx() to clean up software context
state.

Unfortunately, tls_sw_free_resources_rx() does not free all
the state tls_set_sw_offload() allocated - it leaks IV and
sequence number buffers.  All other code paths which lead to
tls_sw_release_resources_rx() (which tls_sw_free_resources_rx()
calls) free those right before the call.

Avoid the leak by moving freeing of iv and rec_seq into
tls_sw_release_resources_rx().

Fixes: 4799ac81e52a ("tls: Add rx inline crypto offload")
Signed-off-by: Jakub Kicinski <jakub.kicinski at netronome.com>
Reviewed-by: Dirk van der Merwe <dirk.vandermerwe at netronome.com>
Signed-off-by: David S. Miller <davem at davemloft.net>

Linux/linux 62ef81dnet/tls tls_device.c

net/tls: avoid potential deadlock in tls_set_device_offload_rx()

If device supports offload, but offload fails tls_set_device_offload_rx()
will call tls_sw_free_resources_rx() which (unhelpfully) releases
and reacquires the socket lock.

For a small fix release and reacquire the device_offload_lock.

Fixes: 4799ac81e52a ("tls: Add rx inline crypto offload")
Signed-off-by: Jakub Kicinski <jakub.kicinski at netronome.com>
Reviewed-by: Dirk van der Merwe <dirk.vandermerwe at netronome.com>
Signed-off-by: David S. Miller <davem at davemloft.net>

Linux/linux 8c03557tools/testing/selftests/net run_afpackettests

selftests/net: correct the return value for run_afpackettests

The run_afpackettests will be marked as passed regardless the return
value of those sub-tests in the script:
    --------------------
    running psock_tpacket test
    --------------------
    [FAIL]
    selftests: run_afpackettests [PASS]

Fix this by changing the return value for each tests.

Signed-off-by: Po-Hsu Lin <po-hsu.lin at canonical.com>
Signed-off-by: David S. Miller <davem at davemloft.net>

Linux/linux 9e5de62net/sunrpc clnt.c

Merge tag 'nfs-for-5.1-5' of git://git.linux-nfs.org/projects/trondmy/linux-nfs

Pull NFS client bugfix from Trond Myklebust:
 "Fix a regression in which an RPC call can be tagged with an error
  despite the transmission being successful"

* tag 'nfs-for-5.1-5' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
  SUNRPC: Ignore queue transmission errors on successful transmission
DeltaFile
+5-2net/sunrpc/clnt.c
+5-21 files

Linux/linux a06bc2fdrivers/scsi scsi_lib.c, drivers/scsi/aic7xxx aic7xxx_osm.c aic7xxx.h

Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi

Pull SCSI fixes from James Bottomley:
 "Three minor fixes: two obvious ones in drivers and a fix to the SG_IO
  path to correctly return status on error"

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  scsi: aic7xxx: fix EISA support
  Revert "scsi: fcoe: clear FC_RP_STARTED flags when receiving a LOGO"
  scsi: core: set result when the command cannot be dispatched

Linux/linux 38a2ca2block bfq-iosched.c blk-mq.c, fs io_uring.c

Merge tag 'for-linus-20190420' of git://git.kernel.dk/linux-block

Pull block fixes from Jens Axboe:
 "A set of small fixes that should go into this series. This contains:

   - Removal of unused queue member (Hou)

   - Overflow bvec fix (Ming)

   - Various little io_uring tweaks (me)
       - kthread parking
       - Only call cpu_possible() for verified CPU
       - Drop unused 'file' argument to io_file_put()
       - io_uring_enter vs io_uring_register deadlock fix
       - CQ overflow fix

   - BFQ internal depth update fix (me)"

* tag 'for-linus-20190420' of git://git.kernel.dk/linux-block:
  block: make sure that bvec length can't be overflow
  block: kill all_q_node in request_queue
  io_uring: fix CQ overflow condition
  io_uring: fix possible deadlock between io_uring_{enter,register}
  io_uring: drop io_file_put() 'file' argument
  bfq: update internal depth state when queue depth changes

    [2 lines not shown]

Linux/linux 34396bd. MAINTAINERS, drivers/i3c master.c

Merge tag 'i3c/fixes-for-5.1-rc6' of 
git://git.kernel.org/pub/scm/linux/kernel/git/i3c/linux

Pill i3c fixes from Boris Brezillon:

 - fix the random PID check

 - fix the disable controller logic in the designware driver

 - fix I3C entry in MAINTAINERS

* tag 'i3c/fixes-for-5.1-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/i3c/linux:
  MAINTAINERS: Fix the I3C entry
  i3c: dw: Fix dw_i3c_master_disable controller by using correct mask
  i3c: Fix the verification of random PID

Linux/linux 4b609f1sound/core init.c info.c, sound/pci/hda patch_realtek.c hda_codec.c

Merge tag 'sound-5.1-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

Pull sound fixes from Takashi Iwai:
 "Two core fixes for long-standing bugs for the races at concurrent
  device creation and deletion that were (unsurprisingly) spotted by
  syzkaller with usb-fuzzer.

  The rest are usual small HD-audio fixes"

* tag 'sound-5.1-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ALSA: hda/realtek - add two more pin configuration sets to quirk table
  ALSA: core: Fix card races between register and disconnect
  ALSA: info: Fix racy addition/deletion of nodes
  ALSA: hda: Initialize power_state field properly

Linux/linux e899cc3drivers/clocksource timer-ti-dm.c arm_arch_timer.c, kernel/time timekeeping.h sched_clock.c

Merge branch 'timers-urgent-for-linus' of 
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull timer fixes from Ingo Molnar:
 "Misc clocksource driver fixes, and a sched-clock wrapping fix"

* 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  timers/sched_clock: Prevent generic sched_clock wrap caused by tick_freeze()
  clocksource/drivers/timer-ti-dm: Remove omap_dm_timer_set_load_start
  clocksource/drivers/oxnas: Fix OX820 compatible
  clocksource/drivers/arm_arch_timer: Remove unneeded pr_fmt macro
  clocksource/drivers/npcm: select TIMER_OF

Linux/linux b25c69barch/x86/events perf_event.h, arch/x86/events/amd core.c

Merge branch 'perf-urgent-for-linus' of 
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull perf fixes from Ingo Molnar:
 "Misc fixes:
   - various tooling fixes
   - kretprobe fixes
   - kprobes annotation fixes
   - kprobes error checking fix
   - fix the default events for AMD Family 17h CPUs
   - PEBS fix
   - AUX record fix
   - address filtering fix"

* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/kprobes: Avoid kretprobe recursion bug
  kprobes: Mark ftrace mcount handler functions nokprobe
  x86/kprobes: Verify stack frame on kretprobe
  perf/x86/amd: Add event map for AMD Family 17h
  perf bpf: Return NULL when RB tree lookup fails in perf_env__find_btf()
  perf tools: Fix map reference counting
  perf evlist: Fix side band thread draining
  perf tools: Check maps for bpf programs
  perf bpf: Return NULL when RB tree lookup fails in perf_env__find_bpf_prog_info()
  tools include uapi: Sync sound/asound.h copy

    [10 lines not shown]

Linux/linux 1fd91d7arch/x86/kernel reboot.c process.c, arch/x86/kernel/cpu bugs.c intel.c

Merge branch 'x86-urgent-for-linus' of 
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull x86 fixes from Ingo Molnar:
 "Misc fixes all over the place: a console spam fix, section attributes
  fixes, a KASLR fix, a TLB stack-variable alignment fix, a reboot
  quirk, boot options related warnings fix, an LTO fix, a deadlock fix
  and an RDT fix"

* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/cpu/intel: Lower the "ENERGY_PERF_BIAS: Set to normal" message's log priority
  x86/cpu/bugs: Use __initconst for 'const' init data
  x86/mm/KASLR: Fix the size of the direct mapping section
  x86/Kconfig: Fix spelling mistake "effectivness" -> "effectiveness"
  x86/mm/tlb: Revert "x86/mm: Align TLB invalidation info"
  x86/reboot, efi: Use EFI reboot for Acer TravelMate X514-51T
  x86/mm: Prevent bogus warnings with "noexec=off"
  x86/build/lto: Fix truncated .bss with -fdata-sections
  x86/speculation: Prevent deadlock on ssb_state::lock
  x86/resctrl: Do not repeat rdtgroup mode initialization

Linux/linux 2b4cf58kernel/sched fair.c deadline.c

Merge branch 'sched-urgent-for-linus' of 
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull scheduler fixes from Ingo Molnar:
 "A deadline scheduler warning/race fix, and a cfs_period_us quota
  calculation workaround where the real fix looks too involved to merge
  immediately"

* 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  sched/deadline: Correctly handle active 0-lag timers
  sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup

Linux/linux de3af9akernel/locking lockdep.c, scripts/atomic gen-atomics.sh

Merge branch 'locking-urgent-for-linus' of 
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull locking fixes from Ingo Molnar:
 "A lockdep warning fix and a script execution fix when atomics are
  generated"

* 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  locking/atomics: Don't assume that scripts are executable
  locking/lockdep: Make lockdep_unregister_key() honor 'debug_locks' again

Linux/linux 371dd43security device_cgroup.c

Merge branch 'for-5.1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup

Pull cgroup fix from Tejun Heo:
 "A patch to fix a RCU imbalance error in the devices cgroup
  configuration error path"

* 'for-5.1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup:
  device_cgroup: fix RCU imbalance in error case

Linux/linux 4c3f49amm percpu.c

Merge branch 'for-5.1-fixes' of 
git://git.kernel.org/pub/scm/linux/kernel/git/dennis/percpu

Pull percpu fixlet from Dennis Zhou:
 "This stops printing the base address of percpu memory on
  initialization"

* 'for-5.1-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/dennis/percpu:
  percpu: stop printing kernel addresses
DeltaFile
+4-4mm/percpu.c
+4-41 files