Merge tag 'v4.11-rc1' into docs-next

Linux 4.11-rc1

Merge branch 'linus' into WIP.x86/boot, to fix up conflicts and to pick up updates

Conflicts:
arch/x86/xen/setup.c

Signed-off-by: Ingo Molnar <mingo@kernel.org>

Merge tag 'v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux into for-next

Linux 4.10

Merge tag 'v4.10' into patchwork

Linux 4.10

* tag 'v4.10': (1558 commits)
Linux 4.10
Fix missing sanity check in /dev/sg
scsi: don't BUG_ON() empty DMA transfers
ipv6: release dst on error

Merge tag 'v4.10' into patchwork

Linux 4.10

* tag 'v4.10': (1558 commits)
Linux 4.10
Fix missing sanity check in /dev/sg
scsi: don't BUG_ON() empty DMA transfers
ipv6: release dst on error in ip6_dst_lookup_tail
printk: use rcuidle console tracepoint
ARM: multi_v7_defconfig: enable Qualcomm RPMCC
irda: Fix lockdep annotations in hashbin_delete().
vxlan: fix oops in dev_fill_metadata_dst
dccp: fix freeing skb too early for IPV6_RECVPKTINFO
dpaa_eth: small leak on error
packet: Do not call fanout_release from atomic contexts
reset: fix shared reset triggered_count decrement on error
ntb: ntb_hw_intel: link_poll isn't clearing the pending status properly
ntb_transport: Pick an unused queue
ntb: ntb_perf missing dmaengine_unmap_put
NTB: ntb_transport: fix debugfs_remove_recursive
Revert "nohz: Fix collision between tick and other hrtimers"
vfs: fix uninitialized flags in splice_to_pipe()
drm/radeon: Use mode h/vdisplay fields to hide out of bounds HW cursor
ARM: 8658/1: uaccess: fix zeroing of 64-bit get_user()
...

show more ...

Merge remote-tracking branches 'spi/topic/rockchip', 'spi/topic/rspi', 'spi/topic/s3c64xx', 'spi/topic/sh-msiof' and 'spi/topic/slave' into spi-next

Merge tag 'asoc-fix-v4.10-rc3' into asoc-linus

ASoC: Fixes for v4.10

As well as the usual smattering of driver specific fixes collected since
the merge window this has one particularly important fi

Merge tag 'asoc-fix-v4.10-rc3' into asoc-linus

ASoC: Fixes for v4.10

As well as the usual smattering of driver specific fixes collected since
the merge window this has one particularly important fix to the core for
handling of aux_devs which was broken during the merge window by some of
the componentization refactoring.

# gpg: Signature made Wed 11 Jan 2017 17:26:37 GMT
# gpg: using RSA key ADE668AA675718B59FE29FEA24D68B725D5487D0
# gpg: issuer "broonie@kernel.org"
# gpg: key 0D9EACE2CD7BEEBC: no public key for trusted key - skipped
# gpg: key 0D9EACE2CD7BEEBC marked as ultimately trusted
# gpg: key CCB0A420AF88CD16: no public key for trusted key - skipped
# gpg: key CCB0A420AF88CD16 marked as ultimately trusted
# gpg: key 162614E316005C11: no public key for trusted key - skipped
# gpg: key 162614E316005C11 marked as ultimately trusted
# gpg: key A730C53A5621E907: no public key for trusted key - skipped
# gpg: key A730C53A5621E907 marked as ultimately trusted
# gpg: key 276568D75C6153AD: no public key for trusted key - skipped
# gpg: key 276568D75C6153AD marked as ultimately trusted
# gpg: Good signature from "Mark Brown <broonie@sirena.org.uk>" [ultimate]
# gpg: aka "Mark Brown <broonie@debian.org>" [ultimate]
# gpg: aka "Mark Brown <broonie@kernel.org>" [ultimate]
# gpg: aka "Mark Brown <broonie@tardis.ed.ac.uk>" [ultimate]
# gpg: aka "Mark Brown <broonie@linaro.org>" [ultimate]
# gpg: aka "Mark Brown <Mark.Brown@linaro.org>" [ultimate]

show more ...

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

Pull networking fixes from David Miller:

1) In order to avoid problems in the future, make cgroup bpf overriding
explicit using BP

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

Pull networking fixes from David Miller:

1) In order to avoid problems in the future, make cgroup bpf overriding
explicit using BPF_F_ALLOW_OVERRIDE. From Alexei Staovoitov.

2) LLC sets skb->sk without proper skb->destructor and this explodes,
fix from Eric Dumazet.

3) Make sure when we have an ipv4 mapped source address, the
destination is either also an ipv4 mapped address or
ipv6_addr_any(). Fix from Jonathan T. Leighton.

4) Avoid packet loss in fec driver by programming the multicast filter
more intelligently. From Rui Sousa.

5) Handle multiple threads invoking fanout_add(), fix from Eric
Dumazet.

6) Since we can invoke the TCP input path in process context, without
BH being disabled, we have to accomodate that in the locking of the
TCP probe. Also from Eric Dumazet.

7) Fix erroneous emission of NETEVENT_DELAY_PROBE_TIME_UPDATE when we
aren't even updating that sysctl value. From Marcus Huewe.

8) Fix endian bugs in ibmvnic driver, from Thomas Falcon.

[ This is the second version of the pull that reverts the nested
rhashtable changes that looked a bit too scary for this late in the
release - Linus ]

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (27 commits)
rhashtable: Revert nested table changes.
ibmvnic: Fix endian errors in error reporting output
ibmvnic: Fix endian error when requesting device capabilities
net: neigh: Fix netevent NETEVENT_DELAY_PROBE_TIME_UPDATE notification
net: xilinx_emaclite: fix freezes due to unordered I/O
net: xilinx_emaclite: fix receive buffer overflow
bpf: kernel header files need to be copied into the tools directory
tcp: tcp_probe: use spin_lock_bh()
uapi: fix linux/if_pppol2tp.h userspace compilation errors
packet: fix races in fanout_add()
ibmvnic: Fix initial MTU settings
net: ethernet: ti: cpsw: fix cpsw assignment in resume
kcm: fix a null pointer dereference in kcm_sendmsg()
net: fec: fix multicast filtering hardware setup
ipv6: Handle IPv4-mapped src to in6addr_any dst.
ipv6: Inhibit IPv4-mapped src address on the wire.
net/mlx5e: Disable preemption when doing TC statistics upcall
rhashtable: Add nested tables
tipc: Fix tipc_sk_reinit race conditions
gfs2: Use rhashtable walk interface in glock_hash_walk
...

show more ...

bpf: introduce BPF_F_ALLOW_OVERRIDE flag

If BPF_F_ALLOW_OVERRIDE flag is used in BPF_PROG_ATTACH command
to the given cgroup the descendent cgroup will be able to override
effective bpf program that

bpf: introduce BPF_F_ALLOW_OVERRIDE flag

If BPF_F_ALLOW_OVERRIDE flag is used in BPF_PROG_ATTACH command
to the given cgroup the descendent cgroup will be able to override
effective bpf program that was inherited from this cgroup.
By default it's not passed, therefore override is disallowed.

Examples:
1.
prog X attached to /A with default
prog Y fails to attach to /A/B and /A/B/C
Everything under /A runs prog X

2.
prog X attached to /A with allow_override.
prog Y fails to attach to /A/B with default (non-override)
prog M attached to /A/B with allow_override.
Everything under /A/B runs prog M only.

3.
prog X attached to /A with allow_override.
prog Y fails to attach to /A with default.
The user has to detach first to switch the mode.

In the future this behavior may be extended with a chain of
non-overridable programs.

Also fix the bug where detach from cgroup where nothing is attached
was not throwing error. Return ENOENT in such case.

Add several testcases and adjust libbpf.

Fixes: 3007098494be ("cgroup: add support for eBPF programs")
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Tejun Heo <tj@kernel.org>
Acked-by: Daniel Mack <daniel@zonque.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

show more ...

Merge back earlier suspend/hibernation changes for v4.11.

Merge back earlier ACPICA changes for v4.11.

Merge tag 'v4.10-rc5' into next

Sync up with mainline to bring up improvements in various subsystems.

Merge tag 'v4.10-rc5' into for-linus

Sync up with mainline to apply fixup to a commit that came through
power supply tree.

Merge tag 'v4.10-rc1' into asoc-intel

Linux 4.10-rc1

Merge tag 'v4.10-rc1' into asoc-samsung

Linux 4.10-rc1

Merge tag 'v4.10-rc1' into spi-s3c64xx

Linux 4.10-rc1

Merge tag 'v4.10-rc2' into drm-intel-next-queued

Backmerge Linux 4.10-rc2 to resync with our -fixes cherry-picks. I've
done the backmerge directly because Dave is on vacation.

Signed-off-by: Daniel

Merge tag 'v4.10-rc2' into drm-intel-next-queued

Backmerge Linux 4.10-rc2 to resync with our -fixes cherry-picks. I've
done the backmerge directly because Dave is on vacation.

Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>

show more ...

Merge tag 'v4.10-rc1' into docs-next

Linux 4.10-rc1

Merge tag 'v4.10-rc1' into patchwork

Linux 4.10-rc1

* tag 'v4.10-rc1': (11427 commits)
Linux 4.10-rc1
powerpc: Fix build warning on 32-bit PPC
avoid spurious "may be used uninitialized" warni

Merge tag 'v4.10-rc1' into patchwork

Linux 4.10-rc1

* tag 'v4.10-rc1': (11427 commits)
Linux 4.10-rc1
powerpc: Fix build warning on 32-bit PPC
avoid spurious "may be used uninitialized" warning
mm: add PageWaiters indicating tasks are waiting for a page bit
mm: Use owner_priv bit for PageSwapCache, valid when PageSwapBacked
ktime: Get rid of ktime_equal()
ktime: Cleanup ktime_set() usage
ktime: Get rid of the union
clocksource: Use a plain u64 instead of cycle_t
irqchip/armada-xp: Consolidate hotplug state space
irqchip/gic: Consolidate hotplug state space
coresight/etm3/4x: Consolidate hotplug state space
cpu/hotplug: Cleanup state names
cpu/hotplug: Remove obsolete cpu hotplug register/unregister functions
staging/lustre/libcfs: Convert to hotplug state machine
scsi/bnx2i: Convert to hotplug state machine
scsi/bnx2fc: Convert to hotplug state machine
cpu/hotplug: Prevent overwriting of callbacks
x86/msr: Remove bogus cleanup from the error path
bus: arm-ccn: Prevent hotplug callback leak
...

show more ...

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next

Pull networking updates from David Miller:

1) Platform regulatory domain support for ath10k, from Bartosz
Markowski.

2) Cen

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next

Pull networking updates from David Miller:

1) Platform regulatory domain support for ath10k, from Bartosz
Markowski.

2) Centralize min/max MTU checking, thus removing tons of duplicated
code all of the the various drivers. From Jarod Wilson.

3) Support ingress actions in act_mirred, from Shmulik Ladkani.

4) Improve device adjacency tracking, from David Ahern.

5) Add support for LED triggers on PHY link state changes, from Zach
Brown.

6) Improve UDP socket memory accounting, from Paolo Abeni.

7) Set SK_MEM_QUANTUM to a fixed size of 4096, instead of PAGE_SIZE.
From Eric Dumazet.

8) Collapse TCP SKBs at retransmit time even if the right side SKB has
frags. Also from Eric Dumazet.

9) Add IP_RECVFRAGSIZE and IPV6_RECVFRAGSIZE cmsgs, from Willem de
Bruijn.

10) Support routing by UID, from Lorenzo Colitti.

11) Handle L3 domain binding (ie. VRF) for RAW sockets, from David
Ahern.

12) tcp_get_info() can run lockless, from Eric Dumazet.

13) 4-tuple UDP hashing in SFC driver, from Edward Cree.

14) Avoid reorders in GRO code, from Eric Dumazet.

15) IPV6 Segment Routing support, from David Lebrun.

16) Support MPLS push and pop for L3 packets in openvswitch, from Jiri
Benc.

17) Add LRU datastructure support for BPF, Martin KaFai Lau.

18) VF support in liquidio driver, from Raghu Vatsavayi.

19) Multiqueue support in alx driver, from Tobias Regnery.

20) Networking cgroup BPF support, from Daniel Mack.

21) TCP chronograph measurements, from Francis Yan.

22) XDP support for qed driver, from Yuval Mintz.

23) BPF based lwtunnels, from Thomas Graf.

24) Consistent FIB dumping to offloading drivers, from Ido Schimmel.

25) Many optimizations for UDP under high load, from Eric Dumazet.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1522 commits)
netfilter: nft_counter: rework atomic dump and reset
e1000: use disable_hardirq() for e1000_netpoll()
i40e: don't truncate match_method assignment
net: ethernet: ti: netcp: add support of cpts
net: phy: phy drivers should not set SUPPORTED_[Asym_]Pause
net: l2tp: ppp: change PPPOL2TP_MSG_* => L2TP_MSG_*
net: l2tp: deprecate PPPOL2TP_MSG_* in favour of L2TP_MSG_*
net: l2tp: export debug flags to UAPI
net: ethernet: stmmac: remove private tx queue lock
net: ethernet: sxgbe: remove private tx queue lock
net: bridge: shorten ageing time on topology change
net: bridge: add helper to set topology change
net: bridge: add helper to offload ageing time
net: nicvf: use new api ethtool_{get|set}_link_ksettings
net: ethernet: ti: cpsw: sync rates for channels in dual emac mode
net: ethernet: ti: cpsw: re-split res only when speed is changed
net: ethernet: ti: cpsw: combine budget and weight split and check
net: ethernet: ti: cpsw: don't start queue twice
net: ethernet: ti: cpsw: use same macros to get active slave
net: mvneta: select GENERIC_ALLOCATOR
...

show more ...

Merge branch 'bpf-support-for-sockets'

David Ahern says:

====================
net: Add bpf support for sockets

The recently added VRF support in Linux leverages the bind-to-device
API for programs

Merge branch 'bpf-support-for-sockets'

David Ahern says:

====================
net: Add bpf support for sockets

The recently added VRF support in Linux leverages the bind-to-device
API for programs to specify an L3 domain for a socket. While
SO_BINDTODEVICE has been around for ages, not every ipv4/ipv6 capable
program has support for it. Even for those programs that do support it,
the API requires processes to be started as root (CAP_NET_RAW) which
is not desirable from a general security perspective.

This patch set leverages Daniel Mack's work to attach bpf programs to
a cgroup to provide a capability to set sk_bound_dev_if for all
AF_INET{6} sockets opened by a process in a cgroup when the sockets
are allocated.

For example:
1. configure vrf (e.g., using ifupdown2)
auto eth0
iface eth0 inet dhcp
vrf mgmt

auto mgmt
iface mgmt
vrf-table auto

2. configure cgroup
mount -t cgroup2 none /tmp/cgroupv2
mkdir /tmp/cgroupv2/mgmt
test_cgrp2_sock /tmp/cgroupv2/mgmt 15

3. set shell into cgroup (e.g., can be done at login using pam)
echo $$ >> /tmp/cgroupv2/mgmt/cgroup.procs

At this point all commands run in the shell (e.g, apt) have sockets
automatically bound to the VRF (see output of ss -ap 'dev == <vrf>'),
including processes not running as root.

This capability enables running any program in a VRF context and is key
to deploying Management VRF, a fundamental configuration for networking
gear, with any Linux OS installation.

This patchset also exports the socket family, type and protocol as
read-only allowing bpf filters to deny a process in a cgroup the ability
to open specific types of AF_INET or AF_INET6 sockets.

v7
- comments from Alexei

v6
- add export of socket family, type and protocol
====================

Signed-off-by: David S. Miller <davem@davemloft.net>

show more ...

samples/bpf: add userspace example for prohibiting sockets

Add examples preventing a process in a cgroup from opening a socket
based family, protocol and type.

Signed-off-by: David Ahern <dsa@cumul

samples/bpf: add userspace example for prohibiting sockets

Add examples preventing a process in a cgroup from opening a socket
based family, protocol and type.

Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

show more ...