With NET_ADMIN enabled in container, a normal user could be mapped to
root and is able to change the real device's rx filter via ioctl on
vlan, which would affect the other ptp process on host. Fix it by
disabling SIOCSHWTSTAMP in container.
Fixes: a6111d3c93d0 ("vlan: Pass SIOC[SG]HWTSTAMP ioctls
Miroslav pointed that with NET_ADMIN enabled in container, a normal user
could be mapped to root and is able to change the real device's rx
filter via ioctl on macvlan, which would affect the other ptp process on
host. Fix it by disabling SIOCSHWTSTAMP in container.
Fixes: 254c0a2bfedb ("macvlan:
SCTP_CMD_GEN_INIT_ACK was introduced since very beginning, but never
got used. So remove it.
Signed-off-by: Xin Long
---
include/net/sctp/command.h | 1 -
net/sctp/sm_sideeffect.c | 11 ---
2 files changed, 12 deletions(-)
diff --git a/include/net/sctp/command.h b/include/net/sctp/co
On Tue, May 7, 2019 at 7:54 PM Jason Wang wrote:
> This is only true if you can make sure tfile[tun->numqueues] is not
> freed. Either my patch or SOCK_RCU_FREE can solve this, but for
> SOCK_RCU_FREE we need do extra careful audit to make sure it doesn't
> break someting. So synchronize through p
On Wed, May 08, 2019 at 04:17:29PM -0700, Eric Dumazet wrote:
> On Wed, May 8, 2019 at 4:09 PM Alexei Starovoitov
> wrote:
> >
> > On Wed, May 08, 2019 at 02:21:52PM -0700, Eric Dumazet wrote:
> > > Hi Alexei and Daniel
> > >
> > > I have a question about seccomp.
> > >
> > > It seems that after t
On Thu, May 09, 2019 at 03:07:12AM +, Y.b. Lu wrote:
> From: Claudiu Manoil
>
> Make sure ptp dt node exists before accessing it in case
> of NULL pointer call trace.
>
> Signed-off-by: Claudiu Manoil
> Signed-off-by: Yangbo Lu
Acked-by: Richard Cochran
On 2019/5/9 上午1:36, David Miller wrote:
From: Jason Wang
Date: Tue, 7 May 2019 00:03:36 -0400
@@ -1313,6 +1315,10 @@ static int tun_xdp_xmit(struct net_device *dev, int n,
tfile = rcu_dereference(tun->tfiles[smp_processor_id() %
numqueues])
From: Claudiu Manoil
Make sure ptp dt node exists before accessing it in case
of NULL pointer call trace.
Signed-off-by: Claudiu Manoil
Signed-off-by: Yangbo Lu
---
drivers/ptp/ptp_qoriq.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/ptp/ptp_qoriq.c b/drivers/ptp/ptp_qoriq.c
On 2019/5/8 23:50, Eric Dumazet wrote:
> On Wed, May 8, 2019 at 8:33 AM YueHaibing wrote:
>>
>> kernel BUG at lib/list_debug.c:47!
>> invalid opcode: [#1
>> CPU: 0 PID: 11195 Comm: rmmod Tainted: GW 5.1.0+ #33
>> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
> +static int stmmac_test_eee(struct stmmac_priv *priv)
> +{
> + struct stmmac_extra_stats *initial, *final;
> + int timeout = 100;
> + int ret;
> +
> + ret = stmmac_test_loopback(priv);
> + if (ret)
> + goto out_free_final;
> +
> + /* We have no traffic in the l
On 5/2/19 7:17 AM, emersonbern...@tutanota.com wrote:
> Hi,
>
> are those changes planned then? I don't see anything in repo
> https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/
>
I have not taken the time yet. Feel free to submit a patch.
User space can flip the clean_acked_data_enabled static branch
on and off with TLS offload when CONFIG_TLS_DEVICE is enabled.
jump_label.h suggests we use the delayed version in this case.
Deferred branches now also don't take the branch mutex on
decrement, so we avoid potential locking issues.
S
Hello all,
I've been looking into a severe kernel memory leak (120MB per day)
with xfrm/ipsec for the past few weeks and I'm a bit stuck on it. Here
is my configuration/setup and a bit of background.
Affected kernels (only tested x86-64)
3.x
4.4.x
4.14.x
4.19.x
5.0
5.1
Setup/confi
From: Jakub Kicinski
Date: Wed, 8 May 2019 15:56:07 -0700
> From: Pieter Jansen van Vuuren
>
> Avoid freeing cls_mall.rule twice when failing to setup flow_action
> offload used in the hardware intermediate representation. This is
> achieved by returning 0 when the setup fails but the skip sof
From: Jakub Kicinski
Date: Wed, 8 May 2019 15:52:56 -0700
> From: Pieter Jansen van Vuuren
>
> NFP does not register devlink ports for representors (without
> the "devlink: expose PF and VF representors as ports" series
> there are no port flavours to expose them as).
>
> Commit c25f08ac65e4
On Wed, May 8, 2019 at 4:09 PM Alexei Starovoitov
wrote:
>
> On Wed, May 08, 2019 at 02:21:52PM -0700, Eric Dumazet wrote:
> > Hi Alexei and Daniel
> >
> > I have a question about seccomp.
> >
> > It seems that after this patch, seccomp no longer needs a helper
> > (seccomp_bpf_load())
> >
> > htt
On Wed, May 08, 2019 at 02:21:52PM -0700, Eric Dumazet wrote:
> Hi Alexei and Daniel
>
> I have a question about seccomp.
>
> It seems that after this patch, seccomp no longer needs a helper
> (seccomp_bpf_load())
>
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=
From: Pieter Jansen van Vuuren
Avoid freeing cls_mall.rule twice when failing to setup flow_action
offload used in the hardware intermediate representation. This is
achieved by returning 0 when the setup fails but the skip software
flag has not been set.
Fixes: f00cbf196814 ("net/sched: use the
From: Pieter Jansen van Vuuren
NFP does not register devlink ports for representors (without
the "devlink: expose PF and VF representors as ports" series
there are no port flavours to expose them as).
Commit c25f08ac65e4 ("nfp: remove ndo_get_port_parent_id implementation")
went to far in removi
Currently, the AF_XDP code uses a separate map in order to
determine if an xsk is bound to a queue. Instead of doing this,
have bpf_map_lookup_elem() return a boolean indicating whether
there is a valid entry at the map index.
Signed-off-by: Jonathan Lemon
---
kernel/bpf/verifier.c
Use the recent change to XSKMAP bpf_map_lookup_elem() to test if
there is a xsk present in the map instead of duplicating the work
with qidconf.
Fix things so callers using XSK_LIBBPF_FLAGS__INHIBIT_PROG_LOAD
bypass any internal bpf maps, so xsk_socket__{create|delete} works
properly.
Signed-off-
Hi Alexei and Daniel
I have a question about seccomp.
It seems that after this patch, seccomp no longer needs a helper
(seccomp_bpf_load())
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bd4cf0ed331a275e9bf5a49e6d0fd55dffc551b8
Are we detecting that a particular J
On Wed, May 8, 2019 at 2:55 PM Stephen Smalley wrote:
> On 5/8/19 2:27 PM, Marcelo Ricardo Leitner wrote:
> > On Wed, May 08, 2019 at 02:13:17PM -0400, Stephen Smalley wrote:
> >> On 5/8/19 2:12 PM, Stephen Smalley wrote:
> >>> On 5/8/19 9:32 AM, Paolo Abeni wrote:
> calling connect(AF_UNSPEC
Cc: tristram...@microchip.com
Signed-off-by: Michael Grzeschik
---
drivers/net/dsa/microchip/Kconfig | 16 +
drivers/net/dsa/microchip/Makefile |2 +
drivers/net/dsa/microchip/ksz8863.c | 1026 +++
drivers/net/dsa/microchip/ksz8863_reg.h | 605 +++
Document additional Microchip KSZ8863 family switches.
Show how KSZ8863 switch should be configured as the host port is port 3.
Cc: devicet...@vger.kernel.org
Signed-off-by: Michael Grzeschik
---
.../devicetree/bindings/net/dsa/ksz.txt | 44 +++
1 file changed, 44 insertio
Some microchip phys support the Serial Management Interface Protocol
(SMI) for the configuration of the extended register set. We add
MII_ADDR_SMI0 as an availabe interface to the mdiobb write and read
functions, as this interface can be easy realized using the bitbang mdio
driver.
Signed-off-by:
This series adds support for the ksz8863 driver family to the
dsa based ksz drivers. For now the ksz8863 nad ksz8873 are compatible.
The driver is based on the ksz8895 RFC patch from Tristam Ha:
https://patchwork.ozlabs.org/patch/822712/
And the latest version of the ksz8863.h from Microchip:
h
From: Vladimir Oltean
Date: Wed, 8 May 2019 23:32:25 +0300
> Dan Carpenter says:
>
> The patch 640f763f98c2: "net: dsa: sja1105: Add support for Spanning
> Tree Protocol" from May 5, 2019, leads to the following static
> checker warning:
>
> drivers/net/dsa/sja1105/sja1105_main.c:1073
Dan Carpenter says:
The patch 640f763f98c2: "net: dsa: sja1105: Add support for Spanning
Tree Protocol" from May 5, 2019, leads to the following static
checker warning:
drivers/net/dsa/sja1105/sja1105_main.c:1073 sja1105_stp_state_get()
warn: signedness bug returning '(-22)'
The
On 5/7/19 2:20 AM, Hangbin Liu wrote:
> On Tue, Apr 30, 2019 at 12:00:46PM -0600, David Ahern wrote:
>> On 4/29/19 8:37 PM, Hangbin Liu wrote:
>>> An other issue is The IPv4 rule 'from iif' check test failed while IPv6
>>> passed. I haven't found out the reason yet.
>>>
>>> # ip -netns testns rule
On 5/8/19 2:27 PM, Marcelo Ricardo Leitner wrote:
On Wed, May 08, 2019 at 02:13:17PM -0400, Stephen Smalley wrote:
On 5/8/19 2:12 PM, Stephen Smalley wrote:
On 5/8/19 9:32 AM, Paolo Abeni wrote:
calling connect(AF_UNSPEC) on an already connected TCP socket is an
established way to disconnect()
On Wed, May 08, 2019 at 02:13:17PM -0400, Stephen Smalley wrote:
> On 5/8/19 2:12 PM, Stephen Smalley wrote:
> > On 5/8/19 9:32 AM, Paolo Abeni wrote:
> > > calling connect(AF_UNSPEC) on an already connected TCP socket is an
> > > established way to disconnect() such socket. After commit 68741a8ada
On 5/8/19 2:12 PM, Stephen Smalley wrote:
On 5/8/19 9:32 AM, Paolo Abeni wrote:
calling connect(AF_UNSPEC) on an already connected TCP socket is an
established way to disconnect() such socket. After commit 68741a8adab9
("selinux: Fix ltp test connect-syscall failure") it no longer works
and, in
On 5/8/19 9:32 AM, Paolo Abeni wrote:
calling connect(AF_UNSPEC) on an already connected TCP socket is an
established way to disconnect() such socket. After commit 68741a8adab9
("selinux: Fix ltp test connect-syscall failure") it no longer works
and, in the above scenario connect() fails with EAF
On 05/08, Alexei Starovoitov wrote:
> On Wed, May 08, 2019 at 10:18:41AM -0700, Stanislav Fomichev wrote:
> > Right now we are not using rcu api correctly: we pass __rcu pointers
> > to bpf_prog_array_xyz routines but don't use rcu_dereference on them
> > (see bpf_prog_array_delete_safe and bpf_pro
On Wed, May 08, 2019 at 10:18:41AM -0700, Stanislav Fomichev wrote:
> Right now we are not using rcu api correctly: we pass __rcu pointers
> to bpf_prog_array_xyz routines but don't use rcu_dereference on them
> (see bpf_prog_array_delete_safe and bpf_prog_array_copy in particular).
> Instead of sp
On Wed, May 08, 2019 at 03:45:12PM +0100, Jiong Wang wrote:
>
> I might be misunderstanding your points, please just shout if I am wrong.
>
> Suppose the following BPF code:
>
> unsigned helper(unsigned long long, unsigned long long);
> unsigned long long test(unsigned *a, unsigned int c)
>
From: Jason Wang
Date: Tue, 7 May 2019 00:03:36 -0400
> @@ -1313,6 +1315,10 @@ static int tun_xdp_xmit(struct net_device *dev, int n,
>
> tfile = rcu_dereference(tun->tfiles[smp_processor_id() %
> numqueues]);
> + if (!tfile) {
> +
Right now we are not using rcu api correctly: we pass __rcu pointers
to bpf_prog_array_xyz routines but don't use rcu_dereference on them
(see bpf_prog_array_delete_safe and bpf_prog_array_copy in particular).
Instead of sprinkling rcu_dereferences, let's just get rid of those
__rcu annotations and
Drop __rcu annotations and rcu read sections. That's not needed since
all existing callers call those helpers from the rcu update side
and under a mutex. This guarantees that use-after-free could not
happen. In the next patches I'll fix the callers with missing
rcu_dereference_protected to make spa
Now that we don't have __rcu markers on the bpf_prog_array helpers,
let's use proper rcu_dereference_protected to obtain array pointer
under mutex.
Signed-off-by: Stanislav Fomichev
---
kernel/trace/bpf_trace.c | 18 ++
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git
Now that we don't have __rcu markers on the bpf_prog_array helpers,
let's use proper rcu_dereference_protected to obtain array pointer
under mutex.
We also don't need __rcu annotations on cgroup_bpf.inactive since
it's not read/updated concurrently.
Signed-off-by: Stanislav Fomichev
---
include
On 08/05/2019 15:02, Jamal Hadi Salim wrote:
> The lazy thing most people have done is essentially assume that
> there is a stat per filter rule...
> I wouldnt call it the 'the right thing'
Yup, that's why I'm trying to not do that ;-)
> Yes, the index at tc semantics level is per-action type.
> S
There are a few tests which call bpf_object__close on uninitialized
bpf_object*, which may segfault. Explicitly zero-initialise these pointers
to avoid this.
Signed-off-by: Lorenz Bauer
---
tools/testing/selftests/bpf/prog_tests/bpf_verif_scale.c | 2 +-
tools/testing/selftests/bpf/prog_tests/t
From: Paolo Abeni
Date: Wed, 8 May 2019 15:32:51 +0200
> calling connect(AF_UNSPEC) on an already connected TCP socket is an
> established way to disconnect() such socket. After commit 68741a8adab9
> ("selinux: Fix ltp test connect-syscall failure") it no longer works
> and, in the above scenari
From: David Ahern
Date: Tue, 7 May 2019 20:44:59 -0700
> From: David Ahern
>
> inet_iif should be used for the raw socket lookup. inet_iif considers
> rt_iif which handles the case of local traffic.
>
> As it stands, ping to a local address with the '-I ' option fails
> ever since ping was ch
From: Hangbin Liu
Date: Tue, 7 May 2019 17:11:18 +0800
> With commit 153380ec4b9 ("fib_rules: Added NLM_F_EXCL support to
> fib_nl_newrule") we now able to check if a rule already exists. But this
> only works with iproute2. For other tools like libnl, NetworkManager,
> it still could add duplic
Alexei Starovoitov writes:
> On Fri, May 03, 2019 at 11:42:28AM +0100, Jiong Wang wrote:
>> BPF helper call transfers execution from eBPF insns to native functions
>> while verifier insn walker only walks eBPF insns. So, verifier can only
>> knows argument and return value types from explicit he
On 2019-05-07 8:27 a.m., Edward Cree wrote:
On 06/05/2019 13:41, Jamal Hadi Salim wrote:
On 2019-05-04 2:27 a.m., Jakub Kicinski wrote:
On Fri, 3 May 2019 16:06:55 +0100, Edward Cree wrote:
[..]
I don't know much of anything about RTM_GETACTION, but it doesn't appear
to be part of the cu
On Wed, May 08, 2019 at 09:41:59AM +0800, Hangbin Liu wrote:
> On Tue, May 07, 2019 at 10:35:59AM +0200, Miroslav Lichvar wrote:
> > On Mon, May 06, 2019 at 07:01:23AM -0700, Richard Cochran wrote:
> > > On Thu, Apr 25, 2019 at 09:40:06PM +0800, Hangbin Liu wrote:
> > > > Would you please help have
On Wed, May 08, 2019 at 03:32:51PM +0200, Paolo Abeni wrote:
> calling connect(AF_UNSPEC) on an already connected TCP socket is an
> established way to disconnect() such socket. After commit 68741a8adab9
> ("selinux: Fix ltp test connect-syscall failure") it no longer works
> and, in the above scen
calling connect(AF_UNSPEC) on an already connected TCP socket is an
established way to disconnect() such socket. After commit 68741a8adab9
("selinux: Fix ltp test connect-syscall failure") it no longer works
and, in the above scenario connect() fails with EAFNOSUPPORT.
Fix the above falling back t
On Tue, May 7, 2019 at 4:19 PM Maxim Mikityanskiy wrote:
>
> On 2019-05-06 17:23, Magnus Karlsson wrote:
> > On Mon, May 6, 2019 at 3:46 PM Maxim Mikityanskiy
> > wrote:
> >>
> >> On 2019-05-04 20:26, Björn Töpel wrote:
> >>> On Tue, 30 Apr 2019 at 20:12, Maxim Mikityanskiy
> >>> wrote:
>
On Tue, May 7, 2019 at 8:24 PM Alexei Starovoitov
wrote:
>
> On Tue, May 07, 2019 at 01:51:45PM +0200, Magnus Karlsson wrote:
> > On Mon, May 6, 2019 at 6:33 PM Alexei Starovoitov
> > wrote:
> > >
> > > On Thu, May 02, 2019 at 10:39:16AM +0200, Magnus Karlsson wrote:
> > > > This RFC proposes to
The `lcd_types` array is a static array of strings.
Using match_string() (which computes the array size via ARRAY_SIZE())
is possible.
This reduces the array by 1 element, since the NULL (at the end of the
array) is no longer needed.
Signed-off-by: Alexandru Ardelean
---
drivers/video/fbdev/pxa
The `sched_feat_names` array is a static array of strings.
Using match_string() (which computes the array size via ARRAY_SIZE())
is possible.
The change is mostly cosmetic.
No functionality change.
Signed-off-by: Alexandru Ardelean
---
kernel/sched/debug.c | 2 +-
1 file changed, 1 insertion(+)
The change is mostly cosmetic.
The `armada_37xx_pin_group` struct is defined as.
struct armada_37xx_pin_group {
const char *name;
unsigned intstart_pin;
unsigned intnpins;
u32 reg_mask;
u32 val[NB_FUNCS];
unsigned
The `DRIVER_STRING` array is a static array of strings.
Using match_string() (which computes the array size via ARRAY_SIZE())
is possible.
The change is mostly cosmetic.
No functionality change.
Signed-off-by: Alexandru Ardelean
---
drivers/staging/gdm724x/gdm_tty.c | 3 +--
1 file changed, 1 i
Hello,
My name is Liam Williams, i am a business consultant,analyst and deal
maker. I'm based in Canada. I have a business proposal for you.
My client is looking for a profitable business/investment project
outside the GCC to invest their fund privately.
I have contacted you to see if you
Jiong Wang writes:
> Daniel Borkmann writes:
>
>> On 05/03/2019 12:42 PM, Jiong Wang wrote:
>>> BPF helper call transfers execution from eBPF insns to native functions
>>> while verifier insn walker only walks eBPF insns. So, verifier can only
>>> knows argument and return value types from expli
From: Tonghao Zhang
In some case, we don't care the enc_src_ip and enc_dst_ip, and
if we don't match the field enc_src_ip and enc_dst_ip, we can use
fewer flows in hardware when revice the tunnel packets. For example,
the tunnel packets may be sent from different hosts, we must offload
one rule f
On 5/7/2019 1:08 PM, Jesper Dangaard Brouer wrote:
> On Mon, 6 May 2019 16:51:57 -0700
> Jakub Kicinski wrote:
>
>> On Sun, 5 May 2019 13:36:06 +0300, Tariq Toukan wrote:
>>> Many device drivers use the same prefetch code structure to
>>> deal with small L1 cacheline size.
>>> Take this code i
62 matches
Mail list logo
