On Mon, Aug 10, 2020 at 08:35:08PM -0700, syzbot wrote:
> syzbot has bisected this issue to:
>
> commit 6a3c7f5c87854e948c3c234e5f5e745c7c553722
> Author: Nikolay Borisov
> Date: Thu May 28 08:05:13 2020 +
>
> btrfs: don't balance btree inode pages from buffered write path
This does n
From: Leon Romanovsky
Owner of kernel resources is printed in different format than user
resources to easy with the reader by simply looking on the name.
The kernel owner will have "[ ]" around the name.
Before this change:
[leonro@vm ~]$ rdma res show qp
link rocep0s9/1 lqpn 1 type GSI state RT
On Sun, Aug 9, 2020 at 8:05 AM Jiri Olsa wrote:
>
> Adding btf_struct_ids_match function to check if given address provided
> by BTF object + offset is also address of another nested BTF object.
>
> This allows to pass an argument to helper, which is defined via parent
> BTF object + offset, like
On Tue, Aug 11, 2020 at 12:08 PM Cong Wang wrote:
>
> On Mon, Aug 10, 2020 at 8:27 PM Tonghao Zhang
> wrote:
> >
> > On Tue, Aug 11, 2020 at 10:24 AM Cong Wang wrote:
> > >
> > > On Mon, Aug 10, 2020 at 6:16 PM Tonghao Zhang
> > > wrote:
> > > > Hi all, I send a patch to fix this. The rcu war
Mon, Aug 10, 2020 at 06:53:05PM CEST, k...@kernel.org wrote:
>On Sun, 9 Aug 2020 16:21:29 +0300 Moshe Shemesh wrote:
>> Okay, so devlink reload default for mlx5 will include also fw-activate
>> to align with mlxsw default.
>>
>> Meaning drivers that supports fw-activate will add it to the default
On Tue, Aug 11, 2020 at 05:26:49AM +, George Spelvin wrote:
> On Mon, Aug 10, 2020 at 11:04:55PM +0200, Willy Tarreau wrote:
> > What could be improved is the way the input values are mixed (just
> > added hence commutative for now). I didn't want to call a siphash
> > round on the hot paths, b
On Mon, Aug 10, 2020 at 08:57:19PM -0700, Cong Wang wrote:
> On Mon, Aug 10, 2020 at 3:10 PM Peilin Ye wrote:
> >
> > do_ip_vs_set_ctl() is referencing uninitialized stack value when `len` is
> > zero. Fix it.
>
> Which exact 'cmd' is it here?
>
> I _guess_ it is one of those uninitialized in se
On Mon, Aug 10, 2020 at 8:27 PM Tonghao Zhang wrote:
>
> On Tue, Aug 11, 2020 at 10:24 AM Cong Wang wrote:
> >
> > On Mon, Aug 10, 2020 at 6:16 PM Tonghao Zhang
> > wrote:
> > > Hi all, I send a patch to fix this. The rcu warnings disappear. I
> > > don't reproduce the double free issue.
> > >
On Tue, Aug 11, 2020 at 03:47:24AM +, George Spelvin wrote:
> On Mon, Aug 10, 2020 at 01:47:00PM +0200, Willy Tarreau wrote:
> > except that I retrieve it only on 1/8 calls
> > and use the previous noise in this case.
>
> Er... that's quite different. I was saying you measure them all, and do
On Mon, Aug 10, 2020 at 3:10 PM Peilin Ye wrote:
>
> do_ip_vs_set_ctl() is referencing uninitialized stack value when `len` is
> zero. Fix it.
Which exact 'cmd' is it here?
I _guess_ it is one of those uninitialized in set_arglen[], which is 0.
But if that is the case, should it be initialized t
syzbot has bisected this issue to:
commit 6a3c7f5c87854e948c3c234e5f5e745c7c553722
Author: Nikolay Borisov
Date: Thu May 28 08:05:13 2020 +
btrfs: don't balance btree inode pages from buffered write path
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=14f973c290
start
On Tue, Aug 11, 2020 at 10:24 AM Cong Wang wrote:
>
> On Mon, Aug 10, 2020 at 6:16 PM Tonghao Zhang
> wrote:
> > Hi all, I send a patch to fix this. The rcu warnings disappear. I
> > don't reproduce the double free issue.
> > But I guess this patch may address this issue.
> >
> > http://patchwor
On 2020/8/10 下午9:37, Michael S. Tsirkin wrote:
On Wed, Aug 05, 2020 at 10:16:16AM +0800, Jason Wang wrote:
On 2020/8/4 下午5:21, Michael S. Tsirkin wrote:
+struct vhost_vring_call {
+ struct eventfd_ctx *ctx;
+ struct irq_bypass_producer producer;
+ spinlock_t ctx_lock;
It's not c
Hi,
2020年8月9日(日) 19:52 Xin Long :
>
> On Fri, Aug 7, 2020 at 5:26 PM Hideaki Yoshifuji
> wrote:
> >
> > Hi,
> >
> > 2020年8月6日(木) 23:03 David Ahern :
> > >
> > > On 8/6/20 2:55 AM, Xin Long wrote:
> > > > On Thu, Aug 6, 2020 at 10:50 AM Hideaki Yoshifuji
> > > > wrote:
> > > >>
> > > >> Hi,
> > >
On Mon, Aug 10, 2020 at 6:16 PM Tonghao Zhang wrote:
> Hi all, I send a patch to fix this. The rcu warnings disappear. I
> don't reproduce the double free issue.
> But I guess this patch may address this issue.
>
> http://patchwork.ozlabs.org/project/netdev/patch/20200811011001.75690-1-xiangxia.m.
On Tue, Aug 11, 2020 at 4:28 AM Paul E. McKenney wrote:
>
> On Mon, Aug 10, 2020 at 04:08:59PM -0400, Joel Fernandes wrote:
> > On Fri, Aug 07, 2020 at 03:20:15PM -0700, Paul E. McKenney wrote:
> > > On Fri, Aug 07, 2020 at 04:47:56PM -0400, Joel Fernandes wrote:
> > > > Hi,
> > > > Adding more of
From: Tonghao Zhang
To avoid some issues, for example RCU usage warning, we should
flush the flows under ovs_lock. This patch refactors
table_instance_destroy and introduces table_instance_flow_flush
which can be invoked by __dp_destroy or ovs_flow_tbl_flush.
Signed-off-by: Tonghao Zhang
---
n
On Mon, Aug 10, 2020 at 8:40 AM Jianlin Lv wrote:
>
> test_progs reports the segmentation fault as below
>
> $ sudo ./test_progs -t mmap --verbose
> test_mmap:PASS:skel_open_and_load 0 nsec
> ..
> test_mmap:PASS:adv_mmap1 0 nsec
> test_mmap:PASS:adv_mmap2 0 nsec
> test_mmap:PASS:adv_mmap3 0 ns
From: Ira Weiny
When MSG_OOB is specified to tls_device_sendpage() the mapped page is
never unmapped.
Hold off mapping the page until after the flags are checked and the page
is actually needed.
Signed-off-by: Ira Weiny
---
net/tls/tls_device.c | 3 ++-
1 file changed, 2 insertions(+), 1 dele
On 8/3/20 12:39 PM, mastertheknife wrote:
> In summary: It seems that it doesn't matter who is the nexthop. If the
> ICMP response isn't from the nexthop, it'll be rejected.
> About why i couldn't reproduce this outside LXC, i don't know yet but
> i will keep trying to figure this out.
do you have
do_ip_vs_set_ctl() is referencing uninitialized stack value when `len` is
zero. Fix it.
Reported-and-tested-by: syzbot+23b5f9e7caf61d9a3...@syzkaller.appspotmail.com
Link:
https://syzkaller.appspot.com/bug?id=46ebfb92a8a812621a001ef04d90dfa459520fe2
Signed-off-by: Peilin Ye
---
net/netfilter/ip
Some SFPs may contain an internal PHY which may in some cases want to
connect with the host interface in 1000base-x/2500base-x mode.
Do not fail if such PHY is being attached in one of these PHY interface
modes.
Signed-off-by: Marek Behún
---
drivers/net/phy/phylink.c | 4 +---
1 file changed, 1
Hi Russell,
this series should apply on linux-arm git repository, on branch
clearfog.
Some internet providers are already starting to offer 2.5G copper
connectivity to their users. On Turris Omnia the SFP port is capable
of 2.5G speed, so we tested some copper SFP modules.
This adds support to t
RollBall SFPs contain Marvell 88X3310 PHY, but they have configuration
pins strapped so that MACTYPE is configured in XFI with Rate Matching
mode.
When these SFPs are inserted into a device which only supports lower
speeds on host interface, we need to configure the MACTYPE to a mode
in which the
This adds support for multigig copper SFP modules from RollBall/Hilink.
These modules have a specific way to access clause 45 registers of the
internal PHY.
We also need to wait at least 25 seconds after deasserting TX disable
before accessing the PHY. The code waits for 30 seconds just to be sure
Some multigig SFPs from RollBall and Hilink do not expose functional
MDIO access to the internal PHY of the SFP via I2C address 0x56
(although there seems to be read-only clause 22 access on this address).
Instead these SFPs PHY can be accessed via I2C via the SFP Enhanced
Digital Diagnostic Inter
Hi netdev,
We've recently started using AF_XDP on pairs of veth interfaces, and
at the same time we've started seeing a rare page fault in
net/core/skbuff.c at skb_gso_transport_seglen. I mention AF_XDP
because it seems that the veth_poll code path is only taken when an
XDP program is attached. So
Linus, George, Florian,
would something in this vein be OK in your opinion ?
- update_process_times still updates the noise
- we don't touch the fast_pool anymore
- we don't read any TSC on hot paths
- we update the noise in xmit from jiffies and a few pointer values instead
I've applied it on t
Hi Sasha,
On Mon, Aug 10, 2020 at 03:09:31PM -0400, Sasha Levin wrote:
> From: Vladimir Oltean
>
> [ Upstream commit 0897ecf7532577bda3dbcb043ce046a96948889d ]
>
> The ocelot hardware designers have made some hacks to support multicast
> IPv4 and IPv6 addresses. Normally, the MAC table matches
On Mon, Aug 10, 2020 at 06:14 PM CEST, Stanislav Fomichev wrote:
> On Sat, Aug 8, 2020 at 11:46 AM Jakub Sitnicki wrote:
>>
>> On Sat, Aug 08, 2020 at 12:38 AM CEST, Stanislav Fomichev wrote:
>> > I'm getting some garbage in bytes 8 and 9 when doing conversion
>> > from sockaddr_in to sockaddr_in6
On Mon, Aug 10, 2020 at 04:08:59PM -0400, Joel Fernandes wrote:
> On Fri, Aug 07, 2020 at 03:20:15PM -0700, Paul E. McKenney wrote:
> > On Fri, Aug 07, 2020 at 04:47:56PM -0400, Joel Fernandes wrote:
> > > Hi,
> > > Adding more of us working on RCU as well. Johan from another team at
> > > Google d
On Mon, 10 Aug 2020 15:55:35 -0400 Murali Karicheri wrote:
> Hi Netdev experts,
>
> IEC-62439 defines following LRE stats:-
>
> "lreTxA",
> "lreTxB",
> "lreTxC",
> "lreErrWrongLanA",
> "lreErrWrongLanB",
> "lreErrWrongLanC",
> "lreRxA",
> "lreRxB",
On Fri, Aug 07, 2020 at 03:20:15PM -0700, Paul E. McKenney wrote:
> On Fri, Aug 07, 2020 at 04:47:56PM -0400, Joel Fernandes wrote:
> > Hi,
> > Adding more of us working on RCU as well. Johan from another team at
> > Google discovered a likely issue in openswitch, details below:
> >
> > On Fri, Au
Hi Netdev experts,
IEC-62439 defines following LRE stats:-
"lreTxA",
"lreTxB",
"lreTxC",
"lreErrWrongLanA",
"lreErrWrongLanB",
"lreErrWrongLanC",
"lreRxA",
"lreRxB",
"lreRxC",
"lreErrorsA",
"lreErrorsB",
On Mon, Aug 10, 2020 at 12:21 AM Willem de Bruijn
wrote:
>
> Acked-by: Willem de Bruijn
Thank you so much!
> > 1) I hope to set needed_headroom properly for all three X.25 drivers
> > (lapbether, x25_asy, hdlc_x25) in the kernel. So that the upper layer
> > (net/x25) can be changed to use neede
Hello,
syzbot found the following issue on:
HEAD commit:ac3a0c84 Merge git://git.kernel.org/pub/scm/linux/kernel/g..
git tree: net
console output: https://syzkaller.appspot.com/x/log.txt?x=15cd14c290
kernel config: https://syzkaller.appspot.com/x/.config?x=c0cfcf935bcc94d2
dashboar
From: Lihong Kou
[ Upstream commit f9c70bdc279b191da8d60777c627702c06e4a37d ]
In the case we set or free the global value listen_chan in
different threads, we can encounter the UAF problems because
the method is not protected by any lock, add one to avoid
this bug.
BUG: KASAN: use-after-free in
From: Vladimir Oltean
[ Upstream commit 0897ecf7532577bda3dbcb043ce046a96948889d ]
The ocelot hardware designers have made some hacks to support multicast
IPv4 and IPv6 addresses. Normally, the MAC table matches on MAC
addresses and the destination ports are selected through the DEST_IDX
field o
From: Shannon Nelson
[ Upstream commit 6a6014e2fb276753d4dc9b803370e7af7f57e30b ]
We can prevent potential incorrect DMA access attempts from the
NIC by enabling bus-master after the reset, and by disabling
bus-master earlier in cleanup.
Signed-off-by: Shannon Nelson
Signed-off-by: David S. Mi
From: Antoine Tenart
[ Upstream commit 6119dda34e5d0821959e37641b287576826b6378 ]
In the vsc8584_config_init and vsc8514_config_init, the base page is set
to 'GPIO', configuration is done, and the page is never explicitly
restored to the standard page. No bug was triggered as it turns out
helper
From: Wenbo Zhang
[ Upstream commit eef8a42d6ce087d1c81c960ae0d14f955b742feb ]
The `BPF_LOG_BUF_SIZE`'s value is `UINT32_MAX >> 8`, so define an array
with it on stack caused an overflow.
Signed-off-by: Wenbo Zhang
Signed-off-by: Daniel Borkmann
Acked-by: Andrii Nakryiko
Link: https://lore.k
From: Wright Feng
[ Upstream commit eccbf46b15bb3e35d004148f7c3a8fa8e9b26c1e ]
brcmfmac host driver makes SDIO bus sleep and stops SDIO watchdog if no
pending event or data. As a result, host driver does not poll firmware
console buffer before buffer overflow, which leads to missing firmware
log
From: Wright Feng
[ Upstream commit fcdd7a875def793c38d7369633af3eba6c7cf089 ]
When USB or SDIO device got abnormal bus disconnection, host driver
tried to clean up the skbs in PSQ and TXQ (The skb's pointer in hanger
slot linked to PSQ and TSQ), so we should set the state of skb hanger slot
to
From: Bolarinwa Olayemi Saheed
[ Upstream commit 9018fd7f2a73e9b290f48a56b421558fa31e8b75 ]
On failure pcie_capability_read_dword() sets it's last parameter, val
to 0. However, with Patch 14/14, it is possible that val is set to ~0 on
failure. This would introduce a bug because (x & x) == (~0 &
From: Shannon Nelson
[ Upstream commit 3fbc9bb6ca32d12d4d32a7ae32abef67ac95f889 ]
Fix up our comparison to better handle a potential (but largely
unlikely) wrap around.
Signed-off-by: Shannon Nelson
Signed-off-by: David S. Miller
Signed-off-by: Sasha Levin
---
drivers/net/ethernet/pensando/
From: Ronak Doshi
Date: Mon, 10 Aug 2020 09:55:55 -0700
> Commit dacce2be3312 ("vmxnet3: add geneve and vxlan tunnel offload
> support") added support for encapsulation offload. However, while
> calculating tcp hdr length, it does not take into account if the
> packet is encapsulated or not.
>
>
From: Lihong Kou
[ Upstream commit f9c70bdc279b191da8d60777c627702c06e4a37d ]
In the case we set or free the global value listen_chan in
different threads, we can encounter the UAF problems because
the method is not protected by any lock, add one to avoid
this bug.
BUG: KASAN: use-after-free in
From: Vladimir Oltean
[ Upstream commit 0897ecf7532577bda3dbcb043ce046a96948889d ]
The ocelot hardware designers have made some hacks to support multicast
IPv4 and IPv6 addresses. Normally, the MAC table matches on MAC
addresses and the destination ports are selected through the DEST_IDX
field o
From: Antoine Tenart
[ Upstream commit 6119dda34e5d0821959e37641b287576826b6378 ]
In the vsc8584_config_init and vsc8514_config_init, the base page is set
to 'GPIO', configuration is done, and the page is never explicitly
restored to the standard page. No bug was triggered as it turns out
helper
From: Prasanna Kerekoppa
[ Upstream commit fa3266541b13f390eb35bdbc38ff4a03368be004 ]
Bss info flag definition need to be fixed from 0x2 to 0x4
This flag is for rssi info received on channel.
All Firmware branches defined as 0x4 and this is bug in brcmfmac.
Signed-off-by: Prasanna Kerekoppa
Si
From: Lihong Kou
[ Upstream commit f9c70bdc279b191da8d60777c627702c06e4a37d ]
In the case we set or free the global value listen_chan in
different threads, we can encounter the UAF problems because
the method is not protected by any lock, add one to avoid
this bug.
BUG: KASAN: use-after-free in
From: Wright Feng
[ Upstream commit eccbf46b15bb3e35d004148f7c3a8fa8e9b26c1e ]
brcmfmac host driver makes SDIO bus sleep and stops SDIO watchdog if no
pending event or data. As a result, host driver does not poll firmware
console buffer before buffer overflow, which leads to missing firmware
log
From: Bolarinwa Olayemi Saheed
[ Upstream commit 9018fd7f2a73e9b290f48a56b421558fa31e8b75 ]
On failure pcie_capability_read_dword() sets it's last parameter, val
to 0. However, with Patch 14/14, it is possible that val is set to ~0 on
failure. This would introduce a bug because (x & x) == (~0 &
From: Wenbo Zhang
[ Upstream commit eef8a42d6ce087d1c81c960ae0d14f955b742feb ]
The `BPF_LOG_BUF_SIZE`'s value is `UINT32_MAX >> 8`, so define an array
with it on stack caused an overflow.
Signed-off-by: Wenbo Zhang
Signed-off-by: Daniel Borkmann
Acked-by: Andrii Nakryiko
Link: https://lore.k
From: Prasanna Kerekoppa
[ Upstream commit fa3266541b13f390eb35bdbc38ff4a03368be004 ]
Bss info flag definition need to be fixed from 0x2 to 0x4
This flag is for rssi info received on channel.
All Firmware branches defined as 0x4 and this is bug in brcmfmac.
Signed-off-by: Prasanna Kerekoppa
Si
From: Lihong Kou
[ Upstream commit f9c70bdc279b191da8d60777c627702c06e4a37d ]
In the case we set or free the global value listen_chan in
different threads, we can encounter the UAF problems because
the method is not protected by any lock, add one to avoid
this bug.
BUG: KASAN: use-after-free in
From: Wright Feng
[ Upstream commit fcdd7a875def793c38d7369633af3eba6c7cf089 ]
When USB or SDIO device got abnormal bus disconnection, host driver
tried to clean up the skbs in PSQ and TXQ (The skb's pointer in hanger
slot linked to PSQ and TSQ), so we should set the state of skb hanger slot
to
From: Shannon Nelson
[ Upstream commit 3fbc9bb6ca32d12d4d32a7ae32abef67ac95f889 ]
Fix up our comparison to better handle a potential (but largely
unlikely) wrap around.
Signed-off-by: Shannon Nelson
Signed-off-by: David S. Miller
Signed-off-by: Sasha Levin
---
drivers/net/ethernet/pensando/
From: Jason Baron
Date: Mon, 10 Aug 2020 13:38:39 -0400
> When TFO keys are read back on big endian systems either via the global
> sysctl interface or via getsockopt() using TCP_FASTOPEN_KEY, the values
> don't match what was written.
>
> For example, on s390x:
>
> # echo "1-2-3-4" > /proc/sys
From: Wright Feng
[ Upstream commit fcdd7a875def793c38d7369633af3eba6c7cf089 ]
When USB or SDIO device got abnormal bus disconnection, host driver
tried to clean up the skbs in PSQ and TXQ (The skb's pointer in hanger
slot linked to PSQ and TSQ), so we should set the state of skb hanger slot
to
From: Wright Feng
[ Upstream commit eccbf46b15bb3e35d004148f7c3a8fa8e9b26c1e ]
brcmfmac host driver makes SDIO bus sleep and stops SDIO watchdog if no
pending event or data. As a result, host driver does not poll firmware
console buffer before buffer overflow, which leads to missing firmware
log
From: Bolarinwa Olayemi Saheed
[ Upstream commit 9018fd7f2a73e9b290f48a56b421558fa31e8b75 ]
On failure pcie_capability_read_dword() sets it's last parameter, val
to 0. However, with Patch 14/14, it is possible that val is set to ~0 on
failure. This would introduce a bug because (x & x) == (~0 &
From: Prasanna Kerekoppa
[ Upstream commit fa3266541b13f390eb35bdbc38ff4a03368be004 ]
Bss info flag definition need to be fixed from 0x2 to 0x4
This flag is for rssi info received on channel.
All Firmware branches defined as 0x4 and this is bug in brcmfmac.
Signed-off-by: Prasanna Kerekoppa
Si
From: Lihong Kou
[ Upstream commit f9c70bdc279b191da8d60777c627702c06e4a37d ]
In the case we set or free the global value listen_chan in
different threads, we can encounter the UAF problems because
the method is not protected by any lock, add one to avoid
this bug.
BUG: KASAN: use-after-free in
From: Prasanna Kerekoppa
[ Upstream commit fa3266541b13f390eb35bdbc38ff4a03368be004 ]
Bss info flag definition need to be fixed from 0x2 to 0x4
This flag is for rssi info received on channel.
All Firmware branches defined as 0x4 and this is bug in brcmfmac.
Signed-off-by: Prasanna Kerekoppa
Si
From: Bolarinwa Olayemi Saheed
[ Upstream commit 9018fd7f2a73e9b290f48a56b421558fa31e8b75 ]
On failure pcie_capability_read_dword() sets it's last parameter, val
to 0. However, with Patch 14/14, it is possible that val is set to ~0 on
failure. This would introduce a bug because (x & x) == (~0 &
From: Wright Feng
[ Upstream commit fcdd7a875def793c38d7369633af3eba6c7cf089 ]
When USB or SDIO device got abnormal bus disconnection, host driver
tried to clean up the skbs in PSQ and TXQ (The skb's pointer in hanger
slot linked to PSQ and TSQ), so we should set the state of skb hanger slot
to
From: Nick Desaulniers
Date: Mon, 10 Aug 2020 11:21:11 -0700
> From: Jakub Kicinski
>
> When ur_load_imm_any() is inlined into jeq_imm(), it's possible for the
> compiler to deduce a case where _val can only have the value of -1 at
> compile time. Specifically,
>
> /* struct bpf_insn: _s32 imm
From: Lihong Kou
[ Upstream commit f9c70bdc279b191da8d60777c627702c06e4a37d ]
In the case we set or free the global value listen_chan in
different threads, we can encounter the UAF problems because
the method is not protected by any lock, add one to avoid
this bug.
BUG: KASAN: use-after-free in
From: Bolarinwa Olayemi Saheed
[ Upstream commit 9018fd7f2a73e9b290f48a56b421558fa31e8b75 ]
On failure pcie_capability_read_dword() sets it's last parameter, val
to 0. However, with Patch 14/14, it is possible that val is set to ~0 on
failure. This would introduce a bug because (x & x) == (~0 &
From: Prasanna Kerekoppa
[ Upstream commit fa3266541b13f390eb35bdbc38ff4a03368be004 ]
Bss info flag definition need to be fixed from 0x2 to 0x4
This flag is for rssi info received on channel.
All Firmware branches defined as 0x4 and this is bug in brcmfmac.
Signed-off-by: Prasanna Kerekoppa
Si
From: Prasanna Kerekoppa
[ Upstream commit fa3266541b13f390eb35bdbc38ff4a03368be004 ]
Bss info flag definition need to be fixed from 0x2 to 0x4
This flag is for rssi info received on channel.
All Firmware branches defined as 0x4 and this is bug in brcmfmac.
Signed-off-by: Prasanna Kerekoppa
Si
From: Bolarinwa Olayemi Saheed
[ Upstream commit 9018fd7f2a73e9b290f48a56b421558fa31e8b75 ]
On failure pcie_capability_read_dword() sets it's last parameter, val
to 0. However, with Patch 14/14, it is possible that val is set to ~0 on
failure. This would introduce a bug because (x & x) == (~0 &
From: Lihong Kou
[ Upstream commit f9c70bdc279b191da8d60777c627702c06e4a37d ]
In the case we set or free the global value listen_chan in
different threads, we can encounter the UAF problems because
the method is not protected by any lock, add one to avoid
this bug.
BUG: KASAN: use-after-free in
From: Wright Feng
[ Upstream commit eccbf46b15bb3e35d004148f7c3a8fa8e9b26c1e ]
brcmfmac host driver makes SDIO bus sleep and stops SDIO watchdog if no
pending event or data. As a result, host driver does not poll firmware
console buffer before buffer overflow, which leads to missing firmware
log
From: Bolarinwa Olayemi Saheed
[ Upstream commit 9018fd7f2a73e9b290f48a56b421558fa31e8b75 ]
On failure pcie_capability_read_dword() sets it's last parameter, val
to 0. However, with Patch 14/14, it is possible that val is set to ~0 on
failure. This would introduce a bug because (x & x) == (~0 &
From: Wright Feng
[ Upstream commit fcdd7a875def793c38d7369633af3eba6c7cf089 ]
When USB or SDIO device got abnormal bus disconnection, host driver
tried to clean up the skbs in PSQ and TXQ (The skb's pointer in hanger
slot linked to PSQ and TSQ), so we should set the state of skb hanger slot
to
From: Wenbo Zhang
[ Upstream commit eef8a42d6ce087d1c81c960ae0d14f955b742feb ]
The `BPF_LOG_BUF_SIZE`'s value is `UINT32_MAX >> 8`, so define an array
with it on stack caused an overflow.
Signed-off-by: Wenbo Zhang
Signed-off-by: Daniel Borkmann
Acked-by: Andrii Nakryiko
Link: https://lore.k
From: Shannon Nelson
[ Upstream commit 3fbc9bb6ca32d12d4d32a7ae32abef67ac95f889 ]
Fix up our comparison to better handle a potential (but largely
unlikely) wrap around.
Signed-off-by: Shannon Nelson
Signed-off-by: David S. Miller
Signed-off-by: Sasha Levin
---
drivers/net/ethernet/pensando/
From: Jakub Kicinski
Date: Mon, 10 Aug 2020 10:32:04 -0700
> I'm not doing much work on the NFP driver any more.
>
> Signed-off-by: Jakub Kicinski
Applied.
From: Prasanna Kerekoppa
[ Upstream commit fa3266541b13f390eb35bdbc38ff4a03368be004 ]
Bss info flag definition need to be fixed from 0x2 to 0x4
This flag is for rssi info received on channel.
All Firmware branches defined as 0x4 and this is bug in brcmfmac.
Signed-off-by: Prasanna Kerekoppa
Si
From: Aaron Ma
[ Upstream commit 7d428b1c9ffc9ddcdd64c6955836bbb17a233ef3 ]
New device ID 0xc82f found on Lenovo ThinkCenter.
Tested it with c822 driver, works good.
PCI id:
03:00.0 Network controller [0280]: Realtek Semiconductor Co., Ltd.
Device [10ec:c82f]
Subsystem: Lenovo Device [1
From: Christoph Hellwig
Date: Mon, 10 Aug 2020 18:42:14 +0200
> This reverts commits 6d04fe15f78acdf8e32329e208552e226f7a8ae6 and
> a31edb2059ed4e498f9aa8230c734b59d0ad797a.
>
> It turns out the idea to share a single pointer for both kernel and user
> space address causes various kinds of probl
Andrii Nakryiko writes:
>> BTW, I've noticed that you tend to drop Ccs on later versions of your
>> patch series (had to go and lookup v2 of this to check that it was in
>> fact merged). Is that intentional? :)
>
> Hm.. not sure about whether I tend to do that. But in this it was
> intentional an
On 8/10/20 12:28 PM, Harshitha Ramamurthy wrote:
> This patch adds a helper function called bpf_get_skb_hash to calculate
> the skb hash for a packet at the XDP layer. In the helper function,
Why? i.e., expected use case?
Pulling this from hardware when possible is better. e.g., Saeed's
hardware
On Mon, Aug 10, 2020 at 8:01 AM Toke Høiland-Jørgensen wrote:
>
> Andrii Nakryiko writes:
>
> > This patch set adds new BPF link operation, LINK_DETACH, allowing processes
> > with BPF link FD to force-detach it from respective BPF hook, similarly how
> > BPF link is auto-detached when such BPF h
This patch adds a helper function called bpf_get_skb_hash to calculate
the skb hash for a packet at the XDP layer. In the helper function,
a local skb is allocated and we populate the fields needed in the skb
before calling skb_get_hash. To avoid memory allocations for each packet,
we allocate an s
On Mon, Aug 10, 2020 at 08:37:18AM -0700, syzbot wrote:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit:fffe3ae0 Merge tag 'for-linus-hmm' of git://git.kernel.org..
> git tree: upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=12f34d3a90
> kernel
On Sat, 8 Aug 2020 09:59:34 -0600 David Ahern wrote:
> On 8/7/20 8:06 PM, Andrew Lunn wrote:
> > So i personally don't think netdev statistics is a good idea, i doubt
> > it scales.
>
> +1
+1
Please stop using networking as the example for this.
We don't want file interfaces for stats, and we
On Mon, 10 Aug 2020 10:09:20 -0700 Jacob Keller wrote:
> >> But I am still missing something: fw-activate implies that it will
> >> activate a new FW image stored on flash, pending activation. What if the
> >> user wants to reset and reload the FW if no new FW pending ? Should we
> >> add --forc
On Mon, Aug 10, 2020 at 12:32 AM Willem de Bruijn
wrote:
>
> What happens when a tunnel device passes a packet to these devices?
> That will also not have allocated the extra tailroom. Does that cause
> a bug?
I looked at the code in net/ipv4/ip_tunnel.c. It indeed appeared to me
that it didn't t
On Mon, Aug 10, 2020 at 10:45:26AM -0700, Linus Torvalds wrote:
> On Mon, Aug 10, 2020 at 9:59 AM Willy Tarreau wrote:
> >
> > I took what we were already using in add_interrupt_randomness() since
> > I considered that if it was acceptable there, it probably was elsewhere.
>
> Once you've taken a
On Mon, Aug 10, 2020 at 06:09:48AM -0700, Jiang Yu wrote:
> skb distinguished by uid can only recorded to user who consume them.
> in many case, skb should been recorded more specific to process who
> consume them. E.g, the unexpected large data traffic of illegal process
> in metered network.
>
>
On Mon, Aug 10, 2020 at 9:59 AM Willy Tarreau wrote:
>
> I took what we were already using in add_interrupt_randomness() since
> I considered that if it was acceptable there, it probably was elsewhere.
Once you've taken an interrupt, you're doing IO anyway, and the
interrupt costs will dominate a
When TFO keys are read back on big endian systems either via the global
sysctl interface or via getsockopt() using TCP_FASTOPEN_KEY, the values
don't match what was written.
For example, on s390x:
# echo "1-2-3-4" > /proc/sys/net/ipv4/tcp_fastopen_key
# cat /proc/sys/net/ipv4/tcp_fastopen_key
020
I'm not doing much work on the NFP driver any more.
Signed-off-by: Jakub Kicinski
---
MAINTAINERS | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/MAINTAINERS b/MAINTAINERS
index d2784b502da0..83ea07711518 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -11948,7 +11948,8 @@ F:
On 8/10/20 6:54 AM, Jiri Olsa wrote:
On Sun, Aug 09, 2020 at 06:21:01PM -0700, Yonghong Song wrote:
On 8/7/20 10:30 AM, Jiri Olsa wrote:
hi,
we have a customer facing some odd verifier fails on following
sk_skb program:
0. r2 = *(u32 *)(r1 + data_end)
1. r4 = *(u32 *)(r1 + data)
On 8/10/2020 9:53 AM, Jakub Kicinski wrote:
> On Sun, 9 Aug 2020 16:21:29 +0300 Moshe Shemesh wrote:
>> Okay, so devlink reload default for mlx5 will include also fw-activate
>> to align with mlxsw default.
>>
>> Meaning drivers that supports fw-activate will add it to the default.
>
> No per-
On Mon, Aug 10, 2020 at 09:31:48AM -0700, Linus Torvalds wrote:
> On Mon, Aug 10, 2020 at 4:47 AM Willy Tarreau wrote:
> >
> > Doing testing on real hardware showed that retrieving the TSC on every
> > call had a non negligible cost, causing a loss of 2.5% on the accept()
> > rate and 4% on packet
Commit dacce2be3312 ("vmxnet3: add geneve and vxlan tunnel offload
support") added support for encapsulation offload. However, while
calculating tcp hdr length, it does not take into account if the
packet is encapsulated or not.
This patch fixes this issue by using correct reference for inner
tcp
1 - 100 of 150 matches
Mail list logo
