Hi,
Apparently one cannot use TC cls_bpf/act_bpf if running from a user ns
other than the init_user_ns, as bpf_prog_load does not permit loading
these type of progs, snip:
if (type != BPF_PROG_TYPE_SOCKET_FILTER &&
type != BPF_PROG_TYPE_CGROUP_SKB &&
!capable(CAP_S
On Thu, Feb 08, 2018 at 07:31:55PM +, Edward Cree wrote:
> By storing subprog boundaries as a subprogno mark on each insn, rather than
> a start (and implicit end) for each subprog, we collect a number of gains:
> * More efficient determination of which subprog contains a given insn, and
> t
On Fri, Feb 09, 2018 at 03:01:57PM +0100, Daniel Borkmann wrote:
> On 02/09/2018 06:14 AM, Li Zhijian wrote:
> > Hi
> >
> > INTEL 0-Day noticed that bpf/test_maps has different results at different
> > platforms.
> > when it fails, the details are like
>
> Sorry for the late reply and thanks for
On 2/9/18 8:54 AM, Naveen N. Rao wrote:
Naveen N. Rao wrote:
Alexei Starovoitov wrote:
On 2/8/18 4:03 AM, Sandipan Das wrote:
The imm field of a bpf_insn is a signed 32-bit integer. For
JIT-ed bpf-to-bpf function calls, it stores the offset from
__bpf_call_base to the start of the callee funct
On Tue, Feb 06, 2018 at 02:05:52PM +0100, Geert Uytterhoeven wrote:
> The Stream Buffer for EtherAVB-IF (STBE) is an optional component, and
> is not present on all SoCs.
>
> Document this in the DT bindings, including a list of SoCs that do have
> it.
>
> Fixes: 785ec87483d1e24a ("ravb: document
On Fri, Feb 09, 2018 at 12:33:36PM -0800, Richard Cochran wrote:
> On Sat, Feb 03, 2018 at 10:40:08PM +0100, Andrew Lunn wrote:
> > +static int mv88e6xxx_ptp_adjfine(struct ptp_clock_info *ptp, long
> > scaled_ppm)
> > +{
> > + struct mv88e6xxx_chip *chip = ptp_to_chip(ptp);
> > + int neg_adj
On Sat, Feb 03, 2018 at 10:40:08PM +0100, Andrew Lunn wrote:
> +static int mv88e6xxx_ptp_adjfine(struct ptp_clock_info *ptp, long scaled_ppm)
> +{
> + struct mv88e6xxx_chip *chip = ptp_to_chip(ptp);
> + int neg_adj = 0;
> + u32 diff, mult;
> + u64 adj;
> +
> + if (scaled_ppm < 0
1) Make allocations less aggressive in x_tables, from Minchal Hocko.
2) Fix netfilter flowtable Kconfig deps, from Pablo Neira Ayuso.
3) Fix connection loss problems in rtlwifi, from Larry Finger.
4) Correct DRAM dump length for some chips in ath10k driver,
from Yu Wang.
5) Fix ABORT handli
Default rlimit RLIMIT_MEMLOCK is 64KB, causes bpf map failure.
e.g.
[root@labbpf]# ./xdp_redirect $( $(
---
samples/bpf/xdp_redirect_user.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/samples/bpf/xdp_redirect_user.c b/samples/bpf/xdp_redirect_user.c
index 4475d83..2490235 100644
---
On 02/09/2018 08:11 PM, David Miller wrote:
> From: Daniel Borkmann
> Date: Fri, 9 Feb 2018 14:49:44 +0100
>
>> Fix two issues in the reuseport_bpf selftests that were
>> reported by Linaro CI:
> ...
>> For the former adjust rlimit since this was the cause of
>> failure for loading the BPF prog
From: John Allen
Having these checks in ibmvnic_xmit causes problems with VLAN
tagging and balance-alb/tlb bonding modes. The restriction they
imposed can be removed.
Signed-off-by: John Allen
Signed-off-by: Nathan Fontenot
---
drivers/net/ethernet/ibm/ibmvnic.c |5 +
1 file changed,
On 02/09/2018 01:32 PM, Jakub Kicinski wrote:
> On Fri, 09 Feb 2018 13:09:34 -0600, Nathan Fontenot wrote:
>> From: John Allen (jal...@linux.vnet.ibm.com>
>
> Nit: s/(/
>> Having these checks in ibmvnic_xmit causes problems with VLAN
>> tagging and balance-alb/tlb bonding modes. The restriction t
On Fri, 09 Feb 2018 13:09:34 -0600, Nathan Fontenot wrote:
> From: John Allen (jal...@linux.vnet.ibm.com>
Nit: s/(/ Having these checks in ibmvnic_xmit causes problems with VLAN
> tagging and balance-alb/tlb bonding modes. The restriction they
> imposed can be removed.
>
> Signed-off-by: Nathan F
From: Alexey Kodanev
Date: Fri, 9 Feb 2018 17:35:23 +0300
> When SCTP makes INIT or INIT_ACK packet the total chunk length
> can exceed SCTP_MAX_CHUNK_LEN which leads to kernel panic when
> transmitting these packets, e.g. the crash on sending INIT_ACK:
...
> Here the chunk size for INIT_ACK pa
From: Julian Wiedmann
Date: Fri, 9 Feb 2018 11:03:48 +0100
> please apply the following two qeth patches for 4.16 and stable.
>
> One restricts a command quirk to the intended commandd type,
> while the other fixes an off-by-one during data transmission
> that can cause qeth to build malformed
From: Jason Wang
Date: Fri, 9 Feb 2018 17:45:50 +0800
> This patch switch to use kvmalloc_array() for using a vmalloc()
> fallback to help in case kmalloc() fails.
>
> Reported-by: syzbot+e4d4f9ddd42955397...@syzkaller.appspotmail.com
> Fixes: 2e0ab8ca83c12 ("ptr_ring: array based FIFO for poin
From: Jason Wang
Date: Fri, 9 Feb 2018 17:45:49 +0800
> To avoid slab to warn about exceeded size, fail early if queue
> occupies more than KMALLOC_MAX_SIZE.
>
> Reported-by: syzbot+e4d4f9ddd42955397...@syzkaller.appspotmail.com
> Fixes: 2e0ab8ca83c12 ("ptr_ring: array based FIFO for pointers")
On Fri, Feb 9, 2018 at 8:27 PM, syzbot
wrote:
> Hello,
>
> syzbot hit the following crash on net-next commit
> 617aebe6a97efa539cc4b8a52adccd89596e6be0 (Sun Feb 4 00:25:42 2018 +)
> Merge tag 'usercopy-v4.16-rc1' of
> git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
>
> So far this cra
On Thu, Feb 1, 2018 at 11:22 PM, Eric Biggers wrote:
> On Sun, Dec 31, 2017 at 10:58:01AM -0800, syzbot wrote:
>> Hello,
>>
>> syzkaller hit the following crash on
>> 5aa90a84589282b87666f92b6c3c917c8080a9bf
>> git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/master
>> compiler: gc
From: John Allen (jal...@linux.vnet.ibm.com>
Having these checks in ibmvnic_xmit causes problems with VLAN
tagging and balance-alb/tlb bonding modes. The restriction they
imposed can be removed.
Signed-off-by: Nathan Fontenot
---
drivers/net/ethernet/ibm/ibmvnic.c |5 +
1 file changed,
From: Niklas Cassel
Date: Fri, 9 Feb 2018 17:22:44 +0100
> A couple of small stmmac irq fixes/cleanups.
Seires applied.
From: Thomas Falcon
Date: Fri, 9 Feb 2018 11:41:09 -0600
> When allocating RX or TX buffer pools, the driver needs to provide a
> unique mapping ID to firmware for each pool. This value is assigned
> using a counter which is incremented after a new pool is created. The
> ID can be an integer ran
From: Daniel Borkmann
Date: Fri, 9 Feb 2018 14:49:44 +0100
> Fix two issues in the reuseport_bpf selftests that were
> reported by Linaro CI:
...
> For the former adjust rlimit since this was the cause of
> failure for loading the BPF prog, and for the latter add
> SO_REUSEADDR.
>
> Reported-b
From: Daniel Borkmann
Date: Fri, 9 Feb 2018 02:29:06 +0100
> The following pull-request contains BPF updates for your *net* tree.
>
> The main changes are:
...
> Please consider pulling these changes from:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git
Pulled, thanks Daniel.
We are going to merge link_gre.c and link_gre6.c and this is final step
to make their diffs clear and show what needs to be changed during merge.
Note that it is safe to omit endpoint address(es) from netlink create
request as kernel is aware of such case and will use zero for that
endpoint(s).
S
We are going to merge link_iptnl.c and link_ip6tnl.c and this is final
step to make their diffs clear and show what needs to be changed during
merge.
Note that it is safe to omit endpoint address(es) from netlink create
request as kernel is aware of such case and will use zero for that
endpoint(s)
We are going to merge link_vti.c and link_vti6.c and this is final step
to make their diffs clear and show what needs to be changed during merge.
Note that it is safe to omit endpoint address(es) from netlink create
request as kernel is aware of such case and will use zero for that
endpoint(s).
S
Use get_addr_rta() helper to unify address retriveal from netlink
message when configuring tunnel and get_addr() to parse endpoint
address into @inet_prefix.
This is next step towards ip and ipv6 tunnel module merge: endpoint
address parsing code will differ only in @family constant being
passed t
The two commits
d153b153446f7 (" sched/core: Fix wake_affine() performance regression") and
f2cdd9cc6c97 ("sched/core: Address more wake_affine() regressions")
are causing a serious performance degradation in Linux 4.5.
The effect is worst on TIPC, but even TCP is affected, as the figures below
Since there is no documentation in Latex format left, there is no need
to check for commands to build it. Also there is no need to ignore any
of the temporary files which were created by them.
Signed-off-by: Phil Sutter
---
.gitignore | 10 --
configure | 17 -
2 files c
When allocating RX or TX buffer pools, the driver needs to provide a
unique mapping ID to firmware for each pool. This value is assigned
using a counter which is incremented after a new pool is created. The
ID can be an integer ranging from 1-255. When migrating to a device
that requests a differen
On 2/9/18 10:11 AM, Jakub Kicinski wrote:
> From: Quentin Monnet
>
> Reflect the recent change of location for the git repositories, and the
> creation of the -next development repo, in README and README.devel.
>
> Also remove the link to the Linux Foundation wiki that contained
> information ab
From: Quentin Monnet
Reflect the recent change of location for the git repositories, and the
creation of the -next development repo, in README and README.devel.
Also remove the link to the Linux Foundation wiki that contained
information about iproute2. The link is now broken, I did not find any
On 02/09/2018 07:24 AM, Arnd Bergmann wrote:
gcc-8 points out that source and destination of the memcpy() are
always the same pointer, so the effect of memcpy() is undefined
here (its arguments must not overlap):
drivers/net/wireless/realtek/rtlwifi/rtl8192cu/trx.c: In function
'_rtl_rx_process
Naveen N. Rao wrote:
Alexei Starovoitov wrote:
On 2/8/18 4:03 AM, Sandipan Das wrote:
The imm field of a bpf_insn is a signed 32-bit integer. For
JIT-ed bpf-to-bpf function calls, it stores the offset from
__bpf_call_base to the start of the callee function.
For some architectures, such as pow
On 02/09/2018 07:24 AM, Arnd Bergmann wrote:
gcc-8 points out that source and destination of the memcpy() are
always the same pointer, so the effect of memcpy() is undefined
here (its arguments must not overlap):
drivers/net/wireless/realtek/rtlwifi/rtl8192cu/trx.c: In function
'_rtl_rx_process
A couple of small stmmac irq fixes/cleanups.
Niklas Cassel (3):
net: stmmac: discard disabled flags in interrupt status register
net: stmmac: rename GMAC_INT_DEFAULT_MASK for dwmac4
net: stmmac: remove redundant enable of PMT irq
drivers/net/ethernet/stmicro/stmmac/dwmac1000_core.c | 2 --
GMAC_INT_DEFAULT_MASK is written to the interrupt enable register.
In previous versions of the IP (e.g. dwmac1000), this register was
instead an interrupt mask register.
To improve clarity and reflect reality, rename GMAC_INT_DEFAULT_MASK
to GMAC_INT_DEFAULT_ENABLE.
Signed-off-by: Niklas Cassel
-
For dwmac4, GMAC_INT_DEFAULT_ENABLE already includes
GMAC_INT_PMT_EN, so it is redundant to check if hw->pmt
is set, and if so, setting the bit again.
For dwmac1000, GMAC_INT_DEFAULT_MASK does not include
GMAC_INT_DISABLE_PMT, so it is redundant to check if
hw->pmt is set, and if so, clearing an a
The interrupt status register in both dwmac1000 and dwmac4 ignores
interrupt enable (for dwmac4) / interrupt mask (for dwmac1000).
Therefore, if we want to check only the bits that can actually trigger
an irq, we have to filter the interrupt status register manually.
Commit 0a764db10337 ("stmmac:
David Ahern wrote:
> On 2/8/18 3:57 AM, Serhey Popovych wrote:
>> Few minor changes to reduce diffs between ip and ipv6 tunnel code:
>>
>> 1) reduce intendation by one level when adding attributes in gre and
>> gre6; reorder addattr*() calls to simplify diff
>>
>> 2) reorder local variable
On Fri, 2018-02-09 at 14:24 +0100, Arnd Bergmann wrote:
> gcc-8 points out that source and destination of the memcpy() are
> always the same pointer, so the effect of memcpy() is undefined
> here (its arguments must not overlap):
>
> drivers/net/wireless/realtek/rtlwifi/rtl8192cu/trx.c: In functio
On 2/8/18 9:04 AM, Serhey Popovych wrote:
> In gre/gre6 for non-JSON output 0x%x format is used: use print_0xhex()
> to get the same value for JSON.
>
> Get rid of custom _print_hex() in bridge slave code: print_0xhex() can
> be used perfectly.
>
> Break long print_uint() with long argument list
On 2/8/18 3:57 AM, Serhey Popovych wrote:
> Few minor changes to reduce diffs between ip and ipv6 tunnel code:
>
> 1) reduce intendation by one level when adding attributes in gre and
> gre6; reorder addattr*() calls to simplify diff
>
> 2) reorder local variables definition; change thei
On 2/8/18 11:58 PM, Serhey Popovych wrote:
> To show only relevant diffs of ip and ipv6 variants help message print
> routines needs to be unified and improved.
>
> Get rid of print_usage() and usage() wrappers: use single function to
> output help message. As side effect we return -1 from parse f
On Fri, Feb 09, 2018 at 05:45:50PM +0800, Jason Wang wrote:
> This patch switch to use kvmalloc_array() for using a vmalloc()
> fallback to help in case kmalloc() fails.
Above isn't really saying anything about the motivation, it
just explains what kvmalloc_array does.
How about:
Switch ptr_ring
On Fri, Feb 09, 2018 at 05:45:49PM +0800, Jason Wang wrote:
> To avoid slab to warn about exceeded size, fail early if queue
> occupies more than KMALLOC_MAX_SIZE.
>
> Reported-by: syzbot+e4d4f9ddd42955397...@syzkaller.appspotmail.com
> Fixes: 2e0ab8ca83c12 ("ptr_ring: array based FIFO for pointer
On Fri, Feb 09, 2018 at 05:35:23PM +0300, Alexey Kodanev wrote:
> When SCTP makes INIT or INIT_ACK packet the total chunk length
> can exceed SCTP_MAX_CHUNK_LEN which leads to kernel panic when
> transmitting these packets, e.g. the crash on sending INIT_ACK:
>
> [ 597.804948] skbuff: skb_over_pa
If an L2TPIP socket is closed, add RCU protection when we deref
sk_user_data to prevent races with another thread closing the same
tunnel.
Fixes: 0d76751fad ("l2tp: Add L2TPv3 IP encapsulation (no UDP) support")
refcount_t: increment on 0; use-after-free.
WARNING: CPU: 2 PID: 2892 at lib/refcou
Since L2TP hooks on sockets opened by userspace using sk_user_data, we
may race with other socket families that attempt to use the same
socket.
This problem was discovered by syzbot using AF_KCM. KCM has since been
modified to use only TCP sockets to avoid hitting this issue but we
should prevent
If when creating a new tunnel, the indicated fd is closed by another
thread, we emit an error message about it. e.g.
l2tp_core: tunl 4: sockfd_lookup(fd=3) returned -9
It's not useful so remove it.
Signed-off-by: James Chapman
---
net/l2tp/l2tp_core.c | 2 --
1 file changed, 2 deletions(-)
It's hard to understand pppol2tp_connect so split it up into separate
functions and document it better.
Fixes: fd558d186d ("l2tp: Split pppol2tp patch into separate l2tp and ppp
parts")
Signed-off-by: James Chapman
---
net/l2tp/l2tp_ppp.c | 318 --
The tunnel's closing flag is set when the tunnel is being
destroyed. Use it to reject new sessions and remove acpt_newsess which
was doing the same thing. Also prevent the tunnel being seen in
l2tp_tunnel_get lookups.
Signed-off-by: James Chapman
---
net/l2tp/l2tp_core.c | 27 +++
Ensure that the tunnel's socket is always extant while the tunnel
object exists. Hold a ref on the socket until the tunnel is destroyed
and ensure that all tunnel destroy paths go through a common function
(l2tp_tunnel_delete).
Since the tunnel's socket is now guaranteed to exist if the tunnel
exi
When a session refcount hits 0, the session is freed via
l2tp_session_free. Some pseudowires (ppp, eth) may have additional
resources to free when this happens. Add a session_free callback that
can be used by pseudowires to override the default kfree. The callback
is responsible for freeing the ses
Use l2tp core's session_free callback to drive the ppp session
cleanup. PPP sessions are cleaned up by RCU. The PPP session socket is
allowed to close only when the session is freed.
With this patch, the following syzbot bug reports are finally fixed.
Reported-by: syzbot+9df43faf09bd400f2...@syzk
Replace the dead flag in the session context with a closing flag and
spinlock. Check it in session lookup functions such that we don't try
to access session data while it is being destroyed.
Signed-off-by: James Chapman
---
net/l2tp/l2tp_core.c | 34 +-
net/l2tp/l
__l2tp_session_unhash is now only used internally so there is no
reason to expose it to other l2tp modules. Rename it
l2tp_session_unhash while we're at it.
Signed-off-by: James Chapman
---
net/l2tp/l2tp_core.c | 5 ++---
net/l2tp/l2tp_core.h | 1 -
2 files changed, 2 insertions(+), 4 deletions(
Handle session destroy in the same way as we handle tunnel destroy -
through a workqueue. Sessions can be destroyed either because its
socket is closed (if it has a socket) or by netlink request. A
workqueue synchronises these.
Signed-off-by: James Chapman
---
net/l2tp/l2tp_core.c | 30 +
l2tp_tunnel_create now checks sk_user_data so this check is redundant
Signed-off-by: James Chapman
---
net/l2tp/l2tp_core.c | 8
1 file changed, 8 deletions(-)
diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c
index c909fe9273c9..a91cd384e397 100644
--- a/net/l2tp/l2tp_core.c
++
Previously, if a tunnel was closed, we called inet_shutdown to mark
the socket as unconnected such that userspace would get errors and
then close the socket. This could race with userspace closing the
socket. Instead, leave userspace to close the socket in its own time
(our tunnel will be detached
This patch series addresses several races with L2TP APIs discovered by
syzbot. While working on this, it became clear that the L2TP code
needed some work to address object lifetime issues. There are no
functional changes.
The set of patches 1-13 in combination fix the following syzbot reports.
9d
Simplify relationship with tunnel such that the session holds a ref on
the tunnel, not its socket. This guarantees that the tunnel is always
extant if one or more sessions exists on the tunnel. If the session
has a socket (ppp), have it hold a ref on the socket until the session
is destroyed.
Sinc
Since session destroy now uses a workqueue, let l2tp_session_delete
handle all the work of destroying a session. Don't remove the session
from the tunnel's list immediately. The tunnel will remain extant
until all of its sessions are gone anyway.
Signed-off-by: James Chapman
---
net/l2tp/l2tp_co
> There are some SoCs that have a built-in phy, and sometimes
> these SoCs can choose to use built-in phy or external phy.
O.K. This is the same use case we had at the end of last year.
How are the MDIO busses arranged? Is there an internal MDIO bus and an
external MDIO bus? How do you change bet
Signed-off-by: James Chapman
---
net/l2tp/l2tp_ppp.c | 10 +-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
index ff95a4d4eac5..947066b3d6d8 100644
--- a/net/l2tp/l2tp_ppp.c
+++ b/net/l2tp/l2tp_ppp.c
@@ -172,8 +172,16 @@ static inli
On Fri, Feb 09, 2018 at 05:35:23PM +0300, Alexey Kodanev wrote:
> When SCTP makes INIT or INIT_ACK packet the total chunk length
> can exceed SCTP_MAX_CHUNK_LEN which leads to kernel panic when
> transmitting these packets, e.g. the crash on sending INIT_ACK:
>
> [ 597.804948] skbuff: skb_over_pa
When SCTP makes INIT or INIT_ACK packet the total chunk length
can exceed SCTP_MAX_CHUNK_LEN which leads to kernel panic when
transmitting these packets, e.g. the crash on sending INIT_ACK:
[ 597.804948] skbuff: skb_over_panic: text:ffae06e4 len:120168
put:120156 head:0
On 09.02.2018 16:27, Marcelo Ricardo Leitner wrote:
> On Fri, Feb 09, 2018 at 04:02:31PM +0300, Alexey Kodanev wrote:
>>
>> ---
>> net/sctp/sm_make_chunk.c |7 ++-
>> 1 files changed, 6 insertions(+), 1 deletions(-)
>>
>> diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
>>
Fix two issues in the reuseport_bpf selftests that were
reported by Linaro CI:
[...]
+ ./reuseport_bpf
IPv4 UDP
Testing EBPF mod 10...
Reprograming, testing mod 5...
./reuseport_bpf: ebpf error. log:
0: (bf) r6 = r1
1: (20) r0 = *(u32 *)skb[0]
2: (97) r0 %= 10
3: (95)
Hi,
after commit 80d8bfaac9e2430d710084a10ec78e68bd61e6ec "iptables: insist that
the lock is held."
it became impossible restore to configure iptables from child user namespace:
kirill@:~/criu$ unshare -U -m -p -f -n --map-root-user --mount-proc
root@:~/criu# iptables -A INPUT -s 1.2.3.4 -j DROP
On Fri, Feb 09, 2018 at 04:02:31PM +0300, Alexey Kodanev wrote:
> When SCTP makes INIT or INIT_ACK packets the total chunk length
> can exceed SCTP_MAX_CHUNK_LEN which leads to kernel panic when
> transmitting these packets, e.g. the crash on sending INIT_ACK:
>
> [ 597.804948] skbuff: skb_over_p
gcc-8 points out that source and destination of the memcpy() are
always the same pointer, so the effect of memcpy() is undefined
here (its arguments must not overlap):
drivers/net/wireless/realtek/rtlwifi/rtl8192cu/trx.c: In function
'_rtl_rx_process':
drivers/net/wireless/realtek/rtlwifi/rtl8192
When SCTP makes INIT or INIT_ACK packets the total chunk length
can exceed SCTP_MAX_CHUNK_LEN which leads to kernel panic when
transmitting these packets, e.g. the crash on sending INIT_ACK:
[ 597.804948] skbuff: skb_over_panic: text:ffae06e4 len:120168
put:120156 head:
On 02/08/2018 10:29 PM, Sunil Kovvuri wrote:
On Fri, Feb 9, 2018 at 3:27 AM, Dean Nelson wrote:
On 02/08/2018 02:34 PM, David Miller wrote:
From: Dean Nelson
Date:
The Cavium thunder nicvf driver supports rx/tx rings of up to 65536
entries per.
...
Another way to solve this could have
On 02/09/2018 09:18 AM, Jesper Dangaard Brouer wrote:
> On Fri, 9 Feb 2018 02:32:27 +0100
> Daniel Borkmann wrote:
>
>> On 02/08/2018 12:48 PM, Jesper Dangaard Brouer wrote:
>>> While playing with using libbpf for the Suricata project, we had
>>> issues LLVM >= 4.0.1 generating ELF files that cou
Hi Dave,
please apply the following two qeth patches for 4.16 and stable.
One restricts a command quirk to the intended commandd type,
while the other fixes an off-by-one during data transmission
that can cause qeth to build malformed buffer descriptors.
Thanks,
Julian
Julian Wiedmann (1):
s
send_control_data() applies some special handling to SETIP v4 IPA
commands. But current code parses *all* command types for the SETIP
command code. Limit the command code check to IPA commands.
Fixes: 5b54e16f1a54 ("qeth: do not spin for SETIP ip assist command")
Signed-off-by: Julian Wiedmann
--
From: Ursula Braun
For a memory range/skb where the last byte falls onto a page boundary
(ie. 'end' is of the form xxx...xxx001), the PFN_UP() part of the
calculation currently doesn't round up to the next PFN due to an
off-by-one error.
Thus qeth believes that the skb occupies one page less than
This patch switch to use kvmalloc_array() for using a vmalloc()
fallback to help in case kmalloc() fails.
Reported-by: syzbot+e4d4f9ddd42955397...@syzkaller.appspotmail.com
Fixes: 2e0ab8ca83c12 ("ptr_ring: array based FIFO for pointers")
Signed-off-by: Jason Wang
---
include/linux/ptr_ring.h | 1
To avoid slab to warn about exceeded size, fail early if queue
occupies more than KMALLOC_MAX_SIZE.
Reported-by: syzbot+e4d4f9ddd42955397...@syzkaller.appspotmail.com
Fixes: 2e0ab8ca83c12 ("ptr_ring: array based FIFO for pointers")
Signed-off-by: Jason Wang
---
include/linux/ptr_ring.h | 2 ++
1
On Fri, 9 Feb 2018 02:32:27 +0100
Daniel Borkmann wrote:
> On 02/08/2018 12:48 PM, Jesper Dangaard Brouer wrote:
> > While playing with using libbpf for the Suricata project, we had
> > issues LLVM >= 4.0.1 generating ELF files that could not be loaded
> > with libbpf (tools/lib/bpf/).
> >
> > D
82 matches
Mail list logo
