Hello,
syzbot found the following crash on:
HEAD commit:90cadbbf341d Merge git://git.kernel.org/pub/scm/linux/kern..
git tree: net-next
console output: https://syzkaller.appspot.com/x/log.txt?x=1081829b40
kernel config: https://syzkaller.appspot.com/x/.config?x=9d41c8529d7e7362
da
add document and examples for below counters:
TcpExtTCPOFOQueue
TcpExtTCPOFODrop
TcpExtTCPOFOMerge
TcpExtPAWSActive
TcpExtPAWSEstab
TcpExtTCPACKSkippedSynRecv
TcpExtTCPACKSkippedPAWS
TcpExtTCPACKSkippedSeq
TcpExtTCPACKSkippedFinWait2
TcpExtTCPACKSkippedTimeWait
TcpExtTCPACKSkippedChallenge
Signed-
Hello,
syzbot found the following crash on:
HEAD commit:90cadbbf341d Merge git://git.kernel.org/pub/scm/linux/kern..
git tree: net-next
console output: https://syzkaller.appspot.com/x/log.txt?x=1745c69b40
kernel config: https://syzkaller.appspot.com/x/.config?x=9d41c8529d7e7362
da
Hello,
syzbot found the following crash on:
HEAD commit:90cadbbf341d Merge git://git.kernel.org/pub/scm/linux/kern..
git tree: net-next
console output: https://syzkaller.appspot.com/x/log.txt?x=17053c9b40
kernel config: https://syzkaller.appspot.com/x/.config?x=9d41c8529d7e7362
da
HI Marc & Stephen,
Most of engineers are out until New Year's Day.
LAN78xx driver uses irq_domain for phy interrupt, but smsc95xx uses polling.
Need to check flow again, you can try that comment out
"lan78xx_setup_irq_domain" to
make dev->domain_data.phyirq = 0 which forces PHY polling.
Can y
Hi, Joerg
On Sat, Dec 29, 2018 at 2:06 PM Joerg Reuter wrote:
> Unfortunately, I'm on a low bandwidth connection right now. I'd be
> grateful if someone could create a patch. This is likely not a high
> impact issue (unpriviliged users can't set up or tear down interfaces),
> still it may cause h
From: Pablo Neira Ayuso
Date: Sat, 29 Dec 2018 13:57:54 +0100
> The following patchset contains Netfilter fixes for net, specifically
> fixes for the nf_conncount infrastructure which is causing troubles
> since 5c789e131cbb9 ("netfilter: nf_conncount: Add list lock and gc
> worker, and RCU for i
nr_find_socket(), nr_find_peer() and nr_find_listener() lock the
sock after finding it in the global list. However, the call path
requires BH disabled for the sock lock consistently.
Actually the locking is unnecessary at this point, we can just hold
the sock refcnt to make sure it is not gone aft
There are multiple issues here:
1. After freeing dev->ax25_ptr, we need to set it to NULL otherwise
we may use a dangling pointer.
2. There is a race between ax25_setsockopt() and device notifier as
reported by syzbot. Close it by holding RTNL lock.
3. We need to test if dev->ax25_ptr is N
When x25_asy_open() fails, it already cleans up by itself,
so its caller doesn't need to free the memory again.
It seems we still have to call x25_asy_free() to clear the SLF_INUSE
bit, so just set these pointers to NULL after kfree().
Reported-and-tested-by: syzbot+5e5e969e525129229...@syzkaller
Am 29.12.18 um 20:25 schrieb Andreas Färber:
> Am 12.10.18 um 18:26 schrieb Ben Whitten:
>> +static int sx125x_register_clock_provider(struct sx125x_priv *priv)
>> +{
>> +struct device *dev = priv->dev;
>> +struct clk_init_data init;
>> +const char *parent;
>> +int ret;
>> +
>> +
Hi Ben,
+ linux-lpwan, linux-clk, devicetree
Am 12.10.18 um 18:26 schrieb Ben Whitten:
> From: Ben Whitten
>
> The 32M is run from the radio, before we just enabled it based on
> the radio number but now we can use the clk framework to request the
> clk is started when we need it.
>
> The 32M
Hello,
syzbot found the following crash on:
HEAD commit:8fe28cb58bcb Linux 4.20
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1604d02d40
kernel config: https://syzkaller.appspot.com/x/.config?x=7d581260bae0899a
dashboard link: https://syzkaller.appsp
Hello,
syzbot found the following crash on:
HEAD commit:38355a5f9a22 bnx2x: Fix NULL pointer dereference in bnx2x_..
git tree: net
console output: https://syzkaller.appspot.com/x/log.txt?x=144e49ed40
kernel config: https://syzkaller.appspot.com/x/.config?x=7321a72d3309c029
dashboa
Hello,
I'm working on some application-specific NIC driver. On the TX path, it
must remove a custom tag that sits between the Ethernet type field and
the actual Ethernet payload; then it must add a different tag in front
of the Ethernet header (the MAC DA field) before it hands over the frame
to t
On Fri, Dec 28, 2018 at 02:51:04PM -0800, syzbot wrote:
> BUG: KASAN: use-after-free in ax25_fillin_cb_from_dev net/ax25/af_ax25.c:450
> [inline]
> BUG: KASAN: use-after-free in ax25_fillin_cb+0x6d5/0x810
> net/ax25/af_ax25.c:477
> Read of size 4 at addr 8881ccecc438 by task syz-executor5/1137
Am 29.12.18 um 16:44 schrieb Heiner Kallweit:
I don't think this patch can have any impact on the issue. Maybe WoL is still
active from previous test?
Manual WoL settings may survive a reboot, you can disable WoL by "ethtool -s
wol d".
In theory I agree, but we have seen before that it can
From: xuechaojing
Date: Sat, 29 Dec 2018 09:20:54 +
> Sorry, I didn't explain this patch clearly.
> if there is no shutdown callback, our board will report pcie UNF errors after
> restarting.
> Attached is our log.
I want you to remove the "dev_info()" call from your patch because it is
ina
On 29.12.2018 16:31, Norbert Jurkeit wrote:
> Am 29.12.18 um 14:55 schrieb Heiner Kallweit:
>> Great, then let's go for one more test. Could you apply the following to
>> 4.19 and start in a fail scenario?
>> I would be interested in the additional dmesg line, just grep for "hk:".
>>
>>
>> diff --
Am 29.12.18 um 14:55 schrieb Heiner Kallweit:
Great, then let's go for one more test. Could you apply the following to 4.19
and start in a fail scenario?
I would be interested in the additional dmesg line, just grep for "hk:".
diff --git a/drivers/net/ethernet/realtek/r8169.c
b/drivers/net/et
On 29.12.2018 14:27, Norbert Jurkeit wrote:
> Am 29.12.18 um 12:54 schrieb Heiner Kallweit:
>>
>> Good to know, I'll check. In this context, do you have Wake-on-LAN enabled?
>> IOW, what does "ethtool " state in line "Wake-on:" ?
>
> "ethtool enp1s0" yields
> Supports Wake-on: pumbg
> Wake
Am 29.12.18 um 12:54 schrieb Heiner Kallweit:
Good to know, I'll check. In this context, do you have Wake-on-LAN enabled?
IOW, what does "ethtool " state in line "Wake-on:" ?
"ethtool enp1s0" yields
Supports Wake-on: pumbg
Wake-on: d
Unfortunately I could not find any BIOS switch to e
Hi,
during development i noticed that hns3_enet.c is compiled even without any
changes to this file.
I think the reason for this is the usage of VERMAGIC_STRING in this file. So it
would be nice if you could somehow replace this define.
Kind regards
Stefan
From: Florian Westphal
Shawn Bohrer reported a following crash:
|RIP: 0010:rb_erase+0xae/0x360
[..]
Call Trace:
nf_conncount_destroy+0x59/0xc0 [nf_conncount]
cleanup_match+0x45/0x70 [ip_tables]
...
Shawn tracked this down to bogus 'parent' pointer:
Problem is that when we insert a new n
Instead of removing a empty list node that might be reintroduced soon
thereafter, tentatively place the empty list node on the list passed to
tree_nodes_free(), then re-check if the list is empty again before erasing
it from the tree.
[ Florian: rebase on top of pending nf_conncount fixes ]
Fixes
From: Florian Westphal
Size and 'next bit' were swapped, this bug could cause worker to
reschedule itself even if system was idle.
Fixes: 5c789e131cbb9 ("netfilter: nf_conncount: Add list lock and gc worker,
and RCU for init tree search")
Reviewed-by: Shawn Bohrer
Signed-off-by: Florian Westph
From: Florian Westphal
'lookup' is always followed by 'add'.
Merge both and make the list-walk part of nf_conncount_add().
This also avoids one unneeded unlock/re-lock pair.
Extra care needs to be taken in count_tree, as we only hold rcu
read lock, i.e. we can only insert to an existing tree no
Hi David,
The following patchset contains Netfilter fixes for net, specifically
fixes for the nf_conncount infrastructure which is causing troubles
since 5c789e131cbb9 ("netfilter: nf_conncount: Add list lock and gc
worker, and RCU for init tree search"). Patches aim to simplify this
infrastructur
From: Florian Westphal
age is signed integer, so result can be negative when the timestamps
have a large delta. In this case we want to discard the entry.
Instead of using age >= 2 || age < 0, just make it unsigned.
Fixes: b36e4523d4d56 ("netfilter: nf_conncount: fix garbage collection confirm
From: Florian Westphal
The lockless workqueue garbage collector can race with packet path
garbage collector to delete list nodes, as it calls tree_nodes_free()
with the addresses of nodes that might have been free'd already from
another cpu.
To fix this, split gc into two phases.
One phase to p
Two CPUs may race to remove a connection from the list, the existing
conn->dead will result in a use-after-free. Use the per-list spinlock to
protect list iterations.
As all accesses to the list now happen while holding the per-list lock,
we no longer need to delay free operations with rcu.
Joint
From: Shawn Bohrer
Most of the time these were the same value anyway, but when
CONFIG_LOCKDEP was enabled we would use a smaller number of locks to
reduce overhead. Unfortunately having two values is confusing and not
worth the complexity.
This fixes a bug where tree_gc_worker() would only GC u
From: Kangjie Lu
If nla_nest_start() may fail. The fix checks its return value and goes
to nla_put_failure if it fails.
Signed-off-by: Kangjie Lu
Signed-off-by: Pablo Neira Ayuso
---
net/netfilter/nf_tables_api.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/netfilter/nf_tables_ap
Hi,
I`ve got problem while queuing with HFSC vlan tagged packets after
migrating my tc scripts from Debian 8.2 (3.16.0-4-amd64) to Debian 9.5
(4.9.0-6-amd64). tc filters added to eth1 do not classify correctly src
and dst ip addresses anymore if they are encapsulated with vlan tag
which wasn
It was noticed that the copy_user() friends that was used to access
virtqueue metdata tends to be very expensive for dataplane
implementation like vhost since it involves lots of software checks,
speculation barrier, hardware feature toggling (e.g SMAP). The
extra cost will be more obvious when tra
Rename the function to be more accurate since it actually tries to
prefetch vq metadata address in IOTLB. And this will be used by
following patch to prefetch metadata virtual addresses.
Signed-off-by: Jason Wang
---
drivers/vhost/net.c | 4 ++--
drivers/vhost/vhost.c | 4 ++--
drivers/vhost/v
Signed-off-by: Jason Wang
---
drivers/vhost/vhost.c | 46 ++-
1 file changed, 28 insertions(+), 18 deletions(-)
diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
index 27b5c03feaac..54b43feef8d9 100644
--- a/drivers/vhost/vhost.c
+++ b/drivers/vho
This is used to hide the metadata address from virtqueue helpers. This
will allow to implement a vmap based fast accessing to metadata.
Signed-off-by: Jason Wang
---
drivers/vhost/vhost.c | 94 +++
1 file changed, 77 insertions(+), 17 deletions(-)
diff --
This series tries to access virtqueue metadata through kernel virtual
address instead of copy_user() friends since they had too much
overheads like checks, spec barriers or even hardware feature
toggling.
Test shows about 24% improvement on TX PPS. It should benefit other
cases as well.
Changes f
Use one generic vhost_copy_to_user() instead of two dedicated
accessor. This will simplify the conversion to fine grain
accessors. About 2% improvement of PPS were seen during vitio-user
txonly test.
Signed-off-by: Jason Wang
---
drivers/vhost/vhost.c | 11 +--
1 file changed, 1 insertio
On Fri, Dec 28, 2018 at 02:14:58PM +0800, we...@ucloud.cn wrote:
> From: wenxu
>
> For nat example:
> client 1.1.1.7 ---> 2.2.2.7 which dnat to 10.0.0.7 server
>
> When syn_rcv pkt from server it get the peer(client->server) route
> through daddr = ct->tuplehash[!dir].tuple.dst.u3.ip, the value
On 2018/12/29 上午3:34, David Miller wrote:
From: Jason Wang
Date: Fri, 28 Dec 2018 15:55:37 +0800
+static int vhost_invalidate_vmap(struct vhost_virtqueue *vq,
+struct vhost_vmap *map,
+unsigned long uaddr,
+
On 29.12.2018 12:46, Norbert Jurkeit wrote:
> Am 29.12.18 um 03:48 schrieb Florian Fainelli:
>> Heiner; are you positive that the PHY is not in a power down mode
>> (BMCR.PDOWN = 1) at the time the r8169 probe is done? Because if that
>> was the case, there is no guarantee (per 802.3 clause 22 spec
Am 29.12.18 um 03:48 schrieb Florian Fainelli:
Heiner; are you positive that the PHY is not in a power down mode
(BMCR.PDOWN = 1) at the time the r8169 probe is done? Because if that
was the case, there is no guarantee (per 802.3 clause 22 spec) that the
PHY must correctly respond to MDIO operati
Hello,
syzbot found the following crash on:
HEAD commit:5694cecdb092 Merge tag 'arm64-upstream' of git://git.kerne..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=129ee73f40
kernel config: https://syzkaller.appspot.com/x/.config?x=91a256823ef17263
da
From: wenxu
In the forward chain the iif is changed from slave device to master vrf
device. It will lead the offload not match on lower slave device.
This patch make the flollowing example can work correct
ip addr add dev eth0 1.1.1.1/24
ip addr add dev eth1 10.0.0.1/24
ip link add user1 type v
On 29.12.2018 03:48, Florian Fainelli wrote:
> Le 12/28/18 à 6:42 PM, Florian Fainelli a écrit :
>> Le 12/24/18 à 3:21 AM, Heiner Kallweit a écrit :
>>> phy_device_create() uses request_module() to load the PHY driver module
>>> based on the PHY ID of the device. There is some timing issue which
>>
On 29.12.2018 03:42, Florian Fainelli wrote:
> Le 12/24/18 à 3:21 AM, Heiner Kallweit a écrit :
>> phy_device_create() uses request_module() to load the PHY driver module
>> based on the PHY ID of the device. There is some timing issue which
>> sometimes prevents the PHY driver to bind to the devic
On Sat, 29 Dec 2018 00:02:57 +,
Stefan Wahren wrote:
Hi Stephan,
>
> Hi,
> while booting my Raspberry Pi 3 B+ with Linux 4.20 (arm64/defconfig)
> i'm getting the following warning:
>
> [ 11.005738] irq 79 handler irq_default_primary_handler+0x0/0x8 enabled
> interrupts
[...]
> This se
Signed-off-by: Su Yanjun
---
net/ipv6/reassembly.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
index a5bb59e..36a3d8d 100644
--- a/net/ipv6/reassembly.c
+++ b/net/ipv6/reassembly.c
@@ -210,7 +210,7 @@ static int ip6_frag_queue(
From: Wen Yang
Currently there are some issues with the ucc_of_parse_tdm function:
1, a possible null pointer dereference in ucc_of_parse_tdm,
detected by the semantic patch deref_null.cocci,
with the following warning:
drivers/soc/fsl/qe/qe_tdm.c:177:21-24: ERROR: pdev is NULL but dereferenced.
51 matches
Mail list logo
