In smc_release() we release smc->clcsock before unhash the smc
sock, but a parallel smc_diag_dump() may be still reading
smc->clcsock, therefore this could cause a use-after-free as
reported by syzbot.
Reported-and-tested-by: syzbot+fbd1e5476e4c94c7b...@syzkaller.appspotmail.com
Fixes: 51f1de79ad8
On 1/6/19 12:52 AM, Gustavo A. R. Silva wrote:
> There is a memory leak in case genlmsg_put fails.
>
> Fix this by freeing *args* before return.
>
> Addresses-Coverity-ID: 1476406 ("Resource leak")
> Fixes: 46273cf7e009 ("tipc: fix a missing check of genlmsg_put")
> Signed-off-by: Gustavo A. R. S
On Sun, 6 Jan 2019 at 07:10, David Miller wrote:
>
> From: Taehee Yoo
> Date: Mon, 31 Dec 2018 01:31:43 +0900
>
> > +void exit_umh(struct task_struct *tsk)
> > +{
> > + struct umh_info *info;
> > + pid_t pid = tsk->pid;
> > +
> > + mutex_lock(&umh_list_lock);
> > + list_for_each_e
On Sun, Jan 06, 2019 at 12:54:36AM +0100, Daniel Borkmann wrote:
> Follow-up fix to 979d63d50c0c ("bpf: prevent out of bounds speculation
> on pointer arithmetic") in order to reject a corner case for sanitation
> when ptr / scalars are mixed in the same alu op.
Applied, Thanks
From: JianJhen Chen
When handling DNAT'ed packets on a bridge device, the neighbour cache entry
from lookup was used without checking its state. It means that a cache entry
in the NUD_STALE state will be used directly instead of entering the NUD_DELAY
state to confirm the reachability of the neig
On January 5, 2019 5:21:03 AM PST, Heiner Kallweit wrote:
>During a bug analysis we came across the fact that there's no guarantee
>that reading from the ID registers returns a valid value if PHY is
>powered down. When reading invalid values we may load no or the wrong
>PHY driver. Therefore le
This re-introduces the function rtl8723e_dm_refresh_rate_adaptive_mask.
This function was present in a previous version of the code base,
it works just fine for me -- as long as it is not using stale data.
Unlike the original version of this function it avoids using
dm.undec_sm_pwdb when no beaco
This patch moves the clearing of rtlpriv->link_info.num_rx_inperiod in
rtl_watchdog_wq_callback a few lines down.
This is necessary since it is still used in the "AP off" detection
code block. Moved clearing of rtlpriv->link_info.num_rx_inperiod
as well for consistency.
Signed-off-by: Bernd Edlin
When no beacon was received, the value in dm.undec_sm_pwdb is most
likely out of date and should not be used to adjust the input path.
Assume instead that the signal level is low.
Fix the state machine in rtl8723e_dm_cck_packet_detection_thresh
which did not clear pre_cck_fa_state when changing cu
This appears to trigger a firmware bug and causes severe
problems with rtl8723ae PCI devices.
When the power save mode is activated for longer periods
of time the firmware stops to receive any packets.
This problem was exposed by commit 873ffe154ae0 ("rtlwifi:
Fix logic error in enter/exit power-
Currently the rtl8723ae driver is broken (since v4.7).
Connection to AP is lost very often, especially when
the signal level is not very good.
The main issue is the power save mode is basically
not working, and seems to trigger a firmware bug.
So I had to take out the FW LPS mode handling.
While
Follow-up fix to 979d63d50c0c ("bpf: prevent out of bounds speculation
on pointer arithmetic") in order to reject a corner case for sanitation
when ptr / scalars are mixed in the same alu op.
Thanks!
Daniel Borkmann (2):
bpf: fix sanitation of alu op with pointer / scalar type from different pa
While 979d63d50c0c ("bpf: prevent out of bounds speculation on pointer
arithmetic") took care of rejecting alu op on pointer when e.g. pointer
came from two different map values with different map properties such as
value size, Jann reported that a case was not covered yet when a given
alu op is us
Add couple of test_verifier tests to check sanitation of alu op insn
with pointer and scalar type coming from different paths. This also
includes BPF insns of the test reproducer provided by Jann Horn.
Signed-off-by: Daniel Borkmann
Acked-by: Alexei Starovoitov
---
tools/testing/selftests/bpf/t
On Jan 25, 2018 at 08:13:00PM, Pabel wrote:
> On Thu, Jan 18, 2018 at 04:13:25PM +0100, Ahmed Abdelsalam wrote:
> [...]
> > diff --git a/include/uapi/linux/netfilter_ipv6/ip6t_inner6.h
> > b/include/uapi/linux/netfilter_ipv6/ip6t_inner6.h
> > new file mode 100644
> > index 000..7017fa4
> > ---
On 05. Jan (Saturday) v 14:15:16 -0800 2019, David Miller wrote:
> From: Otto Sabart
> Date: Fri, 4 Jan 2019 11:42:29 +0100
>
> > Update reference to checksum-offloads.rst file which was converted into
> > RST.
> >
> > Whole kernel code was grepped for references using:
> > $ grep -r "\(segmenta
The titles do not look very nice in the table of contents generated by
Sphinx.
I also think it is obvious that the documents are describing offloads
in the Linux Networking Stack.
Signed-off-by: Otto Sabart
---
Documentation/networking/checksum-offloads.rst | 6 +++---
Documentation/network
This patch just adds references to offload documents into main table of
contents in network documentation.
Signed-off-by: Otto Sabart
---
Documentation/networking/index.rst | 2 ++
1 file changed, 2 insertions(+)
diff --git a/Documentation/networking/index.rst
b/Documentation/networking/index.
Add small number of markups which are sufficient for conversion
into reStructuredText.
Unfortunately there was necessary to restructure all sections
in checksum-offloads.txt file and create paragraphs separated
by newline. There also must not be a space at the
beginning of paragpraph.
There are n
This patch renames offload files. This is necessary for Sphinx.
Also update reference to checksum-offloads.rst file.
Whole kernel code was grepped for references using:
$ grep -r "\(segmentation\|checksum\)-offloads.txt" .
There should be no other references
to {segmentation,checksum}-offloads.t
Changes in v2:
- Patch #3 and #2 were combined into patch #2.
---
This series of patches integrates checksum-offloads and
segmentation-offloads documents into documentation tree.
These patches do not change semantics of these documents. There are only
changes which are needed for successful inte
On Sat, 2019-01-05 at 10:51 -0700, Jason Gunthorpe wrote:
>
> > Interesting. I've investigated this further, though I don't have as
> > many new clues as I'd like. The problem occurs reliably, at least on
> > one particular type of machine (a POWER8 "Garrison" with ConnectX-4).
> > I don't yet k
From: Taehee Yoo
Date: Mon, 31 Dec 2018 01:31:43 +0900
> +void exit_umh(struct task_struct *tsk)
> +{
> + struct umh_info *info;
> + pid_t pid = tsk->pid;
> +
> + mutex_lock(&umh_list_lock);
> + list_for_each_entry(info, &umh_list, list) {
So this is probably too expensive of a c
From: Otto Sabart
Date: Fri, 4 Jan 2019 11:42:29 +0100
> Update reference to checksum-offloads.rst file which was converted into
> RST.
>
> Whole kernel code was grepped for references using:
> $ grep -r "\(segmentation\|checksum\)-offloads.txt" .
>
> There should be no other references
> to {s
From: David Ahern
Date: Sat, 5 Jan 2019 07:35:04 -0800
> From: David Ahern
>
> I realized the last patch calls dev_get_by_index_rcu in a branch not
> holding the rcu lock. Add the calls to rcu_read_lock and rcu_read_unlock.
>
> Fixes: ec90ad334986 ("ipv6: Consider sk_bound_dev_if when binding
From: Andrew Lunn
Date: Sat, 5 Jan 2019 23:04:12 +0100
> I tend to be more paranoid after listening to recent discussions about
> this. At LPC and online, there have been comments that patches to
> stable are more likely to break something than patches going via the
> normal merge window. Normal
> Quite a few of the latest net commits don't meet the strict criteria
> for a fix (as documented). Means: The risk that a problem could
> occur isn't sufficient, at least one user has to actually face a
> problem. So it seems net vs. net-next criteria is somewhat flexible.
> Therefore I wasn't sur
On 12/21/18 6:23 AM, Marek Vasut wrote:
> On 12/21/2018 05:16 AM, tristram...@microchip.com wrote:
>>> + { \
>>> + .val_bits = (width),\
>>> + .reg_stride = (width) / 8,
From: Heiner Kallweit
Date: Sat, 5 Jan 2019 22:07:50 +0100
> Regarding net vs. net-next:
> Quite a few of the latest net commits don't meet the strict criteria
> for a fix (as documented). Means: The risk that a problem could
> occur isn't sufficient, at least one user has to actually face a
> pr
On 1/5/19 12:38 PM, Bernd Edlinger wrote:
Currently the rtl8723ae driver is broken (since v4.7).
Connection to AP is lost very often, especially when
the signal level is not very good.
The main issue is the power save mode is basically
not working, and seems to trigger a firmware bug.
So I had
On 05.01.2019 18:33, Andrew Lunn wrote:
> On Sat, Jan 05, 2019 at 02:21:03PM +0100, Heiner Kallweit wrote:
>> During a bug analysis we came across the fact that there's no guarantee
>> that reading from the ID registers returns a valid value if PHY is
>> powered down. When reading invalid values we
Naja Melan writes:
> hi,
>
> I have been using network namespaces for a while, mostly with good results.
> Recently I ran into a problem where the cgroup mount points are missing for
> software that needs it (runc).
>
> I discovered that ip netns exec creates a mount namespace to bind mount
>
On Sat, Jan 05, 2019 at 06:39:02PM +, Bernd Edlinger wrote:
> gain control when no beacon was received in the connected state
Hi Bernd
Your patch subject line is too long, so it got chopped in half. Please
use something shorter.
Andrew
This appears to trigger a firmware bug and causes severe
problems with rtl8723ae PCI devices.
When the power save mode is activated for longer periods
of time the firmware stops to receive any packets.
This problem was exposed by commit 873ffe154ae0 ("rtlwifi:
Fix logic error in enter/exit power-
rtlpriv->link_info.num_rx_inperiod in rtl_watchdog_wq_callback a few lines
down
This is necessary since it is still used in the "AP off" detection
code block. Moved clearing of rtlpriv->link_info.num_rx_inperiod
as well for consistency.
Signed-off-by: Bernd Edlinger
---
drivers/net/wireless/r
rtl8723e_dm_refresh_rate_adaptive_mask
This function was present in a previous version of the code base,
it works just fine for me -- as long as it is not using stale data.
Fixed a style nit in rtl8723e_dm_init_rate_adaptive_mask.
Signed-off-by: Bernd Edlinger
---
.../net/wireless/realtek/rtl
gain control when no beacon was received in the connected state
When no beacon was received, the value in dm.undec_sm_pwdb is most
likely out of date and should not be used to adjust the input path.
Assume instead that the signal level is low.
Fix the state machine in rtl8723e_dm_cck_packet_dete
Currently the rtl8723ae driver is broken (since v4.7).
Connection to AP is lost very often, especially when
the signal level is not very good.
The main issue is the power save mode is basically
not working, and seems to trigger a firmware bug.
So I had to take out the FW LPS mode handling.
While
Hi Saeed,
> Most likely the same issue, we are finalizing the patch initially
> proposed by Cong, you can find it here, I plan to submit it next week,
> after all the regression tests.
>
> https://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux.git/commit/?h=topic/csum-fix
>
> It would be n
On Fri, Jan 04, 2019 at 02:44:01PM +1100, David Gibson wrote:
> On Thu, Dec 06, 2018 at 08:45:09AM +0200, Leon Romanovsky wrote:
> > On Thu, Dec 06, 2018 at 03:19:51PM +1100, David Gibson wrote:
> > > Mellanox ConnectX-5 IB cards (MT27800) seem to cause a call trace when
> > > unbound from their re
On Sat, Jan 05, 2019 at 02:21:03PM +0100, Heiner Kallweit wrote:
> During a bug analysis we came across the fact that there's no guarantee
> that reading from the ID registers returns a valid value if PHY is
> powered down. When reading invalid values we may load no or the wrong
> PHY driver. There
There is a memory leak in case genlmsg_put fails.
Fix this by freeing *args* before return.
Addresses-Coverity-ID: 1476406 ("Resource leak")
Fixes: 46273cf7e009 ("tipc: fix a missing check of genlmsg_put")
Signed-off-by: Gustavo A. R. Silva
---
net/tipc/netlink_compat.c | 4 +++-
1 file changed
On 1/5/19 10:30 AM, Bernd Edlinger wrote:
On 1/5/19 5:13 PM, Larry Finger wrote:
but this works:
modprobe rtl8723ae debug_mask=0x debug_level=5 swlps=1 fwlps=0
Yes, I think that is a better thing to do now. If and when Realtek finds a
firmware bug, and when the new firmware is readil
On 1/5/19 5:13 PM, Larry Finger wrote:
>> but this works:
>>
>> modprobe rtl8723ae debug_mask=0x debug_level=5 swlps=1 fwlps=0
>
> Yes, I think that is a better thing to do now. If and when Realtek finds a
> firmware bug, and when the new firmware is readily available, then there will
>
On 1/5/19 5:31 AM, Bernd Edlinger wrote:
On 1/5/19 3:44 AM, Larry Finger wrote:
On 1/4/19 6:48 AM, Bernd Edlinger wrote:
This appears to trigger a firmware bug and causes severe
problems with rtl8723ae PCI devices.
When the power save mode is activated for longer periods
of time the firmware s
Hi Toshiaki,
Thanks a lot for the feedback.
On Tue, Jan 1, 2019 at 5:44 AM Toshiaki Makita
wrote:
>
> Hi, William. Nice work.
> I have some feedback and questions.
>
> > + while (peer_rq->xsk_umem && budget--) {
> > + unsigned int inner_xdp_xmit = 0;
> > + unsigned in
On Thu, 20 Dec 2018 14:21:32 -0800
Jonathan Lemon wrote:
> Return pfmemalloc pages back to the page allocator, instead of holding them
> in the page pool.
>
> Signed-off-by: Jonathan Lemon
> ---
> net/core/page_pool.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/ne
From: David Ahern
I realized the last patch calls dev_get_by_index_rcu in a branch not
holding the rcu lock. Add the calls to rcu_read_lock and rcu_read_unlock.
Fixes: ec90ad334986 ("ipv6: Consider sk_bound_dev_if when binding a socket to a
v4 mapped address")
Signed-off-by: David Ahern
---
n
When nla_parse fails, we should not use the results (the first
argument). The fix checks if it fails, and if so, returns its error code
upstream.
Signed-off-by: Aditya Pakki
---
net/netfilter/ipset/ip_set_core.c | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/net/net
Hi list!
I've been tracing down an ethernet issue on the stm32f746-discovery
board. Several additional device tree entries were required, so there
may be a patch forthcoming for those in the near future, but then the
ethernet mac seemed to fail on dma initialization[1] after
smmac_open() is called
On 2019-01-05 9:14 a.m., Mark Lord wrote:
> A couple of years back, I reported data corruption resulting from
> a change in kernel 3.16 which enabled hardware checksums in the r8152 driver.
> This was happening on an embedded system that was using a r8152 USB dongle.
>
> At the time, it was very d
A couple of years back, I reported data corruption resulting from
a change in kernel 3.16 which enabled hardware checksums in the r8152 driver.
This was happening on an embedded system that was using a r8152 USB dongle.
At the time, it was very difficult to figure out what could possibly be causin
On 05.01.2019 14:21, Heiner Kallweit wrote:
> During a bug analysis we came across the fact that there's no guarantee
> that reading from the ID registers returns a valid value if PHY is
> powered down. When reading invalid values we may load no or the wrong
> PHY driver. Therefore let's play safe
This function is unreadable enough without indenting mismatches
and unnecessary line breaks.
Signed-off-by: Bjørn Mork
---
drivers/net/usb/cdc_ether.c | 26 +++---
1 file changed, 11 insertions(+), 15 deletions(-)
diff --git a/drivers/net/usb/cdc_ether.c b/drivers/net/usb/cd
During a bug analysis we came across the fact that there's no guarantee
that reading from the ID registers returns a valid value if PHY is
powered down. When reading invalid values we may load no or the wrong
PHY driver. Therefore let's play safe and power up the PHY before
reading the ID registers
2019-01-04 09:36 UTC-0800 ~ Y Song
On Fri, Jan 4, 2019 at 6:27 AM Quentin Monnet
wrote:
2019-01-03 22:35 UTC-0800 ~ Y Song
On Thu, Jan 3, 2019 at 9:27 AM Quentin Monnet
wrote:
Add probes to dump a number of options set (or not set) for compiling
the kernel image. These parameters provide
In case a neighbour message is of family AF_BRIDE the NDA_DST attribute
was not printed so far. With this patch the family is evaluated to pass
the correct family to format_host_rta.
Signed-off-by: Tobias Jungel
---
ip/ipneigh.c | 12 ++--
1 file changed, 10 insertions(+), 2 deletions(-)
On 1/5/19 3:44 AM, Larry Finger wrote:
> On 1/4/19 6:48 AM, Bernd Edlinger wrote:
>> This appears to trigger a firmware bug and causes severe
>> problems with rtl8723ae PCI devices.
>>
>> When the power save mode is activated for longer periods
>> of time the firmware stops to receive any packets.
On 1/4/19 10:41 PM, David Miller wrote:
> From: Marc Kleine-Budde
> Date: Fri, 4 Jan 2019 15:55:26 +0100
>
>> From: Oliver Hartkopp
>>
>> Muyu Yu provided a POC where user root with CAP_NET_ADMIN can create a CAN
>> frame modification rule that makes the data length code a higher value than
>>
On 2019/01/03 2:06, Tetsuo Handa wrote:
> On 2018/12/31 17:24, Dmitry Vyukov wrote:
Since this involves OOMs and looks like a one-off induced memory
corruption:
#syz dup: kernel panic: corrupted stack end in wb_workfn
>>>
>>> Why?
>>>
>>> RCU stall in this case is likely t
Cong Wang wrote:
> > - hlist_for_each_entry(tmp, &node->hhead, bydst)
> > - tmp->bydst_reinsert = true;
> > - hlist_for_each_entry(tmp, &n->hhead, bydst)
> > + hlist_for_each_entry(tmp, &n->hhead, bydst
Cong Wang wrote:
> > - hlist_for_each_entry(tmp, &v->hhead, bydst)
> > - tmp->bydst_reinsert = true;
> > - hlist_for_each_entry(tmp, &n->hhead, bydst)
> > + hlist_for_each_entry(tmp, &v->hhead, bydst) {
>
>
> hlist_for_each_entry_safe()?
Good question. Its not n
Cong Wang wrote:
> On Fri, Jan 4, 2019 at 5:19 AM Florian Westphal wrote:
> >
> > An xfrm hash rebuild has to reset the inexact policy list before the
> > policies get re-inserted: A change of hash thresholds will result in
> > policies to get moved from inexact tree to the policy hash table.
> >
Hi,
On 04/01/2019 20:21, Andreas Färber wrote:
The picoGW reference MCU firmware implements a USB CDC or UART interface
with a set of serial commands. It can be found on multiple mPCIe cards
as well as USB adapters.
https://github.com/Lora-net/picoGW_mcu
That MCU design superseded earlier a
On Fri, Jan 4, 2019 at 11:58 PM syzbot
wrote:
>
> syzbot has found a reproducer for the following crash on:
>
> HEAD commit:96d4f267e40f Remove 'type' argument from access_ok() funct..
> git tree: net
> console output: https://syzkaller.appspot.com/x/log.txt?x=160c9a80c0
> kernel con
65 matches
Mail list logo
