Re: [PATCH iproute2-next v1 3/9] rdma: Add filtering infrastructure

On Thu, Jan 04, 2018 at 08:29:31PM -0700, David Ahern wrote: > On 1/4/18 12:01 AM, Leon Romanovsky wrote: > > diff --git a/rdma/utils.c b/rdma/utils.c > > index af2b374d..446c23da 100644 > > --- a/rdma/utils.c > > +++ b/rdma/utils.c > > @@ -114,6 +114,225 @@ static void dev_map_cleanup(struct rd

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

On Sat, Jan 06, 2018 at 07:38:14PM -0800, Alexei Starovoitov wrote: > yep. plenty of unknowns and what's happening now is an overreaction. To be fair there's overreaction on both sides. The vast majority of users need to get a 100% safe system and will never notice any difference. A few of us

[PATCH v2 net-next] net: tracepoint: exposing sk_faimily in tracepoint inet_sock_set_state

As of now, there're two sk_family are traced with sock:inet_sock_set_state, which are AF_INET and AF_INET6. So the sk_family are exposed as well. Then we can conveniently use it to do the filter. Both sk_family and sk_protocol are showed in the printk message, so we need not expose them as

Re: [PATCH net] ipv6: remove null_entry before adding default route

On Sat, Jan 06, 2018 at 05:41:28PM -0800, Wei Wang wrote: > On Fri, Jan 5, 2018 at 11:42 PM, Martin KaFai Lau wrote: > > On Fri, Jan 05, 2018 at 05:38:35PM -0800, Wei Wang wrote: > >> From: Wei Wang > >> > >> In the current code, when creating a new fib6 table,

Re: [PATCH net-next] net: tracepoint: adding new tracepoint arguments in inet_sock_set_state

On Sun, Jan 7, 2018 at 1:46 AM, Song Liu wrote: > >> On Jan 5, 2018, at 12:09 AM, Yafang Shao wrote: >> >> On Fri, Jan 5, 2018 at 3:21 PM, Song Liu wrote: >>> On Jan 4, 2018, at 10:42 PM, Yafang Shao

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

On Sat, Jan 06, 2018 at 11:05:07PM +, Alan Cox wrote: > > Even if it would be practical the speed probably going to be in bytes per > > second, > > so to read anything meaningful an attack detection techniques (that people > > are actively working on) will be able to catch it. > > At the end

Re: [PATCH net-next v3 00/10] net: qualcomm: rmnet: Enable csum offloads

It's there, in state "Changes Requested" because you were given feedback on your patch series and you must address it. "Changes Requested" state patches do not show up in the default view, you must explicitly adjust the search criteria to see patches which are not in state which qualifies as

[RFC] memdup_user() and friends

After reviewing memdup_user() callers, I've found several places where it got completely unbounded values passed for size (up to 2Gb), as well as some bounded by ridiculously high values - e.g. if (size > 1024 * 128) /* sane value */ return -EINVAL;

Re: [PATCH net] ipv6: remove null_entry before adding default route

On Fri, Jan 5, 2018 at 11:42 PM, Martin KaFai Lau wrote: > On Fri, Jan 05, 2018 at 05:38:35PM -0800, Wei Wang wrote: >> From: Wei Wang >> >> In the current code, when creating a new fib6 table, tb6_root.leaf gets >> initialized to net->ipv6.ip6_null_entry. >> If

Re: [PATCH] net: ipv4: Remove MTU check in IP_HDRINCL send flow

From: Yonatan Goldschmidt Date: Sun, 7 Jan 2018 01:26:48 +0200 > IP fragmentation can be performed as expected down the stack, without touching > irrelevant fields in the included header besides fragment offset, setting > IP_MF and header checksum. > If the included header

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

From: Willy Tarreau Date: Sat, 6 Jan 2018 21:42:29 +0100 > On Sat, Jan 06, 2018 at 06:38:59PM +, Alan Cox wrote: >> Normally people who propose security fixes don't have to argue about the >> fact they added 30 clocks to avoid your box being 0wned. > > In fact it depends,

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

On Sat, Jan 6, 2018 at 3:31 PM, Dan Williams wrote: > > I assume if we put this in uaccess_begin() we also need audit for > paths that use access_ok but don't do on to call uaccess_begin()? A > quick glance shows a few places where we are open coding the stac(). >

Re: [PATCH net-next v3 00/10] net: qualcomm: rmnet: Enable csum offloads

From: Subash Abhinov Kasiviswanathan Date: Fri, 05 Jan 2018 18:05:23 -0700 > I dont see this series in patchwork. It's there, in state "Changes Requested" because you were given feedback on your patch series and you must address it. "Changes Requested" state patches do

Re: [PATCH 0/2] tests: fix issues in autopkgtest environment

On Tue, 2018-01-02 at 08:28 +0100, Christian Ehrhardt wrote: > Hi, > while working on Debian bug [1] and the Ubuntu counterpart of it > I found that the tests can throw a broken pipe warning. > > I kept the associated check-and-retry of the length separate to > discuss the changes individually -

Re: [net-next] netfilter: add segment routing header 'srh' match

Hi Ahmed, On Fri, Dec 29, 2017 at 12:07:52PM +0100, Ahmed Abdelsalam wrote: > It allows matching packets based on Segment Routing Header > (SRH) information. > The implementation considers revision 7 of the SRH draft. > https://tools.ietf.org/html/draft-ietf-6man-segment-routing-header-07 > >

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

On Fri, Jan 5, 2018 at 7:09 PM, Linus Torvalds wrote: > On Fri, Jan 5, 2018 at 6:52 PM, Linus Torvalds > wrote: >> >> The fact is, we have to stop speculating when access_ok() does *not* >> fail - because that's when we'll actually do

[PATCH] net: ipv4: Remove MTU check in IP_HDRINCL send flow

IP fragmentation can be performed as expected down the stack, without touching irrelevant fields in the included header besides fragment offset, setting IP_MF and header checksum. If the included header has IP_DF set, EMSGSIZE is returned. This allows users of IP_HDRINCL to have the kernel

Re: [bpf-net PATCH v2] bpf: sockmap missing NULL psock check

On 01/05/2018 05:02 AM, John Fastabend wrote: > Add psock NULL check to handle a racing sock event that can get the > sk_callback_lock before this case but after xchg happens causing the > refcnt to hit zero and sock user data (psock) to be null and queued > for garbage collection. > > Also add a

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

> Even if it would be practical the speed probably going to be in bytes per > second, > so to read anything meaningful an attack detection techniques (that people > are actively working on) will be able to catch it. > At the end security cannot be absolute. > The current level of paranoia

Re: [PATCH bpf-next v2 0/2] bpf: implement syscall command BPF_MAP_GET_NEXT_KEY for stacktrace map

On 01/04/2018 10:55 PM, Yonghong Song wrote: > The patch set implements bpf syscall command BPF_MAP_GET_NEXT_KEY > for stacktrace map. Patch #1 is the core implementation > and Patch #2 implements a bpf test at tools/testing/selftests/bpf > directory. Please see individual patch comments for

Re: [PATCH] netfilter: fix int overflow in xt_alloc_table_info()

On Thu, Dec 28, 2017 at 09:48:54AM +0100, Dmitry Vyukov wrote: > syzkaller triggered OOM kills by passing ipt_replace.size = -1 > to IPT_SO_SET_REPLACE. The root cause is that SMP_ALIGN() in > xt_alloc_table_info() causes int overflow and the size check passes > when it should not. SMP_ALIGN() is

Re: [PATCH] atm/clip: Use seq_puts() in svc_addr()

On Sat, 6 Jan 2018 22:44:08 +0100 SF Markus Elfring wrote: > From: Markus Elfring > Date: Sat, 6 Jan 2018 22:34:12 +0100 > > Two strings should be quickly put into a sequence by two function calls. > Thus use the function "seq_puts"

[PATCH] atm/clip: Use seq_puts() in svc_addr()

From: Markus Elfring Date: Sat, 6 Jan 2018 22:34:12 +0100 Two strings should be quickly put into a sequence by two function calls. Thus use the function "seq_puts" instead of "seq_printf". This issue was detected by using the Coccinelle software. Signed-off-by:

Re: dvb usb issues since kernel 4.9

On Sat, 6 Jan 2018, Mauro Carvalho Chehab wrote: > Hi Josef, > > Em Sat, 6 Jan 2018 16:04:16 +0100 > "Josef Griebichler" escreveu: > > > Hi, > > > > the causing commit has been identified. > > After reverting commit > >

[PATCH] sh_eth: fix TXALCR1 offsets

The TXALCR1 offsets are incorrect in the register offset tables, most probably due to copy error. Luckily, the driver never uses this register. :-) Fixes: 4a55530f38e4 ("net: sh_eth: modify the definitions of register") Signed-off-by: Sergei Shtylyov ---

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

On Sat, 6 Jan 2018, Alexei Starovoitov wrote: > So how about we do array_access() macro similar to above by default > with extra CONFIG_ to convert it to lfence ? > Why default to AND approach instead of lfence ? > Because the kernel should still be usable. If security > sacrifices performance so

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

On Sat, Jan 06, 2018 at 08:22:13PM +, Alan Cox wrote: > > "Value prediction consists of predicting entire 32- and 64-bit register > > values > > based on previously-seen values" > > For their implementation yes > > > > > > In other words there are at least two problems with Linus

Re: [PATCH bpf-next v5 2/4] libbpf: add error reporting in XDP

On 01/04/2018 09:21 AM, Eric Leblond wrote: > Parse netlink ext attribute to get the error message returned by > the card. Code is partially take from libnl. > > Signed-off-by: Eric Leblond > Acked-by: Alexei Starovoitov > --- > samples/bpf/Makefile | 2 +-

Aw: Re: dvb usb issues since kernel 4.9

Hi, thanks for adding the people involved! Yes arm and x86 are affected. Bisecting was not done by me on a x86_64 machine on mainline kernel and not raspbian kernel (https://forum.libreelec.tv/thread/4235-dvb-issue-since-le-switched-to-kernel-4-9-x/?postID=75965#post75965). In the mentioned

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

On Sat, Jan 06, 2018 at 06:38:59PM +, Alan Cox wrote: > Normally people who propose security fixes don't have to argue about the > fact they added 30 clocks to avoid your box being 0wned. In fact it depends, because if a fix makes the system unusable for its initial purpose, this fix will

Re: [patch net-next v6 06/11] net: sched: use block index as a handle instead of qdisc when block is shared

Sat, Jan 06, 2018 at 12:09:24AM CET, j...@resnulli.us wrote: >From: Jiri Pirko > >As the tcm_ifindex 0 is invalid ifindex, reuse it to indicate that we >work with block, instead of qdisc. So if tcm_ifindex is 0, tcm_parent is >used to carry block_index. > >If the block is set

Re: [patch net-next v6 00/11] net: sched: allow qdiscs to share filter block instances

Sat, Jan 06, 2018 at 07:16:10PM CET, j...@mojatatu.com wrote: >On 18-01-06 12:41 PM, David Ahern wrote: >> On 1/6/18 1:07 AM, Jiri Pirko wrote: >> > Sat, Jan 06, 2018 at 04:57:21AM CET, dsah...@gmail.com wrote: >> > > On 1/5/18 4:09 PM, Jiri Pirko wrote: >> > > > From: Jiri Pirko

Re: [patch net-next v6 00/11] net: sched: allow qdiscs to share filter block instances

Sat, Jan 06, 2018 at 06:41:18PM CET, dsah...@gmail.com wrote: >On 1/6/18 1:07 AM, Jiri Pirko wrote: >> Sat, Jan 06, 2018 at 04:57:21AM CET, dsah...@gmail.com wrote: >>> On 1/5/18 4:09 PM, Jiri Pirko wrote: From: Jiri Pirko Currently the filters added to qdiscs

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

> "Value prediction consists of predicting entire 32- and 64-bit register values > based on previously-seen values" For their implementation yes > > > In other words there are at least two problems with Linus proposal > > > > 1. The / mask has to be generated and that has to involve

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

On Sat, Jan 06, 2018 at 07:55:51PM +, Alan Cox wrote: > > cpus execute what they see. speculative execution does the same > > except results are not committed to visible registers and stay > > in renanmed/shadow set. There is no 'undo' of the speculative execution. > > The whole issue is that

Re: [PATCH 00/18] prevent bounds-check bypass via speculative execution

On Sat, Jan 6, 2018 at 11:37 AM, Dan Williams wrote: > On Fri, Jan 5, 2018 at 5:09 PM, Dan Williams wrote: >> Quoting Mark's original RFC: >> >> "Recently, Google Project Zero discovered several classes of attack >> against speculative

Re: dvb usb issues since kernel 4.9

Hi Josef, Em Sat, 6 Jan 2018 16:04:16 +0100 "Josef Griebichler" escreveu: > Hi, > > the causing commit has been identified. > After reverting commit >

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

> cpus execute what they see. speculative execution does the same > except results are not committed to visible registers and stay > in renanmed/shadow set. There is no 'undo' of the speculative execution. > The whole issue is that cache and branch predictor don't have > a shadow unlike registers.

Re: [iproute2 2/2] ss: fix NULL pointer access when parsing unix sockets with oldformat

Hi, On 07/01/18 03:28, Stefano Brivio wrote: > On Sun, 7 Jan 2018 02:31:50 +0800 > Antonio Quartulli wrote: > >> When parsing and printing the unix sockets in unix_show(), >> if the oldformat is detected, the peer_name member of the sockstat >> object is left uninitialized

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

On Sat, 6 Jan 2018, Alexei Starovoitov wrote: > On Sat, Jan 06, 2018 at 10:54:27AM -0800, Dan Williams wrote: > > On Sat, Jan 6, 2018 at 10:39 AM, Alexei Starovoitov > > wrote: > > [..] > > >> retpoline is variant-2, this patch series is about variant-1. > > > > > >

Re: [PATCH 00/18] prevent bounds-check bypass via speculative execution

On Fri, Jan 5, 2018 at 5:09 PM, Dan Williams wrote: > Quoting Mark's original RFC: > > "Recently, Google Project Zero discovered several classes of attack > against speculative execution. One of these, known as variant-1, allows > explicit bounds checks to be bypassed

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

On Sat, Jan 6, 2018 at 11:25 AM, Alexei Starovoitov wrote: > On Sat, Jan 06, 2018 at 10:54:27AM -0800, Dan Williams wrote: >> On Sat, Jan 6, 2018 at 10:39 AM, Alexei Starovoitov >> wrote: >> [..] >> >> retpoline is variant-2, this patch

Re: [PATCH 0/2] Ether fixes for the SolutionEngine771x boards

On 01/05/2018 06:54 PM, David Miller wrote: Here's the series of 2 patches against Linus' repo. This series should (hoplefully) fix the Ether support on the SolutionEngine771x boards... [1/2] SolutionEngine771x: fix Ether platform data [2/2] SolutionEngine771x: add Ether TSU resource Looks

Re: [patch net-next v6 00/11] net: sched: allow qdiscs to share filter block instances

On 1/6/18 11:02 AM, Jamal Hadi Salim wrote: > BTW: From your output, DavidA, i noticed something strange: > two flower filters with the same handle id 0x1 (different prios) > and also two filters with the same prio (but different handles). > I see one was added using :dev .." - how were the other

Re: [iproute2 2/2] ss: fix NULL pointer access when parsing unix sockets with oldformat

On Sun, 7 Jan 2018 02:31:50 +0800 Antonio Quartulli wrote: > When parsing and printing the unix sockets in unix_show(), > if the oldformat is detected, the peer_name member of the sockstat > object is left uninitialized (NULL). Luckily, it is initialized. I'd rather say:

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

On Sat, Jan 06, 2018 at 10:54:27AM -0800, Dan Williams wrote: > On Sat, Jan 6, 2018 at 10:39 AM, Alexei Starovoitov > wrote: > [..] > >> retpoline is variant-2, this patch series is about variant-1. > > > > that's exactly the point. Don't slow down the kernel with

Re: [RFC PATCH 3/3] tcp: Add tunable parameters for TSQ

Thank you, Eric and David, for the time spent in reviewing our work. Some comments inline: On 05/01/18 at 03:53am, Eric Dumazet wrote: > I do not want to add yet another condition in fast path. > Just put an arbitrary large value in the existing sysctl, no need for > extra code. Due to the

Re: [PATCH 04/31] net: add support for ->poll_mask in proto_ops

On Thu, Jan 04, 2018 at 09:00:16AM +0100, Christoph Hellwig wrote: > The socket file operations still implement ->poll until all protocols are > switched over. > > Signed-off-by: Christoph Hellwig > --- > include/linux/net.h | 3 +++ > net/socket.c| 61 >

Re: [PATCH 03/31] fs: introduce new ->get_poll_head and ->poll_mask methods

On Thu, Jan 04, 2018 at 09:00:15AM +0100, Christoph Hellwig wrote: > ->get_poll_head returns the waitqueue that the poll operation is going > to sleep on. Note that this means we can only use a single waitqueue > for the poll, unlike some current drivers that use two waitqueues for > different

Re: [PATCH 02/31] fs: add new vfs_poll and file_can_poll helpers

On Thu, Jan 04, 2018 at 09:00:14AM +0100, Christoph Hellwig wrote: > These abstract out calls to the poll method in preparation for changes to > those methods. FWIW, I would make vfs_poll() static inline __poll_t vfs_poll(struct file *file, struct poll_table_struct *pt) { if

[iproute2 2/2] ss: fix NULL pointer access when parsing unix sockets with oldformat

When parsing and printing the unix sockets in unix_show(), if the oldformat is detected, the peer_name member of the sockstat object is left uninitialized (NULL). For this reason, if a filter has been specified on the command line, a strcmp() will crash when trying to access it. Avoid crash by

[iproute2 1/2] ss: fix crash when skipping disabled header field

When the first header field is disabled (i.e. when passing the -t option), field_flush() is invoked with the `buffer` global variable still zero'd. However, in field_flush() we try to access buffer.cur->len during variables initialization, thus leading to a SIGSEGV. It's interesting to note that

Re: [PATCH 0/2] Ether fixes for the SolutionEngine771x boards

Oops, forgot to add v2 to the subjects... :-/

Re: [PATCH v2] openvswitch: Trim off padding before L3+ netfilter processing

On Fri, Jan 5, 2018 at 10:59 PM, Ed Swierk wrote: > > > On Jan 5, 2018 22:17, "Pravin Shelar" wrote: > > On Fri, Jan 5, 2018 at 3:20 PM, Ed Swierk > wrote: >> On Fri, Jan 5, 2018 at 10:14 AM, Ed Swierk

[PATCH 2/2] SolutionEngine771x: add Ether TSU resource

After the Ether platform data is fixed, the driver probe() method would still fail since the 'struct sh_eth_cpu_data' corresponding to SH771x indicates the presence of TSU but the memory resource for it is absent. Add the missing TSU resource to both Ether devices and fix the harmless

[PATCH 0/2] Ether fixes for the SolutionEngine771x boards

Hello! Here's the series of 2 patches against Linus' repo. This series should (hoplefully) fix the Ether support on the SolutionEngine771x boards... [1/2] SolutionEngine771x: fix Ether platform data [2/2] SolutionEngine771x: add Ether TSU resource MBR, Sergei

Re: [PATCH 00/18] prevent bounds-check bypass via speculative execution

Le 01/05/18 à 17:09, Dan Williams a écrit : > Quoting Mark's original RFC: > > "Recently, Google Project Zero discovered several classes of attack > against speculative execution. One of these, known as variant-1, allows > explicit bounds checks to be bypassed under speculation, providing an >

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

On Sat, Jan 6, 2018 at 10:39 AM, Alexei Starovoitov wrote: [..] >> retpoline is variant-2, this patch series is about variant-1. > > that's exactly the point. Don't slow down the kernel with lfences > to solve variant 1. retpoline for 2 is ok from long term kernel >

Re: [PATCH 00/18] prevent bounds-check bypass via speculative execution

It sounds like Coverity was used to produce these patches? If so, is there a plan to have smatch (hey Dan) or other open source static analysis tool be possibly enhanced to do a similar type of work? I'd love for that to happen; the tricky part is being able to have even a sort of sensible

[PATCH 1/2] SolutionEngine771x: fix Ether platform data

The 'sh_eth' driver's probe() method would fail on the SolutionEngine7710 board and crash on SolutionEngine7712 board as the platform code is hopelessly behind the driver's platform data -- it passes the PHY address instead of 'struct sh_eth_plat_data *'; pass the latter to the driver in order

Re: [iproute2 1/2] ss: fix crash when skipping disabled header field

On Sun, 7 Jan 2018 02:31:49 +0800 Antonio Quartulli wrote: > When the first header field is disabled (i.e. when passing the -t > option), field_flush() is invoked with the `buffer` global variable > still zero'd. > However, in field_flush() we try to access buffer.cur->len >

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

On Sat, Jan 06, 2018 at 06:38:59PM +, Alan Cox wrote: > On Sat, 6 Jan 2018 10:13:33 -0800 > Alexei Starovoitov wrote: > > > On Sat, Jan 06, 2018 at 12:32:42PM +, Alan Cox wrote: > > > On Fri, 5 Jan 2018 18:52:07 -0800 > > > Linus Torvalds

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

On Sat, Jan 06, 2018 at 10:29:49AM -0800, Dan Williams wrote: > On Sat, Jan 6, 2018 at 10:13 AM, Alexei Starovoitov > wrote: > > On Sat, Jan 06, 2018 at 12:32:42PM +, Alan Cox wrote: > >> On Fri, 5 Jan 2018 18:52:07 -0800 > >> Linus Torvalds

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

On Sat, 6 Jan 2018 10:13:33 -0800 Alexei Starovoitov wrote: > On Sat, Jan 06, 2018 at 12:32:42PM +, Alan Cox wrote: > > On Fri, 5 Jan 2018 18:52:07 -0800 > > Linus Torvalds wrote: > > > > > On Fri, Jan 5, 2018 at 5:10 PM, Dan

Re: [patch net-next v6 00/11] net: sched: allow qdiscs to share filter block instances

On 18-01-06 01:02 PM, Jamal Hadi Salim wrote: On 18-01-06 04:48 AM, Jiri Pirko wrote: BTW: From your output, DavidA, i noticed something strange: two flower filters with the same handle id 0x1 (different prios) At least on the kernel i am using this is the exhibited default behavior. I can

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

On Sat, Jan 6, 2018 at 10:13 AM, Alexei Starovoitov wrote: > On Sat, Jan 06, 2018 at 12:32:42PM +, Alan Cox wrote: >> On Fri, 5 Jan 2018 18:52:07 -0800 >> Linus Torvalds wrote: >> >> > On Fri, Jan 5, 2018 at 5:10 PM, Dan Williams

Re: [patch net-next v6 00/11] net: sched: allow qdiscs to share filter block instances

On 18-01-06 12:41 PM, David Ahern wrote: On 1/6/18 1:07 AM, Jiri Pirko wrote: Sat, Jan 06, 2018 at 04:57:21AM CET, dsah...@gmail.com wrote: On 1/5/18 4:09 PM, Jiri Pirko wrote: From: Jiri Pirko $ tc filter show block 22 $ echo $? 0 $ tc qdisc show | grep block qdisc

Re: [PATCH 1/2] SolutionEngine771x: fix Ether platform data

Hello! On 01/03/2018 11:08 PM, Sergei Shtylyov wrote: The 'sh_eth' driver's probe() method would fail on the SolutionEngine7710 board and crash on SolutionEngine7712 board as the platform code is hopelessly behind the driver's platform data -- it passes the PHY address instead of 'struct

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

On Sat, Jan 06, 2018 at 12:32:42PM +, Alan Cox wrote: > On Fri, 5 Jan 2018 18:52:07 -0800 > Linus Torvalds wrote: > > > On Fri, Jan 5, 2018 at 5:10 PM, Dan Williams > > wrote: > > > From: Andi Kleen > > > > > >

Re: [PATCH 14/18] ipv4: prevent bounds-check bypass via speculative execution

On Sat, Jan 6, 2018 at 8:29 AM, Dan Williams wrote: > On Sat, Jan 6, 2018 at 7:14 AM, Greg KH wrote: >> On Sat, Jan 06, 2018 at 12:23:47PM +, Alan Cox wrote: >>> On Sat, 6 Jan 2018 10:01:54 +0100 >>> Greg KH

Re: [PATCH 13/18] ipv6: prevent bounds-check bypass via speculative execution

On Sat, Jan 6, 2018 at 6:48 AM, Stephen Hemminger wrote: > On Fri, 05 Jan 2018 17:11:04 -0800 > Dan Williams wrote: > >> Static analysis reports that 'offset' may be a user controlled value >> that is used as a data dependency reading from a

Re: [patch net-next v6 00/11] net: sched: allow qdiscs to share filter block instances

On 18-01-06 04:48 AM, Jiri Pirko wrote: [..] Or, do you think it should work like: $ tc qdisc add dev ens8 ingress $ tc qdisc qdisc ingress : dev ens8 parent :fff1 > $ tc qdisc add dev ens7 ingress block 22 > $ tc qdisc qdisc ingress : dev ens7 parent :fff1 block 22 qdisc

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

On Sat, Jan 6, 2018 at 4:32 AM, Alan Cox wrote: > > Also for x86-64 if we are trusting that an AND with a constant won't get > speculated into something else surely we can just and the address with ~(1 > << 63) before copying from/to user space ? The user will then

Re: [PATCH net-next] net: tracepoint: adding new tracepoint arguments in inet_sock_set_state

> On Jan 5, 2018, at 12:09 AM, Yafang Shao wrote: > > On Fri, Jan 5, 2018 at 3:21 PM, Song Liu wrote: >> >>> On Jan 4, 2018, at 10:42 PM, Yafang Shao wrote: >>> >>> sk->sk_protocol and sk->sk_family are exposed as tracepoint

Re: [PATCH 07/18] [media] uvcvideo: prevent bounds-check bypass via speculative execution

On Sat, Jan 6, 2018 at 1:40 AM, Greg KH wrote: > On Sat, Jan 06, 2018 at 10:09:07AM +0100, Greg KH wrote: >> On Fri, Jan 05, 2018 at 05:10:32PM -0800, Dan Williams wrote: >> > Static analysis reports that 'index' may be a user controlled value that >> > is used as a

Re: [patch net-next v6 00/11] net: sched: allow qdiscs to share filter block instances

On 1/6/18 1:07 AM, Jiri Pirko wrote: > Sat, Jan 06, 2018 at 04:57:21AM CET, dsah...@gmail.com wrote: >> On 1/5/18 4:09 PM, Jiri Pirko wrote: >>> From: Jiri Pirko >>> >>> Currently the filters added to qdiscs are independent. So for example if you >>> have 2 netdevices and you

Re: KASAN: use-after-free Read in sctp_packet_transmit

On 1/5/18, syzbot wrote: > Hello, > > syzkaller hit the following crash on > 8a4816cad00bf14642f0ed6043b32d29a05006ce > git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/master > compiler: gcc (GCC) 7.1.1 20170620 > .config is

Re: [PATCH 12/18] Thermal/int340x: prevent bounds-check bypass via speculative execution

On Fri, 2018-01-05 at 17:57 -0800, Dan Williams wrote: > On Fri, Jan 5, 2018 at 5:53 PM, Srinivas Pandruvada > wrote: > > > > On Fri, 2018-01-05 at 17:10 -0800, Dan Williams wrote: > > > > > > Static analysis reports that 'trip' may be a user controlled > >

Re: KASAN: use-after-free Read in sctp_packet_transmit

Em 6 de janeiro de 2018 15:09:45 BRST, Dmitry Vyukov escreveu: >On Sat, Jan 6, 2018 at 6:02 PM, Marcelo Ricardo Leitner > wrote: >> On Fri, Jan 05, 2018 at 02:07:01PM -0800, syzbot wrote: >>> Hello, >>> >>> syzkaller hit the following crash on >>>

Re: [patch net-next v6 01/11] net: sched: introduce support for multiple filter chain pointers registration

Sat, Jan 06, 2018 at 12:09:19AM CET, j...@resnulli.us wrote: >From: Jiri Pirko > >So far, there was possible only to register a single filter chain >pointer to block->chain[0]. However, when the blocks will get shareable, >we need to allow multiple filter chain pointers

Re: KASAN: use-after-free Read in sctp_packet_transmit

On Sat, Jan 6, 2018 at 6:02 PM, Marcelo Ricardo Leitner wrote: > On Fri, Jan 05, 2018 at 02:07:01PM -0800, syzbot wrote: >> Hello, >> >> syzkaller hit the following crash on >> 8a4816cad00bf14642f0ed6043b32d29a05006ce >>

Re: [PATCH 01/18] asm-generic/barrier: add generic nospec helpers

On Fri, Jan 05, 2018 at 09:23:06PM -0800, Dan Williams wrote: > On Fri, Jan 5, 2018 at 6:55 PM, Linus Torvalds > wrote: > > On Fri, Jan 5, 2018 at 5:09 PM, Dan Williams > > wrote: > >> +#ifndef nospec_ptr > >> +#define nospec_ptr(ptr, lo,

Re: KASAN: use-after-free Read in sctp_packet_transmit

On Fri, Jan 05, 2018 at 02:07:01PM -0800, syzbot wrote: > Hello, > > syzkaller hit the following crash on > 8a4816cad00bf14642f0ed6043b32d29a05006ce > git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/master > compiler: gcc (GCC) 7.1.1 20170620 > .config is attached > Raw console

Re: [PATCH 0/2] net: dsa: lan9303: check error value from devm_gpiod_get_optional()

Den 13. nov. 2017 09:07, skrev Phil Reid: Replaces Pan Bian patch "net: dsa: lan9303: correctly check return value of devm_gpiod_get_optional" Errors need to be prograted back from probe. Note: I have only compile tested the code as I don't have the hardware. Phil Reid

Re: [PATCH 08/18] carl9170: prevent bounds-check bypass via speculative execution

On Saturday, January 6, 2018 4:06:21 PM CET Alan Cox wrote: > > The only way a user can set this in any meaningful way would be via > > a NL80211_CMD_SET_WIPHY netlink message. However, the value will get > > vetted there by cfg80211's parse_txq_params [0]. This is long before > > Far more than a

Re: [PATCH 08/18] carl9170: prevent bounds-check bypass via speculative execution

On Sat, Jan 6, 2018 at 6:23 AM, Christian Lamparter wrote: > On Saturday, January 6, 2018 2:10:37 AM CET Dan Williams wrote: >> Static analysis reports that 'queue' may be a user controlled value that >> is used as a data dependency to read from the 'ar9170_qmap' array. In >>

Re: [PATCH 14/18] ipv4: prevent bounds-check bypass via speculative execution

On Sat, Jan 6, 2018 at 7:14 AM, Greg KH wrote: > On Sat, Jan 06, 2018 at 12:23:47PM +, Alan Cox wrote: >> On Sat, 6 Jan 2018 10:01:54 +0100 >> Greg KH wrote: >> >> > On Fri, Jan 05, 2018 at 05:11:10PM -0800, Dan Williams wrote: >> > >

Re: [PATCH net-next 06/20] net: hns3: Modify the update period of packet statistics

> >Is it because the static void is on the previous line? > Yes, it is because the static void is on the previous line. > > I can add one patch to fix the previous line , and this patch will correct > automatically. > > do it need V2 patchset? or push a new patch after this patchset? Thanks

Re: [PATCH 14/18] ipv4: prevent bounds-check bypass via speculative execution

On Sat, Jan 06, 2018 at 12:23:47PM +, Alan Cox wrote: > On Sat, 6 Jan 2018 10:01:54 +0100 > Greg KH wrote: > > > On Fri, Jan 05, 2018 at 05:11:10PM -0800, Dan Williams wrote: > > > Static analysis reports that 'offset' may be a user controlled value > > > > Can

Re: [PATCH 08/18] carl9170: prevent bounds-check bypass via speculative execution

> The only way a user can set this in any meaningful way would be via > a NL80211_CMD_SET_WIPHY netlink message. However, the value will get > vetted there by cfg80211's parse_txq_params [0]. This is long before Far more than a couple of hundred instructions ? The problem is that the processor

Re: [PATCH 13/18] ipv6: prevent bounds-check bypass via speculative execution

On Fri, 05 Jan 2018 17:11:04 -0800 Dan Williams wrote: > Static analysis reports that 'offset' may be a user controlled value > that is used as a data dependency reading from a raw6_frag_vec buffer. > In order to avoid potential leaks of kernel memory values, block >

Re: [net-next v2] ipv6: sr: export some functions of seg6local

On Thu, 04 Jan 2018 13:37:33 -0500 (EST) David Miller wrote: > From: Ahmed Abdelsalam > Date: Sat, 30 Dec 2017 00:08:32 +0100 > > > Some functions of seg6local are very useful to process SRv6 > > encapsulated packets > > > > This patch exports some

Re: [PATCH 3.2 01/06] "bridge should send gratuitous ARP to notify peer while a bond, which is a port of this bridge, changes."

On Sat, 6 Jan 2018 17:25:20 +0800 邢庆杰 wrote: > We create bond0 and add eth0 as slaves. Eth0 is active. Then we add > bond0 > into br0 as a bridge port. Br0 has ip address. When eth0 is down, after > bond0's > failover eth1 become active. At this moment, we need br0 send a

Re: [PATCH 08/18] carl9170: prevent bounds-check bypass via speculative execution

On Saturday, January 6, 2018 2:10:37 AM CET Dan Williams wrote: > Static analysis reports that 'queue' may be a user controlled value that > is used as a data dependency to read from the 'ar9170_qmap' array. In > order to avoid potential leaks of kernel memory values, block > speculative execution

[PATCH net-next v6 2/3] net: socionext: Add Synquacer NetSec driver

From: Jassi Brar This driver adds support for Socionext "netsec" IP Gigabit Ethernet + PHY IP used in the Synquacer SC2A11 SoC. Signed-off-by: Ard Biesheuvel Signed-off-by: Jassi Brar ---

[PATCH net-next v6 3/3] MAINTAINERS: Add entry for Socionext ethernet driver

From: Jassi Brar Add entry for the Socionext Netsec controller driver and DT bindings. Acked-by: Ard Biesheuvel Signed-off-by: Jassi Brar --- MAINTAINERS | 7 +++ 1 file changed, 7 insertions(+) diff

[PATCH net-next v6 1/3] dt-bindings: net: Add DT bindings for Socionext Netsec

From: Jassi Brar This patch adds documentation for Device-Tree bindings for the Socionext NetSec Controller driver. Reviewed-by: Rob Herring Signed-off-by: Jassi Brar Signed-off-by: Ard Biesheuvel

[PATCH net-next v6 0/3] Socionext Synquacer NETSEC driver

From: Jassi Brar Changes since v5 # Removed helper macros # Removed 'inline' qualifier # Changed multiline empty comment to single line # Added 'clock-names' property in DT binding example # Ignore 'clock-names' property in

Re: [PATCH] netfilter: fix int overflow in xt_alloc_table_info()

On Thu, Dec 28, 2017 at 9:48 AM, Dmitry Vyukov wrote: > syzkaller triggered OOM kills by passing ipt_replace.size = -1 > to IPT_SO_SET_REPLACE. The root cause is that SMP_ALIGN() in > xt_alloc_table_info() causes int overflow and the size check passes > when it should not.

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

On Fri, 5 Jan 2018 18:52:07 -0800 Linus Torvalds wrote: > On Fri, Jan 5, 2018 at 5:10 PM, Dan Williams wrote: > > From: Andi Kleen > > > > When access_ok fails we should always stop speculating. > > Add the required

  1   2   >