On Thu, Jan 04, 2018 at 08:29:31PM -0700, David Ahern wrote:
> On 1/4/18 12:01 AM, Leon Romanovsky wrote:
> > diff --git a/rdma/utils.c b/rdma/utils.c
> > index af2b374d..446c23da 100644
> > --- a/rdma/utils.c
> > +++ b/rdma/utils.c
> > @@ -114,6 +114,225 @@ static void dev_map_cleanup(struct rd
On Sat, Jan 06, 2018 at 07:38:14PM -0800, Alexei Starovoitov wrote:
> yep. plenty of unknowns and what's happening now is an overreaction.
To be fair there's overreaction on both sides. The vast majority of
users need to get a 100% safe system and will never notice any
difference. A few of us
As of now, there're two sk_family are traced with sock:inet_sock_set_state,
which are AF_INET and AF_INET6.
So the sk_family are exposed as well.
Then we can conveniently use it to do the filter.
Both sk_family and sk_protocol are showed in the printk message, so we need
not expose them as
On Sat, Jan 06, 2018 at 05:41:28PM -0800, Wei Wang wrote:
> On Fri, Jan 5, 2018 at 11:42 PM, Martin KaFai Lau wrote:
> > On Fri, Jan 05, 2018 at 05:38:35PM -0800, Wei Wang wrote:
> >> From: Wei Wang
> >>
> >> In the current code, when creating a new fib6 table,
On Sun, Jan 7, 2018 at 1:46 AM, Song Liu wrote:
>
>> On Jan 5, 2018, at 12:09 AM, Yafang Shao wrote:
>>
>> On Fri, Jan 5, 2018 at 3:21 PM, Song Liu wrote:
>>>
On Jan 4, 2018, at 10:42 PM, Yafang Shao
On Sat, Jan 06, 2018 at 11:05:07PM +, Alan Cox wrote:
> > Even if it would be practical the speed probably going to be in bytes per
> > second,
> > so to read anything meaningful an attack detection techniques (that people
> > are actively working on) will be able to catch it.
> > At the end
It's there, in state "Changes Requested" because you were given
feedback on your patch series and you must address it.
"Changes Requested" state patches do not show up in the default
view, you must explicitly adjust the search criteria to see
patches which are not in state which qualifies as
After reviewing memdup_user() callers, I've found several places
where it got completely unbounded values passed for size (up to 2Gb),
as well as some bounded by ridiculously high values - e.g.
if (size > 1024 * 128) /* sane value */
return -EINVAL;
On Fri, Jan 5, 2018 at 11:42 PM, Martin KaFai Lau wrote:
> On Fri, Jan 05, 2018 at 05:38:35PM -0800, Wei Wang wrote:
>> From: Wei Wang
>>
>> In the current code, when creating a new fib6 table, tb6_root.leaf gets
>> initialized to net->ipv6.ip6_null_entry.
>> If
From: Yonatan Goldschmidt
Date: Sun, 7 Jan 2018 01:26:48 +0200
> IP fragmentation can be performed as expected down the stack, without touching
> irrelevant fields in the included header besides fragment offset, setting
> IP_MF and header checksum.
> If the included header
From: Willy Tarreau
Date: Sat, 6 Jan 2018 21:42:29 +0100
> On Sat, Jan 06, 2018 at 06:38:59PM +, Alan Cox wrote:
>> Normally people who propose security fixes don't have to argue about the
>> fact they added 30 clocks to avoid your box being 0wned.
>
> In fact it depends,
On Sat, Jan 6, 2018 at 3:31 PM, Dan Williams wrote:
>
> I assume if we put this in uaccess_begin() we also need audit for
> paths that use access_ok but don't do on to call uaccess_begin()? A
> quick glance shows a few places where we are open coding the stac().
>
From: Subash Abhinov Kasiviswanathan
Date: Fri, 05 Jan 2018 18:05:23 -0700
> I dont see this series in patchwork.
It's there, in state "Changes Requested" because you were given
feedback on your patch series and you must address it.
"Changes Requested" state patches do
On Tue, 2018-01-02 at 08:28 +0100, Christian Ehrhardt wrote:
> Hi,
> while working on Debian bug [1] and the Ubuntu counterpart of it
> I found that the tests can throw a broken pipe warning.
>
> I kept the associated check-and-retry of the length separate to
> discuss the changes individually -
Hi Ahmed,
On Fri, Dec 29, 2017 at 12:07:52PM +0100, Ahmed Abdelsalam wrote:
> It allows matching packets based on Segment Routing Header
> (SRH) information.
> The implementation considers revision 7 of the SRH draft.
> https://tools.ietf.org/html/draft-ietf-6man-segment-routing-header-07
>
>
On Fri, Jan 5, 2018 at 7:09 PM, Linus Torvalds
wrote:
> On Fri, Jan 5, 2018 at 6:52 PM, Linus Torvalds
> wrote:
>>
>> The fact is, we have to stop speculating when access_ok() does *not*
>> fail - because that's when we'll actually do
IP fragmentation can be performed as expected down the stack, without touching
irrelevant fields in the included header besides fragment offset, setting
IP_MF and header checksum.
If the included header has IP_DF set, EMSGSIZE is returned.
This allows users of IP_HDRINCL to have the kernel
On 01/05/2018 05:02 AM, John Fastabend wrote:
> Add psock NULL check to handle a racing sock event that can get the
> sk_callback_lock before this case but after xchg happens causing the
> refcnt to hit zero and sock user data (psock) to be null and queued
> for garbage collection.
>
> Also add a
> Even if it would be practical the speed probably going to be in bytes per
> second,
> so to read anything meaningful an attack detection techniques (that people
> are actively working on) will be able to catch it.
> At the end security cannot be absolute.
> The current level of paranoia
On 01/04/2018 10:55 PM, Yonghong Song wrote:
> The patch set implements bpf syscall command BPF_MAP_GET_NEXT_KEY
> for stacktrace map. Patch #1 is the core implementation
> and Patch #2 implements a bpf test at tools/testing/selftests/bpf
> directory. Please see individual patch comments for
On Thu, Dec 28, 2017 at 09:48:54AM +0100, Dmitry Vyukov wrote:
> syzkaller triggered OOM kills by passing ipt_replace.size = -1
> to IPT_SO_SET_REPLACE. The root cause is that SMP_ALIGN() in
> xt_alloc_table_info() causes int overflow and the size check passes
> when it should not. SMP_ALIGN() is
On Sat, 6 Jan 2018 22:44:08 +0100
SF Markus Elfring wrote:
> From: Markus Elfring
> Date: Sat, 6 Jan 2018 22:34:12 +0100
>
> Two strings should be quickly put into a sequence by two function calls.
> Thus use the function "seq_puts"
From: Markus Elfring
Date: Sat, 6 Jan 2018 22:34:12 +0100
Two strings should be quickly put into a sequence by two function calls.
Thus use the function "seq_puts" instead of "seq_printf".
This issue was detected by using the Coccinelle software.
Signed-off-by:
On Sat, 6 Jan 2018, Mauro Carvalho Chehab wrote:
> Hi Josef,
>
> Em Sat, 6 Jan 2018 16:04:16 +0100
> "Josef Griebichler" escreveu:
>
> > Hi,
> >
> > the causing commit has been identified.
> > After reverting commit
> >
The TXALCR1 offsets are incorrect in the register offset tables, most
probably due to copy error. Luckily, the driver never uses this
register. :-)
Fixes: 4a55530f38e4 ("net: sh_eth: modify the definitions of register")
Signed-off-by: Sergei Shtylyov
---
On Sat, 6 Jan 2018, Alexei Starovoitov wrote:
> So how about we do array_access() macro similar to above by default
> with extra CONFIG_ to convert it to lfence ?
> Why default to AND approach instead of lfence ?
> Because the kernel should still be usable. If security
> sacrifices performance so
On Sat, Jan 06, 2018 at 08:22:13PM +, Alan Cox wrote:
> > "Value prediction consists of predicting entire 32- and 64-bit register
> > values
> > based on previously-seen values"
>
> For their implementation yes
>
> >
> > > In other words there are at least two problems with Linus
On 01/04/2018 09:21 AM, Eric Leblond wrote:
> Parse netlink ext attribute to get the error message returned by
> the card. Code is partially take from libnl.
>
> Signed-off-by: Eric Leblond
> Acked-by: Alexei Starovoitov
> ---
> samples/bpf/Makefile | 2 +-
Hi,
thanks for adding the people involved!
Yes arm and x86 are affected.
Bisecting was not done by me on a x86_64 machine on mainline kernel and not
raspbian kernel
(https://forum.libreelec.tv/thread/4235-dvb-issue-since-le-switched-to-kernel-4-9-x/?postID=75965#post75965).
In the mentioned
On Sat, Jan 06, 2018 at 06:38:59PM +, Alan Cox wrote:
> Normally people who propose security fixes don't have to argue about the
> fact they added 30 clocks to avoid your box being 0wned.
In fact it depends, because if a fix makes the system unusable for its
initial purpose, this fix will
Sat, Jan 06, 2018 at 12:09:24AM CET, j...@resnulli.us wrote:
>From: Jiri Pirko
>
>As the tcm_ifindex 0 is invalid ifindex, reuse it to indicate that we
>work with block, instead of qdisc. So if tcm_ifindex is 0, tcm_parent is
>used to carry block_index.
>
>If the block is set
Sat, Jan 06, 2018 at 07:16:10PM CET, j...@mojatatu.com wrote:
>On 18-01-06 12:41 PM, David Ahern wrote:
>> On 1/6/18 1:07 AM, Jiri Pirko wrote:
>> > Sat, Jan 06, 2018 at 04:57:21AM CET, dsah...@gmail.com wrote:
>> > > On 1/5/18 4:09 PM, Jiri Pirko wrote:
>> > > > From: Jiri Pirko
Sat, Jan 06, 2018 at 06:41:18PM CET, dsah...@gmail.com wrote:
>On 1/6/18 1:07 AM, Jiri Pirko wrote:
>> Sat, Jan 06, 2018 at 04:57:21AM CET, dsah...@gmail.com wrote:
>>> On 1/5/18 4:09 PM, Jiri Pirko wrote:
From: Jiri Pirko
Currently the filters added to qdiscs
> "Value prediction consists of predicting entire 32- and 64-bit register values
> based on previously-seen values"
For their implementation yes
>
> > In other words there are at least two problems with Linus proposal
> >
> > 1. The / mask has to be generated and that has to involve
On Sat, Jan 06, 2018 at 07:55:51PM +, Alan Cox wrote:
> > cpus execute what they see. speculative execution does the same
> > except results are not committed to visible registers and stay
> > in renanmed/shadow set. There is no 'undo' of the speculative execution.
> > The whole issue is that
On Sat, Jan 6, 2018 at 11:37 AM, Dan Williams wrote:
> On Fri, Jan 5, 2018 at 5:09 PM, Dan Williams wrote:
>> Quoting Mark's original RFC:
>>
>> "Recently, Google Project Zero discovered several classes of attack
>> against speculative
Hi Josef,
Em Sat, 6 Jan 2018 16:04:16 +0100
"Josef Griebichler" escreveu:
> Hi,
>
> the causing commit has been identified.
> After reverting commit
>
> cpus execute what they see. speculative execution does the same
> except results are not committed to visible registers and stay
> in renanmed/shadow set. There is no 'undo' of the speculative execution.
> The whole issue is that cache and branch predictor don't have
> a shadow unlike registers.
Hi,
On 07/01/18 03:28, Stefano Brivio wrote:
> On Sun, 7 Jan 2018 02:31:50 +0800
> Antonio Quartulli wrote:
>
>> When parsing and printing the unix sockets in unix_show(),
>> if the oldformat is detected, the peer_name member of the sockstat
>> object is left uninitialized
On Sat, 6 Jan 2018, Alexei Starovoitov wrote:
> On Sat, Jan 06, 2018 at 10:54:27AM -0800, Dan Williams wrote:
> > On Sat, Jan 6, 2018 at 10:39 AM, Alexei Starovoitov
> > wrote:
> > [..]
> > >> retpoline is variant-2, this patch series is about variant-1.
> > >
> > >
On Fri, Jan 5, 2018 at 5:09 PM, Dan Williams wrote:
> Quoting Mark's original RFC:
>
> "Recently, Google Project Zero discovered several classes of attack
> against speculative execution. One of these, known as variant-1, allows
> explicit bounds checks to be bypassed
On Sat, Jan 6, 2018 at 11:25 AM, Alexei Starovoitov
wrote:
> On Sat, Jan 06, 2018 at 10:54:27AM -0800, Dan Williams wrote:
>> On Sat, Jan 6, 2018 at 10:39 AM, Alexei Starovoitov
>> wrote:
>> [..]
>> >> retpoline is variant-2, this patch
On 01/05/2018 06:54 PM, David Miller wrote:
Here's the series of 2 patches against Linus' repo. This series should
(hoplefully) fix the Ether support on the SolutionEngine771x boards...
[1/2] SolutionEngine771x: fix Ether platform data
[2/2] SolutionEngine771x: add Ether TSU resource
Looks
On 1/6/18 11:02 AM, Jamal Hadi Salim wrote:
> BTW: From your output, DavidA, i noticed something strange:
> two flower filters with the same handle id 0x1 (different prios)
> and also two filters with the same prio (but different handles).
> I see one was added using :dev .." - how were the other
On Sun, 7 Jan 2018 02:31:50 +0800
Antonio Quartulli wrote:
> When parsing and printing the unix sockets in unix_show(),
> if the oldformat is detected, the peer_name member of the sockstat
> object is left uninitialized (NULL).
Luckily, it is initialized. I'd rather say:
On Sat, Jan 06, 2018 at 10:54:27AM -0800, Dan Williams wrote:
> On Sat, Jan 6, 2018 at 10:39 AM, Alexei Starovoitov
> wrote:
> [..]
> >> retpoline is variant-2, this patch series is about variant-1.
> >
> > that's exactly the point. Don't slow down the kernel with
Thank you, Eric and David, for the time spent in reviewing our work.
Some comments inline:
On 05/01/18 at 03:53am, Eric Dumazet wrote:
> I do not want to add yet another condition in fast path.
> Just put an arbitrary large value in the existing sysctl, no need for
> extra code.
Due to the
On Thu, Jan 04, 2018 at 09:00:16AM +0100, Christoph Hellwig wrote:
> The socket file operations still implement ->poll until all protocols are
> switched over.
>
> Signed-off-by: Christoph Hellwig
> ---
> include/linux/net.h | 3 +++
> net/socket.c| 61
>
On Thu, Jan 04, 2018 at 09:00:15AM +0100, Christoph Hellwig wrote:
> ->get_poll_head returns the waitqueue that the poll operation is going
> to sleep on. Note that this means we can only use a single waitqueue
> for the poll, unlike some current drivers that use two waitqueues for
> different
On Thu, Jan 04, 2018 at 09:00:14AM +0100, Christoph Hellwig wrote:
> These abstract out calls to the poll method in preparation for changes to
> those methods.
FWIW, I would make vfs_poll()
static inline __poll_t vfs_poll(struct file *file, struct poll_table_struct *pt)
{
if
When parsing and printing the unix sockets in unix_show(),
if the oldformat is detected, the peer_name member of the sockstat
object is left uninitialized (NULL).
For this reason, if a filter has been specified on the command line,
a strcmp() will crash when trying to access it.
Avoid crash by
When the first header field is disabled (i.e. when passing the -t
option), field_flush() is invoked with the `buffer` global variable
still zero'd.
However, in field_flush() we try to access buffer.cur->len
during variables initialization, thus leading to a SIGSEGV.
It's interesting to note that
Oops, forgot to add v2 to the subjects... :-/
On Fri, Jan 5, 2018 at 10:59 PM, Ed Swierk wrote:
>
>
> On Jan 5, 2018 22:17, "Pravin Shelar" wrote:
>
> On Fri, Jan 5, 2018 at 3:20 PM, Ed Swierk
> wrote:
>> On Fri, Jan 5, 2018 at 10:14 AM, Ed Swierk
After the Ether platform data is fixed, the driver probe() method would
still fail since the 'struct sh_eth_cpu_data' corresponding to SH771x
indicates the presence of TSU but the memory resource for it is absent.
Add the missing TSU resource to both Ether devices and fix the harmless
Hello!
Here's the series of 2 patches against Linus' repo. This series should
(hoplefully) fix the Ether support on the SolutionEngine771x boards...
[1/2] SolutionEngine771x: fix Ether platform data
[2/2] SolutionEngine771x: add Ether TSU resource
MBR, Sergei
Le 01/05/18 à 17:09, Dan Williams a écrit :
> Quoting Mark's original RFC:
>
> "Recently, Google Project Zero discovered several classes of attack
> against speculative execution. One of these, known as variant-1, allows
> explicit bounds checks to be bypassed under speculation, providing an
>
On Sat, Jan 6, 2018 at 10:39 AM, Alexei Starovoitov
wrote:
[..]
>> retpoline is variant-2, this patch series is about variant-1.
>
> that's exactly the point. Don't slow down the kernel with lfences
> to solve variant 1. retpoline for 2 is ok from long term kernel
>
It sounds like Coverity was used to produce these patches? If so, is
there a plan to have smatch (hey Dan) or other open source static
analysis tool be possibly enhanced to do a similar type of work?
I'd love for that to happen; the tricky part is being able to have even a
sort of sensible
The 'sh_eth' driver's probe() method would fail on the SolutionEngine7710
board and crash on SolutionEngine7712 board as the platform code is
hopelessly behind the driver's platform data -- it passes the PHY address
instead of 'struct sh_eth_plat_data *'; pass the latter to the driver in
order
On Sun, 7 Jan 2018 02:31:49 +0800
Antonio Quartulli wrote:
> When the first header field is disabled (i.e. when passing the -t
> option), field_flush() is invoked with the `buffer` global variable
> still zero'd.
> However, in field_flush() we try to access buffer.cur->len
>
On Sat, Jan 06, 2018 at 06:38:59PM +, Alan Cox wrote:
> On Sat, 6 Jan 2018 10:13:33 -0800
> Alexei Starovoitov wrote:
>
> > On Sat, Jan 06, 2018 at 12:32:42PM +, Alan Cox wrote:
> > > On Fri, 5 Jan 2018 18:52:07 -0800
> > > Linus Torvalds
On Sat, Jan 06, 2018 at 10:29:49AM -0800, Dan Williams wrote:
> On Sat, Jan 6, 2018 at 10:13 AM, Alexei Starovoitov
> wrote:
> > On Sat, Jan 06, 2018 at 12:32:42PM +, Alan Cox wrote:
> >> On Fri, 5 Jan 2018 18:52:07 -0800
> >> Linus Torvalds
On Sat, 6 Jan 2018 10:13:33 -0800
Alexei Starovoitov wrote:
> On Sat, Jan 06, 2018 at 12:32:42PM +, Alan Cox wrote:
> > On Fri, 5 Jan 2018 18:52:07 -0800
> > Linus Torvalds wrote:
> >
> > > On Fri, Jan 5, 2018 at 5:10 PM, Dan
On 18-01-06 01:02 PM, Jamal Hadi Salim wrote:
On 18-01-06 04:48 AM, Jiri Pirko wrote:
BTW: From your output, DavidA, i noticed something strange:
two flower filters with the same handle id 0x1 (different prios)
At least on the kernel i am using this is the exhibited default
behavior. I can
On Sat, Jan 6, 2018 at 10:13 AM, Alexei Starovoitov
wrote:
> On Sat, Jan 06, 2018 at 12:32:42PM +, Alan Cox wrote:
>> On Fri, 5 Jan 2018 18:52:07 -0800
>> Linus Torvalds wrote:
>>
>> > On Fri, Jan 5, 2018 at 5:10 PM, Dan Williams
On 18-01-06 12:41 PM, David Ahern wrote:
On 1/6/18 1:07 AM, Jiri Pirko wrote:
Sat, Jan 06, 2018 at 04:57:21AM CET, dsah...@gmail.com wrote:
On 1/5/18 4:09 PM, Jiri Pirko wrote:
From: Jiri Pirko
$ tc filter show block 22
$ echo $?
0
$ tc qdisc show | grep block
qdisc
Hello!
On 01/03/2018 11:08 PM, Sergei Shtylyov wrote:
The 'sh_eth' driver's probe() method would fail on the SolutionEngine7710
board and crash on SolutionEngine7712 board as the platform code is
hopelessly behind the driver's platform data -- it passes the PHY address
instead of 'struct
On Sat, Jan 06, 2018 at 12:32:42PM +, Alan Cox wrote:
> On Fri, 5 Jan 2018 18:52:07 -0800
> Linus Torvalds wrote:
>
> > On Fri, Jan 5, 2018 at 5:10 PM, Dan Williams
> > wrote:
> > > From: Andi Kleen
> > >
> > >
On Sat, Jan 6, 2018 at 8:29 AM, Dan Williams wrote:
> On Sat, Jan 6, 2018 at 7:14 AM, Greg KH wrote:
>> On Sat, Jan 06, 2018 at 12:23:47PM +, Alan Cox wrote:
>>> On Sat, 6 Jan 2018 10:01:54 +0100
>>> Greg KH
On Sat, Jan 6, 2018 at 6:48 AM, Stephen Hemminger
wrote:
> On Fri, 05 Jan 2018 17:11:04 -0800
> Dan Williams wrote:
>
>> Static analysis reports that 'offset' may be a user controlled value
>> that is used as a data dependency reading from a
On 18-01-06 04:48 AM, Jiri Pirko wrote:
[..]
Or, do you think it should work like:
$ tc qdisc add dev ens8 ingress
$ tc qdisc
qdisc ingress : dev ens8 parent :fff1
>
$ tc qdisc add dev ens7 ingress block 22
>
$ tc qdisc
qdisc ingress : dev ens7 parent :fff1 block 22
qdisc
On Sat, Jan 6, 2018 at 4:32 AM, Alan Cox wrote:
>
> Also for x86-64 if we are trusting that an AND with a constant won't get
> speculated into something else surely we can just and the address with ~(1
> << 63) before copying from/to user space ? The user will then
> On Jan 5, 2018, at 12:09 AM, Yafang Shao wrote:
>
> On Fri, Jan 5, 2018 at 3:21 PM, Song Liu wrote:
>>
>>> On Jan 4, 2018, at 10:42 PM, Yafang Shao wrote:
>>>
>>> sk->sk_protocol and sk->sk_family are exposed as tracepoint
On Sat, Jan 6, 2018 at 1:40 AM, Greg KH wrote:
> On Sat, Jan 06, 2018 at 10:09:07AM +0100, Greg KH wrote:
>> On Fri, Jan 05, 2018 at 05:10:32PM -0800, Dan Williams wrote:
>> > Static analysis reports that 'index' may be a user controlled value that
>> > is used as a
On 1/6/18 1:07 AM, Jiri Pirko wrote:
> Sat, Jan 06, 2018 at 04:57:21AM CET, dsah...@gmail.com wrote:
>> On 1/5/18 4:09 PM, Jiri Pirko wrote:
>>> From: Jiri Pirko
>>>
>>> Currently the filters added to qdiscs are independent. So for example if you
>>> have 2 netdevices and you
On 1/5/18, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 8a4816cad00bf14642f0ed6043b32d29a05006ce
> git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is
On Fri, 2018-01-05 at 17:57 -0800, Dan Williams wrote:
> On Fri, Jan 5, 2018 at 5:53 PM, Srinivas Pandruvada
> wrote:
> >
> > On Fri, 2018-01-05 at 17:10 -0800, Dan Williams wrote:
> > >
> > > Static analysis reports that 'trip' may be a user controlled
> >
Em 6 de janeiro de 2018 15:09:45 BRST, Dmitry Vyukov
escreveu:
>On Sat, Jan 6, 2018 at 6:02 PM, Marcelo Ricardo Leitner
> wrote:
>> On Fri, Jan 05, 2018 at 02:07:01PM -0800, syzbot wrote:
>>> Hello,
>>>
>>> syzkaller hit the following crash on
>>>
Sat, Jan 06, 2018 at 12:09:19AM CET, j...@resnulli.us wrote:
>From: Jiri Pirko
>
>So far, there was possible only to register a single filter chain
>pointer to block->chain[0]. However, when the blocks will get shareable,
>we need to allow multiple filter chain pointers
On Sat, Jan 6, 2018 at 6:02 PM, Marcelo Ricardo Leitner
wrote:
> On Fri, Jan 05, 2018 at 02:07:01PM -0800, syzbot wrote:
>> Hello,
>>
>> syzkaller hit the following crash on
>> 8a4816cad00bf14642f0ed6043b32d29a05006ce
>>
On Fri, Jan 05, 2018 at 09:23:06PM -0800, Dan Williams wrote:
> On Fri, Jan 5, 2018 at 6:55 PM, Linus Torvalds
> wrote:
> > On Fri, Jan 5, 2018 at 5:09 PM, Dan Williams
> > wrote:
> >> +#ifndef nospec_ptr
> >> +#define nospec_ptr(ptr, lo,
On Fri, Jan 05, 2018 at 02:07:01PM -0800, syzbot wrote:
> Hello,
>
> syzkaller hit the following crash on
> 8a4816cad00bf14642f0ed6043b32d29a05006ce
> git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console
Den 13. nov. 2017 09:07, skrev Phil Reid:
Replaces Pan Bian patch
"net: dsa: lan9303: correctly check return value of devm_gpiod_get_optional"
Errors need to be prograted back from probe.
Note: I have only compile tested the code as I don't have the hardware.
Phil Reid
On Saturday, January 6, 2018 4:06:21 PM CET Alan Cox wrote:
> > The only way a user can set this in any meaningful way would be via
> > a NL80211_CMD_SET_WIPHY netlink message. However, the value will get
> > vetted there by cfg80211's parse_txq_params [0]. This is long before
>
> Far more than a
On Sat, Jan 6, 2018 at 6:23 AM, Christian Lamparter wrote:
> On Saturday, January 6, 2018 2:10:37 AM CET Dan Williams wrote:
>> Static analysis reports that 'queue' may be a user controlled value that
>> is used as a data dependency to read from the 'ar9170_qmap' array. In
>>
On Sat, Jan 6, 2018 at 7:14 AM, Greg KH wrote:
> On Sat, Jan 06, 2018 at 12:23:47PM +, Alan Cox wrote:
>> On Sat, 6 Jan 2018 10:01:54 +0100
>> Greg KH wrote:
>>
>> > On Fri, Jan 05, 2018 at 05:11:10PM -0800, Dan Williams wrote:
>> > >
> >Is it because the static void is on the previous line?
> Yes, it is because the static void is on the previous line.
>
> I can add one patch to fix the previous line , and this patch will correct
> automatically.
>
> do it need V2 patchset? or push a new patch after this patchset?
Thanks
On Sat, Jan 06, 2018 at 12:23:47PM +, Alan Cox wrote:
> On Sat, 6 Jan 2018 10:01:54 +0100
> Greg KH wrote:
>
> > On Fri, Jan 05, 2018 at 05:11:10PM -0800, Dan Williams wrote:
> > > Static analysis reports that 'offset' may be a user controlled value
> >
> > Can
> The only way a user can set this in any meaningful way would be via
> a NL80211_CMD_SET_WIPHY netlink message. However, the value will get
> vetted there by cfg80211's parse_txq_params [0]. This is long before
Far more than a couple of hundred instructions ? The problem is that the
processor
On Fri, 05 Jan 2018 17:11:04 -0800
Dan Williams wrote:
> Static analysis reports that 'offset' may be a user controlled value
> that is used as a data dependency reading from a raw6_frag_vec buffer.
> In order to avoid potential leaks of kernel memory values, block
>
On Thu, 04 Jan 2018 13:37:33 -0500 (EST)
David Miller wrote:
> From: Ahmed Abdelsalam
> Date: Sat, 30 Dec 2017 00:08:32 +0100
>
> > Some functions of seg6local are very useful to process SRv6
> > encapsulated packets
> >
> > This patch exports some
On Sat, 6 Jan 2018 17:25:20 +0800
邢庆杰 wrote:
> We create bond0 and add eth0 as slaves. Eth0 is active. Then we add
> bond0
> into br0 as a bridge port. Br0 has ip address. When eth0 is down, after
> bond0's
> failover eth1 become active. At this moment, we need br0 send a
On Saturday, January 6, 2018 2:10:37 AM CET Dan Williams wrote:
> Static analysis reports that 'queue' may be a user controlled value that
> is used as a data dependency to read from the 'ar9170_qmap' array. In
> order to avoid potential leaks of kernel memory values, block
> speculative execution
From: Jassi Brar
This driver adds support for Socionext "netsec" IP Gigabit
Ethernet + PHY IP used in the Synquacer SC2A11 SoC.
Signed-off-by: Ard Biesheuvel
Signed-off-by: Jassi Brar
---
From: Jassi Brar
Add entry for the Socionext Netsec controller driver and DT bindings.
Acked-by: Ard Biesheuvel
Signed-off-by: Jassi Brar
---
MAINTAINERS | 7 +++
1 file changed, 7 insertions(+)
diff
From: Jassi Brar
This patch adds documentation for Device-Tree bindings for the
Socionext NetSec Controller driver.
Reviewed-by: Rob Herring
Signed-off-by: Jassi Brar
Signed-off-by: Ard Biesheuvel
From: Jassi Brar
Changes since v5
# Removed helper macros
# Removed 'inline' qualifier
# Changed multiline empty comment to single line
# Added 'clock-names' property in DT binding example
# Ignore 'clock-names' property in
On Thu, Dec 28, 2017 at 9:48 AM, Dmitry Vyukov wrote:
> syzkaller triggered OOM kills by passing ipt_replace.size = -1
> to IPT_SO_SET_REPLACE. The root cause is that SMP_ALIGN() in
> xt_alloc_table_info() causes int overflow and the size check passes
> when it should not.
On Fri, 5 Jan 2018 18:52:07 -0800
Linus Torvalds wrote:
> On Fri, Jan 5, 2018 at 5:10 PM, Dan Williams wrote:
> > From: Andi Kleen
> >
> > When access_ok fails we should always stop speculating.
> > Add the required
1 - 100 of 117 matches
Mail list logo