Re: [PATCH bpf-next v8 01/11] fs,security: Add a security blob to nameidata

On Tue, Feb 27, 2018 at 12:57:21AM +, Al Viro wrote: > On Tue, Feb 27, 2018 at 01:41:11AM +0100, Mickaël Salaün wrote: > > The function current_nameidata_security(struct inode *) can be used to > > retrieve a blob's pointer address tied to the inode being walk through.

Re: [PATCH bpf-next v8 01/11] fs,security: Add a security blob to nameidata

On Tue, Feb 27, 2018 at 01:41:11AM +0100, Mickaël Salaün wrote: > The function current_nameidata_security(struct inode *) can be used to > retrieve a blob's pointer address tied to the inode being walk through. > This enable to follow a path lookup and know where an inode access come > from. This

[git pull] reducing kernel_recvmsg() use

c19: tipc: switch to sock_recvmsg() (2017-12-02 20:38:10 -0500) ---- Al Viro (10): svc_recvfrom(): switch to sock_recvmsg() dlm: switch to sock_recvmsg() ncpfs: switch to sock_recvmsg() cfs2: switch to sock_recv

Re: [PATCH] ipv4: Get the address of interface correctly.

On Sun, Jan 28, 2018 at 02:19:08PM +, Al Viro wrote: > On Sun, Jan 28, 2018 at 03:38:58AM -0800, Tonghao Zhang wrote: > > When using ioctl to get address of interface, we can't > > get it anymore. For example, the command is show as below. > > > > # ifconfig

Re: [PATCH] ipv4: Get the address of interface correctly.

ot > return a suitable value, even though we can find it in > the kernel. Then fix it now. D'oh... Acked-by: Al Viro <v...@zeniv.linux.org.uk> I really wonder how has that avoided loud screams at boot time... Wouldn't it be better to move that ret = 0; in front of the e

Re: [PATCH] atm: firestream: Replace GFP_ATOMIC with GFP_KERNEL in fs_send

On Fri, Jan 26, 2018 at 11:07:39AM -0500, David Miller wrote: > >> This is found by a static analysis tool named DCNS written by myself. > > > > The trouble is, places like > > net/atm/raw.c:65: vcc->send = atm_send_aal0; > > net/atm/raw.c:74: vcc->send = vcc->dev->ops->send; > >

Re: [PATCH] atm: firestream: Replace GFP_ATOMIC with GFP_KERNEL in fs_send

On Fri, Jan 26, 2018 at 04:00:27PM +0800, Jia-Ju Bai wrote: > After checking all possible call chains to fs_send() here, > my tool finds that fs_send() is never called in atomic context. > And this function is assigned to a function pointer "dev->ops->send", > which is only called by vcc_sendmsg()

Re: [PATCH 10/10] kill kernel_sock_ioctl()

On Thu, Jan 25, 2018 at 12:01:25AM +, Al Viro wrote: > On Wed, Jan 24, 2018 at 03:52:44PM -0500, David Miller wrote: > > > > Al this series looks fine to me, want me to toss it into net-next? > > Do you want them reposted (with updated commit messages), or would > y

Re: [PATCH 10/10] kill kernel_sock_ioctl()

On Wed, Jan 24, 2018 at 03:52:44PM -0500, David Miller wrote: > > Al this series looks fine to me, want me to toss it into net-next? Do you want them reposted (with updated commit messages), or would you prefer a pull request (with or without rebase to current tip of net-next)?

Re: [RFC][PATCH] get rid of the use of set_fs() (by way of kernel_recvmsg()) in sunrpc

On Thu, Jan 18, 2018 at 07:31:56PM +, Al Viro wrote: > * SIOCADDRT/SIOCDELRT in compat ioctls To bring back a question I'd asked back in October - what do we do about SIOC...RT compat? To recap: * AF_INET sockets expect struct rtentry; it differs between 32bit and 64bit,

Re: [RFC][PATCH] get rid of the use of set_fs() (by way of kernel_recvmsg()) in sunrpc

On Thu, Jan 18, 2018 at 07:31:56PM +, Al Viro wrote: > * SO_RCVTIMEO/SO_SNDTIMEO handling in compat [sg]etsockopt() > * passing SIOC{ADD,DEL}TUNNEL down (ipmr_del_tunnel(),ipmr_new_tunnel(), > addrconf_set_dstaddr()) > * SIOCGSTAMP/SIOCGSTAMPNS in compat ioctls > * SIOC

[PATCH 04/10] kill dev_ifsioc()

From: Al Viro <v...@zeniv.linux.org.uk> it's been equivalent to sock_do_ioctl() since 2009... Signed-off-by: Al Viro <v...@zeniv.linux.org.uk> --- net/socket.c | 38 -- 1 file changed, 38 deletions(-) diff --git a/net/socket.c b/net/so

[PATCH 03/10] ip_rt_ioctl(): take copyin to caller

From: Al Viro <v...@zeniv.linux.org.uk> Signed-off-by: Al Viro <v...@zeniv.linux.org.uk> --- include/net/route.h | 2 +- net/ipv4/af_inet.c | 7 ++- net/ipv4/fib_frontend.c | 8 ++-- net/ipv4/ipconfig.c | 13 + 4 files changed, 10 insertions(+),

[PATCH 08/10] ipconfig: use dev_set_mtu()

From: Al Viro <v...@zeniv.linux.org.uk> Signed-off-by: Al Viro <v...@zeniv.linux.org.uk> --- net/ipv4/ipconfig.c | 17 +++-- 1 file changed, 3 insertions(+), 14 deletions(-) diff --git a/net/ipv4/ipconfig.c b/net/ipv4/ipconfig.c index 5f396afaa08d..f75802ad960f 100644 --

[PATCH 06/10] kill dev_ifname32()

From: Al Viro <v...@zeniv.linux.org.uk> same story... Signed-off-by: Al Viro <v...@zeniv.linux.org.uk> --- net/socket.c | 22 +- 1 file changed, 1 insertion(+), 21 deletions(-) diff --git a/net/socket.c b/net/socket.c index b267d051b50d..6d29ebce93dd 1006

[PATCH 05/10] kill bond_ioctl()

From: Al Viro <v...@zeniv.linux.org.uk> another sock_do_ioctl() equivalent Signed-off-by: Al Viro <v...@zeniv.linux.org.uk> --- net/socket.c | 36 1 file changed, 4 insertions(+), 32 deletions(-) diff --git a/net/socket.c b/net/socket.c index

[PATCH 10/10] kill kernel_sock_ioctl()

From: Al Viro <v...@zeniv.linux.org.uk> no users since 2014 Signed-off-by: Al Viro <v...@zeniv.linux.org.uk> --- include/linux/net.h | 1 - net/socket.c| 13 - 2 files changed, 14 deletions(-) diff --git a/include/linux/net.h b/include/linux/net.h index

[PATCH 09/10] dev_ioctl(): move copyin/copyout to callers

From: Al Viro <v...@zeniv.linux.org.uk> Signed-off-by: Al Viro <v...@zeniv.linux.org.uk> --- include/linux/netdevice.h | 3 +- net/core/dev_ioctl.c | 85 +-- net/socket.c | 91 +++-

[PATCH 02/10] devinet_ioctl(): take copyin/copyout to caller

From: Al Viro <v...@zeniv.linux.org.uk> Signed-off-by: Al Viro <v...@zeniv.linux.org.uk> --- include/linux/inetdevice.h | 2 +- net/ipv4/af_inet.c | 21 - net/ipv4/devinet.c | 41 +++-- net/ipv4/ipconfig.c

[PATCH 07/10] lift handling of SIOCIW... out of dev_ioctl()

From: Al Viro <v...@zeniv.linux.org.uk> Signed-off-by: Al Viro <v...@zeniv.linux.org.uk> --- include/net/wext.h | 4 ++-- net/core/dev_ioctl.c | 18 -- net/socket.c | 2 +- net/wireless/wext-core.c | 13 + 4 files changed, 12 inser

[PATCH 01/10] net: separate SIOCGIFCONF handling from dev_ioctl()

From: Al Viro <v...@zeniv.linux.org.uk> Only two of dev_ioctl() callers may pass SIOCGIFCONF to it. Separating that codepath from the rest of dev_ioctl() allows both to simplify dev_ioctl() itself (all other cases work with struct ifreq *) *and* seriously simplify the compat side of that

Re: [RFC][PATCH] get rid of the use of set_fs() (by way of kernel_recvmsg()) in sunrpc

On Thu, Jan 18, 2018 at 04:43:02AM +, Al Viro wrote: > We could turn ->msg_control/->msg_controllen into another > iov_iter, but seeing that we never do scatter-gather for those > IMO that would be a massive overkill. A flag controlling whether > ->msg_control

Re: [RFC][PATCH] get rid of the use of set_fs() (by way of kernel_recvmsg()) in sunrpc

On Thu, Jan 18, 2018 at 08:29:57AM -0800, Christoph Hellwig wrote: > > We could turn ->msg_control/->msg_controllen into another > > iov_iter, but seeing that we never do scatter-gather for those > > IMO that would be a massive overkill. A flag controlling whether > > ->msg_control is kernel

Re: [RFC][PATCH] get rid of the use of set_fs() (by way of kernel_recvmsg()) in sunrpc

On Wed, Jan 17, 2018 at 07:16:02PM -0800, Linus Torvalds wrote: > On Wed, Jan 17, 2018 at 7:06 PM, Al Viro <v...@zeniv.linux.org.uk> wrote: > > > > Similar to the way put_cmsg() handles 32bit case on biarch > > targets, introduce a flag telling put_cmsg() to treat

[RFC][PATCH] get rid of the use of set_fs() (by way of kernel_recvmsg()) in sunrpc

On Wed, Jan 17, 2018 at 06:52:32PM +, Al Viro wrote: [use of set_fs() by sunrpc] > We are asking for recvmsg() with zero data length; what we really want is > ->msg_control. And _that_ is why we need that set_fs() - we want the damn > thing to go into local variable. &

Re: [PATCH 32/32] aio: implement io_pgetevents

On Tue, Jan 16, 2018 at 07:41:24PM -0500, Jeff Moyer wrote: > if (sigmask) { > - if (copy_from_user(, sigmask, sizeof(ksigmask))) > + if (!access_ok(VERIFY_READ, sigmask, > +sizeof(void *) + sizeof(size_t)) || > +

Re: [PATCH] net: delete /proc THIS_MODULE references

0 Fix rmmod/read/write races in /proc entries Bugger if I remember how long did it take for the dust to settle - there had been bugs in the original, and it took some time to fix. I think the last straggler had been commit 7e0e953bb0cf649f93277ac8fb67ecbb7f7b04a9 Author: Al Viro <v...@zeniv.lin

Re: [PATCH 03/32] fs: introduce new ->get_poll_head and ->poll_mask methods

On Thu, Jan 11, 2018 at 12:36:00PM +0100, Christoph Hellwig wrote: > On Wed, Jan 10, 2018 at 09:04:16PM +0000, Al Viro wrote: > > There's another problem with that - currently ->poll() may tell you "sod > > off, > > I've got nothing for you to sleep on, eat y

Re: [PATCH 03/32] fs: introduce new ->get_poll_head and ->poll_mask methods

On Wed, Jan 10, 2018 at 09:04:16PM +, Al Viro wrote: > On Wed, Jan 10, 2018 at 04:58:24PM +0100, Christoph Hellwig wrote: > > ->get_poll_head returns the waitqueue that the poll operation is going > > to sleep on. Note that this means we can only use a single waitqueu

[git pull] regression fix

01-10 18:47:05 -0500) ---- Al Viro (1): Fix a leak in socket(2) when we fail to allocate a file descriptor. net/socket.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)

Re: [PATCH 03/32] fs: introduce new ->get_poll_head and ->poll_mask methods

On Wed, Jan 10, 2018 at 04:58:24PM +0100, Christoph Hellwig wrote: > ->get_poll_head returns the waitqueue that the poll operation is going > to sleep on. Note that this means we can only use a single waitqueue > for the poll, unlike some current drivers that use two waitqueues for > different

Re: [PATCH 03/31] fs: introduce new ->get_poll_head and ->poll_mask methods

On Mon, Jan 08, 2018 at 11:45:13AM +0100, Christoph Hellwig wrote: > On Sat, Jan 06, 2018 at 07:12:42PM +0000, Al Viro wrote: > > On Thu, Jan 04, 2018 at 09:00:15AM +0100, Christoph Hellwig wrote: > > > ->get_poll_head returns the waitqueue that the poll operation is going >

Re: net: memory leak in socket

used to serve the case when sock_map_fd() failed *before* getting to > > sock_alloc_file(). > > > > Fixes: commit 8e1611e23579 (make sock_alloc_file() do sock_release() on > > failures) > > Signed-off-by: Al Viro <v...@zeniv.linux.org.uk> > > Please add: &g

Re: net: memory leak in socket

line] > [<e7afba0a>] SyS_socket+0x102/0x1f0 net/socket.c:1315 > [<7df77eb7>] entry_SYSCALL_64_fastpath+0x23/0x9a > [<921bbbd9>] 0x > > > > Reproducer: > > // autogenerated by syzkaller

[RFC] memdup_user() and friends

After reviewing memdup_user() callers, I've found several places where it got completely unbounded values passed for size (up to 2Gb), as well as some bounded by ridiculously high values - e.g. if (size > 1024 * 128) /* sane value */ return -EINVAL;

Re: [PATCH 04/31] net: add support for ->poll_mask in proto_ops

On Thu, Jan 04, 2018 at 09:00:16AM +0100, Christoph Hellwig wrote: > The socket file operations still implement ->poll until all protocols are > switched over. > > Signed-off-by: Christoph Hellwig > --- > include/linux/net.h | 3 +++ > net/socket.c| 61 >

Re: [PATCH 03/31] fs: introduce new ->get_poll_head and ->poll_mask methods

On Thu, Jan 04, 2018 at 09:00:15AM +0100, Christoph Hellwig wrote: > ->get_poll_head returns the waitqueue that the poll operation is going > to sleep on. Note that this means we can only use a single waitqueue > for the poll, unlike some current drivers that use two waitqueues for > different

Re: [PATCH 02/31] fs: add new vfs_poll and file_can_poll helpers

On Thu, Jan 04, 2018 at 09:00:14AM +0100, Christoph Hellwig wrote: > These abstract out calls to the poll method in preparation for changes to > those methods. FWIW, I would make vfs_poll() static inline __poll_t vfs_poll(struct file *file, struct poll_table_struct *pt) { if

Subject: [RFC][PATCH 11/11] hisilicon: trivial sparse annotations

Signed-off-by: Al Viro <v...@zeniv.linux.org.uk> --- drivers/net/ethernet/hisilicon/hip04_eth.c | 20 ++-- drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.h | 2 +- drivers/net/ethernet/hisilic

Subject: [RFC][PATCH 10/11] dwc-xlgmac: fix big-endian breakage

Users of XLGMAC_SET_REG_BITS_LE() expect it to take le32 and return le32. Signed-off-by: Al Viro <v...@zeniv.linux.org.uk> --- drivers/net/ethernet/synopsys/dwc-xlgmac.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/net/ethernet/synopsys/dwc-xlgma

Subject: [RFC][PATCH 08/11] bna: (partial) endianness annotations

Signed-off-by: Al Viro <v...@zeniv.linux.org.uk> --- drivers/net/ethernet/brocade/bna/bfa_ioc.c | 26 +++ drivers/net/ethernet/brocade/bna/bfa_ioc.h | 4 +- drivers/net/ethernet/brocade/bna/bfi.h | 94 - drivers/net/ethernet/brocade/bna/bfi_

Subject: [RFC][PATCH 09/11] cavium: trivial sparse annotations

Signed-off-by: Al Viro <v...@zeniv.linux.org.uk> --- .../ethernet/cavium/liquidio/cn23xx_pf_device.c| 32 +++--- .../ethernet/cavium/liquidio/cn23xx_vf_device.c| 20 +++--- .../net/ethernet/cavium/liquidio/cn68xx_device.c | 1 + drivers/net/ethernet/

Subject: [RFC][PATCH 05/11] stmmac: fix several stray endianness bugs

A few places got missed by "net: ethernet: stmmac: change dma descriptors to __le32" (having been introduced just before the merge of that patch, AFAICS). Fix them up... Signed-off-by: Al Viro <v...@zeniv.linux.org.uk> --- drivers/net/ethernet/stmicro/stmmac/dwmac4_descs.c

Subject: [RFC][PATCH 06/11] aironet: trivial endianness annotations

Signed-off-by: Al Viro <v...@zeniv.linux.org.uk> --- drivers/net/wireless/cisco/airo.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/cisco/airo.c b/drivers/net/wireless/cisco/airo.c index 54201c02fdb8..86e795de6760 100644 --- a/drivers/net/wi

Subject: [RFC][PATCH 07/11] broadcom: trivial sparse annotations

Signed-off-by: Al Viro <v...@zeniv.linux.org.uk> --- drivers/net/ethernet/broadcom/bcmsysport.c | 2 +- drivers/net/ethernet/broadcom/bgmac.h | 6 +++--- drivers/net/ethernet/broadcom/bnx2.c | 6 +++--- drivers/net/ethernet/broadcom/cnic_if.h| 8 d

Subject: [RFC][PATCH 02/11] via-velocity breakage on big-endian

support) Cc: sta...@vger.kernel.org Signed-off-by: Al Viro <v...@zeniv.linux.org.uk> --- drivers/net/ethernet/via/via-velocity.c | 9 + 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/net/ethernet/via/via-velocity.c b/drivers/net/ethernet/via/via-velocity.c

Subject: [RFC][PATCH 03/11] stmmac: trivial sparse annotations

Signed-off-by: Al Viro <v...@zeniv.linux.org.uk> --- drivers/net/ethernet/stmicro/stmmac/dwmac-anarion.c | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-anarion.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-anarion.c

Subject: [RFC][PATCH 01/11] via: trivial sparse annotations

Signed-off-by: Al Viro <v...@zeniv.linux.org.uk> --- drivers/net/ethernet/via/via-rhine.c| 2 +- drivers/net/ethernet/via/via-velocity.c | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/net/ethernet/via/via-rhine.c b/drivers/net/ethernet/via/via-r

Subject: [RFC][PATCH 04/11] stmmac: fix breakage in stmmac_hw_setup()

stead of reading and modifying a word in card iomem we read and modify a word in (or near) the in-core strucct mac_device_info. Fixes: 70523e639bf8 (drivers: net: stmmac: reworking the PCS code) Cc: sta...@vger.kernel.org Signed-off-by: Al Viro <v...@zeniv.linux.org.uk> --- drivers/net/ethernet/stmicr

[RFC][PATCH v2] Add primitives for manipulating bitfields both in host- and fixed-endian.

will be generated at compile time. Signed-off-by: Al Viro <v...@zeniv.linux.org.uk> diff --git a/include/linux/bitfield.h b/include/linux/bitfield.h index 1030651f8309..cf2588d81148 100644 --- a/include/linux/bitfield.h +++ b/include/linux/bitfield.h @@ -16,6 +16,7 @@ #define _LINUX_BITFIELD_H #i

Re: [RFC][PATCH] Add primitives for manipulating bitfields both in host- and fixed-endian.

On Thu, Dec 14, 2017 at 09:07:13PM -0800, Jakub Kicinski wrote: > Looks great to me! > > On Fri, 15 Dec 2017 02:33:43 +, Al Viro wrote: > > The following primitives are defined in linux/bitfield.h: > > > > * u32 le32_get_bits(__le32 val, u32 field) extracts the con

[RFC][PATCH] Add primitives for manipulating bitfields both in host- and fixed-endian.

for it, but compiler must be able to evaluate it at build time. If it cannot or if the value does not encode any bitfield, the build will fail. If the value being stored in ..._replace_bits() is a constant that does not fit into bitfield, a warning will be generated at compile time. Signed-off-by: Al Viro &l

Re: [RFC][PATCH] new byteorder primitives - ..._{replace,get}_bits()

On Wed, Dec 13, 2017 at 02:22:12PM +, Al Viro wrote: > Next question: where do we put that bunch? I've put it into > linux/byteorder/generic.h, so that anything picking fixed-endian primitives > would pick those as well; I hadn't thought of linux/bitfield.h at the time. > We cer

Re: [RFC][PATCH] new byteorder primitives - ..._{replace,get}_bits()

On Tue, Dec 12, 2017 at 06:44:00PM -0800, Jakub Kicinski wrote: > On Wed, 13 Dec 2017 01:51:25 +0000, Al Viro wrote: > > On Tue, Dec 12, 2017 at 05:35:28PM -0800, Jakub Kicinski wrote: > > > > > It used to be __always_inline, but apparently LLVM/clang doesn't &

Re: [RFC][PATCH] new byteorder primitives - ..._{replace,get}_bits()

On Tue, Dec 12, 2017 at 05:35:28PM -0800, Jakub Kicinski wrote: > It used to be __always_inline, but apparently LLVM/clang doesn't > propagate constants :( > > 4e59532541c8 ("nfp: don't depend on compiler constant propagation") Doesn't propagate constants or doesn't have exact same set of

Re: [RFC][PATCH] new byteorder primitives - ..._{replace,get}_bits()

On Tue, Dec 12, 2017 at 05:04:37PM -0800, Jakub Kicinski wrote: > On Wed, 13 Dec 2017 00:36:59 +0000, Al Viro wrote: > > On Tue, Dec 12, 2017 at 03:59:33PM -0800, Jakub Kicinski wrote: > > > > +static __always_inline __##type type##_repl

Re: [RFC][PATCH] new byteorder primitives - ..._{replace,get}_bits()

On Tue, Dec 12, 2017 at 03:59:33PM -0800, Jakub Kicinski wrote: > > +static __always_inline __##type type##_replace_bits(__##type old, \ > > + base val, base mask)\ > > +{ \ > > +

Re: [RFC][PATCH] new byteorder primitives - ..._{replace,get}_bits()

On Tue, Dec 12, 2017 at 12:04:09PM -0800, Jakub Kicinski wrote: > > static __always_inline u64 mask_to_multiplier(u64 mask) > > { > > return mask & (mask ^ (mask - 1)); > > } D'oh. Even simpler than that, of course - static __always_inline u64 mask_to_multiplier(u64 mask) { return

Re: [RFC][PATCH] new byteorder primitives - ..._{replace,get}_bits()

On Tue, Dec 12, 2017 at 06:20:02AM +, Al Viro wrote: > Umm... What's wrong with > > #define FIELD_FOO 0,4 > #define FIELD_BAR 6,12 > #define FIELD_BAZ 18,14 > > A macro can bloody well expand to any sequence of tokens - le32_get_bits(v, > FIELD_BAZ) > will bec

Re: [RFC][PATCH] new byteorder primitives - ..._{replace,get}_bits()

On Mon, Dec 11, 2017 at 08:02:24PM -0800, Jakub Kicinski wrote: > On Mon, 11 Dec 2017 15:54:22 +0000, Al Viro wrote: > > Essentially, it gives helpers for work with bitfields in fixed-endian. > > Suppose we have e.g. a little-endian 32bit value with fixed layout; > > expressi

[RFC][PATCH] new byteorder primitives - ..._{replace,get}_bits()

t; f(4 + le32_get_bits(v, 18, 14)) Signed-off-by: Al Viro <v...@zeniv.linux.org.uk> --- diff --git a/include/linux/byteorder/generic.h b/include/linux/byteorder/generic.h index 451aaa0786ae..d8f169a7104a 100644 --- a/include/linux/byteorder/generic.h +++ b/include/linux/byteorder/gen

Re: [RFC][PATCH] apparent big-endian bugs in dwc-xlgmac

On Mon, Dec 11, 2017 at 05:05:20AM +, Al Viro wrote: > What for? Sure, this variant will work, but why bother with > a = le32_to_cpu(b); > (cpu_to_le32(a) & ) | > and how is that better than > (b & ...) | ... > > IDGI... Mind you,

Re: [RFC][PATCH] apparent big-endian bugs in dwc-xlgmac

On Mon, Dec 11, 2017 at 12:33:42PM +0800, Jie Deng wrote: > Hi AI Viro, > > @@ -125,8 +125,8 @@ > > typeof(len) _len = (len); \ > > typeof(val) _val = (val); \ > > _val = (_val << _pos) & GENMASK(_pos + _len -

[RFC][PATCH] apparent big-endian bugs in dwc-xlgmac

is le32 -> u32; definition looks correct, but slightly misannotated. Signed-off-by: Al Viro <v...@zeniv.linux.org.uk> --- diff --git a/drivers/net/ethernet/synopsys/dwc-xlgmac.h b/drivers/net/ethernet/synopsys/dwc-xlgmac.h index cab3e40a86b9..e95c4c250e16 100644 --- a/drivers/net/ethernet/syno

Re: [PATCH v3 05/33] nds32: Exception handling

On Fri, Dec 08, 2017 at 05:11:48PM +0800, Greentime Hu wrote: > diff --git a/arch/nds32/kernel/traps.c b/arch/nds32/kernel/traps.c > new file mode 100644 > index 000..30a275d > --- /dev/null > +++ b/arch/nds32/kernel/traps.c > @@ -0,0 +1,441 @@ > +/* > + * Copyright (C) 2005-2017 Andes

Re: [PATCH 4/8] vfs: remove unused hardirq.h

On Fri, Dec 08, 2017 at 03:12:52AM +0800, Yang Shi wrote: > Hi folks, > > Any comment on this one? Applied

Re: [PATCH v2 08/35] nds32: Process management

On Mon, Nov 27, 2017 at 08:27:55PM +0800, Greentime Hu wrote: > +#define start_thread(regs,pc,stack) \ > +({ \ > + set_fs(USER_DS);\ Not the job of start_thread() - its users (->load_binary()

Re: [PATCH v2 06/35] nds32: MMU fault handling and page table management

On Mon, Nov 27, 2017 at 08:27:53PM +0800, Greentime Hu wrote: > +void do_page_fault(unsigned long entry, unsigned long addr, > +unsigned int error_code, struct pt_regs *regs) [snip] > + /* > + * If we're in an interrupt or have no user > + * context, we must not take

Re: [RFC][PATCHES] sock_alloc_file() cleanups and fixes

On Tue, Dec 05, 2017 at 02:44:43PM -0500, David Miller wrote: > From: Al Viro <v...@zeniv.linux.org.uk> > Date: Mon, 4 Dec 2017 16:41:01 + > > > On Mon, Dec 04, 2017 at 10:35:24AM -0500, David Miller wrote: > >> From: Al Viro <v...@zeniv.linux.org.uk> >

[PATCH 3/3] make sock_alloc_file() do sock_release() on failures

that point. Reviewed-by: Eric Dumazet <eduma...@google.com> Signed-off-by: Al Viro <v...@zeniv.linux.org.uk> --- drivers/staging/lustre/lnet/lnet/lib-socket.c | 8 ++-- net/9p/trans_fd.c | 1 - net/kcm/kcmsock.c | 7 +

[PATCH 1/3] fix kcm_clone()

conventions. Cc: sta...@vger.kernel.org # v4.6+ Acked-by: Tom Herbert <t...@herbertland.com> Signed-off-by: Al Viro <v...@zeniv.linux.org.uk> --- net/kcm/kcmsock.c | 71 +-- 1 file changed, 27 insertions(+), 44 deletions(-) diff --g

[PATCH 2/3] socketpair(): allocate descriptors first

simplifies failure exits considerably... Reviewed-by: Eric Dumazet <eduma...@google.com> Signed-off-by: Al Viro <v...@zeniv.linux.org.uk> --- net/socket.c | 89 ++-- 1 file changed, 38 insertions(+), 51 deletions(-) diff

Re: [RFC][PATCHES] sock_alloc_file() cleanups and fixes

On Mon, Dec 04, 2017 at 10:35:24AM -0500, David Miller wrote: > From: Al Viro <v...@zeniv.linux.org.uk> > Date: Fri, 1 Dec 2017 00:20:27 + > > > 1) massage sys_socketpair() (should be a pure cleanup) > > 2) fix and clean up kcm_clone() (-stabl

Re: netfilter: xt_bpf: Fix XT_BPF_MODE_FD_PINNED mode of 'xt_bpf_info_v1'

On Sat, Dec 02, 2017 at 06:48:50PM +, Al Viro wrote: > On Fri, Dec 01, 2017 at 09:47:00PM +0100, Daniel Borkmann wrote: > > > > Might want to replace security_path_mknod() with something saner, while > > > we are > > > at it. > > > > &g

Re: netfilter: xt_bpf: Fix XT_BPF_MODE_FD_PINNED mode of 'xt_bpf_info_v1'

On Fri, Dec 01, 2017 at 09:47:00PM +0100, Daniel Borkmann wrote: > > Might want to replace security_path_mknod() with something saner, while we > > are > > at it. > > > > Objections? > > No, thanks for looking into this, and sorry for this fugly hack! :( Not > that this doesn't make it any

Re: netfilter: xt_bpf: Fix XT_BPF_MODE_FD_PINNED mode of 'xt_bpf_info_v1'

On Fri, Dec 01, 2017 at 04:54:39AM +, Al Viro wrote: > On Fri, Dec 01, 2017 at 03:48:59AM +0000, Al Viro wrote: > > > Something similar to get_prog_path_type() above might make for a usable > > primitive, IMO... > > Incidentally, bpf_obj_get_user()/bpf_obj_

Re: netfilter: xt_bpf: Fix XT_BPF_MODE_FD_PINNED mode of 'xt_bpf_info_v1'

On Fri, Dec 01, 2017 at 03:48:59AM +, Al Viro wrote: > Something similar to get_prog_path_type() above might make for a usable > primitive, IMO... Incidentally, bpf_obj_get_user()/bpf_obj_do_get() should just use user_path(), rather than wanking with getname()+kern_path(pname->name

Re: netfilter: xt_bpf: Fix XT_BPF_MODE_FD_PINNED mode of 'xt_bpf_info_v1'

On Fri, Dec 01, 2017 at 01:33:04AM +, Al Viro wrote: > Use of file descriptors should be limited to "got a number from userland, > convert to struct file *" on the way in and "install struct file * into > descriptor table and return the descriptor to userland" on

Re: netfilter: xt_bpf: Fix XT_BPF_MODE_FD_PINNED mode of 'xt_bpf_info_v1'

On Thu, Nov 30, 2017 at 04:57:30PM -0800, Kees Cook wrote: > On Mon, Oct 9, 2017 at 4:10 PM, David Miller wrote: > > Shmulik Ladkani (1): > > netfilter: xt_bpf: Fix XT_BPF_MODE_FD_PINNED mode of 'xt_bpf_info_v1' > > This adds a new user of set_fs(), which we're trying

[PATCH 3/3] make sock_alloc_file() do sock_release() on failures

that point. Signed-off-by: Al Viro <v...@zeniv.linux.org.uk> --- drivers/staging/lustre/lnet/lnet/lib-socket.c | 8 ++-- net/9p/trans_fd.c | 1 - net/kcm/kcmsock.c | 7 +-- net/sctp/socket.c | 1

[PATCH 2/3] fix kcm_clone()

conventions. Signed-off-by: Al Viro <v...@zeniv.linux.org.uk> --- net/kcm/kcmsock.c | 71 +-- 1 file changed, 27 insertions(+), 44 deletions(-) diff --git a/net/kcm/kcmsock.c b/net/kcm/kcmsock.c index 0b750a22c4b9..c5fa634e63ca 100644 --- a/n

[PATCH 1/3] socketpair(): allocate descriptors first

simplifies failure exits considerably... Signed-off-by: Al Viro <v...@zeniv.linux.org.uk> --- net/socket.c | 89 ++-- 1 file changed, 38 insertions(+), 51 deletions(-) diff --git a/net/socket.c b/net/socket.c index 42d8e9

[RFC][PATCHES] sock_alloc_file() cleanups and fixes

Almost all sock_alloc_file() callers want sock_release() in case of failure. Currently it consumes socket on success (it will be destroyed on final fput() of resulting file) and leaves it alone on failure. Making it consume socket in all cases makes for simpler life in callers.

Re: KASAN: use-after-free Read in sock_release

On Thu, Nov 30, 2017 at 05:18:33AM -0800, Christoph Hellwig wrote: > On Thu, Nov 30, 2017 at 02:07:19AM +0000, Al Viro wrote: > > Incidentally, grepping for sys_close() shows another piece of fun in > > net/netfilter/xt_bpf.c. Folks, ONCE DESCRIPTOR IS INSTALLED, THAT'S

Re: KASAN: use-after-free Read in sock_release

On Thu, Nov 30, 2017 at 02:07:19AM +, Al Viro wrote: > FWIW, looking through the callers of sock_alloc_file()... we might be > better off if it did sock_release() on failure. Then the calling > conventions become "sock_alloc_file() means not calling sock_release() > direct

Re: KASAN: use-after-free Read in sock_release

On Wed, Nov 29, 2017 at 11:37:04AM -0800, Cong Wang wrote: > > Allocated by task 31066: > > save_stack+0x43/0xd0 mm/kasan/kasan.c:447 > > set_track mm/kasan/kasan.c:459 [inline] > > kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:551 > > kmem_cache_alloc_trace+0x136/0x750 mm/slab.c:3613 > > kmalloc

Re: KASAN: use-after-free Read in sock_release

On Wed, Nov 29, 2017 at 12:24:55PM -0800, Linus Torvalds wrote: > Ugh. The inode freeing really is confusing and fairly involved, but > the last free *should* happen as part of the final dput() that is done > at the end of __fput(). Note that struct socket is coallocated with its inode.

Re: Fwd: FW: [PATCH 18/31] nds32: Library functions

On Tue, Nov 14, 2017 at 12:47:04PM +0800, Vincent Chen wrote: > Thanks > So, I should keep the area that we've copied into instead of zeroing > the area even if unpredicted exception is happened. Right? Yes. Here's what's required: if raw_copy_{from,to}_user(from, to, size) returns n, we want

Re: [PATCH 17/31] nds32: Signal handling support

On Wed, Nov 08, 2017 at 01:55:05PM +0800, Greentime Hu wrote: > +static int restore_sigframe(struct pt_regs *regs, > + struct rt_sigframe __user * sf) > +{ [snip] > + err |= !valid_user_regs(regs); IDGI... Where do you modify ->ipsw at all and how can

Re: [PATCH 18/31] nds32: Library functions

On Wed, Nov 08, 2017 at 01:55:06PM +0800, Greentime Hu wrote: > +#define __range_ok(addr, size) (size <= get_fs() && addr <= (get_fs() -size)) > + > +#define access_ok(type, addr, size) \ > + __range_ok((unsigned long)addr, (unsigned long)size) > +#define

Re: [PATCH 0/2] 9p: Fixes for hard-to-hit bugs

On Tue, Oct 24, 2017 at 04:41:08AM +0300, Tuomas Tynkkynen wrote: > > I can pick those, or, if you (or somebody else) are willing to > > actively > > maintain a 9p tree, you could start sending straight to Linus - up to > > you. > > You can pick these up, I don't have plans for more patches

Re: [PATCH 0/2] 9p: Fixes for hard-to-hit bugs

On Tue, Sep 26, 2017 at 04:10:14PM +0300, Tuomas Tynkkynen wrote: > Hi Al, > > On Wed, 2017-09-06 at 17:59 +0300, Tuomas Tynkkynen wrote: > > These two patches fix two hard-to-hit (but really annoying) bugs in > > 9p. > > The first one was posted earlier in February (with one R-b), the > > second

[RFC] SIOCGSTAMP semantics

ioctl() in question 1) fails with EOPNOTSUPP on AF_ALG, AF_CAIF, AF_IUCV, AF_KEY, AF_NFC, AF_RXRPC, AF_VSOCK 2) fails with ENOTTY on AF_DECnet, AF_KCM, AF_LLC, AF_NETLINK, AF_PHONET, AF_PPPOX, AF_RDS, AF_TIPC, AF_UNIX 3) fails with EINVAL on AF_ISDN 4)

[RFC] compat SIOCADDRT problems

Handling of SIOC{ADD,DEL}RT for 32bit is somewhat odd. AFAICS, the rules for native ioctl look so: AF_APPLETALK, AF_INET, AF_IPX, AF_PACKET: take struct rtentry. The last one doesn't have ->compat_ioctl() and 32bit automatically hits routing_ioctl() in net/socket.c, the rest have

Re: [RFC] endianness issues in drivers/net/ethernet/qlogic/qed

On Sun, Sep 24, 2017 at 02:34:19PM +, Tayar, Tomer wrote: > > > "qed: Utilize FW 8.10.3.0" has attempted some endianness annotations > > in that driver; unfortunately, either annotations are BS or the driver is > > genuinely > > broken on big-endian hosts. > [...] > > Is that driver

[RFC] endianness issues in drivers/net/ethernet/qlogic/qed

"qed: Utilize FW 8.10.3.0" has attempted some endianness annotations in that driver; unfortunately, either annotations are BS or the driver is genuinely broken on big-endian hosts. For example, struct init_qm_vport_params is claimed to have ->vport_wfq little-endian 16bit.

Re: [PATCH 2/5] net/9p: Improve 19 size determinations

On Tue, Aug 15, 2017 at 02:00:06PM +0200, SF Markus Elfring wrote: > From: Markus Elfring > Date: Tue, 15 Aug 2017 09:36:20 +0200 > > Replace the specification of data structures by variable references > as the parameter for the operator "sizeof" to make the

[git pull] vfs.git network field-by-field copyin patches

to f8f8a727eab1c5b78c3703a461565b042979cc79: get_compat_bpf_fprog(): don't copyin field-by-field (2017-07-04 13:14:34 -0400) Al Viro (3): copy_msghdr_from_user(): get rid of field-by-field copyin get_compat_msghdr(): get rid of field-by-field copyin

Re: [RFC] get_compat_msghdr(): get rid of field-by-field copyin

On Tue, Jul 11, 2017 at 08:25:14PM -0700, David Miller wrote: > looks harmless, or if there is a bug in there I can't see it. > > But whatever it is, that same problem could be hiding in some of these > other transformations as well. > > I think the bug might be that we are corrupting the

[RFC] get_compat_bpf_fprog(): don't copyin field-by-field

Signed-off-by: Al Viro <v...@zeniv.linux.org.uk> --- diff --git a/net/compat.c b/net/compat.c index dba5e222a0e5..6ded6c821d7a 100644 --- a/net/compat.c +++ b/net/compat.c @@ -313,15 +313,15 @@ struct sock_fprog __user *get_compat_bpf_fprog(char __user *optval) { struct compat_sock

<    1   2   3   4   >