On Tue, Feb 27, 2018 at 12:57:21AM +, Al Viro wrote:
> On Tue, Feb 27, 2018 at 01:41:11AM +0100, Mickaël Salaün wrote:
> > The function current_nameidata_security(struct inode *) can be used to
> > retrieve a blob's pointer address tied to the inode being walk through.
On Tue, Feb 27, 2018 at 01:41:11AM +0100, Mickaël Salaün wrote:
> The function current_nameidata_security(struct inode *) can be used to
> retrieve a blob's pointer address tied to the inode being walk through.
> This enable to follow a path lookup and know where an inode access come
> from. This
c19:
tipc: switch to sock_recvmsg() (2017-12-02 20:38:10 -0500)
----
Al Viro (10):
svc_recvfrom(): switch to sock_recvmsg()
dlm: switch to sock_recvmsg()
ncpfs: switch to sock_recvmsg()
cfs2: switch to sock_recv
On Sun, Jan 28, 2018 at 02:19:08PM +, Al Viro wrote:
> On Sun, Jan 28, 2018 at 03:38:58AM -0800, Tonghao Zhang wrote:
> > When using ioctl to get address of interface, we can't
> > get it anymore. For example, the command is show as below.
> >
> > # ifconfig
ot
> return a suitable value, even though we can find it in
> the kernel. Then fix it now.
D'oh...
Acked-by: Al Viro <v...@zeniv.linux.org.uk>
I really wonder how has that avoided loud screams at boot time...
Wouldn't it be better to move that ret = 0; in front of the
e
On Fri, Jan 26, 2018 at 11:07:39AM -0500, David Miller wrote:
> >> This is found by a static analysis tool named DCNS written by myself.
> >
> > The trouble is, places like
> > net/atm/raw.c:65: vcc->send = atm_send_aal0;
> > net/atm/raw.c:74: vcc->send = vcc->dev->ops->send;
> >
On Fri, Jan 26, 2018 at 04:00:27PM +0800, Jia-Ju Bai wrote:
> After checking all possible call chains to fs_send() here,
> my tool finds that fs_send() is never called in atomic context.
> And this function is assigned to a function pointer "dev->ops->send",
> which is only called by vcc_sendmsg()
On Thu, Jan 25, 2018 at 12:01:25AM +, Al Viro wrote:
> On Wed, Jan 24, 2018 at 03:52:44PM -0500, David Miller wrote:
> >
> > Al this series looks fine to me, want me to toss it into net-next?
>
> Do you want them reposted (with updated commit messages), or would
> y
On Wed, Jan 24, 2018 at 03:52:44PM -0500, David Miller wrote:
>
> Al this series looks fine to me, want me to toss it into net-next?
Do you want them reposted (with updated commit messages), or would
you prefer a pull request (with or without rebase to current tip
of net-next)?
On Thu, Jan 18, 2018 at 07:31:56PM +, Al Viro wrote:
> * SIOCADDRT/SIOCDELRT in compat ioctls
To bring back a question I'd asked back in October - what do
we do about SIOC...RT compat?
To recap:
* AF_INET sockets expect struct rtentry; it differs
between 32bit and 64bit,
On Thu, Jan 18, 2018 at 07:31:56PM +, Al Viro wrote:
> * SO_RCVTIMEO/SO_SNDTIMEO handling in compat [sg]etsockopt()
> * passing SIOC{ADD,DEL}TUNNEL down (ipmr_del_tunnel(),ipmr_new_tunnel(),
> addrconf_set_dstaddr())
> * SIOCGSTAMP/SIOCGSTAMPNS in compat ioctls
> * SIOC
From: Al Viro <v...@zeniv.linux.org.uk>
it's been equivalent to sock_do_ioctl() since 2009...
Signed-off-by: Al Viro <v...@zeniv.linux.org.uk>
---
net/socket.c | 38 --
1 file changed, 38 deletions(-)
diff --git a/net/socket.c b/net/so
From: Al Viro <v...@zeniv.linux.org.uk>
Signed-off-by: Al Viro <v...@zeniv.linux.org.uk>
---
include/net/route.h | 2 +-
net/ipv4/af_inet.c | 7 ++-
net/ipv4/fib_frontend.c | 8 ++--
net/ipv4/ipconfig.c | 13 +
4 files changed, 10 insertions(+),
From: Al Viro <v...@zeniv.linux.org.uk>
Signed-off-by: Al Viro <v...@zeniv.linux.org.uk>
---
net/ipv4/ipconfig.c | 17 +++--
1 file changed, 3 insertions(+), 14 deletions(-)
diff --git a/net/ipv4/ipconfig.c b/net/ipv4/ipconfig.c
index 5f396afaa08d..f75802ad960f 100644
--
From: Al Viro <v...@zeniv.linux.org.uk>
same story...
Signed-off-by: Al Viro <v...@zeniv.linux.org.uk>
---
net/socket.c | 22 +-
1 file changed, 1 insertion(+), 21 deletions(-)
diff --git a/net/socket.c b/net/socket.c
index b267d051b50d..6d29ebce93dd 1006
From: Al Viro <v...@zeniv.linux.org.uk>
another sock_do_ioctl() equivalent
Signed-off-by: Al Viro <v...@zeniv.linux.org.uk>
---
net/socket.c | 36
1 file changed, 4 insertions(+), 32 deletions(-)
diff --git a/net/socket.c b/net/socket.c
index
From: Al Viro <v...@zeniv.linux.org.uk>
no users since 2014
Signed-off-by: Al Viro <v...@zeniv.linux.org.uk>
---
include/linux/net.h | 1 -
net/socket.c| 13 -
2 files changed, 14 deletions(-)
diff --git a/include/linux/net.h b/include/linux/net.h
index
From: Al Viro <v...@zeniv.linux.org.uk>
Signed-off-by: Al Viro <v...@zeniv.linux.org.uk>
---
include/linux/netdevice.h | 3 +-
net/core/dev_ioctl.c | 85 +--
net/socket.c | 91 +++-
From: Al Viro <v...@zeniv.linux.org.uk>
Signed-off-by: Al Viro <v...@zeniv.linux.org.uk>
---
include/linux/inetdevice.h | 2 +-
net/ipv4/af_inet.c | 21 -
net/ipv4/devinet.c | 41 +++--
net/ipv4/ipconfig.c
From: Al Viro <v...@zeniv.linux.org.uk>
Signed-off-by: Al Viro <v...@zeniv.linux.org.uk>
---
include/net/wext.h | 4 ++--
net/core/dev_ioctl.c | 18 --
net/socket.c | 2 +-
net/wireless/wext-core.c | 13 +
4 files changed, 12 inser
From: Al Viro <v...@zeniv.linux.org.uk>
Only two of dev_ioctl() callers may pass SIOCGIFCONF to it.
Separating that codepath from the rest of dev_ioctl() allows both
to simplify dev_ioctl() itself (all other cases work with struct ifreq *)
*and* seriously simplify the compat side of that
On Thu, Jan 18, 2018 at 04:43:02AM +, Al Viro wrote:
> We could turn ->msg_control/->msg_controllen into another
> iov_iter, but seeing that we never do scatter-gather for those
> IMO that would be a massive overkill. A flag controlling whether
> ->msg_control
On Thu, Jan 18, 2018 at 08:29:57AM -0800, Christoph Hellwig wrote:
> > We could turn ->msg_control/->msg_controllen into another
> > iov_iter, but seeing that we never do scatter-gather for those
> > IMO that would be a massive overkill. A flag controlling whether
> > ->msg_control is kernel
On Wed, Jan 17, 2018 at 07:16:02PM -0800, Linus Torvalds wrote:
> On Wed, Jan 17, 2018 at 7:06 PM, Al Viro <v...@zeniv.linux.org.uk> wrote:
> >
> > Similar to the way put_cmsg() handles 32bit case on biarch
> > targets, introduce a flag telling put_cmsg() to treat
On Wed, Jan 17, 2018 at 06:52:32PM +, Al Viro wrote:
[use of set_fs() by sunrpc]
> We are asking for recvmsg() with zero data length; what we really want is
> ->msg_control. And _that_ is why we need that set_fs() - we want the damn
> thing to go into local variable.
&
On Tue, Jan 16, 2018 at 07:41:24PM -0500, Jeff Moyer wrote:
> if (sigmask) {
> - if (copy_from_user(, sigmask, sizeof(ksigmask)))
> + if (!access_ok(VERIFY_READ, sigmask,
> +sizeof(void *) + sizeof(size_t)) ||
> +
0
Fix rmmod/read/write races in /proc entries
Bugger if I remember how long did it take for the dust to settle - there
had been bugs in the original, and it took some time to fix. I think
the last straggler had been
commit 7e0e953bb0cf649f93277ac8fb67ecbb7f7b04a9
Author: Al Viro <v...@zeniv.lin
On Thu, Jan 11, 2018 at 12:36:00PM +0100, Christoph Hellwig wrote:
> On Wed, Jan 10, 2018 at 09:04:16PM +0000, Al Viro wrote:
> > There's another problem with that - currently ->poll() may tell you "sod
> > off,
> > I've got nothing for you to sleep on, eat y
On Wed, Jan 10, 2018 at 09:04:16PM +, Al Viro wrote:
> On Wed, Jan 10, 2018 at 04:58:24PM +0100, Christoph Hellwig wrote:
> > ->get_poll_head returns the waitqueue that the poll operation is going
> > to sleep on. Note that this means we can only use a single waitqueu
01-10 18:47:05 -0500)
----
Al Viro (1):
Fix a leak in socket(2) when we fail to allocate a file descriptor.
net/socket.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
On Wed, Jan 10, 2018 at 04:58:24PM +0100, Christoph Hellwig wrote:
> ->get_poll_head returns the waitqueue that the poll operation is going
> to sleep on. Note that this means we can only use a single waitqueue
> for the poll, unlike some current drivers that use two waitqueues for
> different
On Mon, Jan 08, 2018 at 11:45:13AM +0100, Christoph Hellwig wrote:
> On Sat, Jan 06, 2018 at 07:12:42PM +0000, Al Viro wrote:
> > On Thu, Jan 04, 2018 at 09:00:15AM +0100, Christoph Hellwig wrote:
> > > ->get_poll_head returns the waitqueue that the poll operation is going
>
used to serve the case when sock_map_fd() failed *before* getting to
> > sock_alloc_file().
> >
> > Fixes: commit 8e1611e23579 (make sock_alloc_file() do sock_release() on
> > failures)
> > Signed-off-by: Al Viro <v...@zeniv.linux.org.uk>
>
> Please add:
&g
line]
> [<e7afba0a>] SyS_socket+0x102/0x1f0 net/socket.c:1315
> [<7df77eb7>] entry_SYSCALL_64_fastpath+0x23/0x9a
> [<921bbbd9>] 0x
>
>
>
> Reproducer:
>
> // autogenerated by syzkaller
After reviewing memdup_user() callers, I've found several places
where it got completely unbounded values passed for size (up to 2Gb),
as well as some bounded by ridiculously high values - e.g.
if (size > 1024 * 128) /* sane value */
return -EINVAL;
On Thu, Jan 04, 2018 at 09:00:16AM +0100, Christoph Hellwig wrote:
> The socket file operations still implement ->poll until all protocols are
> switched over.
>
> Signed-off-by: Christoph Hellwig
> ---
> include/linux/net.h | 3 +++
> net/socket.c| 61
>
On Thu, Jan 04, 2018 at 09:00:15AM +0100, Christoph Hellwig wrote:
> ->get_poll_head returns the waitqueue that the poll operation is going
> to sleep on. Note that this means we can only use a single waitqueue
> for the poll, unlike some current drivers that use two waitqueues for
> different
On Thu, Jan 04, 2018 at 09:00:14AM +0100, Christoph Hellwig wrote:
> These abstract out calls to the poll method in preparation for changes to
> those methods.
FWIW, I would make vfs_poll()
static inline __poll_t vfs_poll(struct file *file, struct poll_table_struct *pt)
{
if
Signed-off-by: Al Viro <v...@zeniv.linux.org.uk>
---
drivers/net/ethernet/hisilicon/hip04_eth.c | 20 ++--
drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.c | 2 +-
drivers/net/ethernet/hisilicon/hns/hns_dsaf_mac.h | 2 +-
drivers/net/ethernet/hisilic
Users of XLGMAC_SET_REG_BITS_LE() expect it to take le32 and return
le32.
Signed-off-by: Al Viro <v...@zeniv.linux.org.uk>
---
drivers/net/ethernet/synopsys/dwc-xlgmac.h | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/net/ethernet/synopsys/dwc-xlgma
Signed-off-by: Al Viro <v...@zeniv.linux.org.uk>
---
drivers/net/ethernet/brocade/bna/bfa_ioc.c | 26 +++
drivers/net/ethernet/brocade/bna/bfa_ioc.h | 4 +-
drivers/net/ethernet/brocade/bna/bfi.h | 94 -
drivers/net/ethernet/brocade/bna/bfi_
Signed-off-by: Al Viro <v...@zeniv.linux.org.uk>
---
.../ethernet/cavium/liquidio/cn23xx_pf_device.c| 32 +++---
.../ethernet/cavium/liquidio/cn23xx_vf_device.c| 20 +++---
.../net/ethernet/cavium/liquidio/cn68xx_device.c | 1 +
drivers/net/ethernet/
A few places got missed by "net: ethernet: stmmac: change dma descriptors
to __le32" (having been introduced just before the merge of that patch,
AFAICS). Fix them up...
Signed-off-by: Al Viro <v...@zeniv.linux.org.uk>
---
drivers/net/ethernet/stmicro/stmmac/dwmac4_descs.c
Signed-off-by: Al Viro <v...@zeniv.linux.org.uk>
---
drivers/net/wireless/cisco/airo.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/cisco/airo.c
b/drivers/net/wireless/cisco/airo.c
index 54201c02fdb8..86e795de6760 100644
--- a/drivers/net/wi
Signed-off-by: Al Viro <v...@zeniv.linux.org.uk>
---
drivers/net/ethernet/broadcom/bcmsysport.c | 2 +-
drivers/net/ethernet/broadcom/bgmac.h | 6 +++---
drivers/net/ethernet/broadcom/bnx2.c | 6 +++---
drivers/net/ethernet/broadcom/cnic_if.h| 8
d
support)
Cc: sta...@vger.kernel.org
Signed-off-by: Al Viro <v...@zeniv.linux.org.uk>
---
drivers/net/ethernet/via/via-velocity.c | 9 +
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/drivers/net/ethernet/via/via-velocity.c
b/drivers/net/ethernet/via/via-velocity.c
Signed-off-by: Al Viro <v...@zeniv.linux.org.uk>
---
drivers/net/ethernet/stmicro/stmmac/dwmac-anarion.c | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-anarion.c
b/drivers/net/ethernet/stmicro/stmmac/dwmac-anarion.c
Signed-off-by: Al Viro <v...@zeniv.linux.org.uk>
---
drivers/net/ethernet/via/via-rhine.c| 2 +-
drivers/net/ethernet/via/via-velocity.c | 6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/net/ethernet/via/via-rhine.c
b/drivers/net/ethernet/via/via-r
stead of
reading and modifying a word in card iomem we read and modify a word
in (or near) the in-core strucct mac_device_info.
Fixes: 70523e639bf8 (drivers: net: stmmac: reworking the PCS code)
Cc: sta...@vger.kernel.org
Signed-off-by: Al Viro <v...@zeniv.linux.org.uk>
---
drivers/net/ethernet/stmicr
will be generated at compile time.
Signed-off-by: Al Viro <v...@zeniv.linux.org.uk>
diff --git a/include/linux/bitfield.h b/include/linux/bitfield.h
index 1030651f8309..cf2588d81148 100644
--- a/include/linux/bitfield.h
+++ b/include/linux/bitfield.h
@@ -16,6 +16,7 @@
#define _LINUX_BITFIELD_H
#i
On Thu, Dec 14, 2017 at 09:07:13PM -0800, Jakub Kicinski wrote:
> Looks great to me!
>
> On Fri, 15 Dec 2017 02:33:43 +, Al Viro wrote:
> > The following primitives are defined in linux/bitfield.h:
> >
> > * u32 le32_get_bits(__le32 val, u32 field) extracts the con
for it, but compiler must be able to evaluate it at
build time. If it cannot or if the value does not encode any bitfield,
the build will fail.
If the value being stored in ..._replace_bits() is a constant that does
not fit into bitfield, a warning will be generated at compile time.
Signed-off-by: Al Viro &l
On Wed, Dec 13, 2017 at 02:22:12PM +, Al Viro wrote:
> Next question: where do we put that bunch? I've put it into
> linux/byteorder/generic.h, so that anything picking fixed-endian primitives
> would pick those as well; I hadn't thought of linux/bitfield.h at the time.
> We cer
On Tue, Dec 12, 2017 at 06:44:00PM -0800, Jakub Kicinski wrote:
> On Wed, 13 Dec 2017 01:51:25 +0000, Al Viro wrote:
> > On Tue, Dec 12, 2017 at 05:35:28PM -0800, Jakub Kicinski wrote:
> >
> > > It used to be __always_inline, but apparently LLVM/clang doesn't
&
On Tue, Dec 12, 2017 at 05:35:28PM -0800, Jakub Kicinski wrote:
> It used to be __always_inline, but apparently LLVM/clang doesn't
> propagate constants :(
>
> 4e59532541c8 ("nfp: don't depend on compiler constant propagation")
Doesn't propagate constants or doesn't have exact same set of
On Tue, Dec 12, 2017 at 05:04:37PM -0800, Jakub Kicinski wrote:
> On Wed, 13 Dec 2017 00:36:59 +0000, Al Viro wrote:
> > On Tue, Dec 12, 2017 at 03:59:33PM -0800, Jakub Kicinski wrote:
> > > > +static __always_inline __##type type##_repl
On Tue, Dec 12, 2017 at 03:59:33PM -0800, Jakub Kicinski wrote:
> > +static __always_inline __##type type##_replace_bits(__##type old, \
> > + base val, base mask)\
> > +{ \
> > +
On Tue, Dec 12, 2017 at 12:04:09PM -0800, Jakub Kicinski wrote:
> > static __always_inline u64 mask_to_multiplier(u64 mask)
> > {
> > return mask & (mask ^ (mask - 1));
> > }
D'oh. Even simpler than that, of course -
static __always_inline u64 mask_to_multiplier(u64 mask)
{
return
On Tue, Dec 12, 2017 at 06:20:02AM +, Al Viro wrote:
> Umm... What's wrong with
>
> #define FIELD_FOO 0,4
> #define FIELD_BAR 6,12
> #define FIELD_BAZ 18,14
>
> A macro can bloody well expand to any sequence of tokens - le32_get_bits(v,
> FIELD_BAZ)
> will bec
On Mon, Dec 11, 2017 at 08:02:24PM -0800, Jakub Kicinski wrote:
> On Mon, 11 Dec 2017 15:54:22 +0000, Al Viro wrote:
> > Essentially, it gives helpers for work with bitfields in fixed-endian.
> > Suppose we have e.g. a little-endian 32bit value with fixed layout;
> > expressi
t; f(4 + le32_get_bits(v, 18, 14))
Signed-off-by: Al Viro <v...@zeniv.linux.org.uk>
---
diff --git a/include/linux/byteorder/generic.h
b/include/linux/byteorder/generic.h
index 451aaa0786ae..d8f169a7104a 100644
--- a/include/linux/byteorder/generic.h
+++ b/include/linux/byteorder/gen
On Mon, Dec 11, 2017 at 05:05:20AM +, Al Viro wrote:
> What for? Sure, this variant will work, but why bother with
> a = le32_to_cpu(b);
> (cpu_to_le32(a) & ) |
> and how is that better than
> (b & ...) | ...
>
> IDGI... Mind you,
On Mon, Dec 11, 2017 at 12:33:42PM +0800, Jie Deng wrote:
> Hi AI Viro,
> > @@ -125,8 +125,8 @@
> > typeof(len) _len = (len); \
> > typeof(val) _val = (val); \
> > _val = (_val << _pos) & GENMASK(_pos + _len -
is le32 -> u32; definition looks correct, but slightly misannotated.
Signed-off-by: Al Viro <v...@zeniv.linux.org.uk>
---
diff --git a/drivers/net/ethernet/synopsys/dwc-xlgmac.h
b/drivers/net/ethernet/synopsys/dwc-xlgmac.h
index cab3e40a86b9..e95c4c250e16 100644
--- a/drivers/net/ethernet/syno
On Fri, Dec 08, 2017 at 05:11:48PM +0800, Greentime Hu wrote:
> diff --git a/arch/nds32/kernel/traps.c b/arch/nds32/kernel/traps.c
> new file mode 100644
> index 000..30a275d
> --- /dev/null
> +++ b/arch/nds32/kernel/traps.c
> @@ -0,0 +1,441 @@
> +/*
> + * Copyright (C) 2005-2017 Andes
On Fri, Dec 08, 2017 at 03:12:52AM +0800, Yang Shi wrote:
> Hi folks,
>
> Any comment on this one?
Applied
On Mon, Nov 27, 2017 at 08:27:55PM +0800, Greentime Hu wrote:
> +#define start_thread(regs,pc,stack) \
> +({ \
> + set_fs(USER_DS);\
Not the job of start_thread() - its users (->load_binary()
On Mon, Nov 27, 2017 at 08:27:53PM +0800, Greentime Hu wrote:
> +void do_page_fault(unsigned long entry, unsigned long addr,
> +unsigned int error_code, struct pt_regs *regs)
[snip]
> + /*
> + * If we're in an interrupt or have no user
> + * context, we must not take
On Tue, Dec 05, 2017 at 02:44:43PM -0500, David Miller wrote:
> From: Al Viro <v...@zeniv.linux.org.uk>
> Date: Mon, 4 Dec 2017 16:41:01 +
>
> > On Mon, Dec 04, 2017 at 10:35:24AM -0500, David Miller wrote:
> >> From: Al Viro <v...@zeniv.linux.org.uk>
>
that point.
Reviewed-by: Eric Dumazet <eduma...@google.com>
Signed-off-by: Al Viro <v...@zeniv.linux.org.uk>
---
drivers/staging/lustre/lnet/lnet/lib-socket.c | 8 ++--
net/9p/trans_fd.c | 1 -
net/kcm/kcmsock.c | 7 +
conventions.
Cc: sta...@vger.kernel.org # v4.6+
Acked-by: Tom Herbert <t...@herbertland.com>
Signed-off-by: Al Viro <v...@zeniv.linux.org.uk>
---
net/kcm/kcmsock.c | 71 +--
1 file changed, 27 insertions(+), 44 deletions(-)
diff --g
simplifies failure exits considerably...
Reviewed-by: Eric Dumazet <eduma...@google.com>
Signed-off-by: Al Viro <v...@zeniv.linux.org.uk>
---
net/socket.c | 89 ++--
1 file changed, 38 insertions(+), 51 deletions(-)
diff
On Mon, Dec 04, 2017 at 10:35:24AM -0500, David Miller wrote:
> From: Al Viro <v...@zeniv.linux.org.uk>
> Date: Fri, 1 Dec 2017 00:20:27 +
>
> > 1) massage sys_socketpair() (should be a pure cleanup)
> > 2) fix and clean up kcm_clone() (-stabl
On Sat, Dec 02, 2017 at 06:48:50PM +, Al Viro wrote:
> On Fri, Dec 01, 2017 at 09:47:00PM +0100, Daniel Borkmann wrote:
>
> > > Might want to replace security_path_mknod() with something saner, while
> > > we are
> > > at it.
> > >
> &g
On Fri, Dec 01, 2017 at 09:47:00PM +0100, Daniel Borkmann wrote:
> > Might want to replace security_path_mknod() with something saner, while we
> > are
> > at it.
> >
> > Objections?
>
> No, thanks for looking into this, and sorry for this fugly hack! :( Not
> that this doesn't make it any
On Fri, Dec 01, 2017 at 04:54:39AM +, Al Viro wrote:
> On Fri, Dec 01, 2017 at 03:48:59AM +0000, Al Viro wrote:
>
> > Something similar to get_prog_path_type() above might make for a usable
> > primitive, IMO...
>
> Incidentally, bpf_obj_get_user()/bpf_obj_
On Fri, Dec 01, 2017 at 03:48:59AM +, Al Viro wrote:
> Something similar to get_prog_path_type() above might make for a usable
> primitive, IMO...
Incidentally, bpf_obj_get_user()/bpf_obj_do_get() should just use
user_path(), rather than wanking with
getname()+kern_path(pname->name
On Fri, Dec 01, 2017 at 01:33:04AM +, Al Viro wrote:
> Use of file descriptors should be limited to "got a number from userland,
> convert to struct file *" on the way in and "install struct file * into
> descriptor table and return the descriptor to userland" on
On Thu, Nov 30, 2017 at 04:57:30PM -0800, Kees Cook wrote:
> On Mon, Oct 9, 2017 at 4:10 PM, David Miller wrote:
> > Shmulik Ladkani (1):
> > netfilter: xt_bpf: Fix XT_BPF_MODE_FD_PINNED mode of 'xt_bpf_info_v1'
>
> This adds a new user of set_fs(), which we're trying
that point.
Signed-off-by: Al Viro <v...@zeniv.linux.org.uk>
---
drivers/staging/lustre/lnet/lnet/lib-socket.c | 8 ++--
net/9p/trans_fd.c | 1 -
net/kcm/kcmsock.c | 7 +--
net/sctp/socket.c | 1
conventions.
Signed-off-by: Al Viro <v...@zeniv.linux.org.uk>
---
net/kcm/kcmsock.c | 71 +--
1 file changed, 27 insertions(+), 44 deletions(-)
diff --git a/net/kcm/kcmsock.c b/net/kcm/kcmsock.c
index 0b750a22c4b9..c5fa634e63ca 100644
--- a/n
simplifies failure exits considerably...
Signed-off-by: Al Viro <v...@zeniv.linux.org.uk>
---
net/socket.c | 89 ++--
1 file changed, 38 insertions(+), 51 deletions(-)
diff --git a/net/socket.c b/net/socket.c
index 42d8e9
Almost all sock_alloc_file() callers want sock_release()
in case of failure. Currently it consumes socket on success
(it will be destroyed on final fput() of resulting file) and
leaves it alone on failure. Making it consume socket in all
cases makes for simpler life in callers.
On Thu, Nov 30, 2017 at 05:18:33AM -0800, Christoph Hellwig wrote:
> On Thu, Nov 30, 2017 at 02:07:19AM +0000, Al Viro wrote:
> > Incidentally, grepping for sys_close() shows another piece of fun in
> > net/netfilter/xt_bpf.c. Folks, ONCE DESCRIPTOR IS INSTALLED, THAT'S
On Thu, Nov 30, 2017 at 02:07:19AM +, Al Viro wrote:
> FWIW, looking through the callers of sock_alloc_file()... we might be
> better off if it did sock_release() on failure. Then the calling
> conventions become "sock_alloc_file() means not calling sock_release()
> direct
On Wed, Nov 29, 2017 at 11:37:04AM -0800, Cong Wang wrote:
> > Allocated by task 31066:
> > save_stack+0x43/0xd0 mm/kasan/kasan.c:447
> > set_track mm/kasan/kasan.c:459 [inline]
> > kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:551
> > kmem_cache_alloc_trace+0x136/0x750 mm/slab.c:3613
> > kmalloc
On Wed, Nov 29, 2017 at 12:24:55PM -0800, Linus Torvalds wrote:
> Ugh. The inode freeing really is confusing and fairly involved, but
> the last free *should* happen as part of the final dput() that is done
> at the end of __fput().
Note that struct socket is coallocated with its inode.
On Tue, Nov 14, 2017 at 12:47:04PM +0800, Vincent Chen wrote:
> Thanks
> So, I should keep the area that we've copied into instead of zeroing
> the area even if unpredicted exception is happened. Right?
Yes. Here's what's required: if raw_copy_{from,to}_user(from, to, size)
returns n, we want
On Wed, Nov 08, 2017 at 01:55:05PM +0800, Greentime Hu wrote:
> +static int restore_sigframe(struct pt_regs *regs,
> + struct rt_sigframe __user * sf)
> +{
[snip]
> + err |= !valid_user_regs(regs);
IDGI... Where do you modify ->ipsw at all and how can
On Wed, Nov 08, 2017 at 01:55:06PM +0800, Greentime Hu wrote:
> +#define __range_ok(addr, size) (size <= get_fs() && addr <= (get_fs() -size))
> +
> +#define access_ok(type, addr, size) \
> + __range_ok((unsigned long)addr, (unsigned long)size)
> +#define
On Tue, Oct 24, 2017 at 04:41:08AM +0300, Tuomas Tynkkynen wrote:
> > I can pick those, or, if you (or somebody else) are willing to
> > actively
> > maintain a 9p tree, you could start sending straight to Linus - up to
> > you.
>
> You can pick these up, I don't have plans for more patches
On Tue, Sep 26, 2017 at 04:10:14PM +0300, Tuomas Tynkkynen wrote:
> Hi Al,
>
> On Wed, 2017-09-06 at 17:59 +0300, Tuomas Tynkkynen wrote:
> > These two patches fix two hard-to-hit (but really annoying) bugs in
> > 9p.
> > The first one was posted earlier in February (with one R-b), the
> > second
ioctl() in question
1) fails with EOPNOTSUPP on
AF_ALG, AF_CAIF, AF_IUCV, AF_KEY, AF_NFC, AF_RXRPC, AF_VSOCK
2) fails with ENOTTY on
AF_DECnet, AF_KCM, AF_LLC, AF_NETLINK, AF_PHONET, AF_PPPOX, AF_RDS,
AF_TIPC, AF_UNIX
3) fails with EINVAL on
AF_ISDN
4)
Handling of SIOC{ADD,DEL}RT for 32bit is somewhat odd. AFAICS,
the rules for native ioctl look so:
AF_APPLETALK, AF_INET, AF_IPX, AF_PACKET: take struct rtentry. The last one
doesn't have ->compat_ioctl() and 32bit automatically hits routing_ioctl()
in net/socket.c, the rest have
On Sun, Sep 24, 2017 at 02:34:19PM +, Tayar, Tomer wrote:
>
> > "qed: Utilize FW 8.10.3.0" has attempted some endianness annotations
> > in that driver; unfortunately, either annotations are BS or the driver is
> > genuinely
> > broken on big-endian hosts.
> [...]
> > Is that driver
"qed: Utilize FW 8.10.3.0" has attempted some endianness
annotations in that driver; unfortunately, either annotations are
BS or the driver is genuinely broken on big-endian hosts.
For example, struct init_qm_vport_params is claimed to have
->vport_wfq little-endian 16bit.
On Tue, Aug 15, 2017 at 02:00:06PM +0200, SF Markus Elfring wrote:
> From: Markus Elfring
> Date: Tue, 15 Aug 2017 09:36:20 +0200
>
> Replace the specification of data structures by variable references
> as the parameter for the operator "sizeof" to make the
to f8f8a727eab1c5b78c3703a461565b042979cc79:
get_compat_bpf_fprog(): don't copyin field-by-field (2017-07-04 13:14:34
-0400)
Al Viro (3):
copy_msghdr_from_user(): get rid of field-by-field copyin
get_compat_msghdr(): get rid of field-by-field copyin
On Tue, Jul 11, 2017 at 08:25:14PM -0700, David Miller wrote:
> looks harmless, or if there is a bug in there I can't see it.
>
> But whatever it is, that same problem could be hiding in some of these
> other transformations as well.
>
> I think the bug might be that we are corrupting the
Signed-off-by: Al Viro <v...@zeniv.linux.org.uk>
---
diff --git a/net/compat.c b/net/compat.c
index dba5e222a0e5..6ded6c821d7a 100644
--- a/net/compat.c
+++ b/net/compat.c
@@ -313,15 +313,15 @@ struct sock_fprog __user *get_compat_bpf_fprog(char
__user *optval)
{
struct compat_sock
101 - 200 of 381 matches
Mail list logo