net/l2tp:BUG: KASAN: use-after-free in l2tp_ip6_close

Hello, While running syzkaller fuzzer I have got the following use-after-free bug in l2tp_ip6_close. The kernel version is 4.8.0+ (on Oct 7 commit d1f5323370fceaed43a7ee38f4c7bfc7e70f28d0). BUG: KASAN: use-after-free in l2tp_ip6_close+0x22e/0x290 at addr 8800081b0ed8 Write of size 8 by task

Re: [RFC v2 0/2] proc connector: get namespace events

Alban Crequy writes: > This is v2 of the patch set to add namespace events in the proc > connector. So while not totally wrong the way you report namespaces makes me grumpy. You are not including the device node of the filesystem those inodes are on. The inode number

net/ipv6: potential deadlock in do_ipv6_setsockopt

Hello, While running syzkaller fuzzer I have got the following deadlock report. The kernel version is 4.8.0+ (on Oct 7 commit d1f5323370fceaed43a7ee38f4c7bfc7e70f28d0). Unfortunately I failed to find a reproducer for it.

BUG: KASAN: use-after-free in udp_lib_get_port

Hello all, While running syzkaller fuzzer I have got the following use-after-free bug in udp_lib_get_port. The kernel version is 4.8.0+ (on Oct 7 commit d1f5323370fceaed43a7ee38f4c7bfc7e70f28d0). Unfortunately I failed to find a reproducer for it. BUG: KASAN: use-after-free in

BUG: KASAN: use-after-free in udp_lib_rehash

Hello all, While running syzkaller fuzzer I have got the following use-after-free bug in udp_lib_rehash. The kernel version is 4.8.0+ (on Oct 7 commit d1f5323370fceaed43a7ee38f4c7bfc7e70f28d0). Unfortunately I failed to find a reproducer for it. BUG: KASAN: use-after-free in

Re: [patch net-next RFC 4/6] Introduce sample tc action

On Wed, Oct 12, 2016 at 3:41 PM, Jiri Pirko wrote: > From: Yotam Gigi > > This action allow the user to sample traffic matched by tc classifier. > The sampling consists of choosing packets randomly, truncating them, > adding some informative metadata

Re: [PATCH v2 1/3] net: smc91x: isolate u16 writes alignment workaround

Robert Jarzmik writes: > diff --git a/drivers/net/ethernet/smsc/smc91x.h > b/drivers/net/ethernet/smsc/smc91x.h > index ea8465467469..dff165ed106d 100644 > --- a/drivers/net/ethernet/smsc/smc91x.h > +++ b/drivers/net/ethernet/smsc/smc91x.h And there is also the specific

[RFC PATCH net-next] bpf: fix potential percpu map overcopy to user.

When running bpf_map_lookup on percpu elements, the bytes copied to userspace depends on num_possible_cpus() * value_size, which could potentially be larger than memory allocated from user, which depends on sysconf(_SC_NPROCESSORS_CONF) to get the current cpu num. As a result, the inconsistency

Re: net/l2tp:BUG: KASAN: use-after-free in l2tp_ip6_close

On Sun, Oct 16, 2016 at 8:07 AM, Baozeng Ding wrote: > Hello, > While running syzkaller fuzzer I have got the following use-after-free > bug in l2tp_ip6_close. The kernel version is 4.8.0+ (on Oct 7 commit > d1f5323370fceaed43a7ee38f4c7bfc7e70f28d0). > > BUG: KASAN:

[PATCH v2 net-next 1/5] net: dsa: mv88e6xxx: Implement interrupt support.

The switch can have up to two interrupt controllers. One of these contains the interrupts from the integrated PHYs, so is useful to export. The Marvell PHY driver can then be used in interrupt mode, rather than polling, speeding up PHY handling and reducing load on the MDIO bus. Signed-off-by:

[PATCH v2 net-next 3/5] net: phy: Threaded interrupts allow some simplification

The PHY interrupts are now handled in a threaded interrupt handler, which can sleep. The work queue is no longer needed, phy_change() can be called directly. phy_mac_interrupt() still needs to be safe to call in interrupt context, so keep the work queue, and use a helper to call phy_change().

[PATCH v2 net-next 2/5] net: phy: Use threaded IRQ, to allow IRQ from sleeping devices

The interrupt lines from PHYs maybe connected to I2C bus expanders, or from switches on MDIO busses. Such interrupts are sourced from devices which sleep, so use threaded interrupts. Threaded interrupts require that the interrupt requester also uses the threaded API. Change the phylib to use the

[PATCH v2 net-next 0/5] Interrupt support for mv88e6xxx

This patchset add interrupt controller support to the MV88E6xxx. This allows access to the interrupts the internal PHY generate. These interrupts can then be associated to a PHY device in the device tree and used by the PHY lib, rather than polling. Since interrupt handling needs to make MDIO

[PATCH v2 net-next 4/5] net: phy: Use phy name when requesting the interrupt

Using the fixed name "phy_interrupt" is not very informative in /proc/interrupts when there are a lot of phys, e.g. a device with an Ethernet switch. So when requesting the interrupt, use the name of the phy. Signed-off-by: Andrew Lunn Acked-by: Florian Fainelli

[PATCH v2 net-next 5/5] arm: vf610: zii devel b: Add support for switch interrupts

The Switches use GPIO lines to indicate interrupts from two of the switches. With these interrupts in place, we can make use of the interrupt controllers within the switch to indicate when the internal PHYs generate an interrupt. Use standard PHY properties to do this. Signed-off-by: Andrew Lunn

Re: BUG: KASAN: use-after-free in udp_lib_get_port

On Sun, Oct 16, 2016 at 6:46 AM, Baozeng Ding wrote: > Hello all, > While running syzkaller fuzzer I have got the following use-after-free > bug in udp_lib_get_port. The kernel version is 4.8.0+ (on Oct 7 commit > d1f5323370fceaed43a7ee38f4c7bfc7e70f28d0). Unfortunately I

Re: net/ipv6: potential deadlock in do_ipv6_setsockopt

On Sun, Oct 16, 2016 at 6:34 AM, Baozeng Ding wrote: > Possible unsafe locking scenario: > >CPU0CPU1 > > lock([ 165.136033] sk_lock-AF_INET6 > ); >lock([ 165.136033]

[PATCH 1/8] tools lib bpf: add error functions

The include of err.h is not explicitely needed in exported functions and it was causing include conflict with some existing code due to redefining some macros. To fix this, let's have error handling functions provided by the library. Furthermore this will allow user to have an homogeneous API.

[PATCH 6/8] tools lib bpf: improve warning

Signed-off-by: Eric Leblond --- tools/lib/bpf/libbpf.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c index 7cd341e..1fe4532 100644 --- a/tools/lib/bpf/libbpf.c +++ b/tools/lib/bpf/libbpf.c @@ -802,7 +802,8 @@

[PATCH 7/8] tools lib bpf: fix maps resolution

It is not correct to assimilate the elf data of the maps section to an array of map definition. In fact the sizes differ. The offset provided in the symbol section has to be used instead. This patch fixes a bug causing a elf with two maps not to load correctly. Signed-off-by: Eric Leblond

[PATCH 3/8] tools: Sync tools/include/uapi/linux/bpf.h with the kernel

Signed-off-by: Eric Leblond --- tools/include/uapi/linux/bpf.h | 52 ++ 1 file changed, 52 insertions(+) diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h index 9e5fc16..570287f 100644 ---

[PATCH 2/8] uapi linux bpf: add max value to enum

It will be used to detect userspace trying to set invalid value. Signed-off-by: Eric Leblond --- include/uapi/linux/bpf.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h index f09c70b..570287f 100644 ---

[PATCH 0/8] tools lib bpf: fixes and functional upgrade

Hello, Here's a patchset on the libbpf library that can be found in tools/lib/bpf. Patch 0 to patch 4 add a new function to be able to set the BPF program type. Till then program type such as network filter can't be loaded by the library: * tools lib bpf: add error functions * uapi linux bpf:

[PATCH 8/8] tools lib bpf: install header file

Makefile was not installing the header file of the library and a manual copy was needed to have a usable library on the system. Signed-off-by: Eric Leblond --- tools/lib/bpf/Makefile | 11 +-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git

[PATCH 4/8] tools lib bpf: export function to set type

Current API was not allowing the user to set a type like socket filter. To avoid a setter function for each type, the patch simply exports a set function that takes the type in parameter. Signed-off-by: Eric Leblond --- tools/lib/bpf/libbpf.c | 19 +--

[PATCH 5/8] tools lib bpf: add missing functions

Some functions were missing in the library to be able to use it in the case where the userspace is handling the maps in kernel. The patch also renames functions to have a homogeneous naming convention. Signed-off-by: Eric Leblond --- tools/lib/bpf/bpf.c| 35

[PATCH] mac80211_hwsim: suggest nl80211 instead of wext driver in documentation

For mac80211_hwsim interfaces, suggest to use wpa_supplicant with the more modern, netlink based driver instead of wext. Signed-off-by: Linus Lüssing --- Actually, I wasn't even able to make a connection with the configuration files and information provided in

iproute: ss truncates abstract unix domain socket embedding null

Hello, The unix(7) man page says that null have no special meaning in abstract unix domain socket address (the length is specified therefore). However, when such name (embedding null) is used, ss (and netstat) will only show up to the first null occurrence (second technically, if we count the

[PATCH] cxgb4: fix memory leak of qe on error exit path

From: Colin Ian King A memory leak of qe occurs when t4_sched_queue_unbind fails, so fix this by free'ing qe on the error exit path. Signed-off-by: Colin Ian King --- drivers/net/ethernet/chelsio/cxgb4/sched.c | 4 +++- 1 file changed, 3

Re: [PATCH 4/8] tools lib bpf: export function to set type

On 2016/10/17 5:18, Eric Leblond wrote: Current API was not allowing the user to set a type like socket filter. To avoid a setter function for each type, the patch simply exports a set function that takes the type in parameter. Signed-off-by: Eric Leblond ---

Re: [PATCH 5/8] tools lib bpf: add missing functions

On 2016/10/17 5:18, Eric Leblond wrote: Some functions were missing in the library to be able to use it in the case where the userspace is handling the maps in kernel. The patch also renames functions to have a homogeneous naming convention. Signed-off-by: Eric Leblond ---

[PATCH] net: Require exact match for TCP socket lookups if dif is l3mdev

Currently, socket lookups for l3mdev (vrf) use cases can match a socket that is bound to a port but not a device (ie., a global socket). If the sysctl tcp_l3mdev_accept is not set this leads to ack packets going out based on the main table even though the packet came in from an L3 domain. The end

Re: [PATCH 6/8] tools lib bpf: improve warning

On 2016/10/17 5:18, Eric Leblond wrote: Signed-off-by: Eric Leblond Please add some commit messages. Thank you. --- tools/lib/bpf/libbpf.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c index

Re: [PATCH 1/8] tools lib bpf: add error functions

On 2016/10/17 5:18, Eric Leblond wrote: The include of err.h is not explicitely needed in exported functions and it was causing include conflict with some existing code due to redefining some macros. To fix this, let's have error handling functions provided by the library. Furthermore this

Re: [PATCH 3/8] tools: Sync tools/include/uapi/linux/bpf.h with the kernel

On 2016/10/17 5:18, Eric Leblond wrote: Signed-off-by: Eric Leblond Commit message is required. Thank you. --- tools/include/uapi/linux/bpf.h | 52 ++ 1 file changed, 52 insertions(+) diff --git a/tools/include/uapi/linux/bpf.h

Re: [PATCH 7/8] tools lib bpf: fix maps resolution

On 2016/10/17 5:18, Eric Leblond wrote: It is not correct to assimilate the elf data of the maps section to an array of map definition. In fact the sizes differ. The offset provided in the symbol section has to be used instead. This patch fixes a bug causing a elf with two maps not to load

[RFC PATCH v3 1/2] L2TP:Adjust intf MTU,factor underlay L3,overlay L2

[v3: Picked up review comments from James Chapman, added a function to compute ip header + ip option overhead on a socket, and factored it into L2TP change-set, RFC, would like early feedback on name and placement, and logic of new function while I test this] >From

[PATCH net-next] ila: Don't use dest cache when gateway is set

If the gateway is set on an ILA route we don't need to bother with using the destination cache in the ILA route. Translation does not change the routing in this case so we can stick with orig_output in the lwstate output function. Tested: Ran netperf with and without gateway for LWT route.

[RFC PATCH v3 2/2] L2TP:Adjust intf MTU,factor underlay L3,overlay L2

[v3: Picked up review comments from James Chapman, added a function to compute ip header + ip option overhead on a socket, and factored it into L2TP change-set, RFC, would like early feedback on name and placement of new function while I test this. Part 2/2: Changes in l2tp_eth.c, using