Re: [PATCH 14/18] ipv4: prevent bounds-check bypass via speculative execution

On Sat, 6 Jan 2018 10:01:54 +0100 Greg KH wrote: > On Fri, Jan 05, 2018 at 05:11:10PM -0800, Dan Williams wrote: > > Static analysis reports that 'offset' may be a user controlled value > > Can I see the rule that determined that? It does not feel like that is >

[PATCH net-next v6 0/3] Socionext Synquacer NETSEC driver

From: Jassi Brar Changes since v5 # Removed helper macros # Removed 'inline' qualifier # Changed multiline empty comment to single line # Added 'clock-names' property in DT binding example # Ignore 'clock-names' property in

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

On Fri, 5 Jan 2018 18:52:07 -0800 Linus Torvalds wrote: > On Fri, Jan 5, 2018 at 5:10 PM, Dan Williams wrote: > > From: Andi Kleen > > > > When access_ok fails we should always stop speculating. > > Add the required

Re: [PATCH] netfilter: fix int overflow in xt_alloc_table_info()

On Thu, Dec 28, 2017 at 9:48 AM, Dmitry Vyukov wrote: > syzkaller triggered OOM kills by passing ipt_replace.size = -1 > to IPT_SO_SET_REPLACE. The root cause is that SMP_ALIGN() in > xt_alloc_table_info() causes int overflow and the size check passes > when it should not.

[PATCH net-next v6 1/3] dt-bindings: net: Add DT bindings for Socionext Netsec

From: Jassi Brar This patch adds documentation for Device-Tree bindings for the Socionext NetSec Controller driver. Reviewed-by: Rob Herring Signed-off-by: Jassi Brar Signed-off-by: Ard Biesheuvel

[PATCH net-next v6 2/3] net: socionext: Add Synquacer NetSec driver

From: Jassi Brar This driver adds support for Socionext "netsec" IP Gigabit Ethernet + PHY IP used in the Synquacer SC2A11 SoC. Signed-off-by: Ard Biesheuvel Signed-off-by: Jassi Brar ---

[PATCH net-next v6 3/3] MAINTAINERS: Add entry for Socionext ethernet driver

From: Jassi Brar Add entry for the Socionext Netsec controller driver and DT bindings. Acked-by: Ard Biesheuvel Signed-off-by: Jassi Brar --- MAINTAINERS | 7 +++ 1 file changed, 7 insertions(+) diff

Re: [PATCH 0/2] net: dsa: lan9303: check error value from devm_gpiod_get_optional()

Den 13. nov. 2017 09:07, skrev Phil Reid: Replaces Pan Bian patch "net: dsa: lan9303: correctly check return value of devm_gpiod_get_optional" Errors need to be prograted back from probe. Note: I have only compile tested the code as I don't have the hardware. Phil Reid

Re: [PATCH 01/18] asm-generic/barrier: add generic nospec helpers

On Fri, Jan 05, 2018 at 09:23:06PM -0800, Dan Williams wrote: > On Fri, Jan 5, 2018 at 6:55 PM, Linus Torvalds > wrote: > > On Fri, Jan 5, 2018 at 5:09 PM, Dan Williams > > wrote: > >> +#ifndef nospec_ptr > >> +#define nospec_ptr(ptr, lo,

Re: KASAN: use-after-free Read in sctp_packet_transmit

Em 6 de janeiro de 2018 15:09:45 BRST, Dmitry Vyukov escreveu: >On Sat, Jan 6, 2018 at 6:02 PM, Marcelo Ricardo Leitner > wrote: >> On Fri, Jan 05, 2018 at 02:07:01PM -0800, syzbot wrote: >>> Hello, >>> >>> syzkaller hit the following crash on >>>

Re: KASAN: use-after-free Read in sctp_packet_transmit

On 1/5/18, syzbot wrote: > Hello, > > syzkaller hit the following crash on > 8a4816cad00bf14642f0ed6043b32d29a05006ce > git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/master > compiler: gcc (GCC) 7.1.1 20170620 > .config is

Re: [PATCH 08/18] carl9170: prevent bounds-check bypass via speculative execution

On Saturday, January 6, 2018 2:10:37 AM CET Dan Williams wrote: > Static analysis reports that 'queue' may be a user controlled value that > is used as a data dependency to read from the 'ar9170_qmap' array. In > order to avoid potential leaks of kernel memory values, block > speculative execution

Re: [PATCH 3.2 01/06] "bridge should send gratuitous ARP to notify peer while a bond, which is a port of this bridge, changes."

On Sat, 6 Jan 2018 17:25:20 +0800 邢庆杰 wrote: > We create bond0 and add eth0 as slaves. Eth0 is active. Then we add > bond0 > into br0 as a bridge port. Br0 has ip address. When eth0 is down, after > bond0's > failover eth1 become active. At this moment, we need br0 send a

Re: [PATCH net-next 06/20] net: hns3: Modify the update period of packet statistics

> >Is it because the static void is on the previous line? > Yes, it is because the static void is on the previous line. > > I can add one patch to fix the previous line , and this patch will correct > automatically. > > do it need V2 patchset? or push a new patch after this patchset? Thanks

Re: [PATCH 08/18] carl9170: prevent bounds-check bypass via speculative execution

On Saturday, January 6, 2018 4:06:21 PM CET Alan Cox wrote: > > The only way a user can set this in any meaningful way would be via > > a NL80211_CMD_SET_WIPHY netlink message. However, the value will get > > vetted there by cfg80211's parse_txq_params [0]. This is long before > > Far more than a

Re: KASAN: use-after-free Read in sctp_packet_transmit

On Sat, Jan 6, 2018 at 6:02 PM, Marcelo Ricardo Leitner wrote: > On Fri, Jan 05, 2018 at 02:07:01PM -0800, syzbot wrote: >> Hello, >> >> syzkaller hit the following crash on >> 8a4816cad00bf14642f0ed6043b32d29a05006ce >>

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

On Sat, Jan 6, 2018 at 4:32 AM, Alan Cox wrote: > > Also for x86-64 if we are trusting that an AND with a constant won't get > speculated into something else surely we can just and the address with ~(1 > << 63) before copying from/to user space ? The user will then

Re: [net-next v2] ipv6: sr: export some functions of seg6local

On Thu, 04 Jan 2018 13:37:33 -0500 (EST) David Miller wrote: > From: Ahmed Abdelsalam > Date: Sat, 30 Dec 2017 00:08:32 +0100 > > > Some functions of seg6local are very useful to process SRv6 > > encapsulated packets > > > > This patch exports some

Re: [PATCH 13/18] ipv6: prevent bounds-check bypass via speculative execution

On Fri, 05 Jan 2018 17:11:04 -0800 Dan Williams wrote: > Static analysis reports that 'offset' may be a user controlled value > that is used as a data dependency reading from a raw6_frag_vec buffer. > In order to avoid potential leaks of kernel memory values, block >

Re: [PATCH 08/18] carl9170: prevent bounds-check bypass via speculative execution

> The only way a user can set this in any meaningful way would be via > a NL80211_CMD_SET_WIPHY netlink message. However, the value will get > vetted there by cfg80211's parse_txq_params [0]. This is long before Far more than a couple of hundred instructions ? The problem is that the processor

Re: [PATCH 14/18] ipv4: prevent bounds-check bypass via speculative execution

On Sat, Jan 06, 2018 at 12:23:47PM +, Alan Cox wrote: > On Sat, 6 Jan 2018 10:01:54 +0100 > Greg KH wrote: > > > On Fri, Jan 05, 2018 at 05:11:10PM -0800, Dan Williams wrote: > > > Static analysis reports that 'offset' may be a user controlled value > > > > Can

Re: [PATCH 08/18] carl9170: prevent bounds-check bypass via speculative execution

On Sat, Jan 6, 2018 at 6:23 AM, Christian Lamparter wrote: > On Saturday, January 6, 2018 2:10:37 AM CET Dan Williams wrote: >> Static analysis reports that 'queue' may be a user controlled value that >> is used as a data dependency to read from the 'ar9170_qmap' array. In >>

Re: KASAN: use-after-free Read in sctp_packet_transmit

On Fri, Jan 05, 2018 at 02:07:01PM -0800, syzbot wrote: > Hello, > > syzkaller hit the following crash on > 8a4816cad00bf14642f0ed6043b32d29a05006ce > git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/master > compiler: gcc (GCC) 7.1.1 20170620 > .config is attached > Raw console

Re: [patch net-next v6 01/11] net: sched: introduce support for multiple filter chain pointers registration

Sat, Jan 06, 2018 at 12:09:19AM CET, j...@resnulli.us wrote: >From: Jiri Pirko > >So far, there was possible only to register a single filter chain >pointer to block->chain[0]. However, when the blocks will get shareable, >we need to allow multiple filter chain pointers

Re: [patch net-next v6 00/11] net: sched: allow qdiscs to share filter block instances

On 18-01-06 04:48 AM, Jiri Pirko wrote: [..] Or, do you think it should work like: $ tc qdisc add dev ens8 ingress $ tc qdisc qdisc ingress : dev ens8 parent :fff1 > $ tc qdisc add dev ens7 ingress block 22 > $ tc qdisc qdisc ingress : dev ens7 parent :fff1 block 22 qdisc

Re: [PATCH 14/18] ipv4: prevent bounds-check bypass via speculative execution

On Sat, Jan 6, 2018 at 7:14 AM, Greg KH wrote: > On Sat, Jan 06, 2018 at 12:23:47PM +, Alan Cox wrote: >> On Sat, 6 Jan 2018 10:01:54 +0100 >> Greg KH wrote: >> >> > On Fri, Jan 05, 2018 at 05:11:10PM -0800, Dan Williams wrote: >> > >

Re: [PATCH 12/18] Thermal/int340x: prevent bounds-check bypass via speculative execution

On Fri, 2018-01-05 at 17:57 -0800, Dan Williams wrote: > On Fri, Jan 5, 2018 at 5:53 PM, Srinivas Pandruvada > wrote: > > > > On Fri, 2018-01-05 at 17:10 -0800, Dan Williams wrote: > > > > > > Static analysis reports that 'trip' may be a user controlled > >

Re: [patch net-next v6 00/11] net: sched: allow qdiscs to share filter block instances

On 1/6/18 1:07 AM, Jiri Pirko wrote: > Sat, Jan 06, 2018 at 04:57:21AM CET, dsah...@gmail.com wrote: >> On 1/5/18 4:09 PM, Jiri Pirko wrote: >>> From: Jiri Pirko >>> >>> Currently the filters added to qdiscs are independent. So for example if you >>> have 2 netdevices and you

Re: [PATCH 07/18] [media] uvcvideo: prevent bounds-check bypass via speculative execution

On Sat, Jan 6, 2018 at 1:40 AM, Greg KH wrote: > On Sat, Jan 06, 2018 at 10:09:07AM +0100, Greg KH wrote: >> On Fri, Jan 05, 2018 at 05:10:32PM -0800, Dan Williams wrote: >> > Static analysis reports that 'index' may be a user controlled value that >> > is used as a

Re: [PATCH net-next] net: tracepoint: adding new tracepoint arguments in inet_sock_set_state

> On Jan 5, 2018, at 12:09 AM, Yafang Shao wrote: > > On Fri, Jan 5, 2018 at 3:21 PM, Song Liu wrote: >> >>> On Jan 4, 2018, at 10:42 PM, Yafang Shao wrote: >>> >>> sk->sk_protocol and sk->sk_family are exposed as tracepoint

Re: [PATCH 13/18] ipv6: prevent bounds-check bypass via speculative execution

On Sat, Jan 6, 2018 at 6:48 AM, Stephen Hemminger wrote: > On Fri, 05 Jan 2018 17:11:04 -0800 > Dan Williams wrote: > >> Static analysis reports that 'offset' may be a user controlled value >> that is used as a data dependency reading from a

Re: [PATCH 14/18] ipv4: prevent bounds-check bypass via speculative execution

On Sat, Jan 6, 2018 at 8:29 AM, Dan Williams wrote: > On Sat, Jan 6, 2018 at 7:14 AM, Greg KH wrote: >> On Sat, Jan 06, 2018 at 12:23:47PM +, Alan Cox wrote: >>> On Sat, 6 Jan 2018 10:01:54 +0100 >>> Greg KH

Re: [PATCH 2/2] SolutionEngine771x: add Ether TSU resource

Hello! On 1/3/2018 11:08 PM, Sergei Shtylyov wrote: After the Ether platform data is fixed, the driver probe() method would still fail since the 'struct sh_eth_cpu_data' corresponding to SH771x indicates the presence of TSU but the memory resource for it is absent. Add the missing TSU

Re: [PATCH 07/18] [media] uvcvideo: prevent bounds-check bypass via speculative execution

On Sat, Jan 06, 2018 at 10:09:07AM +0100, Greg KH wrote: > On Fri, Jan 05, 2018 at 05:10:32PM -0800, Dan Williams wrote: > > Static analysis reports that 'index' may be a user controlled value that > > is used as a data dependency to read 'pin' from the > > 'selector->baSourceID' array. In order

Re: [patch net-next v6 00/11] net: sched: allow qdiscs to share filter block instances

Sat, Jan 06, 2018 at 09:07:28AM CET, j...@resnulli.us wrote: >Sat, Jan 06, 2018 at 04:57:21AM CET, dsah...@gmail.com wrote: >>On 1/5/18 4:09 PM, Jiri Pirko wrote: >>> From: Jiri Pirko >>> >>> Currently the filters added to qdiscs are independent. So for example if you >>> have

Re: [PATCH 12/18] Thermal/int340x: prevent bounds-check bypass via speculative execution

On 1/6/2018 4:10 AM, Dan Williams wrote: Static analysis reports that 'trip' may be a user controlled value that is used as a data dependency to read '*temp' from the 'd->aux_trips' array. In order to avoid potential leaks of kernel memory values, block speculative execution of the instruction

Re: [patch net-next v6 00/11] net: sched: allow qdiscs to share filter block instances

Sat, Jan 06, 2018 at 04:57:21AM CET, dsah...@gmail.com wrote: >On 1/5/18 4:09 PM, Jiri Pirko wrote: >> From: Jiri Pirko >> >> Currently the filters added to qdiscs are independent. So for example if you >> have 2 netdevices and you create ingress qdisc on both and you want to

Re: [PATCH 15/18] vfs, fdtable: prevent bounds-check bypass via speculative execution

On 1/6/2018 4:11 AM, Dan Williams wrote: Expectedly, static analysis reports that 'fd' is a user controlled value that is used as a data dependency to read from the 'fdt->fd' array. In order to avoid potential leaks of kernel memory values, block speculative execution of the instruction stream

Re: [PATCH 16/18] net: mpls: prevent bounds-check bypass via speculative execution

On 1/6/2018 4:11 AM, Dan Williams wrote: Static analysis reports that 'index' may be a user controlled value that is used as a data dependency reading 'rt' from the 'platform_label' array. In order to avoid potential leaks of kernel memory values, block speculative execution of the instruction

Re: [PATCH 14/18] ipv4: prevent bounds-check bypass via speculative execution

On 1/6/2018 4:11 AM, Dan Williams wrote: Static analysis reports that 'offset' may be a user controlled value that is used as a data dependency reading from a raw_frag_vec buffer. In order to avoid potential leaks of kernel memory values, block speculative execution of the instruction stream

Re: [PATCH 13/18] ipv6: prevent bounds-check bypass via speculative execution

On 1/6/2018 4:11 AM, Dan Williams wrote: Static analysis reports that 'offset' may be a user controlled value that is used as a data dependency reading from a raw6_frag_vec buffer. In order to avoid potential leaks of kernel memory values, block speculative execution of the instruction stream

[PATCH] mdio-sun4i: Fix a memory leak

If the probing of the regulator is deferred, the memory allocated by 'mdiobus_alloc_size()' will be leaking. It should be freed before the next call to 'sun4i_mdio_probe()' which will reallocate it. Fixes: 4bdcb1dd9feb ("net: Add MDIO bus driver for the Allwinner EMAC") Signed-off-by: Christophe

Re: [PATCH 14/18] ipv4: prevent bounds-check bypass via speculative execution

On Fri, Jan 05, 2018 at 05:11:10PM -0800, Dan Williams wrote: > Static analysis reports that 'offset' may be a user controlled value > that is used as a data dependency reading from a raw_frag_vec buffer. > In order to avoid potential leaks of kernel memory values, block > speculative execution of

Re: [PATCH 14/18] ipv4: prevent bounds-check bypass via speculative execution

On Fri, Jan 05, 2018 at 05:11:10PM -0800, Dan Williams wrote: > Static analysis reports that 'offset' may be a user controlled value Can I see the rule that determined that? It does not feel like that is correct, given the 3+ levels deep that this function gets this value from... Same for the

Re: [PATCH 10/18] qla2xxx: prevent bounds-check bypass via speculative execution

On Fri, Jan 05, 2018 at 05:10:48PM -0800, Dan Williams wrote: > Static analysis reports that 'handle' may be a user controlled value > that is used as a data dependency to read 'sp' from the > 'req->outstanding_cmds' array. In order to avoid potential leaks of > kernel memory values, block

Re: [PATCH 10/18] qla2xxx: prevent bounds-check bypass via speculative execution

On Sat, Jan 06, 2018 at 10:03:22AM +0100, Greg KH wrote: > On Fri, Jan 05, 2018 at 05:10:48PM -0800, Dan Williams wrote: > > Static analysis reports that 'handle' may be a user controlled value > > that is used as a data dependency to read 'sp' from the > > 'req->outstanding_cmds' array. In order

Re: [PATCH 08/18] carl9170: prevent bounds-check bypass via speculative execution

Hello! On 1/6/2018 4:10 AM, Dan Williams wrote: Static analysis reports that 'queue' may be a user controlled value that is used as a data dependency to read from the 'ar9170_qmap' array. In order to avoid potential leaks of kernel memory values, block speculative execution of the instruction

Re: [PATCH 09/18] p54: prevent bounds-check bypass via speculative execution

On 1/6/2018 4:10 AM, Dan Williams wrote: Static analysis reports that 'queue' may be a user controlled value that is used as a data dependency to read from the 'priv->qos_params' array. In order to avoid potential leaks of kernel memory values, block speculative execution of the instruction

Re: [patch net-next v6 00/11] net: sched: allow qdiscs to share filter block instances

On 18-01-06 01:02 PM, Jamal Hadi Salim wrote: On 18-01-06 04:48 AM, Jiri Pirko wrote: BTW: From your output, DavidA, i noticed something strange: two flower filters with the same handle id 0x1 (different prios) At least on the kernel i am using this is the exhibited default behavior. I can

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

On Sat, Jan 06, 2018 at 06:38:59PM +, Alan Cox wrote: > On Sat, 6 Jan 2018 10:13:33 -0800 > Alexei Starovoitov wrote: > > > On Sat, Jan 06, 2018 at 12:32:42PM +, Alan Cox wrote: > > > On Fri, 5 Jan 2018 18:52:07 -0800 > > > Linus Torvalds

[PATCH 1/2] SolutionEngine771x: fix Ether platform data

The 'sh_eth' driver's probe() method would fail on the SolutionEngine7710 board and crash on SolutionEngine7712 board as the platform code is hopelessly behind the driver's platform data -- it passes the PHY address instead of 'struct sh_eth_plat_data *'; pass the latter to the driver in order

[PATCH 2/2] SolutionEngine771x: add Ether TSU resource

After the Ether platform data is fixed, the driver probe() method would still fail since the 'struct sh_eth_cpu_data' corresponding to SH771x indicates the presence of TSU but the memory resource for it is absent. Add the missing TSU resource to both Ether devices and fix the harmless

[PATCH 0/2] Ether fixes for the SolutionEngine771x boards

Hello! Here's the series of 2 patches against Linus' repo. This series should (hoplefully) fix the Ether support on the SolutionEngine771x boards... [1/2] SolutionEngine771x: fix Ether platform data [2/2] SolutionEngine771x: add Ether TSU resource MBR, Sergei

Re: [PATCH 00/18] prevent bounds-check bypass via speculative execution

Le 01/05/18 à 17:09, Dan Williams a écrit : > Quoting Mark's original RFC: > > "Recently, Google Project Zero discovered several classes of attack > against speculative execution. One of these, known as variant-1, allows > explicit bounds checks to be bypassed under speculation, providing an >

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

On Sat, Jan 6, 2018 at 10:39 AM, Alexei Starovoitov wrote: [..] >> retpoline is variant-2, this patch series is about variant-1. > > that's exactly the point. Don't slow down the kernel with lfences > to solve variant 1. retpoline for 2 is ok from long term kernel >

Re: [PATCH 0/2] Ether fixes for the SolutionEngine771x boards

Oops, forgot to add v2 to the subjects... :-/

Re: [PATCH 03/31] fs: introduce new ->get_poll_head and ->poll_mask methods

On Thu, Jan 04, 2018 at 09:00:15AM +0100, Christoph Hellwig wrote: > ->get_poll_head returns the waitqueue that the poll operation is going > to sleep on. Note that this means we can only use a single waitqueue > for the poll, unlike some current drivers that use two waitqueues for > different

Re: [PATCH 04/31] net: add support for ->poll_mask in proto_ops

On Thu, Jan 04, 2018 at 09:00:16AM +0100, Christoph Hellwig wrote: > The socket file operations still implement ->poll until all protocols are > switched over. > > Signed-off-by: Christoph Hellwig > --- > include/linux/net.h | 3 +++ > net/socket.c| 61 >

Re: [RFC PATCH 3/3] tcp: Add tunable parameters for TSQ

Thank you, Eric and David, for the time spent in reviewing our work. Some comments inline: On 05/01/18 at 03:53am, Eric Dumazet wrote: > I do not want to add yet another condition in fast path. > Just put an arbitrary large value in the existing sysctl, no need for > extra code. Due to the

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

On Sat, Jan 06, 2018 at 10:54:27AM -0800, Dan Williams wrote: > On Sat, Jan 6, 2018 at 10:39 AM, Alexei Starovoitov > wrote: > [..] > >> retpoline is variant-2, this patch series is about variant-1. > > > > that's exactly the point. Don't slow down the kernel with

Re: [iproute2 2/2] ss: fix NULL pointer access when parsing unix sockets with oldformat

Hi, On 07/01/18 03:28, Stefano Brivio wrote: > On Sun, 7 Jan 2018 02:31:50 +0800 > Antonio Quartulli wrote: > >> When parsing and printing the unix sockets in unix_show(), >> if the oldformat is detected, the peer_name member of the sockstat >> object is left uninitialized

Re: dvb usb issues since kernel 4.9

Hi Josef, Em Sat, 6 Jan 2018 16:04:16 +0100 "Josef Griebichler" escreveu: > Hi, > > the causing commit has been identified. > After reverting commit >

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

> cpus execute what they see. speculative execution does the same > except results are not committed to visible registers and stay > in renanmed/shadow set. There is no 'undo' of the speculative execution. > The whole issue is that cache and branch predictor don't have > a shadow unlike registers.

Re: [PATCH 00/18] prevent bounds-check bypass via speculative execution

On Sat, Jan 6, 2018 at 11:37 AM, Dan Williams wrote: > On Fri, Jan 5, 2018 at 5:09 PM, Dan Williams wrote: >> Quoting Mark's original RFC: >> >> "Recently, Google Project Zero discovered several classes of attack >> against speculative

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

> "Value prediction consists of predicting entire 32- and 64-bit register values > based on previously-seen values" For their implementation yes > > > In other words there are at least two problems with Linus proposal > > > > 1. The / mask has to be generated and that has to involve

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

On Sat, Jan 06, 2018 at 12:32:42PM +, Alan Cox wrote: > On Fri, 5 Jan 2018 18:52:07 -0800 > Linus Torvalds wrote: > > > On Fri, Jan 5, 2018 at 5:10 PM, Dan Williams > > wrote: > > > From: Andi Kleen > > > > > >

Re: [PATCH 1/2] SolutionEngine771x: fix Ether platform data

Hello! On 01/03/2018 11:08 PM, Sergei Shtylyov wrote: The 'sh_eth' driver's probe() method would fail on the SolutionEngine7710 board and crash on SolutionEngine7712 board as the platform code is hopelessly behind the driver's platform data -- it passes the PHY address instead of 'struct

Re: [patch net-next v6 00/11] net: sched: allow qdiscs to share filter block instances

On 18-01-06 12:41 PM, David Ahern wrote: On 1/6/18 1:07 AM, Jiri Pirko wrote: Sat, Jan 06, 2018 at 04:57:21AM CET, dsah...@gmail.com wrote: On 1/5/18 4:09 PM, Jiri Pirko wrote: From: Jiri Pirko $ tc filter show block 22 $ echo $? 0 $ tc qdisc show | grep block qdisc

Re: [PATCH 00/18] prevent bounds-check bypass via speculative execution

On Fri, Jan 5, 2018 at 5:09 PM, Dan Williams wrote: > Quoting Mark's original RFC: > > "Recently, Google Project Zero discovered several classes of attack > against speculative execution. One of these, known as variant-1, allows > explicit bounds checks to be bypassed

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

On Sat, Jan 06, 2018 at 07:55:51PM +, Alan Cox wrote: > > cpus execute what they see. speculative execution does the same > > except results are not committed to visible registers and stay > > in renanmed/shadow set. There is no 'undo' of the speculative execution. > > The whole issue is that

Re: [patch net-next v6 00/11] net: sched: allow qdiscs to share filter block instances

Sat, Jan 06, 2018 at 06:41:18PM CET, dsah...@gmail.com wrote: >On 1/6/18 1:07 AM, Jiri Pirko wrote: >> Sat, Jan 06, 2018 at 04:57:21AM CET, dsah...@gmail.com wrote: >>> On 1/5/18 4:09 PM, Jiri Pirko wrote: From: Jiri Pirko Currently the filters added to qdiscs

Re: [patch net-next v6 00/11] net: sched: allow qdiscs to share filter block instances

Sat, Jan 06, 2018 at 07:16:10PM CET, j...@mojatatu.com wrote: >On 18-01-06 12:41 PM, David Ahern wrote: >> On 1/6/18 1:07 AM, Jiri Pirko wrote: >> > Sat, Jan 06, 2018 at 04:57:21AM CET, dsah...@gmail.com wrote: >> > > On 1/5/18 4:09 PM, Jiri Pirko wrote: >> > > > From: Jiri Pirko

Re: [patch net-next v6 06/11] net: sched: use block index as a handle instead of qdisc when block is shared

Sat, Jan 06, 2018 at 12:09:24AM CET, j...@resnulli.us wrote: >From: Jiri Pirko > >As the tcm_ifindex 0 is invalid ifindex, reuse it to indicate that we >work with block, instead of qdisc. So if tcm_ifindex is 0, tcm_parent is >used to carry block_index. > >If the block is set

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

On Sat, Jan 06, 2018 at 06:38:59PM +, Alan Cox wrote: > Normally people who propose security fixes don't have to argue about the > fact they added 30 clocks to avoid your box being 0wned. In fact it depends, because if a fix makes the system unusable for its initial purpose, this fix will

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

On Sat, Jan 6, 2018 at 10:13 AM, Alexei Starovoitov wrote: > On Sat, Jan 06, 2018 at 12:32:42PM +, Alan Cox wrote: >> On Fri, 5 Jan 2018 18:52:07 -0800 >> Linus Torvalds wrote: >> >> > On Fri, Jan 5, 2018 at 5:10 PM, Dan Williams

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

On Sat, Jan 06, 2018 at 10:29:49AM -0800, Dan Williams wrote: > On Sat, Jan 6, 2018 at 10:13 AM, Alexei Starovoitov > wrote: > > On Sat, Jan 06, 2018 at 12:32:42PM +, Alan Cox wrote: > >> On Fri, 5 Jan 2018 18:52:07 -0800 > >> Linus Torvalds

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

On Sat, 6 Jan 2018 10:13:33 -0800 Alexei Starovoitov wrote: > On Sat, Jan 06, 2018 at 12:32:42PM +, Alan Cox wrote: > > On Fri, 5 Jan 2018 18:52:07 -0800 > > Linus Torvalds wrote: > > > > > On Fri, Jan 5, 2018 at 5:10 PM, Dan

Re: [iproute2 1/2] ss: fix crash when skipping disabled header field

On Sun, 7 Jan 2018 02:31:49 +0800 Antonio Quartulli wrote: > When the first header field is disabled (i.e. when passing the -t > option), field_flush() is invoked with the `buffer` global variable > still zero'd. > However, in field_flush() we try to access buffer.cur->len >

Re: [PATCH v2] openvswitch: Trim off padding before L3+ netfilter processing

On Fri, Jan 5, 2018 at 10:59 PM, Ed Swierk wrote: > > > On Jan 5, 2018 22:17, "Pravin Shelar" wrote: > > On Fri, Jan 5, 2018 at 3:20 PM, Ed Swierk > wrote: >> On Fri, Jan 5, 2018 at 10:14 AM, Ed Swierk

Re: [PATCH 00/18] prevent bounds-check bypass via speculative execution

It sounds like Coverity was used to produce these patches? If so, is there a plan to have smatch (hey Dan) or other open source static analysis tool be possibly enhanced to do a similar type of work? I'd love for that to happen; the tricky part is being able to have even a sort of sensible

[iproute2 2/2] ss: fix NULL pointer access when parsing unix sockets with oldformat

When parsing and printing the unix sockets in unix_show(), if the oldformat is detected, the peer_name member of the sockstat object is left uninitialized (NULL). For this reason, if a filter has been specified on the command line, a strcmp() will crash when trying to access it. Avoid crash by

[iproute2 1/2] ss: fix crash when skipping disabled header field

When the first header field is disabled (i.e. when passing the -t option), field_flush() is invoked with the `buffer` global variable still zero'd. However, in field_flush() we try to access buffer.cur->len during variables initialization, thus leading to a SIGSEGV. It's interesting to note that

Re: [PATCH 02/31] fs: add new vfs_poll and file_can_poll helpers

On Thu, Jan 04, 2018 at 09:00:14AM +0100, Christoph Hellwig wrote: > These abstract out calls to the poll method in preparation for changes to > those methods. FWIW, I would make vfs_poll() static inline __poll_t vfs_poll(struct file *file, struct poll_table_struct *pt) { if

Re: [patch net-next v6 00/11] net: sched: allow qdiscs to share filter block instances

On 1/6/18 11:02 AM, Jamal Hadi Salim wrote: > BTW: From your output, DavidA, i noticed something strange: > two flower filters with the same handle id 0x1 (different prios) > and also two filters with the same prio (but different handles). > I see one was added using :dev .." - how were the other

Re: [iproute2 2/2] ss: fix NULL pointer access when parsing unix sockets with oldformat

On Sun, 7 Jan 2018 02:31:50 +0800 Antonio Quartulli wrote: > When parsing and printing the unix sockets in unix_show(), > if the oldformat is detected, the peer_name member of the sockstat > object is left uninitialized (NULL). Luckily, it is initialized. I'd rather say:

Re: [PATCH 0/2] Ether fixes for the SolutionEngine771x boards

On 01/05/2018 06:54 PM, David Miller wrote: Here's the series of 2 patches against Linus' repo. This series should (hoplefully) fix the Ether support on the SolutionEngine771x boards... [1/2] SolutionEngine771x: fix Ether platform data [2/2] SolutionEngine771x: add Ether TSU resource Looks

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

On Sat, Jan 6, 2018 at 11:25 AM, Alexei Starovoitov wrote: > On Sat, Jan 06, 2018 at 10:54:27AM -0800, Dan Williams wrote: >> On Sat, Jan 6, 2018 at 10:39 AM, Alexei Starovoitov >> wrote: >> [..] >> >> retpoline is variant-2, this patch

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

On Sat, 6 Jan 2018, Alexei Starovoitov wrote: > On Sat, Jan 06, 2018 at 10:54:27AM -0800, Dan Williams wrote: > > On Sat, Jan 6, 2018 at 10:39 AM, Alexei Starovoitov > > wrote: > > [..] > > >> retpoline is variant-2, this patch series is about variant-1. > > > > > >

Re: [PATCH net] ipv6: remove null_entry before adding default route

On Sat, Jan 06, 2018 at 05:41:28PM -0800, Wei Wang wrote: > On Fri, Jan 5, 2018 at 11:42 PM, Martin KaFai Lau wrote: > > On Fri, Jan 05, 2018 at 05:38:35PM -0800, Wei Wang wrote: > >> From: Wei Wang > >> > >> In the current code, when creating a new fib6 table,

[PATCH v2 net-next] net: tracepoint: exposing sk_faimily in tracepoint inet_sock_set_state

As of now, there're two sk_family are traced with sock:inet_sock_set_state, which are AF_INET and AF_INET6. So the sk_family are exposed as well. Then we can conveniently use it to do the filter. Both sk_family and sk_protocol are showed in the printk message, so we need not expose them as

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

On Sat, Jan 06, 2018 at 11:05:07PM +, Alan Cox wrote: > > Even if it would be practical the speed probably going to be in bytes per > > second, > > so to read anything meaningful an attack detection techniques (that people > > are actively working on) will be able to catch it. > > At the end

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

On Sat, Jan 06, 2018 at 07:38:14PM -0800, Alexei Starovoitov wrote: > yep. plenty of unknowns and what's happening now is an overreaction. To be fair there's overreaction on both sides. The vast majority of users need to get a 100% safe system and will never notice any difference. A few of us

Re: [PATCH iproute2-next v1 3/9] rdma: Add filtering infrastructure

On Thu, Jan 04, 2018 at 08:29:31PM -0700, David Ahern wrote: > On 1/4/18 12:01 AM, Leon Romanovsky wrote: > > diff --git a/rdma/utils.c b/rdma/utils.c > > index af2b374d..446c23da 100644 > > --- a/rdma/utils.c > > +++ b/rdma/utils.c > > @@ -114,6 +114,225 @@ static void dev_map_cleanup(struct rd

Re: [PATCH net-next v3 00/10] net: qualcomm: rmnet: Enable csum offloads

From: Subash Abhinov Kasiviswanathan Date: Fri, 05 Jan 2018 18:05:23 -0700 > I dont see this series in patchwork. It's there, in state "Changes Requested" because you were given feedback on your patch series and you must address it. "Changes Requested" state patches do

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

On Sat, Jan 6, 2018 at 3:31 PM, Dan Williams wrote: > > I assume if we put this in uaccess_begin() we also need audit for > paths that use access_ok but don't do on to call uaccess_begin()? A > quick glance shows a few places where we are open coding the stac(). >

Re: [PATCH 06/18] x86, barrier: stop speculation for failed access_ok

From: Willy Tarreau Date: Sat, 6 Jan 2018 21:42:29 +0100 > On Sat, Jan 06, 2018 at 06:38:59PM +, Alan Cox wrote: >> Normally people who propose security fixes don't have to argue about the >> fact they added 30 clocks to avoid your box being 0wned. > > In fact it depends,

Re: [PATCH net] ipv6: remove null_entry before adding default route

On Fri, Jan 5, 2018 at 11:42 PM, Martin KaFai Lau wrote: > On Fri, Jan 05, 2018 at 05:38:35PM -0800, Wei Wang wrote: >> From: Wei Wang >> >> In the current code, when creating a new fib6 table, tb6_root.leaf gets >> initialized to net->ipv6.ip6_null_entry. >> If

Re: [PATCH] net: ipv4: Remove MTU check in IP_HDRINCL send flow

From: Yonatan Goldschmidt Date: Sun, 7 Jan 2018 01:26:48 +0200 > IP fragmentation can be performed as expected down the stack, without touching > irrelevant fields in the included header besides fragment offset, setting > IP_MF and header checksum. > If the included header

Re: [PATCH net-next v3 00/10] net: qualcomm: rmnet: Enable csum offloads

It's there, in state "Changes Requested" because you were given feedback on your patch series and you must address it. "Changes Requested" state patches do not show up in the default view, you must explicitly adjust the search criteria to see patches which are not in state which qualifies as

[RFC] memdup_user() and friends

After reviewing memdup_user() callers, I've found several places where it got completely unbounded values passed for size (up to 2Gb), as well as some bounded by ridiculously high values - e.g. if (size > 1024 * 128) /* sane value */ return -EINVAL;

  1   2   >