(trimmed off the batman/bpf Ccs)
On 2020-05-18 14:28, syzbot wrote:
syzbot has bisected this bug to:
commit 0d8dd67be013727ae57645ecd3ea2c36365d7da8
Author: Song Liu
Date: Wed Dec 6 22:45:14 2017 +
perf/headers: Sync new perf_event.h with the tools/include/uapi version
bisection l
On 23 August 2016 at 17:05, Joe Perches wrote:
> On Tue, 2016-08-23 at 07:21 -0700, Eric Dumazet wrote:
>> On Tue, 2016-08-23 at 14:41 +0100, Luis Henriques wrote:
>> > From: Avijit Kanti Das
>> >
>> > memset() the structure ethtool_wolinfo that has padded bytes
>> > but the padded bytes have not
' we would
have been calling lock_sock() and release_sock() on different sockets.
My conclusion is that these two lines are complete nonsense and only
serve to confuse the reader.
Signed-off-by: Vegard Nossum
---
net/irda/af_irda.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/net/ir
nnect(), irda_sendmsg(), and
irda_getsockopt() as far as I can tell at a glance. I'll start with
this patch to see if we're going in the right direction -- it does fix
the trinity problem for me, although I haven't tested any real IrDA
workloads.
Signed-off-by: Vegard Nossum
---
net/
undefined when called with an argument of 0, so
let's avoid the call and just fall back to ht->p.min_size (which should
never be smaller than HASH_MIN_SIZE).
Cc: Herbert Xu
Signed-off-by: Vegard Nossum
---
lib/rhashtable.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
Hi,
I didn't see this patch go in yet. Jon Maloy, ping?
Should this go through somebody else?
Vegard
On 07/23/2016 11:49 AM, Xue, Ying wrote:
Acked-by: Ying Xue
-Original Message-
From: Vegard Nossum [mailto:vegard.nos...@oracle.com]
Sent: Saturday, July 23, 2016 2:15 PM
To
ly reached from unprivileged userspace).
I have tested my patch with a reproducer.
Cc: sta...@vger.kernel.org
Signed-off-by: Vegard Nossum
---
net/irda/iriap.c | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/net/irda/iriap.c b/net/irda/iriap.c
index 4a7ae32a..1138eaf 100644
the one in commit
5fc382d875 ("net/sctp: terminate rhashtable walk correctly").
Cc: Xin Long
Cc: Herbert Xu
Cc: Eric W. Biederman
Cc: Marcelo Ricardo Leitner
Cc: sta...@vger.kernel.org
Signed-off-by: Vegard Nossum
---
net/sctp/proc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net
On 07/22/2016 01:12 PM, Vegard Nossum wrote:
The memory allocated by iov_iter_get_pages_alloc() can be allocated with
vmalloc() if kmalloc() failed -- see get_pages_array().
In that case we need to free it with vfree(), so let's use kvfree().
The bug manifests like this:
BUG: unable to h
On 07/27/2016 08:31 AM, Herbert Xu wrote:
On Wed, Jul 27, 2016 at 08:20:57AM +0200, Vegard Nossum wrote:
Here's another patch to remove that too.
I don't actually *use* this code myself and I feel the justification
I've given for removing the WARN to be a bit weak, so if you
On 07/27/2016 05:01 AM, Herbert Xu wrote:
On Wed, Jul 20, 2016 at 01:53:12PM +0200, Vegard Nossum wrote:
Just FYI I'm also running into the
// reset the timers here?
WARN(1, "Don't know what to do with soft policy expire\n");
in xfrm_add_pol_expire() from the same co
On 07/20/2016 02:15 PM, Steffen Klassert wrote:
On Wed, Jul 20, 2016 at 10:32:35AM +0200, Vegard Nossum wrote:
AFAICT this message is just printed whenever input validation fails.
This is a normal failure and we shouldn't be dumping the stack over it.
Looks like it was originally a printk
On 07/23/2016 03:39 PM, Marcelo Ricardo Leitner wrote:
On Sat, Jul 23, 2016 at 11:52:23AM +0200, Vegard Nossum wrote:
seq_read() can call ->start() twice on the same iterator more than once
(e.g. once through traverse() and once in seq_read() itself).
But when traverse() returns the error,
64+0x19c/0x410
[] return_from_SYSCALL_64+0x0/0x6a
[] 0x
(Notice that this is a subtly different stacktrace from the previous bug
I reported.)
Cc: Xin Long
Cc: Herbert Xu
Cc: Eric W. Biederman
Cc: sta...@vger.kernel.org
Signed-off-by: Vegard Nossum
---
net/sctp/proc.c | 1 +
1 file change
: f2dba9c6 ("rhashtable: Introduce rhashtable_walk_*")
Cc: Xin Long
Cc: Herbert Xu
Cc: sta...@vger.kernel.org
Signed-off-by: Vegard Nossum
---
net/sctp/socket.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 67154b8..7f5689a 100644
---
tipc_msg_create() callers.
Cc: sta...@vger.kernel.org
Signed-off-by: Vegard Nossum
---
net/tipc/socket.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index c49b8df..f9f5f3c 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -2180,7 +2
055b30 ]---
The problem is that irda_open_tsap() can fail and leave self->tsap = NULL,
and then irttp_connect_request() almost immediately dereferences it.
Cc: sta...@vger.kernel.org
Signed-off-by: Vegard Nossum
---
net/irda/af_irda.c | 7 +--
1 file changed, 5 insertions(+), 2 deletions
On 07/20/2016 10:32 AM, Vegard Nossum wrote:
AFAICT this message is just printed whenever input validation fails.
This is a normal failure and we shouldn't be dumping the stack over it.
Looks like it was originally a printk that was maybe incorrectly
upgraded to a WARN:
c
e802154_nl_get_dev() is doing. (Maybe we should even
be calling this directly?)
Cc: Lennert Buytenhek
Cc: Alexander Aring
Cc: Marcel Holtmann
Cc: Dmitry Eremin-Solenikov
Cc: Sergey Lapin
Signed-off-by: Vegard Nossum
---
net/ieee802154/nl-phy.c | 6 +-
1 file changed, 5 insertions(+), 1
ephen hemminger
Date: Wed May 12 06:37:06 2010 +
xfrm: add severity to printk
Cc: Stephen Hemminger
Signed-off-by: Vegard Nossum
---
net/xfrm/xfrm_user.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 4fb04ce..0b81bfc 1
On 07/09/2016 07:23 PM, Andy Gospodarek wrote:
On Sat, Jul 09, 2016 at 12:00:15PM +0300, Julian Anastasov wrote:
Vegard Nossum is reporting for a crash in fib_dump_info (fib_nhs==1)
when nh_dev = NULL. Problem happens when RTNH_F_LINKDOWN is
provided from user space for routes that do not use
net/ipv4/fib_semantics.c.
This fixes the softlockup for me.
Cc: Thomas Graf
Signed-off-by: Vegard Nossum
---
net/decnet/dn_fib.c | 21 -
1 file changed, 12 insertions(+), 9 deletions(-)
diff --git a/net/decnet/dn_fib.c b/net/decnet/dn_fib.c
index df48034..a796fc7 100644
--- a/ne
nly after we've processed the
first element and checking this before calling xfrm_state_walk_done().
Fixes: d3623099d3 ("ipsec: add support of limited SA dump")
Cc: Nicolas Dichtel
Cc: Steffen Klassert
Signed-off-by: Vegard Nossum
---
net/xfrm/xfrm_user.c | 6 +++---
1 file cha
On 07/04/2016 11:24 PM, Julian Anastasov wrote:
Hello,
On Mon, 4 Jul 2016, Vegard Nossum wrote:
Alright.
Thanks for the review! I can submit a new patch to only check the one
place above that actually crashed. Otherwise, if you think it's better
to go with your fc_flags sugge
On 07/04/2016 09:45 PM, Julian Anastasov wrote:
Hello,
On Mon, 4 Jul 2016, Vegard Nossum wrote:
struct fib_nh->nh_dev can be NULL, so we should check it before calling
__in_dev_get_rcu on it.
Multiple places seem to want this (and check the return value), so we can
add a convenie
On 07/04/2016 02:47 PM, Vegard Nossum wrote:
struct fib_nh->nh_dev can be NULL, so we should check it before calling
__in_dev_get_rcu on it.
That should say __in_dev_get_rtnl(), obviously.
Multiple places seem to want this (and check the return value), so we can
add a convenience wrap
the callers that need the NULL
guard.
Fixes: 0eeb075fad73 ("net: ipv4 sysctl option to ignore routes when nexthop
link is down")
Cc: Andy Gospodarek
Cc: Dinesh Dutt
Cc: Scott Feldman
Cc: David S. Miller
Signed-off-by: Vegard Nossum
---
include/linux/inetdevice.h | 7
If register_pernet_subsys() fails, we shouldn't try to call
unregister_pernet_subsys().
Fixes: 467fa15356 ("RDS-TCP: Support multiple RDS-TCP listen endpoints, one per
netns.")
Cc: sta...@vger.kernel.org
Cc: Sowmini Varadhan
Cc: David S. Miller
Signed-off-by: Vegard Nossum
---
fixed anyway.
To shield unsuspecting users from the possible DOS, we should mark this
BROKEN until somebody who actually uses this code can fix it.
Signed-off-by: Vegard Nossum
Link: https://lkml.org/lkml/2015/12/17/666
Cc: Eric Dumazet
Cc: Sasha Levin
Cc: David Miller
---
net/decnet/Kconfig | 1
vm_ioremap() is defined only when HAS_IOMEM is selected.
of_mdiobus_register() is defined only when OF_MDIO is selected.
Signed-off-by: Vegard Nossum
Cc: Florian Fainelli
Cc: netdev@vger.kernel.org
---
drivers/net/phy/Kconfig | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/phy/Kc
Hi all,
On latest linus/master I'm able to trigger the following KASAN warnings:
==
BUG: KASAN: out-of-bounds in filter_rcv+0xc3/0xa10 at addr 880014b4d680
Read of size 4 by task a.out/992
===
ointed-to memory
instead?
Anyway, this is a tentative patch that explains the issue and fixes
this particular problem -- dccp fuzzing now runs for minutes rather
than seconds before encountering a crash. I haven't tested any
real world workloads on this patch.
Signed-off-by: Vegard Nossum
Hi all,
I've been running into the following oops:
[ 1128.895622] BUG: unable to handle kernel NULL pointer dereference at
(null)
[ 1128.896010] IP: [< (null)>] (null)
[ 1128.896010] PGD 179ee067 PUD 189b1067 PMD 0
[ 1128.896010] Oops: 0010 [#1] PREEMPT SMP
[ 1128.
On 7 April 2014 at 21:18, David Miller wrote:
> From: Eric Dumazet
> Date: Sun, 06 Apr 2014 14:59:14 -0700
>
>> From: Eric Dumazet
>>
>> dnet_select_source() should make sure dn_ptr is not NULL.
>>
>> While looking at this decnet code, I believe I found a device
>> reference leak, lets fix it as
On 12/17/2015 02:01 AM, Eric Dumazet wrote:
On Wed, Dec 16, 2015 at 4:57 PM, Vegard Nossum wrote:
If you create a raw socket with a protocol of e.g. 0x1, then
inet_sk(sk)->inet_num will get set to 0 since it only has room for 16
bits. This causes problems further down the line as lots
_SYSCALL_64_fastpath+0x12/0x71
Code: Bad RIP value.
RIP [< (null)>] (null)
RSP
CR2:
---[ end trace bd60b4fe2edc2537 ]---
Signed-off-by: Vegard Nossum
Cc: Eric Dumazet
Cc:
---
net/ipv4/af_inet.c | 6 ++
1 file changed, 6 insertions(+
36 matches
Mail list logo
