On 02/23/2018 09:40 AM, Edward Cree wrote:
> Add in a new chain of parent states, which does not cross function-call
> boundaries, and check whether our current insn_idx appears anywhere in
> the chain. Since all jump targets have state-list marks (now placed
> by prepare_cfg_marks(), which
In preparation for optimized reception of zerocopy completion,
revert the Rx side changes introduced by Commit dfb8434b0a94
("selftests/net: add zerocopy support for PF_RDS test case")
Signed-off-by: Sowmini Varadhan
---
v2: prepare to remove sk_error_queue based
This commit is an optimization of the commit 01883eda72bd
("rds: support for zcopy completion notification") for PF_RDS sockets.
RDS applications are predominantly request-response transactions, so
it is more efficient to reduce the number of system calls and have
zerocopy completion notification
On 02/23/2018 09:41 AM, Edward Cree wrote:
> Where the register umin_value is increasing sufficiently fast, the loop
> will terminate after a reasonable number of iterations, so we can allow
> to keep walking it.
Continuing to walk the loop is problematic because we hit the complexity
limit.
Fri, Feb 23, 2018 at 11:22:36PM CET, losewe...@gmail.com wrote:
[...]
>>>
>>> No, that's not what I was talking about of course. I thought you
>>> mentioned the upgrade scenario this patch would like to address is to
>>> use the bypass interface "to take the place of the original virtio,
>>> and
On Thu, 22 Feb 2018 13:30:12 -0800
Alexander Duyck wrote:
> > Again, I undertand your motivation. Yet I don't like your solution.
> > But if the decision is made to do this in-driver bonding. I would like
> > to see it baing done some generic way:
> > 1) share the same
On Fri, Feb 23, 2018 at 3:27 PM, Cong Wang wrote:
> On Fri, Feb 23, 2018 at 11:00 AM, Randy Dunlap wrote:
>> [adding netdev]
>>
>> On 02/23/2018 08:05 AM, Khalid Aziz wrote:
>>> I am seeing a kernel panic with 4.16-rc1 and 4.16-rc2 kernels when
Hi Ilya,
On Mon, Sep 04, 2017 at 01:14:01PM +0300, Ilya Lesokhin wrote:
> The tls ulp overrides sk->prot with a new tls specific proto structs.
> The tls specific structs were previously based on the ipv4 specific
> tcp_prot sturct.
> As a result, attaching the tls ulp to an ipv6 tcp socket
Add a generic emit_mov_reg() helper in order to reuse it in BPF
multiplication to load the src into rax, we can save a few bytes
in alu32 while doing so.
Signed-off-by: Daniel Borkmann
---
arch/x86/net/bpf_jit_comp.c | 43 ---
1 file
Instead of unconditionally performing push/pop on rax/rdx
in case of multiplication, we can save a few bytes in case
of dest register being either BPF r0 (rax) or r3 (rdx)
since the result is written in there anyway.
Signed-off-by: Daniel Borkmann
---
While it's rather cumbersome to reduce prologue for cBPF->eBPF
migrations wrt spill/fill for r15 which is callee saved register
due to bpf_error path in bpf_jit.S that is both used by migrations
as well as native eBPF, we can still trivially save 5 bytes in
prologue for the former since tail calls
Add few test cases that check the rnu-time results under JIT.
Signed-off-by: Daniel Borkmann
---
tools/testing/selftests/bpf/test_verifier.c | 89 +
1 file changed, 89 insertions(+)
diff --git a/tools/testing/selftests/bpf/test_verifier.c
While analyzing some of the more complex BPF programs from Cilium,
I found that LLVM generally prefers to emit LD_IMM64 instead of MOV32
BPF instructions for loading unsigned 32-bit immediates into a
register. Given we cannot change the current/stable LLVM versions
that are already out there, lets
This patch improves few aspects of interrupt handling:
- update to current interrupt allocation API
(use pci_alloc_irq_vectors() instead of deprecated pci_enable_msi())
- this implicitly will allocate a MSI-X interrupt if available
- get rid of flag RTL_FEATURE_MSI
Last but not least it enables
PF_RDS sockets pass up cookies for zerocopy completion as ancillary
data. Update msg_zerocopy to reap this information.
Signed-off-by: Sowmini Varadhan
---
v2: receive zerocopy completion notification as POLLIN
tools/testing/selftests/net/msg_zerocopy.c | 60
On Fri, Feb 23, 2018 at 10:29:05PM +0100, Daniel Borkmann wrote:
> The requirements around atomic_add() / atomic64_add() resp. their
> JIT implementations differ across architectures. E.g. while x86_64
> seems just fine with BPF's xadd on unaligned memory, on arm64 it
> triggers via interpreter
On 2/22/18 6:02 AM, Serhey Popovych wrote:
> @@ -650,6 +658,9 @@ int iplink_parse(int argc, char **argv, struct iplink_req
> *req,
> bool drv = strcmp(*argv, "xdpdrv") == 0;
> bool offload = strcmp(*argv, "xdpoffload") == 0;
>
> +
Couple of minor improvements to the x64 JIT I had still around from
pre merge window in order to shrink the image size further. Added
test cases for kselftests too as well as running Cilium workloads on
them w/o issues.
Thanks!
Daniel Borkmann (6):
bpf, x64: save one byte per shl/shr/sar when
When we shift by one, we can use a different encoding where imm
is not explicitly needed, which saves 1 byte per such op.
Signed-off-by: Daniel Borkmann
---
arch/x86/net/bpf_jit_comp.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git
On Fri, Feb 23, 2018 at 2:38 PM, Jiri Pirko wrote:
> Fri, Feb 23, 2018 at 11:22:36PM CET, losewe...@gmail.com wrote:
>
> [...]
>
No, that's not what I was talking about of course. I thought you
mentioned the upgrade scenario this patch would like to address is to
The requirements around atomic_add() / atomic64_add() resp. their
JIT implementations differ across architectures. E.g. while x86_64
seems just fine with BPF's xadd on unaligned memory, on arm64 it
triggers via interpreter but also JIT the following crash:
[ 830.864985] Unable to handle kernel
Hi Florian,
Thanks for your review. I have the following questions/comments.
> On 02/21/2018 11:06 AM, Bryan Whitehead wrote:
> > Add main source files for new lan743x driver.
> >
> > Signed-off-by: Bryan Whitehead
> > ---
>
> > +lan743x-objs := lan743x_main.o
>
On Fri, Feb 23, 2018 at 11:00 AM, Randy Dunlap wrote:
> [adding netdev]
>
> On 02/23/2018 08:05 AM, Khalid Aziz wrote:
>> I am seeing a kernel panic with 4.16-rc1 and 4.16-rc2 kernels when running
>> selftests
>> from tools/testing/selftests. Last messages from selftest
[add Matthew Wilcox; hopefully he can look/see]
On 02/23/2018 04:13 PM, Cong Wang wrote:
> On Fri, Feb 23, 2018 at 3:27 PM, Cong Wang wrote:
>> On Fri, Feb 23, 2018 at 11:00 AM, Randy Dunlap wrote:
>>> [adding netdev]
>>>
>>> On 02/23/2018 08:05
On Wed, Feb 21, 2018 at 6:35 PM, Samudrala, Sridhar
wrote:
> On 2/21/2018 5:59 PM, Siwei Liu wrote:
>>
>> On Wed, Feb 21, 2018 at 4:17 PM, Alexander Duyck
>> wrote:
>>>
>>> On Wed, Feb 21, 2018 at 3:50 PM, Siwei Liu
(pruned to reduce thread)
On Wed, 21 Feb 2018 16:17:19 -0800
Alexander Duyck wrote:
> >>> FWIW two solutions that immediately come to mind is to export "backup"
> >>> as phys_port_name of the backup virtio link and/or assign a name to the
> >>> master like you are
Because the order of the parameters passes to 'hlist_add_behind()' was
inverted, the 'parent' node was added "behind" the 'input', as input
is not in the list, this causes the 'input' node to be lost.
Fixes: 0e71def25281 ("igb: add support of RX network flow classification")
Signed-off-by:
Makes it possible to direct packets to queues based on their source
address. Documents the expected usage of the 'flags' parameter.
Signed-off-by: Vinicius Costa Gomes
---
drivers/net/ethernet/intel/igb/e1000_defines.h | 1 +
drivers/net/ethernet/intel/igb/igb.h
On February 23, 2018 5:20:35 PM PST, Vinicius Costa Gomes
wrote:
>This allows filters added by tc-flower and specifying MAC addresses,
>Ethernet types, and the VLAN priority field, to be offloaded to the
>controller.
>
>This reuses most of the infrastructure used by
RDS applications use predominantly request-response, transacation
based IPC, so that ingress and egress traffic are well-balanced,
and it is possible/desirable to reduce system-call overhead by
piggybacking the notifications for zerocopy completion response
with data.
Moreover, it has been
This adds the capability of configuring the queue steering of arriving
packets based on their source and destination MAC addresses.
In practical terms this adds support for the following use cases,
characterized by these examples:
$ ethtool -N eth0 flow-type ether dst aa:aa:aa:aa:aa:aa action 0
This allows filters added by tc-flower and specifying MAC addresses,
Ethernet types, and the VLAN priority field, to be offloaded to the
controller.
This reuses most of the infrastructure used by ethtool, ethtool can be
used to read these filters, but modification and deletion can only be
done
This will allow functionality depending on the hardware being traffic
class aware to work. In particular the tc-flower offloading checks
verifies that this bit is set.
Signed-off-by: Vinicius Costa Gomes
---
drivers/net/ethernet/intel/igb/igb_main.c | 6 --
1 file
On the RAH registers there are semantic differences on the meaning of
the "queue" parameter for traffic steering depending on the controller
model: there is the 82575 meaning, which "queue" means a RX Hardware
Queue, and the i350 meaning, where it is a reception pool.
The previous behaviour was
Hi,
This series enables some ethtool and tc-flower filters to be offloaded
to igb-based network controllers. This is useful when the system
configurator want to steer kinds of traffic to a specific hardware
queue.
The first two commits are bug fixes.
The basis of this series is to export the
This allows tc-flower filters that were offloaded to be removed.
Signed-off-by: Vinicius Costa Gomes
---
drivers/net/ethernet/intel/igb/igb_main.c | 32 ++-
1 file changed, 31 insertions(+), 1 deletion(-)
diff --git
This adds basic functions needed to implement offloading for filters
created by tc-flower.
Signed-off-by: Vinicius Costa Gomes
---
drivers/net/ethernet/intel/igb/igb_main.c | 66 +++
1 file changed, 66 insertions(+)
diff --git
Heiner Kallweit :
[...]
> Last but not least it enables a feature which was (I presume accidently)
> disabled before. There are members of the RTL8169 family supporting MSI
> (e.g. RTL8169SB), however MSI never got enabled because RTL_CFG_0 was
> missing flag
On Sat, Feb 24, 2018 at 01:49:35AM +, Chris Mi wrote:
> To verify this patch, the following is a sanity test case:
>
> # tc qdisc delete dev $link ingress > /dev/null 2>&1;
> # tc qdisc add dev $link ingress;
> # tc filter add dev $link prio 1 protocol ip handle 0x8001 parent :
>
On Fri, Feb 23, 2018 at 11:11:50AM -0500, Paul Moore wrote:
> On Thu, Feb 22, 2018 at 9:40 PM, Marcelo Ricardo Leitner
> wrote:
> > On Thu, Feb 22, 2018 at 06:08:05PM -0500, Paul Moore wrote:
> >> On Wed, Feb 21, 2018 at 3:45 PM, Paul Moore wrote:
> Ok, but it seems to me that what I have is an example of "specific book
> keeping
> private information". Can you clarify the style you prefer?
>
> In cases of allocation where I can just compare a pointer to null, I can
> easily remove
> the flags. But in other cases I need a record of which
This reverts commit 762c330d670e3d4b795cf7a8d761866fdd1eef49. The
reason is we try to batch packets for devmap which causes calling
xdp_do_flush() in the process context. Simply disabling preemption
may not work since process may move among processors which lead
xdp_do_flush() to miss some flushes
We don't flush batched XDP packets through xdp_do_flush_map(), this
will cause packets stall at TX queue. Consider we don't do XDP on NAPI
poll(), the only possible fix is to call xdp_do_flush_map()
immediately after xdp_do_redirect().
Note, this in fact won't try to batch packets through devmap,
Except for tuntap, all other drivers' XDP was implemented at NAPI
poll() routine in a bh. This guarantees all XDP operation were done at
the same CPU which is required by e.g BFP_MAP_TYPE_PERCPU_ARRAY. But
for tuntap, we do it in process context and we try to protect XDP
processing by RCU reader
On February 23, 2018 5:20:33 PM PST, Vinicius Costa Gomes
wrote:
>This adds the capability of configuring the queue steering of arriving
>packets based on their source and destination MAC addresses.
>
>In practical terms this adds support for the following use cases,
On Fri, Feb 23, 2018 Randy Dunlap wrote:
> [add Matthew Wilcox; hopefully he can look/see]
Thanks, Randy. I don't understand why nobody else thought to cc the
author of the patch that it was bisected to ...
> On 02/23/2018 04:13 PM, Cong Wang wrote:
> > On Fri, Feb 23, 2018 at 3:27 PM, Cong
On February 23, 2018 5:20:36 PM PST, Vinicius Costa Gomes
wrote:
>This allows tc-flower filters that were offloaded to be removed.
This should be squashed into your previous patch, either the functionality is
there and you can add/remove or it is not.
--
Florian
> -Original Message-
> From: Matthew Wilcox [mailto:wi...@infradead.org]
> Sent: Saturday, February 24, 2018 9:15 AM
> To: Cong Wang ; Khalid Aziz
> ; linux-ker...@vger.kernel.org;
> netdev@vger.kernel.org
> Cc: Chris Mi
Just FYI...
Somewhere back around 3.17 the kmem cache "tcp_bind_bucket" dropped out
of /proc/slabinfo. It turns out the ss command was dumpster diving
in slabinfo to determine the number of bound sockets and now it always
reports 0.
Not sure why, the cache is still created but it doesn't
show in slabinfo.
On Sat, Feb 24, 2018 at 01:07:57AM +0100, Daniel Borkmann wrote:
> Couple of minor improvements to the x64 JIT I had still around from
> pre merge window in order to shrink the image size further. Added
> test cases for kselftests too as well as running Cilium workloads on
> them w/o issues.
> From: Intel-wired-lan [mailto:intel-wired-lan-boun...@osuosl.org] On
> Behalf Of Benjamin Poirier
> Sent: Monday, February 19, 2018 10:12 PM
> To: Kirsher, Jeffrey T
> Cc: netdev@vger.kernel.org; intel-wired-...@lists.osuosl.org; linux-
> ker...@vger.kernel.org
>
Do a better job with error handling - in pre- and post-suite,
in pre- and post-case. Show a traceback for errors.
Signed-off-by: Brenda J. Butler
---
tools/testing/selftests/tc-testing/tdc.py | 84 +--
1 file changed, 70 insertions(+), 14
This patch set contains a bit of cleanup and better error reporting,
esp. in pre- and post-suite, and pre- and post-case commands.
Brenda J. Butler (2):
tools: tc-testing: Fix indentation
tools: tc-testing: better error reporting
tools/testing/selftests/tc-testing/tdc.py | 88
From: Colin Ian King
The function xenvif_rx_skb is local to the source and does not need
to be in global scope, so make it static.
Cleans up sparse warning:
drivers/net/xen-netback/rx.c:422:6: warning: symbol 'xenvif_rx_skb'
was not declared. Should it be static?
Signed-off-by: Brenda J. Butler
---
tools/testing/selftests/tc-testing/tdc.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/testing/selftests/tc-testing/tdc.py
b/tools/testing/selftests/tc-testing/tdc.py
index b3754b9aa302..ab28373dccd7 100755
From: Andy Spencer
Date: Thu, 22 Feb 2018 11:05:33 -0800
> Previously, buffer descriptors containing only the frame check sequence
> (FCS) were skipped and not added to the skb. However, the page reference
> count was still incremented, leading to a memory leak.
>
> Fixing
From: Heiner Kallweit
Date: Thu, 22 Feb 2018 21:22:40 +0100
> Currently, if BIOS enables WOL in the chip, settings are inconsistent
> because the device isn't marked as wakeup-enabled (if not done
> explicitly via userspace tools). This causes issues with suspend/
> resume
From: Heiner Kallweit
Date: Thu, 22 Feb 2018 21:37:48 +0100
> r8168_check_dash() returns false anyway for all chip versions not
> supporting dash. So we can simplify the check conditions.
>
> In addition change the check functions to return bool instead of int,
> because
On 02/23/18 04:58 PM, Atul Gupta wrote:
> > On 02/22/18 11:21 PM, Atul Gupta wrote:
> > > @@ -403,6 +431,15 @@ static int do_tls_setsockopt_tx(struct sock *sk,
> > > char __user *optval,
> > > goto err_crypto_info;
> > > }
> > >
> > > + rc = tls_offload_dev_absent(sk);
> > > + if
Where the register umin_value is increasing sufficiently fast, the loop
will terminate after a reasonable number of iterations, so we can allow
to keep walking it.
The semantics of prev_insn_idx are changed slightly: it now always refers
to the last jump insn walked, even when that jump was not
Mainly consists of tests that broke (or I expected to break) earlier
versions of the bounded-loop handling.
Also updated some existing tests to deal with changed error messages,
programs now being accepted etc.
Signed-off-by: Edward Cree
---
Add in a new chain of parent states, which does not cross function-call
boundaries, and check whether our current insn_idx appears anywhere in
the chain. Since all jump targets have state-list marks (now placed
by prepare_cfg_marks(), which replaces check_cfg()), it suffices to
thread this
If a conditional branch would produce an inconsistent set of bounds (e.g.
umin_value > umax_value) on one leg, then that leg cannot actually happen
so we don't need to walk it.
This will necessary for bounded loop support so that we stop walking round
the loop once the termination condition is
l2tp_tunnel_get walks the tunnel list to find a matching tunnel
instance and if a match is found, its refcount is increased before
returning the tunnel pointer. But when tunnel objects are destroyed,
they are on the tunnel list after their refcount hits zero. Fix this
by moving the code that
Greetings,
We found that ICMP destination unreachable isn't sent if VRF
forwarding isn't configured, i.e.
/proc/sys/net/ipv4/conf//forwarding isn't set. The
relevant code is:
static int ip_error(struct sk_buff *skb)
{
...
// in_dev is the vrf net_device
if
1) Fix TTL offset calculation in mac80211 mesh code, from Peter Oh.
2) Fix races with procfs in ipt_CLUSTERIP, from Cong Wang.
3) Memory leak fix in lpm_trie BPF map code, from Yonghong Song.
4) Need to use GFP_ATOMIC in BPF cpumap allocations, from Jason Wang.
5) Fix potential deadlocks in
-Original Message-
From: Dave Watson [mailto:davejwat...@fb.com]
Sent: Friday, February 23, 2018 9:53 PM
To: Atul Gupta
Cc: da...@davemloft.net; herb...@gondor.apana.org.au; s...@queasysnail.net;
linux-cry...@vger.kernel.org; netdev@vger.kernel.org; Ganesh GR
Hi David,
I love your patch! Yet something to improve:
[auto build test ERROR on net-next/master]
url:
https://github.com/0day-ci/linux/commits/David-Ahern/net-ipv6-Add-support-for-path-selection-using-hash-of-5-tuple/20180222-222437
config: x86_64-randconfig-u0-02240002 (attached as
From: Sowmini Varadhan
Date: Thu, 22 Feb 2018 13:40:27 -0800
> if either or both of MSG_ZEROCOPY and SOCK_ZEROCOPY have not been
> specified, the rm->data.op_mmp_znotifier allocation will be skipped.
> In this case, it is invalid ot pass down a cmsghdr with
>
From: Andrew Lunn
Date: Thu, 22 Feb 2018 22:58:31 +0100
> Not all boards using the mv88e6xxx switches have the interrupt output
> connected to a GPIO. On these boards phylib has to poll the PHYs,
> rather than use interrupts. Have the driver poll the interrupt status
> register,
The main object of this patch series is to support verification of eBPF
programs with bounded loops. Only bounds derived from JLT (unsigned <)
with the taken branch in the loop are supported, but it should be clear
how others could be added.
Testing of these changes has consisted only of
---
tools/testing/selftests/tc-testing/tdc.py | 2 +-
tools/testing/selftests/tc-testing/tdc_batch.py | 8
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/tools/testing/selftests/tc-testing/tdc.py
b/tools/testing/selftests/tc-testing/tdc.py
index
By giving each register its own liveness chain, we elide the skip_callee()
logic. Instead, each register's parent is the state it inherits from;
both check_func_call() and prepare_func_exit() automatically connect
reg states to the correct chain since when they copy the reg state across
This means each entry in the parentage chain can have its insn identified,
which will help to support bounded-loop handling later.
Signed-off-by: Edward Cree
---
include/linux/bpf_verifier.h | 6 --
kernel/bpf/verifier.c| 22 +++---
2 files
Error messages for some bad programs have changed, partly because we now
check for loops / out-of-bounds jumps before checking subprogs.
Problematic selftests:
513 calls: wrong recursive calls
This is now rejected with 'unreachable insn 1'. I'm not entirely sure what
it was meant to do/test,
My previous version just checked that every insn could be jumped to from
somewhere, which meant that the program could contain multiple connected
components. Instead let's do a flood-fill of the insns set to ensure all
insns are actually reachable from the entry point. Since this involves
Slight change to message when execution can run off the end of the program.
Signed-off-by: Edward Cree
---
tools/testing/selftests/bpf/test_verifier.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/bpf/test_verifier.c
From: Eric Dumazet
Date: Thu, 22 Feb 2018 19:45:27 -0800
> From: Eric Dumazet
>
> pfifo_fast got percpu stats lately, uncovering a bug I introduced last
> year in linux-4.10.
>
> I missed the fact that we have to clear our temporary storage
>
From: Ganesh Goudar
Date: Fri, 23 Feb 2018 20:36:53 +0530
> @@ -92,6 +92,18 @@ module_param(msi, int, 0644);
> MODULE_PARM_DESC(msi, "whether to use MSI-X or MSI");
>
> /*
> + * Logic controls.
> + * ===
> + */
> +
> +/* The Virtual Interfaces are connected
From: Willem de Bruijn
Date: Fri, 23 Feb 2018 11:56:20 -0500
> From: Willem de Bruijn
>
> The packet fanout test generates UDP traffic and reads this with
> a pair of packet sockets, testing the various fanout algorithms.
>
> Avoid
Sorry, this is still not submitted in an acceptable way.
Please read the documents I pointed you too, look at how other people
submit patches on this list, and submit it properly.
Thank you.
From: Johannes Berg
Date: Fri, 23 Feb 2018 12:29:39 +0100
> On Thu, 2018-02-22 at 15:19 -0500, David Miller wrote:
>>
>> Pulled, thank you!
>
> Thanks. I just realized that I have a patch pending for -next that
> depends another commit in net/mac80211 (or would
---
tools/testing/selftests/tc-testing/tdc.py | 2 +-
tools/testing/selftests/tc-testing/tdc_batch.py | 8
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/tools/testing/selftests/tc-testing/tdc.py
b/tools/testing/selftests/tc-testing/tdc.py
index
From: Arnd Bergmann
Date: Thu, 22 Feb 2018 17:56:12 +0100
> I expect to do the same for gcc-8. Most of the fixes are trivial
> anyway, and some of them fix actual bugs that would otherwise get
> missed.
It does make the code easier to understand and you can more directly
see what
On Mon, 19 Feb 2018 17:13:06 +0100
Timothy Redaelli wrote:
> Prevent a double space in "bridge mdb show" when the MDB entry is not
> marked as "offload".
>
> Signed-off-by: Timothy Redaelli
Applied.
In iproute2-next printout has changed in this
On Fri, Feb 23, 2018 at 11:13 AM, Andrew Lunn wrote:
> On Fri, Feb 23, 2018 at 10:51:32AM -0500, Brenda J. Butler wrote:
>> Fix indentation and add editor backup files to .gitignore
>>
>> Signed-off-by: Brenda J. Butler
>> ---
>>
From: Alexei Starovoitov
Date: Thu, 22 Feb 2018 16:50:43 -0800
> The following pull-request contains BPF updates for your *net* tree.
>
> The main changes are:
>
> 1) two urgent fixes for bpf_tail_call logic for x64 and arm64 JITs, from
> Daniel.
>
> 2) cond_resched points
Removes a couple of passes from the verifier, one to check subprogs don't
overlap etc., and one to compute max stack depth (which now is done by
topologically sorting the call graph).
Signed-off-by: Edward Cree
---
As noted in the cover letter, I haven't yet integrated
On Fri, Feb 23, 2018 at 05:16:57PM +, Colin King wrote:
> From: Colin Ian King
>
> The function xenvif_rx_skb is local to the source and does not need
> to be in global scope, so make it static.
>
> Cleans up sparse warning:
> drivers/net/xen-netback/rx.c:422:6:
By reference-counting how many children of an explored_state are still
being walked, we can avoid pruning based on a state that's in our own
history (and thus hasn't reached an exit yet) without a persistent mark
that prevents other, later branches from being pruned against it when
it _has_
Computing min_frame in find_loop and using it to detect recursion means we
don't need to play games with per-frame parent pointers, and can instead
have a single parent pointer in the verifier_state.
Signed-off-by: Edward Cree
---
include/linux/bpf_verifier.h | 12
Previously, if a tunnel was closed, we called inet_shutdown to mark
the socket as unconnected such that userspace would get errors and
then close the socket. This could race with userspace closing the
socket. Instead, leave userspace to close the socket in its own time
(our tunnel will be detached
Previously, if a ppp session was closed, we called inet_shutdown to mark
the socket as unconnected such that userspace would get errors and
then close the socket. This could race with userspace closing the
socket. Instead, leave userspace to close the socket in its own time
(our session will be
pppol2tp_release uses call_rcu to put the final ref on its socket. But
the session object doesn't hold a ref on the session socket so may be
freed while the pppol2tp_put_sk RCU callback is scheduled. Fix this by
having the session hold a ref on its socket until the session is
destroyed. It is this
This patch series addresses several races with L2TP APIs discovered by
syzbot. There are no functional changes.
The set of patches 1-5 in combination fix the following syzbot reports.
19c09769f WARNING in debug_print_object
347bd5acd KASAN: use-after-free Read in inet_shutdown
6e6a5ec8d general
The tunnel socket tunnel->sock (struct sock) is accessed when
preparing a new ppp session on a tunnel at pppol2tp_session_init. If
the socket is closed by a thread while another is creating a new
session, the threads race. In pppol2tp_connect, the tunnel object may
be created if the pppol2tp
From: Colin King
Date: Fri, 23 Feb 2018 12:22:52 +
> From: Colin Ian King
>
> Zero is being bit-wise or'd in a calculation twice; these are redundant
> and can be removed.
>
> Signed-off-by: Colin Ian King
From: Yafang Shao
Date: Fri, 23 Feb 2018 14:58:41 +0800
> sk is already allocated in inet_create/inet6_create, hence when
> BPF_CGROUP_RUN_PROG_INET_SOCK is executed sk will never be NULL.
>
> The logic is as bellow,
> sk = sk_alloc();
> if (!sk)
>
I am Ms.Ella Golan, I am the Executive Vice President Banking Division with
FIRST INTERNATIONAL BANK OF ISRAEL LTD (FIBI). I am getting in touch with you
regarding an extremely important and urgent matter. If you would oblige me the
opportunity, I shall provide you with details upon your
1 - 100 of 164 matches
Mail list logo