_SYSCALL_64_fastpath+0x12/0x71
Code: Bad RIP value.
RIP [< (null)>] (null)
RSP
CR2:
---[ end trace bd60b4fe2edc2537 ]---
Signed-off-by: Vegard Nossum <vegard.nos...@oracle.com>
Cc: Eric Dumazet <eduma...@google.com>
Cc: <
On 12/17/2015 02:01 AM, Eric Dumazet wrote:
On Wed, Dec 16, 2015 at 4:57 PM, Vegard Nossum <vegard.nos...@oracle.com> wrote:
If you create a raw socket with a protocol of e.g. 0x1, then
inet_sk(sk)->inet_num will get set to 0 since it only has room for 16
bits. This causes problem
On 7 April 2014 at 21:18, David Miller wrote:
> From: Eric Dumazet
> Date: Sun, 06 Apr 2014 14:59:14 -0700
>
>> From: Eric Dumazet
>>
>> dnet_select_source() should make sure dn_ptr is not NULL.
>>
>> While looking at this decnet
() is defined only when HAS_IOMEM is selected.
of_mdiobus_register() is defined only when OF_MDIO is selected.
Signed-off-by: Vegard Nossum <vegard.nos...@oracle.com>
Cc: Florian Fainelli <f.faine...@gmail.com>
Cc: netdev@vger.kernel.org
---
drivers/net/phy/Kconfig | 2 ++
1 file changed,
Hi all,
On latest linus/master I'm able to trigger the following KASAN warnings:
==
BUG: KASAN: out-of-bounds in filter_rcv+0xc3/0xa10 at addr 880014b4d680
Read of size 4 by task a.out/992
Hi all,
I've been running into the following oops:
[ 1128.895622] BUG: unable to handle kernel NULL pointer dereference at
(null)
[ 1128.896010] IP: [< (null)>] (null)
[ 1128.896010] PGD 179ee067 PUD 189b1067 PMD 0
[ 1128.896010] Oops: 0010 [#1] PREEMPT SMP
[
y
instead?
Anyway, this is a tentative patch that explains the issue and fixes
this particular problem -- dccp fuzzing now runs for minutes rather
than seconds before encountering a crash. I haven't tested any
real world workloads on this patch.
Signed-off-by: Vegard Nossum <vegard.nos..
it fixed anyway.
To shield unsuspecting users from the possible DOS, we should mark this
BROKEN until somebody who actually uses this code can fix it.
Signed-off-by: Vegard Nossum <vegard.nos...@oracle.com>
Link: https://lkml.org/lkml/2015/12/17/666
Cc: Eric Dumazet <eric.duma...@gmail.com&g
On 07/20/2016 02:15 PM, Steffen Klassert wrote:
On Wed, Jul 20, 2016 at 10:32:35AM +0200, Vegard Nossum wrote:
AFAICT this message is just printed whenever input validation fails.
This is a normal failure and we shouldn't be dumping the stack over it.
Looks like it was originally a printk
On 07/27/2016 08:31 AM, Herbert Xu wrote:
On Wed, Jul 27, 2016 at 08:20:57AM +0200, Vegard Nossum wrote:
Here's another patch to remove that too.
I don't actually *use* this code myself and I feel the justification
I've given for removing the WARN to be a bit weak, so if you don't take
On 07/27/2016 05:01 AM, Herbert Xu wrote:
On Wed, Jul 20, 2016 at 01:53:12PM +0200, Vegard Nossum wrote:
Just FYI I'm also running into the
// reset the timers here?
WARN(1, "Don't know what to do with soft policy expire\n");
in xfrm_add_pol_expire() from the same commit, but
055b30 ]---
The problem is that irda_open_tsap() can fail and leave self->tsap = NULL,
and then irttp_connect_request() almost immediately dereferences it.
Cc: sta...@vger.kernel.org
Signed-off-by: Vegard Nossum <vegard.nos...@oracle.com>
---
net/irda/af_irda.c | 7 +--
1 file change
: f2dba9c6 ("rhashtable: Introduce rhashtable_walk_*")
Cc: Xin Long <lucien@gmail.com>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: sta...@vger.kernel.org
Signed-off-by: Vegard Nossum <vegard.nos...@oracle.com>
---
net/sctp/socket.c | 1 +
1 file changed, 1 insertio
create() callers.
Cc: sta...@vger.kernel.org
Signed-off-by: Vegard Nossum <vegard.nos...@oracle.com>
---
net/tipc/socket.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index c49b8df..f9f5f3c 100644
--- a/net/tipc/socket.c
+++ b/net/t
On 07/22/2016 01:12 PM, Vegard Nossum wrote:
The memory allocated by iov_iter_get_pages_alloc() can be allocated with
vmalloc() if kmalloc() failed -- see get_pages_array().
In that case we need to free it with vfree(), so let's use kvfree().
The bug manifests like this:
BUG: unable to handle
ged userspace).
I have tested my patch with a reproducer.
Cc: sta...@vger.kernel.org
Signed-off-by: Vegard Nossum <vegard.nos...@oracle.com>
---
net/irda/iriap.c | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/net/irda/iriap.c b/net/irda/iriap.c
index 4a7ae32a..1138e
c382d875 ("net/sctp: terminate rhashtable walk correctly").
Cc: Xin Long <lucien@gmail.com>
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Cc: Eric W. Biederman <ebied...@xmission.com>
Cc: Marcelo Ricardo Leitner <marcelo.leit...@gmail.com>
Cc: sta...@vger.kernel.org
Hi,
I didn't see this patch go in yet. Jon Maloy, ping?
Should this go through somebody else?
Vegard
On 07/23/2016 11:49 AM, Xue, Ying wrote:
Acked-by: Ying Xue <ying@windriver.com>
-Original Message-
From: Vegard Nossum [mailto:vegard.nos...@oracle.com]
Sent: Saturday, J
when called with an argument of 0, so
let's avoid the call and just fall back to ht->p.min_size (which should
never be smaller than HASH_MIN_SIZE).
Cc: Herbert Xu <herb...@gondor.apana.org.au>
Signed-off-by: Vegard Nossum <vegard.nos...@oracle.com>
---
lib/rhashtable.c | 6 --
is doing. (Maybe we should even
be calling this directly?)
Cc: Lennert Buytenhek <buyt...@wantstofly.org>
Cc: Alexander Aring <alex.ar...@gmail.com>
Cc: Marcel Holtmann <mar...@holtmann.org>
Cc: Dmitry Eremin-Solenikov <dbarysh...@gmail.com>
Cc: Sergey Lapin <sla...@ossfa
hemminger <shemmin...@vyatta.com>
Date: Wed May 12 06:37:06 2010 +
xfrm: add severity to printk
Cc: Stephen Hemminger <step...@networkplumber.org>
Signed-off-by: Vegard Nossum <vegard.nos...@oracle.com>
---
net/xfrm/xfrm_user.c | 2 +-
1 file changed, 1 insertion(+), 1 delet
On 07/20/2016 10:32 AM, Vegard Nossum wrote:
AFAICT this message is just printed whenever input validation fails.
This is a normal failure and we shouldn't be dumping the stack over it.
Looks like it was originally a printk that was maybe incorrectly
upgraded to a WARN:
commit
On 07/04/2016 11:24 PM, Julian Anastasov wrote:
Hello,
On Mon, 4 Jul 2016, Vegard Nossum wrote:
Alright.
Thanks for the review! I can submit a new patch to only check the one
place above that actually crashed. Otherwise, if you think it's better
to go with your fc_flags suggestion
nly after we've processed the
first element and checking this before calling xfrm_state_walk_done().
Fixes: d3623099d3 ("ipsec: add support of limited SA dump")
Cc: Nicolas Dichtel <nicolas.dich...@6wind.com>
Cc: Steffen Klassert <steffen.klass...@secunet.com>
Signed-off-by:
pv4/fib_semantics.c.
This fixes the softlockup for me.
Cc: Thomas Graf <tg...@suug.ch>
Signed-off-by: Vegard Nossum <vegard.nos...@oracle.com>
---
net/decnet/dn_fib.c | 21 -
1 file changed, 12 insertions(+), 9 deletions(-)
diff --git a/net/decnet/dn_fib.c b/net/decnet
On 07/09/2016 07:23 PM, Andy Gospodarek wrote:
On Sat, Jul 09, 2016 at 12:00:15PM +0300, Julian Anastasov wrote:
Vegard Nossum is reporting for a crash in fib_dump_info (fib_nhs==1)
when nh_dev = NULL. Problem happens when RTNH_F_LINKDOWN is
provided from user space for routes that do not use
On 07/04/2016 02:47 PM, Vegard Nossum wrote:
struct fib_nh->nh_dev can be NULL, so we should check it before calling
__in_dev_get_rcu on it.
That should say __in_dev_get_rtnl(), obviously.
Multiple places seem to want this (and check the return value), so we can
add a convenience wrap
On 07/04/2016 09:45 PM, Julian Anastasov wrote:
Hello,
On Mon, 4 Jul 2016, Vegard Nossum wrote:
struct fib_nh->nh_dev can be NULL, so we should check it before calling
__in_dev_get_rcu on it.
Multiple places seem to want this (and check the return value), so we can
add a convenie
@vger.kernel.org
Signed-off-by: Vegard Nossum <vegard.nos...@oracle.com>
---
net/sctp/proc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/sctp/proc.c b/net/sctp/proc.c
index 4cb5aed..ef8ba77 100644
--- a/net/sctp/proc.c
+++ b/net/sctp/proc.c
@@ -293,6 +293,7 @@ static void *sctp_tr
On 07/23/2016 03:39 PM, Marcelo Ricardo Leitner wrote:
On Sat, Jul 23, 2016 at 11:52:23AM +0200, Vegard Nossum wrote:
seq_read() can call ->start() twice on the same iterator more than once
(e.g. once through traverse() and once in seq_read() itself).
But when traverse() returns the er
da...@davemloft.net>
Signed-off-by: Vegard Nossum <vegard.nos...@oracle.com>
---
net/rds/tcp.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/net/rds/tcp.c b/net/rds/tcp.c
index 74ee126..c8a7b4c 100644
--- a/net/rds/tcp.c
+++ b/net/rds/tcp.c
@@ -616,7 +616,7 @@
S. Miller <da...@davemloft.net>
Signed-off-by: Vegard Nossum <vegard.nos...@oracle.com>
---
include/linux/inetdevice.h | 7 +++
net/ipv4/fib_semantics.c | 8
2 files changed, 11 insertions(+), 4 deletions(-)
diff --git a/include/linux/inetdevice.h b/include/linux
connect(), irda_sendmsg(), and
irda_getsockopt() as far as I can tell at a glance. I'll start with
this patch to see if we're going in the right direction -- it does fix
the trinity problem for me, although I haven't tested any real IrDA
workloads.
Signed-off-by: Vegard Nossum <vegard.nos...@oracle.co
ing lock_sock() and release_sock() on different sockets.
My conclusion is that these two lines are complete nonsense and only
serve to confuse the reader.
Signed-off-by: Vegard Nossum <vegard.nos...@oracle.com>
---
net/irda/af_irda.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/net/irda/
On 23 August 2016 at 17:05, Joe Perches wrote:
> On Tue, 2016-08-23 at 07:21 -0700, Eric Dumazet wrote:
>> On Tue, 2016-08-23 at 14:41 +0100, Luis Henriques wrote:
>> > From: Avijit Kanti Das
>> >
>> > memset() the structure ethtool_wolinfo that has
35 matches
Mail list logo