There is no the race between put_net() and kernel socket creation, so
it's unnecessary to switch namespace for a kernel tunnel socket from
init_net to its desirable one.
Signed-off-by: Ying Xue ying@windriver.com
---
net/ipv4/udp_tunnel.c | 10 ++
1 file changed, 6 insertions(+), 4
On 06/18/2015 10:44 AM, Nicholas Krause wrote:
This converts the function tipc_buf_append now due to this
particular function only returning either one or zero as
its return value.
Signed-off-by: Nicholas Krause xerofo...@gmail.com
Acked-by: Ying Xue ying@windriver.com
---
net/tipc
When csk-atid returned by cxgb4_alloc_atid() is less than zero,
init_act_open() directly returns with -EINVAL. But as init_act_open()
ever invokes dst_neigh_lookup() before it calls cxgb4_alloc_atid(),
this leads to the leak of neigh entry searched by dst_neigh_lookup().
Signed-off-by: Ying Xue
On 05/28/2015 06:13 PM, Eric Dumazet wrote:
This patch is not needed.
You really should read Documentation/RCU , because it looks like you are
quite confused.
When we remove an element from a RCU protected list, all the objects in
the chain are already ready to be caught by rcu readers.
Commit e4c4e448cf55 (neigh: Convert garbage collection from softirq
to workqueue) misses to use rcu_assign_pointer() macro to assign a
RCU-protected pointer.
Signed-off-by: Ying Xue ying@windriver.com
---
net/core/neighbour.c |3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff
Signed-off-by: Ying Xue ying@windriver.com
---
net/tipc/socket.c |7 ++-
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index 9370f95..30ea82a 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -410,7 +410,7 @@ static int
On 08/19/2015 03:40 PM, Jiri Benc wrote:
On Wed, 19 Aug 2015 15:33:29 +0800, Ying Xue wrote:
When CONFIG_LWTUNNEL config is not enabled, the lwtstate_free() is not
declared in lwtunnel.h at all. However, even in this case, the function
is still referenced in fib_semantics.c so
-by: kbuild test robot fengguang...@intel.com
Signed-off-by: Ying Xue ying@windriver.com
Acked-by: Jiri Benc jb...@redhat.com
---
include/net/lwtunnel.h |4
1 file changed, 4 insertions(+)
diff --git a/include/net/lwtunnel.h b/include/net/lwtunnel.h
index 34fd8f7..cfee539 100644
--- a/include
Make fib_encap_match() static as it isn't used outside the file.
Signed-off-by: Ying Xue ying@windriver.com
---
net/ipv4/fib_semantics.c |6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c
index d525307..8fdf6c2
-by: kbuild test robot fengguang...@intel.com
Signed-off-by: Ying Xue ying@windriver.com
---
include/net/lwtunnel.h |4
1 file changed, 4 insertions(+)
diff --git a/include/net/lwtunnel.h b/include/net/lwtunnel.h
index 34fd8f7..cfee539 100644
--- a/include/net/lwtunnel.h
+++ b/include/net
On 11/04/2015 12:18 AM, Stephen Hemminger wrote:
> The TIPC case is a missing check for memory allocation failure.
>
Thanks for the report. I will fix it soon.
Regards,
Ying
>
> Begin forwarded message:
>
> Date: Mon, 02 Nov 2015 23:45:55 -0800
> From: scan-ad...@coverity.com
> To:
. Add a call to security_sk_clone()
to inherit the security state from the parent socket.
Reported-by: Tim Shearer tim.shea...@overturenetworks.com
Signed-off-by: Stephen Smalley s...@tycho.nsa.gov
Acked-by: Paul Moore p...@paul-moore.com
Acked-by: Ying Xue ying@windriver.com
---
net
> The issue is reproducible only when a congestion on broadcast link occurs.
> For example, when there are only 8 nodes it works fine since congestion
> doesn't occur. Send queue limit is 40 in my case (I use a critical importance
> level) and when 64 nodes send a message at the sam
On 08/07/2015 03:59 PM, Andrzej Hajda wrote:
> The patch was generated using fixed coccinelle semantic patch
> scripts/coccinelle/api/memdup.cocci [1].
>
> [1]: http://permalink.gmane.org/gmane.linux.kernel/2014320
>
> Signed-off-by: Andrzej Hajda <a.ha...@samsung.com>
nter.
>
> Signed-off-by: Erik Hugne <erik.hu...@ericsson.com>
> Reported-by: Tamás Végh <tamas.v...@ericsson.com>
Acked-by: Ying Xue <ying@windriver.com>
> ---
> net/tipc/msg.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/net/tipc/msg.c b/
ally consider that
it's always successful.
Fixes: e53567948f82 ("tipc: conditionally expand buffer headroom over udp
tunnel")
Reported-by: <scan-ad...@coverity.com>
Cc: Stephen Hemminger <step...@networkplumber.org>
Signed-off-by: Ying Xue <ying@windriver.com>
. To avoid this leak, we register a private socket
destructor to purge receive queue, meaning releasing packets pending
on receive queue will be delayed until the last reference of tipc
socket will be released.
Signed-off-by: Ying Xue <ying@windriver.com>
---
net/tipc/socket.c
On 11/24/2015 12:35 PM, David Miller wrote:
> pskb_expand_head() returns negative error codes, therefore zero means
> success and therefore this "!err" check is reversed.
Thank you for pointing out such a stupid mistake I made.
I will send v2 to correct it.
Regards,
Ying
--
To unsubscribe from
ally consider that
it's always successful.
Fixes: e53567948f82 ("tipc: conditionally expand buffer headroom over udp
tunnel")
Reported-by: <scan-ad...@coverity.com>
Cc: Stephen Hemminger <step...@networkplumber.org>
Signed-off-by: Ying Xue <ying@windriver.com>
---
v2:
net/tipc/link.c: In function ‘tipc_link_timeout’:
net/tipc/link.c:744:28: warning: ‘mtyp’ may be used uninitialized in this
function [-Wuninitialized]
Fixes: 42b18f605fea ("tipc: refactor function tipc_link_timeout()")
Acked-by: Jon Maloy <jon.ma...@ericsson.com>
Signed-off-by
t;)
Acked-by: Jon Maloy <jon.ma...@ericsson.com>
Signed-off-by: Ying Xue <ying@windriver.com>
---
net/tipc/bearer.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/tipc/bearer.c b/net/tipc/bearer.c
index 6f11c62..bf8f05c 100644
--- a/net/tipc/bearer.c
+++ b
context imbalance in '__tipc_nl_add_monitor' - different lock contexts for
> basic block
>
> Fixes: cf6f7e1d5109 ('tipc: dump monitor attributes')
> Signed-off-by: Wei Yongjun <weiyj...@gmail.com>
Acked-by: Ying Xue <ying@windriver.com>
> ---
> net/tipc/monit
gt; - to = \(kmalloc\|kzalloc\)(size,flag);
> + to = kmemdup(from,size,flag);
>if (to==NULL || ...) S
> - memcpy(to, from, size);
>
> Signed-off-by: Amitoj Kaur Chawla <amitoj1...@gmail.com>
Acked-by: Ying Xue <ying@windriver.com>
> ---
> net/tipc/
tetst teste tetet tetest
tetett
On 01/26/2017 01:46 PM, Eric W. Biederman wrote:
> Alexei Starovoitov writes:
>
>> in cases where bpf
gt;
> Secondly it's missing memory barriers as previously the code used
> spinlocks which provide the barriers implicitly.
>
> This patch fixes both problems.
>
> Fixes: 07f6c4bc048a ("tipc: convert tipc reference table to...")
> Signed-off-by: Herbert Xu <herb.
On 08/24/2016 02:00 PM, David Miller wrote:
> From: "Xue, Ying" <ying@windriver.com>
> Date: Wed, 24 Aug 2016 02:47:32 +0000
>
>> Acked-by: Ying Xue <ying@windriver.com>
>
> Please do not ACK patches like this.
>
> If you quote th
On 10/19/2016 10:16 AM, Ben Hutchings wrote:
> Qian Zhang (张谦) reported a potential socket buffer overflow in
> tipc_msg_build(). The minimum fragment length needs to be checked
> against the maximum packet size, which is based on the link MTU.
>
> Reported-by: Qian Zhang (张谦)
MTU. UDP case also needs a check to avoid
overflow when calculating bearer MTU.
Fixes: b97bf3fd8f6a ("[TIPC] Initial merge")
Signed-off-by: Michal Kubecek <mkube...@suse.cz>
Reported-by: Qian Zhang (张谦) <zhangqia...@360.cn>
---
Thanks, it looks nice to me.
Ac
On 11/30/2016 05:57 PM, Michal Kubecek wrote:
Qian Zhang (张谦) reported a potential socket buffer overflow in
tipc_msg_build() which is also known as CVE-2016-8632: due to
insufficient checks, a buffer overflow can occur if MTU is too short for
even tipc headers. As anyone can set device MTU in a
For UDP bearer, it seems insufficient for us to check MTU size only
when UDP bearer is enabled. Meanwhile, we should update MTU size for
UDP bearer with Path MTU discovery protocol once MTU size is changed
after bearer is enabled.
I should admit I'm not that familiar with tipc. Do you mean
ecksum
is ignored as well.
Signed-off-by: Ying Xue <ying@windriver.com>
---
net/netfilter/nf_nat_proto_sctp.c | 13 -
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/net/netfilter/nf_nat_proto_sctp.c
b/net/netfilter/nf_nat_proto_sctp.c
index 31d3586..804e8a0 1006
On 09/16/2017 05:26 PM, Joe Perches wrote:
> On Sat, 2017-09-16 at 17:02 +0800, Ying Xue wrote:
>> On 09/16/2017 03:50 PM, Thomas Meyer wrote:
>>> Use common library function rather than explicitly coding
>>> some variant of it yourself.
>>>
>>>
On 09/16/2017 05:58 PM, Joe Perches wrote:
> On Sat, 2017-09-16 at 17:36 +0800, Ying Xue wrote:
>> On 09/16/2017 05:26 PM, Joe Perches wrote:
>>> On Sat, 2017-09-16 at 17:02 +0800, Ying Xue wrote:
>>>> On 09/16/2017 03:50 PM, Thomas Meyer wrote:
>>>>
On 09/16/2017 03:50 PM, Thomas Meyer wrote:
> Use common library function rather than explicitly coding
> some variant of it yourself.
>
> Signed-off-by: Thomas Meyer <tho...@m3y3r.de>
Acked-by: Ying Xue <ying@windriver.com>
> ---
&g
On 09/06/2017 05:08 PM, Kleber Sacilotto de Souza wrote:
> The net device is already stored in the 'net' variable, so no need to call
> dev_net() again.
>
> Signed-off-by: Kleber Sacilotto de Souza <kleber.so...@canonical.com>
Acked-by: Ying Xue <ying@windriver.co
On 11/29/2017 06:48 PM, Tommi Rantala wrote:
> Remove the second tipc_rcv() call in tipc_udp_recv(). We have just
> checked that the bearer is not up, and calling tipc_rcv() with a bearer
> that is not up leads to a TIPC div-by-zero crash in
> tipc_node_calculate_timer(). The crash is rare in
> Cc: Jon Maloy <jon.ma...@ericsson.com>
> Cc: Ying Xue <ying@windriver.com>
> Cc: "David S. Miller" <da...@davemloft.net>
Tested-by: Ying Xue <ying@windriver.com>
Acked-by: Ying Xue <ying@windriver.com>
> ---
> net/tipc/core.h | 1
On 11/30/2017 08:32 PM, Tommi Rantala wrote:
>> In my opinion, the real root cause of the issue is because we too early
>> set a not-yet-initialized bearer instance to ub->bearer through
>> rcu_assign_pointer(ub->bearer, b) in tipc_udp_enable(). Instead if we
>> assign the bearer pointer at the
opt+0x189/0x360 net/socket.c:1830
> entry_SYSCALL_64_fastpath+0x1f/0x96
>
> Reported-by: syzbot <syzkal...@googlegroups.com>
> Cc: Jon Maloy <jon.ma...@ericsson.com>
> Cc: Ying Xue <ying@windriver.com>
> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.
On 05/04/2018 03:22 AM, David Miller wrote:
> From: syzbot
> Date: Thu, 03 May 2018 11:44:02 -0700
>
>> Call Trace:
>> __dump_stack lib/dump_stack.c:17 [inline]
>> dump_stack+0x185/0x1d0 lib/dump_stack.c:53
>> kmsan_report+0x142/0x240
.
Reported-by: syzbot+df0257c92ffd4fcc5...@syzkaller.appspotmail.com
Signed-off-by: Ying Xue <ying@windriver.com>
---
net/tipc/node.c | 15 +--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/net/tipc/node.c b/net/tipc/node.c
index baaf93f..f29549d 100644
---
...@syzkaller.appspotmail.com
Signed-off-by: Ying Xue <ying@windriver.com>
---
net/tipc/topsrv.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/tipc/topsrv.c b/net/tipc/topsrv.c
index c8e34ef..fe47a62 100644
--- a/net/tipc/topsrv.c
+++ b/net/tipc/topsrv.c
@@ -397,6 +397,7 @@ stat
On 05/20/2018 11:00 AM, David Miller wrote:
> From: Ying Xue <ying@windriver.com>
> Date: Fri, 18 May 2018 19:50:55 +0800
>
>> As variable s of struct tipc_subscr type is not initialized
>> in tipc_conn_rcv_from_sock() before it is used in tipc_conn_rcv_sub(),
>
Dmitry Vyukov <dvyu...@google.com>
> Cc: Jon Maloy <jon.ma...@ericsson.com>
> Cc: Ying Xue <ying@windriver.com>
> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com>
Acked-by: Ying Xue <ying@windriver.com>
> ---
> net/tipc/node.c | 26 ++
entry_SYSENTER_compat+0x54/0x63 arch/x86/entry/entry_64_compat.S:129
In order to correct the mistake, __tipc_nl_compat_doit() has been
protected by RTNL lock, which means the whole operation of setting
bearer/media properties is under RTNL protection.
Signed-off-by: Ying Xue <ying@windriver
entry_SYSENTER_compat+0x54/0x63 arch/x86/entry/entry_64_compat.S:129
In order to correct the mistake, __tipc_nl_compat_doit() has been
protected by RTNL lock, which means the whole operation of setting
bearer/media properties is under RTNL protection.
Signed-off-by: Ying Xue <ying@windriver
Introduce __tipc_nl_bearer_disable() which doesn't hold RTNL lock.
Signed-off-by: Ying Xue <ying@windriver.com>
---
net/tipc/bearer.c | 19 +--
net/tipc/bearer.h | 1 +
2 files changed, 14 insertions(+), 6 deletions(-)
diff --git a/net/tipc/bearer.c b/net/tipc/be
As preparation for adding RTNL to make (*cmd->transcode)() and
(*cmd->transcode)() constantly protected by RTNL lock, we move out of
memory allocations existing between them as many as possible so that
the time of holding RTNL can be minimized in __tipc_nl_compat_doit().
Signed-off-by: Yi
Introduce __tipc_nl_bearer_set() which doesn't holding RTNL lock.
Signed-off-by: Ying Xue <ying@windriver.com>
---
net/tipc/bearer.c | 23 ++-
net/tipc/bearer.h | 1 +
2 files changed, 15 insertions(+), 9 deletions(-)
diff --git a/net/tipc/bearer.c b/net/tipc/be
RTNL lock according
to the suggestion of Kirill Tkhai.
Changes in v2:
- The whole operation of setting bearer/media properties has been
protected under RTNL, as per feedback from David M.
Ying Xue (7):
tipc: Refactor __tipc_nl_compat_doit
tipc: Introduce __tipc_nl_bearer_disable
tipc
Introduce __tipc_nl_net_set() which doesn't hold RTNL lock.
Signed-off-by: Ying Xue <ying@windriver.com>
---
net/tipc/net.c | 15 ---
net/tipc/net.h | 1 +
2 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/net/tipc/net.c b/net/tipc/net.c
index 719c592..1
entry_SYSENTER_compat+0x54/0x63 arch/x86/entry/entry_64_compat.S:129
In order to correct the mistake, __tipc_nl_compat_doit() has been
protected by RTNL lock, which means the whole operation of setting
bearer/media properties is under RTNL protection.
Signed-off-by: Ying Xue <ying@windriver
Introduce __tipc_nl_media_set() which doesn't hold RTNL lock.
Signed-off-by: Ying Xue <ying@windriver.com>
---
net/tipc/bearer.c | 23 ++-
net/tipc/bearer.h | 1 +
2 files changed, 15 insertions(+), 9 deletions(-)
diff --git a/net/tipc/bearer.c b/net/tipc/bearer.c
Introduce __tipc_nl_bearer_enable() which doesn't hold RTNL lock.
Signed-off-by: Ying Xue <ying@windriver.com>
---
net/tipc/bearer.c | 17 ++---
net/tipc/bearer.h | 1 +
2 files changed, 11 insertions(+), 7 deletions(-)
diff --git a/net/tipc/bearer.c b/net/tipc/bearer.c
On 02/13/2018 07:03 PM, Kirill Tkhai wrote:
> The patch is logically OK for me. The only thing I'm confused,
> I had to split it in 7 patches to review, otherwise the patch
> looks difficult to do. There is possible to extract:
>
> 1)Refactoring in __tipc_nl_compat_doit
> 2)Introduce
On 01/03/2018 11:48 PM, David Miller wrote:
> As soon as you drop the RTNL lock, the media or bearer entry can be
> removed from the tables.
>
Thanks for the review. Yes, you are right. But even if we temporarily
release RTNL lock, it's still safe for us because when we set
media/bearer
entry_SYSENTER_compat+0x54/0x63 arch/x86/entry/entry_64_compat.S:129
Signed-off-by: Ying Xue <ying@windriver.com>
Reported-by: syzbot <syzbot+6345fd433db009b29...@syzkaller.appspotmail.com>
---
net/tipc/netlink_compat.c | 4
1 file changed, 4 insertions(+)
diff --git a/net/tip
hich can sleep and improve the possibility of successful allocation.
>
> This is found by a static analysis tool named DCNS written by myself.
> And I also manually check it.
>
> Signed-off-by: Jia-Ju Bai <baijiaju1...@gmail.com>
Acked-by: Ying Xue <ying@windrive
On 04/10/2018 09:17 AM, Jia-Ju Bai wrote:
> tipc_mon_create() is never called in atomic context.
>
> The call chain ending up at dn_route_init() is:
Sorry, I don't think there is any relationship between the following
call chain with dn_route_init().
> [1] tipc_mon_create() <-
On 04/16/2018 11:29 PM, Eric Dumazet wrote:
> Before syzbot/KMSAN bites, add the missing policy for TIPC_NLA_NET_ADDR
>
> Fixes: 27c21416727a ("tipc: add net set to new netlink api")
> Signed-off-by: Eric Dumazet <eduma...@google.com>
> Cc: Jon Maloy <jon.ma...@
ibutes.
>
> Fixes: d50ccc2d3909 ("tipc: add 128-bit node identifier")
> Signed-off-by: Eric Dumazet <eduma...@google.com>
> Cc: Jon Maloy <jon.ma...@ericsson.com>
> Cc: Ying Xue <ying@windriver.com>
> Reported-by: syzbot <syzkal...@googlegroups.com>
On 03/06/2018 05:56 AM, Gustavo A. R. Silva wrote:
> Assign true or false to boolean variables instead of an integer value.
>
> This issue was detected with the help of Coccinelle.
>
> Signed-off-by: Gustavo A. R. Silva <garsi...@embeddedor.com>
Acked-by: Ying Xue &l
for us.
Fixes: 3f32d0be6c16 ("tipc: lock wakeup & inputq at tipc_link_reset()")
Reported-by: Dmitry Vyukov
Signed-off-by: Ying Xue
---
net/tipc/link.c | 11 +--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/net/tipc/link.c b/net/tipc/link.c
index fb886b
On 10/11/2018 03:59 PM, Dmitry Vyukov wrote:
> On Thu, Oct 11, 2018 at 9:55 AM, Dmitry Vyukov wrote:
>> Hi,
>>
>> I am getting the following error while booting the latest kernel on
>> bb2d8f2f61047cbde08b78ec03e4ebdb01ee5434 (Oct 10). Config is attached.
>>
>> Since this happens during boot,
Jon, please help to review the patch:
https://patchwork.ozlabs.org/patch/982447.
Thanks,
Ying
On 10/11/2018 06:55 PM, Jon Maloy wrote:
> Hi Dmitry,
> Yes, we are aware of this, the kernel test robot warned us about this a few
> days ago.
> I am looking into it.
>
> ///jon
On 08/24/2018 07:19 AM, Cong Wang wrote:
> rhashtable_walk_exit() must be paired with rhashtable_walk_enter().
>
> Fixes: 40f9f4397060 ("tipc: Fix tipc_sk_reinit race conditions")
> Cc: Herbert Xu
> Cc: Ying Xue
> Signed-off-by: Cong Wang
Acked-by: Ying Xue
&g
66 matches
Mail list logo