- 22 Feb, 2022 1 commit
-
-
Kumar Kartikeya Dwivedi authored
This test tries to pass a PTR_TO_BTF_ID_OR_NULL to the release function, which would trigger a out of bounds access without the fix in commit 45ce4b4f ("bpf: Fix crash due to out of bounds access into reg2btf_ids.") but after the fix, it should only index using base_type(reg->type), which should be less than __BPF_REG_TYPE_MAX, and also not permit any type flags to be set for the reg->type. Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org> Link: https://lore.kernel.org/bpf/20220220023138.2224652-1-memxor@gmail.com
-
- 20 Feb, 2022 3 commits
-
-
Andrii Nakryiko authored
There turned out to be a few problems with btfgen selftests. First, core_btfgen tests are failing in BPF CI due to the use of full-featured bpftool, which has extra dependencies on libbfd, libcap, etc, which are present in BPF CI's build environment, but those shared libraries are missing in QEMU image in which test_progs is running. To fix this problem, use minimal bootstrap version of bpftool instead. It only depend on libelf and libz, same as libbpf, so doesn't add any new requirements (and bootstrap bpftool still implementes entire `bpftool gen` functionality, which is quite convenient). Second problem is even more interesting. Both core_btfgen and core_reloc reuse the same set of struct core_reloc_test_case array of test case definitions. That in itself is not a problem, but btfgen test replaces test_case->btf_src_file property with the path to temporary file into which minimized BTF is output by bpftool. This interferes with original core_reloc tests, depending on order of tests execution (core_btfgen is run first in sequential mode and skrews up subsequent core_reloc run by pointing to already deleted temporary file, instead of the original BTF files) and whether those two runs share the same process (in parallel mode the chances are high for them to run in two separate processes and so not interfere with each other). To prevent this interference, create and use local copy of a test definition. Mark original array as constant to catch accidental modifcations. Note that setup_type_id_case_success() and setup_type_id_case_success() still modify common test_case->output memory area, but it is ok as each setup function has to re-initialize it completely anyways. In sequential mode it leads to deterministic and correct initialization. In parallel mode they will either each have their own process, or if core_reloc and core_btfgen happen to be run by the same worker process, they will still do that sequentially within the worker process. If they are sharded across multiple processes, they don't really share anything anyways. Also, rename core_btfgen into core_reloc_btfgen, as it is indeed just a "flavor" of core_reloc test, not an independent set of tests. So make it more obvious. Last problem that needed solving was that location of bpftool differs between test_progs and test_progs' flavors (e.g., test_progs-no_alu32). To keep it simple, create a symlink to bpftool both inside selftests/bpf/ directory and selftests/bpf/<flavor> subdirectory. That way, from inside core_reloc test, location to bpftool is just "./bpftool". v2->v3: - fix bpftool location relative the test_progs-no_alu32; v1->v2: - fix corruption of core_reloc_test_case. Fixes: 704c91e5 ("selftests/bpf: Test "bpftool gen min_core_btf") Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Signed-off-by: Alexei Starovoitov <ast@kernel.org> Acked-by: Yucong Sun <sunyucong@gmail.com> Link: https://lore.kernel.org/bpf/20220220042720.3336684-1-andrii@kernel.org
-
Souptick Joarder (HPE) authored
Kernel test robot reported below error -> kernel/bpf/btf.c:6718 btf_populate_kfunc_set() error: uninitialized symbol 'ret'. Initialize ret to 0. Fixes: dee872e1 ("bpf: Populate kfunc BTF ID sets in struct btf") Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: Souptick Joarder (HPE) <jrdr.linux@gmail.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org> Acked-by: Kumar Kartikeya Dwivedi <memxor@gmail.com> Link: https://lore.kernel.org/bpf/20220219163915.125770-1-jrdr.linux@gmail.com
-
Yonghong Song authored
Build the kernel and selftest with clang compiler with LLVM=1, make -j LLVM=1 make -C tools/testing/selftests/bpf -j LLVM=1 I hit the following selftests/bpf compilation error: In file included from test_cpp.cpp:3: /.../tools/testing/selftests/bpf/tools/include/bpf/libbpf.h:73:8: error: 'relaxed_core_relocs' is deprecated: libbpf v0.6+: field has no effect [-Werror,-Wdeprecated-declarations] struct bpf_object_open_opts { ^ test_cpp.cpp:56:2: note: in implicit move constructor for 'bpf_object_open_opts' first required here LIBBPF_OPTS(bpf_object_open_opts, opts); ^ /.../tools/testing/selftests/bpf/tools/include/bpf/libbpf_common.h:77:3: note: expanded from macro 'LIBBPF_OPTS' (struct TYPE) { \ ^ /.../tools/testing/selftests/bpf/tools/include/bpf/libbpf.h:90:2: note: 'relaxed_core_relocs' has been explicitly marked deprecated here LIBBPF_DEPRECATED_SINCE(0, 6, "field has no effect") ^ /.../tools/testing/selftests/bpf/tools/include/bpf/libbpf_common.h:24:4: note: expanded from macro 'LIBBPF_DEPRECATED_SINCE' (LIBBPF_DEPRECATED("libbpf v" # major "." # minor "+: " msg)) ^ /.../tools/testing/selftests/bpf/tools/include/bpf/libbpf_common.h:19:47: note: expanded from macro 'LIBBPF_DEPRECATED' #define LIBBPF_DEPRECATED(msg) __attribute__((deprecated(msg))) There are two ways to fix the issue, one is to use GCC diagnostic ignore pragma, and the other is to open code bpf_object_open_opts instead of using LIBBPF_OPTS. Since in general LIBBPF_OPTS is preferred, the patch fixed the issue by adding proper GCC diagnostic ignore pragmas. Signed-off-by: Yonghong Song <yhs@fb.com> Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Link: https://lore.kernel.org/bpf/20220217194005.2765348-1-yhs@fb.com
-
- 18 Feb, 2022 27 commits
-
-
Eric Dumazet authored
As stated in the comment found in maybe_wait_bpf_programs(), the synchronize_rcu() barrier is only needed before returning to userspace, not after each deletion in the batch. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Reviewed-by: Stanislav Fomichev <sdf@google.com> Link: https://lore.kernel.org/bpf/20220218181801.2971275-1-eric.dumazet@gmail.com
-
Eric Dumazet authored
IPv6 has this hack changing sk->sk_prot when an IPv6 socket is 'converted' to an IPv4 one with IPV6_ADDRFORM option. This operation is only performed for TCP and UDP, knowing their 'struct proto' for the two network families are populated in the same way, and can not disappear while a reader might use and dereference sk->sk_prot. If we think about it all reads of sk->sk_prot while either socket lock or RTNL is not acquired should be using READ_ONCE(). Also note that other layers like MPTCP, XFRM, CHELSIO_TLS also write over sk->sk_prot. BUG: KCSAN: data-race in inet6_recvmsg / ipv6_setsockopt write to 0xffff8881386f7aa8 of 8 bytes by task 26932 on cpu 0: do_ipv6_setsockopt net/ipv6/ipv6_sockglue.c:492 [inline] ipv6_setsockopt+0x3758/0x3910 net/ipv6/ipv6_sockglue.c:1019 udpv6_setsockopt+0x85/0x90 net/ipv6/udp.c:1649 sock_common_setsockopt+0x5d/0x70 net/core/sock.c:3489 __sys_setsockopt+0x209/0x2a0 net/socket.c:2180 __do_sys_setsockopt net/socket.c:2191 [inline] __se_sys_setsockopt net/socket.c:2188 [inline] __x64_sys_setsockopt+0x62/0x70 net/socket.c:2188 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae read to 0xffff8881386f7aa8 of 8 bytes by task 26911 on cpu 1: inet6_recvmsg+0x7a/0x210 net/ipv6/af_inet6.c:659 ____sys_recvmsg+0x16c/0x320 ___sys_recvmsg net/socket.c:2674 [inline] do_recvmmsg+0x3f5/0xae0 net/socket.c:2768 __sys_recvmmsg net/socket.c:2847 [inline] __do_sys_recvmmsg net/socket.c:2870 [inline] __se_sys_recvmmsg net/socket.c:2863 [inline] __x64_sys_recvmmsg+0xde/0x160 net/socket.c:2863 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae value changed: 0xffffffff85e0e980 -> 0xffffffff85e01580 Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 26911 Comm: syz-executor.3 Not tainted 5.17.0-rc2-syzkaller-00316-g0457e515-dirty #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Reported-by: syzbot <syzkaller@googlegroups.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Cédric Le Goater authored
There were a fair amount of changes to workaround a firmware bug leaving a pending interrupt after migration of the ibmvnic device : commit 2df5c60e ("net/ibmvnic: Ignore H_FUNCTION return from H_EOI to tolerate XIVE mode") commit 284f87d2 ("Revert "net/ibmvnic: Fix EOI when running in XIVE mode"") commit 11d49ce9 ("net/ibmvnic: Fix EOI when running in XIVE mode.") commit f23e0643 ("ibmvnic: Clear pending interrupt after device reset") Here is the final one taking into account the XIVE interrupt mode. Cc: Sukadev Bhattiprolu <sukadev@linux.ibm.com> Cc: Dany Madden <drt@linux.ibm.com> Signed-off-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
jeffreyji authored
skb is ignored if team port is disabled. We want the skb to be delivered if it's an link layer packet. Issue is already fixed for bonding in commit b89f04c6 ("bonding: deliver link-local packets with skb->dev set to link that packets arrived on") changelog: v2: change LLDP -> link layer in comments/commit descrip, comment format Signed-off-by: jeffreyji <jeffreyji@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Russell King says: ==================== net: dsa: qca8k: convert to phylink_pcs and mark as non-legacy This series adds support into DSA for the mac_select_pcs method, and converts qca8k to make use of this, eventually marking qca8k as non- legacy. Patch 1 adds DSA support for mac_select_pcs. Patch 2 and patch 3 moves code around in qca8k to make patch 4 more readable. Patch 4 does a simple conversion to phylink_pcs. Patch 5 moves the serdes configuration to phylink_pcs. Patch 6 marks qca8k as non-legacy. v2: fix dsa_phylink_mac_select_pcs() formatting and double-blank line in patch 5 ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Russell King (Oracle) authored
The qca8k driver does not make use of the speed, duplex, pause or advertisement in its phylink_mac_config() implementation, so it can be marked as a non-legacy driver. Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Russell King (Oracle) authored
Move the PCS configuration to qca8k_pcs_config(). Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Russell King (Oracle) authored
Convert the qca8k driver to use the phylink_pcs support to talk to the SGMII PCS. Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Russell King (Oracle) authored
Move qca8k_phylink_mac_link_state() to separate the code movement from code changes. Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Russell King (Oracle) authored
Move qca8k_setup() to be later in the file to avoid needing prototypes for called functions. Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Russell King (Oracle) authored
Add DSA support for the phylink mac_select_pcs() method so DSA drivers can return provide phylink with the appropriate PCS for the PHY interface mode. Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Tom Rix authored
Remove the second 'the'. Replacements: endiannes to endianness areconnected to are connected Mamagement to Management undoccumented to undocumented Xilink to Xilinx strucutre to structure Change kernel-doc comment style to c style for /* Management ... Signed-off-by: Tom Rix <trix@redhat.com> Reviewed-by: Michal Simek <michal.simek@xilinx.com> Acked-by: Randy Dunlap <rdunlap@infradead.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Gal Pressman authored
Following the cited commit, sparse started complaining about: ../include/net/gro.h:58:1: warning: directive in macro's argument list ../include/net/gro.h:59:1: warning: directive in macro's argument list Fix that by moving the defines out of the struct_group() macro. Fixes: de5a1f3c ("net: gro: minor optimization for dev_gro_receive()") Reviewed-by: Maxim Mikityanskiy <maximmi@nvidia.com> Signed-off-by: Gal Pressman <gal@nvidia.com> Acked-by: Alexander Lobakin <alexandr.lobakin@intel.com> Acked-by: Paolo Abeni <pabeni@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Xu Wang authored
'destroy_workqueue()' already drains the queue before destroying it, so there is no need to flush it explicitly. Remove the redundant 'flush_workqueue()' calls. Signed-off-by: Xu Wang <vulab@iscas.ac.cn> Acked-by: Alexandra Winter <wintera@linux.ibm.com> Link: https://lore.kernel.org/r/20220216075155.940-1-vulab@iscas.ac.cnSigned-off-by: Jakub Kicinski <kuba@kernel.org>
-
Vladimir Oltean authored
Introduced in commit cf963573 ("net: dsa: Allow providing PHY statistics from CPU port"), it appears these were never used. Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com> Reviewed-by: Florian Fainelli <f.fainelli@gmail.com> Link: https://lore.kernel.org/r/20220216193726.2926320-1-vladimir.oltean@nxp.comSigned-off-by: Jakub Kicinski <kuba@kernel.org>
-
Eric Dumazet authored
prot->memory_allocated should only be set if prot->sysctl_mem is also set. This is a followup of commit 25206111 ("crypto: af_alg - get rid of alg_memory_allocated"). Signed-off-by: Eric Dumazet <edumazet@google.com> Link: https://lore.kernel.org/r/20220216171801.3604366-1-eric.dumazet@gmail.comSigned-off-by: Jakub Kicinski <kuba@kernel.org>
-
Christophe JAILLET authored
XTE_MAX_JUMBO_FRAME_SIZE is over 9000 bytes and the default value for 'rx_bd_num' is RX_BD_NUM_DEFAULT (i.e. 1024) So this loop allocates more than 9 Mo of memory. Previous memory allocations in this function already use GFP_KERNEL, so use __netdev_alloc_skb_ip_align() and an explicit GFP_KERNEL instead of a implicit GFP_ATOMIC. This gives more opportunities of successful allocation. Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> Link: https://lore.kernel.org/r/694abd65418b2b3974106a82d758e3474c65ae8f.1645042560.git.christophe.jaillet@wanadoo.frSigned-off-by: Jakub Kicinski <kuba@kernel.org>
-
Christophe JAILLET authored
NIXGE_MAX_JUMBO_FRAME_SIZE is over 9000 bytes and RX_BD_NUM 128. So this loop allocates more than 1 Mo of memory. Previous memory allocations in this function already use GFP_KERNEL, so use __netdev_alloc_skb_ip_align() and an explicit GFP_KERNEL instead of a implicit GFP_ATOMIC. This gives more opportunities of successful allocation. Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> Link: https://lore.kernel.org/r/28d2c8e05951ad02a57eb48333672947c8bb4f81.1645043881.git.christophe.jaillet@wanadoo.frSigned-off-by: Jakub Kicinski <kuba@kernel.org>
-
Jakub Kicinski authored
Mat Martineau says: ==================== mptcp: Selftest fine-tuning and cleanup Patch 1 adjusts the mptcp selftest timeout to account for slow machines running debug builds. Patch 2 simplifies one test function. Patches 3-6 do some cleanup, like deleting unused variables and avoiding extra work when only printing usage information. Patch 7 improves the checksum tests by utilizing existing checksum MIBs. ==================== Link: https://lore.kernel.org/r/20220218030311.367536-1-mathew.j.martineau@linux.intel.comSigned-off-by: Jakub Kicinski <kuba@kernel.org>
-
Geliang Tang authored
This patch added the data checksum error mib counters check for the script mptcp_connect.sh when the data checksum is enabled. In do_transfer(), got the mib counters twice, before and after running the mptcp_connect commands. The latter minus the former is the actual number of the data checksum mib counter. The output looks like this: ns1 MPTCP -> ns2 (dead:beef:1::2:10007) MPTCP (duration 86ms) [ OK ] ns1 MPTCP -> ns2 (10.0.2.1:10008 ) MPTCP (duration 66ms) [ FAIL ] server got 1 data checksum error[s] Fixes: 94d66ba1 ("selftests: mptcp: enable checksum in mptcp_connect.sh") Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/255Signed-off-by: Geliang Tang <geliang.tang@suse.com> Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Matthieu Baerts authored
To allow showing the 'help' menu even if these tools are not available. While at it, also avoid launching the command then checking $?. Instead, the check is directly done in the 'if'. Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net> Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Matthieu Baerts authored
These tmp files will only be created when a test will be launched. This avoid 'dd' output when '-h' is used for example. While at it, also avoid creating netns that will be removed when starting the first test. Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net> Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Matthieu Baerts authored
Shellcheck found that these variables were set but never used. Note that rndh is no longer prefixed with '0-' but it doesn't change anything. Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net> Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Matthieu Baerts authored
With an error if it is an unknown option. Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net> Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Geliang Tang authored
This patch simplified pm_nl_change_endpoint(), using id-based address lookups only. And dropped the fragile way of parsing 'addr' and 'id' from the output of pm_nl_show_endpoints(). Signed-off-by: Geliang Tang <geliang.tang@suse.com> Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
Matthieu Baerts authored
With the increase number of tests, one CI instance, using a debug kernel config and not recent hardware, takes around 10 minutes to execute the slowest MPTCP test: mptcp_join.sh. Even if most CIs don't take that long to execute these tests -- typically max 10 minutes to run all selftests -- it will help some of them if the timeout is increased. The timeout could be disabled but it is always good to have an extra safeguard, just in case. Please note that on slow public CIs with kernel debug settings, it has been observed it can easily take up to 45 minutes to execute all tests in this very slow environment with other jobs running in parallel. The slowest test, mptcp_join.sh takes ~30 minutes in this case. In such environments, the selftests timeout set in the 'settings' file is disabled because this environment is known as being exceptionnally slow. It has been decided not to take such exceptional environments into account and set the timeout to 20min. Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net> Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-nextJakub Kicinski authored
Daniel Borkmann says: ==================== bpf-next 2022-02-17 We've added 29 non-merge commits during the last 8 day(s) which contain a total of 34 files changed, 1502 insertions(+), 524 deletions(-). The main changes are: 1) Add BTFGen support to bpftool which allows to use CO-RE in kernels without BTF info, from Mauricio Vásquez, Rafael David Tinoco, Lorenzo Fontana and Leonardo Di Donato. (Details: https://lpc.events/event/11/contributions/948/) 2) Prepare light skeleton to be used in both kernel module and user space and convert bpf_preload.ko to use light skeleton, from Alexei Starovoitov. 3) Rework bpftool's versioning scheme and align with libbpf's version number; also add linked libbpf version info to "bpftool version", from Quentin Monnet. 4) Add minimal C++ specific additions to bpftool's skeleton codegen to facilitate use of C skeletons in C++ applications, from Andrii Nakryiko. 5) Add BPF verifier sanity check whether relative offset on kfunc calls overflows desc->imm and reject the BPF program if the case, from Hou Tao. 6) Fix libbpf to use a dynamically allocated buffer for netlink messages to avoid receiving truncated messages on some archs, from Toke Høiland-Jørgensen. 7) Various follow-up fixes to the JIT bpf_prog_pack allocator, from Song Liu. 8) Various BPF selftest and vmtest.sh fixes, from Yucong Sun. 9) Fix bpftool pretty print handling on dumping map keys/values when no BTF is available, from Jiri Olsa and Yinjun Zhang. 10) Extend XDP frags selftest to check for invalid length, from Lorenzo Bianconi. * https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next: (29 commits) bpf: bpf_prog_pack: Set proper size before freeing ro_header selftests/bpf: Fix crash in core_reloc when bpftool btfgen fails selftests/bpf: Fix vmtest.sh to launch smp vm. libbpf: Fix memleak in libbpf_netlink_recv() bpftool: Fix C++ additions to skeleton bpftool: Fix pretty print dump for maps without BTF loaded selftests/bpf: Test "bpftool gen min_core_btf" bpftool: Gen min_core_btf explanation and examples bpftool: Implement btfgen_get_btf() bpftool: Implement "gen min_core_btf" logic bpftool: Add gen min_core_btf command libbpf: Expose bpf_core_{add,free}_cands() to bpftool libbpf: Split bpf_core_apply_relo() bpf: Reject kfunc calls that overflow insn->imm selftests/bpf: Add Skeleton templated wrapper as an example bpftool: Add C++-specific open/load/etc skeleton wrappers selftests/bpf: Fix GCC11 compiler warnings in -O2 mode bpftool: Fix the error when lookup in no-btf maps libbpf: Use dynamically allocated buffer when receiving netlink messages libbpf: Fix libbpf.map inheritance chain for LIBBPF_0.7.0 ... ==================== Link: https://lore.kernel.org/r/20220217232027.29831-1-daniel@iogearbox.netSigned-off-by: Jakub Kicinski <kuba@kernel.org>
-
- 17 Feb, 2022 9 commits
-
-
Song Liu authored
bpf_prog_pack_free() uses header->size to decide whether the header should be freed with module_memfree() or the bpf_prog_pack logic. However, in kvmalloc() failure path of bpf_jit_binary_pack_alloc(), header->size is not set yet. As a result, bpf_prog_pack_free() may treat a slice of a pack as a standalone kvmalloc'd header and call module_memfree() on the whole pack. This in turn causes use-after-free by other users of the pack. Fix this by setting ro_header->size before freeing ro_header. Fixes: 33c98058 ("bpf: Introduce bpf_jit_binary_pack_[alloc|finalize|free]") Reported-by: syzbot+2f649ec6d2eea1495a8f@syzkaller.appspotmail.com Reported-by: syzbot+ecb1e7e51c52f68f7481@syzkaller.appspotmail.com Reported-by: syzbot+87f65c75f4a72db05445@syzkaller.appspotmail.com Signed-off-by: Song Liu <song@kernel.org> Signed-off-by: Alexei Starovoitov <ast@kernel.org> Link: https://lore.kernel.org/bpf/20220217183001.1876034-1-song@kernel.org
-
David S. Miller authored
Yevhen Orlov says: ==================== net: marvell: prestera: add basic routes offloading Add support for blackhole and local routes for Marvell Prestera driver. Subscribe on fib notifications and handle add/del. Add features: - Support route adding. e.g.: "ip route add blackhole 7.7.1.1/24" e.g.: "ip route add local 9.9.9.9 dev sw1p30" - Support "rt_trap", "rt_offload", "rt_offload_failed" flags - Handle case, when route in "local" table overlaps route in "main" table example: ip ro add blackhole 7.7.7.7 ip ro add local 7.7.7.7 dev sw1p30 # blackhole route will be deoffloaded. rt_offload flag disappeared Limitations: - Only "blackhole" and "local" routes supported. "nexthop" routes is TRAP for now and will be implemented soon. - Only "local" and "main" tables supported ==================== Co-developed-by: Taras Chornyi <tchornyi@marvell.com> Signed-off-by: Taras Chornyi <tchornyi@marvell.com> Co-developed-by: Oleksandr Mazur <oleksandr.mazur@plvision.eu> Signed-off-by: Oleksandr Mazur <oleksandr.mazur@plvision.eu> Signed-off-by: Yevhen Orlov <yevhen.orlov@plvision.eu> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Yevhen Orlov authored
For now we support only TRAP or DROP, so we can offload only "local" or "blackhole" routes. Nexthop routes is TRAP for now. Will be implemented soon. Co-developed-by: Taras Chornyi <tchornyi@marvell.com> Signed-off-by: Taras Chornyi <tchornyi@marvell.com> Co-developed-by: Oleksandr Mazur <oleksandr.mazur@plvision.eu> Signed-off-by: Oleksandr Mazur <oleksandr.mazur@plvision.eu> Signed-off-by: Yevhen Orlov <yevhen.orlov@plvision.eu> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Yevhen Orlov authored
Add new router_hw object "fib_node". For now it support only DROP and TRAP mode. Co-developed-by: Taras Chornyi <tchornyi@marvell.com> Signed-off-by: Taras Chornyi <tchornyi@marvell.com> Co-developed-by: Oleksandr Mazur <oleksandr.mazur@plvision.eu> Signed-off-by: Oleksandr Mazur <oleksandr.mazur@plvision.eu> Signed-off-by: Yevhen Orlov <yevhen.orlov@plvision.eu> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Yevhen Orlov authored
Add functions to create/delete lpm entry in hw. prestera_hw_lpm_add() take index of allocated virtual router. Also it takes grp_id, which is index of allocated nexthop group. ABI to create nexthop group will be added soon. Co-developed-by: Taras Chornyi <tchornyi@marvell.com> Signed-off-by: Taras Chornyi <tchornyi@marvell.com> Co-developed-by: Oleksandr Mazur <oleksandr.mazur@plvision.eu> Signed-off-by: Oleksandr Mazur <oleksandr.mazur@plvision.eu> Signed-off-by: Yevhen Orlov <yevhen.orlov@plvision.eu> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski authored
Fast path bpf marge for some -next work. Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpfJakub Kicinski authored
Alexei Starovoitov says: ==================== pull-request: bpf 2022-02-17 We've added 8 non-merge commits during the last 7 day(s) which contain a total of 8 files changed, 119 insertions(+), 15 deletions(-). The main changes are: 1) Add schedule points in map batch ops, from Eric. 2) Fix bpf_msg_push_data with len 0, from Felix. 3) Fix crash due to incorrect copy_map_value, from Kumar. 4) Fix crash due to out of bounds access into reg2btf_ids, from Kumar. 5) Fix a bpf_timer initialization issue with clang, from Yonghong. * https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf: bpf: Add schedule points in batch ops bpf: Fix crash due to out of bounds access into reg2btf_ids. selftests: bpf: Check bpf_msg_push_data return value bpf: Fix a bpf_timer initialization issue bpf: Emit bpf_timer in vmlinux BTF selftests/bpf: Add test for bpf_timer overwriting crash bpf: Fix crash due to incorrect copy_map_value bpf: Do not try bpf_msg_push_data with len 0 ==================== Link: https://lore.kernel.org/r/20220217190000.37925-1-alexei.starovoitov@gmail.comSigned-off-by: Jakub Kicinski <kuba@kernel.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netJakub Kicinski authored
No conflicts. Signed-off-by: Jakub Kicinski <kuba@kernel.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/netdev/netLinus Torvalds authored
Pull networking fixes from Jakub Kicinski: "Including fixes from wireless and netfilter. Current release - regressions: - dsa: lantiq_gswip: fix use after free in gswip_remove() - smc: avoid overwriting the copies of clcsock callback functions Current release - new code bugs: - iwlwifi: - fix use-after-free when no FW is present - mei: fix the pskb_may_pull check in ipv4 - mei: retry mapping the shared area - mvm: don't feed the hardware RFKILL into iwlmei Previous releases - regressions: - ipv6: mcast: use rcu-safe version of ipv6_get_lladdr() - tipc: fix wrong publisher node address in link publications - iwlwifi: mvm: don't send SAR GEO command for 3160 devices, avoid FW assertion - bgmac: make idm and nicpm resource optional again - atl1c: fix tx timeout after link flap Previous releases - always broken: - vsock: remove vsock from connected table when connect is interrupted by a signal - ping: change destination interface checks to match raw sockets - crypto: af_alg - get rid of alg_memory_allocated to avoid confusing semantics (and null-deref) after SO_RESERVE_MEM was added - ipv6: make exclusive flowlabel checks per-netns - bonding: force carrier update when releasing slave - sched: limit TC_ACT_REPEAT loops - bridge: multicast: notify switchdev driver whenever MC processing gets disabled because of max entries reached - wifi: brcmfmac: fix crash in brcm_alt_fw_path when WLAN not found - iwlwifi: fix locking when "HW not ready" - phy: mediatek: remove PHY mode check on MT7531 - dsa: mv88e6xxx: flush switchdev FDB workqueue before removing VLAN - dsa: lan9303: - fix polarity of reset during probe - fix accelerated VLAN handling" * tag 'net-5.17-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (65 commits) bonding: force carrier update when releasing slave nfp: flower: netdev offload check for ip6gretap ipv6: fix data-race in fib6_info_hw_flags_set / fib6_purge_rt ipv4: fix data races in fib_alias_hw_flags_set net: dsa: lan9303: add VLAN IDs to master device net: dsa: lan9303: handle hwaccel VLAN tags vsock: remove vsock from connected table when connect is interrupted by a signal Revert "net: ethernet: bgmac: Use devm_platform_ioremap_resource_byname" ping: fix the dif and sdif check in ping_lookup net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 net: sched: limit TC_ACT_REPEAT loops tipc: fix wrong notification node addresses net: dsa: lantiq_gswip: fix use after free in gswip_remove() ipv6: per-netns exclusive flowlabel checks net: bridge: multicast: notify switchdev driver whenever MC processing gets disabled CDC-NCM: avoid overflow in sanity checking mctp: fix use after free net: mscc: ocelot: fix use-after-free in ocelot_vlan_del() bonding: fix data-races around agg_select_timer dpaa2-eth: Initialize mutex used in one step timestamping path ...
-