1. 07 Nov, 2021 5 commits
    • Alexey Khoroshilov's avatar
      sctp: remove unreachable code from sctp_sf_violation_chunk() · e7ea51cd
      Alexey Khoroshilov authored
      sctp_sf_violation_chunk() is not called with asoc argument equal to NULL,
      but if that happens it would lead to NULL pointer dereference
      in sctp_vtag_verify().
      
      The patch removes code that handles NULL asoc in sctp_sf_violation_chunk().
      
      Found by Linux Verification Center (linuxtesting.org) with SVACE.
      Signed-off-by: default avatarAlexey Khoroshilov <khoroshilov@ispras.ru>
      Proposed-by: default avatarXin Long <lucien.xin@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      e7ea51cd
    • Eric Dumazet's avatar
      llc: fix out-of-bound array index in llc_sk_dev_hash() · 8ac9dfd5
      Eric Dumazet authored
      Both ifindex and LLC_SK_DEV_HASH_ENTRIES are signed.
      
      This means that (ifindex % LLC_SK_DEV_HASH_ENTRIES) is negative
      if @ifindex is negative.
      
      We could simply make LLC_SK_DEV_HASH_ENTRIES unsigned.
      
      In this patch I chose to use hash_32() to get more entropy
      from @ifindex, like llc_sk_laddr_hashfn().
      
      UBSAN: array-index-out-of-bounds in ./include/net/llc.h:75:26
      index -43 is out of range for type 'hlist_head [64]'
      CPU: 1 PID: 20999 Comm: syz-executor.3 Not tainted 5.15.0-syzkaller #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      Call Trace:
       <TASK>
       __dump_stack lib/dump_stack.c:88 [inline]
       dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
       ubsan_epilogue+0xb/0x5a lib/ubsan.c:151
       __ubsan_handle_out_of_bounds.cold+0x62/0x6c lib/ubsan.c:291
       llc_sk_dev_hash include/net/llc.h:75 [inline]
       llc_sap_add_socket+0x49c/0x520 net/llc/llc_conn.c:697
       llc_ui_bind+0x680/0xd70 net/llc/af_llc.c:404
       __sys_bind+0x1e9/0x250 net/socket.c:1693
       __do_sys_bind net/socket.c:1704 [inline]
       __se_sys_bind net/socket.c:1702 [inline]
       __x64_sys_bind+0x6f/0xb0 net/socket.c:1702
       do_syscall_x64 arch/x86/entry/common.c:50 [inline]
       do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
       entry_SYSCALL_64_after_hwframe+0x44/0xae
      RIP: 0033:0x7fa503407ae9
      
      Fixes: 6d2e3ea2 ("llc: use a device based hash table to speed up multicast delivery")
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8ac9dfd5
    • Randy Dunlap's avatar
      net: hisilicon: fix hsn3_ethtool kernel-doc warnings · 85879f13
      Randy Dunlap authored
      Fix kernel-doc warnings and spacing in hns3_ethtool.c:
      
      hns3_ethtool.c:246: warning: No description found for return value of 'hns3_lp_run_test'
      hns3_ethtool.c:408: warning: expecting prototype for hns3_nic_self_test(). Prototype was for hns3_self_test() instead
      Signed-off-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Reported-by: default avatarkernel test robot <lkp@intel.com>
      Cc: Peng Li <lipeng321@huawei.com>
      Cc: Guangbin Huang <huangguangbin2@huawei.com>
      Cc: Yisen Zhuang <yisen.zhuang@huawei.com>
      Cc: Salil Mehta <salil.mehta@huawei.com>
      Cc: "David S. Miller" <davem@davemloft.net>
      Cc: Jakub Kicinski <kuba@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      85879f13
    • Krzysztof Kozlowski's avatar
      nfc: port100: lower verbosity of cancelled URB messages · 08fcdfa6
      Krzysztof Kozlowski authored
      It is not an error to receive an URB with -ENOENT because it can come
      from regular user operations, e.g. pressing CTRL+C when running nfctool
      from neard.  Make it a debugging message, not an error.
      Signed-off-by: default avatarKrzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      08fcdfa6
    • David S. Miller's avatar
      Merge tag 'linux-can-fixes-for-5.16-20211106' of... · f05fb508
      David S. Miller authored
      Merge tag 'linux-can-fixes-for-5.16-20211106' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can
      
      linux-can-fixes-for-5.16-20211106
      
      Marc Kleine-Budde says:
      
      ====================
      pull-request: can 2021-11-06
      
      this is a pull request of 8 patches for net/master.
      
      The first 3 patches are by Zhang Changzhong and fix 3 standard
      conformance problems in the j1939 CAN stack.
      
      The next patch is by Vincent Mailhol and fixes a memory leak in the
      leak error path of the etas_es58x CAN driver.
      
      Stephane Grosjean contributes 2 patches for the peak_usb driver to fix
      the bus error handling and update the order of printed information
      regarding firmware version and available updates.
      
      The last 2 patches are by me and fixes a packet starvation problem in
      the bus off case and the error handling in the mcp251xfd_chip_start()
      function.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f05fb508
  2. 06 Nov, 2021 9 commits
  3. 05 Nov, 2021 25 commits
  4. 04 Nov, 2021 1 commit