| Age | Commit message (Collapse) | Author |
|---|
|
- Use BIT() when appropriate in rcar (Marek Vasut)
- Use u32 to match rcar hardware register widths (Marek Vasut)
- Use BITS_PER_BYTE when appropriate in rcar (Marek Vasut)
- Remove unnecessary casts in rcar (Marek Vasut)
- Fix 64-bit MSI target addresses in rcar (Marek Vasut)
- Check for __get_free_pages() failure in rcar (Kangjie Lu)
- Fix shadowed rcar "irq" variable (Wolfram Sang)
* remotes/lorenzo/pci/rcar:
PCI: rcar: Do not shadow the 'irq' variable
PCI: rcar: Fix a potential NULL pointer dereference
PCI: rcar: Fix 64bit MSI message address handling
PCI: rcar: Clean up debug messages
PCI: rcar: Replace (8 * n) with (BITS_PER_BYTE * n)
PCI: rcar: Replace various variable types with unsigned ones for register values
PCI: rcar: Replace unsigned long with u32/unsigned int in register accessors
PCI: rcar: Clean up remaining macros defining bits
# Conflicts:
# drivers/pci/controller/pcie-rcar.c
|
|
- Make mediatek clocks optional, not required (Chunfeng Yun)
- Remove unused mediatek mt2712 "num-lanes" DT property (Honghui Zhang)
* remotes/lorenzo/pci/mediatek:
arm64: dts: mt2712: Remove un-used property for PCIe
PCI: mediatek: Get optional clocks with devm_clk_get_optional()
|
|
- Move IRQ register address computation inside macros (Kishon Vijay
Abraham I)
- Separate legacy IRQ and MSI configuration (Kishon Vijay Abraham I)
- Use hwirq, not virq, to get MSI IRQ number offset (Kishon Vijay Abraham
I)
- Squash ks_pcie_handle_msi_irq() into ks_pcie_msi_irq_handler() (Kishon
Vijay Abraham I)
- Add dwc support for platforms with custom MSI controllers (Kishon Vijay
Abraham I)
- Add keystone-specific MSI controller (Kishon Vijay Abraham I)
- Remove dwc host_ops previously used for keystone-specific MSI (Kishon
Vijay Abraham I)
- Skip dwc default MSI init if platform has custom MSI controller (Kishon
Vijay Abraham I)
- Implement .start_link() and .stop_link() for keystone endpoint support
(Kishon Vijay Abraham I)
- Add keystone "reg-names" DT binding (Kishon Vijay Abraham I)
- Squash ks_pcie_dw_host_init() into ks_pcie_add_pcie_port() (Kishon
Vijay Abraham I)
- Get keystone register resources from DT by name, not index (Kishon
Vijay Abraham I)
- Get DT resources in .probe() to prepare for endpoint support (Kishon
Vijay Abraham I)
- Add "ti,syscon-pcie-mode" DT property for PCIe mode configuration
(Kishon Vijay Abraham I)
- Explicitly set keystone to host mode (Kishon Vijay Abraham I)
- Document DT "atu" reg-names requirement for DesignWare core >= 4.80
(Kishon Vijay Abraham I)
- Enable dwc iATU unroll for endpoint mode as well as host mode (Kishon
Vijay Abraham I)
- Add dwc "version" to identify core >= 4.80 for ATU programming (Kishon
Vijay Abraham I)
- Don't build ARM32-specific keystone code on ARM64 (Kishon Vijay Abraham
I)
- Add DT binding for keystone PCIe RC in AM654 SoC (Kishon Vijay Abraham
I)
- Add keystone support for AM654 SoC PCIe RC (Kishon Vijay Abraham I)
- Reset keystone PHYs before enabling them (Kishon Vijay Abraham I)
- Make of_pci_get_max_link_speed() available to endpoint drivers as well
as host drivers (Kishon Vijay Abraham I)
- Add keystone support for DT "max-link-speed" property (Kishon Vijay
Abraham I)
- Add endpoint library support for BAR buffer alignment (Kishon Vijay
Abraham I)
- Make all dw_pcie_ep_ops structs const (Kishon Vijay Abraham I)
- Fix fencepost error in dw_pcie_ep_find_capability() (Kishon Vijay
Abraham I)
- Add dwc hooks for dbi/dbi2 that share the same address space (Kishon
Vijay Abraham I)
- Add keystone support for TI AM654x in endpoint mode (Kishon Vijay
Abraham I)
- Configure designware endpoints to advertise smallest resizable BAR
(1MB) (Kishon Vijay Abraham I)
- Align designware endpoint ATU windows for raising MSIs (Kishon Vijay
Abraham I)
- Add endpoint test support for TI AM654x (Kishon Vijay Abraham I)
- Fix endpoint test test_reg_bar issue (Kishon Vijay Abraham I)
* remotes/lorenzo/pci/keystone:
misc: pci_endpoint_test: Fix test_reg_bar to be updated in pci_endpoint_test
misc: pci_endpoint_test: Add support to test PCI EP in AM654x
PCI: designware-ep: Use aligned ATU window for raising MSI interrupts
PCI: designware-ep: Configure Resizable BAR cap to advertise the smallest size
PCI: keystone: Add support for PCIe EP in AM654x Platforms
dt-bindings: PCI: Add PCI EP DT binding documentation for AM654
PCI: dwc: Add callbacks for accessing dbi2 address space
PCI: dwc: Fix dw_pcie_ep_find_capability() to return correct capability offset
PCI: dwc: Add const qualifier to struct dw_pcie_ep_ops
PCI: endpoint: Add support to specify alignment for buffers allocated to BARs
PCI: keystone: Add support to set the max link speed from DT
PCI: OF: Allow of_pci_get_max_link_speed() to be used by PCI Endpoint drivers
PCI: keystone: Invoke phy_reset() API before enabling PHY
PCI: keystone: Add support for PCIe RC in AM654x Platforms
dt-bindings: PCI: Add PCI RC DT binding documentation for AM654
PCI: keystone: Prevent ARM32 specific code to be compiled for ARM64
PCI: dwc: Fix ATU identification for designware version >= 4.80
PCI: dwc: Enable iATU unroll for endpoint too
dt-bindings: PCI: Document "atu" reg-names
PCI: keystone: Explicitly set the PCIe mode
dt-bindings: PCI: Add dt-binding to configure PCIe mode
PCI: keystone: Move resources initialization to prepare for EP support
PCI: keystone: Use platform_get_resource_byname() to get memory resources
PCI: keystone: Perform host initialization in a single function
dt-bindings: PCI: keystone: Add "reg-names" binding information
PCI: keystone: Cleanup error_irq configuration
PCI: keystone: Add start_link()/stop_link() dw_pcie_ops
PCI: dwc: Remove default MSI initialization for platform specific MSI chips
PCI: dwc: Remove Keystone specific dw_pcie_host_ops
PCI: keystone: Use Keystone specific msi_irq_chip
PCI: dwc: Add support to use non default msi_irq_chip
PCI: keystone: Cleanup ks_pcie_msi_irq_handler()
PCI: keystone: Use hwirq to get the MSI IRQ number offset
PCI: keystone: Add separate functions for configuring MSI and legacy interrupt
PCI: keystone: Cleanup interrupt related macros
# Conflicts:
# drivers/pci/controller/dwc/pcie-designware.h
|
|
- Work around iproc CRS completion issues (Srinath Mannam)
- Allow smaller iproc outbound windows so driver can work on 32-bit
systems (Srinath Mannam)
- Use iproc-specific config read for PAXBv2 (not PAXB) (Srinath Mannam)
* remotes/lorenzo/pci/iproc:
PCI: iproc: Enable iProc config read for PAXBv2
PCI: iproc: Allow outbound configuration for 32-bit I/O region
PCI: iproc: Add CRS check in config read
|
|
- Simplify imx7d_pcie_wait_for_phy_pll_lock() by using
regmap_read_poll_timeout() (Andrey Smirnov)
- Drop imx6_pcie_wait_for_link() in favor of the more generic
dw_pcie_wait_for_link() (Andrey Smirnov)
- Return -ETIMEDOUT instead of -EINVAL from
imx6_pcie_wait_for_speed_change() (Andrey Smirnov)
- Remove unused PCIE_PL_PFLR_* constants from imx6 (Andrey Smirnov)
- Use shared PHY debug register definitions in imx6 (Andrey Smirnov)
- Use BIT() in imx6 (Andrey Smirnov)
- Simplify imx6 PHY bit operations (Andrey Smirnov)
- Simplify imx6 pcie_phy_poll_ack() (Andrey Smirnov)
- Use data types that match actual imx6 PHY register width (Andrey
Smirnov)
- Mark imx6 suspend support with drvdata flags instead of checking
variants (Andrey Smirnov)
- Sleep instead of delay in imx6_pcie_enable_ref_clk() (Andrey Smirnov)
* remotes/lorenzo/pci/imx:
PCI: imx6: Use usleep_range() in imx6_pcie_enable_ref_clk()
PCI: imx6: Use flags to indicate support for suspend
PCI: imx6: Restrict PHY register data to 16-bit
PCI: imx6: Simplify pcie_phy_poll_ack()
PCI: imx6: Simplify bit operations in PHY functions
PCI: imx6: Make use of BIT() in constant definitions
PCI: dwc: imx6: Share PHY debug register definitions
PCI: imx6: Remove PCIE_PL_PFLR_* constants
PCI: imx6: Return -ETIMEOUT from imx6_pcie_wait_for_speed_change()
PCI: imx6: Drop imx6_pcie_wait_for_link()
PCI: imx6: Simplify imx7d_pcie_wait_for_phy_pll_lock()
|
|
- Use generic config space reader in qcom (Marc Gonzalez)
- Stop calling IRQ handler cleanup in dwc driver for invalid MSI IRQs
(Jisheng Zhang)
- Free dwc MSI target page when freeing MSI (Jisheng Zhang)
- Fix dwc MSI leak in host init error path (Jisheng Zhang)
- Use managed host bridge alloc to simplify dwc (Jisheng Zhang)
- Save dwc root pci_bus pointer for use by .remove() methods (Jisheng
Zhang)
- Allow imx6 asynchronous probing (Lucas Stach)
* pci/dwc:
PCI: imx6: Allow asynchronous probing
PCI: dwc: Save root bus for driver remove hooks
PCI: dwc: Use devm_pci_alloc_host_bridge() to simplify code
PCI: dwc: Free MSI in dw_pcie_host_init() error path
PCI: dwc: Free MSI IRQ page in dw_pcie_free_msi()
PCI: dwc: Fix dw_pcie_free_msi() if msi_irq is invalid
PCI: qcom: Use default config space read function
|
|
- Restore R-Car PCIe link early in resume (Kazufumi Ikeda)
- Fix Hyper-V PCI ejection memory leak (Dexuan Cui)
- Cleanup Hyper-V PCI slots on module unload (Dexuan Cui)
- Cleanup Hyper-V PCI slot on device removal to address a race (Dexuan
Cui)
* remotes/lorenzo/pci/controller-fixes:
PCI: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary
PCI: hv: Add hv_pci_remove_slots() when we unload the driver
PCI: hv: Fix a memory leak in hv_eject_device_work()
PCI: rcar: Add the initialization of PCIe link in resume_noirq()
|
|
- Add Amazon Annapurna Labs PCIe host controller driver (Jonathan
Chocron)
* pci/host/al:
PCI: al: Add Amazon Annapurna Labs PCIe host controller driver
|
|
- Mark ATS on AMD Stoney Radeon R7 GPU broken to avoid IOMMU issues
(Nikolai Kostrigin)
- Mark Atheros AR9462 to avoid bus reset that locks up host machine
(James Prestwood)
* pci/virtualization:
PCI: Mark Atheros AR9462 to avoid bus reset
PCI: Mark AMD Stoney Radeon R7 GPU ATS as broken
|
|
- Support all 255 PFF ports in switchtec driver (Wesley Sheng)
- Fix unintentional switchtec MRPC event masking that degraded firmware
update speed (Wesley Sheng)
* pci/switchtec:
switchtec: Fix unintended mask of MRPC event
switchtec: Increase PFF limit from 48 to 255
|
|
- Disable Link Management interrupt during suspend to prevent immediate
wakeup (Mika Westerberg)
* pci/portdrv:
PCI/LINK: Disable bandwidth notification interrupt during suspend
|
|
- Add a whitelist of Root Complexes known to support peer-to-peer DMA
between Root Ports (Christian König)
* pci/peer-to-peer:
PCI/P2PDMA: Allow P2P DMA between any devices under AMD ZEN Root Complex
|
|
- Mark expected switch fall-throughs (Gustavo A. R. Silva)
- Remove unused pci_request_region_exclusive() (Johannes Thumshirn)
- Fix x86 PCI IRQ routing table memory leak (Wenwen Wang)
- Reset Lenovo ThinkPad P50 if firmware didn't do it on reboot (Lyude
Paul)
- Add and use pci_dev_id() helper to simplify PCI_DEVID() usage (touches
several places outside drivers/pci/) (Heiner Kallweit)
- Transition Mobiveil PCI maintenance to Karthikeyan M and Hou Zhiqiang
(Subrahmanya Lingappa)
* pci/misc:
MAINTAINERS: Add Karthikeyan Mitran and Hou Zhiqiang for Mobiveil PCI
platform/chrome: chromeos_laptop: use pci_dev_id() helper
stmmac: pci: Use pci_dev_id() helper
iommu/vt-d: Use pci_dev_id() helper
iommu/amd: Use pci_dev_id() helper
drm/amdkfd: Use pci_dev_id() helper
powerpc/powernv/npu: Use pci_dev_id() helper
r8169: use pci_dev_id() helper
PCI: Add pci_dev_id() helper
PCI: Reset Lenovo ThinkPad P50 nvgpu at boot if necessary
x86/PCI: Fix PCI IRQ routing table memory leak
PCI: Remove unused pci_request_region_exclusive()
PCI: Mark expected switch fall-throughs
|
|
- Remove unused mask_msi_irq(), unmask_msi_irq(), write_msi_msg(),
__write_msi_msg() (Bjorn Helgaas)
* pci/msi:
PCI/MSI: Remove unused mask_msi_irq() and unmask_msi_irq()
PCI/MSI: Remove unused __write_msi_msg() and write_msi_msg()
|
|
- Fix RPA and RPA DLPAR refcount issues (Tyrel Datwyler)
- Stop exporting pci_get_hp_params() (Alexandru Gagniuc)
- Simplify _HPP, _HPX parsing (Alexandru Gagniuc)
- Add support for _HPX Type 3 settings (Alexandru Gagniuc)
- Tell firmware we support _HPX Type 3 via _OSC (Alexandru Gagniuc)
* pci/hotplug:
PCI/ACPI: Advertise _HPX Type 3 support via _OSC
PCI/ACPI: Implement _HPX Type 3 Setting Record
PCI/ACPI: Remove the need for 'struct hotplug_params'
PCI/ACPI: Do not export pci_get_hp_params()
PCI: rpaphp: Get/put device node reference during slot alloc/dealloc
PCI: rpadlpar: Fix leaked device_node references in add/remove paths
|
|
- Enable PCIe services for host controller drivers that use managed host
bridge alloc (Jean-Philippe Brucker)
- Add quirk to clear PCIe Retrain Link bit to work around Pericom bridge
erratum (Stefan Mätje)
- Add "external-facing" DT property to identify cases where we require
IOMMU protection from untrusted devices (Jean-Philippe Brucker)
- Support fixed bus numbers from bridge Enhanced Allocation capabilities
(Subbaraya Sundeep)
* pci/enumeration:
PCI: Assign bus numbers present in EA capability for bridges
PCI: OF: Support "external-facing" property
dt-bindings: Add "external-facing" PCIe port property
PCI: Rework pcie_retrain_link() wait loop
PCI: Work around Pericom PCIe-to-PCI bridge Retrain Link erratum
PCI: Factor out pcie_retrain_link() function
PCI: Init PCIe feature bits for managed host bridge alloc
|
|
- Fix pci_aer_init() stub prototype for non-CONFIG_PCIEAER case (Jisheng
Zhang)
* pci/aer:
PCI/AER: Change pci_aer_init() stub to return void
|
|
When converting a skb to msg->sg we forget to set the size after the
latest ktls/tls code conversion. This patch can be reached by doing
a redir into ingress path from BPF skb sock recv hook. Then trying to
read the size fails.
Fix this by setting the size.
Fixes: 604326b41a6fb ("bpf, sockmap: convert to generic sk_msg interface")
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
In tcp bpf remove we free the cork list and purge the ingress msg
list. However we do this before the ref count reaches zero so it
could be possible some other access is in progress. In this case
(tcp close and/or tcp_unhash) we happen to also hold the sock
lock so no path exists but lets fix it otherwise it is extremely
fragile and breaks the reference counting rules. Also we already
check the cork list and ingress msg queue and free them once the
ref count reaches zero so its wasteful to check twice.
Fixes: 604326b41a6fb ("bpf, sockmap: convert to generic sk_msg interface")
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
If we try to call strp_done on a parser that has never been
initialized, because the sockmap user is only using TX side for
example we get the following error.
[ 883.422081] WARNING: CPU: 1 PID: 208 at kernel/workqueue.c:3030 __flush_work+0x1ca/0x1e0
...
[ 883.422095] Workqueue: events sk_psock_destroy_deferred
[ 883.422097] RIP: 0010:__flush_work+0x1ca/0x1e0
This had been wrapped in a 'if (psock->parser.enabled)' logic which
was broken because the strp_done() was never actually being called
because we do a strp_stop() earlier in the tear down logic will
set parser.enabled to false. This could result in a use after free
if work was still in the queue and was resolved by the patch here,
1d79895aef18f ("sk_msg: Always cancel strp work before freeing the
psock"). However, calling strp_stop(), done by the patch marked in
the fixes tag, only is useful if we never initialized a strp parser
program and never initialized the strp to start with. Because if
we had initialized a stream parser strp_stop() would have been called
by sk_psock_drop() earlier in the tear down process. By forcing the
strp to stop we get past the WARNING in strp_done that checks
the stopped flag but calling cancel_work_sync on work that has never
been initialized is also wrong and generates the warning above.
To fix check if the parser program exists. If the program exists
then the strp work has been initialized and must be sync'd and
cancelled before free'ing any structures. If no program exists we
never initialized the stream parser in the first place so skip the
sync/cancel logic implemented by strp_done.
Finally, remove the strp_done its not needed and in the case where we
are using the stream parser has already been called.
Fixes: e8e3437762ad9 ("bpf: Stop the psock parser before canceling its work")
Signed-off-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
Both of them are not declared in the headers and not used outside
of bpf_trace.c file.
Fixes: a38d1107f937c ("bpf: support raw tracepoints in modules")
Signed-off-by: Stanislav Fomichev <sdf@google.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
synchronize_rcu() is fine when the rcu callbacks only need
to free memory (kfree_rcu() or direct kfree() call rcu call backs)
__dev_map_entry_free() is a bit more complex, so we need to make
sure that call queued __dev_map_entry_free() callbacks have completed.
sysbot report:
BUG: KASAN: use-after-free in dev_map_flush_old kernel/bpf/devmap.c:365
[inline]
BUG: KASAN: use-after-free in __dev_map_entry_free+0x2a8/0x300
kernel/bpf/devmap.c:379
Read of size 8 at addr ffff8801b8da38c8 by task ksoftirqd/1/18
CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 4.17.0+ #39
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1b9/0x294 lib/dump_stack.c:113
print_address_description+0x6c/0x20b mm/kasan/report.c:256
kasan_report_error mm/kasan/report.c:354 [inline]
kasan_report.cold.7+0x242/0x2fe mm/kasan/report.c:412
__asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:433
dev_map_flush_old kernel/bpf/devmap.c:365 [inline]
__dev_map_entry_free+0x2a8/0x300 kernel/bpf/devmap.c:379
__rcu_reclaim kernel/rcu/rcu.h:178 [inline]
rcu_do_batch kernel/rcu/tree.c:2558 [inline]
invoke_rcu_callbacks kernel/rcu/tree.c:2818 [inline]
__rcu_process_callbacks kernel/rcu/tree.c:2785 [inline]
rcu_process_callbacks+0xe9d/0x1760 kernel/rcu/tree.c:2802
__do_softirq+0x2e0/0xaf5 kernel/softirq.c:284
run_ksoftirqd+0x86/0x100 kernel/softirq.c:645
smpboot_thread_fn+0x417/0x870 kernel/smpboot.c:164
kthread+0x345/0x410 kernel/kthread.c:240
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:412
Allocated by task 6675:
save_stack+0x43/0xd0 mm/kasan/kasan.c:448
set_track mm/kasan/kasan.c:460 [inline]
kasan_kmalloc+0xc4/0xe0 mm/kasan/kasan.c:553
kmem_cache_alloc_trace+0x152/0x780 mm/slab.c:3620
kmalloc include/linux/slab.h:513 [inline]
kzalloc include/linux/slab.h:706 [inline]
dev_map_alloc+0x208/0x7f0 kernel/bpf/devmap.c:102
find_and_alloc_map kernel/bpf/syscall.c:129 [inline]
map_create+0x393/0x1010 kernel/bpf/syscall.c:453
__do_sys_bpf kernel/bpf/syscall.c:2351 [inline]
__se_sys_bpf kernel/bpf/syscall.c:2328 [inline]
__x64_sys_bpf+0x303/0x510 kernel/bpf/syscall.c:2328
do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Freed by task 26:
save_stack+0x43/0xd0 mm/kasan/kasan.c:448
set_track mm/kasan/kasan.c:460 [inline]
__kasan_slab_free+0x11a/0x170 mm/kasan/kasan.c:521
kasan_slab_free+0xe/0x10 mm/kasan/kasan.c:528
__cache_free mm/slab.c:3498 [inline]
kfree+0xd9/0x260 mm/slab.c:3813
dev_map_free+0x4fa/0x670 kernel/bpf/devmap.c:191
bpf_map_free_deferred+0xba/0xf0 kernel/bpf/syscall.c:262
process_one_work+0xc64/0x1b70 kernel/workqueue.c:2153
worker_thread+0x181/0x13a0 kernel/workqueue.c:2296
kthread+0x345/0x410 kernel/kthread.c:240
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:412
The buggy address belongs to the object at ffff8801b8da37c0
which belongs to the cache kmalloc-512 of size 512
The buggy address is located 264 bytes inside of
512-byte region [ffff8801b8da37c0, ffff8801b8da39c0)
The buggy address belongs to the page:
page:ffffea0006e368c0 count:1 mapcount:0 mapping:ffff8801da800940
index:0xffff8801b8da3540
flags: 0x2fffc0000000100(slab)
raw: 02fffc0000000100 ffffea0007217b88 ffffea0006e30cc8 ffff8801da800940
raw: ffff8801b8da3540 ffff8801b8da3040 0000000100000004 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff8801b8da3780: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
ffff8801b8da3800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
> ffff8801b8da3880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff8801b8da3900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff8801b8da3980: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
Fixes: 546ac1ffb70d ("bpf: add devmap, a map for storing net device references")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot+457d3e2ffbcf31aee5c0@syzkaller.appspotmail.com
Acked-by: Toke Høiland-Jørgensen <toke@redhat.com>
Acked-by: Jesper Dangaard Brouer <brouer@redhat.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull gcc plugin fix from Kees Cook:
"Fix ARM stack-protector-per-task plugin build for older GCC < 6 (Chris
Packham)"
* tag 'gcc-plugins-v5.2-rc1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/kees/linux:
gcc-plugins: arm_ssp_per_task_plugin: Fix for older GCC < 6
|
|
If a call to kobject_init_and_add() fails we must call kobject_put()
otherwise we leak memory.
Function gfs2_sys_fs_add always calls kobject_init_and_add() which
always calls kobject_init().
It is safe to leave object destruction up to the kobject release
function and never free it manually.
Remove call to kfree() and always call kobject_put() in the error path.
Signed-off-by: Tobin C. Harding <tobin@kernel.org>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/dennis/percpu
Pull percpu updates from Dennis Zhou:
- scan hint update which helps address performance issues with heavily
fragmented blocks
- lockdep fix when freeing an allocation causes balance work to be
scheduled
* 'for-5.2' of git://git.kernel.org/pub/scm/linux/kernel/git/dennis/percpu:
percpu: remove spurious lock dependency between percpu and sched
percpu: use chunk scan_hint to skip some scanning
percpu: convert chunk hints to be based on pcpu_block_md
percpu: make pcpu_block_md generic
percpu: use block scan_hint to only scan forward
percpu: remember largest area skipped during allocation
percpu: add block level scan_hint
percpu: set PCPU_BITMAP_BLOCK_SIZE to PAGE_SIZE
percpu: relegate chunks unusable when failing small allocations
percpu: manage chunks based on contig_bits instead of free_bytes
percpu: introduce helper to determine if two regions overlap
percpu: do not search past bitmap when allocating an area
percpu: update free path with correct new free region
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
Pull input updates from Dmitry Torokhov:
"A few new drivers:
- driver for Azoteq IQS550/572/525 touch controllers
- driver for Microchip AT42QT1050 keys
- driver for GPIO controllable vibrators
- support for GT5663 in Goodix driver
... along with miscellaneous driver fixes"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
Input: libps2 - mark expected switch fall-through
Input: qt1050 - add Microchip AT42QT1050 support
Input: add support for Azoteq IQS550/572/525
Input: add a driver for GPIO controllable vibrators
Input: synaptics-rmi4 - fix enum_fmt
Input: synaptics-rmi4 - fill initial format
HID: input: add mapping for KEY_KBD_LAYOUT_NEXT
Input: add KEY_KBD_LAYOUT_NEXT
Input: hyperv-keyboard - add module description
Input: olpc_apsp - depend on ARCH_MMP
Input: sun4i-a10-lradc-keys - add support for A83T
Input: snvs_pwrkey - use dev_pm_set_wake_irq() to simplify code
Input: lpc32xx-key - add clocks property and fix DT binding example
Input: i8042 - signal wakeup from atkbd/psmouse
Input: goodix - add GT5663 CTP support
Input: goodix - add regulators suppot
Input: evdev - use struct_size() in kzalloc() and vzalloc()
Input: edt-ft5x06 - convert to use SPDX identifier
Input: edt-ft5x06 - enable ACPI enumeration
|
|
Pull networking fixes from David Miller:
"Fixes all over:
1) Netdev refcnt leak in nf_flow_table, from Taehee Yoo.
2) Fix RCU usage in nf_tables, from Florian Westphal.
3) Fix DSA build when NET_DSA_TAG_BRCM_PREPEND is not set, from Yue
Haibing.
4) Add missing page read/write ops to realtek driver, from Heiner
Kallweit.
5) Endianness fix in qrtr code, from Nicholas Mc Guire.
6) Fix various bugs in DSA_SKB_* macros, from Vladimir Oltean.
7) Several BPF documentation cures, from Quentin Monnet.
8) Fix undefined behavior in narrow load handling of BPF verifier,
from Krzesimir Nowak.
9) DMA ops crash in SGI Seeq driver due to not set netdev parent
device pointer, from Thomas Bogendoerfer.
10) Flow dissector has to disable preemption when invoking BPF
program, from Eric Dumazet"
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (48 commits)
net: ethernet: stmmac: dwmac-sun8i: enable support of unicast filtering
net: ethernet: ti: netcp_ethss: fix build
flow_dissector: disable preemption around BPF calls
bonding: fix arp_validate toggling in active-backup mode
net: meson: fixup g12a glue ephy id
net: phy: realtek: Replace phy functions with non-locked version in rtl8211e_config_init()
net: seeq: fix crash caused by not set dev.parent
of_net: Fix missing of_find_device_by_node ref count drop
net: mvpp2: cls: Add missing NETIF_F_NTUPLE flag
bpf: fix undefined behavior in narrow load handling
libbpf: detect supported kernel BTF features and sanitize BTF
selftests: bpf: Add files generated after build to .gitignore
tools: bpf: synchronise BPF UAPI header with tools
bpf: fix minor issues in documentation for BPF helpers.
bpf: fix recurring typo in documentation for BPF helpers
bpf: fix script for generating man page on BPF helpers
bpf: add various test cases for backward jumps
net: dccp : proto: remove Unneeded variable "err"
net: dsa: Remove the now unused DSA_SKB_CB_COPY() macro
net: dsa: Remove dangerous DSA_SKB_CLONE() macro
...
|
|
ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
Pull fsnotify fixes from Jan Kara:
"Two fsnotify fixes"
* tag 'fsnotify_for_v5.2-rc1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
fsnotify: fix unlink performance regression
fsnotify: Clarify connector assignment in fsnotify_add_mark_list()
|
|
ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
Pull misc filesystem updates from Jan Kara:
"A couple of small bugfixes and cleanups for quota, udf, ext2, and
reiserfs"
* tag 'fs_for_v5.2-rc1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
quota: check time limit when back out space/inode change
fs/quota: erase unused but set variable warning
quota: fix wrong indentation
udf: fix an uninitialized read bug and remove dead code
fs/reiserfs/journal.c: Make remove_journal_hash static
quota: remove trailing whitespaces
quota: code cleanup for __dquot_alloc_space()
ext2: Adjust the comment of function ext2_alloc_branch
udf: Explain handling of load_nls() failure
|
|
When adding more MAC addresses to a dwmac-sun8i interface, the device goes
directly in promiscuous mode.
This is due to IFF_UNICAST_FLT missing flag.
So since the hardware support unicast filtering, let's add IFF_UNICAST_FLT.
Fixes: 9f93ac8d4085 ("net-next: stmmac: Add dwmac-sun8i")
Signed-off-by: Corentin Labbe <clabbe@baylibre.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Fix reported build fail:
ERROR: "cpsw_ale_flush_multicast" [drivers/net/ethernet/ti/keystone_netcp_ethss.ko] undefined!
ERROR: "cpsw_ale_create" [drivers/net/ethernet/ti/keystone_netcp_ethss.ko] undefined!
ERROR: "cpsw_ale_add_vlan" [drivers/net/ethernet/ti/keystone_netcp_ethss.ko] undefined!
Fixes: 16f54164828b ("net: ethernet: ti: cpsw: drop CONFIG_TI_CPSW_ALE config option")
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Various things in eBPF really require us to disable preemption
before running an eBPF program.
syzbot reported :
BUG: assuming atomic context at net/core/flow_dissector.c:737
in_atomic(): 0, irqs_disabled(): 0, pid: 24710, name: syz-executor.3
2 locks held by syz-executor.3/24710:
#0: 00000000e81a4bf1 (&tfile->napi_mutex){+.+.}, at: tun_get_user+0x168e/0x3ff0 drivers/net/tun.c:1850
#1: 00000000254afebd (rcu_read_lock){....}, at: __skb_flow_dissect+0x1e1/0x4bb0 net/core/flow_dissector.c:822
CPU: 1 PID: 24710 Comm: syz-executor.3 Not tainted 5.1.0+ #6
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x172/0x1f0 lib/dump_stack.c:113
__cant_sleep kernel/sched/core.c:6165 [inline]
__cant_sleep.cold+0xa3/0xbb kernel/sched/core.c:6142
bpf_flow_dissect+0xfe/0x390 net/core/flow_dissector.c:737
__skb_flow_dissect+0x362/0x4bb0 net/core/flow_dissector.c:853
skb_flow_dissect_flow_keys_basic include/linux/skbuff.h:1322 [inline]
skb_probe_transport_header include/linux/skbuff.h:2500 [inline]
skb_probe_transport_header include/linux/skbuff.h:2493 [inline]
tun_get_user+0x2cfe/0x3ff0 drivers/net/tun.c:1940
tun_chr_write_iter+0xbd/0x156 drivers/net/tun.c:2037
call_write_iter include/linux/fs.h:1872 [inline]
do_iter_readv_writev+0x5fd/0x900 fs/read_write.c:693
do_iter_write fs/read_write.c:970 [inline]
do_iter_write+0x184/0x610 fs/read_write.c:951
vfs_writev+0x1b3/0x2f0 fs/read_write.c:1015
do_writev+0x15b/0x330 fs/read_write.c:1058
__do_sys_writev fs/read_write.c:1131 [inline]
__se_sys_writev fs/read_write.c:1128 [inline]
__x64_sys_writev+0x75/0xb0 fs/read_write.c:1128
do_syscall_64+0x103/0x670 arch/x86/entry/common.c:298
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Fixes: d58e468b1112 ("flow_dissector: implements flow dissector BPF hook")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: Petar Penkov <ppenkov@google.com>
Cc: Stanislav Fomichev <sdf@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
There's currently a problem with toggling arp_validate on and off with an
active-backup bond. At the moment, you can start up a bond, like so:
modprobe bonding mode=1 arp_interval=100 arp_validate=0 arp_ip_targets=192.168.1.1
ip link set bond0 down
echo "ens4f0" > /sys/class/net/bond0/bonding/slaves
echo "ens4f1" > /sys/class/net/bond0/bonding/slaves
ip link set bond0 up
ip addr add 192.168.1.2/24 dev bond0
Pings to 192.168.1.1 work just fine. Now turn on arp_validate:
echo 1 > /sys/class/net/bond0/bonding/arp_validate
Pings to 192.168.1.1 continue to work just fine. Now when you go to turn
arp_validate off again, the link falls flat on it's face:
echo 0 > /sys/class/net/bond0/bonding/arp_validate
dmesg
...
[133191.911987] bond0: Setting arp_validate to none (0)
[133194.257793] bond0: bond_should_notify_peers: slave ens4f0
[133194.258031] bond0: link status definitely down for interface ens4f0, disabling it
[133194.259000] bond0: making interface ens4f1 the new active one
[133197.330130] bond0: link status definitely down for interface ens4f1, disabling it
[133197.331191] bond0: now running without any active interface!
The problem lies in bond_options.c, where passing in arp_validate=0
results in bond->recv_probe getting set to NULL. This flies directly in
the face of commit 3fe68df97c7f, which says we need to set recv_probe =
bond_arp_recv, even if we're not using arp_validate. Said commit fixed
this in bond_option_arp_interval_set, but missed that we can get to that
same state in bond_option_arp_validate_set as well.
One solution would be to universally set recv_probe = bond_arp_recv here
as well, but I don't think bond_option_arp_validate_set has any business
touching recv_probe at all, and that should be left to the arp_interval
code, so we can just make things much tidier here.
Fixes: 3fe68df97c7f ("bonding: always set recv_probe to bond_arp_rcv in arp monitor")
CC: Jay Vosburgh <j.vosburgh@gmail.com>
CC: Veaceslav Falico <vfalico@gmail.com>
CC: Andy Gospodarek <andy@greyhouse.net>
CC: "David S. Miller" <davem@davemloft.net>
CC: netdev@vger.kernel.org
Signed-off-by: Jarod Wilson <jarod@redhat.com>
Signed-off-by: Jay Vosburgh <jay.vosburgh@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The phy id chosen by Amlogic is incorrectly set in the mdio mux and
does not match the phy driver.
It was not detected before because DT forces the use the correct driver
for the internal PHY.
Fixes: 7090425104db ("net: phy: add amlogic g12a mdio mux support")
Reported-by: Qi Duan <qi.duan@amlogic.com>
Signed-off-by: Jerome Brunet <jbrunet@baylibre.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
rtl8211e_config_init()
After calling phy_select_page() and until calling phy_restore_page(),
the mutex 'mdio_lock' is already locked, so the driver should use
non-locked version of phy functions. Or there will be a deadlock with
'mdio_lock'.
This replaces phy functions called from rtl8211e_config_init() to avoid
the deadlock issue.
Fixes: f81dadbcf7fd ("net: phy: realtek: Add rtl8211e rx/tx delays config")
Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
The old MIPS implementation of dma_cache_sync() didn't use the dev argument,
but commit c9eb6172c328 ("dma-mapping: turn dma_cache_sync into a
dma_map_ops method") changed that, so we now need to set dev.parent.
Signed-off-by: Thomas Bogendoerfer <tbogendoerfer@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Pablo Neira Ayuso says:
====================
Netfilter fixes for net
The following patchset contains Netfilter fixes for net:
1) Postpone chain policy update to drop after transaction is complete,
from Florian Westphal.
2) Add entry to flowtable after confirmation to fix UDP flows with
packets going in one single direction.
3) Reference count leak in dst object, from Taehee Yoo.
4) Check for TTL field in flowtable datapath, from Taehee Yoo.
5) Fix h323 conntrack helper due to incorrect boundary check,
from Jakub Jankowski.
6) Fix incorrect rcu dereference when fetching basechain stats,
from Florian Westphal.
7) Missing error check when adding new entries to flowtable,
from Taehee Yoo.
8) Use version field in nfnetlink message to honor the nfgen_family
field, from Kristian Evensen.
9) Remove incorrect configuration check for CONFIG_NF_CONNTRACK_IPV6,
from Subash Abhinov Kasiviswanathan.
10) Prevent dying entries from being added to the flowtable,
from Taehee Yoo.
11) Don't hit WARN_ON() with malformed blob in ebtables with
trailing data after last rule, reported by syzbot, patch
from Florian Westphal.
12) Remove NFT_CT_TIMEOUT enumeration, never used in the kernel
code.
13) Fix incorrect definition for NFT_LOGLEVEL_MAX, from Florian
Westphal.
This batch comes with a conflict that can be fixed with this patch:
diff --cc include/uapi/linux/netfilter/nf_tables.h
index 7bdb234f3d8c,f0cf7b0f4f35..505393c6e959
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@@ -966,6 -966,8 +966,7 @@@ enum nft_socket_keys
* @NFT_CT_DST_IP: conntrack layer 3 protocol destination (IPv4 address)
* @NFT_CT_SRC_IP6: conntrack layer 3 protocol source (IPv6 address)
* @NFT_CT_DST_IP6: conntrack layer 3 protocol destination (IPv6 address)
- * @NFT_CT_TIMEOUT: connection tracking timeout policy assigned to conntrack
+ * @NFT_CT_ID: conntrack id
*/
enum nft_ct_keys {
NFT_CT_STATE,
@@@ -991,6 -993,8 +992,7 @@@
NFT_CT_DST_IP,
NFT_CT_SRC_IP6,
NFT_CT_DST_IP6,
- NFT_CT_TIMEOUT,
+ NFT_CT_ID,
__NFT_CT_MAX
};
#define NFT_CT_MAX (__NFT_CT_MAX - 1)
That replaces the unused NFT_CT_TIMEOUT definition by NFT_CT_ID. If you prefer,
I can also solve this conflict here, just let me know.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
of_find_device_by_node takes a reference to the embedded struct device
which needs to be dropped after use.
Fixes: d01f449c008a ("of_net: add NVMEM support to of_get_mac_address")
Reported-by: kbuild test robot <lkp@intel.com>
Reported-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Now that the mvpp2 driver supports classification offloading, we must
add the NETIF_F_NTUPLE to the features list.
Since the current code doesn't allow disabling the feature, we don't set
the flag in dev->hw_features.
Fixes: 90b509b39ac9 ("net: mvpp2: cls: Add Classification offload support")
Reported-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Acked-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/joro/iommu
Pull IOMMU updates from Joerg Roedel:
- ATS support for ARM-SMMU-v3.
- AUX domain support in the IOMMU-API and the Intel VT-d driver. This
adds support for multiple DMA address spaces per (PCI-)device. The
use-case is to multiplex devices between host and KVM guests in a
more flexible way than supported by SR-IOV.
- the rest are smaller cleanups and fixes, two of which needed to be
reverted after testing in linux-next.
* tag 'iommu-updates-v5.2' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/joro/iommu: (45 commits)
Revert "iommu/amd: Flush not present cache in iommu_map_page"
Revert "iommu/amd: Remove the leftover of bypass support"
iommu/vt-d: Fix leak in intel_pasid_alloc_table on error path
iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU
iommu/vt-d: Set intel_iommu_gfx_mapped correctly
iommu/amd: Flush not present cache in iommu_map_page
iommu/vt-d: Cleanup: no spaces at the start of a line
iommu/vt-d: Don't request page request irq under dmar_global_lock
iommu/vt-d: Use struct_size() helper
iommu/mediatek: Fix leaked of_node references
iommu/amd: Remove amd_iommu_pd_list
iommu/arm-smmu: Log CBFRSYNRA register on context fault
iommu/arm-smmu-v3: Don't disable SMMU in kdump kernel
iommu/arm-smmu-v3: Disable tagged pointers
iommu/arm-smmu-v3: Add support for PCI ATS
iommu/arm-smmu-v3: Link domains and devices
iommu/arm-smmu-v3: Add a master->domain pointer
iommu/arm-smmu-v3: Store SteamIDs in master
iommu/arm-smmu-v3: Rename arm_smmu_master_data to arm_smmu_master
ACPI/IORT: Check ATS capability in root complex nodes
...
|
|
Add Karthikeyan Mitran and Hou Zhiqiang as new maintainers of Mobiveil
controller driver.
Link: https://lore.kernel.org/linux-pci/1557229516-6870-1-git-send-email-l.subrahmanya@mobiveil.co.in
Signed-off-by: Subrahmanya Lingappa <l.subrahmanya@mobiveil.co.in>
[bhelgaas: update names/email addresses to match usage in git history]
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Karthikeyan Mitran <m.karthikeyan@mobiveil.co.in>
|
|
git://www.linux-watchdog.org/linux-watchdog
Pull watchdog updates from Wim Van Sebroeck:
- a new watchdog driver for the ROHM BD70528 watchdog block
- a new watchdog driver for the i.MX system controller watchdog
- conversions to use device managed functions and other improvements
- refactor watchdog_init_timeout
- make watchdog core configurable as module
- pretimeout governors improvements
- a lot of other fixes
* tag 'linux-watchdog-5.2-rc1' of git://www.linux-watchdog.org/linux-watchdog: (114 commits)
watchdog: Enforce that at least one pretimeout governor is enabled
watchdog: stm32: add dynamic prescaler support
watchdog: Improve Kconfig entry ordering and dependencies
watchdog: npcm: Enable modular builds
watchdog: Make watchdog core configurable as module
watchdog: Move pretimeout governor configuration up
watchdog: Use depends instead of select for pretimeout governors
watchdog: rtd119x: drop unused module.h include
watchdog: intel_scu: make it explicitly non-modular
watchdog: coh901327: make it explicitly non-modular
watchdog: ziirave_wdt: drop warning after calling watchdog_init_timeout
watchdog: xen_wdt: drop warning after calling watchdog_init_timeout
watchdog: stm32_iwdg: drop warning after calling watchdog_init_timeout
watchdog: st_lpc_wdt: drop warning after calling watchdog_init_timeout
watchdog: sp5100_tco: drop warning after calling watchdog_init_timeout
watchdog: renesas_wdt: drop warning after calling watchdog_init_timeout
watchdog: nic7018_wdt: drop warning after calling watchdog_init_timeout
watchdog: ni903x_wdt: drop warning after calling watchdog_init_timeout
watchdog: imx_sc_wdt: drop warning after calling watchdog_init_timeout
watchdog: i6300esb: drop warning after calling watchdog_init_timeout
...
|
|
drivers/pinctrl/pinctrl-stmfx.c:441 stmfx_pinctrl_irq_set_type() warn: bitwise AND condition is false here
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
|
|
smatch warnings:
drivers/pinctrl/pinctrl-stmfx.c:225 stmfx_pinconf_get() warn: unsigned 'dir' is never less than zero.
drivers/pinctrl/pinctrl-stmfx.c:228 stmfx_pinconf_get() warn: unsigned 'type' is never less than zero.
drivers/pinctrl/pinctrl-stmfx.c:231 stmfx_pinconf_get() warn: unsigned 'pupd' is never less than zero.
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
|
|
Daniel Borkmann says:
====================
pull-request: bpf 2019-05-13
The following pull-request contains BPF updates for your *net* tree.
The main changes are:
1) Fix out of bounds backwards jumps due to a bug in dead code
removal, from Daniel.
2) Fix libbpf users by detecting unsupported BTF kernel features
and sanitize them before load, from Andrii.
3) Fix undefined behavior in narrow load handling of context
fields, from Krzesimir.
4) Various BPF uapi header doc/man page fixes, from Quentin.
5) Misc .gitignore fixups to exclude built files, from Kelsey.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Commit 31fd85816dbe ("bpf: permits narrower load from bpf program
context fields") made the verifier add AND instructions to clear the
unwanted bits with a mask when doing a narrow load. The mask is
computed with
(1 << size * 8) - 1
where "size" is the size of the narrow load. When doing a 4 byte load
of a an 8 byte field the verifier shifts the literal 1 by 32 places to
the left. This results in an overflow of a signed integer, which is an
undefined behavior. Typically, the computed mask was zero, so the
result of the narrow load ended up being zero too.
Cast the literal to long long to avoid overflows. Note that narrow
load of the 4 byte fields does not have the undefined behavior,
because the load size can only be either 1 or 2 bytes, so shifting 1
by 8 or 16 places will not overflow it. And reading 4 bytes would not
be a narrow load of a 4 bytes field.
Fixes: 31fd85816dbe ("bpf: permits narrower load from bpf program context fields")
Reviewed-by: Alban Crequy <alban@kinvolk.io>
Reviewed-by: Iago López Galeiras <iago@kinvolk.io>
Signed-off-by: Krzesimir Nowak <krzesimir@kinvolk.io>
Cc: Yonghong Song <yhs@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
Depending on used versions of libbpf, Clang, and kernel, it's possible to
have valid BPF object files with valid BTF information, that still won't
load successfully due to Clang emitting newer BTF features (e.g.,
BTF_KIND_FUNC, .BTF.ext's line_info/func_info, BTF_KIND_DATASEC, etc), that
are not yet supported by older kernel.
This patch adds detection of BTF features and sanitizes BPF object's BTF
by substituting various supported BTF kinds, which have compatible layout:
- BTF_KIND_FUNC -> BTF_KIND_TYPEDEF
- BTF_KIND_FUNC_PROTO -> BTF_KIND_ENUM
- BTF_KIND_VAR -> BTF_KIND_INT
- BTF_KIND_DATASEC -> BTF_KIND_STRUCT
Replacement is done in such a way as to preserve as much information as
possible (names, sizes, etc) where possible without violating kernel's
validation rules.
v2->v3:
- remove duplicate #defines from libbpf_util.h
v1->v2:
- add internal libbpf_internal.h w/ common stuff
- switch SK storage BTF to use new libbpf__probe_raw_btf()
Reported-by: Alexei Starovoitov <ast@fb.com>
Signed-off-by: Andrii Nakryiko <andriin@fb.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
The following files are generated after building /selftests/bpf/ and
should be added to .gitignore:
- libbpf.pc
- libbpf.so.*
Signed-off-by: Kelsey Skunberg <skunberg.kelsey@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
Quentin Monnet says:
====================
Another round of fixes for the doc in the BPF UAPI header, which can be
turned into a manual page. First patch is the most important, as it fixes
parsing for the bpf_strtoul() helper doc. Following patches are formatting
fixes (nitpicks, mostly). The last one updates the copy of the header,
located under tools/.
====================
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
Synchronise the bpf.h header under tools, to report the fixes and
additions recently brought to the documentation for the BPF helpers.
Signed-off-by: Quentin Monnet <quentin.monnet@netronome.com>
Acked-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
