1. 02 Aug, 2020 10 commits
  2. 25 Jul, 2020 20 commits
  3. 24 Jul, 2020 10 commits
    • Eelco Chaudron's avatar
      net: openvswitch: fixes potential deadlock in dp cleanup code · a65878d6
      Eelco Chaudron authored
      The previous patch introduced a deadlock, this patch fixes it by making
      sure the work is canceled without holding the global ovs lock. This is
      done by moving the reorder processing one layer up to the netns level.
      
      Fixes: eac87c41 ("net: openvswitch: reorder masks array based on usage")
      Reported-by: syzbot+2c4ff3614695f75ce26c@syzkaller.appspotmail.com
      Reported-by: syzbot+bad6507e5db05017b008@syzkaller.appspotmail.com
      Reviewed-by: default avatarPaolo <pabeni@redhat.com>
      Signed-off-by: default avatarEelco Chaudron <echaudro@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a65878d6
    • Christoph Hellwig's avatar
      sctp: fix slab-out-of-bounds in SCTP_DELAYED_SACK processing · dfd3d526
      Christoph Hellwig authored
      This sockopt accepts two kinds of parameters, using struct
      sctp_sack_info and struct sctp_assoc_value. The mentioned commit didn't
      notice an implicit cast from the smaller (latter) struct to the bigger
      one (former) when copying the data from the user space, which now leads
      to an attempt to write beyond the buffer (because it assumes the storing
      buffer is bigger than the parameter itself).
      
      Fix it by allocating a sctp_sack_info on stack and filling it out based
      on the small struct for the compat case.
      
      Changelog stole from an earlier patch from Marcelo Ricardo Leitner.
      
      Fixes: ebb25def ("sctp: pass a kernel pointer to sctp_setsockopt_delayed_ack")
      Reported-by: syzbot+0e4699d000d8b874d8dc@syzkaller.appspotmail.com
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Acked-by: default avatarMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      dfd3d526
    • David S. Miller's avatar
      Merge branch '100GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue · aab99b62
      David S. Miller authored
      Tony Nguyen says:
      
      ====================
      100GbE Intel Wired LAN Driver Updates 2020-07-23
      
      This series contains updates to ice driver only.
      
      Jake refactors ice_discover_caps() to reduce the number of AdminQ calls
      made. Splits ice_parse_caps() to separate functions to update function
      and device capabilities separately to allow for updating outside of
      initialization.
      
      Akeem adds power management support.
      
      Paul G refactors FC and FEC code to aid in restoring of PHY settings
      on media insertion. Implements lenient mode and link override support.
      Adds link debug info and formats existing debug info to be more
      readable. Adds support to check and report additional autoneg
      capabilities. Implements the capability to detect media cage in order to
      differentiate AUI types as Direct Attach or backplane.
      
      Bruce implements Total Port Shutdown for devices that support it.
      
      Lev renames low_power_ctrl field to lower_power_ctrl_an to be more
      descriptive of the field.
      
      Doug reports AOC types as media type fiber.
      
      Paul S adds code to handle 1G SGMII PHY type.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      aab99b62
    • David S. Miller's avatar
      mISDN: Don't try to print a sockptr_t from debug logging code. · 2d6be17d
      David S. Miller authored
      drivers/isdn/mISDN/socket.c: In function ‘data_sock_setsockopt’:
      ./include/linux/kern_levels.h:5:18: warning: format ‘%p’ expects argument of type ‘void *’, but argument 6 has type ‘sockptr_t’ [-Wformat=]
          5 | #define KERN_SOH "\001"  /* ASCII Start Of Header */
            |                  ^~~~~~
      ./include/linux/kern_levels.h:15:20: note: in expansion of macro ‘KERN_SOH’
         15 | #define KERN_DEBUG KERN_SOH "7" /* debug-level messages */
            |                    ^~~~~~~~
      drivers/isdn/mISDN/socket.c:410:10: note: in expansion of macro ‘KERN_DEBUG’
        410 |   printk(KERN_DEBUG "%s(%p, %d, %x, %p, %d)\n", __func__, sock,
            |          ^~~~~~~~~~
      drivers/isdn/mISDN/socket.c:410:38: note: format string is defined here
        410 |   printk(KERN_DEBUG "%s(%p, %d, %x, %p, %d)\n", __func__, sock,
            |                                     ~^
            |                                      |
            |                                      void *
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      2d6be17d
    • David S. Miller's avatar
      Merge branch 'get-rid-of-the-address_space-override-in-setsockopt-v2' · 7c4c2416
      David S. Miller authored
      Christoph Hellwig says:
      
      ====================
      get rid of the address_space override in setsockopt v2
      
      setsockopt is the last place in architecture-independ code that still
      uses set_fs to force the uaccess routines to operate on kernel pointers.
      
      This series adds a new sockptr_t type that can contained either a kernel
      or user pointer, and which has accessors that do the right thing, and
      then uses it for setsockopt, starting by refactoring some low-level
      helpers and moving them over to it before finally doing the main
      setsockopt method.
      
      Note that apparently the eBPF selftests do not even cover this path, so
      the series has been tested with a testing patch that always copies the
      data first and passes a kernel pointer.  This is something that works for
      most common sockopts (and is something that the ePBF support relies on),
      but unfortunately in various corner cases we either don't use the passed
      in length, or in one case actually copy data back from setsockopt, or in
      case of bpfilter straight out do not work with kernel pointers at all.
      
      Against net-next/master.
      
      Changes since v1:
       - check that users don't pass in kernel addresses
       - more bpfilter cleanups
       - cosmetic mptcp tweak
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7c4c2416
    • Christoph Hellwig's avatar
      net: optimize the sockptr_t for unified kernel/user address spaces · 6d04fe15
      Christoph Hellwig authored
      For architectures like x86 and arm64 we don't need the separate bit to
      indicate that a pointer is a kernel pointer as the address spaces are
      unified.  That way the sockptr_t can be reduced to a union of two
      pointers, which leads to nicer calling conventions.
      
      The only caveat is that we need to check that users don't pass in kernel
      address and thus gain access to kernel memory.  Thus the USER_SOCKPTR
      helper is replaced with a init_user_sockptr function that does this check
      and returns an error if it fails.
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6d04fe15
    • Christoph Hellwig's avatar
      net: pass a sockptr_t into ->setsockopt · a7b75c5a
      Christoph Hellwig authored
      Rework the remaining setsockopt code to pass a sockptr_t instead of a
      plain user pointer.  This removes the last remaining set_fs(KERNEL_DS)
      outside of architecture specific code.
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Acked-by: Stefan Schmidt <stefan@datenfreihafen.org> [ieee802154]
      Acked-by: default avatarMatthieu Baerts <matthieu.baerts@tessares.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a7b75c5a
    • Christoph Hellwig's avatar
      net/tcp: switch do_tcp_setsockopt to sockptr_t · d38d2b00
      Christoph Hellwig authored
      Pass a sockptr_t to prepare for set_fs-less handling of the kernel
      pointer from bpf-cgroup.
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d38d2b00
    • Christoph Hellwig's avatar
      net/tcp: switch ->md5_parse to sockptr_t · d4c19c49
      Christoph Hellwig authored
      Pass a sockptr_t to prepare for set_fs-less handling of the kernel
      pointer from bpf-cgroup.
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      d4c19c49
    • Christoph Hellwig's avatar
      net/udp: switch udp_lib_setsockopt to sockptr_t · 91ac1cca
      Christoph Hellwig authored
      Pass a sockptr_t to prepare for set_fs-less handling of the kernel
      pointer from bpf-cgroup.
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      91ac1cca