1. 04 Dec, 2022 1 commit
    • Yonghong Song's avatar
      bpf: Handle MEM_RCU type properly · fca1aa75
      Yonghong Song authored
      Commit 9bb00b28 ("bpf: Add kfunc bpf_rcu_read_lock/unlock()")
      introduced MEM_RCU and bpf_rcu_read_lock/unlock() support. In that
      commit, a rcu pointer is tagged with both MEM_RCU and PTR_TRUSTED
      so that it can be passed into kfuncs or helpers as an argument.
      
      Martin raised a good question in [1] such that the rcu pointer,
      although being able to accessing the object, might have reference
      count of 0. This might cause a problem if the rcu pointer is passed
      to a kfunc which expects trusted arguments where ref count should
      be greater than 0.
      
      This patch makes the following changes related to MEM_RCU pointer:
        - MEM_RCU pointer might be NULL (PTR_MAYBE_NULL).
        - Introduce KF_RCU so MEM_RCU ptr can be acquired with
          a KF_RCU tagged kfunc which assumes ref count of rcu ptr
          could be zero.
        - For mem access 'b = ptr->a', say 'ptr' is a MEM_RCU ptr, and
          'a' is tagged with __rcu as well. Let us mark 'b' as
          MEM_RCU | PTR_MAYBE_NULL.
      
       [1] https://lore.kernel.org/bpf/ac70f574-4023-664e-b711-e0d3b18117fd@linux.dev/
      
      Fixes: 9bb00b28 ("bpf: Add kfunc bpf_rcu_read_lock/unlock()")
      Signed-off-by: default avatarYonghong Song <yhs@fb.com>
      Link: https://lore.kernel.org/r/20221203184602.477272-1-yhs@fb.comSigned-off-by: default avatarAlexei Starovoitov <ast@kernel.org>
      fca1aa75
  2. 03 Dec, 2022 2 commits
  3. 02 Dec, 2022 3 commits
  4. 01 Dec, 2022 5 commits
  5. 30 Nov, 2022 26 commits
  6. 29 Nov, 2022 3 commits
    • Jakub Kicinski's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · f2bb566f
      Jakub Kicinski authored
      tools/lib/bpf/ringbuf.c
        927cbb47 ("libbpf: Handle size overflow for ringbuf mmap")
        b486d19a ("libbpf: checkpatch: Fixed code alignments in ringbuf.c")
      https://lore.kernel.org/all/20221121122707.44d1446a@canb.auug.org.au/Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      f2bb566f
    • Linus Torvalds's avatar
      Merge tag 'net-6.1-rc8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 01f856ae
      Linus Torvalds authored
      Pull networking fixes from Jakub Kicinski:
       "Including fixes from bpf, can and wifi.
      
        Current release - new code bugs:
      
         - eth: mlx5e:
            - use kvfree() in mlx5e_accel_fs_tcp_create()
            - MACsec, fix RX data path 16 RX security channel limit
            - MACsec, fix memory leak when MACsec device is deleted
            - MACsec, fix update Rx secure channel active field
            - MACsec, fix add Rx security association (SA) rule memory leak
      
        Previous releases - regressions:
      
         - wifi: cfg80211: don't allow multi-BSSID in S1G
      
         - stmmac: set MAC's flow control register to reflect current settings
      
         - eth: mlx5:
            - E-switch, fix duplicate lag creation
            - fix use-after-free when reverting termination table
      
        Previous releases - always broken:
      
         - ipv4: fix route deletion when nexthop info is not specified
      
         - bpf: fix a local storage BPF map bug where the value's spin lock
           field can get initialized incorrectly
      
         - tipc: re-fetch skb cb after tipc_msg_validate
      
         - wifi: wilc1000: fix Information Element parsing
      
         - packet: do not set TP_STATUS_CSUM_VALID on CHECKSUM_COMPLETE
      
         - sctp: fix memory leak in sctp_stream_outq_migrate()
      
         - can: can327: fix potential skb leak when netdev is down
      
         - can: add number of missing netdev freeing on error paths
      
         - aquantia: do not purge addresses when setting the number of rings
      
         - wwan: iosm:
            - fix incorrect skb length leading to truncated packet
            - fix crash in peek throughput test due to skb UAF"
      
      * tag 'net-6.1-rc8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (79 commits)
        net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed
        MAINTAINERS: Update maintainer list for chelsio drivers
        ionic: update MAINTAINERS entry
        sctp: fix memory leak in sctp_stream_outq_migrate()
        packet: do not set TP_STATUS_CSUM_VALID on CHECKSUM_COMPLETE
        net/mlx5: Lag, Fix for loop when checking lag
        Revert "net/mlx5e: MACsec, remove replay window size limitation in offload path"
        net: marvell: prestera: Fix a NULL vs IS_ERR() check in some functions
        net: tun: Fix use-after-free in tun_detach()
        net: mdiobus: fix unbalanced node reference count
        net: hsr: Fix potential use-after-free
        tipc: re-fetch skb cb after tipc_msg_validate
        mptcp: fix sleep in atomic at close time
        mptcp: don't orphan ssk in mptcp_close()
        dsa: lan9303: Correct stat name
        ipv4: Fix route deletion when nexthop info is not specified
        net: wwan: iosm: fix incorrect skb length
        net: wwan: iosm: fix crash in peek throughput test
        net: wwan: iosm: fix dma_alloc_coherent incompatible pointer type
        net: wwan: iosm: fix kernel test robot reported error
        ...
      01f856ae
    • Yuan Can's avatar
      udp_tunnel: Add checks for nla_nest_start() in __udp_tunnel_nic_dump_write() · 7a945ce0
      Yuan Can authored
      As the nla_nest_start() may fail with NULL returned, the return value
      should be checked.
      
      Note that this is not a real bug, nothing will break here.
      The next nla_put() will fail as well and we'll bail (and
      nla_nest_cancel() can handle NULL). But we keep getting
      those "fixes" so whatever.
      Signed-off-by: default avatarYuan Can <yuancan@huawei.com>
      Reviewed-by: default avatarDavid Ahern <dsahern@kernel.org>
      Link: https://lore.kernel.org/r/20221129013934.55184-1-yuancan@huawei.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      7a945ce0