- 19 Jan, 2017 3 commits
-
-
Mohammed Shafi Shajakhan authored
Not clearing the previous tx bit rate status results in a ambigous tx bit rate reporting to mac80211/cfg80211, for example the previous bit rate status would have been marked as legacy rate , while the current rate would have been an HT/VHT rate with the tx bit rate flags set and this results in exporting tx bitrate as legacy rate but with HT/VHT rate flags set, fix this by clearing the tx bitrate status for each event. This also fixes the below warning when we do: iw dev wlan#N station dump WARNING: net/wireless/util.c:1222 cfg80211 [<c022f104>] (warn_slowpath_null) from [<bf3b9adc>] (cfg80211_calculate_bitrate+0x110/0x1f4 [cfg80211]) [<bf3b9adc>] (cfg80211_calculate_bitrate [cfg80211]) from [<bf3dcd54>] (nl80211_put_sta_rate+0x44/0x1dc [cfg80211]) [<bf3dcd54>] (nl80211_put_sta_rate [cfg80211]) from [<bf3cbc34>] (nl80211_set_interface+0x724/0xd70 [cfg80211]) [<bf3cbc34>] (nl80211_set_interface [cfg80211]) from [<bf3d0a18>] (nl80211_dump_station+0xdc/0x100 [cfg80211]) [<bf3d0a18>] (nl80211_dump_station [cfg80211]) Fixes: cec17c38 ("ath10k: add per peer htt tx stats support for 10.4") Signed-off-by:
Mohammed Shafi Shajakhan <mohammed@qti.qualcomm.com> Signed-off-by:
Kalle Valo <kvalo@qca.qualcomm.com>
-
Michal Kazior authored
Station pointers are RCU protected so driver must be extra careful if it tries to store them internally for later use outside of the RCU section it obtained it in. It was possible for station teardown to race with some htt events. The possible outcome could be a use-after-free and a crash. Only peer-flow-control capable firmware was affected (so hardware-wise qca99x0 and qca4019). This could be done in sta_state() itself via explicit synchronize_net() call but there's already a convenient sta_pre_rcu_remove() op that can be hooked up to avoid extra rcu stall. The peer->sta pointer itself can't be set to NULL/ERR_PTR because it is later used in sta_state() for extra sanity checks. Signed-off-by:
Michal Kazior <michal.kazior@tieto.com> Signed-off-by:
-
Wei Yongjun authored
Fixes the following sparse warning: drivers/net/wireless/ath/ath6kl/sdio.c:716:55: warning: Using plain integer as NULL pointer Signed-off-by:
Wei Yongjun <weiyongjun1@huawei.com> Signed-off-by:
-
- 13 Jan, 2017 6 commits
-
-
Mohammed Shafi Shajakhan authored
Tx legacy rate is reported 10 fold, as below iw dev wlan#N station dump | grep "tx bitrate" tx bitrate: 240.0 MBit/s This is because by mistake we multiply by the hardware reported rate twice by 10, fix this. Fixes: cec17c38 ("ath10k: add per peer htt tx stats support for 10.4") Signed-off-by: -
Mohammed Shafi Shajakhan authored
In countries where basic operation of channel 169 is allowed, this fixes the below WARN_ON_ONCE in Rx and fixes the station connectivity failure in channel 169 as the packet is dropped in the driver as the current check limits to channel 165. As of now all the packets beyond channel 165 is dropped, fix this by extending the range to channel 169. Call trace: drivers/net/wireless/ath/ath10k/wmi.c:1505 ath10k_wmi_event_mgmt_rx+0x278/0x440 [ath10k_core]() Call Trace: [<c158f812>] ? printk+0x2d/0x2f [<c105a182>] warn_slowpath_common+0x72/0xa0 [<f8b67b58>] ? ath10k_wmi_event_mgmt_rx+0x278/0x440 [<f8b67b58>] ? ath10k_wmi_event_mgmt_rx+0x278/0x440 [<c105a1d2>] warn_slowpath_null+0x22/0x30 [<f8b67b58>] ath10k_wmi_event_mgmt_rx+0x278/0x440 [<f8b0e72b>] ? ath10k_pci_sleep+0x8b/0xb0 [ath10k_pci] [<f8b6ac63>] ath10k_wmi_10_2_op_rx+0xf3/0x3b0 [<f8b6495e>] ath10k_wmi_process_rx+0x1e/0x60 [<f8b5f077>] ath10k_htc_rx_completion_handler+0x347/0x4d0 [ath10k_core] [<f8b11dc3>] ? ath10k_ce_completed_recv_next+0x53/0x70 [ath10k_pci] [<f8b0f921>] ath10k_pci_ce_recv_data+0x171/0x1d0 [ath10k_pci] [<f8b0ec69>] ? ath10k_pci_write32+0x39/0x80 [ath10k_pci] [<f8b120bc>] ath10k_ce_per_engine_service+0x5c/0xa0 [ath10k_pci] [<f8b1215f>] ath10k_ce_per_engine_service_any+0x5f/0x70 [ath10k_pci] [<c1060dc0>] ? local_bh_enable_ip+0x90/0x90 [<f8b1048b>] ath10k_pci_tasklet+0x1b/0x50 [ath10k_pci] Fixes: 34c30b0a ("ath10k: enable advertising support for channel 169, 5Ghz") Signed-off-by:
-
Christian Lamparter authored
Currently, the common ath9k_common module needs to have a dependency on RELAY and DEBUG_FS in order to built. This is usually not a problem. But for RAM and FLASH starved AR71XX devices, every little bit counts. This patch adds a new symbol CONFIG_ATH9K_COMMON_DEBUG which makes it possible to drop the RELAY and DEBUG_FS dependency there and move it to ATH_(HTC)_DEBUGFS. Note: The shared FFT/spectral code (which is the only user of the relayfs in ath9k*) needs DEBUG_FS to export the relayfs interface to dump the data to userspace. So it makes no sense to have the functions compiled in, if DEBUG_FS is not there. Signed-off-by:
Christian Lamparter <chunkeey@googlemail.com> Signed-off-by:
-
Christian Lamparter authored
The 10.4 firmware adds extended peer information to the firmware's statistics payload. This additional info is stored as a separate data field and the elements are stored in their own "peers_extd" list. These elements can pile up in the same way as the peer information elements. This is because the ath10k_wmi_10_4_op_pull_fw_stats() function tries to pull the same amount (num_peer_stats) for every statistic data unit. Fixes: 4a49ae94 ("ath10k: fix 10.4 extended peer stats update") Signed-off-by:
-
Sebastian Gottschall authored
This patch adds full VHT160 support for QCA9984 chipsets Tested on Netgear R7800. 80+80 is possible, but disabled so far since it seems to contain glitches like missing vht station flags (this may be firmware or mac80211 related). Signed-off-by:
Sebastian Gottschall <s.gottschall@dd-wrt.com> [kvalo@qca.qualcomm.com: refactoring and fix few warnings] Signed-off-by:
-
Kalle Valo authored
When adding VHT160 support to ath10k_peer_assoc_h_phymode() the VHT mode selection code becomes too complex. Simplify it by refactoring the vht part to a separate function. Signed-off-by:
-
- 12 Jan, 2017 12 commits
-
-
Colin Ian King authored
Trivial fix to spelling mistake in ath_err message Signed-off-by:
Colin Ian King <colin.king@canonical.com> Signed-off-by:
-
Mark Rutland authored
For several reasons, it is desirable to use {READ,WRITE}_ONCE() in preference to ACCESS_ONCE(), and new code is expected to use one of the former. So far, there's been no reason to change most existing uses of ACCESS_ONCE(), as these aren't currently harmful. However, for some new features (e.g. KTSAN / Kernel Thread Sanitizer), it is necessary to instrument reads and writes separately, which is not possible with ACCESS_ONCE(). This distinction is critical to correct operation. It's possible to transform the bulk of kernel code using the Coccinelle script below. However, for some files (including the ath9k ar9003 mac driver), this mangles the formatting. As a preparatory step, this patch converts the driver to use {READ,WRITE}_ONCE() without said mangling. ---- virtual patch @ depends on patch @ expression E1, E2; @@ - ACCESS_ONCE(E1) = E2 + WRITE_ONCE(E1, E2) @ depends on patch @ expression E; @@ - ACCESS_ONCE(E) + READ_ONCE(E) ---- Signed-off-by:Mark Rutland <mark.rutland@arm.com> Cc: ath9k-devel@qca.qualcomm.com Cc: Kalle Valo <kvalo@codeaurora.org> Cc: linux-wireless@vger.kernel.org Cc: ath9k-devel@lists.ath9k.org Cc: netdev@vger.kernel.org Signed-off-by:
-
Mark Rutland authored
For several reasons, it is desirable to use {READ,WRITE}_ONCE() in preference to ACCESS_ONCE(), and new code is expected to use one of the former. So far, there's been no reason to change most existing uses of ACCESS_ONCE(), as these aren't currently harmful. However, for some new features (e.g. KTSAN / Kernel Thread Sanitizer), it is necessary to instrument reads and writes separately, which is not possible with ACCESS_ONCE(). This distinction is critical to correct operation. It's possible to transform the bulk of kernel code using the Coccinelle script below. However, for some files (including the ath9k ar9002 mac driver), this mangles the formatting. As a preparatory step, this patch converts the driver to use {READ,WRITE}_ONCE() without said mangling. ---- virtual patch @ depends on patch @ expression E1, E2; @@ - ACCESS_ONCE(E1) = E2 + WRITE_ONCE(E1, E2) @ depends on patch @ expression E; @@ - ACCESS_ONCE(E) + READ_ONCE(E) ---- Signed-off-by: -
Felix Fietkau authored
Simply return -EOPNOTSUPP instead. Cc: stable@vger.kernel.org Signed-off-by:
Felix Fietkau <nbd@nbd.name> Signed-off-by:
-
Bhumika Goyal authored
cfg80211_ops structures are only passed as an argument to the function wiphy_new. This argument is of type const, so cfg80211_ops strutures having this property can be declared as const. Done using Coccinelle @r1 disable optional_qualifier @ identifier i; position p; @@ static struct cfg80211_ops i@p = {...}; @ok1@ identifier r1.i; position p; @@ wiphy_new(&i@p,...) @bad@ position p!={r1.p,ok1.p}; identifier r1.i; @@ i@p @depends on !bad disable optional_qualifier@ identifier r1.i; @@ +const struct cfg80211_ops i; File size before: text data bss dec hex filename 18133 6632 0 24765 60bd wireless/ath/wil6210/cfg80211.o File size after: text data bss dec hex filename 18933 5832 0 24765 60bd wireless/ath/wil6210/cfg80211.o Signed-off-by:Bhumika Goyal <bhumirks@gmail.com> Signed-off-by:
-
Erik Stromdahl authored
Simplified transmit credit distribution code somewhat. Since the WMI control service will get assigned all credits there is no need for having a credit_allocation array in struct ath10k_htc. Signed-off-by:
Erik Stromdahl <erik.stromdahl@gmail.com> Signed-off-by:
-
Erik Stromdahl authored
Removed tx_credits_per_max_message and tx_credit_size from struct ath10k_htc_ep since they are not used anywhere in the code. They are just written, never read. Signed-off-by:
-
Bjorn Andersson authored
ieee80211_unregister_hw() might invoke operations to stop the interface, that uses the hal_mutex. So don't destroy it until after we're done using it. Signed-off-by:
Bjorn Andersson <bjorn.andersson@linaro.org> Signed-off-by:
-
Bjorn Andersson authored
Some firmware versions sends a "print register indication", handle this by printing out the content. Cc: Nicolas Dechesne <ndec@linaro.org> Signed-off-by:
-
Bjorn Andersson authored
Using the software based channel scan mechanism from mac80211 keeps us offline for 10-15 second, we should instead issue a start_scan/end_scan on each channel reducing this time. Signed-off-by:
-
Bjorn Andersson authored
The wcn36xx wifi driver follows the life cycle of the WLAN_CTRL SMD channel, as such it should be a SMD client. This patch makes this transition, now that we have the necessary frameworks available. Signed-off-by:
-
Bjorn Andersson authored
The correct include file for getting errno constants and ERR_PTR() is linux/err.h, rather than linux/errno.h, so fix the include. Fixes: e8b123e6 ("soc: qcom: smem_state: Add stubs for disabled smem_state") Acked-by:
Andy Gross <andy.gross@linaro.org> Signed-off-by:
-
- 11 Jan, 2017 4 commits
-
-
Sowmini Varadhan authored
Commit 7f953ab2 ("af_packet: TX_RING support for TPACKET_V3") now makes it possible to use TX_RING with TPACKET_V3, so make the the relevant information available via 'ss -e -a --packet' Signed-off-by:
Sowmini Varadhan <sowmini.varadhan@oracle.com> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Tobias Klauser authored
Make the functions __local_list_pop_free(), __local_list_pop_pending(), bpf_common_lru_populate() and bpf_percpu_lru_populate() static as they are not used outide of bpf_lru_list.c This fixes the following GCC warnings when building with 'W=1': kernel/bpf/bpf_lru_list.c:363:22: warning: no previous prototype for ‘__local_list_pop_free’ [-Wmissing-prototypes] kernel/bpf/bpf_lru_list.c:376:22: warning: no previous prototype for ‘__local_list_pop_pending’ [-Wmissing-prototypes] kernel/bpf/bpf_lru_list.c:560:6: warning: no previous prototype for ‘bpf_common_lru_populate’ [-Wmissing-prototypes] kernel/bpf/bpf_lru_list.c:577:6: warning: no previous prototype for ‘bpf_percpu_lru_populate’ [-Wmissing-prototypes] Cc: Martin KaFai Lau <kafai@fb.com> Signed-off-by:
Tobias Klauser <tklauser@distanz.ch> Acked-by:
Alexei Starovoitov <ast@kernel.org> Acked-by:
Martin KaFai Lau <kafai@fb.com> Signed-off-by:
-
Tobias Klauser authored
Remove the unused but set variable 'first_node' in __bpf_lru_list_shrink_inactive() to fix the following GCC warning when building with 'W=1': kernel/bpf/bpf_lru_list.c:216:41: warning: variable ‘first_node’ set but not used [-Wunused-but-set-variable] Cc: Martin KaFai Lau <kafai@fb.com> Signed-off-by:
-
Mahesh Bandewar authored
The patch 009146d1 ("ipvlan: assign unique dev-id for each slave device.") used ida_simple_get() to generate dev_ids assigned to the slave devices. However (Eric has pointed out that) there is a shortcoming with that approach as it always uses the first available ID. This becomes a problem when a slave gets deleted and a new slave gets added. The ID gets reassigned causing the new slave to get the same link-local address. This side-effect is undesirable. This patch adds a per-port variable that keeps track of the IDs assigned and used as the stat-base for the IDR api. This base will be wrapped around when it reaches the MAX (0xFFFE) value possibly on a busy system where slaves are added and deleted routinely. Fixes: 009146d1 ("ipvlan: assign unique dev-id for each slave device.") Signed-off-by:
Mahesh Bandewar <maheshb@google.com> CC: Eric Dumazet <edumazet@google.com> CC: David Miller <davem@davemloft.org> Signed-off-by:
-
- 10 Jan, 2017 6 commits
-
-
Prasad Kanneganti authored
Store the L4 hash of received packets in the skb; the hash is computed in the NIC firmware. Signed-off-by:
Prasad Kanneganti <prasad.kanneganti@cavium.com> Signed-off-by:
Felix Manlunas <felix.manlunas@cavium.com> Signed-off-by:
Derek Chickles <derek.chickles@cavium.com> Signed-off-by:
Satanand Burla <satananda.burla@cavium.com> Signed-off-by:
-
David S. Miller authored
Edward Cree says: ==================== sfc: physical port ids This series brings our handling of ndo_get_phys_port_id and related interfaces into line with the behaviour of other drivers. ==================== Signed-off-by: -
Bert Kenward authored
Setting dev_port changes the device names allocated by systemd. Any devices with a dev_port >0 will (in default distro configurations) have a suffix of "d<port-number>" appended. This is not something done by other drivers, and causes confusion for users. Fixes: 8be41320 ("sfc: Add code to export port_num in netdev->dev_port") Signed-off-by:
Edward Cree <ecree@solarflare.com> Signed-off-by:
-
Bert Kenward authored
Output is of the form p<port-number>. Note that the port numbers don't necessarily map one-to-one to physical cages, partly because of 4x10G port modes on QSFP+ and partly because of hw/fw implementation details. Signed-off-by:
-
Bert Kenward authored
There's no good reason why this should be an SRIOV-only thing. Thus, also move it out of SRIOV-specific files. Signed-off-by:
-
Timur Tabi authored
Add support for some ethtool methods: get/set link settings, get/set message level, get statistics, get link status, get ring params, get pause params, and restart autonegotiation. The code to collect the hardware statistics is moved into its own function so that it can be used by "get statistics" method. Signed-off-by:
Timur Tabi <timur@codeaurora.org> Signed-off-by:
-
- 09 Jan, 2017 9 commits
-
-
Vivien Didelot authored
The support for DSA Ethernet switch chips depends on TCP/IP networking, thus explicit that HAVE_NET_DSA depends on INET. DSA uses SWITCHDEV, thus select it instead of depending on it. Signed-off-by:
Vivien Didelot <vivien.didelot@savoirfairelinux.com> Reviewed-by:
Andrew Lunn <andrew@lunn.ch> Reviewed-by:
Florian Fainelli <f.fainelli@gmail.com> Tested-by:
Randy Dunlap <rdunlap@infradead.org> Signed-off-by:
-
git://git.kernel.org/pub/scm/linux/kernel/git/mellanox/linuxDavid S. Miller authored
Saeed Mahameed says: ==================== mlx5 4K UAR The following series of patches optimizes the usage of the UAR area which is contained within the BAR 0-1. Previous versions of the firmware and the driver assumed each system page contains a single UAR. This patch set will query the firmware for a new capability that if published, means that the firmware can support UARs of fixed 4K regardless of system page size. In the case of powerpc, where page size equals 64KB, this means we can utilize 16 UARs per system page. Since user space processes by default consume eight UARs per context this means that with this change a process will need a single system page to fulfill that requirement and in fact make use of more UARs which is better in terms of performance. In addition to optimizing user-space processes, we introduce an allocator that can be used by kernel consumers to allocate blue flame registers (which are areas within a UAR that are used to write doorbells). This provides further optimization on using the UAR area since the Ethernet driver makes use of a single blue flame register per system page and now it will use two blue flame registers per 4K. The series also makes changes to naming conventions and now the terms used in the driver code match the terms used in the PRM (programmers reference manual). Thus, what used to be called UUAR (micro UAR) is now called BFREG (blue flame register). In order to support compatibility between different versions of library/driver/firmware, the library has now means to notify the kernel driver that it supports the new scheme and the kernel can notify the library if it supports this extension. So mixed versions of libraries can run concurrently without any issues. ==================== Signed-off-by: -
Eric Dumazet authored
tcp_get_info() has to lock the socket, so lets lock it for an extended critical section, so that various fields have consistent values. This solves an annoying issue that some applications reported when multiple counters are updated during one particular rx/rx event, and TCP_INFO was called from another cpu. Signed-off-by:
Eric Dumazet <edumazet@google.com> Cc: Yuchung Cheng <ycheng@google.com> Signed-off-by:
-
David S. Miller authored
Alexei Starovoitov says: ==================== bpf: verifier improvements A number of bpf verifier improvements from Gianluca. See individual patches for details. ==================== Signed-off-by: -
Alexei Starovoitov authored
since ARG_PTR_TO_STACK is no longer just pointer to stack rename it to ARG_PTR_TO_MEM and adjust comment. Signed-off-by:
Daniel Borkmann <daniel@iogearbox.net> Signed-off-by:
-
Gianluca Borello authored
Currently, helpers that read and write from/to the stack can do so using a pair of arguments of type ARG_PTR_TO_STACK and ARG_CONST_STACK_SIZE. ARG_CONST_STACK_SIZE accepts a constant register of type CONST_IMM, so that the verifier can safely check the memory access. However, requiring the argument to be a constant can be limiting in some circumstances. Since the current logic keeps track of the minimum and maximum value of a register throughout the simulated execution, ARG_CONST_STACK_SIZE can be changed to also accept an UNKNOWN_VALUE register in case its boundaries have been set and the range doesn't cause invalid memory accesses. One common situation when this is useful: int len; char buf[BUFSIZE]; /* BUFSIZE is 128 */ if (some_condition) len = 42; else len = 84; some_helper(..., buf, len & (BUFSIZE - 1)); The compiler can often decide to assign the constant values 42 or 48 into a variable on the stack, instead of keeping it in a register. When the variable is then read back from stack into the register in order to be passed to the helper, the verifier will not be able to recognize the register as constant (the verifier is not currently tracking all constant writes into memory), and the program won't be valid. However, by allowing the helper to accept an UNKNOWN_VALUE register, this program will work because the bitwise AND operation will set the range of possible values for the UNKNOWN_VALUE register to [0, BUFSIZE), so the verifier can guarantee the helper call will be safe (assuming the argument is of type ARG_CONST_STACK_SIZE_OR_ZERO, otherwise one more check against 0 would be needed). Custom ranges can be set not only with ALU operations, but also by explicitly comparing the UNKNOWN_VALUE register with constants. Another very common example happens when intercepting system call arguments and accessing user-provided data of variable size using bpf_probe_read(). One can load at runtime the user-provided length in an UNKNOWN_VALUE register, and then read that exact amount of data up to a compile-time determined limit in order to fit into the proper local storage allocated on the stack, without having to guess a suboptimal access size at compile time. Also, in case the helpers accepting the UNKNOWN_VALUE register operate in raw mode, disable the raw mode so that the program is required to initialize all memory, since there is no guarantee the helper will fill it completely, leaving possibilities for data leak (just relevant when the memory used by the helper is the stack, not when using a pointer to map element value or packet). In other words, ARG_PTR_TO_RAW_STACK will be treated as ARG_PTR_TO_STACK. Signed-off-by:
Gianluca Borello <g.borello@gmail.com> Acked-by:
-
Gianluca Borello authored
commit 48461135 ("bpf: allow access into map value arrays") introduces the ability to do pointer math inside a map element value via the PTR_TO_MAP_VALUE_ADJ register type. The current support doesn't handle the case where a PTR_TO_MAP_VALUE_ADJ is spilled into the stack, limiting several use cases, especially when generating bpf code from a compiler. Handle this case by explicitly enabling the register type PTR_TO_MAP_VALUE_ADJ to be spilled. Also, make sure that min_value and max_value are reset just for BPF_LDX operations that don't result in a restore of a spilled register from stack. Signed-off-by:
-
Gianluca Borello authored
Enable helpers to directly access a map element value by passing a register type PTR_TO_MAP_VALUE (or PTR_TO_MAP_VALUE_ADJ) to helper arguments ARG_PTR_TO_STACK or ARG_PTR_TO_RAW_STACK. This enables several use cases. For example, a typical tracing program might want to capture pathnames passed to sys_open() with: struct trace_data { char pathname[PATHLEN]; }; SEC("kprobe/sys_open") void bpf_sys_open(struct pt_regs *ctx) { struct trace_data data; bpf_probe_read(data.pathname, sizeof(data.pathname), ctx->di); /* consume data.pathname, for example via * bpf_trace_printk() or bpf_perf_event_output() */ } Such a program could easily hit the stack limit in case PATHLEN needs to be large or more local variables need to exist, both of which are quite common scenarios. Allowing direct helper access to map element values, one could do: struct bpf_map_def SEC("maps") scratch_map = { .type = BPF_MAP_TYPE_PERCPU_ARRAY, .key_size = sizeof(u32), .value_size = sizeof(struct trace_data), .max_entries = 1, }; SEC("kprobe/sys_open") int bpf_sys_open(struct pt_regs *ctx) { int id = 0; struct trace_data *p = bpf_map_lookup_elem(&scratch_map, &id); if (!p) return; bpf_probe_read(p->pathname, sizeof(p->pathname), ctx->di); /* consume p->pathname, for example via * bpf_trace_printk() or bpf_perf_event_output() */ } And wouldn't risk exhausting the stack. Code changes are loosely modeled after commit 6841de8b ("bpf: allow helpers access the packet directly"). Unlike with PTR_TO_PACKET, these changes just work with ARG_PTR_TO_STACK and ARG_PTR_TO_RAW_STACK (not ARG_PTR_TO_MAP_KEY, ARG_PTR_TO_MAP_VALUE, ...): adding those would be trivial, but since there is not currently a use case for that, it's reasonable to limit the set of changes. Also, add new tests to make sure accesses to map element values from helpers never go out of boundary, even when adjusted. Signed-off-by: -
Gianluca Borello authored
Move the logic to check memory accesses to a PTR_TO_MAP_VALUE_ADJ from check_mem_access() to a separate helper check_map_access_adj(). This enables to use those checks in other parts of the verifier as well, where boundaries on PTR_TO_MAP_VALUE_ADJ might need to be checked, for example when checking helper function arguments. The same thing is already happening for other types such as PTR_TO_PACKET and its check_packet_access() helper. The code has been copied verbatim, with the only difference of removing the "off += reg->max_value" statement and moving the sum into the call statement to check_map_access(), as that was only needed due to the earlier common check_map_access() call. Signed-off-by:
-
