1. 23 Oct, 2018 8 commits
    • Jon Maloy's avatar
      tipc: eliminate message disordering during binding table update · 988f3f16
      Jon Maloy authored
      We have seen the following race scenario:
      1) named_distribute() builds a "bulk" message, containing a PUBLISH
         item for a certain publication. This is based on the contents of
         the binding tables's 'cluster_scope' list.
      2) tipc_named_withdraw() removes the same publication from the list,
         bulds a WITHDRAW message and distributes it to all cluster nodes.
      3) tipc_named_node_up(), which was calling named_distribute(), sends
         out the bulk message built under 1)
      4) The WITHDRAW message arrives at the just detected node, finds
         no corresponding publication, and is dropped.
      5) The PUBLISH item arrives at the same node, is added to its binding
         table, and remains there forever.
      
      This arrival disordering was earlier taken care of by the backlog queue,
      originally added for a different purpose, which was removed in the
      commit referred to below, but we now need a different solution.
      In this commit, we replace the rcu lock protecting the 'cluster_scope'
      list with a regular RW lock which comprises even the sending of the
      bulk message. This both guarantees both the list integrity and the
      message sending order. We will later add a commit which cleans up
      this code further.
      
      Note that this commit needs recently added commit d3092b2e ("tipc:
      fix unsafe rcu locking when accessing publication list") to apply
      cleanly.
      
      Fixes: 37922ea4 ("tipc: permit overlapping service ranges in name table")
      Reported-by: default avatarTuong Lien Tong <tuong.t.lien@dektech.com.au>
      Acked-by: default avatarYing Xue <ying.xue@windriver.com>
      Signed-off-by: default avatarJon Maloy <jon.maloy@ericsson.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      988f3f16
    • YueHaibing's avatar
      octeontx2-af: Remove set but not used variables 'devnum, is_pf' · eec6f752
      YueHaibing authored
      Fixes gcc '-Wunused-but-set-variable' warning:
      
      drivers/net/ethernet/marvell/octeontx2/af/rvu.c: In function 'rvu_detach_rsrcs':
      drivers/net/ethernet/marvell/octeontx2/af/rvu.c:855:6: warning:
       variable 'devnum' set but not used [-Wunused-but-set-variable]
      
      drivers/net/ethernet/marvell/octeontx2/af/rvu.c:853:7: warning:
       variable 'is_pf' set but not used [-Wunused-but-set-variable]
      
      drivers/net/ethernet/marvell/octeontx2/af/rvu.c: In function 'rvu_mbox_handler_ATTACH_RESOURCES':
      drivers/net/ethernet/marvell/octeontx2/af/rvu.c:1054:7: warning:
       variable 'is_pf' set but not used [-Wunused-but-set-variable]
      
      drivers/net/ethernet/marvell/octeontx2/af/rvu.c:1053:6: warning:
       variable 'devnum' set but not used [-Wunused-but-set-variable]
      
      It never used since introduction in commit
      746ea742 ("octeontx2-af: Add RVU block LF provisioning support")
      Signed-off-by: default avatarYueHaibing <yuehaibing@huawei.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      eec6f752
    • YueHaibing's avatar
      octeontx2-af: Remove set but not used variable 'block' · 665fc901
      YueHaibing authored
      Fixes gcc '-Wunused-but-set-variable' warning:
      
      drivers/net/ethernet/marvell/octeontx2/af/rvu_npa.c: In function 'rvu_npa_init':
      drivers/net/ethernet/marvell/octeontx2/af/rvu_npa.c:446:20: warning:
       variable 'block' set but not used [-Wunused-but-set-variable]
      
      It never used since introduction in
      commit 7a37245e ("octeontx2-af: NPA block admin queue init")
      Signed-off-by: default avatarYueHaibing <yuehaibing@huawei.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      665fc901
    • David S. Miller's avatar
      Merge branch 'phy-ocelot-serdes-fix-out-of-bounds-read' · 627d39c3
      David S. Miller authored
      Gustavo A. R. Silva says:
      
      ====================
      phy: ocelot-serdes: fix out-of-bounds read
      
      This patchset aims to fix an out-of-bounds bug in
      the phy-ocelot-serdes driver.
      
      Currently, there is an out-of-bounds read on array ctrl->phys,
      once variable i reaches the maximum array size of SERDES_MAX
      in the for loop.
      
      Quentin Schulz pointed out that SERDES_MAX is a valid value to
      index ctrl->phys. So, I updated SERDES_MAX to be SERDES6G_MAX + 1
      in include/dt-bindings/phy/phy-ocelot-serdes.h.
      
      Then I changed the condition in the for loop from
      i <= SERDES_MAX to i < SERDES_MAX in order to
      complete the fix.
      
      The reason I'm sending this fix as series is because
      checkpatch reported an error when I first tried to
      integrate the whole solution into a singe patch. So,
      changes to dt-bindings should be sent as a separate
      patch.
      
      Changes in v3:
       - Post the series to netdev, so Dave can take it.
      
      Changes in v2:
       - Send the whole series to Kishon Vijay Abraham I, so it
         can be taken into the PHY tree.
       - Add Quentin's Reviewed-by to commit log in both patches.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      627d39c3
    • Gustavo A. R. Silva's avatar
      phy: ocelot-serdes: fix out-of-bounds read · 6acb47d1
      Gustavo A. R. Silva authored
      Currently, there is an out-of-bounds read on array ctrl->phys,
      once variable i reaches the maximum array size of SERDES_MAX
      in the for loop.
      
      Fix this by changing the condition in the for loop from
      i <= SERDES_MAX to i < SERDES_MAX.
      
      Addresses-Coverity-ID: 1473966 ("Out-of-bounds read")
      Addresses-Coverity-ID: 1473959 ("Out-of-bounds read")
      Fixes: 51f6b410 ("phy: add driver for Microsemi Ocelot SerDes muxing")
      Reviewed-by: default avatarQuentin Schulz <quentin.schulz@bootlin.com>
      Signed-off-by: default avatarGustavo A. R. Silva <gustavo@embeddedor.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      6acb47d1
    • Gustavo A. R. Silva's avatar
      dt-bindings: phy: Update SERDES_MAX to be SERDES_MAX + 1 · 81fa7a69
      Gustavo A. R. Silva authored
      SERDES_MAX is a valid value to index ctrl->phys in
      drivers/phy/mscc/phy-ocelot-serdes.c. But, currently,
      there is an out-of-bounds bug in the mentioned driver
      when reading from ctrl->phys, because the size of
      array ctrl->phys is SERDES_MAX.
      
      Partially fix this by updating SERDES_MAX to be SERDES6G_MAX + 1.
      
      Notice that this is the first part of the solution to
      the out-of-bounds bug mentioned above. Although this
      change is not dependent on any other one.
      Suggested-by: default avatarQuentin Schulz <quentin.schulz@bootlin.com>
      Reviewed-by: default avatarQuentin Schulz <quentin.schulz@bootlin.com>
      Acked-by: default avatarRob Herring <robh@kernel.org>
      Signed-off-by: default avatarGustavo A. R. Silva <gustavo@embeddedor.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      81fa7a69
    • Guoqing Jiang's avatar
      tipc: use destination length for copy string · 29e270fc
      Guoqing Jiang authored
      Got below warning with gcc 8.2 compiler.
      
      net/tipc/topsrv.c: In function ‘tipc_topsrv_start’:
      net/tipc/topsrv.c:660:2: warning: ‘strncpy’ specified bound depends on the length of the source argument [-Wstringop-overflow=]
        strncpy(srv->name, name, strlen(name) + 1);
        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      net/tipc/topsrv.c:660:27: note: length computed here
        strncpy(srv->name, name, strlen(name) + 1);
                                 ^~~~~~~~~~~~
      So change it to correct length and use strscpy.
      Signed-off-by: default avatarGuoqing Jiang <gqjiang@suse.com>
      Acked-by: default avatarYing Xue <ying.xue@windriver.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      29e270fc
    • Nathan Chancellor's avatar
      isdn: hfc_{pci,sx}: Avoid empty body if statements · a1930a98
      Nathan Chancellor authored
      Clang warns:
      
      drivers/isdn/hisax/hfc_pci.c:131:34: error: if statement has empty body
      [-Werror,-Wempty-body]
              if (Read_hfc(cs, HFCPCI_INT_S1));
                                              ^
      drivers/isdn/hisax/hfc_pci.c:131:34: note: put the semicolon on a
      separate line to silence this warning
      
      In my attempt to hide the warnings because I thought they didn't serve
      any purpose[1], Masahiro Yamada pointed out that {Read,Write}_hfc in
      hci_pci.c should be using a standard register access method; otherwise,
      the compiler will just remove the if statements.
      
      For hfc_pci, use the versions of {Read,Write}_hfc found in
      drivers/isdn/hardware/mISDN/hfc_pCI.h while converting pci_io to be
      'void __iomem *' (and clean up ioremap) then remove the empty if
      statements.
      
      For hfc_sx, {Read,Write}_hfc are already use a proper register accessor
      (inb, outb) so just remove the unnecessary if statements.
      
      [1]: https://lore.kernel.org/lkml/20181016021454.11953-1-natechancellor@gmail.com/
      
      Link: https://github.com/ClangBuiltLinux/linux/issues/66Suggested-by: default avatarMasahiro Yamada <yamada.masahiro@socionext.com>
      Signed-off-by: default avatarNathan Chancellor <natechancellor@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a1930a98
  2. 22 Oct, 2018 11 commits
  3. 21 Oct, 2018 14 commits
  4. 20 Oct, 2018 7 commits