ctnetlink dumps can be filtered based on the connmark.
Prepare for status bit filtering by using a named structure and by
moving the mark parsing code to a helper.
Else ctnetlink_alloc_filter size grows a bit too big for my taste
when status handling is added.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
strcpy() performs no bounds checking on the destination buffer. This
could result in linear overflows beyond the end of the buffer, leading
to all kinds of misbehaviors. The safe replacement is strscpy() but in
this case it is simpler to use the "%*ph" format specifier.
Moreover, with the "0x%02X " in the sprintf followed by the strcat, the
msg buffer (now removed) can print 128/5 values (25 hex values). So, the
"%*ph" replacement won't cut output earlier than requested since this
format specifier can print up to 64 bytes.
Signed-off-by: Len Baker <len.baker@gmx.com>
Link: https://lore.kernel.org/r/20210801085155.3170-2-len.baker@gmx.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
devm_ioremap_resource() internally calls __devm_ioremap_resource() which
is where error checking and handling is actually taking place. i
Therefore, the dev_err() call in xgene_msi_probe() is redundant.
Remove it.
Link: https://lore.kernel.org/r/20210408132751.1198171-1-yangerkun@huawei.com
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: ErKun Yang <yangerkun@huawei.com>
[lorenzo.pieralisi@arm.com: commit log]
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Reviewed-by: Krzysztof Wilczyński <kw@linux.com>
Commit 453431a549 ("mm, treewide: rename kzfree() to
kfree_sensitive()") renamed kzfree() to kfree_sensitive(),
it should be applied to coccinelle.
Signed-off-by: Weizhao Ouyang <o451686892@gmail.com>
Signed-off-by: Julia Lawall <Julia.Lawall@inria.fr>
Acked-by: Denis Efremov <efremov@linux.com>
This driver defines a set of macros that get or set a bitfield in the
RX and TX descriptors. Most of these have been replaced by the appropriate
use of the system macros BIT() or GENMASK().
While reworking these routines, I also fixed camel case variables and
missing spaces. Some comments were also converted to the
drivers/net/wireless preferred format.
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Link: https://lore.kernel.org/r/20210803135223.12543-11-Larry.Finger@lwfinger.net
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Commit 55dfa29b43 ("staging: rtl8188eu: remove rtl8188eu driver from
staging dir") removes ./drivers/staging/rtl8188eu, but misses to adjust
the STAGING - REALTEK RTL8188EU DRIVERS section in MAINTAINERS.
Hence, ./scripts/get_maintainer.pl --self-test=patterns complains:
no file matches F: drivers/staging/rtl8188eu/
A refurnished rtl8188eu driver is available in ./drivers/staging/r8188eu/
and there is no existing section in MAINTAINERS for that directory.
So, reuse the STAGING - REALTEK RTL8188EU DRIVERS section and point to the
refurnished driver with its current developers and maintainers according
to the current git log.
Acked-by: Phillip Potter <phil@philpotter.co.uk>
Acked-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Lukas Bulwahn <lukas.bulwahn@gmail.com>
Link: https://lore.kernel.org/r/20210803071811.8142-1-lukas.bulwahn@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Mailbox channels for the base protocol are setup during probe.
There can be a scenario where probe fails to acquire the base
protocol due to a timeout leading to cleaning up of all device
managed memory including the scmi_mailbox structure setup during
mailbox_chan_setup function.
| arm-scmi soc:qcom,scmi: timed out in resp(caller: version_get+0x84/0x140)
| arm-scmi soc:qcom,scmi: unable to communicate with SCMI
| arm-scmi: probe of soc:qcom,scmi failed with error -110
Now when a message arrives at cpu slightly after the timeout, the mailbox
controller will try to call the rx_callback of the client and might end
up accessing freed memory.
| rx_callback+0x24/0x160
| mbox_chan_received_data+0x44/0x94
| __handle_irq_event_percpu+0xd4/0x240
This patch frees the mailbox channels setup during probe and adds some more
error handling in case the probe fails.
Link: https://lore.kernel.org/r/1628111999-21595-1-git-send-email-rishabhb@codeaurora.org
Tested-by: Cristian Marussi <cristian.marussi@arm.com>
Reviewed-by: Cristian Marussi <cristian.marussi@arm.com>
Signed-off-by: Rishabh Bhatnagar <rishabhb@codeaurora.org>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Replace IP6_SFLSIZE() with struct_size() helper in order to avoid any
potential type mistakes or integer overflows that, in the worst
scenario, could lead to heap overflows.
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Replace IP_SFLSIZE() with struct_size() helper in order to avoid any
potential type mistakes or integer overflows that, in the worst
scenario, could lead to heap overflows.
Signed-off-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Don't populate the array err_msg on the stack but instead make it
static. Makes the object code smaller by 64 bytes.
While at it, add a missing const, as reported by checkpatch.
Compiled with gcc 11.0.1
Before:
$ size drivers/pci/controller/pci-tegra.o
text data bss dec hex filename
25623 2844 32 28499 6f53 drivers/pci/controller/pci-tegra.o
After:
$ size drivers/pci/controller/pci-tegra.o
text data bss dec hex filename
25559 2844 32 28435 6f13 drivers/pci/controller/pci-tegra.o
Link: https://lore.kernel.org/r/5f3f35296b944b94546cc7d1e9cc6186484620d8.1620148539.git.christophe.jaillet@wanadoo.fr
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Reviewed-by: Vidya Sagar <vidyas@nvidia.com>
Nikolay Aleksandrov says:
====================
net: bridge: fix recent ioctl changes
These are three fixes for the recent bridge removal of ndo_do_ioctl
done by commit ad2f99aedf ("net: bridge: move bridge ioctls out of
.ndo_do_ioctl"). Patch 01 fixes a deadlock of the new bridge ioctl
hook lock and rtnl by taking a netdev reference and always taking the
bridge ioctl lock first then rtnl from within the bridge hook.
Patch 02 fixes old_deviceless() bridge calls device name argument, and
patch 03 checks in dev_ifsioc()'s SIOCBRADD/DELIF cases if the netdevice is
actually a bridge before interpreting its private ptr as net_bridge.
Patch 01 was tested by running old bridge-utils commands with lockdep
enabled. Patch 02 was tested again by using bridge-utils and using the
respective ioctl calls on a "up" bridge device. Patch 03 was tested by
using the addif ioctl on a non-bridge device (e.g. loopback).
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Commit ad2f99aedf ("net: bridge: move bridge ioctls out of .ndo_do_ioctl")
changed the source of the argument copy in bridge's old_deviceless() from
args[1] (user ptr to device name) to uarg (ptr to ioctl arguments) causing
wrong device name to be used.
Example (broken, bridge exists but is up):
$ brctl delbr bridge
bridge bridge doesn't exist; can't delete it
Example (working):
$ brctl delbr bridge
bridge bridge is still up; can't delete it
Fixes: ad2f99aedf ("net: bridge: move bridge ioctls out of .ndo_do_ioctl")
Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Before commit ad2f99aedf ("net: bridge: move bridge ioctls out of
.ndo_do_ioctl") the bridge ioctl calls were divided in two parts:
one was deviceless called by sock_ioctl and didn't expect rtnl to be held,
the other was with a device called by dev_ifsioc() and expected rtnl to be
held. After the commit above they were united in a single ioctl stub, but
it didn't take care of the locking expectations.
For sock_ioctl now we acquire (1) br_ioctl_mutex, (2) rtnl
and for dev_ifsioc we acquire (1) rtnl, (2) br_ioctl_mutex
The fix is to get a refcnt on the netdev for dev_ifsioc calls and drop rtnl
then to reacquire it in the bridge ioctl stub after br_ioctl_mutex has
been acquired. That will avoid playing locking games and make the rules
straight-forward: we always take br_ioctl_mutex first, and then rtnl.
Reported-by: syzbot+34fe5894623c4ab1b379@syzkaller.appspotmail.com
Fixes: ad2f99aedf ("net: bridge: move bridge ioctls out of .ndo_do_ioctl")
Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
