ervice_list'
> not described in 'tipc_subscription'
> ../net/tipc/subscr.h:67: warning: Function parameter or member 'conid' not
> described in 'tipc_subscription'
> ../net/tipc/subscr.h:67: warning: Function parameter or member 'inactive
On 11/25/20 12:20 PM, Randy Dunlap wrote:
>
> Question: is net/tipc/discover.c, in tipc_disc_delete() kernel-doc,
> what is the word "duest"? Should it be changed?
The "duest" is a typo, and it should be "dest" defined as below:
struct tipc_discoverer {
u32 bearer_id;
struct tipc
rer.c:141:2: warning: 'strncpy' specified bound 32 equals
> destination size [-Wstringop-truncation]
> strncpy(name_copy, name, TIPC_MAX_BEARER_NAME);
> ^~~~~~~~~~
>
> Signed-off-by: Wenlin Kang
Acked-by: Ying Xue
> ---
> ne
; This bug exists since day 1, but the recent commit 6ea67769ff33
> ("net: tipc: prepare attrs in __tipc_nl_compat_dumpit()") makes it
> easier to appear.
>
> Reported-and-tested-by: syzbot+0e7181deafa7e0b79...@syzkaller.appspotmail.com
> Fixes: d0796d1ef63d ("tipc: c
On 8/3/20 11:34 PM, Xin Long wrote:
> This is to add an ip_dev_find like function for ipv6, used to find
> the dev by saddr.
>
> It will be used by TIPC protocol. So also export it.
>
> Signed-off-by: Xin Long
Acked-by: Ying Xue
> ---
> include/net/addrconf.h | 2 +
the right netdev and setting ub->ifindex,
> as it does for ipv4 address.
>
> Reported-by: Shuang Li
> Signed-off-by: Xin Long
Acked-by: Ying Xue
> ---
> net/tipc/udp_media.c | 8
> 1 file changed, 8 insertions(+)
>
> diff --git a/net/tipc/udp_media.c b/n
ned-off-by: Huang Guobin
Acked-by: Ying Xue
> ---
> net/tipc/eth_media.c | 4 +---
> 1 file changed, 1 insertion(+), 3 deletions(-)
>
> diff --git a/net/tipc/eth_media.c b/net/tipc/eth_media.c
> index 8b0bb600602d..c68019697cfe 100644
> --- a/net/tipc/eth_media.c
&g
On 7/27/20 10:24 PM, Greg KH wrote:
diff --git a/net/tipc/topsrv.c b/net/tipc/topsrv.c
index 1489cfb941d8..6c8d0c6bb112 100644
--- a/net/tipc/topsrv.c
+++ b/net/tipc/topsrv.c
@@ -255,6 +255,9 @@ static void tipc_conn_send_to_sock(struct tipc_conn
*con)
int
t;] __x64_sys_setsockopt+0x26/0x30
[<ec30be33>] do_syscall_64+0x76/0x1a0
[<271be3e6>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
Reported-by: syzbot+f95d90c454864b3b5...@syzkaller.appspotmail.com
Signed-off-by: Hillf Danton
Signed-off-by: Ying Xue
---
net/tipc/group.c | 22
In this series, try to fix two memory leak issues and another issue of
calling smp_processor_id() in preemptible context.
Changes since v1:
- Fix "Reported-by:" missing in patch #3, which was reported by Jakub
Kicinski
Ying Xue (3):
tipc: fix memory leak issue
tipc: fix memory
: syzbot+1a68504d96cd17b33...@syzkaller.appspotmail.com
Signed-off-by: Hillf Danton
Signed-off-by: Ying Xue
---
net/tipc/udp_media.c | 12 +---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/net/tipc/udp_media.c b/net/tipc/udp_media.c
index 287df687..ca3ae2e 100644
--- a/net/tipc/
09df90505>] tipc_release+0x7b/0x5e0
[<9f3189da>] __sock_release+0x4b/0xe0
[<d3568ee0>] sock_close+0x1b/0x30
[<266a6215>] __fput+0xed/0x300
Reported-by: syzbot+78fbe679c8ca8d264...@syzkaller.appspotmail.com
Signed-off-by: Hillf Danton
Signed-off-by:
09df90505>] tipc_release+0x7b/0x5e0
[<9f3189da>] __sock_release+0x4b/0xe0
[<d3568ee0>] sock_close+0x1b/0x30
[<266a6215>] __fput+0xed/0x300
Reported-by: syzbot+78fbe679c8ca8d264...@syzkaller.appspotmail.com
Signed-off-by: Hillf Danton
Signed-off-by:
In this series, try to fix two memory leak issues and another issue of
calling smp_processor_id() in preemptible context.
Ying Xue (3):
tipc: fix memory leak issue
tipc: fix memory leak issue
tipc: fix issue of calling smp_processor_id() in preemptible
net/tipc/group.c | 22
t;] __x64_sys_setsockopt+0x26/0x30
[<ec30be33>] do_syscall_64+0x76/0x1a0
[<271be3e6>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
Reported-by: syzbot+f95d90c454864b3b5...@syzkaller.appspotmail.com
Signed-off-by: Hillf Danton
Signed-off-by: Ying Xue
---
net/tipc/group.c | 22
)
syzbot+1a68504d96cd17b33...@syzkaller.appspotmail.com
Signed-off-by: Hillf Danton
Signed-off-by: Ying Xue
---
net/tipc/udp_media.c | 12 +---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/net/tipc/udp_media.c b/net/tipc/udp_media.c
index 287df687..ca3ae2e 100644
--- a/net/tipc/udp_media.c
On 6/28/19 11:06 PM, Jon Maloy wrote:
> The macro TIPC_BC_RETR_LIM is always used in combination with 'jiffies',
> so we can just as well perform the addition in the macro itself. This
> way, we get a few shorter code lines and one less line break.
>
> Signed-off-by: J
c8ca8d264...@syzkaller.appspotmail.com
> Signed-off-by: Xin Long
Acked-by: Ying Xue
> ---
> net/tipc/group.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/net/tipc/group.c b/net/tipc/group.c
> index 992be61..5f98d38 100644
> --- a/net/tipc/group.c
> +++ b/net/t
On 1/24/19 10:06 AM, Zhaolong Zhang wrote:
> max_rcvbuf_size is no longer used since commit "414574a0af36".
>
> Signed-off-by: Zhaolong Zhang
Acked-by: Ying Xue
> ---
> net/tipc/topsrv.c | 3 ---
> 1 file changed, 3 deletions(-)
>
> diff --git a/net/tipc/to
81f08...@syzkaller.appspotmail.com
Reported-by: syzbot+6bdb590321a7ae40c...@syzkaller.appspotmail.com
Signed-off-by: Ying Xue
---
net/tipc/netlink_compat.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/tipc/netlink_compat.c b/net/tipc/netlink_compat.c
index b90786c..4ad3586 1
+75e6e042c5bbf691f...@syzkaller.appspotmail.com
Signed-off-by: Ying Xue
---
net/tipc/topsrv.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/tipc/topsrv.c b/net/tipc/topsrv.c
index efb16f6..a457c0f 100644
--- a/net/tipc/topsrv.c
+++ b/net/tipc/topsrv.c
@@ -398,7 +398,7 @@ static
Recently, syzbot complained that TIPC module exits several issues
associated with uninit-value type. So, in this series, we try to
fix them as many as possible.
Ying Xue (6):
tipc: fix uninit-value in in tipc_conn_rcv_sub
tipc: fix uninit-value in tipc_nl_compat_link_reset_stats
tipc: fix
-by: syzbot+e01d94b5a4c266be6...@syzkaller.appspotmail.com
Signed-off-by: Ying Xue
---
net/tipc/netlink_compat.c | 15 +++
1 file changed, 15 insertions(+)
diff --git a/net/tipc/netlink_compat.c b/net/tipc/netlink_compat.c
index 77e4b24..b2b115b 100644
--- a/net/tipc/netlink_compat.c
+++
e+0x63/0xe7
We cannot take for granted the thing that the length of data contained
in TLV is longer than the size of struct tipc_name_table_query in
tipc_nl_compat_name_table_dump().
Reported-by: syzbot+06e771a754829716a...@syzkaller.appspotmail.com
Signed-off-by: Ying Xue
---
net/tipc/netlink_co
happened in
nla_put_string(skb, TIPC_NLA_LINK_NAME, lc->name)
This is because lc->name string is not validated before it's used.
Reported-by: syzbot+d78b8a29241a195ae...@syzkaller.appspotmail.com
Signed-off-by: Ying Xue
---
net/tipc/netlink_compat.c | 5 +
1 file changed, 5
_bearer_set()
Reported-by: syzbot+b33d5cae0efd35dbf...@syzkaller.appspotmail.com
Signed-off-by: Ying Xue
---
net/tipc/netlink_compat.c | 26 ++
1 file changed, 26 insertions(+)
diff --git a/net/tipc/netlink_compat.c b/net/tipc/netlink_compat.c
index b2b115b..68a0b73 10064
On 1/7/19 9:38 PM, David Miller wrote:
> From: Ying Xue
> Date: Mon, 7 Jan 2019 19:29:52 +0800
>
>> This is because lc->name string is not validated before it's used.
>
> It looks like we have several situations like this, not just this one.
>
> For exa
happened in
nla_put_string(skb, TIPC_NLA_LINK_NAME, lc->name)
This is because lc->name string is not validated before it's used.
Reported-by: syzbot+d78b8a29241a195ae...@syzkaller.appspotmail.com
Signed-off-by: Ying Xue
---
net/tipc/netlink_compat.c | 3 +++
1 file changed, 3
t")
> Signed-off-by: Gustavo A. R. Silva
Acked-by: Ying Xue
> ---
> net/tipc/netlink_compat.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/net/tipc/netlink_compat.c b/net/tipc/netlink_compat.c
> index 40f5cae623a7..77e4b2418f3
() and tipc_send_group_anycast().
>
> Reported-by: syzbot+10a9db47c3a0e13eb...@syzkaller.appspotmail.com
> Fixes: b7d42635517f ("tipc: introduce flow control for group broadcast
> messages")
> Fixes: ee106d7f942d ("tipc: introduce group anycast messaging")
> Fixes: 27
Jon, please help to review the patch:
https://patchwork.ozlabs.org/patch/982447.
Thanks,
Ying
On 10/11/2018 06:55 PM, Jon Maloy wrote:
> Hi Dmitry,
> Yes, we are aware of this, the kernel test robot warned us about this a few
> days ago.
> I am looking into it.
>
> ///jon
On 10/11/2018 03:59 PM, Dmitry Vyukov wrote:
> On Thu, Oct 11, 2018 at 9:55 AM, Dmitry Vyukov wrote:
>> Hi,
>>
>> I am getting the following error while booting the latest kernel on
>> bb2d8f2f61047cbde08b78ec03e4ebdb01ee5434 (Oct 10). Config is attached.
>>
>> Since this happens during boot, this
and then move the buffers of the temporary list to l->inputq
queue, which is also safe for us.
Fixes: 3f32d0be6c16 ("tipc: lock wakeup & inputq at tipc_link_reset()")
Reported-by: Dmitry Vyukov
Signed-off-by: Ying Xue
---
net/tipc/link.c | 11 +--
1 file changed, 9 insertions
On 08/24/2018 07:19 AM, Cong Wang wrote:
> rhashtable_walk_exit() must be paired with rhashtable_walk_enter().
>
> Fixes: 40f9f4397060 ("tipc: Fix tipc_sk_reinit race conditions")
> Cc: Herbert Xu
> Cc: Ying Xue
> Signed-off-by: Cong Wang
Acked-by: Ying Xue
&g
On 05/20/2018 11:00 AM, David Miller wrote:
> From: Ying Xue
> Date: Fri, 18 May 2018 19:50:55 +0800
>
>> As variable s of struct tipc_subscr type is not initialized
>> in tipc_conn_rcv_from_sock() before it is used in tipc_conn_rcv_sub(),
>> KMSAN reported the
...@syzkaller.appspotmail.com
Signed-off-by: Ying Xue
---
net/tipc/topsrv.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/tipc/topsrv.c b/net/tipc/topsrv.c
index c8e34ef..fe47a62 100644
--- a/net/tipc/topsrv.c
+++ b/net/tipc/topsrv.c
@@ -397,6 +397,7 @@ static int tipc_conn_rcv_from_sock
x27;s used.
Reported-by: syzbot+df0257c92ffd4fcc5...@syzkaller.appspotmail.com
Signed-off-by: Ying Xue
---
net/tipc/node.c | 15 +--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/net/tipc/node.c b/net/tipc/node.c
index baaf93f..f29549d 100644
--- a/net/tipc/node.c
+++
On 05/04/2018 03:22 AM, David Miller wrote:
> From: syzbot
> Date: Thu, 03 May 2018 11:44:02 -0700
>
>> Call Trace:
>> __dump_stack lib/dump_stack.c:17 [inline]
>> dump_stack+0x185/0x1d0 lib/dump_stack.c:53
>> kmsan_report+0x142/0x240 mm/kmsan/kmsan.c:1067
>> __msan_warning_32+0x6c/0xb0 mm/km
ibutes.
>
> Fixes: d50ccc2d3909 ("tipc: add 128-bit node identifier")
> Signed-off-by: Eric Dumazet
> Cc: Jon Maloy
> Cc: Ying Xue
> Reported-by: syzbot
Acked-by: Ying Xue
> ---
> net/tipc/net.c | 2 ++
> net/tipc/netlink.c | 2 ++
> 2 files changed, 4
On 04/16/2018 11:29 PM, Eric Dumazet wrote:
> Before syzbot/KMSAN bites, add the missing policy for TIPC_NLA_NET_ADDR
>
> Fixes: 27c21416727a ("tipc: add net set to new netlink api")
> Signed-off-by: Eric Dumazet
> Cc: Jon Maloy
> Cc: Ying Xue
Acked-by: Ying Xue
On 04/10/2018 09:17 AM, Jia-Ju Bai wrote:
> tipc_mon_create() is never called in atomic context.
>
> The call chain ending up at dn_route_init() is:
Sorry, I don't think there is any relationship between the following
call chain with dn_route_init().
> [1] tipc_mon_create() <- tipc_enable_bearer
hich can sleep and improve the possibility of successful allocation.
>
> This is found by a static analysis tool named DCNS written by myself.
> And I also manually check it.
>
> Signed-off-by: Jia-Ju Bai
Acked-by: Ying Xue
> ---
> v2:
> * Modify the description of GFP_AT
On 03/06/2018 05:56 AM, Gustavo A. R. Silva wrote:
> Assign true or false to boolean variables instead of an integer value.
>
> This issue was detected with the help of Coccinelle.
>
> Signed-off-by: Gustavo A. R. Silva
Acked-by: Ying Xue
> ---
> net/tipc/bcast.c | 2 +-
On 02/13/2018 07:03 PM, Kirill Tkhai wrote:
> The patch is logically OK for me. The only thing I'm confused,
> I had to split it in 7 patches to review, otherwise the patch
> looks difficult to do. There is possible to extract:
>
> 1)Refactoring in __tipc_nl_compat_doit
> 2)Introduce __tipc_nl_bea
Introduce __tipc_nl_media_set() which doesn't hold RTNL lock.
Signed-off-by: Ying Xue
---
net/tipc/bearer.c | 23 ++-
net/tipc/bearer.h | 1 +
2 files changed, 15 insertions(+), 9 deletions(-)
diff --git a/net/tipc/bearer.c b/net/tipc/bearer.c
index f92c9c5..3e3dce3 1
Introduce __tipc_nl_bearer_enable() which doesn't hold RTNL lock.
Signed-off-by: Ying Xue
---
net/tipc/bearer.c | 17 ++---
net/tipc/bearer.h | 1 +
2 files changed, 11 insertions(+), 7 deletions(-)
diff --git a/net/tipc/bearer.c b/net/tipc/bearer.c
index 61b6625..faf8fa0 1
Introduce __tipc_nl_net_set() which doesn't hold RTNL lock.
Signed-off-by: Ying Xue
---
net/tipc/net.c | 15 ---
net/tipc/net.h | 1 +
2 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/net/tipc/net.c b/net/tipc/net.c
index 719c592..1a2fde0 100644
--- a/net/tipc/
mon.c:389
entry_SYSENTER_compat+0x54/0x63 arch/x86/entry/entry_64_compat.S:129
In order to correct the mistake, __tipc_nl_compat_doit() has been
protected by RTNL lock, which means the whole operation of setting
bearer/media properties is under RTNL protection.
Signed-off-by: Ying Xue
of holding RTNL lock according
to the suggestion of Kirill Tkhai.
Changes in v2:
- The whole operation of setting bearer/media properties has been
protected under RTNL, as per feedback from David M.
Ying Xue (7):
tipc: Refactor __tipc_nl_compat_doit
tipc: Introduce __tipc_nl_bearer_disa
Introduce __tipc_nl_bearer_disable() which doesn't hold RTNL lock.
Signed-off-by: Ying Xue
---
net/tipc/bearer.c | 19 +--
net/tipc/bearer.h | 1 +
2 files changed, 14 insertions(+), 6 deletions(-)
diff --git a/net/tipc/bearer.c b/net/tipc/bearer.c
index c800147..61
As preparation for adding RTNL to make (*cmd->transcode)() and
(*cmd->transcode)() constantly protected by RTNL lock, we move out of
memory allocations existing between them as many as possible so that
the time of holding RTNL can be minimized in __tipc_nl_compat_doit().
Signed-off-by: Yi
Introduce __tipc_nl_bearer_set() which doesn't holding RTNL lock.
Signed-off-by: Ying Xue
---
net/tipc/bearer.c | 23 ++-
net/tipc/bearer.h | 1 +
2 files changed, 15 insertions(+), 9 deletions(-)
diff --git a/net/tipc/bearer.c b/net/tipc/bearer.c
index faf8fa0..f9
mon.c:389
entry_SYSENTER_compat+0x54/0x63 arch/x86/entry/entry_64_compat.S:129
In order to correct the mistake, __tipc_nl_compat_doit() has been
protected by RTNL lock, which means the whole operation of setting
bearer/media properties is under RTNL protection.
Signed-off-by: Ying Xue
Repo
mon.c:389
entry_SYSENTER_compat+0x54/0x63 arch/x86/entry/entry_64_compat.S:129
In order to correct the mistake, __tipc_nl_compat_doit() has been
protected by RTNL lock, which means the whole operation of setting
bearer/media properties is under RTNL protection.
Signed-off-by: Ying Xue
Reported
itry Vyukov
> Cc: Jon Maloy
> Cc: Ying Xue
> Signed-off-by: Cong Wang
Acked-by: Ying Xue
> ---
> net/tipc/node.c | 26 ++
> 1 file changed, 14 insertions(+), 12 deletions(-)
>
> diff --git a/net/tipc/node.c b/net/tipc/node.c
> index 507017fe
On 01/03/2018 11:48 PM, David Miller wrote:
> As soon as you drop the RTNL lock, the media or bearer entry can be
> removed from the tables.
>
Thanks for the review. Yes, you are right. But even if we temporarily
release RTNL lock, it's still safe for us because when we set
media/bearer propertie
mon.c:389
entry_SYSENTER_compat+0x54/0x63 arch/x86/entry/entry_64_compat.S:129
Signed-off-by: Ying Xue
Reported-by: syzbot
---
net/tipc/netlink_compat.c | 4
1 file changed, 4 insertions(+)
diff --git a/net/tipc/netlink_compat.c b/net/tipc/netlink_compat.c
index e48f0b2..0fb
On 11/18/2017 07:02 AM, Yang Shi wrote:
> Preempt counter APIs have been split out, currently, hardirq.h just
> includes irq_enter/exit APIs which are not used by TIPC at all.
>
> So, remove the unused hardirq.h.
>
> Signed-off-by: Yang Shi
> Cc: Jon Maloy
> Cc:
t; tipc_topsrv_kern_subscr+0x724/0x810 net/tipc/server.c:514
> tipc_group_create+0x702/0x9c0 net/tipc/group.c:184
> tipc_sk_join net/tipc/socket.c:2747 [inline]
> tipc_setsockopt+0x249/0xc10 net/tipc/socket.c:2861
> SYSC_setsockopt net/socket.c:1851 [inline]
> SyS_setsoc
On 11/30/2017 08:32 PM, Tommi Rantala wrote:
>> In my opinion, the real root cause of the issue is because we too early
>> set a not-yet-initialized bearer instance to ub->bearer through
>> rcu_assign_pointer(ub->bearer, b) in tipc_udp_enable(). Instead if we
>> assign the bearer pointer at the end
On 11/29/2017 06:48 PM, Tommi Rantala wrote:
> Remove the second tipc_rcv() call in tipc_udp_recv(). We have just
> checked that the bearer is not up, and calling tipc_rcv() with a bearer
> that is not up leads to a TIPC div-by-zero crash in
> tipc_node_calculate_timer(). The crash is rare in pract
On 09/16/2017 05:58 PM, Joe Perches wrote:
> On Sat, 2017-09-16 at 17:36 +0800, Ying Xue wrote:
>> On 09/16/2017 05:26 PM, Joe Perches wrote:
>>> On Sat, 2017-09-16 at 17:02 +0800, Ying Xue wrote:
>>>> On 09/16/2017 03:50 PM, Thomas Meyer wrote:
>>>>
On 09/16/2017 05:26 PM, Joe Perches wrote:
> On Sat, 2017-09-16 at 17:02 +0800, Ying Xue wrote:
>> On 09/16/2017 03:50 PM, Thomas Meyer wrote:
>>> Use common library function rather than explicitly coding
>>> some variant of it yourself.
>>>
>>> Sign
On 09/16/2017 03:50 PM, Thomas Meyer wrote:
> Use common library function rather than explicitly coding
> some variant of it yourself.
>
> Signed-off-by: Thomas Meyer
Acked-by: Ying Xue
> ---
> net/tipc/name_table.c | 30 +++---
> 1 file changed,
On 09/06/2017 05:08 PM, Kleber Sacilotto de Souza wrote:
> The net device is already stored in the 'net' variable, so no need to call
> dev_net() again.
>
> Signed-off-by: Kleber Sacilotto de Souza
Acked-by: Ying Xue
> ---
> net/tipc/bearer.c | 2 +-
> 1
n of checksum
is ignored as well.
Signed-off-by: Ying Xue
---
net/netfilter/nf_nat_proto_sctp.c | 13 -
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/net/netfilter/nf_nat_proto_sctp.c
b/net/netfilter/nf_nat_proto_sctp.c
index 31d3586..804e8a0 100644
---
es.
>
> Secondly it's missing memory barriers as previously the code used
> spinlocks which provide the barriers implicitly.
>
> This patch fixes both problems.
>
> Fixes: 07f6c4bc048a ("tipc: convert tipc reference table to...")
> Signed-off-by: Herb
tetst teste tetet tetest
tetett
On 01/26/2017 01:46 PM, Eric W. Biederman wrote:
> Alexei Starovoitov writes:
>
>> in cases where bpf programs are look
evice MTU. UDP case also needs a check to avoid
overflow when calculating bearer MTU.
Fixes: b97bf3fd8f6a ("[TIPC] Initial merge")
Signed-off-by: Michal Kubecek
Reported-by: Qian Zhang (张谦)
---
Thanks, it looks nice to me.
Acked-by: Ying Xue
For UDP bearer, it seems insufficient for us to check MTU size only
when UDP bearer is enabled. Meanwhile, we should update MTU size for
UDP bearer with Path MTU discovery protocol once MTU size is changed
after bearer is enabled.
I should admit I'm not that familiar with tipc. Do you mean upda
On 11/30/2016 05:57 PM, Michal Kubecek wrote:
Qian Zhang (张谦) reported a potential socket buffer overflow in
tipc_msg_build() which is also known as CVE-2016-8632: due to
insufficient checks, a buffer overflow can occur if MTU is too short for
even tipc headers. As anyone can set device MTU in a
On 10/19/2016 10:16 AM, Ben Hutchings wrote:
> Qian Zhang (张谦) reported a potential socket buffer overflow in
> tipc_msg_build(). The minimum fragment length needs to be checked
> against the maximum packet size, which is based on the link MTU.
>
> Reported-by: Qian Zhang (张谦)
> Signed-off-by: B
On 08/24/2016 02:00 PM, David Miller wrote:
> From: "Xue, Ying"
> Date: Wed, 24 Aug 2016 02:47:32 +
>
>> Acked-by: Ying Xue
>
> Please do not ACK patches like this.
>
> If you quote the patch with no demarcation in the initial column for
> the quote
context imbalance in '__tipc_nl_add_monitor' - different lock contexts for
> basic block
>
> Fixes: cf6f7e1d5109 ('tipc: dump monitor attributes')
> Signed-off-by: Wei Yongjun
Acked-by: Ying Xue
> ---
> net/tipc/monitor.c | 2 +-
> 1 file change
gt; - to = \(kmalloc\|kzalloc\)(size,flag);
> + to = kmemdup(from,size,flag);
>if (to==NULL || ...) S
> - memcpy(to, from, size);
>
> Signed-off-by: Amitoj Kaur Chawla
Acked-by: Ying Xue
> ---
> net/tipc/server.c | 3 +--
> 1 file changed, 1 insertion(+), 2 delet
net/tipc/link.c: In function ‘tipc_link_timeout’:
net/tipc/link.c:744:28: warning: ‘mtyp’ may be used uninitialized in this
function [-Wuninitialized]
Fixes: 42b18f605fea ("tipc: refactor function tipc_link_timeout()")
Acked-by: Jon Maloy
Signed-off-by: Ying Xue
---
net/tipc/lin
ackets in bearer layer")
Acked-by: Jon Maloy
Signed-off-by: Ying Xue
---
net/tipc/bearer.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/tipc/bearer.c b/net/tipc/bearer.c
index 6f11c62..bf8f05c 100644
--- a/net/tipc/bearer.c
+++ b/net/tipc/bearer.c
@@ -405,7 +4
sequence as we unconditionally consider that
it's always successful.
Fixes: e53567948f82 ("tipc: conditionally expand buffer headroom over udp
tunnel")
Reported-by:
Cc: Stephen Hemminger
Signed-off-by: Ying Xue
---
v2:
* When pskb_expand_head() returns negative error codes instea
On 11/24/2015 12:35 PM, David Miller wrote:
> pskb_expand_head() returns negative error codes, therefore zero means
> success and therefore this "!err" check is reversed.
Thank you for pointing out such a stupid mistake I made.
I will send v2 to correct it.
Regards,
Ying
--
To unsubscribe from
. To avoid this leak, we register a private socket
destructor to purge receive queue, meaning releasing packets pending
on receive queue will be delayed until the last reference of tipc
socket will be released.
Signed-off-by: Ying Xue
---
net/tipc/socket.c | 10 +++---
1 file changed, 7
sequence as we unconditionally consider that
it's always successful.
Fixes: e53567948f82 ("tipc: conditionally expand buffer headroom over udp
tunnel")
Reported-by:
Cc: Stephen Hemminger
Signed-off-by: Ying Xue
---
net/tipc/udp_media.c |7 +--
1 file changed, 5 insertions(
On 11/04/2015 12:18 AM, Stephen Hemminger wrote:
> The TIPC case is a missing check for memory allocation failure.
>
Thanks for the report. I will fix it soon.
Regards,
Ying
>
> Begin forwarded message:
>
> Date: Mon, 02 Nov 2015 23:45:55 -0800
> From: scan-ad...@coverity.com
> To: step...@ne
Hugne
> Reported-by: Tamás Végh
Acked-by: Ying Xue
> ---
> net/tipc/msg.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/net/tipc/msg.c b/net/tipc/msg.c
> index 562c926..c5ac436 100644
> --- a/net/tipc/msg.c
> +++ b/net/tipc/msg.c
> @@ -539,6 +539,7 @
On 08/07/2015 03:59 PM, Andrzej Hajda wrote:
> The patch was generated using fixed coccinelle semantic patch
> scripts/coccinelle/api/memdup.cocci [1].
>
> [1]: http://permalink.gmane.org/gmane.linux.kernel/2014320
>
> Signed-off-by: Andrzej Hajda
Reviewed-by: Ying Xue
only when a congestion on broadcast link occurs.
> For example, when there are only 8 nodes it works fine since congestion
> doesn't occur. Send queue limit is 40 in my case (I use a critical importance
> level) and when 64 nodes send a message at the same moment a congestio
Make fib_encap_match() static as it isn't used outside the file.
Signed-off-by: Ying Xue
---
net/ipv4/fib_semantics.c |6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c
index d525307..8fdf6c2 100644
--- a/net
y: kbuild test robot
Signed-off-by: Ying Xue
Acked-by: Jiri Benc
---
include/net/lwtunnel.h |4
1 file changed, 4 insertions(+)
diff --git a/include/net/lwtunnel.h b/include/net/lwtunnel.h
index 34fd8f7..cfee539 100644
--- a/include/net/lwtunnel.h
+++ b/include/net/lwtunnel.h
@@
On 08/19/2015 03:40 PM, Jiri Benc wrote:
> On Wed, 19 Aug 2015 15:33:29 +0800, Ying Xue wrote:
>> When CONFIG_LWTUNNEL config is not enabled, the lwtstate_free() is not
>> declared in lwtunnel.h at all. However, even in this case, the function
>> is still referenced in fi
y: kbuild test robot
Signed-off-by: Ying Xue
---
include/net/lwtunnel.h |4
1 file changed, 4 insertions(+)
diff --git a/include/net/lwtunnel.h b/include/net/lwtunnel.h
index 34fd8f7..cfee539 100644
--- a/include/net/lwtunnel.h
+++ b/include/net/lwtunnel.h
@@ -93,6 +93,10 @@ int lw
class field and an unlabeled secid. Add a call to security_sk_clone()
> to inherit the security state from the parent socket.
>
> Reported-by: Tim Shearer
> Signed-off-by: Stephen Smalley
> Acked-by: Paul Moore
Acked-by: Ying Xue
> ---
> net/tipc/socket.c | 1 +
> 1
On 06/18/2015 10:44 AM, Nicholas Krause wrote:
> This converts the function tipc_buf_append now due to this
> particular function only returning either one or zero as
> its return value.
>
> Signed-off-by: Nicholas Krause
Acked-by: Ying Xue
> ---
> net/tipc/msg.c | 1
When csk->atid returned by cxgb4_alloc_atid() is less than zero,
init_act_open() directly returns with -EINVAL. But as init_act_open()
ever invokes dst_neigh_lookup() before it calls cxgb4_alloc_atid(),
this leads to the leak of neigh entry searched by dst_neigh_lookup().
Signed-off-by: Ying
On 05/29/2015 09:50 AM, Eric Dumazet wrote:
> I count 5 places of redundancy.
>
Another two places you found are necessary indeed!
Acked-by: Ying Xue
> diff --git a/net/core/neighbour.c b/net/core/neighbour.c
> index
> 3a74df750af4044eba0e7d88a
On 05/28/2015 06:13 PM, Eric Dumazet wrote:
> This patch is not needed.
>
> You really should read Documentation/RCU , because it looks like you are
> quite confused.
>
> When we remove an element from a RCU protected list, all the objects in
> the chain are already ready to be caught by rcu read
Commit e4c4e448cf55 ("neigh: Convert garbage collection from softirq
to workqueue") misses to use rcu_assign_pointer() macro to assign a
RCU-protected pointer.
Signed-off-by: Ying Xue
---
net/core/neighbour.c |3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git
As sock refcnt is taken when sock timer is started in
sk_reset_timer(), the sock refcnt should be put when sock timer
to be deleted is in pending state no matter what "probing_state"
value of tipc sock is.
Reviewed-by: Erik Hugne
Reviewed-by: Jon Maloy
Signed-off-by: Ying Xue
---
There is no the race between put_net() and kernel socket creation, so
it's unnecessary to switch namespace for a kernel tunnel socket from
init_net to its desirable one.
Signed-off-by: Ying Xue
---
net/ipv4/udp_tunnel.c | 10 ++
1 file changed, 6 insertions(+), 4 deletions(-)
97 matches
Mail list logo
