Re: [PATCH 01/10 net-next] net/tipc: fix tipc header files for kernel-doc

2020-11-29 Thread Ying Xue
ervice_list' > not described in 'tipc_subscription' > ../net/tipc/subscr.h:67: warning: Function parameter or member 'conid' not > described in 'tipc_subscription' > ../net/tipc/subscr.h:67: warning: Function parameter or member 'inactive

Re: [PATCH 00/10 net-next] net/tipc: fix all kernel-doc and add TIPC networking chapter

2020-11-28 Thread Ying Xue
On 11/25/20 12:20 PM, Randy Dunlap wrote: > > Question: is net/tipc/discover.c, in tipc_disc_delete() kernel-doc, > what is the word "duest"? Should it be changed? The "duest" is a typo, and it should be "dest" defined as below: struct tipc_discoverer { u32 bearer_id; struct tipc

Re: [PATCH] tipc: fix -Wstringop-truncation warnings

2020-11-13 Thread Ying Xue
rer.c:141:2: warning: 'strncpy' specified bound 32 equals > destination size [-Wstringop-truncation] > strncpy(name_copy, name, TIPC_MAX_BEARER_NAME); > ^~~~~~~~~~ > > Signed-off-by: Wenlin Kang Acked-by: Ying Xue > --- > ne

Re: [Patch net] tipc: fix uninit skb->data in tipc_nl_compat_dumpit()

2020-08-16 Thread Ying Xue
; This bug exists since day 1, but the recent commit 6ea67769ff33 > ("net: tipc: prepare attrs in __tipc_nl_compat_dumpit()") makes it > easier to appear. > > Reported-and-tested-by: syzbot+0e7181deafa7e0b79...@syzkaller.appspotmail.com > Fixes: d0796d1ef63d ("tipc: c

Re: [PATCH net 1/2] ipv6: add ipv6_dev_find()

2020-08-05 Thread Ying Xue
On 8/3/20 11:34 PM, Xin Long wrote: > This is to add an ip_dev_find like function for ipv6, used to find > the dev by saddr. > > It will be used by TIPC protocol. So also export it. > > Signed-off-by: Xin Long Acked-by: Ying Xue > --- > include/net/addrconf.h | 2 +

Re: [PATCH net 2/2] tipc: set ub->ifindex for local ipv6 address

2020-08-05 Thread Ying Xue
the right netdev and setting ub->ifindex, > as it does for ipv4 address. > > Reported-by: Shuang Li > Signed-off-by: Xin Long Acked-by: Ying Xue > --- > net/tipc/udp_media.c | 8 > 1 file changed, 8 insertions(+) > > diff --git a/net/tipc/udp_media.c b/n

Re: [PATCH net-next] tipc: Use is_broadcast_ether_addr() instead of memcmp()

2020-08-03 Thread Ying Xue
ned-off-by: Huang Guobin Acked-by: Ying Xue > --- > net/tipc/eth_media.c | 4 +--- > 1 file changed, 1 insertion(+), 3 deletions(-) > > diff --git a/net/tipc/eth_media.c b/net/tipc/eth_media.c > index 8b0bb600602d..c68019697cfe 100644 > --- a/net/tipc/eth_media.c &g

Re: [PATCH] net: tipc: fix general protection fault in tipc_conn_delete_sub

2020-07-28 Thread Ying Xue
On 7/27/20 10:24 PM, Greg KH wrote: diff --git a/net/tipc/topsrv.c b/net/tipc/topsrv.c index 1489cfb941d8..6c8d0c6bb112 100644 --- a/net/tipc/topsrv.c +++ b/net/tipc/topsrv.c @@ -255,6 +255,9 @@ static void tipc_conn_send_to_sock(struct tipc_conn *con) int

[PATCH v2 2/3] tipc: fix memory leak issue

2019-08-12 Thread Ying Xue
t;] __x64_sys_setsockopt+0x26/0x30 [<ec30be33>] do_syscall_64+0x76/0x1a0 [<271be3e6>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 Reported-by: syzbot+f95d90c454864b3b5...@syzkaller.appspotmail.com Signed-off-by: Hillf Danton Signed-off-by: Ying Xue --- net/tipc/group.c | 22

[PATCH v2 0/3] Fix three issues found by syzbot

2019-08-12 Thread Ying Xue
In this series, try to fix two memory leak issues and another issue of calling smp_processor_id() in preemptible context. Changes since v1: - Fix "Reported-by:" missing in patch #3, which was reported by Jakub Kicinski Ying Xue (3): tipc: fix memory leak issue tipc: fix memory

[PATCH v2 3/3] tipc: fix issue of calling smp_processor_id() in preemptible

2019-08-12 Thread Ying Xue
: syzbot+1a68504d96cd17b33...@syzkaller.appspotmail.com Signed-off-by: Hillf Danton Signed-off-by: Ying Xue --- net/tipc/udp_media.c | 12 +--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/net/tipc/udp_media.c b/net/tipc/udp_media.c index 287df687..ca3ae2e 100644 --- a/net/tipc/

[PATCH v2 1/3] tipc: fix memory leak issue

2019-08-12 Thread Ying Xue
09df90505>] tipc_release+0x7b/0x5e0 [<9f3189da>] __sock_release+0x4b/0xe0 [<d3568ee0>] sock_close+0x1b/0x30 [<266a6215>] __fput+0xed/0x300 Reported-by: syzbot+78fbe679c8ca8d264...@syzkaller.appspotmail.com Signed-off-by: Hillf Danton Signed-off-by:

[PATCH 1/3] tipc: fix memory leak issue

2019-08-09 Thread Ying Xue
09df90505>] tipc_release+0x7b/0x5e0 [<9f3189da>] __sock_release+0x4b/0xe0 [<d3568ee0>] sock_close+0x1b/0x30 [<266a6215>] __fput+0xed/0x300 Reported-by: syzbot+78fbe679c8ca8d264...@syzkaller.appspotmail.com Signed-off-by: Hillf Danton Signed-off-by:

[PATCH 0/3] Fix three issues found by syzbot

2019-08-09 Thread Ying Xue
In this series, try to fix two memory leak issues and another issue of calling smp_processor_id() in preemptible context. Ying Xue (3): tipc: fix memory leak issue tipc: fix memory leak issue tipc: fix issue of calling smp_processor_id() in preemptible net/tipc/group.c | 22

[PATCH 2/3] tipc: fix memory leak issue

2019-08-09 Thread Ying Xue
t;] __x64_sys_setsockopt+0x26/0x30 [<ec30be33>] do_syscall_64+0x76/0x1a0 [<271be3e6>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 Reported-by: syzbot+f95d90c454864b3b5...@syzkaller.appspotmail.com Signed-off-by: Hillf Danton Signed-off-by: Ying Xue --- net/tipc/group.c | 22

[PATCH 3/3] tipc: fix issue of calling smp_processor_id() in preemptible

2019-08-09 Thread Ying Xue
) syzbot+1a68504d96cd17b33...@syzkaller.appspotmail.com Signed-off-by: Hillf Danton Signed-off-by: Ying Xue --- net/tipc/udp_media.c | 12 +--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/net/tipc/udp_media.c b/net/tipc/udp_media.c index 287df687..ca3ae2e 100644 --- a/net/tipc/udp_media.c

Re: [net-next 1/1] tipc: embed jiffies in macro TIPC_BC_RETR_LIM

2019-06-29 Thread Ying Xue
On 6/28/19 11:06 PM, Jon Maloy wrote: > The macro TIPC_BC_RETR_LIM is always used in combination with 'jiffies', > so we can just as well perform the addition in the macro itself. This > way, we get a few shorter code lines and one less line break. > > Signed-off-by: J

Re: [PATCH net] tipc: purge deferredq list for each grp member in tipc_group_delete

2019-06-16 Thread Ying Xue
c8ca8d264...@syzkaller.appspotmail.com > Signed-off-by: Xin Long Acked-by: Ying Xue > --- > net/tipc/group.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/net/tipc/group.c b/net/tipc/group.c > index 992be61..5f98d38 100644 > --- a/net/tipc/group.c > +++ b/net/t

Re: [PATCH] tipc: remove dead code in struct tipc_topsrv

2019-01-23 Thread Ying Xue
On 1/24/19 10:06 AM, Zhaolong Zhang wrote: > max_rcvbuf_size is no longer used since commit "414574a0af36". > > Signed-off-by: Zhaolong Zhang Acked-by: Ying Xue > --- > net/tipc/topsrv.c | 3 --- > 1 file changed, 3 deletions(-) > > diff --git a/net/tipc/to

[net 6/6] tipc: fix uninit-value in tipc_nl_compat_doit

2019-01-14 Thread Ying Xue
81f08...@syzkaller.appspotmail.com Reported-by: syzbot+6bdb590321a7ae40c...@syzkaller.appspotmail.com Signed-off-by: Ying Xue --- net/tipc/netlink_compat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/tipc/netlink_compat.c b/net/tipc/netlink_compat.c index b90786c..4ad3586 1

[net 1/6] tipc: fix uninit-value in in tipc_conn_rcv_sub

2019-01-14 Thread Ying Xue
+75e6e042c5bbf691f...@syzkaller.appspotmail.com Signed-off-by: Ying Xue --- net/tipc/topsrv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/tipc/topsrv.c b/net/tipc/topsrv.c index efb16f6..a457c0f 100644 --- a/net/tipc/topsrv.c +++ b/net/tipc/topsrv.c @@ -398,7 +398,7 @@ static

[net 0/6] tipc: fix uninit-value issues reported by syzbot

2019-01-14 Thread Ying Xue
Recently, syzbot complained that TIPC module exits several issues associated with uninit-value type. So, in this series, we try to fix them as many as possible. Ying Xue (6): tipc: fix uninit-value in in tipc_conn_rcv_sub tipc: fix uninit-value in tipc_nl_compat_link_reset_stats tipc: fix

[net 2/6] tipc: fix uninit-value in tipc_nl_compat_link_reset_stats

2019-01-14 Thread Ying Xue
-by: syzbot+e01d94b5a4c266be6...@syzkaller.appspotmail.com Signed-off-by: Ying Xue --- net/tipc/netlink_compat.c | 15 +++ 1 file changed, 15 insertions(+) diff --git a/net/tipc/netlink_compat.c b/net/tipc/netlink_compat.c index 77e4b24..b2b115b 100644 --- a/net/tipc/netlink_compat.c +++

[net 5/6] tipc: fix uninit-value in tipc_nl_compat_name_table_dump

2019-01-14 Thread Ying Xue
e+0x63/0xe7 We cannot take for granted the thing that the length of data contained in TLV is longer than the size of struct tipc_name_table_query in tipc_nl_compat_name_table_dump(). Reported-by: syzbot+06e771a754829716a...@syzkaller.appspotmail.com Signed-off-by: Ying Xue --- net/tipc/netlink_co

[net 4/6] tipc: fix uninit-value in tipc_nl_compat_link_set

2019-01-14 Thread Ying Xue
happened in nla_put_string(skb, TIPC_NLA_LINK_NAME, lc->name) This is because lc->name string is not validated before it's used. Reported-by: syzbot+d78b8a29241a195ae...@syzkaller.appspotmail.com Signed-off-by: Ying Xue --- net/tipc/netlink_compat.c | 5 + 1 file changed, 5

[net 3/6] tipc: fix uninit-value in tipc_nl_compat_bearer_enable

2019-01-14 Thread Ying Xue
_bearer_set() Reported-by: syzbot+b33d5cae0efd35dbf...@syzkaller.appspotmail.com Signed-off-by: Ying Xue --- net/tipc/netlink_compat.c | 26 ++ 1 file changed, 26 insertions(+) diff --git a/net/tipc/netlink_compat.c b/net/tipc/netlink_compat.c index b2b115b..68a0b73 10064

Re: [PATCH net] tipc: fix uninit-value in tipc_nl_compat_link_set

2019-01-07 Thread Ying Xue
On 1/7/19 9:38 PM, David Miller wrote: > From: Ying Xue > Date: Mon, 7 Jan 2019 19:29:52 +0800 > >> This is because lc->name string is not validated before it's used. > > It looks like we have several situations like this, not just this one. > > For exa

[PATCH net] tipc: fix uninit-value in tipc_nl_compat_link_set

2019-01-07 Thread Ying Xue
happened in nla_put_string(skb, TIPC_NLA_LINK_NAME, lc->name) This is because lc->name string is not validated before it's used. Reported-by: syzbot+d78b8a29241a195ae...@syzkaller.appspotmail.com Signed-off-by: Ying Xue --- net/tipc/netlink_compat.c | 3 +++ 1 file changed, 3

Re: [PATCH] tipc: fix memory leak in tipc_nl_compat_publ_dump

2019-01-05 Thread Ying Xue
t") > Signed-off-by: Gustavo A. R. Silva Acked-by: Ying Xue > --- > net/tipc/netlink_compat.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/net/tipc/netlink_compat.c b/net/tipc/netlink_compat.c > index 40f5cae623a7..77e4b2418f3

Re: [Patch net] tipc: check tsk->group in tipc_wait_for_cond()

2018-12-12 Thread Ying Xue
() and tipc_send_group_anycast(). > > Reported-by: syzbot+10a9db47c3a0e13eb...@syzkaller.appspotmail.com > Fixes: b7d42635517f ("tipc: introduce flow control for group broadcast > messages") > Fixes: ee106d7f942d ("tipc: introduce group anycast messaging") > Fixes: 27

Re: net/tipc: recursive locking in tipc_link_reset

2018-10-11 Thread Ying Xue
Jon, please help to review the patch: https://patchwork.ozlabs.org/patch/982447. Thanks, Ying On 10/11/2018 06:55 PM, Jon Maloy wrote: > Hi Dmitry, > Yes, we are aware of this, the kernel test robot warned us about this a few > days ago. > I am looking into it. > > ///jon

Re: net/tipc: recursive locking in tipc_link_reset

2018-10-11 Thread Ying Xue
On 10/11/2018 03:59 PM, Dmitry Vyukov wrote: > On Thu, Oct 11, 2018 at 9:55 AM, Dmitry Vyukov wrote: >> Hi, >> >> I am getting the following error while booting the latest kernel on >> bb2d8f2f61047cbde08b78ec03e4ebdb01ee5434 (Oct 10). Config is attached. >> >> Since this happens during boot, this

[PATCH net] tipc: eliminate possible recursive locking detected by LOCKDEP

2018-10-11 Thread Ying Xue
and then move the buffers of the temporary list to l->inputq queue, which is also safe for us. Fixes: 3f32d0be6c16 ("tipc: lock wakeup & inputq at tipc_link_reset()") Reported-by: Dmitry Vyukov Signed-off-by: Ying Xue --- net/tipc/link.c | 11 +-- 1 file changed, 9 insertions

Re: [Patch net] tipc: fix a missing rhashtable_walk_exit()

2018-09-04 Thread Ying Xue
On 08/24/2018 07:19 AM, Cong Wang wrote: > rhashtable_walk_exit() must be paired with rhashtable_walk_enter(). > > Fixes: 40f9f4397060 ("tipc: Fix tipc_sk_reinit race conditions") > Cc: Herbert Xu > Cc: Ying Xue > Signed-off-by: Cong Wang Acked-by: Ying Xue &g

Re: [PATCH net-next] tipc: eliminate complaint of KMSAN uninit-value in tipc_conn_rcv_sub

2018-05-23 Thread Ying Xue
On 05/20/2018 11:00 AM, David Miller wrote: > From: Ying Xue > Date: Fri, 18 May 2018 19:50:55 +0800 > >> As variable s of struct tipc_subscr type is not initialized >> in tipc_conn_rcv_from_sock() before it is used in tipc_conn_rcv_sub(), >> KMSAN reported the

[PATCH net-next] tipc: eliminate complaint of KMSAN uninit-value in tipc_conn_rcv_sub

2018-05-18 Thread Ying Xue
...@syzkaller.appspotmail.com Signed-off-by: Ying Xue --- net/tipc/topsrv.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/tipc/topsrv.c b/net/tipc/topsrv.c index c8e34ef..fe47a62 100644 --- a/net/tipc/topsrv.c +++ b/net/tipc/topsrv.c @@ -397,6 +397,7 @@ static int tipc_conn_rcv_from_sock

[PATCH net] tipc: eliminate KMSAN uninit-value in strcmp complaint

2018-05-08 Thread Ying Xue
x27;s used. Reported-by: syzbot+df0257c92ffd4fcc5...@syzkaller.appspotmail.com Signed-off-by: Ying Xue --- net/tipc/node.c | 15 +-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/net/tipc/node.c b/net/tipc/node.c index baaf93f..f29549d 100644 --- a/net/tipc/node.c +++

Re: KMSAN: uninit-value in strcmp

2018-05-08 Thread Ying Xue
On 05/04/2018 03:22 AM, David Miller wrote: > From: syzbot > Date: Thu, 03 May 2018 11:44:02 -0700 > >> Call Trace: >> __dump_stack lib/dump_stack.c:17 [inline] >> dump_stack+0x185/0x1d0 lib/dump_stack.c:53 >> kmsan_report+0x142/0x240 mm/kmsan/kmsan.c:1067 >> __msan_warning_32+0x6c/0xb0 mm/km

Re: [PATCH net 2/2] tipc: fix possible crash in __tipc_nl_net_set()

2018-04-17 Thread Ying Xue
ibutes. > > Fixes: d50ccc2d3909 ("tipc: add 128-bit node identifier") > Signed-off-by: Eric Dumazet > Cc: Jon Maloy > Cc: Ying Xue > Reported-by: syzbot Acked-by: Ying Xue > --- > net/tipc/net.c | 2 ++ > net/tipc/netlink.c | 2 ++ > 2 files changed, 4

Re: [PATCH net 1/2] tipc: add policy for TIPC_NLA_NET_ADDR

2018-04-17 Thread Ying Xue
On 04/16/2018 11:29 PM, Eric Dumazet wrote: > Before syzbot/KMSAN bites, add the missing policy for TIPC_NLA_NET_ADDR > > Fixes: 27c21416727a ("tipc: add net set to new netlink api") > Signed-off-by: Eric Dumazet > Cc: Jon Maloy > Cc: Ying Xue Acked-by: Ying Xue

Re: [PATCH v2] net: tipc: Replace GFP_ATOMIC with GFP_KERNEL in tipc_mon_create

2018-04-11 Thread Ying Xue
On 04/10/2018 09:17 AM, Jia-Ju Bai wrote: > tipc_mon_create() is never called in atomic context. > > The call chain ending up at dn_route_init() is: Sorry, I don't think there is any relationship between the following call chain with dn_route_init(). > [1] tipc_mon_create() <- tipc_enable_bearer

Re: [PATCH v3] net: tipc: Replace GFP_ATOMIC with GFP_KERNEL in tipc_mon_create

2018-04-11 Thread Ying Xue
hich can sleep and improve the possibility of successful allocation. > > This is found by a static analysis tool named DCNS written by myself. > And I also manually check it. > > Signed-off-by: Jia-Ju Bai Acked-by: Ying Xue > --- > v2: > * Modify the description of GFP_AT

Re: [PATCH] tipc: bcast: use true and false for boolean values

2018-03-05 Thread Ying Xue
On 03/06/2018 05:56 AM, Gustavo A. R. Silva wrote: > Assign true or false to boolean variables instead of an integer value. > > This issue was detected with the help of Coccinelle. > > Signed-off-by: Gustavo A. R. Silva Acked-by: Ying Xue > --- > net/tipc/bcast.c | 2 +-

Re: [PATCH net v3] tipc: fix missing RTNL lock protection during setting link properties

2018-02-13 Thread Ying Xue
On 02/13/2018 07:03 PM, Kirill Tkhai wrote: > The patch is logically OK for me. The only thing I'm confused, > I had to split it in 7 patches to review, otherwise the patch > looks difficult to do. There is possible to extract: > > 1)Refactoring in __tipc_nl_compat_doit > 2)Introduce __tipc_nl_bea

[PATCH net v4 5/7] tipc: Introduce __tipc_nl_media_set

2018-02-13 Thread Ying Xue
Introduce __tipc_nl_media_set() which doesn't hold RTNL lock. Signed-off-by: Ying Xue --- net/tipc/bearer.c | 23 ++- net/tipc/bearer.h | 1 + 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/net/tipc/bearer.c b/net/tipc/bearer.c index f92c9c5..3e3dce3 1

[PATCH net v4 3/7] tipc: Introduce __tipc_nl_bearer_enable

2018-02-13 Thread Ying Xue
Introduce __tipc_nl_bearer_enable() which doesn't hold RTNL lock. Signed-off-by: Ying Xue --- net/tipc/bearer.c | 17 ++--- net/tipc/bearer.h | 1 + 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/net/tipc/bearer.c b/net/tipc/bearer.c index 61b6625..faf8fa0 1

[PATCH net v4 6/7] tipc: Introduce __tipc_nl_net_set

2018-02-13 Thread Ying Xue
Introduce __tipc_nl_net_set() which doesn't hold RTNL lock. Signed-off-by: Ying Xue --- net/tipc/net.c | 15 --- net/tipc/net.h | 1 + 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/net/tipc/net.c b/net/tipc/net.c index 719c592..1a2fde0 100644 --- a/net/tipc/

[PATCH net v4 7/7] tipc: Fix missing RTNL lock protection during setting link properties

2018-02-13 Thread Ying Xue
mon.c:389 entry_SYSENTER_compat+0x54/0x63 arch/x86/entry/entry_64_compat.S:129 In order to correct the mistake, __tipc_nl_compat_doit() has been protected by RTNL lock, which means the whole operation of setting bearer/media properties is under RTNL protection. Signed-off-by: Ying Xue

[PATCH net v4 0/7] tipc: Fix missing RTNL lock protection during setting link properties

2018-02-13 Thread Ying Xue
of holding RTNL lock according to the suggestion of Kirill Tkhai. Changes in v2: - The whole operation of setting bearer/media properties has been protected under RTNL, as per feedback from David M. Ying Xue (7): tipc: Refactor __tipc_nl_compat_doit tipc: Introduce __tipc_nl_bearer_disa

[PATCH net v4 2/7] tipc: Introduce __tipc_nl_bearer_disable

2018-02-13 Thread Ying Xue
Introduce __tipc_nl_bearer_disable() which doesn't hold RTNL lock. Signed-off-by: Ying Xue --- net/tipc/bearer.c | 19 +-- net/tipc/bearer.h | 1 + 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/net/tipc/bearer.c b/net/tipc/bearer.c index c800147..61

[PATCH net v4 1/7] tipc: Refactor __tipc_nl_compat_doit

2018-02-13 Thread Ying Xue
As preparation for adding RTNL to make (*cmd->transcode)() and (*cmd->transcode)() constantly protected by RTNL lock, we move out of memory allocations existing between them as many as possible so that the time of holding RTNL can be minimized in __tipc_nl_compat_doit(). Signed-off-by: Yi

[PATCH net v4 4/7] tipc: Introduce __tipc_nl_bearer_set

2018-02-13 Thread Ying Xue
Introduce __tipc_nl_bearer_set() which doesn't holding RTNL lock. Signed-off-by: Ying Xue --- net/tipc/bearer.c | 23 ++- net/tipc/bearer.h | 1 + 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/net/tipc/bearer.c b/net/tipc/bearer.c index faf8fa0..f9

[PATCH net v3] tipc: fix missing RTNL lock protection during setting link properties

2018-02-13 Thread Ying Xue
mon.c:389 entry_SYSENTER_compat+0x54/0x63 arch/x86/entry/entry_64_compat.S:129 In order to correct the mistake, __tipc_nl_compat_doit() has been protected by RTNL lock, which means the whole operation of setting bearer/media properties is under RTNL protection. Signed-off-by: Ying Xue Repo

[PATCH net v2] tipc: fix missing RTNL lock protection during setting link properties

2018-02-12 Thread Ying Xue
mon.c:389 entry_SYSENTER_compat+0x54/0x63 arch/x86/entry/entry_64_compat.S:129 In order to correct the mistake, __tipc_nl_compat_doit() has been protected by RTNL lock, which means the whole operation of setting bearer/media properties is under RTNL protection. Signed-off-by: Ying Xue Reported

Re: [Patch net] tipc: fix a memory leak in tipc_nl_node_get_link()

2018-01-11 Thread Ying Xue
itry Vyukov > Cc: Jon Maloy > Cc: Ying Xue > Signed-off-by: Cong Wang Acked-by: Ying Xue > --- > net/tipc/node.c | 26 ++ > 1 file changed, 14 insertions(+), 12 deletions(-) > > diff --git a/net/tipc/node.c b/net/tipc/node.c > index 507017fe

Re: [PATCH net] tipc: fix missing rtnl lock protection during setting link properties

2018-01-03 Thread Ying Xue
On 01/03/2018 11:48 PM, David Miller wrote: > As soon as you drop the RTNL lock, the media or bearer entry can be > removed from the tables. > Thanks for the review. Yes, you are right. But even if we temporarily release RTNL lock, it's still safe for us because when we set media/bearer propertie

[PATCH net] tipc: fix missing rtnl lock protection during setting link properties

2018-01-01 Thread Ying Xue
mon.c:389 entry_SYSENTER_compat+0x54/0x63 arch/x86/entry/entry_64_compat.S:129 Signed-off-by: Ying Xue Reported-by: syzbot --- net/tipc/netlink_compat.c | 4 1 file changed, 4 insertions(+) diff --git a/net/tipc/netlink_compat.c b/net/tipc/netlink_compat.c index e48f0b2..0fb

Re: [PATCH 8/8] net: tipc: remove unused hardirq.h

2017-12-07 Thread Ying Xue
On 11/18/2017 07:02 AM, Yang Shi wrote: > Preempt counter APIs have been split out, currently, hardirq.h just > includes irq_enter/exit APIs which are not used by TIPC at all. > > So, remove the unused hardirq.h. > > Signed-off-by: Yang Shi > Cc: Jon Maloy > Cc:

Re: [Patch net] tipc: fix a null pointer deref on error path

2017-12-04 Thread Ying Xue
t; tipc_topsrv_kern_subscr+0x724/0x810 net/tipc/server.c:514 > tipc_group_create+0x702/0x9c0 net/tipc/group.c:184 > tipc_sk_join net/tipc/socket.c:2747 [inline] > tipc_setsockopt+0x249/0xc10 net/tipc/socket.c:2861 > SYSC_setsockopt net/socket.c:1851 [inline] > SyS_setsoc

Re: [PATCH net v2] tipc: call tipc_rcv() only if bearer is up in tipc_udp_recv()

2017-12-01 Thread Ying Xue
On 11/30/2017 08:32 PM, Tommi Rantala wrote: >> In my opinion, the real root cause of the issue is because we too early >> set a not-yet-initialized bearer instance to ub->bearer through >> rcu_assign_pointer(ub->bearer, b) in tipc_udp_enable(). Instead if we >> assign the bearer pointer at the end

Re: [PATCH net v2] tipc: call tipc_rcv() only if bearer is up in tipc_udp_recv()

2017-11-30 Thread Ying Xue
On 11/29/2017 06:48 PM, Tommi Rantala wrote: > Remove the second tipc_rcv() call in tipc_udp_recv(). We have just > checked that the bearer is not up, and calling tipc_rcv() with a bearer > that is not up leads to a TIPC div-by-zero crash in > tipc_node_calculate_timer(). The crash is rare in pract

Re: [PATCH V2] tipc: Use bsearch library function

2017-09-16 Thread Ying Xue
On 09/16/2017 05:58 PM, Joe Perches wrote: > On Sat, 2017-09-16 at 17:36 +0800, Ying Xue wrote: >> On 09/16/2017 05:26 PM, Joe Perches wrote: >>> On Sat, 2017-09-16 at 17:02 +0800, Ying Xue wrote: >>>> On 09/16/2017 03:50 PM, Thomas Meyer wrote: >>>>

Re: [PATCH V2] tipc: Use bsearch library function

2017-09-16 Thread Ying Xue
On 09/16/2017 05:26 PM, Joe Perches wrote: > On Sat, 2017-09-16 at 17:02 +0800, Ying Xue wrote: >> On 09/16/2017 03:50 PM, Thomas Meyer wrote: >>> Use common library function rather than explicitly coding >>> some variant of it yourself. >>> >>> Sign

Re: [PATCH V2] tipc: Use bsearch library function

2017-09-16 Thread Ying Xue
On 09/16/2017 03:50 PM, Thomas Meyer wrote: > Use common library function rather than explicitly coding > some variant of it yourself. > > Signed-off-by: Thomas Meyer Acked-by: Ying Xue > --- > net/tipc/name_table.c | 30 +++--- > 1 file changed,

Re: [PATCH] tipc: remove unnecessary call to dev_net()

2017-09-06 Thread Ying Xue
On 09/06/2017 05:08 PM, Kleber Sacilotto de Souza wrote: > The net device is already stored in the 'net' variable, so no need to call > dev_net() again. > > Signed-off-by: Kleber Sacilotto de Souza Acked-by: Ying Xue > --- > net/tipc/bearer.c | 2 +- > 1

[net] netfilter: nat: sctp: fix ICMP packet to be dropped accidently

2017-03-04 Thread Ying Xue
n of checksum is ignored as well. Signed-off-by: Ying Xue --- net/netfilter/nf_nat_proto_sctp.c | 13 - 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nf_nat_proto_sctp.c b/net/netfilter/nf_nat_proto_sctp.c index 31d3586..804e8a0 100644 ---

Re: [PATCH 2/3] tipc: Fix tipc_sk_reinit race conditions

2017-02-10 Thread Ying Xue
es. > > Secondly it's missing memory barriers as previously the code used > spinlocks which provide the barriers implicitly. > > This patch fixes both problems. > > Fixes: 07f6c4bc048a ("tipc: convert tipc reference table to...") > Signed-off-by: Herb

Re: [PATCH net] bpf: expose netns inode to bpf programs

2017-01-25 Thread Ying Xue
tetst teste tetet tetest tetett On 01/26/2017 01:46 PM, Eric W. Biederman wrote: > Alexei Starovoitov writes: > >> in cases where bpf programs are look

Re: [PATCH net v3] tipc: check minimum bearer MTU

2016-12-02 Thread Ying Xue
evice MTU. UDP case also needs a check to avoid overflow when calculating bearer MTU. Fixes: b97bf3fd8f6a ("[TIPC] Initial merge") Signed-off-by: Michal Kubecek Reported-by: Qian Zhang (张谦) --- Thanks, it looks nice to me. Acked-by: Ying Xue

Re: [PATCH net] tipc: check minimum bearer MTU

2016-12-01 Thread Ying Xue
For UDP bearer, it seems insufficient for us to check MTU size only when UDP bearer is enabled. Meanwhile, we should update MTU size for UDP bearer with Path MTU discovery protocol once MTU size is changed after bearer is enabled. I should admit I'm not that familiar with tipc. Do you mean upda

Re: [PATCH net] tipc: check minimum bearer MTU

2016-11-30 Thread Ying Xue
On 11/30/2016 05:57 PM, Michal Kubecek wrote: Qian Zhang (张谦) reported a potential socket buffer overflow in tipc_msg_build() which is also known as CVE-2016-8632: due to insufficient checks, a buffer overflow can occur if MTU is too short for even tipc headers. As anyone can set device MTU in a

Re: [PATCH net] tipc: Guard against tiny MTU in tipc_msg_build()

2016-10-20 Thread Ying Xue
On 10/19/2016 10:16 AM, Ben Hutchings wrote: > Qian Zhang (张谦) reported a potential socket buffer overflow in > tipc_msg_build(). The minimum fragment length needs to be checked > against the maximum packet size, which is based on the link MTU. > > Reported-by: Qian Zhang (张谦) > Signed-off-by: B

Re: [PATCH -next] tipc: use kfree_skb() instead of kfree()

2016-08-24 Thread Ying Xue
On 08/24/2016 02:00 PM, David Miller wrote: > From: "Xue, Ying" > Date: Wed, 24 Aug 2016 02:47:32 + > >> Acked-by: Ying Xue > > Please do not ACK patches like this. > > If you quote the patch with no demarcation in the initial column for > the quote

Re: [PATCH -next] tipc: fix imbalance read_unlock_bh in __tipc_nl_add_monitor()

2016-07-28 Thread Ying Xue
context imbalance in '__tipc_nl_add_monitor' - different lock contexts for > basic block > > Fixes: cf6f7e1d5109 ('tipc: dump monitor attributes') > Signed-off-by: Wei Yongjun Acked-by: Ying Xue > --- > net/tipc/monitor.c | 2 +- > 1 file change

Re: [PATCH] tipc: Use kmemdup instead of kmalloc and memcpy

2016-06-27 Thread Ying Xue
gt; - to = \(kmalloc\|kzalloc\)(size,flag); > + to = kmemdup(from,size,flag); >if (to==NULL || ...) S > - memcpy(to, from, size); > > Signed-off-by: Amitoj Kaur Chawla Acked-by: Ying Xue > --- > net/tipc/server.c | 3 +-- > 1 file changed, 1 insertion(+), 2 delet

[PATCH] tipc: eliminate uninitialized variable warning

2016-06-14 Thread Ying Xue
net/tipc/link.c: In function ‘tipc_link_timeout’: net/tipc/link.c:744:28: warning: ‘mtyp’ may be used uninitialized in this function [-Wuninitialized] Fixes: 42b18f605fea ("tipc: refactor function tipc_link_timeout()") Acked-by: Jon Maloy Signed-off-by: Ying Xue --- net/tipc/lin

[PATCH] tipc: fix suspicious RCU usage

2016-06-14 Thread Ying Xue
ackets in bearer layer") Acked-by: Jon Maloy Signed-off-by: Ying Xue --- net/tipc/bearer.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/tipc/bearer.c b/net/tipc/bearer.c index 6f11c62..bf8f05c 100644 --- a/net/tipc/bearer.c +++ b/net/tipc/bearer.c @@ -405,7 +4

[PATCH v2] tipc: fix error handling of expanding buffer headroom

2015-11-23 Thread Ying Xue
sequence as we unconditionally consider that it's always successful. Fixes: e53567948f82 ("tipc: conditionally expand buffer headroom over udp tunnel") Reported-by: Cc: Stephen Hemminger Signed-off-by: Ying Xue --- v2: * When pskb_expand_head() returns negative error codes instea

Re: [PATCH] tipc: fix error handling of expanding buffer headroom

2015-11-23 Thread Ying Xue
On 11/24/2015 12:35 PM, David Miller wrote: > pskb_expand_head() returns negative error codes, therefore zero means > success and therefore this "!err" check is reversed. Thank you for pointing out such a stupid mistake I made. I will send v2 to correct it. Regards, Ying -- To unsubscribe from

[PATCH] tipc: avoid packets leaking on socket receive queue

2015-11-21 Thread Ying Xue
. To avoid this leak, we register a private socket destructor to purge receive queue, meaning releasing packets pending on receive queue will be delayed until the last reference of tipc socket will be released. Signed-off-by: Ying Xue --- net/tipc/socket.c | 10 +++--- 1 file changed, 7

[PATCH] tipc: fix error handling of expanding buffer headroom

2015-11-21 Thread Ying Xue
sequence as we unconditionally consider that it's always successful. Fixes: e53567948f82 ("tipc: conditionally expand buffer headroom over udp tunnel") Reported-by: Cc: Stephen Hemminger Signed-off-by: Ying Xue --- net/tipc/udp_media.c |7 +-- 1 file changed, 5 insertions(

Re: Fw: New Defects reported by Coverity Scan for Linux

2015-11-03 Thread Ying Xue
On 11/04/2015 12:18 AM, Stephen Hemminger wrote: > The TIPC case is a missing check for memory allocation failure. > Thanks for the report. I will fix it soon. Regards, Ying > > Begin forwarded message: > > Date: Mon, 02 Nov 2015 23:45:55 -0800 > From: scan-ad...@coverity.com > To: step...@ne

Re: [tipc-discussion] [PATCH] tipc: reinitialize pointer after skb linearize

2015-09-18 Thread Ying Xue
Hugne > Reported-by: Tamás Végh Acked-by: Ying Xue > --- > net/tipc/msg.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/net/tipc/msg.c b/net/tipc/msg.c > index 562c926..c5ac436 100644 > --- a/net/tipc/msg.c > +++ b/net/tipc/msg.c > @@ -539,6 +539,7 @

Re: [PATCH 27/31] net/tipc: use kmemdup rather than duplicating its implementation

2015-09-16 Thread Ying Xue
On 08/07/2015 03:59 PM, Andrzej Hajda wrote: > The patch was generated using fixed coccinelle semantic patch > scripts/coccinelle/api/memdup.cocci [1]. > > [1]: http://permalink.gmane.org/gmane.linux.kernel/2014320 > > Signed-off-by: Andrzej Hajda Reviewed-by: Ying Xue

Re: [PATCH] net: tipc: fix stall during bclink wakeup procedure

2015-09-06 Thread Ying Xue
only when a congestion on broadcast link occurs. > For example, when there are only 8 nodes it works fine since congestion > doesn't occur. Send queue limit is 40 in my case (I use a critical importance > level) and when 64 nodes send a message at the same moment a congestio

[PATCH net-next] ipv4: Make fib_encap_match static

2015-08-19 Thread Ying Xue
Make fib_encap_match() static as it isn't used outside the file. Signed-off-by: Ying Xue --- net/ipv4/fib_semantics.c |6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c index d525307..8fdf6c2 100644 --- a/net

[PATCH RESEND net-next] lwtunnel: Fix the sparse warnings in fib_encap_match

2015-08-19 Thread Ying Xue
y: kbuild test robot Signed-off-by: Ying Xue Acked-by: Jiri Benc --- include/net/lwtunnel.h |4 1 file changed, 4 insertions(+) diff --git a/include/net/lwtunnel.h b/include/net/lwtunnel.h index 34fd8f7..cfee539 100644 --- a/include/net/lwtunnel.h +++ b/include/net/lwtunnel.h @@

Re: [PATCH] lwtunnel: Fix the sparse warnings in fib_encap_match

2015-08-19 Thread Ying Xue
On 08/19/2015 03:40 PM, Jiri Benc wrote: > On Wed, 19 Aug 2015 15:33:29 +0800, Ying Xue wrote: >> When CONFIG_LWTUNNEL config is not enabled, the lwtstate_free() is not >> declared in lwtunnel.h at all. However, even in this case, the function >> is still referenced in fi

[PATCH] lwtunnel: Fix the sparse warnings in fib_encap_match

2015-08-19 Thread Ying Xue
y: kbuild test robot Signed-off-by: Ying Xue --- include/net/lwtunnel.h |4 1 file changed, 4 insertions(+) diff --git a/include/net/lwtunnel.h b/include/net/lwtunnel.h index 34fd8f7..cfee539 100644 --- a/include/net/lwtunnel.h +++ b/include/net/lwtunnel.h @@ -93,6 +93,10 @@ int lw

Re: [PATCH] net/tipc: initialize security state for new connection socket

2015-07-07 Thread Ying Xue
class field and an unlabeled secid. Add a call to security_sk_clone() > to inherit the security state from the parent socket. > > Reported-by: Tim Shearer > Signed-off-by: Stephen Smalley > Acked-by: Paul Moore Acked-by: Ying Xue > --- > net/tipc/socket.c | 1 + > 1

Re: [PATCH] tipc:Make the function tipc_buf_append have a return type of bool

2015-06-17 Thread Ying Xue
On 06/18/2015 10:44 AM, Nicholas Krause wrote: > This converts the function tipc_buf_append now due to this > particular function only returning either one or zero as > its return value. > > Signed-off-by: Nicholas Krause Acked-by: Ying Xue > --- > net/tipc/msg.c | 1

[PATCH] cxgb4i: Fix neigh entry leak

2015-06-17 Thread Ying Xue
When csk->atid returned by cxgb4_alloc_atid() is less than zero, init_act_open() directly returns with -EINVAL. But as init_act_open() ever invokes dst_neigh_lookup() before it calls cxgb4_alloc_atid(), this leads to the leak of neigh entry searched by dst_neigh_lookup(). Signed-off-by: Ying

Re: [PATCH net-next] neigh: Add missing rcu_assign_pointer

2015-05-28 Thread Ying Xue
On 05/29/2015 09:50 AM, Eric Dumazet wrote: > I count 5 places of redundancy. > Another two places you found are necessary indeed! Acked-by: Ying Xue > diff --git a/net/core/neighbour.c b/net/core/neighbour.c > index > 3a74df750af4044eba0e7d88a

Re: [PATCH net-next] neigh: Add missing rcu_assign_pointer

2015-05-28 Thread Ying Xue
On 05/28/2015 06:13 PM, Eric Dumazet wrote: > This patch is not needed. > > You really should read Documentation/RCU , because it looks like you are > quite confused. > > When we remove an element from a RCU protected list, all the objects in > the chain are already ready to be caught by rcu read

[PATCH net-next] neigh: Add missing rcu_assign_pointer

2015-05-28 Thread Ying Xue
Commit e4c4e448cf55 ("neigh: Convert garbage collection from softirq to workqueue") misses to use rcu_assign_pointer() macro to assign a RCU-protected pointer. Signed-off-by: Ying Xue --- net/core/neighbour.c |3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git

[PATCH net-next] tipc: unconditionally put sock refcnt when sock timer to be deleted is pending

2015-05-27 Thread Ying Xue
As sock refcnt is taken when sock timer is started in sk_reset_timer(), the sock refcnt should be put when sock timer to be deleted is in pending state no matter what "probing_state" value of tipc sock is. Reviewed-by: Erik Hugne Reviewed-by: Jon Maloy Signed-off-by: Ying Xue ---

[RFC PATCH net-next 05/11] udp_tunnel: avoid to switch namespace for tunnel socket

2015-05-07 Thread Ying Xue
There is no the race between put_net() and kernel socket creation, so it's unnecessary to switch namespace for a kernel tunnel socket from init_net to its desirable one. Signed-off-by: Ying Xue --- net/ipv4/udp_tunnel.c | 10 ++ 1 file changed, 6 insertions(+), 4 deletions(-)