PM: netlink: events per connection #60
Assignees
Labels
Comments
|
I"m working on this. |
|
Hi @fw-strlen That's great, thank you! I was thinking about looking at this one early next year but that's good if you do that before! Feel free to discuss if you think we need to change the API defined in mptcp.org: https://github.com/multipath-tcp/mptcp/blob/mptcp_trunk/include/uapi/linux/mptcp.h |
|
Validated by @ossama-othman and these patches are now in net-next! |
jenkins-tessares
pushed a commit
that referenced
this issue
Apr 30, 2021
Align the expected result with one actually produced for easier visual comparison; this has to take into account what the format specifiers will actually produce rather than the characters they consist of. E.g.: test_div64: ERROR: 10000000ab275080 / 00000009 => 01c71c71da20d00e,00000002 test_div64: ERROR: expected value => 0000000013045e47,00000001 (with a failure induced by setting bit #60 of the divident). Signed-off-by: Maciej W. Rozycki <macro@orcam.me.uk> Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
dcaratti
pushed a commit
to dcaratti/mptcp_net-next
that referenced
this issue
Sep 2, 2021
jenkins-tessares
pushed a commit
that referenced
this issue
Nov 24, 2021
Commit 4dfb998 ("tsn: Fix build.") fixed compilation with const dev_addr. In tsnep_netdev_set_mac_address() the call of ether_addr_copy() was replaced with dev_set_mac_address(), which calls ndo_set_mac_address(). This results in an endless recursive loop because ndo_set_mac_address is set to tsnep_netdev_set_mac_address. Call eth_hw_addr_set() instead of dev_set_mac_address() in ndo_set_mac_address()/tsnep_netdev_set_mac_address() to copy the address as intended. [ 26.563303] Insufficient stack space to handle exception! [ 26.563312] ESR: 0x96000047 -- DABT (current EL) [ 26.563317] FAR: 0xffff80000a507fc0 [ 26.563320] Task stack: [0xffff80000a508000..0xffff80000a50c000] [ 26.563324] IRQ stack: [0xffff80000a0c0000..0xffff80000a0c4000] [ 26.563327] Overflow stack: [0xffff00007fbaf2b0..0xffff00007fbb02b0] [ 26.563333] CPU: 3 PID: 381 Comm: ifconfig Not tainted 5.16.0-rc1-zynqmp #60 [ 26.563340] Hardware name: TSN endpoint (DT) [ 26.563343] pstate: a0000005 (NzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 26.563351] pc : inetdev_event+0x4/0x560 [ 26.563364] lr : raw_notifier_call_chain+0x54/0x78 [ 26.563372] sp : ffff80000a508040 [ 26.563374] x29: ffff80000a508040 x28: ffff00000132b800 x27: 0000000000000000 [ 26.563386] x26: 0000000000000000 x25: ffff800000ea5058 x24: 0904030201020001 [ 26.563396] x23: ffff800000ea5058 x22: ffff80000a5080e0 x21: 0000000000000009 [ 26.563405] x20: 00000000fffffffa x19: ffff80000a009510 x18: 0000000000000000 [ 26.563414] x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffffd1341030 [ 26.563422] x14: ffffffffffffffff x13: 0000000000000020 x12: 0101010101010101 [ 26.563432] x11: 0000000000000020 x10: 0101010101010101 x9 : 7f7f7f7f7f7f7f7f [ 26.563441] x8 : 7f7f7f7f7f7f7f7f x7 : fefefeff30677364 x6 : 0000000080808080 [ 26.563450] x5 : 0000000000000000 x4 : ffff800008dee170 x3 : ffff80000a50bd42 [ 26.563459] x2 : ffff80000a5080e0 x1 : 0000000000000009 x0 : ffff80000a0092d0 [ 26.563470] Kernel panic - not syncing: kernel stack overflow [ 26.563474] CPU: 3 PID: 381 Comm: ifconfig Not tainted 5.16.0-rc1-zynqmp #60 [ 26.563481] Hardware name: TSN endpoint (DT) [ 26.563484] Call trace: [ 26.563486] dump_backtrace+0x0/0x1b0 [ 26.563497] show_stack+0x18/0x68 [ 26.563504] dump_stack_lvl+0x68/0x84 [ 26.563513] dump_stack+0x18/0x34 [ 26.563519] panic+0x164/0x324 [ 26.563524] nmi_panic+0x64/0x98 [ 26.563533] panic_bad_stack+0x108/0x128 [ 2k6.563539] handle_bad_stack+0x38/0x68 [ 26.563548] __bad_stack+0x88/0x8c [ 26.563553] inetdev_event+0x4/0x560 [ 26.563560] call_netdevice_notifiers_info+0x58/0xa8 [ 26.563569] dev_set_mac_address+0x78/0x110 [ 26.563576] tsnep_netdev_set_mac_address+0x38/0x60 [tsnep] [ 26.563591] dev_set_mac_address+0xc4/0x110 [ 26.563599] tsnep_netdev_set_mac_address+0x38/0x60 [tsnep] ... [ 26.565444] dev_set_mac_address+0xc4/0x110 [ 26.565452] tsnep_netdev_set_mac_address+0x38/0x60 [tsnep] [ 26.565462] dev_set_mac_address+0xc4/0x110 [ 26.565469] dev_set_mac_address_user+0x44/0x68 [ 26.565477] dev_ifsioc+0x30c/0x568 [ 26.565483] dev_ioctl+0x124/0x3f0 [ 26.565489] sock_do_ioctl+0xb4/0xf8 [ 26.565497] sock_ioctl+0x2f4/0x398 [ 26.565503] __arm64_sys_ioctl+0xa8/0xe8 [ 26.565511] invoke_syscall+0x44/0x108 [ 26.565520] el0_svc_common.constprop.3+0x94/0xf8 [ 26.565527] do_el0_svc+0x24/0x88 [ 26.565534] el0_svc+0x20/0x50 [ 26.565541] el0t_64_sync_handler+0x90/0xb8 [ 26.565548] el0t_64_sync+0x180/0x184 [ 26.565556] SMP: stopping secondary CPUs [ 26.565622] Kernel Offset: disabled [ 26.565624] CPU features: 0x0,00004002,00000846 [ 26.565628] Memory Limit: none [ 27.843428] ---[ end Kernel panic - not syncing: kernel stack overflow ]--- Fixes: 4dfb998 ("tsn: Fix build.") Signed-off-by: Gerhard Engleder <gerhard@engleder-embedded.com> Signed-off-by: David S. Miller <davem@davemloft.net>
matttbe
pushed a commit
that referenced
this issue
Dec 8, 2021
Currently, with an unknown recv_type, mwifiex_usb_recv just return -1 without restoring the skb. Next time mwifiex_usb_rx_complete is invoked with the same skb, calling skb_put causes skb_over_panic. The bug is triggerable with a compromised/malfunctioning usb device. After applying the patch, skb_over_panic no longer shows up with the same input. Attached is the panic report from fuzzing. skbuff: skb_over_panic: text:000000003bf1b5fa len:2048 put:4 head:00000000dd6a115b data:000000000a9445d8 tail:0x844 end:0x840 dev:<NULL> kernel BUG at net/core/skbuff.c:109! invalid opcode: 0000 [#1] SMP KASAN NOPTI CPU: 0 PID: 198 Comm: in:imklog Not tainted 5.6.0 #60 RIP: 0010:skb_panic+0x15f/0x161 Call Trace: <IRQ> ? mwifiex_usb_rx_complete+0x26b/0xfcd [mwifiex_usb] skb_put.cold+0x24/0x24 mwifiex_usb_rx_complete+0x26b/0xfcd [mwifiex_usb] __usb_hcd_giveback_urb+0x1e4/0x380 usb_giveback_urb_bh+0x241/0x4f0 ? __hrtimer_run_queues+0x316/0x740 ? __usb_hcd_giveback_urb+0x380/0x380 tasklet_action_common.isra.0+0x135/0x330 __do_softirq+0x18c/0x634 irq_exit+0x114/0x140 smp_apic_timer_interrupt+0xde/0x380 apic_timer_interrupt+0xf/0x20 </IRQ> Reported-by: Brendan Dolan-Gavitt <brendandg@nyu.edu> Signed-off-by: Zekun Shen <bruceshenzk@gmail.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/YX4CqjfRcTa6bVL+@Zekuns-MBP-16.fios-router.home
jenkins-tessares
pushed a commit
that referenced
this issue
Jan 28, 2022
arm32 uses software to simulate the instruction replaced
by kprobe. some instructions may be simulated by constructing
assembly functions. therefore, before executing instruction
simulation, it is necessary to construct assembly function
execution environment in C language through binding registers.
after kasan is enabled, the register binding relationship will
be destroyed, resulting in instruction simulation errors and
causing kernel panic.
the kprobe emulate instruction function is distributed in three
files: actions-common.c actions-arm.c actions-thumb.c, so disable
KASAN when compiling these files.
for example, use kprobe insert on cap_capable+20 after kasan
enabled, the cap_capable assembly code is as follows:
<cap_capable>:
e92d47f0 push {r4, r5, r6, r7, r8, r9, sl, lr}
e1a05000 mov r5, r0
e280006c add r0, r0, #108 ; 0x6c
e1a04001 mov r4, r1
e1a06002 mov r6, r2
e59fa090 ldr sl, [pc, #144] ;
ebfc7bf8 bl c03aa4b4 <__asan_load4>
e595706c ldr r7, [r5, #108] ; 0x6c
e2859014 add r9, r5, #20
......
The emulate_ldr assembly code after enabling kasan is as follows:
c06f1384 <emulate_ldr>:
e92d47f0 push {r4, r5, r6, r7, r8, r9, sl, lr}
e282803c add r8, r2, #60 ; 0x3c
e1a05000 mov r5, r0
e7e37855 ubfx r7, r5, #16, #4
e1a00008 mov r0, r8
e1a09001 mov r9, r1
e1a04002 mov r4, r2
ebf35462 bl c03c6530 <__asan_load4>
e357000f cmp r7, #15
e7e36655 ubfx r6, r5, #12, #4
e205a00f and sl, r5, #15
0a000001 beq c06f13bc <emulate_ldr+0x38>
e0840107 add r0, r4, r7, lsl #2
ebf3545c bl c03c6530 <__asan_load4>
e084010a add r0, r4, sl, lsl #2
ebf3545a bl c03c6530 <__asan_load4>
e2890010 add r0, r9, #16
ebf35458 bl c03c6530 <__asan_load4>
e5990010 ldr r0, [r9, #16]
e12fff30 blx r0
e356000f cm r6, #15
1a000014 bne c06f1430 <emulate_ldr+0xac>
e1a06000 mov r6, r0
e2840040 add r0, r4, #64 ; 0x40
......
when running in emulate_ldr to simulate the ldr instruction, panic
occurred, and the log is as follows:
Unable to handle kernel NULL pointer dereference at virtual address
00000090
pgd = ecb46400
[00000090] *pgd=2e0fa003, *pmd=00000000
Internal error: Oops: 206 [#1] SMP ARM
PC is at cap_capable+0x14/0xb0
LR is at emulate_ldr+0x50/0xc0
psr: 600d0293 sp : ecd63af8 ip : 00000004 fp : c0a7c30c
r10: 00000000 r9 : c30897f4 r8 : ecd63cd4
r7 : 0000000f r6 : 0000000a r5 : e59fa090 r4 : ecd63c98
r3 : c06ae294 r2 : 00000000 r1 : b7611300 r0 : bf4ec008
Flags: nZCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user
Control: 32c5387d Table: 2d546400 DAC: 55555555
Process bash (pid: 1643, stack limit = 0xecd60190)
(cap_capable) from (kprobe_handler+0x218/0x340)
(kprobe_handler) from (kprobe_trap_handler+0x24/0x48)
(kprobe_trap_handler) from (do_undefinstr+0x13c/0x364)
(do_undefinstr) from (__und_svc_finish+0x0/0x30)
(__und_svc_finish) from (cap_capable+0x18/0xb0)
(cap_capable) from (cap_vm_enough_memory+0x38/0x48)
(cap_vm_enough_memory) from
(security_vm_enough_memory_mm+0x48/0x6c)
(security_vm_enough_memory_mm) from
(copy_process.constprop.5+0x16b4/0x25c8)
(copy_process.constprop.5) from (_do_fork+0xe8/0x55c)
(_do_fork) from (SyS_clone+0x1c/0x24)
(SyS_clone) from (__sys_trace_return+0x0/0x10)
Code: 0050a0e1 6c0080e2 0140a0e1 0260a0e1 (f801f0e7)
Fixes: 35aa1df ("ARM kprobes: instruction single-stepping support")
Fixes: 4210157 ("ARM: 9017/2: Enable KASan for ARM")
Signed-off-by: huangshaobo <huangshaobo6@huawei.com>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
jenkins-tessares
pushed a commit
that referenced
this issue
Aug 23, 2022
Since priv->rx_mapping[i] is maped in moxart_mac_open(), we should unmap it from moxart_mac_stop(). Fixes 2 warnings. 1. During error unwinding in moxart_mac_probe(): "goto init_fail;", then moxart_mac_free_memory() calls dma_unmap_single() with priv->rx_mapping[i] pointers zeroed. WARNING: CPU: 0 PID: 1 at kernel/dma/debug.c:963 check_unmap+0x704/0x980 DMA-API: moxart-ethernet 92000000.mac: device driver tries to free DMA memory it has not allocated [device address=0x0000000000000000] [size=1600 bytes] CPU: 0 PID: 1 Comm: swapper Not tainted 5.19.0+ #60 Hardware name: Generic DT based system unwind_backtrace from show_stack+0x10/0x14 show_stack from dump_stack_lvl+0x34/0x44 dump_stack_lvl from __warn+0xbc/0x1f0 __warn from warn_slowpath_fmt+0x94/0xc8 warn_slowpath_fmt from check_unmap+0x704/0x980 check_unmap from debug_dma_unmap_page+0x8c/0x9c debug_dma_unmap_page from moxart_mac_free_memory+0x3c/0xa8 moxart_mac_free_memory from moxart_mac_probe+0x190/0x218 moxart_mac_probe from platform_probe+0x48/0x88 platform_probe from really_probe+0xc0/0x2e4 2. After commands: ip link set dev eth0 down ip link set dev eth0 up WARNING: CPU: 0 PID: 55 at kernel/dma/debug.c:570 add_dma_entry+0x204/0x2ec DMA-API: moxart-ethernet 92000000.mac: cacheline tracking EEXIST, overlapping mappings aren't supported CPU: 0 PID: 55 Comm: ip Not tainted 5.19.0+ #57 Hardware name: Generic DT based system unwind_backtrace from show_stack+0x10/0x14 show_stack from dump_stack_lvl+0x34/0x44 dump_stack_lvl from __warn+0xbc/0x1f0 __warn from warn_slowpath_fmt+0x94/0xc8 warn_slowpath_fmt from add_dma_entry+0x204/0x2ec add_dma_entry from dma_map_page_attrs+0x110/0x328 dma_map_page_attrs from moxart_mac_open+0x134/0x320 moxart_mac_open from __dev_open+0x11c/0x1ec __dev_open from __dev_change_flags+0x194/0x22c __dev_change_flags from dev_change_flags+0x14/0x44 dev_change_flags from devinet_ioctl+0x6d4/0x93c devinet_ioctl from inet_ioctl+0x1ac/0x25c v1 -> v2: Extraneous change removed. Fixes: 6c821bd ("net: Add MOXA ART SoCs ethernet driver") Signed-off-by: Sergei Antonov <saproj@gmail.com> Reviewed-by: Andrew Lunn <andrew@lunn.ch> Link: https://lore.kernel.org/r/20220819110519.1230877-1-saproj@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
matttbe
pushed a commit
that referenced
this issue
Aug 17, 2023
When flushing, individual set elements are disabled in the next generation via the ->flush callback. Catchall elements are not disabled. This is incorrect and may lead to double-deactivations of catchall elements which then results in memory leaks: WARNING: CPU: 1 PID: 3300 at include/net/netfilter/nf_tables.h:1172 nft_map_deactivate+0x549/0x730 CPU: 1 PID: 3300 Comm: nft Not tainted 6.5.0-rc5+ #60 RIP: 0010:nft_map_deactivate+0x549/0x730 [..] ? nft_map_deactivate+0x549/0x730 nf_tables_delset+0xb66/0xeb0 (the warn is due to nft_use_dec() detecting underflow). Fixes: aaa3104 ("netfilter: nftables: add catch-all set element support") Reported-by: lonial con <kongln9170@gmail.com> Signed-off-by: Florian Westphal <fw@strlen.de>
jenkins-tessares
pushed a commit
that referenced
this issue
Oct 17, 2023
We currently expect up to a three-digit number of tests and subtests, so: #999/999: some_test/some_subtest: ... Is the largest test/subtest we can see. If we happen to cross into 1000s, current logic will just truncate everything after 7th character. This patch fixes this truncate and allows to go way higher (up to 31 characters in total). We still nicely align test numbers: #60/66 core_reloc_btfgen/type_based___incompat:OK #60/67 core_reloc_btfgen/type_based___fn_wrong_args:OK #60/68 core_reloc_btfgen/type_id:OK #60/69 core_reloc_btfgen/type_id___missing_targets:OK #60/70 core_reloc_btfgen/enumval:OK Signed-off-by: Andrii Nakryiko <andrii@kernel.org> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Jiri Olsa <jolsa@kernel.org> Link: https://lore.kernel.org/bpf/20231006175744.3136675-3-andrii@kernel.org
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
To be able to have a fine control from userspace.
Idea is port the PM Netlink features from mptcp.org to the upstream kernel. And have it compatible with mptcpd.
(Feature from the initial roadmap)
The text was updated successfully, but these errors were encountered: