mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-06 13:16:22 +00:00
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller: 1) Fix BPF divides by zero, from Eric Dumazet and Alexei Starovoitov. 2) Reject stores into bpf context via st and xadd, from Daniel Borkmann. 3) Fix a memory leak in TUN, from Cong Wang. 4) Disable RX aggregation on a specific troublesome configuration of r8152 in a Dell TB16b dock. 5) Fix sw_ctx leak in tls, from Sabrina Dubroca. 6) Fix program replacement in cls_bpf, from Daniel Borkmann. 7) Fix uninitialized station_info structures in cfg80211, from Johannes Berg. 8) Fix miscalculation of transport header offset field in flow dissector, from Eric Dumazet. 9) Fix LPM tree leak on failure in mlxsw driver, from Ido Schimmel. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (29 commits) ibmvnic: Fix IPv6 packet descriptors ibmvnic: Fix IP offload control buffer ipv6: don't let tb6_root node share routes with other node ip6_gre: init dev->mtu and dev->hard_header_len correctly mlxsw: spectrum_router: Free LPM tree upon failure flow_dissector: properly cap thoff field fm10k: mark PM functions as __maybe_unused cfg80211: fix station info handling bugs netlink: reset extack earlier in netlink_rcv_skb can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once bpf: mark dst unknown on inconsistent {s, u}bounds adjustments bpf: fix cls_bpf on filter replace Net: ethernet: ti: netcp: Fix inbound ping crash if MTU size is greater than 1500 tls: reset crypto_info when do_tls_setsockopt_tx fails tls: return -EBUSY if crypto_info is already set tls: fix sw_ctx leak net/tls: Only attach to sockets in ESTABLISHED state net: fs_enet: do not call phy_stop() in interrupts r8152: disable RX aggregation on Dell TB16 dock ...
This commit is contained in:
commit
726ba84b50
@ -148,7 +148,8 @@ static inline int epilogue_offset(const struct jit_ctx *ctx)
|
||||
/* Stack must be multiples of 16B */
|
||||
#define STACK_ALIGN(sz) (((sz) + 15) & ~15)
|
||||
|
||||
#define PROLOGUE_OFFSET 8
|
||||
/* Tail call offset to jump into */
|
||||
#define PROLOGUE_OFFSET 7
|
||||
|
||||
static int build_prologue(struct jit_ctx *ctx)
|
||||
{
|
||||
@ -200,19 +201,19 @@ static int build_prologue(struct jit_ctx *ctx)
|
||||
/* Initialize tail_call_cnt */
|
||||
emit(A64_MOVZ(1, tcc, 0, 0), ctx);
|
||||
|
||||
/* 4 byte extra for skb_copy_bits buffer */
|
||||
ctx->stack_size = prog->aux->stack_depth + 4;
|
||||
ctx->stack_size = STACK_ALIGN(ctx->stack_size);
|
||||
|
||||
/* Set up function call stack */
|
||||
emit(A64_SUB_I(1, A64_SP, A64_SP, ctx->stack_size), ctx);
|
||||
|
||||
cur_offset = ctx->idx - idx0;
|
||||
if (cur_offset != PROLOGUE_OFFSET) {
|
||||
pr_err_once("PROLOGUE_OFFSET = %d, expected %d!\n",
|
||||
cur_offset, PROLOGUE_OFFSET);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* 4 byte extra for skb_copy_bits buffer */
|
||||
ctx->stack_size = prog->aux->stack_depth + 4;
|
||||
ctx->stack_size = STACK_ALIGN(ctx->stack_size);
|
||||
|
||||
/* Set up function call stack */
|
||||
emit(A64_SUB_I(1, A64_SP, A64_SP, ctx->stack_size), ctx);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -260,11 +261,12 @@ static int emit_bpf_tail_call(struct jit_ctx *ctx)
|
||||
emit(A64_LDR64(prg, tmp, prg), ctx);
|
||||
emit(A64_CBZ(1, prg, jmp_offset), ctx);
|
||||
|
||||
/* goto *(prog->bpf_func + prologue_size); */
|
||||
/* goto *(prog->bpf_func + prologue_offset); */
|
||||
off = offsetof(struct bpf_prog, bpf_func);
|
||||
emit_a64_mov_i64(tmp, off, ctx);
|
||||
emit(A64_LDR64(tmp, prg, tmp), ctx);
|
||||
emit(A64_ADD_I(1, tmp, tmp, sizeof(u32) * PROLOGUE_OFFSET), ctx);
|
||||
emit(A64_ADD_I(1, A64_SP, A64_SP, ctx->stack_size), ctx);
|
||||
emit(A64_BR(tmp), ctx);
|
||||
|
||||
/* out: */
|
||||
|
@ -55,7 +55,7 @@ config BCMA_DRIVER_PCI
|
||||
|
||||
config BCMA_DRIVER_PCI_HOSTMODE
|
||||
bool "Driver for PCI core working in hostmode"
|
||||
depends on MIPS && BCMA_DRIVER_PCI
|
||||
depends on MIPS && BCMA_DRIVER_PCI && PCI_DRIVERS_LEGACY
|
||||
help
|
||||
PCI core hostmode operation (external PCI bus).
|
||||
|
||||
|
@ -184,7 +184,7 @@ static int pcan_usb_fd_send_cmd(struct peak_usb_device *dev, void *cmd_tail)
|
||||
void *cmd_head = pcan_usb_fd_cmd_buffer(dev);
|
||||
int err = 0;
|
||||
u8 *packet_ptr;
|
||||
int i, n = 1, packet_len;
|
||||
int packet_len;
|
||||
ptrdiff_t cmd_len;
|
||||
|
||||
/* usb device unregistered? */
|
||||
@ -201,17 +201,13 @@ static int pcan_usb_fd_send_cmd(struct peak_usb_device *dev, void *cmd_tail)
|
||||
}
|
||||
|
||||
packet_ptr = cmd_head;
|
||||
packet_len = cmd_len;
|
||||
|
||||
/* firmware is not able to re-assemble 512 bytes buffer in full-speed */
|
||||
if ((dev->udev->speed != USB_SPEED_HIGH) &&
|
||||
(cmd_len > PCAN_UFD_LOSPD_PKT_SIZE)) {
|
||||
packet_len = PCAN_UFD_LOSPD_PKT_SIZE;
|
||||
n += cmd_len / packet_len;
|
||||
} else {
|
||||
packet_len = cmd_len;
|
||||
}
|
||||
if (unlikely(dev->udev->speed != USB_SPEED_HIGH))
|
||||
packet_len = min(packet_len, PCAN_UFD_LOSPD_PKT_SIZE);
|
||||
|
||||
for (i = 0; i < n; i++) {
|
||||
do {
|
||||
err = usb_bulk_msg(dev->udev,
|
||||
usb_sndbulkpipe(dev->udev,
|
||||
PCAN_USBPRO_EP_CMDOUT),
|
||||
@ -224,7 +220,12 @@ static int pcan_usb_fd_send_cmd(struct peak_usb_device *dev, void *cmd_tail)
|
||||
}
|
||||
|
||||
packet_ptr += packet_len;
|
||||
}
|
||||
cmd_len -= packet_len;
|
||||
|
||||
if (cmd_len < PCAN_UFD_LOSPD_PKT_SIZE)
|
||||
packet_len = cmd_len;
|
||||
|
||||
} while (packet_len > 0);
|
||||
|
||||
return err;
|
||||
}
|
||||
|
@ -613,9 +613,11 @@ static int fs_enet_start_xmit(struct sk_buff *skb, struct net_device *dev)
|
||||
return NETDEV_TX_OK;
|
||||
}
|
||||
|
||||
static void fs_timeout(struct net_device *dev)
|
||||
static void fs_timeout_work(struct work_struct *work)
|
||||
{
|
||||
struct fs_enet_private *fep = netdev_priv(dev);
|
||||
struct fs_enet_private *fep = container_of(work, struct fs_enet_private,
|
||||
timeout_work);
|
||||
struct net_device *dev = fep->ndev;
|
||||
unsigned long flags;
|
||||
int wake = 0;
|
||||
|
||||
@ -627,7 +629,6 @@ static void fs_timeout(struct net_device *dev)
|
||||
phy_stop(dev->phydev);
|
||||
(*fep->ops->stop)(dev);
|
||||
(*fep->ops->restart)(dev);
|
||||
phy_start(dev->phydev);
|
||||
}
|
||||
|
||||
phy_start(dev->phydev);
|
||||
@ -639,6 +640,13 @@ static void fs_timeout(struct net_device *dev)
|
||||
netif_wake_queue(dev);
|
||||
}
|
||||
|
||||
static void fs_timeout(struct net_device *dev)
|
||||
{
|
||||
struct fs_enet_private *fep = netdev_priv(dev);
|
||||
|
||||
schedule_work(&fep->timeout_work);
|
||||
}
|
||||
|
||||
/*-----------------------------------------------------------------------------
|
||||
* generic link-change handler - should be sufficient for most cases
|
||||
*-----------------------------------------------------------------------------*/
|
||||
@ -759,6 +767,7 @@ static int fs_enet_close(struct net_device *dev)
|
||||
netif_stop_queue(dev);
|
||||
netif_carrier_off(dev);
|
||||
napi_disable(&fep->napi);
|
||||
cancel_work_sync(&fep->timeout_work);
|
||||
phy_stop(dev->phydev);
|
||||
|
||||
spin_lock_irqsave(&fep->lock, flags);
|
||||
@ -1019,6 +1028,7 @@ static int fs_enet_probe(struct platform_device *ofdev)
|
||||
|
||||
ndev->netdev_ops = &fs_enet_netdev_ops;
|
||||
ndev->watchdog_timeo = 2 * HZ;
|
||||
INIT_WORK(&fep->timeout_work, fs_timeout_work);
|
||||
netif_napi_add(ndev, &fep->napi, fs_enet_napi, fpi->napi_weight);
|
||||
|
||||
ndev->ethtool_ops = &fs_ethtool_ops;
|
||||
|
@ -125,6 +125,7 @@ struct fs_enet_private {
|
||||
spinlock_t lock; /* during all ops except TX pckt processing */
|
||||
spinlock_t tx_lock; /* during fs_start_xmit and fs_tx */
|
||||
struct fs_platform_info *fpi;
|
||||
struct work_struct timeout_work;
|
||||
const struct fs_ops *ops;
|
||||
int rx_ring, tx_ring;
|
||||
dma_addr_t ring_mem_addr;
|
||||
|
@ -1276,6 +1276,7 @@ static int ibmvnic_xmit(struct sk_buff *skb, struct net_device *netdev)
|
||||
unsigned char *dst;
|
||||
u64 *handle_array;
|
||||
int index = 0;
|
||||
u8 proto = 0;
|
||||
int ret = 0;
|
||||
|
||||
if (adapter->resetting) {
|
||||
@ -1364,17 +1365,18 @@ static int ibmvnic_xmit(struct sk_buff *skb, struct net_device *netdev)
|
||||
}
|
||||
|
||||
if (skb->protocol == htons(ETH_P_IP)) {
|
||||
if (ip_hdr(skb)->version == 4)
|
||||
tx_crq.v1.flags1 |= IBMVNIC_TX_PROT_IPV4;
|
||||
else if (ip_hdr(skb)->version == 6)
|
||||
tx_crq.v1.flags1 |= IBMVNIC_TX_PROT_IPV6;
|
||||
|
||||
if (ip_hdr(skb)->protocol == IPPROTO_TCP)
|
||||
tx_crq.v1.flags1 |= IBMVNIC_TX_PROT_TCP;
|
||||
else if (ip_hdr(skb)->protocol != IPPROTO_TCP)
|
||||
tx_crq.v1.flags1 |= IBMVNIC_TX_PROT_UDP;
|
||||
tx_crq.v1.flags1 |= IBMVNIC_TX_PROT_IPV4;
|
||||
proto = ip_hdr(skb)->protocol;
|
||||
} else if (skb->protocol == htons(ETH_P_IPV6)) {
|
||||
tx_crq.v1.flags1 |= IBMVNIC_TX_PROT_IPV6;
|
||||
proto = ipv6_hdr(skb)->nexthdr;
|
||||
}
|
||||
|
||||
if (proto == IPPROTO_TCP)
|
||||
tx_crq.v1.flags1 |= IBMVNIC_TX_PROT_TCP;
|
||||
else if (proto == IPPROTO_UDP)
|
||||
tx_crq.v1.flags1 |= IBMVNIC_TX_PROT_UDP;
|
||||
|
||||
if (skb->ip_summed == CHECKSUM_PARTIAL) {
|
||||
tx_crq.v1.flags1 |= IBMVNIC_TX_CHKSUM_OFFLOAD;
|
||||
hdrs += 2;
|
||||
@ -3346,7 +3348,11 @@ static void handle_query_ip_offload_rsp(struct ibmvnic_adapter *adapter)
|
||||
return;
|
||||
}
|
||||
|
||||
adapter->ip_offload_ctrl.len =
|
||||
cpu_to_be32(sizeof(adapter->ip_offload_ctrl));
|
||||
adapter->ip_offload_ctrl.version = cpu_to_be32(INITIAL_VERSION_IOB);
|
||||
adapter->ip_offload_ctrl.ipv4_chksum = buf->ipv4_chksum;
|
||||
adapter->ip_offload_ctrl.ipv6_chksum = buf->ipv6_chksum;
|
||||
adapter->ip_offload_ctrl.tcp_ipv4_chksum = buf->tcp_ipv4_chksum;
|
||||
adapter->ip_offload_ctrl.udp_ipv4_chksum = buf->udp_ipv4_chksum;
|
||||
adapter->ip_offload_ctrl.tcp_ipv6_chksum = buf->tcp_ipv6_chksum;
|
||||
|
@ -2463,7 +2463,6 @@ static int fm10k_handle_resume(struct fm10k_intfc *interface)
|
||||
return err;
|
||||
}
|
||||
|
||||
#ifdef CONFIG_PM
|
||||
/**
|
||||
* fm10k_resume - Generic PM resume hook
|
||||
* @dev: generic device structure
|
||||
@ -2472,7 +2471,7 @@ static int fm10k_handle_resume(struct fm10k_intfc *interface)
|
||||
* suspend or hibernation. This function does not need to handle lower PCIe
|
||||
* device state as the stack takes care of that for us.
|
||||
**/
|
||||
static int fm10k_resume(struct device *dev)
|
||||
static int __maybe_unused fm10k_resume(struct device *dev)
|
||||
{
|
||||
struct fm10k_intfc *interface = pci_get_drvdata(to_pci_dev(dev));
|
||||
struct net_device *netdev = interface->netdev;
|
||||
@ -2499,7 +2498,7 @@ static int fm10k_resume(struct device *dev)
|
||||
* system suspend or hibernation. This function does not need to handle lower
|
||||
* PCIe device state as the stack takes care of that for us.
|
||||
**/
|
||||
static int fm10k_suspend(struct device *dev)
|
||||
static int __maybe_unused fm10k_suspend(struct device *dev)
|
||||
{
|
||||
struct fm10k_intfc *interface = pci_get_drvdata(to_pci_dev(dev));
|
||||
struct net_device *netdev = interface->netdev;
|
||||
@ -2511,8 +2510,6 @@ static int fm10k_suspend(struct device *dev)
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif /* CONFIG_PM */
|
||||
|
||||
/**
|
||||
* fm10k_io_error_detected - called when PCI error is detected
|
||||
* @pdev: Pointer to PCI device
|
||||
@ -2643,11 +2640,9 @@ static struct pci_driver fm10k_driver = {
|
||||
.id_table = fm10k_pci_tbl,
|
||||
.probe = fm10k_probe,
|
||||
.remove = fm10k_remove,
|
||||
#ifdef CONFIG_PM
|
||||
.driver = {
|
||||
.pm = &fm10k_pm_ops,
|
||||
},
|
||||
#endif /* CONFIG_PM */
|
||||
.sriov_configure = fm10k_iov_configure,
|
||||
.err_handler = &fm10k_err_handler
|
||||
};
|
||||
|
@ -821,13 +821,18 @@ static int mlxsw_sp_vr_lpm_tree_replace(struct mlxsw_sp *mlxsw_sp,
|
||||
struct mlxsw_sp_lpm_tree *old_tree = fib->lpm_tree;
|
||||
int err;
|
||||
|
||||
err = mlxsw_sp_vr_lpm_tree_bind(mlxsw_sp, fib, new_tree->id);
|
||||
if (err)
|
||||
return err;
|
||||
fib->lpm_tree = new_tree;
|
||||
mlxsw_sp_lpm_tree_hold(new_tree);
|
||||
err = mlxsw_sp_vr_lpm_tree_bind(mlxsw_sp, fib, new_tree->id);
|
||||
if (err)
|
||||
goto err_tree_bind;
|
||||
mlxsw_sp_lpm_tree_put(mlxsw_sp, old_tree);
|
||||
return 0;
|
||||
|
||||
err_tree_bind:
|
||||
mlxsw_sp_lpm_tree_put(mlxsw_sp, new_tree);
|
||||
fib->lpm_tree = old_tree;
|
||||
return err;
|
||||
}
|
||||
|
||||
static int mlxsw_sp_vrs_lpm_tree_replace(struct mlxsw_sp *mlxsw_sp,
|
||||
@ -868,11 +873,14 @@ static int mlxsw_sp_vrs_lpm_tree_replace(struct mlxsw_sp *mlxsw_sp,
|
||||
return err;
|
||||
|
||||
no_replace:
|
||||
err = mlxsw_sp_vr_lpm_tree_bind(mlxsw_sp, fib, new_tree->id);
|
||||
if (err)
|
||||
return err;
|
||||
fib->lpm_tree = new_tree;
|
||||
mlxsw_sp_lpm_tree_hold(new_tree);
|
||||
err = mlxsw_sp_vr_lpm_tree_bind(mlxsw_sp, fib, new_tree->id);
|
||||
if (err) {
|
||||
mlxsw_sp_lpm_tree_put(mlxsw_sp, new_tree);
|
||||
fib->lpm_tree = NULL;
|
||||
return err;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -715,7 +715,7 @@ static int netcp_process_one_rx_packet(struct netcp_intf *netcp)
|
||||
/* warning!!!! We are retrieving the virtual ptr in the sw_data
|
||||
* field as a 32bit value. Will not work on 64bit machines
|
||||
*/
|
||||
page = (struct page *)GET_SW_DATA0(desc);
|
||||
page = (struct page *)GET_SW_DATA0(ndesc);
|
||||
|
||||
if (likely(dma_buff && buf_len && page)) {
|
||||
dma_unmap_page(netcp->dev, dma_buff, PAGE_SIZE,
|
||||
|
@ -611,6 +611,14 @@ static void tun_queue_purge(struct tun_file *tfile)
|
||||
skb_queue_purge(&tfile->sk.sk_error_queue);
|
||||
}
|
||||
|
||||
static void tun_cleanup_tx_array(struct tun_file *tfile)
|
||||
{
|
||||
if (tfile->tx_array.ring.queue) {
|
||||
skb_array_cleanup(&tfile->tx_array);
|
||||
memset(&tfile->tx_array, 0, sizeof(tfile->tx_array));
|
||||
}
|
||||
}
|
||||
|
||||
static void __tun_detach(struct tun_file *tfile, bool clean)
|
||||
{
|
||||
struct tun_file *ntfile;
|
||||
@ -657,8 +665,7 @@ static void __tun_detach(struct tun_file *tfile, bool clean)
|
||||
tun->dev->reg_state == NETREG_REGISTERED)
|
||||
unregister_netdevice(tun->dev);
|
||||
}
|
||||
if (tun)
|
||||
skb_array_cleanup(&tfile->tx_array);
|
||||
tun_cleanup_tx_array(tfile);
|
||||
sock_put(&tfile->sk);
|
||||
}
|
||||
}
|
||||
@ -700,11 +707,13 @@ static void tun_detach_all(struct net_device *dev)
|
||||
/* Drop read queue */
|
||||
tun_queue_purge(tfile);
|
||||
sock_put(&tfile->sk);
|
||||
tun_cleanup_tx_array(tfile);
|
||||
}
|
||||
list_for_each_entry_safe(tfile, tmp, &tun->disabled, next) {
|
||||
tun_enable_queue(tfile);
|
||||
tun_queue_purge(tfile);
|
||||
sock_put(&tfile->sk);
|
||||
tun_cleanup_tx_array(tfile);
|
||||
}
|
||||
BUG_ON(tun->numdisabled != 0);
|
||||
|
||||
@ -2851,6 +2860,8 @@ static int tun_chr_open(struct inode *inode, struct file * file)
|
||||
|
||||
sock_set_flag(&tfile->sk, SOCK_ZEROCOPY);
|
||||
|
||||
memset(&tfile->tx_array, 0, sizeof(tfile->tx_array));
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -606,6 +606,7 @@ enum rtl8152_flags {
|
||||
PHY_RESET,
|
||||
SCHEDULE_NAPI,
|
||||
GREEN_ETHERNET,
|
||||
DELL_TB_RX_AGG_BUG,
|
||||
};
|
||||
|
||||
/* Define these values to match your device */
|
||||
@ -1798,6 +1799,9 @@ static int r8152_tx_agg_fill(struct r8152 *tp, struct tx_agg *agg)
|
||||
dev_kfree_skb_any(skb);
|
||||
|
||||
remain = agg_buf_sz - (int)(tx_agg_align(tx_data) - agg->head);
|
||||
|
||||
if (test_bit(DELL_TB_RX_AGG_BUG, &tp->flags))
|
||||
break;
|
||||
}
|
||||
|
||||
if (!skb_queue_empty(&skb_head)) {
|
||||
@ -4133,6 +4137,9 @@ static void r8153_init(struct r8152 *tp)
|
||||
/* rx aggregation */
|
||||
ocp_data = ocp_read_word(tp, MCU_TYPE_USB, USB_USB_CTRL);
|
||||
ocp_data &= ~(RX_AGG_DISABLE | RX_ZERO_EN);
|
||||
if (test_bit(DELL_TB_RX_AGG_BUG, &tp->flags))
|
||||
ocp_data |= RX_AGG_DISABLE;
|
||||
|
||||
ocp_write_word(tp, MCU_TYPE_USB, USB_USB_CTRL, ocp_data);
|
||||
|
||||
rtl_tally_reset(tp);
|
||||
@ -5207,6 +5214,12 @@ static int rtl8152_probe(struct usb_interface *intf,
|
||||
netdev->hw_features &= ~NETIF_F_RXCSUM;
|
||||
}
|
||||
|
||||
if (le16_to_cpu(udev->descriptor.bcdDevice) == 0x3011 &&
|
||||
udev->serial && !strcmp(udev->serial, "000001000000")) {
|
||||
dev_info(&udev->dev, "Dell TB16 Dock, disable RX aggregation");
|
||||
set_bit(DELL_TB_RX_AGG_BUG, &tp->flags);
|
||||
}
|
||||
|
||||
netdev->ethtool_ops = &ops;
|
||||
netif_set_gso_max_size(netdev, RTL_LIMITED_TSO_SIZE);
|
||||
|
||||
|
@ -182,12 +182,9 @@ static int brcmf_c_process_clm_blob(struct brcmf_if *ifp)
|
||||
|
||||
err = request_firmware(&clm, clm_name, dev);
|
||||
if (err) {
|
||||
if (err == -ENOENT) {
|
||||
brcmf_dbg(INFO, "continue with CLM data currently present in firmware\n");
|
||||
return 0;
|
||||
}
|
||||
brcmf_err("request CLM blob file failed (%d)\n", err);
|
||||
return err;
|
||||
brcmf_info("no clm_blob available(err=%d), device may have limited channels available\n",
|
||||
err);
|
||||
return 0;
|
||||
}
|
||||
|
||||
chunk_buf = kzalloc(sizeof(*chunk_buf) + MAX_CHUNK_LEN - 1, GFP_KERNEL);
|
||||
|
@ -32,7 +32,7 @@ config SSB_BLOCKIO
|
||||
|
||||
config SSB_PCIHOST_POSSIBLE
|
||||
bool
|
||||
depends on SSB && (PCI = y || PCI = SSB)
|
||||
depends on SSB && (PCI = y || PCI = SSB) && PCI_DRIVERS_LEGACY
|
||||
default y
|
||||
|
||||
config SSB_PCIHOST
|
||||
|
@ -956,7 +956,7 @@ static unsigned int ___bpf_prog_run(u64 *regs, const struct bpf_insn *insn,
|
||||
DST = tmp;
|
||||
CONT;
|
||||
ALU_MOD_X:
|
||||
if (unlikely(SRC == 0))
|
||||
if (unlikely((u32)SRC == 0))
|
||||
return 0;
|
||||
tmp = (u32) DST;
|
||||
DST = do_div(tmp, (u32) SRC);
|
||||
@ -975,7 +975,7 @@ static unsigned int ___bpf_prog_run(u64 *regs, const struct bpf_insn *insn,
|
||||
DST = div64_u64(DST, SRC);
|
||||
CONT;
|
||||
ALU_DIV_X:
|
||||
if (unlikely(SRC == 0))
|
||||
if (unlikely((u32)SRC == 0))
|
||||
return 0;
|
||||
tmp = (u32) DST;
|
||||
do_div(tmp, (u32) SRC);
|
||||
|
@ -978,6 +978,13 @@ static bool is_pointer_value(struct bpf_verifier_env *env, int regno)
|
||||
return __is_pointer_value(env->allow_ptr_leaks, cur_regs(env) + regno);
|
||||
}
|
||||
|
||||
static bool is_ctx_reg(struct bpf_verifier_env *env, int regno)
|
||||
{
|
||||
const struct bpf_reg_state *reg = cur_regs(env) + regno;
|
||||
|
||||
return reg->type == PTR_TO_CTX;
|
||||
}
|
||||
|
||||
static int check_pkt_ptr_alignment(struct bpf_verifier_env *env,
|
||||
const struct bpf_reg_state *reg,
|
||||
int off, int size, bool strict)
|
||||
@ -1258,6 +1265,12 @@ static int check_xadd(struct bpf_verifier_env *env, int insn_idx, struct bpf_ins
|
||||
return -EACCES;
|
||||
}
|
||||
|
||||
if (is_ctx_reg(env, insn->dst_reg)) {
|
||||
verbose(env, "BPF_XADD stores into R%d context is not allowed\n",
|
||||
insn->dst_reg);
|
||||
return -EACCES;
|
||||
}
|
||||
|
||||
/* check whether atomic_add can read the memory */
|
||||
err = check_mem_access(env, insn_idx, insn->dst_reg, insn->off,
|
||||
BPF_SIZE(insn->code), BPF_READ, -1);
|
||||
@ -1882,17 +1895,13 @@ static int adjust_ptr_min_max_vals(struct bpf_verifier_env *env,
|
||||
|
||||
dst_reg = ®s[dst];
|
||||
|
||||
if (WARN_ON_ONCE(known && (smin_val != smax_val))) {
|
||||
print_verifier_state(env, env->cur_state);
|
||||
verbose(env,
|
||||
"verifier internal error: known but bad sbounds\n");
|
||||
return -EINVAL;
|
||||
}
|
||||
if (WARN_ON_ONCE(known && (umin_val != umax_val))) {
|
||||
print_verifier_state(env, env->cur_state);
|
||||
verbose(env,
|
||||
"verifier internal error: known but bad ubounds\n");
|
||||
return -EINVAL;
|
||||
if ((known && (smin_val != smax_val || umin_val != umax_val)) ||
|
||||
smin_val > smax_val || umin_val > umax_val) {
|
||||
/* Taint dst register if offset had invalid bounds derived from
|
||||
* e.g. dead branches.
|
||||
*/
|
||||
__mark_reg_unknown(dst_reg);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (BPF_CLASS(insn->code) != BPF_ALU64) {
|
||||
@ -2084,6 +2093,15 @@ static int adjust_scalar_min_max_vals(struct bpf_verifier_env *env,
|
||||
src_known = tnum_is_const(src_reg.var_off);
|
||||
dst_known = tnum_is_const(dst_reg->var_off);
|
||||
|
||||
if ((src_known && (smin_val != smax_val || umin_val != umax_val)) ||
|
||||
smin_val > smax_val || umin_val > umax_val) {
|
||||
/* Taint dst register if offset had invalid bounds derived from
|
||||
* e.g. dead branches.
|
||||
*/
|
||||
__mark_reg_unknown(dst_reg);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!src_known &&
|
||||
opcode != BPF_ADD && opcode != BPF_SUB && opcode != BPF_AND) {
|
||||
__mark_reg_unknown(dst_reg);
|
||||
@ -3993,6 +4011,12 @@ static int do_check(struct bpf_verifier_env *env)
|
||||
if (err)
|
||||
return err;
|
||||
|
||||
if (is_ctx_reg(env, insn->dst_reg)) {
|
||||
verbose(env, "BPF_ST stores into R%d context is not allowed\n",
|
||||
insn->dst_reg);
|
||||
return -EACCES;
|
||||
}
|
||||
|
||||
/* check that memory (dst_reg + off) is writeable */
|
||||
err = check_mem_access(env, insn_idx, insn->dst_reg, insn->off,
|
||||
BPF_SIZE(insn->code), BPF_WRITE,
|
||||
@ -4445,6 +4469,24 @@ static int fixup_bpf_calls(struct bpf_verifier_env *env)
|
||||
int i, cnt, delta = 0;
|
||||
|
||||
for (i = 0; i < insn_cnt; i++, insn++) {
|
||||
if (insn->code == (BPF_ALU | BPF_MOD | BPF_X) ||
|
||||
insn->code == (BPF_ALU | BPF_DIV | BPF_X)) {
|
||||
/* due to JIT bugs clear upper 32-bits of src register
|
||||
* before div/mod operation
|
||||
*/
|
||||
insn_buf[0] = BPF_MOV32_REG(insn->src_reg, insn->src_reg);
|
||||
insn_buf[1] = *insn;
|
||||
cnt = 2;
|
||||
new_prog = bpf_patch_insn_data(env, i + delta, insn_buf, cnt);
|
||||
if (!new_prog)
|
||||
return -ENOMEM;
|
||||
|
||||
delta += cnt - 1;
|
||||
env->prog = prog = new_prog;
|
||||
insn = new_prog->insnsi + i + delta;
|
||||
continue;
|
||||
}
|
||||
|
||||
if (insn->code != (BPF_JMP | BPF_CALL))
|
||||
continue;
|
||||
|
||||
|
@ -721,20 +721,16 @@ static int can_rcv(struct sk_buff *skb, struct net_device *dev,
|
||||
{
|
||||
struct canfd_frame *cfd = (struct canfd_frame *)skb->data;
|
||||
|
||||
if (WARN_ONCE(dev->type != ARPHRD_CAN ||
|
||||
skb->len != CAN_MTU ||
|
||||
cfd->len > CAN_MAX_DLEN,
|
||||
"PF_CAN: dropped non conform CAN skbuf: "
|
||||
"dev type %d, len %d, datalen %d\n",
|
||||
dev->type, skb->len, cfd->len))
|
||||
goto drop;
|
||||
if (unlikely(dev->type != ARPHRD_CAN || skb->len != CAN_MTU ||
|
||||
cfd->len > CAN_MAX_DLEN)) {
|
||||
pr_warn_once("PF_CAN: dropped non conform CAN skbuf: dev type %d, len %d, datalen %d\n",
|
||||
dev->type, skb->len, cfd->len);
|
||||
kfree_skb(skb);
|
||||
return NET_RX_DROP;
|
||||
}
|
||||
|
||||
can_receive(skb, dev);
|
||||
return NET_RX_SUCCESS;
|
||||
|
||||
drop:
|
||||
kfree_skb(skb);
|
||||
return NET_RX_DROP;
|
||||
}
|
||||
|
||||
static int canfd_rcv(struct sk_buff *skb, struct net_device *dev,
|
||||
@ -742,20 +738,16 @@ static int canfd_rcv(struct sk_buff *skb, struct net_device *dev,
|
||||
{
|
||||
struct canfd_frame *cfd = (struct canfd_frame *)skb->data;
|
||||
|
||||
if (WARN_ONCE(dev->type != ARPHRD_CAN ||
|
||||
skb->len != CANFD_MTU ||
|
||||
cfd->len > CANFD_MAX_DLEN,
|
||||
"PF_CAN: dropped non conform CAN FD skbuf: "
|
||||
"dev type %d, len %d, datalen %d\n",
|
||||
dev->type, skb->len, cfd->len))
|
||||
goto drop;
|
||||
if (unlikely(dev->type != ARPHRD_CAN || skb->len != CANFD_MTU ||
|
||||
cfd->len > CANFD_MAX_DLEN)) {
|
||||
pr_warn_once("PF_CAN: dropped non conform CAN FD skbuf: dev type %d, len %d, datalen %d\n",
|
||||
dev->type, skb->len, cfd->len);
|
||||
kfree_skb(skb);
|
||||
return NET_RX_DROP;
|
||||
}
|
||||
|
||||
can_receive(skb, dev);
|
||||
return NET_RX_SUCCESS;
|
||||
|
||||
drop:
|
||||
kfree_skb(skb);
|
||||
return NET_RX_DROP;
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -458,6 +458,10 @@ static int bpf_convert_filter(struct sock_filter *prog, int len,
|
||||
convert_bpf_extensions(fp, &insn))
|
||||
break;
|
||||
|
||||
if (fp->code == (BPF_ALU | BPF_DIV | BPF_X) ||
|
||||
fp->code == (BPF_ALU | BPF_MOD | BPF_X))
|
||||
*insn++ = BPF_MOV32_REG(BPF_REG_X, BPF_REG_X);
|
||||
|
||||
*insn = BPF_RAW_INSN(fp->code, BPF_REG_A, BPF_REG_X, 0, fp->k);
|
||||
break;
|
||||
|
||||
|
@ -976,8 +976,8 @@ bool __skb_flow_dissect(const struct sk_buff *skb,
|
||||
out_good:
|
||||
ret = true;
|
||||
|
||||
key_control->thoff = (u16)nhoff;
|
||||
out:
|
||||
key_control->thoff = min_t(u16, nhoff, skb ? skb->len : hlen);
|
||||
key_basic->n_proto = proto;
|
||||
key_basic->ip_proto = ip_proto;
|
||||
|
||||
@ -985,7 +985,6 @@ bool __skb_flow_dissect(const struct sk_buff *skb,
|
||||
|
||||
out_bad:
|
||||
ret = false;
|
||||
key_control->thoff = min_t(u16, nhoff, skb ? skb->len : hlen);
|
||||
goto out;
|
||||
}
|
||||
EXPORT_SYMBOL(__skb_flow_dissect);
|
||||
|
@ -1226,8 +1226,14 @@ int fib6_add(struct fib6_node *root, struct rt6_info *rt,
|
||||
}
|
||||
|
||||
if (!rcu_access_pointer(fn->leaf)) {
|
||||
atomic_inc(&rt->rt6i_ref);
|
||||
rcu_assign_pointer(fn->leaf, rt);
|
||||
if (fn->fn_flags & RTN_TL_ROOT) {
|
||||
/* put back null_entry for root node */
|
||||
rcu_assign_pointer(fn->leaf,
|
||||
info->nl_net->ipv6.ip6_null_entry);
|
||||
} else {
|
||||
atomic_inc(&rt->rt6i_ref);
|
||||
rcu_assign_pointer(fn->leaf, rt);
|
||||
}
|
||||
}
|
||||
fn = sn;
|
||||
}
|
||||
|
@ -337,11 +337,12 @@ static struct ip6_tnl *ip6gre_tunnel_locate(struct net *net,
|
||||
|
||||
nt->dev = dev;
|
||||
nt->net = dev_net(dev);
|
||||
ip6gre_tnl_link_config(nt, 1);
|
||||
|
||||
if (register_netdevice(dev) < 0)
|
||||
goto failed_free;
|
||||
|
||||
ip6gre_tnl_link_config(nt, 1);
|
||||
|
||||
/* Can use a lockless transmit, unless we generate output sequences */
|
||||
if (!(nt->parms.o_flags & TUNNEL_SEQ))
|
||||
dev->features |= NETIF_F_LLTX;
|
||||
@ -1303,7 +1304,6 @@ static void ip6gre_netlink_parms(struct nlattr *data[],
|
||||
|
||||
static int ip6gre_tap_init(struct net_device *dev)
|
||||
{
|
||||
struct ip6_tnl *tunnel;
|
||||
int ret;
|
||||
|
||||
ret = ip6gre_tunnel_init_common(dev);
|
||||
@ -1312,10 +1312,6 @@ static int ip6gre_tap_init(struct net_device *dev)
|
||||
|
||||
dev->priv_flags |= IFF_LIVE_ADDR_CHANGE;
|
||||
|
||||
tunnel = netdev_priv(dev);
|
||||
|
||||
ip6gre_tnl_link_config(tunnel, 1);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -1408,12 +1404,16 @@ static int ip6gre_newlink(struct net *src_net, struct net_device *dev,
|
||||
|
||||
nt->dev = dev;
|
||||
nt->net = dev_net(dev);
|
||||
ip6gre_tnl_link_config(nt, !tb[IFLA_MTU]);
|
||||
|
||||
err = register_netdevice(dev);
|
||||
if (err)
|
||||
goto out;
|
||||
|
||||
ip6gre_tnl_link_config(nt, !tb[IFLA_MTU]);
|
||||
|
||||
if (tb[IFLA_MTU])
|
||||
ip6_tnl_change_mtu(dev, nla_get_u32(tb[IFLA_MTU]));
|
||||
|
||||
dev_hold(dev);
|
||||
ip6gre_tunnel_link(ign, nt);
|
||||
|
||||
|
@ -2391,6 +2391,7 @@ int netlink_rcv_skb(struct sk_buff *skb, int (*cb)(struct sk_buff *,
|
||||
while (skb->len >= nlmsg_total_size(0)) {
|
||||
int msglen;
|
||||
|
||||
memset(&extack, 0, sizeof(extack));
|
||||
nlh = nlmsg_hdr(skb);
|
||||
err = 0;
|
||||
|
||||
@ -2405,7 +2406,6 @@ int netlink_rcv_skb(struct sk_buff *skb, int (*cb)(struct sk_buff *,
|
||||
if (nlh->nlmsg_type < NLMSG_MIN_TYPE)
|
||||
goto ack;
|
||||
|
||||
memset(&extack, 0, sizeof(extack));
|
||||
err = cb(skb, nlh, &extack);
|
||||
if (err == -EINTR)
|
||||
goto skip;
|
||||
|
@ -183,10 +183,17 @@ static int cls_bpf_offload_cmd(struct tcf_proto *tp, struct cls_bpf_prog *prog,
|
||||
return 0;
|
||||
}
|
||||
|
||||
static u32 cls_bpf_flags(u32 flags)
|
||||
{
|
||||
return flags & CLS_BPF_SUPPORTED_GEN_FLAGS;
|
||||
}
|
||||
|
||||
static int cls_bpf_offload(struct tcf_proto *tp, struct cls_bpf_prog *prog,
|
||||
struct cls_bpf_prog *oldprog)
|
||||
{
|
||||
if (prog && oldprog && prog->gen_flags != oldprog->gen_flags)
|
||||
if (prog && oldprog &&
|
||||
cls_bpf_flags(prog->gen_flags) !=
|
||||
cls_bpf_flags(oldprog->gen_flags))
|
||||
return -EINVAL;
|
||||
|
||||
if (prog && tc_skip_hw(prog->gen_flags))
|
||||
|
@ -367,8 +367,10 @@ static int do_tls_setsockopt_tx(struct sock *sk, char __user *optval,
|
||||
|
||||
crypto_info = &ctx->crypto_send;
|
||||
/* Currently we don't support set crypto info more than one time */
|
||||
if (TLS_CRYPTO_INFO_READY(crypto_info))
|
||||
if (TLS_CRYPTO_INFO_READY(crypto_info)) {
|
||||
rc = -EBUSY;
|
||||
goto out;
|
||||
}
|
||||
|
||||
rc = copy_from_user(crypto_info, optval, sizeof(*crypto_info));
|
||||
if (rc) {
|
||||
@ -386,7 +388,7 @@ static int do_tls_setsockopt_tx(struct sock *sk, char __user *optval,
|
||||
case TLS_CIPHER_AES_GCM_128: {
|
||||
if (optlen != sizeof(struct tls12_crypto_info_aes_gcm_128)) {
|
||||
rc = -EINVAL;
|
||||
goto out;
|
||||
goto err_crypto_info;
|
||||
}
|
||||
rc = copy_from_user(crypto_info + 1, optval + sizeof(*crypto_info),
|
||||
optlen - sizeof(*crypto_info));
|
||||
@ -398,7 +400,7 @@ static int do_tls_setsockopt_tx(struct sock *sk, char __user *optval,
|
||||
}
|
||||
default:
|
||||
rc = -EINVAL;
|
||||
goto out;
|
||||
goto err_crypto_info;
|
||||
}
|
||||
|
||||
/* currently SW is default, we will have ethtool in future */
|
||||
@ -454,6 +456,15 @@ static int tls_init(struct sock *sk)
|
||||
struct tls_context *ctx;
|
||||
int rc = 0;
|
||||
|
||||
/* The TLS ulp is currently supported only for TCP sockets
|
||||
* in ESTABLISHED state.
|
||||
* Supporting sockets in LISTEN state will require us
|
||||
* to modify the accept implementation to clone rather then
|
||||
* share the ulp context.
|
||||
*/
|
||||
if (sk->sk_state != TCP_ESTABLISHED)
|
||||
return -ENOTSUPP;
|
||||
|
||||
/* allocate tls context */
|
||||
ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);
|
||||
if (!ctx) {
|
||||
|
@ -681,18 +681,17 @@ int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx)
|
||||
}
|
||||
default:
|
||||
rc = -EINVAL;
|
||||
goto out;
|
||||
goto free_priv;
|
||||
}
|
||||
|
||||
ctx->prepend_size = TLS_HEADER_SIZE + nonce_size;
|
||||
ctx->tag_size = tag_size;
|
||||
ctx->overhead_size = ctx->prepend_size + ctx->tag_size;
|
||||
ctx->iv_size = iv_size;
|
||||
ctx->iv = kmalloc(iv_size + TLS_CIPHER_AES_GCM_128_SALT_SIZE,
|
||||
GFP_KERNEL);
|
||||
ctx->iv = kmalloc(iv_size + TLS_CIPHER_AES_GCM_128_SALT_SIZE, GFP_KERNEL);
|
||||
if (!ctx->iv) {
|
||||
rc = -ENOMEM;
|
||||
goto out;
|
||||
goto free_priv;
|
||||
}
|
||||
memcpy(ctx->iv, gcm_128_info->salt, TLS_CIPHER_AES_GCM_128_SALT_SIZE);
|
||||
memcpy(ctx->iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE, iv, iv_size);
|
||||
@ -740,7 +739,7 @@ int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx)
|
||||
|
||||
rc = crypto_aead_setauthsize(sw_ctx->aead_send, ctx->tag_size);
|
||||
if (!rc)
|
||||
goto out;
|
||||
return 0;
|
||||
|
||||
free_aead:
|
||||
crypto_free_aead(sw_ctx->aead_send);
|
||||
@ -751,6 +750,9 @@ int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx)
|
||||
free_iv:
|
||||
kfree(ctx->iv);
|
||||
ctx->iv = NULL;
|
||||
free_priv:
|
||||
kfree(ctx->priv_ctx);
|
||||
ctx->priv_ctx = NULL;
|
||||
out:
|
||||
return rc;
|
||||
}
|
||||
|
@ -9809,7 +9809,7 @@ static int cfg80211_cqm_rssi_update(struct cfg80211_registered_device *rdev,
|
||||
*/
|
||||
if (!wdev->cqm_config->last_rssi_event_value && wdev->current_bss &&
|
||||
rdev->ops->get_station) {
|
||||
struct station_info sinfo;
|
||||
struct station_info sinfo = {};
|
||||
u8 *mac_addr;
|
||||
|
||||
mac_addr = wdev->current_bss->pub.bssid;
|
||||
|
@ -1254,8 +1254,7 @@ static int cfg80211_wext_giwrate(struct net_device *dev,
|
||||
{
|
||||
struct wireless_dev *wdev = dev->ieee80211_ptr;
|
||||
struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
|
||||
/* we are under RTNL - globally locked - so can use a static struct */
|
||||
static struct station_info sinfo;
|
||||
struct station_info sinfo = {};
|
||||
u8 addr[ETH_ALEN];
|
||||
int err;
|
||||
|
||||
|
@ -2592,6 +2592,29 @@ static struct bpf_test tests[] = {
|
||||
.result = ACCEPT,
|
||||
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
|
||||
},
|
||||
{
|
||||
"context stores via ST",
|
||||
.insns = {
|
||||
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||
BPF_ST_MEM(BPF_DW, BPF_REG_1, offsetof(struct __sk_buff, mark), 0),
|
||||
BPF_EXIT_INSN(),
|
||||
},
|
||||
.errstr = "BPF_ST stores into R1 context is not allowed",
|
||||
.result = REJECT,
|
||||
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
|
||||
},
|
||||
{
|
||||
"context stores via XADD",
|
||||
.insns = {
|
||||
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||
BPF_RAW_INSN(BPF_STX | BPF_XADD | BPF_W, BPF_REG_1,
|
||||
BPF_REG_0, offsetof(struct __sk_buff, mark), 0),
|
||||
BPF_EXIT_INSN(),
|
||||
},
|
||||
.errstr = "BPF_XADD stores into R1 context is not allowed",
|
||||
.result = REJECT,
|
||||
.prog_type = BPF_PROG_TYPE_SCHED_CLS,
|
||||
},
|
||||
{
|
||||
"direct packet access: test1",
|
||||
.insns = {
|
||||
@ -4312,7 +4335,8 @@ static struct bpf_test tests[] = {
|
||||
.fixup_map1 = { 2 },
|
||||
.errstr_unpriv = "R2 leaks addr into mem",
|
||||
.result_unpriv = REJECT,
|
||||
.result = ACCEPT,
|
||||
.result = REJECT,
|
||||
.errstr = "BPF_XADD stores into R1 context is not allowed",
|
||||
},
|
||||
{
|
||||
"leak pointer into ctx 2",
|
||||
@ -4326,7 +4350,8 @@ static struct bpf_test tests[] = {
|
||||
},
|
||||
.errstr_unpriv = "R10 leaks addr into mem",
|
||||
.result_unpriv = REJECT,
|
||||
.result = ACCEPT,
|
||||
.result = REJECT,
|
||||
.errstr = "BPF_XADD stores into R1 context is not allowed",
|
||||
},
|
||||
{
|
||||
"leak pointer into ctx 3",
|
||||
@ -6707,7 +6732,7 @@ static struct bpf_test tests[] = {
|
||||
BPF_JMP_IMM(BPF_JA, 0, 0, -7),
|
||||
},
|
||||
.fixup_map1 = { 4 },
|
||||
.errstr = "unbounded min value",
|
||||
.errstr = "R0 invalid mem access 'inv'",
|
||||
.result = REJECT,
|
||||
},
|
||||
{
|
||||
@ -8608,6 +8633,127 @@ static struct bpf_test tests[] = {
|
||||
.prog_type = BPF_PROG_TYPE_XDP,
|
||||
.flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS,
|
||||
},
|
||||
{
|
||||
"check deducing bounds from const, 1",
|
||||
.insns = {
|
||||
BPF_MOV64_IMM(BPF_REG_0, 1),
|
||||
BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 1, 0),
|
||||
BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1),
|
||||
BPF_EXIT_INSN(),
|
||||
},
|
||||
.result = REJECT,
|
||||
.errstr = "R0 tried to subtract pointer from scalar",
|
||||
},
|
||||
{
|
||||
"check deducing bounds from const, 2",
|
||||
.insns = {
|
||||
BPF_MOV64_IMM(BPF_REG_0, 1),
|
||||
BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 1, 1),
|
||||
BPF_EXIT_INSN(),
|
||||
BPF_JMP_IMM(BPF_JSLE, BPF_REG_0, 1, 1),
|
||||
BPF_EXIT_INSN(),
|
||||
BPF_ALU64_REG(BPF_SUB, BPF_REG_1, BPF_REG_0),
|
||||
BPF_EXIT_INSN(),
|
||||
},
|
||||
.result = ACCEPT,
|
||||
},
|
||||
{
|
||||
"check deducing bounds from const, 3",
|
||||
.insns = {
|
||||
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||
BPF_JMP_IMM(BPF_JSLE, BPF_REG_0, 0, 0),
|
||||
BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1),
|
||||
BPF_EXIT_INSN(),
|
||||
},
|
||||
.result = REJECT,
|
||||
.errstr = "R0 tried to subtract pointer from scalar",
|
||||
},
|
||||
{
|
||||
"check deducing bounds from const, 4",
|
||||
.insns = {
|
||||
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||
BPF_JMP_IMM(BPF_JSLE, BPF_REG_0, 0, 1),
|
||||
BPF_EXIT_INSN(),
|
||||
BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 0, 1),
|
||||
BPF_EXIT_INSN(),
|
||||
BPF_ALU64_REG(BPF_SUB, BPF_REG_1, BPF_REG_0),
|
||||
BPF_EXIT_INSN(),
|
||||
},
|
||||
.result = ACCEPT,
|
||||
},
|
||||
{
|
||||
"check deducing bounds from const, 5",
|
||||
.insns = {
|
||||
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||
BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 0, 1),
|
||||
BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1),
|
||||
BPF_EXIT_INSN(),
|
||||
},
|
||||
.result = REJECT,
|
||||
.errstr = "R0 tried to subtract pointer from scalar",
|
||||
},
|
||||
{
|
||||
"check deducing bounds from const, 6",
|
||||
.insns = {
|
||||
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||
BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 0, 1),
|
||||
BPF_EXIT_INSN(),
|
||||
BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1),
|
||||
BPF_EXIT_INSN(),
|
||||
},
|
||||
.result = REJECT,
|
||||
.errstr = "R0 tried to subtract pointer from scalar",
|
||||
},
|
||||
{
|
||||
"check deducing bounds from const, 7",
|
||||
.insns = {
|
||||
BPF_MOV64_IMM(BPF_REG_0, ~0),
|
||||
BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 0, 0),
|
||||
BPF_ALU64_REG(BPF_SUB, BPF_REG_1, BPF_REG_0),
|
||||
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
|
||||
offsetof(struct __sk_buff, mark)),
|
||||
BPF_EXIT_INSN(),
|
||||
},
|
||||
.result = REJECT,
|
||||
.errstr = "dereference of modified ctx ptr",
|
||||
},
|
||||
{
|
||||
"check deducing bounds from const, 8",
|
||||
.insns = {
|
||||
BPF_MOV64_IMM(BPF_REG_0, ~0),
|
||||
BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 0, 1),
|
||||
BPF_ALU64_REG(BPF_ADD, BPF_REG_1, BPF_REG_0),
|
||||
BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1,
|
||||
offsetof(struct __sk_buff, mark)),
|
||||
BPF_EXIT_INSN(),
|
||||
},
|
||||
.result = REJECT,
|
||||
.errstr = "dereference of modified ctx ptr",
|
||||
},
|
||||
{
|
||||
"check deducing bounds from const, 9",
|
||||
.insns = {
|
||||
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||
BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 0, 0),
|
||||
BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1),
|
||||
BPF_EXIT_INSN(),
|
||||
},
|
||||
.result = REJECT,
|
||||
.errstr = "R0 tried to subtract pointer from scalar",
|
||||
},
|
||||
{
|
||||
"check deducing bounds from const, 10",
|
||||
.insns = {
|
||||
BPF_MOV64_IMM(BPF_REG_0, 0),
|
||||
BPF_JMP_IMM(BPF_JSLE, BPF_REG_0, 0, 0),
|
||||
/* Marks reg as unknown. */
|
||||
BPF_ALU64_IMM(BPF_NEG, BPF_REG_0, 0),
|
||||
BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1),
|
||||
BPF_EXIT_INSN(),
|
||||
},
|
||||
.result = REJECT,
|
||||
.errstr = "math between ctx pointer and register with unbounded min value is not allowed",
|
||||
},
|
||||
{
|
||||
"bpf_exit with invalid return code. test1",
|
||||
.insns = {
|
||||
|
Loading…
Reference in New Issue
Block a user