28 May, 2016
1 commit
-
Most users of IS_ERR_VALUE() in the kernel are wrong, as they
pass an 'int' into a function that takes an 'unsigned long'
argument. This happens to work because the type is sign-extended
on 64-bit architectures before it gets converted into an
unsigned type.However, anything that passes an 'unsigned short' or 'unsigned int'
argument into IS_ERR_VALUE() is guaranteed to be broken, as are
8-bit integers and types that are wider than 'unsigned long'.Andrzej Hajda has already fixed a lot of the worst abusers that
were causing actual bugs, but it would be nice to prevent any
users that are not passing 'unsigned long' arguments.This patch changes all users of IS_ERR_VALUE() that I could find
on 32-bit ARM randconfig builds and x86 allmodconfig. For the
moment, this doesn't change the definition of IS_ERR_VALUE()
because there are probably still architecture specific users
elsewhere.Almost all the warnings I got are for files that are better off
using 'if (err)' or 'if (err < 0)'.
The only legitimate user I could find that we get a warning for
is the (32-bit only) freescale fman driver, so I did not remove
the IS_ERR_VALUE() there but changed the type to 'unsigned long'.
For 9pfs, I just worked around one user whose calling conventions
are so obscure that I did not dare change the behavior.I was using this definition for testing:
#define IS_ERR_VALUE(x) ((unsigned long*)NULL == (typeof (x)*)NULL && \
unlikely((unsigned long long)(x) >= (unsigned long long)(typeof(x))-MAX_ERRNO))which ends up making all 16-bit or wider types work correctly with
the most plausible interpretation of what IS_ERR_VALUE() was supposed
to return according to its users, but also causes a compile-time
warning for any users that do not pass an 'unsigned long' argument.I suggested this approach earlier this year, but back then we ended
up deciding to just fix the users that are obviously broken. After
the initial warning that caused me to get involved in the discussion
(fs/gfs2/dir.c) showed up again in the mainline kernel, Linus
asked me to send the whole thing again.[ Updated the 9p parts as per Al Viro - Linus ]
Signed-off-by: Arnd Bergmann
Cc: Andrzej Hajda
Cc: Andrew Morton
Link: https://lkml.org/lkml/2016/1/7/363
Link: https://lkml.org/lkml/2016/5/27/486
Acked-by: Srinivas Kandagatla # For nvmem part
Signed-off-by: Linus Torvalds
11 Mar, 2016
1 commit
-
Trivial conversion to the new RDMA CQ API.
Signed-off-by: Christoph Hellwig
Acked-by: Dominique Martinet
Signed-off-by: Doug Ledford
25 Jan, 2016
1 commit
-
Pull 9p updates from Eric Van Hensbergen:
"Sorry for the last minute pull request, there's was a change that
didn't get pulled into for-next until two weeks ago and I wanted to
give it some bake time.Summary:
Rework and error handling fixes, primarily in the fscatch and fd
transports"* tag 'for-linus-4.5-merge-window' of git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs:
fs/9p: use fscache mutex rather than spinlock
9p: trans_fd, bail out if recv fcall if missing
9p: trans_fd, read rework to use p9_parse_header
net/9p: Add device name details on error
04 Jan, 2016
1 commit
-
Signed-off-by: Al Viro
07 Dec, 2015
1 commit
-
Just store the pointer to req instead of that to req->tc as opaque
data.Signed-off-by: Al Viro
14 Nov, 2015
3 commits
-
req->rc is pre-allocated early on with p9_tag_alloc and shouldn't be missing
Signed-off-by: Dominique Martinet
Signed-off-by: Eric Van Hensbergen -
Most of the changes here are no-op and just renaming to use a
fcall struct, needed for p9_parse_headerIt fixes the unaligned memory access to read the tag and defers to
common functions for part of the protocol knowledge (although header
length is still hard-coded...)Reported-By: Rob Landley
Signed-Off-By: Dominique Martinet
Signed-off-by: Eric Van Hensbergen -
If we use wrong device name 9p mount fails with error
"9pnet_virtio: no channels available"
Improve the error output as below
"9pnet_virtio: no channels available for device /dev/root"
Signed-off-by: Aneesh Kumar K.V
Signed-off-by: Eric Van Hensbergen
29 Oct, 2015
1 commit
-
Add support for network namespaces in the ib_cma module. This is
accomplished by:1. Adding network namespace parameter for rdma_create_id. This parameter is
used to populate the network namespace field in rdma_id_private.
rdma_create_id keeps a reference on the network namespace.
2. Using the network namespace from the rdma_id instead of init_net inside
of ib_cma, when listening on an ID and when looking for an ID for an
incoming request.
3. Decrementing the reference count for the appropriate network namespace
when calling rdma_destroy_id.In order to preserve the current behavior init_net is passed when calling
from other modules.Signed-off-by: Guy Shapiro
Signed-off-by: Haggai Eran
Signed-off-by: Yotam Kenneth
Signed-off-by: Shachar Raindel
Signed-off-by: Doug Ledford
31 Aug, 2015
1 commit
-
The pd now has a local_dma_lkey member which completely replaces
ib_get_dma_mr, use it instead.Signed-off-by: Jason Gunthorpe
Tested-by: Dominique Martinet
Signed-off-by: Doug Ledford
23 Aug, 2015
1 commit
-
Some use of those functions were providing unitialized values to those
functions. Notably, when reading 0 bytes from an empty file on a 9P
filesystem, the return code of read() was not 0.Tested with this simple program:
#include
#include
#include
#include
#includeint main(int argc, const char **argv)
{
assert(argc == 2);
char buffer[256];
int fd = open(argv[1], O_RDONLY|O_NOCTTY);
assert(fd >= 0);
assert(read(fd, buffer, 0) == 0);
return 0;
}Cc: stable@vger.kernel.org # v4.1
Signed-off-by: Vincent Bernat
Signed-off-by: Al Viro
24 Jul, 2015
1 commit
-
Pull virtio/vhost fixes from Michael Tsirkin:
"Bugfixes and documentation fixes.Igor's patch that allows users to tweak memory table size is
borderline, but it does fix known crashes, so I merged it"* tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
vhost: add max_mem_regions module parameter
vhost: extend memory regions allocation to vmalloc
9p/trans_virtio: reset virtio device on remove
virtio/s390: rename drivers/s390/kvm -> drivers/s390/virtio
MAINTAINERS: separate section for s390 virtio drivers
virtio: define virtio_pci_cfg_cap in header.
virtio: Fix typecast of pointer in vring_init()
virtio scsi: fix unused variable warning
vhost: use binary search instead of linear in find_region()
virtio_net: document VIRTIO_NET_CTRL_GUEST_OFFLOADS
14 Jul, 2015
1 commit
-
On device shutdown/removal, virtio drivers need to trigger a reset on
the device; if this is neglected, the virtio core will complain about
non-zero device status.This patch resets the status when the 9p virtio driver is removed
from the system by calling vdev->config->reset on the virtio_device
to send a reset to the host virtio device.Signed-off-by: Pierre Morel
Reviewed-by: Cornelia Huck
Reviewed-by: Michael S. Tsirkin
Signed-off-by: Michael S. Tsirkin
05 Jul, 2015
4 commits
-
Pull more vfs updates from Al Viro:
"Assorted VFS fixes and related cleanups (IMO the most interesting in
that part are f_path-related things and Eric's descriptor-related
stuff). UFS regression fixes (it got broken last cycle). 9P fixes.
fs-cache series, DAX patches, Jan's file_remove_suid() work"[ I'd say this is much more than "fixes and related cleanups". The
file_table locking rule change by Eric Dumazet is a rather big and
fundamental update even if the patch isn't huge. - Linus ]* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (49 commits)
9p: cope with bogus responses from server in p9_client_{read,write}
p9_client_write(): avoid double p9_free_req()
9p: forgetting to cancel request on interrupted zero-copy RPC
dax: bdev_direct_access() may sleep
block: Add support for DAX reads/writes to block devices
dax: Use copy_from_iter_nocache
dax: Add block size note to documentation
fs/file.c: __fget() and dup2() atomicity rules
fs/file.c: don't acquire files->file_lock in fd_install()
fs:super:get_anon_bdev: fix race condition could cause dev exceed its upper limitation
vfs: avoid creation of inode number 0 in get_next_ino
namei: make set_root_rcu() return void
make simple_positive() public
ufs: use dir_pages instead of ufs_dir_pages()
pagemap.h: move dir_pages() over there
remove the pointless include of lglock.h
fs: cleanup slight list_entry abuse
xfs: Correctly lock inode when removing suid and file capabilities
fs: Call security_ops->inode_killpriv on truncate
fs: Provide function telling whether file_remove_privs() will do anything
... -
if server claims to have written/read more than we'd told it to,
warn and cap the claimed byte count to avoid advancing more than
we are ready to. -
Braino in "9p: switch p9_client_write() to passing it struct iov_iter *";
if response is impossible to parse and we discard the request, get the
out of the loop right there.Cc: stable@vger.kernel.org
Signed-off-by: Al Viro -
If we'd already sent a request and decide to abort it, we *must*
issue TFLUSH properly and not just blindly reuse the tag, or
we'll get seriously screwed when response eventually arrives
and we confuse it for response to later request that had reused
the same tag.Cc: stable@vger.kernel.org # v3.2 and later
Signed-off-by: Al Viro
13 Jun, 2015
1 commit
-
Currently, ib_create_cq uses cqe and comp_vecotr instead
of the extendible ib_cq_init_attr struct.Earlier patches already changed the vendors to work with
ib_cq_init_attr. This patch changes the consumers too.Signed-off-by: Matan Barak
Signed-off-by: Or Gerlitz
Signed-off-by: Doug Ledford
19 Apr, 2015
1 commit
-
Pull 9pfs updates from Eric Van Hensbergen:
"Some accumulated cleanup patches for kerneldoc and unused variables as
well as some lock bug fixes and adding privateport option for RDMA"* tag 'for-linus-4.1-merge-window' of git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs:
net/9p: add a privport option for RDMA transport.
fs/9p: Initialize status in v9fs_file_do_lock.
net/9p: Initialize opts->privport as it should be.
net/9p: use memcpy() instead of snprintf() in p9_mount_tag_show()
9p: use unsigned integers for nwqid/count
9p: do not crash on unknown lock status code
9p: fix error handling in v9fs_file_do_lock
9p: remove unused variable in p9_fd_create()
9p: kerneldoc warning fixes
12 Apr, 2015
5 commits
-
Signed-off-by: Al Viro
-
it's almost always equal to current_fsuid(), but there's an exception -
if the first writeback fid is opened by non-root *and* that happens before
root has done any lookups in /, we end up doing attach for root. The
current code leaves the resulting FID owned by root from the server POV
and by non-root from the client one. Unfortunately, it means that e.g.
massive dcache eviction will leave that user buggered - they'll end
up redoing walks from / *and* picking that FID every time. As soon as
they try to create something, the things will get nasty.Signed-off-by: Al Viro
-
... and make it loop
Signed-off-by: Al Viro
-
... and make it loop until it's done
Signed-off-by: Al Viro
-
... and have get_user_pages_fast() mapping fewer pages than requested
to generate a short read/write.Signed-off-by: Al Viro
22 Mar, 2015
2 commits
-
RDMA can use the same kind of weak security as TCP by checking the
client can bind to a privileged port, which is better than nothing
if TAUTH isn't implemented.Signed-off-by: Dominique Martinet
Signed-off-by: Eric Van Hensbergen -
We're currently using an uninitialized value if option privport is not set,
thus (almost) always using a privileged port.Signed-off-by: Dominique Martinet
Signed-off-by: Eric Van Hensbergen
21 Mar, 2015
1 commit
-
Conflicts:
drivers/net/ethernet/emulex/benet/be_main.c
net/core/sysctl_net_core.c
net/ipv4/inet_diag.cThe be_main.c conflict resolution was really tricky. The conflict
hunks generated by GIT were very unhelpful, to say the least. It
split functions in half and moved them around, when the real actual
conflict only existed solely inside of one function, that being
be_map_pci_bars().So instead, to resolve this, I checked out be_main.c from the top
of net-next, then I applied the be_main.c changes from 'net' since
the last time I merged. And this worked beautifully.The inet_diag.c and sysctl_net_core.c conflicts were simple
overlapping changes, and were easily to resolve.Signed-off-by: David S. Miller
20 Mar, 2015
3 commits
-
p9_mount_tag_show() uses '%s' format string to print
non-NULL terminated chan->tag string. This leads
to out of bounds memory read, because format '%s'
implies that string is NULL-terminated.The length of string is know here, so its simpler and safer
to use memcpy instead of snprintf().Signed-off-by: Andrey Ryabinin
Signed-off-by: Dominique Martinet
Signed-off-by: Eric Van Hensbergen -
As specification says, all integers in messages are unsigned. Let's fix
behaviour of p9pdu_vreadf()/p9pdu_vwritef() accordingly.Fix for p9pdu_vreadf() is critical. If server replies with Rwalk, where
nwqid > SHRT_MAX, the value will be interpreted as negative. kmalloc, in
its order, will cast the value to (very big) size_t.It should never happen in normal situation: we never submit Twalk with
nwname > 16, but malicious or broken server can still produce
problematic Rwalk.Signed-off-by: Kirill A. Shutemov
Signed-off-by: Dominique Martinet
Signed-off-by: Eric Van Hensbergen -
p is initialized but unused.
Signed-off-by: Fabian Frederick
Signed-off-by: Dominique Martinet
Signed-off-by: Eric Van Hensbergen
13 Mar, 2015
2 commits
-
On device hot-unplug, 9p/virtio currently will kfree channel while
it might still be in use.Of course, it might stay used forever, so it's an extremely ugly hack,
but it seems better than use-after-free that we have now.[ Unused variable removed, whitespace cleanup, msg single-lined --RR ]
Signed-off-by: Michael S. Tsirkin
Signed-off-by: Rusty Russell -
Having to say
> #ifdef CONFIG_NET_NS
> struct net *net;
> #endifin structures is a little bit wordy and a little bit error prone.
Instead it is possible to say:
> typedef struct {
> #ifdef CONFIG_NET_NS
> struct net *net;
> #endif
> } possible_net_t;And then in a header say:
> possible_net_t net;
Which is cleaner and easier to use and easier to test, as the
possible_net_t is always there no matter what the compile options.Further this allows read_pnet and write_pnet to be functions in all
cases which is better at catching typos.This change adds possible_net_t, updates the definitions of read_pnet
and write_pnet, updates optional struct net * variables that
write_pnet uses on to have the type possible_net_t, and finally fixes
up the b0rked users of read_pnet and write_pnet.Signed-off-by: "Eric W. Biederman"
Acked-by: Eric Dumazet
Signed-off-by: David S. Miller
21 Jan, 2015
1 commit
-
Some devices might not implement config space access
(e.g. remoteproc used not to - before 3.9).
virtio/9p needs config space access so make it
fail gracefully if not there.Signed-off-by: Michael S. Tsirkin
Signed-off-by: Rusty Russell
15 Oct, 2014
1 commit
-
virtio spec requires drivers to set DRIVER_OK before using VQs.
This is set automatically after probe returns, but virtio 9p device
adds self to channel list within probe, at which point VQ can be
used in violation of the spec.To fix, call virtio_device_ready before using VQs.
Signed-off-by: Michael S. Tsirkin
Signed-off-by: Rusty Russell
16 Jul, 2014
1 commit
-
Signed-off-by: Fabian Frederick
Signed-off-by: David S. Miller
12 Apr, 2014
1 commit
-
Pull 9p changes from Eric Van Hensbergen:
"A bunch of updates and cleanup within the transport layer,
particularly with a focus on RDMA"* tag 'for-linus-3.15' of git://git.kernel.org/pub/scm/linux/kernel/git/ericvh/v9fs:
9pnet_rdma: check token type before int conversion
9pnet: trans_fd : allocate struct p9_trans_fd and struct p9_conn together.
9pnet: p9_client->conn field is unused. Remove it.
9P: Get rid of REQ_STATUS_FLSH
9pnet_rdma: add cancelled()
9pnet_rdma: update request status during send
9P: Add cancelled() to the transport functions.
net: Mark function as static in 9p/client.c
9P: Add memory barriers to protect request fields over cb/rpc threads handoff
26 Mar, 2014
4 commits
-
When parsing options, make sure we have found a proper token before
doing a numeric conversion.Without this check, the current code will end up following random
pointers that just happened to be on the stack when this function was
called, because match_token() will not touch the 'args' list unless a
valid token is found.Signed-off-by: Simon Derr
Signed-off-by: Eric Van Hensbergen -
There is no point in allocating these structs separately.
Changing this makes the code a little simpler and saves a few bytes of
memory.Reported-by: Herve Vico
Signed-off-by: Simon Derr
Signed-off-by: Eric Van Hensbergen -
This request state is mostly useless, and properly implementing it
for RDMA would require an extra lock to be taken in handle_recv()
and in rdma_cancel() to avoid this race:handle_recv() rdma_cancel()
. .
. if req->state == SENT
req->state = RCVD .
. req->state = FLSHSo just get rid of it.
Signed-off-by: Simon Derr
Signed-off-by: Eric Van Hensbergen -
Take into account posted recv buffers that will never receive their
reply.The RDMA code posts a recv buffer for each request that it sends.
When a request is flushed, it is possible that this request will
never receive a reply, and that one recv buffer will stay unused on
the recv queue.It is then possible, if this scenario happens several times, to have the
recv queue full, and have the 9pnet_rmda module unable to send new requests.Signed-off-by: Simon Derr
Signed-off-by: Eric Van Hensbergen
