* [PATCH net 0/3] net: qualcomm: rmnet: Updates 2018-10-02
@ 2018-10-03 0:52 Subash Abhinov Kasiviswanathan
2018-10-03 0:52 ` [PATCH net 1/3] net: qualcomm: rmnet: Skip processing loopback packets Subash Abhinov Kasiviswanathan
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: Subash Abhinov Kasiviswanathan @ 2018-10-03 0:52 UTC (permalink / raw)
To: davem, netdev; +Cc: Subash Abhinov Kasiviswanathan
This series is a set of small fixes for rmnet driver
Patch 1 is a fix for a scenario reported by syzkaller
Patch 2 & 3 are fixes for incorrect allocation flags
Sean Tranchetti (1):
net: qualcomm: rmnet: Skip processing loopback packets
Subash Abhinov Kasiviswanathan (2):
net: qualcomm: rmnet: Fix incorrect allocation flag in transmit
net: qualcomm: rmnet: Fix incorrect allocation flag in receive path
drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--
1.9.1
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH net 1/3] net: qualcomm: rmnet: Skip processing loopback packets
2018-10-03 0:52 [PATCH net 0/3] net: qualcomm: rmnet: Updates 2018-10-02 Subash Abhinov Kasiviswanathan
@ 2018-10-03 0:52 ` Subash Abhinov Kasiviswanathan
2018-10-03 0:52 ` [PATCH net 2/3] net: qualcomm: rmnet: Fix incorrect allocation flag in transmit Subash Abhinov Kasiviswanathan
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: Subash Abhinov Kasiviswanathan @ 2018-10-03 0:52 UTC (permalink / raw)
To: davem, netdev; +Cc: Sean Tranchetti, Subash Abhinov Kasiviswanathan
From: Sean Tranchetti <stranche@codeaurora.org>
RMNET RX handler was processing invalid packets that were
originally sent on the real device and were looped back via
dev_loopback_xmit(). This was detected using syzkaller.
Fixes: ceed73a2cf4a ("drivers: net: ethernet: qualcomm: rmnet: Initial implementation")
Signed-off-by: Sean Tranchetti <stranche@codeaurora.org>
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
---
drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c b/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c
index 7fd86d4..6908b26 100644
--- a/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c
+++ b/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c
@@ -189,6 +189,9 @@ rx_handler_result_t rmnet_rx_handler(struct sk_buff **pskb)
if (!skb)
goto done;
+ if (skb->pkt_type == PACKET_LOOPBACK)
+ return RX_HANDLER_PASS;
+
dev = skb->dev;
port = rmnet_get_port(dev);
--
1.9.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH net 2/3] net: qualcomm: rmnet: Fix incorrect allocation flag in transmit
2018-10-03 0:52 [PATCH net 0/3] net: qualcomm: rmnet: Updates 2018-10-02 Subash Abhinov Kasiviswanathan
2018-10-03 0:52 ` [PATCH net 1/3] net: qualcomm: rmnet: Skip processing loopback packets Subash Abhinov Kasiviswanathan
@ 2018-10-03 0:52 ` Subash Abhinov Kasiviswanathan
2018-10-03 0:52 ` [PATCH net 3/3] net: qualcomm: rmnet: Fix incorrect allocation flag in receive path Subash Abhinov Kasiviswanathan
2018-10-03 5:17 ` [PATCH net 0/3] net: qualcomm: rmnet: Updates 2018-10-02 David Miller
3 siblings, 0 replies; 5+ messages in thread
From: Subash Abhinov Kasiviswanathan @ 2018-10-03 0:52 UTC (permalink / raw)
To: davem, netdev; +Cc: Subash Abhinov Kasiviswanathan
The incoming skb needs to be reallocated in case the headroom
is not sufficient to add the MAP header. This allocation needs to
be atomic otherwise it results in the following splat
[32805.801456] BUG: sleeping function called from invalid context
[32805.841141] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
[32805.904773] task: ffffffd7c5f62280 task.stack: ffffff80464a8000
[32805.910851] pc : ___might_sleep+0x180/0x188
[32805.915143] lr : ___might_sleep+0x180/0x188
[32806.131520] Call trace:
[32806.134041] ___might_sleep+0x180/0x188
[32806.137980] __might_sleep+0x50/0x84
[32806.141653] __kmalloc_track_caller+0x80/0x3bc
[32806.146215] __kmalloc_reserve+0x3c/0x88
[32806.150241] pskb_expand_head+0x74/0x288
[32806.154269] rmnet_egress_handler+0xb0/0x1d8
[32806.162239] rmnet_vnd_start_xmit+0xc8/0x13c
[32806.166627] dev_hard_start_xmit+0x148/0x280
[32806.181181] sch_direct_xmit+0xa4/0x198
[32806.185125] __qdisc_run+0x1f8/0x310
[32806.188803] net_tx_action+0x23c/0x26c
[32806.192655] __do_softirq+0x220/0x408
[32806.196420] do_softirq+0x4c/0x70
Fixes: ceed73a2cf4a ("drivers: net: ethernet: qualcomm: rmnet: Initial implementation")
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
---
drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c b/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c
index 6908b26..1f98d65 100644
--- a/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c
+++ b/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c
@@ -147,7 +147,7 @@ static int rmnet_map_egress_handler(struct sk_buff *skb,
}
if (skb_headroom(skb) < required_headroom) {
- if (pskb_expand_head(skb, required_headroom, 0, GFP_KERNEL))
+ if (pskb_expand_head(skb, required_headroom, 0, GFP_ATOMIC))
return -ENOMEM;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH net 3/3] net: qualcomm: rmnet: Fix incorrect allocation flag in receive path
2018-10-03 0:52 [PATCH net 0/3] net: qualcomm: rmnet: Updates 2018-10-02 Subash Abhinov Kasiviswanathan
2018-10-03 0:52 ` [PATCH net 1/3] net: qualcomm: rmnet: Skip processing loopback packets Subash Abhinov Kasiviswanathan
2018-10-03 0:52 ` [PATCH net 2/3] net: qualcomm: rmnet: Fix incorrect allocation flag in transmit Subash Abhinov Kasiviswanathan
@ 2018-10-03 0:52 ` Subash Abhinov Kasiviswanathan
2018-10-03 5:17 ` [PATCH net 0/3] net: qualcomm: rmnet: Updates 2018-10-02 David Miller
3 siblings, 0 replies; 5+ messages in thread
From: Subash Abhinov Kasiviswanathan @ 2018-10-03 0:52 UTC (permalink / raw)
To: davem, netdev; +Cc: Subash Abhinov Kasiviswanathan, Sean Tranchetti
The incoming skb needs to be reallocated in case the headroom
is not sufficient to adjust the ethernet header. This allocation
needs to be atomic otherwise it results in this splat
[<600601bb>] ___might_sleep+0x185/0x1a3
[<603f6314>] ? _raw_spin_unlock_irqrestore+0x0/0x27
[<60069bb0>] ? __wake_up_common_lock+0x95/0xd1
[<600602b0>] __might_sleep+0xd7/0xe2
[<60065598>] ? enqueue_task_fair+0x112/0x209
[<600eea13>] __kmalloc_track_caller+0x5d/0x124
[<600ee9b6>] ? __kmalloc_track_caller+0x0/0x124
[<602696d5>] __kmalloc_reserve.isra.34+0x30/0x7e
[<603f629b>] ? _raw_spin_lock_irqsave+0x0/0x3d
[<6026b744>] pskb_expand_head+0xbf/0x310
[<6025ca6a>] rmnet_rx_handler+0x7e/0x16b
[<6025c9ec>] ? rmnet_rx_handler+0x0/0x16b
[<6027ad0c>] __netif_receive_skb_core+0x301/0x96f
[<60033c17>] ? set_signals+0x0/0x40
[<6027bbcb>] __netif_receive_skb+0x24/0x8e
Fixes: 74692caf1b0b ("net: qualcomm: rmnet: Process packets over ethernet")
Signed-off-by: Sean Tranchetti <stranche@codeaurora.org>
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
---
drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c b/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c
index 1f98d65..11167ab 100644
--- a/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c
+++ b/drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c
@@ -113,7 +113,7 @@ static void rmnet_set_skb_proto(struct sk_buff *skb)
struct sk_buff *skbn;
if (skb->dev->type == ARPHRD_ETHER) {
- if (pskb_expand_head(skb, ETH_HLEN, 0, GFP_KERNEL)) {
+ if (pskb_expand_head(skb, ETH_HLEN, 0, GFP_ATOMIC)) {
kfree_skb(skb);
return;
}
--
1.9.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH net 0/3] net: qualcomm: rmnet: Updates 2018-10-02
2018-10-03 0:52 [PATCH net 0/3] net: qualcomm: rmnet: Updates 2018-10-02 Subash Abhinov Kasiviswanathan
` (2 preceding siblings ...)
2018-10-03 0:52 ` [PATCH net 3/3] net: qualcomm: rmnet: Fix incorrect allocation flag in receive path Subash Abhinov Kasiviswanathan
@ 2018-10-03 5:17 ` David Miller
3 siblings, 0 replies; 5+ messages in thread
From: David Miller @ 2018-10-03 5:17 UTC (permalink / raw)
To: subashab; +Cc: netdev
From: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Date: Tue, 2 Oct 2018 18:52:00 -0600
> This series is a set of small fixes for rmnet driver
>
> Patch 1 is a fix for a scenario reported by syzkaller
> Patch 2 & 3 are fixes for incorrect allocation flags
Series applied and queued up for -stable, thanks.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2018-10-03 12:03 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-10-03 0:52 [PATCH net 0/3] net: qualcomm: rmnet: Updates 2018-10-02 Subash Abhinov Kasiviswanathan
2018-10-03 0:52 ` [PATCH net 1/3] net: qualcomm: rmnet: Skip processing loopback packets Subash Abhinov Kasiviswanathan
2018-10-03 0:52 ` [PATCH net 2/3] net: qualcomm: rmnet: Fix incorrect allocation flag in transmit Subash Abhinov Kasiviswanathan
2018-10-03 0:52 ` [PATCH net 3/3] net: qualcomm: rmnet: Fix incorrect allocation flag in receive path Subash Abhinov Kasiviswanathan
2018-10-03 5:17 ` [PATCH net 0/3] net: qualcomm: rmnet: Updates 2018-10-02 David Miller
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.