Linux-Next Archive on lore.kernel.org
 help / color / Atom feed
* linux-next: manual merge of the kspp tree with the net-next tree
@ 2020-07-27  9:27 Stephen Rothwell
  2020-08-05  4:05 ` Stephen Rothwell
  0 siblings, 1 reply; 9+ messages in thread
From: Stephen Rothwell @ 2020-07-27  9:27 UTC (permalink / raw)
  To: Kees Cook, David Miller, Networking
  Cc: Linux Next Mailing List, Linux Kernel Mailing List, Christoph Hellwig


[-- Attachment #1: Type: text/plain, Size: 10154 bytes --]

Hi all,

Today's linux-next merge of the kspp tree got a conflict in:

  net/ipv6/ip6_flowlabel.c

between commit:

  ff6a4cf214ef ("net/ipv6: split up ipv6_flowlabel_opt")

from the net-next tree and commit:

  3f649ab728cd ("treewide: Remove uninitialized_var() usage")

from the kspp tree.

I fixed it up (see below) and can carry the fix as necessary. This
is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging.  You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.

-- 
Cheers,
Stephen Rothwell

diff --cc net/ipv6/ip6_flowlabel.c
index 215b6f5e733e,73bb047e6037..000000000000
--- a/net/ipv6/ip6_flowlabel.c
+++ b/net/ipv6/ip6_flowlabel.c
@@@ -534,184 -533,181 +534,184 @@@ int ipv6_flowlabel_opt_get(struct sock 
  	return -ENOENT;
  }
  
 -int ipv6_flowlabel_opt(struct sock *sk, char __user *optval, int optlen)
 +#define socklist_dereference(__sflp) \
 +	rcu_dereference_protected(__sflp, lockdep_is_held(&ip6_sk_fl_lock))
 +
 +static int ipv6_flowlabel_put(struct sock *sk, struct in6_flowlabel_req *freq)
  {
 -	int err;
 -	struct net *net = sock_net(sk);
  	struct ipv6_pinfo *np = inet6_sk(sk);
 -	struct in6_flowlabel_req freq;
 -	struct ipv6_fl_socklist *sfl1 = NULL;
 -	struct ipv6_fl_socklist *sfl;
  	struct ipv6_fl_socklist __rcu **sflp;
 -	struct ip6_flowlabel *fl, *fl1 = NULL;
 +	struct ipv6_fl_socklist *sfl;
  
 +	if (freq->flr_flags & IPV6_FL_F_REFLECT) {
 +		if (sk->sk_protocol != IPPROTO_TCP)
 +			return -ENOPROTOOPT;
 +		if (!np->repflow)
 +			return -ESRCH;
 +		np->flow_label = 0;
 +		np->repflow = 0;
 +		return 0;
 +	}
  
 -	if (optlen < sizeof(freq))
 -		return -EINVAL;
 +	spin_lock_bh(&ip6_sk_fl_lock);
 +	for (sflp = &np->ipv6_fl_list;
 +	     (sfl = socklist_dereference(*sflp)) != NULL;
 +	     sflp = &sfl->next) {
 +		if (sfl->fl->label == freq->flr_label)
 +			goto found;
 +	}
 +	spin_unlock_bh(&ip6_sk_fl_lock);
 +	return -ESRCH;
 +found:
 +	if (freq->flr_label == (np->flow_label & IPV6_FLOWLABEL_MASK))
 +		np->flow_label &= ~IPV6_FLOWLABEL_MASK;
 +	*sflp = sfl->next;
 +	spin_unlock_bh(&ip6_sk_fl_lock);
 +	fl_release(sfl->fl);
 +	kfree_rcu(sfl, rcu);
 +	return 0;
 +}
  
 -	if (copy_from_user(&freq, optval, sizeof(freq)))
 -		return -EFAULT;
 +static int ipv6_flowlabel_renew(struct sock *sk, struct in6_flowlabel_req *freq)
 +{
 +	struct ipv6_pinfo *np = inet6_sk(sk);
 +	struct net *net = sock_net(sk);
 +	struct ipv6_fl_socklist *sfl;
 +	int err;
  
 -	switch (freq.flr_action) {
 -	case IPV6_FL_A_PUT:
 -		if (freq.flr_flags & IPV6_FL_F_REFLECT) {
 -			if (sk->sk_protocol != IPPROTO_TCP)
 -				return -ENOPROTOOPT;
 -			if (!np->repflow)
 -				return -ESRCH;
 -			np->flow_label = 0;
 -			np->repflow = 0;
 -			return 0;
 -		}
 -		spin_lock_bh(&ip6_sk_fl_lock);
 -		for (sflp = &np->ipv6_fl_list;
 -		     (sfl = rcu_dereference_protected(*sflp,
 -						      lockdep_is_held(&ip6_sk_fl_lock))) != NULL;
 -		     sflp = &sfl->next) {
 -			if (sfl->fl->label == freq.flr_label) {
 -				if (freq.flr_label == (np->flow_label&IPV6_FLOWLABEL_MASK))
 -					np->flow_label &= ~IPV6_FLOWLABEL_MASK;
 -				*sflp = sfl->next;
 -				spin_unlock_bh(&ip6_sk_fl_lock);
 -				fl_release(sfl->fl);
 -				kfree_rcu(sfl, rcu);
 -				return 0;
 -			}
 +	rcu_read_lock_bh();
 +	for_each_sk_fl_rcu(np, sfl) {
 +		if (sfl->fl->label == freq->flr_label) {
 +			err = fl6_renew(sfl->fl, freq->flr_linger,
 +					freq->flr_expires);
 +			rcu_read_unlock_bh();
 +			return err;
  		}
 -		spin_unlock_bh(&ip6_sk_fl_lock);
 -		return -ESRCH;
 +	}
 +	rcu_read_unlock_bh();
  
 -	case IPV6_FL_A_RENEW:
 -		rcu_read_lock_bh();
 -		for_each_sk_fl_rcu(np, sfl) {
 -			if (sfl->fl->label == freq.flr_label) {
 -				err = fl6_renew(sfl->fl, freq.flr_linger, freq.flr_expires);
 -				rcu_read_unlock_bh();
 -				return err;
 -			}
 -		}
 -		rcu_read_unlock_bh();
 +	if (freq->flr_share == IPV6_FL_S_NONE &&
 +	    ns_capable(net->user_ns, CAP_NET_ADMIN)) {
 +		struct ip6_flowlabel *fl = fl_lookup(net, freq->flr_label);
  
 -		if (freq.flr_share == IPV6_FL_S_NONE &&
 -		    ns_capable(net->user_ns, CAP_NET_ADMIN)) {
 -			fl = fl_lookup(net, freq.flr_label);
 -			if (fl) {
 -				err = fl6_renew(fl, freq.flr_linger, freq.flr_expires);
 -				fl_release(fl);
 -				return err;
 -			}
 +		if (fl) {
 +			err = fl6_renew(fl, freq->flr_linger,
 +					freq->flr_expires);
 +			fl_release(fl);
 +			return err;
  		}
 -		return -ESRCH;
 -
 -	case IPV6_FL_A_GET:
 -		if (freq.flr_flags & IPV6_FL_F_REFLECT) {
 -			struct net *net = sock_net(sk);
 -			if (net->ipv6.sysctl.flowlabel_consistency) {
 -				net_info_ratelimited("Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable\n");
 -				return -EPERM;
 -			}
 +	}
 +	return -ESRCH;
 +}
  
 -			if (sk->sk_protocol != IPPROTO_TCP)
 -				return -ENOPROTOOPT;
 +static int ipv6_flowlabel_get(struct sock *sk, struct in6_flowlabel_req *freq,
 +		sockptr_t optval, int optlen)
 +{
 +	struct ipv6_fl_socklist *sfl, *sfl1 = NULL;
 +	struct ip6_flowlabel *fl, *fl1 = NULL;
 +	struct ipv6_pinfo *np = inet6_sk(sk);
 +	struct net *net = sock_net(sk);
- 	int uninitialized_var(err);
++	int err;
  
 -			np->repflow = 1;
 -			return 0;
 +	if (freq->flr_flags & IPV6_FL_F_REFLECT) {
 +		if (net->ipv6.sysctl.flowlabel_consistency) {
 +			net_info_ratelimited("Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable\n");
 +			return -EPERM;
  		}
  
 -		if (freq.flr_label & ~IPV6_FLOWLABEL_MASK)
 -			return -EINVAL;
 +		if (sk->sk_protocol != IPPROTO_TCP)
 +			return -ENOPROTOOPT;
 +		np->repflow = 1;
 +		return 0;
 +	}
  
 -		if (net->ipv6.sysctl.flowlabel_state_ranges &&
 -		    (freq.flr_label & IPV6_FLOWLABEL_STATELESS_FLAG))
 -			return -ERANGE;
 +	if (freq->flr_label & ~IPV6_FLOWLABEL_MASK)
 +		return -EINVAL;
 +	if (net->ipv6.sysctl.flowlabel_state_ranges &&
 +	    (freq->flr_label & IPV6_FLOWLABEL_STATELESS_FLAG))
 +		return -ERANGE;
  
 -		fl = fl_create(net, sk, &freq, optval, optlen, &err);
 -		if (!fl)
 -			return err;
 -		sfl1 = kmalloc(sizeof(*sfl1), GFP_KERNEL);
 +	fl = fl_create(net, sk, freq, optval, optlen, &err);
 +	if (!fl)
 +		return err;
  
 -		if (freq.flr_label) {
 -			err = -EEXIST;
 -			rcu_read_lock_bh();
 -			for_each_sk_fl_rcu(np, sfl) {
 -				if (sfl->fl->label == freq.flr_label) {
 -					if (freq.flr_flags&IPV6_FL_F_EXCL) {
 -						rcu_read_unlock_bh();
 -						goto done;
 -					}
 -					fl1 = sfl->fl;
 -					if (!atomic_inc_not_zero(&fl1->users))
 -						fl1 = NULL;
 -					break;
 +	sfl1 = kmalloc(sizeof(*sfl1), GFP_KERNEL);
 +
 +	if (freq->flr_label) {
 +		err = -EEXIST;
 +		rcu_read_lock_bh();
 +		for_each_sk_fl_rcu(np, sfl) {
 +			if (sfl->fl->label == freq->flr_label) {
 +				if (freq->flr_flags & IPV6_FL_F_EXCL) {
 +					rcu_read_unlock_bh();
 +					goto done;
  				}
 +				fl1 = sfl->fl;
 +				if (!atomic_inc_not_zero(&fl1->users))
 +					fl1 = NULL;
 +				break;
  			}
 -			rcu_read_unlock_bh();
 +		}
 +		rcu_read_unlock_bh();
  
 -			if (!fl1)
 -				fl1 = fl_lookup(net, freq.flr_label);
 -			if (fl1) {
 +		if (!fl1)
 +			fl1 = fl_lookup(net, freq->flr_label);
 +		if (fl1) {
  recheck:
 -				err = -EEXIST;
 -				if (freq.flr_flags&IPV6_FL_F_EXCL)
 -					goto release;
 -				err = -EPERM;
 -				if (fl1->share == IPV6_FL_S_EXCL ||
 -				    fl1->share != fl->share ||
 -				    ((fl1->share == IPV6_FL_S_PROCESS) &&
 -				     (fl1->owner.pid != fl->owner.pid)) ||
 -				    ((fl1->share == IPV6_FL_S_USER) &&
 -				     !uid_eq(fl1->owner.uid, fl->owner.uid)))
 -					goto release;
 -
 -				err = -ENOMEM;
 -				if (!sfl1)
 -					goto release;
 -				if (fl->linger > fl1->linger)
 -					fl1->linger = fl->linger;
 -				if ((long)(fl->expires - fl1->expires) > 0)
 -					fl1->expires = fl->expires;
 -				fl_link(np, sfl1, fl1);
 -				fl_free(fl);
 -				return 0;
 +			err = -EEXIST;
 +			if (freq->flr_flags&IPV6_FL_F_EXCL)
 +				goto release;
 +			err = -EPERM;
 +			if (fl1->share == IPV6_FL_S_EXCL ||
 +			    fl1->share != fl->share ||
 +			    ((fl1->share == IPV6_FL_S_PROCESS) &&
 +			     (fl1->owner.pid != fl->owner.pid)) ||
 +			    ((fl1->share == IPV6_FL_S_USER) &&
 +			     !uid_eq(fl1->owner.uid, fl->owner.uid)))
 +				goto release;
 +
 +			err = -ENOMEM;
 +			if (!sfl1)
 +				goto release;
 +			if (fl->linger > fl1->linger)
 +				fl1->linger = fl->linger;
 +			if ((long)(fl->expires - fl1->expires) > 0)
 +				fl1->expires = fl->expires;
 +			fl_link(np, sfl1, fl1);
 +			fl_free(fl);
 +			return 0;
  
  release:
 -				fl_release(fl1);
 -				goto done;
 -			}
 -		}
 -		err = -ENOENT;
 -		if (!(freq.flr_flags&IPV6_FL_F_CREATE))
 +			fl_release(fl1);
  			goto done;
 +		}
 +	}
 +	err = -ENOENT;
 +	if (!(freq->flr_flags & IPV6_FL_F_CREATE))
 +		goto done;
  
 -		err = -ENOMEM;
 -		if (!sfl1)
 -			goto done;
 +	err = -ENOMEM;
 +	if (!sfl1)
 +		goto done;
  
 -		err = mem_check(sk);
 -		if (err != 0)
 -			goto done;
 +	err = mem_check(sk);
 +	if (err != 0)
 +		goto done;
  
 -		fl1 = fl_intern(net, fl, freq.flr_label);
 -		if (fl1)
 -			goto recheck;
 +	fl1 = fl_intern(net, fl, freq->flr_label);
 +	if (fl1)
 +		goto recheck;
  
 -		if (!freq.flr_label) {
 -			if (copy_to_user(&((struct in6_flowlabel_req __user *) optval)->flr_label,
 -					 &fl->label, sizeof(fl->label))) {
 -				/* Intentionally ignore fault. */
 -			}
 +	if (!freq->flr_label) {
 +		sockptr_advance(optval,
 +				offsetof(struct in6_flowlabel_req, flr_label));
 +		if (copy_to_sockptr(optval, &fl->label, sizeof(fl->label))) {
 +			/* Intentionally ignore fault. */
  		}
 -
 -		fl_link(np, sfl1, fl);
 -		return 0;
 -
 -	default:
 -		return -EINVAL;
  	}
  
 +	fl_link(np, sfl1, fl);
 +	return 0;
  done:
  	fl_free(fl);
  	kfree(sfl1);

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: linux-next: manual merge of the kspp tree with the net-next tree
  2020-07-27  9:27 linux-next: manual merge of the kspp tree with the net-next tree Stephen Rothwell
@ 2020-08-05  4:05 ` Stephen Rothwell
  0 siblings, 0 replies; 9+ messages in thread
From: Stephen Rothwell @ 2020-08-05  4:05 UTC (permalink / raw)
  To: David Miller, Networking
  Cc: Kees Cook, Linux Next Mailing List, Linux Kernel Mailing List,
	Christoph Hellwig


[-- Attachment #1: Type: text/plain, Size: 11017 bytes --]

Hi all,

On Mon, 27 Jul 2020 19:27:21 +1000 Stephen Rothwell <sfr@canb.auug.org.au> wrote:
>
> Today's linux-next merge of the kspp tree got a conflict in:
> 
>   net/ipv6/ip6_flowlabel.c
> 
> between commit:
> 
>   ff6a4cf214ef ("net/ipv6: split up ipv6_flowlabel_opt")
> 
> from the net-next tree and commit:
> 
>   3f649ab728cd ("treewide: Remove uninitialized_var() usage")
> 
> from the kspp tree.
> 
> I fixed it up (see below) and can carry the fix as necessary. This
> is now fixed as far as linux-next is concerned, but any non trivial
> conflicts should be mentioned to your upstream maintainer when your tree
> is submitted for merging.  You may also want to consider cooperating
> with the maintainer of the conflicting tree to minimise any particularly
> complex conflicts.
> 
> diff --cc net/ipv6/ip6_flowlabel.c
> index 215b6f5e733e,73bb047e6037..000000000000
> --- a/net/ipv6/ip6_flowlabel.c
> +++ b/net/ipv6/ip6_flowlabel.c
> @@@ -534,184 -533,181 +534,184 @@@ int ipv6_flowlabel_opt_get(struct sock 
>   	return -ENOENT;
>   }
>   
>  -int ipv6_flowlabel_opt(struct sock *sk, char __user *optval, int optlen)
>  +#define socklist_dereference(__sflp) \
>  +	rcu_dereference_protected(__sflp, lockdep_is_held(&ip6_sk_fl_lock))
>  +
>  +static int ipv6_flowlabel_put(struct sock *sk, struct in6_flowlabel_req *freq)
>   {
>  -	int err;
>  -	struct net *net = sock_net(sk);
>   	struct ipv6_pinfo *np = inet6_sk(sk);
>  -	struct in6_flowlabel_req freq;
>  -	struct ipv6_fl_socklist *sfl1 = NULL;
>  -	struct ipv6_fl_socklist *sfl;
>   	struct ipv6_fl_socklist __rcu **sflp;
>  -	struct ip6_flowlabel *fl, *fl1 = NULL;
>  +	struct ipv6_fl_socklist *sfl;
>   
>  +	if (freq->flr_flags & IPV6_FL_F_REFLECT) {
>  +		if (sk->sk_protocol != IPPROTO_TCP)
>  +			return -ENOPROTOOPT;
>  +		if (!np->repflow)
>  +			return -ESRCH;
>  +		np->flow_label = 0;
>  +		np->repflow = 0;
>  +		return 0;
>  +	}
>   
>  -	if (optlen < sizeof(freq))
>  -		return -EINVAL;
>  +	spin_lock_bh(&ip6_sk_fl_lock);
>  +	for (sflp = &np->ipv6_fl_list;
>  +	     (sfl = socklist_dereference(*sflp)) != NULL;
>  +	     sflp = &sfl->next) {
>  +		if (sfl->fl->label == freq->flr_label)
>  +			goto found;
>  +	}
>  +	spin_unlock_bh(&ip6_sk_fl_lock);
>  +	return -ESRCH;
>  +found:
>  +	if (freq->flr_label == (np->flow_label & IPV6_FLOWLABEL_MASK))
>  +		np->flow_label &= ~IPV6_FLOWLABEL_MASK;
>  +	*sflp = sfl->next;
>  +	spin_unlock_bh(&ip6_sk_fl_lock);
>  +	fl_release(sfl->fl);
>  +	kfree_rcu(sfl, rcu);
>  +	return 0;
>  +}
>   
>  -	if (copy_from_user(&freq, optval, sizeof(freq)))
>  -		return -EFAULT;
>  +static int ipv6_flowlabel_renew(struct sock *sk, struct in6_flowlabel_req *freq)
>  +{
>  +	struct ipv6_pinfo *np = inet6_sk(sk);
>  +	struct net *net = sock_net(sk);
>  +	struct ipv6_fl_socklist *sfl;
>  +	int err;
>   
>  -	switch (freq.flr_action) {
>  -	case IPV6_FL_A_PUT:
>  -		if (freq.flr_flags & IPV6_FL_F_REFLECT) {
>  -			if (sk->sk_protocol != IPPROTO_TCP)
>  -				return -ENOPROTOOPT;
>  -			if (!np->repflow)
>  -				return -ESRCH;
>  -			np->flow_label = 0;
>  -			np->repflow = 0;
>  -			return 0;
>  -		}
>  -		spin_lock_bh(&ip6_sk_fl_lock);
>  -		for (sflp = &np->ipv6_fl_list;
>  -		     (sfl = rcu_dereference_protected(*sflp,
>  -						      lockdep_is_held(&ip6_sk_fl_lock))) != NULL;
>  -		     sflp = &sfl->next) {
>  -			if (sfl->fl->label == freq.flr_label) {
>  -				if (freq.flr_label == (np->flow_label&IPV6_FLOWLABEL_MASK))
>  -					np->flow_label &= ~IPV6_FLOWLABEL_MASK;
>  -				*sflp = sfl->next;
>  -				spin_unlock_bh(&ip6_sk_fl_lock);
>  -				fl_release(sfl->fl);
>  -				kfree_rcu(sfl, rcu);
>  -				return 0;
>  -			}
>  +	rcu_read_lock_bh();
>  +	for_each_sk_fl_rcu(np, sfl) {
>  +		if (sfl->fl->label == freq->flr_label) {
>  +			err = fl6_renew(sfl->fl, freq->flr_linger,
>  +					freq->flr_expires);
>  +			rcu_read_unlock_bh();
>  +			return err;
>   		}
>  -		spin_unlock_bh(&ip6_sk_fl_lock);
>  -		return -ESRCH;
>  +	}
>  +	rcu_read_unlock_bh();
>   
>  -	case IPV6_FL_A_RENEW:
>  -		rcu_read_lock_bh();
>  -		for_each_sk_fl_rcu(np, sfl) {
>  -			if (sfl->fl->label == freq.flr_label) {
>  -				err = fl6_renew(sfl->fl, freq.flr_linger, freq.flr_expires);
>  -				rcu_read_unlock_bh();
>  -				return err;
>  -			}
>  -		}
>  -		rcu_read_unlock_bh();
>  +	if (freq->flr_share == IPV6_FL_S_NONE &&
>  +	    ns_capable(net->user_ns, CAP_NET_ADMIN)) {
>  +		struct ip6_flowlabel *fl = fl_lookup(net, freq->flr_label);
>   
>  -		if (freq.flr_share == IPV6_FL_S_NONE &&
>  -		    ns_capable(net->user_ns, CAP_NET_ADMIN)) {
>  -			fl = fl_lookup(net, freq.flr_label);
>  -			if (fl) {
>  -				err = fl6_renew(fl, freq.flr_linger, freq.flr_expires);
>  -				fl_release(fl);
>  -				return err;
>  -			}
>  +		if (fl) {
>  +			err = fl6_renew(fl, freq->flr_linger,
>  +					freq->flr_expires);
>  +			fl_release(fl);
>  +			return err;
>   		}
>  -		return -ESRCH;
>  -
>  -	case IPV6_FL_A_GET:
>  -		if (freq.flr_flags & IPV6_FL_F_REFLECT) {
>  -			struct net *net = sock_net(sk);
>  -			if (net->ipv6.sysctl.flowlabel_consistency) {
>  -				net_info_ratelimited("Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable\n");
>  -				return -EPERM;
>  -			}
>  +	}
>  +	return -ESRCH;
>  +}
>   
>  -			if (sk->sk_protocol != IPPROTO_TCP)
>  -				return -ENOPROTOOPT;
>  +static int ipv6_flowlabel_get(struct sock *sk, struct in6_flowlabel_req *freq,
>  +		sockptr_t optval, int optlen)
>  +{
>  +	struct ipv6_fl_socklist *sfl, *sfl1 = NULL;
>  +	struct ip6_flowlabel *fl, *fl1 = NULL;
>  +	struct ipv6_pinfo *np = inet6_sk(sk);
>  +	struct net *net = sock_net(sk);
> - 	int uninitialized_var(err);
> ++	int err;
>   
>  -			np->repflow = 1;
>  -			return 0;
>  +	if (freq->flr_flags & IPV6_FL_F_REFLECT) {
>  +		if (net->ipv6.sysctl.flowlabel_consistency) {
>  +			net_info_ratelimited("Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable\n");
>  +			return -EPERM;
>   		}
>   
>  -		if (freq.flr_label & ~IPV6_FLOWLABEL_MASK)
>  -			return -EINVAL;
>  +		if (sk->sk_protocol != IPPROTO_TCP)
>  +			return -ENOPROTOOPT;
>  +		np->repflow = 1;
>  +		return 0;
>  +	}
>   
>  -		if (net->ipv6.sysctl.flowlabel_state_ranges &&
>  -		    (freq.flr_label & IPV6_FLOWLABEL_STATELESS_FLAG))
>  -			return -ERANGE;
>  +	if (freq->flr_label & ~IPV6_FLOWLABEL_MASK)
>  +		return -EINVAL;
>  +	if (net->ipv6.sysctl.flowlabel_state_ranges &&
>  +	    (freq->flr_label & IPV6_FLOWLABEL_STATELESS_FLAG))
>  +		return -ERANGE;
>   
>  -		fl = fl_create(net, sk, &freq, optval, optlen, &err);
>  -		if (!fl)
>  -			return err;
>  -		sfl1 = kmalloc(sizeof(*sfl1), GFP_KERNEL);
>  +	fl = fl_create(net, sk, freq, optval, optlen, &err);
>  +	if (!fl)
>  +		return err;
>   
>  -		if (freq.flr_label) {
>  -			err = -EEXIST;
>  -			rcu_read_lock_bh();
>  -			for_each_sk_fl_rcu(np, sfl) {
>  -				if (sfl->fl->label == freq.flr_label) {
>  -					if (freq.flr_flags&IPV6_FL_F_EXCL) {
>  -						rcu_read_unlock_bh();
>  -						goto done;
>  -					}
>  -					fl1 = sfl->fl;
>  -					if (!atomic_inc_not_zero(&fl1->users))
>  -						fl1 = NULL;
>  -					break;
>  +	sfl1 = kmalloc(sizeof(*sfl1), GFP_KERNEL);
>  +
>  +	if (freq->flr_label) {
>  +		err = -EEXIST;
>  +		rcu_read_lock_bh();
>  +		for_each_sk_fl_rcu(np, sfl) {
>  +			if (sfl->fl->label == freq->flr_label) {
>  +				if (freq->flr_flags & IPV6_FL_F_EXCL) {
>  +					rcu_read_unlock_bh();
>  +					goto done;
>   				}
>  +				fl1 = sfl->fl;
>  +				if (!atomic_inc_not_zero(&fl1->users))
>  +					fl1 = NULL;
>  +				break;
>   			}
>  -			rcu_read_unlock_bh();
>  +		}
>  +		rcu_read_unlock_bh();
>   
>  -			if (!fl1)
>  -				fl1 = fl_lookup(net, freq.flr_label);
>  -			if (fl1) {
>  +		if (!fl1)
>  +			fl1 = fl_lookup(net, freq->flr_label);
>  +		if (fl1) {
>   recheck:
>  -				err = -EEXIST;
>  -				if (freq.flr_flags&IPV6_FL_F_EXCL)
>  -					goto release;
>  -				err = -EPERM;
>  -				if (fl1->share == IPV6_FL_S_EXCL ||
>  -				    fl1->share != fl->share ||
>  -				    ((fl1->share == IPV6_FL_S_PROCESS) &&
>  -				     (fl1->owner.pid != fl->owner.pid)) ||
>  -				    ((fl1->share == IPV6_FL_S_USER) &&
>  -				     !uid_eq(fl1->owner.uid, fl->owner.uid)))
>  -					goto release;
>  -
>  -				err = -ENOMEM;
>  -				if (!sfl1)
>  -					goto release;
>  -				if (fl->linger > fl1->linger)
>  -					fl1->linger = fl->linger;
>  -				if ((long)(fl->expires - fl1->expires) > 0)
>  -					fl1->expires = fl->expires;
>  -				fl_link(np, sfl1, fl1);
>  -				fl_free(fl);
>  -				return 0;
>  +			err = -EEXIST;
>  +			if (freq->flr_flags&IPV6_FL_F_EXCL)
>  +				goto release;
>  +			err = -EPERM;
>  +			if (fl1->share == IPV6_FL_S_EXCL ||
>  +			    fl1->share != fl->share ||
>  +			    ((fl1->share == IPV6_FL_S_PROCESS) &&
>  +			     (fl1->owner.pid != fl->owner.pid)) ||
>  +			    ((fl1->share == IPV6_FL_S_USER) &&
>  +			     !uid_eq(fl1->owner.uid, fl->owner.uid)))
>  +				goto release;
>  +
>  +			err = -ENOMEM;
>  +			if (!sfl1)
>  +				goto release;
>  +			if (fl->linger > fl1->linger)
>  +				fl1->linger = fl->linger;
>  +			if ((long)(fl->expires - fl1->expires) > 0)
>  +				fl1->expires = fl->expires;
>  +			fl_link(np, sfl1, fl1);
>  +			fl_free(fl);
>  +			return 0;
>   
>   release:
>  -				fl_release(fl1);
>  -				goto done;
>  -			}
>  -		}
>  -		err = -ENOENT;
>  -		if (!(freq.flr_flags&IPV6_FL_F_CREATE))
>  +			fl_release(fl1);
>   			goto done;
>  +		}
>  +	}
>  +	err = -ENOENT;
>  +	if (!(freq->flr_flags & IPV6_FL_F_CREATE))
>  +		goto done;
>   
>  -		err = -ENOMEM;
>  -		if (!sfl1)
>  -			goto done;
>  +	err = -ENOMEM;
>  +	if (!sfl1)
>  +		goto done;
>   
>  -		err = mem_check(sk);
>  -		if (err != 0)
>  -			goto done;
>  +	err = mem_check(sk);
>  +	if (err != 0)
>  +		goto done;
>   
>  -		fl1 = fl_intern(net, fl, freq.flr_label);
>  -		if (fl1)
>  -			goto recheck;
>  +	fl1 = fl_intern(net, fl, freq->flr_label);
>  +	if (fl1)
>  +		goto recheck;
>   
>  -		if (!freq.flr_label) {
>  -			if (copy_to_user(&((struct in6_flowlabel_req __user *) optval)->flr_label,
>  -					 &fl->label, sizeof(fl->label))) {
>  -				/* Intentionally ignore fault. */
>  -			}
>  +	if (!freq->flr_label) {
>  +		sockptr_advance(optval,
>  +				offsetof(struct in6_flowlabel_req, flr_label));
>  +		if (copy_to_sockptr(optval, &fl->label, sizeof(fl->label))) {
>  +			/* Intentionally ignore fault. */
>   		}
>  -
>  -		fl_link(np, sfl1, fl);
>  -		return 0;
>  -
>  -	default:
>  -		return -EINVAL;
>   	}
>   
>  +	fl_link(np, sfl1, fl);
>  +	return 0;
>   done:
>   	fl_free(fl);
>   	kfree(sfl1);

This is now a conflict between the net-next tree and Linus' tree.

-- 
Cheers,
Stephen Rothwell

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: linux-next: manual merge of the kspp tree with the net-next tree
  2017-02-21 23:51 Stephen Rothwell
@ 2017-02-22  6:37 ` Daniel Borkmann
  0 siblings, 0 replies; 9+ messages in thread
From: Daniel Borkmann @ 2017-02-22  6:37 UTC (permalink / raw)
  To: Stephen Rothwell, Kees Cook, David Miller, Networking
  Cc: linux-next, linux-kernel, Laura Abbott

On 02/22/2017 12:51 AM, Stephen Rothwell wrote:
> Hi Kees,
>
> Today's linux-next merge of the kspp tree got a conflict in:
>
>    arch/arm/Kconfig
>
> between commit:
>
>    d2852a224050 ("arch: add ARCH_HAS_SET_MEMORY config")
>
> from the net-next tree and commit:
>
>    ad21fc4faa2a ("arch: Move CONFIG_DEBUG_RODATA and CONFIG_SET_MODULE_RONX to be common")
>
> from the kspp tree.
>
> I fixed it up (see below) and can carry the fix as necessary. This
> is now fixed as far as linux-next is concerned, but any non trivial
> conflicts should be mentioned to your upstream maintainer when your tree
> is submitted for merging.  You may also want to consider cooperating
> with the maintainer of the conflicting tree to minimise any particularly
> complex conflicts.

Also looks good to me.

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: linux-next: manual merge of the kspp tree with the net-next tree
  2017-02-22  0:06 Stephen Rothwell
@ 2017-02-22  6:35 ` Daniel Borkmann
  0 siblings, 0 replies; 9+ messages in thread
From: Daniel Borkmann @ 2017-02-22  6:35 UTC (permalink / raw)
  To: Stephen Rothwell, Kees Cook, David Miller, Networking
  Cc: linux-next, linux-kernel, Laura Abbott

On 02/22/2017 01:06 AM, Stephen Rothwell wrote:
> Hi all,
>
> Today's linux-next merge of the kspp tree got a conflict in:
>
>    include/linux/filter.h
>
> between commit:
>
>    9d876e79df6a ("bpf: fix unlocking of jited image when module ronx not set")
>
> from the net-next tree and commit:
>
>    0f5bf6d0afe4 ("arch: Rename CONFIG_DEBUG_RODATA and CONFIG_DEBUG_MODULE_RONX")
>
> from the kspp tree.
>
> Hmmm, both these change the ifdef guards I have used the one from the
> net-next tree (CONFIG_ARCH_HAS_SET_MEMORY) for today, please let me know
> if that is not correct.

That's fine, thanks!

^ permalink raw reply	[flat|nested] 9+ messages in thread

* linux-next: manual merge of the kspp tree with the net-next tree
@ 2017-02-22  0:06 Stephen Rothwell
  2017-02-22  6:35 ` Daniel Borkmann
  0 siblings, 1 reply; 9+ messages in thread
From: Stephen Rothwell @ 2017-02-22  0:06 UTC (permalink / raw)
  To: Kees Cook, David Miller, Networking
  Cc: linux-next, linux-kernel, Laura Abbott, Daniel Borkmann

Hi all,

Today's linux-next merge of the kspp tree got a conflict in:

  include/linux/filter.h

between commit:

  9d876e79df6a ("bpf: fix unlocking of jited image when module ronx not set")

from the net-next tree and commit:

  0f5bf6d0afe4 ("arch: Rename CONFIG_DEBUG_RODATA and CONFIG_DEBUG_MODULE_RONX")

from the kspp tree.

Hmmm, both these change the ifdef guards I have used the one from the
net-next tree (CONFIG_ARCH_HAS_SET_MEMORY) for today, please let me know
if that is not correct.

I fixed it up (see above) and can carry the fix as necessary. This
is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging.  You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.

-- 
Cheers,
Stephen Rothwell

^ permalink raw reply	[flat|nested] 9+ messages in thread

* linux-next: manual merge of the kspp tree with the net-next tree
@ 2017-02-21 23:51 Stephen Rothwell
  2017-02-22  6:37 ` Daniel Borkmann
  0 siblings, 1 reply; 9+ messages in thread
From: Stephen Rothwell @ 2017-02-21 23:51 UTC (permalink / raw)
  To: Kees Cook, David Miller, Networking
  Cc: linux-next, linux-kernel, Daniel Borkmann, Laura Abbott

Hi Kees,

Today's linux-next merge of the kspp tree got a conflict in:

  arch/arm/Kconfig

between commit:

  d2852a224050 ("arch: add ARCH_HAS_SET_MEMORY config")

from the net-next tree and commit:

  ad21fc4faa2a ("arch: Move CONFIG_DEBUG_RODATA and CONFIG_SET_MODULE_RONX to be common")

from the kspp tree.

I fixed it up (see below) and can carry the fix as necessary. This
is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging.  You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.

-- 
Cheers,
Stephen Rothwell

diff --cc arch/arm/Kconfig
index 08d6a701c4fd,8748353ed5e0..000000000000
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@@ -2,10 -2,10 +2,12 @@@ config AR
  	bool
  	default y
  	select ARCH_CLOCKSOURCE_DATA
 +	select ARCH_HAS_DEBUG_VIRTUAL
  	select ARCH_HAS_DEVMEM_IS_ALLOWED
  	select ARCH_HAS_ELF_RANDOMIZE
 +	select ARCH_HAS_SET_MEMORY
+ 	select ARCH_HAS_STRICT_KERNEL_RWX if MMU && !XIP_KERNEL
+ 	select ARCH_HAS_STRICT_MODULE_RWX if MMU
  	select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST
  	select ARCH_HAVE_CUSTOM_GPIO_H
  	select ARCH_HAS_GCOV_PROFILE_ALL

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: linux-next: manual merge of the kspp tree with the net-next tree
  2017-02-19 23:56 Stephen Rothwell
@ 2017-02-20  9:01 ` Daniel Borkmann
  0 siblings, 0 replies; 9+ messages in thread
From: Daniel Borkmann @ 2017-02-20  9:01 UTC (permalink / raw)
  To: Stephen Rothwell, Kees Cook, David Miller, Networking
  Cc: linux-next, linux-kernel, Laura Abbott

On 02/20/2017 12:56 AM, Stephen Rothwell wrote:
> Hi Kees,
>
> Today's linux-next merge of the kspp tree got a conflict in:
>
>    include/linux/filter.h
>
> between commit:
>
>    74451e66d516 ("bpf: make jited programs visible in traces")
>
> from the net-next tree and commit:
>
>    0f5bf6d0afe4 ("arch: Rename CONFIG_DEBUG_RODATA and CONFIG_DEBUG_MODULE_RONX")
>
> from the kspp tree.
>
> I fixed it up (see below) and can carry the fix as necessary. This
> is now fixed as far as linux-next is concerned, but any non trivial
> conflicts should be mentioned to your upstream maintainer when your tree
> is submitted for merging.  You may also want to consider cooperating
> with the maintainer of the conflicting tree to minimise any particularly
> complex conflicts.

Looks good thanks!

^ permalink raw reply	[flat|nested] 9+ messages in thread

* linux-next: manual merge of the kspp tree with the net-next tree
@ 2017-02-19 23:56 Stephen Rothwell
  2017-02-20  9:01 ` Daniel Borkmann
  0 siblings, 1 reply; 9+ messages in thread
From: Stephen Rothwell @ 2017-02-19 23:56 UTC (permalink / raw)
  To: Kees Cook, David Miller, Networking
  Cc: linux-next, linux-kernel, Laura Abbott, Daniel Borkmann

Hi Kees,

Today's linux-next merge of the kspp tree got a conflict in:

  include/linux/filter.h

between commit:

  74451e66d516 ("bpf: make jited programs visible in traces")

from the net-next tree and commit:

  0f5bf6d0afe4 ("arch: Rename CONFIG_DEBUG_RODATA and CONFIG_DEBUG_MODULE_RONX")

from the kspp tree.

I fixed it up (see below) and can carry the fix as necessary. This
is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging.  You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.

-- 
Cheers,
Stephen Rothwell

diff --cc include/linux/filter.h
index 0c1cc9143cb2,c6dd53e88711..000000000000
--- a/include/linux/filter.h
+++ b/include/linux/filter.h
@@@ -574,21 -561,8 +574,21 @@@ static inline void bpf_prog_lock_ro(str
  static inline void bpf_prog_unlock_ro(struct bpf_prog *fp)
  {
  }
 +
 +static inline void bpf_jit_binary_unlock_ro(struct bpf_binary_header *hdr)
 +{
 +}
- #endif /* CONFIG_DEBUG_SET_MODULE_RONX */
+ #endif /* CONFIG_STRICT_MODULE_RWX */
  
 +static inline struct bpf_binary_header *
 +bpf_jit_binary_hdr(const struct bpf_prog *fp)
 +{
 +	unsigned long real_start = (unsigned long)fp->bpf_func;
 +	unsigned long addr = real_start & PAGE_MASK;
 +
 +	return (void *)addr;
 +}
 +
  int sk_filter_trim_cap(struct sock *sk, struct sk_buff *skb, unsigned int cap);
  static inline int sk_filter(struct sock *sk, struct sk_buff *skb)
  {

^ permalink raw reply	[flat|nested] 9+ messages in thread

* linux-next: manual merge of the kspp tree with the net-next tree
@ 2017-02-08  1:30 Stephen Rothwell
  0 siblings, 0 replies; 9+ messages in thread
From: Stephen Rothwell @ 2017-02-08  1:30 UTC (permalink / raw)
  To: Kees Cook, David Miller, Networking
  Cc: linux-next, linux-kernel, Mao Wenan, Laura Abbott

Hi Kees,

Today's linux-next merge of the kspp tree got a conflict in:

  arch/Kconfig

between commit:

  1a8b6d76dc5b ("net:add one common config ARCH_WANT_RELAX_ORDER to support relax ordering")

from the net-next tree and commits:

  ad21fc4faa2a ("arch: Move CONFIG_DEBUG_RODATA and CONFIG_SET_MODULE_RONX to be common")
  0f5bf6d0afe4 ("arch: Rename CONFIG_DEBUG_RODATA and CONFIG_DEBUG_MODULE_RONX")

from the kspp tree.

I fixed it up (see below) and can carry the fix as necessary. This
is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging.  You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.

-- 
Cheers,
Stephen Rothwell

diff --cc arch/Kconfig
index bd04eace455c,7425fde9c723..000000000000
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@@ -781,7 -843,38 +843,41 @@@ config VMAP_STAC
  	  the stack to map directly to the KASAN shadow map using a formula
  	  that is incorrect if the stack is in vmalloc space.
  
 +config ARCH_WANT_RELAX_ORDER
 +	bool
 +
+ config ARCH_OPTIONAL_KERNEL_RWX
+ 	def_bool n
+ 
+ config ARCH_OPTIONAL_KERNEL_RWX_DEFAULT
+ 	def_bool n
+ 
+ config ARCH_HAS_STRICT_KERNEL_RWX
+ 	def_bool n
+ 
+ config STRICT_KERNEL_RWX
+ 	bool "Make kernel text and rodata read-only" if ARCH_OPTIONAL_KERNEL_RWX
+ 	depends on ARCH_HAS_STRICT_KERNEL_RWX
+ 	default !ARCH_OPTIONAL_KERNEL_RWX || ARCH_OPTIONAL_KERNEL_RWX_DEFAULT
+ 	help
+ 	  If this is set, kernel text and rodata memory will be made read-only,
+ 	  and non-text memory will be made non-executable. This provides
+ 	  protection against certain security exploits (e.g. executing the heap
+ 	  or modifying text)
+ 
+ 	  These features are considered standard security practice these days.
+ 	  You should say Y here in almost all cases.
+ 
+ config ARCH_HAS_STRICT_MODULE_RWX
+ 	def_bool n
+ 
+ config STRICT_MODULE_RWX
+ 	bool "Set loadable kernel module data as NX and text as RO" if ARCH_OPTIONAL_KERNEL_RWX
+ 	depends on ARCH_HAS_STRICT_MODULE_RWX && MODULES
+ 	default !ARCH_OPTIONAL_KERNEL_RWX || ARCH_OPTIONAL_KERNEL_RWX_DEFAULT
+ 	help
+ 	  If this is set, module text and rodata memory will be made read-only,
+ 	  and non-text memory will be made non-executable. This provides
+ 	  protection against certain security exploits (e.g. writing to text)
+ 
  source "kernel/gcov/Kconfig"

^ permalink raw reply	[flat|nested] 9+ messages in thread

end of thread, back to index

Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-27  9:27 linux-next: manual merge of the kspp tree with the net-next tree Stephen Rothwell
2020-08-05  4:05 ` Stephen Rothwell
  -- strict thread matches above, loose matches on Subject: below --
2017-02-22  0:06 Stephen Rothwell
2017-02-22  6:35 ` Daniel Borkmann
2017-02-21 23:51 Stephen Rothwell
2017-02-22  6:37 ` Daniel Borkmann
2017-02-19 23:56 Stephen Rothwell
2017-02-20  9:01 ` Daniel Borkmann
2017-02-08  1:30 Stephen Rothwell

Linux-Next Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-next/0 linux-next/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-next linux-next/ https://lore.kernel.org/linux-next \
		linux-next@vger.kernel.org
	public-inbox-index linux-next

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-next


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git