- 13 Mar, 2018 2 commits
-
-
Kamlakant Patel authored
This happens when BMC doesn't return any data and the code is trying to print the value of data[2]. Getting following crash: [ 484.728410] Unable to handle kernel NULL pointer dereference at virtual address 00000002 [ 484.736496] pgd = ffff0000094a2000 [ 484.739885] [00000002] *pgd=00000047fcffe003, *pud=00000047fcffd003, *pmd=0000000000000000 [ 484.748158] Internal error: Oops: 96000005 [#1] SMP [...] [ 485.101451] Call trace: [...] [ 485.188473] [<ffff000000a46e68>] msg_done_handler+0x668/0x700 [ipmi_ssif] [ 485.195249] [<ffff000000a456b8>] ipmi_ssif_thread+0x110/0x128 [ipmi_ssif] [ 485.202038] [<ffff0000080f1430>] kthread+0x108/0x138 [ 485.206994] [<ffff0000080838e0>] ret_from_fork+0x10/0x30 [ 485.212294] Code: aa1903e1 aa1803e0 b900227f 95fef6a5 (39400aa3) Adding a check to validate the data len before printing data[2] to fix this issue. Signed-off-by: Kamlakant Patel <kamlakant.patel@cavium.com> Signed-off-by: Corey Minyard <cminyard@mvista.com>
-
Corey Minyard authored
Realtek has some sort of "Virtual" IPMI device on the PCI bus as a KCS controller, but whatever it is, it's not one. Ignore it if seen. Reported-by: Chris Chiu <chiu@endlessm.com> Signed-off-by: Corey Minyard <cminyard@mvista.com> Tested-by: Daniel Drake <drake@endlessm.com>
-
- 12 Mar, 2018 2 commits
-
-
Corey Minyard authored
The IPMI spec states: The purpose of the SPMI Table is to provide a mechanism that can be used by the OSPM (an ACPI term for “OS Operating System-directed configuration and Power Management” essentially meaning an ACPI-aware OS or OS loader) very early in the boot process, e.g., before the ability to execute ACPI control methods in the OS is available. When we are probing IPMI in Linux, ACPI control methods are available, so we shouldn't be probing using SPMI. It could cause some confusion during the probing process. Signed-off-by: Corey Minyard <cminyard@mvista.com>
-
Corey Minyard authored
The IPMI spec states: The purpose of the SPMI Table is to provide a mechanism that can be used by the OSPM (an ACPI term for “OS Operating System-directed configuration and Power Management” essentially meaning an ACPI-aware OS or OS loader) very early in the boot process, e.g., before the ability to execute ACPI control methods in the OS is available. When we are probing IPMI in Linux, ACPI control methods are available, so we shouldn't be probing using SPMI. It could cause some confusion during the probing process. Signed-off-by: Corey Minyard <cminyard@mvista.com> Tested-by: Jiandi An <anjiandi@codeaurora.org>
-
- 07 Mar, 2018 5 commits
-
-
Dan Carpenter authored
If platform_device_alloc() then we should return -ENOMEM instead of returning success. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Corey Minyard <cminyard@mvista.com>
-
Colin Ian King authored
Use the ARRAY_SIZE macro on a array poweroff_functions to determine size of the array. Improvement suggested by Coccinelle. Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Corey Minyard <cminyard@mvista.com>
-
Corey Minyard authored
The cleanup code for an init failure and for a device removal were quite similar, consolidate all that into one function. Signed-off-by: Corey Minyard <cminyard@mvista.com>
-
Corey Minyard authored
The data is allocated with kzalloc, no need to set things to NULL. Signed-off-by: Corey Minyard <cminyard@mvista.com>
-
Corey Minyard authored
device_remove_group() was called on any cleanup, even if the device attrs had not been added yet. That can occur in certain error scenarios, so add a flag to know if it has been added. Also make sure we remove the dev if we added it ourselves. Signed-off-by: Corey Minyard <cminyard@mvista.com> Cc: stable@vger.kernel.org # 4.15 Cc: Laura Abbott <labbott@redhat.com> Tested-by: Bill Perkins <wmp@grnwood.net>
-
- 27 Feb, 2018 1 commit
-
-
Corey Minyard authored
And get rid of the license text that is no longer necessary. Signed-off-by: Corey Minyard <cminyard@mvista.com> Cc: Kees Cook <keescook@chromium.org> Cc: Alistair Popple <alistair@popple.id.au> Cc: Jeremy Kerr <jk@ozlabs.org> Cc: Joel Stanley <joel@jms.id.au> Cc: Rocky Craig <rocky.craig@hp.com>
-
- 26 Feb, 2018 12 commits
-
-
Andy Shevchenko authored
Replace home grown set_prop_entry() macro by generic PROPERTY_ENTRY_INTEGER()-like ones. Cc: Corey Minyard <cminyard@mvista.com> Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com> Signed-off-by: Corey Minyard <cminyard@mvista.com>
-
Corey Minyard authored
Signed-off-by: Corey Minyard <cminyard@mvista.com>
-
Haiyue Wang authored
Many for coding-style fixes, and update the poll API with the new type '__poll_t', this is new commit from linux-4.16-rc1. Signed-off-by: Haiyue Wang <haiyue.wang@linux.intel.com> Signed-off-by: Corey Minyard <cminyard@mvista.com>
-
Aishwarya Pant authored
This is an attempt to document the sysfs interface for the IPMI drivers. Descriptions were collected from v2.0 of the IPMI specification and from code comments. Signed-off-by: Aishwarya Pant <aishpant@gmail.com> Signed-off-by: Corey Minyard <cminyard@mvista.com>
-
Gustavo A. R. Silva authored
In preparation to enabling -Wimplicit-fallthrough, mark switch cases where we are expecting to fall through. Addresses-Coverity-ID: 1465255 ("Missing break in switch") Signed-off-by: Gustavo A. R. Silva <garsilva@embeddedor.com> Cc: Haiyue Wang <haiyue.wang@linux.intel.com> Signed-off-by: Corey Minyard <cminyard@mvista.com>
-
Haiyue Wang authored
The KCS (Keyboard Controller Style) interface is used to perform in-band IPMI communication between a server host and its BMC (BaseBoard Management Controllers). This driver exposes the KCS interface on ASpeed SOCs (AST2400 and AST2500) as a character device. Such SOCs are commonly used as BMCs and this driver implements the BMC side of the KCS interface. Signed-off-by: Haiyue Wang <haiyue.wang@linux.intel.com> Signed-off-by: Corey Minyard <cminyard@mvista.com>
-
Haiyue Wang authored
Provides a device driver for the KCS (Keyboard Controller Style) IPMI interface which meets the requirement of the BMC (Baseboard Management Controllers) side for handling the IPMI request from host system software. Signed-off-by: Haiyue Wang <haiyue.wang@linux.intel.com> [Removed the selectability of IPMI_KCS_BMC, as it doesn't do much good to have it by itself.] Signed-off-by: Corey Minyard <cminyard@mvista.com>
-
git://github.com/jcmvbkbc/linux-xtensaLinus Torvalds authored
Pull Xtensa fixes from Max Filippov: "Two fixes for reserved memory/DMA buffers allocation in high memory on xtensa architecture - fix memory accounting when reserved memory is in high memory region - fix DMA allocation from high memory" * tag 'xtensa-20180225' of git://github.com/jcmvbkbc/linux-xtensa: xtensa: support DMA buffers in high memory xtensa: fix high memory/reserved memory collision
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull x86 fixes from Thomas Gleixner: "A small set of fixes: - UAPI data type correction for hyperv - correct the cpu cores field in /proc/cpuinfo on CPU hotplug - return proper error code in the resctrl file system failure path to avoid silent subsequent failures - correct a subtle accounting issue in the new vector allocation code which went unnoticed for a while and caused suspend/resume failures" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations x86/topology: Fix function name in documentation x86/intel_rdt: Fix incorrect returned value when creating rdgroup sub-directory in resctrl file system x86/apic/vector: Handle vector release on CPU unplug correctly genirq/matrix: Handle CPU offlining proper x86/headers/UAPI: Use __u64 instead of u64 in <uapi/asm/hyperv.h>
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull perf fix from Thomas Gleixner: "A single commit which shuts up a bogus GCC-8 warning" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/oprofile: Fix bogus GCC-8 warning in nmi_setup()
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull locking fixes from Thomas Gleixner: "Three patches to fix memory ordering issues on ALPHA and a comment to clarify the usage scope of a mutex internal function" * 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs locking/xchg/alpha: Clean up barrier usage by using smp_mb() in place of __ASM__MB locking/xchg/alpha: Add unconditional memory barrier to cmpxchg() locking/mutex: Add comment to __mutex_owner() to deter usage
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull cleanup patchlet from Thomas Gleixner: "A single commit removing a bunch of bogus double semicolons all over the tree" * 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: treewide/trivial: Remove ';;$' typo noise
-
- 25 Feb, 2018 2 commits
-
-
git://git.linux-nfs.org/projects/trondmy/linux-nfsLinus Torvalds authored
Pull NFS client bugfixes from Trond Myklebust: - fix a broken cast in nfs4_callback_recallany() - fix an Oops during NFSv4 migration events - make struct nlmclnt_fl_close_lock_ops static * tag 'nfs-for-4.16-3' of git://git.linux-nfs.org/projects/trondmy/linux-nfs: NFS: make struct nlmclnt_fl_close_lock_ops static nfs: system crashes after NFS4ERR_MOVED recovery NFSv4: Fix broken cast in nfs4_callback_recallany()
-
git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linuxLinus Torvalds authored
Pull powerpc fixes from Michael Ellerman: - Add handling for a missing instruction in our 32-bit BPF JIT so that it can be used for seccomp filtering. - Add a missing NULL pointer check before a function call in new EEH code. - Fix an error path in the new ocxl driver to correctly return EFAULT. - The support for the new ibm,drc-info device tree property turns out to need several fixes, so for now we just stop advertising to firmware that we support it until the bugs can be ironed out. - One fix for the new drmem code which was incorrectly modifying the device tree in place. - Finally two fixes for the RFI flush support, so that firmware can advertise to us that it should be disabled entirely so as not to affect performance. Thanks to: Bharata B Rao, Frederic Barrat, Juan J. Alvarez, Mark Lord, Michael Bringmann. * tag 'powerpc-4.16-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc/powernv: Support firmware disable of RFI flush powerpc/pseries: Support firmware disable of RFI flush powerpc/mm/drmem: Fix unexpected flag value in ibm,dynamic-memory-v2 powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access powerpc/pseries: Revert support for ibm,drc-info devtree property powerpc/pseries: Fix duplicate firmware feature for DRC_INFO ocxl: Fix potential bad errno on irq allocation powerpc/eeh: Fix crashes in eeh_report_resume()
-
- 23 Feb, 2018 16 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds authored
Pull networking fixes from David Miller: 1) Fix TTL offset calculation in mac80211 mesh code, from Peter Oh. 2) Fix races with procfs in ipt_CLUSTERIP, from Cong Wang. 3) Memory leak fix in lpm_trie BPF map code, from Yonghong Song. 4) Need to use GFP_ATOMIC in BPF cpumap allocations, from Jason Wang. 5) Fix potential deadlocks in netfilter getsockopt() code paths, from Paolo Abeni. 6) Netfilter stackpointer size checks really are needed to validate user input, from Florian Westphal. 7) Missing timer init in x_tables, from Paolo Abeni. 8) Don't use WQ_MEM_RECLAIM in mac80211 hwsim, from Johannes Berg. 9) When an ibmvnic device is brought down then back up again, it can be sent queue entries from a previous session, handle this properly instead of crashing. From Thomas Falcon. 10) Fix TCP checksum on LRO buffers in mlx5e, from Gal Pressman. 11) When we are dumping filters in cls_api, the output SKB is empty, and the filter we are dumping is too large for the space in the SKB, we should return -EMSGSIZE like other netlink dump operations do. Otherwise userland has no signal that is needs to increase the size of its read buffer. From Roman Kapl. 12) Several XDP fixes for virtio_net, from Jesper Dangaard Brouer. 13) Module refcount leak in netlink when a dump start fails, from Jason Donenfeld. 14) Handle sub-optimal GSO sizes better in TCP BBR congestion control, from Eric Dumazet. 15) Releasing bpf per-cpu arraymaps can take a long time, add a condtional scheduling point. From Eric Dumazet. 16) Implement retpolines for tail calls in x64 and arm64 bpf JITs. From Daniel Borkmann. 17) Fix page leak in gianfar driver, from Andy Spencer. 18) Missed clearing of estimator scratch buffer, from Eric Dumazet. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (76 commits) net_sched: gen_estimator: fix broken estimators based on percpu stats gianfar: simplify FCS handling and fix memory leak ipv6 sit: work around bogus gcc-8 -Wrestrict warning macvlan: fix use-after-free in macvlan_common_newlink() bpf, arm64: fix out of bounds access in tail call bpf, x64: implement retpoline for tail call rxrpc: Fix send in rxrpc_send_data_packet() net: aquantia: Fix error handling in aq_pci_probe() bpf: fix rcu lockdep warning for lpm_trie map_free callback bpf: add schedule points in percpu arrays management regulatory: add NUL to request alpha2 ibmvnic: Fix early release of login buffer net/smc9194: Remove bogus CONFIG_MAC reference net: ipv4: Set addr_type in hash_keys for forwarded case tcp_bbr: better deal with suboptimal GSO smsc75xx: fix smsc75xx_set_features() netlink: put module reference if dump start fails selftests/bpf/test_maps: exit child process without error in ENOMEM case selftests/bpf: update gitignore with test_libbpf_open selftests/bpf: tcpbpf_kern: use in6_* macros from glibc ..
-
Linus Torvalds authored
Merge branch 'fixes-v4.16-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security Pull security subsystem fixes from James Morris: - keys fixes via David Howells: "A collection of fixes for Linux keyrings, mostly thanks to Eric Biggers: - Fix some PKCS#7 verification issues. - Fix handling of unsupported crypto in X.509. - Fix too-large allocation in big_key" - Seccomp updates via Kees Cook: "These are fixes for the get_metadata interface that landed during -rc1. While the new selftest is strictly not a bug fix, I think it's in the same spirit of avoiding bugs" - an IMA build fix from Randy Dunlap * 'fixes-v4.16-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: integrity/security: fix digsig.c build error with header file KEYS: Use individual pages in big_key for crypto buffers X.509: fix NULL dereference when restricting key with unsupported_sig X.509: fix BUG_ON() when hash algorithm is unsupported PKCS#7: fix direct verification of SignerInfo signature PKCS#7: fix certificate blacklisting PKCS#7: fix certificate chain verification seccomp: add a selftest for get_metadata ptrace, seccomp: tweak get_metadata behavior slightly seccomp, ptrace: switch get_metadata types to arch independent
-
git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linuxLinus Torvalds authored
Pull arm64 fixes from Catalin Marinas: "arm64 and perf fixes: - build error when accessing MPIDR_HWID_BITMASK from .S - fix CTR_EL0 field definitions - remove/disable some kernel messages on user faults (unhandled signals, unimplemented syscalls) - fix kernel page fault in unwind_frame() with function graph tracing - fix perf sleeping while atomic errors when booting with ACPI" * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64: fix unwind_frame() for filtered out fn for function graph tracing arm64: Enforce BBM for huge IO/VMAP mappings arm64: perf: correct PMUVer probing arm_pmu: acpi: request IRQs up-front arm_pmu: note IRQs and PMUs per-cpu arm_pmu: explicitly enable/disable SPIs at hotplug arm_pmu: acpi: check for mismatched PPIs arm_pmu: add armpmu_alloc_atomic() arm_pmu: fold platform helpers into platform code arm_pmu: kill arm_pmu_platdata ARM: ux500: remove PMU IRQ bouncer arm64: __show_regs: Only resolve kernel symbols when running at EL1 arm64: Remove unimplemented syscall log message arm64: Disable unhandled signal log messages by default arm64: cpufeature: Fix CTR_EL0 field definitions arm64: uaccess: Formalise types for access_ok() arm64: Fix compilation error while accessing MPIDR_HWID_BITMASK from .S files
-
git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/mipsLinus Torvalds authored
Pull MIPS fix from James Hogan: "A single MIPS fix for mismatching struct compat_flock, resulting in bus errors starting Firefox on Debian 8 since 4.13" * tag 'mips_fixes_4.16_3' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/mips: MIPS: Drop spurious __unused in struct compat_flock
-
git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printkLinus Torvalds authored
Pull printk fixlet from Petr Mladek: "People expect to see the real pointer value for %px. Let's substitute '(null)' only for the other %p? format modifiers that need to deference the pointer" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk: vsprintf: avoid misleading "(null)" for %px
-
git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linuxLinus Torvalds authored
Pull i2c fixes from Wolfram Sang: "Two bugfixes, one v4.16 regression fix, and two documentation fixes" * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: i2c: designware: Consider SCL GPIO optional i2c: busses: i2c-sirf: Fix spelling: "formular" -> "formula". i2c: bcm2835: Set up the rising/falling edge delays i2c: i801: Add missing documentation entries for Braswell and Kaby Lake i2c: designware: must wait for enable
-
git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsiLinus Torvalds authored
Pull SCSI fixes from James Bottomley: "These are mostly fixes for problems with merge window code. In addition we have one doc update (alua) and two dead code removals (aiclib and octogon) a spurious assignment removal (csiostor) and a performance improvement for storvsc involving better interrupt spreading and increasing the command per lun handling" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: qla4xxx: skip error recovery in case of register disconnect. scsi: aacraid: fix shutdown crash when init fails scsi: qedi: Cleanup local str variable scsi: qedi: Fix truncation of CHAP name and secret scsi: qla2xxx: Fix incorrect handle for abort IOCB scsi: qla2xxx: Fix double free bug after firmware timeout scsi: storvsc: Increase cmd_per_lun for higher speed devices scsi: qla2xxx: Fix a locking imbalance in qlt_24xx_handle_els() scsi: scsi_dh: Document alua_rtpg_queue() arguments scsi: Remove Makefile entry for oktagon files scsi: aic7xxx: remove aiclib.c scsi: qla2xxx: Avoid triggering undefined behavior in qla2x00_mbx_completion() scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo() scsi: sym53c8xx_2: iterator underflow in sym_getsync() scsi: bnx2fc: Fix check in SCSI completion handler for timed out request scsi: csiostor: remove redundant assignment to pointer 'ln' scsi: ufs: Enable quirk to ignore sending WRITE_SAME command scsi: ibmvfc: fix misdefined reserved field in ibmvfc_fcp_rsp_info scsi: qla2xxx: Fix memory corruption during hba reset test scsi: mpt3sas: fix an out of bound write
-
git://people.freedesktop.org/~airlied/linuxLinus Torvalds authored
Pull drm fixes from Dave Airlie: "A bunch of fixes for rc3: Exynos: - fixes for using monotonic timestamps - register definitions - removal of unused file ipu-v3L - minor changes - make some register arrays const+static - fix some leaks meson: - fix for vsync atomic: - fix for memory leak EDID parser: - add quirks for some more non-desktop devices - 6-bit panel fix. drm_mm: - fix a bug in the core drm mm hole handling cirrus: - fix lut loading regression Lastly there is a deadlock fix around runtime suspend for secondary GPUs. There was a deadlock between one thread trying to wait for a workqueue job to finish in the runtime suspend path, and the workqueue job it was waiting for in turn waiting for a runtime_get_sync to return. The fixes avoids it by not doing the runtime sync in the workqueue as then we always wait for all those tasks to complete before we runtime suspend" * tag 'drm-fixes-for-v4.16-rc3' of git://people.freedesktop.org/~airlied/linux: (25 commits) drm/tve200: fix kernel-doc documentation comment include drm/edid: quirk Sony PlayStation VR headset as non-desktop drm/edid: quirk Windows Mixed Reality headsets as non-desktop drm/edid: quirk Oculus Rift headsets as non-desktop drm/meson: fix vsync buffer update drm: Handle unexpected holes in color-eviction drm: exynos: Use proper macro definition for HDMI_I2S_PIN_SEL_1 drm/exynos: remove exynos_drm_rotator.h drm/exynos: g2d: Delete an error message for a failed memory allocation in two functions drm/exynos: fix comparison to bitshift when dealing with a mask drm/exynos: g2d: use monotonic timestamps drm/edid: Add 6 bpc quirk for CPT panel in Asus UX303LA gpu: ipu-csi: add 10/12-bit grayscale support to mbus_code_to_bus_cfg gpu: ipu-cpmem: add 16-bit grayscale support to ipu_cpmem_set_image gpu: ipu-v3: prg: fix device node leak in ipu_prg_lookup_by_phandle gpu: ipu-v3: pre: fix device node leak in ipu_pre_lookup_by_phandle drm/amdgpu: Fix deadlock on runtime suspend drm/radeon: Fix deadlock on runtime suspend drm/nouveau: Fix deadlock on runtime suspend drm: Allow determining if current task is output poll worker ...
-
Eric Dumazet authored
pfifo_fast got percpu stats lately, uncovering a bug I introduced last year in linux-4.10. I missed the fact that we have to clear our temporary storage before calling __gnet_stats_copy_basic() in the case of percpu stats. Without this fix, rate estimators (tc qd replace dev xxx root est 1sec 4sec pfifo_fast) are utterly broken. Fixes: 1c0d32fd ("net_sched: gen_estimator: complete rewrite of rate estimators") Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpfDavid S. Miller authored
Alexei Starovoitov says: ==================== pull-request: bpf 2018-02-22 The following pull-request contains BPF updates for your *net* tree. The main changes are: 1) two urgent fixes for bpf_tail_call logic for x64 and arm64 JITs, from Daniel. 2) cond_resched points in percpu array alloc/free paths, from Eric. 3) lockdep and other minor fixes, from Yonghong, Arnd, Anders, Li. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Andy Spencer authored
Previously, buffer descriptors containing only the frame check sequence (FCS) were skipped and not added to the skb. However, the page reference count was still incremented, leading to a memory leak. Fixing this inside gfar_add_rx_frag() is difficult due to reserved memory handling and page reuse. Instead, move the FCS handling to gfar_process_frame() and trim off the FCS before passing the skb up the networking stack. Signed-off-by: Andy Spencer <aspencer@spacex.com> Signed-off-by: Jim Gruen <jgruen@spacex.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Arnd Bergmann authored
gcc-8 has a new warning that detects overlapping input and output arguments in memcpy(). It triggers for sit_init_net() calling ipip6_tunnel_clone_6rd(), which is actually correct: net/ipv6/sit.c: In function 'sit_init_net': net/ipv6/sit.c:192:3: error: 'memcpy' source argument is the same as destination [-Werror=restrict] The problem here is that the logic detecting the memcpy() arguments finds them to be the same, but the conditional that tests for the input and output of ipip6_tunnel_clone_6rd() to be identical is not a compile-time constant. We know that netdev_priv(t->dev) is the same as t for a tunnel device, and comparing "dev" directly here lets the compiler figure out as well that 'dev == sitn->fb_tunnel_dev' when called from sit_init_net(), so it no longer warns. This code is old, so Cc stable to make sure that we don't get the warning for older kernels built with new gcc. Cc: Martin Sebor <msebor@gmail.com> Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83456Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Alexey Kodanev authored
The following use-after-free was reported by KASan when running LTP macvtap01 test on 4.16-rc2: [10642.528443] BUG: KASAN: use-after-free in macvlan_common_newlink+0x12ef/0x14a0 [macvlan] [10642.626607] Read of size 8 at addr ffff880ba49f2100 by task ip/18450 ... [10642.963873] Call Trace: [10642.994352] dump_stack+0x5c/0x7c [10643.035325] print_address_description+0x75/0x290 [10643.092938] kasan_report+0x28d/0x390 [10643.137971] ? macvlan_common_newlink+0x12ef/0x14a0 [macvlan] [10643.207963] macvlan_common_newlink+0x12ef/0x14a0 [macvlan] [10643.275978] macvtap_newlink+0x171/0x260 [macvtap] [10643.334532] rtnl_newlink+0xd4f/0x1300 ... [10646.256176] Allocated by task 18450: [10646.299964] kasan_kmalloc+0xa6/0xd0 [10646.343746] kmem_cache_alloc_trace+0xf1/0x210 [10646.397826] macvlan_common_newlink+0x6de/0x14a0 [macvlan] [10646.464386] macvtap_newlink+0x171/0x260 [macvtap] [10646.522728] rtnl_newlink+0xd4f/0x1300 ... [10647.022028] Freed by task 18450: [10647.061549] __kasan_slab_free+0x138/0x180 [10647.111468] kfree+0x9e/0x1c0 [10647.147869] macvlan_port_destroy+0x3db/0x650 [macvlan] [10647.211411] rollback_registered_many+0x5b9/0xb10 [10647.268715] rollback_registered+0xd9/0x190 [10647.319675] register_netdevice+0x8eb/0xc70 [10647.370635] macvlan_common_newlink+0xe58/0x14a0 [macvlan] [10647.437195] macvtap_newlink+0x171/0x260 [macvtap] Commit d02fd6e7 ("macvlan: Fix one possible double free") handles the case when register_netdevice() invokes ndo_uninit() on error and as a result free the port. But 'macvlan_port_get_rtnl(dev))' check (returns dev->rx_handler_data), which was added by this commit in order to prevent double free, is not quite correct: * for macvlan it always returns NULL because 'lowerdev' is the one that was used to register rx handler (port) in macvlan_port_create() as well as to unregister it in macvlan_port_destroy(). * for macvtap it always returns a valid pointer because macvtap registers its own rx handler before macvlan_common_newlink(). Fixes: d02fd6e7 ("macvlan: Fix one possible double free") Signed-off-by: Alexey Kodanev <alexey.kodanev@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Pratyush Anand authored
do_task_stat() calls get_wchan(), which further does unwind_frame(). unwind_frame() restores frame->pc to original value in case function graph tracer has modified a return address (LR) in a stack frame to hook a function return. However, if function graph tracer has hit a filtered function, then we can't unwind it as ftrace_push_return_trace() has biased the index(frame->graph) with a 'huge negative' offset(-FTRACE_NOTRACE_DEPTH). Moreover, arm64 stack walker defines index(frame->graph) as unsigned int, which can not compare a -ve number. Similar problem we can have with calling of walk_stackframe() from save_stack_trace_tsk() or dump_backtrace(). This patch fixes unwind_frame() to test the index for -ve value and restore index accordingly before we can restore frame->pc. Reproducer: cd /sys/kernel/debug/tracing/ echo schedule > set_graph_notrace echo 1 > options/display-graph echo wakeup > current_tracer ps -ef | grep -i agent Above commands result in: Unable to handle kernel paging request at virtual address ffff801bd3d1e000 pgd = ffff8003cbe97c00 [ffff801bd3d1e000] *pgd=0000000000000000, *pud=0000000000000000 Internal error: Oops: 96000006 [#1] SMP [...] CPU: 5 PID: 11696 Comm: ps Not tainted 4.11.0+ #33 [...] task: ffff8003c21ba000 task.stack: ffff8003cc6c0000 PC is at unwind_frame+0x12c/0x180 LR is at get_wchan+0xd4/0x134 pc : [<ffff00000808892c>] lr : [<ffff0000080860b8>] pstate: 60000145 sp : ffff8003cc6c3ab0 x29: ffff8003cc6c3ab0 x28: 0000000000000001 x27: 0000000000000026 x26: 0000000000000026 x25: 00000000000012d8 x24: 0000000000000000 x23: ffff8003c1c04000 x22: ffff000008c83000 x21: ffff8003c1c00000 x20: 000000000000000f x19: ffff8003c1bc0000 x18: 0000fffffc593690 x17: 0000000000000000 x16: 0000000000000001 x15: 0000b855670e2b60 x14: 0003e97f22cf1d0f x13: 0000000000000001 x12: 0000000000000000 x11: 00000000e8f4883e x10: 0000000154f47ec8 x9 : 0000000070f367c0 x8 : 0000000000000000 x7 : 00008003f7290000 x6 : 0000000000000018 x5 : 0000000000000000 x4 : ffff8003c1c03cb0 x3 : ffff8003c1c03ca0 x2 : 00000017ffe80000 x1 : ffff8003cc6c3af8 x0 : ffff8003d3e9e000 Process ps (pid: 11696, stack limit = 0xffff8003cc6c0000) Stack: (0xffff8003cc6c3ab0 to 0xffff8003cc6c4000) [...] [<ffff00000808892c>] unwind_frame+0x12c/0x180 [<ffff000008305008>] do_task_stat+0x864/0x870 [<ffff000008305c44>] proc_tgid_stat+0x3c/0x48 [<ffff0000082fde0c>] proc_single_show+0x5c/0xb8 [<ffff0000082b27e0>] seq_read+0x160/0x414 [<ffff000008289e6c>] __vfs_read+0x58/0x164 [<ffff00000828b164>] vfs_read+0x88/0x144 [<ffff00000828c2e8>] SyS_read+0x60/0xc0 [<ffff0000080834a0>] __sys_trace_return+0x0/0x4 Fixes: 20380bb3 (arm64: ftrace: fix a stack tracer's output under function graph tracer) Signed-off-by: Pratyush Anand <panand@redhat.com> Signed-off-by: Jerome Marchand <jmarchan@redhat.com> [catalin.marinas@arm.com: replace WARN_ON with WARN_ON_ONCE] Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
-
Samuel Neves authored
Without this fix, /proc/cpuinfo will display an incorrect amount of CPU cores, after bringing them offline and online again, as exemplified below: $ cat /proc/cpuinfo | grep cores cpu cores : 4 cpu cores : 8 cpu cores : 8 cpu cores : 20 cpu cores : 4 cpu cores : 3 cpu cores : 2 cpu cores : 2 This patch fixes this by always zeroing the booted_cores variable upon turning off a logical CPU. Tested-by: Dou Liyang <douly.fnst@cn.fujitsu.com> Signed-off-by: Samuel Neves <sneves@dei.uc.pt> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: jgross@suse.com Cc: luto@kernel.org Cc: prarit@redhat.com Cc: vkuznets@redhat.com Link: http://lkml.kernel.org/r/20180221205036.5244-1-sneves@dei.uc.ptSigned-off-by: Ingo Molnar <mingo@kernel.org>
-
Dou Liyang authored
topology_sibling_cpumask() is the correct thread-related topology function in the kernel: s/topology_sibling_mask/topology_sibling_cpumask Signed-off-by: Dou Liyang <douly.fnst@cn.fujitsu.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: corbet@lwn.net Cc: linux-doc@vger.kernel.org Link: http://lkml.kernel.org/r/20180222084812.14497-1-douly.fnst@cn.fujitsu.comSigned-off-by: Ingo Molnar <mingo@kernel.org>
-