- 09 Mar, 2018 1 commit
-
-
Matthew Wilcox authored
Sphinx 1.7 removed sphinx.util.compat.Directive so people who have upgraded cannot build the documentation. Switch to docutils.parsers.rst.Directive which has been available since docutils 0.5 released in 2009. Bugzilla: https://bugzilla.opensuse.org/show_bug.cgi?id=1083694Co-developed-by: Takashi Iwai <tiwai@suse.de> Acked-by: Jani Nikula <jani.nikula@intel.com> Cc: stable@vger.kernel.org Signed-off-by: Matthew Wilcox <mawilcox@microsoft.com> Signed-off-by: Jonathan Corbet <corbet@lwn.net>
-
- 08 Mar, 2018 5 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/mipsLinus Torvalds authored
Pull MIPS fixes from James Hogan: "A miscellaneous pile of MIPS fixes for 4.16: - move put_compat_sigset() to evade hardened usercopy warnings (4.16) - select ARCH_HAVE_PC_{SERIO,PARPORT} for Loongson64 platforms (4.16) - fix kzalloc() failure handling in ath25 (3.19) and Octeon (4.0) - fix disabling of IPIs during BMIPS suspend (3.19)" * tag 'mips_fixes_4.16_4' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/mips: MIPS: BMIPS: Do not mask IPIs during suspend MIPS: Loongson64: Select ARCH_MIGHT_HAVE_PC_SERIO MIPS: Loongson64: Select ARCH_MIGHT_HAVE_PC_PARPORT signals: Move put_compat_sigset to compat.h to silence hardened usercopy MIPS: OCTEON: irq: Check for null return on kzalloc allocation MIPS: ath25: Check for kzalloc allocation failure
-
Linus Torvalds authored
Merge tag 'chrome-platform-4.16-rc4-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/bleung/chrome-platform Pull chrome platform fix from Benson Leung: "Revert a problematic patch that constified something imporperly" * tag 'chrome-platform-4.16-rc4-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/bleung/chrome-platform: Revert "platform/chrome: chromeos_laptop: make chromeos_laptop const"
-
Dmitry Torokhov authored
This reverts commit a376cd91 because chromeos_laptop instances should not be marked as "const" (at this time), since i2c_peripheral is being modified (we change "state" and "tries") when we instantiate devices. Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com> Signed-off-by: Benson Leung <bleung@chromium.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhostLinus Torvalds authored
Pull virtio bugfix from Michael Tsirkin: "A bugfix for error handling in virtio" * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost: virtio_ring: fix num_free handling in error case
-
git://git.kernel.org/pub/scm/linux/kernel/git/dtor/inputLinus Torvalds authored
Pull input fixes from Dmitry Torokhov: - we are reverting patch that was switched touchpad on Lenovo T460P over to native RMI because on these boxes BIOS messes up with SMBus controller state. We might re-enable it later once SMBus issue is resolved - disabling interrupts in matrix_keypad driver was racy - mms114 now has SPDX header and matching MODULE_LICENSE * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: Revert "Input: synaptics - Lenovo Thinkpad T460p devices should use RMI" Input: matrix_keypad - fix race when disabling interrupts Input: mms114 - add SPDX identifier Input: mms114 - fix license module information
-
- 07 Mar, 2018 7 commits
-
-
Arkadiusz Hiler authored
This reverts commit 48282969 which caused the following issues: 1. On T460p with BIOS version 2.22 touchpad and trackpoint stop working after suspend-resume cycle. Due to strange state of the device another suspend is impossible. The following dmesg errors can be observed: thinkpad_acpi: EC reports that Thermal Table has changed rmi4_smbus 7-002c: failed to get SMBus version number! rmi4_physical rmi4-00: rmi_driver_reset_handler: Failed to read current IRQ mask. rmi4_f01 rmi4-00.fn01: Failed to restore normal operation: -16. rmi4_f01 rmi4-00.fn01: Resume failed with code -16. rmi4_physical rmi4-00: Failed to suspend functions: -16 rmi4_smbus 7-002c: Failed to resume device: -16 PM: resume devices took 0.640 seconds rmi4_f03 rmi4-00.fn03: rmi_f03_pt_write: Failed to write to F03 TX register (-16). rmi4_physical rmi4-00: rmi_driver_clear_irq_bits: Failed to change enabled interrupts! rmi4_physical rmi4-00: rmi_driver_set_irq_bits: Failed to change enabled interrupts! psmouse: probe of serio3 failed with error -1 2. On another T460p with BIOS version 2.15 two finger scrolling gesture on the touchpad stops working after suspend-resume cycle (about 75% reproducibility, when it still works, the scrolling gesture becomes laggy). Nothing suspicious appears in the dmesg. Analysis form Richard Schütz: "RMI is unreliable on the ThinkPad T460p because the device is affected by the firmware behavior addressed in a7ae8195 ("i2c: i801: Allow ACPI SystemIO OpRegion to conflict with PCI BAR")." The affected devices often show: i801_smbus 0000:00:1f.4: BIOS is accessing SMBus registers i801_smbus 0000:00:1f.4: Driver SMBus register access inhibited Reported-by: Richard Schütz <rschuetz@uni-koblenz.de> Signed-off-by: Arkadiusz Hiler <arkadiusz.hiler@intel.com> Tested-by: Martin Peres <martin.peres@linux.intel.com> Tested-by: Arkadiusz Hiler <arkadiusz.hiler@intel.com> Cc: stable@vger.kernel.org Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
-
git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2Linus Torvalds authored
Pull gfs2 fix from Bob Peterson: "An additional patch from Andreas Gruenbacher that fixes another unfortunate GFS2 regression" * tag 'gfs2-4.16.rc4.fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2: gfs2: Fixes to "Implement iomap for block_map" (2)
-
git://git.kernel.org/pub/scm/linux/kernel/git/s390/linuxLinus Torvalds authored
Pull s390 fixes from Martin Schwidefsky: "Nine bug fixes for s390: - Three fixes for the expoline code, one of them is strictly speaking a cleanup but as it relates to code added with 4.16 I would like to include the patch. - Three timer related fixes in the common I/O layer - A fix for the handling of internal DASD request which could cause panics. - One correction in regard to the accounting of pud page tables vs. compat tasks. - The register scrubbing in entry.S caused spurious crashes, this is fixed now as well" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: s390/entry.S: fix spurious zeroing of r0 s390: Fix runtime warning about negative pgtables_bytes s390: do not bypass BPENTER for interrupt system calls s390/cio: clear timer when terminating driver I/O s390/cio: fix return code after missing interrupt s390/cio: fix ccw_device_start_timeout API s390/clean-up: use CFI_* macros in entry.S s390: Replace IS_ENABLED(EXPOLINE_*) with IS_ENABLED(CONFIG_EXPOLINE_*) s390/dasd: fix handling of internal requests
-
Linus Torvalds authored
Merge tag 'regulator-fix-v4.16-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator Pull regulator fixes from Mark Brown: "A couple of fixes here: - another half of the supend to idle fix from Geert that went in earlier, both he and I are confused as to why he didn't notice that this was missing when his earlier fix was merged. - a simple fix for a test done the wrong way round in the stm32-vrefbuf driver" * tag 'regulator-fix-v4.16-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator: regulator: Fix resume from suspend to idle regulator: stm32-vrefbuf: fix check on ready flag
-
git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsiLinus Torvalds authored
Pull SCSI fixes from James Bottomley: "This is mostly fixes for driver specific issues (nine of them) and the storvsc performance improvement with interrupt handling which was dropped from the previous fixes pull request. We also have two regressions: one is a double call_rcu() in ATA error handling and the other is a missed conversion to BLK_STS_OK in __scsi_error_from_host_byte()" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: qedi: Fix kernel crash during port toggle scsi: qla2xxx: Fix FC-NVMe LUN discovery scsi: core: return BLK_STS_OK for DID_OK in __scsi_error_from_host_byte() scsi: core: Avoid that ATA error handling can trigger a kernel hang or oops scsi: qla2xxx: ensure async flags are reset correctly scsi: qla2xxx: do not check login_state if no loop id is assigned scsi: qla2xxx: Fixup locking for session deletion scsi: qla2xxx: Fix NULL pointer crash due to active timer for ABTS scsi: mpt3sas: wait for and flush running commands on shutdown/unload scsi: mpt3sas: fix oops in error handlers after shutdown/unload scsi: storvsc: Spread interrupts when picking a channel for I/O requests scsi: megaraid_sas: Do not use 32-bit atomic request descriptor for Ventura controllers
-
Andreas Gruenbacher authored
It turns out that commit 3229c18c0d6b2 'Fixes to "Implement iomap for block_map"' introduced another bug in gfs2_iomap_begin that can cause gfs2_block_map to set bh->b_size of an actual buffer to 0. This can lead to arbitrary incorrect behavior including crashes or disk corruption. Revert the incorrect part of that commit. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: Bob Peterson <rpeterso@redhat.com>
-
Mark Brown authored
Merge remote-tracking branches 'regulator/fix/resume' and 'regulator/fix/stm32-vfrefbuf' into regulator-linus
-
- 06 Mar, 2018 5 commits
-
-
Linus Torvalds authored
Merge branch 'siginfo-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace Pull sigingo fix from Eric Biederman: "The kbuild test robot found that I accidentally moved si_pkey when I was cleaning up siginfo_t. A short followed by an int with the int having 8 byte alignment. Sheesh siginfo_t is a weird structure. I have now corrected it and added build time checks that with a little luck will catch any similar future mistakes. The build time checks were sufficient for me to verify the bug and to verify my fix. So they are at least useful this once." * 'siginfo-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: signal/x86: Include the field offsets in the build time checks signal: Correct the offset of si_pkey in struct siginfo
-
Christian Borntraeger authored
when a system call is interrupted we might call the critical section cleanup handler that re-does some of the operations. When we are between .Lsysc_vtime and .Lsysc_do_svc we might also redo the saving of the problem state registers r0-r7: .Lcleanup_system_call: [...] 0: # update accounting time stamp mvc __LC_LAST_UPDATE_TIMER(8),__LC_SYNC_ENTER_TIMER # set up saved register r11 lg %r15,__LC_KERNEL_STACK la %r9,STACK_FRAME_OVERHEAD(%r15) stg %r9,24(%r11) # r11 pt_regs pointer # fill pt_regs mvc __PT_R8(64,%r9),__LC_SAVE_AREA_SYNC ---> stmg %r0,%r7,__PT_R0(%r9) The problem is now, that we might have already zeroed out r0. The fix is to move the zeroing of r0 after sysc_do_svc. Reported-by: Farhan Ali <alifm@linux.vnet.ibm.com> Fixes: 7041d281 ("s390: scrub registers on kernel entry and KVM exit") Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
-
Eric W. Biederman authored
Due to an oversight when refactoring siginfo_t si_pkey has been in the wrong position since 4.16-rc1. Add an explicit check of the offset of every user space field in siginfo_t and compat_siginfo_t to make a mistake like this hard to make in the future. I have run this code on 4.15 and 4.16-rc1 with the position of si_pkey fixed and all of the fields show up in the same location. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
-
Eric W. Biederman authored
The change moving addr_lsb into the _sigfault union failed to take into account that _sigfault._addr_bnd._lower being a pointer forced the entire union to have pointer alignment. In practice this only mattered for the offset of si_pkey which is why this has taken so long to discover. To correct this change _dummy_pkey and _dummy_bnd to have pointer type. Reported-by: kernel test robot <shun.hao@intel.com> Fixes: b68a68d3 ("signal: Move addr_lsb into the _sigfault union for clarity") Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
-
git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linuxLinus Torvalds authored
Pull ia64 cleanups from Tony Luck: - More atomic cleanup from willy - Fix a python script to work with version 3 - Some other small cleanups * tag 'please-pull-ia64_misc' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux: ia64/err-inject: fix spelling mistake: "capapbilities" -> "capabilities" ia64/err-inject: Use get_user_pages_fast() ia64: doc: tweak whitespace for 'console=' parameter ia64: Convert remaining atomic operations ia64: convert unwcheck.py to python3
-
- 05 Mar, 2018 21 commits
-
-
Justin Chen authored
Commit a3e6c1ef ("MIPS: IRQ: Fix disable_irq on CPU IRQs") fixes an issue where disable_irq did not actually disable the irq. The bug caused our IPIs to not be disabled, which actually is the correct behavior. With the addition of commit a3e6c1ef ("MIPS: IRQ: Fix disable_irq on CPU IRQs"), the IPIs were getting disabled going into suspend, thus schedule_ipi() was not being called. This caused deadlocks where schedulable task were not being scheduled and other cpus were waiting for them to do something. Add the IRQF_NO_SUSPEND flag so an irq_disable will not be called on the IPIs during suspend. Signed-off-by: Justin Chen <justinpopo6@gmail.com> Fixes: a3e6c1ef ("MIPS: IRQ: Fix disabled_irq on CPU IRQs") Cc: Florian Fainelli <f.fainelli@gmail.com> Cc: linux-mips@linux-mips.org Cc: stable@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/17385/ [jhogan@kernel.org: checkpatch: wrap long lines and fix commit refs] Signed-off-by: James Hogan <jhogan@kernel.org>
-
Colin Ian King authored
Trivial fix to spelling mistake in debug message text. Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Tony Luck <tony.luck@intel.com>
-
Davidlohr Bueso authored
At the point of sysfs callback, the call to gup is done without mmap_sem (or any lock for that matter). This is racy. As such, use the get_user_pages_fast() alternative and safely avoid taking the lock, if possible. Signed-off-by: Davidlohr Bueso <dbueso@suse.de> Signed-off-by: Tony Luck <tony.luck@intel.com>
-
Sergei Trofimovich authored
CC: Tony Luck <tony.luck@intel.com> CC: Fenghua Yu <fenghua.yu@intel.com> CC: linux-ia64@vger.kernel.org CC: linux-kernel@vger.kernel.org Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> Signed-off-by: Tony Luck <tony.luck@intel.com>
-
Matthew Wilcox authored
While we've only seen inlining problems with atomic_sub_return(), the other atomic operations could have the same problem. Convert all remaining operations to use the same solution as atomic_sub_return(). Signed-off-by: Matthew Wilcox <mawilcox@microsoft.com> Signed-off-by: Tony Luck <tony.luck@intel.com>
-
Corentin Labbe authored
Since my system use python3 as default, arch/ia64/scripts/unwcheck.py no longer run. This patch convert it to the python3 syntax. I have ran it with python2/python3 while printing values of start/end/rlen_sum which could be impacted by this change and I see no difference. Fixes: 94a47083 ("scripts: change scripts to use system python instead of env") Signed-off-by: Corentin Labbe <clabbe@baylibre.com> Signed-off-by: Tony Luck <tony.luck@intel.com>
-
Linus Torvalds authored
Merge tag 'linux-kselftest-4.16-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest Pull kselftest fixes from Shuah Khan: "A fix for regression in memory-hotplug install script that prevents the test from running on the target" * tag 'linux-kselftest-4.16-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest: selftests: memory-hotplug: fix emit_tests regression
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds authored
Pull networking fixes from David Miller: 1) Use an appropriate TSQ pacing shift in mac80211, from Toke Høiland-Jørgensen. 2) Just like ipv4's ip_route_me_harder(), we have to use skb_to_full_sk in ip6_route_me_harder, from Eric Dumazet. 3) Fix several shutdown races and similar other problems in l2tp, from James Chapman. 4) Handle missing XDP flush properly in tuntap, for real this time. From Jason Wang. 5) Out-of-bounds access in powerpc ebpf tailcalls, from Daniel Borkmann. 6) Fix phy_resume() locking, from Andrew Lunn. 7) IFLA_MTU values are ignored on newlink for some tunnel types, fix from Xin Long. 8) Revert F-RTO middle box workarounds, they only handle one dimension of the problem. From Yuchung Cheng. 9) Fix socket refcounting in RDS, from Ka-Cheong Poon. 10) Don't allow ppp unit registration to an unregistered channel, from Guillaume Nault. 11) Various hv_netvsc fixes from Stephen Hemminger. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (98 commits) hv_netvsc: propagate rx filters to VF hv_netvsc: filter multicast/broadcast hv_netvsc: defer queue selection to VF hv_netvsc: use napi_schedule_irqoff hv_netvsc: fix race in napi poll when rescheduling hv_netvsc: cancel subchannel setup before halting device hv_netvsc: fix error unwind handling if vmbus_open fails hv_netvsc: only wake transmit queue if link is up hv_netvsc: avoid retry on send during shutdown virtio-net: re enable XDP_REDIRECT for mergeable buffer ppp: prevent unregistered channels from connecting to PPP units tc-testing: skbmod: fix match value of ethertype mlxsw: spectrum_switchdev: Check success of FDB add operation net: make skb_gso_*_seglen functions private net: xfrm: use skb_gso_validate_network_len() to check gso sizes net: sched: tbf: handle GSO_BY_FRAGS case in enqueue net: rename skb_gso_validate_mtu -> skb_gso_validate_network_len rds: Incorrect reference counting in TCP socket creation net: ethtool: don't ignore return from driver get_fecparam method vrf: check forwarding on the original netdevice when generating ICMP dest unreachable ...
-
Huacai Chen authored
Commit 7a407aa5 ("MIPS: Push ARCH_MIGHT_HAVE_PC_SERIO down to platform level") moves the global MIPS ARCH_MIGHT_HAVE_PC_SERIO select down to various platforms, but doesn't add it to Loongson64 platforms which need it, so add the selects to these platforms too. Fixes: 7a407aa5 ("MIPS: Push ARCH_MIGHT_HAVE_PC_SERIO down to platform level") Signed-off-by: Huacai Chen <chenhc@lemote.com> Cc: Ralf Baechle <ralf@linux-mips.org> Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/18704/Signed-off-by: James Hogan <jhogan@kernel.org>
-
Huacai Chen authored
Commit a211a082 ("MIPS: Push ARCH_MIGHT_HAVE_PC_PARPORT down to platform level") moves the global MIPS ARCH_MIGHT_HAVE_PC_PARPORT select down to various platforms, but doesn't add it to Loongson64 platforms which need it, so add the selects to these platforms too. Fixes: a211a082 ("MIPS: Push ARCH_MIGHT_HAVE_PC_PARPORT down to platform level") Signed-off-by: Huacai Chen <chenhc@lemote.com> Cc: Ralf Baechle <ralf@linux-mips.org> Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/18703/Signed-off-by: James Hogan <jhogan@kernel.org>
-
David S. Miller authored
Stephen Hemminger says: ==================== hv_netvsc: minor fixes These are improvements to netvsc driver. They aren't functionality changes so not targeting net-next; and they are not show stopper bugs that need to go to stable either. v2 - drop the irq flags patch, defer it to net-next - split the multicast filter flag patch out - change propogate rx mode patch to handle startup of vf ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Stephen Hemminger authored
The netvsc device should propagate filters to the SR-IOV VF device (if present). The flags also need to be propagated to the VF device as well. This only really matters on local Hyper-V since Azure does not support multiple addresses. Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Stephen Hemminger authored
The netvsc driver was always enabling all multicast and broadcast even if netdevice flag had not enabled it. Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Stephen Hemminger authored
When VF is used for accelerated networking it will likely have more queues (and different policy) than the synthetic NIC. This patch defers the queue policy to the VF so that all the queues can be used. This impacts workloads like local generate UDP. Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Stephen Hemminger authored
Since the netvsc_channel_cb is already called in interrupt context from vmbus, there is no need to do irqsave/restore. Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Stephen Hemminger authored
There is a race between napi_reschedule and re-enabling interrupts which could lead to missed host interrrupts. This occurs when interrupts are re-enabled (hv_end_read) and vmbus irq callback (netvsc_channel_cb) has already scheduled NAPI. Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Stephen Hemminger authored
Block setup of multiple channels earlier in the teardown process. This avoids possible races between halt and subchannel initialization. Suggested-by: Haiyang Zhang <haiyangz@microsoft.com> Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Stephen Hemminger authored
Need to delete NAPI association if vmbus_open fails. Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Stephen Hemminger authored
Don't wake transmit queues if link is not up yet. Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Stephen Hemminger authored
Change the initialization order so that the device is ready to transmit (ie connect vsp is completed) before setting the internal reference to the device with RCU. This avoids any races on initialization and prevents retry issues on shutdown. Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jason Wang authored
XDP_REDIRECT support for mergeable buffer was removed since commit 7324f539 ("virtio_net: disable XDP_REDIRECT in receive_mergeable() case"). This is because we don't reserve enough tailroom for struct skb_shared_info which breaks XDP assumption. So this patch fixes this by reserving enough tailroom and using fixed size of rx buffer. Signed-off-by: Jason Wang <jasowang@redhat.com> Acked-by: Jesper Dangaard Brouer <brouer@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 04 Mar, 2018 1 commit
-
-
Guillaume Nault authored
PPP units don't hold any reference on the channels connected to it. It is the channel's responsibility to ensure that it disconnects from its unit before being destroyed. In practice, this is ensured by ppp_unregister_channel() disconnecting the channel from the unit before dropping a reference on the channel. However, it is possible for an unregistered channel to connect to a PPP unit: register a channel with ppp_register_net_channel(), attach a /dev/ppp file to it with ioctl(PPPIOCATTCHAN), unregister the channel with ppp_unregister_channel() and finally connect the /dev/ppp file to a PPP unit with ioctl(PPPIOCCONNECT). Once in this situation, the channel is only held by the /dev/ppp file, which can be released at anytime and free the channel without letting the parent PPP unit know. Then the ppp structure ends up with dangling pointers in its ->channels list. Prevent this scenario by forbidding unregistered channels from connecting to PPP units. This maintains the code logic by keeping ppp_unregister_channel() responsible from disconnecting the channel if necessary and avoids modification on the reference counting mechanism. This issue seems to predate git history (successfully reproduced on Linux 2.6.26 and earlier PPP commits are unrelated). Signed-off-by: Guillaume Nault <g.nault@alphalink.fr> Signed-off-by: David S. Miller <davem@davemloft.net>
-