From patchwork Mon Jan 10 07:22:55 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 531515 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5A42CC433F5 for ; Mon, 10 Jan 2022 07:28:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239719AbiAJH2j (ORCPT ); Mon, 10 Jan 2022 02:28:39 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48296 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239427AbiAJH0e (ORCPT ); Mon, 10 Jan 2022 02:26:34 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 865E0C02982D; Sun, 9 Jan 2022 23:25:50 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 2AC5DB81216; Mon, 10 Jan 2022 07:25:50 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5CDDBC36AED; Mon, 10 Jan 2022 07:25:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1641799548; bh=ZK44A1gY48TEv126Zen5tXB46e9kSXs7YxZx5++EcT8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=UshnnMonHUSFkFCkGiO2radO3/xNe9ADArolvgT3gcPk/oxuJ+IQylj4/nh4Gw4I3 J/uur1ABHat0NfBwMyoQevFZuM/eILp20bFle4tTiLyHnnSCbVwrf7D8yaXNDExQ2s i9IpsGlkBG8lND9BshSK/SttAvX5PjlIDeDInurg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, "Naveen N. Rao" , Steven Rostedt Subject: [PATCH 4.14 02/22] tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() Date: Mon, 10 Jan 2022 08:22:55 +0100 Message-Id: <20220110071814.345627921@linuxfoundation.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220110071814.261471354@linuxfoundation.org> References: <20220110071814.261471354@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Naveen N. Rao commit 823e670f7ed616d0ce993075c8afe0217885f79d upstream. With the new osnoise tracer, we are seeing the below splat: Kernel attempted to read user page (c7d880000) - exploit attempt? (uid: 0) BUG: Unable to handle kernel data access on read at 0xc7d880000 Faulting instruction address: 0xc0000000002ffa10 Oops: Kernel access of bad area, sig: 11 [#1] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries ... NIP [c0000000002ffa10] __trace_array_vprintk.part.0+0x70/0x2f0 LR [c0000000002ff9fc] __trace_array_vprintk.part.0+0x5c/0x2f0 Call Trace: [c0000008bdd73b80] [c0000000001c49cc] put_prev_task_fair+0x3c/0x60 (unreliable) [c0000008bdd73be0] [c000000000301430] trace_array_printk_buf+0x70/0x90 [c0000008bdd73c00] [c0000000003178b0] trace_sched_switch_callback+0x250/0x290 [c0000008bdd73c90] [c000000000e70d60] __schedule+0x410/0x710 [c0000008bdd73d40] [c000000000e710c0] schedule+0x60/0x130 [c0000008bdd73d70] [c000000000030614] interrupt_exit_user_prepare_main+0x264/0x270 [c0000008bdd73de0] [c000000000030a70] syscall_exit_prepare+0x150/0x180 [c0000008bdd73e10] [c00000000000c174] system_call_vectored_common+0xf4/0x278 osnoise tracer on ppc64le is triggering osnoise_taint() for negative duration in get_int_safe_duration() called from trace_sched_switch_callback()->thread_exit(). The problem though is that the check for a valid trace_percpu_buffer is incorrect in get_trace_buf(). The check is being done after calculating the pointer for the current cpu, rather than on the main percpu pointer. Fix the check to be against trace_percpu_buffer. Link: https://lkml.kernel.org/r/a920e4272e0b0635cf20c444707cbce1b2c8973d.1640255304.git.naveen.n.rao@linux.vnet.ibm.com Cc: stable@vger.kernel.org Fixes: e2ace001176dc9 ("tracing: Choose static tp_printk buffer by explicit nesting count") Signed-off-by: Naveen N. Rao Signed-off-by: Steven Rostedt Signed-off-by: Greg Kroah-Hartman --- kernel/trace/trace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -2820,7 +2820,7 @@ static char *get_trace_buf(void) { struct trace_buffer_struct *buffer = this_cpu_ptr(trace_percpu_buffer); - if (!buffer || buffer->nesting >= 4) + if (!trace_percpu_buffer || buffer->nesting >= 4) return NULL; buffer->nesting++; From patchwork Mon Jan 10 07:22:56 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 531497 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E2733C433EF for ; Mon, 10 Jan 2022 07:31:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240485AbiAJHbB (ORCPT ); Mon, 10 Jan 2022 02:31:01 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48272 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240094AbiAJH23 (ORCPT ); Mon, 10 Jan 2022 02:28:29 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8B519C028BDF; Sun, 9 Jan 2022 23:26:21 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 32693B81214; Mon, 10 Jan 2022 07:26:21 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5F0FDC36AED; Mon, 10 Jan 2022 07:26:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1641799579; bh=HGUOliIm3pe8giQ4Qy/VFmMBa4H9I3QQbmLzloWAdKU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=gMRp8ljbO5NsxEwF1oaLXgPpHLoFOrh+OSesxyAXtFg1oseCXwWejGEvs25olegGu ZBYMsl6XKNoiFcD0nWoVNRSqHOzS2gbzdGv3lV1EmAZVjZQiB6rBbdH2HNJEUIzRZv bgdex5NbsztezbuS4TwL+gnowOLFd9MQw3SlE9kE= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, kernel test robot , "Naveen N. Rao" , Steven Rostedt Subject: [PATCH 4.14 03/22] tracing: Tag trace_percpu_buffer as a percpu pointer Date: Mon, 10 Jan 2022 08:22:56 +0100 Message-Id: <20220110071814.379852234@linuxfoundation.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220110071814.261471354@linuxfoundation.org> References: <20220110071814.261471354@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Naveen N. Rao commit f28439db470cca8b6b082239314e9fd10bd39034 upstream. Tag trace_percpu_buffer as a percpu pointer to resolve warnings reported by sparse: /linux/kernel/trace/trace.c:3218:46: warning: incorrect type in initializer (different address spaces) /linux/kernel/trace/trace.c:3218:46: expected void const [noderef] __percpu *__vpp_verify /linux/kernel/trace/trace.c:3218:46: got struct trace_buffer_struct * /linux/kernel/trace/trace.c:3234:9: warning: incorrect type in initializer (different address spaces) /linux/kernel/trace/trace.c:3234:9: expected void const [noderef] __percpu *__vpp_verify /linux/kernel/trace/trace.c:3234:9: got int * Link: https://lkml.kernel.org/r/ebabd3f23101d89cb75671b68b6f819f5edc830b.1640255304.git.naveen.n.rao@linux.vnet.ibm.com Cc: stable@vger.kernel.org Reported-by: kernel test robot Fixes: 07d777fe8c398 ("tracing: Add percpu buffers for trace_printk()") Signed-off-by: Naveen N. Rao Signed-off-by: Steven Rostedt Signed-off-by: Greg Kroah-Hartman --- kernel/trace/trace.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -2810,7 +2810,7 @@ struct trace_buffer_struct { char buffer[4][TRACE_BUF_SIZE]; }; -static struct trace_buffer_struct *trace_percpu_buffer; +static struct trace_buffer_struct __percpu *trace_percpu_buffer; /* * Thise allows for lockless recording. If we're nested too deeply, then @@ -2839,7 +2839,7 @@ static void put_trace_buf(void) static int alloc_percpu_trace_buffer(void) { - struct trace_buffer_struct *buffers; + struct trace_buffer_struct __percpu *buffers; buffers = alloc_percpu(struct trace_buffer_struct); if (WARN(!buffers, "Could not allocate percpu trace_printk buffer")) From patchwork Mon Jan 10 07:22:57 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 531517 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 90976C433F5 for ; Mon, 10 Jan 2022 07:28:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239657AbiAJH2a (ORCPT ); Mon, 10 Jan 2022 02:28:30 -0500 Received: from dfw.source.kernel.org ([139.178.84.217]:36500 "EHLO dfw.source.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239406AbiAJH03 (ORCPT ); Mon, 10 Jan 2022 02:26:29 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id EA957611B7; Mon, 10 Jan 2022 07:26:28 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id CD51FC36AE9; Mon, 10 Jan 2022 07:26:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1641799588; bh=mHH+XNkD+3G/e3NHKbEc90kLnPAfFdQ5w4ollboxixw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=mZxKUszjT3YK1RaBMMZkGEPFJO+KnEK5qscowId2X2vo6+TcSkw/TVm6qgfENTKLG i2hHAV/LfzxDFs7BOUjLgt2BejeVI7yiml5hP8BVFEzDutxmARbL2MhHofWWOv75KL AxjY9Yd9ejaThhB74FfSpOiHkyMnKsJR8rg3o71w= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Parav Pandit , "Michael S. Tsirkin" , Yang Wei Subject: [PATCH 4.14 04/22] virtio_pci: Support surprise removal of virtio pci device Date: Mon, 10 Jan 2022 08:22:57 +0100 Message-Id: <20220110071814.411993808@linuxfoundation.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220110071814.261471354@linuxfoundation.org> References: <20220110071814.261471354@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Parav Pandit commit 43bb40c5b92659966bdf4bfe584fde0a3575a049 upstream. When a virtio pci device undergo surprise removal (aka async removal in PCIe spec), mark the device as broken so that any upper layer drivers can abort any outstanding operation. When a virtio net pci device undergo surprise removal which is used by a NetworkManager, a below call trace was observed. kernel:watchdog: BUG: soft lockup - CPU#1 stuck for 26s! [kworker/1:1:27059] watchdog: BUG: soft lockup - CPU#1 stuck for 52s! [kworker/1:1:27059] CPU: 1 PID: 27059 Comm: kworker/1:1 Tainted: G S W I L 5.13.0-hotplug+ #8 Hardware name: Dell Inc. PowerEdge R640/0H28RR, BIOS 2.9.4 11/06/2020 Workqueue: events linkwatch_event RIP: 0010:virtnet_send_command+0xfc/0x150 [virtio_net] Call Trace: virtnet_set_rx_mode+0xcf/0x2a7 [virtio_net] ? __hw_addr_create_ex+0x85/0xc0 __dev_mc_add+0x72/0x80 igmp6_group_added+0xa7/0xd0 ipv6_mc_up+0x3c/0x60 ipv6_find_idev+0x36/0x80 addrconf_add_dev+0x1e/0xa0 addrconf_dev_config+0x71/0x130 addrconf_notify+0x1f5/0xb40 ? rtnl_is_locked+0x11/0x20 ? __switch_to_asm+0x42/0x70 ? finish_task_switch+0xaf/0x2c0 ? raw_notifier_call_chain+0x3e/0x50 raw_notifier_call_chain+0x3e/0x50 netdev_state_change+0x67/0x90 linkwatch_do_dev+0x3c/0x50 __linkwatch_run_queue+0xd2/0x220 linkwatch_event+0x21/0x30 process_one_work+0x1c8/0x370 worker_thread+0x30/0x380 ? process_one_work+0x370/0x370 kthread+0x118/0x140 ? set_kthread_struct+0x40/0x40 ret_from_fork+0x1f/0x30 Hence, add the ability to abort the command on surprise removal which prevents infinite loop and system lockup. Signed-off-by: Parav Pandit Link: https://lore.kernel.org/r/20210721142648.1525924-5-parav@nvidia.com Signed-off-by: Michael S. Tsirkin Signed-off-by: Yang Wei Signed-off-by: Greg Kroah-Hartman --- drivers/virtio/virtio_pci_common.c | 7 +++++++ 1 file changed, 7 insertions(+) --- a/drivers/virtio/virtio_pci_common.c +++ b/drivers/virtio/virtio_pci_common.c @@ -575,6 +575,13 @@ static void virtio_pci_remove(struct pci struct virtio_pci_device *vp_dev = pci_get_drvdata(pci_dev); struct device *dev = get_device(&vp_dev->vdev.dev); + /* + * Device is marked broken on surprise removal so that virtio upper + * layers can abort any ongoing operation. + */ + if (!pci_device_is_present(pci_dev)) + virtio_break_device(&vp_dev->vdev); + unregister_virtio_device(&vp_dev->vdev); if (vp_dev->ioaddr) From patchwork Mon Jan 10 07:23:00 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 531514 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 40212C433F5 for ; Mon, 10 Jan 2022 07:28:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239329AbiAJH2l (ORCPT ); Mon, 10 Jan 2022 02:28:41 -0500 Received: from ams.source.kernel.org ([145.40.68.75]:57198 "EHLO ams.source.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239737AbiAJH0j (ORCPT ); Mon, 10 Jan 2022 02:26:39 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 39F46B81204; Mon, 10 Jan 2022 07:26:38 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5E82CC36AED; Mon, 10 Jan 2022 07:26:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1641799596; bh=bj/NDmeVO0AXpsSp1ao1GxNohak9ggaCwQhdSZUvDvQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ye05X2LxLPiyGc0+Sh0vvADVXMm4EGC69NXnBE/E4DvgVkJRzvMewCPu05K2/bTlC ZaLVHkgO9oF1YFqTu2mY2+Ynw0V/rjL0g5K/8AlIAtjaN9CsKgyu7zUu/ukit9ErFu yKb1levBqxvfQRfwW3QJVd2aUAHBR+H5iJ5WWFoI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Tom Rix , Nick Desaulniers , Johannes Berg Subject: [PATCH 4.14 07/22] mac80211: initialize variable have_higher_than_11mbit Date: Mon, 10 Jan 2022 08:23:00 +0100 Message-Id: <20220110071814.509909543@linuxfoundation.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220110071814.261471354@linuxfoundation.org> References: <20220110071814.261471354@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Tom Rix commit 68a18ad71378a56858141c4449e02a30c829763e upstream. Clang static analysis reports this warnings mlme.c:5332:7: warning: Branch condition evaluates to a garbage value have_higher_than_11mbit) ^~~~~~~~~~~~~~~~~~~~~~~ have_higher_than_11mbit is only set to true some of the time in ieee80211_get_rates() but is checked all of the time. So have_higher_than_11mbit needs to be initialized to false. Fixes: 5d6a1b069b7f ("mac80211: set basic rates earlier") Signed-off-by: Tom Rix Reviewed-by: Nick Desaulniers Link: https://lore.kernel.org/r/20211223162848.3243702-1-trix@redhat.com Signed-off-by: Johannes Berg Signed-off-by: Greg Kroah-Hartman --- net/mac80211/mlme.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c @@ -4501,7 +4501,7 @@ static int ieee80211_prep_connection(str */ if (new_sta) { u32 rates = 0, basic_rates = 0; - bool have_higher_than_11mbit; + bool have_higher_than_11mbit = false; int min_rate = INT_MAX, min_rate_index = -1; const struct cfg80211_bss_ies *ies; int shift = ieee80211_vif_get_shift(&sdata->vif); From patchwork Mon Jan 10 07:23:05 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 531513 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1D24FC433FE for ; Mon, 10 Jan 2022 07:28:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239738AbiAJH2v (ORCPT ); Mon, 10 Jan 2022 02:28:51 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48614 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239798AbiAJH0w (ORCPT ); Mon, 10 Jan 2022 02:26:52 -0500 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 79B62C02983D; Sun, 9 Jan 2022 23:25:55 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 19F3E611CB; Mon, 10 Jan 2022 07:25:55 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 02FF7C36AED; Mon, 10 Jan 2022 07:25:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1641799554; bh=oRuKsWuXd7rWSTaW3hc33NOCyZXi5lLLPnILt8k0u/I=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=wvuSO7etq4NCkDpMgRtWQ4wxuEJvXXGArzzIO/l0c30ER7xVzqwh8vlzH2oFzqVp5 Wwz4icJbdlnp1C7SELjqCOOrszFjntTINBpV3YmxrNR82WvdeZrx6/e5c9sPiwaNhJ 0ewpK81RcvNyGA/fsSeUmKjgss4QR9LSdCsfai78= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Eric Dumazet , syzbot , "David S. Miller" Subject: [PATCH 4.14 12/22] sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc Date: Mon, 10 Jan 2022 08:23:05 +0100 Message-Id: <20220110071814.676562253@linuxfoundation.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220110071814.261471354@linuxfoundation.org> References: <20220110071814.261471354@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Eric Dumazet commit 7d18a07897d07495ee140dd319b0e9265c0f68ba upstream. tx_queue_len can be set to ~0U, we need to be more careful about overflows. __fls(0) is undefined, as this report shows: UBSAN: shift-out-of-bounds in net/sched/sch_qfq.c:1430:24 shift exponent 51770272 is too large for 32-bit type 'int' CPU: 0 PID: 25574 Comm: syz-executor.0 Not tainted 5.16.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x201/0x2d8 lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:151 [inline] __ubsan_handle_shift_out_of_bounds+0x494/0x530 lib/ubsan.c:330 qfq_init_qdisc+0x43f/0x450 net/sched/sch_qfq.c:1430 qdisc_create+0x895/0x1430 net/sched/sch_api.c:1253 tc_modify_qdisc+0x9d9/0x1e20 net/sched/sch_api.c:1660 rtnetlink_rcv_msg+0x934/0xe60 net/core/rtnetlink.c:5571 netlink_rcv_skb+0x200/0x470 net/netlink/af_netlink.c:2496 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0x814/0x9f0 net/netlink/af_netlink.c:1345 netlink_sendmsg+0xaea/0xe60 net/netlink/af_netlink.c:1921 sock_sendmsg_nosec net/socket.c:704 [inline] sock_sendmsg net/socket.c:724 [inline] ____sys_sendmsg+0x5b9/0x910 net/socket.c:2409 ___sys_sendmsg net/socket.c:2463 [inline] __sys_sendmsg+0x280/0x370 net/socket.c:2492 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae Fixes: 462dbc9101ac ("pkt_sched: QFQ Plus: fair-queueing service at DRR cost") Signed-off-by: Eric Dumazet Reported-by: syzbot Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/sched/sch_qfq.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) --- a/net/sched/sch_qfq.c +++ b/net/sched/sch_qfq.c @@ -1425,10 +1425,8 @@ static int qfq_init_qdisc(struct Qdisc * if (err < 0) return err; - if (qdisc_dev(sch)->tx_queue_len + 1 > QFQ_MAX_AGG_CLASSES) - max_classes = QFQ_MAX_AGG_CLASSES; - else - max_classes = qdisc_dev(sch)->tx_queue_len + 1; + max_classes = min_t(u64, (u64)qdisc_dev(sch)->tx_queue_len + 1, + QFQ_MAX_AGG_CLASSES); /* max_cl_shift = floor(log_2(max_classes)) */ max_cl_shift = __fls(max_classes); q->max_agg_classes = 1< X-Patchwork-Id: 531519 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 60307C433F5 for ; Mon, 10 Jan 2022 07:27:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239484AbiAJH10 (ORCPT ); Mon, 10 Jan 2022 02:27:26 -0500 Received: from ams.source.kernel.org ([145.40.68.75]:56732 "EHLO ams.source.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239511AbiAJH0C (ORCPT ); Mon, 10 Jan 2022 02:26:02 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 999DEB8120F; Mon, 10 Jan 2022 07:25:58 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E06D3C36AE9; Mon, 10 Jan 2022 07:25:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1641799557; bh=wQ1WCzMal2S1hciuudYxmTYIjbmHf5KuRMCyHTnif3A=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=NcNGnm7uADAlj0gjpymSU7Fc2ycLgoZEAS9COPTwC+/P7KTMqjRDCG4s8OlpKmP+U 8EgvWcM2ItOo+FThCPLwT8eZw2NYIjRfdaMwuD+89ZbXeEcnZ/Kui6V0Cf9BwYEirW P6ZjiAmcynkG+l2bHMls6+ln9PuGSvP0BkXufqD0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Kirill Tkhai , "Darrick J. Wong" , "Darrick J. Wong" , Dave Chinner , Eric Sandeen Subject: [PATCH 4.14 13/22] xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate Date: Mon, 10 Jan 2022 08:23:06 +0100 Message-Id: <20220110071814.707995874@linuxfoundation.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220110071814.261471354@linuxfoundation.org> References: <20220110071814.261471354@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Darrick J. Wong commit 983d8e60f50806f90534cc5373d0ce867e5aaf79 upstream. The old ALLOCSP/FREESP ioctls in XFS can be used to preallocate space at the end of files, just like fallocate and RESVSP. Make the behavior consistent with the other ioctls. Reported-by: Kirill Tkhai Signed-off-by: Darrick J. Wong Signed-off-by: Darrick J. Wong Reviewed-by: Dave Chinner Reviewed-by: Eric Sandeen Signed-off-by: Greg Kroah-Hartman --- fs/xfs/xfs_ioctl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/fs/xfs/xfs_ioctl.c +++ b/fs/xfs/xfs_ioctl.c @@ -715,7 +715,8 @@ xfs_ioc_space( flags |= XFS_PREALLOC_CLEAR; if (bf->l_start > XFS_ISIZE(ip)) { error = xfs_alloc_file_space(ip, XFS_ISIZE(ip), - bf->l_start - XFS_ISIZE(ip), 0); + bf->l_start - XFS_ISIZE(ip), + XFS_BMAPI_PREALLOC); if (error) goto out_unlock; } From patchwork Mon Jan 10 07:23:07 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 531506 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2282FC43219 for ; Mon, 10 Jan 2022 07:30:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239880AbiAJHaK (ORCPT ); Mon, 10 Jan 2022 02:30:10 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48906 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240038AbiAJH2O (ORCPT ); Mon, 10 Jan 2022 02:28:14 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B8699C028C15; Sun, 9 Jan 2022 23:26:02 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 7F003B811F5; Mon, 10 Jan 2022 07:26:01 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id B2481C36AED; Mon, 10 Jan 2022 07:25:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1641799560; bh=CBugiHPHZg6lZpps82R7WUuao6slXg+9R6CaYlQp5g8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WYz0XAQ9mSpDC/IiaRQv4H3HMSHBpOXtkq5vb00029VRN8IJdmtrVUloI1o8fEsd6 G79aFlh46UtQofgisRhRTyRxcrkpbbH9PldNgkaVBWegMUUv8mlphR4LXljyOB259b VxNpGpF2jzs3q+YaKyDzQcFjeuPUomG/menhh2IQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Nathan Chancellor , Nick Desaulniers , Sebastian Reichel Subject: [PATCH 4.14 14/22] power: reset: ltc2952: Fix use of floating point literals Date: Mon, 10 Jan 2022 08:23:07 +0100 Message-Id: <20220110071814.738855790@linuxfoundation.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220110071814.261471354@linuxfoundation.org> References: <20220110071814.261471354@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Nathan Chancellor commit 644106cdb89844be2496b21175b7c0c2e0fab381 upstream. A new commit in LLVM causes an error on the use of 'long double' when '-mno-x87' is used, which the kernel does through an alias, '-mno-80387' (see the LLVM commit below for more details around why it does this). drivers/power/reset/ltc2952-poweroff.c:162:28: error: expression requires 'long double' type support, but target 'x86_64-unknown-linux-gnu' does not support it data->wde_interval = 300L * 1E6L; ^ drivers/power/reset/ltc2952-poweroff.c:162:21: error: expression requires 'long double' type support, but target 'x86_64-unknown-linux-gnu' does not support it data->wde_interval = 300L * 1E6L; ^ drivers/power/reset/ltc2952-poweroff.c:163:41: error: expression requires 'long double' type support, but target 'x86_64-unknown-linux-gnu' does not support it data->trigger_delay = ktime_set(2, 500L*1E6L); ^ 3 errors generated. This happens due to the use of a 'long double' literal. The 'E6' part of '1E6L' causes the literal to be a 'double' then the 'L' suffix promotes it to 'long double'. There is no visible reason for floating point values in this driver, as the values are only assigned to integer types. Use NSEC_PER_MSEC, which is the same integer value as '1E6L', to avoid changing functionality but fix the error. Fixes: 6647156c00cc ("power: reset: add LTC2952 poweroff driver") Link: https://github.com/ClangBuiltLinux/linux/issues/1497 Link: https://github.com/llvm/llvm-project/commit/a8083d42b1c346e21623a1d36d1f0cadd7801d83 Signed-off-by: Nathan Chancellor Reviewed-by: Nick Desaulniers Signed-off-by: Sebastian Reichel Signed-off-by: Greg Kroah-Hartman --- drivers/power/reset/ltc2952-poweroff.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/drivers/power/reset/ltc2952-poweroff.c +++ b/drivers/power/reset/ltc2952-poweroff.c @@ -169,8 +169,8 @@ static void ltc2952_poweroff_kill(void) static void ltc2952_poweroff_default(struct ltc2952_poweroff *data) { - data->wde_interval = 300L * 1E6L; - data->trigger_delay = ktime_set(2, 500L*1E6L); + data->wde_interval = 300L * NSEC_PER_MSEC; + data->trigger_delay = ktime_set(2, 500L * NSEC_PER_MSEC); hrtimer_init(&data->timer_trigger, CLOCK_MONOTONIC, HRTIMER_MODE_REL); data->timer_trigger.function = ltc2952_poweroff_timer_trigger; From patchwork Mon Jan 10 07:23:10 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 531518 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 48D7DC433FE for ; Mon, 10 Jan 2022 07:28:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240022AbiAJH2L (ORCPT ); Mon, 10 Jan 2022 02:28:11 -0500 Received: from ams.source.kernel.org ([145.40.68.75]:56806 "EHLO ams.source.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235090AbiAJH0L (ORCPT ); Mon, 10 Jan 2022 02:26:11 -0500 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id EF903B81215; Mon, 10 Jan 2022 07:26:09 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 29E65C36AE9; Mon, 10 Jan 2022 07:26:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1641799568; bh=BotyTAlYBjydCinMhmpoBUzlSmL9tfPoNk3DnutdsdQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=eikY/NFxXCsQcLrN9JIvO8b9Wc8MqNq2e91hC4zTWFmhVa7Duo4RVxgRi11IFqBZI 9r4F2lKoqcnPYTqf7orRtsLs28zKFFNnKWE7Bmf1cmHAOByQydX6Fhykz2RkQZ+OPr EsiibfBPlyP+TvyinZb+dwuYBWOa+eqt0X+QwAYQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, David Ahern , Nicolas Dichtel , Jakub Kicinski , Sasha Levin Subject: [PATCH 4.14 17/22] ipv6: Continue processing multipath route even if gateway attribute is invalid Date: Mon, 10 Jan 2022 08:23:10 +0100 Message-Id: <20220110071814.835570848@linuxfoundation.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220110071814.261471354@linuxfoundation.org> References: <20220110071814.261471354@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: David Ahern [ Upstream commit e30a845b0376eb51c9c94f56bbd53b2e08ba822f ] ip6_route_multipath_del loop continues processing the multipath attribute even if delete of a nexthop path fails. For consistency, do the same if the gateway attribute is invalid. Fixes: 1ff15a710a86 ("ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route") Signed-off-by: David Ahern Acked-by: Nicolas Dichtel Link: https://lore.kernel.org/r/20220103171911.94739-1-dsahern@kernel.org Signed-off-by: Jakub Kicinski Signed-off-by: Sasha Levin --- net/ipv6/route.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/net/ipv6/route.c b/net/ipv6/route.c index 9ae48a20c3207..008ebda35ed22 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -3367,8 +3367,10 @@ static int ip6_route_multipath_del(struct fib6_config *cfg, if (nla) { err = fib6_gw_from_attr(&r_cfg.fc_gateway, nla, extack); - if (err) - return err; + if (err) { + last_err = err; + goto next_rtnh; + } r_cfg.fc_flags |= RTF_GATEWAY; } @@ -3377,6 +3379,7 @@ static int ip6_route_multipath_del(struct fib6_config *cfg, if (err) last_err = err; +next_rtnh: rtnh = rtnh_next(rtnh, &remaining); }