From patchwork Mon Aug 3 12:19:18 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 266843 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CC260C433DF for ; Mon, 3 Aug 2020 12:42:15 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9BEEC20678 for ; Mon, 3 Aug 2020 12:42:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596458535; bh=ntHVsyRurvGjVshNXwBX4PbkBBTnvkshNG9V5gbHCPw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=Ztz3zB674LpLbtgd+QMEeiMYKSCYNkBLfLsfEJACWgSVMCKLBkHHlUwjsShdmQ9qB wCnxDpt0BAlm9eFjMn4JUB+gGg3v09QeVCb18StjxwsTGcTaZwo/XLuLK3sMajqQgM 5jJ0Wap4NQ/NfNH1/gE6YrlpAQsg/243JCd3gzUI= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729203AbgHCMmP (ORCPT ); Mon, 3 Aug 2020 08:42:15 -0400 Received: from mail.kernel.org ([198.145.29.99]:59352 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728716AbgHCMbl (ORCPT ); Mon, 3 Aug 2020 08:31:41 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 945B2207FC; Mon, 3 Aug 2020 12:31:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596457900; bh=ntHVsyRurvGjVshNXwBX4PbkBBTnvkshNG9V5gbHCPw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=l93+9UycmAS4Tj7vpqaPermwA0wdIYmgyCpZ/HiwzzR2keWt084ftnWQQVvlIIVum 6bKNiKkR/TJEFr6neRSVhvcd2ONeUJxLVY0lfAHy9exMtbQQFwKegZUfdcoo2VJr2K wf99In2NoxVbAr9JLOa1iVB0Ld+ai6jfFMLn5ArY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Navid Emamdoost , Alexandru Ardelean , Jonathan Cameron , Sasha Levin Subject: [PATCH 4.19 03/56] iio: imu: adis16400: fix memory leak Date: Mon, 3 Aug 2020 14:19:18 +0200 Message-Id: <20200803121850.469452687@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200803121850.306734207@linuxfoundation.org> References: <20200803121850.306734207@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org [ Upstream commit 9c0530e898f384c5d279bfcebd8bb17af1105873 ] In adis_update_scan_mode_burst, if adis->buffer allocation fails release the adis->xfer. Signed-off-by: Navid Emamdoost Reviewed-by: Alexandru Ardelean Signed-off-by: Jonathan Cameron Signed-off-by: Sasha Levin --- drivers/iio/imu/adis16400_buffer.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/iio/imu/adis16400_buffer.c b/drivers/iio/imu/adis16400_buffer.c index e70a5339acb19..3fc11aec98b95 100644 --- a/drivers/iio/imu/adis16400_buffer.c +++ b/drivers/iio/imu/adis16400_buffer.c @@ -38,8 +38,11 @@ int adis16400_update_scan_mode(struct iio_dev *indio_dev, return -ENOMEM; adis->buffer = kzalloc(burst_length + sizeof(u16), GFP_KERNEL); - if (!adis->buffer) + if (!adis->buffer) { + kfree(adis->xfer); + adis->xfer = NULL; return -ENOMEM; + } tx = adis->buffer + burst_length; tx[0] = ADIS_READ_REG(ADIS16400_GLOB_CMD); From patchwork Mon Aug 3 12:19:20 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 266887 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1B370C433E3 for ; Mon, 3 Aug 2020 12:31:48 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E665620775 for ; Mon, 3 Aug 2020 12:31:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596457908; bh=Hy8mBhV7h9SLwvg7GqfwObL1tL77wSLQh01A/CTIrhY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=hschZMig3+VYILTlNIkBmCbNLvcSScmOm1Xn5bSyLw8xY3m7jHYTmXKYWMleNeHkh 0l4nPSSanLmjxOdgx0JwNacc1mFcdj5zhvCuUDUwyQsfcs4ThW3l3o7AMpx/O/sSzW V7a1CJqXPdmZm3oXSb4kmGOEFUqe+PQnnqbwZ9Jg= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729216AbgHCMbr (ORCPT ); Mon, 3 Aug 2020 08:31:47 -0400 Received: from mail.kernel.org ([198.145.29.99]:59498 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729224AbgHCMbq (ORCPT ); Mon, 3 Aug 2020 08:31:46 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id E80EF208E4; Mon, 3 Aug 2020 12:31:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596457905; bh=Hy8mBhV7h9SLwvg7GqfwObL1tL77wSLQh01A/CTIrhY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Qq+s4C6vfk0jeZhnLAkglojCP564gH8MRuQyRgEY4eEANy6j5z+K2GdYG+yCiN/JW bJQx9TGnwpFc1uvnQwDPDpvfftHHUWtdK5+wyOVL10M76AzndC1oM2lBw2CT/skMGI /oYKwo1toVMtksa5Jc294nfTTgoutqTiRfA3xjxA= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Navid Emamdoost , "Steven Rostedt (VMware)" , Sasha Levin Subject: [PATCH 4.19 05/56] tracing: Have error path in predicate_parse() free its allocated memory Date: Mon, 3 Aug 2020 14:19:20 +0200 Message-Id: <20200803121850.577138860@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200803121850.306734207@linuxfoundation.org> References: <20200803121850.306734207@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Navid Emamdoost [ Upstream commit 96c5c6e6a5b6db592acae039fed54b5c8844cd35 ] In predicate_parse, there is an error path that is not going to out_free instead it returns directly which leads to a memory leak. Link: http://lkml.kernel.org/r/20190920225800.3870-1-navid.emamdoost@gmail.com Signed-off-by: Navid Emamdoost Signed-off-by: Steven Rostedt (VMware) Signed-off-by: Sasha Levin --- kernel/trace/trace_events_filter.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c index b949c3917c679..9be3d1d1fcb47 100644 --- a/kernel/trace/trace_events_filter.c +++ b/kernel/trace/trace_events_filter.c @@ -451,8 +451,10 @@ predicate_parse(const char *str, int nr_parens, int nr_preds, switch (*next) { case '(': /* #2 */ - if (top - op_stack > nr_parens) - return ERR_PTR(-EINVAL); + if (top - op_stack > nr_parens) { + ret = -EINVAL; + goto out_free; + } *(++top) = invert; continue; case '!': /* #3 */ From patchwork Mon Aug 3 12:19:23 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 266886 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 290E1C433E1 for ; Mon, 3 Aug 2020 12:31:56 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 094D4204EC for ; Mon, 3 Aug 2020 12:31:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596457916; bh=vU4+VOH5vhPw1PXmzy6dPFNnUjCipOoP9pslkWrjUCI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=h54kKw1p0LB0HSO0wQKIstoQHzm4u7xa/yAkcNqvzF/UNj84xp25FlIZGrgs8Midq zzmLFeuyeo2+8I/IwME2yYjJuRZG/5cF77MyabvfUgxa1PnYoJUBOjnegOu+Xh23HH fi9tf39eBYdCW84yR+UoFPcLvHiIYeTJRjZ/lOnY= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729244AbgHCMbz (ORCPT ); Mon, 3 Aug 2020 08:31:55 -0400 Received: from mail.kernel.org ([198.145.29.99]:59686 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729229AbgHCMby (ORCPT ); Mon, 3 Aug 2020 08:31:54 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 5B81F2076B; Mon, 3 Aug 2020 12:31:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596457913; bh=vU4+VOH5vhPw1PXmzy6dPFNnUjCipOoP9pslkWrjUCI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=UGZKiilTbwBUf4r7jeUIB0jmFo8Cwb2VefdjXPVocxc4no9LIjbMv7Jsb7L8JIHsx DlgHXmuQnH26fY3Bxm3dhP19YKfpSHDiHYPEYnwwqnCL71PDPPKlKeJumK9D0S/wWF Vr0A1oIAuK0FpKyTDzRn6K5bYOTAHWlyf/tGN2lg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Harry Wentland , Navid Emamdoost , Alex Deucher , Sasha Levin Subject: [PATCH 4.19 08/56] drm/amd/display: prevent memory leak Date: Mon, 3 Aug 2020 14:19:23 +0200 Message-Id: <20200803121850.717314936@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200803121850.306734207@linuxfoundation.org> References: <20200803121850.306734207@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Navid Emamdoost [ Upstream commit 104c307147ad379617472dd91a5bcb368d72bd6d ] In dcn*_create_resource_pool the allocated memory should be released if construct pool fails. Reviewed-by: Harry Wentland Signed-off-by: Navid Emamdoost Signed-off-by: Alex Deucher Signed-off-by: Sasha Levin --- drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c | 1 + drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c | 1 + drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c | 1 + drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c | 1 + drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c | 1 + 5 files changed, 5 insertions(+) diff --git a/drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c b/drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c index 3f76e6019546f..5a2f29bd35082 100644 --- a/drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c +++ b/drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c @@ -1001,6 +1001,7 @@ struct resource_pool *dce100_create_resource_pool( if (construct(num_virtual_links, dc, pool)) return &pool->base; + kfree(pool); BREAK_TO_DEBUGGER(); return NULL; } diff --git a/drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c b/drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c index e5e9e92521e91..17d936c260d97 100644 --- a/drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c +++ b/drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c @@ -1344,6 +1344,7 @@ struct resource_pool *dce110_create_resource_pool( if (construct(num_virtual_links, dc, pool, asic_id)) return &pool->base; + kfree(pool); BREAK_TO_DEBUGGER(); return NULL; } diff --git a/drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c b/drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c index 288129343c778..71adab8bf31b1 100644 --- a/drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c +++ b/drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c @@ -1287,6 +1287,7 @@ struct resource_pool *dce112_create_resource_pool( if (construct(num_virtual_links, dc, pool)) return &pool->base; + kfree(pool); BREAK_TO_DEBUGGER(); return NULL; } diff --git a/drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c b/drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c index d43f37d99c7d9..f0f2ce6da8278 100644 --- a/drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c +++ b/drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c @@ -1076,6 +1076,7 @@ struct resource_pool *dce120_create_resource_pool( if (construct(num_virtual_links, dc, pool)) return &pool->base; + kfree(pool); BREAK_TO_DEBUGGER(); return NULL; } diff --git a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c index 6b44ed3697a4f..e6d5568811400 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c +++ b/drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c @@ -1361,6 +1361,7 @@ struct resource_pool *dcn10_create_resource_pool( if (construct(num_virtual_links, dc, pool)) return &pool->base; + kfree(pool); BREAK_TO_DEBUGGER(); return NULL; } From patchwork Mon Aug 3 12:19:24 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 266844 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CD3BAC433E0 for ; Mon, 3 Aug 2020 12:42:06 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A36E920678 for ; Mon, 3 Aug 2020 12:42:06 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596458526; bh=GhoJwhUqFNW1/a5nctkhs7PjmOrcsypD+HOW4I0FNbM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=fx/MrChY4FZHiC0vvTdlovUfWf2KP5GH4yWo5eq9aSiZ1r3E10eU9OpbJGAwycnSM 1TUYGcinAZnxH5MJQG+KmdlAgaVBbaVezwBw7gCdNDQEwIVuMjon4RfaU5JyBpXrpq bJEgOl/+Q7G7ocZZzq6p6tWrXXNGeQbCg0sfpGdw= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728785AbgHCMb7 (ORCPT ); Mon, 3 Aug 2020 08:31:59 -0400 Received: from mail.kernel.org ([198.145.29.99]:59760 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729251AbgHCMb6 (ORCPT ); Mon, 3 Aug 2020 08:31:58 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 74722204EC; Mon, 3 Aug 2020 12:31:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596457917; bh=GhoJwhUqFNW1/a5nctkhs7PjmOrcsypD+HOW4I0FNbM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=t3DSekTkN4pm7jSzwG3czl2siEjR4ZkVtAY5QqXTNtwp7iYGCFWASfj9Ai9ZvYHS4 1ylhu471FjDfpPlDl/lmI9tzKDwguvFbHDkS0KMeqIk0blqtI4VMsgSPHi0ZJTKq3J 00rADrYEqYjXwbLmmKCxdHsHKWdInqMr6mnaMutY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Yoon Jungyeon , Nikolay Borisov , Qu Wenruo , David Sterba , Sasha Levin Subject: [PATCH 4.19 09/56] btrfs: inode: Verify inode mode to avoid NULL pointer dereference Date: Mon, 3 Aug 2020 14:19:24 +0200 Message-Id: <20200803121850.766021165@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200803121850.306734207@linuxfoundation.org> References: <20200803121850.306734207@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Qu Wenruo [ Upstream commit 6bf9e4bd6a277840d3fe8c5d5d530a1fbd3db592 ] [BUG] When accessing a file on a crafted image, btrfs can crash in block layer: BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 PGD 136501067 P4D 136501067 PUD 124519067 PMD 0 CPU: 3 PID: 0 Comm: swapper/3 Not tainted 5.0.0-rc8-default #252 RIP: 0010:end_bio_extent_readpage+0x144/0x700 Call Trace: blk_update_request+0x8f/0x350 blk_mq_end_request+0x1a/0x120 blk_done_softirq+0x99/0xc0 __do_softirq+0xc7/0x467 irq_exit+0xd1/0xe0 call_function_single_interrupt+0xf/0x20 RIP: 0010:default_idle+0x1e/0x170 [CAUSE] The crafted image has a tricky corruption, the INODE_ITEM has a different type against its parent dir: item 20 key (268 INODE_ITEM 0) itemoff 2808 itemsize 160 generation 13 transid 13 size 1048576 nbytes 1048576 block group 0 mode 121644 links 1 uid 0 gid 0 rdev 0 sequence 9 flags 0x0(none) This mode number 0120000 means it's a symlink. But the dir item think it's still a regular file: item 8 key (264 DIR_INDEX 5) itemoff 3707 itemsize 32 location key (268 INODE_ITEM 0) type FILE transid 13 data_len 0 name_len 2 name: f4 item 40 key (264 DIR_ITEM 51821248) itemoff 1573 itemsize 32 location key (268 INODE_ITEM 0) type FILE transid 13 data_len 0 name_len 2 name: f4 For symlink, we don't set BTRFS_I(inode)->io_tree.ops and leave it empty, as symlink is only designed to have inlined extent, all handled by tree block read. Thus no need to trigger btrfs_submit_bio_hook() for inline file extent. However end_bio_extent_readpage() expects tree->ops populated, as it's reading regular data extent. This causes NULL pointer dereference. [FIX] This patch fixes the problem in two ways: - Verify inode mode against its dir item when looking up inode So in btrfs_lookup_dentry() if we find inode mode mismatch with dir item, we error out so that corrupted inode will not be accessed. - Verify inode mode when getting extent mapping Only regular file should have regular or preallocated extent. If we found regular/preallocated file extent for symlink or the rest, we error out before submitting the read bio. With this fix that crafted image can be rejected gracefully: BTRFS critical (device loop0): inode mode mismatch with dir: inode mode=0121644 btrfs type=7 dir type=1 Reported-by: Yoon Jungyeon Link: https://bugzilla.kernel.org/show_bug.cgi?id=202763 Reviewed-by: Nikolay Borisov Signed-off-by: Qu Wenruo Signed-off-by: David Sterba Signed-off-by: Sasha Levin --- fs/btrfs/inode.c | 41 +++++++++++++++++++++++++++++------- fs/btrfs/tests/inode-tests.c | 1 + 2 files changed, 34 insertions(+), 8 deletions(-) diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 8dd2702ce859e..7befb7c12bd32 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -5553,12 +5553,14 @@ no_delete: } /* - * this returns the key found in the dir entry in the location pointer. + * Return the key found in the dir entry in the location pointer, fill @type + * with BTRFS_FT_*, and return 0. + * * If no dir entries were found, returns -ENOENT. * If found a corrupted location in dir entry, returns -EUCLEAN. */ static int btrfs_inode_by_name(struct inode *dir, struct dentry *dentry, - struct btrfs_key *location) + struct btrfs_key *location, u8 *type) { const char *name = dentry->d_name.name; int namelen = dentry->d_name.len; @@ -5591,6 +5593,8 @@ static int btrfs_inode_by_name(struct inode *dir, struct dentry *dentry, __func__, name, btrfs_ino(BTRFS_I(dir)), location->objectid, location->type, location->offset); } + if (!ret) + *type = btrfs_dir_type(path->nodes[0], di); out: btrfs_free_path(path); return ret; @@ -5826,6 +5830,11 @@ static struct inode *new_simple_dir(struct super_block *s, return inode; } +static inline u8 btrfs_inode_type(struct inode *inode) +{ + return btrfs_type_by_mode[(inode->i_mode & S_IFMT) >> S_SHIFT]; +} + struct inode *btrfs_lookup_dentry(struct inode *dir, struct dentry *dentry) { struct btrfs_fs_info *fs_info = btrfs_sb(dir->i_sb); @@ -5833,18 +5842,31 @@ struct inode *btrfs_lookup_dentry(struct inode *dir, struct dentry *dentry) struct btrfs_root *root = BTRFS_I(dir)->root; struct btrfs_root *sub_root = root; struct btrfs_key location; + u8 di_type = 0; int index; int ret = 0; if (dentry->d_name.len > BTRFS_NAME_LEN) return ERR_PTR(-ENAMETOOLONG); - ret = btrfs_inode_by_name(dir, dentry, &location); + ret = btrfs_inode_by_name(dir, dentry, &location, &di_type); if (ret < 0) return ERR_PTR(ret); if (location.type == BTRFS_INODE_ITEM_KEY) { inode = btrfs_iget(dir->i_sb, &location, root, NULL); + if (IS_ERR(inode)) + return inode; + + /* Do extra check against inode mode with di_type */ + if (btrfs_inode_type(inode) != di_type) { + btrfs_crit(fs_info, +"inode mode mismatch with dir: inode mode=0%o btrfs type=%u dir type=%u", + inode->i_mode, btrfs_inode_type(inode), + di_type); + iput(inode); + return ERR_PTR(-EUCLEAN); + } return inode; } @@ -6455,11 +6477,6 @@ fail: return ERR_PTR(ret); } -static inline u8 btrfs_inode_type(struct inode *inode) -{ - return btrfs_type_by_mode[(inode->i_mode & S_IFMT) >> S_SHIFT]; -} - /* * utility function to add 'inode' into 'parent_inode' with * a give name and a given sequence number. @@ -6993,6 +7010,14 @@ struct extent_map *btrfs_get_extent(struct btrfs_inode *inode, extent_start = found_key.offset; if (found_type == BTRFS_FILE_EXTENT_REG || found_type == BTRFS_FILE_EXTENT_PREALLOC) { + /* Only regular file could have regular/prealloc extent */ + if (!S_ISREG(inode->vfs_inode.i_mode)) { + ret = -EUCLEAN; + btrfs_crit(fs_info, + "regular/prealloc extent found for non-regular inode %llu", + btrfs_ino(inode)); + goto out; + } extent_end = extent_start + btrfs_file_extent_num_bytes(leaf, item); diff --git a/fs/btrfs/tests/inode-tests.c b/fs/btrfs/tests/inode-tests.c index 64043f0288206..648633aae968c 100644 --- a/fs/btrfs/tests/inode-tests.c +++ b/fs/btrfs/tests/inode-tests.c @@ -232,6 +232,7 @@ static noinline int test_btrfs_get_extent(u32 sectorsize, u32 nodesize) return ret; } + inode->i_mode = S_IFREG; BTRFS_I(inode)->location.type = BTRFS_INODE_ITEM_KEY; BTRFS_I(inode)->location.objectid = BTRFS_FIRST_FREE_OBJECTID; BTRFS_I(inode)->location.offset = 0; From patchwork Mon Aug 3 12:19:25 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 266840 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8FE36C433DF for ; Mon, 3 Aug 2020 12:42:30 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6B38920738 for ; Mon, 3 Aug 2020 12:42:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596458550; bh=x8SQ6fLnmFmHi/7O0TIoixVz2StNQj93pC7LpaYtCec=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=fuZJmjwRu5Ye3pHSfjVlDlKMHDe+HECRwPoyv34S3buhHuMnpbXXCM1sL2gBnvgeg xJ5Y1Y0lKdMlzwhQ6uyGbgzd61ejz2lm8FPNqTUW4soe5Sqy2E4UacAAt6HdO+yfmI wkZSecPPaYGEtAJy7Alz69DWOz29HblofoNM1AhQ= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729345AbgHCMma (ORCPT ); Mon, 3 Aug 2020 08:42:30 -0400 Received: from mail.kernel.org ([198.145.29.99]:58398 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729145AbgHCMbE (ORCPT ); Mon, 3 Aug 2020 08:31:04 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id C169E204EC; Mon, 3 Aug 2020 12:31:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596457863; bh=x8SQ6fLnmFmHi/7O0TIoixVz2StNQj93pC7LpaYtCec=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=DEUKfXjfXIrohnYXnRoqvaa7mxKFCc7JRjOFuWG9GQFa9erCy7JzG9joBRLkqw5VA QNmL2rXacWu7aAF+RUd6QHQRbmcEGtrGY92IxD2HNZtjZn1M1KD0o+Fq7DyMGM9lAl f2ViM4NQnf13qkeGEBKylWV+ZF+YIMgwOlHt7E6I= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Matteo Croce , Neil Horman , Marcelo Ricardo Leitner , Xin Long , "David S. Miller" , Sasha Levin Subject: [PATCH 4.19 10/56] sctp: implement memory accounting on tx path Date: Mon, 3 Aug 2020 14:19:25 +0200 Message-Id: <20200803121850.821743926@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200803121850.306734207@linuxfoundation.org> References: <20200803121850.306734207@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Xin Long [ Upstream commit 1033990ac5b2ab6cee93734cb6d301aa3a35bcaa ] Now when sending packets, sk_mem_charge() and sk_mem_uncharge() have been used to set sk_forward_alloc. We just need to call sk_wmem_schedule() to check if the allocated should be raised, and call sk_mem_reclaim() to check if the allocated should be reduced when it's under memory pressure. If sk_wmem_schedule() returns false, which means no memory is allowed to allocate, it will block and wait for memory to become available. Note different from tcp, sctp wait_for_buf happens before allocating any skb, so memory accounting check is done with the whole msg_len before it too. Reported-by: Matteo Croce Tested-by: Matteo Croce Acked-by: Neil Horman Acked-by: Marcelo Ricardo Leitner Signed-off-by: Xin Long Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- net/sctp/socket.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/net/sctp/socket.c b/net/sctp/socket.c index c93be3ba5df29..df4a7d7c5ec04 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -1931,7 +1931,10 @@ static int sctp_sendmsg_to_asoc(struct sctp_association *asoc, if (sctp_wspace(asoc) < (int)msg_len) sctp_prsctp_prune(asoc, sinfo, msg_len - sctp_wspace(asoc)); - if (sctp_wspace(asoc) <= 0) { + if (sk_under_memory_pressure(sk)) + sk_mem_reclaim(sk); + + if (sctp_wspace(asoc) <= 0 || !sk_wmem_schedule(sk, msg_len)) { timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT); err = sctp_wait_for_sndbuf(asoc, &timeo, msg_len); if (err) @@ -8515,7 +8518,10 @@ static int sctp_wait_for_sndbuf(struct sctp_association *asoc, long *timeo_p, goto do_error; if (signal_pending(current)) goto do_interrupted; - if ((int)msg_len <= sctp_wspace(asoc)) + if (sk_under_memory_pressure(sk)) + sk_mem_reclaim(sk); + if ((int)msg_len <= sctp_wspace(asoc) && + sk_wmem_schedule(sk, msg_len)) break; /* Let another process have a go. Since we are going From patchwork Mon Aug 3 12:19:27 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 266890 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5F38DC433DF for ; Mon, 3 Aug 2020 12:31:12 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3C2CB2054F for ; Mon, 3 Aug 2020 12:31:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596457872; bh=+QC62NbEeI2LDHhBhnfrK0H7jHK8Vrnz7wzz6iPnyQs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=a1Y/WY2gj2dTQ+jjN6esDN2ZJxuZhRo7PNdes1X7g6NnUvNwZDURMG94cTEhI3Fn3 qCPIewAkd4iQnLvKZFoJH2wkNrj7uM8AWmKd7Xyo1uby7MTV+zOY3Uder6o8T8BEzm us3CtazuR/tKx5l2doBuT5rTq+WjDgdWoKVVtmmc= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728618AbgHCMbM (ORCPT ); Mon, 3 Aug 2020 08:31:12 -0400 Received: from mail.kernel.org ([198.145.29.99]:58518 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727914AbgHCMbK (ORCPT ); Mon, 3 Aug 2020 08:31:10 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 746422076B; Mon, 3 Aug 2020 12:31:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596457869; bh=+QC62NbEeI2LDHhBhnfrK0H7jHK8Vrnz7wzz6iPnyQs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=aSzT7FIJsGhrmsRsfoo6s5L3khtQ37E81tz9rldR6mlvr3fg/JFDzHfLubDtxZOfd X+RhOwEfExKj4X+bdbUEgyCKsahtwpYJw5CWLwusr6iNsRNkzqWHHeddrIO47BulYF QzGeRr+QeIGVVaPbZbG0OoEkx9u03rp4OBj6lbQE= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Robert Hancock , Bjorn Helgaas Subject: [PATCH 4.19 12/56] PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge Date: Mon, 3 Aug 2020 14:19:27 +0200 Message-Id: <20200803121850.919304407@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200803121850.306734207@linuxfoundation.org> References: <20200803121850.306734207@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Robert Hancock commit b361663c5a40c8bc758b7f7f2239f7a192180e7c upstream. Recently ASPM handling was changed to allow ASPM on PCIe-to-PCI/PCI-X bridges. Unfortunately the ASMedia ASM1083/1085 PCIe to PCI bridge device doesn't seem to function properly with ASPM enabled. On an Asus PRIME H270-PRO motherboard, it causes errors like these: pcieport 0000:00:1c.0: AER: PCIe Bus Error: severity=Corrected, type=Data Link Layer, (Transmitter ID) pcieport 0000:00:1c.0: AER: device [8086:a292] error status/mask=00003000/00002000 pcieport 0000:00:1c.0: AER: [12] Timeout pcieport 0000:00:1c.0: AER: Corrected error received: 0000:00:1c.0 pcieport 0000:00:1c.0: AER: can't find device of ID00e0 In addition to flooding the kernel log, this also causes the machine to wake up immediately after suspend is initiated. The device advertises ASPM L0s and L1 support in the Link Capabilities register, but the ASMedia web page for ASM1083 [1] claims "No PCIe ASPM support". Windows 10 (build 2004) enables L0s, but it also logs correctable PCIe errors. Add a quirk to disable ASPM for this device. [1] https://www.asmedia.com.tw/eng/e_show_products.php?cate_index=169&item=114 [bhelgaas: commit log] Fixes: 66ff14e59e8a ("PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges") Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=208667 Link: https://lore.kernel.org/r/20200722021803.17958-1-hancockrwd@gmail.com Signed-off-by: Robert Hancock Signed-off-by: Bjorn Helgaas Signed-off-by: Greg Kroah-Hartman --- drivers/pci/quirks.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) --- a/drivers/pci/quirks.c +++ b/drivers/pci/quirks.c @@ -2307,6 +2307,19 @@ DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_IN DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x10f4, quirk_disable_aspm_l0s); DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_INTEL, 0x1508, quirk_disable_aspm_l0s); +static void quirk_disable_aspm_l0s_l1(struct pci_dev *dev) +{ + pci_info(dev, "Disabling ASPM L0s/L1\n"); + pci_disable_link_state(dev, PCIE_LINK_STATE_L0S | PCIE_LINK_STATE_L1); +} + +/* + * ASM1083/1085 PCIe-PCI bridge devices cause AER timeout errors on the + * upstream PCIe root port when ASPM is enabled. At least L0s mode is affected; + * disable both L0s and L1 for now to be safe. + */ +DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_ASMEDIA, 0x1080, quirk_disable_aspm_l0s_l1); + /* * Some Pericom PCIe-to-PCI bridges in reverse mode need the PCIe Retrain * Link bit cleared after starting the link retrain process to allow this From patchwork Mon Aug 3 12:19:30 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 266839 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 788F9C433E0 for ; Mon, 3 Aug 2020 12:42:42 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 571752054F for ; Mon, 3 Aug 2020 12:42:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596458562; bh=O2RC+e43R6W2CMNZ/EhI3/kEAnaUQ/baPfNH/UmDZLw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=MNxZqaRQvtlnPy8axC/zHSvyEPkIhi2VHrq5uHqBUAuK0Fd5X2DUguMSAPtSAPmKh 5A0dJbon78JGOhLig784KFLgVlezEztx8ijcEhaTBbvFscUVQAVmWiXKTOcXb7ZQdn FIhW1zNbgZxdHRxZp67h6dLIjY3uhzs08cKhkLDQ= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727828AbgHCMm3 (ORCPT ); Mon, 3 Aug 2020 08:42:29 -0400 Received: from mail.kernel.org ([198.145.29.99]:58718 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729170AbgHCMbT (ORCPT ); Mon, 3 Aug 2020 08:31:19 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id D6B592076B; Mon, 3 Aug 2020 12:31:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596457877; bh=O2RC+e43R6W2CMNZ/EhI3/kEAnaUQ/baPfNH/UmDZLw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=q8UyC26GTT13rpjJV4k9dYwB0QkcUYBJeuz+tTD+kjzUM4sJqZ/cenDcc++mp/NMK tENkoQJ6pdWKv7i78KxRvHAphq2fXnnT2ttiFl8msJJFvvRdmJbX2zep7JCCmhpYBx RBX2KL43+foeVQjDkFmsGpozCy7KWA59qxekv1e8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Luis Machado , Will Deacon , Russell King Subject: [PATCH 4.19 15/56] ARM: 8986/1: hw_breakpoint: Dont invoke overflow handler on uaccess watchpoints Date: Mon, 3 Aug 2020 14:19:30 +0200 Message-Id: <20200803121851.076442714@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200803121850.306734207@linuxfoundation.org> References: <20200803121850.306734207@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Will Deacon commit eec13b42d41b0f3339dcf0c4da43734427c68620 upstream. Unprivileged memory accesses generated by the so-called "translated" instructions (e.g. LDRT) in kernel mode can cause user watchpoints to fire unexpectedly. In such cases, the hw_breakpoint logic will invoke the user overflow handler which will typically raise a SIGTRAP back to the current task. This is futile when returning back to the kernel because (a) the signal won't have been delivered and (b) userspace can't handle the thing anyway. Avoid invoking the user overflow handler for watchpoints triggered by kernel uaccess routines, and instead single-step over the faulting instruction as we would if no overflow handler had been installed. Cc: Fixes: f81ef4a920c8 ("ARM: 6356/1: hw-breakpoint: add ARM backend for the hw-breakpoint framework") Reported-by: Luis Machado Tested-by: Luis Machado Signed-off-by: Will Deacon Signed-off-by: Russell King Signed-off-by: Greg Kroah-Hartman --- arch/arm/kernel/hw_breakpoint.c | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) --- a/arch/arm/kernel/hw_breakpoint.c +++ b/arch/arm/kernel/hw_breakpoint.c @@ -688,6 +688,12 @@ static void disable_single_step(struct p arch_install_hw_breakpoint(bp); } +static int watchpoint_fault_on_uaccess(struct pt_regs *regs, + struct arch_hw_breakpoint *info) +{ + return !user_mode(regs) && info->ctrl.privilege == ARM_BREAKPOINT_USER; +} + static void watchpoint_handler(unsigned long addr, unsigned int fsr, struct pt_regs *regs) { @@ -747,16 +753,27 @@ static void watchpoint_handler(unsigned } pr_debug("watchpoint fired: address = 0x%x\n", info->trigger); + + /* + * If we triggered a user watchpoint from a uaccess routine, + * then handle the stepping ourselves since userspace really + * can't help us with this. + */ + if (watchpoint_fault_on_uaccess(regs, info)) + goto step; + perf_bp_event(wp, regs); /* - * If no overflow handler is present, insert a temporary - * mismatch breakpoint so we can single-step over the - * watchpoint trigger. + * Defer stepping to the overflow handler if one is installed. + * Otherwise, insert a temporary mismatch breakpoint so that + * we can single-step over the watchpoint trigger. */ - if (is_default_overflow_handler(wp)) - enable_single_step(wp, instruction_pointer(regs)); + if (!is_default_overflow_handler(wp)) + goto unlock; +step: + enable_single_step(wp, instruction_pointer(regs)); unlock: rcu_read_unlock(); } From patchwork Mon Aug 3 12:19:31 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 266841 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 10C31C433E0 for ; Mon, 3 Aug 2020 12:42:24 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E1FE320678 for ; Mon, 3 Aug 2020 12:42:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596458543; bh=fshGYLcQsSw3oRUdVr523hsrXJ+lrjE7n7VUtXtO3IQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=T6vjgO07J31tQzzJzfpo6SJUyRBhBVwaAJ/IE85jsdoTAuXf+DU+WTcP3vBur5UbA uxF1zEe0DceD45Ym9FeRZ78cGxUCWDIdzRh6QW6Kx+N8Jb4dc+V3dsFOtQprTUYvGp WmZCd9C1A7NhRAAezFtWRsso/6WBtSe41brm7358= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728716AbgHCMmX (ORCPT ); Mon, 3 Aug 2020 08:42:23 -0400 Received: from mail.kernel.org ([198.145.29.99]:58802 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727824AbgHCMbV (ORCPT ); Mon, 3 Aug 2020 08:31:21 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 6BBFC2054F; Mon, 3 Aug 2020 12:31:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596457880; bh=fshGYLcQsSw3oRUdVr523hsrXJ+lrjE7n7VUtXtO3IQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=lZUiqa2okaM+oQ82axL3Tf/Wk7KR1YheO3q/iC/+SLUGd02uSAF/8u0p2TD42Sgz9 xcJ4bOfnYJ2+u40FPDwWuE/vyvQeWq11+fY4CuAiZfcItenBO6lMHIFdXEhRnGpRa6 Ng/R5NMZyTyBTugcHRts0yZkoUdAP2/qBUep3bWo= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Amit Klein , Linus Torvalds , Eric Dumazet , "Jason A. Donenfeld" , Andy Lutomirski , Kees Cook , Thomas Gleixner , Peter Zijlstra , Willy Tarreau Subject: [PATCH 4.19 16/56] random32: update the net random state on interrupt and activity Date: Mon, 3 Aug 2020 14:19:31 +0200 Message-Id: <20200803121851.126018222@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200803121850.306734207@linuxfoundation.org> References: <20200803121850.306734207@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Willy Tarreau commit f227e3ec3b5cad859ad15666874405e8c1bbc1d4 upstream. This modifies the first 32 bits out of the 128 bits of a random CPU's net_rand_state on interrupt or CPU activity to complicate remote observations that could lead to guessing the network RNG's internal state. Note that depending on some network devices' interrupt rate moderation or binding, this re-seeding might happen on every packet or even almost never. In addition, with NOHZ some CPUs might not even get timer interrupts, leaving their local state rarely updated, while they are running networked processes making use of the random state. For this reason, we also perform this update in update_process_times() in order to at least update the state when there is user or system activity, since it's the only case we care about. Reported-by: Amit Klein Suggested-by: Linus Torvalds Cc: Eric Dumazet Cc: "Jason A. Donenfeld" Cc: Andy Lutomirski Cc: Kees Cook Cc: Thomas Gleixner Cc: Peter Zijlstra Cc: Signed-off-by: Willy Tarreau Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- drivers/char/random.c | 1 + include/linux/random.h | 3 +++ kernel/time/timer.c | 8 ++++++++ lib/random32.c | 2 +- 4 files changed, 13 insertions(+), 1 deletion(-) --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -1257,6 +1257,7 @@ void add_interrupt_randomness(int irq, i fast_mix(fast_pool); add_interrupt_bench(cycles); + this_cpu_add(net_rand_state.s1, fast_pool->pool[cycles & 3]); if (unlikely(crng_init == 0)) { if ((fast_pool->count >= 64) && --- a/include/linux/random.h +++ b/include/linux/random.h @@ -9,6 +9,7 @@ #include #include +#include #include @@ -115,6 +116,8 @@ struct rnd_state { __u32 s1, s2, s3, s4; }; +DECLARE_PER_CPU(struct rnd_state, net_rand_state) __latent_entropy; + u32 prandom_u32_state(struct rnd_state *state); void prandom_bytes_state(struct rnd_state *state, void *buf, size_t nbytes); void prandom_seed_full_state(struct rnd_state __percpu *pcpu_state); --- a/kernel/time/timer.c +++ b/kernel/time/timer.c @@ -44,6 +44,7 @@ #include #include #include +#include #include #include @@ -1654,6 +1655,13 @@ void update_process_times(int user_tick) scheduler_tick(); if (IS_ENABLED(CONFIG_POSIX_TIMERS)) run_posix_cpu_timers(p); + + /* The current CPU might make use of net randoms without receiving IRQs + * to renew them often enough. Let's update the net_rand_state from a + * non-constant value that's not affine to the number of calls to make + * sure it's updated when there's some activity (we don't care in idle). + */ + this_cpu_add(net_rand_state.s1, rol32(jiffies, 24) + user_tick); } /** --- a/lib/random32.c +++ b/lib/random32.c @@ -48,7 +48,7 @@ static inline void prandom_state_selftes } #endif -static DEFINE_PER_CPU(struct rnd_state, net_rand_state) __latent_entropy; +DEFINE_PER_CPU(struct rnd_state, net_rand_state) __latent_entropy; /** * prandom_u32_state - seeded pseudo-random number generator. From patchwork Mon Aug 3 12:19:32 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 247372 Delivered-To: patch@linaro.org Received: by 2002:a92:cc90:0:0:0:0:0 with SMTP id x16csp1178850ilo; Mon, 3 Aug 2020 05:42:22 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwPH1YqLV7FnhSAioIf4FntKh3ZzxspDBDpffgOVNPRtZpWfWbc4U+0hX+z7I42irlZK/c/ X-Received: by 2002:a05:6402:17a1:: with SMTP id j1mr15045215edy.99.1596458542023; Mon, 03 Aug 2020 05:42:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1596458542; cv=none; d=google.com; s=arc-20160816; b=0XwkXRA97bdUg83ltqffChdAR1pbCfnyRCs8bQLODfAWhaLkAKaxR2sxlEjsmJMlxe BkxhASoVrcP7HjGCkfKI8xD6dATrArkgKhaBjxRALH4P3iwlVstcMXnVzTSAxWB5NYlB cuaetk1C2Wpjh0az4XYv1Bxu9s5fvHKj3IWlXRJ8TBu1sGjbY+l95Nm3y3Qudwf8GbPC 5Eur8amc00LQRXDboyOPR3LwCYWuIf2c+5Wl4LGpIWaT5F+CFMWENZKa+bT6sY+I+t1O 7BnsMQKyWQbiobcdsKoUA7lDRHFOidTF3ibpJxD0oaE4sBHF6MtKVdaAySsBOddRO1/A KRQA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=JTmLZY3YaUSQeVTrmJ1iXa5w7QTIY45VHmnwDrPFqcw=; b=qNesHmDIbBfbOvHVJ4ZdRS23Doq9sI6JXiC2qJdVCgWLVa9/hJtY8vEsh9KxQy4mqZ 3PAWmryJSE0Pkm6TfJw8JfFkMG/LL0Kry+CjK3LjZm0TeEZ2Wj9hJ4YZF6DS98u17PMc iVPEhBgl3IjMVimvUlfR+TVJ2Uh+nU8EZBNY8t/uecJ03V5aae3S275GdPqydjhPSZaZ myuSDNBXZrGyQbYd2eYe8frgAVJRrSMwIWDsJeuTPw5+xme1GlO5emaDgbSV1223zFc+ WQg9zpDiHijOvRm4loLjrRIe8YLOnbApYTfjHHOVIaejr1vAK6O3eTzTGhpv82bJcpo7 QuVg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=sq36ouCZ; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i11si2170143edx.429.2020.08.03.05.42.21; Mon, 03 Aug 2020 05:42:22 -0700 (PDT) Received-SPF: pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=sq36ouCZ; spf=pass (google.com: domain of stable-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729173AbgHCMbZ (ORCPT + 15 others); Mon, 3 Aug 2020 08:31:25 -0400 Received: from mail.kernel.org ([198.145.29.99]:58890 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727914AbgHCMbY (ORCPT ); Mon, 3 Aug 2020 08:31:24 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9593120825; Mon, 3 Aug 2020 12:31:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596457883; bh=ysS3LGq+470SGw6FYTetlB33DoPN5s8hyLYUhLe+03M=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=sq36ouCZMmBdp+idhjwZBlwyJnszG7uBftzlHHIQd64lpncMFRuGtZIOpDUoecv4n Hqcj1eb/gd4/uDgytATPCzl81AIh9k6D2HXmwVDAUYT47I1PJxINHbN2VA84llsZ6y Mqlc/H85F2vOsDRV5McQYlisJTb9il+mRFf5/VaI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Grygorii Strashko , Linus Torvalds Subject: [PATCH 4.19 17/56] ARM: percpu.h: fix build error Date: Mon, 3 Aug 2020 14:19:32 +0200 Message-Id: <20200803121851.174649123@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200803121850.306734207@linuxfoundation.org> References: <20200803121850.306734207@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Grygorii Strashko commit aa54ea903abb02303bf55855fb51e3fcee135d70 upstream. Fix build error for the case: defined(CONFIG_SMP) && !defined(CONFIG_CPU_V6) config: keystone_defconfig CC arch/arm/kernel/signal.o In file included from ../include/linux/random.h:14, from ../arch/arm/kernel/signal.c:8: ../arch/arm/include/asm/percpu.h: In function ‘__my_cpu_offset’: ../arch/arm/include/asm/percpu.h:29:34: error: ‘current_stack_pointer’ undeclared (first use in this function); did you mean ‘user_stack_pointer’? : "Q" (*(const unsigned long *)current_stack_pointer)); ^~~~~~~~~~~~~~~~~~~~~ user_stack_pointer Fixes: f227e3ec3b5c ("random32: update the net random state on interrupt and activity") Signed-off-by: Grygorii Strashko Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- arch/arm/include/asm/percpu.h | 2 ++ 1 file changed, 2 insertions(+) --- a/arch/arm/include/asm/percpu.h +++ b/arch/arm/include/asm/percpu.h @@ -16,6 +16,8 @@ #ifndef _ASM_ARM_PERCPU_H_ #define _ASM_ARM_PERCPU_H_ +#include + /* * Same as asm-generic/percpu.h, except that we store the per cpu offset * in the TPIDRPRW. TPIDRPRW only exists on V6K and V7 From patchwork Mon Aug 3 12:19:33 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 266842 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 84D08C433E0 for ; Mon, 3 Aug 2020 12:42:20 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 55F5A20678 for ; Mon, 3 Aug 2020 12:42:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596458540; bh=Fl5DlAk/eat9xnhGSnnm4wpVPUDjVMLmzf7szweD+k0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=MYOBmk34cJb6UiQ6KFvUwjK36uI0rD2fGojXv/1ilNF3qp+1HyYvjClq6yqWJJYhT VFltpuQYrjfXLyZYzQJlT1NAsmKG346WMo33dOHtXZbzjU5BnhfQ1yLptF65EaJocQ ZDp3NqJsTjK/JfTIYXWH8wzL1Xv1eRf4XgsUcehE= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728671AbgHCMb2 (ORCPT ); Mon, 3 Aug 2020 08:31:28 -0400 Received: from mail.kernel.org ([198.145.29.99]:58978 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729180AbgHCMb1 (ORCPT ); Mon, 3 Aug 2020 08:31:27 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 5C2062076B; Mon, 3 Aug 2020 12:31:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596457885; bh=Fl5DlAk/eat9xnhGSnnm4wpVPUDjVMLmzf7szweD+k0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WilgAWEp2zomJTh/oMSTGhgUdaBnGSW7yn7FY1IShK+ed6r3TiFtULW2tnoNRdXQt Fktk9updQ5HXg96jgqldvNDAZ8uHeDtFbA1X/qAWopUmZs7klzwJlq44qOHkhcX52v i4M+wHh5kB9cy/urY8Zog0EOO/EylTjk81Zw0SHE= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Alex Deucher Subject: [PATCH 4.19 18/56] Revert "drm/amdgpu: Fix NULL dereference in dpm sysfs handlers" Date: Mon, 3 Aug 2020 14:19:33 +0200 Message-Id: <20200803121851.226856767@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200803121850.306734207@linuxfoundation.org> References: <20200803121850.306734207@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Alex Deucher commit 87004abfbc27261edd15716515d89ab42198b405 upstream. This regressed some working configurations so revert it. Will fix this properly for 5.9 and backport then. This reverts commit 38e0c89a19fd13f28d2b4721035160a3e66e270b. Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org Signed-off-by: Greg Kroah-Hartman --- drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c @@ -529,7 +529,8 @@ static ssize_t amdgpu_set_pp_od_clk_volt while (isspace(*++tmp_str)); - while ((sub_str = strsep(&tmp_str, delimiter)) != NULL) { + while (tmp_str[0]) { + sub_str = strsep(&tmp_str, delimiter); ret = kstrtol(sub_str, 0, ¶meter[parameter_size]); if (ret) return -EINVAL; @@ -629,7 +630,8 @@ static ssize_t amdgpu_read_mask(const ch memcpy(buf_cpy, buf, bytes); buf_cpy[bytes] = '\0'; tmp = buf_cpy; - while ((sub_str = strsep(&tmp, delimiter)) != NULL) { + while (tmp[0]) { + sub_str = strsep(&tmp, delimiter); if (strlen(sub_str)) { ret = kstrtol(sub_str, 0, &level); if (ret) @@ -880,7 +882,8 @@ static ssize_t amdgpu_set_pp_power_profi i++; memcpy(buf_cpy, buf, count-i); tmp_str = buf_cpy; - while ((sub_str = strsep(&tmp_str, delimiter)) != NULL) { + while (tmp_str[0]) { + sub_str = strsep(&tmp_str, delimiter); ret = kstrtol(sub_str, 0, ¶meter[parameter_size]); if (ret) { count = -EINVAL; From patchwork Mon Aug 3 12:19:34 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 266889 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D9241C433DF for ; Mon, 3 Aug 2020 12:31:31 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id AF0D6208E4 for ; Mon, 3 Aug 2020 12:31:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596457891; bh=2JT30Mg+Jr0ZteIkhVIf2ruEenMvuGx4U1kmh9bx+jg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=YcbQUHwC59UrWmzcMSkpbEUEEHAKBO59L2eyjfgscqAmHv65EpuALxbaYj41+j5zs mJIIHgv8f/5x9fDbERQkz5LnUeYNca5R+aPBOdZnaLkgGiw9gev042tOXPOQTgPZKQ 0PzgV3y/kUmlTN+XbB4qsQvw5Rb/oFIgAcCYfDOg= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728346AbgHCMbb (ORCPT ); Mon, 3 Aug 2020 08:31:31 -0400 Received: from mail.kernel.org ([198.145.29.99]:59048 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729180AbgHCMba (ORCPT ); Mon, 3 Aug 2020 08:31:30 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 470232076B; Mon, 3 Aug 2020 12:31:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596457888; bh=2JT30Mg+Jr0ZteIkhVIf2ruEenMvuGx4U1kmh9bx+jg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=tWs0BRs0SEcFVHesAHJlxlGXIXACv2X1b48F0lgf8gEqayDFUYPKxaOtI1IF9zJG1 mRcagS29nBPF/1NVXFHG4WWHpfqxbba5wJ9W3MGW03lW46Hr7iAwQ2li3DC0It5xRj LBDQVaro8vbSxUz3UDKyimTYhSlX3eB+Xz6wON/Q= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Dan Carpenter , =?utf-8?q?Christian_K=C3=B6nig?= , Peilin Ye , Alex Deucher Subject: [PATCH 4.19 19/56] drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() Date: Mon, 3 Aug 2020 14:19:34 +0200 Message-Id: <20200803121851.277418241@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200803121850.306734207@linuxfoundation.org> References: <20200803121850.306734207@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Peilin Ye commit 543e8669ed9bfb30545fd52bc0e047ca4df7fb31 upstream. Compiler leaves a 4-byte hole near the end of `dev_info`, causing amdgpu_info_ioctl() to copy uninitialized kernel stack memory to userspace when `size` is greater than 356. In 2015 we tried to fix this issue by doing `= {};` on `dev_info`, which unfortunately does not initialize that 4-byte hole. Fix it by using memset() instead. Cc: stable@vger.kernel.org Fixes: c193fa91b918 ("drm/amdgpu: information leak in amdgpu_info_ioctl()") Fixes: d38ceaf99ed0 ("drm/amdgpu: add core driver (v4)") Suggested-by: Dan Carpenter Reviewed-by: Christian König Signed-off-by: Peilin Ye Signed-off-by: Alex Deucher Signed-off-by: Greg Kroah-Hartman --- drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c @@ -549,9 +549,10 @@ static int amdgpu_info_ioctl(struct drm_ return n ? -EFAULT : 0; } case AMDGPU_INFO_DEV_INFO: { - struct drm_amdgpu_info_device dev_info = {}; + struct drm_amdgpu_info_device dev_info; uint64_t vm_size; + memset(&dev_info, 0, sizeof(dev_info)); dev_info.device_id = dev->pdev->device; dev_info.chip_rev = adev->rev_id; dev_info.external_rev = adev->external_rev_id; From patchwork Mon Aug 3 12:19:36 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 266888 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1A749C433E1 for ; Mon, 3 Aug 2020 12:31:42 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E043F207DF for ; Mon, 3 Aug 2020 12:31:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596457902; bh=gXEwiYtWJrb+EFFUrwnNNz7Jzhi9gU+IQFe3eDUXoAg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=wqbzFcSo90+3Ng6WDtzjsIYw+FVP9Is4ZpY9/jit5km0MxdSGSU4+At5DXmqqGUCG e1uNE7HAIUUs71HOqHSYC7IvWtFpBdKUNxRdt68Ftj+iXTfGqxNSrNYMkfjCf7KoOE o4inl2wtGlzWH5U0+Y8dwLPuCrQ+ntVrS9dHNkig= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729197AbgHCMbm (ORCPT ); Mon, 3 Aug 2020 08:31:42 -0400 Received: from mail.kernel.org ([198.145.29.99]:59294 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729206AbgHCMbi (ORCPT ); Mon, 3 Aug 2020 08:31:38 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id B531022BEB; Mon, 3 Aug 2020 12:31:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596457897; bh=gXEwiYtWJrb+EFFUrwnNNz7Jzhi9gU+IQFe3eDUXoAg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WH65WrdP/UV1ocIXHbrL1l6vD2xat7O8XRuMY//rSFMmViVHyU8SorClzRJeB++SQ X48LYr76gtau9VQ0B57iWPTkr0sGmzEmA4aPzQ24cgx0FeqT36BVKyU7WcLZL4Wf8t nC6hNGrUtpHBElzETD2TbCQa25VwIf8+FZtbLD+0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, =?utf-8?q?Daniel_D=C3=ADaz?= , Kees Cook , Marc Zyngier , Stephen Rothwell , Willy Tarreau , Linus Torvalds Subject: [PATCH 4.19 21/56] random: fix circular include dependency on arm64 after addition of percpu.h Date: Mon, 3 Aug 2020 14:19:36 +0200 Message-Id: <20200803121851.368106736@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200803121850.306734207@linuxfoundation.org> References: <20200803121850.306734207@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Willy Tarreau commit 1c9df907da83812e4f33b59d3d142c864d9da57f upstream. Daniel Díaz and Kees Cook independently reported that commit f227e3ec3b5c ("random32: update the net random state on interrupt and activity") broke arm64 due to a circular dependency on include files since the addition of percpu.h in random.h. The correct fix would definitely be to move all the prandom32 stuff out of random.h but for backporting, a smaller solution is preferred. This one replaces linux/percpu.h with asm/percpu.h, and this fixes the problem on x86_64, arm64, arm, and mips. Note that moving percpu.h around didn't change anything and that removing it entirely broke differently. When backporting, such options might still be considered if this patch fails to help. [ It turns out that an alternate fix seems to be to just remove the troublesome remove from the arm64 that causes the circular dependency. But we might as well do the whole belt-and-suspenders thing, and minimize inclusion in too. Either will fix the problem, and both are good changes. - Linus ] Reported-by: Daniel Díaz Reported-by: Kees Cook Tested-by: Marc Zyngier Fixes: f227e3ec3b5c Cc: Stephen Rothwell Signed-off-by: Willy Tarreau Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- include/linux/random.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/include/linux/random.h +++ b/include/linux/random.h @@ -9,7 +9,7 @@ #include #include -#include +#include #include From patchwork Mon Aug 3 12:19:37 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 266853 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AB506C433E0 for ; Mon, 3 Aug 2020 12:39:40 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 86F7E204EC for ; Mon, 3 Aug 2020 12:39:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596458380; bh=h3F50YRu/vJdUAaf8yXaUUqx+mIxdpj9HxIcTXfF7B0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=1xzQgFQHN3QL+moZVx6O46qX64H8LRLpraEsJWCAQiUFdMKFCZao53KdsBC15JPdS AZXWy2vhNv+MUeeYree7CulRqrQ0hCw8Jfqe+Slm+XJ+HzVyAuq1m3Lu4iLeOzNoAY d0UUhVMB9IzFJE44Zb/z8QgkY4GZRykQOhXzOHhM= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728839AbgHCMjh (ORCPT ); Mon, 3 Aug 2020 08:39:37 -0400 Received: from mail.kernel.org ([198.145.29.99]:33446 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729446AbgHCMdb (ORCPT ); Mon, 3 Aug 2020 08:33:31 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 4F6142076B; Mon, 3 Aug 2020 12:33:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596458009; bh=h3F50YRu/vJdUAaf8yXaUUqx+mIxdpj9HxIcTXfF7B0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=UZbOQGlAagGARcq78DJzmAufKHR8TMZkJrBEsl136L2ShbdJPpP/pMuThFvYNfB8V mdxO9k2fT+VZhF+eczv2sFYkCuJqqa/pPJv6EvlsRRuq+aeAkTQe0lVHv/wqlw80qK PFmSUASDXMXZAc6hCrxGXoj+BYEhWiH42SgbZOaI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Stephen Rothwell , Emese Revfy , Kees Cook , Willy Tarreau , Linus Torvalds Subject: [PATCH 4.19 22/56] random32: remove net_rand_state from the latent entropy gcc plugin Date: Mon, 3 Aug 2020 14:19:37 +0200 Message-Id: <20200803121851.414965160@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200803121850.306734207@linuxfoundation.org> References: <20200803121850.306734207@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Linus Torvalds commit 83bdc7275e6206f560d247be856bceba3e1ed8f2 upstream. It turns out that the plugin right now ends up being really unhappy about the change from 'static' to 'extern' storage that happened in commit f227e3ec3b5c ("random32: update the net random state on interrupt and activity"). This is probably a trivial fix for the latent_entropy plugin, but for now, just remove net_rand_state from the list of things the plugin worries about. Reported-by: Stephen Rothwell Cc: Emese Revfy Cc: Kees Cook Cc: Willy Tarreau Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- include/linux/random.h | 2 +- lib/random32.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) --- a/include/linux/random.h +++ b/include/linux/random.h @@ -116,7 +116,7 @@ struct rnd_state { __u32 s1, s2, s3, s4; }; -DECLARE_PER_CPU(struct rnd_state, net_rand_state) __latent_entropy; +DECLARE_PER_CPU(struct rnd_state, net_rand_state); u32 prandom_u32_state(struct rnd_state *state); void prandom_bytes_state(struct rnd_state *state, void *buf, size_t nbytes); --- a/lib/random32.c +++ b/lib/random32.c @@ -48,7 +48,7 @@ static inline void prandom_state_selftes } #endif -DEFINE_PER_CPU(struct rnd_state, net_rand_state) __latent_entropy; +DEFINE_PER_CPU(struct rnd_state, net_rand_state); /** * prandom_u32_state - seeded pseudo-random number generator. From patchwork Mon Aug 3 12:19:38 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 266845 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3AD83C433E0 for ; Mon, 3 Aug 2020 12:42:04 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0BEEC20738 for ; Mon, 3 Aug 2020 12:42:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596458524; bh=yjdHc/3RhY1oNsnLLVQljljiujWDhRGpXIEJ97lP+S0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=xMesvOfCV2aoDrxuAfrp+pVMix54bjCNa4duCBKj6jSroohOiA8gu3n8DBu6BsUgf IUbD8v6gQNGPpxkZ31ya0lTxKzkfn7POqVp+6W56ov9VBZc5r683b9q7Rt+HnvFkB3 Nf6c+f5ZptTfRyrXUnXjxdoAE3foaFP5usoZPXLY= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728401AbgHCMlv (ORCPT ); Mon, 3 Aug 2020 08:41:51 -0400 Received: from mail.kernel.org ([198.145.29.99]:59928 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728803AbgHCMcE (ORCPT ); Mon, 3 Aug 2020 08:32:04 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 3B74120775; Mon, 3 Aug 2020 12:32:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596457922; bh=yjdHc/3RhY1oNsnLLVQljljiujWDhRGpXIEJ97lP+S0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=OJn2oIUrAxOYrecaASbWLtxw6Q5eJf0Hx8J+4Ma8bNwKH4kOQhQmGJYNt3MQVO9R0 WqJeryFQmbzgnES8yveuvSo4a9li864pkaaLqBhk+r1cfBsc8ag++ujh7TFIqZU6fM nDR+H+D6foUcz+aJyTEBmESX2BkebhZwqCUiWb94= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Dan Carpenter , Peilin Ye , Santosh Shilimkar , "David S. Miller" Subject: [PATCH 4.19 23/56] rds: Prevent kernel-infoleak in rds_notify_queue_get() Date: Mon, 3 Aug 2020 14:19:38 +0200 Message-Id: <20200803121851.460373765@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200803121850.306734207@linuxfoundation.org> References: <20200803121850.306734207@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Peilin Ye commit bbc8a99e952226c585ac17477a85ef1194501762 upstream. rds_notify_queue_get() is potentially copying uninitialized kernel stack memory to userspace since the compiler may leave a 4-byte hole at the end of `cmsg`. In 2016 we tried to fix this issue by doing `= { 0 };` on `cmsg`, which unfortunately does not always initialize that 4-byte hole. Fix it by using memset() instead. Cc: stable@vger.kernel.org Fixes: f037590fff30 ("rds: fix a leak of kernel memory") Fixes: bdbe6fbc6a2f ("RDS: recv.c") Suggested-by: Dan Carpenter Signed-off-by: Peilin Ye Acked-by: Santosh Shilimkar Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/rds/recv.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/net/rds/recv.c +++ b/net/rds/recv.c @@ -455,12 +455,13 @@ static int rds_still_queued(struct rds_s int rds_notify_queue_get(struct rds_sock *rs, struct msghdr *msghdr) { struct rds_notifier *notifier; - struct rds_rdma_notify cmsg = { 0 }; /* fill holes with zero */ + struct rds_rdma_notify cmsg; unsigned int count = 0, max_messages = ~0U; unsigned long flags; LIST_HEAD(copy); int err = 0; + memset(&cmsg, 0, sizeof(cmsg)); /* fill holes with zero */ /* put_cmsg copies to user space and thus may sleep. We can't do this * with rs_lock held, so first grab as many notifications as we can stuff From patchwork Mon Aug 3 12:19:39 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 266849 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id EC464C433E0 for ; Mon, 3 Aug 2020 12:41:36 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CB4DD2054F for ; Mon, 3 Aug 2020 12:41:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596458496; bh=u8PusDECc95mnoSbEKkMsdXrtKxVgtw+dC/6YfrvWzY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=2dZEAPhpRLPVk4yNfJei45vSEuCb82enHTF8lh8Qc1FwyvdFRSNPcIswvlAfFR0LC VmX8X495ayvJpnA+LnU51+fTROiT7QZSaj7LAy28OmXk959R7hYOX4CP6u/lIVaRKS 1U7OuIMrAij+teh/KYTGgSiqbgYtKdGDK6mWj6fM= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729330AbgHCMcf (ORCPT ); Mon, 3 Aug 2020 08:32:35 -0400 Received: from mail.kernel.org ([198.145.29.99]:60524 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729312AbgHCMce (ORCPT ); Mon, 3 Aug 2020 08:32:34 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id E513F2076B; Mon, 3 Aug 2020 12:32:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596457952; bh=u8PusDECc95mnoSbEKkMsdXrtKxVgtw+dC/6YfrvWzY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=cSbJIakelUnUwy5S6D8hNJNa7q1plBOU31E9Hp4IyLVz2cJV/grgi6GNhDDCF5Dtp g+HgocRJcKuh/erxwYq6wYMZTvG9vfUuK1idoAqk/G3fcwSU5RLqDkWRx4jPxlsDkx yMNU3M6rAhNewzM5ZVTOhgJokQqxFFonOZUtxITs= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Chris Mason , Rik van Riel , Dave Chinner , "Darrick J. Wong" , Samuel Mendoza-Jonas , Frank van der Linden , Suraj Jitindar Singh , Benjamin Herrenschmidt , Anchal Agarwal Subject: [PATCH 4.19 24/56] xfs: fix missed wakeup on l_flush_wait Date: Mon, 3 Aug 2020 14:19:39 +0200 Message-Id: <20200803121851.506464786@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200803121850.306734207@linuxfoundation.org> References: <20200803121850.306734207@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Rik van Riel commit cdea5459ce263fbc963657a7736762ae897a8ae6 upstream. The code in xlog_wait uses the spinlock to make adding the task to the wait queue, and setting the task state to UNINTERRUPTIBLE atomic with respect to the waker. Doing the wakeup after releasing the spinlock opens up the following race condition: Task 1 task 2 add task to wait queue wake up task set task state to UNINTERRUPTIBLE This issue was found through code inspection as a result of kworkers being observed stuck in UNINTERRUPTIBLE state with an empty wait queue. It is rare and largely unreproducable. Simply moving the spin_unlock to after the wake_up_all results in the waker not being able to see a task on the waitqueue before it has set its state to UNINTERRUPTIBLE. This bug dates back to the conversion of this code to generic waitqueue infrastructure from a counting semaphore back in 2008 which didn't place the wakeups consistently w.r.t. to the relevant spin locks. [dchinner: Also fix a similar issue in the shutdown path on xc_commit_wait. Update commit log with more details of the issue.] Fixes: d748c62367eb ("[XFS] Convert l_flushsema to a sv_t") Reported-by: Chris Mason Signed-off-by: Rik van Riel Signed-off-by: Dave Chinner Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong Cc: stable@vger.kernel.org # 4.9.x-4.19.x [modified for contextual change near xlog_state_do_callback()] Signed-off-by: Samuel Mendoza-Jonas Reviewed-by: Frank van der Linden Reviewed-by: Suraj Jitindar Singh Reviewed-by: Benjamin Herrenschmidt Reviewed-by: Anchal Agarwal Signed-off-by: Greg Kroah-Hartman --- fs/xfs/xfs_log.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) --- a/fs/xfs/xfs_log.c +++ b/fs/xfs/xfs_log.c @@ -2712,7 +2712,6 @@ xlog_state_do_callback( int funcdidcallbacks; /* flag: function did callbacks */ int repeats; /* for issuing console warnings if * looping too many times */ - int wake = 0; spin_lock(&log->l_icloglock); first_iclog = iclog = log->l_iclog; @@ -2914,11 +2913,9 @@ xlog_state_do_callback( #endif if (log->l_iclog->ic_state & (XLOG_STATE_ACTIVE|XLOG_STATE_IOERROR)) - wake = 1; - spin_unlock(&log->l_icloglock); - - if (wake) wake_up_all(&log->l_flush_wait); + + spin_unlock(&log->l_icloglock); } @@ -4026,7 +4023,9 @@ xfs_log_force_umount( * item committed callback functions will do this again under lock to * avoid races. */ + spin_lock(&log->l_cilp->xc_push_lock); wake_up_all(&log->l_cilp->xc_commit_wait); + spin_unlock(&log->l_cilp->xc_push_lock); xlog_state_do_callback(log, XFS_LI_ABORTED, NULL); #ifdef XFSERRORDEBUG From patchwork Mon Aug 3 12:19:42 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 266880 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 06FA3C433E0 for ; Mon, 3 Aug 2020 12:33:19 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D37962076B for ; Mon, 3 Aug 2020 12:33:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596457998; bh=yi2SbEtLnpkfz+2kpqX+tuBL/mzKRqOf3TWT5F77Vno=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=1yh6SEaozLFY0ULMB7POx1zjVCHBd8q8X0SI2nQCKps6PYrNaem84WqOOfP1QjjSE 9kZl0XfceGVfrOSUkzUdyGbm5/DXKhIsLVYcNQFq96wjSeeQoffFwen7kOQUhNbe5F 387x84pZDUHdV52m59nEiy4AVPvGo0fH6f3Aavek= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729411AbgHCMdS (ORCPT ); Mon, 3 Aug 2020 08:33:18 -0400 Received: from mail.kernel.org ([198.145.29.99]:33114 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728539AbgHCMdR (ORCPT ); Mon, 3 Aug 2020 08:33:17 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 2FD0D2054F; Mon, 3 Aug 2020 12:33:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596457995; bh=yi2SbEtLnpkfz+2kpqX+tuBL/mzKRqOf3TWT5F77Vno=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=lGuJTfJBKkvFsCl1oFb27MdocfjXOzdamVTyJ+4rJttJ4l9PVk4UwcDAS+l4vrmv6 dulAbOFCN7Wlx5YtLuJI6ND5LlpUxkLlhoGWHl8zTk0TfY86u/jyhzOFgKYSGV/esV 3aVbu47jujn7sL2yw33ng0lwYDZLLgkV+UFc1iD0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Steffen Klassert , Sasha Levin Subject: [PATCH 4.19 27/56] xfrm: Fix crash when the hold queue is used. Date: Mon, 3 Aug 2020 14:19:42 +0200 Message-Id: <20200803121851.669728405@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200803121850.306734207@linuxfoundation.org> References: <20200803121850.306734207@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Steffen Klassert [ Upstream commit 101dde4207f1daa1fda57d714814a03835dccc3f ] The commits "xfrm: Move dst->path into struct xfrm_dst" and "net: Create and use new helper xfrm_dst_child()." changed xfrm bundle handling under the assumption that xdst->path and dst->child are not a NULL pointer only if dst->xfrm is not a NULL pointer. That is true with one exception. If the xfrm hold queue is used to wait until a SA is installed by the key manager, we create a dummy bundle without a valid dst->xfrm pointer. The current xfrm bundle handling crashes in that case. Fix this by extending the NULL check of dst->xfrm with a test of the DST_XFRM_QUEUE flag. Fixes: 0f6c480f23f4 ("xfrm: Move dst->path into struct xfrm_dst") Fixes: b92cf4aab8e6 ("net: Create and use new helper xfrm_dst_child().") Signed-off-by: Steffen Klassert Signed-off-by: Sasha Levin --- include/net/xfrm.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index f087c8d125b8f..3a0b5de742e9b 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -1016,7 +1016,7 @@ struct xfrm_dst { static inline struct dst_entry *xfrm_dst_path(const struct dst_entry *dst) { #ifdef CONFIG_XFRM - if (dst->xfrm) { + if (dst->xfrm || (dst->flags & DST_XFRM_QUEUE)) { const struct xfrm_dst *xdst = (const struct xfrm_dst *) dst; return xdst->path; @@ -1028,7 +1028,7 @@ static inline struct dst_entry *xfrm_dst_path(const struct dst_entry *dst) static inline struct dst_entry *xfrm_dst_child(const struct dst_entry *dst) { #ifdef CONFIG_XFRM - if (dst->xfrm) { + if (dst->xfrm || (dst->flags & DST_XFRM_QUEUE)) { struct xfrm_dst *xdst = (struct xfrm_dst *) dst; return xdst->child; } From patchwork Mon Aug 3 12:19:44 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 266879 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1A3BAC433DF for ; Mon, 3 Aug 2020 12:33:25 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E05782054F for ; Mon, 3 Aug 2020 12:33:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596458005; bh=OtnXhp2U8pIrjCX+A+q845AQgjyLC0mf+i8t9s0aHRk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=VvpCtbWFIh0HTFnF+WSfDc+ASGH0e+VnS4vON9m2hbSJZlswxZ5PDZx8znzQFO0my +20FjxuEDrBLG9a22IyBzcoK0VkaDg+4whXPNVVlOTT5DBW0FWeyRch7wUtKwq+uG7 RWl/fo00Qe7h7n6ObiiAyA4oHduTmpcD9645r7kE= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729425AbgHCMdY (ORCPT ); Mon, 3 Aug 2020 08:33:24 -0400 Received: from mail.kernel.org ([198.145.29.99]:33270 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729419AbgHCMdW (ORCPT ); Mon, 3 Aug 2020 08:33:22 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id BE90C2076B; Mon, 3 Aug 2020 12:33:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596458001; bh=OtnXhp2U8pIrjCX+A+q845AQgjyLC0mf+i8t9s0aHRk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=mAY0TMwEkYW6w4SE1TZ8C7lLGqgebhzQjfvS6TKOrJPfUPEyXS58Mt/JWNL7ZY5RB rLy4B1GUpGSN/9wnWgL6J27ObyvMSChUj2iltPI7GPnvXWDiXJHuKf6v0EEH0IdEZ/ FgQprrz7AtNr2xvKiUjHc3gINpPD4VkX3cTtHV9g= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Tanner Love , Willem de Bruijn , "David S. Miller" , Sasha Levin Subject: [PATCH 4.19 29/56] selftests/net: psock_fanout: fix clang issues for target arch PowerPC Date: Mon, 3 Aug 2020 14:19:44 +0200 Message-Id: <20200803121851.757460525@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200803121850.306734207@linuxfoundation.org> References: <20200803121850.306734207@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Tanner Love [ Upstream commit 64f9ede2274980076423583683d44480909b7a40 ] Clang 9 threw: warning: format specifies type 'unsigned short' but the argument has \ type 'int' [-Wformat] typeflags, PORT_BASE, PORT_BASE + port_off); Tested: make -C tools/testing/selftests TARGETS="net" run_tests Fixes: 77f65ebdca50 ("packet: packet fanout rollover during socket overload") Signed-off-by: Tanner Love Acked-by: Willem de Bruijn Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- tools/testing/selftests/net/psock_fanout.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/net/psock_fanout.c b/tools/testing/selftests/net/psock_fanout.c index bd9b9632c72b0..f496ba3b1cd37 100644 --- a/tools/testing/selftests/net/psock_fanout.c +++ b/tools/testing/selftests/net/psock_fanout.c @@ -364,7 +364,8 @@ static int test_datapath(uint16_t typeflags, int port_off, int fds[2], fds_udp[2][2], ret; fprintf(stderr, "\ntest: datapath 0x%hx ports %hu,%hu\n", - typeflags, PORT_BASE, PORT_BASE + port_off); + typeflags, (uint16_t)PORT_BASE, + (uint16_t)(PORT_BASE + port_off)); fds[0] = sock_fanout_open(typeflags, 0); fds[1] = sock_fanout_open(typeflags, 0); From patchwork Mon Aug 3 12:19:48 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 266846 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B4DBAC433E0 for ; Mon, 3 Aug 2020 12:41:49 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8C94D2054F for ; Mon, 3 Aug 2020 12:41:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596458509; bh=LZWwTvS0tp1gdoXEyc79W/d6yllJPiT86ElTRyUHeQY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=c+zp77qH2hkRb5b7P2/zo+N1WX/P9xkm/rhqnfkh5pJfIOxU5GUxzrPTYPGUm9KiN gDxfnFVYAgvvDYh/IS2sb8+cZht28uIEgtI69xaa/aAcxQFKsS9OsKq9v90cJHjpRK 2XwH+t8+yRDb6n0Ys8DkLy2P9PHuwD12BOWp9+Y8= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728508AbgHCMcN (ORCPT ); Mon, 3 Aug 2020 08:32:13 -0400 Received: from mail.kernel.org ([198.145.29.99]:60004 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728460AbgHCMcJ (ORCPT ); Mon, 3 Aug 2020 08:32:09 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id ABAF12076B; Mon, 3 Aug 2020 12:32:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596457928; bh=LZWwTvS0tp1gdoXEyc79W/d6yllJPiT86ElTRyUHeQY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=rUlIB0u4sryH/Y3G4t7boTSEc8XWNe6T1fT3z510RnY5KnGs/JeBEO+xc7PdmWD7C +Mj3ECHsqQ1nTP3LZusUYvPkVgT/8fyCsiUBzrRwUOgb36RUWL3vL2EUHPkN6LRmu2 zKZANGXT7xec81YxAecM+vy+fRMYcf4YhwUCj8pQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, "Woojung.Huh@microchip.com" , Johan Hovold , "David S. Miller" , Sasha Levin Subject: [PATCH 4.19 33/56] net: lan78xx: fix transfer-buffer memory leak Date: Mon, 3 Aug 2020 14:19:48 +0200 Message-Id: <20200803121851.938595494@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200803121850.306734207@linuxfoundation.org> References: <20200803121850.306734207@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Johan Hovold [ Upstream commit 63634aa679ba8b5e306ad0727120309ae6ba8a8e ] The interrupt URB transfer-buffer was never freed on disconnect or after probe errors. Fixes: 55d7de9de6c3 ("Microchip's LAN7800 family USB 2/3 to 10/100/1000 Ethernet device driver") Cc: Woojung.Huh@microchip.com Signed-off-by: Johan Hovold Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- drivers/net/usb/lan78xx.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/net/usb/lan78xx.c b/drivers/net/usb/lan78xx.c index 2dff233814ea5..d198f36785a46 100644 --- a/drivers/net/usb/lan78xx.c +++ b/drivers/net/usb/lan78xx.c @@ -3815,6 +3815,7 @@ static int lan78xx_probe(struct usb_interface *intf, usb_fill_int_urb(dev->urb_intr, dev->udev, dev->pipe_intr, buf, maxp, intr_complete, dev, period); + dev->urb_intr->transfer_flags |= URB_FREE_BUFFER; } } From patchwork Mon Aug 3 12:19:51 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 266847 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 18805C433E3 for ; Mon, 3 Aug 2020 12:41:47 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E7F6C2054F for ; Mon, 3 Aug 2020 12:41:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596458507; bh=YNA98/VYZBGjK6vD7eh5FlJ9EYCaI1/4wP4CAgOGUGI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=loyQF+PIItfJRi9xnwvX0met5WAiCETaKGXqizbdvjXSj3u8hIoUNQohSS6lMCefi 6A352+sGtI/DIoP+k6geC/dWl2q1qG/bdOh/XoAoLKFhcrRhfhRIEmu4PP/8kVR1S3 b+4lxxRYwxzslLhFY2a1MTBPiUVqc5MDSpln6rmA= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728712AbgHCMlj (ORCPT ); Mon, 3 Aug 2020 08:41:39 -0400 Received: from mail.kernel.org ([198.145.29.99]:60160 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729288AbgHCMcS (ORCPT ); Mon, 3 Aug 2020 08:32:18 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id D2B6F204EC; Mon, 3 Aug 2020 12:32:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596457936; bh=YNA98/VYZBGjK6vD7eh5FlJ9EYCaI1/4wP4CAgOGUGI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Wb2L64qvN45d3r7i8gAibGra1lvETo0agQJKGWgeq8Nk++Mazl0xH4FX51Yb3OrIC zInseqdR//P1CQRnajZV/C6uy+fI/DtTvxHK7ilkQ73/TdVn4V11wKRYmXkasrP7RF LRfch175euaYg/cmFK+9wfrXyNtqylr1MXYAlIo4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Ido Schimmel , Jiri Pirko , "David S. Miller" , Sasha Levin Subject: [PATCH 4.19 36/56] mlxsw: core: Free EMAD transactions using kfree_rcu() Date: Mon, 3 Aug 2020 14:19:51 +0200 Message-Id: <20200803121852.091662854@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200803121850.306734207@linuxfoundation.org> References: <20200803121850.306734207@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Ido Schimmel [ Upstream commit 3c8ce24b037648a5a15b85888b259a74b05ff97d ] The lifetime of EMAD transactions (i.e., 'struct mlxsw_reg_trans') is managed using RCU. They are freed using kfree_rcu() once the transaction ends. However, in case the transaction failed it is freed immediately after being removed from the active transactions list. This is problematic because it is still possible for a different CPU to dereference the transaction from an RCU read-side critical section while traversing the active transaction list in mlxsw_emad_rx_listener_func(). In which case, a use-after-free is triggered [1]. Fix this by freeing the transaction after a grace period by calling kfree_rcu(). [1] BUG: KASAN: use-after-free in mlxsw_emad_rx_listener_func+0x969/0xac0 drivers/net/ethernet/mellanox/mlxsw/core.c:671 Read of size 8 at addr ffff88800b7964e8 by task syz-executor.2/2881 CPU: 0 PID: 2881 Comm: syz-executor.2 Not tainted 5.8.0-rc4+ #44 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xf6/0x16e lib/dump_stack.c:118 print_address_description.constprop.0+0x1c/0x250 mm/kasan/report.c:383 __kasan_report mm/kasan/report.c:513 [inline] kasan_report.cold+0x1f/0x37 mm/kasan/report.c:530 mlxsw_emad_rx_listener_func+0x969/0xac0 drivers/net/ethernet/mellanox/mlxsw/core.c:671 mlxsw_core_skb_receive+0x571/0x700 drivers/net/ethernet/mellanox/mlxsw/core.c:2061 mlxsw_pci_cqe_rdq_handle drivers/net/ethernet/mellanox/mlxsw/pci.c:595 [inline] mlxsw_pci_cq_tasklet+0x12a6/0x2520 drivers/net/ethernet/mellanox/mlxsw/pci.c:651 tasklet_action_common.isra.0+0x13f/0x3e0 kernel/softirq.c:550 __do_softirq+0x223/0x964 kernel/softirq.c:292 asm_call_on_stack+0x12/0x20 arch/x86/entry/entry_64.S:711 __run_on_irqstack arch/x86/include/asm/irq_stack.h:22 [inline] run_on_irqstack_cond arch/x86/include/asm/irq_stack.h:48 [inline] do_softirq_own_stack+0x109/0x140 arch/x86/kernel/irq_64.c:77 invoke_softirq kernel/softirq.c:387 [inline] __irq_exit_rcu kernel/softirq.c:417 [inline] irq_exit_rcu+0x16f/0x1a0 kernel/softirq.c:429 sysvec_apic_timer_interrupt+0x4e/0xd0 arch/x86/kernel/apic/apic.c:1091 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:587 RIP: 0010:arch_local_irq_restore arch/x86/include/asm/irqflags.h:85 [inline] RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline] RIP: 0010:_raw_spin_unlock_irqrestore+0x3b/0x40 kernel/locking/spinlock.c:191 Code: e8 2a c3 f4 fc 48 89 ef e8 12 96 f5 fc f6 c7 02 75 11 53 9d e8 d6 db 11 fd 65 ff 0d 1f 21 b3 56 5b 5d c3 e8 a7 d7 11 fd 53 9d ed 0f 1f 00 55 48 89 fd 65 ff 05 05 21 b3 56 ff 74 24 08 48 8d RSP: 0018:ffff8880446ffd80 EFLAGS: 00000286 RAX: 0000000000000006 RBX: 0000000000000286 RCX: 0000000000000006 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffa94ecea9 RBP: ffff888012934408 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000001 R11: fffffbfff57be301 R12: 1ffff110088dffc1 R13: ffff888037b817c0 R14: ffff88802442415a R15: ffff888024424000 __do_sys_perf_event_open+0x1b5d/0x2bd0 kernel/events/core.c:11874 do_syscall_64+0x56/0xa0 arch/x86/entry/common.c:384 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x473dbd Code: Bad RIP value. RSP: 002b:00007f21e5e9cc28 EFLAGS: 00000246 ORIG_RAX: 000000000000012a RAX: ffffffffffffffda RBX: 000000000057bf00 RCX: 0000000000473dbd RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000040 RBP: 000000000057bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000003 R11: 0000000000000246 R12: 000000000057bf0c R13: 00007ffd0493503f R14: 00000000004d0f46 R15: 00007f21e5e9cd80 Allocated by task 871: save_stack+0x1b/0x40 mm/kasan/common.c:48 set_track mm/kasan/common.c:56 [inline] __kasan_kmalloc mm/kasan/common.c:494 [inline] __kasan_kmalloc.constprop.0+0xc2/0xd0 mm/kasan/common.c:467 kmalloc include/linux/slab.h:555 [inline] kzalloc include/linux/slab.h:669 [inline] mlxsw_core_reg_access_emad+0x70/0x1410 drivers/net/ethernet/mellanox/mlxsw/core.c:1812 mlxsw_core_reg_access+0xeb/0x540 drivers/net/ethernet/mellanox/mlxsw/core.c:1991 mlxsw_sp_port_get_hw_xstats+0x335/0x7e0 drivers/net/ethernet/mellanox/mlxsw/spectrum.c:1130 update_stats_cache+0xf4/0x140 drivers/net/ethernet/mellanox/mlxsw/spectrum.c:1173 process_one_work+0xa3e/0x17a0 kernel/workqueue.c:2269 worker_thread+0x9e/0x1050 kernel/workqueue.c:2415 kthread+0x355/0x470 kernel/kthread.c:291 ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:293 Freed by task 871: save_stack+0x1b/0x40 mm/kasan/common.c:48 set_track mm/kasan/common.c:56 [inline] kasan_set_free_info mm/kasan/common.c:316 [inline] __kasan_slab_free+0x12c/0x170 mm/kasan/common.c:455 slab_free_hook mm/slub.c:1474 [inline] slab_free_freelist_hook mm/slub.c:1507 [inline] slab_free mm/slub.c:3072 [inline] kfree+0xe6/0x320 mm/slub.c:4052 mlxsw_core_reg_access_emad+0xd45/0x1410 drivers/net/ethernet/mellanox/mlxsw/core.c:1819 mlxsw_core_reg_access+0xeb/0x540 drivers/net/ethernet/mellanox/mlxsw/core.c:1991 mlxsw_sp_port_get_hw_xstats+0x335/0x7e0 drivers/net/ethernet/mellanox/mlxsw/spectrum.c:1130 update_stats_cache+0xf4/0x140 drivers/net/ethernet/mellanox/mlxsw/spectrum.c:1173 process_one_work+0xa3e/0x17a0 kernel/workqueue.c:2269 worker_thread+0x9e/0x1050 kernel/workqueue.c:2415 kthread+0x355/0x470 kernel/kthread.c:291 ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:293 The buggy address belongs to the object at ffff88800b796400 which belongs to the cache kmalloc-512 of size 512 The buggy address is located 232 bytes inside of 512-byte region [ffff88800b796400, ffff88800b796600) The buggy address belongs to the page: page:ffffea00002de500 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 head:ffffea00002de500 order:2 compound_mapcount:0 compound_pincount:0 flags: 0x100000000010200(slab|head) raw: 0100000000010200 dead000000000100 dead000000000122 ffff88806c402500 raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff88800b796380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff88800b796400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff88800b796480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff88800b796500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff88800b796580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb Fixes: caf7297e7ab5 ("mlxsw: core: Introduce support for asynchronous EMAD register access") Signed-off-by: Ido Schimmel Reviewed-by: Jiri Pirko Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- drivers/net/ethernet/mellanox/mlxsw/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/ethernet/mellanox/mlxsw/core.c b/drivers/net/ethernet/mellanox/mlxsw/core.c index 3cebea6f3e6ad..d8e7ca48753fb 100644 --- a/drivers/net/ethernet/mellanox/mlxsw/core.c +++ b/drivers/net/ethernet/mellanox/mlxsw/core.c @@ -1384,7 +1384,7 @@ static int mlxsw_core_reg_access_emad(struct mlxsw_core *mlxsw_core, err = mlxsw_emad_reg_access(mlxsw_core, reg, payload, type, trans, bulk_list, cb, cb_priv, tid); if (err) { - kfree(trans); + kfree_rcu(trans, rcu); return err; } return 0; From patchwork Mon Aug 3 12:19:52 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 266885 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2F711C433E1 for ; Mon, 3 Aug 2020 12:32:22 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 04A322076E for ; Mon, 3 Aug 2020 12:32:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596457942; bh=V7Inx25FIvEikDAopzfi5kQvEeEprUMdU4v0oZ/86O0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=HPoT4/binDJnOjqe216KhPaUVwJFrA+032ZvNF4TKJzJ0mqS7kIYvw8+1x+gNuLbU mrI1nBMBT2TjbiknN3UT7Lpt9LKPGvqFnK9upvroyIIk7FCYplLtiuZd5hNhUXqanO 09s5+mb7Fiy41AkxqQyi60DSJpZRfPTowuH/R2mI= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729298AbgHCMcU (ORCPT ); Mon, 3 Aug 2020 08:32:20 -0400 Received: from mail.kernel.org ([198.145.29.99]:60198 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729296AbgHCMcU (ORCPT ); Mon, 3 Aug 2020 08:32:20 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id C37012054F; Mon, 3 Aug 2020 12:32:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596457939; bh=V7Inx25FIvEikDAopzfi5kQvEeEprUMdU4v0oZ/86O0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=RFu34zHQ98/vKCJlze06+22CBtnXjsoYHmZzsBrDc5XQE+RVyD2PQkz3fCR78gXi1 VeAXNEQUy2R69t84SIP3Te5CMPfQSpv2cLOZeaIAx45zQoGtZdW8YIdVJLNA9NOw0l BchttlkJOJxVagG5aAtrGHc5QuthluY5KRlo5vCs= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Thomas Falcon , "David S. Miller" , Sasha Levin Subject: [PATCH 4.19 37/56] ibmvnic: Fix IRQ mapping disposal in error path Date: Mon, 3 Aug 2020 14:19:52 +0200 Message-Id: <20200803121852.140146290@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200803121850.306734207@linuxfoundation.org> References: <20200803121850.306734207@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Thomas Falcon [ Upstream commit 27a2145d6f826d1fad9de06ac541b1016ced3427 ] RX queue IRQ mappings are disposed in both the TX IRQ and RX IRQ error paths. Fix this and dispose of TX IRQ mappings correctly in case of an error. Fixes: ea22d51a7831 ("ibmvnic: simplify and improve driver probe function") Signed-off-by: Thomas Falcon Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- drivers/net/ethernet/ibm/ibmvnic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/ethernet/ibm/ibmvnic.c b/drivers/net/ethernet/ibm/ibmvnic.c index 5e9e45befc875..d8115a9333e05 100644 --- a/drivers/net/ethernet/ibm/ibmvnic.c +++ b/drivers/net/ethernet/ibm/ibmvnic.c @@ -2926,7 +2926,7 @@ req_rx_irq_failed: req_tx_irq_failed: for (j = 0; j < i; j++) { free_irq(adapter->tx_scrq[j]->irq, adapter->tx_scrq[j]); - irq_dispose_mapping(adapter->rx_scrq[j]->irq); + irq_dispose_mapping(adapter->tx_scrq[j]->irq); } release_sub_crqs(adapter, 1); return rc; From patchwork Mon Aug 3 12:19:55 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 266848 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D51A3C433E3 for ; Mon, 3 Aug 2020 12:41:37 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id B640D2054F for ; Mon, 3 Aug 2020 12:41:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596458497; bh=tRCAR+29801nJlV6nn6fx12W0QoTWA6SQQ+ift7Kwg0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=N8kNkUQQ4Xc3FaLdv+iw7vebU1OR6OnWpHtU8N+32MEPT/Ge7UrelKVO9vAmIPlET Mm3Qp0yLRCnU3EjmMOrzaAbIVFKcpimDUpxJP4KYtG4j7M4Tq/8D0+7gA3txW2nvQd csAXIVjvGDL7nQirSQHOQVIcDlo9EPjcnMthqIsM= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729317AbgHCMc3 (ORCPT ); Mon, 3 Aug 2020 08:32:29 -0400 Received: from mail.kernel.org ([198.145.29.99]:60416 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729312AbgHCMc2 (ORCPT ); Mon, 3 Aug 2020 08:32:28 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id B87112076B; Mon, 3 Aug 2020 12:32:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596457947; bh=tRCAR+29801nJlV6nn6fx12W0QoTWA6SQQ+ift7Kwg0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=z/kvzCSkRNpKs+xvUTUITFdHBtnwF8p2aa/jylpTxLhMIv6i9l8gtrh7nChByEk5a 8CU7I+S/xic20wQnzBvJiF/NsOViHG87AdDixyUHJMeQSnL0H4+rR2U7xeG0hWElbu hSkisPfQX0tXlz2sJ3Kja+NCqH1HlK6w+Goda1gg= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Remi Pommarel , Johannes Berg , Sasha Levin Subject: [PATCH 4.19 40/56] mac80211: mesh: Free pending skb when destroying a mpath Date: Mon, 3 Aug 2020 14:19:55 +0200 Message-Id: <20200803121852.281619470@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200803121850.306734207@linuxfoundation.org> References: <20200803121850.306734207@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Remi Pommarel [ Upstream commit 5e43540c2af0a0c0a18e39579b1ad49541f87506 ] A mpath object can hold reference on a list of skb that are waiting for mpath resolution to be sent. When destroying a mpath this skb list should be cleaned up in order to not leak memory. Fixing that kind of leak: unreferenced object 0xffff0000181c9300 (size 1088): comm "openvpn", pid 1782, jiffies 4295071698 (age 80.416s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 f9 80 36 00 00 00 00 00 ..........6..... 02 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00 ...@............ backtrace: [<000000004bc6a443>] kmem_cache_alloc+0x1a4/0x2f0 [<000000002caaef13>] sk_prot_alloc.isra.39+0x34/0x178 [<00000000ceeaa916>] sk_alloc+0x34/0x228 [<00000000ca1f1d04>] inet_create+0x198/0x518 [<0000000035626b1c>] __sock_create+0x134/0x328 [<00000000a12b3a87>] __sys_socket+0xb0/0x158 [<00000000ff859f23>] __arm64_sys_socket+0x40/0x58 [<00000000263486ec>] el0_svc_handler+0xd0/0x1a0 [<0000000005b5157d>] el0_svc+0x8/0xc unreferenced object 0xffff000012973a40 (size 216): comm "openvpn", pid 1782, jiffies 4295082137 (age 38.660s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 c0 06 16 00 00 ff ff 00 93 1c 18 00 00 ff ff ................ backtrace: [<000000004bc6a443>] kmem_cache_alloc+0x1a4/0x2f0 [<0000000023c8c8f9>] __alloc_skb+0xc0/0x2b8 [<000000007ad950bb>] alloc_skb_with_frags+0x60/0x320 [<00000000ef90023a>] sock_alloc_send_pskb+0x388/0x3c0 [<00000000104fb1a3>] sock_alloc_send_skb+0x1c/0x28 [<000000006919d2dd>] __ip_append_data+0xba4/0x11f0 [<0000000083477587>] ip_make_skb+0x14c/0x1a8 [<0000000024f3d592>] udp_sendmsg+0xaf0/0xcf0 [<000000005aabe255>] inet_sendmsg+0x5c/0x80 [<000000008651ea08>] __sys_sendto+0x15c/0x218 [<000000003505c99b>] __arm64_sys_sendto+0x74/0x90 [<00000000263486ec>] el0_svc_handler+0xd0/0x1a0 [<0000000005b5157d>] el0_svc+0x8/0xc Fixes: 2bdaf386f99c (mac80211: mesh: move path tables into if_mesh) Signed-off-by: Remi Pommarel Link: https://lore.kernel.org/r/20200704135419.27703-1-repk@triplefau.lt Signed-off-by: Johannes Berg Signed-off-by: Sasha Levin --- net/mac80211/mesh_pathtbl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/mac80211/mesh_pathtbl.c b/net/mac80211/mesh_pathtbl.c index ac1f5db529945..4fc720c77e37e 100644 --- a/net/mac80211/mesh_pathtbl.c +++ b/net/mac80211/mesh_pathtbl.c @@ -532,6 +532,7 @@ static void mesh_path_free_rcu(struct mesh_table *tbl, del_timer_sync(&mpath->timer); atomic_dec(&sdata->u.mesh.mpaths); atomic_dec(&tbl->entries); + mesh_path_flush_pending(mpath); kfree_rcu(mpath, rcu); } From patchwork Mon Aug 3 12:19:57 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 266884 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5DC57C433E0 for ; Mon, 3 Aug 2020 12:32:41 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2EA782054F for ; Mon, 3 Aug 2020 12:32:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596457961; bh=t2oT0uhxQ0+DVoa3OutONu5D6FifUlSdmQ2IaDTNpbU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=iE0lIPrh1HxZkY5sLfeiECCb5a6RCUN0KsFFBJ2pViTbQt8z2VK9FfNszi2uAQa7J L1ptbCSP8GzcVMEIixKSzYuqAIFwtsI53wAbroMiHUqG+XqniOK1xZaH/6y+qK3gD/ fFSv0PvxTRcktlX9pcnyIhb2Gw3iPfWMhaftWESY= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729338AbgHCMcj (ORCPT ); Mon, 3 Aug 2020 08:32:39 -0400 Received: from mail.kernel.org ([198.145.29.99]:60588 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729333AbgHCMcg (ORCPT ); Mon, 3 Aug 2020 08:32:36 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id A5FD6204EC; Mon, 3 Aug 2020 12:32:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596457955; bh=t2oT0uhxQ0+DVoa3OutONu5D6FifUlSdmQ2IaDTNpbU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=YhSl0rV3Zn2voRDxzk4fbdvE/Z+LZxCHjW9+iZxL/O0X6J0peYsSKTRzSo9dYPGjA qAvEqHNXPk0pbneyvRKETX8ybRosFjuZrs4lFlICGEnRnVLjpPRsDHFsapMkw3+6zO KSogFdUbUH7j13hFeGPTqE2QKAGZEeP+r1oR+RA4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, guodeqing , Robin Murphy , Will Deacon , Sasha Levin Subject: [PATCH 4.19 42/56] arm64: csum: Fix handling of bad packets Date: Mon, 3 Aug 2020 14:19:57 +0200 Message-Id: <20200803121852.370952603@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200803121850.306734207@linuxfoundation.org> References: <20200803121850.306734207@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Robin Murphy [ Upstream commit 05fb3dbda187bbd9cc1cd0e97e5d6595af570ac6 ] Although iph is expected to point to at least 20 bytes of valid memory, ihl may be bogus, for example on reception of a corrupt packet. If it happens to be less than 5, we really don't want to run away and dereference 16GB worth of memory until it wraps back to exactly zero... Fixes: 0e455d8e80aa ("arm64: Implement optimised IP checksum helpers") Reported-by: guodeqing Signed-off-by: Robin Murphy Signed-off-by: Will Deacon Signed-off-by: Sasha Levin --- arch/arm64/include/asm/checksum.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/arm64/include/asm/checksum.h b/arch/arm64/include/asm/checksum.h index 0b6f5a7d4027c..fd11e0d70e446 100644 --- a/arch/arm64/include/asm/checksum.h +++ b/arch/arm64/include/asm/checksum.h @@ -30,16 +30,17 @@ static inline __sum16 ip_fast_csum(const void *iph, unsigned int ihl) { __uint128_t tmp; u64 sum; + int n = ihl; /* we want it signed */ tmp = *(const __uint128_t *)iph; iph += 16; - ihl -= 4; + n -= 4; tmp += ((tmp >> 64) | (tmp << 64)); sum = tmp >> 64; do { sum += *(const u32 *)iph; iph += 4; - } while (--ihl); + } while (--n > 0); sum += ((sum >> 32) | (sum << 32)); return csum_fold((__force u32)(sum >> 32)); From patchwork Mon Aug 3 12:20:00 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 266850 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 66503C433E1 for ; Mon, 3 Aug 2020 12:41:26 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3EF7D20738 for ; Mon, 3 Aug 2020 12:41:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596458486; bh=lgqVgdhfHN1pC/MsK8xRtUILegRzQ9O9MBKodkMxdxI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=RkiDxC9BUOr7Ct7AhUvUwh77VzcQbBOOfCToqOlY9bnMCM0YqWFkqr/B7t+D6mwey DGLnNrgKZtWi2GU/vzI5hn7RhU1ijkQycbr9efQGOv38I9zdhE1cM2Sf0UlddL3ejz CbR8oZDXaDehiSxBt3NNE0lB7/+biyT9MrVbayBk= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728667AbgHCMcp (ORCPT ); Mon, 3 Aug 2020 08:32:45 -0400 Received: from mail.kernel.org ([198.145.29.99]:60734 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728639AbgHCMco (ORCPT ); Mon, 3 Aug 2020 08:32:44 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 24AED22B4E; Mon, 3 Aug 2020 12:32:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596457962; bh=lgqVgdhfHN1pC/MsK8xRtUILegRzQ9O9MBKodkMxdxI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Uk8n9Qrhk0nHx9GPZCzuDG94H8vt4nsOhRCNfX1mJhOPQcBef/QzE5FVI2KLtkKIG z/9gHnxQmkWavd5qIt+qyF4qQRePqfdVp5uUrgckJwLLwbM/Ra5t/7GuX+JkWgx05B dL5weY4sQ+Tdr+uNX7fL9YqS5KAKhevSFScZoVN4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Xin Xiong , Xiyu Yang , Xin Tan , Saeed Mahameed , Sasha Levin Subject: [PATCH 4.19 45/56] net/mlx5e: fix bpf_prog reference count leaks in mlx5e_alloc_rq Date: Mon, 3 Aug 2020 14:20:00 +0200 Message-Id: <20200803121852.516928244@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200803121850.306734207@linuxfoundation.org> References: <20200803121850.306734207@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Xin Xiong [ Upstream commit e692139e6af339a1495ef401b2d95f7f9d1c7a44 ] The function invokes bpf_prog_inc(), which increases the reference count of a bpf_prog object "rq->xdp_prog" if the object isn't NULL. The refcount leak issues take place in two error handling paths. When either mlx5_wq_ll_create() or mlx5_wq_cyc_create() fails, the function simply returns the error code and forgets to drop the reference count increased earlier, causing a reference count leak of "rq->xdp_prog". Fix this issue by jumping to the error handling path err_rq_wq_destroy while either function fails. Fixes: 422d4c401edd ("net/mlx5e: RX, Split WQ objects for different RQ types") Signed-off-by: Xin Xiong Signed-off-by: Xiyu Yang Signed-off-by: Xin Tan Signed-off-by: Saeed Mahameed Signed-off-by: Sasha Levin --- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c index 7e6706333fa8d..51edc507b7b5d 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c @@ -519,7 +519,7 @@ static int mlx5e_alloc_rq(struct mlx5e_channel *c, err = mlx5_wq_ll_create(mdev, &rqp->wq, rqc_wq, &rq->mpwqe.wq, &rq->wq_ctrl); if (err) - return err; + goto err_rq_wq_destroy; rq->mpwqe.wq.db = &rq->mpwqe.wq.db[MLX5_RCV_DBR]; @@ -564,7 +564,7 @@ static int mlx5e_alloc_rq(struct mlx5e_channel *c, err = mlx5_wq_cyc_create(mdev, &rqp->wq, rqc_wq, &rq->wqe.wq, &rq->wq_ctrl); if (err) - return err; + goto err_rq_wq_destroy; rq->wqe.wq.db = &rq->wqe.wq.db[MLX5_RCV_DBR]; From patchwork Mon Aug 3 12:20:03 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 266883 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id BD5B8C433DF for ; Mon, 3 Aug 2020 12:32:54 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9350C2076B for ; Mon, 3 Aug 2020 12:32:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596457974; bh=bTEMXvdIvyE2iqBAS9NC+cQYJQ88tOHYymR7wqxovZk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=n1aUQeneZxh7lyWYH38bd3lJiOLBUGHmaCycdW4E5Vd8R3hJQDAwV8JGC2d20jda3 73r+rvR+YIDc3HMwujCVL+6dyFCxnMM0x0WRnJEc828Ir0hlb59nJXeDKRdG/Ri8Pb mZ1mwyKIbNALlnt+CzkXPQ6owVsFoLtLu3b25O84= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729362AbgHCMcy (ORCPT ); Mon, 3 Aug 2020 08:32:54 -0400 Received: from mail.kernel.org ([198.145.29.99]:60840 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728756AbgHCMcv (ORCPT ); Mon, 3 Aug 2020 08:32:51 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 40591204EC; Mon, 3 Aug 2020 12:32:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596457970; bh=bTEMXvdIvyE2iqBAS9NC+cQYJQ88tOHYymR7wqxovZk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=cX2kzR9B6OrAvVHDIHboceU4KZ0nRnsgfd5dzStnZrignYEkSgYqf5LgLUZ1GRd4h T220vK56lUyWBH1GCZ25koLngqsPwIAZGbyOGzFOQmlxAv5Lag/BTj/HKLZ2UD1v02 mT9RGsREsEIpzcGfpFRPfAWy7qJX1G7GUAgGS7AY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Navid Emamdoost , "David S. Miller" , Sasha Levin Subject: [PATCH 4.19 48/56] nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame Date: Mon, 3 Aug 2020 14:20:03 +0200 Message-Id: <20200803121852.668950531@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200803121850.306734207@linuxfoundation.org> References: <20200803121850.306734207@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Navid Emamdoost [ Upstream commit 1e8fd3a97f2d83a7197876ceb4f37b4c2b00a0f3 ] The implementation of s3fwrn5_recv_frame() is supposed to consume skb on all execution paths. Release skb before returning -ENODEV. Signed-off-by: Navid Emamdoost Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- drivers/nfc/s3fwrn5/core.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/nfc/s3fwrn5/core.c b/drivers/nfc/s3fwrn5/core.c index 9d9c8d57a042d..64b58455e620b 100644 --- a/drivers/nfc/s3fwrn5/core.c +++ b/drivers/nfc/s3fwrn5/core.c @@ -209,6 +209,7 @@ int s3fwrn5_recv_frame(struct nci_dev *ndev, struct sk_buff *skb, case S3FWRN5_MODE_FW: return s3fwrn5_fw_recv_frame(ndev, skb); default: + kfree_skb(skb); return -ENODEV; } } From patchwork Mon Aug 3 12:20:05 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 266851 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 37273C433DF for ; Mon, 3 Aug 2020 12:40:52 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1173120678 for ; Mon, 3 Aug 2020 12:40:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596458452; bh=bgAddR/u870zWR7NHJFFnORjmWhzCSF1Zmk3C6mtp4o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=Sq9zWHYORl4KNDMDcU9JR1fXXJqI1Pxu3E4FGZjsAshqU4+QKnbB+YiI9X9pFP0OO F2UnfTGDBhep7MSo0bJkNFjtp3bV5lPHd7Jq3ngCQCFwy8xF9TWAH6rAK5Gg6VVB/h h5fR7YFymRzlRjNeEx1v3XOcWfzVUYZNkwVVsTSk= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728165AbgHCMkt (ORCPT ); Mon, 3 Aug 2020 08:40:49 -0400 Received: from mail.kernel.org ([198.145.29.99]:60986 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728592AbgHCMc5 (ORCPT ); Mon, 3 Aug 2020 08:32:57 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id F3FD62054F; Mon, 3 Aug 2020 12:32:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596457976; bh=bgAddR/u870zWR7NHJFFnORjmWhzCSF1Zmk3C6mtp4o=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=YXCbffeKbZEK6byME6mUEYifM8zgKOzfQleKqrkSY+CIGT+5A3dwnl4HpKS0sfVmR NdymAb7uXH0TXrrFqhWvJyH+khXloIqTCIThQ7vPn59ODkmwtqeZwC52/LmfsdK7Ra 6CtSllgZ68NRlncxX3JszMM7WaZ1g+8sUCApj1kk= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Dirk Behme , Yoshihiro Shimoda , Sergei Shtylyov , "David S. Miller" , Sasha Levin Subject: [PATCH 4.19 50/56] net: ethernet: ravb: exit if re-initialization fails in tx timeout Date: Mon, 3 Aug 2020 14:20:05 +0200 Message-Id: <20200803121852.769062363@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200803121850.306734207@linuxfoundation.org> References: <20200803121850.306734207@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Yoshihiro Shimoda [ Upstream commit 015c5d5e6aa3523c758a70eb87b291cece2dbbb4 ] According to the report of [1], this driver is possible to cause the following error in ravb_tx_timeout_work(). ravb e6800000.ethernet ethernet: failed to switch device to config mode This error means that the hardware could not change the state from "Operation" to "Configuration" while some tx and/or rx queue are operating. After that, ravb_config() in ravb_dmac_init() will fail, and then any descriptors will be not allocaled anymore so that NULL pointer dereference happens after that on ravb_start_xmit(). To fix the issue, the ravb_tx_timeout_work() should check the return values of ravb_stop_dma() and ravb_dmac_init(). If ravb_stop_dma() fails, ravb_tx_timeout_work() re-enables TX and RX and just exits. If ravb_dmac_init() fails, just exits. [1] https://lore.kernel.org/linux-renesas-soc/20200518045452.2390-1-dirk.behme@de.bosch.com/ Reported-by: Dirk Behme Signed-off-by: Yoshihiro Shimoda Reviewed-by: Sergei Shtylyov Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- drivers/net/ethernet/renesas/ravb_main.c | 26 ++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/renesas/ravb_main.c b/drivers/net/ethernet/renesas/ravb_main.c index faaf74073a120..569e698b5c807 100644 --- a/drivers/net/ethernet/renesas/ravb_main.c +++ b/drivers/net/ethernet/renesas/ravb_main.c @@ -1445,6 +1445,7 @@ static void ravb_tx_timeout_work(struct work_struct *work) struct ravb_private *priv = container_of(work, struct ravb_private, work); struct net_device *ndev = priv->ndev; + int error; netif_tx_stop_all_queues(ndev); @@ -1453,15 +1454,36 @@ static void ravb_tx_timeout_work(struct work_struct *work) ravb_ptp_stop(ndev); /* Wait for DMA stopping */ - ravb_stop_dma(ndev); + if (ravb_stop_dma(ndev)) { + /* If ravb_stop_dma() fails, the hardware is still operating + * for TX and/or RX. So, this should not call the following + * functions because ravb_dmac_init() is possible to fail too. + * Also, this should not retry ravb_stop_dma() again and again + * here because it's possible to wait forever. So, this just + * re-enables the TX and RX and skip the following + * re-initialization procedure. + */ + ravb_rcv_snd_enable(ndev); + goto out; + } ravb_ring_free(ndev, RAVB_BE); ravb_ring_free(ndev, RAVB_NC); /* Device init */ - ravb_dmac_init(ndev); + error = ravb_dmac_init(ndev); + if (error) { + /* If ravb_dmac_init() fails, descriptors are freed. So, this + * should return here to avoid re-enabling the TX and RX in + * ravb_emac_init(). + */ + netdev_err(ndev, "%s: ravb_dmac_init() failed, error %d\n", + __func__, error); + return; + } ravb_emac_init(ndev); +out: /* Initialise PTP Clock driver */ if (priv->chip_id == RCAR_GEN2) ravb_ptp_init(ndev, priv->pdev); From patchwork Mon Aug 3 12:20:06 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 266882 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D701AC433E0 for ; Mon, 3 Aug 2020 12:33:02 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id B87E22076B for ; Mon, 3 Aug 2020 12:33:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596457982; bh=jgApG1A37oBtiR5CjwiKak+vQK6WNvNl+JWHPVFcpb4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=givHAxppd5uH5xyUA21PPXzVL37ftWy3AHe+MbJBUYVG+CrGYGY27BlpbzSnBt2dG 2HTzQ9iE0vPSQfhKEKa2puHIVQtlCG8/6BA9Ta98LvpZjBFfysNhHNmtH447OJgoZq IrxGyGrU1xWuuKbUL32N/XXST9tUTZVwJ4XnexkM= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729385AbgHCMdB (ORCPT ); Mon, 3 Aug 2020 08:33:01 -0400 Received: from mail.kernel.org ([198.145.29.99]:32820 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729381AbgHCMdA (ORCPT ); Mon, 3 Aug 2020 08:33:00 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id AC019204EC; Mon, 3 Aug 2020 12:32:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596457979; bh=jgApG1A37oBtiR5CjwiKak+vQK6WNvNl+JWHPVFcpb4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=GeHa/N04fn8auSH2LAvIQvDc75u1WcxlF6V6oDU/LfFtwF0CruLvonYNbYDL2b2T1 kGAsRbstJqi5oFtRTlHCoiWA4l7DD04dsMcgIHQFwC7/2j1cn/16TTVyJGGkPJhEgn S8LA65c+Q2czKvr2wWhI5Dv1tw0ziDB9wDwVDzFQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Raviteja Narayanam , Michal Simek , Wolfram Sang , Sasha Levin Subject: [PATCH 4.19 51/56] Revert "i2c: cadence: Fix the hold bit setting" Date: Mon, 3 Aug 2020 14:20:06 +0200 Message-Id: <20200803121852.826545631@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200803121850.306734207@linuxfoundation.org> References: <20200803121850.306734207@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Raviteja Narayanam [ Upstream commit 0db9254d6b896b587759e2c844c277fb1a6da5b9 ] This reverts commit d358def706880defa4c9e87381c5bf086a97d5f9. There are two issues with "i2c: cadence: Fix the hold bit setting" commit. 1. In case of combined message request from user space, when the HOLD bit is cleared in cdns_i2c_mrecv function, a STOP condition is sent on the bus even before the last message is started. This is because when the HOLD bit is cleared, the FIFOS are empty and there is no pending transfer. The STOP condition should occur only after the last message is completed. 2. The code added by the commit is redundant. Driver is handling the setting/clearing of HOLD bit in right way before the commit. The setting of HOLD bit based on 'bus_hold_flag' is taken care in cdns_i2c_master_xfer function even before cdns_i2c_msend/cdns_i2c_recv functions. The clearing of HOLD bit is taken care at the end of cdns_i2c_msend and cdns_i2c_recv functions based on bus_hold_flag and byte count. Since clearing of HOLD bit is done after the slave address is written to the register (writing to address register triggers the message transfer), it is ensured that STOP condition occurs at the right time after completion of the pending transfer (last message). Signed-off-by: Raviteja Narayanam Acked-by: Michal Simek Signed-off-by: Wolfram Sang Signed-off-by: Sasha Levin --- drivers/i2c/busses/i2c-cadence.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/drivers/i2c/busses/i2c-cadence.c b/drivers/i2c/busses/i2c-cadence.c index d917cefc5a19c..b136057182916 100644 --- a/drivers/i2c/busses/i2c-cadence.c +++ b/drivers/i2c/busses/i2c-cadence.c @@ -382,10 +382,8 @@ static void cdns_i2c_mrecv(struct cdns_i2c *id) * Check for the message size against FIFO depth and set the * 'hold bus' bit if it is greater than FIFO depth. */ - if ((id->recv_count > CDNS_I2C_FIFO_DEPTH) || id->bus_hold_flag) + if (id->recv_count > CDNS_I2C_FIFO_DEPTH) ctrl_reg |= CDNS_I2C_CR_HOLD; - else - ctrl_reg = ctrl_reg & ~CDNS_I2C_CR_HOLD; cdns_i2c_writereg(ctrl_reg, CDNS_I2C_CR_OFFSET); @@ -442,11 +440,8 @@ static void cdns_i2c_msend(struct cdns_i2c *id) * Check for the message size against FIFO depth and set the * 'hold bus' bit if it is greater than FIFO depth. */ - if ((id->send_count > CDNS_I2C_FIFO_DEPTH) || id->bus_hold_flag) + if (id->send_count > CDNS_I2C_FIFO_DEPTH) ctrl_reg |= CDNS_I2C_CR_HOLD; - else - ctrl_reg = ctrl_reg & ~CDNS_I2C_CR_HOLD; - cdns_i2c_writereg(ctrl_reg, CDNS_I2C_CR_OFFSET); /* Clear the interrupts in interrupt status register. */ From patchwork Mon Aug 3 12:20:07 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 266881 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9DEA2C433E0 for ; Mon, 3 Aug 2020 12:33:10 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7ABF82076E for ; Mon, 3 Aug 2020 12:33:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596457990; bh=KP2S6zjMVIV//HHt0ckkmTyuYNbrWQFsrRLKQQLWScM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=Xd8/25xqBGdDV99Ze2XZVScRhzhnxY25r+r+pOpqleAtf9rp05Miljwg2QOA1hOow FRGBqXW8VXgAHKy5bU7ayRg23S+9hrBpbvcvsVNHH7RBr1p5O4r9a78ITmDoy+fGN2 +nVNKnWH8s3ecYrskehpYqkvdO80FOeZ9pEkmoTI= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728948AbgHCMdI (ORCPT ); Mon, 3 Aug 2020 08:33:08 -0400 Received: from mail.kernel.org ([198.145.29.99]:32900 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728608AbgHCMdF (ORCPT ); Mon, 3 Aug 2020 08:33:05 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id E267B2076B; Mon, 3 Aug 2020 12:33:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596457984; bh=KP2S6zjMVIV//HHt0ckkmTyuYNbrWQFsrRLKQQLWScM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Kp4RF5e6c4AYx0kMN8O4UyRTljlgAvRHTt272KbNkLR/8MEm7sp0T7TM4yY8e2vDg 1aJYLuz0uZamTmBt75kc7L6eIFnyhOqUp+modpwVmBUKyvKT7TUTemC2ML+LdvZL2o 2ree9cpM+LCSTAdKLipHI+ikpgq+hlb30DbTG5tc= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Wang ShaoBo , Josh Poimboeuf , Thomas Gleixner , Sasha Levin Subject: [PATCH 4.19 52/56] x86/unwind/orc: Fix ORC for newly forked tasks Date: Mon, 3 Aug 2020 14:20:07 +0200 Message-Id: <20200803121852.874529785@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200803121850.306734207@linuxfoundation.org> References: <20200803121850.306734207@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Josh Poimboeuf [ Upstream commit 372a8eaa05998cd45b3417d0e0ffd3a70978211a ] The ORC unwinder fails to unwind newly forked tasks which haven't yet run on the CPU. It correctly reads the 'ret_from_fork' instruction pointer from the stack, but it incorrectly interprets that value as a call stack address rather than a "signal" one, so the address gets incorrectly decremented in the call to orc_find(), resulting in bad ORC data. Fix it by forcing 'ret_from_fork' frames to be signal frames. Reported-by: Wang ShaoBo Signed-off-by: Josh Poimboeuf Signed-off-by: Thomas Gleixner Tested-by: Wang ShaoBo Link: https://lkml.kernel.org/r/f91a8778dde8aae7f71884b5df2b16d552040441.1594994374.git.jpoimboe@redhat.com Signed-off-by: Sasha Levin --- arch/x86/kernel/unwind_orc.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/unwind_orc.c b/arch/x86/kernel/unwind_orc.c index 2701b370e58fe..1d264ba1e56d1 100644 --- a/arch/x86/kernel/unwind_orc.c +++ b/arch/x86/kernel/unwind_orc.c @@ -420,8 +420,11 @@ bool unwind_next_frame(struct unwind_state *state) /* * Find the orc_entry associated with the text address. * - * Decrement call return addresses by one so they work for sibling - * calls and calls to noreturn functions. + * For a call frame (as opposed to a signal frame), state->ip points to + * the instruction after the call. That instruction's stack layout + * could be different from the call instruction's layout, for example + * if the call was to a noreturn function. So get the ORC data for the + * call instruction itself. */ orc = orc_find(state->signal ? state->ip : state->ip - 1); if (!orc) @@ -634,6 +637,7 @@ void __unwind_start(struct unwind_state *state, struct task_struct *task, state->sp = task->thread.sp; state->bp = READ_ONCE_NOCHECK(frame->bp); state->ip = READ_ONCE_NOCHECK(frame->ret_addr); + state->signal = (void *)state->ip == ret_from_fork; } if (get_stack_info((unsigned long *)state->sp, state->task, From patchwork Mon Aug 3 12:20:09 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 266852 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 34416C433E0 for ; Mon, 3 Aug 2020 12:39:58 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0BEC0204EC for ; Mon, 3 Aug 2020 12:39:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596458398; bh=U+chRqPGR8rJrwHBA7q6Oj2Gm8e0BLsd3/ugWeyaAfw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=Od2sbAs0pYnXPXzeMzwv6yhER3E+4/AgLU6vtJvfDsdvVrcwhgcp9h0O7ycuORMOd 1qxqGdt+5x8uuH11mULMejdCl847EmzTp4tcUtwj06KTZvf9ejWuaatKLegnQUNnl5 cyq5eUyQC3LoMVuP3WlOj7YSfxpLiN1EPZpFOqfU= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728159AbgHCMj6 (ORCPT ); Mon, 3 Aug 2020 08:39:58 -0400 Received: from mail.kernel.org ([198.145.29.99]:33028 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728366AbgHCMdM (ORCPT ); Mon, 3 Aug 2020 08:33:12 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id A1B382076B; Mon, 3 Aug 2020 12:33:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596457990; bh=U+chRqPGR8rJrwHBA7q6Oj2Gm8e0BLsd3/ugWeyaAfw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Ws2yKnk4wkhScCQKX14C1y7PiOu68M+O3ST5iXvjB45OPuiCLTTCjd30srMSTkhQY SEQhTmTiEcPh8bciYHEUInrawJWfr1ST7g2vp1MChO99c5XBrhg2WqeZuCTM2FcDwK ytURaAJLlj5/D4u8yLrTtL1O4571LmTltwwRCg9E= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Andrea Righi , "David S. Miller" , Sasha Levin Subject: [PATCH 4.19 54/56] xen-netfront: fix potential deadlock in xennet_remove() Date: Mon, 3 Aug 2020 14:20:09 +0200 Message-Id: <20200803121852.973030494@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200803121850.306734207@linuxfoundation.org> References: <20200803121850.306734207@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Andrea Righi [ Upstream commit c2c633106453611be07821f53dff9e93a9d1c3f0 ] There's a potential race in xennet_remove(); this is what the driver is doing upon unregistering a network device: 1. state = read bus state 2. if state is not "Closed": 3. request to set state to "Closing" 4. wait for state to be set to "Closing" 5. request to set state to "Closed" 6. wait for state to be set to "Closed" If the state changes to "Closed" immediately after step 1 we are stuck forever in step 4, because the state will never go back from "Closed" to "Closing". Make sure to check also for state == "Closed" in step 4 to prevent the deadlock. Also add a 5 sec timeout any time we wait for the bus state to change, to avoid getting stuck forever in wait_event(). Signed-off-by: Andrea Righi Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- drivers/net/xen-netfront.c | 64 +++++++++++++++++++++++++------------- 1 file changed, 42 insertions(+), 22 deletions(-) diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c index 6b4675a9494b2..c8e84276e6397 100644 --- a/drivers/net/xen-netfront.c +++ b/drivers/net/xen-netfront.c @@ -63,6 +63,8 @@ module_param_named(max_queues, xennet_max_queues, uint, 0644); MODULE_PARM_DESC(max_queues, "Maximum number of queues per virtual interface"); +#define XENNET_TIMEOUT (5 * HZ) + static const struct ethtool_ops xennet_ethtool_ops; struct netfront_cb { @@ -1337,12 +1339,15 @@ static struct net_device *xennet_create_dev(struct xenbus_device *dev) netif_carrier_off(netdev); - xenbus_switch_state(dev, XenbusStateInitialising); - wait_event(module_wq, - xenbus_read_driver_state(dev->otherend) != - XenbusStateClosed && - xenbus_read_driver_state(dev->otherend) != - XenbusStateUnknown); + do { + xenbus_switch_state(dev, XenbusStateInitialising); + err = wait_event_timeout(module_wq, + xenbus_read_driver_state(dev->otherend) != + XenbusStateClosed && + xenbus_read_driver_state(dev->otherend) != + XenbusStateUnknown, XENNET_TIMEOUT); + } while (!err); + return netdev; exit: @@ -2142,28 +2147,43 @@ static const struct attribute_group xennet_dev_group = { }; #endif /* CONFIG_SYSFS */ -static int xennet_remove(struct xenbus_device *dev) +static void xennet_bus_close(struct xenbus_device *dev) { - struct netfront_info *info = dev_get_drvdata(&dev->dev); - - dev_dbg(&dev->dev, "%s\n", dev->nodename); + int ret; - if (xenbus_read_driver_state(dev->otherend) != XenbusStateClosed) { + if (xenbus_read_driver_state(dev->otherend) == XenbusStateClosed) + return; + do { xenbus_switch_state(dev, XenbusStateClosing); - wait_event(module_wq, - xenbus_read_driver_state(dev->otherend) == - XenbusStateClosing || - xenbus_read_driver_state(dev->otherend) == - XenbusStateUnknown); + ret = wait_event_timeout(module_wq, + xenbus_read_driver_state(dev->otherend) == + XenbusStateClosing || + xenbus_read_driver_state(dev->otherend) == + XenbusStateClosed || + xenbus_read_driver_state(dev->otherend) == + XenbusStateUnknown, + XENNET_TIMEOUT); + } while (!ret); + + if (xenbus_read_driver_state(dev->otherend) == XenbusStateClosed) + return; + do { xenbus_switch_state(dev, XenbusStateClosed); - wait_event(module_wq, - xenbus_read_driver_state(dev->otherend) == - XenbusStateClosed || - xenbus_read_driver_state(dev->otherend) == - XenbusStateUnknown); - } + ret = wait_event_timeout(module_wq, + xenbus_read_driver_state(dev->otherend) == + XenbusStateClosed || + xenbus_read_driver_state(dev->otherend) == + XenbusStateUnknown, + XENNET_TIMEOUT); + } while (!ret); +} + +static int xennet_remove(struct xenbus_device *dev) +{ + struct netfront_info *info = dev_get_drvdata(&dev->dev); + xennet_bus_close(dev); xennet_disconnect_backend(info); if (info->netdev->reg_state == NETREG_REGISTERED) From patchwork Mon Aug 3 12:20:11 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 266878 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D7999C433E0 for ; Mon, 3 Aug 2020 12:33:36 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id B024C20781 for ; Mon, 3 Aug 2020 12:33:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596458016; bh=+3EfgGtmCKrNepVQ0cjyTDgJi1Grs6bidEQ5QqtEGDA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=yfrySxmoL/TVi8/ZfuzivFfGJga89X3hy0srLrWGIAmTmBSFC5/Iu4Pb56S2LNc8a X3KvX+Pi9fJAqrvNX9ajfTzdLeD2Qjg4pNTw3iz8cLibP4UC3y8EzeS9wdIm4834XU KatGUYKO3Q5Cpoajow7xdTPvUeaiS+anfoBuGuGE= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728357AbgHCMdf (ORCPT ); Mon, 3 Aug 2020 08:33:35 -0400 Received: from mail.kernel.org ([198.145.29.99]:33494 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729455AbgHCMde (ORCPT ); Mon, 3 Aug 2020 08:33:34 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 3CAEB204EC; Mon, 3 Aug 2020 12:33:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1596458012; bh=+3EfgGtmCKrNepVQ0cjyTDgJi1Grs6bidEQ5QqtEGDA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=xegTBw0l3Go0/lS2Fo3jd1XdNfrz2InuOB6OWXrfKtwMB1bQUwnU+dCYa4K6RY9t/ oYT239/lpPws0XYtOg3Fx5W5ZPU+iailBBXyH3c4qp+XynQXXAiqI1IGCdwmub4EKz EJ6QgpC4eQdhrITI/85RAyjoc4zSZp701psP0wvw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, kernel test robot , Thomas Gleixner , Ingo Molnar Subject: [PATCH 4.19 56/56] x86/i8259: Use printk_deferred() to prevent deadlock Date: Mon, 3 Aug 2020 14:20:11 +0200 Message-Id: <20200803121853.061508887@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200803121850.306734207@linuxfoundation.org> References: <20200803121850.306734207@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Thomas Gleixner commit bdd65589593edd79b6a12ce86b3b7a7c6dae5208 upstream. 0day reported a possible circular locking dependency: Chain exists of: &irq_desc_lock_class --> console_owner --> &port_lock_key Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&port_lock_key); lock(console_owner); lock(&port_lock_key); lock(&irq_desc_lock_class); The reason for this is a printk() in the i8259 interrupt chip driver which is invoked with the irq descriptor lock held, which reverses the lock operations vs. printk() from arbitrary contexts. Switch the printk() to printk_deferred() to avoid that. Reported-by: kernel test robot Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/87365abt2v.fsf@nanos.tec.linutronix.de Signed-off-by: Greg Kroah-Hartman --- arch/x86/kernel/i8259.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/x86/kernel/i8259.c +++ b/arch/x86/kernel/i8259.c @@ -207,7 +207,7 @@ spurious_8259A_irq: * lets ACK and report it. [once per IRQ] */ if (!(spurious_irq_mask & irqmask)) { - printk(KERN_DEBUG + printk_deferred(KERN_DEBUG "spurious 8259A interrupt: IRQ%d.\n", irq); spurious_irq_mask |= irqmask; }