From patchwork Tue Jul 25 20:07:09 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 108683 Delivered-To: patch@linaro.org Received: by 10.182.45.195 with SMTP id p3csp14054obm; Tue, 25 Jul 2017 13:07:36 -0700 (PDT) X-Received: by 10.98.61.93 with SMTP id k90mr20549747pfa.174.1501013256463; Tue, 25 Jul 2017 13:07:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1501013256; cv=none; d=google.com; s=arc-20160816; b=JUvAa+bjSAzYfQYY7S53XofrFWM60e6nVsXMpuXrmVT4ANjYUT37TsUwg4Tw4kubJ+ 8Fn/aRMLzqhFqU3M988G9W4JLEQzr//3Xp6WyE+LUR23XX+Wvww4eNCo+qqtUplcmPEA l6kSHNFiVHyUIkhI4V03/WXKNKw/Ly4GTuI7JHYVtUzVH6Xqr6jBVAmW2RZvg0yt0pLO 4CcTVB7pRSW7/Wr238yavRt8qq/SNxzg2LlBdnblfz19SxVDvutrP5azKMmi7tTvcuXo uJqR5GtyKaRDzx8C57MPZ3IM0zflM/YOf38lHu7Lg++09MRHYpNsHudq2BsImRcerEHd h7qg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=Hjj3aeDs44/iGRTGup4jew0X0M0jFOVa3W0EfP70AWs=; b=Z6iZnqY/IjSMLzPdoCRvVZHjOmSLaj/Au9YaWJGSkic4tDE5R70OvF0Pywp5HuTvRp irj+M7OWTQAYforHzeqONwB7JgW0K7FkhGs+FuRgUbCN6Pbc+jNyoRldLcaHyc36c6pn u0i2fGB0EFpKpORd+59OkHIZilNJNuRGKZdRkyjcxJvr+PB+ImlaWxKHoPtlI/tuhQtu E2ExZa51MEJQmpdsWD/Ik2j8dSnWTHls+ql4f1EAaul0bRzRT2Eu1IwjM4+LkcteFFR5 ft/qsCHughdEKW2+8w0TMIHh+OM6PLagxIAQxo3x3th16yH0LV+T0EgeMSoQrZdvi7kE lKDA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.b=VHA0ENuA; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h10si8970990plk.237.2017.07.25.13.07.36; Tue, 25 Jul 2017 13:07:36 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.b=VHA0ENuA; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753613AbdGYUHd (ORCPT + 6 others); Tue, 25 Jul 2017 16:07:33 -0400 Received: from mail-pg0-f53.google.com ([74.125.83.53]:35772 "EHLO mail-pg0-f53.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753039AbdGYUHb (ORCPT ); Tue, 25 Jul 2017 16:07:31 -0400 Received: by mail-pg0-f53.google.com with SMTP id v190so74469466pgv.2 for ; Tue, 25 Jul 2017 13:07:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Hjj3aeDs44/iGRTGup4jew0X0M0jFOVa3W0EfP70AWs=; b=VHA0ENuAmdfngVvkG2RCg2SlIfS5wUwcCzDXJe/CJnY3UcW9LCVV8HlxQtxC6Ilx0i pHlZyx0kgH9QkO1m1/9UxXRJphiH5sHcFlO4pFNmrkJT74df9mHJCv04sYnlwO+tZ0Mf lorjncL3H7CDPkWnQyOnm5Dzj49To7VZVThWA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Hjj3aeDs44/iGRTGup4jew0X0M0jFOVa3W0EfP70AWs=; b=HhID234Mkq+obG4PJiYoGzE9aCdeGQw1Ri7z1um12aIu0tVhaNOw9rQnRn3Qt8y/Z3 jofTc3u2vnyBEmtb152bNP6rd/f6kkiqw4nnDeSRXUjRDLpMtHALahBPmgpXGaTzBNaq BjK2+634fvvVquRchbTdn4+p7kJ5/rBo2SS1S7+CYciX2mL365r3+PkZH2cyvLUK1zDF CEtyTXVCvWxk7UZqBuLq38T0pwg6S1LmYxpzcqnkR7Wnt2AQVRB3xzrBYOqpX/TgLmuv 4HJa7D/OR7x/zzRM/vQrUI7a0JQ3/vvSYgSAuaIIK2v8CT1WL0Wmkw2ASWWjNiFtJGEi NvFQ== X-Gm-Message-State: AIVw1131qnim4sjsH530ZlQOosISvl78qVrRyJ5m4re39nafodOBcLM0 nJSkBaIgJrk2GXto X-Received: by 10.84.151.99 with SMTP id i90mr22426593pli.188.1501013250435; Tue, 25 Jul 2017 13:07:30 -0700 (PDT) Received: from localhost.localdomain ([106.51.135.235]) by smtp.gmail.com with ESMTPSA id c76sm27684356pfj.91.2017.07.25.13.07.26 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Jul 2017 13:07:29 -0700 (PDT) From: Amit Pundir To: Greg KH Cc: Stable , Guillaume Nault , "David S . Miller" Subject: [PATCH for-4.4 01/13] ppp: take reference on channels netns Date: Wed, 26 Jul 2017 01:37:09 +0530 Message-Id: <1501013241-31961-2-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1501013241-31961-1-git-send-email-amit.pundir@linaro.org> References: <1501013241-31961-1-git-send-email-amit.pundir@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Guillaume Nault commit 1f461dcdd296eecedaffffc6bae2bfa90bd7eb89 upstream. Let channels hold a reference on their network namespace. Some channel types, like ppp_async and ppp_synctty, can have their userspace controller running in a different namespace. Therefore they can't rely on them to preclude their netns from being removed from under them. -- 2.7.4 ================================================================== BUG: KASAN: use-after-free in ppp_unregister_channel+0x372/0x3a0 at addr ffff880064e217e0 Read of size 8 by task syz-executor/11581 ============================================================================= BUG net_namespace (Not tainted): kasan: bad access detected ----------------------------------------------------------------------------- Disabling lock debugging due to kernel taint INFO: Allocated in copy_net_ns+0x6b/0x1a0 age=92569 cpu=3 pid=6906 [< none >] ___slab_alloc+0x4c7/0x500 kernel/mm/slub.c:2440 [< none >] __slab_alloc+0x4c/0x90 kernel/mm/slub.c:2469 [< inline >] slab_alloc_node kernel/mm/slub.c:2532 [< inline >] slab_alloc kernel/mm/slub.c:2574 [< none >] kmem_cache_alloc+0x23a/0x2b0 kernel/mm/slub.c:2579 [< inline >] kmem_cache_zalloc kernel/include/linux/slab.h:597 [< inline >] net_alloc kernel/net/core/net_namespace.c:325 [< none >] copy_net_ns+0x6b/0x1a0 kernel/net/core/net_namespace.c:360 [< none >] create_new_namespaces+0x2f6/0x610 kernel/kernel/nsproxy.c:95 [< none >] copy_namespaces+0x297/0x320 kernel/kernel/nsproxy.c:150 [< none >] copy_process.part.35+0x1bf4/0x5760 kernel/kernel/fork.c:1451 [< inline >] copy_process kernel/kernel/fork.c:1274 [< none >] _do_fork+0x1bc/0xcb0 kernel/kernel/fork.c:1723 [< inline >] SYSC_clone kernel/kernel/fork.c:1832 [< none >] SyS_clone+0x37/0x50 kernel/kernel/fork.c:1826 [< none >] entry_SYSCALL_64_fastpath+0x16/0x7a kernel/arch/x86/entry/entry_64.S:185 INFO: Freed in net_drop_ns+0x67/0x80 age=575 cpu=2 pid=2631 [< none >] __slab_free+0x1fc/0x320 kernel/mm/slub.c:2650 [< inline >] slab_free kernel/mm/slub.c:2805 [< none >] kmem_cache_free+0x2a0/0x330 kernel/mm/slub.c:2814 [< inline >] net_free kernel/net/core/net_namespace.c:341 [< none >] net_drop_ns+0x67/0x80 kernel/net/core/net_namespace.c:348 [< none >] cleanup_net+0x4e5/0x600 kernel/net/core/net_namespace.c:448 [< none >] process_one_work+0x794/0x1440 kernel/kernel/workqueue.c:2036 [< none >] worker_thread+0xdb/0xfc0 kernel/kernel/workqueue.c:2170 [< none >] kthread+0x23f/0x2d0 kernel/drivers/block/aoe/aoecmd.c:1303 [< none >] ret_from_fork+0x3f/0x70 kernel/arch/x86/entry/entry_64.S:468 INFO: Slab 0xffffea0001938800 objects=3 used=0 fp=0xffff880064e20000 flags=0x5fffc0000004080 INFO: Object 0xffff880064e20000 @offset=0 fp=0xffff880064e24200 CPU: 1 PID: 11581 Comm: syz-executor Tainted: G B 4.4.0+ Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.8.2-0-g33fbe13 by qemu-project.org 04/01/2014 00000000ffffffff ffff8800662c7790 ffffffff8292049d ffff88003e36a300 ffff880064e20000 ffff880064e20000 ffff8800662c77c0 ffffffff816f2054 ffff88003e36a300 ffffea0001938800 ffff880064e20000 0000000000000000 Call Trace: [< inline >] __dump_stack kernel/lib/dump_stack.c:15 [] dump_stack+0x6f/0xa2 kernel/lib/dump_stack.c:50 [] print_trailer+0xf4/0x150 kernel/mm/slub.c:654 [] object_err+0x2f/0x40 kernel/mm/slub.c:661 [< inline >] print_address_description kernel/mm/kasan/report.c:138 [] kasan_report_error+0x215/0x530 kernel/mm/kasan/report.c:236 [< inline >] kasan_report kernel/mm/kasan/report.c:259 [] __asan_report_load8_noabort+0x3e/0x40 kernel/mm/kasan/report.c:280 [< inline >] ? ppp_pernet kernel/include/linux/compiler.h:218 [] ? ppp_unregister_channel+0x372/0x3a0 kernel/drivers/net/ppp/ppp_generic.c:2392 [< inline >] ppp_pernet kernel/include/linux/compiler.h:218 [] ppp_unregister_channel+0x372/0x3a0 kernel/drivers/net/ppp/ppp_generic.c:2392 [< inline >] ? ppp_pernet kernel/drivers/net/ppp/ppp_generic.c:293 [] ? ppp_unregister_channel+0xe6/0x3a0 kernel/drivers/net/ppp/ppp_generic.c:2392 [] ppp_asynctty_close+0xa3/0x130 kernel/drivers/net/ppp/ppp_async.c:241 [] ? async_lcp_peek+0x5b0/0x5b0 kernel/drivers/net/ppp/ppp_async.c:1000 [] tty_ldisc_close.isra.1+0x99/0xe0 kernel/drivers/tty/tty_ldisc.c:478 [] tty_ldisc_kill+0x40/0x170 kernel/drivers/tty/tty_ldisc.c:744 [] tty_ldisc_release+0x1b3/0x260 kernel/drivers/tty/tty_ldisc.c:772 [] tty_release+0xac1/0x13e0 kernel/drivers/tty/tty_io.c:1901 [] ? release_tty+0x320/0x320 kernel/drivers/tty/tty_io.c:1688 [] __fput+0x236/0x780 kernel/fs/file_table.c:208 [] ____fput+0x15/0x20 kernel/fs/file_table.c:244 [] task_work_run+0x16b/0x200 kernel/kernel/task_work.c:115 [< inline >] exit_task_work kernel/include/linux/task_work.h:21 [] do_exit+0x8b5/0x2c60 kernel/kernel/exit.c:750 [] ? debug_check_no_locks_freed+0x290/0x290 kernel/kernel/locking/lockdep.c:4123 [] ? mm_update_next_owner+0x6f0/0x6f0 kernel/kernel/exit.c:357 [] ? __dequeue_signal+0x136/0x470 kernel/kernel/signal.c:550 [] ? recalc_sigpending_tsk+0x13b/0x180 kernel/kernel/signal.c:145 [] do_group_exit+0x108/0x330 kernel/kernel/exit.c:880 [] get_signal+0x5e4/0x14f0 kernel/kernel/signal.c:2307 [< inline >] ? kretprobe_table_lock kernel/kernel/kprobes.c:1113 [] ? kprobe_flush_task+0xb5/0x450 kernel/kernel/kprobes.c:1158 [] do_signal+0x83/0x1c90 kernel/arch/x86/kernel/signal.c:712 [] ? recycle_rp_inst+0x310/0x310 kernel/include/linux/list.h:655 [] ? setup_sigcontext+0x780/0x780 kernel/arch/x86/kernel/signal.c:165 [] ? finish_task_switch+0x424/0x5f0 kernel/kernel/sched/core.c:2692 [< inline >] ? finish_lock_switch kernel/kernel/sched/sched.h:1099 [] ? finish_task_switch+0x120/0x5f0 kernel/kernel/sched/core.c:2678 [< inline >] ? context_switch kernel/kernel/sched/core.c:2807 [] ? __schedule+0x919/0x1bd0 kernel/kernel/sched/core.c:3283 [] exit_to_usermode_loop+0xf1/0x1a0 kernel/arch/x86/entry/common.c:247 [< inline >] prepare_exit_to_usermode kernel/arch/x86/entry/common.c:282 [] syscall_return_slowpath+0x19f/0x210 kernel/arch/x86/entry/common.c:344 [] int_ret_from_sys_call+0x25/0x9f kernel/arch/x86/entry/entry_64.S:281 Memory state around the buggy address: ffff880064e21680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff880064e21700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff880064e21780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff880064e21800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff880064e21880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ================================================================== Fixes: 273ec51dd7ce ("net: ppp_generic - introduce net-namespace functionality v2") Reported-by: Baozeng Ding Signed-off-by: Guillaume Nault Reviewed-by: Cyrill Gorcunov Signed-off-by: David S. Miller Signed-off-by: Amit Pundir --- drivers/net/ppp/ppp_generic.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c index e5bb870b5461..fa76ca128e1b 100644 --- a/drivers/net/ppp/ppp_generic.c +++ b/drivers/net/ppp/ppp_generic.c @@ -2390,6 +2390,8 @@ ppp_unregister_channel(struct ppp_channel *chan) spin_lock_bh(&pn->all_channels_lock); list_del(&pch->list); spin_unlock_bh(&pn->all_channels_lock); + put_net(pch->chan_net); + pch->chan_net = NULL; pch->file.dead = 1; wake_up_interruptible(&pch->file.rwait); From patchwork Tue Jul 25 20:07:10 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 108684 Delivered-To: patch@linaro.org Received: by 10.182.45.195 with SMTP id p3csp14069obm; Tue, 25 Jul 2017 13:07:37 -0700 (PDT) X-Received: by 10.84.217.68 with SMTP id e4mr8157540plj.309.1501013257206; Tue, 25 Jul 2017 13:07:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1501013257; cv=none; d=google.com; s=arc-20160816; b=cGmd4mRo9Htxmmyu5D3TfzOBJJqQ+Ztto3kCB/yhSd/m6derhoit8zZa44LhsB7qsQ G9KxIlpelWCN7ZntnwYDhiuljnwz+JMVoGaIfzmdMhX0PmDOCVhbdbrrkjWCMQ5u/sLw mumN06Zu/OYPTihVMgS8QVn6Gr6GYOdJLgeu1VNEo9WDA+zW+58u65LV86cVNvZs6Y4G 5S/gBz2nzwGK7Xi8ZC39M5XU+iHZu+9yAHI7P8qeNkz+dzSAdpAIPtrP3wgqM3tZMKet dAzI0bBjCi/xFlHSvlPTpM4Ydk58PKr2eOxj9S9KQLuY3nWSsqoGjJwiJc+JbzoqJLLC Qaug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=nL1QEUYsr4+2EhmzKQZeCEOszg3QXsUwcPta1BzYu2M=; b=rcetUKC0d+I5vqcfOnhuMIl5+GBR2Fbka3dLzSYUxqZOVQ+i8KW5Yc3G6bBpgHwGzS 2Fj1hMoPJZiWE+HNKRXolJBTmoFrvZcyyzAONxRGeeK6wg0O+xT6vY36lYfHkZXAfBn6 tSdprwDCNcsOxKQKfn9zdXqFQc48b6v7ICx2e0dk7EX8ZiH1B+Zde4GgDsRVlAE6rXMP gRoMFJN7DvIYq/U518VRQ0wz2WB2L0kQQGSm0CsPtMsabHBapPQPWsYITBFNyyjSulPd /qpPEt+qKYfxNzVgQdiDkro4Kjb/lZpzD3w9URpQVhb8duiIGieINOTh8KhqE3ZfoR27 FHAQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.b=UN60x5uW; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h10si8970990plk.237.2017.07.25.13.07.36; Tue, 25 Jul 2017 13:07:37 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.b=UN60x5uW; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753615AbdGYUHf (ORCPT + 6 others); Tue, 25 Jul 2017 16:07:35 -0400 Received: from mail-pf0-f179.google.com ([209.85.192.179]:33104 "EHLO mail-pf0-f179.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753612AbdGYUHe (ORCPT ); Tue, 25 Jul 2017 16:07:34 -0400 Received: by mail-pf0-f179.google.com with SMTP id s70so62309981pfs.0 for ; Tue, 25 Jul 2017 13:07:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=nL1QEUYsr4+2EhmzKQZeCEOszg3QXsUwcPta1BzYu2M=; b=UN60x5uW7PDd5ROvt1QAjbDattuJgy9m6BptOxR7RKsL+qa8ku96KHIGVf8c8l0bDu WuAlVi9Q50uHFjDjtDVE+3OlgA6i8zHOhkVk7AMI1MiOa2nQ1I3zPZOI2Fsekg0m55Ag 8sQPiMcpElyDsmXXiH0Q8EoK5zDASApDGUtCI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=nL1QEUYsr4+2EhmzKQZeCEOszg3QXsUwcPta1BzYu2M=; b=lBeeUQXKL1xRzSpyCuPYmchFr2ZY3eiUbwf7EOHDV9aoqzBCP7uclgUBt4RbYteJtI cdXyK5OmDVApq7lZgFAoHXVTtkvJujpSk9itmiMWjaw13lJgtB3k9uBpj5lFG46CTRsm 2r15hLEp0EhYHKsbP1CQ3n0Pc31eWmucgSB3/ujlTFZmWHF8csCyBojeaK4RIzbH9L67 YtWXb0TkThBbk+OnQthQZ/rj/HKYnMyX4Mt9OVU3JaapPbpCF8i5oy+GMYXtRqJZ7FxK oZFHDMwbjMHB9WBQBK05YyQHoJUBakt+wnec2Qm7CvjLe+d27pS8W5zQKKY5EkNnKqJM FvlA== X-Gm-Message-State: AIVw112poIuXtrDeJ3PHvBQ3EVkLEN0dmkvfv+yOjxGn0AJqD9a0WbT8 lQ1DNK0yniGrNA0h X-Received: by 10.84.194.37 with SMTP id g34mr22524472pld.111.1501013253236; Tue, 25 Jul 2017 13:07:33 -0700 (PDT) Received: from localhost.localdomain ([106.51.135.235]) by smtp.gmail.com with ESMTPSA id c76sm27684356pfj.91.2017.07.25.13.07.30 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Jul 2017 13:07:32 -0700 (PDT) From: Amit Pundir To: Greg KH Cc: Stable , Calvin Owens , "Martin K . Petersen" Subject: [PATCH for-4.4 02/13] mpt3sas: Don't overreach ioc->reply_post[] during initialization Date: Wed, 26 Jul 2017 01:37:10 +0530 Message-Id: <1501013241-31961-3-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1501013241-31961-1-git-send-email-amit.pundir@linaro.org> References: <1501013241-31961-1-git-send-email-amit.pundir@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Calvin Owens commit 5ec8a1753bc29efa7e4b1391d691c9c719b30257 upstream. In _base_make_ioc_operational(), we walk ioc->reply_queue_list and pull a pointer out of successive elements of ioc->reply_post[] for each entry in that list if RDPQ is enabled. Since the code pulls the pointer for the next iteration at the bottom of the loop, it triggers the a KASAN dump on the final iteration: BUG: KASAN: slab-out-of-bounds in _base_make_ioc_operational+0x47b7/0x47e0 [mpt3sas] at addr ffff880754816ab0 Read of size 8 by task modprobe/305 Call Trace: [] dump_stack+0x4d/0x6c [] print_trailer+0xf9/0x150 [] object_err+0x34/0x40 [] kasan_report_error+0x221/0x530 [] __asan_report_load8_noabort+0x43/0x50 [] _base_make_ioc_operational+0x47b7/0x47e0 [mpt3sas] [] mpt3sas_base_attach+0x1991/0x2120 [mpt3sas] [] _scsih_probe+0xeb3/0x16b0 [mpt3sas] [] local_pci_probe+0xc7/0x170 [] pci_device_probe+0x20f/0x290 [] really_probe+0x17d/0x600 [] __driver_attach+0x153/0x190 [] bus_for_each_dev+0x11c/0x1a0 [] driver_attach+0x3d/0x50 [] bus_add_driver+0x44a/0x5f0 [] driver_register+0x18c/0x3b0 [] __pci_register_driver+0x156/0x200 [] _mpt3sas_init+0x135/0x1000 [mpt3sas] [] do_one_initcall+0x113/0x2b0 [] do_init_module+0x1d0/0x4d8 [] load_module+0x6729/0x8dc0 [] SYSC_init_module+0x183/0x1a0 [] SyS_init_module+0xe/0x10 [] entry_SYSCALL_64_fastpath+0x12/0x6a Fix this by pulling the value at the beginning of the loop. Signed-off-by: Calvin Owens Reviewed-by: Johannes Thumshirn Reviewed-by: Jens Axboe Acked-by: Chaitra Basappa Signed-off-by: Martin K. Petersen Signed-off-by: Amit Pundir --- drivers/scsi/mpt3sas/mpt3sas_base.c | 33 ++++++++++++++++----------------- 1 file changed, 16 insertions(+), 17 deletions(-) -- 2.7.4 diff --git a/drivers/scsi/mpt3sas/mpt3sas_base.c b/drivers/scsi/mpt3sas/mpt3sas_base.c index 5b2c37f1e908..9b5367294116 100644 --- a/drivers/scsi/mpt3sas/mpt3sas_base.c +++ b/drivers/scsi/mpt3sas/mpt3sas_base.c @@ -4981,15 +4981,14 @@ _base_make_ioc_ready(struct MPT3SAS_ADAPTER *ioc, int sleep_flag, static int _base_make_ioc_operational(struct MPT3SAS_ADAPTER *ioc, int sleep_flag) { - int r, i; + int r, i, index; unsigned long flags; u32 reply_address; u16 smid; struct _tr_list *delayed_tr, *delayed_tr_next; u8 hide_flag; struct adapter_reply_queue *reply_q; - long reply_post_free; - u32 reply_post_free_sz, index = 0; + Mpi2ReplyDescriptorsUnion_t *reply_post_free_contig; dinitprintk(ioc, pr_info(MPT3SAS_FMT "%s\n", ioc->name, __func__)); @@ -5061,27 +5060,27 @@ _base_make_ioc_operational(struct MPT3SAS_ADAPTER *ioc, int sleep_flag) _base_assign_reply_queues(ioc); /* initialize Reply Post Free Queue */ - reply_post_free_sz = ioc->reply_post_queue_depth * - sizeof(Mpi2DefaultReplyDescriptor_t); - reply_post_free = (long)ioc->reply_post[index].reply_post_free; + index = 0; + reply_post_free_contig = ioc->reply_post[0].reply_post_free; list_for_each_entry(reply_q, &ioc->reply_queue_list, list) { + /* + * If RDPQ is enabled, switch to the next allocation. + * Otherwise advance within the contiguous region. + */ + if (ioc->rdpq_array_enable) { + reply_q->reply_post_free = + ioc->reply_post[index++].reply_post_free; + } else { + reply_q->reply_post_free = reply_post_free_contig; + reply_post_free_contig += ioc->reply_post_queue_depth; + } + reply_q->reply_post_host_index = 0; - reply_q->reply_post_free = (Mpi2ReplyDescriptorsUnion_t *) - reply_post_free; for (i = 0; i < ioc->reply_post_queue_depth; i++) reply_q->reply_post_free[i].Words = cpu_to_le64(ULLONG_MAX); if (!_base_is_controller_msix_enabled(ioc)) goto skip_init_reply_post_free_queue; - /* - * If RDPQ is enabled, switch to the next allocation. - * Otherwise advance within the contiguous region. - */ - if (ioc->rdpq_array_enable) - reply_post_free = (long) - ioc->reply_post[++index].reply_post_free; - else - reply_post_free += reply_post_free_sz; } skip_init_reply_post_free_queue: From patchwork Tue Jul 25 20:07:11 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 108685 Delivered-To: patch@linaro.org Received: by 10.182.45.195 with SMTP id p3csp14102obm; Tue, 25 Jul 2017 13:07:39 -0700 (PDT) X-Received: by 10.99.0.207 with SMTP id 198mr16123359pga.452.1501013259453; Tue, 25 Jul 2017 13:07:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1501013259; cv=none; d=google.com; s=arc-20160816; b=Gd1P04sZG5osKTIUfNoHAD2erent1y1kpKZJsH9kuHzdrX63a7BMXe3Se2xRxo3yDs w4WuzTlEaiTMhdBSA+vkVk7y4yL4xtO0W0PN8XYr8L/w4ftRy12yoBLCfjak2dC0Puaz tqbyhCGWWEcgEhtGhLOhoOGZdghDYGqh9xSwpoNHCmgHiBl0W4GuDN/nzI+W+5HsK6Uf mkvx2QlXrajTS0bWcIq2o9Npi5L7qdCckptu3gGBuM6AIxZIgJu32WgL9WSndIy+KLmk ZaQeJpYtEkKANzHsnaIRpJi51B+g3Vu3VYzB/9OVS+S7zEPAxKfujhZU6Z85CUzh4Njp B87w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=b5tO56SzytrPmfByZSvQFcD1yEIxUVma23Nz0sB9CgI=; b=L9AaIYclKe5m2zoV5cTE0L1/hEgRXwm20fGDVAFTh8GnX1wJWCdF3u2tUe0xL0WSow 7rOB5pjDdpjaLUPR4/jU2YtnxYGMAPDsOf577hHurfShiNYQX53BskiAqWKvJJQK74GZ hSSek61PfPcFJWz33BH2R4nnjjL2owPFWLxCorHtBIAu9dYpzwOKEP9jTMudhtleRZ/2 AF7Ar/s2JGUXU9hvx1Y65asMuCIBLtDmjNo49u2TVlbvjTNgwKGItp6Dma89J/PbDYzv e2yExyUjPbVJrQKUBffmFbnvlbEncHJYcUuYFqF9vOQT9nIZlGNWSggZOGAuqwC7A90z 0eKQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.b=ahq7k6ya; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h10si8970990plk.237.2017.07.25.13.07.39; Tue, 25 Jul 2017 13:07:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.b=ahq7k6ya; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751579AbdGYUHi (ORCPT + 6 others); Tue, 25 Jul 2017 16:07:38 -0400 Received: from mail-pg0-f42.google.com ([74.125.83.42]:35793 "EHLO mail-pg0-f42.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751641AbdGYUHg (ORCPT ); Tue, 25 Jul 2017 16:07:36 -0400 Received: by mail-pg0-f42.google.com with SMTP id v190so74470361pgv.2 for ; Tue, 25 Jul 2017 13:07:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=b5tO56SzytrPmfByZSvQFcD1yEIxUVma23Nz0sB9CgI=; b=ahq7k6yaQFVVun+TP8s7/gFD0H1CHYJTdhsLdkDfdBw1ROK7lzHQpofViNihgrCDIk o7EtvwqAJ+RIgLqPD7ASZ73aA2SXRPbIDuc9mu8d20W+24gmrbIH8fbiId3jDRn8diWt H4vErflZbdejYWPcstuG998ze/qWOvsJz6zcw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=b5tO56SzytrPmfByZSvQFcD1yEIxUVma23Nz0sB9CgI=; b=UnHaIl42JGKjOn7+nQNXrcFIoFiuYllftqaHkfLvsUFGQ3lKzusRnDJqgTq5BF0pU9 9R8MX7uXi5A/dboP8cHP/Mawl02d0xWl9V+dINx5sZAJyrCD3X4ItJx/tKQ3tmOF+wos kZbshC33YrmqfqXfZOojQCADqNbYx7NiXQeGW21P8E8+QawaMNdaUgJxfPqPChsAt1MM niq5vm7FbP4Eq3kQ2anFB+XYTWk3uY4koZtk/xHxPAbAe92OhvS3xvI5miirK1qIuNOp 1gaezsNijVKNjQOImsDLnMTGXtSJ5IhZRFI+3kcy949ERpQ6LYuknKK4bEEKIS35Zjpg D/0A== X-Gm-Message-State: AIVw1102UNB6AvLuiADrmT3KhVq8Nkk1rqpoGxGXu7NdN/BHtW7ORaFp zvkTHRu3ZQlQOtI4 X-Received: by 10.84.139.40 with SMTP id 37mr18266155plq.153.1501013256015; Tue, 25 Jul 2017 13:07:36 -0700 (PDT) Received: from localhost.localdomain ([106.51.135.235]) by smtp.gmail.com with ESMTPSA id c76sm27684356pfj.91.2017.07.25.13.07.33 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Jul 2017 13:07:34 -0700 (PDT) From: Amit Pundir To: Greg KH Cc: Stable , Oliver Neukum , "David S . Miller" Subject: [PATCH for-4.4 03/13] kaweth: fix firmware download Date: Wed, 26 Jul 2017 01:37:11 +0530 Message-Id: <1501013241-31961-4-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1501013241-31961-1-git-send-email-amit.pundir@linaro.org> References: <1501013241-31961-1-git-send-email-amit.pundir@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Oliver Neukum commit 60bcabd080f53561efa9288be45c128feda1a8bb upstream. This fixes the oops discovered by the Umap2 project and Alan Stern. The intf member needs to be set before the firmware is downloaded. Signed-off-by: Oliver Neukum Signed-off-by: David S. Miller Signed-off-by: Amit Pundir --- drivers/net/usb/kaweth.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) -- 2.7.4 diff --git a/drivers/net/usb/kaweth.c b/drivers/net/usb/kaweth.c index f64b25c221e8..9f900eee27be 100644 --- a/drivers/net/usb/kaweth.c +++ b/drivers/net/usb/kaweth.c @@ -1029,6 +1029,7 @@ static int kaweth_probe( kaweth = netdev_priv(netdev); kaweth->dev = udev; kaweth->net = netdev; + kaweth->intf = intf; spin_lock_init(&kaweth->device_lock); init_waitqueue_head(&kaweth->term_wait); @@ -1139,8 +1140,6 @@ err_fw: dev_dbg(dev, "Initializing net device.\n"); - kaweth->intf = intf; - kaweth->tx_urb = usb_alloc_urb(0, GFP_KERNEL); if (!kaweth->tx_urb) goto err_free_netdev; From patchwork Tue Jul 25 20:07:12 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 108691 Delivered-To: patch@linaro.org Received: by 10.182.45.195 with SMTP id p3csp14396obm; Tue, 25 Jul 2017 13:07:58 -0700 (PDT) X-Received: by 10.98.8.86 with SMTP id c83mr20806462pfd.255.1501013278515; Tue, 25 Jul 2017 13:07:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1501013278; cv=none; d=google.com; s=arc-20160816; b=hZuvBgkdoBCE0nvo5WSRr0UnymwJt/GkHXKk/wq8C6q9Wcv+YoR6zO5jlXWtAtR9nv YZlmGDrDSPCQVgLBQZYqvB6aZ2nX63q13lMLk9/WWKme4FtA8FXIcQa9E0BfR+O1Gbmk 3x5kA6I7o7flFGSc45hkdGVn+QaL+tNAly8ofJzONnhgG9Xngh3jOmJCUr+od4EPiIhr Tahu/Vj5e9Dgkj4zpcZQZQ4E3gXogpIc0Udd+u/o9Oh+1zMaMRTgyJumQBLbjabPEgsd kUcyFJ0UVXawcXwu+VFfN30oPk1FoOCJaoHeqqzhw/tA7Op1NMbHvSxFd7SRbnK2Ic5g /YDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=7un/uKNjJISJcHruJ191VB1eoldxoRlPjxBuk9XZlD8=; b=0PW0oh+gdcWvwjJlilmGmEtAjjlNWkzpOunBB/oi9SELD5VANx19e2Vdp+TDe4pvOu L3YZ+hDt6ROBIArcaUUtTntG9rjUEgWFwtSaeJjarz68OEDX2J9H0H1K5m6yGw05aLVO BkFFrP5gbXYbRlBbN5q/ZE8NllvtyzQbM/gtrCgaCD50En7tOO6ExP9Q3a1hgRvhYrIU tOR7pxlx7etR7GprxW+FlCzzGb7E16/Wxb+0B5RzUsU/e+bPN6J49wl9sDWZeF1wYu4g 1fXS+uUu83Y1nJMzgAS7YiNB9o86yqtXsCbS/PFOBghNpmFzq0t30lV5b+8EHY9nMD8r KFVw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.b=WOxhzW5G; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h10si8970990plk.237.2017.07.25.13.07.58; Tue, 25 Jul 2017 13:07:58 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.b=WOxhzW5G; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753620AbdGYUHl (ORCPT + 6 others); Tue, 25 Jul 2017 16:07:41 -0400 Received: from mail-pg0-f44.google.com ([74.125.83.44]:34129 "EHLO mail-pg0-f44.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752259AbdGYUHj (ORCPT ); Tue, 25 Jul 2017 16:07:39 -0400 Received: by mail-pg0-f44.google.com with SMTP id 123so74468087pgj.1 for ; Tue, 25 Jul 2017 13:07:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=7un/uKNjJISJcHruJ191VB1eoldxoRlPjxBuk9XZlD8=; b=WOxhzW5GmZaG4Y/2qHJtrBOfvJGAvSS69bLTaLoA5DpvpVvvkPOs0cHtH2ZTvXKlQR y10baoPRCxf0pd/spM3eRvd2oahc7vl/w17iPmRWNkY9jw4nCrFeepQ07YEUoYVUY+VI IFmGVVxexJYK81tl7H7uXSCGy5b9DMKKr08jk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=7un/uKNjJISJcHruJ191VB1eoldxoRlPjxBuk9XZlD8=; b=gCBc3hNN4zAGvRZtu24EwsBtwU+vbrThQ0XpYBPYlVKj0qpmONktPrF0jbegxfRkZ/ f1E5DyFh7bB5NgdX+0ED6JfBL5MAQpU3HGT8ImKQKsdj8iry5nKf9vLa4JgzaeN2UU/Y nKOoLkM0KJ7x6LcrYyf5z3Epe9eCM1n6v5K55/R1FKLTHttF1PXrLDuBUts4LB7JNNyk reNz0d2lqgiVXT01xRaIN1FLtv7aQoZ2nQYUmO0kTMLMsayvAzVdqG5S1yMqtT/0NtCr aZoJE4RFAFNDy+G+6A/0fUGTrxUzGZ0mjtcgd+sFyBneHjyAP7KHWR9qZHdi1t7VVhQK oi4A== X-Gm-Message-State: AIVw113OorBnWv+4ANHPysAxkozi/XfAo9+1O6iIWXpvFUCgFk2nLxBa 1fJ4zckf+vZAspgW X-Received: by 10.84.229.130 with SMTP id c2mr22397320plk.215.1501013258776; Tue, 25 Jul 2017 13:07:38 -0700 (PDT) Received: from localhost.localdomain ([106.51.135.235]) by smtp.gmail.com with ESMTPSA id c76sm27684356pfj.91.2017.07.25.13.07.36 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Jul 2017 13:07:37 -0700 (PDT) From: Amit Pundir To: Greg KH Cc: Stable , Oliver Neukum , "David S . Miller" Subject: [PATCH for-4.4 04/13] kaweth: fix oops upon failed memory allocation Date: Wed, 26 Jul 2017 01:37:12 +0530 Message-Id: <1501013241-31961-5-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1501013241-31961-1-git-send-email-amit.pundir@linaro.org> References: <1501013241-31961-1-git-send-email-amit.pundir@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Oliver Neukum commit 575ced7f8090c1a4e91e2daf8da9352a6a1fc7a7 upstream. Just return an error upon failure. Signed-off-by: Oliver Neukum Signed-off-by: David S. Miller Signed-off-by: Amit Pundir --- drivers/net/usb/kaweth.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) -- 2.7.4 diff --git a/drivers/net/usb/kaweth.c b/drivers/net/usb/kaweth.c index 9f900eee27be..cd93220c9b45 100644 --- a/drivers/net/usb/kaweth.c +++ b/drivers/net/usb/kaweth.c @@ -1009,6 +1009,7 @@ static int kaweth_probe( struct net_device *netdev; const eth_addr_t bcast_addr = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; int result = 0; + int rv = -EIO; dev_dbg(dev, "Kawasaki Device Probe (Device number:%d): 0x%4.4x:0x%4.4x:0x%4.4x\n", @@ -1049,6 +1050,10 @@ static int kaweth_probe( /* Download the firmware */ dev_info(dev, "Downloading firmware...\n"); kaweth->firmware_buf = (__u8 *)__get_free_page(GFP_KERNEL); + if (!kaweth->firmware_buf) { + rv = -ENOMEM; + goto err_free_netdev; + } if ((result = kaweth_download_firmware(kaweth, "kaweth/new_code.bin", 100, @@ -1203,7 +1208,7 @@ err_only_tx: err_free_netdev: free_netdev(netdev); - return -EIO; + return rv; } /**************************************************************** From patchwork Tue Jul 25 20:07:13 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 108686 Delivered-To: patch@linaro.org Received: by 10.182.45.195 with SMTP id p3csp14194obm; Tue, 25 Jul 2017 13:07:44 -0700 (PDT) X-Received: by 10.84.217.19 with SMTP id o19mr22456835pli.305.1501013264809; Tue, 25 Jul 2017 13:07:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1501013264; cv=none; d=google.com; s=arc-20160816; b=05Ygk6JbL9NPs7KuTQLV4nfwPuSEO9KSnNbKwZM5oDzHYCXZ3MNwpBJOaBeX//0Nz3 p8W24y+1M8LzMbLDDgURKg8GuO6LCB+x3/6hwOfrwAJU8G0Aqw9Mnilr3a+BqDs6wD/g UsUe1B2I2lSVxu9SzieCbyhycXDKOHY07Cn2TuCeH08iV6ikJTuCpWJX6AkL5/ZatdTA LJvC1tMrGsxIWThSPv/ozWTt/X0bEL1WB4frmLcbLG4tO3i0dXU7VGlh3aJlH/gN8MGJ gCu+YLk7qb3rsHLrHAaHtHKKzFZiiXGYeJjNZWrxEzPoEoLizMifyz4xoKdVKmPGoVjs l5Ug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=nOvsCL5dKEhdK8MM+4THvePmB4/pjKYRFdn8OvNiC+g=; b=Z302YUQDvJKxkYvKThUfgOXOOu1VE7hwWPJ1HkbtAKnp9QIDc1DkVmMO7LPhUgKTJ1 pHDf3BFrJ/ZH2i4kaI//Xpbt7+0cl1k2QLjbGvt1XSznDWmyQDifFNXV6FqUyDhCDsmJ pP9Ecjnga13ap42AVjZ7hRcLfuiDB0ESYHGazBPVB5W7gLXxL2DcJeMi/nMiPdDH/X0C ZJsZpUaNwaLXnS5eYYh8AOre1PpwafreKoRpL8wRACv+09IpCJpziY4OeBklOaP1nes8 ZL1J8ceLdhxhrmEkxRhquVFSukU7HjOQlLMNsVAxlC6HUC5kiDSxVe3TgYTD5XRYMrAk uK7w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.b=M/hb7Auv; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h10si8970990plk.237.2017.07.25.13.07.44; Tue, 25 Jul 2017 13:07:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.b=M/hb7Auv; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753453AbdGYUHn (ORCPT + 6 others); Tue, 25 Jul 2017 16:07:43 -0400 Received: from mail-pf0-f180.google.com ([209.85.192.180]:33129 "EHLO mail-pf0-f180.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752319AbdGYUHm (ORCPT ); Tue, 25 Jul 2017 16:07:42 -0400 Received: by mail-pf0-f180.google.com with SMTP id s70so62311170pfs.0 for ; Tue, 25 Jul 2017 13:07:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=nOvsCL5dKEhdK8MM+4THvePmB4/pjKYRFdn8OvNiC+g=; b=M/hb7AuveRi3Axn4uPm3afEa181c5T+MNxxjntzWi7IHv/5CqOsMyQI6CLZx+gby3T xPfISKbl7unGgiNrb8TagMtTWbVb6eAFjROBn+K/lrA2eb7e2NRP90JXu0fvjAAef6jQ qiM2lgnkVMK5T200Yw9qodEqXtllTtgY206YU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=nOvsCL5dKEhdK8MM+4THvePmB4/pjKYRFdn8OvNiC+g=; b=fEIg1vhFl04i6Vvtcpd3on1JMo5C+R56FB4zmNBSoM8jV9PZ1nZLbfhh5U5ItgK4pu eDF61Djsl1PAZfsZrpeJ44cz6MxI+wisdaxzmmXscTbHYiusy7UeN2Y7vQ9Ic1mAfdUV icQeViiJQVIaul0AVnCPpYZ41NTK0Zviil1uyvd+FydABTcQ9I50yAdizooMw8vW7bYp 1hETw1Moj9hE8EsS5uDva8U676TsTj+WBHtOrSc9t3djsEPq5xaIdytjvpFvBz0+xy0k RsrEYatL1dITQK8g/pJrv+xfr3dh7ApC5cUyCH1Ght1bECfWegl5s+3rIfA8eN4mbJm7 fiOw== X-Gm-Message-State: AIVw112End2JuJLxDElZ+TtfqM172BsGsGmc/QJ1t0mi6l7FtLfB5ZHm dxkU3bTCZo8BaRbR X-Received: by 10.84.225.134 with SMTP id u6mr49036plj.176.1501013261563; Tue, 25 Jul 2017 13:07:41 -0700 (PDT) Received: from localhost.localdomain ([106.51.135.235]) by smtp.gmail.com with ESMTPSA id c76sm27684356pfj.91.2017.07.25.13.07.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Jul 2017 13:07:40 -0700 (PDT) From: Amit Pundir To: Greg KH Cc: Stable , Florian Fainelli , "David S . Miller" Subject: [PATCH for-4.4 05/13] net: phy: Do not perform software reset for Generic PHY Date: Wed, 26 Jul 2017 01:37:13 +0530 Message-Id: <1501013241-31961-6-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1501013241-31961-1-git-send-email-amit.pundir@linaro.org> References: <1501013241-31961-1-git-send-email-amit.pundir@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Florian Fainelli commit 0878fff1f42c18e448ab5b8b4f6a3eb32365b5b6 upstream. The Generic PHY driver is a catch-all PHY driver and it should preserve whatever prior initialization has been done by boot loader or firmware agents. For specific PHY device configuration it is expected that a specialized PHY driver would take over that role. Resetting the generic PHY was a bad idea that has lead to several complaints and downstream workarounds e.g: in OpenWrt/LEDE so restore the behavior prior to 87aa9f9c61ad ("net: phy: consolidate PHY reset in phy_init_hw()"). Reported-by: Felix Fietkau Fixes: 87aa9f9c61ad ("net: phy: consolidate PHY reset in phy_init_hw()") Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller Signed-off-by: Amit Pundir --- drivers/net/phy/phy_device.c | 2 +- include/linux/phy.h | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) -- 2.7.4 diff --git a/drivers/net/phy/phy_device.c b/drivers/net/phy/phy_device.c index 0bfbabad4431..1d1e5f7723ab 100644 --- a/drivers/net/phy/phy_device.c +++ b/drivers/net/phy/phy_device.c @@ -1442,7 +1442,7 @@ static struct phy_driver genphy_driver[] = { .phy_id = 0xffffffff, .phy_id_mask = 0xffffffff, .name = "Generic PHY", - .soft_reset = genphy_soft_reset, + .soft_reset = genphy_no_soft_reset, .config_init = genphy_config_init, .features = PHY_GBIT_FEATURES | SUPPORTED_MII | SUPPORTED_AUI | SUPPORTED_FIBRE | diff --git a/include/linux/phy.h b/include/linux/phy.h index 05fde31b6dc6..b64825d6ad26 100644 --- a/include/linux/phy.h +++ b/include/linux/phy.h @@ -785,6 +785,10 @@ int genphy_read_status(struct phy_device *phydev); int genphy_suspend(struct phy_device *phydev); int genphy_resume(struct phy_device *phydev); int genphy_soft_reset(struct phy_device *phydev); +static inline int genphy_no_soft_reset(struct phy_device *phydev) +{ + return 0; +} void phy_driver_unregister(struct phy_driver *drv); void phy_drivers_unregister(struct phy_driver *drv, int n); int phy_driver_register(struct phy_driver *new_driver); From patchwork Tue Jul 25 20:07:14 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 108688 Delivered-To: patch@linaro.org Received: by 10.182.45.195 with SMTP id p3csp14291obm; Tue, 25 Jul 2017 13:07:51 -0700 (PDT) X-Received: by 10.84.234.15 with SMTP id m15mr23229293plk.247.1501013271342; Tue, 25 Jul 2017 13:07:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1501013271; cv=none; d=google.com; s=arc-20160816; b=M8DSlxMwE35YEfD6WDJGv3wI0euyDeJU4AlxCdz5SK4/62KWHBRRvKzXSDBz6hNh3V SjB3iXWmZ/QPPNQORT081nRw4LwaQIx2EyeboQMgeKFtOnIMg9McxZBo00r3j1eGtgyS 1raHI/81mdJ0+Z3djhJ3vBOEx0SmflPkP44YLWwB2wvIcvUY8jM7tOQ9K/HoJBS/h7Jt Ni1IZJaiyVZkTNlqA+NhE4GGfk/Y6aSDiZwNSwL0qAMfLh1z6PbjRv4dwlwsbrqps2+9 haIXOMKi/xKt/1+IgmY5UrXEZR6r5+8HtQ+3DJPIbc6LTvdI0BC1fKFNSJjTc75yyb9w 1RFw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=sVZUJleVJ69d9TksGYVmaLIPvCBhN9p6gI8tvLi47vc=; b=qDh2dtLK9qodrwJ6iQxkit11hscHnL9DFt6bqG3mKw1dkUk/G7KynRCxA9NDdd2F4V xDKOrl1BQkx1fOYEChn0TqyXOZgUxvZi6V5Q3XdUaKv3ypQkTR2oSUXJDjH7VyoETCBt 5IEYriJ/TsukcugutmnOCd3cMgaThMczAwT6nfpw6jnm+eV6Nm8uS0ubj1417cna4MiP wVJWBw7uqnYhfO0ZXhcAg01VNGTiBZHeRz52ndm/OXwQrH+As6Q1ln4GtzoUAF2lEUrf cGHafWGYXBd4xxBMESAc/d3ZR5AXHdmO6IuN18DSkLsQ/151LIXRMzg1/QQg/hlpR69R RtBg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.b=LdxU9in5; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h10si8970990plk.237.2017.07.25.13.07.51; Tue, 25 Jul 2017 13:07:51 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.b=LdxU9in5; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753259AbdGYUHr (ORCPT + 6 others); Tue, 25 Jul 2017 16:07:47 -0400 Received: from mail-pg0-f50.google.com ([74.125.83.50]:38484 "EHLO mail-pg0-f50.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753251AbdGYUHp (ORCPT ); Tue, 25 Jul 2017 16:07:45 -0400 Received: by mail-pg0-f50.google.com with SMTP id k190so8950309pgk.5 for ; Tue, 25 Jul 2017 13:07:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=sVZUJleVJ69d9TksGYVmaLIPvCBhN9p6gI8tvLi47vc=; b=LdxU9in5DMvvykANq2S8tAwZIgPTulrGT4hMgIJ/WHaDkZYPzcApsG5yGrAdBhRrl7 BuGYoikYUq8lhTo6RNs/Nj0xcL0YsnvrK/X/u5bhcX7Piof+hVdKqIcU9iUHu0cEAPZr F7SCcSpawmA4v95I8in9G2axapRn/Cw+ouvRY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=sVZUJleVJ69d9TksGYVmaLIPvCBhN9p6gI8tvLi47vc=; b=IMiehzBR1TG+zabmgFpt/VG7mv/AZ/3cF7tfq1HECMn/vuAzyRda0gF+jbkThT8K0+ lgf71Visgiq/imgCpWh9qgMpXvQiTdrSSrsb93ml0rR0OcCSWtoN8sTd/tPHNVJNW6FP +3CiwrDdTtenrXP7/oprdJjZKYDyFIKLRJXGR4GVQ+rbH1SnF7alUDNzZ+eWRK3EtY24 ryy3y7G/y/6INWaod2OBFMRogzZosF99HnlLufOaAn9z3BnpYppnPAro0JyR8Q3eF2Zm SCHYcXcl0B7FfXUyLewVkZMn9GUMBwWgSErbhcSvPLpCDFQHI3rvMiqhGo6sXjKyP2Zn H1hA== X-Gm-Message-State: AIVw112gP838beB1bS8xQwKkwxV4nzj7TOFMi4QtY+R3Ae/ZW7WUWWea q0v9/xDO3Ci5DRcY X-Received: by 10.84.209.226 with SMTP id y89mr22524747plh.290.1501013264532; Tue, 25 Jul 2017 13:07:44 -0700 (PDT) Received: from localhost.localdomain ([106.51.135.235]) by smtp.gmail.com with ESMTPSA id c76sm27684356pfj.91.2017.07.25.13.07.41 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Jul 2017 13:07:43 -0700 (PDT) From: Amit Pundir To: Greg KH Cc: Stable , Sudip Mukherjee , Sudip Mukherjee , Samuel Ortiz Subject: [PATCH for-4.4 06/13] nfc: fdp: fix NULL pointer dereference Date: Wed, 26 Jul 2017 01:37:14 +0530 Message-Id: <1501013241-31961-7-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1501013241-31961-1-git-send-email-amit.pundir@linaro.org> References: <1501013241-31961-1-git-send-email-amit.pundir@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Sudip Mukherjee commit b6355fb3f5f40bbce165847d277e64896cab8f95 upstream. We are checking phy after dereferencing it. We can print the debug information after checking it. If phy is NULL then we will get a good stack trace to tell us that we are in this irq handler. Signed-off-by: Sudip Mukherjee Signed-off-by: Samuel Ortiz Signed-off-by: Amit Pundir --- drivers/nfc/fdp/i2c.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) -- 2.7.4 diff --git a/drivers/nfc/fdp/i2c.c b/drivers/nfc/fdp/i2c.c index 532db28145c7..a5d7332dfce5 100644 --- a/drivers/nfc/fdp/i2c.c +++ b/drivers/nfc/fdp/i2c.c @@ -210,14 +210,14 @@ static irqreturn_t fdp_nci_i2c_irq_thread_fn(int irq, void *phy_id) struct sk_buff *skb; int r; - client = phy->i2c_dev; - dev_dbg(&client->dev, "%s\n", __func__); - if (!phy || irq != phy->i2c_dev->irq) { WARN_ON_ONCE(1); return IRQ_NONE; } + client = phy->i2c_dev; + dev_dbg(&client->dev, "%s\n", __func__); + r = fdp_nci_i2c_read(phy, &skb); if (r == -EREMOTEIO) From patchwork Tue Jul 25 20:07:15 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 108687 Delivered-To: patch@linaro.org Received: by 10.182.45.195 with SMTP id p3csp14287obm; Tue, 25 Jul 2017 13:07:51 -0700 (PDT) X-Received: by 10.98.29.72 with SMTP id d69mr14201332pfd.226.1501013270985; Tue, 25 Jul 2017 13:07:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1501013270; cv=none; d=google.com; s=arc-20160816; b=nK0ECzAOZccdR5Lc1Z1WiMAVADvcuh0GKnml4PN7IDAQ1u+kYv90WlnxL1NR0QDWtY gv3aK9kRxcOHeAvzeNbRW6cwkxMVlVGmDxStI4ctpqoHrJPx0KQbinfl/SMKrMHZRqKg jGpQdaRT6GnZRSmNVpXhdKzNslk207lbpWDxciCXTlhO2xjxwgCfo5sz3scxVWkGDk8b 28kCNkTPlMUy8kv1JgpYGGLzDR0zd143B1nHchUXNz664j3ha+wUUUQr9wlKJrla2Yhb Tdw+39LYg38vZEWvwlkShp47QhQPdmJF3auaQUiCyD8W3SKXJG5GzMo25ivncOF1HNj5 lZdQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=+IT8FuLYyNifhF7YAD4hYXJgW8YkQ4S8/FTml/GrQyI=; b=XLRXnXjNNW+XtV6hvLQDUBgi6sHnq3t5qq8uiky3pWabcZPipufWtrefxthcku9WLp lHicg7H0V1mdZMZI/mqf7xBUjH6k9w0RRD6kriBDDSlvV9eV5894LQfty48F2vtBdqJa ugZAuxTRGqWuwOmupZdwY5vcJnd/HG+fBcHpuHtfqNZBeggRh6Qn1agCcuQqnVaLMdPg mfWWcHTpFxN4oq3H1DScJh6UMoKWIsJJI1CLqzE6vPxWTU5bYiaemMOx+zLlX4e3OHHq rOtyF+xg9VGh7xSOypx+TSTxpj2K3owHvmBNbbLwR8QUmG7LjOUdwQRYg/xUGQDZ6D2F oQOQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.b=OFW97K+1; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h10si8970990plk.237.2017.07.25.13.07.50; Tue, 25 Jul 2017 13:07:50 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.b=OFW97K+1; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753464AbdGYUHt (ORCPT + 6 others); Tue, 25 Jul 2017 16:07:49 -0400 Received: from mail-pg0-f47.google.com ([74.125.83.47]:33225 "EHLO mail-pg0-f47.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752116AbdGYUHs (ORCPT ); Tue, 25 Jul 2017 16:07:48 -0400 Received: by mail-pg0-f47.google.com with SMTP id g14so25599254pgu.0 for ; Tue, 25 Jul 2017 13:07:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=+IT8FuLYyNifhF7YAD4hYXJgW8YkQ4S8/FTml/GrQyI=; b=OFW97K+1wLBVc+0kQeiy96xDcW8G7586NHigWzAozDcyojRFagdcu6UEx8q5ggG/n6 xkaN5W13bAAieV0Dnoc+o2GKYa2faIZ5L49KgytZ0HoR+udrTY0mx5bBsQXDAbexQyHm X79OCY50s6395WhDdh6BT6C6BLw//7RNGGw1w= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=+IT8FuLYyNifhF7YAD4hYXJgW8YkQ4S8/FTml/GrQyI=; b=eQhBW2Z8jA9ykQUBK7VgaaPapIIbCdgu+E6q4VRlG7+Ivl2im5oMJiB5KbPrcCCx04 /t9qAjYpRqJsla3E0rbK0JQKh0X/q7dnUHJKb6PdcYgD3JFwODYT2kCj3rlrLcCxQAFq jCskm2gkLN6TlQ/8tDegvEJ+r1gqPBPggw3RM87alRExOtNjNTTvkUvn9RQtvMSWWkbK h0WOoDZtJIrCgaUKFzdHjFFVL3YHUZaV/HEBHO/YdJWbt4ccMhSXbaiu82zUVno692XO x2K+6kDhNxvpV9p0Zac6fTW9KLIoz9+WnzdP1FphZ1JJGOswwfKYGeoq+IwsJrHAN+fj 8oyg== X-Gm-Message-State: AIVw110Eo4VXFv9E6ngjLSM/TGCWgXbhnk/h8kgjXF4FXNheX9rAzhif DNF7MprdOtqTLeUXfJn6NQ== X-Received: by 10.99.107.135 with SMTP id g129mr20114287pgc.179.1501013267642; Tue, 25 Jul 2017 13:07:47 -0700 (PDT) Received: from localhost.localdomain ([106.51.135.235]) by smtp.gmail.com with ESMTPSA id c76sm27684356pfj.91.2017.07.25.13.07.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Jul 2017 13:07:46 -0700 (PDT) From: Amit Pundir To: Greg KH Cc: Stable , Jia-Ju Bai , "David S . Miller" Subject: [PATCH for-4.4 07/13] isdn: Fix a sleep-in-atomic bug Date: Wed, 26 Jul 2017 01:37:15 +0530 Message-Id: <1501013241-31961-8-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1501013241-31961-1-git-send-email-amit.pundir@linaro.org> References: <1501013241-31961-1-git-send-email-amit.pundir@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Jia-Ju Bai commit e8f4ae85439f34bec3b0ab69223a41809dab28c9 upstream. The driver may sleep under a spin lock, the function call path is: isdn_ppp_mp_receive (acquire the lock) isdn_ppp_mp_reassembly isdn_ppp_push_higher isdn_ppp_decompress isdn_ppp_ccp_reset_trans isdn_ppp_ccp_reset_alloc_state kzalloc(GFP_KERNEL) --> may sleep To fixed it, the "GFP_KERNEL" is replaced with "GFP_ATOMIC". Signed-off-by: Jia-Ju Bai Signed-off-by: David S. Miller Signed-off-by: Amit Pundir --- drivers/isdn/i4l/isdn_ppp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.7.4 diff --git a/drivers/isdn/i4l/isdn_ppp.c b/drivers/isdn/i4l/isdn_ppp.c index 9c1e8adaf4fc..bf3fbd00a091 100644 --- a/drivers/isdn/i4l/isdn_ppp.c +++ b/drivers/isdn/i4l/isdn_ppp.c @@ -2364,7 +2364,7 @@ static struct ippp_ccp_reset_state *isdn_ppp_ccp_reset_alloc_state(struct ippp_s id); return NULL; } else { - rs = kzalloc(sizeof(struct ippp_ccp_reset_state), GFP_KERNEL); + rs = kzalloc(sizeof(struct ippp_ccp_reset_state), GFP_ATOMIC); if (!rs) return NULL; rs->state = CCPResetIdle; From patchwork Tue Jul 25 20:07:16 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 108689 Delivered-To: patch@linaro.org Received: by 10.182.45.195 with SMTP id p3csp14385obm; Tue, 25 Jul 2017 13:07:57 -0700 (PDT) X-Received: by 10.98.14.195 with SMTP id 64mr8304350pfo.10.1501013277872; Tue, 25 Jul 2017 13:07:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1501013277; cv=none; d=google.com; s=arc-20160816; b=jtQvQKn1uSt+32Mgx0QJuO+I8lVsthvUFNZyNABCP1uqvMIRqx3pja8Shq3OU7Ri+F 11o8ZlJNKHeTsM2tfqUB8ycmuKEhc5f1803UxTXBuq+FGtflsvDeSRy8cyNAUn5UeMtS fdbpViEtuoUFwU/lKU9kotjoEkImvoGamdyUXDslOkx1ZpxQ+dyCM443NzZnXLOFAI/B 39gUlQK9wmw3He2nAtC7A+HHkG1iVqZDyegVP3yxUKsqacYHAoBPu93w1UwA61WwihaC ewWzbK5zGcqgiTWr9DZEGxIE/F/iKU/HcPHRtGmjjGBdjb7YrWsZtHixak2gqnNSkGYW Wz9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=J4hYXuuecMYyim/uoqum0fW6WndvqNgeOMZKiyWYYfc=; b=d9sL4pJszP2CY6qWJTwLBiAtdjSuzUvOMHkgOMNNID6u9sXKqXm0Mds6JU/A81n3Uk 4ujlnSuGeoLm48wjClfo3fBZ8iYAme00cc6eCCzXmJTl+LINacFF6OhjXgyUqqTQ7ZO9 ncCFe8CroqnRBWOWk/gwONrk9zU5XIqeOkgjMMBCIM6KsdRdkm3jdWatPQKxWTur2AdZ dannR4keqnA3eiZgUJjD8jUhSVUX5IOI/5lvo5Vqe+d2P5tkWhOvUrtJEktoduZOnb7o +X515tqowlfF+hvZE7/GqScSPQvnv37XD+BJCsWq8C88TE+HwT0rEpS79xvfEX4EXCfP JR+A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.b=TXG755OY; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h10si8970990plk.237.2017.07.25.13.07.55; Tue, 25 Jul 2017 13:07:57 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.b=TXG755OY; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752710AbdGYUHx (ORCPT + 6 others); Tue, 25 Jul 2017 16:07:53 -0400 Received: from mail-pg0-f52.google.com ([74.125.83.52]:36932 "EHLO mail-pg0-f52.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752116AbdGYUHv (ORCPT ); Tue, 25 Jul 2017 16:07:51 -0400 Received: by mail-pg0-f52.google.com with SMTP id y129so74389844pgy.4 for ; Tue, 25 Jul 2017 13:07:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=J4hYXuuecMYyim/uoqum0fW6WndvqNgeOMZKiyWYYfc=; b=TXG755OY+fndu0yZXU5tL5OyYUg3vWR4TB3GIVBGuRQ+K1lGapXqr/BfB8ebDWOj6P BBUp4s/LhbeQqhb9z46BUyPrqHSJm9PRhZlKagsTc94QmJE1Z6DpYy+hnYLDvt1NMuh7 LNavJ17ufeD4pOZZj3T+U8Qp6NsigBRoye/OI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=J4hYXuuecMYyim/uoqum0fW6WndvqNgeOMZKiyWYYfc=; b=mh9xp4gEtbeaiTuBVz5S9kVEReJaLeyyDmAY6YLloI/LAxRMzFuwwPW4rVPVwA5b+D +1s/Ymz6NF7zXfSSofUd+pYNKZB8d8+D7TBgEglLdt7PlaVoeENfUniQe8oWqpC1CIId LIrd5sNnEjMtyo+b8f5hcgyOM8d2nHNinIIXa2zNx45XDZsYam3hWHnEkvSjWFP2GWzg MBVwQe4dYNUdHeRSnVxm+2FHbfHYTYT51odzqdffGGpbVjEC4B+SKl1CaDIJNQpFNANQ QIwGDTtp1tYJpG3WEkXfrlIejpnW5N8ibv7jJl6sngVM8f38NEy+PCX6udI6Qug2JjE5 SB3A== X-Gm-Message-State: AIVw111bDfLR9L/1fxZO3hXHEJNGxX8k25AidG6ofTsvVvnFiGL1/dXi tXK8l/JrnxnRzXNx X-Received: by 10.99.2.17 with SMTP id 17mr20193007pgc.264.1501013270409; Tue, 25 Jul 2017 13:07:50 -0700 (PDT) Received: from localhost.localdomain ([106.51.135.235]) by smtp.gmail.com with ESMTPSA id c76sm27684356pfj.91.2017.07.25.13.07.47 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Jul 2017 13:07:49 -0700 (PDT) From: Amit Pundir To: Greg KH Cc: Stable , Michal Kazior , Kalle Valo Subject: [PATCH for-4.4 08/13] ath10k: fix null deref on wmi-tlv when trying spectral scan Date: Wed, 26 Jul 2017 01:37:16 +0530 Message-Id: <1501013241-31961-9-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1501013241-31961-1-git-send-email-amit.pundir@linaro.org> References: <1501013241-31961-1-git-send-email-amit.pundir@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Michal Kazior commit 18ae68fff392e445af3c2d8be9bef8a16e1c72a7 upstream. WMI ops wrappers did not properly check for null function pointers for spectral scan. This caused null dereference crash with WMI-TLV based firmware which doesn't implement spectral scan. The crash could be triggered with: ip link set dev wlan0 up echo background > /sys/kernel/debug/ieee80211/phy0/ath10k/spectral_scan_ctl The crash looked like this: [ 168.031989] BUG: unable to handle kernel NULL pointer dereference at (null) [ 168.037406] IP: [< (null)>] (null) [ 168.040395] PGD cdd4067 PUD fa0f067 PMD 0 [ 168.043303] Oops: 0010 [#1] SMP [ 168.045377] Modules linked in: ath10k_pci(O) ath10k_core(O) ath mac80211 cfg80211 [last unloaded: cfg80211] [ 168.051560] CPU: 1 PID: 1380 Comm: bash Tainted: G W O 4.8.0 #78 [ 168.054336] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014 [ 168.059183] task: ffff88000c460c00 task.stack: ffff88000d4bc000 [ 168.061736] RIP: 0010:[<0000000000000000>] [< (null)>] (null) ... [ 168.100620] Call Trace: [ 168.101910] [] ? ath10k_spectral_scan_config+0x96/0x200 [ath10k_core] [ 168.104871] [] ? filemap_fault+0xb2/0x4a0 [ 168.106696] [] write_file_spec_scan_ctl+0x116/0x280 [ath10k_core] [ 168.109618] [] full_proxy_write+0x51/0x80 [ 168.111443] [] __vfs_write+0x28/0x120 [ 168.113090] [] ? security_file_permission+0x3d/0xc0 [ 168.114932] [] ? percpu_down_read+0x12/0x60 [ 168.116680] [] vfs_write+0xb8/0x1a0 [ 168.118293] [] SyS_write+0x46/0xa0 [ 168.119912] [] entry_SYSCALL_64_fastpath+0x1a/0xa4 [ 168.121737] Code: Bad RIP value. [ 168.123318] RIP [< (null)>] (null) Signed-off-by: Michal Kazior Signed-off-by: Kalle Valo Signed-off-by: Amit Pundir --- drivers/net/wireless/ath/ath10k/wmi-ops.h | 6 ++++++ 1 file changed, 6 insertions(+) -- 2.7.4 diff --git a/drivers/net/wireless/ath/ath10k/wmi-ops.h b/drivers/net/wireless/ath/ath10k/wmi-ops.h index 8f4f6a892581..cfed5808bc4e 100644 --- a/drivers/net/wireless/ath/ath10k/wmi-ops.h +++ b/drivers/net/wireless/ath/ath10k/wmi-ops.h @@ -639,6 +639,9 @@ ath10k_wmi_vdev_spectral_conf(struct ath10k *ar, struct sk_buff *skb; u32 cmd_id; + if (!ar->wmi.ops->gen_vdev_spectral_conf) + return -EOPNOTSUPP; + skb = ar->wmi.ops->gen_vdev_spectral_conf(ar, arg); if (IS_ERR(skb)) return PTR_ERR(skb); @@ -654,6 +657,9 @@ ath10k_wmi_vdev_spectral_enable(struct ath10k *ar, u32 vdev_id, u32 trigger, struct sk_buff *skb; u32 cmd_id; + if (!ar->wmi.ops->gen_vdev_spectral_enable) + return -EOPNOTSUPP; + skb = ar->wmi.ops->gen_vdev_spectral_enable(ar, vdev_id, trigger, enable); if (IS_ERR(skb)) From patchwork Tue Jul 25 20:07:17 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 108690 Delivered-To: patch@linaro.org Received: by 10.182.45.195 with SMTP id p3csp14392obm; Tue, 25 Jul 2017 13:07:58 -0700 (PDT) X-Received: by 10.99.173.70 with SMTP id y6mr20948114pgo.9.1501013278202; Tue, 25 Jul 2017 13:07:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1501013278; cv=none; d=google.com; s=arc-20160816; b=Ng6XFWJ/BQr1vZOENIVe2kVkhJVZvBBhW1wstIdyC239bn35keyWkL1E3N7OL1HGuq 6FnmG7eojrKCEakepsslX+P0UrGzwgy/dQEFI2jwMnn4TKqV9FH5rV5Y7GLg7Va+pIJn KxK3/1KIFVEuw+ltB7+QAANqUpgbx5WE6FpTKnLl8t0sTqTFUFnaCnu7CD7igyfAq0dq jdT/wE/cmk+mreECyr8GkOGvGyd33Qt3ahYDyP8TBdk1V+GT8T/C7T33sjcAKFEmF7/b P0uWkXnyWraxaNJAAqs/A6ZoMs8ZMhPvw3BupyNDz2gmKQEtdCLUQCHxbC1DZMfgki+X mAwQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=QeMz3X7oLXLp5Zl8Lyn/3vdg7q05qn9ew2xCCqocD/Y=; b=Lt7GUNLmYD4QBuzc3q2iOn4uNwhRHIAyBRLlx9LC4IxAfjmLaLEsDb1jn5JaIlK5tP /Z95/NVZKDUPwcjgAPScDwipEadjb7CvoQWUpH7cnEggoYIgDjC898T6CEeXWjJLja0l jzpUr8bYVr0iodGuVtbMHS9pCm2uwQiL1a9Yg8WfaSvO+J64UY2FWqpYFgqFj3iZ/eQQ xJkWAlQMNmCyagnK73y9tpBU0Fr77SiIp+a5EkC86MruO2HKdJgXfLD6yawWqiMU+z/F WplR0xFHXaKpVAyLit2zvW7LiM55CEiX1+HWo/4Tlk5X7JJNUFZw+lzYdgZyQAfzoenA 8xLg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.b=i0sDxl0q; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h10si8970990plk.237.2017.07.25.13.07.57; Tue, 25 Jul 2017 13:07:58 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.b=i0sDxl0q; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753256AbdGYUHz (ORCPT + 6 others); Tue, 25 Jul 2017 16:07:55 -0400 Received: from mail-pf0-f172.google.com ([209.85.192.172]:33162 "EHLO mail-pf0-f172.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752116AbdGYUHx (ORCPT ); Tue, 25 Jul 2017 16:07:53 -0400 Received: by mail-pf0-f172.google.com with SMTP id s70so62312720pfs.0 for ; Tue, 25 Jul 2017 13:07:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=QeMz3X7oLXLp5Zl8Lyn/3vdg7q05qn9ew2xCCqocD/Y=; b=i0sDxl0qilz7EySskIA2YynhjrvczCKE3eQOnpFd96e2UQWhogLOoRjxCwOLWou7Wf XAWjD/7NTts1qm+jhxUXgNIKvFVtL6bjgLcXR79YVvLcknEdIxQ1T/JdFNbagujtQaoH IJQ3Kztgbcv4CTwLlX1WI7/3PLlLEBk8iAQZg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=QeMz3X7oLXLp5Zl8Lyn/3vdg7q05qn9ew2xCCqocD/Y=; b=kxPuaPs0Y9ECae+O+/rHMCuBBafP2AgNOItDBE5JP97ayJ3qCUHl9Iw21SyNkih4+z RPndkBzv1ildvRedMn4FJX8xfo3/YA4Rr4ie40OMsIkKUQ5Rlr54FRFy+QhaaUdJysCc fyzrj8OOMz/5ZCnDkRRfw8BodauxIIlkmuYl7omtzMLFnq4nXyqn/I78tfLBJqgsiU8n 4yBYU3mpzJBAUYiW+itvj/sKRAW5PpDNEOqYsdEJV29zItseFUgNfeq8YBgBCR7fzKNa qR3qqhwxzzj1eYLJtxlgl3UN2kITE66UKN6h3UPbNdFBkS/nGBQJbUx//Oie65tEVnXy PbCA== X-Gm-Message-State: AIVw110IJTMpyC3s6oiTzZXX4XrOzjB39b4FEKWwt5qfrXQ2fskYkFkd JRhW7HumJkvJCG2d X-Received: by 10.99.140.13 with SMTP id m13mr20130787pgd.335.1501013273362; Tue, 25 Jul 2017 13:07:53 -0700 (PDT) Received: from localhost.localdomain ([106.51.135.235]) by smtp.gmail.com with ESMTPSA id c76sm27684356pfj.91.2017.07.25.13.07.50 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Jul 2017 13:07:52 -0700 (PDT) From: Amit Pundir To: Greg KH Cc: Stable , Lior David , Maya Erez , Kalle Valo Subject: [PATCH for-4.4 09/13] wil6210: fix deadlock when using fw_no_recovery option Date: Wed, 26 Jul 2017 01:37:17 +0530 Message-Id: <1501013241-31961-10-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1501013241-31961-1-git-send-email-amit.pundir@linaro.org> References: <1501013241-31961-1-git-send-email-amit.pundir@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Lior David commit dfb5b098e0f40b68aa07f2ec55f4dd762efefbfa upstream. When FW crashes with no_fw_recovery option, driver waits for manual recovery with wil->mutex held, this can easily create deadlocks. Fix the problem by moving the wait outside the lock. Signed-off-by: Lior David Signed-off-by: Maya Erez Signed-off-by: Kalle Valo Signed-off-by: Amit Pundir --- drivers/net/wireless/ath/wil6210/main.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) -- 2.7.4 diff --git a/drivers/net/wireless/ath/wil6210/main.c b/drivers/net/wireless/ath/wil6210/main.c index bb69a5949aea..85bca557a339 100644 --- a/drivers/net/wireless/ath/wil6210/main.c +++ b/drivers/net/wireless/ath/wil6210/main.c @@ -330,18 +330,19 @@ static void wil_fw_error_worker(struct work_struct *work) wil->last_fw_recovery = jiffies; + wil_info(wil, "fw error recovery requested (try %d)...\n", + wil->recovery_count); + if (!no_fw_recovery) + wil->recovery_state = fw_recovery_running; + if (wil_wait_for_recovery(wil) != 0) + return; + mutex_lock(&wil->mutex); switch (wdev->iftype) { case NL80211_IFTYPE_STATION: case NL80211_IFTYPE_P2P_CLIENT: case NL80211_IFTYPE_MONITOR: - wil_info(wil, "fw error recovery requested (try %d)...\n", - wil->recovery_count); - if (!no_fw_recovery) - wil->recovery_state = fw_recovery_running; - if (0 != wil_wait_for_recovery(wil)) - break; - + /* silent recovery, upper layers will see disconnect */ __wil_down(wil); __wil_up(wil); break; From patchwork Tue Jul 25 20:07:18 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 108692 Delivered-To: patch@linaro.org Received: by 10.182.45.195 with SMTP id p3csp14414obm; Tue, 25 Jul 2017 13:07:59 -0700 (PDT) X-Received: by 10.84.128.69 with SMTP id 63mr22325068pla.54.1501013279675; Tue, 25 Jul 2017 13:07:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1501013279; cv=none; d=google.com; s=arc-20160816; b=MI/UVOQXYZ0+uovidDG8e1BZzI0Z7eRNyYW2BcF2+AKJPtr/k0lsqx1NcvjxVVtVjE yxCEEqs+HftkOttUFfglxAaMoT8SnG07hogHAzIA5tIJ0qghlWBr4bSaCADfSjZsRJaw 0ZAs1porhHJUJBpak8M5hPyzQEMMhNN/xmh7QG/t4ZWL6kz5MaPTeahdmSWTujk7aTX9 nm6wnQwEgtGKQiSM37hbh8zO37dxtFKhZ3co4IIPyo9Shw4kbgGt3qLkq+c1SmWZCoVA J9AY+ImfG1IRellTCDw3m52dQmSYkSJVLjukNqr75AT66jlK8nxlKNXfWOm9MHXo2HN3 Gf8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=z+889JwfWEtSNgag+wts0USZXiaoFFZBZ0c4iPco9tc=; b=Ql9kqlHMmyhq0spSNNtW8JF2nVDUWDLTLMyjokB+sxMoU33+sATa6OCTfK6HIyi2cb d8jmcMl6J16FQ9OWaWROGfnPPQR094ANkxj9tKgKZZ++798TFHd8f1da697ExbH9bfPA Ms5JRhFeOQqiMALfqrjKQOgq5781aL4ZsbPJkea9wUFPW0E6QC0rEACEHOcV/PLIFgHi E5EjlLxUkqLl5nwrZpo4Srb1g/ei8OAzMuMboMvjYIvwAJsdMmADIol9pIBB05BW+nLj lke2G+XsB77O4yb/qCZKiHc/GMxnlGhYobXSGzWULccXJ+TCw7ylNwTi85xGa5GhRVam UefQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.b=SZLQAJBn; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h10si8970990plk.237.2017.07.25.13.07.59; Tue, 25 Jul 2017 13:07:59 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.b=SZLQAJBn; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752116AbdGYUH6 (ORCPT + 6 others); Tue, 25 Jul 2017 16:07:58 -0400 Received: from mail-pf0-f178.google.com ([209.85.192.178]:33169 "EHLO mail-pf0-f178.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751528AbdGYUH4 (ORCPT ); Tue, 25 Jul 2017 16:07:56 -0400 Received: by mail-pf0-f178.google.com with SMTP id s70so62313098pfs.0 for ; Tue, 25 Jul 2017 13:07:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=z+889JwfWEtSNgag+wts0USZXiaoFFZBZ0c4iPco9tc=; b=SZLQAJBny0KwEloWa2xTxtHsVA904kMGNGqWZaXmGLljttLPR6Sldvq8/JNfvpehvY MA5dY8M4PN9bjsUH7EV0/opg6gbvWjIfdsKdWwmAtBCPzDV1/jYnflhj/KtSjme7cnEk Hg1UzZ8IjJgIGLqMEtM+o8Xg/zRJy7WxAxKRg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=z+889JwfWEtSNgag+wts0USZXiaoFFZBZ0c4iPco9tc=; b=hrQMTviaRycnyT5MI8P2F0ZTrKf03FhvmKdixyk/LHhDbFL8FgFmT3LThYfUi3mk/M zcCM59+hBilw8MSQ3gg7g1PMLiN33jn3vSL1GISGN263FfOsUjZwK85jq5t+xa4K/w0k qSpdtEp1lok7an8bxOJnjmf7XDXrkF7MsYu5nxuLRgckK1pKbvj4l4NZ4+srfISXLOP2 Cq7uRQBEMrpKVPJiE6c0sSZOiUyH86AQeBf4MxT0aM8aO55Ww1j5KQC2ehTFmurx+tlP GPyJ+4vr7A4tg3dO7cuppy9vFPaHGwnbNlkv7OvwxDDpcpb+XNbWHo+6pZ8cuUFTM1AX t+xg== X-Gm-Message-State: AIVw112F0Ky1SW4+ZclRFiwiLPgw1kZqSNNfv4dX8g7kqTeyEjCCJN/9 41YKSW176yySQd75 X-Received: by 10.99.3.140 with SMTP id 134mr2587884pgd.159.1501013276144; Tue, 25 Jul 2017 13:07:56 -0700 (PDT) Received: from localhost.localdomain ([106.51.135.235]) by smtp.gmail.com with ESMTPSA id c76sm27684356pfj.91.2017.07.25.13.07.53 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Jul 2017 13:07:55 -0700 (PDT) From: Amit Pundir To: Greg KH Cc: Stable , Sudeep Holla , Jassi Brar Subject: [PATCH for-4.4 10/13] mailbox: always wait in mbox_send_message for blocking Tx mode Date: Wed, 26 Jul 2017 01:37:18 +0530 Message-Id: <1501013241-31961-11-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1501013241-31961-1-git-send-email-amit.pundir@linaro.org> References: <1501013241-31961-1-git-send-email-amit.pundir@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Sudeep Holla commit c61b781ee084e69855477d23dd33e7e6caad652c upstream. There exists a race when msg_submit return immediately as there was an active request being processed which may have completed just before it's checked again in mbox_send_message. This will result in return to the caller without waiting in mbox_send_message even when it's blocking Tx. This patch fixes the issue by waiting for the completion always if Tx is in blocking mode. Fixes: 2b6d83e2b8b7 ("mailbox: Introduce framework for mailbox") Reported-by: Alexey Klimov Signed-off-by: Sudeep Holla Reviewed-by: Alexey Klimov Signed-off-by: Jassi Brar Signed-off-by: Amit Pundir --- drivers/mailbox/mailbox.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.7.4 diff --git a/drivers/mailbox/mailbox.c b/drivers/mailbox/mailbox.c index 6a4811f85705..6e03717318b0 100644 --- a/drivers/mailbox/mailbox.c +++ b/drivers/mailbox/mailbox.c @@ -261,7 +261,7 @@ int mbox_send_message(struct mbox_chan *chan, void *mssg) msg_submit(chan); - if (chan->cl->tx_block && chan->active_req) { + if (chan->cl->tx_block) { unsigned long wait; int ret; From patchwork Tue Jul 25 20:07:19 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 108693 Delivered-To: patch@linaro.org Received: by 10.182.45.195 with SMTP id p3csp14485obm; Tue, 25 Jul 2017 13:08:03 -0700 (PDT) X-Received: by 10.99.94.66 with SMTP id s63mr20807172pgb.253.1501013283401; Tue, 25 Jul 2017 13:08:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1501013283; cv=none; d=google.com; s=arc-20160816; b=ii++C/PG+zSTzJHq/X06a79aZtSp0Bn03TTQqitGa2J4hzSlOTKYcUdrFOnRVa58Q6 11Prq1k0YCSQVUX/fnNFaOaCI6/fFyeSvow+cg3fqttPdG6Rvlml5PzqXlKgUpb7Wm7p Jg2Wg+qjAA2d9PNIusKDgFwQ202fNlCZTDkMms2PuUIxiCd314JkxiH+83jSH4jHZmDn RiZ5hBaozH1DlkuoZYSiRI0aVKXm9ODAKijgjuqeKq4tbCQV/XzTGLvNRgy3gbd4jiNG TpsW8RdfkuxQ1QgyEz/q0mNQUcNoTrs5Iwem2UvcencImwwnf6mMi5gx+duxIprwmDrP EP1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=1SNuNSf6A475X+VvnYVOgQe2E3+wXWNqY6LrfsINF1c=; b=O0ZNvfoQzp3kXqqB7dyykYic5MwOCX9jRJg1E/PJed6T5bEbb28akbJPQz6Z3cZolu EjRJVZsA2a3x80w8UMZ6NcP0hrgQ5zH/CPvbzW3bmpQatOS+PyA0N4sT5VzM5g+e8Ili QxUB4gFPrZRilI16lw/eSSg7ZxxKbECKbpaaxTBxarZmcsnY8+ZGrkWTwELOqmIjR8cZ HN1AJC/CeUIQxvSbbw+xvBwtbsNdcrF6BqkmX8+d5kJRr0ev0580kMSAcUBDZARk4Qxa 6LOdZWeRMUSmM9+0cu6BabuPBCxgGMf1wTl4aA+g77aVLfkYl7nhJcpDiHTxd7h+ePx3 TLzA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.b=dWV0uPOC; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h10si8970990plk.237.2017.07.25.13.08.02; Tue, 25 Jul 2017 13:08:03 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.b=dWV0uPOC; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753465AbdGYUIB (ORCPT + 6 others); Tue, 25 Jul 2017 16:08:01 -0400 Received: from mail-pg0-f44.google.com ([74.125.83.44]:33264 "EHLO mail-pg0-f44.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753276AbdGYUH7 (ORCPT ); Tue, 25 Jul 2017 16:07:59 -0400 Received: by mail-pg0-f44.google.com with SMTP id g14so25601117pgu.0 for ; Tue, 25 Jul 2017 13:07:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=1SNuNSf6A475X+VvnYVOgQe2E3+wXWNqY6LrfsINF1c=; b=dWV0uPOC51dc85CkRaqUQzeffPxmDg9H+J1U36PAJmoUH3iK0PRQvCyirctO9JqH56 IwwlV0sMciMC5EV3nc47bom1iNEC/4zGkSiOc86pXUsoQHD9n0yi0UfKgQg9CH8YYTqx wKKcRcwLrTd4eFEtBCcVtGlAbBMhc4IXgfHAc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=1SNuNSf6A475X+VvnYVOgQe2E3+wXWNqY6LrfsINF1c=; b=HBHIRiqHdZ63EgNCagXtx/8FaFpRHOpO8tOpmh5uFLQpoyqFPyso9PASykIEHLUUUy FSjVUgGltEov3+MRyEgppCyQHQx2OM8ctI6wkH5sVMFoRo92CO30JYjZ4DAnK897bOHF M5tkE258QsANqNnnRb786G9maGvyaBX4aGpJlaot96goAZSETDPDoEHY98pssRo1/ybo gYmWkmDSxMqRAg13Nw+jm64iSt0n/+egcfYmVU2SFDZKwR1QTt9x987aMEq5ZTmVJZr4 7XkcBv5Wvcpu1oc00zh8ZmgRHG544V3GY7KiWHAYwxVWo3cIwjZfp7xubotysZddhKlJ UWtw== X-Gm-Message-State: AIVw110XTrQCZOlDZTp9RJcBkGjnxIF603WBCb4Q9vQJVXRMQLs+U033 rleiA9kCIkwfOq0RWNd9YQ== X-Received: by 10.99.43.8 with SMTP id r8mr20254868pgr.313.1501013278970; Tue, 25 Jul 2017 13:07:58 -0700 (PDT) Received: from localhost.localdomain ([106.51.135.235]) by smtp.gmail.com with ESMTPSA id c76sm27684356pfj.91.2017.07.25.13.07.56 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Jul 2017 13:07:57 -0700 (PDT) From: Amit Pundir To: Greg KH Cc: Stable , Sudeep Holla , Jassi Brar Subject: [PATCH for-4.4 11/13] mailbox: skip complete wait event if timer expired Date: Wed, 26 Jul 2017 01:37:19 +0530 Message-Id: <1501013241-31961-12-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1501013241-31961-1-git-send-email-amit.pundir@linaro.org> References: <1501013241-31961-1-git-send-email-amit.pundir@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Sudeep Holla commit cc6eeaa3029a6dbcb4ad41b1f92876483bd88965 upstream. If a wait_for_completion_timeout() call returns due to a timeout, complete() can get called after returning from the wait which is incorrect and can cause subsequent transmissions on a channel to fail. Since the wait_for_completion_timeout() sees the completion variable is non-zero caused by the erroneous/spurious complete() call, and it immediately returns without waiting for the time as expected by the client. This patch fixes the issue by skipping complete() call for the timer expiry. Fixes: 2b6d83e2b8b7 ("mailbox: Introduce framework for mailbox") Reported-by: Alexey Klimov Signed-off-by: Sudeep Holla Signed-off-by: Jassi Brar Signed-off-by: Amit Pundir --- drivers/mailbox/mailbox.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) -- 2.7.4 diff --git a/drivers/mailbox/mailbox.c b/drivers/mailbox/mailbox.c index 6e03717318b0..233af2ce9b8c 100644 --- a/drivers/mailbox/mailbox.c +++ b/drivers/mailbox/mailbox.c @@ -108,7 +108,7 @@ static void tx_tick(struct mbox_chan *chan, int r) if (mssg && chan->cl->tx_done) chan->cl->tx_done(chan->cl, mssg, r); - if (chan->cl->tx_block) + if (r != -ETIME && chan->cl->tx_block) complete(&chan->tx_complete); } @@ -272,8 +272,8 @@ int mbox_send_message(struct mbox_chan *chan, void *mssg) ret = wait_for_completion_timeout(&chan->tx_complete, wait); if (ret == 0) { - t = -EIO; - tx_tick(chan, -EIO); + t = -ETIME; + tx_tick(chan, t); } } From patchwork Tue Jul 25 20:07:20 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 108694 Delivered-To: patch@linaro.org Received: by 10.182.45.195 with SMTP id p3csp14558obm; Tue, 25 Jul 2017 13:08:08 -0700 (PDT) X-Received: by 10.84.131.6 with SMTP id 6mr22575972pld.413.1501013288008; Tue, 25 Jul 2017 13:08:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1501013288; cv=none; d=google.com; s=arc-20160816; b=dqHX2Y92fBBz5dFSpu+u1jk3yUb/ONufd/5gpV736rCVaG6iGnuRM8pzHUIEwOfnxK RL+S7u4355kRuvuOlVZWEZGhPkNiAfYjdoY5R+L5QHSOlJFBbtwAswRCd+XoNkFjZ6Fk zew35jnfMCQzb7NQN8E26X8qi7dIoPbaOGzzL9E5Q0shsf6mAbOsz9jSnI3wbgkANu36 FeDrb3k5DmejS8oLIyqsyfAaDswRocywhs6AbG6MJMAX6sHrxBgTcs8f7fSOMYTsgQxL PLHY/ABDZ6zJWIjDzvv3T1vmYxz4Chager7rG+22fOe6KIlkEkHdW5VXsp5nAjFYf+2V ACgA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=iKHwY+OI4PFUdYPlXB4zk1TJKjY4YwqlBxWMoMS/jgk=; b=bE/fHj/j4/QYtxIT69Pnjpnwb/fjs8wDxtoH+Qdm1QGOShjMzSBwI2FRD4oRfY5XGN 8+eOd+sUlc2w5cqqzlPqFdNEwhVttwdtr0McmH+Wr5HjCcoTVZf41HoLqLIfMyH+fP2Y IYeye5LDcvqLZxqJNORquMB65ng+YGIFVgc7qOInQyZ9FSVAcC86vaeB9ShQMsMho+kU FzfXnr9LMGudWBduV74xXnLW2nuGolYD4LaQ7IAYTLOapSK/sC25v1fFuugYluoz9wq4 Mr3WH249gN3NRQQ87IyniMw9zH5EuxQMxpoRZdZXqHQ4WmbkgN6bDlyZhTOH6pa9QAAq tyyg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.b=hwX2G9f5; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h10si8970990plk.237.2017.07.25.13.08.05; Tue, 25 Jul 2017 13:08:07 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.b=hwX2G9f5; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753445AbdGYUID (ORCPT + 6 others); Tue, 25 Jul 2017 16:08:03 -0400 Received: from mail-pg0-f53.google.com ([74.125.83.53]:36972 "EHLO mail-pg0-f53.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753276AbdGYUIC (ORCPT ); Tue, 25 Jul 2017 16:08:02 -0400 Received: by mail-pg0-f53.google.com with SMTP id y129so74391735pgy.4 for ; Tue, 25 Jul 2017 13:08:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=iKHwY+OI4PFUdYPlXB4zk1TJKjY4YwqlBxWMoMS/jgk=; b=hwX2G9f57n59PwQJZkkXqi6tNlcQPispoj8g86h2ZXDiFHX1KKifzQKTdr6CyG6+6V q476pHplhxktfK7WivdQbGcShz6JcB8rpih2t8uUN3KHQ2Uvog5GyQbKiHJIQ8lqeqU3 9ZcjicktOqeYYdD9q/XXRCpkTAxpTolBeWUZg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=iKHwY+OI4PFUdYPlXB4zk1TJKjY4YwqlBxWMoMS/jgk=; b=acuiI6z/x0hkyyiCkAvvvL/Sn6Y4b7uALKyFnr1iPTPh3cOqY1I2ktKgd2bxOCeal+ G5ANmjxh3neJCeqaFFPKMLFR89AWlWhsA/VDBvMhh1mNDhNsNFuMj1CzM8N+ikIXoKWV g5XG2vnKG6Kf0X753BpwNKPmFCKZZ0wsyNDCi9U7CC6WCkC1zXyilQ24+Q8xpH32RClX p0zNU4x0uEgC9bgo72zpikUod24ZVL9SyeWUFQlh5PQrcOC5XChNO2OA/IOA0ka3xINk /3Ew8ahB0IoSNJDruyS5tMGBOYPSObv06IIRl2HuPXcMyLQiI6I2eBlM/B13n6MJj9oV 4jOw== X-Gm-Message-State: AIVw112TAA/m2cauWN4Mdau2vPQ0Sqq9YGL6aHCC2Dm3k5sk0RCHh3Za fEIAWsK4z0wUaqIIrpHqJw== X-Received: by 10.98.89.22 with SMTP id n22mr20643268pfb.326.1501013281722; Tue, 25 Jul 2017 13:08:01 -0700 (PDT) Received: from localhost.localdomain ([106.51.135.235]) by smtp.gmail.com with ESMTPSA id c76sm27684356pfj.91.2017.07.25.13.07.59 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Jul 2017 13:08:00 -0700 (PDT) From: Amit Pundir To: Greg KH Cc: Stable , Sudeep Holla , Jassi Brar Subject: [PATCH for-4.4 12/13] mailbox: handle empty message in tx_tick Date: Wed, 26 Jul 2017 01:37:20 +0530 Message-Id: <1501013241-31961-13-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1501013241-31961-1-git-send-email-amit.pundir@linaro.org> References: <1501013241-31961-1-git-send-email-amit.pundir@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Sudeep Holla commit cb710ab1d8a23f68ff8f45aedf3e552bb90e70de upstream. We already check if the message is empty before calling the client tx_done callback. Calling completion on a wait event is also invalid if the message is empty. This patch moves the existing empty message check earlier. Fixes: 2b6d83e2b8b7 ("mailbox: Introduce framework for mailbox") Signed-off-by: Sudeep Holla Signed-off-by: Jassi Brar Signed-off-by: Amit Pundir --- drivers/mailbox/mailbox.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) -- 2.7.4 diff --git a/drivers/mailbox/mailbox.c b/drivers/mailbox/mailbox.c index 233af2ce9b8c..9cf826df89b1 100644 --- a/drivers/mailbox/mailbox.c +++ b/drivers/mailbox/mailbox.c @@ -104,8 +104,11 @@ static void tx_tick(struct mbox_chan *chan, int r) /* Submit next message */ msg_submit(chan); + if (!mssg) + return; + /* Notify the client */ - if (mssg && chan->cl->tx_done) + if (chan->cl->tx_done) chan->cl->tx_done(chan->cl, mssg, r); if (r != -ETIME && chan->cl->tx_block) From patchwork Tue Jul 25 20:07:21 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 108695 Delivered-To: patch@linaro.org Received: by 10.182.45.195 with SMTP id p3csp14577obm; Tue, 25 Jul 2017 13:08:08 -0700 (PDT) X-Received: by 10.84.236.4 with SMTP id q4mr17599986plk.423.1501013288481; Tue, 25 Jul 2017 13:08:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1501013288; cv=none; d=google.com; s=arc-20160816; b=CHQAUFDQW4pYN/ffNwPK9uPRJMpfJlkWqyUyhZPu+u5KqEEW0tG6OeB2i24N2Q5/f6 zH03qxFVk+tg114Z08d4gg65zGeyi+44jqJYYYqXpHfNLzhMuoElVdq7a9q2uEw9rW6i WAuXDeBR1vHiIinn2MX1FZH+ZJRhQPesMit6ngHZcw8xvAagynKtD1vGJF36IwYND7fA NjK/0GDxuv+VG/QFBDrGYChaWGF7x3rHdb01uKOl+fhT02srwAOVWcp6PD0af7GAKCAe EMhRg0/O3x9X0C26D61A3r3Ym5392lrWxpwOAJ7MIkVighXyEB18ypXiC4DWO4JC5SUk hw6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=Xp4WifqjzjwUt0y7XmZv+/gI8WGVN4bsftaJ3WdKqGc=; b=VWnqnkVD2Se0XGatHe4SpDm0gt7LRawkHQfo3pA7UUp/uxwOCpVx5WPQ/3Lh4ayQEm vEi3Y7wTK/rnd3E57qUoD4diJHneZibRGo6PpglQwXX4kwLP4yiOmzAB6lIzgtsEvg/H Q5KA6McVCPP9EoaX6E7Dj18rC+b9iHV7eDlqq9Y1BMRLpcdLpYiApQvzVJdQpvx5P+H4 Y/Zy5RGFTSk5ihiti04H/G2WYUmO4eIoK3Jwj0kx5caDejSEJRP5HTGQNvZ2XHRPdN3p 3qInMF9645ovonyl/GXjn2xT63jtCEfJGhLS10zbMTaq0UGBnns6xKQtgH67VFeNHZ5b Fmmw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.b=FFser2pB; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h10si8970990plk.237.2017.07.25.13.08.08; Tue, 25 Jul 2017 13:08:08 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.b=FFser2pB; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753450AbdGYUIG (ORCPT + 6 others); Tue, 25 Jul 2017 16:08:06 -0400 Received: from mail-pf0-f171.google.com ([209.85.192.171]:35668 "EHLO mail-pf0-f171.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752220AbdGYUIF (ORCPT ); Tue, 25 Jul 2017 16:08:05 -0400 Received: by mail-pf0-f171.google.com with SMTP id h29so27237128pfd.2 for ; Tue, 25 Jul 2017 13:08:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Xp4WifqjzjwUt0y7XmZv+/gI8WGVN4bsftaJ3WdKqGc=; b=FFser2pBM3TgnrVooe/jzLY1Lbma/r+6AHJ7O4xRLWEcJwxMjrDLXpU8BfRRsKR+BD e4kP04MBmjn2/WggpX9QFkV3iA02zWAKHO8/3gItNeUtpUBium05GvnY9jZ7PKHQMHlb DD2QLVoGZT0UbOjIl5QqU1gjamPG4EgRR+WPY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Xp4WifqjzjwUt0y7XmZv+/gI8WGVN4bsftaJ3WdKqGc=; b=knBHeTD/fOsOOwk82mybF9CzqpjvTtOPhXnH27nE/LTGqaBA1ZsFT4KnvfkHGZey6T N997ApTiBpzRNgsLEA4xEZIiReKAfhnztCbfkPaUTvxN2zKK9cbsXLn++hiPRvJLXdT+ 7Wh0uOS7cdInbNqnS2rXinN1AVZb1xLy24M2Xf2lS80hJSuNSJn3q+CKxndWxiwtWkxS 3OiJ8lNY1EeQw4ZTICE0O9FVL9z8mjOkDgoTZXOLoMIDjgubXQDJfksHH45N3+3yfL5y jbTH7o/X1mUkhP6tGCrTex2/tUUwssxDUBIb1bzXneRegD++dNA04c8YTmriicgedjIc j68g== X-Gm-Message-State: AIVw113liE8buUvV4vmwPUHViyaK0+N4rfEryTTPWNQVyB6J47JR4FEK AzoD3K2SnY13p2tv X-Received: by 10.84.237.15 with SMTP id s15mr23681950plk.100.1501013284612; Tue, 25 Jul 2017 13:08:04 -0700 (PDT) Received: from localhost.localdomain ([106.51.135.235]) by smtp.gmail.com with ESMTPSA id c76sm27684356pfj.91.2017.07.25.13.08.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Jul 2017 13:08:03 -0700 (PDT) From: Amit Pundir To: Greg KH Cc: Stable , Herbert Xu , Steffen Klassert Subject: [PATCH for-4.4 13/13] af_key: Fix sadb_x_ipsecrequest parsing Date: Wed, 26 Jul 2017 01:37:21 +0530 Message-Id: <1501013241-31961-14-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1501013241-31961-1-git-send-email-amit.pundir@linaro.org> References: <1501013241-31961-1-git-send-email-amit.pundir@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Herbert Xu commit 096f41d3a8fcbb8dde7f71379b1ca85fe213eded upstream. The parsing of sadb_x_ipsecrequest is broken in a number of ways. First of all we're not verifying sadb_x_ipsecrequest_len. This is needed when the structure carries addresses at the end. Worse we don't even look at the length when we parse those optional addresses. The migration code had similar parsing code that's better but it also has some deficiencies. The length is overcounted first of all as it includes the header itself. It also fails to check the length before dereferencing the sa_family field. This patch fixes those problems in parse_sockaddr_pair and then uses it in parse_ipsecrequest. Reported-by: Andrey Konovalov Signed-off-by: Herbert Xu Signed-off-by: Steffen Klassert Signed-off-by: Amit Pundir --- net/key/af_key.c | 47 ++++++++++++++++++++++++++--------------------- 1 file changed, 26 insertions(+), 21 deletions(-) -- 2.7.4 diff --git a/net/key/af_key.c b/net/key/af_key.c index e67c28e614b9..d8d95b6415e4 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c @@ -65,6 +65,10 @@ struct pfkey_sock { } dump; }; +static int parse_sockaddr_pair(struct sockaddr *sa, int ext_len, + xfrm_address_t *saddr, xfrm_address_t *daddr, + u16 *family); + static inline struct pfkey_sock *pfkey_sk(struct sock *sk) { return (struct pfkey_sock *)sk; @@ -1922,19 +1926,14 @@ parse_ipsecrequest(struct xfrm_policy *xp, struct sadb_x_ipsecrequest *rq) /* addresses present only in tunnel mode */ if (t->mode == XFRM_MODE_TUNNEL) { - u8 *sa = (u8 *) (rq + 1); - int family, socklen; + int err; - family = pfkey_sockaddr_extract((struct sockaddr *)sa, - &t->saddr); - if (!family) - return -EINVAL; - - socklen = pfkey_sockaddr_len(family); - if (pfkey_sockaddr_extract((struct sockaddr *)(sa + socklen), - &t->id.daddr) != family) - return -EINVAL; - t->encap_family = family; + err = parse_sockaddr_pair( + (struct sockaddr *)(rq + 1), + rq->sadb_x_ipsecrequest_len - sizeof(*rq), + &t->saddr, &t->id.daddr, &t->encap_family); + if (err) + return err; } else t->encap_family = xp->family; @@ -1954,7 +1953,11 @@ parse_ipsecrequests(struct xfrm_policy *xp, struct sadb_x_policy *pol) if (pol->sadb_x_policy_len * 8 < sizeof(struct sadb_x_policy)) return -EINVAL; - while (len >= sizeof(struct sadb_x_ipsecrequest)) { + while (len >= sizeof(*rq)) { + if (len < rq->sadb_x_ipsecrequest_len || + rq->sadb_x_ipsecrequest_len < sizeof(*rq)) + return -EINVAL; + if ((err = parse_ipsecrequest(xp, rq)) < 0) return err; len -= rq->sadb_x_ipsecrequest_len; @@ -2417,7 +2420,6 @@ out: return err; } -#ifdef CONFIG_NET_KEY_MIGRATE static int pfkey_sockaddr_pair_size(sa_family_t family) { return PFKEY_ALIGN8(pfkey_sockaddr_len(family) * 2); @@ -2429,7 +2431,7 @@ static int parse_sockaddr_pair(struct sockaddr *sa, int ext_len, { int af, socklen; - if (ext_len < pfkey_sockaddr_pair_size(sa->sa_family)) + if (ext_len < 2 || ext_len < pfkey_sockaddr_pair_size(sa->sa_family)) return -EINVAL; af = pfkey_sockaddr_extract(sa, saddr); @@ -2445,6 +2447,7 @@ static int parse_sockaddr_pair(struct sockaddr *sa, int ext_len, return 0; } +#ifdef CONFIG_NET_KEY_MIGRATE static int ipsecrequests_to_migrate(struct sadb_x_ipsecrequest *rq1, int len, struct xfrm_migrate *m) { @@ -2452,13 +2455,14 @@ static int ipsecrequests_to_migrate(struct sadb_x_ipsecrequest *rq1, int len, struct sadb_x_ipsecrequest *rq2; int mode; - if (len <= sizeof(struct sadb_x_ipsecrequest) || - len < rq1->sadb_x_ipsecrequest_len) + if (len < sizeof(*rq1) || + len < rq1->sadb_x_ipsecrequest_len || + rq1->sadb_x_ipsecrequest_len < sizeof(*rq1)) return -EINVAL; /* old endoints */ err = parse_sockaddr_pair((struct sockaddr *)(rq1 + 1), - rq1->sadb_x_ipsecrequest_len, + rq1->sadb_x_ipsecrequest_len - sizeof(*rq1), &m->old_saddr, &m->old_daddr, &m->old_family); if (err) @@ -2467,13 +2471,14 @@ static int ipsecrequests_to_migrate(struct sadb_x_ipsecrequest *rq1, int len, rq2 = (struct sadb_x_ipsecrequest *)((u8 *)rq1 + rq1->sadb_x_ipsecrequest_len); len -= rq1->sadb_x_ipsecrequest_len; - if (len <= sizeof(struct sadb_x_ipsecrequest) || - len < rq2->sadb_x_ipsecrequest_len) + if (len <= sizeof(*rq2) || + len < rq2->sadb_x_ipsecrequest_len || + rq2->sadb_x_ipsecrequest_len < sizeof(*rq2)) return -EINVAL; /* new endpoints */ err = parse_sockaddr_pair((struct sockaddr *)(rq2 + 1), - rq2->sadb_x_ipsecrequest_len, + rq2->sadb_x_ipsecrequest_len - sizeof(*rq2), &m->new_saddr, &m->new_daddr, &m->new_family); if (err)