From patchwork Tue Jul 25 20:45:12 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 108697 Delivered-To: patch@linaro.org Received: by 10.140.101.44 with SMTP id t41csp28654qge; Tue, 25 Jul 2017 13:45:38 -0700 (PDT) X-Received: by 10.84.177.131 with SMTP id x3mr6366258plb.280.1501015538069; Tue, 25 Jul 2017 13:45:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1501015538; cv=none; d=google.com; s=arc-20160816; b=rXSifDkgqyU1i2ltcdNXTQLKy+jLAdGCWLGMtPIzr6UNsjMXcABBFMhPOdHRz6sJod 6tl5C0Cl1UgIqqLDKCBfQqYSTuPin/OpXgSKi91JmYdePsbRjAagK9tvKm0dxXHRfehJ 0ffihTEo+nCK//0sFU7/+TiDEiSuR77wGHm80Rzf7xcWSngbxWb7QKnh9x/x7OxYev2D XAAXn0qoq5wmR+3SZSf723468WX96nCoIWQQV79jGQ+Wl69t0zVJMtl2U5ycUt5vc7uy pjDmhimH6n3tljfSNjpSbi1wTQ3t3bADDOQ0mIE8+rNo5Dof8JAIBAKiIq7cXHQ5gxie +abg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=HLN6Q4zRc5ANZ1niCFosNxd1Edpd7dY+6wLC5x1oqL4=; b=J9oSZ2fbBYHo8j45gWatM2b39u7KDdTCrdwRacDrHiEJ/VeXS8+UHKC+QN08kkPzw5 qHpS8jCDPzyNgdB6lqdkXidnIFiXJYDkxjPdig8UDR94mfrb8qGFHOXi+tb9Ecvyhy9f EqT+eKQbN6ZvQbzBJhMOTPLo7qwacl4VUnF/I16vU6lT8pByn01P/ITk9Q1LCsu3xCEV 6h7KmrsscyBRjxIHagPxI92TOOrPGfSmEvT4P8yLjKSM51TAV0a2eNTyaFPmTwkqiemp AUjPG2kXKGmOWknj+tdwQDesHQyuvJTVmvq2STJDhyHS300yklVeBLhp0XpCVaEmpJeQ fPZQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.b=akE52Aqj; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p127si4045682pfg.452.2017.07.25.13.45.37; Tue, 25 Jul 2017 13:45:38 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.b=akE52Aqj; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752558AbdGYUpg (ORCPT + 6 others); Tue, 25 Jul 2017 16:45:36 -0400 Received: from mail-pg0-f48.google.com ([74.125.83.48]:37260 "EHLO mail-pg0-f48.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752049AbdGYUpe (ORCPT ); Tue, 25 Jul 2017 16:45:34 -0400 Received: by mail-pg0-f48.google.com with SMTP id y129so74739160pgy.4 for ; Tue, 25 Jul 2017 13:45:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=HLN6Q4zRc5ANZ1niCFosNxd1Edpd7dY+6wLC5x1oqL4=; b=akE52AqjTCWUstWJGkwCcxYF785cP4LJENXsf/LoPAne1gtgtXLqEiuUKF2YV0S8Yi 05dR64d90AzI4qAbB8jWw3zY1aBCnyLMTve+xKQzrc0D7QhnQGzCv9SKBgQwx4kY0UYp 9zMWgT+Dn3InV9nLfGmNtLfWdVgimV/4ogm88= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=HLN6Q4zRc5ANZ1niCFosNxd1Edpd7dY+6wLC5x1oqL4=; b=Dy0RSfNfXQifCuiYmjiCfveHn5VQtbDUBTAxtbNRe+9O0BFQLSZDiBOLdNwsYmvyZl e0yhbsI+fmPDTW7vPIeStPWwzu3MsOUeQJvzFaVQiwKWVj6YwXonnt4pI10tzSW18dDu /DSqdWA4TbfIk/HBpRR6Fe5ooCVHdiOy64ZJns7XApoK92K0ikSmAjhVRVUm11gyfJ+O XiDiF6vuPSmwbxm8XLUYs5nKLEZNLPs6sWFT2lSfhPGFoAH/xUNgxYFGJ8SsFcFclQhF BNiArHjvT8ptrcV5xpkFaaUgHA+mhMD7QRRokJ/2cbBgEO5oRhIY+Lwcx5yq/FG3Ivml ZN/g== X-Gm-Message-State: AIVw112BVr3o0szL7OFyqHsdQDt3m3iuDVmo7h5Nrsc5bbqvp8KpmMiO +uHh+7Ywx2EvodLYudo1aA== X-Received: by 10.98.86.154 with SMTP id h26mr12494681pfj.250.1501015534180; Tue, 25 Jul 2017 13:45:34 -0700 (PDT) Received: from localhost.localdomain ([106.51.135.235]) by smtp.gmail.com with ESMTPSA id d4sm532125pfj.59.2017.07.25.13.45.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Jul 2017 13:45:33 -0700 (PDT) From: Amit Pundir To: Greg KH Cc: Stable , Jan Stancek , "David S . Miller" Subject: [PATCH for-3.18 01/15] ipv6: fix possible deadlock in ip6_fl_purge / ip6_fl_gc Date: Wed, 26 Jul 2017 02:15:12 +0530 Message-Id: <1501015526-32178-2-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1501015526-32178-1-git-send-email-amit.pundir@linaro.org> References: <1501015526-32178-1-git-send-email-amit.pundir@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Jan Stancek commit 4762fb980465463734f02c67c67f40beb8903f73 upstream. Use spin_lock_bh in ip6_fl_purge() to prevent following potentially deadlock scenario between ip6_fl_purge() and ip6_fl_gc() timer. ================================= [ INFO: inconsistent lock state ] 3.19.0 #1 Not tainted --------------------------------- inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. swapper/5/0 [HC0[0]:SC1[1]:HE1:SE0] takes: (ip6_fl_lock){+.?...}, at: [] ip6_fl_gc+0x2d/0x180 {SOFTIRQ-ON-W} state was registered at: [] __lock_acquire+0x4a0/0x10b0 [] lock_acquire+0xc4/0x2b0 [] _raw_spin_lock+0x3d/0x80 [] ip6_flowlabel_net_exit+0x28/0x110 [] ops_exit_list.isra.1+0x39/0x60 [] cleanup_net+0x100/0x1e0 [] process_one_work+0x20a/0x830 [] worker_thread+0x11b/0x460 [] kthread+0x104/0x120 [] ret_from_fork+0x7c/0xb0 irq event stamp: 84640 hardirqs last enabled at (84640): [] _raw_spin_unlock_irq+0x30/0x50 hardirqs last disabled at (84639): [] _raw_spin_lock_irq+0x1f/0x80 softirqs last enabled at (84628): [] _local_bh_enable+0x21/0x50 softirqs last disabled at (84629): [] irq_exit+0x12d/0x150 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(ip6_fl_lock); lock(ip6_fl_lock); *** DEADLOCK *** Signed-off-by: Jan Stancek Signed-off-by: David S. Miller Signed-off-by: Amit Pundir --- net/ipv6/ip6_flowlabel.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- 2.7.4 diff --git a/net/ipv6/ip6_flowlabel.c b/net/ipv6/ip6_flowlabel.c index 3dd7d4ebd7cd..a837f2065d2a 100644 --- a/net/ipv6/ip6_flowlabel.c +++ b/net/ipv6/ip6_flowlabel.c @@ -172,7 +172,7 @@ static void __net_exit ip6_fl_purge(struct net *net) { int i; - spin_lock(&ip6_fl_lock); + spin_lock_bh(&ip6_fl_lock); for (i = 0; i <= FL_HASH_MASK; i++) { struct ip6_flowlabel *fl; struct ip6_flowlabel __rcu **flp; @@ -190,7 +190,7 @@ static void __net_exit ip6_fl_purge(struct net *net) flp = &fl->next; } } - spin_unlock(&ip6_fl_lock); + spin_unlock_bh(&ip6_fl_lock); } static struct ip6_flowlabel *fl_intern(struct net *net, From patchwork Tue Jul 25 20:45:13 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 108698 Delivered-To: patch@linaro.org Received: by 10.140.101.44 with SMTP id t41csp28738qge; Tue, 25 Jul 2017 13:45:44 -0700 (PDT) X-Received: by 10.84.209.232 with SMTP id y95mr22692154plh.391.1501015544348; Tue, 25 Jul 2017 13:45:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1501015544; cv=none; d=google.com; s=arc-20160816; b=TCaYlgF4ndy7oXe2yYU+Bc1MLhGf+CiXXi4vt9hYPKCVMUDrcbf887KK89yvBdGXF1 iVxqA5zgGn6ggKdHWQv56T1wZ2kPLdFKaJnnQd6nPfvAEc0dCh9DEixuujxGVTDBFvH5 BM+w/nx+DDJAyQoMt7UyuMaIIvH/ugs76DJzReJIk3nkbW34YZRYVkLQ7ZTQH8fle3D3 V/thLSkBVQXv6wpw1ivNWaj539JhAEjWKnK+rhSb1VnoNHpq9CBrobWMksC2M1vLMB63 ErdcHXD5Z/LetEKLoOVVwVAv1rp22sn4nriqDj1xLkGO8JB1ohXeBYaiFCod24bXFnff hEog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=pKRvgK0/rSDft9SKEmeRMEExdO2pOqRywP/i7j4a2Ws=; b=jwbhff799B8EeLz0tRjgGGEknhmwQNwxv9I9TjMpvuZYypW1zwLSOXandtcTn4xH6w ZkDc0/QQVjnfrKKo7jyi/UxapEh4Ha0pepAg6OSASjMq+85Xhi5If65GReiQjXaHMDkd S89yOCdtm4Siv8CiKX/aTAKtF5xAHkjkVn0uX/oJ+WDUER5WLEdxMlUJBncQ7o5MyVND Ma2Hlp2R7U4KFOn/4zp9ydEj5WXgQUZc6B5sRZmHZUpv3Wy0RVC2kwWbsgMg7DGPWLTz hqVEFqxbK2G/WSWgbpiyzbM8X7ufnQoQWHJiDsceAhAWOF5elaBzPTc0NIAUlMBcstMx otdw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.b=P8JSulEQ; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u1si9102153plm.762.2017.07.25.13.45.44; Tue, 25 Jul 2017 13:45:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.b=P8JSulEQ; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752049AbdGYUpk (ORCPT + 6 others); Tue, 25 Jul 2017 16:45:40 -0400 Received: from mail-pg0-f46.google.com ([74.125.83.46]:36809 "EHLO mail-pg0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751730AbdGYUph (ORCPT ); Tue, 25 Jul 2017 16:45:37 -0400 Received: by mail-pg0-f46.google.com with SMTP id 125so74831014pgi.3 for ; Tue, 25 Jul 2017 13:45:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=pKRvgK0/rSDft9SKEmeRMEExdO2pOqRywP/i7j4a2Ws=; b=P8JSulEQQIRTPkkPDFhTlIVg7t+kyKQBVWSZPz4iiUF1yxuAJoq3ATut04apI5ZmSw IJqPpMwg9jJM9/TxmYqoDffNmjnbQE1I6Ai4gfzbSDcriPD2yMOYXeVsFibzWSVKEj6M bpPWU8661mZR7Pm+ZzSri7VWlng0uOvfmsMcc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=pKRvgK0/rSDft9SKEmeRMEExdO2pOqRywP/i7j4a2Ws=; b=ny+cOrvGuCfvMAqQe/xUIhX/n3lkMpeOaNAMqc3pj7u+arUSoYIydN6SUfZ6tOAe+5 PM3AvVFfRhIiv7fum5uOFUpDc1mourxN4JS1omDo980JW9J1TiX/24SCG8PFUTfgqGZt OP/prdCL+wVI19yvdmDRfNkQ0K4DVF9tmf5muBziC643O/nLUO5YCynDnsNgYGXXO9pJ 1mze4gm/1kl4rBKK+KCkJLHe/diP6C4yC6qiIB7qwhs/1uIlzFaON9XFceVrlsqu/xiS 8dzep6NpJ48EoNp4qfjldX2iSyhseeMmeEL11YNrsHuMUxhc9e1aTJM6wHUHXsLuVlQe XgPA== X-Gm-Message-State: AIVw112c0tcu75D1LEjtwZb2RXLvl9c41JIVWq7swo7ArhDoWQq89FUI ccZVL3ZsPVEHwkEv X-Received: by 10.98.63.10 with SMTP id m10mr11371967pfa.232.1501015537004; Tue, 25 Jul 2017 13:45:37 -0700 (PDT) Received: from localhost.localdomain ([106.51.135.235]) by smtp.gmail.com with ESMTPSA id d4sm532125pfj.59.2017.07.25.13.45.34 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Jul 2017 13:45:35 -0700 (PDT) From: Amit Pundir To: Greg KH Cc: Stable , Daniel Borkmann , "David S . Miller" Subject: [PATCH for-3.18 02/15] net: sctp: fix race for one-to-many sockets in sendmsg's auto associate Date: Wed, 26 Jul 2017 02:15:13 +0530 Message-Id: <1501015526-32178-3-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1501015526-32178-1-git-send-email-amit.pundir@linaro.org> References: <1501015526-32178-1-git-send-email-amit.pundir@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Daniel Borkmann commit 2061dcd6bff8b774b4fac8b0739b6be3f87bc9f2 upstream. I.e. one-to-many sockets in SCTP are not required to explicitly call into connect(2) or sctp_connectx(2) prior to data exchange. Instead, they can directly invoke sendmsg(2) and the SCTP stack will automatically trigger connection establishment through 4WHS via sctp_primitive_ASSOCIATE(). However, this in its current implementation is racy: INIT is being sent out immediately (as it cannot be bundled anyway) and the rest of the DATA chunks are queued up for later xmit when connection is established, meaning sendmsg(2) will return successfully. This behaviour can result in an undesired side-effect that the kernel made the application think the data has already been transmitted, although none of it has actually left the machine, worst case even after close(2)'ing the socket. Instead, when the association from client side has been shut down e.g. first gracefully through SCTP_EOF and then close(2), the client could afterwards still receive the server's INIT_ACK due to a connection with higher latency. This INIT_ACK is then considered out of the blue and hence responded with ABORT as there was no alive assoc found anymore. This can be easily reproduced f.e. with sctp_test application from lksctp. One way to fix this race is to wait for the handshake to actually complete. The fix defers waiting after sctp_primitive_ASSOCIATE() and sctp_primitive_SEND() succeeded, so that DATA chunks cooked up from sctp_sendmsg() have already been placed into the output queue through the side-effect interpreter, and therefore can then be bundeled together with COOKIE_ECHO control chunks. strace from example application (shortened): socket(PF_INET, SOCK_SEQPACKET, IPPROTO_SCTP) = 3 sendmsg(3, {msg_name(28)={sa_family=AF_INET, sin_port=htons(8888), sin_addr=inet_addr("192.168.1.115")}, msg_iov(1)=[{"hello", 5}], msg_controllen=0, msg_flags=0}, 0) = 5 sendmsg(3, {msg_name(28)={sa_family=AF_INET, sin_port=htons(8888), sin_addr=inet_addr("192.168.1.115")}, msg_iov(1)=[{"hello", 5}], msg_controllen=0, msg_flags=0}, 0) = 5 sendmsg(3, {msg_name(28)={sa_family=AF_INET, sin_port=htons(8888), sin_addr=inet_addr("192.168.1.115")}, msg_iov(1)=[{"hello", 5}], msg_controllen=0, msg_flags=0}, 0) = 5 sendmsg(3, {msg_name(28)={sa_family=AF_INET, sin_port=htons(8888), sin_addr=inet_addr("192.168.1.115")}, msg_iov(1)=[{"hello", 5}], msg_controllen=0, msg_flags=0}, 0) = 5 sendmsg(3, {msg_name(28)={sa_family=AF_INET, sin_port=htons(8888), sin_addr=inet_addr("192.168.1.115")}, msg_iov(0)=[], msg_controllen=48, {cmsg_len=48, cmsg_level=0x84 /* SOL_??? */, cmsg_type=, ...}, msg_flags=0}, 0) = 0 // graceful shutdown for SOCK_SEQPACKET via SCTP_EOF close(3) = 0 tcpdump before patch (fooling the application): 22:33:36.306142 IP 192.168.1.114.41462 > 192.168.1.115.8888: sctp (1) [INIT] [init tag: 3879023686] [rwnd: 106496] [OS: 10] [MIS: 65535] [init TSN: 3139201684] 22:33:36.316619 IP 192.168.1.115.8888 > 192.168.1.114.41462: sctp (1) [INIT ACK] [init tag: 3345394793] [rwnd: 106496] [OS: 10] [MIS: 10] [init TSN: 3380109591] 22:33:36.317600 IP 192.168.1.114.41462 > 192.168.1.115.8888: sctp (1) [ABORT] tcpdump after patch: 14:28:58.884116 IP 192.168.1.114.35846 > 192.168.1.115.8888: sctp (1) [INIT] [init tag: 438593213] [rwnd: 106496] [OS: 10] [MIS: 65535] [init TSN: 3092969729] 14:28:58.888414 IP 192.168.1.115.8888 > 192.168.1.114.35846: sctp (1) [INIT ACK] [init tag: 381429855] [rwnd: 106496] [OS: 10] [MIS: 10] [init TSN: 2141904492] 14:28:58.888638 IP 192.168.1.114.35846 > 192.168.1.115.8888: sctp (1) [COOKIE ECHO] , (2) [DATA] (B)(E) [TSN: 3092969729] [...] 14:28:58.893278 IP 192.168.1.115.8888 > 192.168.1.114.35846: sctp (1) [COOKIE ACK] , (2) [SACK] [cum ack 3092969729] [a_rwnd 106491] [#gap acks 0] [#dup tsns 0] 14:28:58.893591 IP 192.168.1.114.35846 > 192.168.1.115.8888: sctp (1) [DATA] (B)(E) [TSN: 3092969730] [...] 14:28:59.096963 IP 192.168.1.115.8888 > 192.168.1.114.35846: sctp (1) [SACK] [cum ack 3092969730] [a_rwnd 106496] [#gap acks 0] [#dup tsns 0] 14:28:59.097086 IP 192.168.1.114.35846 > 192.168.1.115.8888: sctp (1) [DATA] (B)(E) [TSN: 3092969731] [...] , (2) [DATA] (B)(E) [TSN: 3092969732] [...] 14:28:59.103218 IP 192.168.1.115.8888 > 192.168.1.114.35846: sctp (1) [SACK] [cum ack 3092969732] [a_rwnd 106486] [#gap acks 0] [#dup tsns 0] 14:28:59.103330 IP 192.168.1.114.35846 > 192.168.1.115.8888: sctp (1) [SHUTDOWN] 14:28:59.107793 IP 192.168.1.115.8888 > 192.168.1.114.35846: sctp (1) [SHUTDOWN ACK] 14:28:59.107890 IP 192.168.1.114.35846 > 192.168.1.115.8888: sctp (1) [SHUTDOWN COMPLETE] Looks like this bug is from the pre-git history museum. ;) Fixes: 08707d5482df ("lksctp-2_5_31-0_5_1.patch") Signed-off-by: Daniel Borkmann Acked-by: Vlad Yasevich Signed-off-by: David S. Miller Signed-off-by: Amit Pundir --- net/sctp/socket.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) -- 2.7.4 diff --git a/net/sctp/socket.c b/net/sctp/socket.c index 92c920c9cfa6..92c6eac72ea6 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -1604,7 +1604,7 @@ static int sctp_sendmsg(struct kiocb *iocb, struct sock *sk, sctp_assoc_t associd = 0; sctp_cmsgs_t cmsgs = { NULL }; sctp_scope_t scope; - bool fill_sinfo_ttl = false; + bool fill_sinfo_ttl = false, wait_connect = false; struct sctp_datamsg *datamsg; int msg_flags = msg->msg_flags; __u16 sinfo_flags = 0; @@ -1944,6 +1944,7 @@ static int sctp_sendmsg(struct kiocb *iocb, struct sock *sk, if (err < 0) goto out_free; + wait_connect = true; pr_debug("%s: we associated primitively\n", __func__); } @@ -1981,6 +1982,11 @@ static int sctp_sendmsg(struct kiocb *iocb, struct sock *sk, sctp_datamsg_put(datamsg); err = msg_len; + if (unlikely(wait_connect)) { + timeo = sock_sndtimeo(sk, msg_flags & MSG_DONTWAIT); + sctp_wait_for_connect(asoc, &timeo); + } + /* If we are already past ASSOCIATE, the lower * layers are responsible for association cleanup. */ From patchwork Tue Jul 25 20:45:14 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 108699 Delivered-To: patch@linaro.org Received: by 10.140.101.44 with SMTP id t41csp28742qge; Tue, 25 Jul 2017 13:45:44 -0700 (PDT) X-Received: by 10.99.104.74 with SMTP id d71mr20218748pgc.7.1501015544866; Tue, 25 Jul 2017 13:45:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1501015544; cv=none; d=google.com; s=arc-20160816; b=kzq8bTUCxZaRz9hQSbUvTP8ynHP95nldw0P6TckhuNlDACI4PbBCeU2rM15B52BADN WJF3gxSyXQDk3GDDyU2S2ZxXOy8xidGpjpXVZnfVqvfW4aTcf/r6c6zU+ZpI/QOYtvK4 sIcVWM8kBtK/aAvP15oV7GpbX1L/cDdVabV8nXGGkgq1QsY5bapOuwg6bzPtDHAkH0ni uAhHvtMfMnn6+m7dCYSCMqb9rFOhO2Ueb1nA/39wcLhJ6R0TaVMjyjP3ygA8V6n/OfMo lMvvNCdFtRQ8Lu4SX1mjZ6iFhc4T2k5fiAtPKCK9pYkqosHJB0GZyNrxrI9kdkdupgX0 M2sA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=WANjGoObH+9ngJ7IwqVbjzK6wudKo7hArhspfeo+HNA=; b=06VCbf2G5cuCu81x8Iu6gOsAlO/8FATwjP+bczcIYyIlc2r5+9VZjGy/qSvZRLQtcU rEa2xL8f1FQB044/UM+nFA4RdM0ywpMHpruU1Fmy/tCfFcM3Ta78mbmJTrjpYtmvzeU+ xPRKQVfPonhgv5nKIDRFuX+uSQ9cBK89xfQQXGCQTlKRLbjrFQARp/uW8eJwvJ5My/TQ 2P9JfCi79zHAeDKGn1XWdvz+gCnISv9v1Msc62Iqml1Z/S4GSPkemIbkJytXDh6ZgzLj aFfmh8U3eZEPiftfQJM10GQyxHAVRDvro6KN97AMMNXqyROep8ii47ZwDwO2tbyiLhkY 0kYg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.b=L2pC4/Iw; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u1si9102153plm.762.2017.07.25.13.45.44; Tue, 25 Jul 2017 13:45:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.b=L2pC4/Iw; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752616AbdGYUpm (ORCPT + 6 others); Tue, 25 Jul 2017 16:45:42 -0400 Received: from mail-pg0-f51.google.com ([74.125.83.51]:34526 "EHLO mail-pg0-f51.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751609AbdGYUpk (ORCPT ); Tue, 25 Jul 2017 16:45:40 -0400 Received: by mail-pg0-f51.google.com with SMTP id 123so74821926pgj.1 for ; Tue, 25 Jul 2017 13:45:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=WANjGoObH+9ngJ7IwqVbjzK6wudKo7hArhspfeo+HNA=; b=L2pC4/IwMiIRHxMs8YTM7UOS03D6gq2NQrnlt6sQA4f7bTaBkFVZfLv7Zb5GH7CpZ2 R3UFNwNx820VkNFPCLZH6gMHDp7IswHNEUtCC1o50AqIhQPFDwQdXZcfqfdERsNRxXVj H9fSkpB7LKrLOI1T7xI6PijSr5YB322MXMR2o= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=WANjGoObH+9ngJ7IwqVbjzK6wudKo7hArhspfeo+HNA=; b=Exa00gFJAgFlV2QIYfJRPZg4p+vRAievx0TC3xs/RoJKB8TODqKhVzQKG9/E4bXCKx +Z55xVW7yiWoHaaJ6WAU8N/xKO2jVk6MKvXY7nVHKJ6uLHb5SiKsEbhInMAsE4VaaLAv +EbB9t6cvcsJVN6/5kwHiR8zu6X+zSWhDM6S4yvg3H6hrxh7ou6yDWq//pTtqkG9pYeQ cJOkWWCV531WfwdZK2mzMsqQOxrSi9CA0pXCfrAuaW0QHqTogTbnWtNCDJAfSXFXmHah XI/6t3rIjmUs3llh1qHprNL+pcxP1of7Pc25Lq1GRbbCFB1x+/9Mqljq7HPO+mJv1PN+ fjCw== X-Gm-Message-State: AIVw113HUB3kXI9zOUIHWs5wkpN1Aden0n4n20DL5NYrHJkVCjejW3Bx FFYrw2nYB48+1Vf9QshC1A== X-Received: by 10.84.218.4 with SMTP id q4mr22598242pli.202.1501015539929; Tue, 25 Jul 2017 13:45:39 -0700 (PDT) Received: from localhost.localdomain ([106.51.135.235]) by smtp.gmail.com with ESMTPSA id d4sm532125pfj.59.2017.07.25.13.45.37 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Jul 2017 13:45:38 -0700 (PDT) From: Amit Pundir To: Greg KH Cc: Stable , Ben Hutchings , "David S . Miller" Subject: [PATCH for-3.18 03/15] sh_eth: Fix ethtool operation crash when net device is down Date: Wed, 26 Jul 2017 02:15:14 +0530 Message-Id: <1501015526-32178-4-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1501015526-32178-1-git-send-email-amit.pundir@linaro.org> References: <1501015526-32178-1-git-send-email-amit.pundir@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Ben Hutchings commit 4f9dce230b32eec45cec8c28cae61efdfa2f7d57 upstream. The driver connects and disconnects the PHY device whenever the net device is brought up and down. The ethtool get_settings, set_settings and nway_reset operations will dereference a null or dangling pointer if called while it is down. I think it would be preferable to keep the PHY connected, but there may be good reasons not to. As an immediate fix for this bug: - Set the phydev pointer to NULL after disconnecting the PHY - Change those three operations to return -ENODEV while the PHY is not connected Signed-off-by: Ben Hutchings Signed-off-by: David S. Miller Signed-off-by: Amit Pundir --- drivers/net/ethernet/renesas/sh_eth.c | 10 ++++++++++ 1 file changed, 10 insertions(+) -- 2.7.4 diff --git a/drivers/net/ethernet/renesas/sh_eth.c b/drivers/net/ethernet/renesas/sh_eth.c index c44bae495804..f25b5b8b120f 100644 --- a/drivers/net/ethernet/renesas/sh_eth.c +++ b/drivers/net/ethernet/renesas/sh_eth.c @@ -1832,6 +1832,9 @@ static int sh_eth_get_settings(struct net_device *ndev, unsigned long flags; int ret; + if (!mdp->phydev) + return -ENODEV; + spin_lock_irqsave(&mdp->lock, flags); ret = phy_ethtool_gset(mdp->phydev, ecmd); spin_unlock_irqrestore(&mdp->lock, flags); @@ -1846,6 +1849,9 @@ static int sh_eth_set_settings(struct net_device *ndev, unsigned long flags; int ret; + if (!mdp->phydev) + return -ENODEV; + spin_lock_irqsave(&mdp->lock, flags); /* disable tx and rx */ @@ -1880,6 +1886,9 @@ static int sh_eth_nway_reset(struct net_device *ndev) unsigned long flags; int ret; + if (!mdp->phydev) + return -ENODEV; + spin_lock_irqsave(&mdp->lock, flags); ret = phy_start_aneg(mdp->phydev); spin_unlock_irqrestore(&mdp->lock, flags); @@ -2189,6 +2198,7 @@ static int sh_eth_close(struct net_device *ndev) if (mdp->phydev) { phy_stop(mdp->phydev); phy_disconnect(mdp->phydev); + mdp->phydev = NULL; } free_irq(ndev->irq, ndev); From patchwork Tue Jul 25 20:45:15 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 108700 Delivered-To: patch@linaro.org Received: by 10.140.101.44 with SMTP id t41csp28795qge; Tue, 25 Jul 2017 13:45:49 -0700 (PDT) X-Received: by 10.84.236.13 with SMTP id q13mr22713026plk.324.1501015549075; Tue, 25 Jul 2017 13:45:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1501015549; cv=none; d=google.com; s=arc-20160816; b=BwiEHIxSaKM+NvIsxRtgZuml/35kbxm/JCsiO3HpI3HCsmckKCRIx8kv884cpZwY9F 9z0z9+V+jKHEoGjU94kLdPz2Hg1cpdd9iCx3NfXrOL+HyYs/HlGasBXV4gG7BK8OWhbF jUfWhTMr2v1ANn7wjddOmL/zStlwFZbcHOKw7fIl9YuCgsQdkxBfcQ5QqGN47+u/KxEj uVgOWqFa5tAsKKRhF5Px45irOluUqune/yIRgovFzKT8dLWcgPmRz5ExK6RAOPqnMaoW yIY48DpZvJlu/A7vouctW8U0bhrho0yLjJujgQRnwpC+AyXwXjiJHYfzm3bFJp6tmiW7 8dYw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=amBEHEVxqVFoCjnEPgkcMHBGdzraSm9ES9I6RdUXFoU=; b=CZ9AbERDyPHHheABrJj7UTQrg7MSX1GtbwGzqB6TVpT0GwQ8z9LUtg3tITL0pdbMxf MknhmVpmGPC36wD+9EJzg9b0BMvfQbbAppSC9BbY3abZRmupCzDlgkRGmOtEjMobkoYR j2FJFHrY3PZphiXE5NO+8nsvPDb4bxv4xD71QtCOT0FcYheugPx31BHQzWOXfzBpgLR6 uKhSK4BnuIsyjbR2iBQknefY4RFNWTr//r4ZB0H2+GTGcaJNpGjg8gHeJFLjXawXD+YX bBFzmZl9a3ySMXh/a+ricI3U7zQs3+JIn/jB8lWGrpnDmXIertr/NGOCxU+/TGPtnHFE My7g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.b=CozMOto/; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u1si9102153plm.762.2017.07.25.13.45.48; Tue, 25 Jul 2017 13:45:49 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.b=CozMOto/; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752675AbdGYUpr (ORCPT + 6 others); Tue, 25 Jul 2017 16:45:47 -0400 Received: from mail-pf0-f176.google.com ([209.85.192.176]:33636 "EHLO mail-pf0-f176.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751609AbdGYUpo (ORCPT ); Tue, 25 Jul 2017 16:45:44 -0400 Received: by mail-pf0-f176.google.com with SMTP id s70so62622308pfs.0 for ; Tue, 25 Jul 2017 13:45:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=amBEHEVxqVFoCjnEPgkcMHBGdzraSm9ES9I6RdUXFoU=; b=CozMOto/9NKhABSCa/vBHUypvwr/IIlI0SClQbLQWGu88tzYn9xSxMXuC5Nax95Dpj O4d0Me5UGPPlG3LQMYVPQWPaodVp32z9tu2qjnq4K7ebjccFyo4gJMLW1gVnYVFHkmcv CJw8+x5mpLfcrg3Vhs47uBt+DKDRVG5GzscUM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=amBEHEVxqVFoCjnEPgkcMHBGdzraSm9ES9I6RdUXFoU=; b=EqQ3BO21IfBjUcT4v7n+vzfx2xLO8Lb+IXDGHL5Arut4fJrrXwBLFtIAGAonF2LXZT dZYGL6xSUeqbFnK2Jj80PKhmBglsSJxyYCHZ4eYDUqfsR9rO0Xm5Uhodc7/TJR/6wA6/ +pvA3pMkqVuInhLp/Txn2nPtiC11sYEtW7cV072+XTDTBamc2Zs6F072LxfemMwoXDno 3b6yx7XYUWasYTnuvmjPCEX/cFty+DX1Tp458Tyl3an1CfKtrZydaLwlHlP/JabcmkvK lbTvhLMuj/5wubUtcaclikphtZfcMspvnlck0a/OF92f56Yz/Pe+5mIPdUr8pIasMHo7 JYJg== X-Gm-Message-State: AIVw112KJI87gwT0L4gbRA+W7bPLwu4INbc5rAUxFMLEAbKJVx/nkK8Z 9tf7u7rPDquJbOIT X-Received: by 10.98.42.205 with SMTP id q196mr5334313pfq.176.1501015543415; Tue, 25 Jul 2017 13:45:43 -0700 (PDT) Received: from localhost.localdomain ([106.51.135.235]) by smtp.gmail.com with ESMTPSA id d4sm532125pfj.59.2017.07.25.13.45.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Jul 2017 13:45:41 -0700 (PDT) From: Amit Pundir To: Greg KH Cc: Stable , Guillaume Nault , "David S . Miller" Subject: [PATCH for-3.18 04/15] ppp: take reference on channels netns Date: Wed, 26 Jul 2017 02:15:15 +0530 Message-Id: <1501015526-32178-5-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1501015526-32178-1-git-send-email-amit.pundir@linaro.org> References: <1501015526-32178-1-git-send-email-amit.pundir@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Guillaume Nault commit 1f461dcdd296eecedaffffc6bae2bfa90bd7eb89 upstream. Let channels hold a reference on their network namespace. Some channel types, like ppp_async and ppp_synctty, can have their userspace controller running in a different namespace. Therefore they can't rely on them to preclude their netns from being removed from under them. -- 2.7.4 ================================================================== BUG: KASAN: use-after-free in ppp_unregister_channel+0x372/0x3a0 at addr ffff880064e217e0 Read of size 8 by task syz-executor/11581 ============================================================================= BUG net_namespace (Not tainted): kasan: bad access detected ----------------------------------------------------------------------------- Disabling lock debugging due to kernel taint INFO: Allocated in copy_net_ns+0x6b/0x1a0 age=92569 cpu=3 pid=6906 [< none >] ___slab_alloc+0x4c7/0x500 kernel/mm/slub.c:2440 [< none >] __slab_alloc+0x4c/0x90 kernel/mm/slub.c:2469 [< inline >] slab_alloc_node kernel/mm/slub.c:2532 [< inline >] slab_alloc kernel/mm/slub.c:2574 [< none >] kmem_cache_alloc+0x23a/0x2b0 kernel/mm/slub.c:2579 [< inline >] kmem_cache_zalloc kernel/include/linux/slab.h:597 [< inline >] net_alloc kernel/net/core/net_namespace.c:325 [< none >] copy_net_ns+0x6b/0x1a0 kernel/net/core/net_namespace.c:360 [< none >] create_new_namespaces+0x2f6/0x610 kernel/kernel/nsproxy.c:95 [< none >] copy_namespaces+0x297/0x320 kernel/kernel/nsproxy.c:150 [< none >] copy_process.part.35+0x1bf4/0x5760 kernel/kernel/fork.c:1451 [< inline >] copy_process kernel/kernel/fork.c:1274 [< none >] _do_fork+0x1bc/0xcb0 kernel/kernel/fork.c:1723 [< inline >] SYSC_clone kernel/kernel/fork.c:1832 [< none >] SyS_clone+0x37/0x50 kernel/kernel/fork.c:1826 [< none >] entry_SYSCALL_64_fastpath+0x16/0x7a kernel/arch/x86/entry/entry_64.S:185 INFO: Freed in net_drop_ns+0x67/0x80 age=575 cpu=2 pid=2631 [< none >] __slab_free+0x1fc/0x320 kernel/mm/slub.c:2650 [< inline >] slab_free kernel/mm/slub.c:2805 [< none >] kmem_cache_free+0x2a0/0x330 kernel/mm/slub.c:2814 [< inline >] net_free kernel/net/core/net_namespace.c:341 [< none >] net_drop_ns+0x67/0x80 kernel/net/core/net_namespace.c:348 [< none >] cleanup_net+0x4e5/0x600 kernel/net/core/net_namespace.c:448 [< none >] process_one_work+0x794/0x1440 kernel/kernel/workqueue.c:2036 [< none >] worker_thread+0xdb/0xfc0 kernel/kernel/workqueue.c:2170 [< none >] kthread+0x23f/0x2d0 kernel/drivers/block/aoe/aoecmd.c:1303 [< none >] ret_from_fork+0x3f/0x70 kernel/arch/x86/entry/entry_64.S:468 INFO: Slab 0xffffea0001938800 objects=3 used=0 fp=0xffff880064e20000 flags=0x5fffc0000004080 INFO: Object 0xffff880064e20000 @offset=0 fp=0xffff880064e24200 CPU: 1 PID: 11581 Comm: syz-executor Tainted: G B 4.4.0+ Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.8.2-0-g33fbe13 by qemu-project.org 04/01/2014 00000000ffffffff ffff8800662c7790 ffffffff8292049d ffff88003e36a300 ffff880064e20000 ffff880064e20000 ffff8800662c77c0 ffffffff816f2054 ffff88003e36a300 ffffea0001938800 ffff880064e20000 0000000000000000 Call Trace: [< inline >] __dump_stack kernel/lib/dump_stack.c:15 [] dump_stack+0x6f/0xa2 kernel/lib/dump_stack.c:50 [] print_trailer+0xf4/0x150 kernel/mm/slub.c:654 [] object_err+0x2f/0x40 kernel/mm/slub.c:661 [< inline >] print_address_description kernel/mm/kasan/report.c:138 [] kasan_report_error+0x215/0x530 kernel/mm/kasan/report.c:236 [< inline >] kasan_report kernel/mm/kasan/report.c:259 [] __asan_report_load8_noabort+0x3e/0x40 kernel/mm/kasan/report.c:280 [< inline >] ? ppp_pernet kernel/include/linux/compiler.h:218 [] ? ppp_unregister_channel+0x372/0x3a0 kernel/drivers/net/ppp/ppp_generic.c:2392 [< inline >] ppp_pernet kernel/include/linux/compiler.h:218 [] ppp_unregister_channel+0x372/0x3a0 kernel/drivers/net/ppp/ppp_generic.c:2392 [< inline >] ? ppp_pernet kernel/drivers/net/ppp/ppp_generic.c:293 [] ? ppp_unregister_channel+0xe6/0x3a0 kernel/drivers/net/ppp/ppp_generic.c:2392 [] ppp_asynctty_close+0xa3/0x130 kernel/drivers/net/ppp/ppp_async.c:241 [] ? async_lcp_peek+0x5b0/0x5b0 kernel/drivers/net/ppp/ppp_async.c:1000 [] tty_ldisc_close.isra.1+0x99/0xe0 kernel/drivers/tty/tty_ldisc.c:478 [] tty_ldisc_kill+0x40/0x170 kernel/drivers/tty/tty_ldisc.c:744 [] tty_ldisc_release+0x1b3/0x260 kernel/drivers/tty/tty_ldisc.c:772 [] tty_release+0xac1/0x13e0 kernel/drivers/tty/tty_io.c:1901 [] ? release_tty+0x320/0x320 kernel/drivers/tty/tty_io.c:1688 [] __fput+0x236/0x780 kernel/fs/file_table.c:208 [] ____fput+0x15/0x20 kernel/fs/file_table.c:244 [] task_work_run+0x16b/0x200 kernel/kernel/task_work.c:115 [< inline >] exit_task_work kernel/include/linux/task_work.h:21 [] do_exit+0x8b5/0x2c60 kernel/kernel/exit.c:750 [] ? debug_check_no_locks_freed+0x290/0x290 kernel/kernel/locking/lockdep.c:4123 [] ? mm_update_next_owner+0x6f0/0x6f0 kernel/kernel/exit.c:357 [] ? __dequeue_signal+0x136/0x470 kernel/kernel/signal.c:550 [] ? recalc_sigpending_tsk+0x13b/0x180 kernel/kernel/signal.c:145 [] do_group_exit+0x108/0x330 kernel/kernel/exit.c:880 [] get_signal+0x5e4/0x14f0 kernel/kernel/signal.c:2307 [< inline >] ? kretprobe_table_lock kernel/kernel/kprobes.c:1113 [] ? kprobe_flush_task+0xb5/0x450 kernel/kernel/kprobes.c:1158 [] do_signal+0x83/0x1c90 kernel/arch/x86/kernel/signal.c:712 [] ? recycle_rp_inst+0x310/0x310 kernel/include/linux/list.h:655 [] ? setup_sigcontext+0x780/0x780 kernel/arch/x86/kernel/signal.c:165 [] ? finish_task_switch+0x424/0x5f0 kernel/kernel/sched/core.c:2692 [< inline >] ? finish_lock_switch kernel/kernel/sched/sched.h:1099 [] ? finish_task_switch+0x120/0x5f0 kernel/kernel/sched/core.c:2678 [< inline >] ? context_switch kernel/kernel/sched/core.c:2807 [] ? __schedule+0x919/0x1bd0 kernel/kernel/sched/core.c:3283 [] exit_to_usermode_loop+0xf1/0x1a0 kernel/arch/x86/entry/common.c:247 [< inline >] prepare_exit_to_usermode kernel/arch/x86/entry/common.c:282 [] syscall_return_slowpath+0x19f/0x210 kernel/arch/x86/entry/common.c:344 [] int_ret_from_sys_call+0x25/0x9f kernel/arch/x86/entry/entry_64.S:281 Memory state around the buggy address: ffff880064e21680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff880064e21700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff880064e21780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff880064e21800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff880064e21880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ================================================================== Fixes: 273ec51dd7ce ("net: ppp_generic - introduce net-namespace functionality v2") Reported-by: Baozeng Ding Signed-off-by: Guillaume Nault Reviewed-by: Cyrill Gorcunov Signed-off-by: David S. Miller Signed-off-by: Amit Pundir --- drivers/net/ppp/ppp_generic.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c index 3dd1c19756ec..38c0231fb9b7 100644 --- a/drivers/net/ppp/ppp_generic.c +++ b/drivers/net/ppp/ppp_generic.c @@ -2342,6 +2342,8 @@ ppp_unregister_channel(struct ppp_channel *chan) spin_lock_bh(&pn->all_channels_lock); list_del(&pch->list); spin_unlock_bh(&pn->all_channels_lock); + put_net(pch->chan_net); + pch->chan_net = NULL; pch->file.dead = 1; wake_up_interruptible(&pch->file.rwait); From patchwork Tue Jul 25 20:45:16 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 108701 Delivered-To: patch@linaro.org Received: by 10.140.101.44 with SMTP id t41csp28802qge; Tue, 25 Jul 2017 13:45:50 -0700 (PDT) X-Received: by 10.84.228.214 with SMTP id y22mr23293999pli.245.1501015550059; Tue, 25 Jul 2017 13:45:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1501015550; cv=none; d=google.com; s=arc-20160816; b=jfm3c7VR466QgW0fZgDS3hVHJ6atrE332xmdXae+Nw51Q+OYFs1vUIMlG8KtlG0wnl Y7kIGb044qskrGOjkRiYO3//uF1w+OTVisnU7xd4s2NQm2/X+t1POcXQOX5BsM3TR4k6 +/JCzGsnUY96ORKREcvcVEXmfUJ7n6xq8ne8p8xc+RhLp3PEJs1xw3PxvHRGKFLjl4vh yL9An5xUmj53sMYgsvYSds/EYgeVjYWa/pnX8rmKiqtm9ssVMg2CEl+WBOJZ+y0/VDxW JFSLhRZYMFgpog5Vn3hx2l1exhyAYTVQ//qvhSNO/zsLgAbv6Bm+Dvl3c/YQlItNTFnT iVnQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=+pg1zUjLAQatmjpgokwwmEnkdmkGcyZPboPg0FvpHZU=; b=HTOax12WgxNQXQ/SYzaMjT+Vo2zQeI566ffeJlXUrjKcw5+lpYKM2K/S2NpPoV9rWn GSiOPRJJ3NftEoWay1iv8nbDdpsHXaX9vaAgyL9OGji2HfsB+IQzCm86xC1q798+GGW8 bfqcH3gTm3Pth4/Ub9WUbCJ8N8H+gzK1XpGr70hc3OPmZnz0VbyF08qm5zGU8aIP2Mrt A9NZXZZ1xNasKNXjbPkLlUe3ZtkIANJ80kq/aPAx7KWF0tQpf4ruh9Ftm33fhCGjT+pU ttZaC5NTGpb2EBs/tQnRJFrLWVoVjDYuS6LAohj0d/J0klX5AjYCbt8wMCydAu4JsJk9 BcbQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.b=g0DTuuiF; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u1si9102153plm.762.2017.07.25.13.45.49; Tue, 25 Jul 2017 13:45:50 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.b=g0DTuuiF; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751609AbdGYUps (ORCPT + 6 others); Tue, 25 Jul 2017 16:45:48 -0400 Received: from mail-pf0-f178.google.com ([209.85.192.178]:34155 "EHLO mail-pf0-f178.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752664AbdGYUpr (ORCPT ); Tue, 25 Jul 2017 16:45:47 -0400 Received: by mail-pf0-f178.google.com with SMTP id q85so62646903pfq.1 for ; Tue, 25 Jul 2017 13:45:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=+pg1zUjLAQatmjpgokwwmEnkdmkGcyZPboPg0FvpHZU=; b=g0DTuuiFS63pBb/+LSwIG8P9VsLd0qgus/iFFWD/fZWVOjOY9d2DugA3fWtkDRaDcW z3DsvBdY+NHmWZdFgj00Mx8h3T0eRL5IiKw3hGqvFQoFaTUa56ZdEAsOJY0iV8Ewi2o6 Kf96Crn63TppyzJvw5ZjAODsDRX1QfWwUthio= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=+pg1zUjLAQatmjpgokwwmEnkdmkGcyZPboPg0FvpHZU=; b=Q7H31e8CBGhsWocONhbKQZis/fiDAHc5K9bzLBWEf15zpgF9TP5QkCT0Z1oyoyJVgj rKQuUm97qmsBViJTHGnt/jK8Uwr4WiNlZrLJcJmwHtwejg77d1U/o63NjZABQjvPHFDg SklLQZ7UjjWtcE7pZNCMZ9bOITf/X3AqBspnpsG9k8b0NHLzgoVwci67WdbrB994/+zK jOo58yWiga+3AdOa4eSij3N2fm8k1mjdCJQr6LtrK/86FDhEThgW6skfXEm8f1J7BtpT P5P3FUQ0ViPLlY0C/yUGfNuVMkgFtXi5EjMfyKSJIzOeYS5EhpEPf9imz4sb8eWe2JqR UYtg== X-Gm-Message-State: AIVw112kS+ul4r3Hob1jEbsoYiyaDXYaoPq+18/Vm2IGt3skKrq0HQny s5CwCrvIm5S85CeG X-Received: by 10.98.202.214 with SMTP id y83mr20979725pfk.2.1501015546324; Tue, 25 Jul 2017 13:45:46 -0700 (PDT) Received: from localhost.localdomain ([106.51.135.235]) by smtp.gmail.com with ESMTPSA id d4sm532125pfj.59.2017.07.25.13.45.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Jul 2017 13:45:45 -0700 (PDT) From: Amit Pundir To: Greg KH Cc: Stable , Calvin Owens , "Martin K . Petersen" Subject: [PATCH for-3.18 05/15] mpt3sas: Don't overreach ioc->reply_post[] during initialization Date: Wed, 26 Jul 2017 02:15:16 +0530 Message-Id: <1501015526-32178-6-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1501015526-32178-1-git-send-email-amit.pundir@linaro.org> References: <1501015526-32178-1-git-send-email-amit.pundir@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Calvin Owens commit 5ec8a1753bc29efa7e4b1391d691c9c719b30257 upstream. In _base_make_ioc_operational(), we walk ioc->reply_queue_list and pull a pointer out of successive elements of ioc->reply_post[] for each entry in that list if RDPQ is enabled. Since the code pulls the pointer for the next iteration at the bottom of the loop, it triggers the a KASAN dump on the final iteration: BUG: KASAN: slab-out-of-bounds in _base_make_ioc_operational+0x47b7/0x47e0 [mpt3sas] at addr ffff880754816ab0 Read of size 8 by task modprobe/305 Call Trace: [] dump_stack+0x4d/0x6c [] print_trailer+0xf9/0x150 [] object_err+0x34/0x40 [] kasan_report_error+0x221/0x530 [] __asan_report_load8_noabort+0x43/0x50 [] _base_make_ioc_operational+0x47b7/0x47e0 [mpt3sas] [] mpt3sas_base_attach+0x1991/0x2120 [mpt3sas] [] _scsih_probe+0xeb3/0x16b0 [mpt3sas] [] local_pci_probe+0xc7/0x170 [] pci_device_probe+0x20f/0x290 [] really_probe+0x17d/0x600 [] __driver_attach+0x153/0x190 [] bus_for_each_dev+0x11c/0x1a0 [] driver_attach+0x3d/0x50 [] bus_add_driver+0x44a/0x5f0 [] driver_register+0x18c/0x3b0 [] __pci_register_driver+0x156/0x200 [] _mpt3sas_init+0x135/0x1000 [mpt3sas] [] do_one_initcall+0x113/0x2b0 [] do_init_module+0x1d0/0x4d8 [] load_module+0x6729/0x8dc0 [] SYSC_init_module+0x183/0x1a0 [] SyS_init_module+0xe/0x10 [] entry_SYSCALL_64_fastpath+0x12/0x6a Fix this by pulling the value at the beginning of the loop. Signed-off-by: Calvin Owens Reviewed-by: Johannes Thumshirn Reviewed-by: Jens Axboe Acked-by: Chaitra Basappa Signed-off-by: Martin K. Petersen Signed-off-by: Amit Pundir --- drivers/scsi/mpt3sas/mpt3sas_base.c | 33 ++++++++++++++++----------------- 1 file changed, 16 insertions(+), 17 deletions(-) -- 2.7.4 diff --git a/drivers/scsi/mpt3sas/mpt3sas_base.c b/drivers/scsi/mpt3sas/mpt3sas_base.c index 1560115079c7..52d409408aa3 100644 --- a/drivers/scsi/mpt3sas/mpt3sas_base.c +++ b/drivers/scsi/mpt3sas/mpt3sas_base.c @@ -4378,14 +4378,13 @@ _base_make_ioc_ready(struct MPT3SAS_ADAPTER *ioc, int sleep_flag, static int _base_make_ioc_operational(struct MPT3SAS_ADAPTER *ioc, int sleep_flag) { - int r, i; + int r, i, index; unsigned long flags; u32 reply_address; u16 smid; struct _tr_list *delayed_tr, *delayed_tr_next; struct adapter_reply_queue *reply_q; - long reply_post_free; - u32 reply_post_free_sz, index = 0; + Mpi2ReplyDescriptorsUnion_t *reply_post_free_contig; dinitprintk(ioc, pr_info(MPT3SAS_FMT "%s\n", ioc->name, __func__)); @@ -4456,27 +4455,27 @@ _base_make_ioc_operational(struct MPT3SAS_ADAPTER *ioc, int sleep_flag) _base_assign_reply_queues(ioc); /* initialize Reply Post Free Queue */ - reply_post_free_sz = ioc->reply_post_queue_depth * - sizeof(Mpi2DefaultReplyDescriptor_t); - reply_post_free = (long)ioc->reply_post[index].reply_post_free; + index = 0; + reply_post_free_contig = ioc->reply_post[0].reply_post_free; list_for_each_entry(reply_q, &ioc->reply_queue_list, list) { + /* + * If RDPQ is enabled, switch to the next allocation. + * Otherwise advance within the contiguous region. + */ + if (ioc->rdpq_array_enable) { + reply_q->reply_post_free = + ioc->reply_post[index++].reply_post_free; + } else { + reply_q->reply_post_free = reply_post_free_contig; + reply_post_free_contig += ioc->reply_post_queue_depth; + } + reply_q->reply_post_host_index = 0; - reply_q->reply_post_free = (Mpi2ReplyDescriptorsUnion_t *) - reply_post_free; for (i = 0; i < ioc->reply_post_queue_depth; i++) reply_q->reply_post_free[i].Words = cpu_to_le64(ULLONG_MAX); if (!_base_is_controller_msix_enabled(ioc)) goto skip_init_reply_post_free_queue; - /* - * If RDPQ is enabled, switch to the next allocation. - * Otherwise advance within the contiguous region. - */ - if (ioc->rdpq_array_enable) - reply_post_free = (long) - ioc->reply_post[++index].reply_post_free; - else - reply_post_free += reply_post_free_sz; } skip_init_reply_post_free_queue: From patchwork Tue Jul 25 20:45:17 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 108702 Delivered-To: patch@linaro.org Received: by 10.140.101.44 with SMTP id t41csp28849qge; Tue, 25 Jul 2017 13:45:53 -0700 (PDT) X-Received: by 10.84.210.65 with SMTP id z59mr18308576plh.450.1501015553704; Tue, 25 Jul 2017 13:45:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1501015553; cv=none; d=google.com; s=arc-20160816; b=GOIS5F9umoMpvseTExqIvJX+JH6dBr+8rjJXX94xrRpTWXvaXCWLcw/QKbekKGYCQg 3UhIox0uK051CTckxEvBbCupq6E3Pwbnr7JUWn5TBpPhpAyly0gCS9ie//B0DQrbN3pJ HUfyrGslE5lQevruRCSC4OSFTheCh59ykgnc7Fxzr8EtyWi5yp7RpMckT8c+7FA6VY32 bS2pMkVR8Y/lFT5+A7Bb+lw27vTfKqplhKF5FvPcNWjFyFf0c5DFwiZt9ZCdiNrdqLs0 raz1FJhIwkBfUa4gC1N/lLM+7g6pqivujsF+qeoD85CnYxafG9JdlbSbH0ASAC47eNQb tGqg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=sgAUo9oml6MBc6ka8Tl6/rhEc9BFwvMnrusY6nSRMlM=; b=XSv2k5z7ySBGLMXbrl4ERdfpuNEcNeL6K7XVK2XS3DKyXOyy/kJ8hiUXz14aJ60pM6 D7NMOULL35JvAeqj8b3Fanh7sLGiH1Wgxb9DKX9i+mY/fY+XsiEWzv4SeF4WLO3ITXxn 2Gn9putLmkPL9lYpi1OwqvbaIYRJriCT1oWf9SOEnWToMN+i9UWAwn68tR1SSOh/9cGh clbP7RY0Ky6Ekn6mcejAe840f3knLwOpQCnzuq1ff/yLUFBnC2JbJ3TLZyQnVEug301y df/l7EG76qEWHNRBeCKa43QWMFTU7d0SXBrmSRA4K7tLZCB9KfNBOd3IBrkFlKqfBLjI 8qOg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.b=JTpztAhE; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u1si9102153plm.762.2017.07.25.13.45.53; Tue, 25 Jul 2017 13:45:53 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.b=JTpztAhE; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751472AbdGYUpv (ORCPT + 6 others); Tue, 25 Jul 2017 16:45:51 -0400 Received: from mail-pg0-f44.google.com ([74.125.83.44]:37313 "EHLO mail-pg0-f44.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752552AbdGYUpt (ORCPT ); Tue, 25 Jul 2017 16:45:49 -0400 Received: by mail-pg0-f44.google.com with SMTP id y129so74741551pgy.4 for ; Tue, 25 Jul 2017 13:45:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=sgAUo9oml6MBc6ka8Tl6/rhEc9BFwvMnrusY6nSRMlM=; b=JTpztAhEuzpvCrKqaxVWo69crdOV07dXPcmWIf19tGkKYS4OHS1okZlB7OPxDSyIQ+ 3qWco8ohXB1YojEyh7R3j7C0V6cqdsTxPUc+lDYHh7Fny85ksas47QvBJ1bUneKS1JCD RKXAPm5zh3SfDCOuQMM4hoVgVMdwgCFZiDRRA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=sgAUo9oml6MBc6ka8Tl6/rhEc9BFwvMnrusY6nSRMlM=; b=b926Zct+HDw7f3tz/1NUZ1xAXW9uY/NUNNm+AW7Dvnj4Y8a55ZMFRxncXmplUC08Gl znzkpezVyzf76CFLlWyc8G92X713RKC0r8GwbBMwhcLE0/yMtzkRLZS7hORKNd5/j/vI KMppRhd0zYGsTcd7bS9CHP404ThwVFiSxtkH/a86F1hIP7wFWetW+vZZUcU8hRyRDLmv m54+UTL83OkAZiYwT/4z57LHntCEhT6KpVd6Gjxl8UrIz/vLHnPLbdYpMTPkXi6G8He5 4nPf/gEh2U+JfDC06RoyaAnSugz3VLBq2H+KCo6/R64+wfgc+sDycm1CuvWdHK87gZyT q2nQ== X-Gm-Message-State: AIVw113oH8epw4oUtmFzF9vga3OkkgApZyZ9ry6HoccVCX5x9l3qmjMH wxQnmOtBv6IrLu0Hde33uw== X-Received: by 10.84.128.195 with SMTP id a61mr22977280pla.222.1501015549299; Tue, 25 Jul 2017 13:45:49 -0700 (PDT) Received: from localhost.localdomain ([106.51.135.235]) by smtp.gmail.com with ESMTPSA id d4sm532125pfj.59.2017.07.25.13.45.46 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Jul 2017 13:45:48 -0700 (PDT) From: Amit Pundir To: Greg KH Cc: Stable , Oliver Neukum , "David S . Miller" Subject: [PATCH for-3.18 06/15] kaweth: fix firmware download Date: Wed, 26 Jul 2017 02:15:17 +0530 Message-Id: <1501015526-32178-7-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1501015526-32178-1-git-send-email-amit.pundir@linaro.org> References: <1501015526-32178-1-git-send-email-amit.pundir@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Oliver Neukum commit 60bcabd080f53561efa9288be45c128feda1a8bb upstream. This fixes the oops discovered by the Umap2 project and Alan Stern. The intf member needs to be set before the firmware is downloaded. Signed-off-by: Oliver Neukum Signed-off-by: David S. Miller Signed-off-by: Amit Pundir --- drivers/net/usb/kaweth.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) -- 2.7.4 diff --git a/drivers/net/usb/kaweth.c b/drivers/net/usb/kaweth.c index dcb6d33141e0..95ef45a5e9df 100644 --- a/drivers/net/usb/kaweth.c +++ b/drivers/net/usb/kaweth.c @@ -1029,6 +1029,7 @@ static int kaweth_probe( kaweth = netdev_priv(netdev); kaweth->dev = udev; kaweth->net = netdev; + kaweth->intf = intf; spin_lock_init(&kaweth->device_lock); init_waitqueue_head(&kaweth->term_wait); @@ -1139,8 +1140,6 @@ err_fw: dev_dbg(dev, "Initializing net device.\n"); - kaweth->intf = intf; - kaweth->tx_urb = usb_alloc_urb(0, GFP_KERNEL); if (!kaweth->tx_urb) goto err_free_netdev; From patchwork Tue Jul 25 20:45:18 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 108703 Delivered-To: patch@linaro.org Received: by 10.140.101.44 with SMTP id t41csp28873qge; Tue, 25 Jul 2017 13:45:55 -0700 (PDT) X-Received: by 10.84.234.9 with SMTP id m9mr22610934plk.15.1501015555801; Tue, 25 Jul 2017 13:45:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1501015555; cv=none; d=google.com; s=arc-20160816; b=HQRqjYLXNfnNKc99msv3GlWiZr+D3repZ8L0IDJqhKf3NQxIcdogZvvhIguY8zAp/D Dfs2+rQn5rmFUO8BGZimCeklq/H9jnHj9rzSpvHwsybP5RU8V0Qd6w+bNSr+J7DdAMgf 9wHPNkFydZuTKNPslGmMICcnsxOJi1+o+kl/NpnT3gg+xvIj8tOallTjCoHYgv9tNqlB D+Dxo44wXa3isxn38yYTc29q4QS4b9ZIDiPNELSS+LuANqtG/s2d7qpLKbHK8V07ATWK 7F3sJJS64TxWSr+zSybh7I3Hur4/xHxIhK6kUYdkdOE/IkJ5gA2yXBPpS+kVqav0jIo4 5gWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=4HJJ+gH5/SQ1ZFIOrNUXLZcdOzmkcI/r+5iUUIhMx50=; b=FVCC1mraOhsi6LDXuhfZ72KzoG3ahhdPUXEb+yq0qLbXw8ijLrS4bppJhEltb5j0RG bKIaiNT8r8tyvjcDs7e2x9wYLMg4OrkSawxlpJtFeeb5U0crOM4yc7mJ5jiU3zlswD3i mxGMe1I9ZS4ZdHORBIciB0a3Kzvbg7h6SpnSHn72LqzNAV5SCLFyg7rTL5SE/qglUqZ9 XVKNQ2vOmfUNc7M6dPLleFDuzUTvjxt8S0pZlyzMQZgdBPo608IGs8jB/+cx49bck/LU ERSHSYu4JkoWqDxZI2Yt0Xp6bW2wCJm9y61/oUPO7KbMoJ7zL6nw1JceOcFl+cQc3gZ/ IHvQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.b=P9CsiRMd; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u1si9102153plm.762.2017.07.25.13.45.55; Tue, 25 Jul 2017 13:45:55 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.b=P9CsiRMd; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752605AbdGYUpx (ORCPT + 6 others); Tue, 25 Jul 2017 16:45:53 -0400 Received: from mail-pg0-f42.google.com ([74.125.83.42]:33625 "EHLO mail-pg0-f42.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752552AbdGYUpw (ORCPT ); Tue, 25 Jul 2017 16:45:52 -0400 Received: by mail-pg0-f42.google.com with SMTP id g14so25954261pgu.0 for ; Tue, 25 Jul 2017 13:45:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=4HJJ+gH5/SQ1ZFIOrNUXLZcdOzmkcI/r+5iUUIhMx50=; b=P9CsiRMd7J74zj9gl8MbqfqL7ljmJHEWtpk2dMQX4kygkxDm908pbfo9p2nGsK+csB HZxxtLAhfT77fNGUlqsx7tifA3yVi1OdeVuWerEOGQvsVa9JTv/TK3w/bDJpALTip73D Huz4PVmqHcLZyvXS1GmESGu2QIU9lMaF1mJbs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=4HJJ+gH5/SQ1ZFIOrNUXLZcdOzmkcI/r+5iUUIhMx50=; b=YfFNoE/XNi2GB1hN2WMQRWHJH97DnfsoITF/hIsIMTP7XPTY+mpi6tGaUjwXPjIfIe Il2lSlcGHzg/TIeyz57HUaXqPzmAmYoVffKCKF/1QxuThROCkOhWvn5Ueme8urF6IxdC iaciW2KE2pW+w7+tpOrCUyfjJ42cUQkWnbpL6fStTYRN7YdinR/z4+Y0O2N6C+nc/C1Y hJad1dRaf5gLFLYvDZdMVVnQ9pyq0sDGCcyuzbmYDVVYx3ANQ/u4aM+kMHHLMLyBW1R4 EE4rVENPTVEsjkGP4hUkYQwJVpIxhFU99j4aqOXc4WrfO0XSGREWuvHPE+I4dcEIk/6/ YrFQ== X-Gm-Message-State: AIVw113Er0WV6D5siihbJBS08lu8Qyl+eFoZamcPUzfzpjr/5u8bC8Mn 8zIMyXfuG9DOhJf2O+eF8Q== X-Received: by 10.84.217.68 with SMTP id e4mr8255286plj.309.1501015552286; Tue, 25 Jul 2017 13:45:52 -0700 (PDT) Received: from localhost.localdomain ([106.51.135.235]) by smtp.gmail.com with ESMTPSA id d4sm532125pfj.59.2017.07.25.13.45.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Jul 2017 13:45:51 -0700 (PDT) From: Amit Pundir To: Greg KH Cc: Stable , Oliver Neukum , "David S . Miller" Subject: [PATCH for-3.18 07/15] kaweth: fix oops upon failed memory allocation Date: Wed, 26 Jul 2017 02:15:18 +0530 Message-Id: <1501015526-32178-8-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1501015526-32178-1-git-send-email-amit.pundir@linaro.org> References: <1501015526-32178-1-git-send-email-amit.pundir@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Oliver Neukum commit 575ced7f8090c1a4e91e2daf8da9352a6a1fc7a7 upstream. Just return an error upon failure. Signed-off-by: Oliver Neukum Signed-off-by: David S. Miller Signed-off-by: Amit Pundir --- drivers/net/usb/kaweth.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) -- 2.7.4 diff --git a/drivers/net/usb/kaweth.c b/drivers/net/usb/kaweth.c index 95ef45a5e9df..40f3fbf2ca01 100644 --- a/drivers/net/usb/kaweth.c +++ b/drivers/net/usb/kaweth.c @@ -1009,6 +1009,7 @@ static int kaweth_probe( struct net_device *netdev; const eth_addr_t bcast_addr = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; int result = 0; + int rv = -EIO; dev_dbg(dev, "Kawasaki Device Probe (Device number:%d): 0x%4.4x:0x%4.4x:0x%4.4x\n", @@ -1049,6 +1050,10 @@ static int kaweth_probe( /* Download the firmware */ dev_info(dev, "Downloading firmware...\n"); kaweth->firmware_buf = (__u8 *)__get_free_page(GFP_KERNEL); + if (!kaweth->firmware_buf) { + rv = -ENOMEM; + goto err_free_netdev; + } if ((result = kaweth_download_firmware(kaweth, "kaweth/new_code.bin", 100, @@ -1209,7 +1214,7 @@ err_only_tx: err_free_netdev: free_netdev(netdev); - return -EIO; + return rv; } /**************************************************************** From patchwork Tue Jul 25 20:45:19 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 108704 Delivered-To: patch@linaro.org Received: by 10.140.101.44 with SMTP id t41csp28929qge; Tue, 25 Jul 2017 13:46:00 -0700 (PDT) X-Received: by 10.101.85.206 with SMTP id k14mr20214192pgs.153.1501015560015; Tue, 25 Jul 2017 13:46:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1501015560; cv=none; d=google.com; s=arc-20160816; b=K/7UEjfn1TdrwnHX/Y3AKZRbdT7wKOk9SycSz4ZVBQaMKa0f3QCxLdPsKfTm9oG2Xn 4KrJFDAdHKIMWxY4MOhgI6bjXhwLxPEL+3zUC9tn8kRgsIV5Uim3gdtIlH4bYj0tVtzd JVlW8NpTeU3a5BtMPXqbXQGblWBfFVFN/M8Kz0fAUUEeVtumTEhX0qSyj+MrcI+86jxk J/NY1mXq4g4W0OHZnBI8c5tJ41kZRp2b/zlQAuXfAYzFKYBkzIVcXlADG6mHF5pREhLp emuBA6EBZNzTHf3/Qh3F84rPMPPAVcPrD9hWMBTgflFXuhFwsHjps4aP3V2AA5Ip1NNA n5jA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=Hqdx6fqXvRQYHBYQ/c/n71dGveslt2HMO4kzrdcslxE=; b=U1S0+UEXTqsI8NwbRfbPxCRdeX0UDps4mtoJCZGIT8NzyibjPqwRwwsCxajyT7fdkp nopL9qP6VUF/lznjC2Ix4Luch+0zGANjtor3DFTPKo5Gg5tyOqRLYDabj6e1keCMZIJf 3l8TGgNo2/HAUGlIsS390QdFjhIK98bfFXzvzWmMqDrzeWxHTMPm7SU8XJL2jCYKLZR7 lDyEkJGEvXbdqE4ui4AyhvZkwHTfI3AdmEg0NT+y3YWZygh+x2StR6rY0wSX1i/yzW97 Li4WI9xPRCGKVeSc46c156m+g0mMAOjrWHrk5wCyUWei66cMVl+U88nm/Ifp4HHqFmG0 fuBQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.b=NaQ6VJXe; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u1si9102153plm.762.2017.07.25.13.45.59; Tue, 25 Jul 2017 13:46:00 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.b=NaQ6VJXe; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752609AbdGYUp5 (ORCPT + 6 others); Tue, 25 Jul 2017 16:45:57 -0400 Received: from mail-pg0-f50.google.com ([74.125.83.50]:35197 "EHLO mail-pg0-f50.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752552AbdGYUpz (ORCPT ); Tue, 25 Jul 2017 16:45:55 -0400 Received: by mail-pg0-f50.google.com with SMTP id v190so74826560pgv.2 for ; Tue, 25 Jul 2017 13:45:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Hqdx6fqXvRQYHBYQ/c/n71dGveslt2HMO4kzrdcslxE=; b=NaQ6VJXe7G3owi8w7zL8LkdOXdWRj4fWFMcrwIByIwvZJ+G1Pr/BLr/F9xpAFraB6i MfG60ZcnG8pYFEd/AoUMxi++cpNffkQypqNTGkkTv65tRA3B7tDCnsbHi2Vv3JB5y+Rq folTVu9HkhAW2FiUxLqoERGwpPLiZPe8nQ9rE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Hqdx6fqXvRQYHBYQ/c/n71dGveslt2HMO4kzrdcslxE=; b=Frz6zoEItIjNRN47XPaHsoG+GRkleGeqgrX8fjXdtMCq4w/IGEnhGiYxC6FlTOyqR/ NL8bLekSCtaUTcHM38O1kluKRXAVszI1RBUK16nMPMPmUFmKjnPhsAH6tQSCQHp15arG rYYYNcJ0pln4SHhIu/ocHXn5ILzLki0VBmqjxhsymh973C/ZW/X9gC4b4fzUeXPOlvrA eB31GuRTtlnTPYWqnmDu2YuqDtYOkZBdVwjKXXmxwIt94G2OCRMGqdg4FhusoGSH6yY8 STH6btlnTfFaX1fpOeCm4XQBWbmsOfxT9N6YDCUZlA2rkN88UYfDDH355bfZmccPd9mB 5byA== X-Gm-Message-State: AIVw110fT6LwUMmrG2FIAhhXmWWEqLPCRjQn0Q7HL6UmZfhNytAzf1Uu VSMnksBiYo0ENRoG X-Received: by 10.98.214.217 with SMTP id a86mr17118594pfl.244.1501015555246; Tue, 25 Jul 2017 13:45:55 -0700 (PDT) Received: from localhost.localdomain ([106.51.135.235]) by smtp.gmail.com with ESMTPSA id d4sm532125pfj.59.2017.07.25.13.45.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Jul 2017 13:45:54 -0700 (PDT) From: Amit Pundir To: Greg KH Cc: Stable , Florian Fainelli , "David S . Miller" Subject: [PATCH for-3.18 08/15] net: phy: Do not perform software reset for Generic PHY Date: Wed, 26 Jul 2017 02:15:19 +0530 Message-Id: <1501015526-32178-9-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1501015526-32178-1-git-send-email-amit.pundir@linaro.org> References: <1501015526-32178-1-git-send-email-amit.pundir@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Florian Fainelli commit 0878fff1f42c18e448ab5b8b4f6a3eb32365b5b6 upstream. The Generic PHY driver is a catch-all PHY driver and it should preserve whatever prior initialization has been done by boot loader or firmware agents. For specific PHY device configuration it is expected that a specialized PHY driver would take over that role. Resetting the generic PHY was a bad idea that has lead to several complaints and downstream workarounds e.g: in OpenWrt/LEDE so restore the behavior prior to 87aa9f9c61ad ("net: phy: consolidate PHY reset in phy_init_hw()"). Reported-by: Felix Fietkau Fixes: 87aa9f9c61ad ("net: phy: consolidate PHY reset in phy_init_hw()") Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller Signed-off-by: Amit Pundir --- drivers/net/phy/phy_device.c | 2 +- include/linux/phy.h | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) -- 2.7.4 diff --git a/drivers/net/phy/phy_device.c b/drivers/net/phy/phy_device.c index 70a0d88de654..9f8e10a240db 100644 --- a/drivers/net/phy/phy_device.c +++ b/drivers/net/phy/phy_device.c @@ -1341,7 +1341,7 @@ static struct phy_driver genphy_driver[] = { .phy_id = 0xffffffff, .phy_id_mask = 0xffffffff, .name = "Generic PHY", - .soft_reset = genphy_soft_reset, + .soft_reset = genphy_no_soft_reset, .config_init = genphy_config_init, .features = PHY_GBIT_FEATURES | SUPPORTED_MII | SUPPORTED_AUI | SUPPORTED_FIBRE | diff --git a/include/linux/phy.h b/include/linux/phy.h index d090cfcaa167..fbdacd1278e3 100644 --- a/include/linux/phy.h +++ b/include/linux/phy.h @@ -737,6 +737,10 @@ int genphy_read_status(struct phy_device *phydev); int genphy_suspend(struct phy_device *phydev); int genphy_resume(struct phy_device *phydev); int genphy_soft_reset(struct phy_device *phydev); +static inline int genphy_no_soft_reset(struct phy_device *phydev) +{ + return 0; +} void phy_driver_unregister(struct phy_driver *drv); void phy_drivers_unregister(struct phy_driver *drv, int n); int phy_driver_register(struct phy_driver *new_driver); From patchwork Tue Jul 25 20:45:20 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 108711 Delivered-To: patch@linaro.org Received: by 10.140.101.44 with SMTP id t41csp29420qge; Tue, 25 Jul 2017 13:46:37 -0700 (PDT) X-Received: by 10.98.236.78 with SMTP id k75mr20451822pfh.215.1501015597115; Tue, 25 Jul 2017 13:46:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1501015597; cv=none; d=google.com; s=arc-20160816; b=iqMmQKythOXQ8v8THXUXgJq77alxwaiGCqNXVD1cbP9rrsH7Gj31egd5QqF7EsWKf5 gRjXMyniD8fntrSGKTjzB4maVSlngI0vltFH/jyUDb2DX7wdsjq8ukMaXDQBx4WyLrL7 5Enac1wR5u6lUvsw28N3nlB/yccIvUmsdcf4E5q6x4UNdGLi4pwQUnnrfi/4Rj4yRbLO ezyPLDWSK0SKN3qfRahQVZbb4sZwYNxycST2VYTnJY1vRwEC1LyXfZa4zhwDpkax8S82 dAAHZBtnj4tfoLpmkenSc2xDbqGFRxXzpA0MMFEm289N44FCT7UXY6T60Rw3V0qEanjB MrnA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=+IT8FuLYyNifhF7YAD4hYXJgW8YkQ4S8/FTml/GrQyI=; b=xyGnSAklHTpoqB/QEP2QE1vVKsCMpxgJnV4Fll2+pNmVrYPFSCch2ttinBpsCw2bGp YAikRT2nABD6PccMtItIBXfKfXW/dtwYLKqHghN55bBlBu56wxu9HgzFkLI11p7kFdon RJzq5qTzBLwalDwyAnS9tNKyTzuUD4kybp02fNy1FPx+pLhaSgJGs0lttMJ4ZN0X6ol+ PuJMlNGoNJaajKJazjSblBg80fkM92N8hdHGnf/8sLQ2wTs9cTh6gNN7SAhSZQEO/J0X HzvBtJCvGcaHbNzG3TNOPuLyCQvZ2YUrkelmjNdCNyIxf9g9MsAePONI3+mcsKtPmNY/ O9Aw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.b=W6eQJMm3; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m1si8985184plb.340.2017.07.25.13.46.36; Tue, 25 Jul 2017 13:46:37 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.b=W6eQJMm3; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752599AbdGYUqA (ORCPT + 6 others); Tue, 25 Jul 2017 16:46:00 -0400 Received: from mail-pg0-f52.google.com ([74.125.83.52]:34585 "EHLO mail-pg0-f52.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752552AbdGYUp6 (ORCPT ); Tue, 25 Jul 2017 16:45:58 -0400 Received: by mail-pg0-f52.google.com with SMTP id 123so74824707pgj.1 for ; Tue, 25 Jul 2017 13:45:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=+IT8FuLYyNifhF7YAD4hYXJgW8YkQ4S8/FTml/GrQyI=; b=W6eQJMm34V33NvClKVghYPDeYoDqGjkfOelfG5GXfvcMZbUQ8iJwPCOSExUkSssHY5 0nz2j5+MGjKnpk6ck0d7uBTRQ/OQqon+u/RcJM/+iInbuYACzwyb55DnGA9qP0lfIGUE pKXdqTNHD34eIZC84BEbRAHFjZOw8bB9I6pyo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=+IT8FuLYyNifhF7YAD4hYXJgW8YkQ4S8/FTml/GrQyI=; b=eksF1JwUpdK0g6aO4tMcZQV65mqCmnl7dfGze3wTeg4dm1PdVh4G+EQVdXxPOu9ieY zi1YzQ05s5Im6Qwx9CE94yfgBK/J0zNxdIz1BL8APfiFmyXtKl+/6O/HkIWdPSo+Mm/i Ok8cJcfmIFtinbjYQCfUNovAVhjvQ9dtFAws/Mj+M94EVd0H2u8qdhHJIWZNGHdn8o07 rQhbO/1fwNlDlpKTbe4BahlDhjtRM8r2ZtI2OpOKgNzYPo9R4Quzw3jkzcTzyJqAbc9M F3RsXARQLLgXlCLvDo0KzLPXqRnRruCM0J6ZykQmNENJ3H4ooBLthz5AG50f7nmMcg78 o7zQ== X-Gm-Message-State: AIVw1124B6OTBTZefXdcU4i2DZ6VHT2boWteRpQCI6y5I/Ds3Nvoz8ss cR/Wo5jd1rbd0Lo/ X-Received: by 10.98.72.90 with SMTP id v87mr20977477pfa.337.1501015557997; Tue, 25 Jul 2017 13:45:57 -0700 (PDT) Received: from localhost.localdomain ([106.51.135.235]) by smtp.gmail.com with ESMTPSA id d4sm532125pfj.59.2017.07.25.13.45.55 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Jul 2017 13:45:56 -0700 (PDT) From: Amit Pundir To: Greg KH Cc: Stable , Jia-Ju Bai , "David S . Miller" Subject: [PATCH for-3.18 09/15] isdn: Fix a sleep-in-atomic bug Date: Wed, 26 Jul 2017 02:15:20 +0530 Message-Id: <1501015526-32178-10-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1501015526-32178-1-git-send-email-amit.pundir@linaro.org> References: <1501015526-32178-1-git-send-email-amit.pundir@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Jia-Ju Bai commit e8f4ae85439f34bec3b0ab69223a41809dab28c9 upstream. The driver may sleep under a spin lock, the function call path is: isdn_ppp_mp_receive (acquire the lock) isdn_ppp_mp_reassembly isdn_ppp_push_higher isdn_ppp_decompress isdn_ppp_ccp_reset_trans isdn_ppp_ccp_reset_alloc_state kzalloc(GFP_KERNEL) --> may sleep To fixed it, the "GFP_KERNEL" is replaced with "GFP_ATOMIC". Signed-off-by: Jia-Ju Bai Signed-off-by: David S. Miller Signed-off-by: Amit Pundir --- drivers/isdn/i4l/isdn_ppp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.7.4 diff --git a/drivers/isdn/i4l/isdn_ppp.c b/drivers/isdn/i4l/isdn_ppp.c index 9c1e8adaf4fc..bf3fbd00a091 100644 --- a/drivers/isdn/i4l/isdn_ppp.c +++ b/drivers/isdn/i4l/isdn_ppp.c @@ -2364,7 +2364,7 @@ static struct ippp_ccp_reset_state *isdn_ppp_ccp_reset_alloc_state(struct ippp_s id); return NULL; } else { - rs = kzalloc(sizeof(struct ippp_ccp_reset_state), GFP_KERNEL); + rs = kzalloc(sizeof(struct ippp_ccp_reset_state), GFP_ATOMIC); if (!rs) return NULL; rs->state = CCPResetIdle; From patchwork Tue Jul 25 20:45:21 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 108705 Delivered-To: patch@linaro.org Received: by 10.140.101.44 with SMTP id t41csp29042qge; Tue, 25 Jul 2017 13:46:07 -0700 (PDT) X-Received: by 10.84.149.139 with SMTP id m11mr8579320pla.376.1501015567290; Tue, 25 Jul 2017 13:46:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1501015567; cv=none; d=google.com; s=arc-20160816; b=o79fk+W8vUM44Ug0bo+lPmm2QfOlbq7mXuroxh5AyGjKbUIVVp3ZddKWMxIsEoujyo 4icekKwoJF5546OHi/zoDFxdkZ7UcNiGoe2MKrryyMij1u5UU3DJ+NUrR8chE0fIr644 RBm+t+k4e3UKv9PUYfg+HO7Lr8yE9oo3e1k7IbuDdEp6AVTFqb+kGfUSGlXrPJDhNfOL C+Y+dxn4HFJXakOMZIFUpk7jdSzAulMtz8FEP30wHzSV5Nq4fKMsoQTcvIZgZiAIGqUe vfdWilMVSzigumkmSX8UJRm6g+j6zUGizKJRJL4q9gn+8k41umIT6g9ENun1y6bZAyI3 tWNQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=DkgYQRGrtIxZiL1xbsLjLwxt9o4BfXfeloer9937HvU=; b=q/O2r9qi0DGJcOceK156VNu9y4DCryw1BpnX3yAJdqO0wCgffi0QDsdhGP4vQHq033 FdN0tmyu4DoKlC6hNonNj/i2GSTChBOKznrPQWlJJHUJMwjIXfs1l/c02eEMGM4nLCho psRQwwfqVaXtJe/TKU9pa/4UzRNQRFsoxIak2Thx9GTU/kxkxQtMDuEOHNZzNA9TyPZQ RDHQfe6wjyzDnp2iaKRXt4nOBYgymOJfS/d7Rhk87Wg+x5Ql5nOQyEOWihmiAUckTyRo KzPlwK8S6yv4sLxrFJyraskNyvpjpae0L2ugu31AggXDpU3nZPfy2X4vALvP5hOmWHs3 MYkg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.b=Qa9Cbnmf; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k3si387020pgk.256.2017.07.25.13.46.06; Tue, 25 Jul 2017 13:46:07 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.b=Qa9Cbnmf; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750938AbdGYUqE (ORCPT + 6 others); Tue, 25 Jul 2017 16:46:04 -0400 Received: from mail-pf0-f178.google.com ([209.85.192.178]:34195 "EHLO mail-pf0-f178.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752469AbdGYUqB (ORCPT ); Tue, 25 Jul 2017 16:46:01 -0400 Received: by mail-pf0-f178.google.com with SMTP id q85so62648798pfq.1 for ; Tue, 25 Jul 2017 13:46:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=DkgYQRGrtIxZiL1xbsLjLwxt9o4BfXfeloer9937HvU=; b=Qa9CbnmfFZJ5sYnBiLkSdmBygEWNvJnagyp29Xy7FBSvMLFQ0tVrQYqaAbF/CyuOBV I6Zm/jYehZIiMqM6mNc5E6Wzki73fbx4rxUGmHpYJ8b0eUmJXAIQt4IW/JjwPP8VB5Si Ee1Omri0Q1lg+uhmqy6PQQCSYKPP/jOdQOqjo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=DkgYQRGrtIxZiL1xbsLjLwxt9o4BfXfeloer9937HvU=; b=rJ356lQORiNnPDnVqzj10vooTVgSrdv/rZw2UbDKHFp22ijcvZBNFGBYUoO6PzzOCO sEB+6+v1DjfijfpkS1XtlfAw377g+MNJu7MLZ3AuVtGB0XgPwb6U14K0ScNBSl4nTrJR +1WTrLu0LWmoxdabq/MivpKEXyGIazJ1moIUCca+caIikLNJwUou4TuBFbKcgY1BASC/ +G577C7YngpiscGpZus4e7Pb3VjeQbc1RdFdmhGklJ95js4oHDD3hP5/WTiQedSR9Orm R4MP8qlm+DPPq8RG2T67/QIYi/ruFq7MX1YGK7DxoAsWisT3XZPi0XtNUyozMiF6w+tQ 8xfg== X-Gm-Message-State: AIVw111nKFXn1Uz1HLr57C92xUoLCHFxyHefcRU9wjnu/9jWuNjEje+D yb1em0EbZulJ9i3pDoONmA== X-Received: by 10.98.97.66 with SMTP id v63mr20948078pfb.230.1501015561221; Tue, 25 Jul 2017 13:46:01 -0700 (PDT) Received: from localhost.localdomain ([106.51.135.235]) by smtp.gmail.com with ESMTPSA id d4sm532125pfj.59.2017.07.25.13.45.58 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Jul 2017 13:46:00 -0700 (PDT) From: Amit Pundir To: Greg KH Cc: Stable , Lior David , Maya Erez , Kalle Valo Subject: [PATCH for-3.18 10/15] wil6210: fix deadlock when using fw_no_recovery option Date: Wed, 26 Jul 2017 02:15:21 +0530 Message-Id: <1501015526-32178-11-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1501015526-32178-1-git-send-email-amit.pundir@linaro.org> References: <1501015526-32178-1-git-send-email-amit.pundir@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Lior David commit dfb5b098e0f40b68aa07f2ec55f4dd762efefbfa upstream. When FW crashes with no_fw_recovery option, driver waits for manual recovery with wil->mutex held, this can easily create deadlocks. Fix the problem by moving the wait outside the lock. Signed-off-by: Lior David Signed-off-by: Maya Erez Signed-off-by: Kalle Valo Signed-off-by: Amit Pundir --- drivers/net/wireless/ath/wil6210/main.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) -- 2.7.4 diff --git a/drivers/net/wireless/ath/wil6210/main.c b/drivers/net/wireless/ath/wil6210/main.c index 6500caf8d609..c5676841fd12 100644 --- a/drivers/net/wireless/ath/wil6210/main.c +++ b/drivers/net/wireless/ath/wil6210/main.c @@ -240,18 +240,19 @@ static void wil_fw_error_worker(struct work_struct *work) wil->last_fw_recovery = jiffies; + wil_info(wil, "fw error recovery requested (try %d)...\n", + wil->recovery_count); + if (!no_fw_recovery) + wil->recovery_state = fw_recovery_running; + if (wil_wait_for_recovery(wil) != 0) + return; + mutex_lock(&wil->mutex); switch (wdev->iftype) { case NL80211_IFTYPE_STATION: case NL80211_IFTYPE_P2P_CLIENT: case NL80211_IFTYPE_MONITOR: - wil_info(wil, "fw error recovery requested (try %d)...\n", - wil->recovery_count); - if (!no_fw_recovery) - wil->recovery_state = fw_recovery_running; - if (0 != wil_wait_for_recovery(wil)) - break; - + /* silent recovery, upper layers will see disconnect */ __wil_down(wil); __wil_up(wil); break; From patchwork Tue Jul 25 20:45:22 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 108706 Delivered-To: patch@linaro.org Received: by 10.140.101.44 with SMTP id t41csp29076qge; Tue, 25 Jul 2017 13:46:09 -0700 (PDT) X-Received: by 10.99.115.66 with SMTP id d2mr20599078pgn.10.1501015569045; Tue, 25 Jul 2017 13:46:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1501015569; cv=none; d=google.com; s=arc-20160816; b=poXkkb5IaXcTgbX2RZRhgiY3rpAV7rZmKImbDM/mTtiDw7QckxKZYZZ2tjUcO9xSOA sCyz/r7IurLBAwQGoWnds9d8Pz88ZoQVryqnQ4XfP/Ly3ub7O8IdZ1fHh1vHl1+e43LO 7xIVCnvanNmjdoWTfwaTciZBEKfe+bmaKRi3CeoV5mlg+CJCGBSwHAadrT0bQ02TeaGn 3IwOykd5jcO6tcwLcfbe5jAeHEJuYR9CpFbKjEuahcOp4BFUJOOr47Os1IxECVvyFxJ+ +0RaINfX+izzywngBTmcPzZlHzwWLIM/1BM/odnf9wA007XeRDx3476t3fb9BSmC5sBk zdDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=qvvNCtzgTl0gZtbAZk6eF2SvtXZf51mivkxbh9xqDhQ=; b=tLlZp7EzkeIlX5BgmzPdc0BwfW0tXlBa2K78oM2ENPYuOSfh+ntTmX3w9krDB4bM3M YGqAthxFqmw0aqtyRtAhJAC4OS6HtVZdjwfXDwKDAsQTqdWhnyijxrmXYSF5YXsivZqD uKKuv2ajARjoY4+0EY0E5iv+iiasMjKR6bsZbRu93ROsLdkhOdD6clKln5elJj6UwWH5 vXWsbmVp/CgSH0rsJj83sG3dJ8QKvWOxdYQIbA75IQZqoVyRvyDbKZD37ihRFn8zKBMS m4NxutCEZAScbs0dLibetIhJOBSryS7nyIjDG/D76gqHYRb9idjsdf32jX/c+cfisA4J 7POg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.b=gpYoYPFP; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k3si387020pgk.256.2017.07.25.13.46.08; Tue, 25 Jul 2017 13:46:09 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.b=gpYoYPFP; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752748AbdGYUqG (ORCPT + 6 others); Tue, 25 Jul 2017 16:46:06 -0400 Received: from mail-pg0-f48.google.com ([74.125.83.48]:35877 "EHLO mail-pg0-f48.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752469AbdGYUqF (ORCPT ); Tue, 25 Jul 2017 16:46:05 -0400 Received: by mail-pg0-f48.google.com with SMTP id 125so74835343pgi.3 for ; Tue, 25 Jul 2017 13:46:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=qvvNCtzgTl0gZtbAZk6eF2SvtXZf51mivkxbh9xqDhQ=; b=gpYoYPFPzgOlEOYRS9SNk9GFv1gN01c5Fm9ZMTYB8M0gxWVfMXQDteNlmydDe1mCZW FlIQODgB2pShUoy9dQcyhgOqHal6lwiT1CRvOnHfHtgkkg9llszuwRKqJUoeXdXoOTSf qFXr7z4U2ESWIprF0WyYaHD6n3SnqcuJN5VF0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=qvvNCtzgTl0gZtbAZk6eF2SvtXZf51mivkxbh9xqDhQ=; b=tHBUEg7RrJHs9m4KkEJq+0UPblZg/qmP13BGW9xPloZxxr4iDgpz9WfdLC0vTKHVqQ /l1xNjgAqfgq7iKq2QfivvLEE0IypQkp9AphOIE689DgIFaMD21LIvaQSft37bHooGGL m43vqlBnkKHtjsAkqJiEqmS7FUEzm7RQi94ok/8V/z7zcFWbLejd8jkoZo4dYxC+6VF+ mWCF9uGg/gShyVqDdYhz4fIUvNedBJ+4ycRmWf4Dpe6LL3nimmh01/zbawcc6/RvpoaZ hzdYi3l7c9l6cciVwA0kBBkWyA5W45L6iMpJQh15lMpdXYPzCqGCh/aGqdGmv501Cism knvA== X-Gm-Message-State: AIVw111GISyuga5Wnu2+m2jCo6w9i1/Syu5UQ1WIINLrqQfSLLeMz6E2 cxMuui0OdkMod8S9 X-Received: by 10.98.103.11 with SMTP id b11mr13885149pfc.211.1501015564380; Tue, 25 Jul 2017 13:46:04 -0700 (PDT) Received: from localhost.localdomain ([106.51.135.235]) by smtp.gmail.com with ESMTPSA id d4sm532125pfj.59.2017.07.25.13.46.01 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Jul 2017 13:46:03 -0700 (PDT) From: Amit Pundir To: Greg KH Cc: Stable , Daniel Borkmann , Cong Wang , "David S . Miller" Subject: [PATCH for-3.18 11/15] net, sched: fix soft lockup in tc_classify Date: Wed, 26 Jul 2017 02:15:22 +0530 Message-Id: <1501015526-32178-12-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1501015526-32178-1-git-send-email-amit.pundir@linaro.org> References: <1501015526-32178-1-git-send-email-amit.pundir@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Daniel Borkmann commit 628185cfddf1dfb701c4efe2cfd72cf5b09f5702 upstream. Shahar reported a soft lockup in tc_classify(), where we run into an endless loop when walking the classifier chain due to tp->next == tp which is a state we should never run into. The issue only seems to trigger under load in the tc control path. What happens is that in tc_ctl_tfilter(), thread A allocates a new tp, initializes it, sets tp_created to 1, and calls into tp->ops->change() with it. In that classifier callback we had to unlock/lock the rtnl mutex and returned with -EAGAIN. One reason why we need to drop there is, for example, that we need to request an action module to be loaded. This happens via tcf_exts_validate() -> tcf_action_init/_1() meaning after we loaded and found the requested action, we need to redo the whole request so we don't race against others. While we had to unlock rtnl in that time, thread B's request was processed next on that CPU. Thread B added a new tp instance successfully to the classifier chain. When thread A returned grabbing the rtnl mutex again, propagating -EAGAIN and destroying its tp instance which never got linked, we goto replay and redo A's request. This time when walking the classifier chain in tc_ctl_tfilter() for checking for existing tp instances we had a priority match and found the tp instance that was created and linked by thread B. Now calling again into tp->ops->change() with that tp was successful and returned without error. tp_created was never cleared in the second round, thus kernel thinks that we need to link it into the classifier chain (once again). tp and *back point to the same object due to the match we had earlier on. Thus for thread B's already public tp, we reset tp->next to tp itself and link it into the chain, which eventually causes the mentioned endless loop in tc_classify() once a packet hits the data path. Fix is to clear tp_created at the beginning of each request, also when we replay it. On the paths that can cause -EAGAIN we already destroy the original tp instance we had and on replay we really need to start from scratch. It seems that this issue was first introduced in commit 12186be7d2e1 ("net_cls: fix unconfigured struct tcf_proto keeps chaining and avoid kernel panic when we use cls_cgroup"). Fixes: 12186be7d2e1 ("net_cls: fix unconfigured struct tcf_proto keeps chaining and avoid kernel panic when we use cls_cgroup") Reported-by: Shahar Klein Signed-off-by: Daniel Borkmann Cc: Cong Wang Acked-by: Eric Dumazet Tested-by: Shahar Klein Signed-off-by: David S. Miller Signed-off-by: Amit Pundir --- net/sched/cls_api.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) -- 2.7.4 diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c index fae88709aaa2..e50272592724 100644 --- a/net/sched/cls_api.c +++ b/net/sched/cls_api.c @@ -137,13 +137,15 @@ static int tc_ctl_tfilter(struct sk_buff *skb, struct nlmsghdr *n) unsigned long cl; unsigned long fh; int err; - int tp_created = 0; + int tp_created; if ((n->nlmsg_type != RTM_GETTFILTER) && !netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN)) return -EPERM; replay: + tp_created = 0; + err = nlmsg_parse(n, sizeof(*t), tca, TCA_MAX, NULL); if (err < 0) return err; From patchwork Tue Jul 25 20:45:23 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 108707 Delivered-To: patch@linaro.org Received: by 10.140.101.44 with SMTP id t41csp29120qge; Tue, 25 Jul 2017 13:46:12 -0700 (PDT) X-Received: by 10.98.215.74 with SMTP id v10mr20201577pfl.314.1501015572282; Tue, 25 Jul 2017 13:46:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1501015572; cv=none; d=google.com; s=arc-20160816; b=uExHo9aEdKoNpQDVlbntX47dECt1QczBkeT7simh3x6O/iL7sPh+lNHThXxzSWwbQZ DI0SbAc5puTgXCU6V1TfUXh6FTlv15tCC5KTPVFXnGN1zrBA4PBijipr4J4clRXcHERV 9EdqZfXIhOzijQ2/BRSiC2wbXgAdvEdbMeajEtndNajGAjwqKOztg4sIXoWV1Wld8Ik2 wlJspX01P9PmuDwo17acHitGAw5iGmN36QhGlV2N26p8i2XU67B8o8nMUnBpJ6860FCS KRSeF8Fkh2a7QxViV9KSOYDTdGfYtsBM9CqMvBC8VgjY5Fvdh9+SABpgAv4g+3tZwrQ5 tDKQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=dNJ3OPMCtu1k4G5xsrSA8LPIbw1atijMuPcOsjhBiZw=; b=Y2saOREq+5nkajxr4WNtMq1ffKfLHyGySfae5LM2JI4xSLy6EsEG8hGYkHkKceeT9d R7VBM8Z0nVW4795Q89jtcBbe0OYpLRjqLxFVKsYLCm7gPSeglwHvxHWhn45KOBAy6nWw WI5IulYlzCnqE4nCRXcPazHBXD7GzfO6WD4HV05qBtt7P2kOWtYgyutUu5pAKGQC5Ug3 nq0RZOQuGzoglfgLQd56lu669ZEKXL00fMsghqeWCKBZ2IjnZwIZSGLSISD8mcHUGzPS aVS40mZXbGduiN3uUWs5AKHUJ/jF4z+o89fHgrg9epZyLK3JhHYIq4UX5FViMSnnOlZP /6vw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.b=N4mZgbol; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k3si387020pgk.256.2017.07.25.13.46.11; Tue, 25 Jul 2017 13:46:12 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.b=N4mZgbol; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752765AbdGYUqK (ORCPT + 6 others); Tue, 25 Jul 2017 16:46:10 -0400 Received: from mail-pf0-f176.google.com ([209.85.192.176]:35213 "EHLO mail-pf0-f176.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752433AbdGYUqH (ORCPT ); Tue, 25 Jul 2017 16:46:07 -0400 Received: by mail-pf0-f176.google.com with SMTP id h29so27552724pfd.2 for ; Tue, 25 Jul 2017 13:46:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=dNJ3OPMCtu1k4G5xsrSA8LPIbw1atijMuPcOsjhBiZw=; b=N4mZgbolHd/v0d9nH9qS/XedO5bS2XVms7A/O8VjYgLfDb3Uqz7RD96h2+VDhwvc92 ADckZ8Lpb4HOYXnSEFe322mMpgcIW2bDw76h4X3SGH6ZaevCSqHe6pZyJnqhz9Rz7Yu/ 0AW6dYMpAyqA4p0dJtp0FvXI8KD/MLH+iIOgU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=dNJ3OPMCtu1k4G5xsrSA8LPIbw1atijMuPcOsjhBiZw=; b=PUILGEpweLx0znxuzsPKcdpZDdcXlesPF3m6KYUO//7CS0/zFPhuyWzyQRXnU0dbrh WNXsET8lwazr1WAq4p+O/jhJ1UaTm0Bf/uwrqnbHMzBFClCCkmh677CS+OhCBpHIWt75 3sljJwzrr0PxoHsO3VtojKderoWRTjX0SEO++9ahQ/AJH1XUe2fZd2TIJc3stehMsjT7 EQk9CvGfqwr4JnyLfWPpMqIKPq7WfUNlKbxiIhupq1HAYO3kYq/qemR4Naz+oGbEDenv 7L2Mw8rHSoTsS9/O3XGLbGPj33lMyriYu+2OITwNOyR/fOjfXOAoXAqepSldsHO9ZiBy VGUw== X-Gm-Message-State: AIVw110vFpjS5MxNZc6VUkL+bmkjMCbCxAmMjgA221MpLDuImqItFXg7 QHxxBixdyw5g4VBn X-Received: by 10.98.99.131 with SMTP id x125mr14625722pfb.231.1501015567386; Tue, 25 Jul 2017 13:46:07 -0700 (PDT) Received: from localhost.localdomain ([106.51.135.235]) by smtp.gmail.com with ESMTPSA id d4sm532125pfj.59.2017.07.25.13.46.04 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Jul 2017 13:46:06 -0700 (PDT) From: Amit Pundir To: Greg KH Cc: Stable , Sudeep Holla , Jassi Brar Subject: [PATCH for-3.18 12/15] mailbox: always wait in mbox_send_message for blocking Tx mode Date: Wed, 26 Jul 2017 02:15:23 +0530 Message-Id: <1501015526-32178-13-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1501015526-32178-1-git-send-email-amit.pundir@linaro.org> References: <1501015526-32178-1-git-send-email-amit.pundir@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Sudeep Holla commit c61b781ee084e69855477d23dd33e7e6caad652c upstream. There exists a race when msg_submit return immediately as there was an active request being processed which may have completed just before it's checked again in mbox_send_message. This will result in return to the caller without waiting in mbox_send_message even when it's blocking Tx. This patch fixes the issue by waiting for the completion always if Tx is in blocking mode. Fixes: 2b6d83e2b8b7 ("mailbox: Introduce framework for mailbox") Reported-by: Alexey Klimov Signed-off-by: Sudeep Holla Reviewed-by: Alexey Klimov Signed-off-by: Jassi Brar [AmitP: fixed a minor cherry-pick conflict on 3.18.y] Signed-off-by: Amit Pundir --- drivers/mailbox/mailbox.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.7.4 diff --git a/drivers/mailbox/mailbox.c b/drivers/mailbox/mailbox.c index afcb430508ec..2691cb75b2e8 100644 --- a/drivers/mailbox/mailbox.c +++ b/drivers/mailbox/mailbox.c @@ -255,7 +255,7 @@ int mbox_send_message(struct mbox_chan *chan, void *mssg) if (chan->txdone_method == TXDONE_BY_POLL) poll_txdone((unsigned long)chan->mbox); - if (chan->cl->tx_block && chan->active_req) { + if (chan->cl->tx_block) { unsigned long wait; int ret; From patchwork Tue Jul 25 20:45:24 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 108708 Delivered-To: patch@linaro.org Received: by 10.140.101.44 with SMTP id t41csp29141qge; Tue, 25 Jul 2017 13:46:14 -0700 (PDT) X-Received: by 10.84.210.135 with SMTP id a7mr17621607pli.471.1501015574386; Tue, 25 Jul 2017 13:46:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1501015574; cv=none; d=google.com; s=arc-20160816; b=M45ms0R/m75E35vqAhtao7hdAkkg29F8ea7lHzU8aJ0xYT6tZy89Wi2Cjcy3If7qIm R1LaHRqC34zTBwP8iQJZAusWzWaliK5WPpO/mPrF1EPvlr1kdC7wDUojgMMd3qhGKC0v vtdhkayOl7bkueGxhlhbD9YpT2/C21WZydTsBcXDpnQ/hOAzNnPBYgrarKsPtUZ4bm/t IdQZyME5VcuDcCVMFm6Qk7bn8T1/v8VgjCkmLux1QsFHzstcmHRtq0FiBoAG14sRNiNC OuceYS8gHrWnpQfkhzyA9mfv9jNpO2X3K6O0bW8IBPIcztm5DiKPpWN5cAEegBLZ6YlB MWCQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=Ibqc7TIps6wZO4dTkb/soO1vJ8uKvnbrSQaGCzfVM3E=; b=HxBz7u5lAIznS2PmP39b6fBmdnSvwhiZzIB3+kPPFNXvKManqguOZ9o6k6fuMHoRZ1 E7i4QeaALkVddvjsZelDqcbkrgXbFo++M42daFYqCKYauhCVRVMRKiRd4h1ppZqtL9Rp xoutGq7VihKlwrOVfy87bcIL5LRU10KHAUe+BmvuWgs2YrZRp315ETfXYiSTjndWvQ3r ltR9lDgTYgqJCXjMAq6ZqRsNHWWU7q3jwsnvI8M+htTWNjhhvdTjsqrq3Ts/b44YTOiN qsB5kZl1vs5+EKyADagKCNEzYXqXwah4LG82Mn+DkonAdKCSgedMPepNTq4jxpvHpzlD q0qA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.b=J6/3dsta; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k3si387020pgk.256.2017.07.25.13.46.14; Tue, 25 Jul 2017 13:46:14 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.b=J6/3dsta; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752033AbdGYUqM (ORCPT + 6 others); Tue, 25 Jul 2017 16:46:12 -0400 Received: from mail-pg0-f54.google.com ([74.125.83.54]:33684 "EHLO mail-pg0-f54.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752469AbdGYUqK (ORCPT ); Tue, 25 Jul 2017 16:46:10 -0400 Received: by mail-pg0-f54.google.com with SMTP id g14so25957121pgu.0 for ; Tue, 25 Jul 2017 13:46:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=Ibqc7TIps6wZO4dTkb/soO1vJ8uKvnbrSQaGCzfVM3E=; b=J6/3dsta67wDvNUvWr0fLCIp+xuB0nz3Pfpncdhqw4g9IRLK1Rp1mK4DjdL7siEQcC PmKp9HOr/0GxNvNWiF6Or6AmDkcluvhs0Kq+eyJPTGvWkhQYGq2oggYvE180nOEVbNwB FdP/ib+Kekl9O8fpWaNRHAiwz2N1Nfw8GIXP0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=Ibqc7TIps6wZO4dTkb/soO1vJ8uKvnbrSQaGCzfVM3E=; b=ffFIbZAnyclnd9A53CP9L4bMzSCg537EFiGNyNY89G0yNaNUe57TZ1Y5fjACV3UafB GoCSUHmsoRYFBTdgY4J510+NLiqp87DOCLLvJPiYG8Mx0tiAB8M1nCiJepY5hWy6XSzu HbDMKyScT92rdVXNpqhSLlimAL/mJT49/g6kIZDMIqxZF5Oar1uNeMNVdkBGVJ9qaQwK L67vGOMWpbPBSPQWnIjMLiQGi4vdrbVQ/DHSxyFRtCufVqCN92AVKi5lVk3n4AsuPgnk ppKtljEnd7+MHEGx3fDCoi2c4JNPiSJhY/AWLdS3ufcMsElg4WfnyAEzKihq8mzp1+Qg df4g== X-Gm-Message-State: AIVw113/8G1oApU+6VkYJzfaBDtu+DYoL8U9/0wZ3tvEO3df6ZUpNH1B 0hdUaUHcvzAOUuy0vRxgWA== X-Received: by 10.84.236.77 with SMTP id h13mr22542517pln.183.1501015570254; Tue, 25 Jul 2017 13:46:10 -0700 (PDT) Received: from localhost.localdomain ([106.51.135.235]) by smtp.gmail.com with ESMTPSA id d4sm532125pfj.59.2017.07.25.13.46.07 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Jul 2017 13:46:09 -0700 (PDT) From: Amit Pundir To: Greg KH Cc: Stable , Sudeep Holla , Jassi Brar Subject: [PATCH for-3.18 13/15] mailbox: skip complete wait event if timer expired Date: Wed, 26 Jul 2017 02:15:24 +0530 Message-Id: <1501015526-32178-14-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1501015526-32178-1-git-send-email-amit.pundir@linaro.org> References: <1501015526-32178-1-git-send-email-amit.pundir@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Sudeep Holla commit cc6eeaa3029a6dbcb4ad41b1f92876483bd88965 upstream. If a wait_for_completion_timeout() call returns due to a timeout, complete() can get called after returning from the wait which is incorrect and can cause subsequent transmissions on a channel to fail. Since the wait_for_completion_timeout() sees the completion variable is non-zero caused by the erroneous/spurious complete() call, and it immediately returns without waiting for the time as expected by the client. This patch fixes the issue by skipping complete() call for the timer expiry. Fixes: 2b6d83e2b8b7 ("mailbox: Introduce framework for mailbox") Reported-by: Alexey Klimov Signed-off-by: Sudeep Holla Signed-off-by: Jassi Brar Signed-off-by: Amit Pundir --- drivers/mailbox/mailbox.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) -- 2.7.4 diff --git a/drivers/mailbox/mailbox.c b/drivers/mailbox/mailbox.c index 2691cb75b2e8..cbde6fccbc29 100644 --- a/drivers/mailbox/mailbox.c +++ b/drivers/mailbox/mailbox.c @@ -103,7 +103,7 @@ static void tx_tick(struct mbox_chan *chan, int r) if (mssg && chan->cl->tx_done) chan->cl->tx_done(chan->cl, mssg, r); - if (chan->cl->tx_block) + if (r != -ETIME && chan->cl->tx_block) complete(&chan->tx_complete); } @@ -266,8 +266,8 @@ int mbox_send_message(struct mbox_chan *chan, void *mssg) ret = wait_for_completion_timeout(&chan->tx_complete, wait); if (ret == 0) { - t = -EIO; - tx_tick(chan, -EIO); + t = -ETIME; + tx_tick(chan, t); } } From patchwork Tue Jul 25 20:45:25 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 108709 Delivered-To: patch@linaro.org Received: by 10.140.101.44 with SMTP id t41csp29179qge; Tue, 25 Jul 2017 13:46:17 -0700 (PDT) X-Received: by 10.98.210.70 with SMTP id c67mr20897133pfg.6.1501015577275; Tue, 25 Jul 2017 13:46:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1501015577; cv=none; d=google.com; s=arc-20160816; b=ejcAPXabiBABoBUgxWOsDVEei/eu7SyuIen3+QMRiGb8pq+aJNNr175LtCzKGRdTW6 5oC06jSgTINrC1Idv1ErL520I29B8G/KWc0snE20i1CGBDTvhxP0s8xWoNO7/xBMUh5m OjQcWbx4tKhTUzAw5A+h8/49nMIns4W+s3EcpgU/R/4lsO3S1XzF74F1C8sJTJr69YrU MM0TtDBpyo1c8En8G46/lF6PBVAs0bz5BcF1rOcs+8k4nDWCwgyuIMr+yBgTRstbZxzG iBNcBRs1lVV/s/iMTDiQzGSltJrUsjJHevm2x03NmSH4Mp3VqPE4t0YWaX14e9FtDX4P iSKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=efxlQ4VhcRpglOSwCdkd3arwh+pH/mw/LtxVFz42Ruo=; b=boTlUQUrudcU3+MsL2fu3QHExz+3NArgribDx3QtPEesQDDFNeGot7Tsd2hSMb87rZ tf6/iDGO1A/zIfLGbcE+UJu62w0YLIA4vVE93hrzoQF5QZAHY5V7mbWgDv+1oSJVn657 9SjcaGMqziVIUpy/AWwHt9JZJLkiK9Z+cQW1EMmu0YYvwDwn4CTrX4jJGSa5CHWO154D EFVVnrNlk2KWvFzg3fU7bsFW2YUmPvhUpDmyNZCE1Yzdijooj8VfQXeF8jbfPBJC780w 8dJzYMajlXraoXMXYl6fdQYiGVld/drZ8DOSM+qoYucDbUXm3Q8H+a5wYB62r6KPLMBh D/Yg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.b=RO8gl7Iy; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k3si387020pgk.256.2017.07.25.13.46.17; Tue, 25 Jul 2017 13:46:17 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.b=RO8gl7Iy; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752654AbdGYUqP (ORCPT + 6 others); Tue, 25 Jul 2017 16:46:15 -0400 Received: from mail-pg0-f46.google.com ([74.125.83.46]:35908 "EHLO mail-pg0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752433AbdGYUqN (ORCPT ); Tue, 25 Jul 2017 16:46:13 -0400 Received: by mail-pg0-f46.google.com with SMTP id 125so74836773pgi.3 for ; Tue, 25 Jul 2017 13:46:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=efxlQ4VhcRpglOSwCdkd3arwh+pH/mw/LtxVFz42Ruo=; b=RO8gl7IyNNWHrCeHQvQyYZbMIQl1LrMSlwL2tzSPihZ+bKwe2SEraI5kTrVtcSKH6E kXVgodnZsWJkb6QYNR+a/hBAzUUSw8pwnrzzqAD14C4GTkIUp4vtShU9gWffoPXUZNZE Z5vdZ/L+r/xqEBT+8yhDiJI8wkLDkzJJcXFgM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=efxlQ4VhcRpglOSwCdkd3arwh+pH/mw/LtxVFz42Ruo=; b=fliM68Hsv5GGX/GiQkK+Xtqd6XtofkwnpnwCOdhwvR78RbRVMmsPGp6Kxp3FklNXzO JvNn5oT+qF2YDOfC/lGE8hEuWcMpW50c2z+wi4gH7RC2koojGFqu7QykjXfLGov2aiOu Y31QNQ0dCP0gPqPJMhrR7scKZucBOQ6yU8LFY8aZV3PkDDDbii+WlwoyKGaSJ73t+ABj UESSayFSVZ4hyzEuHW/TWWJ6Tq2lrwwIUhafcVwAc3FO5avkxivw2nwoKm5m3TAWldhQ vBUPgUoiaBwMwuc8jBnRI+TI1xmag+kCKhebxrPlVQRwxL0UK5H9kal85Klyy3O/y2rP 5mpA== X-Gm-Message-State: AIVw113i8WuX5lG95/+fEzFZObIKrKUuE85i/uzG9K77zpbZOLjjNZNP gYU8Btw8WcWbWdQU/S/Jyw== X-Received: by 10.84.211.110 with SMTP id b101mr17749183pli.441.1501015573123; Tue, 25 Jul 2017 13:46:13 -0700 (PDT) Received: from localhost.localdomain ([106.51.135.235]) by smtp.gmail.com with ESMTPSA id d4sm532125pfj.59.2017.07.25.13.46.10 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Jul 2017 13:46:12 -0700 (PDT) From: Amit Pundir To: Greg KH Cc: Stable , Sudeep Holla , Jassi Brar Subject: [PATCH for-3.18 14/15] mailbox: handle empty message in tx_tick Date: Wed, 26 Jul 2017 02:15:25 +0530 Message-Id: <1501015526-32178-15-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1501015526-32178-1-git-send-email-amit.pundir@linaro.org> References: <1501015526-32178-1-git-send-email-amit.pundir@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Sudeep Holla commit cb710ab1d8a23f68ff8f45aedf3e552bb90e70de upstream. We already check if the message is empty before calling the client tx_done callback. Calling completion on a wait event is also invalid if the message is empty. This patch moves the existing empty message check earlier. Fixes: 2b6d83e2b8b7 ("mailbox: Introduce framework for mailbox") Signed-off-by: Sudeep Holla Signed-off-by: Jassi Brar Signed-off-by: Amit Pundir --- drivers/mailbox/mailbox.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) -- 2.7.4 diff --git a/drivers/mailbox/mailbox.c b/drivers/mailbox/mailbox.c index cbde6fccbc29..e464ff084e82 100644 --- a/drivers/mailbox/mailbox.c +++ b/drivers/mailbox/mailbox.c @@ -99,8 +99,11 @@ static void tx_tick(struct mbox_chan *chan, int r) /* Submit next message */ msg_submit(chan); + if (!mssg) + return; + /* Notify the client */ - if (mssg && chan->cl->tx_done) + if (chan->cl->tx_done) chan->cl->tx_done(chan->cl, mssg, r); if (r != -ETIME && chan->cl->tx_block) From patchwork Tue Jul 25 20:45:26 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Amit Pundir X-Patchwork-Id: 108710 Delivered-To: patch@linaro.org Received: by 10.140.101.44 with SMTP id t41csp29364qge; Tue, 25 Jul 2017 13:46:32 -0700 (PDT) X-Received: by 10.84.206.37 with SMTP id f34mr22965018ple.262.1501015592680; Tue, 25 Jul 2017 13:46:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1501015592; cv=none; d=google.com; s=arc-20160816; b=EIv5j8B/hy1rnftdLbS3ae6P4HV1lG2r4vU5fGqVdxqN4TNzGtTy7qmjoIZ+Zk3keE VR5MWG7CiPoR4H6eY09EFmDHl34GCFKEsf7hu88th2id7zsMuprlpDbk2ZboiBAl+KB+ N0a776XvELKTMtspCkWXsYJ07HB3MOzy2bqVznsdb/xwKNDdJYsxm1wjoL9cn2oUWIWY O3P/0svRCwtpmt4VOnTGWQBK57aYUpkNVmmEJfg5+bfVCUrELdQ2j/H5sRtY5qxNYOr4 XDTK5KnzXkMxxaaY0KFoFWZtkouYnhnSXnB7eaj4PsqlAXOf1F5WVVhe0h1k2zkSfawp oVmw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=q59IIL4YUrHEAiENd2Wnr3b7p74SUmV2hUWsSt53eNc=; b=0Ca5OY9qJANtZbLmhiAKRwsFzgLf/xxECb+W1TI7DVgDQXPg7Vm/IGH5FMENVEmrmE Qp9jpd4AbDsWNtVcVgljh4jt5AENBxo1aI8NJjCfYNo6jY8nUweipl+4RsmPAV1JhRSJ +oHnR2QCeLboi5Z8PzP4xgvjPkDZ66AtKnJdRpLTA1cu06p/UiuJV9BbpVUPzvSRkn25 e27T2ggL0hWDFS75Hjev7DUG2ol1sKUDS/nmEmMX1dUdHoYXJ5GXeprbkTnPlTQnZVIM DuEgJZho69vSCC5WnotNHXNgzSHhqrkT7vunqIrRoVxwkuIxzae+g5OYNpFgQxow0tN/ AZ7g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.b=RIGXOQFK; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m1si8985184plb.340.2017.07.25.13.46.32; Tue, 25 Jul 2017 13:46:32 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.b=RIGXOQFK; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752745AbdGYUqS (ORCPT + 6 others); Tue, 25 Jul 2017 16:46:18 -0400 Received: from mail-pg0-f45.google.com ([74.125.83.45]:37400 "EHLO mail-pg0-f45.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752433AbdGYUqQ (ORCPT ); Tue, 25 Jul 2017 16:46:16 -0400 Received: by mail-pg0-f45.google.com with SMTP id y129so74745737pgy.4 for ; Tue, 25 Jul 2017 13:46:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=q59IIL4YUrHEAiENd2Wnr3b7p74SUmV2hUWsSt53eNc=; b=RIGXOQFKuu1LpbRjGtuWBE/Dt5Qt21V2ySqmXQ+1K1SDmiN24klp6jNt7f0OvEQ/Ta aTVZOFVlLPZkt0kAaEDREHYYqE7AKoCvLQ7o4lGq6lz8EcTJmTMRxwdHjBQBp47hGicC cRuV22ApQ21k1V1rn9QmKus4I7VmpbckpNWIc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=q59IIL4YUrHEAiENd2Wnr3b7p74SUmV2hUWsSt53eNc=; b=dUOqg0YaCIzsn6SJAXIX/42+Glgj5BJUUkMNW7AZsBW+Nk7JnJyHWEtjT0lFQGdwvI rdDh6eSO0LTTabvk17b/n2zLVHqY1kP7b7ndMHChi3KmJghTopy8SaobY1A4Joh+xq4p t5KaeC/c+rTluv1U1XOrDvi8Wvgw0SAxiN9trk8vljz23MWdheJf2oIhZmM+SKH9PdPc AUUxyBiGZnJ6DJPk2EicwUpaio8Fx9iwVfezMp5w8qavc7lCTH9z3pFwgdvqmQCrxhWm CafUCAm+bJ6wN4MLylg9U7syJoRTb+9B0Wn+Bz382kr0IfMIJB0vQdWJhTP/e6c7GXVB wChQ== X-Gm-Message-State: AIVw110R63aj9SL9Sqw/u32XxbdQW5/BndRgCcwOCOvmcF1/dZZnjg74 Q6uWnejdEoB9iKzh X-Received: by 10.84.128.102 with SMTP id 93mr22467753pla.21.1501015575913; Tue, 25 Jul 2017 13:46:15 -0700 (PDT) Received: from localhost.localdomain ([106.51.135.235]) by smtp.gmail.com with ESMTPSA id d4sm532125pfj.59.2017.07.25.13.46.13 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 25 Jul 2017 13:46:14 -0700 (PDT) From: Amit Pundir To: Greg KH Cc: Stable , Herbert Xu , Steffen Klassert Subject: [PATCH for-3.18 15/15] af_key: Fix sadb_x_ipsecrequest parsing Date: Wed, 26 Jul 2017 02:15:26 +0530 Message-Id: <1501015526-32178-16-git-send-email-amit.pundir@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1501015526-32178-1-git-send-email-amit.pundir@linaro.org> References: <1501015526-32178-1-git-send-email-amit.pundir@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Herbert Xu commit 096f41d3a8fcbb8dde7f71379b1ca85fe213eded upstream. The parsing of sadb_x_ipsecrequest is broken in a number of ways. First of all we're not verifying sadb_x_ipsecrequest_len. This is needed when the structure carries addresses at the end. Worse we don't even look at the length when we parse those optional addresses. The migration code had similar parsing code that's better but it also has some deficiencies. The length is overcounted first of all as it includes the header itself. It also fails to check the length before dereferencing the sa_family field. This patch fixes those problems in parse_sockaddr_pair and then uses it in parse_ipsecrequest. Reported-by: Andrey Konovalov Signed-off-by: Herbert Xu Signed-off-by: Steffen Klassert Signed-off-by: Amit Pundir --- net/key/af_key.c | 47 ++++++++++++++++++++++++++--------------------- 1 file changed, 26 insertions(+), 21 deletions(-) -- 2.7.4 diff --git a/net/key/af_key.c b/net/key/af_key.c index d49fa0dd2634..08e2c6159e03 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c @@ -65,6 +65,10 @@ struct pfkey_sock { } dump; }; +static int parse_sockaddr_pair(struct sockaddr *sa, int ext_len, + xfrm_address_t *saddr, xfrm_address_t *daddr, + u16 *family); + static inline struct pfkey_sock *pfkey_sk(struct sock *sk) { return (struct pfkey_sock *)sk; @@ -1921,19 +1925,14 @@ parse_ipsecrequest(struct xfrm_policy *xp, struct sadb_x_ipsecrequest *rq) /* addresses present only in tunnel mode */ if (t->mode == XFRM_MODE_TUNNEL) { - u8 *sa = (u8 *) (rq + 1); - int family, socklen; + int err; - family = pfkey_sockaddr_extract((struct sockaddr *)sa, - &t->saddr); - if (!family) - return -EINVAL; - - socklen = pfkey_sockaddr_len(family); - if (pfkey_sockaddr_extract((struct sockaddr *)(sa + socklen), - &t->id.daddr) != family) - return -EINVAL; - t->encap_family = family; + err = parse_sockaddr_pair( + (struct sockaddr *)(rq + 1), + rq->sadb_x_ipsecrequest_len - sizeof(*rq), + &t->saddr, &t->id.daddr, &t->encap_family); + if (err) + return err; } else t->encap_family = xp->family; @@ -1953,7 +1952,11 @@ parse_ipsecrequests(struct xfrm_policy *xp, struct sadb_x_policy *pol) if (pol->sadb_x_policy_len * 8 < sizeof(struct sadb_x_policy)) return -EINVAL; - while (len >= sizeof(struct sadb_x_ipsecrequest)) { + while (len >= sizeof(*rq)) { + if (len < rq->sadb_x_ipsecrequest_len || + rq->sadb_x_ipsecrequest_len < sizeof(*rq)) + return -EINVAL; + if ((err = parse_ipsecrequest(xp, rq)) < 0) return err; len -= rq->sadb_x_ipsecrequest_len; @@ -2416,7 +2419,6 @@ out: return err; } -#ifdef CONFIG_NET_KEY_MIGRATE static int pfkey_sockaddr_pair_size(sa_family_t family) { return PFKEY_ALIGN8(pfkey_sockaddr_len(family) * 2); @@ -2428,7 +2430,7 @@ static int parse_sockaddr_pair(struct sockaddr *sa, int ext_len, { int af, socklen; - if (ext_len < pfkey_sockaddr_pair_size(sa->sa_family)) + if (ext_len < 2 || ext_len < pfkey_sockaddr_pair_size(sa->sa_family)) return -EINVAL; af = pfkey_sockaddr_extract(sa, saddr); @@ -2444,6 +2446,7 @@ static int parse_sockaddr_pair(struct sockaddr *sa, int ext_len, return 0; } +#ifdef CONFIG_NET_KEY_MIGRATE static int ipsecrequests_to_migrate(struct sadb_x_ipsecrequest *rq1, int len, struct xfrm_migrate *m) { @@ -2451,13 +2454,14 @@ static int ipsecrequests_to_migrate(struct sadb_x_ipsecrequest *rq1, int len, struct sadb_x_ipsecrequest *rq2; int mode; - if (len <= sizeof(struct sadb_x_ipsecrequest) || - len < rq1->sadb_x_ipsecrequest_len) + if (len < sizeof(*rq1) || + len < rq1->sadb_x_ipsecrequest_len || + rq1->sadb_x_ipsecrequest_len < sizeof(*rq1)) return -EINVAL; /* old endoints */ err = parse_sockaddr_pair((struct sockaddr *)(rq1 + 1), - rq1->sadb_x_ipsecrequest_len, + rq1->sadb_x_ipsecrequest_len - sizeof(*rq1), &m->old_saddr, &m->old_daddr, &m->old_family); if (err) @@ -2466,13 +2470,14 @@ static int ipsecrequests_to_migrate(struct sadb_x_ipsecrequest *rq1, int len, rq2 = (struct sadb_x_ipsecrequest *)((u8 *)rq1 + rq1->sadb_x_ipsecrequest_len); len -= rq1->sadb_x_ipsecrequest_len; - if (len <= sizeof(struct sadb_x_ipsecrequest) || - len < rq2->sadb_x_ipsecrequest_len) + if (len <= sizeof(*rq2) || + len < rq2->sadb_x_ipsecrequest_len || + rq2->sadb_x_ipsecrequest_len < sizeof(*rq2)) return -EINVAL; /* new endpoints */ err = parse_sockaddr_pair((struct sockaddr *)(rq2 + 1), - rq2->sadb_x_ipsecrequest_len, + rq2->sadb_x_ipsecrequest_len - sizeof(*rq2), &m->new_saddr, &m->new_daddr, &m->new_family); if (err)