asus-nb-wmi: Add wapf4 quirk for the X550VC #250
+9
−0
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
X550VC as many others Asus laptops need wapf4 quirk to make RFKILL switch be functional. Otherwise system boots with wireless card disabled and is only possible to enable it by suspend/resume. Bug report: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1334230
|
Can kernel bisection resolve this issue? |
|
@Frennzzy I don't have this laptop to build a kernel, while setting wapf to 4 in |
0day-ci
pushed a commit
to 0day-ci/linux
that referenced
this pull request
May 2, 2016
When filesystem is corrupted in the right way, it can happen ext4_mark_iloc_dirty() in ext4_orphan_add() returns error and we subsequently remove inode from the in-memory orphan list. However this deletion is done with list_del(&EXT4_I(inode)->i_orphan) and thus we leave i_orphan list_head with a stale content. Later we can look at this content causing list corruption, oops, or other issues. The reported trace looked like: WARNING: CPU: 0 PID: 46 at lib/list_debug.c:53 __list_del_entry+0x6b/0x100() list_del corruption, 0000000061c1d6e0->next is LIST_POISON1 0000000000100100) CPU: 0 PID: 46 Comm: ext4.exe Not tainted 4.1.0-rc4+ torvalds#250 Stack: 60462947 62219960 602ede24 62219960 602ede24 603ca293 622198f0 602f02eb 62219950 6002c12c 62219900 601b4d6b Call Trace: [<6005769c>] ? vprintk_emit+0x2dc/0x5c0 [<602ede24>] ? printk+0x0/0x94 [<600190bc>] show_stack+0xdc/0x1a0 [<602ede24>] ? printk+0x0/0x94 [<602ede24>] ? printk+0x0/0x94 [<602f02eb>] dump_stack+0x2a/0x2c [<6002c12c>] warn_slowpath_common+0x9c/0xf0 [<601b4d6b>] ? __list_del_entry+0x6b/0x100 [<6002c254>] warn_slowpath_fmt+0x94/0xa0 [<602f4d09>] ? __mutex_lock_slowpath+0x239/0x3a0 [<6002c1c0>] ? warn_slowpath_fmt+0x0/0xa0 [<60023ebf>] ? set_signals+0x3f/0x50 [<600a205a>] ? kmem_cache_free+0x10a/0x180 [<602f4e88>] ? mutex_lock+0x18/0x30 [<601b4d6b>] __list_del_entry+0x6b/0x100 [<601177ec>] ext4_orphan_del+0x22c/0x2f0 [<6012f27c>] ? __ext4_journal_start_sb+0x2c/0xa0 [<6010b973>] ? ext4_truncate+0x383/0x390 [<6010bc8b>] ext4_write_begin+0x30b/0x4b0 [<6001bb50>] ? copy_from_user+0x0/0xb0 [<601aa840>] ? iov_iter_fault_in_readable+0xa0/0xc0 [<60072c4f>] generic_perform_write+0xaf/0x1e0 [<600c4166>] ? file_update_time+0x46/0x110 [<60072f0f>] __generic_file_write_iter+0x18f/0x1b0 [<6010030f>] ext4_file_write_iter+0x15f/0x470 [<60094e10>] ? unlink_file_vma+0x0/0x70 [<6009b180>] ? unlink_anon_vmas+0x0/0x260 [<6008f169>] ? free_pgtables+0xb9/0x100 [<600a6030>] __vfs_write+0xb0/0x130 [<600a61d5>] vfs_write+0xa5/0x170 [<600a63d6>] SyS_write+0x56/0xe0 [<6029fcb0>] ? __libc_waitpid+0x0/0xa0 [<6001b698>] handle_syscall+0x68/0x90 [<6002633d>] userspace+0x4fd/0x600 [<6002274f>] ? save_registers+0x1f/0x40 [<60028bd7>] ? arch_prctl+0x177/0x1b0 [<60017bd5>] fork_handler+0x85/0x90 Fix the problem by using list_del_init() as we always should with i_orphan list. CC: stable@vger.kernel.org Reported-by: Vegard Nossum <vegard.nossum@oracle.com> Signed-off-by: Jan Kara <jack@suse.cz>
0day-ci
pushed a commit
to 0day-ci/linux
that referenced
this pull request
May 9, 2016
When filesystem is corrupted in the right way, it can happen ext4_mark_iloc_dirty() in ext4_orphan_add() returns error and we subsequently remove inode from the in-memory orphan list. However this deletion is done with list_del(&EXT4_I(inode)->i_orphan) and thus we leave i_orphan list_head with a stale content. Later we can look at this content causing list corruption, oops, or other issues. The reported trace looked like: WARNING: CPU: 0 PID: 46 at lib/list_debug.c:53 __list_del_entry+0x6b/0x100() list_del corruption, 0000000061c1d6e0->next is LIST_POISON1 0000000000100100) CPU: 0 PID: 46 Comm: ext4.exe Not tainted 4.1.0-rc4+ torvalds#250 Stack: 60462947 62219960 602ede24 62219960 602ede24 603ca293 622198f0 602f02eb 62219950 6002c12c 62219900 601b4d6b Call Trace: [<6005769c>] ? vprintk_emit+0x2dc/0x5c0 [<602ede24>] ? printk+0x0/0x94 [<600190bc>] show_stack+0xdc/0x1a0 [<602ede24>] ? printk+0x0/0x94 [<602ede24>] ? printk+0x0/0x94 [<602f02eb>] dump_stack+0x2a/0x2c [<6002c12c>] warn_slowpath_common+0x9c/0xf0 [<601b4d6b>] ? __list_del_entry+0x6b/0x100 [<6002c254>] warn_slowpath_fmt+0x94/0xa0 [<602f4d09>] ? __mutex_lock_slowpath+0x239/0x3a0 [<6002c1c0>] ? warn_slowpath_fmt+0x0/0xa0 [<60023ebf>] ? set_signals+0x3f/0x50 [<600a205a>] ? kmem_cache_free+0x10a/0x180 [<602f4e88>] ? mutex_lock+0x18/0x30 [<601b4d6b>] __list_del_entry+0x6b/0x100 [<601177ec>] ext4_orphan_del+0x22c/0x2f0 [<6012f27c>] ? __ext4_journal_start_sb+0x2c/0xa0 [<6010b973>] ? ext4_truncate+0x383/0x390 [<6010bc8b>] ext4_write_begin+0x30b/0x4b0 [<6001bb50>] ? copy_from_user+0x0/0xb0 [<601aa840>] ? iov_iter_fault_in_readable+0xa0/0xc0 [<60072c4f>] generic_perform_write+0xaf/0x1e0 [<600c4166>] ? file_update_time+0x46/0x110 [<60072f0f>] __generic_file_write_iter+0x18f/0x1b0 [<6010030f>] ext4_file_write_iter+0x15f/0x470 [<60094e10>] ? unlink_file_vma+0x0/0x70 [<6009b180>] ? unlink_anon_vmas+0x0/0x260 [<6008f169>] ? free_pgtables+0xb9/0x100 [<600a6030>] __vfs_write+0xb0/0x130 [<600a61d5>] vfs_write+0xa5/0x170 [<600a63d6>] SyS_write+0x56/0xe0 [<6029fcb0>] ? __libc_waitpid+0x0/0xa0 [<6001b698>] handle_syscall+0x68/0x90 [<6002633d>] userspace+0x4fd/0x600 [<6002274f>] ? save_registers+0x1f/0x40 [<60028bd7>] ? arch_prctl+0x177/0x1b0 [<60017bd5>] fork_handler+0x85/0x90 Fix the problem by using list_del_init() as we always should with i_orphan list. CC: stable@vger.kernel.org Reported-by: Vegard Nossum <vegard.nossum@oracle.com> Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Theodore Ts'o <tytso@mit.edu>
torvalds
pushed a commit
that referenced
this pull request
May 14, 2016
Original implementation commit e54bcde ("arm64: eBPF JIT compiler") had the relevant code paths, but due to an oversight always fail jiting. As a result, we had been falling back to BPF interpreter whenever a BPF program has JMP_JSET_{X,K} instructions. With this fix, we confirm that the corresponding tests in lib/test_bpf continue to pass, and also jited. ... [ 2.784553] test_bpf: #30 JSET jited:1 188 192 197 PASS [ 2.791373] test_bpf: #31 tcpdump port 22 jited:1 325 677 625 PASS [ 2.808800] test_bpf: #32 tcpdump complex jited:1 323 731 991 PASS ... [ 3.190759] test_bpf: #237 JMP_JSET_K: if (0x3 & 0x2) return 1 jited:1 110 PASS [ 3.192524] test_bpf: #238 JMP_JSET_K: if (0x3 & 0xffffffff) return 1 jited:1 98 PASS [ 3.211014] test_bpf: #249 JMP_JSET_X: if (0x3 & 0x2) return 1 jited:1 120 PASS [ 3.212973] test_bpf: #250 JMP_JSET_X: if (0x3 & 0xffffffff) return 1 jited:1 89 PASS ... Fixes: e54bcde ("arm64: eBPF JIT compiler") Signed-off-by: Zi Shen Lim <zlim.lnx@gmail.com> Acked-by: Will Deacon <will.deacon@arm.com> Acked-by: Yang Shi <yang.shi@linaro.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Noltari
pushed a commit
to Noltari/linux
that referenced
this pull request
Jun 8, 2016
[ Upstream commit 74177f5 ] When filesystem is corrupted in the right way, it can happen ext4_mark_iloc_dirty() in ext4_orphan_add() returns error and we subsequently remove inode from the in-memory orphan list. However this deletion is done with list_del(&EXT4_I(inode)->i_orphan) and thus we leave i_orphan list_head with a stale content. Later we can look at this content causing list corruption, oops, or other issues. The reported trace looked like: WARNING: CPU: 0 PID: 46 at lib/list_debug.c:53 __list_del_entry+0x6b/0x100() list_del corruption, 0000000061c1d6e0->next is LIST_POISON1 0000000000100100) CPU: 0 PID: 46 Comm: ext4.exe Not tainted 4.1.0-rc4+ torvalds#250 Stack: 60462947 62219960 602ede24 62219960 602ede24 603ca293 622198f0 602f02eb 62219950 6002c12c 62219900 601b4d6b Call Trace: [<6005769c>] ? vprintk_emit+0x2dc/0x5c0 [<602ede24>] ? printk+0x0/0x94 [<600190bc>] show_stack+0xdc/0x1a0 [<602ede24>] ? printk+0x0/0x94 [<602ede24>] ? printk+0x0/0x94 [<602f02eb>] dump_stack+0x2a/0x2c [<6002c12c>] warn_slowpath_common+0x9c/0xf0 [<601b4d6b>] ? __list_del_entry+0x6b/0x100 [<6002c254>] warn_slowpath_fmt+0x94/0xa0 [<602f4d09>] ? __mutex_lock_slowpath+0x239/0x3a0 [<6002c1c0>] ? warn_slowpath_fmt+0x0/0xa0 [<60023ebf>] ? set_signals+0x3f/0x50 [<600a205a>] ? kmem_cache_free+0x10a/0x180 [<602f4e88>] ? mutex_lock+0x18/0x30 [<601b4d6b>] __list_del_entry+0x6b/0x100 [<601177ec>] ext4_orphan_del+0x22c/0x2f0 [<6012f27c>] ? __ext4_journal_start_sb+0x2c/0xa0 [<6010b973>] ? ext4_truncate+0x383/0x390 [<6010bc8b>] ext4_write_begin+0x30b/0x4b0 [<6001bb50>] ? copy_from_user+0x0/0xb0 [<601aa840>] ? iov_iter_fault_in_readable+0xa0/0xc0 [<60072c4f>] generic_perform_write+0xaf/0x1e0 [<600c4166>] ? file_update_time+0x46/0x110 [<60072f0f>] __generic_file_write_iter+0x18f/0x1b0 [<6010030f>] ext4_file_write_iter+0x15f/0x470 [<60094e10>] ? unlink_file_vma+0x0/0x70 [<6009b180>] ? unlink_anon_vmas+0x0/0x260 [<6008f169>] ? free_pgtables+0xb9/0x100 [<600a6030>] __vfs_write+0xb0/0x130 [<600a61d5>] vfs_write+0xa5/0x170 [<600a63d6>] SyS_write+0x56/0xe0 [<6029fcb0>] ? __libc_waitpid+0x0/0xa0 [<6001b698>] handle_syscall+0x68/0x90 [<6002633d>] userspace+0x4fd/0x600 [<6002274f>] ? save_registers+0x1f/0x40 [<60028bd7>] ? arch_prctl+0x177/0x1b0 [<60017bd5>] fork_handler+0x85/0x90 Fix the problem by using list_del_init() as we always should with i_orphan list. CC: stable@vger.kernel.org Reported-by: Vegard Nossum <vegard.nossum@oracle.com> Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Noltari
pushed a commit
to Noltari/linux
that referenced
this pull request
Jun 8, 2016
[ Upstream commit 74177f5 ] When filesystem is corrupted in the right way, it can happen ext4_mark_iloc_dirty() in ext4_orphan_add() returns error and we subsequently remove inode from the in-memory orphan list. However this deletion is done with list_del(&EXT4_I(inode)->i_orphan) and thus we leave i_orphan list_head with a stale content. Later we can look at this content causing list corruption, oops, or other issues. The reported trace looked like: WARNING: CPU: 0 PID: 46 at lib/list_debug.c:53 __list_del_entry+0x6b/0x100() list_del corruption, 0000000061c1d6e0->next is LIST_POISON1 0000000000100100) CPU: 0 PID: 46 Comm: ext4.exe Not tainted 4.1.0-rc4+ torvalds#250 Stack: 60462947 62219960 602ede24 62219960 602ede24 603ca293 622198f0 602f02eb 62219950 6002c12c 62219900 601b4d6b Call Trace: [<6005769c>] ? vprintk_emit+0x2dc/0x5c0 [<602ede24>] ? printk+0x0/0x94 [<600190bc>] show_stack+0xdc/0x1a0 [<602ede24>] ? printk+0x0/0x94 [<602ede24>] ? printk+0x0/0x94 [<602f02eb>] dump_stack+0x2a/0x2c [<6002c12c>] warn_slowpath_common+0x9c/0xf0 [<601b4d6b>] ? __list_del_entry+0x6b/0x100 [<6002c254>] warn_slowpath_fmt+0x94/0xa0 [<602f4d09>] ? __mutex_lock_slowpath+0x239/0x3a0 [<6002c1c0>] ? warn_slowpath_fmt+0x0/0xa0 [<60023ebf>] ? set_signals+0x3f/0x50 [<600a205a>] ? kmem_cache_free+0x10a/0x180 [<602f4e88>] ? mutex_lock+0x18/0x30 [<601b4d6b>] __list_del_entry+0x6b/0x100 [<601177ec>] ext4_orphan_del+0x22c/0x2f0 [<6012f27c>] ? __ext4_journal_start_sb+0x2c/0xa0 [<6010b973>] ? ext4_truncate+0x383/0x390 [<6010bc8b>] ext4_write_begin+0x30b/0x4b0 [<6001bb50>] ? copy_from_user+0x0/0xb0 [<601aa840>] ? iov_iter_fault_in_readable+0xa0/0xc0 [<60072c4f>] generic_perform_write+0xaf/0x1e0 [<600c4166>] ? file_update_time+0x46/0x110 [<60072f0f>] __generic_file_write_iter+0x18f/0x1b0 [<6010030f>] ext4_file_write_iter+0x15f/0x470 [<60094e10>] ? unlink_file_vma+0x0/0x70 [<6009b180>] ? unlink_anon_vmas+0x0/0x260 [<6008f169>] ? free_pgtables+0xb9/0x100 [<600a6030>] __vfs_write+0xb0/0x130 [<600a61d5>] vfs_write+0xa5/0x170 [<600a63d6>] SyS_write+0x56/0xe0 [<6029fcb0>] ? __libc_waitpid+0x0/0xa0 [<6001b698>] handle_syscall+0x68/0x90 [<6002633d>] userspace+0x4fd/0x600 [<6002274f>] ? save_registers+0x1f/0x40 [<60028bd7>] ? arch_prctl+0x177/0x1b0 [<60017bd5>] fork_handler+0x85/0x90 Fix the problem by using list_del_init() as we always should with i_orphan list. CC: stable@vger.kernel.org Reported-by: Vegard Nossum <vegard.nossum@oracle.com> Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Noltari
pushed a commit
to Noltari/linux
that referenced
this pull request
Jun 8, 2016
commit 74177f5 upstream. When filesystem is corrupted in the right way, it can happen ext4_mark_iloc_dirty() in ext4_orphan_add() returns error and we subsequently remove inode from the in-memory orphan list. However this deletion is done with list_del(&EXT4_I(inode)->i_orphan) and thus we leave i_orphan list_head with a stale content. Later we can look at this content causing list corruption, oops, or other issues. The reported trace looked like: WARNING: CPU: 0 PID: 46 at lib/list_debug.c:53 __list_del_entry+0x6b/0x100() list_del corruption, 0000000061c1d6e0->next is LIST_POISON1 0000000000100100) CPU: 0 PID: 46 Comm: ext4.exe Not tainted 4.1.0-rc4+ torvalds#250 Stack: 60462947 62219960 602ede24 62219960 602ede24 603ca293 622198f0 602f02eb 62219950 6002c12c 62219900 601b4d6b Call Trace: [<6005769c>] ? vprintk_emit+0x2dc/0x5c0 [<602ede24>] ? printk+0x0/0x94 [<600190bc>] show_stack+0xdc/0x1a0 [<602ede24>] ? printk+0x0/0x94 [<602ede24>] ? printk+0x0/0x94 [<602f02eb>] dump_stack+0x2a/0x2c [<6002c12c>] warn_slowpath_common+0x9c/0xf0 [<601b4d6b>] ? __list_del_entry+0x6b/0x100 [<6002c254>] warn_slowpath_fmt+0x94/0xa0 [<602f4d09>] ? __mutex_lock_slowpath+0x239/0x3a0 [<6002c1c0>] ? warn_slowpath_fmt+0x0/0xa0 [<60023ebf>] ? set_signals+0x3f/0x50 [<600a205a>] ? kmem_cache_free+0x10a/0x180 [<602f4e88>] ? mutex_lock+0x18/0x30 [<601b4d6b>] __list_del_entry+0x6b/0x100 [<601177ec>] ext4_orphan_del+0x22c/0x2f0 [<6012f27c>] ? __ext4_journal_start_sb+0x2c/0xa0 [<6010b973>] ? ext4_truncate+0x383/0x390 [<6010bc8b>] ext4_write_begin+0x30b/0x4b0 [<6001bb50>] ? copy_from_user+0x0/0xb0 [<601aa840>] ? iov_iter_fault_in_readable+0xa0/0xc0 [<60072c4f>] generic_perform_write+0xaf/0x1e0 [<600c4166>] ? file_update_time+0x46/0x110 [<60072f0f>] __generic_file_write_iter+0x18f/0x1b0 [<6010030f>] ext4_file_write_iter+0x15f/0x470 [<60094e10>] ? unlink_file_vma+0x0/0x70 [<6009b180>] ? unlink_anon_vmas+0x0/0x260 [<6008f169>] ? free_pgtables+0xb9/0x100 [<600a6030>] __vfs_write+0xb0/0x130 [<600a61d5>] vfs_write+0xa5/0x170 [<600a63d6>] SyS_write+0x56/0xe0 [<6029fcb0>] ? __libc_waitpid+0x0/0xa0 [<6001b698>] handle_syscall+0x68/0x90 [<6002633d>] userspace+0x4fd/0x600 [<6002274f>] ? save_registers+0x1f/0x40 [<60028bd7>] ? arch_prctl+0x177/0x1b0 [<60017bd5>] fork_handler+0x85/0x90 Fix the problem by using list_del_init() as we always should with i_orphan list. Reported-by: Vegard Nossum <vegard.nossum@oracle.com> Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
heftig
referenced
this pull request
in zen-kernel/zen-kernel
Jun 8, 2016
commit 74177f5 upstream. When filesystem is corrupted in the right way, it can happen ext4_mark_iloc_dirty() in ext4_orphan_add() returns error and we subsequently remove inode from the in-memory orphan list. However this deletion is done with list_del(&EXT4_I(inode)->i_orphan) and thus we leave i_orphan list_head with a stale content. Later we can look at this content causing list corruption, oops, or other issues. The reported trace looked like: WARNING: CPU: 0 PID: 46 at lib/list_debug.c:53 __list_del_entry+0x6b/0x100() list_del corruption, 0000000061c1d6e0->next is LIST_POISON1 0000000000100100) CPU: 0 PID: 46 Comm: ext4.exe Not tainted 4.1.0-rc4+ #250 Stack: 60462947 62219960 602ede24 62219960 602ede24 603ca293 622198f0 602f02eb 62219950 6002c12c 62219900 601b4d6b Call Trace: [<6005769c>] ? vprintk_emit+0x2dc/0x5c0 [<602ede24>] ? printk+0x0/0x94 [<600190bc>] show_stack+0xdc/0x1a0 [<602ede24>] ? printk+0x0/0x94 [<602ede24>] ? printk+0x0/0x94 [<602f02eb>] dump_stack+0x2a/0x2c [<6002c12c>] warn_slowpath_common+0x9c/0xf0 [<601b4d6b>] ? __list_del_entry+0x6b/0x100 [<6002c254>] warn_slowpath_fmt+0x94/0xa0 [<602f4d09>] ? __mutex_lock_slowpath+0x239/0x3a0 [<6002c1c0>] ? warn_slowpath_fmt+0x0/0xa0 [<60023ebf>] ? set_signals+0x3f/0x50 [<600a205a>] ? kmem_cache_free+0x10a/0x180 [<602f4e88>] ? mutex_lock+0x18/0x30 [<601b4d6b>] __list_del_entry+0x6b/0x100 [<601177ec>] ext4_orphan_del+0x22c/0x2f0 [<6012f27c>] ? __ext4_journal_start_sb+0x2c/0xa0 [<6010b973>] ? ext4_truncate+0x383/0x390 [<6010bc8b>] ext4_write_begin+0x30b/0x4b0 [<6001bb50>] ? copy_from_user+0x0/0xb0 [<601aa840>] ? iov_iter_fault_in_readable+0xa0/0xc0 [<60072c4f>] generic_perform_write+0xaf/0x1e0 [<600c4166>] ? file_update_time+0x46/0x110 [<60072f0f>] __generic_file_write_iter+0x18f/0x1b0 [<6010030f>] ext4_file_write_iter+0x15f/0x470 [<60094e10>] ? unlink_file_vma+0x0/0x70 [<6009b180>] ? unlink_anon_vmas+0x0/0x260 [<6008f169>] ? free_pgtables+0xb9/0x100 [<600a6030>] __vfs_write+0xb0/0x130 [<600a61d5>] vfs_write+0xa5/0x170 [<600a63d6>] SyS_write+0x56/0xe0 [<6029fcb0>] ? __libc_waitpid+0x0/0xa0 [<6001b698>] handle_syscall+0x68/0x90 [<6002633d>] userspace+0x4fd/0x600 [<6002274f>] ? save_registers+0x1f/0x40 [<60028bd7>] ? arch_prctl+0x177/0x1b0 [<60017bd5>] fork_handler+0x85/0x90 Fix the problem by using list_del_init() as we always should with i_orphan list. Reported-by: Vegard Nossum <vegard.nossum@oracle.com> Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
sashalevin
pushed a commit
to sashalevin/linux-stable-security
that referenced
this pull request
Jul 15, 2016
commit 74177f5 upstream. When filesystem is corrupted in the right way, it can happen ext4_mark_iloc_dirty() in ext4_orphan_add() returns error and we subsequently remove inode from the in-memory orphan list. However this deletion is done with list_del(&EXT4_I(inode)->i_orphan) and thus we leave i_orphan list_head with a stale content. Later we can look at this content causing list corruption, oops, or other issues. The reported trace looked like: WARNING: CPU: 0 PID: 46 at lib/list_debug.c:53 __list_del_entry+0x6b/0x100() list_del corruption, 0000000061c1d6e0->next is LIST_POISON1 0000000000100100) CPU: 0 PID: 46 Comm: ext4.exe Not tainted 4.1.0-rc4+ torvalds#250 Stack: 60462947 62219960 602ede24 62219960 602ede24 603ca293 622198f0 602f02eb 62219950 6002c12c 62219900 601b4d6b Call Trace: [<6005769c>] ? vprintk_emit+0x2dc/0x5c0 [<602ede24>] ? printk+0x0/0x94 [<600190bc>] show_stack+0xdc/0x1a0 [<602ede24>] ? printk+0x0/0x94 [<602ede24>] ? printk+0x0/0x94 [<602f02eb>] dump_stack+0x2a/0x2c [<6002c12c>] warn_slowpath_common+0x9c/0xf0 [<601b4d6b>] ? __list_del_entry+0x6b/0x100 [<6002c254>] warn_slowpath_fmt+0x94/0xa0 [<602f4d09>] ? __mutex_lock_slowpath+0x239/0x3a0 [<6002c1c0>] ? warn_slowpath_fmt+0x0/0xa0 [<60023ebf>] ? set_signals+0x3f/0x50 [<600a205a>] ? kmem_cache_free+0x10a/0x180 [<602f4e88>] ? mutex_lock+0x18/0x30 [<601b4d6b>] __list_del_entry+0x6b/0x100 [<601177ec>] ext4_orphan_del+0x22c/0x2f0 [<6012f27c>] ? __ext4_journal_start_sb+0x2c/0xa0 [<6010b973>] ? ext4_truncate+0x383/0x390 [<6010bc8b>] ext4_write_begin+0x30b/0x4b0 [<6001bb50>] ? copy_from_user+0x0/0xb0 [<601aa840>] ? iov_iter_fault_in_readable+0xa0/0xc0 [<60072c4f>] generic_perform_write+0xaf/0x1e0 [<600c4166>] ? file_update_time+0x46/0x110 [<60072f0f>] __generic_file_write_iter+0x18f/0x1b0 [<6010030f>] ext4_file_write_iter+0x15f/0x470 [<60094e10>] ? unlink_file_vma+0x0/0x70 [<6009b180>] ? unlink_anon_vmas+0x0/0x260 [<6008f169>] ? free_pgtables+0xb9/0x100 [<600a6030>] __vfs_write+0xb0/0x130 [<600a61d5>] vfs_write+0xa5/0x170 [<600a63d6>] SyS_write+0x56/0xe0 [<6029fcb0>] ? __libc_waitpid+0x0/0xa0 [<6001b698>] handle_syscall+0x68/0x90 [<6002633d>] userspace+0x4fd/0x600 [<6002274f>] ? save_registers+0x1f/0x40 [<60028bd7>] ? arch_prctl+0x177/0x1b0 [<60017bd5>] fork_handler+0x85/0x90 Fix the problem by using list_del_init() as we always should with i_orphan list. Reported-by: Vegard Nossum <vegard.nossum@oracle.com> Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
sashalevin
pushed a commit
to sashalevin/linux-stable-security
that referenced
this pull request
Jul 15, 2016
commit 74177f5 upstream. When filesystem is corrupted in the right way, it can happen ext4_mark_iloc_dirty() in ext4_orphan_add() returns error and we subsequently remove inode from the in-memory orphan list. However this deletion is done with list_del(&EXT4_I(inode)->i_orphan) and thus we leave i_orphan list_head with a stale content. Later we can look at this content causing list corruption, oops, or other issues. The reported trace looked like: WARNING: CPU: 0 PID: 46 at lib/list_debug.c:53 __list_del_entry+0x6b/0x100() list_del corruption, 0000000061c1d6e0->next is LIST_POISON1 0000000000100100) CPU: 0 PID: 46 Comm: ext4.exe Not tainted 4.1.0-rc4+ torvalds#250 Stack: 60462947 62219960 602ede24 62219960 602ede24 603ca293 622198f0 602f02eb 62219950 6002c12c 62219900 601b4d6b Call Trace: [<6005769c>] ? vprintk_emit+0x2dc/0x5c0 [<602ede24>] ? printk+0x0/0x94 [<600190bc>] show_stack+0xdc/0x1a0 [<602ede24>] ? printk+0x0/0x94 [<602ede24>] ? printk+0x0/0x94 [<602f02eb>] dump_stack+0x2a/0x2c [<6002c12c>] warn_slowpath_common+0x9c/0xf0 [<601b4d6b>] ? __list_del_entry+0x6b/0x100 [<6002c254>] warn_slowpath_fmt+0x94/0xa0 [<602f4d09>] ? __mutex_lock_slowpath+0x239/0x3a0 [<6002c1c0>] ? warn_slowpath_fmt+0x0/0xa0 [<60023ebf>] ? set_signals+0x3f/0x50 [<600a205a>] ? kmem_cache_free+0x10a/0x180 [<602f4e88>] ? mutex_lock+0x18/0x30 [<601b4d6b>] __list_del_entry+0x6b/0x100 [<601177ec>] ext4_orphan_del+0x22c/0x2f0 [<6012f27c>] ? __ext4_journal_start_sb+0x2c/0xa0 [<6010b973>] ? ext4_truncate+0x383/0x390 [<6010bc8b>] ext4_write_begin+0x30b/0x4b0 [<6001bb50>] ? copy_from_user+0x0/0xb0 [<601aa840>] ? iov_iter_fault_in_readable+0xa0/0xc0 [<60072c4f>] generic_perform_write+0xaf/0x1e0 [<600c4166>] ? file_update_time+0x46/0x110 [<60072f0f>] __generic_file_write_iter+0x18f/0x1b0 [<6010030f>] ext4_file_write_iter+0x15f/0x470 [<60094e10>] ? unlink_file_vma+0x0/0x70 [<6009b180>] ? unlink_anon_vmas+0x0/0x260 [<6008f169>] ? free_pgtables+0xb9/0x100 [<600a6030>] __vfs_write+0xb0/0x130 [<600a61d5>] vfs_write+0xa5/0x170 [<600a63d6>] SyS_write+0x56/0xe0 [<6029fcb0>] ? __libc_waitpid+0x0/0xa0 [<6001b698>] handle_syscall+0x68/0x90 [<6002633d>] userspace+0x4fd/0x600 [<6002274f>] ? save_registers+0x1f/0x40 [<60028bd7>] ? arch_prctl+0x177/0x1b0 [<60017bd5>] fork_handler+0x85/0x90 Fix the problem by using list_del_init() as we always should with i_orphan list. Reported-by: Vegard Nossum <vegard.nossum@oracle.com> Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
sashalevin
pushed a commit
to sashalevin/linux-stable-security
that referenced
this pull request
Jul 15, 2016
[ Upstream commit 74177f5 ] When filesystem is corrupted in the right way, it can happen ext4_mark_iloc_dirty() in ext4_orphan_add() returns error and we subsequently remove inode from the in-memory orphan list. However this deletion is done with list_del(&EXT4_I(inode)->i_orphan) and thus we leave i_orphan list_head with a stale content. Later we can look at this content causing list corruption, oops, or other issues. The reported trace looked like: WARNING: CPU: 0 PID: 46 at lib/list_debug.c:53 __list_del_entry+0x6b/0x100() list_del corruption, 0000000061c1d6e0->next is LIST_POISON1 0000000000100100) CPU: 0 PID: 46 Comm: ext4.exe Not tainted 4.1.0-rc4+ torvalds#250 Stack: 60462947 62219960 602ede24 62219960 602ede24 603ca293 622198f0 602f02eb 62219950 6002c12c 62219900 601b4d6b Call Trace: [<6005769c>] ? vprintk_emit+0x2dc/0x5c0 [<602ede24>] ? printk+0x0/0x94 [<600190bc>] show_stack+0xdc/0x1a0 [<602ede24>] ? printk+0x0/0x94 [<602ede24>] ? printk+0x0/0x94 [<602f02eb>] dump_stack+0x2a/0x2c [<6002c12c>] warn_slowpath_common+0x9c/0xf0 [<601b4d6b>] ? __list_del_entry+0x6b/0x100 [<6002c254>] warn_slowpath_fmt+0x94/0xa0 [<602f4d09>] ? __mutex_lock_slowpath+0x239/0x3a0 [<6002c1c0>] ? warn_slowpath_fmt+0x0/0xa0 [<60023ebf>] ? set_signals+0x3f/0x50 [<600a205a>] ? kmem_cache_free+0x10a/0x180 [<602f4e88>] ? mutex_lock+0x18/0x30 [<601b4d6b>] __list_del_entry+0x6b/0x100 [<601177ec>] ext4_orphan_del+0x22c/0x2f0 [<6012f27c>] ? __ext4_journal_start_sb+0x2c/0xa0 [<6010b973>] ? ext4_truncate+0x383/0x390 [<6010bc8b>] ext4_write_begin+0x30b/0x4b0 [<6001bb50>] ? copy_from_user+0x0/0xb0 [<601aa840>] ? iov_iter_fault_in_readable+0xa0/0xc0 [<60072c4f>] generic_perform_write+0xaf/0x1e0 [<600c4166>] ? file_update_time+0x46/0x110 [<60072f0f>] __generic_file_write_iter+0x18f/0x1b0 [<6010030f>] ext4_file_write_iter+0x15f/0x470 [<60094e10>] ? unlink_file_vma+0x0/0x70 [<6009b180>] ? unlink_anon_vmas+0x0/0x260 [<6008f169>] ? free_pgtables+0xb9/0x100 [<600a6030>] __vfs_write+0xb0/0x130 [<600a61d5>] vfs_write+0xa5/0x170 [<600a63d6>] SyS_write+0x56/0xe0 [<6029fcb0>] ? __libc_waitpid+0x0/0xa0 [<6001b698>] handle_syscall+0x68/0x90 [<6002633d>] userspace+0x4fd/0x600 [<6002274f>] ? save_registers+0x1f/0x40 [<60028bd7>] ? arch_prctl+0x177/0x1b0 [<60017bd5>] fork_handler+0x85/0x90 Fix the problem by using list_del_init() as we always should with i_orphan list. CC: stable@vger.kernel.org Reported-by: Vegard Nossum <vegard.nossum@oracle.com> Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
sashalevin
pushed a commit
to sashalevin/linux-stable-security
that referenced
this pull request
Jul 15, 2016
[ Upstream commit 74177f5 ] When filesystem is corrupted in the right way, it can happen ext4_mark_iloc_dirty() in ext4_orphan_add() returns error and we subsequently remove inode from the in-memory orphan list. However this deletion is done with list_del(&EXT4_I(inode)->i_orphan) and thus we leave i_orphan list_head with a stale content. Later we can look at this content causing list corruption, oops, or other issues. The reported trace looked like: WARNING: CPU: 0 PID: 46 at lib/list_debug.c:53 __list_del_entry+0x6b/0x100() list_del corruption, 0000000061c1d6e0->next is LIST_POISON1 0000000000100100) CPU: 0 PID: 46 Comm: ext4.exe Not tainted 4.1.0-rc4+ torvalds#250 Stack: 60462947 62219960 602ede24 62219960 602ede24 603ca293 622198f0 602f02eb 62219950 6002c12c 62219900 601b4d6b Call Trace: [<6005769c>] ? vprintk_emit+0x2dc/0x5c0 [<602ede24>] ? printk+0x0/0x94 [<600190bc>] show_stack+0xdc/0x1a0 [<602ede24>] ? printk+0x0/0x94 [<602ede24>] ? printk+0x0/0x94 [<602f02eb>] dump_stack+0x2a/0x2c [<6002c12c>] warn_slowpath_common+0x9c/0xf0 [<601b4d6b>] ? __list_del_entry+0x6b/0x100 [<6002c254>] warn_slowpath_fmt+0x94/0xa0 [<602f4d09>] ? __mutex_lock_slowpath+0x239/0x3a0 [<6002c1c0>] ? warn_slowpath_fmt+0x0/0xa0 [<60023ebf>] ? set_signals+0x3f/0x50 [<600a205a>] ? kmem_cache_free+0x10a/0x180 [<602f4e88>] ? mutex_lock+0x18/0x30 [<601b4d6b>] __list_del_entry+0x6b/0x100 [<601177ec>] ext4_orphan_del+0x22c/0x2f0 [<6012f27c>] ? __ext4_journal_start_sb+0x2c/0xa0 [<6010b973>] ? ext4_truncate+0x383/0x390 [<6010bc8b>] ext4_write_begin+0x30b/0x4b0 [<6001bb50>] ? copy_from_user+0x0/0xb0 [<601aa840>] ? iov_iter_fault_in_readable+0xa0/0xc0 [<60072c4f>] generic_perform_write+0xaf/0x1e0 [<600c4166>] ? file_update_time+0x46/0x110 [<60072f0f>] __generic_file_write_iter+0x18f/0x1b0 [<6010030f>] ext4_file_write_iter+0x15f/0x470 [<60094e10>] ? unlink_file_vma+0x0/0x70 [<6009b180>] ? unlink_anon_vmas+0x0/0x260 [<6008f169>] ? free_pgtables+0xb9/0x100 [<600a6030>] __vfs_write+0xb0/0x130 [<600a61d5>] vfs_write+0xa5/0x170 [<600a63d6>] SyS_write+0x56/0xe0 [<6029fcb0>] ? __libc_waitpid+0x0/0xa0 [<6001b698>] handle_syscall+0x68/0x90 [<6002633d>] userspace+0x4fd/0x600 [<6002274f>] ? save_registers+0x1f/0x40 [<60028bd7>] ? arch_prctl+0x177/0x1b0 [<60017bd5>] fork_handler+0x85/0x90 Fix the problem by using list_del_init() as we always should with i_orphan list. CC: stable@vger.kernel.org Reported-by: Vegard Nossum <vegard.nossum@oracle.com> Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
sashalevin
pushed a commit
to sashalevin/linux-stable-security
that referenced
this pull request
Jul 15, 2016
commit 74177f5 upstream. When filesystem is corrupted in the right way, it can happen ext4_mark_iloc_dirty() in ext4_orphan_add() returns error and we subsequently remove inode from the in-memory orphan list. However this deletion is done with list_del(&EXT4_I(inode)->i_orphan) and thus we leave i_orphan list_head with a stale content. Later we can look at this content causing list corruption, oops, or other issues. The reported trace looked like: WARNING: CPU: 0 PID: 46 at lib/list_debug.c:53 __list_del_entry+0x6b/0x100() list_del corruption, 0000000061c1d6e0->next is LIST_POISON1 0000000000100100) CPU: 0 PID: 46 Comm: ext4.exe Not tainted 4.1.0-rc4+ torvalds#250 Stack: 60462947 62219960 602ede24 62219960 602ede24 603ca293 622198f0 602f02eb 62219950 6002c12c 62219900 601b4d6b Call Trace: [<6005769c>] ? vprintk_emit+0x2dc/0x5c0 [<602ede24>] ? printk+0x0/0x94 [<600190bc>] show_stack+0xdc/0x1a0 [<602ede24>] ? printk+0x0/0x94 [<602ede24>] ? printk+0x0/0x94 [<602f02eb>] dump_stack+0x2a/0x2c [<6002c12c>] warn_slowpath_common+0x9c/0xf0 [<601b4d6b>] ? __list_del_entry+0x6b/0x100 [<6002c254>] warn_slowpath_fmt+0x94/0xa0 [<602f4d09>] ? __mutex_lock_slowpath+0x239/0x3a0 [<6002c1c0>] ? warn_slowpath_fmt+0x0/0xa0 [<60023ebf>] ? set_signals+0x3f/0x50 [<600a205a>] ? kmem_cache_free+0x10a/0x180 [<602f4e88>] ? mutex_lock+0x18/0x30 [<601b4d6b>] __list_del_entry+0x6b/0x100 [<601177ec>] ext4_orphan_del+0x22c/0x2f0 [<6012f27c>] ? __ext4_journal_start_sb+0x2c/0xa0 [<6010b973>] ? ext4_truncate+0x383/0x390 [<6010bc8b>] ext4_write_begin+0x30b/0x4b0 [<6001bb50>] ? copy_from_user+0x0/0xb0 [<601aa840>] ? iov_iter_fault_in_readable+0xa0/0xc0 [<60072c4f>] generic_perform_write+0xaf/0x1e0 [<600c4166>] ? file_update_time+0x46/0x110 [<60072f0f>] __generic_file_write_iter+0x18f/0x1b0 [<6010030f>] ext4_file_write_iter+0x15f/0x470 [<60094e10>] ? unlink_file_vma+0x0/0x70 [<6009b180>] ? unlink_anon_vmas+0x0/0x260 [<6008f169>] ? free_pgtables+0xb9/0x100 [<600a6030>] __vfs_write+0xb0/0x130 [<600a61d5>] vfs_write+0xa5/0x170 [<600a63d6>] SyS_write+0x56/0xe0 [<6029fcb0>] ? __libc_waitpid+0x0/0xa0 [<6001b698>] handle_syscall+0x68/0x90 [<6002633d>] userspace+0x4fd/0x600 [<6002274f>] ? save_registers+0x1f/0x40 [<60028bd7>] ? arch_prctl+0x177/0x1b0 [<60017bd5>] fork_handler+0x85/0x90 Fix the problem by using list_del_init() as we always should with i_orphan list. Reported-by: Vegard Nossum <vegard.nossum@oracle.com> Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
gamvrosi
pushed a commit
to gamvrosi/duet-kernel
that referenced
this pull request
Jul 25, 2016
Original implementation commit e54bcde ("arm64: eBPF JIT compiler") had the relevant code paths, but due to an oversight always fail jiting. As a result, we had been falling back to BPF interpreter whenever a BPF program has JMP_JSET_{X,K} instructions. With this fix, we confirm that the corresponding tests in lib/test_bpf continue to pass, and also jited. ... [ 2.784553] test_bpf: torvalds#30 JSET jited:1 188 192 197 PASS [ 2.791373] test_bpf: torvalds#31 tcpdump port 22 jited:1 325 677 625 PASS [ 2.808800] test_bpf: torvalds#32 tcpdump complex jited:1 323 731 991 PASS ... [ 3.190759] test_bpf: torvalds#237 JMP_JSET_K: if (0x3 & 0x2) return 1 jited:1 110 PASS [ 3.192524] test_bpf: torvalds#238 JMP_JSET_K: if (0x3 & 0xffffffff) return 1 jited:1 98 PASS [ 3.211014] test_bpf: torvalds#249 JMP_JSET_X: if (0x3 & 0x2) return 1 jited:1 120 PASS [ 3.212973] test_bpf: torvalds#250 JMP_JSET_X: if (0x3 & 0xffffffff) return 1 jited:1 89 PASS ... Fixes: e54bcde ("arm64: eBPF JIT compiler") Signed-off-by: Zi Shen Lim <zlim.lnx@gmail.com> Acked-by: Will Deacon <will.deacon@arm.com> Acked-by: Yang Shi <yang.shi@linaro.org> Signed-off-by: David S. Miller <davem@davemloft.net>
fengguang
pushed a commit
to 0day-ci/linux
that referenced
this pull request
Oct 31, 2016
WARNING: line over 80 characters torvalds#241: FILE: ipc/sem.c:815: + semop_completed |= wake_const_ops(sma, num, wake_q); WARNING: line over 80 characters torvalds#250: FILE: ipc/sem.c:826: + semop_completed |= wake_const_ops(sma, i, wake_q); WARNING: line over 80 characters torvalds#282: FILE: ipc/sem.c:857: +static int update_queue(struct sem_array *sma, int semnum, struct wake_q_head *wake_q) WARNING: line over 80 characters torvalds#344: FILE: ipc/sem.c:973: + sops[i].sem_num, wake_q); WARNING: Missing a blank line after declarations torvalds#405: FILE: ipc/sem.c:1242: + int err, val; + WAKE_Q(wake_q); WARNING: line over 80 characters torvalds#570: FILE: ipc/sem.c:1920: + * We _do_ care, nonetheless, about being awoken by a signal or spuriously. total: 0 errors, 6 warnings, 567 lines checked NOTE: For some of the reported defects, checkpatch may be able to mechanically convert to the typical style using --fix or --fix-inplace. ./patches/ipc-sem-rework-task-wakeups.patch has style problems, please review. NOTE: If any of the errors are false positives, please report them to the maintainer, see CHECKPATCH in MAINTAINERS. Please run checkpatch prior to sending patches Cc: Davidlohr Bueso <dave@stgolabs.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
fengguang
pushed a commit
to 0day-ci/linux
that referenced
this pull request
Nov 8, 2016
WARNING: line over 80 characters torvalds#241: FILE: ipc/sem.c:815: + semop_completed |= wake_const_ops(sma, num, wake_q); WARNING: line over 80 characters torvalds#250: FILE: ipc/sem.c:826: + semop_completed |= wake_const_ops(sma, i, wake_q); WARNING: line over 80 characters torvalds#282: FILE: ipc/sem.c:857: +static int update_queue(struct sem_array *sma, int semnum, struct wake_q_head *wake_q) WARNING: line over 80 characters torvalds#344: FILE: ipc/sem.c:973: + sops[i].sem_num, wake_q); WARNING: Missing a blank line after declarations torvalds#405: FILE: ipc/sem.c:1242: + int err, val; + WAKE_Q(wake_q); WARNING: line over 80 characters torvalds#570: FILE: ipc/sem.c:1920: + * We _do_ care, nonetheless, about being awoken by a signal or spuriously. total: 0 errors, 6 warnings, 567 lines checked NOTE: For some of the reported defects, checkpatch may be able to mechanically convert to the typical style using --fix or --fix-inplace. ./patches/ipc-sem-rework-task-wakeups.patch has style problems, please review. NOTE: If any of the errors are false positives, please report them to the maintainer, see CHECKPATCH in MAINTAINERS. Please run checkpatch prior to sending patches Cc: Davidlohr Bueso <dave@stgolabs.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
fengguang
pushed a commit
to 0day-ci/linux
that referenced
this pull request
Nov 9, 2016
WARNING: line over 80 characters torvalds#241: FILE: ipc/sem.c:815: + semop_completed |= wake_const_ops(sma, num, wake_q); WARNING: line over 80 characters torvalds#250: FILE: ipc/sem.c:826: + semop_completed |= wake_const_ops(sma, i, wake_q); WARNING: line over 80 characters torvalds#282: FILE: ipc/sem.c:857: +static int update_queue(struct sem_array *sma, int semnum, struct wake_q_head *wake_q) WARNING: line over 80 characters torvalds#344: FILE: ipc/sem.c:973: + sops[i].sem_num, wake_q); WARNING: Missing a blank line after declarations torvalds#405: FILE: ipc/sem.c:1242: + int err, val; + WAKE_Q(wake_q); WARNING: line over 80 characters torvalds#570: FILE: ipc/sem.c:1920: + * We _do_ care, nonetheless, about being awoken by a signal or spuriously. total: 0 errors, 6 warnings, 567 lines checked NOTE: For some of the reported defects, checkpatch may be able to mechanically convert to the typical style using --fix or --fix-inplace. ./patches/ipc-sem-rework-task-wakeups.patch has style problems, please review. NOTE: If any of the errors are false positives, please report them to the maintainer, see CHECKPATCH in MAINTAINERS. Please run checkpatch prior to sending patches Cc: Davidlohr Bueso <dave@stgolabs.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
fengguang
pushed a commit
to 0day-ci/linux
that referenced
this pull request
Nov 9, 2016
WARNING: line over 80 characters torvalds#241: FILE: ipc/sem.c:815: + semop_completed |= wake_const_ops(sma, num, wake_q); WARNING: line over 80 characters torvalds#250: FILE: ipc/sem.c:826: + semop_completed |= wake_const_ops(sma, i, wake_q); WARNING: line over 80 characters torvalds#282: FILE: ipc/sem.c:857: +static int update_queue(struct sem_array *sma, int semnum, struct wake_q_head *wake_q) WARNING: line over 80 characters torvalds#344: FILE: ipc/sem.c:973: + sops[i].sem_num, wake_q); WARNING: Missing a blank line after declarations torvalds#405: FILE: ipc/sem.c:1242: + int err, val; + WAKE_Q(wake_q); WARNING: line over 80 characters torvalds#570: FILE: ipc/sem.c:1920: + * We _do_ care, nonetheless, about being awoken by a signal or spuriously. total: 0 errors, 6 warnings, 567 lines checked NOTE: For some of the reported defects, checkpatch may be able to mechanically convert to the typical style using --fix or --fix-inplace. ./patches/ipc-sem-rework-task-wakeups.patch has style problems, please review. NOTE: If any of the errors are false positives, please report them to the maintainer, see CHECKPATCH in MAINTAINERS. Please run checkpatch prior to sending patches Cc: Davidlohr Bueso <dave@stgolabs.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
fengguang
pushed a commit
to 0day-ci/linux
that referenced
this pull request
Nov 25, 2016
WARNING: line over 80 characters torvalds#241: FILE: ipc/sem.c:815: + semop_completed |= wake_const_ops(sma, num, wake_q); WARNING: line over 80 characters torvalds#250: FILE: ipc/sem.c:826: + semop_completed |= wake_const_ops(sma, i, wake_q); WARNING: line over 80 characters torvalds#282: FILE: ipc/sem.c:857: +static int update_queue(struct sem_array *sma, int semnum, struct wake_q_head *wake_q) WARNING: line over 80 characters torvalds#344: FILE: ipc/sem.c:973: + sops[i].sem_num, wake_q); WARNING: Missing a blank line after declarations torvalds#405: FILE: ipc/sem.c:1242: + int err, val; + WAKE_Q(wake_q); WARNING: line over 80 characters torvalds#570: FILE: ipc/sem.c:1920: + * We _do_ care, nonetheless, about being awoken by a signal or spuriously. total: 0 errors, 6 warnings, 567 lines checked NOTE: For some of the reported defects, checkpatch may be able to mechanically convert to the typical style using --fix or --fix-inplace. ./patches/ipc-sem-rework-task-wakeups.patch has style problems, please review. NOTE: If any of the errors are false positives, please report them to the maintainer, see CHECKPATCH in MAINTAINERS. Please run checkpatch prior to sending patches Cc: Davidlohr Bueso <dave@stgolabs.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
fengguang
pushed a commit
to 0day-ci/linux
that referenced
this pull request
Nov 30, 2016
WARNING: line over 80 characters torvalds#241: FILE: ipc/sem.c:815: + semop_completed |= wake_const_ops(sma, num, wake_q); WARNING: line over 80 characters torvalds#250: FILE: ipc/sem.c:826: + semop_completed |= wake_const_ops(sma, i, wake_q); WARNING: line over 80 characters torvalds#282: FILE: ipc/sem.c:857: +static int update_queue(struct sem_array *sma, int semnum, struct wake_q_head *wake_q) WARNING: line over 80 characters torvalds#344: FILE: ipc/sem.c:973: + sops[i].sem_num, wake_q); WARNING: Missing a blank line after declarations torvalds#405: FILE: ipc/sem.c:1242: + int err, val; + WAKE_Q(wake_q); WARNING: line over 80 characters torvalds#570: FILE: ipc/sem.c:1920: + * We _do_ care, nonetheless, about being awoken by a signal or spuriously. total: 0 errors, 6 warnings, 567 lines checked NOTE: For some of the reported defects, checkpatch may be able to mechanically convert to the typical style using --fix or --fix-inplace. ./patches/ipc-sem-rework-task-wakeups.patch has style problems, please review. NOTE: If any of the errors are false positives, please report them to the maintainer, see CHECKPATCH in MAINTAINERS. Please run checkpatch prior to sending patches Cc: Davidlohr Bueso <dave@stgolabs.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
fengguang
pushed a commit
to 0day-ci/linux
that referenced
this pull request
Dec 2, 2016
WARNING: line over 80 characters torvalds#241: FILE: ipc/sem.c:815: + semop_completed |= wake_const_ops(sma, num, wake_q); WARNING: line over 80 characters torvalds#250: FILE: ipc/sem.c:826: + semop_completed |= wake_const_ops(sma, i, wake_q); WARNING: line over 80 characters torvalds#282: FILE: ipc/sem.c:857: +static int update_queue(struct sem_array *sma, int semnum, struct wake_q_head *wake_q) WARNING: line over 80 characters torvalds#344: FILE: ipc/sem.c:973: + sops[i].sem_num, wake_q); WARNING: Missing a blank line after declarations torvalds#405: FILE: ipc/sem.c:1242: + int err, val; + WAKE_Q(wake_q); WARNING: line over 80 characters torvalds#570: FILE: ipc/sem.c:1920: + * We _do_ care, nonetheless, about being awoken by a signal or spuriously. total: 0 errors, 6 warnings, 567 lines checked NOTE: For some of the reported defects, checkpatch may be able to mechanically convert to the typical style using --fix or --fix-inplace. ./patches/ipc-sem-rework-task-wakeups.patch has style problems, please review. NOTE: If any of the errors are false positives, please report them to the maintainer, see CHECKPATCH in MAINTAINERS. Please run checkpatch prior to sending patches Cc: Davidlohr Bueso <dave@stgolabs.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
fengguang
pushed a commit
to 0day-ci/linux
that referenced
this pull request
Dec 8, 2016
WARNING: line over 80 characters torvalds#241: FILE: ipc/sem.c:815: + semop_completed |= wake_const_ops(sma, num, wake_q); WARNING: line over 80 characters torvalds#250: FILE: ipc/sem.c:826: + semop_completed |= wake_const_ops(sma, i, wake_q); WARNING: line over 80 characters torvalds#282: FILE: ipc/sem.c:857: +static int update_queue(struct sem_array *sma, int semnum, struct wake_q_head *wake_q) WARNING: line over 80 characters torvalds#344: FILE: ipc/sem.c:973: + sops[i].sem_num, wake_q); WARNING: Missing a blank line after declarations torvalds#405: FILE: ipc/sem.c:1242: + int err, val; + WAKE_Q(wake_q); WARNING: line over 80 characters torvalds#570: FILE: ipc/sem.c:1920: + * We _do_ care, nonetheless, about being awoken by a signal or spuriously. total: 0 errors, 6 warnings, 567 lines checked NOTE: For some of the reported defects, checkpatch may be able to mechanically convert to the typical style using --fix or --fix-inplace. ./patches/ipc-sem-rework-task-wakeups.patch has style problems, please review. NOTE: If any of the errors are false positives, please report them to the maintainer, see CHECKPATCH in MAINTAINERS. Please run checkpatch prior to sending patches Cc: Davidlohr Bueso <dave@stgolabs.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
fengguang
pushed a commit
to 0day-ci/linux
that referenced
this pull request
Dec 8, 2016
WARNING: line over 80 characters torvalds#241: FILE: ipc/sem.c:815: + semop_completed |= wake_const_ops(sma, num, wake_q); WARNING: line over 80 characters torvalds#250: FILE: ipc/sem.c:826: + semop_completed |= wake_const_ops(sma, i, wake_q); WARNING: line over 80 characters torvalds#282: FILE: ipc/sem.c:857: +static int update_queue(struct sem_array *sma, int semnum, struct wake_q_head *wake_q) WARNING: line over 80 characters torvalds#344: FILE: ipc/sem.c:973: + sops[i].sem_num, wake_q); WARNING: Missing a blank line after declarations torvalds#405: FILE: ipc/sem.c:1242: + int err, val; + WAKE_Q(wake_q); WARNING: line over 80 characters torvalds#570: FILE: ipc/sem.c:1920: + * We _do_ care, nonetheless, about being awoken by a signal or spuriously. total: 0 errors, 6 warnings, 567 lines checked NOTE: For some of the reported defects, checkpatch may be able to mechanically convert to the typical style using --fix or --fix-inplace. ./patches/ipc-sem-rework-task-wakeups.patch has style problems, please review. NOTE: If any of the errors are false positives, please report them to the maintainer, see CHECKPATCH in MAINTAINERS. Please run checkpatch prior to sending patches Cc: Davidlohr Bueso <dave@stgolabs.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
fengguang
pushed a commit
to 0day-ci/linux
that referenced
this pull request
Dec 10, 2016
WARNING: line over 80 characters torvalds#241: FILE: ipc/sem.c:815: + semop_completed |= wake_const_ops(sma, num, wake_q); WARNING: line over 80 characters torvalds#250: FILE: ipc/sem.c:826: + semop_completed |= wake_const_ops(sma, i, wake_q); WARNING: line over 80 characters torvalds#282: FILE: ipc/sem.c:857: +static int update_queue(struct sem_array *sma, int semnum, struct wake_q_head *wake_q) WARNING: line over 80 characters torvalds#344: FILE: ipc/sem.c:973: + sops[i].sem_num, wake_q); WARNING: Missing a blank line after declarations torvalds#405: FILE: ipc/sem.c:1242: + int err, val; + WAKE_Q(wake_q); WARNING: line over 80 characters torvalds#570: FILE: ipc/sem.c:1920: + * We _do_ care, nonetheless, about being awoken by a signal or spuriously. total: 0 errors, 6 warnings, 567 lines checked NOTE: For some of the reported defects, checkpatch may be able to mechanically convert to the typical style using --fix or --fix-inplace. ./patches/ipc-sem-rework-task-wakeups.patch has style problems, please review. NOTE: If any of the errors are false positives, please report them to the maintainer, see CHECKPATCH in MAINTAINERS. Please run checkpatch prior to sending patches Cc: Davidlohr Bueso <dave@stgolabs.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
masahir0y
pushed a commit
to masahir0y/linux
that referenced
this pull request
Dec 12, 2016
WARNING: line over 80 characters torvalds#241: FILE: ipc/sem.c:815: + semop_completed |= wake_const_ops(sma, num, wake_q); WARNING: line over 80 characters torvalds#250: FILE: ipc/sem.c:826: + semop_completed |= wake_const_ops(sma, i, wake_q); WARNING: line over 80 characters torvalds#282: FILE: ipc/sem.c:857: +static int update_queue(struct sem_array *sma, int semnum, struct wake_q_head *wake_q) WARNING: line over 80 characters torvalds#344: FILE: ipc/sem.c:973: + sops[i].sem_num, wake_q); WARNING: Missing a blank line after declarations torvalds#405: FILE: ipc/sem.c:1242: + int err, val; + WAKE_Q(wake_q); WARNING: line over 80 characters torvalds#570: FILE: ipc/sem.c:1920: + * We _do_ care, nonetheless, about being awoken by a signal or spuriously. total: 0 errors, 6 warnings, 567 lines checked NOTE: For some of the reported defects, checkpatch may be able to mechanically convert to the typical style using --fix or --fix-inplace. ./patches/ipc-sem-rework-task-wakeups.patch has style problems, please review. NOTE: If any of the errors are false positives, please report them to the maintainer, see CHECKPATCH in MAINTAINERS. Please run checkpatch prior to sending patches Cc: Davidlohr Bueso <dave@stgolabs.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
keryell
pushed a commit
to keryell/linux
that referenced
this pull request
Feb 27, 2017
WARNING: line over 80 characters torvalds#241: FILE: ipc/sem.c:815: + semop_completed |= wake_const_ops(sma, num, wake_q); WARNING: line over 80 characters torvalds#250: FILE: ipc/sem.c:826: + semop_completed |= wake_const_ops(sma, i, wake_q); WARNING: line over 80 characters torvalds#282: FILE: ipc/sem.c:857: +static int update_queue(struct sem_array *sma, int semnum, struct wake_q_head *wake_q) WARNING: line over 80 characters torvalds#344: FILE: ipc/sem.c:973: + sops[i].sem_num, wake_q); WARNING: Missing a blank line after declarations torvalds#405: FILE: ipc/sem.c:1242: + int err, val; + WAKE_Q(wake_q); WARNING: line over 80 characters torvalds#570: FILE: ipc/sem.c:1920: + * We _do_ care, nonetheless, about being awoken by a signal or spuriously. total: 0 errors, 6 warnings, 567 lines checked NOTE: For some of the reported defects, checkpatch may be able to mechanically convert to the typical style using --fix or --fix-inplace. ./patches/ipc-sem-rework-task-wakeups.patch has style problems, please review. NOTE: If any of the errors are false positives, please report them to the maintainer, see CHECKPATCH in MAINTAINERS. Please run checkpatch prior to sending patches Cc: Davidlohr Bueso <dave@stgolabs.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
fengguang
pushed a commit
to 0day-ci/linux
that referenced
this pull request
Mar 5, 2017
Since d2852a2 ("arch: add ARCH_HAS_SET_MEMORY config") and 9d876e7 ("bpf: fix unlocking of jited image when module ronx not set") that uses the former, Fengguang reported random corruptions on his i386 test machine [1]. On i386 there is no JIT available, and since his kernel config doesn't have kernel modules enabled, there was also no DEBUG_SET_MODULE_RONX enabled before which would set interpreted bpf_prog image as read-only like we do in various other cases for quite some time now, e.g. x86_64, arm64, etc. Thus, the difference with above commits was that we now used set_memory_ro() and set_memory_rw() on i386, which resulted in these issues. When reproducing this with Fengguang's config and qemu image, I changed lib/test_bpf.c to be run during boot instead of relying on trinity to fiddle with cBPF. The issues I saw with the BPF test suite when set_memory_ro() and set_memory_rw() is used to write protect image on i386 is that after a number of tests I noticed a corruption happening in bpf_prog_realloc(). Specifically, fp_old's content gets corrupted right *after* the (unrelated) __vmalloc() call and contains only zeroes right after the call instead of the original prog data. fp_old should have been freed later on via __bpf_prog_free() *after* we copied all the data over to the newly allocated fp. Result looks like: [...] [ 13.107240] test_bpf: torvalds#249 JMP_JSET_X: if (0x3 & 0x2) return 1 jited:0 17 PASS [ 13.108182] test_bpf: torvalds#250 JMP_JSET_X: if (0x3 & 0xffffffff) return 1 jited:0 17 PASS [ 13.109206] test_bpf: torvalds#251 JMP_JA: Jump, gap, jump, ... jited:0 16 PASS [ 13.110493] test_bpf: torvalds#252 BPF_MAXINSNS: Maximum possible literals jited:0 12 PASS [ 13.111885] test_bpf: torvalds#253 BPF_MAXINSNS: Single literal jited:0 8 PASS [ 13.112804] test_bpf: torvalds#254 BPF_MAXINSNS: Run/add until end jited:0 6341 PASS [ 13.177195] test_bpf: torvalds#255 BPF_MAXINSNS: Too many instructions PASS [ 13.177689] test_bpf: torvalds#256 BPF_MAXINSNS: Very long jump jited:0 9 PASS [ 13.178611] test_bpf: torvalds#257 BPF_MAXINSNS: Ctx heavy transformations [ 13.178713] BUG: unable to handle kernel NULL pointer dereference at 00000034 [ 13.179740] IP: bpf_prog_realloc+0x5b/0x90 [ 13.180017] *pde = 00000000 [ 13.180017] [ 13.180017] Oops: 0002 [#1] DEBUG_PAGEALLOC [ 13.180017] CPU: 0 PID: 1 Comm: swapper Not tainted 4.10.0-57268-gd627975-dirty torvalds#50 [ 13.180017] task: 401ec000 task.stack: 401f2000 [ 13.180017] EIP: bpf_prog_realloc+0x5b/0x90 [ 13.180017] EFLAGS: 00210246 CPU: 0 [ 13.180017] EAX: 00000000 EBX: 57ae1000 ECX: 00000000 EDX: 57ae1000 [ 13.180017] ESI: 00000019 EDI: 57b07000 EBP: 401f3e74 ESP: 401f3e68 [ 13.180017] DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068 [ 13.180017] CR0: 80050033 CR2: 00000034 CR3: 12cb1000 CR4: 00000610 [ 13.180017] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 [ 13.180017] DR6: fffe0ff0 DR7: 00000400 [ 13.180017] Call Trace: [ 13.180017] bpf_prepare_filter+0x317/0x3a0 [ 13.180017] bpf_prog_create+0x65/0xa0 [ 13.180017] test_bpf_init+0x1ca/0x628 [ 13.180017] ? test_hexdump_init+0xb5/0xb5 [ 13.180017] do_one_initcall+0x7c/0x11c [...] When using trinity from Fengguang's reproducer, the corruptions were at inconsistent places, presumably from code dealing with allocations and seeing similar effects as mentioned above. Not using set_memory_ro() and set_memory_rw() lets the test suite run just fine as expected, thus it looks like using set_memory_*() on i386 seems broken and mentioned commits just uncovered it. Also, for checking, I enabled DEBUG_RODATA_TEST for that kernel. Latter shows that memory protecting the kernel seems not working either on i386 (!). Test suite output: [...] [ 12.692836] Write protecting the kernel text: 13416k [ 12.693309] Write protecting the kernel read-only data: 5292k [ 12.693802] rodata_test: test data was not read only [...] Work-around to not enable ARCH_HAS_SET_MEMORY for i386 is not optimal as it doesn't fix the issue in presumably broken set_memory_*(), but it at least avoids people avoid having to deal with random corruptions that are hard to track down for the time being until a real fix can be found. [1] https://lkml.org/lkml/2017/3/2/648 Reported-by: Fengguang Wu <fengguang.wu@intel.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Cc: Laura Abbott <labbott@redhat.com> Cc: Kees Cook <keescook@chromium.org> Cc: Alexei Starovoitov <ast@kernel.org>
fengguang
pushed a commit
to 0day-ci/linux
that referenced
this pull request
Apr 19, 2017
Andrey reported a fault in the IPv6 route code: kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] SMP KASAN Modules linked in: CPU: 1 PID: 4035 Comm: a.out Not tainted 4.11.0-rc7+ torvalds#250 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 task: ffff880069809600 task.stack: ffff880062dc8000 RIP: 0010:ip6_rt_cache_alloc+0xa6/0x560 net/ipv6/route.c:975 RSP: 0018:ffff880062dced30 EFLAGS: 00010206 RAX: dffffc0000000000 RBX: ffff8800670561c0 RCX: 0000000000000006 RDX: 0000000000000003 RSI: ffff880062dcfb28 RDI: 0000000000000018 RBP: ffff880062dced68 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: ffff880062dcfb28 R14: dffffc0000000000 R15: 0000000000000000 FS: 00007feebe37e7c0(0000) GS:ffff88006cb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000205a0fe4 CR3: 000000006b5c9000 CR4: 00000000000006e0 Call Trace: ip6_pol_route+0x1512/0x1f20 net/ipv6/route.c:1128 ip6_pol_route_output+0x4c/0x60 net/ipv6/route.c:1212 ... Andrey's syzkaller program passes rtmsg.rtmsg_flags with the RTF_PCPU bit set. Flags passed to the kernel are blindly copied to the allocated rt6_info by ip6_route_info_create making a newly inserted route appear as though it is a per-cpu route. ip6_rt_cache_alloc sees the flag set and expects rt->dst.from to be set - which it is not since it is not really a per-cpu copy. The subsequent call to __ip6_dst_alloc then generates the fault. Fix by checking for the flag and failing with EINVAL. Fixes: d52d399 ("ipv6: Create percpu rt6_info") Reported-by: Andrey Konovalov <andreyknvl@google.com> Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
borkmann
added a commit
to cilium/linux
that referenced
this pull request
Jul 10, 2023
Add a big batch of test coverage to assert all aspects of the tcx opts attach, detach and query API: # ./vmtest.sh -- ./test_progs -t tc_opts [...] torvalds#238 tc_opts_after:OK torvalds#239 tc_opts_append:OK torvalds#240 tc_opts_basic:OK torvalds#241 tc_opts_before:OK torvalds#242 tc_opts_chain_classic:OK torvalds#243 tc_opts_demixed:OK torvalds#244 tc_opts_detach:OK torvalds#245 tc_opts_detach_after:OK torvalds#246 tc_opts_detach_before:OK torvalds#247 tc_opts_dev_cleanup:OK torvalds#248 tc_opts_invalid:OK torvalds#249 tc_opts_mixed:OK torvalds#250 tc_opts_prepend:OK torvalds#251 tc_opts_replace:OK torvalds#252 tc_opts_revision:OK Summary: 15/0 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
borkmann
added a commit
to cilium/linux
that referenced
this pull request
Jul 11, 2023
Add a big batch of test coverage to assert all aspects of the tcx opts attach, detach and query API: # ./vmtest.sh -- ./test_progs -t tc_opts [...] torvalds#238 tc_opts_after:OK torvalds#239 tc_opts_append:OK torvalds#240 tc_opts_basic:OK torvalds#241 tc_opts_before:OK torvalds#242 tc_opts_chain_classic:OK torvalds#243 tc_opts_demixed:OK torvalds#244 tc_opts_detach:OK torvalds#245 tc_opts_detach_after:OK torvalds#246 tc_opts_detach_before:OK torvalds#247 tc_opts_dev_cleanup:OK torvalds#248 tc_opts_invalid:OK torvalds#249 tc_opts_mixed:OK torvalds#250 tc_opts_prepend:OK torvalds#251 tc_opts_replace:OK torvalds#252 tc_opts_revision:OK Summary: 15/0 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
borkmann
added a commit
to cilium/linux
that referenced
this pull request
Jul 11, 2023
Add a big batch of test coverage to assert all aspects of the tcx opts attach, detach and query API: # ./vmtest.sh -- ./test_progs -t tc_opts [...] torvalds#238 tc_opts_after:OK torvalds#239 tc_opts_append:OK torvalds#240 tc_opts_basic:OK torvalds#241 tc_opts_before:OK torvalds#242 tc_opts_chain_classic:OK torvalds#243 tc_opts_demixed:OK torvalds#244 tc_opts_detach:OK torvalds#245 tc_opts_detach_after:OK torvalds#246 tc_opts_detach_before:OK torvalds#247 tc_opts_dev_cleanup:OK torvalds#248 tc_opts_invalid:OK torvalds#249 tc_opts_mixed:OK torvalds#250 tc_opts_prepend:OK torvalds#251 tc_opts_replace:OK torvalds#252 tc_opts_revision:OK Summary: 15/0 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
borkmann
added a commit
to cilium/linux
that referenced
this pull request
Jul 11, 2023
Add a big batch of test coverage to assert all aspects of the tcx opts attach, detach and query API: # ./vmtest.sh -- ./test_progs -t tc_opts [...] torvalds#238 tc_opts_after:OK torvalds#239 tc_opts_append:OK torvalds#240 tc_opts_basic:OK torvalds#241 tc_opts_before:OK torvalds#242 tc_opts_chain_classic:OK torvalds#243 tc_opts_demixed:OK torvalds#244 tc_opts_detach:OK torvalds#245 tc_opts_detach_after:OK torvalds#246 tc_opts_detach_before:OK torvalds#247 tc_opts_dev_cleanup:OK torvalds#248 tc_opts_invalid:OK torvalds#249 tc_opts_mixed:OK torvalds#250 tc_opts_prepend:OK torvalds#251 tc_opts_replace:OK torvalds#252 tc_opts_revision:OK Summary: 15/0 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
borkmann
added a commit
to cilium/linux
that referenced
this pull request
Jul 12, 2023
Add a big batch of test coverage to assert all aspects of the tcx opts attach, detach and query API: # ./vmtest.sh -- ./test_progs -t tc_opts [...] torvalds#238 tc_opts_after:OK torvalds#239 tc_opts_append:OK torvalds#240 tc_opts_basic:OK torvalds#241 tc_opts_before:OK torvalds#242 tc_opts_chain_classic:OK torvalds#243 tc_opts_demixed:OK torvalds#244 tc_opts_detach:OK torvalds#245 tc_opts_detach_after:OK torvalds#246 tc_opts_detach_before:OK torvalds#247 tc_opts_dev_cleanup:OK torvalds#248 tc_opts_invalid:OK torvalds#249 tc_opts_mixed:OK torvalds#250 tc_opts_prepend:OK torvalds#251 tc_opts_replace:OK torvalds#252 tc_opts_revision:OK Summary: 15/0 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
borkmann
added a commit
to cilium/linux
that referenced
this pull request
Jul 13, 2023
Add a big batch of test coverage to assert all aspects of the tcx opts attach, detach and query API: # ./vmtest.sh -- ./test_progs -t tc_opts [...] torvalds#238 tc_opts_after:OK torvalds#239 tc_opts_append:OK torvalds#240 tc_opts_basic:OK torvalds#241 tc_opts_before:OK torvalds#242 tc_opts_chain_classic:OK torvalds#243 tc_opts_demixed:OK torvalds#244 tc_opts_detach:OK torvalds#245 tc_opts_detach_after:OK torvalds#246 tc_opts_detach_before:OK torvalds#247 tc_opts_dev_cleanup:OK torvalds#248 tc_opts_invalid:OK torvalds#249 tc_opts_mixed:OK torvalds#250 tc_opts_prepend:OK torvalds#251 tc_opts_replace:OK torvalds#252 tc_opts_revision:OK Summary: 15/0 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
borkmann
added a commit
to cilium/linux
that referenced
this pull request
Jul 13, 2023
Add a big batch of test coverage to assert all aspects of the tcx opts attach, detach and query API: # ./vmtest.sh -- ./test_progs -t tc_opts [...] torvalds#238 tc_opts_after:OK torvalds#239 tc_opts_append:OK torvalds#240 tc_opts_basic:OK torvalds#241 tc_opts_before:OK torvalds#242 tc_opts_chain_classic:OK torvalds#243 tc_opts_demixed:OK torvalds#244 tc_opts_detach:OK torvalds#245 tc_opts_detach_after:OK torvalds#246 tc_opts_detach_before:OK torvalds#247 tc_opts_dev_cleanup:OK torvalds#248 tc_opts_invalid:OK torvalds#249 tc_opts_mixed:OK torvalds#250 tc_opts_prepend:OK torvalds#251 tc_opts_replace:OK torvalds#252 tc_opts_revision:OK Summary: 15/0 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
borkmann
added a commit
to cilium/linux
that referenced
this pull request
Jul 13, 2023
Add a big batch of test coverage to assert all aspects of the tcx opts attach, detach and query API: # ./vmtest.sh -- ./test_progs -t tc_opts [...] torvalds#238 tc_opts_after:OK torvalds#239 tc_opts_append:OK torvalds#240 tc_opts_basic:OK torvalds#241 tc_opts_before:OK torvalds#242 tc_opts_chain_classic:OK torvalds#243 tc_opts_demixed:OK torvalds#244 tc_opts_detach:OK torvalds#245 tc_opts_detach_after:OK torvalds#246 tc_opts_detach_before:OK torvalds#247 tc_opts_dev_cleanup:OK torvalds#248 tc_opts_invalid:OK torvalds#249 tc_opts_mixed:OK torvalds#250 tc_opts_prepend:OK torvalds#251 tc_opts_replace:OK torvalds#252 tc_opts_revision:OK Summary: 15/0 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
borkmann
added a commit
to cilium/linux
that referenced
this pull request
Jul 13, 2023
Add a big batch of test coverage to assert all aspects of the tcx opts attach, detach and query API: # ./vmtest.sh -- ./test_progs -t tc_opts [...] torvalds#238 tc_opts_after:OK torvalds#239 tc_opts_append:OK torvalds#240 tc_opts_basic:OK torvalds#241 tc_opts_before:OK torvalds#242 tc_opts_chain_classic:OK torvalds#243 tc_opts_demixed:OK torvalds#244 tc_opts_detach:OK torvalds#245 tc_opts_detach_after:OK torvalds#246 tc_opts_detach_before:OK torvalds#247 tc_opts_dev_cleanup:OK torvalds#248 tc_opts_invalid:OK torvalds#249 tc_opts_mixed:OK torvalds#250 tc_opts_prepend:OK torvalds#251 tc_opts_replace:OK torvalds#252 tc_opts_revision:OK Summary: 15/0 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
borkmann
added a commit
to cilium/linux
that referenced
this pull request
Jul 14, 2023
Add a big batch of test coverage to assert all aspects of the tcx opts attach, detach and query API: # ./vmtest.sh -- ./test_progs -t tc_opts [...] torvalds#238 tc_opts_after:OK torvalds#239 tc_opts_append:OK torvalds#240 tc_opts_basic:OK torvalds#241 tc_opts_before:OK torvalds#242 tc_opts_chain_classic:OK torvalds#243 tc_opts_demixed:OK torvalds#244 tc_opts_detach:OK torvalds#245 tc_opts_detach_after:OK torvalds#246 tc_opts_detach_before:OK torvalds#247 tc_opts_dev_cleanup:OK torvalds#248 tc_opts_invalid:OK torvalds#249 tc_opts_mixed:OK torvalds#250 tc_opts_prepend:OK torvalds#251 tc_opts_replace:OK torvalds#252 tc_opts_revision:OK Summary: 15/0 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
borkmann
added a commit
to cilium/linux
that referenced
this pull request
Jul 14, 2023
Add a big batch of test coverage to assert all aspects of the tcx opts attach, detach and query API: # ./vmtest.sh -- ./test_progs -t tc_opts [...] torvalds#238 tc_opts_after:OK torvalds#239 tc_opts_append:OK torvalds#240 tc_opts_basic:OK torvalds#241 tc_opts_before:OK torvalds#242 tc_opts_chain_classic:OK torvalds#243 tc_opts_demixed:OK torvalds#244 tc_opts_detach:OK torvalds#245 tc_opts_detach_after:OK torvalds#246 tc_opts_detach_before:OK torvalds#247 tc_opts_dev_cleanup:OK torvalds#248 tc_opts_invalid:OK torvalds#249 tc_opts_mixed:OK torvalds#250 tc_opts_prepend:OK torvalds#251 tc_opts_replace:OK torvalds#252 tc_opts_revision:OK Summary: 15/0 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
borkmann
added a commit
to cilium/linux
that referenced
this pull request
Jul 14, 2023
Add a big batch of test coverage to assert all aspects of the tcx opts attach, detach and query API: # ./vmtest.sh -- ./test_progs -t tc_opts [...] torvalds#238 tc_opts_after:OK torvalds#239 tc_opts_append:OK torvalds#240 tc_opts_basic:OK torvalds#241 tc_opts_before:OK torvalds#242 tc_opts_chain_classic:OK torvalds#243 tc_opts_demixed:OK torvalds#244 tc_opts_detach:OK torvalds#245 tc_opts_detach_after:OK torvalds#246 tc_opts_detach_before:OK torvalds#247 tc_opts_dev_cleanup:OK torvalds#248 tc_opts_invalid:OK torvalds#249 tc_opts_mixed:OK torvalds#250 tc_opts_prepend:OK torvalds#251 tc_opts_replace:OK torvalds#252 tc_opts_revision:OK Summary: 15/0 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
borkmann
added a commit
to cilium/linux
that referenced
this pull request
Jul 19, 2023
Add a big batch of test coverage to assert all aspects of the tcx opts attach, detach and query API: # ./vmtest.sh -- ./test_progs -t tc_opts [...] torvalds#238 tc_opts_after:OK torvalds#239 tc_opts_append:OK torvalds#240 tc_opts_basic:OK torvalds#241 tc_opts_before:OK torvalds#242 tc_opts_chain_classic:OK torvalds#243 tc_opts_demixed:OK torvalds#244 tc_opts_detach:OK torvalds#245 tc_opts_detach_after:OK torvalds#246 tc_opts_detach_before:OK torvalds#247 tc_opts_dev_cleanup:OK torvalds#248 tc_opts_invalid:OK torvalds#249 tc_opts_mixed:OK torvalds#250 tc_opts_prepend:OK torvalds#251 tc_opts_replace:OK torvalds#252 tc_opts_revision:OK Summary: 15/0 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
intel-lab-lkp
pushed a commit
to intel-lab-lkp/linux
that referenced
this pull request
Jul 19, 2023
Add a big batch of test coverage to assert all aspects of the tcx opts attach, detach and query API: # ./vmtest.sh -- ./test_progs -t tc_opts [...] torvalds#238 tc_opts_after:OK torvalds#239 tc_opts_append:OK torvalds#240 tc_opts_basic:OK torvalds#241 tc_opts_before:OK torvalds#242 tc_opts_chain_classic:OK torvalds#243 tc_opts_demixed:OK torvalds#244 tc_opts_detach:OK torvalds#245 tc_opts_detach_after:OK torvalds#246 tc_opts_detach_before:OK torvalds#247 tc_opts_dev_cleanup:OK torvalds#248 tc_opts_invalid:OK torvalds#249 tc_opts_mixed:OK torvalds#250 tc_opts_prepend:OK torvalds#251 tc_opts_replace:OK torvalds#252 tc_opts_revision:OK Summary: 15/0 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Link: https://lore.kernel.org/r/20230719140858.13224-8-daniel@iogearbox.net Signed-off-by: Alexei Starovoitov <ast@kernel.org>
intel-lab-lkp
pushed a commit
to intel-lab-lkp/linux
that referenced
this pull request
Aug 4, 2023
Add a detachment test case with miniq present to assert that with and without the miniq we get the same error. # ./test_progs -t tc_opts torvalds#244 tc_opts_after:OK torvalds#245 tc_opts_append:OK torvalds#246 tc_opts_basic:OK torvalds#247 tc_opts_before:OK torvalds#248 tc_opts_chain_classic:OK torvalds#249 tc_opts_delete_empty:OK torvalds#250 tc_opts_demixed:OK torvalds#251 tc_opts_detach:OK torvalds#252 tc_opts_detach_after:OK torvalds#253 tc_opts_detach_before:OK torvalds#254 tc_opts_dev_cleanup:OK torvalds#255 tc_opts_invalid:OK torvalds#256 tc_opts_mixed:OK torvalds#257 tc_opts_prepend:OK torvalds#258 tc_opts_replace:OK torvalds#259 tc_opts_revision:OK Summary: 16/0 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
intel-lab-lkp
pushed a commit
to intel-lab-lkp/linux
that referenced
this pull request
Aug 4, 2023
Add a detachment test case with miniq present to assert that with and without the miniq we get the same error. # ./test_progs -t tc_opts torvalds#244 tc_opts_after:OK torvalds#245 tc_opts_append:OK torvalds#246 tc_opts_basic:OK torvalds#247 tc_opts_before:OK torvalds#248 tc_opts_chain_classic:OK torvalds#249 tc_opts_delete_empty:OK torvalds#250 tc_opts_demixed:OK torvalds#251 tc_opts_detach:OK torvalds#252 tc_opts_detach_after:OK torvalds#253 tc_opts_detach_before:OK torvalds#254 tc_opts_dev_cleanup:OK torvalds#255 tc_opts_invalid:OK torvalds#256 tc_opts_mixed:OK torvalds#257 tc_opts_prepend:OK torvalds#258 tc_opts_replace:OK torvalds#259 tc_opts_revision:OK Summary: 16/0 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Link: https://lore.kernel.org/r/20230804131112.11012-2-daniel@iogearbox.net Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
borkmann
added a commit
to cilium/linux
that referenced
this pull request
Aug 14, 2023
[...] torvalds#234 tc_links_after:OK torvalds#235 tc_links_append:OK torvalds#236 tc_links_basic:OK torvalds#237 tc_links_before:OK torvalds#238 tc_links_chain_classic:OK torvalds#239 tc_links_chain_mixed:OK torvalds#240 tc_links_dev_cleanup:OK torvalds#241 tc_links_ingress:OK torvalds#242 tc_links_invalid:OK torvalds#243 tc_links_prepend:OK torvalds#244 tc_links_replace:OK torvalds#245 tc_links_revision:OK torvalds#246 tc_opts_after:OK torvalds#247 tc_opts_append:OK torvalds#248 tc_opts_basic:OK torvalds#249 tc_opts_before:OK torvalds#250 tc_opts_chain_classic:OK torvalds#251 tc_opts_chain_mixed:OK torvalds#252 tc_opts_delete_empty:OK torvalds#253 tc_opts_demixed:OK torvalds#254 tc_opts_detach:OK torvalds#255 tc_opts_detach_after:OK torvalds#256 tc_opts_detach_before:OK torvalds#257 tc_opts_dev_cleanup:OK torvalds#258 tc_opts_invalid:OK torvalds#259 tc_opts_mixed:OK torvalds#260 tc_opts_prepend:OK torvalds#261 tc_opts_replace:OK torvalds#262 tc_opts_revision:OK [...] Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
borkmann
added a commit
to cilium/linux
that referenced
this pull request
Aug 14, 2023
Add several new tcx test cases to improve test coverage. This also includes a few new tests with ingress instead of clsact qdisc, to cover the fix from commit dc644b5 ("tcx: Fix splat in ingress_destroy upon tcx_entry_free"). # ./test_progs -t tc [...] torvalds#234 tc_links_after:OK torvalds#235 tc_links_append:OK torvalds#236 tc_links_basic:OK torvalds#237 tc_links_before:OK torvalds#238 tc_links_chain_classic:OK torvalds#239 tc_links_chain_mixed:OK torvalds#240 tc_links_dev_cleanup:OK torvalds#241 tc_links_dev_mixed:OK torvalds#242 tc_links_ingress:OK torvalds#243 tc_links_invalid:OK torvalds#244 tc_links_prepend:OK torvalds#245 tc_links_replace:OK torvalds#246 tc_links_revision:OK torvalds#247 tc_opts_after:OK torvalds#248 tc_opts_append:OK torvalds#249 tc_opts_basic:OK torvalds#250 tc_opts_before:OK torvalds#251 tc_opts_chain_classic:OK torvalds#252 tc_opts_chain_mixed:OK torvalds#253 tc_opts_delete_empty:OK torvalds#254 tc_opts_demixed:OK torvalds#255 tc_opts_detach:OK torvalds#256 tc_opts_detach_after:OK torvalds#257 tc_opts_detach_before:OK torvalds#258 tc_opts_dev_cleanup:OK torvalds#259 tc_opts_invalid:OK torvalds#260 tc_opts_mixed:OK torvalds#261 tc_opts_prepend:OK torvalds#262 tc_opts_replace:OK torvalds#263 tc_opts_revision:OK [...] Summary: 44/38 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
intel-lab-lkp
pushed a commit
to intel-lab-lkp/linux
that referenced
this pull request
Aug 15, 2023
Add several new tcx test cases to improve test coverage. This also includes a few new tests with ingress instead of clsact qdisc, to cover the fix from commit dc644b5 ("tcx: Fix splat in ingress_destroy upon tcx_entry_free"). # ./test_progs -t tc [...] torvalds#234 tc_links_after:OK torvalds#235 tc_links_append:OK torvalds#236 tc_links_basic:OK torvalds#237 tc_links_before:OK torvalds#238 tc_links_chain_classic:OK torvalds#239 tc_links_chain_mixed:OK torvalds#240 tc_links_dev_cleanup:OK torvalds#241 tc_links_dev_mixed:OK torvalds#242 tc_links_ingress:OK torvalds#243 tc_links_invalid:OK torvalds#244 tc_links_prepend:OK torvalds#245 tc_links_replace:OK torvalds#246 tc_links_revision:OK torvalds#247 tc_opts_after:OK torvalds#248 tc_opts_append:OK torvalds#249 tc_opts_basic:OK torvalds#250 tc_opts_before:OK torvalds#251 tc_opts_chain_classic:OK torvalds#252 tc_opts_chain_mixed:OK torvalds#253 tc_opts_delete_empty:OK torvalds#254 tc_opts_demixed:OK torvalds#255 tc_opts_detach:OK torvalds#256 tc_opts_detach_after:OK torvalds#257 tc_opts_detach_before:OK torvalds#258 tc_opts_dev_cleanup:OK torvalds#259 tc_opts_invalid:OK torvalds#260 tc_opts_mixed:OK torvalds#261 tc_opts_prepend:OK torvalds#262 tc_opts_replace:OK torvalds#263 tc_opts_revision:OK [...] Summary: 44/38 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Link: https://lore.kernel.org/r/8699efc284b75ccdc51ddf7062fa2370330dc6c0.1692029283.git.daniel@iogearbox.net Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Ablu
pushed a commit
to Ablu/linux
that referenced
this pull request
Aug 29, 2023
When kernel booting, mount_block_root will be called to judge the filesystem type of root device. Then .mount function in file_system_type structure will do the check operation. But yaffs filesystem has a relaxed examination because as a filesystem for NAND Flash, it doesn't examinate whether the root device is the MTD NAND device. This results that yaffs filesystem will do mount operation even though the root device is a MMC card with a btrfs filesystem, and will crash kernel after mounting failed. The crash log is as below: md: Waiting for all devices to be available before autodetect md: If you don't use raid, use raid=noautodetect md: Autodetecting RAID arrays. md: autorun ... md: ... autorun DONE. yaffs: dev is 187695107 name is "mmcblk0p3" rw yaffs: passed flags "" yaffs: dev is 187695107 name is "mmcblk0p3" rw yaffs: passed flags "" ------------[ cut here ]------------ kernel BUG at fs/yaffs2/yaffs_getblockinfo.h:30! Internal error: Oops - BUG: 0 [#1] PREEMPT SMP Modules linked in: CPU: 3 PID: 1 Comm: swapper/0 Not tainted 5.2.24-yocto-standard+ torvalds#250 Hardware name: ZynqMP ZCU102 Rev1.0 (DT) pstate: 80000005 (Nzcv daif -PAN -UAO) pc : yaffs_rd_chunk_tags_nand+0xf0/0x110 lr : yaffs_rd_chunk_tags_nand+0x108/0x110 sp : ffffff801003b770 x29: ffffff801003b770 x28: ffffffc876fe8000 x27: 00000000000c0000 x26: 0000000000000000 x25: 00000000ffffffe1 x24: 0000000000010000 x23: 0000000000000000 x22: ffffff8011228000 x21: 000000000000005f x20: ffffff801003b890 x19: ffffffc876fe8000 x18: ffffffffffffffff x17: 0000000000000000 x16: 0000000000000000 x15: ffffff80112285c8 x14: ffffff801137d228 x13: ffffff801137ce74 x12: ffffff8011246000 x11: 0000000000000000 x10: ffffff801137c000 x9 : 0000000000000000 x8 : 0000000000000007 x7 : 000000000000015c x6 : ffffff801137c490 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 00000000ffffffff x2 : 50c80792e0663400 x1 : 0000000000000000 x0 : 0000000000000037 Call trace: yaffs_rd_chunk_tags_nand+0xf0/0x110 yaffs_summary_read+0x10c/0x2e0 yaffs2_scan_backwards+0x28c/0xf58 yaffs_guts_initialise+0x71c/0x7a0 yaffs_internal_read_super.isra.20+0x4ec/0x838 yaffs2_internal_read_super_mtd+0x2c/0x48 mount_bdev+0x1a4/0x1e0 yaffs2_mount+0x44/0x58 legacy_get_tree+0x34/0x60 vfs_get_tree+0x34/0x120 do_mount+0x708/0x980 ksys_mount+0x9c/0x110 mount_block_root+0x128/0x29c mount_root+0x148/0x17c prepare_namespace+0x178/0x1c0 kernel_init_freeable+0x370/0x390 kernel_init+0x18/0x110 ret_from_fork+0x10/0x1c Code: d65f03c0 f00069c0 b9440400 37f00060 (d4210000) ---[ end trace 68aa0995bdf59f76 ]--- BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:34 in_atomic(): 1, irqs_disabled(): 128, pid: 1, name: swapper/0 Preemption disabled at: [<ffffff80100a4598>] debug_exception_enter+0x30/0x40 CPU: 3 PID: 1 Comm: swapper/0 Tainted: G D 5.2.24-yocto-standard+ torvalds#250 Hardware name: ZynqMP ZCU102 Rev1.0 (DT) Call trace: dump_backtrace+0x0/0x148 show_stack+0x24/0x30 dump_stack+0x98/0xbc ___might_sleep+0x130/0x188 __might_sleep+0x58/0x90 exit_signals+0x44/0x258 do_exit+0xb4/0xa38 die+0x1bc/0x1e0 bug_handler+0x48/0x98 call_break_hook+0x7c/0xa8 brk_handler+0x28/0x68 do_debug_exception+0xc4/0x188 el1_dbg+0x18/0x8c yaffs_rd_chunk_tags_nand+0xf0/0x110 yaffs_summary_read+0x10c/0x2e0 yaffs2_scan_backwards+0x28c/0xf58 yaffs_guts_initialise+0x71c/0x7a0 yaffs_internal_read_super.isra.20+0x4ec/0x838 yaffs2_internal_read_super_mtd+0x2c/0x48 mount_bdev+0x1a4/0x1e0 yaffs2_mount+0x44/0x58 legacy_get_tree+0x34/0x60 vfs_get_tree+0x34/0x120 do_mount+0x708/0x980 ksys_mount+0x9c/0x110 mount_block_root+0x128/0x29c mount_root+0x148/0x17c prepare_namespace+0x178/0x1c0 kernel_init_freeable+0x370/0x390 kernel_init+0x18/0x110 ret_from_fork+0x10/0x1c note: swapper/0[1] exited with preempt_count 1 Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b SMP: stopping secondary CPUs Kernel Offset: disabled CPU features: 0x0002,20002004 Memory Limit: none ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]--- Use yaffs_get_mtd_device to add strict check. Signed-off-by: Quanyang Wang <quanyang.wang@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
RadxaStephen
pushed a commit
to RadxaStephen/linux
that referenced
this pull request
Dec 23, 2023
When kernel booting, mount_block_root will be called to judge the filesystem type of root device. Then .mount function in file_system_type structure will do the check operation. But yaffs filesystem has a relaxed examination because as a filesystem for NAND Flash, it doesn't examinate whether the root device is the MTD NAND device. This results that yaffs filesystem will do mount operation even though the root device is a MMC card with a btrfs filesystem, and will crash kernel after mounting failed. The crash log is as below: md: Waiting for all devices to be available before autodetect md: If you don't use raid, use raid=noautodetect md: Autodetecting RAID arrays. md: autorun ... md: ... autorun DONE. yaffs: dev is 187695107 name is "mmcblk0p3" rw yaffs: passed flags "" yaffs: dev is 187695107 name is "mmcblk0p3" rw yaffs: passed flags "" ------------[ cut here ]------------ kernel BUG at fs/yaffs2/yaffs_getblockinfo.h:30! Internal error: Oops - BUG: 0 [#1] PREEMPT SMP Modules linked in: CPU: 3 PID: 1 Comm: swapper/0 Not tainted 5.2.24-yocto-standard+ torvalds#250 Hardware name: ZynqMP ZCU102 Rev1.0 (DT) pstate: 80000005 (Nzcv daif -PAN -UAO) pc : yaffs_rd_chunk_tags_nand+0xf0/0x110 lr : yaffs_rd_chunk_tags_nand+0x108/0x110 sp : ffffff801003b770 x29: ffffff801003b770 x28: ffffffc876fe8000 x27: 00000000000c0000 x26: 0000000000000000 x25: 00000000ffffffe1 x24: 0000000000010000 x23: 0000000000000000 x22: ffffff8011228000 x21: 000000000000005f x20: ffffff801003b890 x19: ffffffc876fe8000 x18: ffffffffffffffff x17: 0000000000000000 x16: 0000000000000000 x15: ffffff80112285c8 x14: ffffff801137d228 x13: ffffff801137ce74 x12: ffffff8011246000 x11: 0000000000000000 x10: ffffff801137c000 x9 : 0000000000000000 x8 : 0000000000000007 x7 : 000000000000015c x6 : ffffff801137c490 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 00000000ffffffff x2 : 50c80792e0663400 x1 : 0000000000000000 x0 : 0000000000000037 Call trace: yaffs_rd_chunk_tags_nand+0xf0/0x110 yaffs_summary_read+0x10c/0x2e0 yaffs2_scan_backwards+0x28c/0xf58 yaffs_guts_initialise+0x71c/0x7a0 yaffs_internal_read_super.isra.20+0x4ec/0x838 yaffs2_internal_read_super_mtd+0x2c/0x48 mount_bdev+0x1a4/0x1e0 yaffs2_mount+0x44/0x58 legacy_get_tree+0x34/0x60 vfs_get_tree+0x34/0x120 do_mount+0x708/0x980 ksys_mount+0x9c/0x110 mount_block_root+0x128/0x29c mount_root+0x148/0x17c prepare_namespace+0x178/0x1c0 kernel_init_freeable+0x370/0x390 kernel_init+0x18/0x110 ret_from_fork+0x10/0x1c Code: d65f03c0 f00069c0 b9440400 37f00060 (d4210000) ---[ end trace 68aa0995bdf59f76 ]--- BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:34 in_atomic(): 1, irqs_disabled(): 128, pid: 1, name: swapper/0 Preemption disabled at: [<ffffff80100a4598>] debug_exception_enter+0x30/0x40 CPU: 3 PID: 1 Comm: swapper/0 Tainted: G D 5.2.24-yocto-standard+ torvalds#250 Hardware name: ZynqMP ZCU102 Rev1.0 (DT) Call trace: dump_backtrace+0x0/0x148 show_stack+0x24/0x30 dump_stack+0x98/0xbc ___might_sleep+0x130/0x188 __might_sleep+0x58/0x90 exit_signals+0x44/0x258 do_exit+0xb4/0xa38 die+0x1bc/0x1e0 bug_handler+0x48/0x98 call_break_hook+0x7c/0xa8 brk_handler+0x28/0x68 do_debug_exception+0xc4/0x188 el1_dbg+0x18/0x8c yaffs_rd_chunk_tags_nand+0xf0/0x110 yaffs_summary_read+0x10c/0x2e0 yaffs2_scan_backwards+0x28c/0xf58 yaffs_guts_initialise+0x71c/0x7a0 yaffs_internal_read_super.isra.20+0x4ec/0x838 yaffs2_internal_read_super_mtd+0x2c/0x48 mount_bdev+0x1a4/0x1e0 yaffs2_mount+0x44/0x58 legacy_get_tree+0x34/0x60 vfs_get_tree+0x34/0x120 do_mount+0x708/0x980 ksys_mount+0x9c/0x110 mount_block_root+0x128/0x29c mount_root+0x148/0x17c prepare_namespace+0x178/0x1c0 kernel_init_freeable+0x370/0x390 kernel_init+0x18/0x110 ret_from_fork+0x10/0x1c note: swapper/0[1] exited with preempt_count 1 Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b SMP: stopping secondary CPUs Kernel Offset: disabled CPU features: 0x0002,20002004 Memory Limit: none ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]--- Use yaffs_get_mtd_device to add strict check. Signed-off-by: Quanyang Wang <quanyang.wang@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
easybe
pushed a commit
to husqvarnagroup/linux
that referenced
this pull request
Mar 21, 2024
When kernel booting, mount_block_root will be called to judge the filesystem type of root device. Then .mount function in file_system_type structure will do the check operation. But yaffs filesystem has a relaxed examination because as a filesystem for NAND Flash, it doesn't examinate whether the root device is the MTD NAND device. This results that yaffs filesystem will do mount operation even though the root device is a MMC card with a btrfs filesystem, and will crash kernel after mounting failed. The crash log is as below: md: Waiting for all devices to be available before autodetect md: If you don't use raid, use raid=noautodetect md: Autodetecting RAID arrays. md: autorun ... md: ... autorun DONE. yaffs: dev is 187695107 name is "mmcblk0p3" rw yaffs: passed flags "" yaffs: dev is 187695107 name is "mmcblk0p3" rw yaffs: passed flags "" ------------[ cut here ]------------ kernel BUG at fs/yaffs2/yaffs_getblockinfo.h:30! Internal error: Oops - BUG: 0 [#1] PREEMPT SMP Modules linked in: CPU: 3 PID: 1 Comm: swapper/0 Not tainted 5.2.24-yocto-standard+ torvalds#250 Hardware name: ZynqMP ZCU102 Rev1.0 (DT) pstate: 80000005 (Nzcv daif -PAN -UAO) pc : yaffs_rd_chunk_tags_nand+0xf0/0x110 lr : yaffs_rd_chunk_tags_nand+0x108/0x110 sp : ffffff801003b770 x29: ffffff801003b770 x28: ffffffc876fe8000 x27: 00000000000c0000 x26: 0000000000000000 x25: 00000000ffffffe1 x24: 0000000000010000 x23: 0000000000000000 x22: ffffff8011228000 x21: 000000000000005f x20: ffffff801003b890 x19: ffffffc876fe8000 x18: ffffffffffffffff x17: 0000000000000000 x16: 0000000000000000 x15: ffffff80112285c8 x14: ffffff801137d228 x13: ffffff801137ce74 x12: ffffff8011246000 x11: 0000000000000000 x10: ffffff801137c000 x9 : 0000000000000000 x8 : 0000000000000007 x7 : 000000000000015c x6 : ffffff801137c490 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 00000000ffffffff x2 : 50c80792e0663400 x1 : 0000000000000000 x0 : 0000000000000037 Call trace: yaffs_rd_chunk_tags_nand+0xf0/0x110 yaffs_summary_read+0x10c/0x2e0 yaffs2_scan_backwards+0x28c/0xf58 yaffs_guts_initialise+0x71c/0x7a0 yaffs_internal_read_super.isra.20+0x4ec/0x838 yaffs2_internal_read_super_mtd+0x2c/0x48 mount_bdev+0x1a4/0x1e0 yaffs2_mount+0x44/0x58 legacy_get_tree+0x34/0x60 vfs_get_tree+0x34/0x120 do_mount+0x708/0x980 ksys_mount+0x9c/0x110 mount_block_root+0x128/0x29c mount_root+0x148/0x17c prepare_namespace+0x178/0x1c0 kernel_init_freeable+0x370/0x390 kernel_init+0x18/0x110 ret_from_fork+0x10/0x1c Code: d65f03c0 f00069c0 b9440400 37f00060 (d4210000) ---[ end trace 68aa0995bdf59f76 ]--- BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:34 in_atomic(): 1, irqs_disabled(): 128, pid: 1, name: swapper/0 Preemption disabled at: [<ffffff80100a4598>] debug_exception_enter+0x30/0x40 CPU: 3 PID: 1 Comm: swapper/0 Tainted: G D 5.2.24-yocto-standard+ torvalds#250 Hardware name: ZynqMP ZCU102 Rev1.0 (DT) Call trace: dump_backtrace+0x0/0x148 show_stack+0x24/0x30 dump_stack+0x98/0xbc ___might_sleep+0x130/0x188 __might_sleep+0x58/0x90 exit_signals+0x44/0x258 do_exit+0xb4/0xa38 die+0x1bc/0x1e0 bug_handler+0x48/0x98 call_break_hook+0x7c/0xa8 brk_handler+0x28/0x68 do_debug_exception+0xc4/0x188 el1_dbg+0x18/0x8c yaffs_rd_chunk_tags_nand+0xf0/0x110 yaffs_summary_read+0x10c/0x2e0 yaffs2_scan_backwards+0x28c/0xf58 yaffs_guts_initialise+0x71c/0x7a0 yaffs_internal_read_super.isra.20+0x4ec/0x838 yaffs2_internal_read_super_mtd+0x2c/0x48 mount_bdev+0x1a4/0x1e0 yaffs2_mount+0x44/0x58 legacy_get_tree+0x34/0x60 vfs_get_tree+0x34/0x120 do_mount+0x708/0x980 ksys_mount+0x9c/0x110 mount_block_root+0x128/0x29c mount_root+0x148/0x17c prepare_namespace+0x178/0x1c0 kernel_init_freeable+0x370/0x390 kernel_init+0x18/0x110 ret_from_fork+0x10/0x1c note: swapper/0[1] exited with preempt_count 1 Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b SMP: stopping secondary CPUs Kernel Offset: disabled CPU features: 0x0002,20002004 Memory Limit: none ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]--- Use yaffs_get_mtd_device to add strict check. Signed-off-by: Quanyang Wang <quanyang.wang@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
intel-lab-lkp
pushed a commit
to intel-lab-lkp/linux
that referenced
this pull request
Jun 4, 2024
If 'info->screen_buffer' locates in vmalloc address space, virt_to_page will not be able to get correct results. With CONFIG_DEBUG_VM and CONFIG_DEBUG_VIRTUAL enabled on ARM64, there is dump below: [ 3.536043] ------------[ cut here ]------------ [ 3.540716] virt_to_phys used for non-linear address: 000000007fc4f540 (0xffff800086001000) [ 3.552628] WARNING: CPU: 4 PID: 61 at arch/arm64/mm/physaddr.c:12 __virt_to_phys+0x68/0x98 [ 3.565455] Modules linked in: [ 3.568525] CPU: 4 PID: 61 Comm: kworker/u12:5 Not tainted 6.6.23-06226-g4986cc3e1b75-dirty torvalds#250 [ 3.577310] Hardware name: NXP i.MX95 19X19 board (DT) [ 3.582452] Workqueue: events_unbound deferred_probe_work_func [ 3.588291] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 3.595233] pc : __virt_to_phys+0x68/0x98 [ 3.599246] lr : __virt_to_phys+0x68/0x98 [ 3.603276] sp : ffff800083603990 [ 3.677939] Call trace: [ 3.680393] __virt_to_phys+0x68/0x98 [ 3.684067] drm_fbdev_dma_helper_fb_probe+0x138/0x238 [ 3.689214] __drm_fb_helper_initial_config_and_unlock+0x2b0/0x4c0 [ 3.695385] drm_fb_helper_initial_config+0x4c/0x68 [ 3.700264] drm_fbdev_dma_client_hotplug+0x8c/0xe0 [ 3.705161] drm_client_register+0x60/0xb0 [ 3.709269] drm_fbdev_dma_setup+0x94/0x148 So add a check 'is_vmalloc_addr'. Fixes: b79fe9a ("drm/fbdev-dma: Implement fbdev emulation for GEM DMA helpers") Signed-off-by: Peng Fan <peng.fan@nxp.com>
JIaxyga
pushed a commit
to sm7150-mainline/linux
that referenced
this pull request
Jun 20, 2024
Only export struct fb_info.fix.smem_start if that is required by the user and the memory does not come from vmalloc(). Setting struct fb_info.fix.smem_start breaks systems where DMA memory is backed by vmalloc address space. An example error is shown below. [ 3.536043] ------------[ cut here ]------------ [ 3.540716] virt_to_phys used for non-linear address: 000000007fc4f540 (0xffff800086001000) [ 3.552628] WARNING: CPU: 4 PID: 61 at arch/arm64/mm/physaddr.c:12 __virt_to_phys+0x68/0x98 [ 3.565455] Modules linked in: [ 3.568525] CPU: 4 PID: 61 Comm: kworker/u12:5 Not tainted 6.6.23-06226-g4986cc3e1b75-dirty torvalds#250 [ 3.577310] Hardware name: NXP i.MX95 19X19 board (DT) [ 3.582452] Workqueue: events_unbound deferred_probe_work_func [ 3.588291] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 3.595233] pc : __virt_to_phys+0x68/0x98 [ 3.599246] lr : __virt_to_phys+0x68/0x98 [ 3.603276] sp : ffff800083603990 [ 3.677939] Call trace: [ 3.680393] __virt_to_phys+0x68/0x98 [ 3.684067] drm_fbdev_dma_helper_fb_probe+0x138/0x238 [ 3.689214] __drm_fb_helper_initial_config_and_unlock+0x2b0/0x4c0 [ 3.695385] drm_fb_helper_initial_config+0x4c/0x68 [ 3.700264] drm_fbdev_dma_client_hotplug+0x8c/0xe0 [ 3.705161] drm_client_register+0x60/0xb0 [ 3.709269] drm_fbdev_dma_setup+0x94/0x148 Additionally, DMA memory is assumed to by contiguous in physical address space, which is not guaranteed by vmalloc(). Resolve this by checking the module flag drm_leak_fbdev_smem when DRM allocated the instance of struct fb_info. Fbdev-dma then only sets smem_start only if required (via FBINFO_HIDE_SMEM_START). Also guarantee that the framebuffer is not located in vmalloc address space. Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de> Reported-by: Peng Fan (OSS) <peng.fan@oss.nxp.com> Closes: https://lore.kernel.org/dri-devel/20240604080328.4024838-1-peng.fan@oss.nxp.com/ Reported-by: Geert Uytterhoeven <geert+renesas@glider.be> Closes: https://lore.kernel.org/dri-devel/CAMuHMdX3N0szUvt1VTbroa2zrT1Nye_VzPb5qqCZ7z5gSm7HGw@mail.gmail.com/ Fixes: a51c766 ("drm/fb-helper: Consolidate CONFIG_DRM_FBDEV_LEAK_PHYS_SMEM") Tested-by: Geert Uytterhoeven <geert+renesas@glider.be> Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch> Cc: <stable@vger.kernel.org> # v6.4+ Link: https://patchwork.freedesktop.org/patch/msgid/20240617152843.11886-1-tzimmermann@suse.de
mj22226
pushed a commit
to mj22226/linux
that referenced
this pull request
Jul 2, 2024
commit d92a758 upstream. Only export struct fb_info.fix.smem_start if that is required by the user and the memory does not come from vmalloc(). Setting struct fb_info.fix.smem_start breaks systems where DMA memory is backed by vmalloc address space. An example error is shown below. [ 3.536043] ------------[ cut here ]------------ [ 3.540716] virt_to_phys used for non-linear address: 000000007fc4f540 (0xffff800086001000) [ 3.552628] WARNING: CPU: 4 PID: 61 at arch/arm64/mm/physaddr.c:12 __virt_to_phys+0x68/0x98 [ 3.565455] Modules linked in: [ 3.568525] CPU: 4 PID: 61 Comm: kworker/u12:5 Not tainted 6.6.23-06226-g4986cc3e1b75-dirty torvalds#250 [ 3.577310] Hardware name: NXP i.MX95 19X19 board (DT) [ 3.582452] Workqueue: events_unbound deferred_probe_work_func [ 3.588291] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 3.595233] pc : __virt_to_phys+0x68/0x98 [ 3.599246] lr : __virt_to_phys+0x68/0x98 [ 3.603276] sp : ffff800083603990 [ 3.677939] Call trace: [ 3.680393] __virt_to_phys+0x68/0x98 [ 3.684067] drm_fbdev_dma_helper_fb_probe+0x138/0x238 [ 3.689214] __drm_fb_helper_initial_config_and_unlock+0x2b0/0x4c0 [ 3.695385] drm_fb_helper_initial_config+0x4c/0x68 [ 3.700264] drm_fbdev_dma_client_hotplug+0x8c/0xe0 [ 3.705161] drm_client_register+0x60/0xb0 [ 3.709269] drm_fbdev_dma_setup+0x94/0x148 Additionally, DMA memory is assumed to by contiguous in physical address space, which is not guaranteed by vmalloc(). Resolve this by checking the module flag drm_leak_fbdev_smem when DRM allocated the instance of struct fb_info. Fbdev-dma then only sets smem_start only if required (via FBINFO_HIDE_SMEM_START). Also guarantee that the framebuffer is not located in vmalloc address space. Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de> Reported-by: Peng Fan (OSS) <peng.fan@oss.nxp.com> Closes: https://lore.kernel.org/dri-devel/20240604080328.4024838-1-peng.fan@oss.nxp.com/ Reported-by: Geert Uytterhoeven <geert+renesas@glider.be> Closes: https://lore.kernel.org/dri-devel/CAMuHMdX3N0szUvt1VTbroa2zrT1Nye_VzPb5qqCZ7z5gSm7HGw@mail.gmail.com/ Fixes: a51c766 ("drm/fb-helper: Consolidate CONFIG_DRM_FBDEV_LEAK_PHYS_SMEM") Tested-by: Geert Uytterhoeven <geert+renesas@glider.be> Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch> Cc: <stable@vger.kernel.org> # v6.4+ Link: https://patchwork.freedesktop.org/patch/msgid/20240617152843.11886-1-tzimmermann@suse.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
mj22226
pushed a commit
to mj22226/linux
that referenced
this pull request
Jul 5, 2024
commit d92a758 upstream. Only export struct fb_info.fix.smem_start if that is required by the user and the memory does not come from vmalloc(). Setting struct fb_info.fix.smem_start breaks systems where DMA memory is backed by vmalloc address space. An example error is shown below. [ 3.536043] ------------[ cut here ]------------ [ 3.540716] virt_to_phys used for non-linear address: 000000007fc4f540 (0xffff800086001000) [ 3.552628] WARNING: CPU: 4 PID: 61 at arch/arm64/mm/physaddr.c:12 __virt_to_phys+0x68/0x98 [ 3.565455] Modules linked in: [ 3.568525] CPU: 4 PID: 61 Comm: kworker/u12:5 Not tainted 6.6.23-06226-g4986cc3e1b75-dirty torvalds#250 [ 3.577310] Hardware name: NXP i.MX95 19X19 board (DT) [ 3.582452] Workqueue: events_unbound deferred_probe_work_func [ 3.588291] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 3.595233] pc : __virt_to_phys+0x68/0x98 [ 3.599246] lr : __virt_to_phys+0x68/0x98 [ 3.603276] sp : ffff800083603990 [ 3.677939] Call trace: [ 3.680393] __virt_to_phys+0x68/0x98 [ 3.684067] drm_fbdev_dma_helper_fb_probe+0x138/0x238 [ 3.689214] __drm_fb_helper_initial_config_and_unlock+0x2b0/0x4c0 [ 3.695385] drm_fb_helper_initial_config+0x4c/0x68 [ 3.700264] drm_fbdev_dma_client_hotplug+0x8c/0xe0 [ 3.705161] drm_client_register+0x60/0xb0 [ 3.709269] drm_fbdev_dma_setup+0x94/0x148 Additionally, DMA memory is assumed to by contiguous in physical address space, which is not guaranteed by vmalloc(). Resolve this by checking the module flag drm_leak_fbdev_smem when DRM allocated the instance of struct fb_info. Fbdev-dma then only sets smem_start only if required (via FBINFO_HIDE_SMEM_START). Also guarantee that the framebuffer is not located in vmalloc address space. Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de> Reported-by: Peng Fan (OSS) <peng.fan@oss.nxp.com> Closes: https://lore.kernel.org/dri-devel/20240604080328.4024838-1-peng.fan@oss.nxp.com/ Reported-by: Geert Uytterhoeven <geert+renesas@glider.be> Closes: https://lore.kernel.org/dri-devel/CAMuHMdX3N0szUvt1VTbroa2zrT1Nye_VzPb5qqCZ7z5gSm7HGw@mail.gmail.com/ Fixes: a51c766 ("drm/fb-helper: Consolidate CONFIG_DRM_FBDEV_LEAK_PHYS_SMEM") Tested-by: Geert Uytterhoeven <geert+renesas@glider.be> Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch> Cc: <stable@vger.kernel.org> # v6.4+ Link: https://patchwork.freedesktop.org/patch/msgid/20240617152843.11886-1-tzimmermann@suse.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
tombriden
pushed a commit
to tombriden/linux
that referenced
this pull request
Jul 5, 2024
commit d92a758 upstream. Only export struct fb_info.fix.smem_start if that is required by the user and the memory does not come from vmalloc(). Setting struct fb_info.fix.smem_start breaks systems where DMA memory is backed by vmalloc address space. An example error is shown below. [ 3.536043] ------------[ cut here ]------------ [ 3.540716] virt_to_phys used for non-linear address: 000000007fc4f540 (0xffff800086001000) [ 3.552628] WARNING: CPU: 4 PID: 61 at arch/arm64/mm/physaddr.c:12 __virt_to_phys+0x68/0x98 [ 3.565455] Modules linked in: [ 3.568525] CPU: 4 PID: 61 Comm: kworker/u12:5 Not tainted 6.6.23-06226-g4986cc3e1b75-dirty torvalds#250 [ 3.577310] Hardware name: NXP i.MX95 19X19 board (DT) [ 3.582452] Workqueue: events_unbound deferred_probe_work_func [ 3.588291] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 3.595233] pc : __virt_to_phys+0x68/0x98 [ 3.599246] lr : __virt_to_phys+0x68/0x98 [ 3.603276] sp : ffff800083603990 [ 3.677939] Call trace: [ 3.680393] __virt_to_phys+0x68/0x98 [ 3.684067] drm_fbdev_dma_helper_fb_probe+0x138/0x238 [ 3.689214] __drm_fb_helper_initial_config_and_unlock+0x2b0/0x4c0 [ 3.695385] drm_fb_helper_initial_config+0x4c/0x68 [ 3.700264] drm_fbdev_dma_client_hotplug+0x8c/0xe0 [ 3.705161] drm_client_register+0x60/0xb0 [ 3.709269] drm_fbdev_dma_setup+0x94/0x148 Additionally, DMA memory is assumed to by contiguous in physical address space, which is not guaranteed by vmalloc(). Resolve this by checking the module flag drm_leak_fbdev_smem when DRM allocated the instance of struct fb_info. Fbdev-dma then only sets smem_start only if required (via FBINFO_HIDE_SMEM_START). Also guarantee that the framebuffer is not located in vmalloc address space. Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de> Reported-by: Peng Fan (OSS) <peng.fan@oss.nxp.com> Closes: https://lore.kernel.org/dri-devel/20240604080328.4024838-1-peng.fan@oss.nxp.com/ Reported-by: Geert Uytterhoeven <geert+renesas@glider.be> Closes: https://lore.kernel.org/dri-devel/CAMuHMdX3N0szUvt1VTbroa2zrT1Nye_VzPb5qqCZ7z5gSm7HGw@mail.gmail.com/ Fixes: a51c766 ("drm/fb-helper: Consolidate CONFIG_DRM_FBDEV_LEAK_PHYS_SMEM") Tested-by: Geert Uytterhoeven <geert+renesas@glider.be> Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch> Cc: <stable@vger.kernel.org> # v6.4+ Link: https://patchwork.freedesktop.org/patch/msgid/20240617152843.11886-1-tzimmermann@suse.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
panantoni01
pushed a commit
to panantoni01/linux
that referenced
this pull request
Jul 17, 2024
commit d92a758 upstream. Only export struct fb_info.fix.smem_start if that is required by the user and the memory does not come from vmalloc(). Setting struct fb_info.fix.smem_start breaks systems where DMA memory is backed by vmalloc address space. An example error is shown below. [ 3.536043] ------------[ cut here ]------------ [ 3.540716] virt_to_phys used for non-linear address: 000000007fc4f540 (0xffff800086001000) [ 3.552628] WARNING: CPU: 4 PID: 61 at arch/arm64/mm/physaddr.c:12 __virt_to_phys+0x68/0x98 [ 3.565455] Modules linked in: [ 3.568525] CPU: 4 PID: 61 Comm: kworker/u12:5 Not tainted 6.6.23-06226-g4986cc3e1b75-dirty torvalds#250 [ 3.577310] Hardware name: NXP i.MX95 19X19 board (DT) [ 3.582452] Workqueue: events_unbound deferred_probe_work_func [ 3.588291] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 3.595233] pc : __virt_to_phys+0x68/0x98 [ 3.599246] lr : __virt_to_phys+0x68/0x98 [ 3.603276] sp : ffff800083603990 [ 3.677939] Call trace: [ 3.680393] __virt_to_phys+0x68/0x98 [ 3.684067] drm_fbdev_dma_helper_fb_probe+0x138/0x238 [ 3.689214] __drm_fb_helper_initial_config_and_unlock+0x2b0/0x4c0 [ 3.695385] drm_fb_helper_initial_config+0x4c/0x68 [ 3.700264] drm_fbdev_dma_client_hotplug+0x8c/0xe0 [ 3.705161] drm_client_register+0x60/0xb0 [ 3.709269] drm_fbdev_dma_setup+0x94/0x148 Additionally, DMA memory is assumed to by contiguous in physical address space, which is not guaranteed by vmalloc(). Resolve this by checking the module flag drm_leak_fbdev_smem when DRM allocated the instance of struct fb_info. Fbdev-dma then only sets smem_start only if required (via FBINFO_HIDE_SMEM_START). Also guarantee that the framebuffer is not located in vmalloc address space. Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de> Reported-by: Peng Fan (OSS) <peng.fan@oss.nxp.com> Closes: https://lore.kernel.org/dri-devel/20240604080328.4024838-1-peng.fan@oss.nxp.com/ Reported-by: Geert Uytterhoeven <geert+renesas@glider.be> Closes: https://lore.kernel.org/dri-devel/CAMuHMdX3N0szUvt1VTbroa2zrT1Nye_VzPb5qqCZ7z5gSm7HGw@mail.gmail.com/ Fixes: a51c766 ("drm/fb-helper: Consolidate CONFIG_DRM_FBDEV_LEAK_PHYS_SMEM") Tested-by: Geert Uytterhoeven <geert+renesas@glider.be> Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch> Cc: <stable@vger.kernel.org> # v6.4+ Link: https://patchwork.freedesktop.org/patch/msgid/20240617152843.11886-1-tzimmermann@suse.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
jhautbois
pushed a commit
to YoseliSAS/linux
that referenced
this pull request
Aug 21, 2024
Only export struct fb_info.fix.smem_start if that is required by the user and the memory does not come from vmalloc(). Setting struct fb_info.fix.smem_start breaks systems where DMA memory is backed by vmalloc address space. An example error is shown below. [ 3.536043] ------------[ cut here ]------------ [ 3.540716] virt_to_phys used for non-linear address: 000000007fc4f540 (0xffff800086001000) [ 3.552628] WARNING: CPU: 4 PID: 61 at arch/arm64/mm/physaddr.c:12 __virt_to_phys+0x68/0x98 [ 3.565455] Modules linked in: [ 3.568525] CPU: 4 PID: 61 Comm: kworker/u12:5 Not tainted 6.6.23-06226-g4986cc3e1b75-dirty torvalds#250 [ 3.577310] Hardware name: NXP i.MX95 19X19 board (DT) [ 3.582452] Workqueue: events_unbound deferred_probe_work_func [ 3.588291] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 3.595233] pc : __virt_to_phys+0x68/0x98 [ 3.599246] lr : __virt_to_phys+0x68/0x98 [ 3.603276] sp : ffff800083603990 [ 3.677939] Call trace: [ 3.680393] __virt_to_phys+0x68/0x98 [ 3.684067] drm_fbdev_dma_helper_fb_probe+0x138/0x238 [ 3.689214] __drm_fb_helper_initial_config_and_unlock+0x2b0/0x4c0 [ 3.695385] drm_fb_helper_initial_config+0x4c/0x68 [ 3.700264] drm_fbdev_dma_client_hotplug+0x8c/0xe0 [ 3.705161] drm_client_register+0x60/0xb0 [ 3.709269] drm_fbdev_dma_setup+0x94/0x148 Additionally, DMA memory is assumed to by contiguous in physical address space, which is not guaranteed by vmalloc(). Resolve this by checking the module flag drm_leak_fbdev_smem when DRM allocated the instance of struct fb_info. Fbdev-dma then only sets smem_start only if required (via FBINFO_HIDE_SMEM_START). Also guarantee that the framebuffer is not located in vmalloc address space. Signed-off-by: Thomas Zimmermann <tzimmermann@suse.de> Reported-by: Peng Fan (OSS) <peng.fan@oss.nxp.com> Closes: https://lore.kernel.org/dri-devel/20240604080328.4024838-1-peng.fan@oss.nxp.com/ Reported-by: Geert Uytterhoeven <geert+renesas@glider.be> Closes: https://lore.kernel.org/dri-devel/CAMuHMdX3N0szUvt1VTbroa2zrT1Nye_VzPb5qqCZ7z5gSm7HGw@mail.gmail.com/ Fixes: a51c766 ("drm/fb-helper: Consolidate CONFIG_DRM_FBDEV_LEAK_PHYS_SMEM") Tested-by: Geert Uytterhoeven <geert+renesas@glider.be> Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch> Cc: <stable@vger.kernel.org> # v6.4+ Link: https://patchwork.freedesktop.org/patch/msgid/20240617152843.11886-1-tzimmermann@suse.de
easybe
pushed a commit
to husqvarnagroup/linux
that referenced
this pull request
Nov 8, 2024
When kernel booting, mount_block_root will be called to judge the filesystem type of root device. Then .mount function in file_system_type structure will do the check operation. But yaffs filesystem has a relaxed examination because as a filesystem for NAND Flash, it doesn't examinate whether the root device is the MTD NAND device. This results that yaffs filesystem will do mount operation even though the root device is a MMC card with a btrfs filesystem, and will crash kernel after mounting failed. The crash log is as below: md: Waiting for all devices to be available before autodetect md: If you don't use raid, use raid=noautodetect md: Autodetecting RAID arrays. md: autorun ... md: ... autorun DONE. yaffs: dev is 187695107 name is "mmcblk0p3" rw yaffs: passed flags "" yaffs: dev is 187695107 name is "mmcblk0p3" rw yaffs: passed flags "" ------------[ cut here ]------------ kernel BUG at fs/yaffs2/yaffs_getblockinfo.h:30! Internal error: Oops - BUG: 0 [#1] PREEMPT SMP Modules linked in: CPU: 3 PID: 1 Comm: swapper/0 Not tainted 5.2.24-yocto-standard+ torvalds#250 Hardware name: ZynqMP ZCU102 Rev1.0 (DT) pstate: 80000005 (Nzcv daif -PAN -UAO) pc : yaffs_rd_chunk_tags_nand+0xf0/0x110 lr : yaffs_rd_chunk_tags_nand+0x108/0x110 sp : ffffff801003b770 x29: ffffff801003b770 x28: ffffffc876fe8000 x27: 00000000000c0000 x26: 0000000000000000 x25: 00000000ffffffe1 x24: 0000000000010000 x23: 0000000000000000 x22: ffffff8011228000 x21: 000000000000005f x20: ffffff801003b890 x19: ffffffc876fe8000 x18: ffffffffffffffff x17: 0000000000000000 x16: 0000000000000000 x15: ffffff80112285c8 x14: ffffff801137d228 x13: ffffff801137ce74 x12: ffffff8011246000 x11: 0000000000000000 x10: ffffff801137c000 x9 : 0000000000000000 x8 : 0000000000000007 x7 : 000000000000015c x6 : ffffff801137c490 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 00000000ffffffff x2 : 50c80792e0663400 x1 : 0000000000000000 x0 : 0000000000000037 Call trace: yaffs_rd_chunk_tags_nand+0xf0/0x110 yaffs_summary_read+0x10c/0x2e0 yaffs2_scan_backwards+0x28c/0xf58 yaffs_guts_initialise+0x71c/0x7a0 yaffs_internal_read_super.isra.20+0x4ec/0x838 yaffs2_internal_read_super_mtd+0x2c/0x48 mount_bdev+0x1a4/0x1e0 yaffs2_mount+0x44/0x58 legacy_get_tree+0x34/0x60 vfs_get_tree+0x34/0x120 do_mount+0x708/0x980 ksys_mount+0x9c/0x110 mount_block_root+0x128/0x29c mount_root+0x148/0x17c prepare_namespace+0x178/0x1c0 kernel_init_freeable+0x370/0x390 kernel_init+0x18/0x110 ret_from_fork+0x10/0x1c Code: d65f03c0 f00069c0 b9440400 37f00060 (d4210000) ---[ end trace 68aa0995bdf59f76 ]--- BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:34 in_atomic(): 1, irqs_disabled(): 128, pid: 1, name: swapper/0 Preemption disabled at: [<ffffff80100a4598>] debug_exception_enter+0x30/0x40 CPU: 3 PID: 1 Comm: swapper/0 Tainted: G D 5.2.24-yocto-standard+ torvalds#250 Hardware name: ZynqMP ZCU102 Rev1.0 (DT) Call trace: dump_backtrace+0x0/0x148 show_stack+0x24/0x30 dump_stack+0x98/0xbc ___might_sleep+0x130/0x188 __might_sleep+0x58/0x90 exit_signals+0x44/0x258 do_exit+0xb4/0xa38 die+0x1bc/0x1e0 bug_handler+0x48/0x98 call_break_hook+0x7c/0xa8 brk_handler+0x28/0x68 do_debug_exception+0xc4/0x188 el1_dbg+0x18/0x8c yaffs_rd_chunk_tags_nand+0xf0/0x110 yaffs_summary_read+0x10c/0x2e0 yaffs2_scan_backwards+0x28c/0xf58 yaffs_guts_initialise+0x71c/0x7a0 yaffs_internal_read_super.isra.20+0x4ec/0x838 yaffs2_internal_read_super_mtd+0x2c/0x48 mount_bdev+0x1a4/0x1e0 yaffs2_mount+0x44/0x58 legacy_get_tree+0x34/0x60 vfs_get_tree+0x34/0x120 do_mount+0x708/0x980 ksys_mount+0x9c/0x110 mount_block_root+0x128/0x29c mount_root+0x148/0x17c prepare_namespace+0x178/0x1c0 kernel_init_freeable+0x370/0x390 kernel_init+0x18/0x110 ret_from_fork+0x10/0x1c note: swapper/0[1] exited with preempt_count 1 Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b SMP: stopping secondary CPUs Kernel Offset: disabled CPU features: 0x0002,20002004 Memory Limit: none ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]--- Use yaffs_get_mtd_device to add strict check. Signed-off-by: Quanyang Wang <quanyang.wang@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
X550VC as many others Asus laptops need wapf4 quirk to make RFKILL
switch be functional. Otherwise system boots with wireless card
disabled and is only possible to enable it by suspend/resume.
Bug report: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1334230