forked from torvalds/linux
-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
3.0.8 cache fixes #45
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
defined(@array) is deprecated in Perl and gives off a warning. Restructure the code to remove that warning. [ hpa: it would be interesting to revert to the timeconst.bc script. It appears that the failures reported by akpm during testing of that script was due to a known broken version of make, not a problem with bc. The Makefile rules could probably be restructured to avoid the make bug, or it is probably old enough that it doesn't matter. ] Reported-by: Andi Kleen <[email protected]> Signed-off-by: H. Peter Anvin <[email protected]> Cc: Andrew Morton <[email protected]> Cc: <[email protected]>
…ulti-core. The strategy is to flush both dcache and icache on the local CPU by address if the range < cachesize or by index if the range >= cachesize, and to flush the cache by index on all other CPU's. The other CPU maybe running in different process whit different address mapping, protected_blast_icache_range_ipi() maybe failed, so flush icache all with local_r4k_flush_icache_ipi(). But local_r4k_flush_icache_ipi() flush icache all by index, both flush L1 icache and L2 cache, it slowdown the machine performance. Ingenic should optimized the routine later. Change-Id: Ie95e1fcbb0edf12fd18bdfb592bcaacaf1580d05
…ache.h blast_dcache32() remove K0_TO_K1_CHECK(). rjzcache.h fix blast_icache_jz() bug. Change-Id: I3f23ca4204cb804ee2f986bf0301a4c3e794a845
…. and remove r4k_on_other_cpu(local_r4k_flush_dcache_jz_ipi,0). Change-Id: I31252f426dba7326cfe1b13dd1aa587e61e411a2
…_WB() for better performance. If user use __flush_cache_all() and then do a DMA transfer, must do SYNC_WB() after do __flush_cache_all(). Change-Id: I55cfbab24b706fab14a9af4f64d24430fbedeb5c
…che_jz_ipi,0) with r4k_on_other_cpu(protected_blast_other_cpu_dcache_range_ipi, &range_addr) for a better performance. Change-Id: Idbfeecfc3437162f22b62f62d3a28ab19377e42a
…che on other CPUs. Test result by 2013-10-25: Flush complete dcache and icache on other CPUs with local_r4k_flush_dcache_jz_ipi() and local_r4k_flush_icache_jz_ipi(), running flushtest is stable 4days. Flush dcache_range and icache_range by index on other CPUs, with protected_blast_other_cpu_dcache_range_ipi() protected_blast_other_cpu_icache_range_ipi(), fails running flushtest after hours. It should be update in the future. Change-Id: I3446c92cbc67ab9aa0a1131384bf6f3ba52735b6
Change-Id: Ibca3dbfa88110576823819c7c9200cc86d014dd6
This also fixes #21 |
cool. commit messages are pretty horrible. worth cleaning b51bc9f subject at least? |
or is it the exact commit as the android stuff? |
Of course I wouldn't write commit messages like that ;) They're cherry picked straight from the Android branch, presumably the same commit messages as they were given in Ingenic's tree. |
ZubairLK
added a commit
that referenced
this pull request
Jul 7, 2015
3.0.8 cache fixes inherited from android/ingenic.
chrisdearman
pushed a commit
that referenced
this pull request
Mar 22, 2017
Only adb, mtp and ptp configurations have been functional when selected. This patch introduces proper behaviour when mtp,adb or ptp,adb configurations are selected. During the boot-up the following warning is no longer shown: [ 2.879328] ------------[ cut here ]------------ [ 2.883983] WARNING: CPU: 0 PID: 1 at drivers/usb/dwc2/gadget.c:212 s3c_hsotg_init_fifo+0x168/0x1d0() [ 2.893204] insufficient fifo memory [ 2.896602] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W 3.18.3+ #10 [ 2.904004] Stack : 00000000 800919a0 00000000 00000004 00000006 800913f4 00000000 00000000 00000000 00000000 80f75a12 00000042 80f75a12 00000042 00000006 00000000 80e42767 80d7c2e 00000001 00000000 80f73574 8bc90418 80ea0000 01000d00 80f06704 80b24c00 00000000 80035388 00000006 00000000 80d834a4 8bc99b04 8bc99b04 80e40000 00000000 00000000 00000000 00000000 00000000 00000000 ... [ 2.939709] Call Trace: [ 2.942174] [<8001bab0>] show_stack+0xd4/0xf0 [ 2.946528] [<80b26c40>] dump_stack+0x70/0xbc [ 2.950880] [<800356bc>] warn_slowpath_common+0x90/0xe8 [ 2.956116] [<80035808>] warn_slowpath_fmt+0x3c/0x48 [ 2.961075] [<8069b824>] s3c_hsotg_init_fifo+0x168/0x1d0 [ 2.966398] [<8069d8fc>] s3c_hsotg_init+0x50/0x9c [ 2.971095] [<806a0388>] dwc2_gadget_init+0x430/0x8c0 [ 2.976158] [<806a0df0>] dwc2_driver_probe+0x218/0x2a8 [ 2.981291] [<805b935c>] platform_drv_probe+0x64/0x120 [ 2.986440] [<805b783c>] really_probe+0xa0/0x278 [ 2.991050] [<805b7c78>] driver_probe_device+0x48/0x78 [ 2.996197] [<805b7d74>] __driver_attach+0xcc/0xd4 [ 3.000980] [<805b5b7c>] bus_for_each_dev+0x7c/0xc4 [ 3.005874] [<805b64f8>] bus_add_driver+0x180/0x240 [ 3.010743] [<805b8428>] driver_register+0xac/0x154 [ 3.015633] [<80ea9e04>] do_one_initcall+0x150/0x1f4 [ 3.020589] [<80eaa080>] kernel_init_freeable+0x1d8/0x298 [ 3.025998] [<80b23c5c>] kernel_init+0x28/0x158 [ 3.030522] [<800153ec>] ret_from_kernel_thread+0x14/0x1c [ 3.035926] [ 3.037412] ---[ end trace cb88537fdc8fa201 ]--- And during configuration transitions (e.g. adb -> mtp,adb) the following warning is no longer shown: [ 311.726159] -----------[ cut here ]----------- [ 311.730817] WARNING: CPU: 0 PID: 0 at drivers/usb/dwc2/gadget.c:1475 s3c_hsotg_rx_data+0x130/0x13c() [ 311.739931] Modules linked in: [ 311.742993] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 3.18.3+ #45 [ 311.750199] Stack : 00000000 80080370 00000000 00000004 00000006 00000000 00000000 00000000 00000000 00000000 80f05b02 00000042 80d61010 80e18e20 80d60000 8b408010 80e18927 80d0df6c 00000000 00000000 80f03614 80e18e20 80d60000 8b408010 00250182 80a54f54 80e20cc4 80e20cc8 00000000 00000000 80d14ab8 80dfbacc 80dfbacc 00000000 00000000 00000000 00000000 00000000 00000000 00000000 ... [ 311.785841] Call Trace: [ 311.788292] [<8001ac28>] show_stack+0xc4/0xe0 [ 311.792650] [<80a56e58>] dump_stack+0x70/0xbc [ 311.797008] [<80033c14>] warn_slowpath_common+0x88/0xb8 [ 311.802224] [<80033cc8>] warn_slowpath_null+0x18/0x24 [ 311.807266] [<80606a3c>] s3c_hsotg_rx_data+0x130/0x13c [ 311.812397] [<8060afa4>] s3c_hsotg_irq+0x3b4/0x5e8 [ 311.817183] [<80082ab8>] handle_irq_event_percpu+0x90/0x2d0 [ 311.822745] [<80082d4c>] handle_irq_event+0x54/0x98 [ 311.827617] [<80086390>] handle_level_irq+0xe0/0x1c0 [ 311.832572] [<800820bc>] generic_handle_irq+0x3c/0x54 [ 311.837622] [<804bb680>] jz4740_cascade+0x78/0xac [ 311.842317] [<80082ab8>] handle_irq_event_percpu+0x90/0x2d0 [ 311.847881] [<80086d18>] handle_percpu_irq+0x8c/0xbc [ 311.852835] [<800820bc>] generic_handle_irq+0x3c/0x54 [ 311.857878] [<80016c8c>] do_IRQ+0x18/0x2c [ 311.861879] [<80014c40>] ret_from_irq+0x0/0x4 [ 311.866227] [<80016b20>] mips_cpuidle_wait_enter+0x14/0x34 [ 311.871713] [<806d37b0>] cpuidle_enter_state+0x88/0x2c0 [ 311.876934] [<80074308>] cpu_startup_entry+0x36c/0x484 [ 311.882074] [<80e7dc04>] start_kernel+0x4b8/0x4e0 [ 311.886767] [ 311.888253] --[ end trace dd7a60dcc5530db3 ]-- Change-Id: Ic8ac37a28913d4314371de0cd446f8a7cc45864d Signed-off-by: Dragan Cecavac <[email protected]>
miodragdinic
pushed a commit
to miodragdinic/CI20_linux
that referenced
this pull request
May 24, 2017
Before this patch, using multiple active endpoints would not be possible and would actually be canceling each other out. The issue was discovered on Android when combining adb, mtp and ptp configurations together. This patch introduces proper behaviour for these cases. Also, during the boot-up the following warning is no longer shown: [ 2.879328] ------------[ cut here ]------------ [ 2.883983] WARNING: CPU: 0 PID: 1 at drivers/usb/dwc2/gadget.c:212 s3c_hsotg_init_fifo+0x168/0x1d0() [ 2.893204] insufficient fifo memory [ 2.896602] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W 3.18.3+ MIPS#10 [ 2.904004] Stack : 00000000 800919a0 00000000 00000004 00000006 800913f4 00000000 00000000 00000000 00000000 80f75a12 00000042 80f75a12 00000042 00000006 00000000 80e42767 80d7c2e 00000001 00000000 80f73574 8bc90418 80ea0000 01000d00 80f06704 80b24c00 00000000 80035388 00000006 00000000 80d834a4 8bc99b04 8bc99b04 80e40000 00000000 00000000 00000000 00000000 00000000 00000000 ... [ 2.939709] Call Trace: [ 2.942174] [<8001bab0>] show_stack+0xd4/0xf0 [ 2.946528] [<80b26c40>] dump_stack+0x70/0xbc [ 2.950880] [<800356bc>] warn_slowpath_common+0x90/0xe8 [ 2.956116] [<80035808>] warn_slowpath_fmt+0x3c/0x48 [ 2.961075] [<8069b824>] s3c_hsotg_init_fifo+0x168/0x1d0 [ 2.966398] [<8069d8fc>] s3c_hsotg_init+0x50/0x9c [ 2.971095] [<806a0388>] dwc2_gadget_init+0x430/0x8c0 [ 2.976158] [<806a0df0>] dwc2_driver_probe+0x218/0x2a8 [ 2.981291] [<805b935c>] platform_drv_probe+0x64/0x120 [ 2.986440] [<805b783c>] really_probe+0xa0/0x278 [ 2.991050] [<805b7c78>] driver_probe_device+0x48/0x78 [ 2.996197] [<805b7d74>] __driver_attach+0xcc/0xd4 [ 3.000980] [<805b5b7c>] bus_for_each_dev+0x7c/0xc4 [ 3.005874] [<805b64f8>] bus_add_driver+0x180/0x240 [ 3.010743] [<805b8428>] driver_register+0xac/0x154 [ 3.015633] [<80ea9e04>] do_one_initcall+0x150/0x1f4 [ 3.020589] [<80eaa080>] kernel_init_freeable+0x1d8/0x298 [ 3.025998] [<80b23c5c>] kernel_init+0x28/0x158 [ 3.030522] [<800153ec>] ret_from_kernel_thread+0x14/0x1c [ 3.035926] [ 3.037412] ---[ end trace cb88537fdc8fa201 ]--- And during configuration transitions (e.g. adb -> mtp,adb) the following warning is no longer shown: [ 311.726159] -----------[ cut here ]----------- [ 311.730817] WARNING: CPU: 0 PID: 0 at drivers/usb/dwc2/gadget.c:1475 s3c_hsotg_rx_data+0x130/0x13c() [ 311.739931] Modules linked in: [ 311.742993] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 3.18.3+ MIPS#45 [ 311.750199] Stack : 00000000 80080370 00000000 00000004 00000006 00000000 00000000 00000000 00000000 00000000 80f05b02 00000042 80d61010 80e18e20 80d60000 8b408010 80e18927 80d0df6c 00000000 00000000 80f03614 80e18e20 80d60000 8b408010 00250182 80a54f54 80e20cc4 80e20cc8 00000000 00000000 80d14ab8 80dfbacc 80dfbacc 00000000 00000000 00000000 00000000 00000000 00000000 00000000 ... [ 311.785841] Call Trace: [ 311.788292] [<8001ac28>] show_stack+0xc4/0xe0 [ 311.792650] [<80a56e58>] dump_stack+0x70/0xbc [ 311.797008] [<80033c14>] warn_slowpath_common+0x88/0xb8 [ 311.802224] [<80033cc8>] warn_slowpath_null+0x18/0x24 [ 311.807266] [<80606a3c>] s3c_hsotg_rx_data+0x130/0x13c [ 311.812397] [<8060afa4>] s3c_hsotg_irq+0x3b4/0x5e8 [ 311.817183] [<80082ab8>] handle_irq_event_percpu+0x90/0x2d0 [ 311.822745] [<80082d4c>] handle_irq_event+0x54/0x98 [ 311.827617] [<80086390>] handle_level_irq+0xe0/0x1c0 [ 311.832572] [<800820bc>] generic_handle_irq+0x3c/0x54 [ 311.837622] [<804bb680>] jz4740_cascade+0x78/0xac [ 311.842317] [<80082ab8>] handle_irq_event_percpu+0x90/0x2d0 [ 311.847881] [<80086d18>] handle_percpu_irq+0x8c/0xbc [ 311.852835] [<800820bc>] generic_handle_irq+0x3c/0x54 [ 311.857878] [<80016c8c>] do_IRQ+0x18/0x2c [ 311.861879] [<80014c40>] ret_from_irq+0x0/0x4 [ 311.866227] [<80016b20>] mips_cpuidle_wait_enter+0x14/0x34 [ 311.871713] [<806d37b0>] cpuidle_enter_state+0x88/0x2c0 [ 311.876934] [<80074308>] cpu_startup_entry+0x36c/0x484 [ 311.882074] [<80e7dc04>] start_kernel+0x4b8/0x4e0 [ 311.886767] [ 311.888253] --[ end trace dd7a60dcc5530db3 ]-- Change-Id: Ic8ac37a28913d4314371de0cd446f8a7cc45864d Signed-off-by: Dragan Cecavac <[email protected]>
pcercuei
pushed a commit
to OpenDingux/linux
that referenced
this pull request
Jun 5, 2017
Xiaolong Ye's kernel test robot detected the following Oops: [ 299.158991] BUG: scheduling while atomic: mount.nfs/9387/0x00000002 [ 299.169587] 2 locks held by mount.nfs/9387: [ 299.176165] #0: (nfs_clid_init_mutex){......}, at: [<ffffffff8130cc92>] nfs4_discover_server_trunking+0x47/0x1fc [ 299.201802] #1: (&(&nn->nfs_client_lock)->rlock){......}, at: [<ffffffff813125fa>] nfs40_walk_client_list+0x2e9/0x338 [ 299.221979] CPU: 0 PID: 9387 Comm: mount.nfs Not tainted 4.11.0-rc7-00021-g14d1bbb MIPS#45 [ 299.235584] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014 [ 299.251176] Call Trace: [ 299.255192] dump_stack+0x61/0x7e [ 299.260416] __schedule_bug+0x65/0x74 [ 299.266208] __schedule+0x5d/0x87c [ 299.271883] schedule+0x89/0x9a [ 299.276937] schedule_timeout+0x232/0x289 [ 299.283223] ? detach_if_pending+0x10b/0x10b [ 299.289935] schedule_timeout_uninterruptible+0x2a/0x2c [ 299.298266] ? put_rpccred+0x3e/0x115 [ 299.304327] ? schedule_timeout_uninterruptible+0x2a/0x2c [ 299.312851] msleep+0x1e/0x22 [ 299.317612] nfs4_discover_server_trunking+0x102/0x1fc [ 299.325644] nfs4_init_client+0x13f/0x194 It looks as if we recently added a spin_lock() leak to nfs40_walk_client_list() when cleaning up the code. Reported-by: kernel test robot <[email protected]> Fixes: 14d1bbb ("NFS: Create a common nfs4_match_client() function") Cc: Anna Schumaker <[email protected]> Signed-off-by: Trond Myklebust <[email protected]>
pcercuei
pushed a commit
to OpenDingux/linux
that referenced
this pull request
May 16, 2018
syzbot caught an infinite recursion in nsh_gso_segment(). Problem here is that we need to make sure the NSH header is of reasonable length. BUG: MAX_LOCK_DEPTH too low! turning off the locking correctness validator. depth: 48 max: 48! 48 locks held by syz-executor0/10189: #0: (ptrval) (rcu_read_lock_bh){....}, at: __dev_queue_xmit+0x30f/0x34c0 net/core/dev.c:3517 #1: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] #1: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 #2: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] #2: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 #3: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] #3: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 #4: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] #4: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 #5: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] #5: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 #6: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] #6: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 #7: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] #7: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 #8: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] #8: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 #9: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] #9: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 #10: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] #10: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 #11: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] #11: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 #12: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] #12: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 #13: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] #13: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 #14: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] #14: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 #15: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] #15: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 MIPS#16: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] MIPS#16: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 MIPS#17: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] MIPS#17: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 MIPS#18: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] MIPS#18: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 MIPS#19: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] MIPS#19: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 MIPS#20: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] MIPS#20: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 MIPS#21: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] MIPS#21: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 MIPS#22: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] MIPS#22: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 MIPS#23: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] MIPS#23: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 MIPS#24: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] MIPS#24: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 MIPS#25: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] MIPS#25: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 MIPS#26: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] MIPS#26: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 MIPS#27: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] MIPS#27: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 MIPS#28: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] MIPS#28: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 MIPS#29: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] MIPS#29: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 MIPS#30: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] MIPS#30: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 MIPS#31: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] MIPS#31: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 dccp_close: ABORT with 65423 bytes unread MIPS#32: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] MIPS#32: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 MIPS#33: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] MIPS#33: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 MIPS#34: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] MIPS#34: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 MIPS#35: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] MIPS#35: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 MIPS#36: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] MIPS#36: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 MIPS#37: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] MIPS#37: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 MIPS#38: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] MIPS#38: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 MIPS#39: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] MIPS#39: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 MIPS#40: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] MIPS#40: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 MIPS#41: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] MIPS#41: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 MIPS#42: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] MIPS#42: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 MIPS#43: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] MIPS#43: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 MIPS#44: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] MIPS#44: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 MIPS#45: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] MIPS#45: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 MIPS#46: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] MIPS#46: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 MIPS#47: (ptrval) (rcu_read_lock){....}, at: __skb_pull include/linux/skbuff.h:2080 [inline] MIPS#47: (ptrval) (rcu_read_lock){....}, at: skb_mac_gso_segment+0x221/0x720 net/core/dev.c:2787 INFO: lockdep is turned off. CPU: 1 PID: 10189 Comm: syz-executor0 Not tainted 4.17.0-rc2+ MIPS#26 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1b9/0x294 lib/dump_stack.c:113 __lock_acquire+0x1788/0x5140 kernel/locking/lockdep.c:3449 lock_acquire+0x1dc/0x520 kernel/locking/lockdep.c:3920 rcu_lock_acquire include/linux/rcupdate.h:246 [inline] rcu_read_lock include/linux/rcupdate.h:632 [inline] skb_mac_gso_segment+0x25b/0x720 net/core/dev.c:2789 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 nsh_gso_segment+0x405/0xb60 net/nsh/nsh.c:107 skb_mac_gso_segment+0x3ad/0x720 net/core/dev.c:2792 __skb_gso_segment+0x3bb/0x870 net/core/dev.c:2865 skb_gso_segment include/linux/netdevice.h:4025 [inline] validate_xmit_skb+0x54d/0xd90 net/core/dev.c:3118 validate_xmit_skb_list+0xbf/0x120 net/core/dev.c:3168 sch_direct_xmit+0x354/0x11e0 net/sched/sch_generic.c:312 qdisc_restart net/sched/sch_generic.c:399 [inline] __qdisc_run+0x741/0x1af0 net/sched/sch_generic.c:410 __dev_xmit_skb net/core/dev.c:3243 [inline] __dev_queue_xmit+0x28ea/0x34c0 net/core/dev.c:3551 dev_queue_xmit+0x17/0x20 net/core/dev.c:3616 packet_snd net/packet/af_packet.c:2951 [inline] packet_sendmsg+0x40f8/0x6070 net/packet/af_packet.c:2976 sock_sendmsg_nosec net/socket.c:629 [inline] sock_sendmsg+0xd5/0x120 net/socket.c:639 __sys_sendto+0x3d7/0x670 net/socket.c:1789 __do_sys_sendto net/socket.c:1801 [inline] __se_sys_sendto net/socket.c:1797 [inline] __x64_sys_sendto+0xe1/0x1a0 net/socket.c:1797 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287 entry_SYSCALL_64_after_hwframe+0x49/0xbe Fixes: c411ed8 ("nsh: add GSO support") Signed-off-by: Eric Dumazet <[email protected]> Cc: Jiri Benc <[email protected]> Reported-by: syzbot <[email protected]> Acked-by: Jiri Benc <[email protected]> Signed-off-by: David S. Miller <[email protected]>
nemunaire
pushed a commit
to nemunaire/CI20_linux
that referenced
this pull request
Aug 17, 2018
Before this patch, using multiple active endpoints would not be possible and would actually be canceling each other out. The issue was discovered on Android when combining adb, mtp and ptp configurations together. This patch introduces proper behaviour for these cases. Also, during the boot-up the following warning is no longer shown: [ 2.879328] ------------[ cut here ]------------ [ 2.883983] WARNING: CPU: 0 PID: 1 at drivers/usb/dwc2/gadget.c:212 s3c_hsotg_init_fifo+0x168/0x1d0() [ 2.893204] insufficient fifo memory [ 2.896602] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W 3.18.3+ MIPS#10 [ 2.904004] Stack : 00000000 800919a0 00000000 00000004 00000006 800913f4 00000000 00000000 00000000 00000000 80f75a12 00000042 80f75a12 00000042 00000006 00000000 80e42767 80d7c2e 00000001 00000000 80f73574 8bc90418 80ea0000 01000d00 80f06704 80b24c00 00000000 80035388 00000006 00000000 80d834a4 8bc99b04 8bc99b04 80e40000 00000000 00000000 00000000 00000000 00000000 00000000 ... [ 2.939709] Call Trace: [ 2.942174] [<8001bab0>] show_stack+0xd4/0xf0 [ 2.946528] [<80b26c40>] dump_stack+0x70/0xbc [ 2.950880] [<800356bc>] warn_slowpath_common+0x90/0xe8 [ 2.956116] [<80035808>] warn_slowpath_fmt+0x3c/0x48 [ 2.961075] [<8069b824>] s3c_hsotg_init_fifo+0x168/0x1d0 [ 2.966398] [<8069d8fc>] s3c_hsotg_init+0x50/0x9c [ 2.971095] [<806a0388>] dwc2_gadget_init+0x430/0x8c0 [ 2.976158] [<806a0df0>] dwc2_driver_probe+0x218/0x2a8 [ 2.981291] [<805b935c>] platform_drv_probe+0x64/0x120 [ 2.986440] [<805b783c>] really_probe+0xa0/0x278 [ 2.991050] [<805b7c78>] driver_probe_device+0x48/0x78 [ 2.996197] [<805b7d74>] __driver_attach+0xcc/0xd4 [ 3.000980] [<805b5b7c>] bus_for_each_dev+0x7c/0xc4 [ 3.005874] [<805b64f8>] bus_add_driver+0x180/0x240 [ 3.010743] [<805b8428>] driver_register+0xac/0x154 [ 3.015633] [<80ea9e04>] do_one_initcall+0x150/0x1f4 [ 3.020589] [<80eaa080>] kernel_init_freeable+0x1d8/0x298 [ 3.025998] [<80b23c5c>] kernel_init+0x28/0x158 [ 3.030522] [<800153ec>] ret_from_kernel_thread+0x14/0x1c [ 3.035926] [ 3.037412] ---[ end trace cb88537fdc8fa201 ]--- And during configuration transitions (e.g. adb -> mtp,adb) the following warning is no longer shown: [ 311.726159] -----------[ cut here ]----------- [ 311.730817] WARNING: CPU: 0 PID: 0 at drivers/usb/dwc2/gadget.c:1475 s3c_hsotg_rx_data+0x130/0x13c() [ 311.739931] Modules linked in: [ 311.742993] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 3.18.3+ MIPS#45 [ 311.750199] Stack : 00000000 80080370 00000000 00000004 00000006 00000000 00000000 00000000 00000000 00000000 80f05b02 00000042 80d61010 80e18e20 80d60000 8b408010 80e18927 80d0df6c 00000000 00000000 80f03614 80e18e20 80d60000 8b408010 00250182 80a54f54 80e20cc4 80e20cc8 00000000 00000000 80d14ab8 80dfbacc 80dfbacc 00000000 00000000 00000000 00000000 00000000 00000000 00000000 ... [ 311.785841] Call Trace: [ 311.788292] [<8001ac28>] show_stack+0xc4/0xe0 [ 311.792650] [<80a56e58>] dump_stack+0x70/0xbc [ 311.797008] [<80033c14>] warn_slowpath_common+0x88/0xb8 [ 311.802224] [<80033cc8>] warn_slowpath_null+0x18/0x24 [ 311.807266] [<80606a3c>] s3c_hsotg_rx_data+0x130/0x13c [ 311.812397] [<8060afa4>] s3c_hsotg_irq+0x3b4/0x5e8 [ 311.817183] [<80082ab8>] handle_irq_event_percpu+0x90/0x2d0 [ 311.822745] [<80082d4c>] handle_irq_event+0x54/0x98 [ 311.827617] [<80086390>] handle_level_irq+0xe0/0x1c0 [ 311.832572] [<800820bc>] generic_handle_irq+0x3c/0x54 [ 311.837622] [<804bb680>] jz4740_cascade+0x78/0xac [ 311.842317] [<80082ab8>] handle_irq_event_percpu+0x90/0x2d0 [ 311.847881] [<80086d18>] handle_percpu_irq+0x8c/0xbc [ 311.852835] [<800820bc>] generic_handle_irq+0x3c/0x54 [ 311.857878] [<80016c8c>] do_IRQ+0x18/0x2c [ 311.861879] [<80014c40>] ret_from_irq+0x0/0x4 [ 311.866227] [<80016b20>] mips_cpuidle_wait_enter+0x14/0x34 [ 311.871713] [<806d37b0>] cpuidle_enter_state+0x88/0x2c0 [ 311.876934] [<80074308>] cpu_startup_entry+0x36c/0x484 [ 311.882074] [<80e7dc04>] start_kernel+0x4b8/0x4e0 [ 311.886767] [ 311.888253] --[ end trace dd7a60dcc5530db3 ]-- Change-Id: Ic8ac37a28913d4314371de0cd446f8a7cc45864d Signed-off-by: Dragan Cecavac <[email protected]>
gabrielesvelto
pushed a commit
to gabrielesvelto/CI20_linux
that referenced
this pull request
Sep 11, 2018
Before this patch, using multiple active endpoints would not be possible and would actually be canceling each other out. The issue was discovered on Android when combining adb, mtp and ptp configurations together. This patch introduces proper behaviour for these cases. Also, during the boot-up the following warning is no longer shown: [ 2.879328] ------------[ cut here ]------------ [ 2.883983] WARNING: CPU: 0 PID: 1 at drivers/usb/dwc2/gadget.c:212 s3c_hsotg_init_fifo+0x168/0x1d0() [ 2.893204] insufficient fifo memory [ 2.896602] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W 3.18.3+ MIPS#10 [ 2.904004] Stack : 00000000 800919a0 00000000 00000004 00000006 800913f4 00000000 00000000 00000000 00000000 80f75a12 00000042 80f75a12 00000042 00000006 00000000 80e42767 80d7c2e 00000001 00000000 80f73574 8bc90418 80ea0000 01000d00 80f06704 80b24c00 00000000 80035388 00000006 00000000 80d834a4 8bc99b04 8bc99b04 80e40000 00000000 00000000 00000000 00000000 00000000 00000000 ... [ 2.939709] Call Trace: [ 2.942174] [<8001bab0>] show_stack+0xd4/0xf0 [ 2.946528] [<80b26c40>] dump_stack+0x70/0xbc [ 2.950880] [<800356bc>] warn_slowpath_common+0x90/0xe8 [ 2.956116] [<80035808>] warn_slowpath_fmt+0x3c/0x48 [ 2.961075] [<8069b824>] s3c_hsotg_init_fifo+0x168/0x1d0 [ 2.966398] [<8069d8fc>] s3c_hsotg_init+0x50/0x9c [ 2.971095] [<806a0388>] dwc2_gadget_init+0x430/0x8c0 [ 2.976158] [<806a0df0>] dwc2_driver_probe+0x218/0x2a8 [ 2.981291] [<805b935c>] platform_drv_probe+0x64/0x120 [ 2.986440] [<805b783c>] really_probe+0xa0/0x278 [ 2.991050] [<805b7c78>] driver_probe_device+0x48/0x78 [ 2.996197] [<805b7d74>] __driver_attach+0xcc/0xd4 [ 3.000980] [<805b5b7c>] bus_for_each_dev+0x7c/0xc4 [ 3.005874] [<805b64f8>] bus_add_driver+0x180/0x240 [ 3.010743] [<805b8428>] driver_register+0xac/0x154 [ 3.015633] [<80ea9e04>] do_one_initcall+0x150/0x1f4 [ 3.020589] [<80eaa080>] kernel_init_freeable+0x1d8/0x298 [ 3.025998] [<80b23c5c>] kernel_init+0x28/0x158 [ 3.030522] [<800153ec>] ret_from_kernel_thread+0x14/0x1c [ 3.035926] [ 3.037412] ---[ end trace cb88537fdc8fa201 ]--- And during configuration transitions (e.g. adb -> mtp,adb) the following warning is no longer shown: [ 311.726159] -----------[ cut here ]----------- [ 311.730817] WARNING: CPU: 0 PID: 0 at drivers/usb/dwc2/gadget.c:1475 s3c_hsotg_rx_data+0x130/0x13c() [ 311.739931] Modules linked in: [ 311.742993] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 3.18.3+ MIPS#45 [ 311.750199] Stack : 00000000 80080370 00000000 00000004 00000006 00000000 00000000 00000000 00000000 00000000 80f05b02 00000042 80d61010 80e18e20 80d60000 8b408010 80e18927 80d0df6c 00000000 00000000 80f03614 80e18e20 80d60000 8b408010 00250182 80a54f54 80e20cc4 80e20cc8 00000000 00000000 80d14ab8 80dfbacc 80dfbacc 00000000 00000000 00000000 00000000 00000000 00000000 00000000 ... [ 311.785841] Call Trace: [ 311.788292] [<8001ac28>] show_stack+0xc4/0xe0 [ 311.792650] [<80a56e58>] dump_stack+0x70/0xbc [ 311.797008] [<80033c14>] warn_slowpath_common+0x88/0xb8 [ 311.802224] [<80033cc8>] warn_slowpath_null+0x18/0x24 [ 311.807266] [<80606a3c>] s3c_hsotg_rx_data+0x130/0x13c [ 311.812397] [<8060afa4>] s3c_hsotg_irq+0x3b4/0x5e8 [ 311.817183] [<80082ab8>] handle_irq_event_percpu+0x90/0x2d0 [ 311.822745] [<80082d4c>] handle_irq_event+0x54/0x98 [ 311.827617] [<80086390>] handle_level_irq+0xe0/0x1c0 [ 311.832572] [<800820bc>] generic_handle_irq+0x3c/0x54 [ 311.837622] [<804bb680>] jz4740_cascade+0x78/0xac [ 311.842317] [<80082ab8>] handle_irq_event_percpu+0x90/0x2d0 [ 311.847881] [<80086d18>] handle_percpu_irq+0x8c/0xbc [ 311.852835] [<800820bc>] generic_handle_irq+0x3c/0x54 [ 311.857878] [<80016c8c>] do_IRQ+0x18/0x2c [ 311.861879] [<80014c40>] ret_from_irq+0x0/0x4 [ 311.866227] [<80016b20>] mips_cpuidle_wait_enter+0x14/0x34 [ 311.871713] [<806d37b0>] cpuidle_enter_state+0x88/0x2c0 [ 311.876934] [<80074308>] cpu_startup_entry+0x36c/0x484 [ 311.882074] [<80e7dc04>] start_kernel+0x4b8/0x4e0 [ 311.886767] [ 311.888253] --[ end trace dd7a60dcc5530db3 ]-- Change-Id: Ic8ac37a28913d4314371de0cd446f8a7cc45864d Signed-off-by: Dragan Cecavac <[email protected]>
gabrielesvelto
pushed a commit
to gabrielesvelto/CI20_linux
that referenced
this pull request
Sep 26, 2018
Before this patch, using multiple active endpoints would not be possible and would actually be canceling each other out. The issue was discovered on Android when combining adb, mtp and ptp configurations together. This patch introduces proper behaviour for these cases. Also, during the boot-up the following warning is no longer shown: [ 2.879328] ------------[ cut here ]------------ [ 2.883983] WARNING: CPU: 0 PID: 1 at drivers/usb/dwc2/gadget.c:212 s3c_hsotg_init_fifo+0x168/0x1d0() [ 2.893204] insufficient fifo memory [ 2.896602] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W 3.18.3+ MIPS#10 [ 2.904004] Stack : 00000000 800919a0 00000000 00000004 00000006 800913f4 00000000 00000000 00000000 00000000 80f75a12 00000042 80f75a12 00000042 00000006 00000000 80e42767 80d7c2e 00000001 00000000 80f73574 8bc90418 80ea0000 01000d00 80f06704 80b24c00 00000000 80035388 00000006 00000000 80d834a4 8bc99b04 8bc99b04 80e40000 00000000 00000000 00000000 00000000 00000000 00000000 ... [ 2.939709] Call Trace: [ 2.942174] [<8001bab0>] show_stack+0xd4/0xf0 [ 2.946528] [<80b26c40>] dump_stack+0x70/0xbc [ 2.950880] [<800356bc>] warn_slowpath_common+0x90/0xe8 [ 2.956116] [<80035808>] warn_slowpath_fmt+0x3c/0x48 [ 2.961075] [<8069b824>] s3c_hsotg_init_fifo+0x168/0x1d0 [ 2.966398] [<8069d8fc>] s3c_hsotg_init+0x50/0x9c [ 2.971095] [<806a0388>] dwc2_gadget_init+0x430/0x8c0 [ 2.976158] [<806a0df0>] dwc2_driver_probe+0x218/0x2a8 [ 2.981291] [<805b935c>] platform_drv_probe+0x64/0x120 [ 2.986440] [<805b783c>] really_probe+0xa0/0x278 [ 2.991050] [<805b7c78>] driver_probe_device+0x48/0x78 [ 2.996197] [<805b7d74>] __driver_attach+0xcc/0xd4 [ 3.000980] [<805b5b7c>] bus_for_each_dev+0x7c/0xc4 [ 3.005874] [<805b64f8>] bus_add_driver+0x180/0x240 [ 3.010743] [<805b8428>] driver_register+0xac/0x154 [ 3.015633] [<80ea9e04>] do_one_initcall+0x150/0x1f4 [ 3.020589] [<80eaa080>] kernel_init_freeable+0x1d8/0x298 [ 3.025998] [<80b23c5c>] kernel_init+0x28/0x158 [ 3.030522] [<800153ec>] ret_from_kernel_thread+0x14/0x1c [ 3.035926] [ 3.037412] ---[ end trace cb88537fdc8fa201 ]--- And during configuration transitions (e.g. adb -> mtp,adb) the following warning is no longer shown: [ 311.726159] -----------[ cut here ]----------- [ 311.730817] WARNING: CPU: 0 PID: 0 at drivers/usb/dwc2/gadget.c:1475 s3c_hsotg_rx_data+0x130/0x13c() [ 311.739931] Modules linked in: [ 311.742993] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 3.18.3+ MIPS#45 [ 311.750199] Stack : 00000000 80080370 00000000 00000004 00000006 00000000 00000000 00000000 00000000 00000000 80f05b02 00000042 80d61010 80e18e20 80d60000 8b408010 80e18927 80d0df6c 00000000 00000000 80f03614 80e18e20 80d60000 8b408010 00250182 80a54f54 80e20cc4 80e20cc8 00000000 00000000 80d14ab8 80dfbacc 80dfbacc 00000000 00000000 00000000 00000000 00000000 00000000 00000000 ... [ 311.785841] Call Trace: [ 311.788292] [<8001ac28>] show_stack+0xc4/0xe0 [ 311.792650] [<80a56e58>] dump_stack+0x70/0xbc [ 311.797008] [<80033c14>] warn_slowpath_common+0x88/0xb8 [ 311.802224] [<80033cc8>] warn_slowpath_null+0x18/0x24 [ 311.807266] [<80606a3c>] s3c_hsotg_rx_data+0x130/0x13c [ 311.812397] [<8060afa4>] s3c_hsotg_irq+0x3b4/0x5e8 [ 311.817183] [<80082ab8>] handle_irq_event_percpu+0x90/0x2d0 [ 311.822745] [<80082d4c>] handle_irq_event+0x54/0x98 [ 311.827617] [<80086390>] handle_level_irq+0xe0/0x1c0 [ 311.832572] [<800820bc>] generic_handle_irq+0x3c/0x54 [ 311.837622] [<804bb680>] jz4740_cascade+0x78/0xac [ 311.842317] [<80082ab8>] handle_irq_event_percpu+0x90/0x2d0 [ 311.847881] [<80086d18>] handle_percpu_irq+0x8c/0xbc [ 311.852835] [<800820bc>] generic_handle_irq+0x3c/0x54 [ 311.857878] [<80016c8c>] do_IRQ+0x18/0x2c [ 311.861879] [<80014c40>] ret_from_irq+0x0/0x4 [ 311.866227] [<80016b20>] mips_cpuidle_wait_enter+0x14/0x34 [ 311.871713] [<806d37b0>] cpuidle_enter_state+0x88/0x2c0 [ 311.876934] [<80074308>] cpu_startup_entry+0x36c/0x484 [ 311.882074] [<80e7dc04>] start_kernel+0x4b8/0x4e0 [ 311.886767] [ 311.888253] --[ end trace dd7a60dcc5530db3 ]-- Change-Id: Ic8ac37a28913d4314371de0cd446f8a7cc45864d Signed-off-by: Dragan Cecavac <[email protected]>
gabrielesvelto
pushed a commit
to gabrielesvelto/CI20_linux
that referenced
this pull request
Oct 14, 2018
Before this patch, using multiple active endpoints would not be possible and would actually be canceling each other out. The issue was discovered on Android when combining adb, mtp and ptp configurations together. This patch introduces proper behaviour for these cases. Also, during the boot-up the following warning is no longer shown: [ 2.879328] ------------[ cut here ]------------ [ 2.883983] WARNING: CPU: 0 PID: 1 at drivers/usb/dwc2/gadget.c:212 s3c_hsotg_init_fifo+0x168/0x1d0() [ 2.893204] insufficient fifo memory [ 2.896602] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W 3.18.3+ MIPS#10 [ 2.904004] Stack : 00000000 800919a0 00000000 00000004 00000006 800913f4 00000000 00000000 00000000 00000000 80f75a12 00000042 80f75a12 00000042 00000006 00000000 80e42767 80d7c2e 00000001 00000000 80f73574 8bc90418 80ea0000 01000d00 80f06704 80b24c00 00000000 80035388 00000006 00000000 80d834a4 8bc99b04 8bc99b04 80e40000 00000000 00000000 00000000 00000000 00000000 00000000 ... [ 2.939709] Call Trace: [ 2.942174] [<8001bab0>] show_stack+0xd4/0xf0 [ 2.946528] [<80b26c40>] dump_stack+0x70/0xbc [ 2.950880] [<800356bc>] warn_slowpath_common+0x90/0xe8 [ 2.956116] [<80035808>] warn_slowpath_fmt+0x3c/0x48 [ 2.961075] [<8069b824>] s3c_hsotg_init_fifo+0x168/0x1d0 [ 2.966398] [<8069d8fc>] s3c_hsotg_init+0x50/0x9c [ 2.971095] [<806a0388>] dwc2_gadget_init+0x430/0x8c0 [ 2.976158] [<806a0df0>] dwc2_driver_probe+0x218/0x2a8 [ 2.981291] [<805b935c>] platform_drv_probe+0x64/0x120 [ 2.986440] [<805b783c>] really_probe+0xa0/0x278 [ 2.991050] [<805b7c78>] driver_probe_device+0x48/0x78 [ 2.996197] [<805b7d74>] __driver_attach+0xcc/0xd4 [ 3.000980] [<805b5b7c>] bus_for_each_dev+0x7c/0xc4 [ 3.005874] [<805b64f8>] bus_add_driver+0x180/0x240 [ 3.010743] [<805b8428>] driver_register+0xac/0x154 [ 3.015633] [<80ea9e04>] do_one_initcall+0x150/0x1f4 [ 3.020589] [<80eaa080>] kernel_init_freeable+0x1d8/0x298 [ 3.025998] [<80b23c5c>] kernel_init+0x28/0x158 [ 3.030522] [<800153ec>] ret_from_kernel_thread+0x14/0x1c [ 3.035926] [ 3.037412] ---[ end trace cb88537fdc8fa201 ]--- And during configuration transitions (e.g. adb -> mtp,adb) the following warning is no longer shown: [ 311.726159] -----------[ cut here ]----------- [ 311.730817] WARNING: CPU: 0 PID: 0 at drivers/usb/dwc2/gadget.c:1475 s3c_hsotg_rx_data+0x130/0x13c() [ 311.739931] Modules linked in: [ 311.742993] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 3.18.3+ MIPS#45 [ 311.750199] Stack : 00000000 80080370 00000000 00000004 00000006 00000000 00000000 00000000 00000000 00000000 80f05b02 00000042 80d61010 80e18e20 80d60000 8b408010 80e18927 80d0df6c 00000000 00000000 80f03614 80e18e20 80d60000 8b408010 00250182 80a54f54 80e20cc4 80e20cc8 00000000 00000000 80d14ab8 80dfbacc 80dfbacc 00000000 00000000 00000000 00000000 00000000 00000000 00000000 ... [ 311.785841] Call Trace: [ 311.788292] [<8001ac28>] show_stack+0xc4/0xe0 [ 311.792650] [<80a56e58>] dump_stack+0x70/0xbc [ 311.797008] [<80033c14>] warn_slowpath_common+0x88/0xb8 [ 311.802224] [<80033cc8>] warn_slowpath_null+0x18/0x24 [ 311.807266] [<80606a3c>] s3c_hsotg_rx_data+0x130/0x13c [ 311.812397] [<8060afa4>] s3c_hsotg_irq+0x3b4/0x5e8 [ 311.817183] [<80082ab8>] handle_irq_event_percpu+0x90/0x2d0 [ 311.822745] [<80082d4c>] handle_irq_event+0x54/0x98 [ 311.827617] [<80086390>] handle_level_irq+0xe0/0x1c0 [ 311.832572] [<800820bc>] generic_handle_irq+0x3c/0x54 [ 311.837622] [<804bb680>] jz4740_cascade+0x78/0xac [ 311.842317] [<80082ab8>] handle_irq_event_percpu+0x90/0x2d0 [ 311.847881] [<80086d18>] handle_percpu_irq+0x8c/0xbc [ 311.852835] [<800820bc>] generic_handle_irq+0x3c/0x54 [ 311.857878] [<80016c8c>] do_IRQ+0x18/0x2c [ 311.861879] [<80014c40>] ret_from_irq+0x0/0x4 [ 311.866227] [<80016b20>] mips_cpuidle_wait_enter+0x14/0x34 [ 311.871713] [<806d37b0>] cpuidle_enter_state+0x88/0x2c0 [ 311.876934] [<80074308>] cpu_startup_entry+0x36c/0x484 [ 311.882074] [<80e7dc04>] start_kernel+0x4b8/0x4e0 [ 311.886767] [ 311.888253] --[ end trace dd7a60dcc5530db3 ]-- Change-Id: Ic8ac37a28913d4314371de0cd446f8a7cc45864d Signed-off-by: Dragan Cecavac <[email protected]>
gabrielesvelto
pushed a commit
to gabrielesvelto/CI20_linux
that referenced
this pull request
Nov 23, 2018
Before this patch, using multiple active endpoints would not be possible and would actually be canceling each other out. The issue was discovered on Android when combining adb, mtp and ptp configurations together. This patch introduces proper behaviour for these cases. Also, during the boot-up the following warning is no longer shown: [ 2.879328] ------------[ cut here ]------------ [ 2.883983] WARNING: CPU: 0 PID: 1 at drivers/usb/dwc2/gadget.c:212 s3c_hsotg_init_fifo+0x168/0x1d0() [ 2.893204] insufficient fifo memory [ 2.896602] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W 3.18.3+ MIPS#10 [ 2.904004] Stack : 00000000 800919a0 00000000 00000004 00000006 800913f4 00000000 00000000 00000000 00000000 80f75a12 00000042 80f75a12 00000042 00000006 00000000 80e42767 80d7c2e 00000001 00000000 80f73574 8bc90418 80ea0000 01000d00 80f06704 80b24c00 00000000 80035388 00000006 00000000 80d834a4 8bc99b04 8bc99b04 80e40000 00000000 00000000 00000000 00000000 00000000 00000000 ... [ 2.939709] Call Trace: [ 2.942174] [<8001bab0>] show_stack+0xd4/0xf0 [ 2.946528] [<80b26c40>] dump_stack+0x70/0xbc [ 2.950880] [<800356bc>] warn_slowpath_common+0x90/0xe8 [ 2.956116] [<80035808>] warn_slowpath_fmt+0x3c/0x48 [ 2.961075] [<8069b824>] s3c_hsotg_init_fifo+0x168/0x1d0 [ 2.966398] [<8069d8fc>] s3c_hsotg_init+0x50/0x9c [ 2.971095] [<806a0388>] dwc2_gadget_init+0x430/0x8c0 [ 2.976158] [<806a0df0>] dwc2_driver_probe+0x218/0x2a8 [ 2.981291] [<805b935c>] platform_drv_probe+0x64/0x120 [ 2.986440] [<805b783c>] really_probe+0xa0/0x278 [ 2.991050] [<805b7c78>] driver_probe_device+0x48/0x78 [ 2.996197] [<805b7d74>] __driver_attach+0xcc/0xd4 [ 3.000980] [<805b5b7c>] bus_for_each_dev+0x7c/0xc4 [ 3.005874] [<805b64f8>] bus_add_driver+0x180/0x240 [ 3.010743] [<805b8428>] driver_register+0xac/0x154 [ 3.015633] [<80ea9e04>] do_one_initcall+0x150/0x1f4 [ 3.020589] [<80eaa080>] kernel_init_freeable+0x1d8/0x298 [ 3.025998] [<80b23c5c>] kernel_init+0x28/0x158 [ 3.030522] [<800153ec>] ret_from_kernel_thread+0x14/0x1c [ 3.035926] [ 3.037412] ---[ end trace cb88537fdc8fa201 ]--- And during configuration transitions (e.g. adb -> mtp,adb) the following warning is no longer shown: [ 311.726159] -----------[ cut here ]----------- [ 311.730817] WARNING: CPU: 0 PID: 0 at drivers/usb/dwc2/gadget.c:1475 s3c_hsotg_rx_data+0x130/0x13c() [ 311.739931] Modules linked in: [ 311.742993] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 3.18.3+ MIPS#45 [ 311.750199] Stack : 00000000 80080370 00000000 00000004 00000006 00000000 00000000 00000000 00000000 00000000 80f05b02 00000042 80d61010 80e18e20 80d60000 8b408010 80e18927 80d0df6c 00000000 00000000 80f03614 80e18e20 80d60000 8b408010 00250182 80a54f54 80e20cc4 80e20cc8 00000000 00000000 80d14ab8 80dfbacc 80dfbacc 00000000 00000000 00000000 00000000 00000000 00000000 00000000 ... [ 311.785841] Call Trace: [ 311.788292] [<8001ac28>] show_stack+0xc4/0xe0 [ 311.792650] [<80a56e58>] dump_stack+0x70/0xbc [ 311.797008] [<80033c14>] warn_slowpath_common+0x88/0xb8 [ 311.802224] [<80033cc8>] warn_slowpath_null+0x18/0x24 [ 311.807266] [<80606a3c>] s3c_hsotg_rx_data+0x130/0x13c [ 311.812397] [<8060afa4>] s3c_hsotg_irq+0x3b4/0x5e8 [ 311.817183] [<80082ab8>] handle_irq_event_percpu+0x90/0x2d0 [ 311.822745] [<80082d4c>] handle_irq_event+0x54/0x98 [ 311.827617] [<80086390>] handle_level_irq+0xe0/0x1c0 [ 311.832572] [<800820bc>] generic_handle_irq+0x3c/0x54 [ 311.837622] [<804bb680>] jz4740_cascade+0x78/0xac [ 311.842317] [<80082ab8>] handle_irq_event_percpu+0x90/0x2d0 [ 311.847881] [<80086d18>] handle_percpu_irq+0x8c/0xbc [ 311.852835] [<800820bc>] generic_handle_irq+0x3c/0x54 [ 311.857878] [<80016c8c>] do_IRQ+0x18/0x2c [ 311.861879] [<80014c40>] ret_from_irq+0x0/0x4 [ 311.866227] [<80016b20>] mips_cpuidle_wait_enter+0x14/0x34 [ 311.871713] [<806d37b0>] cpuidle_enter_state+0x88/0x2c0 [ 311.876934] [<80074308>] cpu_startup_entry+0x36c/0x484 [ 311.882074] [<80e7dc04>] start_kernel+0x4b8/0x4e0 [ 311.886767] [ 311.888253] --[ end trace dd7a60dcc5530db3 ]-- Change-Id: Ic8ac37a28913d4314371de0cd446f8a7cc45864d Signed-off-by: Dragan Cecavac <[email protected]>
gabrielesvelto
pushed a commit
to gabrielesvelto/CI20_linux
that referenced
this pull request
Nov 28, 2018
Before this patch, using multiple active endpoints would not be possible and would actually be canceling each other out. The issue was discovered on Android when combining adb, mtp and ptp configurations together. This patch introduces proper behaviour for these cases. Also, during the boot-up the following warning is no longer shown: [ 2.879328] ------------[ cut here ]------------ [ 2.883983] WARNING: CPU: 0 PID: 1 at drivers/usb/dwc2/gadget.c:212 s3c_hsotg_init_fifo+0x168/0x1d0() [ 2.893204] insufficient fifo memory [ 2.896602] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W 3.18.3+ MIPS#10 [ 2.904004] Stack : 00000000 800919a0 00000000 00000004 00000006 800913f4 00000000 00000000 00000000 00000000 80f75a12 00000042 80f75a12 00000042 00000006 00000000 80e42767 80d7c2e 00000001 00000000 80f73574 8bc90418 80ea0000 01000d00 80f06704 80b24c00 00000000 80035388 00000006 00000000 80d834a4 8bc99b04 8bc99b04 80e40000 00000000 00000000 00000000 00000000 00000000 00000000 ... [ 2.939709] Call Trace: [ 2.942174] [<8001bab0>] show_stack+0xd4/0xf0 [ 2.946528] [<80b26c40>] dump_stack+0x70/0xbc [ 2.950880] [<800356bc>] warn_slowpath_common+0x90/0xe8 [ 2.956116] [<80035808>] warn_slowpath_fmt+0x3c/0x48 [ 2.961075] [<8069b824>] s3c_hsotg_init_fifo+0x168/0x1d0 [ 2.966398] [<8069d8fc>] s3c_hsotg_init+0x50/0x9c [ 2.971095] [<806a0388>] dwc2_gadget_init+0x430/0x8c0 [ 2.976158] [<806a0df0>] dwc2_driver_probe+0x218/0x2a8 [ 2.981291] [<805b935c>] platform_drv_probe+0x64/0x120 [ 2.986440] [<805b783c>] really_probe+0xa0/0x278 [ 2.991050] [<805b7c78>] driver_probe_device+0x48/0x78 [ 2.996197] [<805b7d74>] __driver_attach+0xcc/0xd4 [ 3.000980] [<805b5b7c>] bus_for_each_dev+0x7c/0xc4 [ 3.005874] [<805b64f8>] bus_add_driver+0x180/0x240 [ 3.010743] [<805b8428>] driver_register+0xac/0x154 [ 3.015633] [<80ea9e04>] do_one_initcall+0x150/0x1f4 [ 3.020589] [<80eaa080>] kernel_init_freeable+0x1d8/0x298 [ 3.025998] [<80b23c5c>] kernel_init+0x28/0x158 [ 3.030522] [<800153ec>] ret_from_kernel_thread+0x14/0x1c [ 3.035926] [ 3.037412] ---[ end trace cb88537fdc8fa201 ]--- And during configuration transitions (e.g. adb -> mtp,adb) the following warning is no longer shown: [ 311.726159] -----------[ cut here ]----------- [ 311.730817] WARNING: CPU: 0 PID: 0 at drivers/usb/dwc2/gadget.c:1475 s3c_hsotg_rx_data+0x130/0x13c() [ 311.739931] Modules linked in: [ 311.742993] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 3.18.3+ MIPS#45 [ 311.750199] Stack : 00000000 80080370 00000000 00000004 00000006 00000000 00000000 00000000 00000000 00000000 80f05b02 00000042 80d61010 80e18e20 80d60000 8b408010 80e18927 80d0df6c 00000000 00000000 80f03614 80e18e20 80d60000 8b408010 00250182 80a54f54 80e20cc4 80e20cc8 00000000 00000000 80d14ab8 80dfbacc 80dfbacc 00000000 00000000 00000000 00000000 00000000 00000000 00000000 ... [ 311.785841] Call Trace: [ 311.788292] [<8001ac28>] show_stack+0xc4/0xe0 [ 311.792650] [<80a56e58>] dump_stack+0x70/0xbc [ 311.797008] [<80033c14>] warn_slowpath_common+0x88/0xb8 [ 311.802224] [<80033cc8>] warn_slowpath_null+0x18/0x24 [ 311.807266] [<80606a3c>] s3c_hsotg_rx_data+0x130/0x13c [ 311.812397] [<8060afa4>] s3c_hsotg_irq+0x3b4/0x5e8 [ 311.817183] [<80082ab8>] handle_irq_event_percpu+0x90/0x2d0 [ 311.822745] [<80082d4c>] handle_irq_event+0x54/0x98 [ 311.827617] [<80086390>] handle_level_irq+0xe0/0x1c0 [ 311.832572] [<800820bc>] generic_handle_irq+0x3c/0x54 [ 311.837622] [<804bb680>] jz4740_cascade+0x78/0xac [ 311.842317] [<80082ab8>] handle_irq_event_percpu+0x90/0x2d0 [ 311.847881] [<80086d18>] handle_percpu_irq+0x8c/0xbc [ 311.852835] [<800820bc>] generic_handle_irq+0x3c/0x54 [ 311.857878] [<80016c8c>] do_IRQ+0x18/0x2c [ 311.861879] [<80014c40>] ret_from_irq+0x0/0x4 [ 311.866227] [<80016b20>] mips_cpuidle_wait_enter+0x14/0x34 [ 311.871713] [<806d37b0>] cpuidle_enter_state+0x88/0x2c0 [ 311.876934] [<80074308>] cpu_startup_entry+0x36c/0x484 [ 311.882074] [<80e7dc04>] start_kernel+0x4b8/0x4e0 [ 311.886767] [ 311.888253] --[ end trace dd7a60dcc5530db3 ]-- Change-Id: Ic8ac37a28913d4314371de0cd446f8a7cc45864d Signed-off-by: Dragan Cecavac <[email protected]>
gabrielesvelto
pushed a commit
to gabrielesvelto/CI20_linux
that referenced
this pull request
Dec 11, 2018
Before this patch, using multiple active endpoints would not be possible and would actually be canceling each other out. The issue was discovered on Android when combining adb, mtp and ptp configurations together. This patch introduces proper behaviour for these cases. Also, during the boot-up the following warning is no longer shown: [ 2.879328] ------------[ cut here ]------------ [ 2.883983] WARNING: CPU: 0 PID: 1 at drivers/usb/dwc2/gadget.c:212 s3c_hsotg_init_fifo+0x168/0x1d0() [ 2.893204] insufficient fifo memory [ 2.896602] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W 3.18.3+ MIPS#10 [ 2.904004] Stack : 00000000 800919a0 00000000 00000004 00000006 800913f4 00000000 00000000 00000000 00000000 80f75a12 00000042 80f75a12 00000042 00000006 00000000 80e42767 80d7c2e 00000001 00000000 80f73574 8bc90418 80ea0000 01000d00 80f06704 80b24c00 00000000 80035388 00000006 00000000 80d834a4 8bc99b04 8bc99b04 80e40000 00000000 00000000 00000000 00000000 00000000 00000000 ... [ 2.939709] Call Trace: [ 2.942174] [<8001bab0>] show_stack+0xd4/0xf0 [ 2.946528] [<80b26c40>] dump_stack+0x70/0xbc [ 2.950880] [<800356bc>] warn_slowpath_common+0x90/0xe8 [ 2.956116] [<80035808>] warn_slowpath_fmt+0x3c/0x48 [ 2.961075] [<8069b824>] s3c_hsotg_init_fifo+0x168/0x1d0 [ 2.966398] [<8069d8fc>] s3c_hsotg_init+0x50/0x9c [ 2.971095] [<806a0388>] dwc2_gadget_init+0x430/0x8c0 [ 2.976158] [<806a0df0>] dwc2_driver_probe+0x218/0x2a8 [ 2.981291] [<805b935c>] platform_drv_probe+0x64/0x120 [ 2.986440] [<805b783c>] really_probe+0xa0/0x278 [ 2.991050] [<805b7c78>] driver_probe_device+0x48/0x78 [ 2.996197] [<805b7d74>] __driver_attach+0xcc/0xd4 [ 3.000980] [<805b5b7c>] bus_for_each_dev+0x7c/0xc4 [ 3.005874] [<805b64f8>] bus_add_driver+0x180/0x240 [ 3.010743] [<805b8428>] driver_register+0xac/0x154 [ 3.015633] [<80ea9e04>] do_one_initcall+0x150/0x1f4 [ 3.020589] [<80eaa080>] kernel_init_freeable+0x1d8/0x298 [ 3.025998] [<80b23c5c>] kernel_init+0x28/0x158 [ 3.030522] [<800153ec>] ret_from_kernel_thread+0x14/0x1c [ 3.035926] [ 3.037412] ---[ end trace cb88537fdc8fa201 ]--- And during configuration transitions (e.g. adb -> mtp,adb) the following warning is no longer shown: [ 311.726159] -----------[ cut here ]----------- [ 311.730817] WARNING: CPU: 0 PID: 0 at drivers/usb/dwc2/gadget.c:1475 s3c_hsotg_rx_data+0x130/0x13c() [ 311.739931] Modules linked in: [ 311.742993] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 3.18.3+ MIPS#45 [ 311.750199] Stack : 00000000 80080370 00000000 00000004 00000006 00000000 00000000 00000000 00000000 00000000 80f05b02 00000042 80d61010 80e18e20 80d60000 8b408010 80e18927 80d0df6c 00000000 00000000 80f03614 80e18e20 80d60000 8b408010 00250182 80a54f54 80e20cc4 80e20cc8 00000000 00000000 80d14ab8 80dfbacc 80dfbacc 00000000 00000000 00000000 00000000 00000000 00000000 00000000 ... [ 311.785841] Call Trace: [ 311.788292] [<8001ac28>] show_stack+0xc4/0xe0 [ 311.792650] [<80a56e58>] dump_stack+0x70/0xbc [ 311.797008] [<80033c14>] warn_slowpath_common+0x88/0xb8 [ 311.802224] [<80033cc8>] warn_slowpath_null+0x18/0x24 [ 311.807266] [<80606a3c>] s3c_hsotg_rx_data+0x130/0x13c [ 311.812397] [<8060afa4>] s3c_hsotg_irq+0x3b4/0x5e8 [ 311.817183] [<80082ab8>] handle_irq_event_percpu+0x90/0x2d0 [ 311.822745] [<80082d4c>] handle_irq_event+0x54/0x98 [ 311.827617] [<80086390>] handle_level_irq+0xe0/0x1c0 [ 311.832572] [<800820bc>] generic_handle_irq+0x3c/0x54 [ 311.837622] [<804bb680>] jz4740_cascade+0x78/0xac [ 311.842317] [<80082ab8>] handle_irq_event_percpu+0x90/0x2d0 [ 311.847881] [<80086d18>] handle_percpu_irq+0x8c/0xbc [ 311.852835] [<800820bc>] generic_handle_irq+0x3c/0x54 [ 311.857878] [<80016c8c>] do_IRQ+0x18/0x2c [ 311.861879] [<80014c40>] ret_from_irq+0x0/0x4 [ 311.866227] [<80016b20>] mips_cpuidle_wait_enter+0x14/0x34 [ 311.871713] [<806d37b0>] cpuidle_enter_state+0x88/0x2c0 [ 311.876934] [<80074308>] cpu_startup_entry+0x36c/0x484 [ 311.882074] [<80e7dc04>] start_kernel+0x4b8/0x4e0 [ 311.886767] [ 311.888253] --[ end trace dd7a60dcc5530db3 ]-- Change-Id: Ic8ac37a28913d4314371de0cd446f8a7cc45864d Signed-off-by: Dragan Cecavac <[email protected]>
gabrielesvelto
pushed a commit
to gabrielesvelto/CI20_linux
that referenced
this pull request
Jan 1, 2019
Before this patch, using multiple active endpoints would not be possible and would actually be canceling each other out. The issue was discovered on Android when combining adb, mtp and ptp configurations together. This patch introduces proper behaviour for these cases. Also, during the boot-up the following warning is no longer shown: [ 2.879328] ------------[ cut here ]------------ [ 2.883983] WARNING: CPU: 0 PID: 1 at drivers/usb/dwc2/gadget.c:212 s3c_hsotg_init_fifo+0x168/0x1d0() [ 2.893204] insufficient fifo memory [ 2.896602] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W 3.18.3+ MIPS#10 [ 2.904004] Stack : 00000000 800919a0 00000000 00000004 00000006 800913f4 00000000 00000000 00000000 00000000 80f75a12 00000042 80f75a12 00000042 00000006 00000000 80e42767 80d7c2e 00000001 00000000 80f73574 8bc90418 80ea0000 01000d00 80f06704 80b24c00 00000000 80035388 00000006 00000000 80d834a4 8bc99b04 8bc99b04 80e40000 00000000 00000000 00000000 00000000 00000000 00000000 ... [ 2.939709] Call Trace: [ 2.942174] [<8001bab0>] show_stack+0xd4/0xf0 [ 2.946528] [<80b26c40>] dump_stack+0x70/0xbc [ 2.950880] [<800356bc>] warn_slowpath_common+0x90/0xe8 [ 2.956116] [<80035808>] warn_slowpath_fmt+0x3c/0x48 [ 2.961075] [<8069b824>] s3c_hsotg_init_fifo+0x168/0x1d0 [ 2.966398] [<8069d8fc>] s3c_hsotg_init+0x50/0x9c [ 2.971095] [<806a0388>] dwc2_gadget_init+0x430/0x8c0 [ 2.976158] [<806a0df0>] dwc2_driver_probe+0x218/0x2a8 [ 2.981291] [<805b935c>] platform_drv_probe+0x64/0x120 [ 2.986440] [<805b783c>] really_probe+0xa0/0x278 [ 2.991050] [<805b7c78>] driver_probe_device+0x48/0x78 [ 2.996197] [<805b7d74>] __driver_attach+0xcc/0xd4 [ 3.000980] [<805b5b7c>] bus_for_each_dev+0x7c/0xc4 [ 3.005874] [<805b64f8>] bus_add_driver+0x180/0x240 [ 3.010743] [<805b8428>] driver_register+0xac/0x154 [ 3.015633] [<80ea9e04>] do_one_initcall+0x150/0x1f4 [ 3.020589] [<80eaa080>] kernel_init_freeable+0x1d8/0x298 [ 3.025998] [<80b23c5c>] kernel_init+0x28/0x158 [ 3.030522] [<800153ec>] ret_from_kernel_thread+0x14/0x1c [ 3.035926] [ 3.037412] ---[ end trace cb88537fdc8fa201 ]--- And during configuration transitions (e.g. adb -> mtp,adb) the following warning is no longer shown: [ 311.726159] -----------[ cut here ]----------- [ 311.730817] WARNING: CPU: 0 PID: 0 at drivers/usb/dwc2/gadget.c:1475 s3c_hsotg_rx_data+0x130/0x13c() [ 311.739931] Modules linked in: [ 311.742993] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 3.18.3+ MIPS#45 [ 311.750199] Stack : 00000000 80080370 00000000 00000004 00000006 00000000 00000000 00000000 00000000 00000000 80f05b02 00000042 80d61010 80e18e20 80d60000 8b408010 80e18927 80d0df6c 00000000 00000000 80f03614 80e18e20 80d60000 8b408010 00250182 80a54f54 80e20cc4 80e20cc8 00000000 00000000 80d14ab8 80dfbacc 80dfbacc 00000000 00000000 00000000 00000000 00000000 00000000 00000000 ... [ 311.785841] Call Trace: [ 311.788292] [<8001ac28>] show_stack+0xc4/0xe0 [ 311.792650] [<80a56e58>] dump_stack+0x70/0xbc [ 311.797008] [<80033c14>] warn_slowpath_common+0x88/0xb8 [ 311.802224] [<80033cc8>] warn_slowpath_null+0x18/0x24 [ 311.807266] [<80606a3c>] s3c_hsotg_rx_data+0x130/0x13c [ 311.812397] [<8060afa4>] s3c_hsotg_irq+0x3b4/0x5e8 [ 311.817183] [<80082ab8>] handle_irq_event_percpu+0x90/0x2d0 [ 311.822745] [<80082d4c>] handle_irq_event+0x54/0x98 [ 311.827617] [<80086390>] handle_level_irq+0xe0/0x1c0 [ 311.832572] [<800820bc>] generic_handle_irq+0x3c/0x54 [ 311.837622] [<804bb680>] jz4740_cascade+0x78/0xac [ 311.842317] [<80082ab8>] handle_irq_event_percpu+0x90/0x2d0 [ 311.847881] [<80086d18>] handle_percpu_irq+0x8c/0xbc [ 311.852835] [<800820bc>] generic_handle_irq+0x3c/0x54 [ 311.857878] [<80016c8c>] do_IRQ+0x18/0x2c [ 311.861879] [<80014c40>] ret_from_irq+0x0/0x4 [ 311.866227] [<80016b20>] mips_cpuidle_wait_enter+0x14/0x34 [ 311.871713] [<806d37b0>] cpuidle_enter_state+0x88/0x2c0 [ 311.876934] [<80074308>] cpu_startup_entry+0x36c/0x484 [ 311.882074] [<80e7dc04>] start_kernel+0x4b8/0x4e0 [ 311.886767] [ 311.888253] --[ end trace dd7a60dcc5530db3 ]-- Change-Id: Ic8ac37a28913d4314371de0cd446f8a7cc45864d Signed-off-by: Dragan Cecavac <[email protected]>
gabrielesvelto
pushed a commit
to gabrielesvelto/CI20_linux
that referenced
this pull request
Jan 13, 2019
Before this patch, using multiple active endpoints would not be possible and would actually be canceling each other out. The issue was discovered on Android when combining adb, mtp and ptp configurations together. This patch introduces proper behaviour for these cases. Also, during the boot-up the following warning is no longer shown: [ 2.879328] ------------[ cut here ]------------ [ 2.883983] WARNING: CPU: 0 PID: 1 at drivers/usb/dwc2/gadget.c:212 s3c_hsotg_init_fifo+0x168/0x1d0() [ 2.893204] insufficient fifo memory [ 2.896602] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W 3.18.3+ MIPS#10 [ 2.904004] Stack : 00000000 800919a0 00000000 00000004 00000006 800913f4 00000000 00000000 00000000 00000000 80f75a12 00000042 80f75a12 00000042 00000006 00000000 80e42767 80d7c2e 00000001 00000000 80f73574 8bc90418 80ea0000 01000d00 80f06704 80b24c00 00000000 80035388 00000006 00000000 80d834a4 8bc99b04 8bc99b04 80e40000 00000000 00000000 00000000 00000000 00000000 00000000 ... [ 2.939709] Call Trace: [ 2.942174] [<8001bab0>] show_stack+0xd4/0xf0 [ 2.946528] [<80b26c40>] dump_stack+0x70/0xbc [ 2.950880] [<800356bc>] warn_slowpath_common+0x90/0xe8 [ 2.956116] [<80035808>] warn_slowpath_fmt+0x3c/0x48 [ 2.961075] [<8069b824>] s3c_hsotg_init_fifo+0x168/0x1d0 [ 2.966398] [<8069d8fc>] s3c_hsotg_init+0x50/0x9c [ 2.971095] [<806a0388>] dwc2_gadget_init+0x430/0x8c0 [ 2.976158] [<806a0df0>] dwc2_driver_probe+0x218/0x2a8 [ 2.981291] [<805b935c>] platform_drv_probe+0x64/0x120 [ 2.986440] [<805b783c>] really_probe+0xa0/0x278 [ 2.991050] [<805b7c78>] driver_probe_device+0x48/0x78 [ 2.996197] [<805b7d74>] __driver_attach+0xcc/0xd4 [ 3.000980] [<805b5b7c>] bus_for_each_dev+0x7c/0xc4 [ 3.005874] [<805b64f8>] bus_add_driver+0x180/0x240 [ 3.010743] [<805b8428>] driver_register+0xac/0x154 [ 3.015633] [<80ea9e04>] do_one_initcall+0x150/0x1f4 [ 3.020589] [<80eaa080>] kernel_init_freeable+0x1d8/0x298 [ 3.025998] [<80b23c5c>] kernel_init+0x28/0x158 [ 3.030522] [<800153ec>] ret_from_kernel_thread+0x14/0x1c [ 3.035926] [ 3.037412] ---[ end trace cb88537fdc8fa201 ]--- And during configuration transitions (e.g. adb -> mtp,adb) the following warning is no longer shown: [ 311.726159] -----------[ cut here ]----------- [ 311.730817] WARNING: CPU: 0 PID: 0 at drivers/usb/dwc2/gadget.c:1475 s3c_hsotg_rx_data+0x130/0x13c() [ 311.739931] Modules linked in: [ 311.742993] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 3.18.3+ MIPS#45 [ 311.750199] Stack : 00000000 80080370 00000000 00000004 00000006 00000000 00000000 00000000 00000000 00000000 80f05b02 00000042 80d61010 80e18e20 80d60000 8b408010 80e18927 80d0df6c 00000000 00000000 80f03614 80e18e20 80d60000 8b408010 00250182 80a54f54 80e20cc4 80e20cc8 00000000 00000000 80d14ab8 80dfbacc 80dfbacc 00000000 00000000 00000000 00000000 00000000 00000000 00000000 ... [ 311.785841] Call Trace: [ 311.788292] [<8001ac28>] show_stack+0xc4/0xe0 [ 311.792650] [<80a56e58>] dump_stack+0x70/0xbc [ 311.797008] [<80033c14>] warn_slowpath_common+0x88/0xb8 [ 311.802224] [<80033cc8>] warn_slowpath_null+0x18/0x24 [ 311.807266] [<80606a3c>] s3c_hsotg_rx_data+0x130/0x13c [ 311.812397] [<8060afa4>] s3c_hsotg_irq+0x3b4/0x5e8 [ 311.817183] [<80082ab8>] handle_irq_event_percpu+0x90/0x2d0 [ 311.822745] [<80082d4c>] handle_irq_event+0x54/0x98 [ 311.827617] [<80086390>] handle_level_irq+0xe0/0x1c0 [ 311.832572] [<800820bc>] generic_handle_irq+0x3c/0x54 [ 311.837622] [<804bb680>] jz4740_cascade+0x78/0xac [ 311.842317] [<80082ab8>] handle_irq_event_percpu+0x90/0x2d0 [ 311.847881] [<80086d18>] handle_percpu_irq+0x8c/0xbc [ 311.852835] [<800820bc>] generic_handle_irq+0x3c/0x54 [ 311.857878] [<80016c8c>] do_IRQ+0x18/0x2c [ 311.861879] [<80014c40>] ret_from_irq+0x0/0x4 [ 311.866227] [<80016b20>] mips_cpuidle_wait_enter+0x14/0x34 [ 311.871713] [<806d37b0>] cpuidle_enter_state+0x88/0x2c0 [ 311.876934] [<80074308>] cpu_startup_entry+0x36c/0x484 [ 311.882074] [<80e7dc04>] start_kernel+0x4b8/0x4e0 [ 311.886767] [ 311.888253] --[ end trace dd7a60dcc5530db3 ]-- Change-Id: Ic8ac37a28913d4314371de0cd446f8a7cc45864d Signed-off-by: Dragan Cecavac <[email protected]>
gabrielesvelto
pushed a commit
to gabrielesvelto/CI20_linux
that referenced
this pull request
Feb 1, 2019
Before this patch, using multiple active endpoints would not be possible and would actually be canceling each other out. The issue was discovered on Android when combining adb, mtp and ptp configurations together. This patch introduces proper behaviour for these cases. Also, during the boot-up the following warning is no longer shown: [ 2.879328] ------------[ cut here ]------------ [ 2.883983] WARNING: CPU: 0 PID: 1 at drivers/usb/dwc2/gadget.c:212 s3c_hsotg_init_fifo+0x168/0x1d0() [ 2.893204] insufficient fifo memory [ 2.896602] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W 3.18.3+ MIPS#10 [ 2.904004] Stack : 00000000 800919a0 00000000 00000004 00000006 800913f4 00000000 00000000 00000000 00000000 80f75a12 00000042 80f75a12 00000042 00000006 00000000 80e42767 80d7c2e 00000001 00000000 80f73574 8bc90418 80ea0000 01000d00 80f06704 80b24c00 00000000 80035388 00000006 00000000 80d834a4 8bc99b04 8bc99b04 80e40000 00000000 00000000 00000000 00000000 00000000 00000000 ... [ 2.939709] Call Trace: [ 2.942174] [<8001bab0>] show_stack+0xd4/0xf0 [ 2.946528] [<80b26c40>] dump_stack+0x70/0xbc [ 2.950880] [<800356bc>] warn_slowpath_common+0x90/0xe8 [ 2.956116] [<80035808>] warn_slowpath_fmt+0x3c/0x48 [ 2.961075] [<8069b824>] s3c_hsotg_init_fifo+0x168/0x1d0 [ 2.966398] [<8069d8fc>] s3c_hsotg_init+0x50/0x9c [ 2.971095] [<806a0388>] dwc2_gadget_init+0x430/0x8c0 [ 2.976158] [<806a0df0>] dwc2_driver_probe+0x218/0x2a8 [ 2.981291] [<805b935c>] platform_drv_probe+0x64/0x120 [ 2.986440] [<805b783c>] really_probe+0xa0/0x278 [ 2.991050] [<805b7c78>] driver_probe_device+0x48/0x78 [ 2.996197] [<805b7d74>] __driver_attach+0xcc/0xd4 [ 3.000980] [<805b5b7c>] bus_for_each_dev+0x7c/0xc4 [ 3.005874] [<805b64f8>] bus_add_driver+0x180/0x240 [ 3.010743] [<805b8428>] driver_register+0xac/0x154 [ 3.015633] [<80ea9e04>] do_one_initcall+0x150/0x1f4 [ 3.020589] [<80eaa080>] kernel_init_freeable+0x1d8/0x298 [ 3.025998] [<80b23c5c>] kernel_init+0x28/0x158 [ 3.030522] [<800153ec>] ret_from_kernel_thread+0x14/0x1c [ 3.035926] [ 3.037412] ---[ end trace cb88537fdc8fa201 ]--- And during configuration transitions (e.g. adb -> mtp,adb) the following warning is no longer shown: [ 311.726159] -----------[ cut here ]----------- [ 311.730817] WARNING: CPU: 0 PID: 0 at drivers/usb/dwc2/gadget.c:1475 s3c_hsotg_rx_data+0x130/0x13c() [ 311.739931] Modules linked in: [ 311.742993] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 3.18.3+ MIPS#45 [ 311.750199] Stack : 00000000 80080370 00000000 00000004 00000006 00000000 00000000 00000000 00000000 00000000 80f05b02 00000042 80d61010 80e18e20 80d60000 8b408010 80e18927 80d0df6c 00000000 00000000 80f03614 80e18e20 80d60000 8b408010 00250182 80a54f54 80e20cc4 80e20cc8 00000000 00000000 80d14ab8 80dfbacc 80dfbacc 00000000 00000000 00000000 00000000 00000000 00000000 00000000 ... [ 311.785841] Call Trace: [ 311.788292] [<8001ac28>] show_stack+0xc4/0xe0 [ 311.792650] [<80a56e58>] dump_stack+0x70/0xbc [ 311.797008] [<80033c14>] warn_slowpath_common+0x88/0xb8 [ 311.802224] [<80033cc8>] warn_slowpath_null+0x18/0x24 [ 311.807266] [<80606a3c>] s3c_hsotg_rx_data+0x130/0x13c [ 311.812397] [<8060afa4>] s3c_hsotg_irq+0x3b4/0x5e8 [ 311.817183] [<80082ab8>] handle_irq_event_percpu+0x90/0x2d0 [ 311.822745] [<80082d4c>] handle_irq_event+0x54/0x98 [ 311.827617] [<80086390>] handle_level_irq+0xe0/0x1c0 [ 311.832572] [<800820bc>] generic_handle_irq+0x3c/0x54 [ 311.837622] [<804bb680>] jz4740_cascade+0x78/0xac [ 311.842317] [<80082ab8>] handle_irq_event_percpu+0x90/0x2d0 [ 311.847881] [<80086d18>] handle_percpu_irq+0x8c/0xbc [ 311.852835] [<800820bc>] generic_handle_irq+0x3c/0x54 [ 311.857878] [<80016c8c>] do_IRQ+0x18/0x2c [ 311.861879] [<80014c40>] ret_from_irq+0x0/0x4 [ 311.866227] [<80016b20>] mips_cpuidle_wait_enter+0x14/0x34 [ 311.871713] [<806d37b0>] cpuidle_enter_state+0x88/0x2c0 [ 311.876934] [<80074308>] cpu_startup_entry+0x36c/0x484 [ 311.882074] [<80e7dc04>] start_kernel+0x4b8/0x4e0 [ 311.886767] [ 311.888253] --[ end trace dd7a60dcc5530db3 ]-- Change-Id: Ic8ac37a28913d4314371de0cd446f8a7cc45864d Signed-off-by: Dragan Cecavac <[email protected]>
gabrielesvelto
pushed a commit
to gabrielesvelto/CI20_linux
that referenced
this pull request
Feb 12, 2019
Before this patch, using multiple active endpoints would not be possible and would actually be canceling each other out. The issue was discovered on Android when combining adb, mtp and ptp configurations together. This patch introduces proper behaviour for these cases. Also, during the boot-up the following warning is no longer shown: [ 2.879328] ------------[ cut here ]------------ [ 2.883983] WARNING: CPU: 0 PID: 1 at drivers/usb/dwc2/gadget.c:212 s3c_hsotg_init_fifo+0x168/0x1d0() [ 2.893204] insufficient fifo memory [ 2.896602] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W 3.18.3+ MIPS#10 [ 2.904004] Stack : 00000000 800919a0 00000000 00000004 00000006 800913f4 00000000 00000000 00000000 00000000 80f75a12 00000042 80f75a12 00000042 00000006 00000000 80e42767 80d7c2e 00000001 00000000 80f73574 8bc90418 80ea0000 01000d00 80f06704 80b24c00 00000000 80035388 00000006 00000000 80d834a4 8bc99b04 8bc99b04 80e40000 00000000 00000000 00000000 00000000 00000000 00000000 ... [ 2.939709] Call Trace: [ 2.942174] [<8001bab0>] show_stack+0xd4/0xf0 [ 2.946528] [<80b26c40>] dump_stack+0x70/0xbc [ 2.950880] [<800356bc>] warn_slowpath_common+0x90/0xe8 [ 2.956116] [<80035808>] warn_slowpath_fmt+0x3c/0x48 [ 2.961075] [<8069b824>] s3c_hsotg_init_fifo+0x168/0x1d0 [ 2.966398] [<8069d8fc>] s3c_hsotg_init+0x50/0x9c [ 2.971095] [<806a0388>] dwc2_gadget_init+0x430/0x8c0 [ 2.976158] [<806a0df0>] dwc2_driver_probe+0x218/0x2a8 [ 2.981291] [<805b935c>] platform_drv_probe+0x64/0x120 [ 2.986440] [<805b783c>] really_probe+0xa0/0x278 [ 2.991050] [<805b7c78>] driver_probe_device+0x48/0x78 [ 2.996197] [<805b7d74>] __driver_attach+0xcc/0xd4 [ 3.000980] [<805b5b7c>] bus_for_each_dev+0x7c/0xc4 [ 3.005874] [<805b64f8>] bus_add_driver+0x180/0x240 [ 3.010743] [<805b8428>] driver_register+0xac/0x154 [ 3.015633] [<80ea9e04>] do_one_initcall+0x150/0x1f4 [ 3.020589] [<80eaa080>] kernel_init_freeable+0x1d8/0x298 [ 3.025998] [<80b23c5c>] kernel_init+0x28/0x158 [ 3.030522] [<800153ec>] ret_from_kernel_thread+0x14/0x1c [ 3.035926] [ 3.037412] ---[ end trace cb88537fdc8fa201 ]--- And during configuration transitions (e.g. adb -> mtp,adb) the following warning is no longer shown: [ 311.726159] -----------[ cut here ]----------- [ 311.730817] WARNING: CPU: 0 PID: 0 at drivers/usb/dwc2/gadget.c:1475 s3c_hsotg_rx_data+0x130/0x13c() [ 311.739931] Modules linked in: [ 311.742993] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 3.18.3+ MIPS#45 [ 311.750199] Stack : 00000000 80080370 00000000 00000004 00000006 00000000 00000000 00000000 00000000 00000000 80f05b02 00000042 80d61010 80e18e20 80d60000 8b408010 80e18927 80d0df6c 00000000 00000000 80f03614 80e18e20 80d60000 8b408010 00250182 80a54f54 80e20cc4 80e20cc8 00000000 00000000 80d14ab8 80dfbacc 80dfbacc 00000000 00000000 00000000 00000000 00000000 00000000 00000000 ... [ 311.785841] Call Trace: [ 311.788292] [<8001ac28>] show_stack+0xc4/0xe0 [ 311.792650] [<80a56e58>] dump_stack+0x70/0xbc [ 311.797008] [<80033c14>] warn_slowpath_common+0x88/0xb8 [ 311.802224] [<80033cc8>] warn_slowpath_null+0x18/0x24 [ 311.807266] [<80606a3c>] s3c_hsotg_rx_data+0x130/0x13c [ 311.812397] [<8060afa4>] s3c_hsotg_irq+0x3b4/0x5e8 [ 311.817183] [<80082ab8>] handle_irq_event_percpu+0x90/0x2d0 [ 311.822745] [<80082d4c>] handle_irq_event+0x54/0x98 [ 311.827617] [<80086390>] handle_level_irq+0xe0/0x1c0 [ 311.832572] [<800820bc>] generic_handle_irq+0x3c/0x54 [ 311.837622] [<804bb680>] jz4740_cascade+0x78/0xac [ 311.842317] [<80082ab8>] handle_irq_event_percpu+0x90/0x2d0 [ 311.847881] [<80086d18>] handle_percpu_irq+0x8c/0xbc [ 311.852835] [<800820bc>] generic_handle_irq+0x3c/0x54 [ 311.857878] [<80016c8c>] do_IRQ+0x18/0x2c [ 311.861879] [<80014c40>] ret_from_irq+0x0/0x4 [ 311.866227] [<80016b20>] mips_cpuidle_wait_enter+0x14/0x34 [ 311.871713] [<806d37b0>] cpuidle_enter_state+0x88/0x2c0 [ 311.876934] [<80074308>] cpu_startup_entry+0x36c/0x484 [ 311.882074] [<80e7dc04>] start_kernel+0x4b8/0x4e0 [ 311.886767] [ 311.888253] --[ end trace dd7a60dcc5530db3 ]-- Change-Id: Ic8ac37a28913d4314371de0cd446f8a7cc45864d Signed-off-by: Dragan Cecavac <[email protected]>
pcercuei
pushed a commit
to OpenDingux/linux
that referenced
this pull request
Feb 28, 2019
KASAN has found use-after-free in fixed_mdio_bus_init, commit 0c692d0 ("drivers/net/phy/mdio_bus.c: call put_device on device_register() failure") call put_device() while device_register() fails,give up the last reference to the device and allow mdiobus_release to be executed ,kfreeing the bus. However in most drives, mdiobus_free be called to free the bus while mdiobus_register fails. use-after-free occurs when access bus again, this patch revert it to let mdiobus_free free the bus. KASAN report details as below: BUG: KASAN: use-after-free in mdiobus_free+0x85/0x90 drivers/net/phy/mdio_bus.c:482 Read of size 4 at addr ffff8881dc824d78 by task syz-executor.0/3524 CPU: 1 PID: 3524 Comm: syz-executor.0 Not tainted 5.0.0-rc7+ MIPS#45 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xfa/0x1ce lib/dump_stack.c:113 print_address_description+0x65/0x270 mm/kasan/report.c:187 kasan_report+0x149/0x18d mm/kasan/report.c:317 mdiobus_free+0x85/0x90 drivers/net/phy/mdio_bus.c:482 fixed_mdio_bus_init+0x283/0x1000 [fixed_phy] ? 0xffffffffc0e40000 ? 0xffffffffc0e40000 ? 0xffffffffc0e40000 do_one_initcall+0xfa/0x5ca init/main.c:887 do_init_module+0x204/0x5f6 kernel/module.c:3460 load_module+0x66b2/0x8570 kernel/module.c:3808 __do_sys_finit_module+0x238/0x2a0 kernel/module.c:3902 do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x462e99 Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f6215c19c58 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 RAX: ffffffffffffffda RBX: 000000000073bf00 RCX: 0000000000462e99 RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 RBP: 00007f6215c19c70 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6215c1a6bc R13: 00000000004bcefb R14: 00000000006f7030 R15: 0000000000000004 Allocated by task 3524: set_track mm/kasan/common.c:85 [inline] __kasan_kmalloc.constprop.3+0xa0/0xd0 mm/kasan/common.c:496 kmalloc include/linux/slab.h:545 [inline] kzalloc include/linux/slab.h:740 [inline] mdiobus_alloc_size+0x54/0x1b0 drivers/net/phy/mdio_bus.c:143 fixed_mdio_bus_init+0x163/0x1000 [fixed_phy] do_one_initcall+0xfa/0x5ca init/main.c:887 do_init_module+0x204/0x5f6 kernel/module.c:3460 load_module+0x66b2/0x8570 kernel/module.c:3808 __do_sys_finit_module+0x238/0x2a0 kernel/module.c:3902 do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe Freed by task 3524: set_track mm/kasan/common.c:85 [inline] __kasan_slab_free+0x130/0x180 mm/kasan/common.c:458 slab_free_hook mm/slub.c:1409 [inline] slab_free_freelist_hook mm/slub.c:1436 [inline] slab_free mm/slub.c:2986 [inline] kfree+0xe1/0x270 mm/slub.c:3938 device_release+0x78/0x200 drivers/base/core.c:919 kobject_cleanup lib/kobject.c:662 [inline] kobject_release lib/kobject.c:691 [inline] kref_put include/linux/kref.h:67 [inline] kobject_put+0x146/0x240 lib/kobject.c:708 put_device+0x1c/0x30 drivers/base/core.c:2060 __mdiobus_register+0x483/0x560 drivers/net/phy/mdio_bus.c:382 fixed_mdio_bus_init+0x26b/0x1000 [fixed_phy] do_one_initcall+0xfa/0x5ca init/main.c:887 do_init_module+0x204/0x5f6 kernel/module.c:3460 load_module+0x66b2/0x8570 kernel/module.c:3808 __do_sys_finit_module+0x238/0x2a0 kernel/module.c:3902 do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe The buggy address belongs to the object at ffff8881dc824c80 which belongs to the cache kmalloc-2k of size 2048 The buggy address is located 248 bytes inside of 2048-byte region [ffff8881dc824c80, ffff8881dc825480) The buggy address belongs to the page: page:ffffea0007720800 count:1 mapcount:0 mapping:ffff8881f6c02800 index:0x0 compound_mapcount: 0 flags: 0x2fffc0000010200(slab|head) raw: 02fffc0000010200 0000000000000000 0000000500000001 ffff8881f6c02800 raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8881dc824c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8881dc824c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff8881dc824d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8881dc824d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8881dc824e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb Fixes: 0c692d0 ("drivers/net/phy/mdio_bus.c: call put_device on device_register() failure") Signed-off-by: YueHaibing <[email protected]> Reviewed-by: Andrew Lunn <[email protected]> Signed-off-by: David S. Miller <[email protected]>
pcercuei
pushed a commit
to OpenDingux/linux
that referenced
this pull request
Jun 2, 2019
KASAN reports this: BUG: KASAN: global-out-of-bounds in qedi_dbg_err+0xda/0x330 [qedi] Read of size 31 at addr ffffffffc12b0ae0 by task syz-executor.0/2429 CPU: 0 PID: 2429 Comm: syz-executor.0 Not tainted 5.0.0-rc7+ MIPS#45 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xfa/0x1ce lib/dump_stack.c:113 print_address_description+0x1c4/0x270 mm/kasan/report.c:187 kasan_report+0x149/0x18d mm/kasan/report.c:317 memcpy+0x1f/0x50 mm/kasan/common.c:130 qedi_dbg_err+0xda/0x330 [qedi] ? 0xffffffffc12d0000 qedi_init+0x118/0x1000 [qedi] ? 0xffffffffc12d0000 ? 0xffffffffc12d0000 ? 0xffffffffc12d0000 do_one_initcall+0xfa/0x5ca init/main.c:887 do_init_module+0x204/0x5f6 kernel/module.c:3460 load_module+0x66b2/0x8570 kernel/module.c:3808 __do_sys_finit_module+0x238/0x2a0 kernel/module.c:3902 do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x462e99 Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f2d57e55c58 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 RAX: ffffffffffffffda RBX: 000000000073bfa0 RCX: 0000000000462e99 RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000003 RBP: 00007f2d57e55c70 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f2d57e566bc R13: 00000000004bcefb R14: 00000000006f7030 R15: 0000000000000004 The buggy address belongs to the variable: __func__.67584+0x0/0xffffffffffffd520 [qedi] Memory state around the buggy address: ffffffffc12b0980: fa fa fa fa 00 04 fa fa fa fa fa fa 00 00 05 fa ffffffffc12b0a00: fa fa fa fa 00 00 04 fa fa fa fa fa 00 05 fa fa > ffffffffc12b0a80: fa fa fa fa 00 06 fa fa fa fa fa fa 00 02 fa fa ^ ffffffffc12b0b00: fa fa fa fa 00 00 04 fa fa fa fa fa 00 00 03 fa ffffffffc12b0b80: fa fa fa fa 00 00 02 fa fa fa fa fa 00 00 04 fa Currently the qedi_dbg_* family of functions can overrun the end of the source string if it is less than the destination buffer length because of the use of a fixed sized memcpy. Remove the memset/memcpy calls to nfunc and just use func instead as it is always a null terminated string. Reported-by: Hulk Robot <[email protected]> Fixes: ace7f46 ("scsi: qedi: Add QLogic FastLinQ offload iSCSI driver framework.") Signed-off-by: YueHaibing <[email protected]> Reviewed-by: Dan Carpenter <[email protected]> Signed-off-by: Martin K. Petersen <[email protected]>
nemunaire
pushed a commit
to nemunaire/CI20_linux
that referenced
this pull request
Jun 16, 2019
[ Upstream commit 58bdd54 ] KASAN report this: BUG: KASAN: null-ptr-deref in nfc_llcp_build_gb+0x37f/0x540 [nfc] Read of size 3 at addr 0000000000000000 by task syz-executor.0/5401 CPU: 0 PID: 5401 Comm: syz-executor.0 Not tainted 5.0.0-rc7+ MIPS#45 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xfa/0x1ce lib/dump_stack.c:113 kasan_report+0x171/0x18d mm/kasan/report.c:321 memcpy+0x1f/0x50 mm/kasan/common.c:130 nfc_llcp_build_gb+0x37f/0x540 [nfc] nfc_llcp_register_device+0x6eb/0xb50 [nfc] nfc_register_device+0x50/0x1d0 [nfc] nfcsim_device_new+0x394/0x67d [nfcsim] ? 0xffffffffc1080000 nfcsim_init+0x6b/0x1000 [nfcsim] do_one_initcall+0xfa/0x5ca init/main.c:887 do_init_module+0x204/0x5f6 kernel/module.c:3460 load_module+0x66b2/0x8570 kernel/module.c:3808 __do_sys_finit_module+0x238/0x2a0 kernel/module.c:3902 do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x462e99 Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f9cb79dcc58 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 RAX: ffffffffffffffda RBX: 000000000073bf00 RCX: 0000000000462e99 RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 RBP: 00007f9cb79dcc70 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9cb79dd6bc R13: 00000000004bcefb R14: 00000000006f7030 R15: 0000000000000004 nfc_llcp_build_tlv will return NULL on fails, caller should check it, otherwise will trigger a NULL dereference. Reported-by: Hulk Robot <[email protected]> Fixes: eda21f1 ("NFC: Set MIU and RW values from CONNECT and CC LLCP frames") Fixes: d646960 ("NFC: Initial LLCP support") Signed-off-by: YueHaibing <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
nemunaire
pushed a commit
to nemunaire/CI20_linux
that referenced
this pull request
Jun 16, 2019
[ Upstream commit 6ff7b06 ] KASAN has found use-after-free in fixed_mdio_bus_init, commit 0c692d0 ("drivers/net/phy/mdio_bus.c: call put_device on device_register() failure") call put_device() while device_register() fails,give up the last reference to the device and allow mdiobus_release to be executed ,kfreeing the bus. However in most drives, mdiobus_free be called to free the bus while mdiobus_register fails. use-after-free occurs when access bus again, this patch revert it to let mdiobus_free free the bus. KASAN report details as below: BUG: KASAN: use-after-free in mdiobus_free+0x85/0x90 drivers/net/phy/mdio_bus.c:482 Read of size 4 at addr ffff8881dc824d78 by task syz-executor.0/3524 CPU: 1 PID: 3524 Comm: syz-executor.0 Not tainted 5.0.0-rc7+ MIPS#45 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xfa/0x1ce lib/dump_stack.c:113 print_address_description+0x65/0x270 mm/kasan/report.c:187 kasan_report+0x149/0x18d mm/kasan/report.c:317 mdiobus_free+0x85/0x90 drivers/net/phy/mdio_bus.c:482 fixed_mdio_bus_init+0x283/0x1000 [fixed_phy] ? 0xffffffffc0e40000 ? 0xffffffffc0e40000 ? 0xffffffffc0e40000 do_one_initcall+0xfa/0x5ca init/main.c:887 do_init_module+0x204/0x5f6 kernel/module.c:3460 load_module+0x66b2/0x8570 kernel/module.c:3808 __do_sys_finit_module+0x238/0x2a0 kernel/module.c:3902 do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x462e99 Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f6215c19c58 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 RAX: ffffffffffffffda RBX: 000000000073bf00 RCX: 0000000000462e99 RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 RBP: 00007f6215c19c70 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6215c1a6bc R13: 00000000004bcefb R14: 00000000006f7030 R15: 0000000000000004 Allocated by task 3524: set_track mm/kasan/common.c:85 [inline] __kasan_kmalloc.constprop.3+0xa0/0xd0 mm/kasan/common.c:496 kmalloc include/linux/slab.h:545 [inline] kzalloc include/linux/slab.h:740 [inline] mdiobus_alloc_size+0x54/0x1b0 drivers/net/phy/mdio_bus.c:143 fixed_mdio_bus_init+0x163/0x1000 [fixed_phy] do_one_initcall+0xfa/0x5ca init/main.c:887 do_init_module+0x204/0x5f6 kernel/module.c:3460 load_module+0x66b2/0x8570 kernel/module.c:3808 __do_sys_finit_module+0x238/0x2a0 kernel/module.c:3902 do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe Freed by task 3524: set_track mm/kasan/common.c:85 [inline] __kasan_slab_free+0x130/0x180 mm/kasan/common.c:458 slab_free_hook mm/slub.c:1409 [inline] slab_free_freelist_hook mm/slub.c:1436 [inline] slab_free mm/slub.c:2986 [inline] kfree+0xe1/0x270 mm/slub.c:3938 device_release+0x78/0x200 drivers/base/core.c:919 kobject_cleanup lib/kobject.c:662 [inline] kobject_release lib/kobject.c:691 [inline] kref_put include/linux/kref.h:67 [inline] kobject_put+0x146/0x240 lib/kobject.c:708 put_device+0x1c/0x30 drivers/base/core.c:2060 __mdiobus_register+0x483/0x560 drivers/net/phy/mdio_bus.c:382 fixed_mdio_bus_init+0x26b/0x1000 [fixed_phy] do_one_initcall+0xfa/0x5ca init/main.c:887 do_init_module+0x204/0x5f6 kernel/module.c:3460 load_module+0x66b2/0x8570 kernel/module.c:3808 __do_sys_finit_module+0x238/0x2a0 kernel/module.c:3902 do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe The buggy address belongs to the object at ffff8881dc824c80 which belongs to the cache kmalloc-2k of size 2048 The buggy address is located 248 bytes inside of 2048-byte region [ffff8881dc824c80, ffff8881dc825480) The buggy address belongs to the page: page:ffffea0007720800 count:1 mapcount:0 mapping:ffff8881f6c02800 index:0x0 compound_mapcount: 0 flags: 0x2fffc0000010200(slab|head) raw: 02fffc0000010200 0000000000000000 0000000500000001 ffff8881f6c02800 raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8881dc824c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8881dc824c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff8881dc824d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8881dc824d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8881dc824e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb Fixes: 0c692d0 ("drivers/net/phy/mdio_bus.c: call put_device on device_register() failure") Signed-off-by: YueHaibing <[email protected]> Reviewed-by: Andrew Lunn <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
nemunaire
pushed a commit
to nemunaire/CI20_linux
that referenced
this pull request
Jun 16, 2019
[ Upstream commit 6377f78 ] KASAN report this: BUG: KASAN: use-after-free in pde_subdir_find+0x12d/0x150 fs/proc/generic.c:71 Read of size 8 at addr ffff8881f41fe5b0 by task syz-executor.0/2806 CPU: 0 PID: 2806 Comm: syz-executor.0 Not tainted 5.0.0-rc7+ MIPS#45 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xfa/0x1ce lib/dump_stack.c:113 print_address_description+0x65/0x270 mm/kasan/report.c:187 kasan_report+0x149/0x18d mm/kasan/report.c:317 pde_subdir_find+0x12d/0x150 fs/proc/generic.c:71 remove_proc_entry+0xe8/0x420 fs/proc/generic.c:667 atalk_proc_exit+0x18/0x820 [appletalk] atalk_exit+0xf/0x5a [appletalk] __do_sys_delete_module kernel/module.c:1018 [inline] __se_sys_delete_module kernel/module.c:961 [inline] __x64_sys_delete_module+0x3dc/0x5e0 kernel/module.c:961 do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x462e99 Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fb2de6b9c58 EFLAGS: 00000246 ORIG_RAX: 00000000000000b0 RAX: ffffffffffffffda RBX: 000000000073bf00 RCX: 0000000000462e99 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200001c0 RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb2de6ba6bc R13: 00000000004bccaa R14: 00000000006f6bc8 R15: 00000000ffffffff Allocated by task 2806: set_track mm/kasan/common.c:85 [inline] __kasan_kmalloc.constprop.3+0xa0/0xd0 mm/kasan/common.c:496 slab_post_alloc_hook mm/slab.h:444 [inline] slab_alloc_node mm/slub.c:2739 [inline] slab_alloc mm/slub.c:2747 [inline] kmem_cache_alloc+0xcf/0x250 mm/slub.c:2752 kmem_cache_zalloc include/linux/slab.h:730 [inline] __proc_create+0x30f/0xa20 fs/proc/generic.c:408 proc_mkdir_data+0x47/0x190 fs/proc/generic.c:469 0xffffffffc10c01bb 0xffffffffc10c0166 do_one_initcall+0xfa/0x5ca init/main.c:887 do_init_module+0x204/0x5f6 kernel/module.c:3460 load_module+0x66b2/0x8570 kernel/module.c:3808 __do_sys_finit_module+0x238/0x2a0 kernel/module.c:3902 do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe Freed by task 2806: set_track mm/kasan/common.c:85 [inline] __kasan_slab_free+0x130/0x180 mm/kasan/common.c:458 slab_free_hook mm/slub.c:1409 [inline] slab_free_freelist_hook mm/slub.c:1436 [inline] slab_free mm/slub.c:2986 [inline] kmem_cache_free+0xa6/0x2a0 mm/slub.c:3002 pde_put+0x6e/0x80 fs/proc/generic.c:647 remove_proc_entry+0x1d3/0x420 fs/proc/generic.c:684 0xffffffffc10c031c 0xffffffffc10c0166 do_one_initcall+0xfa/0x5ca init/main.c:887 do_init_module+0x204/0x5f6 kernel/module.c:3460 load_module+0x66b2/0x8570 kernel/module.c:3808 __do_sys_finit_module+0x238/0x2a0 kernel/module.c:3902 do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe The buggy address belongs to the object at ffff8881f41fe500 which belongs to the cache proc_dir_entry of size 256 The buggy address is located 176 bytes inside of 256-byte region [ffff8881f41fe500, ffff8881f41fe600) The buggy address belongs to the page: page:ffffea0007d07f80 count:1 mapcount:0 mapping:ffff8881f6e69a00 index:0x0 flags: 0x2fffc0000000200(slab) raw: 02fffc0000000200 dead000000000100 dead000000000200 ffff8881f6e69a00 raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8881f41fe480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc ffff8881f41fe500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff8881f41fe580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8881f41fe600: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb ffff8881f41fe680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb It should check the return value of atalk_proc_init fails, otherwise atalk_exit will trgger use-after-free in pde_subdir_find while unload the module.This patch fix error cleanup path of atalk_init Reported-by: Hulk Robot <[email protected]> Signed-off-by: YueHaibing <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
nemunaire
pushed a commit
to nemunaire/CI20_linux
that referenced
this pull request
Jun 16, 2019
Before this patch, using multiple active endpoints would not be possible and would actually be canceling each other out. The issue was discovered on Android when combining adb, mtp and ptp configurations together. This patch introduces proper behaviour for these cases. Also, during the boot-up the following warning is no longer shown: [ 2.879328] ------------[ cut here ]------------ [ 2.883983] WARNING: CPU: 0 PID: 1 at drivers/usb/dwc2/gadget.c:212 s3c_hsotg_init_fifo+0x168/0x1d0() [ 2.893204] insufficient fifo memory [ 2.896602] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W 3.18.3+ MIPS#10 [ 2.904004] Stack : 00000000 800919a0 00000000 00000004 00000006 800913f4 00000000 00000000 00000000 00000000 80f75a12 00000042 80f75a12 00000042 00000006 00000000 80e42767 80d7c2e 00000001 00000000 80f73574 8bc90418 80ea0000 01000d00 80f06704 80b24c00 00000000 80035388 00000006 00000000 80d834a4 8bc99b04 8bc99b04 80e40000 00000000 00000000 00000000 00000000 00000000 00000000 ... [ 2.939709] Call Trace: [ 2.942174] [<8001bab0>] show_stack+0xd4/0xf0 [ 2.946528] [<80b26c40>] dump_stack+0x70/0xbc [ 2.950880] [<800356bc>] warn_slowpath_common+0x90/0xe8 [ 2.956116] [<80035808>] warn_slowpath_fmt+0x3c/0x48 [ 2.961075] [<8069b824>] s3c_hsotg_init_fifo+0x168/0x1d0 [ 2.966398] [<8069d8fc>] s3c_hsotg_init+0x50/0x9c [ 2.971095] [<806a0388>] dwc2_gadget_init+0x430/0x8c0 [ 2.976158] [<806a0df0>] dwc2_driver_probe+0x218/0x2a8 [ 2.981291] [<805b935c>] platform_drv_probe+0x64/0x120 [ 2.986440] [<805b783c>] really_probe+0xa0/0x278 [ 2.991050] [<805b7c78>] driver_probe_device+0x48/0x78 [ 2.996197] [<805b7d74>] __driver_attach+0xcc/0xd4 [ 3.000980] [<805b5b7c>] bus_for_each_dev+0x7c/0xc4 [ 3.005874] [<805b64f8>] bus_add_driver+0x180/0x240 [ 3.010743] [<805b8428>] driver_register+0xac/0x154 [ 3.015633] [<80ea9e04>] do_one_initcall+0x150/0x1f4 [ 3.020589] [<80eaa080>] kernel_init_freeable+0x1d8/0x298 [ 3.025998] [<80b23c5c>] kernel_init+0x28/0x158 [ 3.030522] [<800153ec>] ret_from_kernel_thread+0x14/0x1c [ 3.035926] [ 3.037412] ---[ end trace cb88537fdc8fa201 ]--- And during configuration transitions (e.g. adb -> mtp,adb) the following warning is no longer shown: [ 311.726159] -----------[ cut here ]----------- [ 311.730817] WARNING: CPU: 0 PID: 0 at drivers/usb/dwc2/gadget.c:1475 s3c_hsotg_rx_data+0x130/0x13c() [ 311.739931] Modules linked in: [ 311.742993] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 3.18.3+ MIPS#45 [ 311.750199] Stack : 00000000 80080370 00000000 00000004 00000006 00000000 00000000 00000000 00000000 00000000 80f05b02 00000042 80d61010 80e18e20 80d60000 8b408010 80e18927 80d0df6c 00000000 00000000 80f03614 80e18e20 80d60000 8b408010 00250182 80a54f54 80e20cc4 80e20cc8 00000000 00000000 80d14ab8 80dfbacc 80dfbacc 00000000 00000000 00000000 00000000 00000000 00000000 00000000 ... [ 311.785841] Call Trace: [ 311.788292] [<8001ac28>] show_stack+0xc4/0xe0 [ 311.792650] [<80a56e58>] dump_stack+0x70/0xbc [ 311.797008] [<80033c14>] warn_slowpath_common+0x88/0xb8 [ 311.802224] [<80033cc8>] warn_slowpath_null+0x18/0x24 [ 311.807266] [<80606a3c>] s3c_hsotg_rx_data+0x130/0x13c [ 311.812397] [<8060afa4>] s3c_hsotg_irq+0x3b4/0x5e8 [ 311.817183] [<80082ab8>] handle_irq_event_percpu+0x90/0x2d0 [ 311.822745] [<80082d4c>] handle_irq_event+0x54/0x98 [ 311.827617] [<80086390>] handle_level_irq+0xe0/0x1c0 [ 311.832572] [<800820bc>] generic_handle_irq+0x3c/0x54 [ 311.837622] [<804bb680>] jz4740_cascade+0x78/0xac [ 311.842317] [<80082ab8>] handle_irq_event_percpu+0x90/0x2d0 [ 311.847881] [<80086d18>] handle_percpu_irq+0x8c/0xbc [ 311.852835] [<800820bc>] generic_handle_irq+0x3c/0x54 [ 311.857878] [<80016c8c>] do_IRQ+0x18/0x2c [ 311.861879] [<80014c40>] ret_from_irq+0x0/0x4 [ 311.866227] [<80016b20>] mips_cpuidle_wait_enter+0x14/0x34 [ 311.871713] [<806d37b0>] cpuidle_enter_state+0x88/0x2c0 [ 311.876934] [<80074308>] cpu_startup_entry+0x36c/0x484 [ 311.882074] [<80e7dc04>] start_kernel+0x4b8/0x4e0 [ 311.886767] [ 311.888253] --[ end trace dd7a60dcc5530db3 ]-- Change-Id: Ic8ac37a28913d4314371de0cd446f8a7cc45864d Signed-off-by: Dragan Cecavac <[email protected]>
gabrielesvelto
pushed a commit
to gabrielesvelto/CI20_linux
that referenced
this pull request
Jan 17, 2020
[ Upstream commit 58bdd54 ] KASAN report this: BUG: KASAN: null-ptr-deref in nfc_llcp_build_gb+0x37f/0x540 [nfc] Read of size 3 at addr 0000000000000000 by task syz-executor.0/5401 CPU: 0 PID: 5401 Comm: syz-executor.0 Not tainted 5.0.0-rc7+ MIPS#45 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xfa/0x1ce lib/dump_stack.c:113 kasan_report+0x171/0x18d mm/kasan/report.c:321 memcpy+0x1f/0x50 mm/kasan/common.c:130 nfc_llcp_build_gb+0x37f/0x540 [nfc] nfc_llcp_register_device+0x6eb/0xb50 [nfc] nfc_register_device+0x50/0x1d0 [nfc] nfcsim_device_new+0x394/0x67d [nfcsim] ? 0xffffffffc1080000 nfcsim_init+0x6b/0x1000 [nfcsim] do_one_initcall+0xfa/0x5ca init/main.c:887 do_init_module+0x204/0x5f6 kernel/module.c:3460 load_module+0x66b2/0x8570 kernel/module.c:3808 __do_sys_finit_module+0x238/0x2a0 kernel/module.c:3902 do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x462e99 Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f9cb79dcc58 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 RAX: ffffffffffffffda RBX: 000000000073bf00 RCX: 0000000000462e99 RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 RBP: 00007f9cb79dcc70 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9cb79dd6bc R13: 00000000004bcefb R14: 00000000006f7030 R15: 0000000000000004 nfc_llcp_build_tlv will return NULL on fails, caller should check it, otherwise will trigger a NULL dereference. Reported-by: Hulk Robot <[email protected]> Fixes: eda21f1 ("NFC: Set MIU and RW values from CONNECT and CC LLCP frames") Fixes: d646960 ("NFC: Initial LLCP support") Signed-off-by: YueHaibing <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
gabrielesvelto
pushed a commit
to gabrielesvelto/CI20_linux
that referenced
this pull request
Jan 17, 2020
[ Upstream commit 6ff7b06 ] KASAN has found use-after-free in fixed_mdio_bus_init, commit 0c692d0 ("drivers/net/phy/mdio_bus.c: call put_device on device_register() failure") call put_device() while device_register() fails,give up the last reference to the device and allow mdiobus_release to be executed ,kfreeing the bus. However in most drives, mdiobus_free be called to free the bus while mdiobus_register fails. use-after-free occurs when access bus again, this patch revert it to let mdiobus_free free the bus. KASAN report details as below: BUG: KASAN: use-after-free in mdiobus_free+0x85/0x90 drivers/net/phy/mdio_bus.c:482 Read of size 4 at addr ffff8881dc824d78 by task syz-executor.0/3524 CPU: 1 PID: 3524 Comm: syz-executor.0 Not tainted 5.0.0-rc7+ MIPS#45 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xfa/0x1ce lib/dump_stack.c:113 print_address_description+0x65/0x270 mm/kasan/report.c:187 kasan_report+0x149/0x18d mm/kasan/report.c:317 mdiobus_free+0x85/0x90 drivers/net/phy/mdio_bus.c:482 fixed_mdio_bus_init+0x283/0x1000 [fixed_phy] ? 0xffffffffc0e40000 ? 0xffffffffc0e40000 ? 0xffffffffc0e40000 do_one_initcall+0xfa/0x5ca init/main.c:887 do_init_module+0x204/0x5f6 kernel/module.c:3460 load_module+0x66b2/0x8570 kernel/module.c:3808 __do_sys_finit_module+0x238/0x2a0 kernel/module.c:3902 do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x462e99 Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f6215c19c58 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 RAX: ffffffffffffffda RBX: 000000000073bf00 RCX: 0000000000462e99 RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 RBP: 00007f6215c19c70 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6215c1a6bc R13: 00000000004bcefb R14: 00000000006f7030 R15: 0000000000000004 Allocated by task 3524: set_track mm/kasan/common.c:85 [inline] __kasan_kmalloc.constprop.3+0xa0/0xd0 mm/kasan/common.c:496 kmalloc include/linux/slab.h:545 [inline] kzalloc include/linux/slab.h:740 [inline] mdiobus_alloc_size+0x54/0x1b0 drivers/net/phy/mdio_bus.c:143 fixed_mdio_bus_init+0x163/0x1000 [fixed_phy] do_one_initcall+0xfa/0x5ca init/main.c:887 do_init_module+0x204/0x5f6 kernel/module.c:3460 load_module+0x66b2/0x8570 kernel/module.c:3808 __do_sys_finit_module+0x238/0x2a0 kernel/module.c:3902 do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe Freed by task 3524: set_track mm/kasan/common.c:85 [inline] __kasan_slab_free+0x130/0x180 mm/kasan/common.c:458 slab_free_hook mm/slub.c:1409 [inline] slab_free_freelist_hook mm/slub.c:1436 [inline] slab_free mm/slub.c:2986 [inline] kfree+0xe1/0x270 mm/slub.c:3938 device_release+0x78/0x200 drivers/base/core.c:919 kobject_cleanup lib/kobject.c:662 [inline] kobject_release lib/kobject.c:691 [inline] kref_put include/linux/kref.h:67 [inline] kobject_put+0x146/0x240 lib/kobject.c:708 put_device+0x1c/0x30 drivers/base/core.c:2060 __mdiobus_register+0x483/0x560 drivers/net/phy/mdio_bus.c:382 fixed_mdio_bus_init+0x26b/0x1000 [fixed_phy] do_one_initcall+0xfa/0x5ca init/main.c:887 do_init_module+0x204/0x5f6 kernel/module.c:3460 load_module+0x66b2/0x8570 kernel/module.c:3808 __do_sys_finit_module+0x238/0x2a0 kernel/module.c:3902 do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe The buggy address belongs to the object at ffff8881dc824c80 which belongs to the cache kmalloc-2k of size 2048 The buggy address is located 248 bytes inside of 2048-byte region [ffff8881dc824c80, ffff8881dc825480) The buggy address belongs to the page: page:ffffea0007720800 count:1 mapcount:0 mapping:ffff8881f6c02800 index:0x0 compound_mapcount: 0 flags: 0x2fffc0000010200(slab|head) raw: 02fffc0000010200 0000000000000000 0000000500000001 ffff8881f6c02800 raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8881dc824c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff8881dc824c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff8881dc824d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8881dc824d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8881dc824e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb Fixes: 0c692d0 ("drivers/net/phy/mdio_bus.c: call put_device on device_register() failure") Signed-off-by: YueHaibing <[email protected]> Reviewed-by: Andrew Lunn <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
gabrielesvelto
pushed a commit
to gabrielesvelto/CI20_linux
that referenced
this pull request
Jan 17, 2020
[ Upstream commit 6377f78 ] KASAN report this: BUG: KASAN: use-after-free in pde_subdir_find+0x12d/0x150 fs/proc/generic.c:71 Read of size 8 at addr ffff8881f41fe5b0 by task syz-executor.0/2806 CPU: 0 PID: 2806 Comm: syz-executor.0 Not tainted 5.0.0-rc7+ MIPS#45 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xfa/0x1ce lib/dump_stack.c:113 print_address_description+0x65/0x270 mm/kasan/report.c:187 kasan_report+0x149/0x18d mm/kasan/report.c:317 pde_subdir_find+0x12d/0x150 fs/proc/generic.c:71 remove_proc_entry+0xe8/0x420 fs/proc/generic.c:667 atalk_proc_exit+0x18/0x820 [appletalk] atalk_exit+0xf/0x5a [appletalk] __do_sys_delete_module kernel/module.c:1018 [inline] __se_sys_delete_module kernel/module.c:961 [inline] __x64_sys_delete_module+0x3dc/0x5e0 kernel/module.c:961 do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x462e99 Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fb2de6b9c58 EFLAGS: 00000246 ORIG_RAX: 00000000000000b0 RAX: ffffffffffffffda RBX: 000000000073bf00 RCX: 0000000000462e99 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000200001c0 RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb2de6ba6bc R13: 00000000004bccaa R14: 00000000006f6bc8 R15: 00000000ffffffff Allocated by task 2806: set_track mm/kasan/common.c:85 [inline] __kasan_kmalloc.constprop.3+0xa0/0xd0 mm/kasan/common.c:496 slab_post_alloc_hook mm/slab.h:444 [inline] slab_alloc_node mm/slub.c:2739 [inline] slab_alloc mm/slub.c:2747 [inline] kmem_cache_alloc+0xcf/0x250 mm/slub.c:2752 kmem_cache_zalloc include/linux/slab.h:730 [inline] __proc_create+0x30f/0xa20 fs/proc/generic.c:408 proc_mkdir_data+0x47/0x190 fs/proc/generic.c:469 0xffffffffc10c01bb 0xffffffffc10c0166 do_one_initcall+0xfa/0x5ca init/main.c:887 do_init_module+0x204/0x5f6 kernel/module.c:3460 load_module+0x66b2/0x8570 kernel/module.c:3808 __do_sys_finit_module+0x238/0x2a0 kernel/module.c:3902 do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe Freed by task 2806: set_track mm/kasan/common.c:85 [inline] __kasan_slab_free+0x130/0x180 mm/kasan/common.c:458 slab_free_hook mm/slub.c:1409 [inline] slab_free_freelist_hook mm/slub.c:1436 [inline] slab_free mm/slub.c:2986 [inline] kmem_cache_free+0xa6/0x2a0 mm/slub.c:3002 pde_put+0x6e/0x80 fs/proc/generic.c:647 remove_proc_entry+0x1d3/0x420 fs/proc/generic.c:684 0xffffffffc10c031c 0xffffffffc10c0166 do_one_initcall+0xfa/0x5ca init/main.c:887 do_init_module+0x204/0x5f6 kernel/module.c:3460 load_module+0x66b2/0x8570 kernel/module.c:3808 __do_sys_finit_module+0x238/0x2a0 kernel/module.c:3902 do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe The buggy address belongs to the object at ffff8881f41fe500 which belongs to the cache proc_dir_entry of size 256 The buggy address is located 176 bytes inside of 256-byte region [ffff8881f41fe500, ffff8881f41fe600) The buggy address belongs to the page: page:ffffea0007d07f80 count:1 mapcount:0 mapping:ffff8881f6e69a00 index:0x0 flags: 0x2fffc0000000200(slab) raw: 02fffc0000000200 dead000000000100 dead000000000200 ffff8881f6e69a00 raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8881f41fe480: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc ffff8881f41fe500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff8881f41fe580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8881f41fe600: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb ffff8881f41fe680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb It should check the return value of atalk_proc_init fails, otherwise atalk_exit will trgger use-after-free in pde_subdir_find while unload the module.This patch fix error cleanup path of atalk_init Reported-by: Hulk Robot <[email protected]> Signed-off-by: YueHaibing <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Sasha Levin <[email protected]>
pcercuei
pushed a commit
to OpenDingux/linux
that referenced
this pull request
Jan 19, 2021
While mounting a crafted image provided by user, kernel panics due to the invalid chunk item whose end is less than start. [66.387422] loop: module loaded [66.389773] loop0: detected capacity change from 262144 to 0 [66.427708] BTRFS: device fsid a62e00e8-e94e-4200-8217-12444de93c2e devid 1 transid 12 /dev/loop0 scanned by mount (613) [66.431061] BTRFS info (device loop0): disk space caching is enabled [66.431078] BTRFS info (device loop0): has skinny extents [66.437101] BTRFS error: insert state: end < start 29360127 37748736 [66.437136] ------------[ cut here ]------------ [66.437140] WARNING: CPU: 16 PID: 613 at fs/btrfs/extent_io.c:557 insert_state.cold+0x1a/0x46 [btrfs] [66.437369] CPU: 16 PID: 613 Comm: mount Tainted: G O 5.11.0-rc1-custom MIPS#45 [66.437374] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ArchLinux 1.14.0-1 04/01/2014 [66.437378] RIP: 0010:insert_state.cold+0x1a/0x46 [btrfs] [66.437420] RSP: 0018:ffff93e5414c3908 EFLAGS: 00010286 [66.437427] RAX: 0000000000000000 RBX: 0000000001bfffff RCX: 0000000000000000 [66.437431] RDX: 0000000000000000 RSI: ffffffffb90d4660 RDI: 00000000ffffffff [66.437434] RBP: ffff93e5414c3938 R08: 0000000000000001 R09: 0000000000000001 [66.437438] R10: ffff93e5414c3658 R11: 0000000000000000 R12: ffff8ec782d72aa0 [66.437441] R13: ffff8ec78bc71628 R14: 0000000000000000 R15: 0000000002400000 [66.437447] FS: 00007f01386a8580(0000) GS:ffff8ec809000000(0000) knlGS:0000000000000000 [66.437451] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [66.437455] CR2: 00007f01382fa000 CR3: 0000000109a34000 CR4: 0000000000750ee0 [66.437460] PKRU: 55555554 [66.437464] Call Trace: [66.437475] set_extent_bit+0x652/0x740 [btrfs] [66.437539] set_extent_bits_nowait+0x1d/0x20 [btrfs] [66.437576] add_extent_mapping+0x1e0/0x2f0 [btrfs] [66.437621] read_one_chunk+0x33c/0x420 [btrfs] [66.437674] btrfs_read_chunk_tree+0x6a4/0x870 [btrfs] [66.437708] ? kvm_sched_clock_read+0x18/0x40 [66.437739] open_ctree+0xb32/0x1734 [btrfs] [66.437781] ? bdi_register_va+0x1b/0x20 [66.437788] ? super_setup_bdi_name+0x79/0xd0 [66.437810] btrfs_mount_root.cold+0x12/0xeb [btrfs] [66.437854] ? __kmalloc_track_caller+0x217/0x3b0 [66.437873] legacy_get_tree+0x34/0x60 [66.437880] vfs_get_tree+0x2d/0xc0 [66.437888] vfs_kern_mount.part.0+0x78/0xc0 [66.437897] vfs_kern_mount+0x13/0x20 [66.437902] btrfs_mount+0x11f/0x3c0 [btrfs] [66.437940] ? kfree+0x5ff/0x670 [66.437944] ? __kmalloc_track_caller+0x217/0x3b0 [66.437962] legacy_get_tree+0x34/0x60 [66.437974] vfs_get_tree+0x2d/0xc0 [66.437983] path_mount+0x48c/0xd30 [66.437998] __x64_sys_mount+0x108/0x140 [66.438011] do_syscall_64+0x38/0x50 [66.438018] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [66.438023] RIP: 0033:0x7f0138827f6e [66.438033] RSP: 002b:00007ffecd79edf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [66.438040] RAX: ffffffffffffffda RBX: 00007f013894c264 RCX: 00007f0138827f6e [66.438044] RDX: 00005593a4a41360 RSI: 00005593a4a33690 RDI: 00005593a4a3a6c0 [66.438047] RBP: 00005593a4a33440 R08: 0000000000000000 R09: 0000000000000001 [66.438050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [66.438054] R13: 00005593a4a3a6c0 R14: 00005593a4a41360 R15: 00005593a4a33440 [66.438078] irq event stamp: 18169 [66.438082] hardirqs last enabled at (18175): [<ffffffffb81154bf>] console_unlock+0x4ff/0x5f0 [66.438088] hardirqs last disabled at (18180): [<ffffffffb8115427>] console_unlock+0x467/0x5f0 [66.438092] softirqs last enabled at (16910): [<ffffffffb8a00fe2>] asm_call_irq_on_stack+0x12/0x20 [66.438097] softirqs last disabled at (16905): [<ffffffffb8a00fe2>] asm_call_irq_on_stack+0x12/0x20 [66.438103] ---[ end trace e114b111db64298b ]--- [66.438107] BTRFS error: found node 12582912 29360127 on insert of 37748736 29360127 [66.438127] BTRFS critical: panic in extent_io_tree_panic:679: locking error: extent tree was modified by another thread while locked (errno=-17 Object already exists) [66.441069] ------------[ cut here ]------------ [66.441072] kernel BUG at fs/btrfs/extent_io.c:679! [66.442064] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI [66.443018] CPU: 16 PID: 613 Comm: mount Tainted: G W O 5.11.0-rc1-custom MIPS#45 [66.444538] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ArchLinux 1.14.0-1 04/01/2014 [66.446223] RIP: 0010:extent_io_tree_panic.isra.0+0x23/0x25 [btrfs] [66.450878] RSP: 0018:ffff93e5414c3948 EFLAGS: 00010246 [66.451840] RAX: 0000000000000000 RBX: 0000000001bfffff RCX: 0000000000000000 [66.453141] RDX: 0000000000000000 RSI: ffffffffb90d4660 RDI: 00000000ffffffff [66.454445] RBP: ffff93e5414c3948 R08: 0000000000000001 R09: 0000000000000001 [66.455743] R10: ffff93e5414c3658 R11: 0000000000000000 R12: ffff8ec782d728c0 [66.457055] R13: ffff8ec78bc71628 R14: ffff8ec782d72aa0 R15: 0000000002400000 [66.458356] FS: 00007f01386a8580(0000) GS:ffff8ec809000000(0000) knlGS:0000000000000000 [66.459841] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [66.460895] CR2: 00007f01382fa000 CR3: 0000000109a34000 CR4: 0000000000750ee0 [66.462196] PKRU: 55555554 [66.462692] Call Trace: [66.463139] set_extent_bit.cold+0x30/0x98 [btrfs] [66.464049] set_extent_bits_nowait+0x1d/0x20 [btrfs] [66.490466] add_extent_mapping+0x1e0/0x2f0 [btrfs] [66.514097] read_one_chunk+0x33c/0x420 [btrfs] [66.534976] btrfs_read_chunk_tree+0x6a4/0x870 [btrfs] [66.555718] ? kvm_sched_clock_read+0x18/0x40 [66.575758] open_ctree+0xb32/0x1734 [btrfs] [66.595272] ? bdi_register_va+0x1b/0x20 [66.614638] ? super_setup_bdi_name+0x79/0xd0 [66.633809] btrfs_mount_root.cold+0x12/0xeb [btrfs] [66.652938] ? __kmalloc_track_caller+0x217/0x3b0 [66.671925] legacy_get_tree+0x34/0x60 [66.690300] vfs_get_tree+0x2d/0xc0 [66.708221] vfs_kern_mount.part.0+0x78/0xc0 [66.725808] vfs_kern_mount+0x13/0x20 [66.742730] btrfs_mount+0x11f/0x3c0 [btrfs] [66.759350] ? kfree+0x5ff/0x670 [66.775441] ? __kmalloc_track_caller+0x217/0x3b0 [66.791750] legacy_get_tree+0x34/0x60 [66.807494] vfs_get_tree+0x2d/0xc0 [66.823349] path_mount+0x48c/0xd30 [66.838753] __x64_sys_mount+0x108/0x140 [66.854412] do_syscall_64+0x38/0x50 [66.869673] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [66.885093] RIP: 0033:0x7f0138827f6e [66.945613] RSP: 002b:00007ffecd79edf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [66.977214] RAX: ffffffffffffffda RBX: 00007f013894c264 RCX: 00007f0138827f6e [66.994266] RDX: 00005593a4a41360 RSI: 00005593a4a33690 RDI: 00005593a4a3a6c0 [67.011544] RBP: 00005593a4a33440 R08: 0000000000000000 R09: 0000000000000001 [67.028836] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [67.045812] R13: 00005593a4a3a6c0 R14: 00005593a4a41360 R15: 00005593a4a33440 [67.216138] ---[ end trace e114b111db64298c ]--- [67.237089] RIP: 0010:extent_io_tree_panic.isra.0+0x23/0x25 [btrfs] [67.325317] RSP: 0018:ffff93e5414c3948 EFLAGS: 00010246 [67.347946] RAX: 0000000000000000 RBX: 0000000001bfffff RCX: 0000000000000000 [67.371343] RDX: 0000000000000000 RSI: ffffffffb90d4660 RDI: 00000000ffffffff [67.394757] RBP: ffff93e5414c3948 R08: 0000000000000001 R09: 0000000000000001 [67.418409] R10: ffff93e5414c3658 R11: 0000000000000000 R12: ffff8ec782d728c0 [67.441906] R13: ffff8ec78bc71628 R14: ffff8ec782d72aa0 R15: 0000000002400000 [67.465436] FS: 00007f01386a8580(0000) GS:ffff8ec809000000(0000) knlGS:0000000000000000 [67.511660] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [67.535047] CR2: 00007f01382fa000 CR3: 0000000109a34000 CR4: 0000000000750ee0 [67.558449] PKRU: 55555554 [67.581146] note: mount[613] exited with preempt_count 2 The image has a chunk item which has a logical start 37748736 and length 18446744073701163008 (-8M). The calculated end 29360127 overflows. EEXIST was caught by insert_state() because of the duplicate end and extent_io_tree_panic() was called. Add overflow check of chunk item end to tree checker so it can be detected early at mount time. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=208929 CC: [email protected] # 4.19+ Reviewed-by: Anand Jain <[email protected]> Signed-off-by: Su Yue <[email protected]> Reviewed-by: David Sterba <[email protected]> Signed-off-by: David Sterba <[email protected]>
pcercuei
pushed a commit
to OpenDingux/linux
that referenced
this pull request
Apr 12, 2021
xdp_return_frame() may be called outside of NAPI context to return xdpf back to page_pool. xdp_return_frame() calls __xdp_return() with napi_direct = false. For page_pool memory model, __xdp_return() calls xdp_return_frame_no_direct() unconditionally and below false negative kernel BUG throw happened under preempt-rt build: [ 430.450355] BUG: using smp_processor_id() in preemptible [00000000] code: modprobe/3884 [ 430.451678] caller is __xdp_return+0x1ff/0x2e0 [ 430.452111] CPU: 0 PID: 3884 Comm: modprobe Tainted: G U E 5.12.0-rc2+ MIPS#45 Changes in v2: - This patch fixes the issue by making xdp_return_frame_no_direct() is only called if napi_direct = true, as recommended for better by Jesper Dangaard Brouer. Thanks! Fixes: 2539650 ("xdp: Helpers for disabling napi_direct of xdp_return_frame") Signed-off-by: Ong Boon Leong <[email protected]> Acked-by: Jesper Dangaard Brouer <[email protected]> Signed-off-by: David S. Miller <[email protected]>
pcercuei
pushed a commit
to OpenDingux/linux
that referenced
this pull request
Jun 11, 2021
In 'rp2_probe', the driver registers 'rp2_uart_interrupt' then calls 'rp2_fw_cb' through 'request_firmware_nowait'. In 'rp2_fw_cb', if the firmware don't exists, function just return without initializing ports of 'rp2_card'. But now the interrupt handler function has been registered, and when an interrupt comes, 'rp2_uart_interrupt' may access those ports then causing NULL pointer dereference or other bugs. Because the driver does some initialization work in 'rp2_fw_cb', in order to make the driver ready to handle interrupts, 'request_firmware' should be used instead of asynchronous 'request_firmware_nowait'. This report reveals it: INFO: trying to register non-static key. the code is fine but needs lockdep annotation. turning off the locking correctness validator. CPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.19.177-gdba4159c14ef-dirty MIPS#45 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59- gc9ba5276e321-prebuilt.qemu.org 04/01/2014 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xec/0x156 lib/dump_stack.c:118 assign_lock_key kernel/locking/lockdep.c:727 [inline] register_lock_class+0x14e5/0x1ba0 kernel/locking/lockdep.c:753 __lock_acquire+0x187/0x3750 kernel/locking/lockdep.c:3303 lock_acquire+0x124/0x340 kernel/locking/lockdep.c:3907 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x32/0x50 kernel/locking/spinlock.c:144 spin_lock include/linux/spinlock.h:329 [inline] rp2_ch_interrupt drivers/tty/serial/rp2.c:466 [inline] rp2_asic_interrupt.isra.9+0x15d/0x990 drivers/tty/serial/rp2.c:493 rp2_uart_interrupt+0x49/0xe0 drivers/tty/serial/rp2.c:504 __handle_irq_event_percpu+0xfb/0x770 kernel/irq/handle.c:149 handle_irq_event_percpu+0x79/0x150 kernel/irq/handle.c:189 handle_irq_event+0xac/0x140 kernel/irq/handle.c:206 handle_fasteoi_irq+0x232/0x5c0 kernel/irq/chip.c:725 generic_handle_irq_desc include/linux/irqdesc.h:155 [inline] handle_irq+0x230/0x3a0 arch/x86/kernel/irq_64.c:87 do_IRQ+0xa7/0x1e0 arch/x86/kernel/irq.c:247 common_interrupt+0xf/0xf arch/x86/entry/entry_64.S:670 </IRQ> RIP: 0010:native_safe_halt+0x28/0x30 arch/x86/include/asm/irqflags.h:61 Code: 00 00 55 be 04 00 00 00 48 c7 c7 00 c2 2f 8c 48 89 e5 e8 fb 31 e7 f8 8b 05 75 af 8d 03 85 c0 7e 07 0f 00 2d 8a 61 65 00 fb f4 <5d> c3 90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 RSP: 0018:ffff88806b71fcc8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffde RAX: 0000000000000000 RBX: ffffffff8bde7e48 RCX: ffffffff88a21285 RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff8c2fc200 RBP: ffff88806b71fcc8 R08: fffffbfff185f840 R09: fffffbfff185f840 R10: 0000000000000001 R11: fffffbfff185f840 R12: 0000000000000002 R13: ffffffff8bea18a0 R14: 0000000000000000 R15: 0000000000000000 arch_safe_halt arch/x86/include/asm/paravirt.h:94 [inline] default_idle+0x6f/0x360 arch/x86/kernel/process.c:557 arch_cpu_idle+0xf/0x20 arch/x86/kernel/process.c:548 default_idle_call+0x3b/0x60 kernel/sched/idle.c:93 cpuidle_idle_call kernel/sched/idle.c:153 [inline] do_idle+0x2ab/0x3c0 kernel/sched/idle.c:263 cpu_startup_entry+0xcb/0xe0 kernel/sched/idle.c:369 start_secondary+0x3b8/0x4e0 arch/x86/kernel/smpboot.c:271 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243 BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 PGD 8000000056d27067 P4D 8000000056d27067 PUD 56d28067 PMD 0 Oops: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.19.177-gdba4159c14ef-dirty MIPS#45 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59- gc9ba5276e321-prebuilt.qemu.org 04/01/2014 RIP: 0010:readl arch/x86/include/asm/io.h:59 [inline] RIP: 0010:rp2_ch_interrupt drivers/tty/serial/rp2.c:472 [inline] RIP: 0010:rp2_asic_interrupt.isra.9+0x181/0x990 drivers/tty/serial/rp2.c: 493 Code: df e8 43 5d c2 05 48 8d 83 e8 01 00 00 48 89 85 60 ff ff ff 48 c1 e8 03 42 80 3c 30 00 0f 85 aa 07 00 00 48 8b 83 e8 01 00 00 <8b> 40 10 89 c1 89 85 68 ff ff ff 48 8b 83 e8 01 00 00 89 48 10 83 RSP: 0018:ffff88806c287cd0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff88806ade6820 RCX: ffffffff814300b1 RDX: 1ffff1100d5bcd06 RSI: 0000000000000004 RDI: ffff88806ade6820 RBP: ffff88806c287db8 R08: ffffed100d5bcd05 R09: ffffed100d5bcd05 R10: 0000000000000001 R11: ffffed100d5bcd04 R12: ffffc90001e00000 R13: ffff888069654e10 R14: dffffc0000000000 R15: ffff888069654df0 FS: 0000000000000000(0000) GS:ffff88806c280000(0000) knlGS: 0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000010 CR3: 000000006892c000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <IRQ> rp2_uart_interrupt+0x49/0xe0 drivers/tty/serial/rp2.c:504 __handle_irq_event_percpu+0xfb/0x770 kernel/irq/handle.c:149 handle_irq_event_percpu+0x79/0x150 kernel/irq/handle.c:189 handle_irq_event+0xac/0x140 kernel/irq/handle.c:206 handle_fasteoi_irq+0x232/0x5c0 kernel/irq/chip.c:725 generic_handle_irq_desc include/linux/irqdesc.h:155 [inline] handle_irq+0x230/0x3a0 arch/x86/kernel/irq_64.c:87 do_IRQ+0xa7/0x1e0 arch/x86/kernel/irq.c:247 common_interrupt+0xf/0xf arch/x86/entry/entry_64.S:670 </IRQ> RIP: 0010:native_safe_halt+0x28/0x30 arch/x86/include/asm/irqflags.h:61 Code: 00 00 55 be 04 00 00 00 48 c7 c7 00 c2 2f 8c 48 89 e5 e8 fb 31 e7 f8 8b 05 75 af 8d 03 85 c0 7e 07 0f 00 2d 8a 61 65 00 fb f4 <5d> c3 90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 RSP: 0018:ffff88806b71fcc8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffde RAX: 0000000000000000 RBX: ffffffff8bde7e48 RCX: ffffffff88a21285 RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff8c2fc200 RBP: ffff88806b71fcc8 R08: fffffbfff185f840 R09: fffffbfff185f840 R10: 0000000000000001 R11: fffffbfff185f840 R12: 0000000000000002 R13: ffffffff8bea18a0 R14: 0000000000000000 R15: 0000000000000000 arch_safe_halt arch/x86/include/asm/paravirt.h:94 [inline] default_idle+0x6f/0x360 arch/x86/kernel/process.c:557 arch_cpu_idle+0xf/0x20 arch/x86/kernel/process.c:548 default_idle_call+0x3b/0x60 kernel/sched/idle.c:93 cpuidle_idle_call kernel/sched/idle.c:153 [inline] do_idle+0x2ab/0x3c0 kernel/sched/idle.c:263 cpu_startup_entry+0xcb/0xe0 kernel/sched/idle.c:369 start_secondary+0x3b8/0x4e0 arch/x86/kernel/smpboot.c:271 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243 Modules linked in: Dumping ftrace buffer: (ftrace buffer empty) CR2: 0000000000000010 ---[ end trace 11804dbb55cb1a64 ]--- RIP: 0010:readl arch/x86/include/asm/io.h:59 [inline] RIP: 0010:rp2_ch_interrupt drivers/tty/serial/rp2.c:472 [inline] RIP: 0010:rp2_asic_interrupt.isra.9+0x181/0x990 drivers/tty/serial/rp2.c: 493 Code: df e8 43 5d c2 05 48 8d 83 e8 01 00 00 48 89 85 60 ff ff ff 48 c1 e8 03 42 80 3c 30 00 0f 85 aa 07 00 00 48 8b 83 e8 01 00 00 <8b> 40 10 89 c1 89 85 68 ff ff ff 48 8b 83 e8 01 00 00 89 48 10 83 RSP: 0018:ffff88806c287cd0 EFLAGS: 00010046 RAX: 0000000000000000 RBX: ffff88806ade6820 RCX: ffffffff814300b1 RDX: 1ffff1100d5bcd06 RSI: 0000000000000004 RDI: ffff88806ade6820 RBP: ffff88806c287db8 R08: ffffed100d5bcd05 R09: ffffed100d5bcd05 R10: 0000000000000001 R11: ffffed100d5bcd04 R12: ffffc90001e00000 R13: ffff888069654e10 R14: dffffc0000000000 R15: ffff888069654df0 FS: 0000000000000000(0000) GS:ffff88806c280000(0000) knlGS: 0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000010 CR3: 000000006892c000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Reported-by: Zheyu Ma <[email protected]> Signed-off-by: Zheyu Ma <[email protected]> Link: https://lore.kernel.org/r/[email protected] Cc: stable <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]>
pcercuei
pushed a commit
to OpenDingux/linux
that referenced
this pull request
Jun 11, 2021
Commit c7a2190 ("ice: Remove xsk_buff_pool from VSI structure") silently introduced a regression and broke the Tx side of AF_XDP in copy mode. xsk_pool on ice_ring is set only based on the existence of the XDP prog on the VSI which in turn picks ice_clean_tx_irq_zc to be executed. That is not something that should happen for copy mode as it should use the regular data path ice_clean_tx_irq. This results in a following splat when xdpsock is run in txonly or l2fwd scenarios in copy mode: <snip> [ 106.050195] BUG: kernel NULL pointer dereference, address: 0000000000000030 [ 106.057269] #PF: supervisor read access in kernel mode [ 106.062493] #PF: error_code(0x0000) - not-present page [ 106.067709] PGD 0 P4D 0 [ 106.070293] Oops: 0000 [#1] PREEMPT SMP NOPTI [ 106.074721] CPU: 61 PID: 0 Comm: swapper/61 Not tainted 5.12.0-rc2+ MIPS#45 [ 106.081436] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019 [ 106.092027] RIP: 0010:xp_raw_get_dma+0x36/0x50 [ 106.096551] Code: 74 14 48 b8 ff ff ff ff ff ff 00 00 48 21 f0 48 c1 ee 30 48 01 c6 48 8b 87 90 00 00 00 48 89 f2 81 e6 ff 0f 00 00 48 c1 ea 0c <48> 8b 04 d0 48 83 e0 fe 48 01 f0 c3 66 66 2e 0f 1f 84 00 00 00 00 [ 106.115588] RSP: 0018:ffffc9000d694e50 EFLAGS: 00010206 [ 106.120893] RAX: 0000000000000000 RBX: ffff88984b8c8a00 RCX: ffff889852581800 [ 106.128137] RDX: 0000000000000006 RSI: 0000000000000000 RDI: ffff88984cd8b800 [ 106.135383] RBP: ffff888123b50001 R08: ffff889896800000 R09: 0000000000000800 [ 106.142628] R10: 0000000000000000 R11: ffffffff826060c0 R12: 00000000000000ff [ 106.149872] R13: 0000000000000000 R14: 0000000000000040 R15: ffff888123b50018 [ 106.157117] FS: 0000000000000000(0000) GS:ffff8897e0f40000(0000) knlGS:0000000000000000 [ 106.165332] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 106.171163] CR2: 0000000000000030 CR3: 000000000560a004 CR4: 00000000007706e0 [ 106.178408] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 106.185653] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 106.192898] PKRU: 55555554 [ 106.195653] Call Trace: [ 106.198143] <IRQ> [ 106.200196] ice_clean_tx_irq_zc+0x183/0x2a0 [ice] [ 106.205087] ice_napi_poll+0x3e/0x590 [ice] [ 106.209356] __napi_poll+0x2a/0x160 [ 106.212911] net_rx_action+0xd6/0x200 [ 106.216634] __do_softirq+0xbf/0x29b [ 106.220274] irq_exit_rcu+0x88/0xc0 [ 106.223819] common_interrupt+0x7b/0xa0 [ 106.227719] </IRQ> [ 106.229857] asm_common_interrupt+0x1e/0x40 </snip> Fix this by introducing the bitmap of queues that are zero-copy enabled, where each bit, corresponding to a queue id that xsk pool is being configured on, will be set/cleared within ice_xsk_pool_{en,dis}able and checked within ice_xsk_pool(). The latter is a function used for deciding which napi poll routine is executed. Idea is being taken from our other drivers such as i40e and ixgbe. Fixes: c7a2190 ("ice: Remove xsk_buff_pool from VSI structure") Signed-off-by: Maciej Fijalkowski <[email protected]> Tested-by: Kiran Bhandare <[email protected]> Signed-off-by: Tony Nguyen <[email protected]>
pcercuei
pushed a commit
to OpenDingux/linux
that referenced
this pull request
Nov 29, 2023
There is a UAF when xfstests on cifs: BUG: KASAN: use-after-free in smb2_is_network_name_deleted+0x27/0x160 Read of size 4 at addr ffff88810103fc08 by task cifsd/923 CPU: 1 PID: 923 Comm: cifsd Not tainted 6.1.0-rc4+ MIPS#45 ... Call Trace: <TASK> dump_stack_lvl+0x34/0x44 print_report+0x171/0x472 kasan_report+0xad/0x130 kasan_check_range+0x145/0x1a0 smb2_is_network_name_deleted+0x27/0x160 cifs_demultiplex_thread.cold+0x172/0x5a4 kthread+0x165/0x1a0 ret_from_fork+0x1f/0x30 </TASK> Allocated by task 923: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 __kasan_slab_alloc+0x54/0x60 kmem_cache_alloc+0x147/0x320 mempool_alloc+0xe1/0x260 cifs_small_buf_get+0x24/0x60 allocate_buffers+0xa1/0x1c0 cifs_demultiplex_thread+0x199/0x10d0 kthread+0x165/0x1a0 ret_from_fork+0x1f/0x30 Freed by task 921: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 kasan_save_free_info+0x2a/0x40 ____kasan_slab_free+0x143/0x1b0 kmem_cache_free+0xe3/0x4d0 cifs_small_buf_release+0x29/0x90 SMB2_negotiate+0x8b7/0x1c60 smb2_negotiate+0x51/0x70 cifs_negotiate_protocol+0xf0/0x160 cifs_get_smb_ses+0x5fa/0x13c0 mount_get_conns+0x7a/0x750 cifs_mount+0x103/0xd00 cifs_smb3_do_mount+0x1dd/0xcb0 smb3_get_tree+0x1d5/0x300 vfs_get_tree+0x41/0xf0 path_mount+0x9b3/0xdd0 __x64_sys_mount+0x190/0x1d0 do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 The UAF is because: mount(pid: 921) | cifsd(pid: 923) -------------------------------|------------------------------- | cifs_demultiplex_thread SMB2_negotiate | cifs_send_recv | compound_send_recv | smb_send_rqst | wait_for_response | wait_event_state [1] | | standard_receive3 | cifs_handle_standard | handle_mid | mid->resp_buf = buf; [2] | dequeue_mid [3] KILL the process [4] | resp_iov[i].iov_base = buf | free_rsp_buf [5] | | is_network_name_deleted [6] | callback 1. After send request to server, wait the response until mid->mid_state != SUBMITTED; 2. Receive response from server, and set it to mid; 3. Set the mid state to RECEIVED; 4. Kill the process, the mid state already RECEIVED, get 0; 5. Handle and release the negotiate response; 6. UAF. It can be easily reproduce with add some delay in [3] - [6]. Only sync call has the problem since async call's callback is executed in cifsd process. Add an extra state to mark the mid state to READY before wakeup the waitter, then it can get the resp safely. Fixes: ec637e3 ("[CIFS] Avoid extra large buffer allocation (and memcpy) in cifs_readpages") Reviewed-by: Paulo Alcantara (SUSE) <[email protected]> Signed-off-by: Zhang Xiaoxu <[email protected]> Signed-off-by: Steve French <[email protected]>
pcercuei
pushed a commit
to OpenDingux/linux
that referenced
this pull request
Nov 29, 2023
rtnl_offload_xstats_get_size_hw_s_info_one() conditionalizes the size-computation for IFLA_OFFLOAD_XSTATS_HW_S_INFO_USED based on whether or not the device has offload_xstats enabled. However, rtnl_offload_xstats_fill_hw_s_info_one() is adding the u8 for that field uncondtionally. syzkaller triggered a WARNING in rtnl_stats_get due to this: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 754 at net/core/rtnetlink.c:5982 rtnl_stats_get+0x2f4/0x300 Modules linked in: CPU: 0 PID: 754 Comm: syz-executor148 Not tainted 6.6.0-rc2-g331b78eb12af MIPS#45 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014 RIP: 0010:rtnl_stats_get+0x2f4/0x300 net/core/rtnetlink.c:5982 Code: ff ff 89 ee e8 7d 72 50 ff 83 fd a6 74 17 e8 33 6e 50 ff 4c 89 ef be 02 00 00 00 e8 86 00 fa ff e9 7b fe ff ff e8 1c 6e 50 ff <0f> 0b eb e5 e8 73 79 7b 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 RSP: 0018:ffffc900006837c0 EFLAGS: 00010293 RAX: ffffffff81cf7f24 RBX: ffff8881015d9000 RCX: ffff888101815a00 RDX: 0000000000000000 RSI: 00000000ffffffa6 RDI: 00000000ffffffa6 RBP: 00000000ffffffa6 R08: ffffffff81cf7f03 R09: 0000000000000001 R10: ffff888101ba47b9 R11: ffff888101815a00 R12: ffff8881017dae00 R13: ffff8881017dad00 R14: ffffc90000683ab8 R15: ffffffff83c1f740 FS: 00007fbc22dbc740(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000046 CR3: 000000010264e003 CR4: 0000000000170ef0 Call Trace: <TASK> rtnetlink_rcv_msg+0x677/0x710 net/core/rtnetlink.c:6480 netlink_rcv_skb+0xea/0x1c0 net/netlink/af_netlink.c:2545 netlink_unicast+0x430/0x500 net/netlink/af_netlink.c:1342 netlink_sendmsg+0x4fc/0x620 net/netlink/af_netlink.c:1910 sock_sendmsg+0xa8/0xd0 net/socket.c:730 ____sys_sendmsg+0x22a/0x320 net/socket.c:2541 ___sys_sendmsg+0x143/0x190 net/socket.c:2595 __x64_sys_sendmsg+0xd8/0x150 net/socket.c:2624 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x47/0xa0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 RIP: 0033:0x7fbc22e8d6a9 Code: 5c c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 4f 37 0d 00 f7 d8 64 89 01 48 RSP: 002b:00007ffc4320e778 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00000000004007d0 RCX: 00007fbc22e8d6a9 RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 RBP: 0000000000000001 R08: 0000000000000000 R09: 00000000004007d0 R10: 0000000000000008 R11: 0000000000000246 R12: 00007ffc4320e898 R13: 00007ffc4320e8a8 R14: 00000000004004a0 R15: 00007fbc22fa5a80 </TASK> ---[ end trace 0000000000000000 ]--- Which didn't happen prior to commit bf9f1ba ("net: add dedicated kmem_cache for typical/small skb->head") as the skb always was large enough. Fixes: 0e7788f ("net: rtnetlink: Add UAPI for obtaining L3 offload xstats") Signed-off-by: Christoph Paasch <[email protected]> Reviewed-by: Petr Machata <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Jakub Kicinski <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Cherry pick some cache flushing fixes from the Android branch which fix some issues with JIT compilation.
The first patch in this series is cherry picked from upstream to fix a build failure with newer versions of Perl which I had to pull in to be able to build 3.0.8.