1. 09 5月, 2017 16 次提交
  2. 06 5月, 2017 2 次提交
    • R
      net: alx: handle pci_alloc_irq_vectors return correctly · 2c041afc
      Rakesh Pandit 提交于
      It was introduced while switching to pci_alloc_irq_vectors recently
      and fixes:
      
      [   60.527052] alx 0000:03:00.0 enp3s0: Enabling MSI-X interrupts failed!
      [   60.529323] BUG: unable to handle kernel NULL pointer dereference at 00000000000000b8
      [   60.531589] IP: alx_alloc_napis+0xe6/0x1e0 [alx]
      [   60.533831] PGD 0
      [   60.533833] P4D 0
      
      [   60.540559] Oops: 0002 [#1] SMP
      [   60.542759] Modules linked in: ebtables ip6table_filter ip6_tables.....
      [   60.549990]  drm_kms_helper drm crc32c_intel alx serio_raw mdio wmi video i2c_hid uas usb_storage
      [   60.551404] CPU: 0 PID: 999 Comm: NetworkManager Not tainted 4.11.0+ #1
      [   60.552813] Hardware name: Acer Predator G9-591/Mustang_SLS, BIOS V1.10 03/03/2016
      [   60.554219] task: ffff8804ae833c00 task.stack: ffffc90003eec000
      [   60.555383] RIP: 0010:alx_alloc_napis+0xe6/0x1e0 [alx]
      [   60.556615] RSP: 0018:ffffc90003eef660 EFLAGS: 00010286
      [   60.557787] RAX: ffff8804962835a0 RBX: ffff8804aee8a8c0 RCX: 0000000000000000
      [   60.558987] RDX: 0000000000000060 RSI: 0000000000000000 RDI: ffff880496283600
      [   60.559979] RBP: ffffc90003eef688 R08: ffff8804c1c1e7e0 R09: ffff8804962835a0
      [   60.560978] R10: ffff8804962835a0 R11: 0000000000000102 R12: 0000000000000000
      [   60.561974] R13: 0000000000000000 R14: ffff8804aee8aaf0 R15: ffffffffa0052ea0
      [   60.562974] FS:  00007f1cecbc9940(0000) GS:ffff8804c1c00000(0000) knlGS:0000000000000000
      [   60.564003] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [   60.564884] CR2: 00000000000000b8 CR3: 0000000496025000 CR4: 00000000003406f0
      [   60.565782] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      [   60.566676] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      [   60.567560] Call Trace:
      [   60.568500]  __alx_open+0xa2/0x570 [alx]
      [   60.569355]  ? notifier_call_chain+0x4a/0x70
      [   60.570144]  alx_open+0x17/0x20 [alx]
      [   60.570909]  __dev_open+0xc6/0x140
      [   60.571682]  ? _raw_spin_unlock_bh+0x1a/0x20
      [   60.572469]  __dev_change_flags+0x9d/0x160
      [   60.573252]  dev_change_flags+0x29/0x60
      [   60.574070]  do_setlink+0x32e/0xc90
      [   60.574815]  ? ttwu_do_activate+0x77/0x80
      [   60.575544]  ? drm_fb_helper_dirty.isra.17+0xc7/0xe0 [drm_kms_helper]
      [   60.576273]  ? drm_fb_helper_cfb_imageblit+0x30/0x40 [drm_kms_helper]
      [   60.577004]  ? bit_putcs+0x2f7/0x560
      [   60.577729]  ? nla_parse+0x35/0x140
      [   60.578518]  rtnl_newlink+0x7d3/0x900
      [   60.579280]  ? security_capset+0x30/0x80
      [   60.580029]  ? ns_capable_common+0x68/0x80
      [   60.580747]  ? ns_capable+0x13/0x20
      [   60.581453]  rtnetlink_rcv_msg+0xee/0x220
      [   60.582198]  ? rtnl_newlink+0x900/0x900
      [   60.582909]  netlink_rcv_skb+0xe7/0x120
      [   60.583601]  rtnetlink_rcv+0x28/0x30
      [   60.584303]  netlink_unicast+0x18c/0x220
      [   60.585002]  netlink_sendmsg+0x2ba/0x3b0
      [   60.585703]  sock_sendmsg+0x38/0x50
      [   60.586436]  ___sys_sendmsg+0x2b6/0x2d0
      [   60.587123]  ? lockref_put_or_lock+0x5e/0x80
      [   60.587822]  ? dput+0x155/0x1d0
      [   60.588518]  ? mntput+0x24/0x40
      [   60.589215]  __sys_sendmsg+0x54/0x90
      [   60.589907]  ? __sys_sendmsg+0x54/0x90
      [   60.590627]  SyS_sendmsg+0x12/0x20
      [   60.591333]  entry_SYSCALL_64_fastpath+0x1a/0xa5
      [   60.592021] RIP: 0033:0x7f1ceb44e3b0
      [   60.592697] RSP: 002b:00007fffd7f0a2d0 EFLAGS: 00000293 ORIG_RAX: 000000000000002e
      [   60.593385] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1ceb44e3b0
      [   60.594107] RDX: 0000000000000000 RSI: 00007fffd7f0a380 RDI: 000000000000000c
      [   60.594798] RBP: 00007fffd7f0a800 R08: 0000000000000000 R09: 0000000000000000
      [   60.595502] R10: 0000564ffbae6e20 R11: 0000000000000293 R12: 0000000000000001
      [   60.596200] R13: 0000000000000002 R14: 0000000000000010 R15: 00007fffd7f0a4d0
      [   60.596899] Code: ed 85 c9 0f 8f ec 00 00 00 48 8b 3d 9d 97 1a e2 ba 50 00 00 00 be c0 80 40 01 4c 8b a3 30 02 00 00 e8 ff e5 1d e1 48 85 c0 74 a3 <49> 89 84 24 b8 00 00 00 48 8b 93 30 02 00 00 48 8b 4b 08 48 89
      [   60.597642] RIP: alx_alloc_napis+0xe6/0x1e0 [alx] RSP: ffffc90003eef660
      [   60.598427] CR2: 00000000000000b8
      
      Fixes: f3297f68 ("net: alx: switch to pci_alloc_irq_vectors")
      Signed-off-by: NRakesh Pandit <rakesh@tuxera.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      2c041afc
    • E
      tcp: randomize timestamps on syncookies · 84b114b9
      Eric Dumazet 提交于
      Whole point of randomization was to hide server uptime, but an attacker
      can simply start a syn flood and TCP generates 'old style' timestamps,
      directly revealing server jiffies value.
      
      Also, TSval sent by the server to a particular remote address vary
      depending on syncookies being sent or not, potentially triggering PAWS
      drops for innocent clients.
      
      Lets implement proper randomization, including for SYNcookies.
      
      Also we do not need to export sysctl_tcp_timestamps, since it is not
      used from a module.
      
      In v2, I added Florian feedback and contribution, adding tsoff to
      tcp_get_cookie_sock().
      
      v3 removed one unused variable in tcp_v4_connect() as Florian spotted.
      
      Fixes: 95a22cae ("tcp: randomize tcp timestamp offsets for each connection")
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Reviewed-by: NFlorian Westphal <fw@strlen.de>
      Tested-by: NFlorian Westphal <fw@strlen.de>
      Cc: Yuchung Cheng <ycheng@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      84b114b9
  3. 05 5月, 2017 16 次提交
    • T
      bridge: netlink: account for IFLA_BRPORT_{B, M}CAST_FLOOD size and policy · 9051247d
      Tobias Klauser 提交于
      The attribute sizes for IFLA_BRPORT_MCAST_FLOOD and
      IFLA_BRPORT_BCAST_FLOOD weren't accounted for in br_port_info_size()
      when they were added. Do so now and also add the corresponding policy
      entries:
      
      Cc: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
      Cc: Mike Manning <mmanning@brocade.com>
      Fixes: b6cb5ac8 ("net: bridge: add per-port multicast flood flag")
      Fixes: 99f906e9 ("bridge: add per-port broadcast flood flag")
      Signed-off-by: NTobias Klauser <tklauser@distanz.ch>
      Acked-by: NNikolay Aleksandrov <nikolay@cumulusnetworks.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      9051247d
    • L
      Merge tag 'char-misc-4.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · af82455f
      Linus Torvalds 提交于
      Pull char/misc driver updates from Greg KH:
       "Here is the big set of new char/misc driver drivers and features for
        4.12-rc1.
      
        There's lots of new drivers added this time around, new firmware
        drivers from Google, more auxdisplay drivers, extcon drivers, fpga
        drivers, and a bunch of other driver updates. Nothing major, except if
        you happen to have the hardware for these drivers, and then you will
        be happy :)
      
        All of these have been in linux-next for a while with no reported
        issues"
      
      * tag 'char-misc-4.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (136 commits)
        firmware: google memconsole: Fix return value check in platform_memconsole_init()
        firmware: Google VPD: Fix return value check in vpd_platform_init()
        goldfish_pipe: fix build warning about using too much stack.
        goldfish_pipe: An implementation of more parallel pipe
        fpga fr br: update supported version numbers
        fpga: region: release FPGA region reference in error path
        fpga altera-hps2fpga: disable/unprepare clock on error in alt_fpga_bridge_probe()
        mei: drop the TODO from samples
        firmware: Google VPD sysfs driver
        firmware: Google VPD: import lib_vpd source files
        misc: lkdtm: Add volatile to intentional NULL pointer reference
        eeprom: idt_89hpesx: Add OF device ID table
        misc: ds1682: Add OF device ID table
        misc: tsl2550: Add OF device ID table
        w1: Remove unneeded use of assert() and remove w1_log.h
        w1: Use kernel common min() implementation
        uio_mf624: Align memory regions to page size and set correct offsets
        uio_mf624: Refactor memory info initialization
        uio: Allow handling of non page-aligned memory regions
        hangcheck-timer: Fix typo in comment
        ...
      af82455f
    • L
      Merge tag 'driver-core-4.12-rc1' of... · 0be75179
      Linus Torvalds 提交于
      Merge tag 'driver-core-4.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
      
      Pull driver core updates from Greg KH:
       "Very tiny pull request for 4.12-rc1 for the driver core this time
        around.
      
        There are some documentation fixes, an eventpoll.h fixup to make it
        easier for the libc developers to take our header files directly, and
        some very minor driver core fixes and changes.
      
        All have been in linux-next for a very long time with no reported
        issues"
      
      * tag 'driver-core-4.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
        Revert "kref: double kref_put() in my_data_handler()"
        driver core: don't initialize 'parent' in device_add()
        drivers: base: dma-mapping: use nth_page helper
        Documentation/ABI: add information about cpu_capacity
        debugfs: set no_llseek in DEFINE_DEBUGFS_ATTRIBUTE
        eventpoll.h: add missing epoll event masks
        eventpoll.h: fix epoll event masks
      0be75179
    • L
      Merge tag 'usb-4.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · 8f28472a
      Linus Torvalds 提交于
      Pull USB updates from Greg KH:
       "Here is the big USB patchset for 4.12-rc1.
      
        Lots of good stuff here, after many many many attempts, the kernel
        finally has a working typeC interface, many thanks to Heikki and
        Guenter and others who have taken the time to get this merged. It
        wasn't an easy path for them at all.
      
        There's also a staging driver that uses this new api, which is why
        it's coming in through this tree.
      
        Along with that, there's the usual huge number of changes for gadget
        drivers, xhci, and other stuff. Johan also finally refactored pretty
        much every driver that was looking at USB endpoints to do it in a
        common way, which will help prevent any "badly-formed" devices from
        causing problems in drivers. That too wasn't a simple task.
      
        All of these have been in linux-next for a while with no reported
        issues"
      
      * tag 'usb-4.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (263 commits)
        staging: typec: Fairchild FUSB302 Type-c chip driver
        staging: typec: Type-C Port Controller Interface driver (tcpci)
        staging: typec: USB Type-C Port Manager (tcpm)
        usb: host: xhci: remove #ifdef around PM functions
        usb: musb: don't mark of_dev_auxdata as initdata
        usb: misc: legousbtower: Fix buffers on stack
        USB: Revert "cdc-wdm: fix "out-of-sync" due to missing notifications"
        usb: Make sure usb/phy/of gets built-in
        USB: storage: e-mail update in drivers/usb/storage/unusual_devs.h
        usb: host: xhci: print correct command ring address
        usb: host: xhci: delete sp_dma_buffers for scratchpad
        usb: host: xhci: using correct specification chapter reference for DCBAAP
        xhci: switch to pci_alloc_irq_vectors
        usb: host: xhci-plat: set resume_quirk() for R-Car controllers
        usb: host: xhci-plat: add resume_quirk()
        usb: host: xhci-plat: enable clk in resume timing
        usb: host: plat: Enable xHCI plat runtime PM
        USB: serial: ftdi_sio: add device ID for Microsemi/Arrow SF2PLUS Dev Kit
        USB: serial: constify static arrays
        usb: fix some references for /proc/bus/usb
        ...
      8f28472a
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 4ac4d584
      Linus Torvalds 提交于
      Pull networking fixes from David Miller:
      
       1) The wireless rate info fix from Johannes Berg.
      
       2) When a RAW socket is in hdrincl mode, we need to make sure that the
          user provided at least a minimally sized ipv4/ipv6 header. Fix from
          Alexander Potapenko.
      
       3) We must emit IFLA_PHYS_PORT_NAME netlink attributes using
          nla_put_string() so that it is NULL terminated.
      
       4) Fix a bug in TCP fastopen handling, wherein child sockets
          erroneously inherit the fastopen_req from the parent, and later can
          end up derefencing freed memory or doing a double free. From Eric
          Dumazet.
      
       5) Don't clear out netdev stats at close time in tg3 driver, from
          YueHaibing.
      
       6) Fix refcount leak in xt_CT, from Gao Feng.
      
       7) In nft_set_bitmap() don't leak dummy elements, from Liping Zhang.
      
       8) Fix deadlock due to taking the expectation lock twice, also from
          Liping Zhang.
      
       9) Make xt_socket work again with ipv6, from Peter Tirsek.
      
      10) Don't allow IPV6 to be used with IPVS if ipv6.disable=1, from Paolo
          Abeni.
      
      11) Make the BPF loader more flexible wrt. changes to the bpf MAP entry
          layout. From Jesper Dangaard Brouer.
      
      12) Fix ethtool reported device name in aquantia driver, from Pavel
          Belous.
      
      13) Fix build failures due to the compile time size test not working in
          netfilter conntrack. From Geert Uytterhoeven.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (52 commits)
        cfg80211: make RATE_INFO_BW_20 the default
        ipv6: initialize route null entry in addrconf_init()
        qede: Fix possible misconfiguration of advertised autoneg value.
        qed: Fix overriding of supported autoneg value.
        qed*: Fix possible overflow for status block id field.
        rtnetlink: NUL-terminate IFLA_PHYS_PORT_NAME string
        netvsc: make sure napi enabled before vmbus_open
        aquantia: Fix driver name reported by ethtool
        ipv4, ipv6: ensure raw socket message is big enough to hold an IP header
        net/sched: remove redundant null check on head
        tcp: do not inherit fastopen_req from parent
        forcedeth: remove unnecessary carrier status check
        ibmvnic: Move queue restarting in ibmvnic_tx_complete
        ibmvnic: Record SKB RX queue during poll
        ibmvnic: Continue skb processing after skb completion error
        ibmvnic: Check for driver reset first in ibmvnic_xmit
        ibmvnic: Wait for any pending scrqs entries at driver close
        ibmvnic: Clean up tx pools when closing
        ibmvnic: Whitespace correction in release_rx_pools
        ibmvnic: Delete napi's when releasing driver resources
        ...
      4ac4d584
    • L
      Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 8d5e72df
      Linus Torvalds 提交于
      Pull SCSI updates from James Bottomley:
       "This update includes the usual round of major driver updates
        (hisi_sas, ufs, fnic, cxlflash, be2iscsi, ipr, stex). There's also the
        usual amount of cosmetic and spelling stuff"
      
      * tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: (155 commits)
        scsi: qla4xxx: fix spelling mistake: "Tempalate" -> "Template"
        scsi: stex: make S6flag static
        scsi: mac_esp: fix to pass correct device identity to free_irq()
        scsi: aacraid: pci_alloc_consistent() failures on ARM64
        scsi: ufs: make ufshcd_get_lists_status() register operation obvious
        scsi: ufs: use MASK_EE_STATUS
        scsi: mac_esp: Replace bogus memory barrier with spinlock
        scsi: fcoe: make fcoe_e_d_tov and fcoe_r_a_tov static
        scsi: sd_zbc: Do not write lock zones for reset
        scsi: sd_zbc: Remove superfluous assignments
        scsi: sd: sd_zbc: Rename sd_zbc_setup_write_cmnd
        scsi: Improve scsi_get_sense_info_fld
        scsi: sd: Cleanup sd_done sense data handling
        scsi: sd: Improve sd_completed_bytes
        scsi: sd: Fix function descriptions
        scsi: mpt3sas: remove redundant wmb
        scsi: mpt: Move scsi_remove_host() out of mptscsih_remove_host()
        scsi: sg: reset 'res_in_use' after unlinking reserved array
        scsi: mvumi: remove code handling zero scsi_sg_count(scmd) case
        scsi: fusion: fix spelling mistake: "Persistancy" -> "Persistency"
        ...
      8d5e72df
    • L
      Merge tag 'gpio-v4.12-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio · 2bd80401
      Linus Torvalds 提交于
      Pull GPIO updates from Linus Walleij:
       "This is the bulk of GPIO changes for the v4.12 kernel cycle.
      
        Core changes:
      
         - Return NULL from gpiod_get_optional() when GPIOLIB is disabled.
           This was a much discussed change. It affects use cases where people
           write drivers that might or might not be using GPIO resources. I
           have decided that this is the lesser evil right now.
      
         - Make gpiod_count() behave consistently across different hardware
           descriptions.
      
         - Fix the syntax around open drain/open source to not infer active
           high/low semantics.
      
        New drivers:
      
         - A new single-register fixed-direction framework driver for hardware
           that have lines controlled by a single register that just work in
           one direction (out or in), including IRQ support.
      
         - Support the Fintek F71889A GPIO SuperIO controller.
      
         - Support the National NI 169445 MMIO GPIO.
      
         - Support for the X-Gene derivative of the DWC GPIO controller
      
         - Support for the Rohm BD9571MWV-M PMIC GPIO controller.
      
         - Refactor the Gemini GPIO driver to a generic Faraday FTGPIO driver
           and replace both the Gemini and the Moxa ART custom drivers with
           this driver.
      
        Driver improvements:
      
         - A whole slew of drivers have their spinlocks chaned to raw
           spinlocks as they provide irqchips, and thus we are progressing on
           realtime compliance.
      
         - Use devm_irq_alloc_descs() in a slew of drivers, getting managed
           resources.
      
         - Support for the embedded PWM controller inside the MVEBU driver.
      
         - Debounce, open source and open drain support for the Aspeed driver.
      
         - Misc smaller fixes like spelling and syntax and whatnot"
      
      * tag 'gpio-v4.12-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio: (77 commits)
        gpio: f7188x: Add a missing break
        gpio: omap: return error if requested debounce time is not possible
        gpio: Add ROHM BD9571MWV-M PMIC GPIO driver
        gpio: gpio-wcove: fix GPIO IRQ status mask
        gpio: DT bindings, move tca9554 from pcf857x to pca953x
        gpio: move tca9554 from pcf857x to pca953x
        gpio: arizona: Correct check whether the pin is an input
        gpio: Add XRA1403 DTS binding documentation
        dt-bindings: add exar to vendor prefixes list
        gpio: gpio-wcove: fix irq pending status bit width
        gpio: dwapb: use dwapb_read instead of readl_relaxed
        gpio: aspeed: Add open-source and open-drain support
        gpio: aspeed: Add debounce support
        gpio: aspeed: dt: Add optional clocks property
        gpio: aspeed: dt: Fix description alignment in bindings document
        gpio: mvebu: Add limited PWM support
        gpio: Use unsigned int for interrupt numbers
        gpio: f7188x: Add F71889A GPIO support.
        gpio: core: Decouple open drain/source flag with active low/high
        gpio: arizona: Correct handling for reading input GPIOs
        ...
      2bd80401
    • L
      Merge tag 'platform-drivers-x86-v4.12-1' of git://git.infradead.org/linux-platform-drivers-x86 · 99a7583d
      Linus Torvalds 提交于
      Pull x86 platform-drivers update from Darren Hart:
       "This represents a significantly larger and more complex set of changes
        than those of prior merge windows.
      
        In particular, we had several changes with dependencies on other
        subsystems which we felt were best managed through merges of immutable
        branches, including one each from input, i2c, and leds. Two patches
        for the watchdog subsystem are included after discussion with Wim and
        Guenter following a collision in linux-next (this should be resolved
        and you should only see these two appear in this pull request). These
        are called out in the "External" section below.
      
        Summary of changes:
         - significant further cleanup of fujitsu-laptop and hp-wmi
         - new model support for ideapad, asus, silead, and xiaomi
         - new hotkeys for thinkpad and models using intel-vbtn
         - dell keyboard backlight improvements
         - build and dependency improvements
         - intel * ipc fixes, cleanups, and api updates
         - single isolated fixes noted below
      
        External:
         - watchdog: iTCO_wdt: Add PMC specific noreboot update api
         - watchdog: iTCO_wdt: cleanup set/unset no_reboot_bit functions
         - Merge branch 'ib/4.10-sparse-keymap-managed'
         - Merge branch 'i2c/for-INT33FE'
         - Merge branch 'linux-leds/dell-laptop-changes-for-4.12'
      
        platform/x86:
         - Add Intel Cherry Trail ACPI INT33FE device driver
         - remove sparse_keymap_free() calls
         - Make SILEAD_DMI depend on TOUCHSCREEN_SILEAD
      
        asus-wmi:
         - try to set als by default
         - fix cpufv sysfs file permission
      
        acer-wmi:
         - setup accelerometer when ACPI device was found
      
        ideapad-laptop:
         - Add IdeaPad V310-15ISK to no_hw_rfkill
         - Add IdeaPad 310-15IKB to no_hw_rfkill
      
        intel_pmc_ipc:
         - use gcr mem base for S0ix counter read
         - Fix iTCO_wdt GCS memory mapping failure
         - Add pmc gcr read/write/update api's
         - fix gcr offset
      
        dell-laptop:
         - Add keyboard backlight timeout AC settings
         - Handle return error form dell_get_intensity.
         - Protect kbd_state against races
         - Refactor kbd_led_triggers_store()
      
        hp-wireless:
         - reuse module_acpi_driver
         - add Xiaomi's hardware id to the supported list
      
        intel-vbtn:
         - add volume up and down
      
        INT33FE:
         - add i2c dependency
      
        hp-wmi:
         - Cleanup exit paths
         - Do not shadow errors in sysfs show functions
         - Use DEVICE_ATTR_(RO|RW) helper macros
         - Refactor dock and tablet state fetchers
         - Cleanup wireless get_(hw|sw)state functions
         - Refactor redundant HPWMI_READ functions
         - Standardize enum usage for constants
         - Cleanup local variable declarations
         - Do not shadow error values
         - Fix detection for dock and tablet mode
         - Fix error value for hp_wmi_tablet_state
      
        fujitsu-laptop:
         - simplify error handling in acpi_fujitsu_laptop_add()
         - do not log LED registration failures
         - switch to managed LED class devices
         - reorganize LED-related code
         - refactor LED registration
         - select LEDS_CLASS
         - remove redundant fields from struct fujitsu_bl
         - account for backlight power when determining brightness
         - do not log set_lcd_level() failures in bl_update_status()
         - ignore errors when setting backlight power
         - make disable_brightness_adjust a boolean
         - clean up use_alt_lcd_levels handling
         - sync brightness in set_lcd_level()
         - simplify set_lcd_level()
         - merge set_lcd_level_alt() into set_lcd_level()
         - switch to a managed backlight device
         - only handle backlight when appropriate
         - update debug message logged by call_fext_func()
         - rename call_fext_func() arguments
         - simplify call_fext_func()
         - clean up local variables in call_fext_func()
         - remove keycode fields from struct fujitsu_bl
         - model-dependent sparse keymap overrides
         - use a sparse keymap for hotkey event generation
         - switch to a managed hotkey input device
         - refactor hotkey input device setup
         - use a sparse keymap for brightness key events
         - switch to a managed backlight input device
         - refactor backlight input device setup
         - remove pf_device field from struct fujitsu_bl
         - only register platform device if FUJ02E3 is present
         - add and remove platform device in separate functions
         - simplify platform device attribute definitions
         - remove backlight-related attributes from the platform device
         - cleanup error labels in fujitsu_init()
         - only register backlight device if FUJ02B1 is present
         - sync backlight power status in acpi_fujitsu_laptop_add()
         - register backlight device in a separate function
         - simplify brightness key event generation logic
         - decrease indentation in acpi_fujitsu_bl_notify()
      
        intel-hid:
         - Add missing ->thaw callback
         - do not set parents of input devices explicitly
         - remove redundant set_bit() call
         - use devm_input_allocate_device() for HID events input device
         - make intel_hid_set_enable() take a boolean argument
         - simplify enabling/disabling HID events
      
        silead_dmi:
         - Add touchscreen info for Surftab Wintron 7.0
         - Abort early if DMI does not match
         - Do not treat all devices as i2c_clients
         - Add entry for Insyde 7W tablets
         - Constify properties arrays
      
        intel_scu_ipc:
         - Introduce intel_scu_ipc_raw_command()
         - Introduce SCU_DEVICE() macro
         - Remove redundant subarch check
         - Rearrange init sequence
         - Platform data is mandatory
      
        asus-nb-wmi:
         - Add wapf4 quirk for the X302UA
      
        dell-*:
         - Call new led hw_changed API on kbd brightness change
         - Add a generic dell-laptop notifier chain
      
        eeepc-laptop:
         - Skip unknown key messages 0x50 0x51
      
        thinkpad_acpi:
         - add mapping for new hotkeys
         - guard generic hotkey case"
      
      * tag 'platform-drivers-x86-v4.12-1' of git://git.infradead.org/linux-platform-drivers-x86: (108 commits)
        platform/x86: Make SILEAD_DMI depend on TOUCHSCREEN_SILEAD
        platform/x86: asus-wmi: try to set als by default
        platform/x86: asus-wmi: fix cpufv sysfs file permission
        platform/x86: acer-wmi: setup accelerometer when ACPI device was found
        platform/x86: ideapad-laptop: Add IdeaPad V310-15ISK to no_hw_rfkill
        platform/x86: intel_pmc_ipc: use gcr mem base for S0ix counter read
        platform/x86: intel_pmc_ipc: Fix iTCO_wdt GCS memory mapping failure
        watchdog: iTCO_wdt: Add PMC specific noreboot update api
        watchdog: iTCO_wdt: cleanup set/unset no_reboot_bit functions
        platform/x86: intel_pmc_ipc: Add pmc gcr read/write/update api's
        platform/x86: intel_pmc_ipc: fix gcr offset
        platform/x86: dell-laptop: Add keyboard backlight timeout AC settings
        platform/x86: dell-laptop: Handle return error form dell_get_intensity.
        platform/x86: hp-wireless: reuse module_acpi_driver
        platform/x86: intel-vbtn: add volume up and down
        platform/x86: INT33FE: add i2c dependency
        platform/x86: hp-wmi: Cleanup exit paths
        platform/x86: hp-wmi: Do not shadow errors in sysfs show functions
        platform/x86: hp-wmi: Use DEVICE_ATTR_(RO|RW) helper macros
        platform/x86: hp-wmi: Refactor dock and tablet state fetchers
        ...
      99a7583d
    • L
      Merge tag 'vfio-v4.12-rc1' of git://github.com/awilliam/linux-vfio · c336bf8e
      Linus Torvalds 提交于
      Pull VFIO updates from Alex Williamson:
      
       - Updates for SPAPR IOMMU backend including compatibility test and
         memory allocation check (Alexey Kardashevskiy)
      
       - Updates for type1 IOMMU backend to remove asynchronous locked page
         accounting and remove redundancy (Alex Williamson)
      
      * tag 'vfio-v4.12-rc1' of git://github.com/awilliam/linux-vfio:
        vfio/type1: Reduce repetitive calls in vfio_pin_pages_remote()
        vfio/type1: Prune vfio_pin_page_external()
        vfio/type1: Remove locked page accounting workqueue
        vfio/spapr_tce: Check kzalloc() return when preregistering memory
        vfio/powerpc/spapr_tce: Enforce IOMMU type compatibility check
      c336bf8e
    • L
      Merge tag 'for-linus-4.12b-rc0b-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip · a9648072
      Linus Torvalds 提交于
      Pull xen updates from Juergen Gross:
       "Xen fixes and featrues for 4.12. The main changes are:
      
         - enable building the kernel with Xen support but without enabling
           paravirtualized mode (Vitaly Kuznetsov)
      
         - add a new 9pfs xen frontend driver (Stefano Stabellini)
      
         - simplify Xen's cpuid handling by making use of cpu capabilities
           (Juergen Gross)
      
         - add/modify some headers for new Xen paravirtualized devices
           (Oleksandr Andrushchenko)
      
         - EFI reset_system support under Xen (Julien Grall)
      
         - and the usual cleanups and corrections"
      
      * tag 'for-linus-4.12b-rc0b-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip: (57 commits)
        xen: Move xen_have_vector_callback definition to enlighten.c
        xen: Implement EFI reset_system callback
        arm/xen: Consolidate calls to shutdown hypercall in a single helper
        xen: Export xen_reboot
        xen/x86: Call xen_smp_intr_init_pv() on BSP
        xen: Revert commits da72ff5b and 72a9b186
        xen/pvh: Do not fill kernel's e820 map in init_pvh_bootparams()
        xen/scsifront: use offset_in_page() macro
        xen/arm,arm64: rename __generic_dma_ops to xen_get_dma_ops
        xen/arm,arm64: fix xen_dma_ops after 815dd187 "Consolidate get_dma_ops..."
        xen/9pfs: select CONFIG_XEN_XENBUS_FRONTEND
        x86/cpu: remove hypervisor specific set_cpu_features
        vmware: set cpu capabilities during platform initialization
        x86/xen: use capabilities instead of fake cpuid values for xsave
        x86/xen: use capabilities instead of fake cpuid values for x2apic
        x86/xen: use capabilities instead of fake cpuid values for mwait
        x86/xen: use capabilities instead of fake cpuid values for acpi
        x86/xen: use capabilities instead of fake cpuid values for acc
        x86/xen: use capabilities instead of fake cpuid values for mtrr
        x86/xen: use capabilities instead of fake cpuid values for aperf
        ...
      a9648072
    • J
      cfg80211: make RATE_INFO_BW_20 the default · 842be75c
      Johannes Berg 提交于
      Due to the way I did the RX bitrate conversions in mac80211 with
      spatch, going setting flags to setting the value, many drivers now
      don't set the bandwidth value for 20 MHz, since with the flags it
      wasn't necessary to (there was no 20 MHz flag, only the others.)
      
      Rather than go through and try to fix up all the drivers, instead
      renumber the enum so that 20 MHz, which is the typical bandwidth,
      actually has the value 0, making those drivers all work again.
      
      If VHT was hit used with a driver not reporting it, e.g. iwlmvm,
      this manifested in hitting the bandwidth warning in
      cfg80211_calculate_bitrate_vht().
      Reported-by: NLinus Torvalds <torvalds@linux-foundation.org>
      Tested-by: NJens Axboe <axboe@kernel.dk>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      842be75c
    • W
      ipv6: initialize route null entry in addrconf_init() · 2f460933
      WANG Cong 提交于
      Andrey reported a crash on init_net.ipv6.ip6_null_entry->rt6i_idev
      since it is always NULL.
      
      This is clearly wrong, we have code to initialize it to loopback_dev,
      unfortunately the order is still not correct.
      
      loopback_dev is registered very early during boot, we lose a chance
      to re-initialize it in notifier. addrconf_init() is called after
      ip6_route_init(), which means we have no chance to correct it.
      
      Fix it by moving this initialization explicitly after
      ipv6_add_dev(init_net.loopback_dev) in addrconf_init().
      Reported-by: NAndrey Konovalov <andreyknvl@google.com>
      Signed-off-by: NCong Wang <xiyou.wangcong@gmail.com>
      Tested-by: NAndrey Konovalov <andreyknvl@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      2f460933
    • D
      Merge branch 'qed-fixes' · 15981952
      David S. Miller 提交于
      Sudarsana Reddy Kalluru says:
      
      ====================
      qed*: Bug fix series.
      
      The series contains minor bug fixes for qed/qede drivers.
      
      Please consider applying it to 'net' branch.
      ====================
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      15981952
    • S
      qede: Fix possible misconfiguration of advertised autoneg value. · 161adb04
      sudarsana.kalluru@cavium.com 提交于
      Fail the configuration of advertised speed-autoneg value if the config
      update is not supported.
      Signed-off-by: NSudarsana Reddy Kalluru <Sudarsana.Kalluru@cavium.com>
      Signed-off-by: NYuval Mintz <Yuval.Mintz@cavium.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      161adb04
    • S
      qed: Fix overriding of supported autoneg value. · 34f9199c
      sudarsana.kalluru@cavium.com 提交于
      Driver currently uses advertised-autoneg value to populate the
      supported-autoneg field. When advertised field is updated, user gets
      the same value for supported field. Supported-autoneg value need to be
      populated from the link capabilities value returned by the MFW.
      Signed-off-by: NSudarsana Reddy Kalluru <Sudarsana.Kalluru@cavium.com>
      Signed-off-by: NYuval Mintz <Yuval.Mintz@cavium.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      34f9199c
    • S
      qed*: Fix possible overflow for status block id field. · f870a3c6
      sudarsana.kalluru@cavium.com 提交于
      Value for status block id could be more than 256 in 100G mode, need to
      update its data type from u8 to u16.
      Signed-off-by: NSudarsana Reddy Kalluru <Sudarsana.Kalluru@cavium.com>
      Signed-off-by: NYuval Mintz <Yuval.Mintz@cavium.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      f870a3c6
  4. 04 5月, 2017 6 次提交
    • M
      rtnetlink: NUL-terminate IFLA_PHYS_PORT_NAME string · 77ef033b
      Michal Schmidt 提交于
      IFLA_PHYS_PORT_NAME is a string attribute, so terminate it with \0.
      Otherwise libnl3 fails to validate netlink messages with this attribute.
      "ip -detail a" assumes too that the attribute is NUL-terminated when
      printing it. It often was, due to padding.
      
      I noticed this as libvirtd failing to start on a system with sfc driver
      after upgrading it to Linux 4.11, i.e. when sfc added support for
      phys_port_name.
      Signed-off-by: NMichal Schmidt <mschmidt@redhat.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      77ef033b
    • S
      netvsc: make sure napi enabled before vmbus_open · 2be0f264
      stephen hemminger 提交于
      This fixes a race where vmbus callback for new packet arriving
      could occur before NAPI is initialized.
      Signed-off-by: NStephen Hemminger <sthemmin@microsoft.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      2be0f264
    • P
      aquantia: Fix driver name reported by ethtool · 5900eca1
      Pavel Belous 提交于
      V2: using "aquantia" subsystem tag.
      
      The command "ethtool -i ethX" should display driver name (driver: atlantic)
      instead vendor name (driver: aquantia).
      Signed-off-by: NPavel Belous <pavel.belous@aquantia.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      5900eca1
    • A
      ipv4, ipv6: ensure raw socket message is big enough to hold an IP header · 86f4c90a
      Alexander Potapenko 提交于
      raw_send_hdrinc() and rawv6_send_hdrinc() expect that the buffer copied
      from the userspace contains the IPv4/IPv6 header, so if too few bytes are
      copied, parts of the header may remain uninitialized.
      
      This bug has been detected with KMSAN.
      
      For the record, the KMSAN report:
      
      ==================================================================
      BUG: KMSAN: use of unitialized memory in nf_ct_frag6_gather+0xf5a/0x44a0
      inter: 0
      CPU: 0 PID: 1036 Comm: probe Not tainted 4.11.0-rc5+ #2455
      Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
      Call Trace:
       __dump_stack lib/dump_stack.c:16
       dump_stack+0x143/0x1b0 lib/dump_stack.c:52
       kmsan_report+0x16b/0x1e0 mm/kmsan/kmsan.c:1078
       __kmsan_warning_32+0x5c/0xa0 mm/kmsan/kmsan_instr.c:510
       nf_ct_frag6_gather+0xf5a/0x44a0 net/ipv6/netfilter/nf_conntrack_reasm.c:577
       ipv6_defrag+0x1d9/0x280 net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68
       nf_hook_entry_hookfn ./include/linux/netfilter.h:102
       nf_hook_slow+0x13f/0x3c0 net/netfilter/core.c:310
       nf_hook ./include/linux/netfilter.h:212
       NF_HOOK ./include/linux/netfilter.h:255
       rawv6_send_hdrinc net/ipv6/raw.c:673
       rawv6_sendmsg+0x2fcb/0x41a0 net/ipv6/raw.c:919
       inet_sendmsg+0x3f8/0x6d0 net/ipv4/af_inet.c:762
       sock_sendmsg_nosec net/socket.c:633
       sock_sendmsg net/socket.c:643
       SYSC_sendto+0x6a5/0x7c0 net/socket.c:1696
       SyS_sendto+0xbc/0xe0 net/socket.c:1664
       do_syscall_64+0x72/0xa0 arch/x86/entry/common.c:285
       entry_SYSCALL64_slow_path+0x25/0x25 arch/x86/entry/entry_64.S:246
      RIP: 0033:0x436e03
      RSP: 002b:00007ffce48baf38 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
      RAX: ffffffffffffffda RBX: 00000000004002b0 RCX: 0000000000436e03
      RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
      RBP: 00007ffce48baf90 R08: 00007ffce48baf50 R09: 000000000000001c
      R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
      R13: 0000000000401790 R14: 0000000000401820 R15: 0000000000000000
      origin: 00000000d9400053
       save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:59
       kmsan_save_stack_with_flags mm/kmsan/kmsan.c:362
       kmsan_internal_poison_shadow+0xb1/0x1a0 mm/kmsan/kmsan.c:257
       kmsan_poison_shadow+0x6d/0xc0 mm/kmsan/kmsan.c:270
       slab_alloc_node mm/slub.c:2735
       __kmalloc_node_track_caller+0x1f4/0x390 mm/slub.c:4341
       __kmalloc_reserve net/core/skbuff.c:138
       __alloc_skb+0x2cd/0x740 net/core/skbuff.c:231
       alloc_skb ./include/linux/skbuff.h:933
       alloc_skb_with_frags+0x209/0xbc0 net/core/skbuff.c:4678
       sock_alloc_send_pskb+0x9ff/0xe00 net/core/sock.c:1903
       sock_alloc_send_skb+0xe4/0x100 net/core/sock.c:1920
       rawv6_send_hdrinc net/ipv6/raw.c:638
       rawv6_sendmsg+0x2918/0x41a0 net/ipv6/raw.c:919
       inet_sendmsg+0x3f8/0x6d0 net/ipv4/af_inet.c:762
       sock_sendmsg_nosec net/socket.c:633
       sock_sendmsg net/socket.c:643
       SYSC_sendto+0x6a5/0x7c0 net/socket.c:1696
       SyS_sendto+0xbc/0xe0 net/socket.c:1664
       do_syscall_64+0x72/0xa0 arch/x86/entry/common.c:285
       return_from_SYSCALL_64+0x0/0x6a arch/x86/entry/entry_64.S:246
      ==================================================================
      
      , triggered by the following syscalls:
        socket(PF_INET6, SOCK_RAW, IPPROTO_RAW) = 3
        sendto(3, NULL, 0, 0, {sa_family=AF_INET6, sin6_port=htons(0), inet_pton(AF_INET6, "ff00::", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = -1 EPERM
      
      A similar report is triggered in net/ipv4/raw.c if we use a PF_INET socket
      instead of a PF_INET6 one.
      Signed-off-by: NAlexander Potapenko <glider@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      86f4c90a
    • C
      net/sched: remove redundant null check on head · 985538ee
      Colin Ian King 提交于
      head is previously null checked and so the 2nd null check on head
      is redundant and therefore can be removed.
      
      Detected by CoverityScan, CID#1399505 ("Logically dead code")
      Signed-off-by: NColin Ian King <colin.king@canonical.com>
      Acked-by: NJiri Pirko <jiri@mellanox.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      985538ee
    • E
      tcp: do not inherit fastopen_req from parent · 8b485ce6
      Eric Dumazet 提交于
      Under fuzzer stress, it is possible that a child gets a non NULL
      fastopen_req pointer from its parent at accept() time, when/if parent
      morphs from listener to active session.
      
      We need to make sure this can not happen, by clearing the field after
      socket cloning.
      
      BUG: Double free or freeing an invalid pointer
      Unexpected shadow byte: 0xFB
      CPU: 3 PID: 20933 Comm: syz-executor3 Not tainted 4.11.0+ #306
      Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs
      01/01/2011
      Call Trace:
       <IRQ>
       __dump_stack lib/dump_stack.c:16 [inline]
       dump_stack+0x292/0x395 lib/dump_stack.c:52
       kasan_object_err+0x1c/0x70 mm/kasan/report.c:164
       kasan_report_double_free+0x5c/0x70 mm/kasan/report.c:185
       kasan_slab_free+0x9d/0xc0 mm/kasan/kasan.c:580
       slab_free_hook mm/slub.c:1357 [inline]
       slab_free_freelist_hook mm/slub.c:1379 [inline]
       slab_free mm/slub.c:2961 [inline]
       kfree+0xe8/0x2b0 mm/slub.c:3882
       tcp_free_fastopen_req net/ipv4/tcp.c:1077 [inline]
       tcp_disconnect+0xc15/0x13e0 net/ipv4/tcp.c:2328
       inet_child_forget+0xb8/0x600 net/ipv4/inet_connection_sock.c:898
       inet_csk_reqsk_queue_add+0x1e7/0x250
      net/ipv4/inet_connection_sock.c:928
       tcp_get_cookie_sock+0x21a/0x510 net/ipv4/syncookies.c:217
       cookie_v4_check+0x1a19/0x28b0 net/ipv4/syncookies.c:384
       tcp_v4_cookie_check net/ipv4/tcp_ipv4.c:1384 [inline]
       tcp_v4_do_rcv+0x731/0x940 net/ipv4/tcp_ipv4.c:1421
       tcp_v4_rcv+0x2dc0/0x31c0 net/ipv4/tcp_ipv4.c:1715
       ip_local_deliver_finish+0x4cc/0xc20 net/ipv4/ip_input.c:216
       NF_HOOK include/linux/netfilter.h:257 [inline]
       ip_local_deliver+0x1ce/0x700 net/ipv4/ip_input.c:257
       dst_input include/net/dst.h:492 [inline]
       ip_rcv_finish+0xb1d/0x20b0 net/ipv4/ip_input.c:396
       NF_HOOK include/linux/netfilter.h:257 [inline]
       ip_rcv+0xd8c/0x19c0 net/ipv4/ip_input.c:487
       __netif_receive_skb_core+0x1ad1/0x3400 net/core/dev.c:4210
       __netif_receive_skb+0x2a/0x1a0 net/core/dev.c:4248
       process_backlog+0xe5/0x6c0 net/core/dev.c:4868
       napi_poll net/core/dev.c:5270 [inline]
       net_rx_action+0xe70/0x18e0 net/core/dev.c:5335
       __do_softirq+0x2fb/0xb99 kernel/softirq.c:284
       do_softirq_own_stack+0x1c/0x30 arch/x86/entry/entry_64.S:899
       </IRQ>
       do_softirq.part.17+0x1e8/0x230 kernel/softirq.c:328
       do_softirq kernel/softirq.c:176 [inline]
       __local_bh_enable_ip+0x1cf/0x1e0 kernel/softirq.c:181
       local_bh_enable include/linux/bottom_half.h:31 [inline]
       rcu_read_unlock_bh include/linux/rcupdate.h:931 [inline]
       ip_finish_output2+0x9ab/0x15e0 net/ipv4/ip_output.c:230
       ip_finish_output+0xa35/0xdf0 net/ipv4/ip_output.c:316
       NF_HOOK_COND include/linux/netfilter.h:246 [inline]
       ip_output+0x1f6/0x7b0 net/ipv4/ip_output.c:404
       dst_output include/net/dst.h:486 [inline]
       ip_local_out+0x95/0x160 net/ipv4/ip_output.c:124
       ip_queue_xmit+0x9a8/0x1a10 net/ipv4/ip_output.c:503
       tcp_transmit_skb+0x1ade/0x3470 net/ipv4/tcp_output.c:1057
       tcp_write_xmit+0x79e/0x55b0 net/ipv4/tcp_output.c:2265
       __tcp_push_pending_frames+0xfa/0x3a0 net/ipv4/tcp_output.c:2450
       tcp_push+0x4ee/0x780 net/ipv4/tcp.c:683
       tcp_sendmsg+0x128d/0x39b0 net/ipv4/tcp.c:1342
       inet_sendmsg+0x164/0x5b0 net/ipv4/af_inet.c:762
       sock_sendmsg_nosec net/socket.c:633 [inline]
       sock_sendmsg+0xca/0x110 net/socket.c:643
       SYSC_sendto+0x660/0x810 net/socket.c:1696
       SyS_sendto+0x40/0x50 net/socket.c:1664
       entry_SYSCALL_64_fastpath+0x1f/0xbe
      RIP: 0033:0x446059
      RSP: 002b:00007faa6761fb58 EFLAGS: 00000282 ORIG_RAX: 000000000000002c
      RAX: ffffffffffffffda RBX: 0000000000000017 RCX: 0000000000446059
      RDX: 0000000000000001 RSI: 0000000020ba3fcd RDI: 0000000000000017
      RBP: 00000000006e40a0 R08: 0000000020ba4ff0 R09: 0000000000000010
      R10: 0000000020000000 R11: 0000000000000282 R12: 0000000000708150
      R13: 0000000000000000 R14: 00007faa676209c0 R15: 00007faa67620700
      Object at ffff88003b5bbcb8, in cache kmalloc-64 size: 64
      Allocated:
      PID = 20909
       save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:59
       save_stack+0x43/0xd0 mm/kasan/kasan.c:513
       set_track mm/kasan/kasan.c:525 [inline]
       kasan_kmalloc+0xad/0xe0 mm/kasan/kasan.c:616
       kmem_cache_alloc_trace+0x82/0x270 mm/slub.c:2745
       kmalloc include/linux/slab.h:490 [inline]
       kzalloc include/linux/slab.h:663 [inline]
       tcp_sendmsg_fastopen net/ipv4/tcp.c:1094 [inline]
       tcp_sendmsg+0x221a/0x39b0 net/ipv4/tcp.c:1139
       inet_sendmsg+0x164/0x5b0 net/ipv4/af_inet.c:762
       sock_sendmsg_nosec net/socket.c:633 [inline]
       sock_sendmsg+0xca/0x110 net/socket.c:643
       SYSC_sendto+0x660/0x810 net/socket.c:1696
       SyS_sendto+0x40/0x50 net/socket.c:1664
       entry_SYSCALL_64_fastpath+0x1f/0xbe
      Freed:
      PID = 20909
       save_stack_trace+0x16/0x20 arch/x86/kernel/stacktrace.c:59
       save_stack+0x43/0xd0 mm/kasan/kasan.c:513
       set_track mm/kasan/kasan.c:525 [inline]
       kasan_slab_free+0x73/0xc0 mm/kasan/kasan.c:589
       slab_free_hook mm/slub.c:1357 [inline]
       slab_free_freelist_hook mm/slub.c:1379 [inline]
       slab_free mm/slub.c:2961 [inline]
       kfree+0xe8/0x2b0 mm/slub.c:3882
       tcp_free_fastopen_req net/ipv4/tcp.c:1077 [inline]
       tcp_disconnect+0xc15/0x13e0 net/ipv4/tcp.c:2328
       __inet_stream_connect+0x20c/0xf90 net/ipv4/af_inet.c:593
       tcp_sendmsg_fastopen net/ipv4/tcp.c:1111 [inline]
       tcp_sendmsg+0x23a8/0x39b0 net/ipv4/tcp.c:1139
       inet_sendmsg+0x164/0x5b0 net/ipv4/af_inet.c:762
       sock_sendmsg_nosec net/socket.c:633 [inline]
       sock_sendmsg+0xca/0x110 net/socket.c:643
       SYSC_sendto+0x660/0x810 net/socket.c:1696
       SyS_sendto+0x40/0x50 net/socket.c:1664
       entry_SYSCALL_64_fastpath+0x1f/0xbe
      
      Fixes: e994b2f0 ("tcp: do not lock listener to process SYN packets")
      Fixes: 7db92362 ("tcp: fix potential double free issue for fastopen_req")
      Signed-off-by: NEric Dumazet <edumazet@google.com>
      Reported-by: NAndrey Konovalov <andreyknvl@google.com>
      Acked-by: NWei Wang <weiwan@google.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      8b485ce6
新手
引导
客服 返回
顶部