1. 10 1月, 2022 6 次提交
  2. 09 1月, 2022 6 次提交
  3. 08 1月, 2022 10 次提交
  4. 07 1月, 2022 9 次提交
  5. 06 1月, 2022 9 次提交
    • C
      i2c: mpc: Avoid out of bounds memory access · 72a4a87d
      Chris Packham 提交于
      When performing an I2C transfer where the last message was a write KASAN
      would complain:
      
        BUG: KASAN: slab-out-of-bounds in mpc_i2c_do_action+0x154/0x630
        Read of size 2 at addr c814e310 by task swapper/2/0
      
        CPU: 2 PID: 0 Comm: swapper/2 Tainted: G    B             5.16.0-rc8 #1
        Call Trace:
        [e5ee9d50] [c08418e8] dump_stack_lvl+0x4c/0x6c (unreliable)
        [e5ee9d70] [c02f8a14] print_address_description.constprop.13+0x64/0x3b0
        [e5ee9da0] [c02f9030] kasan_report+0x1f0/0x204
        [e5ee9de0] [c0c76ee4] mpc_i2c_do_action+0x154/0x630
        [e5ee9e30] [c0c782c4] mpc_i2c_isr+0x164/0x240
        [e5ee9e60] [c00f3a04] __handle_irq_event_percpu+0xf4/0x3b0
        [e5ee9ec0] [c00f3d40] handle_irq_event_percpu+0x80/0x110
        [e5ee9f40] [c00f3e48] handle_irq_event+0x78/0xd0
        [e5ee9f60] [c00fcfec] handle_fasteoi_irq+0x19c/0x370
        [e5ee9fa0] [c00f1d84] generic_handle_irq+0x54/0x80
        [e5ee9fc0] [c0006b54] __do_irq+0x64/0x200
        [e5ee9ff0] [c0007958] __do_IRQ+0xe8/0x1c0
        [c812dd50] [e3eaab20] 0xe3eaab20
        [c812dd90] [c0007a4c] do_IRQ+0x1c/0x30
        [c812dda0] [c0000c04] ExternalInput+0x144/0x160
        --- interrupt: 500 at arch_cpu_idle+0x34/0x60
        NIP:  c000b684 LR: c000b684 CTR: c0019688
        REGS: c812ddb0 TRAP: 0500   Tainted: G    B              (5.16.0-rc8)
        MSR:  00029002 <CE,EE,ME>  CR: 22000488  XER: 20000000
      
        GPR00: c10ef7fc c812de90 c80ff200 c2394718 00000001 00000001 c10e3f90 00000003
        GPR08: 00000000 c0019688 c2394718 fc7d625b 22000484 00000000 21e17000 c208228c
        GPR16: e3e99284 00000000 ffffffff c2390000 c001bac0 c2082288 c812df60 c001ba60
        GPR24: c23949c0 00000018 00080000 00000004 c80ff200 00000002 c2348ee4 c2394718
        NIP [c000b684] arch_cpu_idle+0x34/0x60
        LR [c000b684] arch_cpu_idle+0x34/0x60
        --- interrupt: 500
        [c812de90] [c10e3f90] rcu_eqs_enter.isra.60+0xc0/0x110 (unreliable)
        [c812deb0] [c10ef7fc] default_idle_call+0xbc/0x230
        [c812dee0] [c00af0e8] do_idle+0x1c8/0x200
        [c812df10] [c00af3c0] cpu_startup_entry+0x20/0x30
        [c812df20] [c001e010] start_secondary+0x5d0/0xba0
        [c812dff0] [c00028a0] __secondary_start+0x90/0xdc
      
      This happened because we would overrun the i2c->msgs array on the final
      interrupt for the I2C STOP. This didn't happen if the last message was a
      read because there is no interrupt in that case. Ensure that we only
      access the current message if we are not processing a I2C STOP
      condition.
      
      Fixes: 1538d82f ("i2c: mpc: Interrupt driven transfer")
      Reported-by: NMaxime Bizon <mbizon@freebox.fr>
      Signed-off-by: NChris Packham <chris.packham@alliedtelesis.co.nz>
      Signed-off-by: NWolfram Sang <wsa@kernel.org>
      72a4a87d
    • O
      Merge tag 'socfpga_fix_for_v5.16_part_3' of... · 8922bb65
      Olof Johansson 提交于
      Merge tag 'socfpga_fix_for_v5.16_part_3' of git://git.kernel.org/pub/scm/linux/kernel/git/dinguyen/linux into arm/fixes
      
      SoCFPGA dts updates for v5.16, part 3
      - Change the SoCFPGA compatible to "intel,socfpga-qspi"
      - Update dt-bindings document to include "intel,socfpga-qspi"
      
      * tag 'socfpga_fix_for_v5.16_part_3' of git://git.kernel.org/pub/scm/linux/kernel/git/dinguyen/linux: (361 commits)
        ARM: dts: socfpga: change qspi to "intel,socfpga-qspi"
        dt-bindings: spi: cadence-quadspi: document "intel,socfpga-qspi"
        Linux 5.16-rc7
        mm/hwpoison: clear MF_COUNT_INCREASED before retrying get_any_page()
        mm/damon/dbgfs: protect targets destructions with kdamond_lock
        mm/page_alloc: fix __alloc_size attribute for alloc_pages_exact_nid
        mm: delete unsafe BUG from page_cache_add_speculative()
        mm, hwpoison: fix condition in free hugetlb page path
        MAINTAINERS: mark more list instances as moderated
        kernel/crash_core: suppress unknown crashkernel parameter warning
        mm: mempolicy: fix THP allocations escaping mempolicy restrictions
        kfence: fix memory leak when cat kfence objects
        platform/x86: intel_pmc_core: fix memleak on registration failure
        net: stmmac: dwmac-visconti: Fix value of ETHER_CLK_SEL_FREQ_SEL_2P5M
        r8152: sync ocp base
        r8152: fix the force speed doesn't work for RTL8156
        net: bridge: fix ioctl old_deviceless bridge argument
        net: stmmac: ptp: fix potentially overflowing expression
        net: dsa: tag_ocelot: use traffic class to map priority on injected header
        veth: ensure skb entering GRO are not cloned.
        ...
      
      Link: https://lore.kernel.org/r/20211227103644.566694-1-dinguyen@kernel.orgSigned-off-by: NOlof Johansson <olof@lixom.net>
      8922bb65
    • O
      Merge tag 'reset-fixes-for-v5.16-2' of git://git.pengutronix.de/pza/linux into arm/fixes · fde9ec3c
      Olof Johansson 提交于
      Reset controller fixes for v5.16, part 2
      
      Fix pm_runtime_resume_and_get() error handling in the
      reset-rzg2l-usbphy-ctrl driver.
      
      * tag 'reset-fixes-for-v5.16-2' of git://git.pengutronix.de/pza/linux:
        reset: renesas: Fix Runtime PM usage
        reset: tegra-bpmp: Revert Handle errors in BPMP response
      
      Link: https://lore.kernel.org/r/20220105172515.273947-1-p.zabel@pengutronix.deSigned-off-by: NOlof Johansson <olof@lixom.net>
      fde9ec3c
    • N
      tracing: Tag trace_percpu_buffer as a percpu pointer · f28439db
      Naveen N. Rao 提交于
      Tag trace_percpu_buffer as a percpu pointer to resolve warnings
      reported by sparse:
        /linux/kernel/trace/trace.c:3218:46: warning: incorrect type in initializer (different address spaces)
        /linux/kernel/trace/trace.c:3218:46:    expected void const [noderef] __percpu *__vpp_verify
        /linux/kernel/trace/trace.c:3218:46:    got struct trace_buffer_struct *
        /linux/kernel/trace/trace.c:3234:9: warning: incorrect type in initializer (different address spaces)
        /linux/kernel/trace/trace.c:3234:9:    expected void const [noderef] __percpu *__vpp_verify
        /linux/kernel/trace/trace.c:3234:9:    got int *
      
      Link: https://lkml.kernel.org/r/ebabd3f23101d89cb75671b68b6f819f5edc830b.1640255304.git.naveen.n.rao@linux.vnet.ibm.com
      
      Cc: stable@vger.kernel.org
      Reported-by: Nkernel test robot <lkp@intel.com>
      Fixes: 07d777fe ("tracing: Add percpu buffers for trace_printk()")
      Signed-off-by: NNaveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
      Signed-off-by: NSteven Rostedt <rostedt@goodmis.org>
      f28439db
    • N
      tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() · 823e670f
      Naveen N. Rao 提交于
      With the new osnoise tracer, we are seeing the below splat:
          Kernel attempted to read user page (c7d880000) - exploit attempt? (uid: 0)
          BUG: Unable to handle kernel data access on read at 0xc7d880000
          Faulting instruction address: 0xc0000000002ffa10
          Oops: Kernel access of bad area, sig: 11 [#1]
          LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries
          ...
          NIP [c0000000002ffa10] __trace_array_vprintk.part.0+0x70/0x2f0
          LR [c0000000002ff9fc] __trace_array_vprintk.part.0+0x5c/0x2f0
          Call Trace:
          [c0000008bdd73b80] [c0000000001c49cc] put_prev_task_fair+0x3c/0x60 (unreliable)
          [c0000008bdd73be0] [c000000000301430] trace_array_printk_buf+0x70/0x90
          [c0000008bdd73c00] [c0000000003178b0] trace_sched_switch_callback+0x250/0x290
          [c0000008bdd73c90] [c000000000e70d60] __schedule+0x410/0x710
          [c0000008bdd73d40] [c000000000e710c0] schedule+0x60/0x130
          [c0000008bdd73d70] [c000000000030614] interrupt_exit_user_prepare_main+0x264/0x270
          [c0000008bdd73de0] [c000000000030a70] syscall_exit_prepare+0x150/0x180
          [c0000008bdd73e10] [c00000000000c174] system_call_vectored_common+0xf4/0x278
      
      osnoise tracer on ppc64le is triggering osnoise_taint() for negative
      duration in get_int_safe_duration() called from
      trace_sched_switch_callback()->thread_exit().
      
      The problem though is that the check for a valid trace_percpu_buffer is
      incorrect in get_trace_buf(). The check is being done after calculating
      the pointer for the current cpu, rather than on the main percpu pointer.
      Fix the check to be against trace_percpu_buffer.
      
      Link: https://lkml.kernel.org/r/a920e4272e0b0635cf20c444707cbce1b2c8973d.1640255304.git.naveen.n.rao@linux.vnet.ibm.com
      
      Cc: stable@vger.kernel.org
      Fixes: e2ace001 ("tracing: Choose static tp_printk buffer by explicit nesting count")
      Signed-off-by: NNaveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
      Signed-off-by: NSteven Rostedt <rostedt@goodmis.org>
      823e670f
    • J
      ftrace/samples: Add missing prototypes direct functions · 0daf5cb2
      Jiri Olsa 提交于
      There's another compilation fail (first here [1]) reported by kernel
      test robot for W=1 clang build:
      
        >> samples/ftrace/ftrace-direct-multi-modify.c:7:6: warning: no previous
        prototype for function 'my_direct_func1' [-Wmissing-prototypes]
           void my_direct_func1(unsigned long ip)
      
      Direct functions in ftrace direct sample modules need to have prototypes
      defined. They are already global in order to be visible for the inline
      assembly, so there's no problem.
      
      The kernel test robot reported just error for ftrace-direct-multi-modify,
      but I got same errors also for the rest of the modules touched by this patch.
      
      [1] 67d4f6e3 ftrace/samples: Add missing prototype for my_direct_func
      
      Link: https://lkml.kernel.org/r/20211219135317.212430-1-jolsa@kernel.orgReported-by: Nkernel test robot <lkp@intel.com>
      Fixes: e1067a07 ("ftrace/samples: Add module to test multi direct modify interface")
      Fixes: ae0cc3b7 ("ftrace/samples: Add a sample module that implements modify_ftrace_direct()")
      Fixes: 156473a0 ("ftrace: Add another example of register_ftrace_direct() use case")
      Fixes: b06457c8 ("ftrace: Add sample module that uses register_ftrace_direct()")
      Signed-off-by: NJiri Olsa <jolsa@kernel.org>
      Signed-off-by: NSteven Rostedt <rostedt@goodmis.org>
      0daf5cb2
    • L
      Merge tag 'net-5.16-final' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 75acfdb6
      Linus Torvalds 提交于
      Pull networking fixes from Jakub Kicinski"
       "Networking fixes, including fixes from bpf, and WiFi. One last pull
        request, turns out some of the recent fixes did more harm than good.
      
        Current release - regressions:
      
         - Revert "xsk: Do not sleep in poll() when need_wakeup set", made the
           problem worse
      
         - Revert "net: phy: fixed_phy: Fix NULL vs IS_ERR() checking in
           __fixed_phy_register", broke EPROBE_DEFER handling
      
         - Revert "net: usb: r8152: Add MAC pass-through support for more
           Lenovo Docks", broke setups without a Lenovo dock
      
        Current release - new code bugs:
      
         - selftests: set amt.sh executable
      
        Previous releases - regressions:
      
         - batman-adv: mcast: don't send link-local multicast to mcast routers
      
        Previous releases - always broken:
      
         - ipv4/ipv6: check attribute length for RTA_FLOW / RTA_GATEWAY
      
         - sctp: hold endpoint before calling cb in
           sctp_transport_lookup_process
      
         - mac80211: mesh: embed mesh_paths and mpp_paths into
           ieee80211_if_mesh to avoid complicated handling of sub-object
           allocation failures
      
         - seg6: fix traceroute in the presence of SRv6
      
         - tipc: fix a kernel-infoleak in __tipc_sendmsg()"
      
      * tag 'net-5.16-final' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (36 commits)
        selftests: set amt.sh executable
        Revert "net: usb: r8152: Add MAC passthrough support for more Lenovo Docks"
        sfc: The RX page_ring is optional
        iavf: Fix limit of total number of queues to active queues of VF
        i40e: Fix incorrect netdev's real number of RX/TX queues
        i40e: Fix for displaying message regarding NVM version
        i40e: fix use-after-free in i40e_sync_filters_subtask()
        i40e: Fix to not show opcode msg on unsuccessful VF MAC change
        ieee802154: atusb: fix uninit value in atusb_set_extended_addr
        mac80211: mesh: embedd mesh_paths and mpp_paths into ieee80211_if_mesh
        mac80211: initialize variable have_higher_than_11mbit
        sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc
        netrom: fix copying in user data in nr_setsockopt
        udp6: Use Segment Routing Header for dest address if present
        icmp: ICMPV6: Examine invoking packet for Segment Route Headers.
        seg6: export get_srh() for ICMP handling
        Revert "net: phy: fixed_phy: Fix NULL vs IS_ERR() checking in __fixed_phy_register"
        ipv6: Do cleanup if attribute validation fails in multipath route
        ipv6: Continue processing multipath route even if gateway attribute is invalid
        net/fsl: Remove leftover definition in xgmac_mdio
        ...
      75acfdb6
    • L
      RDMA/core: Don't infoleak GRH fields · b35a0f4d
      Leon Romanovsky 提交于
      If dst->is_global field is not set, the GRH fields are not cleared
      and the following infoleak is reported.
      
      =====================================================
      BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline]
      BUG: KMSAN: kernel-infoleak in _copy_to_user+0x1c9/0x270 lib/usercopy.c:33
       instrument_copy_to_user include/linux/instrumented.h:121 [inline]
       _copy_to_user+0x1c9/0x270 lib/usercopy.c:33
       copy_to_user include/linux/uaccess.h:209 [inline]
       ucma_init_qp_attr+0x8c7/0xb10 drivers/infiniband/core/ucma.c:1242
       ucma_write+0x637/0x6c0 drivers/infiniband/core/ucma.c:1732
       vfs_write+0x8ce/0x2030 fs/read_write.c:588
       ksys_write+0x28b/0x510 fs/read_write.c:643
       __do_sys_write fs/read_write.c:655 [inline]
       __se_sys_write fs/read_write.c:652 [inline]
       __ia32_sys_write+0xdb/0x120 fs/read_write.c:652
       do_syscall_32_irqs_on arch/x86/entry/common.c:114 [inline]
       __do_fast_syscall_32+0x96/0xf0 arch/x86/entry/common.c:180
       do_fast_syscall_32+0x34/0x70 arch/x86/entry/common.c:205
       do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:248
       entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
      
      Local variable resp created at:
       ucma_init_qp_attr+0xa4/0xb10 drivers/infiniband/core/ucma.c:1214
       ucma_write+0x637/0x6c0 drivers/infiniband/core/ucma.c:1732
      
      Bytes 40-59 of 144 are uninitialized
      Memory access of size 144 starts at ffff888167523b00
      Data copied to user address 0000000020000100
      
      CPU: 1 PID: 25910 Comm: syz-executor.1 Not tainted 5.16.0-rc5-syzkaller #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
      =====================================================
      
      Fixes: 4ba66093 ("IB/core: Check for global flag when using ah_attr")
      Link: https://lore.kernel.org/r/0e9dd51f93410b7b2f4f5562f52befc878b71afa.1641298868.git.leonro@nvidia.com
      Reported-by: syzbot+6d532fa8f9463da290bc@syzkaller.appspotmail.com
      Signed-off-by: NLeon Romanovsky <leonro@nvidia.com>
      Signed-off-by: NJason Gunthorpe <jgg@nvidia.com>
      b35a0f4d
    • T
      selftests: set amt.sh executable · db54c12a
      Taehee Yoo 提交于
      amt.sh test script will not work because it doesn't have execution
      permission. So, it adds execution permission.
      Reported-by: NHangbin Liu <liuhangbin@gmail.com>
      Fixes: c08e8bae ("selftests: add amt interface selftest script")
      Signed-off-by: NTaehee Yoo <ap420073@gmail.com>
      Link: https://lore.kernel.org/r/20220105144436.13415-1-ap420073@gmail.comSigned-off-by: NJakub Kicinski <kuba@kernel.org>
      db54c12a