1. 19 2月, 2014 1 次提交
    • C
      mei: set client's read_cb to NULL when flow control fails · accb884b
      Chao Bi 提交于
      In mei_cl_read_start(), if it fails to send flow control request, it
      will release "cl->read_cb" but forget to set pointer to NULL, leaving
      "cl->read_cb" still pointing to random memory, next time this client is
      operated like mei_release(), it has chance to refer to this wrong pointer.
      
      Fixes:  PANIC at kfree in mei_release()
      
      [228781.826904] Call Trace:
      [228781.829737]  [<c16249b8>] ? mei_cl_unlink+0x48/0xa0
      [228781.835283]  [<c1624487>] mei_io_cb_free+0x17/0x30
      [228781.840733]  [<c16265d8>] mei_release+0xa8/0x180
      [228781.845989]  [<c135c610>] ? __fsnotify_parent+0xa0/0xf0
      [228781.851925]  [<c1325a69>] __fput+0xd9/0x200
      [228781.856696]  [<c1325b9d>] ____fput+0xd/0x10
      [228781.861467]  [<c125cae1>] task_work_run+0x81/0xb0
      [228781.866821]  [<c1242e53>] do_exit+0x283/0xa00
      [228781.871786]  [<c1a82b36>] ? kprobe_flush_task+0x66/0xc0
      [228781.877722]  [<c124eeb8>] ? __dequeue_signal+0x18/0x1a0
      [228781.883657]  [<c124f072>] ? dequeue_signal+0x32/0x190
      [228781.889397]  [<c1243744>] do_group_exit+0x34/0xa0
      [228781.894750]  [<c12517b6>] get_signal_to_deliver+0x206/0x610
      [228781.901075]  [<c12018d8>] do_signal+0x38/0x100
      [228781.906136]  [<c1626d1c>] ? mei_read+0x42c/0x4e0
      [228781.911393]  [<c12600a0>] ? wake_up_bit+0x30/0x30
      [228781.916745]  [<c16268f0>] ? mei_poll+0x120/0x120
      [228781.922001]  [<c1324be9>] ? vfs_read+0x89/0x160
      [228781.927158]  [<c16268f0>] ? mei_poll+0x120/0x120
      [228781.932414]  [<c133ca34>] ? fget_light+0x44/0xe0
      [228781.937670]  [<c1324e58>] ? SyS_read+0x68/0x80
      [228781.942730]  [<c12019f5>] do_notify_resume+0x55/0x70
      [228781.948376]  [<c1a7de5d>] work_notifysig+0x29/0x30
      [228781.953827]  [<c1a70000>] ? bad_area+0x5/0x3e
      
      Cc: stable <stable@vger.kernel.org> # 3.9+
      Signed-off-by: NChao Bi <chao.bi@intel.com>
      Signed-off-by: NTomas Winkler <tomas.winkler@intel.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      accb884b
  2. 08 2月, 2014 2 次提交
    • A
      mei: don't unset read cb ptr on reset · 5cb906c7
      Alexander Usyskin 提交于
      Don't set read callback to NULL during reset as
      this leads to memory leak of both cb and its buffer.
      The memory is correctly freed during mei_release.
      
      The memory leak is detectable by kmemleak if
      application has open read call while system is going through
      suspend/resume.
      
      unreferenced object 0xecead780 (size 64):
        comm "AsyncTask #1", pid 1018, jiffies 4294949621 (age 152.440s)
        hex dump (first 32 bytes):
          00 01 10 00 00 02 20 00 00 bf 30 f1 00 00 00 00  ...... ...0.....
          00 00 00 00 00 00 00 00 36 01 00 00 00 70 da e2  ........6....p..
        backtrace:
          [<c1a60aec>] kmemleak_alloc+0x3c/0xa0
          [<c131ed56>] kmem_cache_alloc_trace+0xc6/0x190
          [<c16243c9>] mei_io_cb_init+0x29/0x50
          [<c1625722>] mei_cl_read_start+0x102/0x360
          [<c16268f3>] mei_read+0x103/0x4e0
          [<c1324b09>] vfs_read+0x89/0x160
          [<c1324d5f>] SyS_read+0x4f/0x80
          [<c1a7b318>] syscall_call+0x7/0xb
          [<ffffffff>] 0xffffffff
      unreferenced object 0xe2da7000 (size 512):
        comm "AsyncTask #1", pid 1018, jiffies 4294949621 (age 152.440s)
        hex dump (first 32 bytes):
          00 6c da e2 7c 00 00 00 00 00 00 00 c0 eb 0c 59  .l..|..........Y
          1b 00 00 00 01 00 00 00 02 10 00 00 01 00 00 00  ................
        backtrace:
          [<c1a60aec>] kmemleak_alloc+0x3c/0xa0
          [<c131f127>] __kmalloc+0xe7/0x1d0
          [<c162447e>] mei_io_cb_alloc_resp_buf+0x2e/0x60
          [<c162574c>] mei_cl_read_start+0x12c/0x360
          [<c16268f3>] mei_read+0x103/0x4e0
          [<c1324b09>] vfs_read+0x89/0x160
          [<c1324d5f>] SyS_read+0x4f/0x80
          [<c1a7b318>] syscall_call+0x7/0xb
          [<ffffffff>] 0xffffffff
      Signed-off-by: NAlexander Usyskin <alexander.usyskin@intel.com>
      Signed-off-by: NTomas Winkler <tomas.winkler@intel.com>
      Cc: stable <stable@vger.kernel.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      5cb906c7
    • A
      mei: clear write cb from waiting list on reset · 30c54df7
      Alexander Usyskin 提交于
      Clear write callbacks sitting in write_waiting list on reset.
      Otherwise these callbacks are left dangling and cause memory leak.
      Signed-off-by: NAlexander Usyskin <alexander.usyskin@intel.com>
      Signed-off-by: NTomas Winkler <tomas.winkler@intel.com>
      Cc: stable <stable@vger.kernel.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      30c54df7
  3. 14 1月, 2014 1 次提交
  4. 09 1月, 2014 1 次提交
  5. 19 12月, 2013 1 次提交
  6. 28 11月, 2013 1 次提交
  7. 30 10月, 2013 1 次提交
  8. 20 10月, 2013 1 次提交
  9. 04 10月, 2013 2 次提交
  10. 26 9月, 2013 5 次提交
  11. 27 7月, 2013 1 次提交
  12. 25 7月, 2013 1 次提交
  13. 25 6月, 2013 3 次提交
  14. 22 5月, 2013 1 次提交
  15. 20 4月, 2013 1 次提交
  16. 11 4月, 2013 1 次提交
  17. 09 4月, 2013 1 次提交
  18. 05 4月, 2013 1 次提交
  19. 29 3月, 2013 1 次提交
  20. 07 2月, 2013 2 次提交
  21. 15 1月, 2013 1 次提交
    • T
      mei: drop the warning when cl is not initialized during unlinking · 8e9a4a9a
      Tomas Winkler 提交于
      On systems where wd and amthif is not initialized
      we will hit cl->dev == NULL. This condition is okay
      so we don't need to be laud about it.
      
      Fixes the follwing warning during suspend
      [  137.061985] WARNING: at drivers/misc/mei/client.c:315 mei_cl_unlink+0x86/0x90 [mei]()
      [  137.061986] Hardware name: 530U3BI/530U4BI/530U4BH
      [  137.062140] Modules linked in: snd_hda_codec_hdmi snd_hda_codec_realtek joydev coretemp kvm_intel snd_hda_intel snd_hda_codec kvm arc4 iwldvm snd_hwdep i915 snd_pcm mac80211 ghash_clmulni_intel snd_page_alloc aesni_intel snd_seq_midi xts snd_seq_midi_event aes_x86_64 rfcomm snd_rawmidi parport_pc bnep lrw snd_seq uvcvideo i2c_algo_bit ppdev gf128mul iwlwifi snd_timer drm_kms_helper ablk_helper cryptd drm snd_seq_device videobuf2_vmalloc psmouse videobuf2_memops snd cfg80211 btusb videobuf2_core soundcore videodev lp bluetooth samsung_laptop wmi microcode mei serio_raw mac_hid video hid_generic lpc_ich parport usbhid hid r8169
      [  137.062143] Pid: 2706, comm: kworker/u:15 Tainted: G      D W    3.8.0-rc2-next20130109-1-iniza-generic #1
      [  137.062144] Call Trace:
      [  137.062156]  [<ffffffff8105860f>] warn_slowpath_common+0x7f/0xc0
      [  137.062159]  [<ffffffff8135b1ea>] ? ioread32+0x3a/0x40
      [  137.062162]  [<ffffffff8105866a>] warn_slowpath_null+0x1a/0x20
      [  137.062168]  [<ffffffffa0076be6>] mei_cl_unlink+0x86/0x90 [mei]
      [  137.062173]  [<ffffffffa0071325>] mei_reset+0xc5/0x240 [mei]
      [  137.062178]  [<ffffffffa0073703>] mei_pci_resume+0xa3/0x110 [mei]
      [  137.062183]  [<ffffffff81379cae>] pci_pm_resume+0x7e/0xe0
      [  137.062185]  [<ffffffff81379c30>] ? pci_pm_thaw+0x80/0x80
      [  137.062189]  [<ffffffff8145a415>] dpm_run_callback.isra.6+0x25/0x50
      [  137.062192]  [<ffffffff8145a6cf>] device_resume+0x9f/0x140
      [  137.062194]  [<ffffffff8145a791>] async_resume+0x21/0x50
      [  137.062200]  [<ffffffff810858b0>] async_run_entry_fn+0x90/0x1c0
      [  137.062203]  [<ffffffff810778e5>] process_one_work+0x155/0x460
      [  137.062207]  [<ffffffff81078578>] worker_thread+0x168/0x400
      [  137.062210]  [<ffffffff81078410>] ? manage_workers+0x2b0/0x2b0
      [  137.062214]  [<ffffffff8107d9f0>] kthread+0xc0/0xd0
      [  137.062218]  [<ffffffff8107d930>] ? flush_kthread_worker+0xb0/0xb0
      [  137.062222]  [<ffffffff816bac6c>] ret_from_fork+0x7c/0xb0
      [  137.062228]  [<ffffffff8107d930>] ? flush_kthread_worker+0xb0/0xb0
      Reported-by: NSedat Dilek <sedat.dilek@gmail.com>
      Tested-by: NSedat Dilek <sedat.dilek@gmail.com>
      Signed-off-by: NTomas Winkler <tomas.winkler@intel.com>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      8e9a4a9a
  22. 09 1月, 2013 8 次提交
  23. 08 1月, 2013 2 次提交