1fc07037f1
Merge 4.9.200 into android-4.9-q
Linux 4.9.200
* alarmtimer: Change remaining ENOTSUPP to EOPNOTSUPP
kernel/time/alarmtimer.c
dmaengine: qcom: bam_dma: Fix resource leak
* net/flow_dissector: switch to siphash
include/linux/skbuff.h
include/net/flow_dissector.h
net/core/flow_dissector.c
net/sched/sch_fq_codel.c
* kbuild: add -fcf-protection=none when using retpoline flags
Makefile
* kbuild: use -fmacro-prefix-map to make __FILE__ a relative path
Makefile
* Kbuild: make designated_init attribute fatal
Makefile
* inet: stop leaking jiffies on the wire
net/ipv4/datagram.c
net/ipv4/tcp_ipv4.c
net/mlx4_core: Dynamically set guaranteed amount of counters per VF
vxlan: check tun_info options_len properly
net: bcmgenet: reset 40nm EPHY on energy detect
net: dsa: fix switch tree list
* net: add READ_ONCE() annotation in __skb_wait_for_more_packets()
net/core/datagram.c
selftests: net: reuseport_dualstack: fix uninitalized parameter
* net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol()
net/core/ethtool.c
net: hisilicon: Fix ping latency when deal with high throughput
* net: fix sk_page_frag() recursion from memory reclaim
include/linux/gfp.h
include/net/sock.h
dccp: do not leak jiffies on the wire
cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs
MIPS: bmips: mark exception vectors as char arrays
of: unittest: fix memory leak in unittest_data_add
scsi: target: core: Do not overwrite CDB byte 1
ARM: davinci: dm365: Fix McBSP dma_slave_map entry
perf kmem: Fix memory leak in compact_gfp_flags()
ARM: dts: imx7s: Correct GPT's ipg clock source
* scsi: fix kconfig dependency warning related to 53C700_LE_ON_BE
drivers/scsi/Kconfig
scsi: sni_53c710: fix compilation error
scsi: scsi_dh_alua: handle RTPG sense code correctly during state transitions
ARM: mm: fix alignment handler faults under memory pressure
pinctrl: ns2: Fix off by one bugs in ns2_pinmux_enable()
ARM: dts: logicpd-torpedo-som: Remove twl_keypad
ASoc: rockchip: i2s: Fix RPM imbalance
ASoC: wm_adsp: Don't generate kcontrols without READ flags
regulator: pfuze100-regulator: Variable "val" in pfuze100_regulator_probe() could be uninitialized
regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/ti_abb_clear_all_txdone
UPSTREAM: HID: steam: fix deadlock with input devices.
UPSTREAM: HID: steam: fix boot loop with bluetooth firmware
UPSTREAM: HID: steam: remove input device when a hid client is running.
UPSTREAM: HID: steam: use hid_device.driver_data instead of hid_set_drvdata()
UPSTREAM: HID: steam: add missing fields in client initialization
UPSTREAM: HID: steam: add battery device.
* UPSTREAM: HID: add driver for Valve Steam Controller
drivers/hid/Kconfig
drivers/hid/Makefile
drivers/hid/hid-core.c
drivers/hid/hid-ids.h
include/linux/hid.h
* UPSTREAM: HID: sony: Fix memory corruption issue on cleanup.
drivers/hid/hid-sony.c
* UPSTREAM: HID: sony: Fix race condition between rumble and device remove.
drivers/hid/hid-sony.c
Merge 4.9.199 into android-4.9-q
Linux 4.9.199
Revert "ALSA: hda: Flush interrupts on disabling"
* ALSA: timer: Fix mutex deadlock at releasing card
sound/core/timer.c
* ALSA: timer: Simplify error path in snd_timer_open()
sound/core/timer.c
* ALSA: timer: Limit max instances per timer
include/sound/timer.h
sound/core/timer.c
* ALSA: timer: Follow standard EXPORT_SYMBOL() declarations
sound/core/timer.c
xfs: Correctly invert xfs_buftarg LRU isolation logic
sctp: not bind the socket in sctp_connect
* sctp: fix the issue that flags are ignored when using kernel_connect
include/net/sctp/sctp.h
* sch_netem: fix rcu splat in netem_enqueue()
include/net/sch_generic.h
net/sched/sch_netem.c
net: usb: sr9800: fix uninitialized local variable
* bonding: fix potential NULL deref in bond_update_slave_arr
drivers/net/bonding/bond_main.c
llc: fix sk_buff leak in llc_conn_service()
llc: fix sk_buff leak in llc_sap_state_process()
dmaengine: cppi41: Fix cppi41_dma_prep_slave_sg() when idle
rtlwifi: Fix potential overflow on P2P code
s390/cmm: fix information leak in cmm_timeout_handler()
* nl80211: fix validation of mesh path nexthop
net/wireless/nl80211.c
* HID: fix error message in hid_open_report()
drivers/hid/hid-core.c
* HID: Fix assumption that devices have inputs
drivers/hid/hid-dr.c
drivers/hid/hid-gaff.c
drivers/hid/hid-sony.c
HID: i2c-hid: add Trekstor Primebook C11B to descriptor override
USB: serial: whiteheat: fix line-speed endianness
USB: serial: whiteheat: fix potential slab corruption
USB: ldusb: fix control-message timeout
USB: ldusb: fix ring-buffer locking
* usb-storage: Revert commit 747668dbc061 ("usb-storage: Set virt_boundary_mask to avoid SG overflows")
drivers/usb/storage/scsiglue.c
* USB: gadget: Reject endpoints with 0 maxpacket value
drivers/usb/gadget/udc/core.c
UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather segments")
ALSA: bebob: Fix prototype of helper function to return negative value
* fuse: truncate pending writes on O_TRUNC
fs/fuse/file.c
* fuse: flush dirty data/metadata before non-truncate setattr
fs/fuse/dir.c
ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()
thunderbolt: Use 32-bit writes when writing ring producer/consumer
USB: legousbtower: fix a signedness bug in tower_probe()
* tracing: Initialize iter->seq after zeroing in tracing_read_pipe()
kernel/trace/trace.c
s390/uaccess: avoid (false positive) compiler warnings
NFSv4: Fix leak of clp->cl_acceptor string
MIPS: fw: sni: Fix out of bounds init of o32 stack
fs: ocfs2: fix a possible null-pointer dereference in ocfs2_info_scan_inode_alloc()
fs: ocfs2: fix a possible null-pointer dereference in ocfs2_write_end_nolock()
fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry()
ocfs2: clear zero in unaligned direct IO
efi/x86: Do not clean dummy variable in kexec path
efi/cper: Fix endianness of PCIe class code
serial: mctrl_gpio: Check for NULL pointer
fs: cifs: mute -Wunused-const-variable message
gpio: max77620: Use correct unit for debounce times
RDMA/iwcm: Fix a lock inversion issue
staging: rtl8188eu: fix null dereference when kzalloc fails
perf jevents: Fix period for Intel fixed counters
perf map: Fix overlapped map handling
iio: fix center temperature of bmc150-accel-core
* exec: load_script: Do not exec truncated interpreter path
fs/binfmt_script.c
rtc: pcf8523: set xtal load capacitance from DT
* usb: handle warm-reset port requests on hub resume
drivers/usb/core/hub.c
* scripts/setlocalversion: Improve -dirty check with git-status --no-optional-locks
scripts/setlocalversion
HID: i2c-hid: Add Odys Winbook 13 to descriptor override
x86/cpu: Add Atom Tremont (Jacobsville)
HID: i2c-hid: add Direkt-Tek DTLAPY133-1 to descriptor override
sc16is7xx: Fix for "Unexpected interrupt: 8"
* dm: Use kzalloc for all structs with embedded biosets/mempools
drivers/md/dm-io.c
drivers/md/dm-kcopyd.c
dm snapshot: rework COW throttling to fix deadlock
dm snapshot: introduce account_start_copy() and account_end_copy()
dm snapshot: use mutex instead of rw_semaphore
* binder: binder: fix possible UAF when freeing buffer
drivers/android/binder.c
* BACKPORT: dm bufio: introduce a global cache replacement
drivers/md/dm-bufio.c
* BACKPORT: dm bufio: remove old-style buffer cleanup
drivers/md/dm-bufio.c
* BACKPORT: dm bufio: introduce a global queue
drivers/md/dm-bufio.c
* BACKPORT: dm bufio: refactor adjust_total_allocated
drivers/md/dm-bufio.c
* BACKPORT: dm bufio: call adjust_total_allocated from __link_buffer and __unlink_buffer
drivers/md/dm-bufio.c
cuttlefish-4.9: Enable CONFIG_DM_SNAPSHOT
Merge 4.9.198 into android-4.9-q
Linux 4.9.198
RDMA/cxgb4: Do not dma memory off of the stack
* Revert "net: sit: fix memory leak in sit_init_net()"
net/ipv6/sit.c
* PCI: PM: Fix pci_power_up()
drivers/pci/pci.c
xen/netback: fix error path of xenvif_connect_data()
* cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown
drivers/base/core.c
drivers/cpufreq/cpufreq.c
memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()'
btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group()
CIFS: avoid using MID 0xFFFF
parisc: Fix vmap memory leak in ioremap()/iounmap()
xtensa: drop EXPORT_SYMBOL for outs*/ins*
* mm/slub: fix a deadlock in show_slab_objects()
mm/slub.c
scsi: zfcp: fix reaction on bit error threshold notification
* drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50
drivers/gpu/drm/drm_edid.c
mac80211: Reject malformed SSID elements
cfg80211: wext: avoid copying malformed SSIDs
ASoC: rsnd: Reinitialize bit clock inversion flag for every format setting
Input: da9063 - fix capability and drop KEY_SLEEP
* scsi: core: try to get module before removing device
drivers/scsi/scsi_sysfs.c
staging: wlan-ng: fix exit return when sme->key_idx >= NUM_WEPKEYS
MIPS: tlbex: Fix build_restore_pagemask KScratch restore
USB: ldusb: fix read info leaks
USB: usblp: fix use-after-free on disconnect
USB: ldusb: fix memleak on disconnect
USB: serial: ti_usb_3410_5052: fix port-close races
usb: udc: lpc32xx: fix bad bit shift operation
ALSA: hda/realtek - Add support for ALC711
USB: legousbtower: fix memleak on disconnect
* memfd: Fix locking when tagging pins
mm/shmem.c
* ipv4: Return -ENETUNREACH if we can't create route but saddr is valid
net/ipv4/route.c
* net: avoid potential infinite loop in tc_ctl_action()
net/sched/act_api.c
sctp: change sctp_prot .no_autobind with true
net: bcmgenet: Set phydev->dev_flags only for internal PHYs
net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3
* loop: Add LOOP_SET_DIRECT_IO to compat ioctl
drivers/block/loop.c
ocfs2: fix panic due to ocfs2_wq is null
Revert "drm/radeon: Fix EEH during kexec"
namespace: fix namespace.pl script to support relative paths
net: hisilicon: Fix usage of uninitialized variable in function mdio_sc_cfg_reg_write()
mips: Loongson: Fix the link time qualifier of 'serial_exit()'
mac80211: fix txq null pointer dereference
* nl80211: fix null pointer dereference
net/wireless/nl80211.c
MIPS: dts: ar9331: fix interrupt-controller size
ARM: dts: am4372: Set memory bandwidth limit for DISPC
ARM: OMAP2+: Fix missing reset done flag for am3 and am43
scsi: qla2xxx: Fix unbound sleep in fcport delete path.
scsi: megaraid: disable device when probe failed after enabled device
* scsi: ufs: skip shutdown if hba is not powered
drivers/scsi/ufs/ufshcd.c
rtlwifi: Fix potential overflow on P2P code
ANDROID: clang: update to 9.0.8 based on r365631c
* ANDROID: move up spin_unlock_bh() ahead of remove_proc_entry()
net/netfilter/xt_quota2.c
ANDROID: refactor build.config files to remove duplication
Merge 4.9.197 into android-4.9-q
Linux 4.9.197
xfs: clear sb->s_fs_info on mount failure
x86/asm: Fix MWAITX C-state hint value
* tracing: Get trace_array reference for available_tracers files
kernel/trace/trace.c
tracing/hwlat: Don't ignore outer-loop duration when calculating max_latency
tracing/hwlat: Report total time spent in all NMIs during the sample
media: stkwebcam: fix runtime PM after driver unbind
* Fix the locking in dcache_readdir() and friends
fs/libfs.c
MIPS: Disable Loongson MMI instructions for kernel build
Staging: fbtft: fix memory leak in fbtft_framebuffer_alloc
staging: fbtft: Stop using BL_CORE_DRIVER1
* kernel/sysctl.c: do not override max_threads provided by userspace
kernel/fork.c
CIFS: Force reval dentry if LOOKUP_REVAL flag is set
CIFS: Force revalidate inode when dentry is stale
CIFS: Gracefully handle QueryInfo errors during open
perf inject jit: Fix JIT_CODE_MOVE filename
perf llvm: Don't access out-of-scope array
efivar/ssdt: Don't iterate over EFI vars if no SSDT override was specified
iio: light: opt3001: fix mutex unlock race
iio: adc: ad799x: fix probe error handling
staging: vt6655: Fix memory leak in vt6655_probe
USB: legousbtower: fix use-after-free on release
USB: legousbtower: fix open after failed reset request
USB: legousbtower: fix potential NULL-deref on disconnect
USB: legousbtower: fix deadlock on disconnect
USB: legousbtower: fix slab info leak at probe
usb: renesas_usbhs: gadget: Fix usb_ep_set_{halt,wedge}() behavior
usb: renesas_usbhs: gadget: Do not discard queues in usb_ep_set_{halt,wedge}()
USB: dummy-hcd: fix power budget for SuperSpeed mode
USB: microtek: fix info-leak at probe
USB: usblcd: fix I/O after disconnect
USB: serial: fix runtime PM after driver unbind
USB: serial: option: add support for Cinterion CLS8 devices
USB: serial: option: add Telit FN980 compositions
USB: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20
USB: serial: keyspan: fix NULL-derefs on open() and write()
serial: uartlite: fix exit path null pointer
USB: ldusb: fix NULL-derefs on driver unbind
USB: chaoskey: fix use-after-free on release
USB: usblp: fix runtime PM after driver unbind
USB: iowarrior: fix use-after-free after driver unbind
USB: iowarrior: fix use-after-free on release
USB: iowarrior: fix use-after-free on disconnect
USB: adutux: fix use-after-free on release
USB: adutux: fix NULL-derefs on disconnect
USB: adutux: fix use-after-free on disconnect
USB: adutux: remove redundant variable minor
* xhci: Increase STS_SAVE timeout in xhci_suspend()
drivers/usb/host/xhci.c
* usb: xhci: wait for CNR controller not ready bit in xhci resume
drivers/usb/host/xhci.c
* xhci: Check all endpoints for LPM timeout
drivers/usb/host/xhci.c
* xhci: Prevent device initiated U1/U2 link pm if exit latency is too long
drivers/usb/host/xhci.c
* xhci: Fix false warning message about wrong bounce buffer write length
drivers/usb/host/xhci-ring.c
USB: usb-skeleton: fix NULL-deref on disconnect
USB: usb-skeleton: fix runtime PM after driver unbind
USB: yurex: fix NULL-derefs on disconnect
USB: yurex: Don't retry on unexpected errors
* USB: rio500: Remove Rio 500 kernel driver
drivers/usb/misc/Kconfig
drivers/usb/misc/Makefile
* panic: ensure preemption is disabled during panic()
kernel/panic.c
ASoC: sgtl5000: Improve VAG power and mute control
* nl80211: validate beacon head
net/wireless/nl80211.c
* cfg80211: Use const more consistently in for_each_element macros
include/linux/ieee80211.h
* cfg80211: add and use strongly typed element iteration macros
include/linux/ieee80211.h
net/wireless/scan.c
coresight: etm4x: Use explicit barriers on enable/disable
crypto: caam - fix concurrency issue in givencrypt descriptor
perf stat: Reset previous counts on repeat with interval
perf stat: Fix a segmentation fault when using repeat forever
perf tools: Fix segfault in cpu_cache_level__read()
tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure
* kernel/elfcore.c: include proper prototypes
kernel/elfcore.c
* sched/core: Fix migration to invalid CPU in __set_cpus_allowed_ptr()
kernel/sched/core.c
fuse: fix memleak in cuse_channel_open
* thermal: Fix use-after-free when unregistering thermal zone device
drivers/thermal/thermal_core.c
drm/amdgpu: Check for valid number of registers to read
ceph: reconnect connection if session hang in opening state
ceph: fix directories inode i_blkbits initialization
xen/pci: reserve MCFG areas earlier
9p: avoid attaching writeback_fid on mmap with type PRIVATE
fs: nfs: Fix possible null-pointer dereferences in encode_attrs()
ima: always return negative code for error
* cfg80211: initialize on-stack chandefs
net/wireless/nl80211.c
net/wireless/reg.c
ieee802154: atusb: fix use-after-free at disconnect
watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout
* timer: Read jiffies once when forwarding base clk
kernel/time/timer.c
* usercopy: Avoid HIGHMEM pfn warning
mm/usercopy.c
crypto: qat - Silence smp_processor_id() warning
can: mcp251x: mcp251x_hw_reset(): allow more time after a reset
powerpc/powernv: Restrict OPAL symbol map to only be readable by root
* ASoC: Define a set of DAPM pre/post-up events
include/sound/soc-dapm.h
KVM: nVMX: handle page fault in vmread fix
s390/cio: exclude subchannels with no parent from pseudo check
s390/cio: avoid calling strlen on null pointer
s390/topology: avoid firing events before kobjs are created
KVM: s390: Test for bad access register and size at the start of S390_MEM_OP
ANDROID: cuttlefish_defconfig: Enable BPF_JIT and BPF_JIT_ALWAYS_ON
Change-Id: I55a3a4245646ca4ff5e4d0b29a592e4b4dce77fb
Signed-off-by: lucaswei <lucaswei@google.com>
643 lines
16 KiB
C
643 lines
16 KiB
C
/*
|
|
* linux/kernel/panic.c
|
|
*
|
|
* Copyright (C) 1991, 1992 Linus Torvalds
|
|
*/
|
|
|
|
/*
|
|
* This function is used through-out the kernel (including mm and fs)
|
|
* to indicate a major problem.
|
|
*/
|
|
#include <linux/debug_locks.h>
|
|
#include <linux/interrupt.h>
|
|
#include <linux/kmsg_dump.h>
|
|
#include <linux/kallsyms.h>
|
|
#include <linux/notifier.h>
|
|
#include <linux/vt_kern.h>
|
|
#include <linux/module.h>
|
|
#include <linux/random.h>
|
|
#include <linux/ftrace.h>
|
|
#include <linux/reboot.h>
|
|
#include <linux/delay.h>
|
|
#include <linux/kexec.h>
|
|
#include <linux/sched.h>
|
|
#include <linux/sysrq.h>
|
|
#include <linux/init.h>
|
|
#include <linux/nmi.h>
|
|
#include <linux/console.h>
|
|
#include <linux/bug.h>
|
|
#define CREATE_TRACE_POINTS
|
|
#include <trace/events/exception.h>
|
|
#include <soc/qcom/minidump.h>
|
|
|
|
#define PANIC_TIMER_STEP 100
|
|
#define PANIC_BLINK_SPD 18
|
|
|
|
int panic_on_oops = CONFIG_PANIC_ON_OOPS_VALUE;
|
|
static unsigned long tainted_mask;
|
|
static int pause_on_oops;
|
|
static int pause_on_oops_flag;
|
|
static DEFINE_SPINLOCK(pause_on_oops_lock);
|
|
bool crash_kexec_post_notifiers;
|
|
|
|
/*
|
|
* With panic_on_warn, it enable too many panic on all warnings, and kernel may
|
|
* not be free from legit warnings. So use CONFIG_PANIC_ON_WARN_DEFAULT_ENABLE
|
|
* to control panic_on_warn in debug purpose.
|
|
*/
|
|
#ifdef CONFIG_PANIC_ON_WARN_DEFAULT_ENABLE
|
|
int panic_on_warn __read_mostly = 1;
|
|
#else
|
|
int panic_on_warn __read_mostly;
|
|
#endif
|
|
|
|
int panic_timeout = CONFIG_PANIC_TIMEOUT;
|
|
EXPORT_SYMBOL_GPL(panic_timeout);
|
|
|
|
ATOMIC_NOTIFIER_HEAD(panic_notifier_list);
|
|
|
|
EXPORT_SYMBOL(panic_notifier_list);
|
|
|
|
static long no_blink(int state)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
/* Returns how long it waited in ms */
|
|
long (*panic_blink)(int state);
|
|
EXPORT_SYMBOL(panic_blink);
|
|
|
|
/*
|
|
* Stop ourself in panic -- architecture code may override this
|
|
*/
|
|
void __weak panic_smp_self_stop(void)
|
|
{
|
|
while (1)
|
|
cpu_relax();
|
|
}
|
|
|
|
/*
|
|
* Stop ourselves in NMI context if another CPU has already panicked. Arch code
|
|
* may override this to prepare for crash dumping, e.g. save regs info.
|
|
*/
|
|
void __weak nmi_panic_self_stop(struct pt_regs *regs)
|
|
{
|
|
panic_smp_self_stop();
|
|
}
|
|
|
|
/*
|
|
* Stop other CPUs in panic. Architecture dependent code may override this
|
|
* with more suitable version. For example, if the architecture supports
|
|
* crash dump, it should save registers of each stopped CPU and disable
|
|
* per-CPU features such as virtualization extensions.
|
|
*/
|
|
void __weak crash_smp_send_stop(void)
|
|
{
|
|
static int cpus_stopped;
|
|
|
|
/*
|
|
* This function can be called twice in panic path, but obviously
|
|
* we execute this only once.
|
|
*/
|
|
if (cpus_stopped)
|
|
return;
|
|
|
|
/*
|
|
* Note smp_send_stop is the usual smp shutdown function, which
|
|
* unfortunately means it may not be hardened to work in a panic
|
|
* situation.
|
|
*/
|
|
smp_send_stop();
|
|
cpus_stopped = 1;
|
|
}
|
|
|
|
atomic_t panic_cpu = ATOMIC_INIT(PANIC_CPU_INVALID);
|
|
|
|
/*
|
|
* A variant of panic() called from NMI context. We return if we've already
|
|
* panicked on this CPU. If another CPU already panicked, loop in
|
|
* nmi_panic_self_stop() which can provide architecture dependent code such
|
|
* as saving register state for crash dump.
|
|
*/
|
|
void nmi_panic(struct pt_regs *regs, const char *msg)
|
|
{
|
|
int old_cpu, cpu;
|
|
|
|
cpu = raw_smp_processor_id();
|
|
old_cpu = atomic_cmpxchg(&panic_cpu, PANIC_CPU_INVALID, cpu);
|
|
|
|
if (old_cpu == PANIC_CPU_INVALID)
|
|
panic("%s", msg);
|
|
else if (old_cpu != cpu)
|
|
nmi_panic_self_stop(regs);
|
|
}
|
|
EXPORT_SYMBOL(nmi_panic);
|
|
|
|
/**
|
|
* panic - halt the system
|
|
* @fmt: The text string to print
|
|
*
|
|
* Display a message, then perform cleanups.
|
|
*
|
|
* This function never returns.
|
|
*/
|
|
void panic(const char *fmt, ...)
|
|
{
|
|
static char buf[1024];
|
|
va_list args;
|
|
long i, i_next = 0;
|
|
int state = 0;
|
|
int old_cpu, this_cpu;
|
|
bool _crash_kexec_post_notifiers = crash_kexec_post_notifiers;
|
|
|
|
trace_kernel_panic(0);
|
|
|
|
/*
|
|
* Disable local interrupts. This will prevent panic_smp_self_stop
|
|
* from deadlocking the first cpu that invokes the panic, since
|
|
* there is nothing to prevent an interrupt handler (that runs
|
|
* after setting panic_cpu) from invoking panic() again.
|
|
*/
|
|
local_irq_disable();
|
|
preempt_disable_notrace();
|
|
|
|
/*
|
|
* It's possible to come here directly from a panic-assertion and
|
|
* not have preempt disabled. Some functions called from here want
|
|
* preempt to be disabled. No point enabling it later though...
|
|
*
|
|
* Only one CPU is allowed to execute the panic code from here. For
|
|
* multiple parallel invocations of panic, all other CPUs either
|
|
* stop themself or will wait until they are stopped by the 1st CPU
|
|
* with smp_send_stop().
|
|
*
|
|
* `old_cpu == PANIC_CPU_INVALID' means this is the 1st CPU which
|
|
* comes here, so go ahead.
|
|
* `old_cpu == this_cpu' means we came from nmi_panic() which sets
|
|
* panic_cpu to this CPU. In this case, this is also the 1st CPU.
|
|
*/
|
|
this_cpu = raw_smp_processor_id();
|
|
old_cpu = atomic_cmpxchg(&panic_cpu, PANIC_CPU_INVALID, this_cpu);
|
|
|
|
if (old_cpu != PANIC_CPU_INVALID && old_cpu != this_cpu)
|
|
panic_smp_self_stop();
|
|
|
|
console_verbose();
|
|
bust_spinlocks(1);
|
|
va_start(args, fmt);
|
|
vsnprintf(buf, sizeof(buf), fmt, args);
|
|
va_end(args);
|
|
dump_stack_minidump(0);
|
|
pr_emerg("Kernel panic - not syncing: %s\n", buf);
|
|
#ifdef CONFIG_DEBUG_BUGVERBOSE
|
|
/*
|
|
* Avoid nested stack-dumping if a panic occurs during oops processing
|
|
*/
|
|
if (!test_taint(TAINT_DIE) && oops_in_progress <= 1)
|
|
dump_stack();
|
|
#endif
|
|
|
|
/*
|
|
* If we have crashed and we have a crash kernel loaded let it handle
|
|
* everything else.
|
|
* If we want to run this after calling panic_notifiers, pass
|
|
* the "crash_kexec_post_notifiers" option to the kernel.
|
|
*
|
|
* Bypass the panic_cpu check and call __crash_kexec directly.
|
|
*/
|
|
if (!_crash_kexec_post_notifiers) {
|
|
printk_nmi_flush_on_panic();
|
|
__crash_kexec(NULL);
|
|
|
|
/*
|
|
* Note smp_send_stop is the usual smp shutdown function, which
|
|
* unfortunately means it may not be hardened to work in a
|
|
* panic situation.
|
|
*/
|
|
smp_send_stop();
|
|
} else {
|
|
/*
|
|
* If we want to do crash dump after notifier calls and
|
|
* kmsg_dump, we will need architecture dependent extra
|
|
* works in addition to stopping other CPUs.
|
|
*/
|
|
crash_smp_send_stop();
|
|
}
|
|
|
|
/*
|
|
* Run any panic handlers, including those that might need to
|
|
* add information to the kmsg dump output.
|
|
*/
|
|
atomic_notifier_call_chain(&panic_notifier_list, 0, buf);
|
|
|
|
/* Call flush even twice. It tries harder with a single online CPU */
|
|
printk_nmi_flush_on_panic();
|
|
kmsg_dump(KMSG_DUMP_PANIC);
|
|
|
|
/*
|
|
* If you doubt kdump always works fine in any situation,
|
|
* "crash_kexec_post_notifiers" offers you a chance to run
|
|
* panic_notifiers and dumping kmsg before kdump.
|
|
* Note: since some panic_notifiers can make crashed kernel
|
|
* more unstable, it can increase risks of the kdump failure too.
|
|
*
|
|
* Bypass the panic_cpu check and call __crash_kexec directly.
|
|
*/
|
|
if (_crash_kexec_post_notifiers)
|
|
__crash_kexec(NULL);
|
|
|
|
#ifdef CONFIG_VT
|
|
unblank_screen();
|
|
#endif
|
|
console_unblank();
|
|
|
|
/*
|
|
* We may have ended up stopping the CPU holding the lock (in
|
|
* smp_send_stop()) while still having some valuable data in the console
|
|
* buffer. Try to acquire the lock then release it regardless of the
|
|
* result. The release will also print the buffers out. Locks debug
|
|
* should be disabled to avoid reporting bad unlock balance when
|
|
* panic() is not being callled from OOPS.
|
|
*/
|
|
debug_locks_off();
|
|
console_flush_on_panic();
|
|
|
|
if (!panic_blink)
|
|
panic_blink = no_blink;
|
|
|
|
if (panic_timeout > 0) {
|
|
/*
|
|
* Delay timeout seconds before rebooting the machine.
|
|
* We can't use the "normal" timers since we just panicked.
|
|
*/
|
|
pr_emerg("Rebooting in %d seconds..\n", panic_timeout);
|
|
|
|
for (i = 0; i < panic_timeout * 1000; i += PANIC_TIMER_STEP) {
|
|
touch_nmi_watchdog();
|
|
if (i >= i_next) {
|
|
i += panic_blink(state ^= 1);
|
|
i_next = i + 3600 / PANIC_BLINK_SPD;
|
|
}
|
|
mdelay(PANIC_TIMER_STEP);
|
|
}
|
|
}
|
|
|
|
trace_kernel_panic_late(0);
|
|
|
|
if (panic_timeout != 0) {
|
|
/*
|
|
* This will not be a clean reboot, with everything
|
|
* shutting down. But if there is a chance of
|
|
* rebooting the system it will be rebooted.
|
|
*/
|
|
emergency_restart();
|
|
}
|
|
#ifdef __sparc__
|
|
{
|
|
extern int stop_a_enabled;
|
|
/* Make sure the user can actually press Stop-A (L1-A) */
|
|
stop_a_enabled = 1;
|
|
pr_emerg("Press Stop-A (L1-A) to return to the boot prom\n");
|
|
}
|
|
#endif
|
|
#if defined(CONFIG_S390)
|
|
{
|
|
unsigned long caller;
|
|
|
|
caller = (unsigned long)__builtin_return_address(0);
|
|
disabled_wait(caller);
|
|
}
|
|
#endif
|
|
pr_emerg("---[ end Kernel panic - not syncing: %s\n", buf);
|
|
local_irq_enable();
|
|
for (i = 0; ; i += PANIC_TIMER_STEP) {
|
|
touch_softlockup_watchdog();
|
|
if (i >= i_next) {
|
|
i += panic_blink(state ^= 1);
|
|
i_next = i + 3600 / PANIC_BLINK_SPD;
|
|
}
|
|
mdelay(PANIC_TIMER_STEP);
|
|
}
|
|
}
|
|
|
|
EXPORT_SYMBOL(panic);
|
|
|
|
|
|
struct tnt {
|
|
u8 bit;
|
|
char true;
|
|
char false;
|
|
};
|
|
|
|
static const struct tnt tnts[] = {
|
|
{ TAINT_PROPRIETARY_MODULE, 'P', 'G' },
|
|
{ TAINT_FORCED_MODULE, 'F', ' ' },
|
|
{ TAINT_CPU_OUT_OF_SPEC, 'S', ' ' },
|
|
{ TAINT_FORCED_RMMOD, 'R', ' ' },
|
|
{ TAINT_MACHINE_CHECK, 'M', ' ' },
|
|
{ TAINT_BAD_PAGE, 'B', ' ' },
|
|
{ TAINT_USER, 'U', ' ' },
|
|
{ TAINT_DIE, 'D', ' ' },
|
|
{ TAINT_OVERRIDDEN_ACPI_TABLE, 'A', ' ' },
|
|
{ TAINT_WARN, 'W', ' ' },
|
|
{ TAINT_CRAP, 'C', ' ' },
|
|
{ TAINT_FIRMWARE_WORKAROUND, 'I', ' ' },
|
|
{ TAINT_OOT_MODULE, 'O', ' ' },
|
|
{ TAINT_UNSIGNED_MODULE, 'E', ' ' },
|
|
{ TAINT_SOFTLOCKUP, 'L', ' ' },
|
|
{ TAINT_LIVEPATCH, 'K', ' ' },
|
|
};
|
|
|
|
/**
|
|
* print_tainted - return a string to represent the kernel taint state.
|
|
*
|
|
* 'P' - Proprietary module has been loaded.
|
|
* 'F' - Module has been forcibly loaded.
|
|
* 'S' - SMP with CPUs not designed for SMP.
|
|
* 'R' - User forced a module unload.
|
|
* 'M' - System experienced a machine check exception.
|
|
* 'B' - System has hit bad_page.
|
|
* 'U' - Userspace-defined naughtiness.
|
|
* 'D' - Kernel has oopsed before
|
|
* 'A' - ACPI table overridden.
|
|
* 'W' - Taint on warning.
|
|
* 'C' - modules from drivers/staging are loaded.
|
|
* 'I' - Working around severe firmware bug.
|
|
* 'O' - Out-of-tree module has been loaded.
|
|
* 'E' - Unsigned module has been loaded.
|
|
* 'L' - A soft lockup has previously occurred.
|
|
* 'K' - Kernel has been live patched.
|
|
*
|
|
* The string is overwritten by the next call to print_tainted().
|
|
*/
|
|
const char *print_tainted(void)
|
|
{
|
|
static char buf[ARRAY_SIZE(tnts) + sizeof("Tainted: ")];
|
|
|
|
if (tainted_mask) {
|
|
char *s;
|
|
int i;
|
|
|
|
s = buf + sprintf(buf, "Tainted: ");
|
|
for (i = 0; i < ARRAY_SIZE(tnts); i++) {
|
|
const struct tnt *t = &tnts[i];
|
|
*s++ = test_bit(t->bit, &tainted_mask) ?
|
|
t->true : t->false;
|
|
}
|
|
*s = 0;
|
|
} else
|
|
snprintf(buf, sizeof(buf), "Not tainted");
|
|
|
|
return buf;
|
|
}
|
|
|
|
int test_taint(unsigned flag)
|
|
{
|
|
return test_bit(flag, &tainted_mask);
|
|
}
|
|
EXPORT_SYMBOL(test_taint);
|
|
|
|
unsigned long get_taint(void)
|
|
{
|
|
return tainted_mask;
|
|
}
|
|
|
|
/**
|
|
* add_taint: add a taint flag if not already set.
|
|
* @flag: one of the TAINT_* constants.
|
|
* @lockdep_ok: whether lock debugging is still OK.
|
|
*
|
|
* If something bad has gone wrong, you'll want @lockdebug_ok = false, but for
|
|
* some notewortht-but-not-corrupting cases, it can be set to true.
|
|
*/
|
|
void add_taint(unsigned flag, enum lockdep_ok lockdep_ok)
|
|
{
|
|
if (lockdep_ok == LOCKDEP_NOW_UNRELIABLE && __debug_locks_off())
|
|
pr_warn("Disabling lock debugging due to kernel taint\n");
|
|
|
|
set_bit(flag, &tainted_mask);
|
|
}
|
|
EXPORT_SYMBOL(add_taint);
|
|
|
|
static void spin_msec(int msecs)
|
|
{
|
|
int i;
|
|
|
|
for (i = 0; i < msecs; i++) {
|
|
touch_nmi_watchdog();
|
|
mdelay(1);
|
|
}
|
|
}
|
|
|
|
/*
|
|
* It just happens that oops_enter() and oops_exit() are identically
|
|
* implemented...
|
|
*/
|
|
static void do_oops_enter_exit(void)
|
|
{
|
|
unsigned long flags;
|
|
static int spin_counter;
|
|
|
|
if (!pause_on_oops)
|
|
return;
|
|
|
|
spin_lock_irqsave(&pause_on_oops_lock, flags);
|
|
if (pause_on_oops_flag == 0) {
|
|
/* This CPU may now print the oops message */
|
|
pause_on_oops_flag = 1;
|
|
} else {
|
|
/* We need to stall this CPU */
|
|
if (!spin_counter) {
|
|
/* This CPU gets to do the counting */
|
|
spin_counter = pause_on_oops;
|
|
do {
|
|
spin_unlock(&pause_on_oops_lock);
|
|
spin_msec(MSEC_PER_SEC);
|
|
spin_lock(&pause_on_oops_lock);
|
|
} while (--spin_counter);
|
|
pause_on_oops_flag = 0;
|
|
} else {
|
|
/* This CPU waits for a different one */
|
|
while (spin_counter) {
|
|
spin_unlock(&pause_on_oops_lock);
|
|
spin_msec(1);
|
|
spin_lock(&pause_on_oops_lock);
|
|
}
|
|
}
|
|
}
|
|
spin_unlock_irqrestore(&pause_on_oops_lock, flags);
|
|
}
|
|
|
|
/*
|
|
* Return true if the calling CPU is allowed to print oops-related info.
|
|
* This is a bit racy..
|
|
*/
|
|
int oops_may_print(void)
|
|
{
|
|
return pause_on_oops_flag == 0;
|
|
}
|
|
|
|
/*
|
|
* Called when the architecture enters its oops handler, before it prints
|
|
* anything. If this is the first CPU to oops, and it's oopsing the first
|
|
* time then let it proceed.
|
|
*
|
|
* This is all enabled by the pause_on_oops kernel boot option. We do all
|
|
* this to ensure that oopses don't scroll off the screen. It has the
|
|
* side-effect of preventing later-oopsing CPUs from mucking up the display,
|
|
* too.
|
|
*
|
|
* It turns out that the CPU which is allowed to print ends up pausing for
|
|
* the right duration, whereas all the other CPUs pause for twice as long:
|
|
* once in oops_enter(), once in oops_exit().
|
|
*/
|
|
void oops_enter(void)
|
|
{
|
|
tracing_off();
|
|
/* can't trust the integrity of the kernel anymore: */
|
|
debug_locks_off();
|
|
do_oops_enter_exit();
|
|
}
|
|
|
|
/*
|
|
* 64-bit random ID for oopses:
|
|
*/
|
|
static u64 oops_id;
|
|
|
|
static int init_oops_id(void)
|
|
{
|
|
if (!oops_id)
|
|
get_random_bytes(&oops_id, sizeof(oops_id));
|
|
else
|
|
oops_id++;
|
|
|
|
return 0;
|
|
}
|
|
late_initcall(init_oops_id);
|
|
|
|
void print_oops_end_marker(void)
|
|
{
|
|
init_oops_id();
|
|
pr_warn("---[ end trace %016llx ]---\n", (unsigned long long)oops_id);
|
|
}
|
|
|
|
/*
|
|
* Called when the architecture exits its oops handler, after printing
|
|
* everything.
|
|
*/
|
|
void oops_exit(void)
|
|
{
|
|
do_oops_enter_exit();
|
|
print_oops_end_marker();
|
|
kmsg_dump(KMSG_DUMP_OOPS);
|
|
}
|
|
|
|
struct warn_args {
|
|
const char *fmt;
|
|
va_list args;
|
|
};
|
|
|
|
void __warn(const char *file, int line, void *caller, unsigned taint,
|
|
struct pt_regs *regs, struct warn_args *args)
|
|
{
|
|
disable_trace_on_warning();
|
|
|
|
pr_warn("------------[ cut here ]------------\n");
|
|
|
|
if (file)
|
|
pr_warn("WARNING: CPU: %d PID: %d at %s:%d %pS\n",
|
|
raw_smp_processor_id(), current->pid, file, line,
|
|
caller);
|
|
else
|
|
pr_warn("WARNING: CPU: %d PID: %d at %pS\n",
|
|
raw_smp_processor_id(), current->pid, caller);
|
|
|
|
if (args)
|
|
vprintk(args->fmt, args->args);
|
|
|
|
if (panic_on_warn) {
|
|
/*
|
|
* This thread may hit another WARN() in the panic path.
|
|
* Resetting this prevents additional WARN() from panicking the
|
|
* system on this thread. Other threads are blocked by the
|
|
* panic_mutex in panic().
|
|
*/
|
|
panic_on_warn = 0;
|
|
panic("panic_on_warn set ...\n");
|
|
}
|
|
|
|
print_modules();
|
|
|
|
if (regs)
|
|
show_regs(regs);
|
|
else
|
|
dump_stack();
|
|
|
|
print_oops_end_marker();
|
|
|
|
/* Just a warning, don't kill lockdep. */
|
|
add_taint(taint, LOCKDEP_STILL_OK);
|
|
}
|
|
|
|
#ifdef WANT_WARN_ON_SLOWPATH
|
|
void warn_slowpath_fmt(const char *file, int line, const char *fmt, ...)
|
|
{
|
|
struct warn_args args;
|
|
|
|
args.fmt = fmt;
|
|
va_start(args.args, fmt);
|
|
__warn(file, line, __builtin_return_address(0), TAINT_WARN, NULL,
|
|
&args);
|
|
va_end(args.args);
|
|
}
|
|
EXPORT_SYMBOL(warn_slowpath_fmt);
|
|
|
|
void warn_slowpath_fmt_taint(const char *file, int line,
|
|
unsigned taint, const char *fmt, ...)
|
|
{
|
|
struct warn_args args;
|
|
|
|
args.fmt = fmt;
|
|
va_start(args.args, fmt);
|
|
__warn(file, line, __builtin_return_address(0), taint, NULL, &args);
|
|
va_end(args.args);
|
|
}
|
|
EXPORT_SYMBOL(warn_slowpath_fmt_taint);
|
|
|
|
void warn_slowpath_null(const char *file, int line)
|
|
{
|
|
__warn(file, line, __builtin_return_address(0), TAINT_WARN, NULL, NULL);
|
|
}
|
|
EXPORT_SYMBOL(warn_slowpath_null);
|
|
#endif
|
|
|
|
#ifdef CONFIG_CC_STACKPROTECTOR
|
|
|
|
/*
|
|
* Called when gcc's -fstack-protector feature is used, and
|
|
* gcc detects corruption of the on-stack canary value
|
|
*/
|
|
__visible void __stack_chk_fail(void)
|
|
{
|
|
panic("stack-protector: Kernel stack is corrupted in: %pB\n",
|
|
__builtin_return_address(0));
|
|
}
|
|
EXPORT_SYMBOL(__stack_chk_fail);
|
|
|
|
#endif
|
|
|
|
core_param(panic, panic_timeout, int, 0644);
|
|
core_param(pause_on_oops, pause_on_oops, int, 0644);
|
|
core_param(panic_on_warn, panic_on_warn, int, 0644);
|
|
core_param(crash_kexec_post_notifiers, crash_kexec_post_notifiers, bool, 0644);
|
|
|
|
static int __init oops_setup(char *s)
|
|
{
|
|
if (!s)
|
|
return -EINVAL;
|
|
if (!strcmp(s, "panic"))
|
|
panic_on_oops = 1;
|
|
return 0;
|
|
}
|
|
early_param("oops", oops_setup);
|