5183d3514ae6e8257386cc2d1384438d3da170b5
150 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Robin Peng
|
252284b7f7 |
Merge LA.UM.9.12.R1.10.00.00.597.022 via branch 'qcom-msm-4.19-7250' into android-msm-pixel-4.19
Conflicts: arch/arm64/configs/vendor/lito_defconfig block/blk-merge.c drivers/acpi/scan.c drivers/soc/qcom/minidump_log.c drivers/mmc/core/queue.c drivers/platform/msm/ipa/ipa_v3/ipa_debugfs.c drivers/power/supply/power_supply_sysfs.c drivers/power/supply/qcom/qpnp-smb5.c drivers/power/supply/qcom/smb5-lib.c drivers/power/supply/qcom/smb5-lib.h drivers/scsi/ufs/ufs.h drivers/scsi/ufs/ufshcd.c drivers/staging/android/ion/ion_secure_util.c drivers/thermal/qcom/Makefile drivers/thermal/qcom/adc-tm5.c fs/f2fs/data.c fs/f2fs/super.c include/linux/power_supply.h include/linux/qcom-geni-se.h Bug: 150587879 Bug: 150587495 Bug: 149799837 Bug: 150109764 Change-Id: Ib20ed28d481cee37153148328427e40c32252a5b Signed-off-by: Robin Peng <robinpeng@google.com> |
||
|
Eva Huang
|
c8667700c8 |
arm64/config: redbull: support panic on warn by config
Add config: CONFIG_PANIC_ON_WARN_DEFAULT_ENABLE This patchset adds CONFIG_PANIC_ON_DEFAULT_ENABLE to determine the behavior at build time. Even though we could do same thing by kernel parameter, it's not handy for vendor kernel because they usually store kernel cmd parameter into different partition with kernel so that it needs platform image rebuild to change kernel cmd line as well as kernel image. To remove such dependency to save much time, this patch adds default enable by Kconfig at build time. Bug: 141912144 Change-Id: Ib73e6e2c8d2c2e87ad96cd4c59feeb1c8102d041 Signed-off-by: Eva Huang <evahuang@google.com> Signed-off-by: Jason Chiu <jasoncschiu@google.com> |
||
|
Saravana Kannan
|
b1f59f747d |
GKI: panic: Remove compile time dependency on dump_stack_minidump()
Each vendor might want to implement some debug code when the kernel panics. So, add a vendor_panic_cb callback for vendors to implement. Have minidump_log register dump_stack_minidump() as the vendor_panic_cb() so that the kernel doesn't have a dependency on dump_stack_minidump(). Bug: 149258398 Tested: Booted and made sure same devices probe Tested: Unlock the phone and play with home screen Change-Id: I7a374b0089f72c2511db6fe3b8cdd18f41a1eb6c Signed-off-by: Saravana Kannan <saravanak@google.com> |
||
|
Ivaylo Georgiev
|
5fd5fbe20d |
Merge android-4.19-q.87 (ead6fb7) into msm-4.19
* refs/heads/tmp-ead6fb7: Revert "spi: uniphier: fix incorrect property items" Linux 4.19.87 PM / devfreq: Fix kernel oops on governor module load KVM: PPC: Book3S HV: Flush link stack on guest exit to host kernel powerpc/book3s64: Fix link stack flush on context switch powerpc/64s: support nospectre_v2 cmdline option staging: comedi: usbduxfast: usbduxfast_ai_cmdtest rounding error USB: serial: option: add support for Foxconn T77W968 LTE modules USB: serial: option: add support for DW5821e with eSIM support USB: serial: mos7840: fix remote wakeup USB: serial: mos7720: fix remote wakeup USB: serial: mos7840: add USB ID to support Moxa UPort 2210 appledisplay: fix error handling in the scheduled work USB: chaoskey: fix error case of a timeout usb-serial: cp201x: support Mark-10 digital force gauge usbip: Fix uninitialized symbol 'nents' in stub_recv_cmd_submit() usbip: tools: fix fd leakage in the function of read_attr_usbip_status USBIP: add config dependency for SGL_ALLOC virtio_ring: fix return code on DMA mapping fails media: imon: invalid dereference in imon_touch_event media: cxusb: detect cxusb_ctrl_msg error in query media: b2c2-flexcop-usb: add sanity checking media: uvcvideo: Fix error path in control parsing failure cpufreq: Add NULL checks to show() and store() methods of cpufreq media: usbvision: Fix races among open, close, and disconnect media: vivid: Fix wrong locking that causes race conditions on streaming stop media: vivid: Set vid_cap_streaming and vid_out_streaming to true nfc: port100: handle command failure cleanly ALSA: usb-audio: Fix NULL dereference at parsing BADD futex: Prevent robust futex exit race y2038: futex: Move compat implementation into futex.c nbd: prevent memory leak x86/speculation: Fix redundant MDS mitigation message x86/speculation: Fix incorrect MDS/TAA mitigation status x86/insn: Fix awk regexp warnings ARC: perf: Accommodate big-endian CPU ARM: 8904/1: skip nomap memblocks while finding the lowmem/highmem boundary ocfs2: remove ocfs2_is_o2cb_active() net: phy: dp83867: increase SGMII autoneg timer duration net: phy: dp83867: fix speed 10 in sgmii mode mm/memory_hotplug: don't access uninitialized memmaps in shrink_zone_span() md/raid10: prevent access of uninitialized resync_pages offset ath9k_hw: fix uninitialized variable data ath10k: Fix a NULL-ptr-deref bug in ath10k_usb_alloc_urb_from_pipe KVM: MMU: Do not treat ZONE_DEVICE pages as being reserved Bluetooth: Fix invalid-free in bcsp_close() mm/page_io.c: do not free shared swap slots cfg80211: call disconnect_wk when AP stops ipv6: Fix handling of LLA with VRF and sockets bound to VRF mm/memory_hotplug: Do not unlock when fails to take the device_hotplug_lock i2c: uniphier-f: fix timeout error after reading 8 bytes spi: omap2-mcspi: Fix DMA and FIFO event trigger size mismatch nvme-pci: fix surprise removal PCI: keystone: Use quirk to limit MRRS for K2G pinctrl: zynq: Use define directive for PIN_CONFIG_IO_STANDARD pinctrl: lpc18xx: Use define directive for PIN_CONFIG_GPIO_PIN_INT pinctrl: bcm2835: Use define directive for BCM2835_PINCONF_PARAM_PULL pinctrl: qcom: spmi-gpio: fix gpio-hog related boot issues cfg80211: Prevent regulatory restore during STA disconnect in concurrent interfaces tools: bpftool: pass an argument to silence open_obj_pinned() of: unittest: initialize args before calling of_*parse_*() of: unittest: allow base devicetree to have symbol metadata net: bcmgenet: return correct value 'ret' from bcmgenet_power_down ACPICA: Use %d for signed int print formatting instead of %u clk: tegra20: Turn EMC clock gate into divider vrf: mark skb for multicast or link-local as enslaved to VRF dlm: don't leak kernel pointer to userspace dlm: fix invalid free usb: typec: tcpm: charge current handling for sink during hard reset scsi: lpfc: Correct loss of fc4 type on remote port address change scsi: lpfc: Fix odd recovery in duplicate FLOGIs in point-to-point scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces scsi: megaraid_sas: Fix goto labels in error handling scsi: megaraid_sas: Fix msleep granularity scsi: mpt3sas: Fix driver modifying persistent data in Manufacturing page11 scsi: mpt3sas: Don't modify EEDPTagMode field setting on SAS3.5 HBA devices scsi: mpt3sas: Fix Sync cache command failure during driver unload net: dsa: bcm_sf2: Turn on PHY to allow successful registration rtlwifi: rtl8192de: Fix misleading REG_MCUFWDL information wireless: airo: potential buffer overflow in sprintf() brcmsmac: never log "tid x is not agg'able" by default rtl8xxxu: Fix missing break in switch wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()' ath10k: snoc: fix unbalanced clock error handling wil6210: fix locking in wmi_call wil6210: fix RGF_CAF_ICR address for Talyn-MB wil6210: fix L2 RX status handling wil6210: fix debugfs memory access alignment btrfs: avoid link error with CONFIG_NO_AUTO_INLINE media: ov13858: Check for possible null pointer nds32: Fix bug in bitfield.h net: bpfilter: fix iptables failure if bpfilter_umh is disabled sock_diag: fix autoloading of the raw_diag module audit: print empty EXECVE args soc: bcm: brcmstb: Fix re-entry point with a THUMB2_KERNEL clk: sunxi-ng: enable so-said LDOs for A64 SoC's pll-mipi clock ARM: dts: imx6sx-sdb: Fix enet phy regulator openvswitch: fix linking without CONFIG_NF_CONNTRACK_LABELS sched/fair: Don't increase sd->balance_interval on newidle balance sched/topology: Fix off by one bug net: do not abort bulk send on BQL status ocfs2: fix clusters leak in ocfs2_defrag_extent() ocfs2: don't put and assigning null to bh allocated outside ocfs2: don't use iocb when EIOCBQUEUED returns ocfs2: without quota support, avoid calling quota recovery mm: handle no memcg case in memcg_kmem_charge() properly tools/power turbosat: fix AMD APIC-id output arm64: makefile fix build of .i file in external module case nvme-pci: fix conflicting p2p resource adds irq/matrix: Fix memory overallocation ntb: intel: fix return value for ndev_vec_mask() ntb_netdev: fix sleep time mismatch net: hns3: bugfix for hclge_mdio_write and hclge_mdio_read net: hns3: bugfix for is_valid_csq_clean_head() net: hns3: bugfix for reporting unknown vector0 interrupt repeatly problem net: hns3: bugfix for buffer not free problem during resetting fm10k: ensure completer aborts are marked as non-fatal after a resume igb: shorten maximum PHC timecounter update interval powerpc/powernv: hold device_hotplug_lock when calling device_online() mm/memory_hotplug: fix online/offline_pages called w.o. mem_hotplug_lock mm/memory_hotplug: make add_memory() take the device_hotplug_lock kernel/panic.c: do not append newline to the stack protector panic string fs/hfs/extent.c: fix array out of bounds read of array extent hfs: update timestamp on truncate() hfsplus: update timestamps on truncate() hfs: fix return value of hfs_get_block() hfsplus: fix return value of hfsplus_get_block() hfs: prevent btree data loss on ENOSPC hfsplus: prevent btree data loss on ENOSPC hfs: fix BUG on bnode parent update hfsplus: fix BUG on bnode parent update lib/bitmap.c: fix remaining space computation in bitmap_print_to_pagebuf linux/bitmap.h: fix type of nbits in bitmap_shift_right() linux/bitmap.h: handle constant zero-size bitmaps correctly mm/gup_benchmark.c: prevent integer overflow in ioctl block: call rq_qos_exit() after queue is frozen selftests/powerpc/cache_shape: Fix out-of-tree build selftests/powerpc/switch_endian: Fix out-of-tree build selftests/powerpc/signal: Fix out-of-tree build selftests/powerpc/ptrace: Fix out-of-tree build powerpc/xmon: Relax frame size for clang ipv4/igmp: fix v1/v2 switchback timeout based on rfc3376, 8.12 vfs: avoid problematic remapping requests into partial EOF block um: Make line/tty semantics use true write IRQ i2c: uniphier-f: fix race condition when IRQ is cleared i2c: uniphier-f: fix occasional timeout error i2c: uniphier-f: make driver robust against concurrency block: fix the DISCARD request merge macsec: let the administrator set UP state even if lowerdev is down macsec: update operstate when lower device changes mm: thp: fix MADV_DONTNEED vs migrate_misplaced_transhuge_page race condition tools/testing/selftests/vm/gup_benchmark.c: fix 'write' flag usage mm/page-writeback.c: fix range_cyclic writeback vs writepages deadlock fs/ocfs2/dlm/dlmdebug.c: fix a sleep-in-atomic-context bug in dlm_print_one_mle() arm64: lib: use C string functions with KASAN enabled sparc64: Rework xchg() definition to avoid warnings. powerpc/process: Fix flush_all_to_thread for SPE bpf, btf: fix a missing check bug in btf_parse bpf: devmap: fix wrong interface selection in notifier_call net: ethernet: cadence: fix socket buffer corruption problem thermal: rcar_thermal: Prevent hardware access during system suspend thermal: rcar_thermal: fix duplicate IRQ request selftests: fix warning: "_GNU_SOURCE" redefined selftests: kvm: Fix -Wformat warnings selftests: watchdog: Fix error message. selftests: watchdog: fix message when /dev/watchdog open fails selftests/ftrace: Fix to test kprobe $comm arg only if available spi: uniphier: fix incorrect property items fs/cifs: fix uninitialised variable warnings net: socionext: Stop PHY before resetting netsec mfd: max8997: Enale irq-wakeup unconditionally mfd: intel_soc_pmic_bxtwc: Chain power button IRQs as well mfd: mc13xxx-core: Fix PMIC shutdown when reading ADC values mfd: arizona: Correct calling of runtime_put_sync net: ethernet: ti: cpsw: unsync mcast entries while switch promisc mode qlcnic: fix a return in qlcnic_dcb_get_capability() mISDN: Fix type of switch control variable in ctrl_teimanager f2fs: spread f2fs_set_inode_flags() f2fs: fix to spread clear_cold_data() thermal: armada: fix a test in probe() RISC-V: Avoid corrupting the upper 32-bit of phys_addr_t in ioremap rtc: s35390a: Change buf's type to u8 in s35390a_init ceph: only allow punch hole mode in fallocate ceph: fix dentry leak in ceph_readdir_prepopulate tools: bpftool: fix completion for "bpftool map update" selftests/bpf: fix return value comparison for tests in test_libbpf.sh powerpc/64s/radix: Fix radix__flush_tlb_collapsed_pmd double flushing pmd powerpc/mm/radix: Fix small page at boundary when splitting powerpc/mm/radix: Fix overuse of small pages in splitting logic powerpc/mm/radix: Fix off-by-one in split mapping logic powerpc/pseries: Export raw per-CPU VPA data via debugfs scsi: hisi_sas: Fix NULL pointer dereference sparc: Fix parport build warnings. x86/intel_rdt: Prevent pseudo-locking from using stale pointers spi: omap2-mcspi: Set FIFO DMA trigger level to word length swiotlb: do not panic on mapping failures s390/perf: Return error when debug_register fails atm: zatm: Fix empty body Clang warnings sunrpc: safely reallow resvport min/max inversion SUNRPC: Fix a compile warning for cmpxchg64() selftests/bpf: fix file resource leak in load_kallsyms dm raid: avoid bitmap with raid4/5/6 journal device sctp: use sk_wmem_queued to check for writable space usbip: tools: fix atoi() on non-null terminated string USB: misc: appledisplay: fix backlight update_status return code PCI: vmd: Detach resources after stopping root bus macintosh/windfarm_smu_sat: Fix debug output ALSA: i2c/cs8427: Fix int to char conversion PM / Domains: Deal with multiple states but no governor in genpd ACPI / scan: Create platform device for INT33FE ACPI nodes kprobes, x86/ptrace.h: Make regs_get_kernel_stack_nth() not fault on bad stack xfs: clear ail delwri queued bufs on unmount of shutdown fs xfs: fix use-after-free race in xfs_buf_rele net: ena: Fix Kconfig dependency on X86 net: fix warning in af_unix net: dsa: mv88e6xxx: Fix 88E6141/6341 2500mbps SERDES speed scsi: zorro_esp: Limit DMA transfers to 65535 bytes scsi: dc395x: fix DMA API usage in sg_update_list scsi: dc395x: fix dma API usage in srb_done ASoC: tegra_sgtl5000: fix device_node refcounting clk: at91: audio-pll: fix audio pmc type clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk PCI: mediatek: Fixup MSI enablement logic by enabling MSI before clocks nvme-pci: fix hot removal during error handling nvmet-fcloop: suppress a compiler warning nvmet: avoid integer overflow in the discard code crypto: ccree - avoid implicit enum conversion scsi: iscsi_tcp: Explicitly cast param in iscsi_sw_tcp_host_get_param scsi: bfa: Avoid implicit enum conversion in bfad_im_post_vendor_event scsi: isci: Change sci_controller_start_task's return type to sci_status scsi: isci: Use proper enumerated type in atapi_d2h_reg_frame_handler clk: tegra: Fixes for MBIST work around KVM/x86: Fix invvpid and invept register operand size in 64-bit mode KVM: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode() KVM: nVMX: reset cache/shadows when switching loaded VMCS nfp: bpf: protect against mis-initializing atomic counters scsi: ips: fix missing break in switch qed: Align local and global PTT to propagate through the APIs. amiflop: clean up on errors during setup pwm: lpss: Only set update bit if we are actually changing the settings pinctrl: sunxi: Fix a memory leak in 'sunxi_pinctrl_build_state()' RDMA/bnxt_re: Avoid resource leak in case the NQ registration fails RDMA/bnxt_re: Fix qp async event reporting RDMA/bnxt_re: Avoid NULL check after accessing the pointer scsi: hisi_sas: Free slot later in slot_complete_vx_hw() scsi: hisi_sas: Fix the race between IO completion and timeout for SMP/internal IO scsi: hisi_sas: Feed back linkrate(max/min) when re-attached m68k: fix command-line parsing when passed from u-boot w1: IAD Register is yet readable trough iad sys file. Fix snprintf (%u for unsigned, count for max size). misc: mic: fix a DMA pool free failure gsmi: Fix bug in append_to_eventlog sysfs handler btrfs: handle error of get_old_root btrfs: defrag: use btrfs_mod_outstanding_extents in cluster_pages_for_defrag PCI: mediatek: Fix class type for MT7622 to PCI_CLASS_BRIDGE_PCI mmc: mediatek: fix cannot receive new request when msdc_cmd_is_ready fail mmc: mediatek: fill the actual clock for mmc debugfs spi: sh-msiof: fix deferred probing cdrom: don't attempt to fiddle with cdo->capability skd: fixup usage of legacy IO API ath10k: allocate small size dma memory in ath10k_pci_diag_write_mem ath10k: set probe request oui during driver start brcmsmac: AP mode: update beacon when TIM changes mt76x0: phy: fix restore phase in mt76x0_phy_recalibrate_after_assoc mt76: do not store aggregation sequence number for null-data frames EDAC, thunderx: Fix memory leak in thunderx_l2c_threaded_isr() powerpc/eeh: Fix use of EEH_PE_KEEP on wrong field powerpc/eeh: Fix null deref for devices removed during EEH powerpc/boot: Disable vector instructions powerpc/boot: Fix opal console in boot wrapper powerpc: Fix signedness bug in update_flash_db() synclink_gt(): fix compat_ioctl() pty: fix compat ioctls gfs2: Fix marking bitmaps non-full PCI: cadence: Write MSI data with 32bits pinctrl: madera: Fix uninitialized variable bug in madera_mux_set_mux printk: fix integer overflow in setup_log_buf() printk: lock/unlock console only for new logbuf entries crypto: testmgr - fix sizeof() on COMP_BUF_SIZE ALSA: isight: fix leak of reference to firewire unit in error path of .probe callback mwifiex: Fix NL80211_TX_POWER_LIMITED drm/i915/userptr: Try to acquire the page lock around set_page_dirty() drm/i915/pmu: "Frequency" is reported as accumulated cycles drm/amd/powerplay: issue no PPSMC_MSG_GetCurrPkgPwr on unsupported ASICs mm/ksm.c: don't WARN if page is still mapped in remove_stable_node() Revert "fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry()" virtio_console: allocate inbufs in add_port() only if it is needed nbd:fix memory leak in nbd_get_socket() tools: gpio: Correctly add make dependencies for gpio_utils gpio: max77620: Fixup debounce delays vhost/vsock: split packets to send using multiple buffers net/mlx5: Fix auto group size calculation net/mlxfw: Verify FSM error code translation doesn't exceed array size net/mlx5e: Fix set vf link state error flow sfc: Only cancel the PPS workqueue if it exists net: sched: ensure opts_len <= IP_TUNNEL_OPTS_MAX in act_tunnel_key net/sched: act_pedit: fix WARN() in the traffic path net: rtnetlink: prevent underflows in do_setvfinfo() net/mlx4_en: Fix wrong limitation for number of TX rings net/mlx4_en: fix mlx4 ethtool -N insertion mlxsw: spectrum_router: Fix determining underlay for a GRE tunnel Conflicts: block/blk-merge.c drivers/net/wireless/ath/wil6210/main.c drivers/pinctrl/qcom/pinctrl-spmi-gpio.c Change-Id: I2055f0bc1eb4ac6b7ade99e91f84bf2e4f4ea7c4 Signed-off-by: Ivaylo Georgiev <irgeorgiev@codeaurora.org> |
||
|
Borislav Petkov
|
023c071f10 |
kernel/panic.c: do not append newline to the stack protector panic string
[ Upstream commit 95c4fb78fb23081472465ca20d5d31c4b780ed82 ] ... because panic() itself already does this. Otherwise you have line-broken trailer: [ 1.836965] ---[ end Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: pgd_alloc+0x29e/0x2a0 [ 1.836965] ]--- Link: http://lkml.kernel.org/r/20181008202901.7894-1-bp@alien8.de Signed-off-by: Borislav Petkov <bp@suse.de> Acked-by: Kees Cook <keescook@chromium.org> Cc: Masahiro Yamada <yamada.masahiro@socionext.com> Cc: "Steven Rostedt (VMware)" <rostedt@goodmis.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Ivaylo Georgiev
|
0f16018c8a |
Merge android-4.19-q.80 (fd673e8) into msm-4.19
* refs/heads/tmp-fd673e8:
Linux 4.19.80
perf/hw_breakpoint: Fix arch_hw_breakpoint use-before-initialization
PCI: vmd: Fix config addressing when using bus offsets
x86/asm: Fix MWAITX C-state hint value
hwmon: Fix HWMON_P_MIN_ALARM mask
tracing: Get trace_array reference for available_tracers files
ftrace: Get a reference counter for the trace_array on filter files
tracing/hwlat: Don't ignore outer-loop duration when calculating max_latency
tracing/hwlat: Report total time spent in all NMIs during the sample
arm64/sve: Fix wrong free for task->thread.sve_state
media: stkwebcam: fix runtime PM after driver unbind
Fix the locking in dcache_readdir() and friends
arm64: topology: Use PPTT to determine if PE is a thread
ACPI/PPTT: Add support for ACPI 6.3 thread flag
ACPICA: ACPI 6.3: PPTT add additional fields in Processor Structure Flags
MIPS: elf_hwcap: Export userspace ASEs
MIPS: Disable Loongson MMI instructions for kernel build
NFS: Fix O_DIRECT accounting of number of bytes read/written
btrfs: fix uninitialized ret in ref-verify
btrfs: fix incorrect updating of log root tree
cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic
iio: adc: stm32-adc: fix a race when using several adcs with dma and irq
iio: adc: stm32-adc: move registers definitions
gpiolib: don't clear FLAG_IS_OUT when emulating open-drain/open-source
firmware: google: increment VPD key_len properly
mm/vmpressure.c: fix a signedness bug in vmpressure_register_event()
kernel/sysctl.c: do not override max_threads provided by userspace
CIFS: Force reval dentry if LOOKUP_REVAL flag is set
CIFS: Force revalidate inode when dentry is stale
CIFS: Gracefully handle QueryInfo errors during open
blk-wbt: fix performance regression in wbt scale_up/scale_down
perf inject jit: Fix JIT_CODE_MOVE filename
perf llvm: Don't access out-of-scope array
efivar/ssdt: Don't iterate over EFI vars if no SSDT override was specified
iio: light: opt3001: fix mutex unlock race
iio: adc: axp288: Override TS pin bias current for some models
iio: adc: ad799x: fix probe error handling
iio: adc: hx711: fix bug in sampling of data
staging: vt6655: Fix memory leak in vt6655_probe
Staging: fbtft: fix memory leak in fbtft_framebuffer_alloc
gpio: eic: sprd: Fix the incorrect EIC offset when toggling
mei: avoid FW version request on Ibex Peak and earlier
mei: me: add comet point (lake) LP device ids
USB: legousbtower: fix use-after-free on release
USB: legousbtower: fix open after failed reset request
USB: legousbtower: fix potential NULL-deref on disconnect
USB: legousbtower: fix deadlock on disconnect
USB: legousbtower: fix slab info leak at probe
usb: renesas_usbhs: gadget: Fix usb_ep_set_{halt,wedge}() behavior
usb: renesas_usbhs: gadget: Do not discard queues in usb_ep_set_{halt,wedge}()
USB: dummy-hcd: fix power budget for SuperSpeed mode
USB: microtek: fix info-leak at probe
USB: usblcd: fix I/O after disconnect
USB: serial: fix runtime PM after driver unbind
USB: serial: option: add support for Cinterion CLS8 devices
USB: serial: option: add Telit FN980 compositions
USB: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20
USB: serial: keyspan: fix NULL-derefs on open() and write()
serial: uartlite: fix exit path null pointer
USB: ldusb: fix NULL-derefs on driver unbind
USB: chaoskey: fix use-after-free on release
USB: usblp: fix runtime PM after driver unbind
USB: iowarrior: fix use-after-free after driver unbind
USB: iowarrior: fix use-after-free on release
USB: iowarrior: fix use-after-free on disconnect
USB: adutux: fix use-after-free on release
USB: adutux: fix NULL-derefs on disconnect
USB: adutux: fix use-after-free on disconnect
xhci: Increase STS_SAVE timeout in xhci_suspend()
xhci: Prevent deadlock when xhci adapter breaks during init
usb: xhci: wait for CNR controller not ready bit in xhci resume
xhci: Fix USB 3.1 capability detection on early xHCI 1.1 spec based hosts
xhci: Check all endpoints for LPM timeout
xhci: Prevent device initiated U1/U2 link pm if exit latency is too long
xhci: Fix false warning message about wrong bounce buffer write length
USB: usb-skeleton: fix NULL-deref on disconnect
USB: usb-skeleton: fix runtime PM after driver unbind
USB: yurex: fix NULL-derefs on disconnect
USB: yurex: Don't retry on unexpected errors
USB: rio500: Remove Rio 500 kernel driver
f2fs: use EINVAL for superblock with invalid magic
panic: ensure preemption is disabled during panic()
Change-Id: I002cb95429e0fe54d5a8ac0b771891be2d343014
Signed-off-by: Ivaylo Georgiev <irgeorgiev@codeaurora.org>
|
||
|
Will Deacon
|
7d1688c673 |
panic: ensure preemption is disabled during panic()
commit 20bb759a66be52cf4a9ddd17fddaf509e11490cd upstream. Calling 'panic()' on a kernel with CONFIG_PREEMPT=y can leave the calling CPU in an infinite loop, but with interrupts and preemption enabled. From this state, userspace can continue to be scheduled, despite the system being "dead" as far as the kernel is concerned. This is easily reproducible on arm64 when booting with "nosmp" on the command line; a couple of shell scripts print out a periodic "Ping" message whilst another triggers a crash by writing to /proc/sysrq-trigger: | sysrq: Trigger a crash | Kernel panic - not syncing: sysrq triggered crash | CPU: 0 PID: 1 Comm: init Not tainted 5.2.15 #1 | Hardware name: linux,dummy-virt (DT) | Call trace: | dump_backtrace+0x0/0x148 | show_stack+0x14/0x20 | dump_stack+0xa0/0xc4 | panic+0x140/0x32c | sysrq_handle_reboot+0x0/0x20 | __handle_sysrq+0x124/0x190 | write_sysrq_trigger+0x64/0x88 | proc_reg_write+0x60/0xa8 | __vfs_write+0x18/0x40 | vfs_write+0xa4/0x1b8 | ksys_write+0x64/0xf0 | __arm64_sys_write+0x14/0x20 | el0_svc_common.constprop.0+0xb0/0x168 | el0_svc_handler+0x28/0x78 | el0_svc+0x8/0xc | Kernel Offset: disabled | CPU features: 0x0002,24002004 | Memory Limit: none | ---[ end Kernel panic - not syncing: sysrq triggered crash ]--- | Ping 2! | Ping 1! | Ping 1! | Ping 2! The issue can also be triggered on x86 kernels if CONFIG_SMP=n, otherwise local interrupts are disabled in 'smp_send_stop()'. Disable preemption in 'panic()' before re-enabling interrupts. Link: http://lkml.kernel.org/r/20191002123538.22609-1-will@kernel.org Link: https://lore.kernel.org/r/BX1W47JXPMR8.58IYW53H6M5N@dragonstone Signed-off-by: Will Deacon <will@kernel.org> Reported-by: Xogium <contact@xogium.me> Reviewed-by: Kees Cook <keescook@chromium.org> Cc: Russell King <linux@armlinux.org.uk> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Ingo Molnar <mingo@redhat.com> Cc: Petr Mladek <pmladek@suse.com> Cc: Feng Tang <feng.tang@intel.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Aaro Koskinen
|
530d1543c9 |
panic/reboot: allow specifying reboot_mode for panic only
Allow specifying reboot_mode for panic only. This is needed on systems where ramoops is used to store panic logs, and user wants to use warm reset to preserve those, while still having cold reset on normal reboots. Change-Id: Id1075f4d97eddb818aa495903a7643958e6c73d6 Link: http://lkml.kernel.org/r/20190322004735.27702-1-aaro.koskinen@iki.fi Signed-off-by: Aaro Koskinen <aaro.koskinen@nokia.com> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Git-commit: b287a25a7148a89d977c819c1f7d6584f875b682 Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git Signed-off-by: Prasad Sodagudi <psodagud@codeaurora.org> |
||
|
Ivaylo Georgiev
|
bd0e1dd170 |
Merge android-4.19.13 (a872d2d) into msm-4.19
* refs/heads/tmp-a872d2d: Linux 4.19.13 drm/ioctl: Fix Spectre v1 vulnerabilities proc/sysctl: don't return ENOMEM on lookup when a table is unregistering Input: elantech - disable elan-i2c for P52 and P72 mm: don't miss the last page because of round-off error mm, page_alloc: fix has_unmovable_pages for HugePages mm: thp: fix flags for pmd migration when split mm, memory_hotplug: initialize struct pages for the full memory section media: ov5640: Fix set format regression iwlwifi: add new cards for 9560, 9462, 9461 and killer series Revert "mwifiex: restructure rx_reorder_tbl_lock usage" iwlwifi: mvm: don't send GEO_TX_POWER_LIMIT to old firmwares rtlwifi: Fix leak of skb when processing C2H_BT_INFO xfrm_user: fix freeing of xfrm states on acquire mm: introduce mm_[p4d|pud|pmd]_folded mm: make the __PAGETABLE_PxD_FOLDED defines non-empty mm: add mm_pxd_folded checks to pgtable_bytes accounting functions panic: avoid deadlocks in re-entrant console drivers x86/intel_rdt: Ensure a CPU remains online for the region's pseudo-locking sequence x86/vdso: Pass --eh-frame-hdr to the linker x86/mm: Fix decoy address handling vs 32-bit builds x86/mtrr: Don't copy uninitialized gentry fields back to userspace futex: Cure exit race Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels KVM: Fix UAF in nested posted interrupt processing kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs KVM: X86: Fix NULL deref in vcpu_scan_ioapic posix-timers: Fix division by zero bug gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers gpio: max7301: fix driver for use with CONFIG_VMAP_STACK mmc: omap_hsmmc: fix DMA API warning mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support mmc: core: Reset HPI enabled state during re-init and in case of errors scsi: sd: use mempool for discard special page scsi: t10-pi: Return correct ref tag when queue has no integrity profile ubifs: Handle re-linking of inodes correctly while recovery USB: serial: option: add Telit LN940 series USB: serial: option: add Fibocom NL668 series USB: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) USB: serial: option: add HP lt4132 USB: serial: option: add GosunCn ZTE WeLink ME3630 USB: xhci: fix 'broken_suspend' placement in struct xchi_hcd xhci: Don't prevent USB2 bus suspend in state check intended for USB3 only USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data Revert "vfs: Allow userns root to call mknod on owned filesystems." iomap: Revert "fs/iomap.c: get/put the page in iomap_page_create/release()" Conflicts: drivers/mmc/core/mmc.c Change-Id: I92648e314b976d17abcc734c61142bcb6519518b Signed-off-by: Ivaylo Georgiev <irgeorgiev@codeaurora.org> |
||
|
Sergey Senozhatsky
|
384221cbb9 |
panic: avoid deadlocks in re-entrant console drivers
commit c7c3f05e341a9a2bd1a92993d4f996cfd6e7348e upstream.
From printk()/serial console point of view panic() is special, because
it may force CPU to re-enter printk() or/and serial console driver.
Therefore, some of serial consoles drivers are re-entrant. E.g. 8250:
serial8250_console_write()
{
if (port->sysrq)
locked = 0;
else if (oops_in_progress)
locked = spin_trylock_irqsave(&port->lock, flags);
else
spin_lock_irqsave(&port->lock, flags);
...
}
panic() does set oops_in_progress via bust_spinlocks(1), so in theory
we should be able to re-enter serial console driver from panic():
CPU0
<NMI>
uart_console_write()
serial8250_console_write() // if (oops_in_progress)
// spin_trylock_irqsave()
call_console_drivers()
console_unlock()
console_flush_on_panic()
bust_spinlocks(1) // oops_in_progress++
panic()
<NMI/>
spin_lock_irqsave(&port->lock, flags) // spin_lock_irqsave()
serial8250_console_write()
call_console_drivers()
console_unlock()
printk()
...
However, this does not happen and we deadlock in serial console on
port->lock spinlock. And the problem is that console_flush_on_panic()
called after bust_spinlocks(0):
void panic(const char *fmt, ...)
{
bust_spinlocks(1);
...
bust_spinlocks(0);
console_flush_on_panic();
...
}
bust_spinlocks(0) decrements oops_in_progress, so oops_in_progress
can go back to zero. Thus even re-entrant console drivers will simply
spin on port->lock spinlock. Given that port->lock may already be
locked either by a stopped CPU, or by the very same CPU we execute
panic() on (for instance, NMI panic() on printing CPU) the system
deadlocks and does not reboot.
Fix this by removing bust_spinlocks(0), so oops_in_progress is always
set in panic() now and, thus, re-entrant console drivers will trylock
the port->lock instead of spinning on it forever, when we call them
from console_flush_on_panic().
Link: http://lkml.kernel.org/r/20181025101036.6823-1-sergey.senozhatsky@gmail.com
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Daniel Wang <wonderfly@google.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Alan Cox <gnomes@lxorguk.ukuu.org.uk>
Cc: Jiri Slaby <jslaby@suse.com>
Cc: Peter Feiner <pfeiner@google.com>
Cc: linux-serial@vger.kernel.org
Cc: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Signed-off-by: Petr Mladek <pmladek@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Lingutla Chandrasekhar
|
77f7f8c31e |
soc: qcom: Register default dump entries to minidump table
Add below common dump entries to minidump table: All memory dump table entries, kernel data/bss sections, percpu static sections, rtb, logbuf, wdogdata, lpm_debug, stackpointer, and current task struct. Also add name for memory dump table entries to accommodate Minidump support. Change-Id: I45d121bc36b40332cfd0a0f5142572c6ce8f8a26 Signed-off-by: Lingutla Chandrasekhar <clingutla@codeaurora.org> Signed-off-by: Rishabh Bhatnagar <rishabhb@codeaurora.org> |
||
|
Linus Torvalds
|
050e9baa9d |
Kbuild: rename CC_STACKPROTECTOR[_STRONG] config variables
The changes to automatically test for working stack protector compiler support in the Kconfig files removed the special STACKPROTECTOR_AUTO option that picked the strongest stack protector that the compiler supported. That was all a nice cleanup - it makes no sense to have the AUTO case now that the Kconfig phase can just determine the compiler support directly. HOWEVER. It also meant that doing "make oldconfig" would now _disable_ the strong stackprotector if you had AUTO enabled, because in a legacy config file, the sane stack protector configuration would look like CONFIG_HAVE_CC_STACKPROTECTOR=y # CONFIG_CC_STACKPROTECTOR_NONE is not set # CONFIG_CC_STACKPROTECTOR_REGULAR is not set # CONFIG_CC_STACKPROTECTOR_STRONG is not set CONFIG_CC_STACKPROTECTOR_AUTO=y and when you ran this through "make oldconfig" with the Kbuild changes, it would ask you about the regular CONFIG_CC_STACKPROTECTOR (that had been renamed from CONFIG_CC_STACKPROTECTOR_REGULAR to just CONFIG_CC_STACKPROTECTOR), but it would think that the STRONG version used to be disabled (because it was really enabled by AUTO), and would disable it in the new config, resulting in: CONFIG_HAVE_CC_STACKPROTECTOR=y CONFIG_CC_HAS_STACKPROTECTOR_NONE=y CONFIG_CC_STACKPROTECTOR=y # CONFIG_CC_STACKPROTECTOR_STRONG is not set CONFIG_CC_HAS_SANE_STACKPROTECTOR=y That's dangerously subtle - people could suddenly find themselves with the weaker stack protector setup without even realizing. The solution here is to just rename not just the old RECULAR stack protector option, but also the strong one. This does that by just removing the CC_ prefix entirely for the user choices, because it really is not about the compiler support (the compiler support now instead automatially impacts _visibility_ of the options to users). This results in "make oldconfig" actually asking the user for their choice, so that we don't have any silent subtle security model changes. The end result would generally look like this: CONFIG_HAVE_CC_STACKPROTECTOR=y CONFIG_CC_HAS_STACKPROTECTOR_NONE=y CONFIG_STACKPROTECTOR=y CONFIG_STACKPROTECTOR_STRONG=y CONFIG_CC_HAS_SANE_STACKPROTECTOR=y where the "CC_" versions really are about internal compiler infrastructure, not the user selections. Acked-by: Masahiro Yamada <yamada.masahiro@socionext.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Kees Cook
|
bc4f2f5469 |
taint: add taint for randstruct
Since the randstruct plugin can intentionally produce extremely unusual kernel structure layouts (even performance pathological ones), some maintainers want to be able to trivially determine if an Oops is coming from a randstruct-built kernel, so as to keep their sanity when debugging. This adds the new flag and initializes taint_mask immediately when built with randstruct. Link: http://lkml.kernel.org/r/1519084390-43867-4-git-send-email-keescook@chromium.org Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Andrew Morton <akpm@linux-foundation.org> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: Jonathan Corbet <corbet@lwn.net> Cc: Randy Dunlap <rdunlap@infradead.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Kees Cook
|
9c4560e5bb |
taint: consolidate documentation
This consolidates the taint bit documentation into a single place with both numeric and letter values. Additionally adds the missing TAINT_AUX documentation. Link: http://lkml.kernel.org/r/1519084390-43867-3-git-send-email-keescook@chromium.org Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Andrew Morton <akpm@linux-foundation.org> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: Jonathan Corbet <corbet@lwn.net> Cc: Randy Dunlap <rdunlap@infradead.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Kees Cook
|
47d4b263a2 |
taint: convert to indexed initialization
This converts to using indexed initializers instead of comments, adds a comment on why the taint flags can't be an enum, and make sure that no one forgets to update the taint_flags when adding new bits. Link: http://lkml.kernel.org/r/1519084390-43867-2-git-send-email-keescook@chromium.org Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Andrew Morton <akpm@linux-foundation.org> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: Jonathan Corbet <corbet@lwn.net> Cc: Randy Dunlap <rdunlap@infradead.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Linus Torvalds
|
2a56bb596b |
Merge tag 'trace-v4.17' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
Pull tracing updates from Steven Rostedt:
"New features:
- Tom Zanussi's extended histogram work.
This adds the synthetic events to have histograms from multiple
event data Adds triggers "onmatch" and "onmax" to call the
synthetic events Several updates to the histogram code from this
- Allow way to nest ring buffer calls in the same context
- Allow absolute time stamps in ring buffer
- Rewrite of filter code parsing based on Al Viro's suggestions
- Setting of trace_clock to global if TSC is unstable (on boot)
- Better OOM handling when allocating large ring buffers
- Added initcall tracepoints (consolidated initcall_debug code with
them)
And other various fixes and clean ups"
* tag 'trace-v4.17' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: (68 commits)
init: Have initcall_debug still work without CONFIG_TRACEPOINTS
init, tracing: Have printk come through the trace events for initcall_debug
init, tracing: instrument security and console initcall trace events
init, tracing: Add initcall trace events
tracing: Add rcu dereference annotation for test func that touches filter->prog
tracing: Add rcu dereference annotation for filter->prog
tracing: Fixup logic inversion on setting trace_global_clock defaults
tracing: Hide global trace clock from lockdep
ring-buffer: Add set/clear_current_oom_origin() during allocations
ring-buffer: Check if memory is available before allocation
lockdep: Add print_irqtrace_events() to __warn
vsprintf: Do not preprocess non-dereferenced pointers for bprintf (%px and %pK)
tracing: Uninitialized variable in create_tracing_map_fields()
tracing: Make sure variable string fields are NULL-terminated
tracing: Add action comparisons when testing matching hist triggers
tracing: Don't add flag strings when displaying variable references
tracing: Fix display of hist trigger expressions containing timestamps
ftrace: Drop a VLA in module_exists()
tracing: Mention trace_clock=global when warning about unstable clocks
tracing: Default to using trace_global_clock if sched_clock is unstable
...
|
||
|
Steven Rostedt (VMware)
|
4c281074d2 |
lockdep: Add print_irqtrace_events() to __warn
Running a test on a x86_32 kernel I triggered a bug that an interrupt disable/enable isn't being catched by lockdep. At least knowing where the last one was found would be helpful, but the warnings that are produced do not show this information. Even without debugging lockdep, having the WARN() display the last place hard and soft irqs were enabled or disabled is valuable. Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org> |
||
|
Linus Torvalds
|
54dce3c35b |
Merge branch 'core-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull misc core updates from Ingo Molnar: "Two changes: - add membarriers to Documentation/features/ - fix a minor nit in panic printk formatting" * 'core-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: panic: Add closing panic marker parenthesis Documentation/features, membarriers: Document membarrier-sync-core architecture support Documentation/features: Allow comments in arch features files |
||
|
Kees Cook
|
0862ca422b |
bug: use %pB in BUG and stack protector failure
The BUG and stack protector reports were still using a raw %p. This
changes it to %pB for more meaningful output.
Link: http://lkml.kernel.org/r/20180301225704.GA34198@beast
Fixes:
|
||
|
Borislav Petkov
|
5ad7510537 |
panic: Add closing panic marker parenthesis
Otherwise it looks unbalanced. Signed-off-by: Borislav Petkov <bp@suse.de> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Josh Poimboeuf <jpoimboe@redhat.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Andy Lutomirski <luto@amacapital.net> Link: https://lkml.kernel.org/r/20180306094920.16917-2-bp@alien8.de |
||
|
Borislav Petkov
|
4efb442cc1 |
kernel/panic.c: add TAINT_AUX
This is the gist of a patch which we've been forward-porting in our kernels for a long time now and it probably would make a good sense to have such TAINT_AUX flag upstream which can be used by each distro etc, how they see fit. This way, we won't need to forward-port a distro-only version indefinitely. Add an auxiliary taint flag to be used by distros and others. This obviates the need to forward-port whatever internal solutions people have in favor of a single flag which they can map arbitrarily to a definition of their pleasing. The "X" mnemonic could also mean eXternal, which would be taint from a distro or something else but not the upstream kernel. We will use it to mark modules for which we don't provide support. I.e., a really eXternal module. Link: http://lkml.kernel.org/r/20170911134533.dp5mtyku5bongx4c@pd.tnic Signed-off-by: Borislav Petkov <bp@suse.de> Cc: Kees Cook <keescook@chromium.org> Cc: Jessica Yu <jeyu@redhat.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Jiri Slaby <jslaby@suse.cz> Cc: Jiri Olsa <jolsa@kernel.org> Cc: Michal Marek <mmarek@suse.cz> Cc: Jiri Kosina <jkosina@suse.cz> Cc: Takashi Iwai <tiwai@suse.de> Cc: Petr Mladek <pmladek@suse.com> Cc: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Kees Cook
|
a7bed27af1 |
bug: fix "cut here" location for __WARN_TAINT architectures
Prior to v4.11, x86 used warn_slowpath_fmt() for handling WARN()s.
After WARN() was moved to using UD0 on x86, the warning text started
appearing _before_ the "cut here" line. This appears to have been a
long-standing bug on architectures that used __WARN_TAINT, but it didn't
get fixed.
v4.11 and earlier on x86:
------------[ cut here ]------------
WARNING: CPU: 0 PID: 2956 at drivers/misc/lkdtm_bugs.c:65 lkdtm_WARNING+0x21/0x30
This is a warning message
Modules linked in:
v4.12 and later on x86:
This is a warning message
------------[ cut here ]------------
WARNING: CPU: 1 PID: 2982 at drivers/misc/lkdtm_bugs.c:68 lkdtm_WARNING+0x15/0x20
Modules linked in:
With this fix:
------------[ cut here ]------------
This is a warning message
WARNING: CPU: 3 PID: 3009 at drivers/misc/lkdtm_bugs.c:67 lkdtm_WARNING+0x15/0x20
Since the __FILE__ reporting happens as part of the UD0 handler, it
isn't trivial to move the message to after the WARNING line, but at
least we can fix the position of the "cut here" line so all the various
logging tools will start including the actual runtime warning message
again, when they follow the instruction and "cut here".
Link: http://lkml.kernel.org/r/1510100869-73751-4-git-send-email-keescook@chromium.org
Fixes:
|
||
|
Kees Cook
|
2a8358d8a3 |
bug: define the "cut here" string in a single place
The "cut here" string is used in a few paths. Define it in a single place. Link: http://lkml.kernel.org/r/1510100869-73751-3-git-send-email-keescook@chromium.org Signed-off-by: Kees Cook <keescook@chromium.org> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Fengguang Wu <fengguang.wu@intel.com> Cc: Ingo Molnar <mingo@kernel.org> Cc: Josh Poimboeuf <jpoimboe@redhat.com> Cc: Peter Zijlstra (Intel) <peterz@infradead.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Andi Kleen
|
aaf5dcfb22 |
kernel debug: support resetting WARN_ONCE for all architectures
Some architectures store the WARN_ONCE state in the flags field of the bug_entry. Clear that one too when resetting once state through /sys/kernel/debug/clear_warn_once Pointed out by Michael Ellerman Improves the earlier patch that add clear_warn_once. [ak@linux.intel.com: add a missing ifdef CONFIG_MODULES] Link: http://lkml.kernel.org/r/20171020170633.9593-1-andi@firstfloor.org [akpm@linux-foundation.org: fix unused var warning] [akpm@linux-foundation.org: Use 0200 for clear_warn_once file, per mpe] [akpm@linux-foundation.org: clear BUGFLAG_DONE in clear_once_table(), per mpe] Link: http://lkml.kernel.org/r/20171019204642.7404-1-andi@firstfloor.org Signed-off-by: Andi Kleen <ak@linux.intel.com> Tested-by: Michael Ellerman <mpe@ellerman.id.au> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Andi Kleen
|
b1fca27d38 |
kernel debug: support resetting WARN*_ONCE
I like _ONCE warnings because it's guaranteed that they don't flood the log. During testing I find it useful to reset the state of the once warnings, so that I can rerun tests and see if they trigger again, or can guarantee that a test run always hits the same warnings. This patch adds a debugfs interface to reset all the _ONCE warnings so that they appear again: echo 1 > /sys/kernel/debug/clear_warn_once This is implemented by putting all the warning booleans into a special section, and clearing it. [akpm@linux-foundation.org: coding-style fixes] Link: http://lkml.kernel.org/r/20171017221455.6740-1-andi@firstfloor.org Signed-off-by: Andi Kleen <ak@linux.intel.com> Tested-by: Michael Ellerman <mpe@ellerman.id.au> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Kees Cook
|
7a46ec0e2f |
locking/refcounts, x86/asm: Implement fast refcount overflow protection
This implements refcount_t overflow protection on x86 without a noticeable performance impact, though without the fuller checking of REFCOUNT_FULL. This is done by duplicating the existing atomic_t refcount implementation but with normally a single instruction added to detect if the refcount has gone negative (e.g. wrapped past INT_MAX or below zero). When detected, the handler saturates the refcount_t to INT_MIN / 2. With this overflow protection, the erroneous reference release that would follow a wrap back to zero is blocked from happening, avoiding the class of refcount-overflow use-after-free vulnerabilities entirely. Only the overflow case of refcounting can be perfectly protected, since it can be detected and stopped before the reference is freed and left to be abused by an attacker. There isn't a way to block early decrements, and while REFCOUNT_FULL stops increment-from-zero cases (which would be the state _after_ an early decrement and stops potential double-free conditions), this fast implementation does not, since it would require the more expensive cmpxchg loops. Since the overflow case is much more common (e.g. missing a "put" during an error path), this protection provides real-world protection. For example, the two public refcount overflow use-after-free exploits published in 2016 would have been rendered unexploitable: http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/ http://cyseclabs.com/page?n=02012016 This implementation does, however, notice an unchecked decrement to zero (i.e. caller used refcount_dec() instead of refcount_dec_and_test() and it resulted in a zero). Decrements under zero are noticed (since they will have resulted in a negative value), though this only indicates that a use-after-free may have already happened. Such notifications are likely avoidable by an attacker that has already exploited a use-after-free vulnerability, but it's better to have them reported than allow such conditions to remain universally silent. On first overflow detection, the refcount value is reset to INT_MIN / 2 (which serves as a saturation value) and a report and stack trace are produced. When operations detect only negative value results (such as changing an already saturated value), saturation still happens but no notification is performed (since the value was already saturated). On the matter of races, since the entire range beyond INT_MAX but before 0 is negative, every operation at INT_MIN / 2 will trap, leaving no overflow-only race condition. As for performance, this implementation adds a single "js" instruction to the regular execution flow of a copy of the standard atomic_t refcount operations. (The non-"and_test" refcount_dec() function, which is uncommon in regular refcount design patterns, has an additional "jz" instruction to detect reaching exactly zero.) Since this is a forward jump, it is by default the non-predicted path, which will be reinforced by dynamic branch prediction. The result is this protection having virtually no measurable change in performance over standard atomic_t operations. The error path, located in .text.unlikely, saves the refcount location and then uses UD0 to fire a refcount exception handler, which resets the refcount, handles reporting, and returns to regular execution. This keeps the changes to .text size minimal, avoiding return jumps and open-coded calls to the error reporting routine. Example assembly comparison: refcount_inc() before: .text: ffffffff81546149: f0 ff 45 f4 lock incl -0xc(%rbp) refcount_inc() after: .text: ffffffff81546149: f0 ff 45 f4 lock incl -0xc(%rbp) ffffffff8154614d: 0f 88 80 d5 17 00 js ffffffff816c36d3 ... .text.unlikely: ffffffff816c36d3: 48 8d 4d f4 lea -0xc(%rbp),%rcx ffffffff816c36d7: 0f ff (bad) These are the cycle counts comparing a loop of refcount_inc() from 1 to INT_MAX and back down to 0 (via refcount_dec_and_test()), between unprotected refcount_t (atomic_t), fully protected REFCOUNT_FULL (refcount_t-full), and this overflow-protected refcount (refcount_t-fast): 2147483646 refcount_inc()s and 2147483647 refcount_dec_and_test()s: cycles protections atomic_t 82249267387 none refcount_t-fast 82211446892 overflow, untested dec-to-zero refcount_t-full 144814735193 overflow, untested dec-to-zero, inc-from-zero This code is a modified version of the x86 PAX_REFCOUNT atomic_t overflow defense from the last public patch of PaX/grsecurity, based on my understanding of the code. Changes or omissions from the original code are mine and don't reflect the original grsecurity/PaX code. Thanks to PaX Team for various suggestions for improvement for repurposing this code to be a refcount-only protection. Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com> Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Christoph Hellwig <hch@infradead.org> Cc: David S. Miller <davem@davemloft.net> Cc: Davidlohr Bueso <dave@stgolabs.net> Cc: Elena Reshetova <elena.reshetova@intel.com> Cc: Eric Biggers <ebiggers3@gmail.com> Cc: Eric W. Biederman <ebiederm@xmission.com> Cc: Greg KH <gregkh@linuxfoundation.org> Cc: Hans Liljestrand <ishkamiel@gmail.com> Cc: James Bottomley <James.Bottomley@hansenpartnership.com> Cc: Jann Horn <jannh@google.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Manfred Spraul <manfred@colorfullife.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Rik van Riel <riel@redhat.com> Cc: Serge E. Hallyn <serge@hallyn.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: arozansk@redhat.com Cc: axboe@kernel.dk Cc: kernel-hardening@lists.openwall.com Cc: linux-arch <linux-arch@vger.kernel.org> Link: http://lkml.kernel.org/r/20170815161924.GA133115@beast Signed-off-by: Ingo Molnar <mingo@kernel.org> |
||
|
Ingo Molnar
|
b17b01533b |
sched/headers: Prepare for new header dependencies before moving code to <linux/sched/debug.h>
We are going to split <linux/sched/debug.h> out of <linux/sched.h>, which will have to be picked up from other headers and a couple of .c files. Create a trivial placeholder <linux/sched/debug.h> file that just maps to <linux/sched.h> to make this patch obviously correct and bisectable. Include the new header in the files that are going to need it. Acked-by: Linus Torvalds <torvalds@linux-foundation.org> Cc: Mike Galbraith <efault@gmx.de> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar <mingo@kernel.org> |
||
|
Vijay Kumar
|
7db60d05e5 |
sparc64: Send break twice from console to return to boot prom
Now we can also jump to boot prom from sunhv console by sending break twice on console for both running and panicked kernel cases. Signed-off-by: Vijay Kumar <vijay.ac.kumar@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Linus Torvalds
|
7d91de7443 |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk
Pull printk updates from Petr Mladek: - Add Petr Mladek, Sergey Senozhatsky as printk maintainers, and Steven Rostedt as the printk reviewer. This idea came up after the discussion about printk issues at Kernel Summit. It was formulated and discussed at lkml[1]. - Extend a lock-less NMI per-cpu buffers idea to handle recursive printk() calls by Sergey Senozhatsky[2]. It is the first step in sanitizing printk as discussed at Kernel Summit. The change allows to see messages that would normally get ignored or would cause a deadlock. Also it allows to enable lockdep in printk(). This already paid off. The testing in linux-next helped to discover two old problems that were hidden before[3][4]. - Remove unused parameter by Sergey Senozhatsky. Clean up after a past change. [1] http://lkml.kernel.org/r/1481798878-31898-1-git-send-email-pmladek@suse.com [2] http://lkml.kernel.org/r/20161227141611.940-1-sergey.senozhatsky@gmail.com [3] http://lkml.kernel.org/r/20170215044332.30449-1-sergey.senozhatsky@gmail.com [4] http://lkml.kernel.org/r/20170217015932.11898-1-sergey.senozhatsky@gmail.com * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/pmladek/printk: printk: drop call_console_drivers() unused param printk: convert the rest to printk-safe printk: remove zap_locks() function printk: use printk_safe buffers in printk printk: report lost messages in printk safe/nmi contexts printk: always use deferred printk when flush printk_safe lines printk: introduce per-cpu safe_print seq buffer printk: rename nmi.c and exported api printk: use vprintk_func in vprintk() MAINTAINERS: Add printk maintainers |
||
|
Sergey Senozhatsky
|
f92bac3b14 |
printk: rename nmi.c and exported api
A preparation patch for printk_safe work. No functional change. - rename nmi.c to print_safe.c - add `printk_safe' prefix to some (which used both by printk-safe and printk-nmi) of the exported functions. Link: http://lkml.kernel.org/r/20161227141611.940-3-sergey.senozhatsky@gmail.com Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Jan Kara <jack@suse.cz> Cc: Tejun Heo <tj@kernel.org> Cc: Calvin Owens <calvinowens@fb.com> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Ingo Molnar <mingo@redhat.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Andy Lutomirski <luto@kernel.org> Cc: Peter Hurley <peter@hurleysoftware.com> Cc: linux-kernel@vger.kernel.org Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com> Signed-off-by: Petr Mladek <pmladek@suse.com> |
||
|
Jiri Slaby
|
ff7a28a074 |
kernel/panic.c: add missing \n
When a system panics, the "Rebooting in X seconds.." message is never printed because it lacks a new line. Fix it. Link: http://lkml.kernel.org/r/20170119114751.2724-1-jslaby@suse.cz Signed-off-by: Jiri Slaby <jslaby@suse.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Larry Finger
|
5eb7c0d04f |
taint/module: Fix problems when out-of-kernel driver defines true or false
Commit |
||
|
Petr Mladek
|
7fd8329ba5 |
taint/module: Clean up global and module taint flags handling
The commit |
||
|
Hidehiro Kawai
|
0ee59413c9 |
x86/panic: replace smp_send_stop() with kdump friendly version in panic path
Daniel Walker reported problems which happens when
crash_kexec_post_notifiers kernel option is enabled
(https://lkml.org/lkml/2015/6/24/44).
In that case, smp_send_stop() is called before entering kdump routines
which assume other CPUs are still online. As the result, for x86, kdump
routines fail to save other CPUs' registers and disable virtualization
extensions.
To fix this problem, call a new kdump friendly function,
crash_smp_send_stop(), instead of the smp_send_stop() when
crash_kexec_post_notifiers is enabled. crash_smp_send_stop() is a weak
function, and it just call smp_send_stop(). Architecture codes should
override it so that kdump can work appropriately. This patch only
provides x86-specific version.
For Xen's PV kernel, just keep the current behavior.
NOTES:
- Right solution would be to place crash_smp_send_stop() before
__crash_kexec() invocation in all cases and remove smp_send_stop(), but
we can't do that until all architectures implement own
crash_smp_send_stop()
- crash_smp_send_stop()-like work is still needed by
machine_crash_shutdown() because crash_kexec() can be called without
entering panic()
Fixes:
|
||
|
Hidehiro Kawai
|
b26e27ddfd |
kexec: use core_param for crash_kexec_post_notifiers boot option
crash_kexec_post_notifiers ia a boot option which controls whether the 1st kernel calls panic notifiers or not before booting the 2nd kernel. However, there is no need to limit it to being modifiable only at boot time. So, use core_param instead of early_param. Link: http://lkml.kernel.org/r/20160705113327.5864.43139.stgit@softrs Signed-off-by: Hidehiro Kawai <hidehiro.kawai.ez@hitachi.com> Cc: Dave Young <dyoung@redhat.com> Cc: Baoquan He <bhe@redhat.com> Cc: Vivek Goyal <vgoyal@redhat.com> Cc: Eric Biederman <ebiederm@xmission.com> Cc: Masami Hiramatsu <mhiramat@kernel.org> Cc: Borislav Petkov <bp@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Petr Mladek
|
cf9b1106c8 |
printk/nmi: flush NMI messages on the system panic
In NMI context, printk() messages are stored into per-CPU buffers to avoid a possible deadlock. They are normally flushed to the main ring buffer via an IRQ work. But the work is never called when the system calls panic() in the very same NMI handler. This patch tries to flush NMI buffers before the crash dump is generated. In this case it does not risk a double release and bails out when the logbuf_lock is already taken. The aim is to get the messages into the main ring buffer when possible. It makes them better accessible in the vmcore. Then the patch tries to flush the buffers second time when other CPUs are down. It might be more aggressive and reset logbuf_lock. The aim is to get the messages available for the consequent kmsg_dump() and console_flush_on_panic() calls. The patch causes vprintk_emit() to be called even in NMI context again. But it is done via printk_deferred() so that the console handling is skipped. Consoles use internal locks and we could not prevent a deadlock easily. They are explicitly called later when the crash dump is not generated, see console_flush_on_panic(). Signed-off-by: Petr Mladek <pmladek@suse.com> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Daniel Thompson <daniel.thompson@linaro.org> Cc: David Miller <davem@davemloft.net> Cc: Ingo Molnar <mingo@redhat.com> Cc: Jan Kara <jack@suse.cz> Cc: Jiri Kosina <jkosina@suse.com> Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Ralf Baechle <ralf@linux-mips.org> Cc: Russell King <rmk+kernel@arm.linux.org.uk> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Hidehiro Kawai
|
ebc41f20d7 |
panic: change nmi_panic from macro to function
Commit |
||
|
Josh Poimboeuf
|
2553b67a1f |
lib/bug.c: use common WARN helper
The traceoff_on_warning option doesn't have any effect on s390, powerpc, arm64, parisc, and sh because there are two different types of WARN implementations: 1) The above mentioned architectures treat WARN() as a special case of a BUG() exception. They handle warnings in report_bug() in lib/bug.c. 2) All other architectures just call warn_slowpath_*() directly. Their warnings are handled in warn_slowpath_common() in kernel/panic.c. Support traceoff_on_warning on all architectures and prevent any future divergence by using a single common function to emit the warning. Also remove the '()' from '%pS()', because the parentheses look funky: [ 45.607629] WARNING: at /root/warn_mod/warn_mod.c:17 .init_dummy+0x20/0x40 [warn_mod]() Reported-by: Chunyu Hu <chuhu@redhat.com> Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> Acked-by: Heiko Carstens <heiko.carstens@de.ibm.com> Tested-by: Prarit Bhargava <prarit@redhat.com> Acked-by: Prarit Bhargava <prarit@redhat.com> Acked-by: Steven Rostedt <rostedt@goodmis.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Tejun Heo
|
8d91f8b153 |
printk: do cond_resched() between lines while outputting to consoles
@console_may_schedule tracks whether console_sem was acquired through lock or trylock. If the former, we're inside a sleepable context and console_conditional_schedule() performs cond_resched(). This allows console drivers which use console_lock for synchronization to yield while performing time-consuming operations such as scrolling. However, the actual console outputting is performed while holding irq-safe logbuf_lock, so console_unlock() clears @console_may_schedule before starting outputting lines. Also, only a few drivers call console_conditional_schedule() to begin with. This means that when a lot of lines need to be output by console_unlock(), for example on a console registration, the task doing console_unlock() may not yield for a long time on a non-preemptible kernel. If this happens with a slow console devices, for example a serial console, the outputting task may occupy the cpu for a very long time. Long enough to trigger softlockup and/or RCU stall warnings, which in turn pile more messages, sometimes enough to trigger the next cycle of warnings incapacitating the system. Fix it by making console_unlock() insert cond_resched() between lines if @console_may_schedule. Signed-off-by: Tejun Heo <tj@kernel.org> Reported-by: Calvin Owens <calvinowens@fb.com> Acked-by: Jan Kara <jack@suse.com> Cc: Dave Jones <davej@codemonkey.org.uk> Cc: Kyle McMartin <kyle@kernel.org> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Hidehiro Kawai
|
7bbee5ca38 |
kexec: Fix race between panic() and crash_kexec()
Currently, panic() and crash_kexec() can be called at the same time.
For example (x86 case):
CPU 0:
oops_end()
crash_kexec()
mutex_trylock() // acquired
nmi_shootdown_cpus() // stop other CPUs
CPU 1:
panic()
crash_kexec()
mutex_trylock() // failed to acquire
smp_send_stop() // stop other CPUs
infinite loop
If CPU 1 calls smp_send_stop() before nmi_shootdown_cpus(), kdump
fails.
In another case:
CPU 0:
oops_end()
crash_kexec()
mutex_trylock() // acquired
<NMI>
io_check_error()
panic()
crash_kexec()
mutex_trylock() // failed to acquire
infinite loop
Clearly, this is an undesirable result.
To fix this problem, this patch changes crash_kexec() to exclude others
by using the panic_cpu atomic.
Signed-off-by: Hidehiro Kawai <hidehiro.kawai.ez@hitachi.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Baoquan He <bhe@redhat.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: HATAYAMA Daisuke <d.hatayama@jp.fujitsu.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: kexec@lists.infradead.org
Cc: linux-doc@vger.kernel.org
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
Cc: Minfei Huang <mnfhuang@gmail.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Seth Jennings <sjenning@redhat.com>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vitaly Kuznetsov <vkuznets@redhat.com>
Cc: Vivek Goyal <vgoyal@redhat.com>
Cc: x86-ml <x86@kernel.org>
Link: http://lkml.kernel.org/r/20151210014630.25437.94161.stgit@softrs
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
||
|
Hidehiro Kawai
|
58c5661f21 |
panic, x86: Allow CPUs to save registers even if looping in NMI context
Currently, kdump_nmi_shootdown_cpus(), a subroutine of crash_kexec(),
sends an NMI IPI to CPUs which haven't called panic() to stop them,
save their register information and do some cleanups for crash dumping.
However, if such a CPU is infinitely looping in NMI context, we fail to
save its register information into the crash dump.
For example, this can happen when unknown NMIs are broadcast to all
CPUs as follows:
CPU 0 CPU 1
=========================== ==========================
receive an unknown NMI
unknown_nmi_error()
panic() receive an unknown NMI
spin_trylock(&panic_lock) unknown_nmi_error()
crash_kexec() panic()
spin_trylock(&panic_lock)
panic_smp_self_stop()
infinite loop
kdump_nmi_shootdown_cpus()
issue NMI IPI -----------> blocked until IRET
infinite loop...
Here, since CPU 1 is in NMI context, the second NMI from CPU 0 is
blocked until CPU 1 executes IRET. However, CPU 1 never executes IRET,
so the NMI is not handled and the callback function to save registers is
never called.
In practice, this can happen on some servers which broadcast NMIs to all
CPUs when the NMI button is pushed.
To save registers in this case, we need to:
a) Return from NMI handler instead of looping infinitely
or
b) Call the callback function directly from the infinite loop
Inherently, a) is risky because NMI is also used to prevent corrupted
data from being propagated to devices. So, we chose b).
This patch does the following:
1. Move the infinite looping of CPUs which haven't called panic() in NMI
context (actually done by panic_smp_self_stop()) outside of panic() to
enable us to refer pt_regs. Please note that panic_smp_self_stop() is
still used for normal context.
2. Call a callback of kdump_nmi_shootdown_cpus() directly to save
registers and do some cleanups after setting waiting_for_crash_ipi which
is used for counting down the number of CPUs which handled the callback
Signed-off-by: Hidehiro Kawai <hidehiro.kawai.ez@hitachi.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Aaron Tomlin <atomlin@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Baoquan He <bhe@redhat.com>
Cc: Chris Metcalf <cmetcalf@ezchip.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: David Hildenbrand <dahi@linux.vnet.ibm.com>
Cc: Don Zickus <dzickus@redhat.com>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Gobinda Charan Maji <gobinda.cemk07@gmail.com>
Cc: HATAYAMA Daisuke <d.hatayama@jp.fujitsu.com>
Cc: Hidehiro Kawai <hidehiro.kawai.ez@hitachi.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Javi Merino <javi.merino@arm.com>
Cc: Jiang Liu <jiang.liu@linux.intel.com>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: kexec@lists.infradead.org
Cc: linux-doc@vger.kernel.org
Cc: lkml <linux-kernel@vger.kernel.org>
Cc: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
Cc: Michal Nazarewicz <mina86@mina86.com>
Cc: Nicolas Iooss <nicolas.iooss_linux@m4x.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Prarit Bhargava <prarit@redhat.com>
Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: Seth Jennings <sjenning@redhat.com>
Cc: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ulrich Obergfell <uobergfe@redhat.com>
Cc: Vitaly Kuznetsov <vkuznets@redhat.com>
Cc: Vivek Goyal <vgoyal@redhat.com>
Cc: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>
Link: http://lkml.kernel.org/r/20151210014628.25437.75256.stgit@softrs
[ Cleanup comments, fixup formatting. ]
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
||
|
Hidehiro Kawai
|
1717f2096b |
panic, x86: Fix re-entrance problem due to panic on NMI
If panic on NMI happens just after panic() on the same CPU, panic() is recursively called. Kernel stalls, as a result, after failing to acquire panic_lock. To avoid this problem, don't call panic() in NMI context if we've already entered panic(). For that, introduce nmi_panic() macro to reduce code duplication. In the case of panic on NMI, don't return from NMI handlers if another CPU already panicked. Signed-off-by: Hidehiro Kawai <hidehiro.kawai.ez@hitachi.com> Acked-by: Michal Hocko <mhocko@suse.com> Cc: Aaron Tomlin <atomlin@redhat.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Andy Lutomirski <luto@kernel.org> Cc: Baoquan He <bhe@redhat.com> Cc: Chris Metcalf <cmetcalf@ezchip.com> Cc: David Hildenbrand <dahi@linux.vnet.ibm.com> Cc: Don Zickus <dzickus@redhat.com> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Frederic Weisbecker <fweisbec@gmail.com> Cc: Gobinda Charan Maji <gobinda.cemk07@gmail.com> Cc: HATAYAMA Daisuke <d.hatayama@jp.fujitsu.com> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Ingo Molnar <mingo@kernel.org> Cc: Javi Merino <javi.merino@arm.com> Cc: Jonathan Corbet <corbet@lwn.net> Cc: kexec@lists.infradead.org Cc: linux-doc@vger.kernel.org Cc: lkml <linux-kernel@vger.kernel.org> Cc: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com> Cc: Michal Nazarewicz <mina86@mina86.com> Cc: Nicolas Iooss <nicolas.iooss_linux@m4x.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Prarit Bhargava <prarit@redhat.com> Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk> Cc: Rusty Russell <rusty@rustcorp.com.au> Cc: Seth Jennings <sjenning@redhat.com> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Ulrich Obergfell <uobergfe@redhat.com> Cc: Vitaly Kuznetsov <vkuznets@redhat.com> Cc: Vivek Goyal <vgoyal@redhat.com> Link: http://lkml.kernel.org/r/20151210014626.25437.13302.stgit@softrs [ Cleanup comments, fixup formatting. ] Signed-off-by: Borislav Petkov <bp@suse.de> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> |
||
|
Vitaly Kuznetsov
|
7625b3a000 |
kernel/panic.c: turn off locks debug before releasing console lock
Commit |
||
|
Vitaly Kuznetsov
|
08d78658f3 |
panic: release stale console lock to always get the logbuf printed out
In some cases we may end up killing the CPU holding the console lock while still having valuable data in logbuf. E.g. I'm observing the following: - A crash is happening on one CPU and console_unlock() is being called on some other. - console_unlock() tries to print out the buffer before releasing the lock and on slow console it takes time. - in the meanwhile crashing CPU does lots of printk()-s with valuable data (which go to the logbuf) and sends IPIs to all other CPUs. - console_unlock() finishes printing previous chunk and enables interrupts before trying to print out the rest, the CPU catches the IPI and never releases console lock. This is not the only possible case: in VT/fb subsystems we have many other console_lock()/console_unlock() users. Non-masked interrupts (or receiving NMI in case of extreme slowness) will have the same result. Getting the whole console buffer printed out on crash should be top priority. [akpm@linux-foundation.org: tweak comment text] Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com> Cc: HATAYAMA Daisuke <d.hatayama@jp.fujitsu.com> Cc: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com> Cc: Jiri Kosina <jkosina@suse.cz> Cc: Baoquan He <bhe@redhat.com> Cc: Prarit Bhargava <prarit@redhat.com> Cc: Xie XiuQi <xiexiuqi@huawei.com> Cc: Seth Jennings <sjenning@redhat.com> Cc: "K. Y. Srinivasan" <kys@microsoft.com> Cc: Jan Kara <jack@suse.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
HATAYAMA Daisuke
|
5375b708f2 |
kernel/panic/kexec: fix "crash_kexec_post_notifiers" option issue in oops path
Commit
|
||
|
HATAYAMA Daisuke
|
f45d85ff1f |
kernel/panic: call the 2nd crash_kexec() only if crash_kexec_post_notifiers is enabled
For compatibility with the behaviour before the commit
|
||
|
Seth Jennings
|
c5f4546593 |
livepatch: kernel: add TAINT_LIVEPATCH
This adds a new taint flag to indicate when the kernel or a kernel module has been live patched. This will provide a clean indication in bug reports that live patching was used. Additionally, if the crash occurs in a live patched function, the live patch module will appear beside the patched function in the backtrace. Signed-off-by: Seth Jennings <sjenning@redhat.com> Acked-by: Josh Poimboeuf <jpoimboe@redhat.com> Reviewed-by: Miroslav Benes <mbenes@suse.cz> Reviewed-by: Petr Mladek <pmladek@suse.cz> Reviewed-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz> |
||
|
Prarit Bhargava
|
9e3961a097 |
kernel: add panic_on_warn
There have been several times where I have had to rebuild a kernel to
cause a panic when hitting a WARN() in the code in order to get a crash
dump from a system. Sometimes this is easy to do, other times (such as
in the case of a remote admin) it is not trivial to send new images to
the user.
A much easier method would be a switch to change the WARN() over to a
panic. This makes debugging easier in that I can now test the actual
image the WARN() was seen on and I do not have to engage in remote
debugging.
This patch adds a panic_on_warn kernel parameter and
/proc/sys/kernel/panic_on_warn calls panic() in the
warn_slowpath_common() path. The function will still print out the
location of the warning.
An example of the panic_on_warn output:
The first line below is from the WARN_ON() to output the WARN_ON()'s
location. After that the panic() output is displayed.
WARNING: CPU: 30 PID: 11698 at /home/prarit/dummy_module/dummy-module.c:25 init_dummy+0x1f/0x30 [dummy_module]()
Kernel panic - not syncing: panic_on_warn set ...
CPU: 30 PID: 11698 Comm: insmod Tainted: G W OE 3.17.0+ #57
Hardware name: Intel Corporation S2600CP/S2600CP, BIOS RMLSDP.86I.00.29.D696.1311111329 11/11/2013
0000000000000000 000000008e3f87df ffff88080f093c38 ffffffff81665190
0000000000000000 ffffffff818aea3d ffff88080f093cb8 ffffffff8165e2ec
ffffffff00000008 ffff88080f093cc8 ffff88080f093c68 000000008e3f87df
Call Trace:
[<ffffffff81665190>] dump_stack+0x46/0x58
[<ffffffff8165e2ec>] panic+0xd0/0x204
[<ffffffffa038e05f>] ? init_dummy+0x1f/0x30 [dummy_module]
[<ffffffff81076b90>] warn_slowpath_common+0xd0/0xd0
[<ffffffffa038e040>] ? dummy_greetings+0x40/0x40 [dummy_module]
[<ffffffff81076c8a>] warn_slowpath_null+0x1a/0x20
[<ffffffffa038e05f>] init_dummy+0x1f/0x30 [dummy_module]
[<ffffffff81002144>] do_one_initcall+0xd4/0x210
[<ffffffff811b52c2>] ? __vunmap+0xc2/0x110
[<ffffffff810f8889>] load_module+0x16a9/0x1b30
[<ffffffff810f3d30>] ? store_uevent+0x70/0x70
[<ffffffff810f49b9>] ? copy_module_from_fd.isra.44+0x129/0x180
[<ffffffff810f8ec6>] SyS_finit_module+0xa6/0xd0
[<ffffffff8166cf29>] system_call_fastpath+0x12/0x17
Successfully tested by me.
hpa said: There is another very valid use for this: many operators would
rather a machine shuts down than being potentially compromised either
functionally or security-wise.
Signed-off-by: Prarit Bhargava <prarit@redhat.com>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
Acked-by: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>
Cc: Fabian Frederick <fabf@skynet.be>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||
|
Xie XiuQi
|
bc53a3f46d |
kernel/panic.c: update comments for print_tainted
Commit
|
||
|
Josh Hunt
|
69361eef90 |
panic: add TAINT_SOFTLOCKUP
This taint flag will be set if the system has ever entered a softlockup state. Similar to TAINT_WARN it is useful to know whether or not the system has been in a softlockup state when debugging. [akpm@linux-foundation.org: apply the taint before calling panic()] Signed-off-by: Josh Hunt <johunt@akamai.com> Cc: Jason Baron <jbaron@akamai.com> Cc: Randy Dunlap <rdunlap@infradead.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |