19f08171e3
* common/android-4.4-p:
Linux 4.4.293
usb: max-3421: Use driver data instead of maintaining a list of bound devices
ASoC: DAPM: Cover regression by kctl change notification fix
batman-adv: Avoid WARN_ON timing related checks
batman-adv: Don't always reallocate the fragmentation skb head
batman-adv: Reserve needed_*room for fragments
batman-adv: Consider fragmentation for needed_headroom
batman-adv: set .owner to THIS_MODULE
batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh
batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh
batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN
batman-adv: Prevent duplicated softif_vlan entry
batman-adv: Fix multicast TT issues with bogus ROAM flags
batman-adv: Keep fragments equally sized
drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors
drm/udl: fix control-message timeout
cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
parisc/sticon: fix reverse colors
btrfs: fix memory ordering between normal and ordered work functions
mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag
hexagon: export raw I/O routines for modules
tun: fix bonding active backup with arp monitoring
NFC: reorder the logic in nfc_{un,}register_device
NFC: reorganize the functions in nci_request
platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()'
mips: bcm63xx: add support for clk_get_parent()
net: bnx2x: fix variable dereferenced before check
sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain()
mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set
sh: define __BIG_ENDIAN for math-emu
sh: fix kconfig unmet dependency warning for FRAME_POINTER
maple: fix wrong return value of maple_bus_init().
sh: check return code of request_irq
powerpc/dcr: Use cmplwi instead of 3-argument cmpli
ALSA: gus: fix null pointer dereference on pointer block
powerpc/5200: dts: fix memory node unit name
scsi: target: Fix alua_tg_pt_gps_count tracking
scsi: target: Fix ordered tag handling
MIPS: sni: Fix the build
tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc
usb: host: ohci-tmio: check return value after calling platform_get_resource()
ARM: dts: omap: fix gpmc,mux-add-data type
scsi: advansys: Fix kernel pointer leak
usb: musb: tusb6010: check return value after calling platform_get_resource()
scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
net: batman-adv: fix error handling
PCI/MSI: Destroy sysfs before freeing entries
parisc/entry: fix trace test in syscall exit path
PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros
mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks
ARM: 9156/1: drop cc-option fallbacks for architecture selection
USB: chipidea: fix interrupt deadlock
vsock: prevent unnecessary refcnt inc for nonblocking connect
nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails
llc: fix out-of-bound array index in llc_sk_dev_hash()
bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed
net: davinci_emac: Fix interrupt pacing disable
xen-pciback: Fix return in pm_ctrl_init()
scsi: qla2xxx: Turn off target reset during issue_lip
watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT
m68k: set a default value for MEMORY_RESERVE
netfilter: nfnetlink_queue: fix OOB when mac header was cleared
dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro
RDMA/mlx4: Return missed an error if device doesn't support steering
scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn()
power: supply: rt5033_battery: Change voltage values to µV
usb: gadget: hid: fix error code in do_config()
serial: 8250_dw: Drop wrong use of ACPI_PTR()
video: fbdev: chipsfb: use memset_io() instead of memset()
memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe
JFS: fix memleak in jfs_mount
scsi: dc395: Fix error case unwinding
ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc()
crypto: pcrypt - Delay write to padata->info
libertas: Fix possible memory leak in probe and disconnect
libertas_tf: Fix possible memory leak in probe and disconnect
smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi
mwifiex: Send DELBA requests according to spec
platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning
net: stream: don't purge sk_error_queue in sk_stream_kill_queues()
drm/msm: uninitialized variable in msm_gem_import()
memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host()
memstick: avoid out-of-range warning
b43: fix a lower bounds test
b43legacy: fix a lower bounds test
crypto: qat - detect PFVF collision after ACK
ath9k: Fix potential interrupt storm on queue reset
cpuidle: Fix kobject memory leaks in error paths
media: si470x: Avoid card name truncation
media: dvb-usb: fix ununit-value in az6027_rc_query
parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling
parisc: fix warning in flush_tlb_all
ARM: 9136/1: ARMv7-M uses BE-8, not BE-32
ARM: clang: Do not rely on lr register for stacktrace
smackfs: use __GFP_NOFAIL for smk_cipso_doi()
iwlwifi: mvm: disable RX-diversity in powersave
PM: hibernate: Get block device exclusively in swsusp_check()
mwl8k: Fix use-after-free in mwl8k_fw_state_machine()
lib/xz: Validate the value before assigning it to an enum variable
lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression
memstick: r592: Fix a UAF bug when removing the driver
ACPI: battery: Accept charges over the design capacity as full
ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create()
tracefs: Have tracefs directories not set OTH permission bits by default
media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte()
ACPICA: Avoid evaluating methods too early during system resume
ia64: don't do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK
media: mceusb: return without resubmitting URB in case of -EPROTO error.
media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe()
media: uvcvideo: Set capability in s_param
media: netup_unidvb: handle interrupt properly according to the firmware
media: mt9p031: Fix corrupted frame after restarting stream
x86: Increase exception stack sizes
smackfs: Fix use-after-free in netlbl_catmap_walk()
MIPS: lantiq: dma: reset correct number of channel
MIPS: lantiq: dma: add small delay after reset
platform/x86: wmi: do not fail if disabling fails
Bluetooth: fix use-after-free error in lock_sock_nested()
Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
USB: iowarrior: fix control-message timeouts
USB: serial: keyspan: fix memleak on probe errors
iio: dac: ad5446: Fix ad5622_write() return value
quota: correct error number in free_dqentry()
quota: check block number when reading the block in quota file
ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume
ALSA: mixer: oss: Fix racy access to slots
power: supply: max17042_battery: use VFSOC for capacity when no rsns
power: supply: max17042_battery: Prevent int underflow in set_soc_threshold
signal: Remove the bogus sigkill_pending in ptrace_stop
mwifiex: Read a PCI register after writing the TX ring write pointer
wcn36xx: Fix HT40 capability for 2Ghz band
PCI: Mark Atheros QCA6174 to avoid bus reset
ath6kl: fix control-message timeout
ath6kl: fix division by zero in send path
mwifiex: fix division by zero in fw download path
EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell
hwmon: (pmbus/lm25066) Add offset coefficients
btrfs: fix lost error handling when replaying directory deletes
vmxnet3: do not stop tx queues after netif_device_detach()
spi: spl022: fix Microwire full duplex mode
xen/netfront: stop tx queues during live migration
mmc: winbond: don't build on M68K
hyperv/vmbus: include linux/bitops.h
x86/irq: Ensure PI wakeup handler is unregistered before module unload
ALSA: timer: Unconditionally unlink slave instances, too
ALSA: timer: Fix use-after-free problem
ALSA: synth: missing check for possible NULL after the call to kstrdup
ALSA: line6: fix control and interrupt message timeouts
ALSA: 6fire: fix control and bulk message timeouts
ALSA: ua101: fix division by zero at probe
media: ite-cir: IR receiver stop working after receive overflow
parisc: Fix ptrace check on syscall return
mmc: dw_mmc: Dont wait for DRTO on Write RSP error
ocfs2: fix data corruption on truncate
libata: fix read log timeout value
Input: i8042 - Add quirk for Fujitsu Lifebook T725
Input: elantench - fix misreporting trackpoint coordinates
xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay
binder: use cred instead of task for selinux checks
binder: use euid from cred instead of using task
FROMGIT: binder: fix test regression due to sender_euid change
BACKPORT: binder: use cred instead of task for selinux checks
BACKPORT: binder: use euid from cred instead of using task
BACKPORT: ip_gre: add validation for csum_start
Linux 4.4.292
rsi: fix control-message timeout
staging: rtl8192u: fix control-message timeouts
staging: r8712u: fix control-message timeout
comedi: vmk80xx: fix bulk and interrupt message timeouts
comedi: vmk80xx: fix bulk-buffer overflow
comedi: vmk80xx: fix transfer-buffer overflows
staging: comedi: drivers: replace le16_to_cpu() with usb_endpoint_maxp()
comedi: ni_usb6501: fix NULL-deref in command paths
comedi: dt9812: fix DMA buffers on stack
isofs: Fix out of bound access for corrupted isofs image
usb: hso: fix error handling code of hso_create_net_device
printk/console: Allow to disable console output by using console="" or console=null
usb-storage: Add compatibility quirk flags for iODD 2531/2541
usb: gadget: Mark USB_FSL_QE broken on 64-bit
IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields
IB/qib: Use struct_size() helper
net: hso: register netdev later to avoid a race condition
ARM: 9120/1: Revert "amba: make use of -1 IRQs warn"
scsi: core: Put LLD module refcnt after SCSI device is released
Conflicts:
net/bluetooth/l2cap_sock.c
Change-Id: I066f7145b7245f9c95e1c78f84f0871a9825150f
208 lines
5.2 KiB
C
208 lines
5.2 KiB
C
#include <linux/export.h>
|
|
#include <linux/kasan.h>
|
|
#include <linux/sched.h>
|
|
#include <linux/stacktrace.h>
|
|
|
|
#include <asm/stacktrace.h>
|
|
#include <asm/traps.h>
|
|
|
|
#if defined(CONFIG_FRAME_POINTER) && !defined(CONFIG_ARM_UNWIND)
|
|
/*
|
|
* Unwind the current stack frame and store the new register values in the
|
|
* structure passed as argument. Unwinding is equivalent to a function return,
|
|
* hence the new PC value rather than LR should be used for backtrace.
|
|
*
|
|
* With framepointer enabled, a simple function prologue looks like this:
|
|
* mov ip, sp
|
|
* stmdb sp!, {fp, ip, lr, pc}
|
|
* sub fp, ip, #4
|
|
*
|
|
* A simple function epilogue looks like this:
|
|
* ldm sp, {fp, sp, pc}
|
|
*
|
|
* When compiled with clang, pc and sp are not pushed. A simple function
|
|
* prologue looks like this when built with clang:
|
|
*
|
|
* stmdb {..., fp, lr}
|
|
* add fp, sp, #x
|
|
* sub sp, sp, #y
|
|
*
|
|
* A simple function epilogue looks like this when built with clang:
|
|
*
|
|
* sub sp, fp, #x
|
|
* ldm {..., fp, pc}
|
|
*
|
|
*
|
|
* Note that with framepointer enabled, even the leaf functions have the same
|
|
* prologue and epilogue, therefore we can ignore the LR value in this case.
|
|
*/
|
|
int notrace unwind_frame(struct stackframe *frame)
|
|
{
|
|
unsigned long high, low;
|
|
unsigned long fp = frame->fp;
|
|
|
|
/* only go to a higher address on the stack */
|
|
low = frame->sp;
|
|
high = ALIGN(low, THREAD_SIZE);
|
|
|
|
#ifdef CONFIG_CC_IS_CLANG
|
|
/* check current frame pointer is within bounds */
|
|
if (fp < low + 4 || fp > high - 4)
|
|
return -EINVAL;
|
|
|
|
frame->sp = frame->fp;
|
|
frame->fp = *(unsigned long *)(fp);
|
|
frame->pc = *(unsigned long *)(fp + 4);
|
|
#else
|
|
/* check current frame pointer is within bounds */
|
|
if (fp < low + 12 || fp > high - 4)
|
|
return -EINVAL;
|
|
|
|
kasan_disable_current();
|
|
|
|
/* restore the registers from the stack frame */
|
|
frame->fp = *(unsigned long *)(fp - 12);
|
|
frame->sp = *(unsigned long *)(fp - 8);
|
|
frame->pc = *(unsigned long *)(fp - 4);
|
|
#endif
|
|
|
|
kasan_enable_current();
|
|
|
|
return 0;
|
|
}
|
|
#endif
|
|
|
|
void notrace walk_stackframe(struct stackframe *frame,
|
|
int (*fn)(struct stackframe *, void *), void *data)
|
|
{
|
|
while (1) {
|
|
int ret;
|
|
|
|
if (fn(frame, data))
|
|
break;
|
|
ret = unwind_frame(frame);
|
|
if (ret < 0)
|
|
break;
|
|
}
|
|
}
|
|
EXPORT_SYMBOL(walk_stackframe);
|
|
|
|
#ifdef CONFIG_STACKTRACE
|
|
struct stack_trace_data {
|
|
struct stack_trace *trace;
|
|
unsigned long last_pc;
|
|
unsigned int no_sched_functions;
|
|
unsigned int skip;
|
|
};
|
|
|
|
static int save_trace(struct stackframe *frame, void *d)
|
|
{
|
|
struct stack_trace_data *data = d;
|
|
struct stack_trace *trace = data->trace;
|
|
struct pt_regs *regs;
|
|
unsigned long addr = frame->pc;
|
|
|
|
if (data->no_sched_functions && in_sched_functions(addr))
|
|
return 0;
|
|
if (data->skip) {
|
|
data->skip--;
|
|
return 0;
|
|
}
|
|
|
|
trace->entries[trace->nr_entries++] = addr;
|
|
|
|
if (trace->nr_entries >= trace->max_entries)
|
|
return 1;
|
|
|
|
/*
|
|
* in_exception_text() is designed to test if the PC is one of
|
|
* the functions which has an exception stack above it, but
|
|
* unfortunately what is in frame->pc is the return LR value,
|
|
* not the saved PC value. So, we need to track the previous
|
|
* frame PC value when doing this.
|
|
*/
|
|
addr = data->last_pc;
|
|
data->last_pc = frame->pc;
|
|
if (!in_exception_text(addr))
|
|
return 0;
|
|
|
|
regs = (struct pt_regs *)frame->sp;
|
|
|
|
trace->entries[trace->nr_entries++] = regs->ARM_pc;
|
|
|
|
return trace->nr_entries >= trace->max_entries;
|
|
}
|
|
|
|
/* This must be noinline to so that our skip calculation works correctly */
|
|
static noinline void __save_stack_trace(struct task_struct *tsk,
|
|
struct stack_trace *trace, unsigned int nosched)
|
|
{
|
|
struct stack_trace_data data;
|
|
struct stackframe frame;
|
|
|
|
data.trace = trace;
|
|
data.last_pc = ULONG_MAX;
|
|
data.skip = trace->skip;
|
|
data.no_sched_functions = nosched;
|
|
|
|
if (tsk != current) {
|
|
#ifdef CONFIG_SMP
|
|
/*
|
|
* What guarantees do we have here that 'tsk' is not
|
|
* running on another CPU? For now, ignore it as we
|
|
* can't guarantee we won't explode.
|
|
*/
|
|
if (trace->nr_entries < trace->max_entries)
|
|
trace->entries[trace->nr_entries++] = ULONG_MAX;
|
|
return;
|
|
#else
|
|
frame.fp = thread_saved_fp(tsk);
|
|
frame.sp = thread_saved_sp(tsk);
|
|
frame.lr = 0; /* recovered from the stack */
|
|
frame.pc = thread_saved_pc(tsk);
|
|
#endif
|
|
} else {
|
|
/* We don't want this function nor the caller */
|
|
data.skip += 2;
|
|
frame.fp = (unsigned long)__builtin_frame_address(0);
|
|
frame.sp = current_stack_pointer;
|
|
frame.lr = (unsigned long)__builtin_return_address(0);
|
|
frame.pc = (unsigned long)__save_stack_trace;
|
|
}
|
|
|
|
walk_stackframe(&frame, save_trace, &data);
|
|
if (trace->nr_entries < trace->max_entries)
|
|
trace->entries[trace->nr_entries++] = ULONG_MAX;
|
|
}
|
|
|
|
void save_stack_trace_regs(struct pt_regs *regs, struct stack_trace *trace)
|
|
{
|
|
struct stack_trace_data data;
|
|
struct stackframe frame;
|
|
|
|
data.trace = trace;
|
|
data.skip = trace->skip;
|
|
data.no_sched_functions = 0;
|
|
|
|
frame.fp = regs->ARM_fp;
|
|
frame.sp = regs->ARM_sp;
|
|
frame.lr = regs->ARM_lr;
|
|
frame.pc = regs->ARM_pc;
|
|
|
|
walk_stackframe(&frame, save_trace, &data);
|
|
if (trace->nr_entries < trace->max_entries)
|
|
trace->entries[trace->nr_entries++] = ULONG_MAX;
|
|
}
|
|
|
|
void save_stack_trace_tsk(struct task_struct *tsk, struct stack_trace *trace)
|
|
{
|
|
__save_stack_trace(tsk, trace, 1);
|
|
}
|
|
|
|
void save_stack_trace(struct stack_trace *trace)
|
|
{
|
|
__save_stack_trace(current, trace, 0);
|
|
}
|
|
EXPORT_SYMBOL_GPL(save_stack_trace);
|
|
#endif
|