- 20 Dec, 2016 19 commits
-
-
David S. Miller authored
Xin Long says: ==================== sctp: fix the issue that may copy duplicate addrs into assoc's bind address list Patch 1/2 is to fix some indent level. Given that we have kernels out there with this issue, patch 2/2 also fix sctp_raw_to_bind_addrs. v1 -> v2: Explain why we didn't filter the duplicate addresses when global address list gets updated in patch 2/2 changelog. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Xin Long authored
sctp.local_addr_list is a global address list that is supposed to include all the local addresses. sctp updates this list according to NETDEV_UP/ NETDEV_DOWN notifications. However, if multiple NICs have the same address, the global list would have duplicate addresses. Even if for one NIC, promote secondaries in __inet_del_ifa can also lead to accumulating duplicate addresses. When sctp binds address 'ANY' and creates a connection, it copies all the addresses from global list into asoc's bind addr list, which makes sctp pack the duplicate addresses into INIT/INIT_ACK packets. This patch is to filter the duplicate addresses when copying the addrs from global list in sctp_copy_local_addr_list and unpacking addr_param from cookie in sctp_raw_to_bind_addrs to asoc's bind addr list. Note that we can't filter the duplicate addrs when global address list gets updated, As NETDEV_DOWN event may remove an addr that still exists in another NIC. Signed-off-by: Xin Long <lucien.xin@gmail.com> Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Xin Long authored
This patch is to reduce indent level by using continue when the addr is not allowed, and also drop end_copy by using break. Signed-off-by: Xin Long <lucien.xin@gmail.com> Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Dongpo Li says: ==================== net: hix5hd2_gmac: keep the compatible string not changed This patch series fix the patch: d0fb6ba7 ("net: hix5hd2_gmac: add generic compatible string") The SoC hix5hd2 compatible string has the suffix "-gmac" and we should not change its compatible string. So we should name all the compatible string with the suffix "-gmac". Creating a new name suffix "-gemac" is unnecessary. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Dongpo Li authored
The SoC hix5hd2 compatible string has the suffix "-gmac" and we should not change it. We should only add the generic compatible string "hisi-gmac-v1". Fixes: 0855950b ("ARM: dts: hix5hd2: add gmac generic compatible and clock names") Signed-off-by: Dongpo Li <lidongpo@hisilicon.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Dongpo Li authored
The SoC hix5hd2 compatible string has the suffix "-gmac" and we should not change its compatible string. So we should name all the compatible string with the suffix "-gmac". Creating a new name suffix "-gemac" is unnecessary. We also add another SoC compatible string in dt binding documentation and describe which generic version the SoC belongs to. Fixes: d0fb6ba7 ("net: hix5hd2_gmac: add generic compatible string") Signed-off-by: Dongpo Li <lidongpo@hisilicon.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jarno Rajahalme authored
Add a break statement to prevent fall-through from OVS_KEY_ATTR_ETHERNET to OVS_KEY_ATTR_TUNNEL. Without the break actions setting ethernet addresses fail to validate with log messages complaining about invalid tunnel attributes. Fixes: 0a6410fb ("openvswitch: netlink: support L3 packets") Signed-off-by: Jarno Rajahalme <jarno@ovn.org> Acked-by: Pravin B Shelar <pshelar@ovn.org> Acked-by: Jiri Benc <jbenc@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
WingMan Kwok authored
This patch adds the missing 10gbe host port tx priority map configurations. Signed-off-by: WingMan Kwok <w-kwok2@ti.com> Signed-off-by: Murali Karicheri <m-karicheri2@ti.com> Signed-off-by: Sekhar Nori <nsekhar@ti.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
WingMan Kwok authored
In ethtool ops, it needs to retrieve the corresponding ethss module (gbe or xgbe) from the net_device structure. Prior to this patch, the retrieving procedure only checks for the gbe module. This patch fixes the issue by checking the xgbe module if the net_device structure does not correspond to the gbe module. Signed-off-by: WingMan Kwok <w-kwok2@ti.com> Signed-off-by: Murali Karicheri <m-karicheri2@ti.com> Signed-off-by: Sekhar Nori <nsekhar@ti.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Madalin Bucur says: ==================== fsl/fman: fixes for ARM The patch set fixes advertised speeds for QSGMII interfaces, disables A007273 erratum workaround on non-PowerPC platforms where it does not apply, enables compilation on ARM64 and addresses a probing issue on non PPC platforms. Changes from v3: removed redundant comment, added ack by Scott Changes from v2: merged fsl/fman changes to avoid a point of failure Changes from v1: unifying probing on all supported platforms ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Madalin Bucur authored
Signed-off-by: Madalin Bucur <madalin.bucur@nxp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Madalin Bucur authored
Signed-off-by: Madalin Bucur <madalin.bucur@nxp.com> Reviewed-by: Camelia Groza <camelia.groza@nxp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Madalin Bucur authored
The fsl/fman drivers will use of_platform_populate() on all supported platforms. Call of_platform_populate() to probe the FMan sub-nodes. Signed-off-by: Igal Liberman <igal.liberman@freescale.com> Signed-off-by: Madalin Bucur <madalin.bucur@nxp.com> Acked-by: Scott Wood <oss@buserror.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Madalin Bucur authored
QSGMII ports were not advertising 1G speed. Signed-off-by: Madalin Bucur <madalin.bucur@nxp.com> Reviewed-by: Camelia Groza <camelia.groza@nxp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Jerome Brunet says: ==================== phy: Fix integration of eee-broken-modes The purpose of this series is to fix the integration of the ethernet phy property "eee-broken-modes" [0] The v3 of this series has been merged, missing a fix (error reported by kbuild robot) available in the v4 [1] More importantly, Florian opposed adding a DT property mapping a device register this directly [2]. The concern was that the property could be abused to implement platform configuration policy. After discussing it, I think we agreed that such information about the HW (defect) should appear in the platform DT. However, the preferred way is to add a boolean property for each EEE broken mode. [0]: http://lkml.kernel.org/r/1480326409-25419-1-git-send-email-jbrunet@baylibre.com [1]: http://lkml.kernel.org/r/1480348229-25672-1-git-send-email-jbrunet@baylibre.com [2]: http://lkml.kernel.org/r/e14a3b0c-dc34-be14-48b3-518a0ad0c080@gmail.com ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
jbrunet authored
The patches regarding eee-broken-modes was merged before all people involved could find an agreement on the best way to move forward. While we agreed on having a DT property to mark particular modes as broken, the value used for eee-broken-modes mapped the phy register in very direct way. Because of this, the concern is that it could be used to implement configuration policies instead of describing a broken HW. In the end, having a boolean property for each mode seems to be preferred over one bit field value mapping the register (too) directly. Cc: Florian Fainelli <f.fainelli@gmail.com> Signed-off-by: Jerome Brunet <jbrunet@baylibre.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
jbrunet authored
The patches regarding eee-broken-modes was merged before all people involved could find an agreement on the best way to move forward. While we agreed on having a DT property to mark particular modes as broken, the value used for eee-broken-modes mapped the phy register in very direct way. Because of this, the concern is that it could be used to implement configuration policies instead of describing a broken HW. In the end, having a boolean property for each mode seems to be preferred over one bit field value mapping the register (too) directly. Cc: Florian Fainelli <f.fainelli@gmail.com> Signed-off-by: Jerome Brunet <jbrunet@baylibre.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
jbrunet authored
In genphy_config_eee_advert, the return value of phy_read_mmd_indirect is checked to know if the register could be accessed but the result is assigned to a 'u32'. Changing to 'int' to correctly get errors from phy_read_mmd_indirect. Fixes: d853d145 ("net: phy: add an option to disable EEE advertisement") Reported-by: Julia Lawall <julia.lawall@lip6.fr> Signed-off-by: Jerome Brunet <jbrunet@baylibre.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
zheng li authored
ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output There is an inconsistent conditional judgement in __ip_append_data and ip_finish_output functions, the variable length in __ip_append_data just include the length of application's payload and udp header, don't include the length of ip header, but in ip_finish_output use (skb->len > ip_skb_dst_mtu(skb)) as judgement, and skb->len include the length of ip header. That causes some particular application's udp payload whose length is between (MTU - IP Header) and MTU were fragmented by ip_fragment even though the rst->dev support UFO feature. Add the length of ip header to length in __ip_append_data to keep consistent conditional judgement as ip_finish_output for ip fragment. Signed-off-by: Zheng Li <james.z.li@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 19 Dec, 2016 2 commits
-
-
Pavel Machek authored
Fix up memory barriers in stmmac driver. They are meant to protect against DMA engine, so smp_ variants are certainly wrong, and dma_ variants are preferable. Signed-off-by: Pavel Machek <pavel@denx.de> Tested-by: Niklas Cassel <niklas.cassel@axis.com> Acked-by: Giuseppe Cavallaro <peppe.cavallaro@st.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Arvind Yadav authored
Here, If devm_ioremap will fail. It will return NULL. Kernel can run into a NULL-pointer dereference. This error check will avoid NULL pointer dereference. Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 18 Dec, 2016 19 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds authored
Pull networking fixes and cleanups from David Miller: 1) Revert bogus nla_ok() change, from Alexey Dobriyan. 2) Various bpf validator fixes from Daniel Borkmann. 3) Add some necessary SET_NETDEV_DEV() calls to hsis_femac and hip04 drivers, from Dongpo Li. 4) Several ethtool ksettings conversions from Philippe Reynes. 5) Fix bugs in inet port management wrt. soreuseport, from Tom Herbert. 6) XDP support for virtio_net, from John Fastabend. 7) Fix NAT handling within a vrf, from David Ahern. 8) Endianness fixes in dpaa_eth driver, from Claudiu Manoil * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (63 commits) net: mv643xx_eth: fix build failure isdn: Constify some function parameters mlxsw: spectrum: Mark split ports as such cgroup: Fix CGROUP_BPF config qed: fix old-style function definition net: ipv6: check route protocol when deleting routes r6040: move spinlock in r6040_close as SOFTIRQ-unsafe lock order detected irda: w83977af_ir: cleanup an indent issue net: sfc: use new api ethtool_{get|set}_link_ksettings net: davicom: dm9000: use new api ethtool_{get|set}_link_ksettings net: cirrus: ep93xx: use new api ethtool_{get|set}_link_ksettings net: chelsio: cxgb3: use new api ethtool_{get|set}_link_ksettings net: chelsio: cxgb2: use new api ethtool_{get|set}_link_ksettings bpf: fix mark_reg_unknown_value for spilled regs on map value marking bpf: fix overflow in prog accounting bpf: dynamically allocate digest scratch buffer gtp: Fix initialization of Flags octet in GTPv1 header gtp: gtp_check_src_ms_ipv4() always return success net/x25: use designated initializers isdn: use designated initializers ...
-
Linus Torvalds authored
Merge uncontroversial parts of branch 'readlink' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs Pull partial readlink cleanups from Miklos Szeredi. This is the uncontroversial part of the readlink cleanup patch-set that simplifies the default readlink handling. Miklos and Al are still discussing the rest of the series. * git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs: vfs: make generic_readlink() static vfs: remove ".readlink = generic_readlink" assignments vfs: default to generic_readlink() vfs: replace calling i_op->readlink with vfs_readlink() proc/self: use generic_readlink ecryptfs: use vfs_get_link() bad_inode: add missing i_op initializers
-
Sudip Mukherjee authored
The build of sparc allmodconfig fails with the error: "of_irq_to_resource" [drivers/net/ethernet/marvell/mv643xx_eth.ko] undefined! of_irq_to_resource() is defined when CONFIG_OF_IRQ is defined. And also CONFIG_OF_IRQ can only be defined if CONFIG_IRQ is defined. So we can safely use #if defined(CONFIG_OF_IRQ) in the code. Signed-off-by: Sudip Mukherjee <sudip.mukherjee@codethink.co.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Emese Revfy authored
The coming initify gcc plugin expects const pointer types, and caught some __printf arguments that weren't const yet. This fixes those. Signed-off-by: Emese Revfy <re.emese@gmail.com> [kees: expanded commit message] Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Ido Schimmel authored
When a port is split we should mark it as such, as otherwise the split ports aren't renamed correctly (e.g. sw1p3 -> sw1p3s1) and the unsplit operation fails: $ devlink port split sw1p3 count 4 $ devlink port unsplit eth0 devlink answers: Invalid argument [ 598.565307] mlxsw_spectrum 0000:03:00.0 eth0: Port wasn't split Fixes: 67963a33 ("mlxsw: Make devlink port instances independent of spectrum/switchx2 port instances") Signed-off-by: Ido Schimmel <idosch@mellanox.com> Reported-by: Tamir Winetroub <tamirw@mellanox.com> Reviewed-by: Elad Raz <eladr@mellanox.com> Tested-by: Tamir Winetroub <tamirw@mellanox.com> Signed-off-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfsLinus Torvalds authored
Pull more vfs updates from Al Viro: "In this pile: - autofs-namespace series - dedupe stuff - more struct path constification" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (40 commits) ocfs2: implement the VFS clone_range, copy_range, and dedupe_range features ocfs2: charge quota for reflinked blocks ocfs2: fix bad pointer cast ocfs2: always unlock when completing dio writes ocfs2: don't eat io errors during _dio_end_io_write ocfs2: budget for extent tree splits when adding refcount flag ocfs2: prohibit refcounted swapfiles ocfs2: add newlines to some error messages ocfs2: convert inode refcount test to a helper simple_write_end(): don't zero in short copy into uptodate exofs: don't mess with simple_write_{begin,end} 9p: saner ->write_end() on failing copy into non-uptodate page fix gfs2_stuffed_write_end() on short copies fix ceph_write_end() nfs_write_end(): fix handling of short copies vfs: refactor clone/dedupe_file_range common functions fs: try to clone files first in vfs_copy_file_range vfs: misc struct path constification namespace.c: constify struct path passed to a bunch of primitives quota: constify struct path in quota_on ...
-
Andy Lutomirski authored
CGROUP_BPF depended on SOCK_CGROUP_DATA which can't be manually enabled, making it rather challenging to turn CGROUP_BPF on. Signed-off-by: Andy Lutomirski <luto@kernel.org> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Merge tag 'mac80211-for-davem-2016-12-16' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 Johannes Berg says: ==================== Three fixes: * avoid a WARN_ON() when trying to use WEP with AP_VLANs * ensure enough headroom on mesh forwarding packets * don't report unknown/invalid rates to userspace ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Arnd Bergmann authored
The newly added file causes a harmless warning, with "make W=1": drivers/net/ethernet/qlogic/qed/qed_iscsi.c: In function 'qed_get_iscsi_ops': drivers/net/ethernet/qlogic/qed/qed_iscsi.c:1268:29: warning: old-style function definition [-Wold-style-definition] This makes it a proper prototype. Fixes: fc831825 ("qed: Add support for hardware offloaded iSCSI.") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Mantas M authored
The protocol field is checked when deleting IPv4 routes, but ignored for IPv6, which causes problems with routing daemons accidentally deleting externally set routes (observed by multiple bird6 users). This can be verified using `ip -6 route del <prefix> proto something`. Signed-off-by: Mantas Mikulėnas <grawity@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Manuel Bessler authored
'ifconfig eth0 down' makes r6040_close() trigger: INFO: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected Fixed by moving calls to phy_stop(), napi_disable(), netif_stop_queue() to outside of the module's private spin_lock_irq block. Found on a Versalogic Tomcat SBC with a Vortex86 SoC s1660e_5150:~# sudo ifconfig eth0 down [ 61.306415] ====================================================== [ 61.306415] [ INFO: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected ] [ 61.306415] 4.9.0-gb898d2d-manuel #1 Not tainted [ 61.306415] ------------------------------------------------------ [ 61.306415] ifconfig/449 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 61.306415] (&dev->lock){+.+...}, at: [<c1336276>] phy_stop+0x16/0x80 [ 61.306415] and this task is already holding: [ 61.306415] (&(&lp->lock)->rlock){+.-...}, at: [<d0934c84>] r6040_close+0x24/0x230 [r6040] which would create a new lock dependency: [ 61.306415] (&(&lp->lock)->rlock){+.-...} -> (&dev->lock){+.+...} [ 61.306415] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 61.306415] (&(&lp->lock)->rlock){+.-...} [ 61.306415] ... which became SOFTIRQ-irq-safe at: [ 61.306415] [ 61.306415] [<c1075bc5>] __lock_acquire+0x555/0x1770 [ 61.306415] [ 61.306415] [<c107717c>] lock_acquire+0x7c/0x150 [ 61.306415] [ 61.306415] [<c14bb334>] _raw_spin_lock_irqsave+0x24/0x40 [ 61.306415] [ 61.306415] [<d0934ac0>] r6040_start_xmit+0x30/0x1d0 [r6040] [ 61.306415] [ 61.306415] [<c13a7d4d>] dev_hard_start_xmit+0x9d/0x2d0 [ 61.306415] [ 61.306415] [<c13c8a38>] sch_direct_xmit+0xa8/0x140 [ 61.306415] [ 61.306415] [<c13a8436>] __dev_queue_xmit+0x416/0x780 [ 61.306415] [ 61.306415] [<c13a87aa>] dev_queue_xmit+0xa/0x10 [ 61.306415] [ 61.306415] [<c13b4837>] neigh_resolve_output+0x147/0x220 [ 61.306415] [ 61.306415] [<c144541b>] ip6_finish_output2+0x2fb/0x910 [ 61.306415] [ 61.306415] [<c14494e6>] ip6_finish_output+0xa6/0x1a0 [ 61.306415] [ 61.306415] [<c1449635>] ip6_output+0x55/0x320 [ 61.306415] [ 61.306415] [<c146f4d2>] mld_sendpack+0x352/0x560 [ 61.306415] [ 61.306415] [<c146fe55>] mld_ifc_timer_expire+0x155/0x280 [ 61.306415] [ 61.306415] [<c108b081>] call_timer_fn+0x81/0x270 [ 61.306415] [ 61.306415] [<c108b331>] expire_timers+0xc1/0x180 [ 61.306415] [ 61.306415] [<c108b4f7>] run_timer_softirq+0x77/0x150 [ 61.306415] [ 61.306415] [<c1043d04>] __do_softirq+0xb4/0x3d0 [ 61.306415] [ 61.306415] [<c101a15c>] do_softirq_own_stack+0x1c/0x30 [ 61.306415] [ 61.306415] [<c104416e>] irq_exit+0x8e/0xa0 [ 61.306415] [ 61.306415] [<c1019d31>] do_IRQ+0x51/0x100 [ 61.306415] [ 61.306415] [<c14bc176>] common_interrupt+0x36/0x40 [ 61.306415] [ 61.306415] [<c1134928>] set_root+0x68/0xf0 [ 61.306415] [ 61.306415] [<c1136120>] path_init+0x400/0x640 [ 61.306415] [ 61.306415] [<c11386bf>] path_lookupat+0xf/0xe0 [ 61.306415] [ 61.306415] [<c1139ebc>] filename_lookup+0x6c/0x100 [ 61.306415] [ 61.306415] [<c1139fd5>] user_path_at_empty+0x25/0x30 [ 61.306415] [ 61.306415] [<c11298c6>] SyS_faccessat+0x86/0x1e0 [ 61.306415] [ 61.306415] [<c1129a30>] SyS_access+0x10/0x20 [ 61.306415] [ 61.306415] [<c100179f>] do_int80_syscall_32+0x3f/0x110 [ 61.306415] [ 61.306415] [<c14bba3f>] restore_all+0x0/0x61 [ 61.306415] [ 61.306415] to a SOFTIRQ-irq-unsafe lock: [ 61.306415] (&dev->lock){+.+...} [ 61.306415] ... which became SOFTIRQ-irq-unsafe at: [ 61.306415] ...[ 61.306415] [ 61.306415] [<c1075c0c>] __lock_acquire+0x59c/0x1770 [ 61.306415] [ 61.306415] [<c107717c>] lock_acquire+0x7c/0x150 [ 61.306415] [ 61.306415] [<c14b7add>] mutex_lock_nested+0x2d/0x4a0 [ 61.306415] [ 61.306415] [<c133747d>] phy_probe+0x4d/0xc0 [ 61.306415] [ 61.306415] [<c1338afe>] phy_attach_direct+0xbe/0x190 [ 61.306415] [ 61.306415] [<c1338ca7>] phy_connect_direct+0x17/0x60 [ 61.306415] [ 61.306415] [<c1338d23>] phy_connect+0x33/0x70 [ 61.306415] [ 61.306415] [<d09357a0>] r6040_init_one+0x3a0/0x500 [r6040] [ 61.306415] [ 61.306415] [<c12a78c7>] pci_device_probe+0x77/0xd0 [ 61.306415] [ 61.306415] [<c12f5e15>] driver_probe_device+0x145/0x280 [ 61.306415] [ 61.306415] [<c12f5fd9>] __driver_attach+0x89/0x90 [ 61.306415] [ 61.306415] [<c12f43ef>] bus_for_each_dev+0x4f/0x80 [ 61.306415] [ 61.306415] [<c12f5954>] driver_attach+0x14/0x20 [ 61.306415] [ 61.306415] [<c12f55b7>] bus_add_driver+0x197/0x210 [ 61.306415] [ 61.306415] [<c12f6a21>] driver_register+0x51/0xd0 [ 61.306415] [ 61.306415] [<c12a6955>] __pci_register_driver+0x45/0x50 [ 61.306415] [ 61.306415] [<d0938017>] 0xd0938017 [ 61.306415] [ 61.306415] [<c100043f>] do_one_initcall+0x2f/0x140 [ 61.306415] [ 61.306415] [<c10e48c0>] do_init_module+0x4a/0x19b [ 61.306415] [ 61.306415] [<c10a680e>] load_module+0x1b2e/0x2070 [ 61.306415] [ 61.306415] [<c10a6eb9>] SyS_finit_module+0x69/0x80 [ 61.306415] [ 61.306415] [<c100179f>] do_int80_syscall_32+0x3f/0x110 [ 61.306415] [ 61.306415] [<c14bba3f>] restore_all+0x0/0x61 [ 61.306415] [ 61.306415] other info that might help us debug this: [ 61.306415] [ 61.306415] Possible interrupt unsafe locking scenario: [ 61.306415] [ 61.306415] CPU0 CPU1 [ 61.306415] ---- ---- [ 61.306415] lock(&dev->lock); [ 61.306415] local_irq_disable(); [ 61.306415] lock(&(&lp->lock)->rlock); [ 61.306415] lock(&dev->lock); [ 61.306415] <Interrupt> [ 61.306415] lock(&(&lp->lock)->rlock); [ 61.306415] [ 61.306415] *** DEADLOCK *** [ 61.306415] [ 61.306415] 2 locks held by ifconfig/449: [ 61.306415] #0: (rtnl_mutex){+.+.+.}, at: [<c13b68ef>] rtnl_lock+0xf/0x20 [ 61.306415] #1: (&(&lp->lock)->rlock){+.-...}, at: [<d0934c84>] r6040_close+0x24/0x230 [r6040] [ 61.306415] [ 61.306415] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 61.306415] -> (&(&lp->lock)->rlock){+.-...} ops: 3049 { [ 61.306415] HARDIRQ-ON-W at: [ 61.306415] [ 61.306415] [<c1075be7>] __lock_acquire+0x577/0x1770 [ 61.306415] [ 61.306415] [<c107717c>] lock_acquire+0x7c/0x150 [ 61.306415] [ 61.306415] [<c14bb21b>] _raw_spin_lock+0x1b/0x30 [ 61.306415] [ 61.306415] [<d09343cc>] r6040_poll+0x2c/0x330 [r6040] [ 61.306415] [ 61.306415] [<c13a5577>] net_rx_action+0x197/0x340 [ 61.306415] [ 61.306415] [<c1043d04>] __do_softirq+0xb4/0x3d0 [ 61.306415] [ 61.306415] [<c1044037>] run_ksoftirqd+0x17/0x40 [ 61.306415] [ 61.306415] [<c105fe91>] smpboot_thread_fn+0x141/0x180 [ 61.306415] [ 61.306415] [<c105c84e>] kthread+0xde/0x110 [ 61.306415] [ 61.306415] [<c14bb949>] ret_from_fork+0x19/0x30 [ 61.306415] IN-SOFTIRQ-W at: [ 61.306415] [ 61.306415] [<c1075bc5>] __lock_acquire+0x555/0x1770 [ 61.306415] [ 61.306415] [<c107717c>] lock_acquire+0x7c/0x150 [ 61.306415] [ 61.306415] [<c14bb334>] _raw_spin_lock_irqsave+0x24/0x40 [ 61.306415] [ 61.306415] [<d0934ac0>] r6040_start_xmit+0x30/0x1d0 [r6040] [ 61.306415] [ 61.306415] [<c13a7d4d>] dev_hard_start_xmit+0x9d/0x2d0 [ 61.306415] [ 61.306415] [<c13c8a38>] sch_direct_xmit+0xa8/0x140 [ 61.306415] [ 61.306415] [<c13a8436>] __dev_queue_xmit+0x416/0x780 [ 61.306415] [ 61.306415] [<c13a87aa>] dev_queue_xmit+0xa/0x10 [ 61.306415] [ 61.306415] [<c13b4837>] neigh_resolve_output+0x147/0x220 [ 61.306415] [ 61.306415] [<c144541b>] ip6_finish_output2+0x2fb/0x910 [ 61.306415] [ 61.306415] [<c14494e6>] ip6_finish_output+0xa6/0x1a0 [ 61.306415] [ 61.306415] [<c1449635>] ip6_output+0x55/0x320 [ 61.306415] [ 61.306415] [<c146f4d2>] mld_sendpack+0x352/0x560 [ 61.306415] [ 61.306415] [<c146fe55>] mld_ifc_timer_expire+0x155/0x280 [ 61.306415] [ 61.306415] [<c108b081>] call_timer_fn+0x81/0x270 [ 61.306415] [ 61.306415] [<c108b331>] expire_timers+0xc1/0x180 [ 61.306415] [ 61.306415] [<c108b4f7>] run_timer_softirq+0x77/0x150 [ 61.306415] [ 61.306415] [<c1043d04>] __do_softirq+0xb4/0x3d0 [ 61.306415] [ 61.306415] [<c101a15c>] do_softirq_own_stack+0x1c/0x30 [ 61.306415] [ 61.306415] [<c104416e>] irq_exit+0x8e/0xa0 [ 61.306415] [ 61.306415] [<c1019d31>] do_IRQ+0x51/0x100 [ 61.306415] [ 61.306415] [<c14bc176>] common_interrupt+0x36/0x40 [ 61.306415] [ 61.306415] [<c1134928>] set_root+0x68/0xf0 [ 61.306415] [ 61.306415] [<c1136120>] path_init+0x400/0x640 [ 61.306415] [ 61.306415] [<c11386bf>] path_lookupat+0xf/0xe0 [ 61.306415] [ 61.306415] [<c1139ebc>] filename_lookup+0x6c/0x100 [ 61.306415] [ 61.306415] [<c1139fd5>] user_path_at_empty+0x25/0x30 [ 61.306415] [ 61.306415] [<c11298c6>] SyS_faccessat+0x86/0x1e0 [ 61.306415] [ 61.306415] [<c1129a30>] SyS_access+0x10/0x20 [ 61.306415] [ 61.306415] [<c100179f>] do_int80_syscall_32+0x3f/0x110 [ 61.306415] [ 61.306415] [<c14bba3f>] restore_all+0x0/0x61 [ 61.306415] INITIAL USE at: [ 61.306415] [ 61.306415] [<c107586e>] __lock_acquire+0x1fe/0x1770 [ 61.306415] [ 61.306415] [<c107717c>] lock_acquire+0x7c/0x150 [ 61.306415] [ 61.306415] [<c14bb334>] _raw_spin_lock_irqsave+0x24/0x40 [ 61.306415] [ 61.306415] [<d093474e>] r6040_get_stats+0x1e/0x60 [r6040] [ 61.306415] [ 61.306415] [<c139fb16>] dev_get_stats+0x96/0xc0 [ 61.306415] [ 61.306415] [<c14b416e>] rtnl_fill_stats+0x36/0xfd [ 61.306415] [ 61.306415] [<c13b7b3c>] rtnl_fill_ifinfo+0x47c/0xce0 [ 61.306415] [ 61.306415] [<c13bc08e>] rtmsg_ifinfo_build_skb+0x4e/0xd0 [ 61.306415] [ 61.306415] [<c13bc120>] rtmsg_ifinfo.part.20+0x10/0x40 [ 61.306415] [ 61.306415] [<c13bc16b>] rtmsg_ifinfo+0x1b/0x20 [ 61.306415] [ 61.306415] [<c13a9d19>] register_netdevice+0x409/0x550 [ 61.306415] [ 61.306415] [<c13a9e72>] register_netdev+0x12/0x20 [ 61.306415] [ 61.306415] [<d09357e8>] r6040_init_one+0x3e8/0x500 [r6040] [ 61.306415] [ 61.306415] [<c12a78c7>] pci_device_probe+0x77/0xd0 [ 61.306415] [ 61.306415] [<c12f5e15>] driver_probe_device+0x145/0x280 [ 61.306415] [ 61.306415] [<c12f5fd9>] __driver_attach+0x89/0x90 [ 61.306415] [ 61.306415] [<c12f43ef>] bus_for_each_dev+0x4f/0x80 [ 61.306415] [ 61.306415] [<c12f5954>] driver_attach+0x14/0x20 [ 61.306415] [ 61.306415] [<c12f55b7>] bus_add_driver+0x197/0x210 [ 61.306415] [ 61.306415] [<c12f6a21>] driver_register+0x51/0xd0 [ 61.306415] [ 61.306415] [<c12a6955>] __pci_register_driver+0x45/0x50 [ 61.306415] [ 61.306415] [<d0938017>] 0xd0938017 [ 61.306415] [ 61.306415] [<c100043f>] do_one_initcall+0x2f/0x140 [ 61.306415] [ 61.306415] [<c10e48c0>] do_init_module+0x4a/0x19b [ 61.306415] [ 61.306415] [<c10a680e>] load_module+0x1b2e/0x2070 [ 61.306415] [ 61.306415] [<c10a6eb9>] SyS_finit_module+0x69/0x80 [ 61.306415] [ 61.306415] [<c100179f>] do_int80_syscall_32+0x3f/0x110 [ 61.306415] [ 61.306415] [<c14bba3f>] restore_all+0x0/0x61 [ 61.306415] } [ 61.306415] ... key at: [<d0936280>] __key.45893+0x0/0xfffff739 [r6040] [ 61.306415] ... acquired at: [ 61.306415] [ 61.306415] [<c1074a32>] check_irq_usage+0x42/0xb0 [ 61.306415] [ 61.306415] [<c107677c>] __lock_acquire+0x110c/0x1770 [ 61.306415] [ 61.306415] [<c107717c>] lock_acquire+0x7c/0x150 [ 61.306415] [ 61.306415] [<c14b7add>] mutex_lock_nested+0x2d/0x4a0 [ 61.306415] [ 61.306415] [<c1336276>] phy_stop+0x16/0x80 [ 61.306415] [ 61.306415] [<d0934ce9>] r6040_close+0x89/0x230 [r6040] [ 61.306415] [ 61.306415] [<c13a0a91>] __dev_close_many+0x61/0xa0 [ 61.306415] [ 61.306415] [<c13a0bbf>] __dev_close+0x1f/0x30 [ 61.306415] [ 61.306415] [<c13a9127>] __dev_change_flags+0x87/0x150 [ 61.306415] [ 61.306415] [<c13a9213>] dev_change_flags+0x23/0x60 [ 61.306415] [ 61.306415] [<c1416238>] devinet_ioctl+0x5f8/0x6f0 [ 61.306415] [ 61.306415] [<c1417f75>] inet_ioctl+0x65/0x90 [ 61.306415] [ 61.306415] [<c1389b54>] sock_ioctl+0x124/0x2b0 [ 61.306415] [ 61.306415] [<c113cf7c>] do_vfs_ioctl+0x7c/0x790 [ 61.306415] [ 61.306415] [<c113d6b8>] SyS_ioctl+0x28/0x50 [ 61.306415] [ 61.306415] [<c100179f>] do_int80_syscall_32+0x3f/0x110 [ 61.306415] [ 61.306415] [<c14bba3f>] restore_all+0x0/0x61 [ 61.306415] [ 61.306415] the dependencies between the lock to be acquired[ 61.306415] and SOFTIRQ-irq-unsafe lock: [ 61.306415] -> (&dev->lock){+.+...} ops: 56 { [ 61.306415] HARDIRQ-ON-W at: [ 61.306415] [ 61.306415] [<c1075be7>] __lock_acquire+0x577/0x1770 [ 61.306415] [ 61.306415] [<c107717c>] lock_acquire+0x7c/0x150 [ 61.306415] [ 61.306415] [<c14b7add>] mutex_lock_nested+0x2d/0x4a0 [ 61.306415] [ 61.306415] [<c133747d>] phy_probe+0x4d/0xc0 [ 61.306415] [ 61.306415] [<c1338afe>] phy_attach_direct+0xbe/0x190 [ 61.306415] [ 61.306415] [<c1338ca7>] phy_connect_direct+0x17/0x60 [ 61.306415] [ 61.306415] [<c1338d23>] phy_connect+0x33/0x70 [ 61.306415] [ 61.306415] [<d09357a0>] r6040_init_one+0x3a0/0x500 [r6040] [ 61.306415] [ 61.306415] [<c12a78c7>] pci_device_probe+0x77/0xd0 [ 61.306415] [ 61.306415] [<c12f5e15>] driver_probe_device+0x145/0x280 [ 61.306415] [ 61.306415] [<c12f5fd9>] __driver_attach+0x89/0x90 [ 61.306415] [ 61.306415] [<c12f43ef>] bus_for_each_dev+0x4f/0x80 [ 61.306415] [ 61.306415] [<c12f5954>] driver_attach+0x14/0x20 [ 61.306415] [ 61.306415] [<c12f55b7>] bus_add_driver+0x197/0x210 [ 61.306415] [ 61.306415] [<c12f6a21>] driver_register+0x51/0xd0 [ 61.306415] [ 61.306415] [<c12a6955>] __pci_register_driver+0x45/0x50 [ 61.306415] [ 61.306415] [<d0938017>] 0xd0938017 [ 61.306415] [ 61.306415] [<c100043f>] do_one_initcall+0x2f/0x140 [ 61.306415] [ 61.306415] [<c10e48c0>] do_init_module+0x4a/0x19b [ 61.306415] [ 61.306415] [<c10a680e>] load_module+0x1b2e/0x2070 [ 61.306415] [ 61.306415] [<c10a6eb9>] SyS_finit_module+0x69/0x80 [ 61.306415] [ 61.306415] [<c100179f>] do_int80_syscall_32+0x3f/0x110 [ 61.306415] [ 61.306415] [<c14bba3f>] restore_all+0x0/0x61 [ 61.306415] SOFTIRQ-ON-W at: [ 61.306415] [ 61.306415] [<c1075c0c>] __lock_acquire+0x59c/0x1770 [ 61.306415] [ 61.306415] [<c107717c>] lock_acquire+0x7c/0x150 [ 61.306415] [ 61.306415] [<c14b7add>] mutex_lock_nested+0x2d/0x4a0 [ 61.306415] [ 61.306415] [<c133747d>] phy_probe+0x4d/0xc0 [ 61.306415] [ 61.306415] [<c1338afe>] phy_attach_direct+0xbe/0x190 [ 61.306415] [ 61.306415] [<c1338ca7>] phy_connect_direct+0x17/0x60 [ 61.306415] [ 61.306415] [<c1338d23>] phy_connect+0x33/0x70 [ 61.306415] [ 61.306415] [<d09357a0>] r6040_init_one+0x3a0/0x500 [r6040] [ 61.306415] [ 61.306415] [<c12a78c7>] pci_device_probe+0x77/0xd0 [ 61.306415] [ 61.306415] [<c12f5e15>] driver_probe_device+0x145/0x280 [ 61.306415] [ 61.306415] [<c12f5fd9>] __driver_attach+0x89/0x90 [ 61.306415] [ 61.306415] [<c12f43ef>] bus_for_each_dev+0x4f/0x80 [ 61.306415] [ 61.306415] [<c12f5954>] driver_attach+0x14/0x20 [ 61.306415] [ 61.306415] [<c12f55b7>] bus_add_driver+0x197/0x210 [ 61.306415] [ 61.306415] [<c12f6a21>] driver_register+0x51/0xd0 [ 61.306415] [ 61.306415] [<c12a6955>] __pci_register_driver+0x45/0x50 [ 61.306415] [ 61.306415] [<d0938017>] 0xd0938017 [ 61.306415] [ 61.306415] [<c100043f>] do_one_initcall+0x2f/0x140 [ 61.306415] [ 61.306415] [<c10e48c0>] do_init_module+0x4a/0x19b [ 61.306415] [ 61.306415] [<c10a680e>] load_module+0x1b2e/0x2070 [ 61.306415] [ 61.306415] [<c10a6eb9>] SyS_finit_module+0x69/0x80 [ 61.306415] [ 61.306415] [<c100179f>] do_int80_syscall_32+0x3f/0x110 [ 61.306415] [ 61.306415] [<c14bba3f>] restore_all+0x0/0x61 [ 61.306415] INITIAL USE at: [ 61.306415] [ 61.306415] [<c107586e>] __lock_acquire+0x1fe/0x1770 [ 61.306415] [ 61.306415] [<c107717c>] lock_acquire+0x7c/0x150 [ 61.306415] [ 61.306415] [<c14b7add>] mutex_lock_nested+0x2d/0x4a0 [ 61.306415] [ 61.306415] [<c133747d>] phy_probe+0x4d/0xc0 [ 61.306415] [ 61.306415] [<c1338afe>] phy_attach_direct+0xbe/0x190 [ 61.306415] [ 61.306415] [<c1338ca7>] phy_connect_direct+0x17/0x60 [ 61.306415] [ 61.306415] [<c1338d23>] phy_connect+0x33/0x70 [ 61.306415] [ 61.306415] [<d09357a0>] r6040_init_one+0x3a0/0x500 [r6040] [ 61.306415] [ 61.306415] [<c12a78c7>] pci_device_probe+0x77/0xd0 [ 61.306415] [ 61.306415] [<c12f5e15>] driver_probe_device+0x145/0x280 [ 61.306415] [ 61.306415] [<c12f5fd9>] __driver_attach+0x89/0x90 [ 61.306415] [ 61.306415] [<c12f43ef>] bus_for_each_dev+0x4f/0x80 [ 61.306415] [ 61.306415] [<c12f5954>] driver_attach+0x14/0x20 [ 61.306415] [ 61.306415] [<c12f55b7>] bus_add_driver+0x197/0x210 [ 61.306415] [ 61.306415] [<c12f6a21>] driver_register+0x51/0xd0 [ 61.306415] [ 61.306415] [<c12a6955>] __pci_register_driver+0x45/0x50 [ 61.306415] [ 61.306415] [<d0938017>] 0xd0938017 [ 61.306415] [ 61.306415] [<c100043f>] do_one_initcall+0x2f/0x140 [ 61.306415] [ 61.306415] [<c10e48c0>] do_init_module+0x4a/0x19b [ 61.306415] [ 61.306415] [<c10a680e>] load_module+0x1b2e/0x2070 [ 61.306415] [ 61.306415] [<c10a6eb9>] SyS_finit_module+0x69/0x80 [ 61.306415] [ 61.306415] [<c100179f>] do_int80_syscall_32+0x3f/0x110 [ 61.306415] [ 61.306415] [<c14bba3f>] restore_all+0x0/0x61 [ 61.306415] } [ 61.306415] ... key at: [<c1f28f39>] __key.43998+0x0/0x8 [ 61.306415] ... acquired at: [ 61.306415] [ 61.306415] [<c1074a32>] check_irq_usage+0x42/0xb0 [ 61.306415] [ 61.306415] [<c107677c>] __lock_acquire+0x110c/0x1770 [ 61.306415] [ 61.306415] [<c107717c>] lock_acquire+0x7c/0x150 [ 61.306415] [ 61.306415] [<c14b7add>] mutex_lock_nested+0x2d/0x4a0 [ 61.306415] [ 61.306415] [<c1336276>] phy_stop+0x16/0x80 [ 61.306415] [ 61.306415] [<d0934ce9>] r6040_close+0x89/0x230 [r6040] [ 61.306415] [ 61.306415] [<c13a0a91>] __dev_close_many+0x61/0xa0 [ 61.306415] [ 61.306415] [<c13a0bbf>] __dev_close+0x1f/0x30 [ 61.306415] [ 61.306415] [<c13a9127>] __dev_change_flags+0x87/0x150 [ 61.306415] [ 61.306415] [<c13a9213>] dev_change_flags+0x23/0x60 [ 61.306415] [ 61.306415] [<c1416238>] devinet_ioctl+0x5f8/0x6f0 [ 61.306415] [ 61.306415] [<c1417f75>] inet_ioctl+0x65/0x90 [ 61.306415] [ 61.306415] [<c1389b54>] sock_ioctl+0x124/0x2b0 [ 61.306415] [ 61.306415] [<c113cf7c>] do_vfs_ioctl+0x7c/0x790 [ 61.306415] [ 61.306415] [<c113d6b8>] SyS_ioctl+0x28/0x50 [ 61.306415] [ 61.306415] [<c100179f>] do_int80_syscall_32+0x3f/0x110 [ 61.306415] [ 61.306415] [<c14bba3f>] restore_all+0x0/0x61 [ 61.306415] [ 61.306415] [ 61.306415] stack backtrace: [ 61.306415] CPU: 0 PID: 449 Comm: ifconfig Not tainted 4.9.0-gb898d2d-manuel #1 [ 61.306415] Call Trace: [ 61.306415] dump_stack+0x16/0x19 [ 61.306415] check_usage+0x3f6/0x550 [ 61.306415] ? check_usage+0x4d/0x550 [ 61.306415] check_irq_usage+0x42/0xb0 [ 61.306415] __lock_acquire+0x110c/0x1770 [ 61.306415] lock_acquire+0x7c/0x150 [ 61.306415] ? phy_stop+0x16/0x80 [ 61.306415] mutex_lock_nested+0x2d/0x4a0 [ 61.306415] ? phy_stop+0x16/0x80 [ 61.306415] ? r6040_close+0x24/0x230 [r6040] [ 61.306415] ? __delay+0x9/0x10 [ 61.306415] phy_stop+0x16/0x80 [ 61.306415] r6040_close+0x89/0x230 [r6040] [ 61.306415] __dev_close_many+0x61/0xa0 [ 61.306415] __dev_close+0x1f/0x30 [ 61.306415] __dev_change_flags+0x87/0x150 [ 61.306415] dev_change_flags+0x23/0x60 [ 61.306415] devinet_ioctl+0x5f8/0x6f0 [ 61.306415] inet_ioctl+0x65/0x90 [ 61.306415] sock_ioctl+0x124/0x2b0 [ 61.306415] ? dlci_ioctl_set+0x30/0x30 [ 61.306415] do_vfs_ioctl+0x7c/0x790 [ 61.306415] ? trace_hardirqs_on+0xb/0x10 [ 61.306415] ? call_rcu_sched+0xd/0x10 [ 61.306415] ? __put_cred+0x32/0x50 [ 61.306415] ? SyS_faccessat+0x178/0x1e0 [ 61.306415] SyS_ioctl+0x28/0x50 [ 61.306415] do_int80_syscall_32+0x3f/0x110 [ 61.306415] entry_INT80_32+0x2f/0x2f [ 61.306415] EIP: 0xb764d364 [ 61.306415] EFLAGS: 00000286 CPU: 0 [ 61.306415] EAX: ffffffda EBX: 00000004 ECX: 00008914 EDX: bfa99d7c [ 61.306415] ESI: bfa99e4c EDI: fffffffe EBP: 00000004 ESP: bfa99d58 [ 61.306415] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b [ 63.836607] r6040 0000:00:08.0 eth0: Link is Down Signed-off-by: Manuel Bessler <manuel.bessler@sensus.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Dan Carpenter authored
In commit 99d8d215 ("irda: w83977af_ir: Neaten logging"), we accidentally added an extra tab to these lines. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Philippe Reynes authored
The ethtool api {get|set}_settings is deprecated. We move this driver to new api {get|set}_link_ksettings. Signed-off-by: Philippe Reynes <tremyfr@gmail.com> Tested-by: Bert Kenward <bkenward@solarflare.com> Acked-by: Bert Kenward <bkenward@solarflare.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Philippe Reynes authored
The ethtool api {get|set}_settings is deprecated. We move this driver to new api {get|set}_link_ksettings. Signed-off-by: Philippe Reynes <tremyfr@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Philippe Reynes authored
The ethtool api {get|set}_settings is deprecated. We move this driver to new api {get|set}_link_ksettings. Signed-off-by: Philippe Reynes <tremyfr@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Philippe Reynes authored
The ethtool api {get|set}_settings is deprecated. We move this driver to new api {get|set}_link_ksettings. Signed-off-by: Philippe Reynes <tremyfr@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Philippe Reynes authored
The ethtool api {get|set}_settings is deprecated. We move this driver to new api {get|set}_link_ksettings. Signed-off-by: Philippe Reynes <tremyfr@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Daniel Borkmann says: ==================== Couple of BPF fixes This set contains three BPF fixes for net, one that addresses the complaint from Geert wrt static allocations, and the other is a fix wrt mem accounting that I found recently during testing and there's still one more fix on the map value marking. Thanks! v1 -> v2: - Patch 1 as is. - Fixed kbuild bot issue by letting charging helpers stay in the syscall.c, since there locked_vm is valid and only export the ones needed by bpf_prog_realloc(). Add empty stubs in case the bpf syscall is not enabled. - Added patch 3 that addresses one more issue in map val marking. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Daniel Borkmann authored
Martin reported a verifier issue that hit the BUG_ON() for his test case in the mark_reg_unknown_value() function: [ 202.861380] kernel BUG at kernel/bpf/verifier.c:467! [...] [ 203.291109] Call Trace: [ 203.296501] [<ffffffff811364d5>] mark_map_reg+0x45/0x50 [ 203.308225] [<ffffffff81136558>] mark_map_regs+0x78/0x90 [ 203.320140] [<ffffffff8113938d>] do_check+0x226d/0x2c90 [ 203.331865] [<ffffffff8113a6ab>] bpf_check+0x48b/0x780 [ 203.343403] [<ffffffff81134c8e>] bpf_prog_load+0x27e/0x440 [ 203.355705] [<ffffffff8118a38f>] ? handle_mm_fault+0x11af/0x1230 [ 203.369158] [<ffffffff812d8188>] ? security_capable+0x48/0x60 [ 203.382035] [<ffffffff811351a4>] SyS_bpf+0x124/0x960 [ 203.393185] [<ffffffff810515f6>] ? __do_page_fault+0x276/0x490 [ 203.406258] [<ffffffff816db320>] entry_SYSCALL_64_fastpath+0x13/0x94 This issue got uncovered after the fix in a08dd0da ("bpf: fix regression on verifier pruning wrt map lookups"). The reason why it wasn't noticed before was, because as mentioned in a08dd0da, mark_map_regs() was doing the id matching incorrectly based on the uncached regs[regno].id. So, in the first loop, we walked all regs and as soon as we found regno == i, then this reg's id was cleared when calling mark_reg_unknown_value() thus that every subsequent register was probed against id of 0 (which, in combination with the PTR_TO_MAP_VALUE_OR_NULL type is an invalid condition that no other register state can hold), and therefore wasn't type transitioned such as in the spilled register case for the second loop. Now since that got fixed, it turned out that 57a09bf0 ("bpf: Detect identical PTR_TO_MAP_VALUE_OR_NULL registers") used mark_reg_unknown_value() incorrectly for the spilled regs, and thus hitting the BUG_ON() in some cases due to regno >= MAX_BPF_REG. Although spilled regs have the same type as the non-spilled regs for the verifier state, that is, struct bpf_reg_state, they are semantically different from the non-spilled regs. In other words, there can be up to 64 (MAX_BPF_STACK / BPF_REG_SIZE) spilled regs in the stack, for example, register R<x> could have been spilled by the program to stack location X, Y, Z, and in mark_map_regs() we need to scan these stack slots of type STACK_SPILL for potential registers that we have to transition from PTR_TO_MAP_VALUE_OR_NULL. Therefore, depending on the location, the spilled_regs regno can be a lot higher than just MAX_BPF_REG's value since we operate on stack instead. The reset in mark_reg_unknown_value() itself is just fine, only that the BUG_ON() was inappropriate for this. Fix it by making a __mark_reg_unknown_value() version that can be called from mark_map_reg() generically; we know for the non-spilled case that the regno is always < MAX_BPF_REG anyway. Fixes: 57a09bf0 ("bpf: Detect identical PTR_TO_MAP_VALUE_OR_NULL registers") Reported-by: Martin KaFai Lau <kafai@fb.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-