| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(cherry picked from commit 3d5fe03a3ea013060ebba2a811aeb0f23f56aefa)
We can end up allocating a new compression stream with GFP_KERNEL from
within the IO path, which may result is nested (recursive) IO
operations. That can introduce problems if the IO path in question is a
reclaimer, holding some locks that will deadlock nested IOs.
Allocate streams and working memory using GFP_NOIO flag, forbidding
recursive IO and FS operations.
An example:
inconsistent {IN-RECLAIM_FS-W} -> {RECLAIM_FS-ON-W} usage.
git/20158 [HC0[0]:SC0[0]:HE1:SE1] takes:
(jbd2_handle){+.+.?.}, at: start_this_handle+0x4ca/0x555
{IN-RECLAIM_FS-W} state was registered at:
__lock_acquire+0x8da/0x117b
lock_acquire+0x10c/0x1a7
start_this_handle+0x52d/0x555
jbd2__journal_start+0xb4/0x237
__ext4_journal_start_sb+0x108/0x17e
ext4_dirty_inode+0x32/0x61
__mark_inode_dirty+0x16b/0x60c
iput+0x11e/0x274
__dentry_kill+0x148/0x1b8
shrink_dentry_list+0x274/0x44a
prune_dcache_sb+0x4a/0x55
super_cache_scan+0xfc/0x176
shrink_slab.part.14.constprop.25+0x2a2/0x4d3
shrink_zone+0x74/0x140
kswapd+0x6b7/0x930
kthread+0x107/0x10f
ret_from_fork+0x3f/0x70
irq event stamp: 138297
hardirqs last enabled at (138297): debug_check_no_locks_freed+0x113/0x12f
hardirqs last disabled at (138296): debug_check_no_locks_freed+0x33/0x12f
softirqs last enabled at (137818): __do_softirq+0x2d3/0x3e9
softirqs last disabled at (137813): irq_exit+0x41/0x95
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(jbd2_handle);
<Interrupt>
lock(jbd2_handle);
*** DEADLOCK ***
5 locks held by git/20158:
#0: (sb_writers#7){.+.+.+}, at: [<ffffffff81155411>] mnt_want_write+0x24/0x4b
#1: (&type->i_mutex_dir_key#2/1){+.+.+.}, at: [<ffffffff81145087>] lock_rename+0xd9/0xe3
#2: (&sb->s_type->i_mutex_key#11){+.+.+.}, at: [<ffffffff8114f8e2>] lock_two_nondirectories+0x3f/0x6b
#3: (&sb->s_type->i_mutex_key#11/4){+.+.+.}, at: [<ffffffff8114f909>] lock_two_nondirectories+0x66/0x6b
#4: (jbd2_handle){+.+.?.}, at: [<ffffffff811e31db>] start_this_handle+0x4ca/0x555
stack backtrace:
CPU: 2 PID: 20158 Comm: git Not tainted 4.1.0-rc7-next-20150615-dbg-00016-g8bdf555-dirty #211
Call Trace:
dump_stack+0x4c/0x6e
mark_lock+0x384/0x56d
mark_held_locks+0x5f/0x76
lockdep_trace_alloc+0xb2/0xb5
kmem_cache_alloc_trace+0x32/0x1e2
zcomp_strm_alloc+0x25/0x73 [zram]
zcomp_strm_multi_find+0xe7/0x173 [zram]
zcomp_strm_find+0xc/0xe [zram]
zram_bvec_rw+0x2ca/0x7e0 [zram]
zram_make_request+0x1fa/0x301 [zram]
generic_make_request+0x9c/0xdb
submit_bio+0xf7/0x120
ext4_io_submit+0x2e/0x43
ext4_bio_write_page+0x1b7/0x300
mpage_submit_page+0x60/0x77
mpage_map_and_submit_buffers+0x10f/0x21d
ext4_writepages+0xc8c/0xe1b
do_writepages+0x23/0x2c
__filemap_fdatawrite_range+0x84/0x8b
filemap_flush+0x1c/0x1e
ext4_alloc_da_blocks+0xb8/0x117
ext4_rename+0x132/0x6dc
? mark_held_locks+0x5f/0x76
ext4_rename2+0x29/0x2b
vfs_rename+0x540/0x636
SyS_renameat2+0x359/0x44d
SyS_rename+0x1e/0x20
entry_SYSCALL_64_fastpath+0x12/0x6f
[minchan@kernel.org: add stable mark]
Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Acked-by: Minchan Kim <minchan@kernel.org>
Cc: Kyeongdon Kim <kyeongdon.kim@lge.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
| | |
|
| |
|
|
| |
reapply https://github.com/Moyster/android_kernel_m2note/commit/7d7dc43c76bc4f83cbb1c5533fd8bf6c0577fedf
|
| |
|
|
|
|
|
|
|
|
| |
This refactors the configfs code to be more easily extended.
It will allow additional files to be added easily.
Bug: 34542611
Bug: 34262585
Change-Id: I73c9b0ae5ca7eb27f4ebef3e6807f088b512d539
Signed-off-by: Daniel Rosenberg <drosen@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This modifies the permission checks in setattr to
allow for non-owners to modify the timestamp of
files to things other than the current time.
This still requires write access, as enforced by
the permission call, but relaxes the requirement
that the caller must be the owner, allowing those
with group permissions to change it as well.
Bug: 11118565
Change-Id: Ied31f0cce2797675c7ef179eeb4e088185adcbad
Signed-off-by: Daniel Rosenberg <drosen@google.com>
|
| |
|
|
|
|
|
|
|
|
| |
propagate_remount was not accounting for the slave mounts
of other slave mounts, leading to some namespaces not
recieving the remount information.
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 33731928
Change-Id: Idc9e8c2ed126a4143229fc23f10a959c2d0a3854
|
| |
|
|
|
|
|
|
|
| |
Don't use lookup_one_len so we can grab the spinlock that
protects d_subdirs.
Bug: 30954918
Change-Id: I0c6a393252db7beb467e0d563739a3a14e1b5115
Signed-off-by: Daniel Rosenberg <drosen@google.com>
|
| |
|
|
|
|
| |
Bug: 30954918
Change-Id: I8163d3f86dd7aadb2ab3fc11816754f331986f05
Signed-off-by: Daniel Rosenberg <drosen@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This switches sdcardfs over to using permission2.
Instead of mounting several sdcardfs instances onto
the same underlaying directory, you bind mount a
single mount several times, and remount with the
options you want. These are stored in the private
mount data, allowing you to maintain the same tree,
but have different permissions for different mount
points.
Warning functions have been added for permission,
as it should never be called, and the correct
behavior is unclear.
Change-Id: I841b1d70ec60cf2b866fa48edeb74a0b0f8334f5
Signed-off-by: Daniel Rosenberg <drosen@google.com>
|
| |
|
|
|
|
|
|
|
|
| |
Adds support for mount2, remount2, and the functions
to allocate/clone/copy the private data
The next patch will switch over to actually using it.
Change-Id: I8a43da26021d33401f655f0b2784ead161c575e3
Signed-off-by: Daniel Rosenberg <drosen@google.com>
|
| |
|
|
|
| |
Change-Id: Ic7e0fb8fdcebb31e657b079fe02ac834c4a50db9
Signed-off-by: Daniel Rosenberg <drosen@google.com>
|
| |
|
|
|
|
|
|
|
|
| |
This allows filesystems to use their mount private data to
influence the permssions they use in setattr2. It has
been separated into a new call to avoid disrupting current
setattr users.
Change-Id: I19959038309284448f1b7f232d579674ef546385
Signed-off-by: Daniel Rosenberg <drosen@google.com>
|
| |
|
|
|
|
|
|
|
|
| |
This allows filesystems to use their mount private data to
influence the permssions they return in permission2. It has
been separated into a new call to avoid disrupting current
permission users.
Change-Id: I9d416e3b8b6eca84ef3e336bd2af89ddd51df6ca
Signed-off-by: Daniel Rosenberg <drosen@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now we pass the vfsmount when mounting and remounting.
This allows the filesystem to actually set up the mount
specific data, although we can't quite do anything with
it yet. show_options is expanded to include data that
lives with the mount.
To avoid changing existing filesystems, these have
been added as new vfs functions.
Change-Id: If80670bfad9f287abb8ac22457e1b034c9697097
Signed-off-by: Daniel Rosenberg <drosen@google.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This starts to add private data associated directly
to mount points. The intent is to give filesystems
a sense of where they have come from, as a means of
letting a filesystem take different actions based on
this information.
Change-Id: Ie769d7b3bb2f5972afe05c1bf16cf88c91647ab2
Signed-off-by: Daniel Rosenberg <drosen@google.com>
|
| |
|
|
|
|
|
|
|
| |
This removes a deadlock under low memory conditions.
filp_open can call lookup_slow, which will attempt to
lock the parent.
Change-Id: I940643d0793f5051d1e79a56f4da2fa8ca3d8ff7
Signed-off-by: Daniel Rosenberg <drosen@google.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Symptom: App cannot write into per-app folder
Root Cause: sdcardfs exports incorrect uid
Solution: fix uid
Project: All
Note:
Test done by RD: passed
Change-Id: Iff64f6f40ba4c679f07f4426d3db6e6d0db7e3ca
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adding packages to the package list and moving files
takes a large amount of locks, and is currently a
heavy operation. This adds a 'top' field to the
inode_info, which points to the inode for the top
most directory whose owner you would like to match.
On permission checks and get_attr, we look up the
owner based on the information at top. When we change
a package mapping, we need only modify the information
in the corresponding top inode_info's. When renaming,
we must ensure top is set correctly in all children.
This happens when an app specific folder gets moved
outside of the folder for that app.
Change-Id: Ib749c60b568e9a45a46f8ceed985c1338246ec6c
Signed-off-by: Daniel Rosenberg <drosen@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
commit 28a967c3a2f99fa3b5f762f25cb2a319d933571b upstream.
Because event_sched_out() checks event->pending_disable _before_
actually disabling the event, it can happen that the event fires after
it checks but before it gets disabled.
This would leave event->pending_disable set and the queued irq_work
will try and process it.
However, if the event trigger was during schedule(), the event might
have been de-scheduled by the time the irq_work runs, and
perf_event_disable_local() will fail.
Fix this by checking event->pending_disable _after_ we call
event->pmu->del(). This depends on the latter being a compiler
barrier, such that the compiler does not lift the load and re-creates
the problem.
Tested-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: dvyukov@google.com
Cc: eranian@google.com
Cc: oleg@redhat.com
Cc: panand@redhat.com
Cc: sasha.levin@oracle.com
Cc: vince@deater.net
Link: http://lkml.kernel.org/r/20160224174948.040469884@infradead.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: mydongistiny <jaysonedson@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
drivers/usb/storage/transport.c: In function 'usb_stor_bulk_srb':
drivers/usb/storage/transport.c:473:40: warning: 'partial' may be used uninitialized in this function [-Wmaybe-uninitialized]
scsi_set_resid(srb, scsi_bufflen(srb) - partial);
~~~~~~~~~~~~~~~~~~^~~~~~~~~
drivers/usb/storage/transport.c: In function 'usb_stor_bulk_transfer_sg':
drivers/usb/storage/transport.c:499:15: warning: 'partial' may be used uninitialized in this function [-Wmaybe-uninitialized]
length_left -= partial;
~~~~~~~~~~~~^~~~~~~~~~
drivers/usb/storage/transport.c: In function 'usb_stor_bulk_transfer_sg':
drivers/usb/storage/transport.c:499:15: warning: 'partial' may be used uninitialized in this function [-Wmaybe-uninitialized]
length_left -= partial;
~~~~~~~~~~~~^~~~~~~~~~
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
drivers/usb/core/hub.c: In function 'usb_port_resume':
drivers/usb/core/hub.c:3451:11: warning: 'portstatus' may be used uninitialized in this function [-Wmaybe-uninitialized]
status = check_port_resume_type(udev,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
hub, port1, status, portchange, portstatus);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/usb/core/hub.c:3451:11: warning: 'portchange' may be used uninitialized in this function [-Wmaybe-uninitialized]
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the current find_idlest_group()/find_idlest_cpu() search we end up
calling find_idlest_cpu() in a sched_group containing only one CPU in
the end. Checking idle-states becomes pointless when there is no
alternative, so bail out instead.
Signed-off-by: Morten Rasmussen <morten.rasmussen@arm.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: dietmar.eggemann@arm.com
Cc: linux-kernel@vger.kernel.org
Cc: mgalbraith@suse.de
Cc: vincent.guittot@linaro.org
Cc: yuyang.du@intel.com
Link: http://lkml.kernel.org/r/1466615004-3503-4-git-send-email-morten.rasmussen@arm.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: RyTek <rytek1128@outlook.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
cpu_idle_poll_ctrl provides a way of switching the
idle thread to use cpu_idle_poll instead of the arch
specific lower power mode callbacks (arch_cpu_idle).
cpu_idle_poll spins on a flag in a tight loop with
interrupts enabled.
In some cases it may be useful to enter the tight loop
polling mode only on a particular CPU. This allows
other CPUs to continue using the arch specific low
power mode callbacks. Provide an API that allows this.
Change-Id: I7c47c3590eb63345996a1c780faa79dbd1d9fdb4
Signed-off-by: Vikram Mulukutla <markivx@codeaurora.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
cpu_idle_poll_ctrl allows the enabling/disabling of the idle
polling mode; this mode allows a CPU to spin waiting for a
new task to be scheduled rather than having to execute the
arch specific idle code.
However, the loop that checks for a new task does not look
at the flag that enables idle polling mode. So, the CPU may
continue to spin even though the aforementioned flag has
been cleared. Since the CPU is already in idle, it may be
a while before a task is scheduled, precluding potential
power savings.
Modify the while loop conditional in question to also check
if the cpu_idle_force_poll flag is set.
Change-Id: Ia2e83af97890dc399b86e090459a41d31ce28b6c
Signed-off-by: Vikram Mulukutla <markivx@codeaurora.org>
|
| |
|
|
|
|
|
|
|
| |
To ensure that CPUs see cpu_idle_force_poll flag
updates, add a memory barrier after writing to
the flag.
Change-Id: Ic3fdef7d17b673247bce5093530ce8aa08694632
Signed-off-by: Vikram Mulukutla <markivx@codeaurora.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
kernel/trace/trace_output.c: In function 'trace_graph_ret_raw':
kernel/trace/trace_output.c:1198:2: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
if (!trace_seq_printf(&iter->seq, "%lx %lld %lld %ld %d\n",
^~
kernel/trace/trace_output.c:1204:3: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if'
return TRACE_TYPE_PARTIAL_LINE;
^~~~~~
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
kernel/sysctl.c: In function '__do_proc_dointvec.isra.3':
kernel/sysctl.c:2030:8: warning: 'kbuf' may be used uninitialized in this function [-Wmaybe-uninitialized]
char *tmp = skip_spaces(*buf);
^~~
kernel/sysctl.c:2183:8: note: 'kbuf' was declared here
char *kbuf;
^~~~
kernel/sysctl.c: In function '__do_proc_doulongvec_minmax':
kernel/sysctl.c:2030:8: warning: 'kbuf' may be used uninitialized in this function [-Wmaybe-uninitialized]
char *tmp = skip_spaces(*buf);
^~~
kernel/sysctl.c:2433:8: note: 'kbuf' was declared here
char *kbuf;
^~~~
This will be initialized to NULL normally.
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
When a system panics, the "Rebooting in X seconds.." message is never
printed because it lacks a new line. Fix it.
Link: http://lkml.kernel.org/r/20170119114751.2724-1-jslaby@suse.cz
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Linux 3.19 commit 69c953c ("lib/lcm.c: lcm(n,0)=lcm(0,n) is 0, not n")
caused blk_stack_limits() to not properly stack queue_limits for stacked
devices (e.g. DM).
Fix this regression by establishing lcm_not_zero() and switching
blk_stack_limits() over to using it.
DM uses blk_set_stacking_limits() to establish the initial top-level
queue_limits that are then built up based on underlying devices' limits
using blk_stack_limits(). In the case of optimal_io_size (io_opt)
blk_set_stacking_limits() establishes a default value of 0. With commit
69c953c, lcm(0, n) is no longer n, which compromises proper stacking of
the underlying devices' io_opt.
Test:
$ modprobe scsi_debug dev_size_mb=10 num_tgts=1 opt_blks=1536
$ cat /sys/block/sde/queue/optimal_io_size
786432
$ dmsetup create node --table "0 100 linear /dev/sde 0"
Before this fix:
$ cat /sys/block/dm-5/queue/optimal_io_size
0
After this fix:
$ cat /sys/block/dm-5/queue/optimal_io_size
786432
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Cc: stable@vger.kernel.org # 3.19+
Acked-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
Signed-off-by: Pranav Vashi <neobuddy89@gmail.com>
Signed-off-by: mydongistiny <jaysonedson@gmail.com>
|
| |
|
|
| |
This reverts commit 0719b9c5323a34bca5a689059048cfbb52520344.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In function cap_task_prctl(), we would allocate a credential
unconditionally and then check if we support the requested function.
If not we would release this credential with abort_creds() by using
RCU method. But on some archs such as powerpc, the sys_prctl is heavily
used to get/set the floating point exception mode. So the unnecessary
allocating/releasing of credential not only introduce runtime overhead
but also do cause OOM due to the RCU implementation.
This patch removes abort_creds() from cap_task_prctl() by calling
prepare_creds() only when we need to modify it.
Reported-by: Kevin Hao <haokexin@gmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reviewed-by: Paul Moore <paul@paul-moore.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <james.l.morris@oracle.com>
(cherry picked from commit 6d6f3328422a3bc56b0d8dd026a5de845d2abfa7)
Bug: 35074030
Test: Builds.
Change-Id: I6f8136b017fd0dcafbf82553e64fbf002a268f20
Signed-off-by: Jorge Lucangeli Obes <jorgelo@google.com>
Signed-off-by: Francisco Franco <franciscofranco.1990@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
security/keys/encrypted-keys/encrypted.c: In function 'encrypted_read':
security/keys/encrypted-keys/encrypted.c:922:6: warning: 'master_keylen' may be used uninitialized in this function [-Wmaybe-uninitialized]
ret = get_derived_key(derived_key, ENC_KEY, master_key, master_keylen);
~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
security/keys/encrypted-keys/encrypted.c:922:6: warning: 'master_key' may be used uninitialized in this function [-Wmaybe-uninitialized]
security/keys/encrypted-keys/encrypted.c: In function 'encrypted_instantiate':
security/keys/encrypted-keys/encrypted.c:688:6: warning: 'master_keylen' may be used uninitialized in this function [-Wmaybe-uninitialized]
ret = datablob_hmac_verify(epayload, format, master_key, master_keylen);
~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
security/keys/encrypted-keys/encrypted.c:660:9: note: 'master_keylen' was declared here
size_t master_keylen;
^~~~~~~~~~~~~
security/keys/encrypted-keys/encrypted.c:688:6: warning: 'master_key' may be used uninitialized in this function [-Wmaybe-uninitialized]
ret = datablob_hmac_verify(epayload, format, master_key, master_keylen);
~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
security/keys/encrypted-keys/encrypted.c:656:6: note: 'master_key' was declared here
u8 *master_key;
^~~~~~~~~~
A null pointer is handled properly by the code in this case. size_t should be initialized to 0.
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
|
| |
|
|
|
|
|
|
| |
ip_rt_put/ip6_rt_put call is missed after route lookup routine.
So if lookup returns ok, rtable leak will happen.
Change-Id: Ica137043879b4305b70401cf7e8efda24405e3ff
Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
commit e370a723632 ("af_unix: improve STREAM behavior with fragmented
memory") added a bug on large send() because the
skb_copy_datagram_from_iovec() call always start from the beginning
of iovec.
We must instead use the @sent variable to properly skip the
already processed part.
Reported-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Francisco Franco <franciscofranco.1990@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
unix_stream_sendmsg() currently uses order-2 allocations,
and we had numerous reports this can fail.
The __GFP_REPEAT flag present in sock_alloc_send_pskb() is
not helping.
This patch extends the work done in commit eb6a24816b247c
("af_unix: reduce high order page allocations) for
datagram sockets.
This opens the possibility of zero copy IO (splice() and
friends)
The trick is to not use skb_pull() anymore in recvmsg() path,
and instead add a @consumed field in UNIXCB() to track amount
of already read payload in the skb.
There is a performance regression for large sends
because of extra page allocations that will be addressed
in a follow-up patch, allowing sock_alloc_send_pskb()
to attempt high order page allocations.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: David Rientjes <rientjes@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Francisco Franco <franciscofranco.1990@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Dmitry reported a struct pid leak detected by a syzkaller program.
Bug happens in unix_stream_recvmsg() when we break the loop when a
signal is pending, without properly releasing scm.
Fixes: b3ca9b02b007 ("net: fix multithreaded signal handling in unix recv routines")
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Rainer Weikusat <rweikusat@mobileactivedefense.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Francisco Franco <franciscofranco.1990@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
net/packet/af_packet.c: In function 'packet_set_ring':
net/packet/af_packet.c:3712:4: warning: this 'if' clause does not guard... [-Wmisleading-indentation]
if (!tx_ring)
^~
net/packet/af_packet.c:3714:5: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if'
break;
^~~~~
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
net/netfilter/nf_conntrack_h323_main.c: In function 'h245_help':
net/netfilter/nf_conntrack_h323_main.c:178:11: warning: 'dataoff' may be used uninitialized in this function [-Wmaybe-uninitialized]
tpktoff = *dataoff + *datalen;
~~~~~~~~^~~~~~~~~~~~~~~~~~~~~
net/netfilter/nf_conntrack_h323_main.c:588:6: note: 'dataoff' was declared here
int dataoff;
^~~~~~~
net/netfilter/nf_conntrack_h323_main.c:182:18: warning: 'datalen' may be used uninitialized in this function [-Wmaybe-uninitialized]
tpkt = *data + *datalen;
^~~~~~~~
net/netfilter/nf_conntrack_h323_main.c:587:6: note: 'datalen' was declared here
int datalen;
^~~~~~~
net/netfilter/nf_conntrack_h323_main.c: In function 'q931_help':
net/netfilter/nf_conntrack_h323_main.c:178:11: warning: 'dataoff' may be used uninitialized in this function [-Wmaybe-uninitialized]
tpktoff = *dataoff + *datalen;
~~~~~~~~^~~~~~~~~~~~~~~~~~~~~
net/netfilter/nf_conntrack_h323_main.c:1163:6: note: 'dataoff' was declared here
int dataoff;
^~~~~~~
net/netfilter/nf_conntrack_h323_main.c:182:18: warning: 'datalen' may be used uninitialized in this function [-Wmaybe-uninitialized]
tpkt = *data + *datalen;
^~~~~~~~
net/netfilter/nf_conntrack_h323_main.c:1162:6: note: 'datalen' was declared here
int datalen;
^~~~~~~
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
net/wireless/nl80211.c: In function '__cfg80211_wdev_from_attrs':
net/wireless/nl80211.c:90:44: warning: 'wdev_id' may be used uninitialized in this function [-Wmaybe-uninitialized]
if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
^~~~~~~~~~~~
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In file included from /home/nathan/Kernels/angler/arch/arm64/include/asm/bug.h:48:0,
from include/linux/bug.h:4,
from include/linux/thread_info.h:13,
from include/asm-generic/current.h:4,
from arch/arm64/include/generated/asm/current.h:1,
from include/linux/mutex.h:13,
from include/linux/notifier.h:13,
from include/linux/pm_qos.h:8,
from include/linux/netdevice.h:28,
from include/net/cfg80211.h:13,
from net/wireless/chan.c:10:
net/wireless/chan.c: In function 'cfg80211_chandef_compatible':
include/asm-generic/bug.h:86:22: warning: 'c1_pri80' may be used uninitialized in this function [-Wmaybe-uninitialized]
int __ret_warn_on = !!(condition); \
^
net/wireless/chan.c:180:16: note: 'c1_pri80' was declared here
u32 c1_pri40, c1_pri80, c2_pri40, c2_pri80;
^~~~~~~~
net/wireless/chan.c:208:5: warning: 'c1_pri40' may be used uninitialized in this function [-Wmaybe-uninitialized]
if (c1_pri40 != c2_pri40)
^
In file included from /home/nathan/Kernels/angler/arch/arm64/include/asm/bug.h:48:0,
from include/linux/bug.h:4,
from include/linux/thread_info.h:13,
from include/asm-generic/current.h:4,
from arch/arm64/include/generated/asm/current.h:1,
from include/linux/mutex.h:13,
from include/linux/notifier.h:13,
from include/linux/pm_qos.h:8,
from include/linux/netdevice.h:28,
from include/net/cfg80211.h:13,
from net/wireless/chan.c:10:
include/asm-generic/bug.h:86:22: warning: 'c2_pri80' may be used uninitialized in this function [-Wmaybe-uninitialized]
int __ret_warn_on = !!(condition); \
^
net/wireless/chan.c:180:36: note: 'c2_pri80' was declared here
u32 c1_pri40, c1_pri80, c2_pri40, c2_pri80;
^~~~~~~~
net/wireless/chan.c:208:5: warning: 'c2_pri40' may be used uninitialized in this function [-Wmaybe-uninitialized]
if (c1_pri40 != c2_pri40)
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In file included from include/net/inetpeer.h:15:0,
from net/ipv4/tcp_metrics.c:16:
net/ipv4/tcp_metrics.c: In function 'tcp_peer_is_proven':
include/net/ipv6.h:436:38: warning: '*((void *)&addr+8)' may be used uninitialized in this function [-Wmaybe-uninitialized]
return ((ul1[0] ^ ul2[0]) | (ul1[1] ^ ul2[1])) == 0UL;
~~~~~~~~^~~~~~~~~
net/ipv4/tcp_metrics.c:228:23: note: '*((void *)&addr+8)' was declared here
struct inetpeer_addr addr;
^~~~
In file included from include/net/inetpeer.h:15:0,
from net/ipv4/tcp_metrics.c:16:
net/ipv4/tcp_metrics.c: In function 'tcp_tw_remember_stamp':
include/net/ipv6.h:436:38: warning: '*((void *)&addr+8)' may be used uninitialized in this function [-Wmaybe-uninitialized]
return ((ul1[0] ^ ul2[0]) | (ul1[1] ^ ul2[1])) == 0UL;
~~~~~~~~^~~~~~~~~
net/ipv4/tcp_metrics.c:262:23: note: '*((void *)&addr+8)' was declared here
struct inetpeer_addr addr;
^~~~
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
In file included from net/bridge/br_multicast.c:28:0:
net/bridge/br_multicast.c: In function 'br_mdb_get':
include/net/ipv6.h:436:38: warning: '*((void *)&ip+8)' may be used uninitialized in this function [-Wmaybe-uninitialized]
return ((ul1[0] ^ ul2[0]) | (ul1[1] ^ ul2[1])) == 0UL;
~~~~~~~~^~~~~~~~~
net/bridge/br_multicast.c:138:15: note: '*((void *)&ip+8)' was declared here
struct br_ip ip;
^~
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In file included from /home/nathan/Kernels/angler/arch/arm64/include/asm/bitops.h:49:0,
from include/linux/bitops.h:30,
from include/linux/kernel.h:10,
from include/asm-generic/bug.h:13,
from /home/nathan/Kernels/angler/arch/arm64/include/asm/bug.h:48,
from include/linux/bug.h:4,
from include/linux/thread_info.h:13,
from include/linux/preempt.h:9,
from include/linux/spinlock.h:50,
from include/linux/mmzone.h:7,
from include/linux/gfp.h:4,
from include/linux/mm.h:8,
from net/socket.c:61:
net/socket.c: In function 'SyS_socketpair':
include/asm-generic/bitops/non-atomic.h:105:20: warning: 'sock1' may be used uninitialized in this function [-Wmaybe-uninitialized]
return 1UL & (addr[BIT_WORD(nr)] >> (nr & (BITS_PER_LONG-1)));
~~~~^~~~~~~~~~~~~~
net/socket.c:1433:17: note: 'sock1' was declared here
struct socket *sock1, *sock2;
^~~~~
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When I cooked commit c3658e8d0f1 ("tcp: fix possible NULL dereference in
tcp_vX_send_reset()") I missed other spots we could deref a NULL
skb_dst(skb)
Again, if a socket is provided, we do not need skb_dst() to get a
pointer to network namespace : sock_net(sk) is good enough.
[Backport of net-next 0f85feae6b710ced3abad5b2b47d31dfcb956b62]
Bug: 16355602
Change-Id: Ibe1def7979625ee7902bff2f33ec8945b9945948
Reported-by: Dann Frazier <dann.frazier@canonical.com>
Bisected-by: Dann Frazier <dann.frazier@canonical.com>
Tested-by: Dann Frazier <dann.frazier@canonical.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Fixes: ca777eff51f7 ("tcp: remove dst refcount false sharing for prequeue mode")
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Francisco Franco <franciscofranco.1990@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have many places where we want to check if a socket is
not a timewait or request socket. Use a helper to avoid
hard coding this.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[backported from net-next 1d0ab253872cdd3d8e7913f59c266c7fd01771d0]
[lorenzo@google.com: removed TCPF_NEW_SYN_RECV, and added a comment to add it back.]
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Bug: 24163529
Change-Id: Ibf09017e1ab00af5e6925273117c335d7f515d73
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When DDEBUG is enabled, the prdebug_full_state() function will try to
recursively aquire the spinlock of sock_tag_list and causing deadlock. A
check statement is added before it aquire the spinlock to differentiate
the behavior depend on the caller of the function.
Bug: 36559739
Test: Compile and run test under system/extra/test/iptables/
Change-Id: Ie3397fbaa207e14fe214d47aaf5e8ca1f4a712ee
Signed-off-by: Chenbo Feng <fengc@google.com>
|
| |
|
|
|
|
|
|
|
|
| |
Sdcardfs uses the same magic value as wrapfs.
This should not be the case. As it is entirely
in memory, the value can be changed without any
loss of compatibility.
Change-Id: I24200b805d5e6d32702638be99e47d50d7f2f746
Signed-off-by: Daniel Rosenberg <drosen@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In file included from scripts/sortextable.c:194:0:
scripts/sortextable.c: In function `main':
scripts/sortextable.h:176:3: warning: `relocs_size' may be used uninitialized in this function [-Wmaybe-uninitialized]
memset(relocs, 0, relocs_size);
^
scripts/sortextable.h:106:6: note: `relocs_size' was declared here
int relocs_size;
^
In file included from scripts/sortextable.c:192:0:
scripts/sortextable.h:176:3: warning: `relocs_size' may be used uninitialized in this function [-Wmaybe-uninitialized]
memset(relocs, 0, relocs_size);
^
scripts/sortextable.h:106:6: note: `relocs_size' was declared here
int relocs_size;
^
gcc 4.9.1
Change-Id: I277a20929ab23d0c8d073929ac2a70da97e816f2
|
| |
|
|
|
|
|
|
|
| |
"Squashfs: refactor page_actor" missed a null check within
squashfs_bh_to_actor, as that array may now contain null entries
Signed-off-by: Daniel Rosenberg <drosen@google.com>
Bug: 35257858
Change-Id: Ia6748af980859237a96f509f35903f722a46fd59
|
