Re: [EDT][PATCH] kernel/exit.c : Fix missing read_unlock
EP-F6AA0618C49C4AEDA73BFF1B39950BAB
Hi Oleg,
Hi,
From: Maninder Singh maninder...@samsung.com
Subject: [PATCH 1/1] kernel/exit.c : Fix missing task_unlock
This patch adds missing read_unlock if do_wait_thread or ptrace_do_wait
returns non zero.
Confused...
wait_consider_task() should drop tasklist_lock if it returns non-zero?
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -1486,12 +1486,16 @@ repeat:
tsk = current;
do {
retval = do_wait_thread(wo, tsk);
-if (retval)
+if (retval) {
+read_unlock(tasklist_lock);
goto end;
+}
retval = ptrace_do_wait(wo, tsk);
-if (retval)
+if (retval) {
+read_unlock(tasklist_lock);
goto end;
+}
Well, the patch is obviously wrong. Because, again, tasklist_lock was
already unlocked if (say) wait_task_zombie() reaps a child.
Yes, agree, My wrong
If you think there is a case which forgets to unlock, please tell us
more.
I have checked It is getting unlocked in wait_task_zombie Sorry for unnecessary
disturbance.
Oleg.
Thanks
[EDT][PATCH] kernel/exit.c : Fix missing read_unlock
EP-F6AA0618C49C4AEDA73BFF1B39950BAB
Hi,
From: Maninder Singh
Subject: [PATCH 1/1] kernel/exit.c : Fix missing task_unlock
This patch adds missing read_unlock if do_wait_thread or ptrace_do_wait
returns non zero.
Signed-off-by: Maninder Singh
Signed-off-by: Vaneet Narang
Reviewd-by: Akhilesh Kumar
---
kernel/exit.c |8 ++--
1 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/kernel/exit.c b/kernel/exit.c
index 22fcc05..31a061f 100644
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -1486,12 +1486,16 @@ repeat:
tsk = current;
do {
retval = do_wait_thread(wo, tsk);
- if (retval)
+ if (retval) {
+ read_unlock(_lock);
goto end;
+ }
retval = ptrace_do_wait(wo, tsk);
- if (retval)
+ if (retval) {
+ read_unlock(_lock);
goto end;
+ }
if (wo->wo_flags & __WNOTHREAD)
break;
--
1.7.1
Thanks
Maninder SinghN‹§²æìr¸›yúèšØb²X¬¶Ç§vØ^–)Þº{.nÇ+‰·¥Š{±‘êçzX§¶›¡Ü¨}©ž²Æ
zÚ:+v‰¨¾«‘êçzZ+€Ê+zf£¢·hšˆ§~††Ûiÿûàz¹
®w¥¢¸?™¨èÚ&¢)ߢf”ù^jÇ«y§m…á@A«a¶Úÿ
0¶ìh®å’i
[EDT][PATCH] kernel/exit.c : Fix missing read_unlock
EP-F6AA0618C49C4AEDA73BFF1B39950BAB
Hi,
From: Maninder Singh maninder...@samsung.com
Subject: [PATCH 1/1] kernel/exit.c : Fix missing task_unlock
This patch adds missing read_unlock if do_wait_thread or ptrace_do_wait
returns non zero.
Signed-off-by: Maninder Singh maninder...@samsung.com
Signed-off-by: Vaneet Narang v.nar...@samsung.com
Reviewd-by: Akhilesh Kumar akhiles...@samsung.com
---
kernel/exit.c |8 ++--
1 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/kernel/exit.c b/kernel/exit.c
index 22fcc05..31a061f 100644
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -1486,12 +1486,16 @@ repeat:
tsk = current;
do {
retval = do_wait_thread(wo, tsk);
- if (retval)
+ if (retval) {
+ read_unlock(tasklist_lock);
goto end;
+ }
retval = ptrace_do_wait(wo, tsk);
- if (retval)
+ if (retval) {
+ read_unlock(tasklist_lock);
goto end;
+ }
if (wo-wo_flags __WNOTHREAD)
break;
--
1.7.1
Thanks
Maninder SinghN‹§²æìr¸›yúèšØb²X¬¶Ç§vØ^–)Þº{.nÇ+‰·¥Š{±‘êçzX§¶›¡Ü¨}©ž²Æ
zÚj:+v‰¨¾«‘êçzZ+€Ê+zf£¢·hšˆ§~††Ûiÿûàz¹
®w¥¢¸?™¨èÚ¢)ߢf”ù^jÇ«y§m…á@A«a¶Úÿ
0¶ìh®å’i
[EDT][PATCh 1/1]mdfld_dsi_pkg_sender.c : Fix Possible NULL Pointer dereference
EP-AA9D1F29B02341529D96C06444D8471D
Hi,
There is NULL pointer check for sender after dereferencing sender in
__read_panel_data as below:-
struct drm_device *dev = sender->dev;
...
if (!sender || !data || !len)
And from codeflow
mdfld_dsi_get_panel_status --> mdfld_dsi_read_mcs --> __read_panel_data
In mdfld_dsi_get_panel_status & mdfld_dsi_read_mcs there is already a same
check.
---Cut
if (!sender || !data || !len) {
DRM_ERROR("Invalid parameters\n");
return -EINVAL;
}
return __read_panel_data(sender, MIPI_DSI_DCS_READ, , 1,
data, len, hs);
Cut---
So either we can remove this check from __read_panel_data ,
or if we want to have defensive code then below change should be included.
Subject: [PATCH 1/1] mdfld_dsi_pkg_sender.c : Initialize dev struct after NULL
check of sender
Signed-off-by: Maninder Singh
Reviewed-By: Vaneet Narang
---
drivers/gpu/drm/gma500/mdfld_dsi_pkg_sender.c |4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/drivers/gpu/drm/gma500/mdfld_dsi_pkg_sender.c
b/drivers/gpu/drm/gma500/mdfld_dsi_pkg_sender.c
index 6b43ae3..6f2b2c9 100644
--- a/drivers/gpu/drm/gma500/mdfld_dsi_pkg_sender.c
+++ b/drivers/gpu/drm/gma500/mdfld_dsi_pkg_sender.c
@@ -520,7 +520,7 @@ static int __read_panel_data(struct mdfld_dsi_pkg_sender
*sender, u8 data_type,
u8 *data, u16 len, u32 *data_out, u16 len_out, bool hs)
{
unsigned long flags;
- struct drm_device *dev = sender->dev;
+ struct drm_device *dev;
int i;
u32 gen_data_reg;
int retry = MDFLD_DSI_READ_MAX_COUNT;
@@ -530,6 +530,8 @@ static int __read_panel_data(struct mdfld_dsi_pkg_sender
*sender, u8 data_type,
return -EINVAL;
}
+ dev = sender->dev;
+
/**
* do reading.
* 0) send out generic read request
--
1.7.1
Thanks
Maninder
[EDT][PATCh 1/1]mdfld_dsi_pkg_sender.c : Fix Possible NULL Pointer dereference
EP-AA9D1F29B02341529D96C06444D8471D
Hi,
There is NULL pointer check for sender after dereferencing sender in
__read_panel_data as below:-
struct drm_device *dev = sender-dev;
...
if (!sender || !data || !len)
And from codeflow
mdfld_dsi_get_panel_status -- mdfld_dsi_read_mcs -- __read_panel_data
In mdfld_dsi_get_panel_status mdfld_dsi_read_mcs there is already a same
check.
---Cut
if (!sender || !data || !len) {
DRM_ERROR(Invalid parameters\n);
return -EINVAL;
}
return __read_panel_data(sender, MIPI_DSI_DCS_READ, cmd, 1,
data, len, hs);
Cut---
So either we can remove this check from __read_panel_data ,
or if we want to have defensive code then below change should be included.
Subject: [PATCH 1/1] mdfld_dsi_pkg_sender.c : Initialize dev struct after NULL
check of sender
Signed-off-by: Maninder Singh maninder...@samsung.com
Reviewed-By: Vaneet Narang v.nar...@samsung.com
---
drivers/gpu/drm/gma500/mdfld_dsi_pkg_sender.c |4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/drivers/gpu/drm/gma500/mdfld_dsi_pkg_sender.c
b/drivers/gpu/drm/gma500/mdfld_dsi_pkg_sender.c
index 6b43ae3..6f2b2c9 100644
--- a/drivers/gpu/drm/gma500/mdfld_dsi_pkg_sender.c
+++ b/drivers/gpu/drm/gma500/mdfld_dsi_pkg_sender.c
@@ -520,7 +520,7 @@ static int __read_panel_data(struct mdfld_dsi_pkg_sender
*sender, u8 data_type,
u8 *data, u16 len, u32 *data_out, u16 len_out, bool hs)
{
unsigned long flags;
- struct drm_device *dev = sender-dev;
+ struct drm_device *dev;
int i;
u32 gen_data_reg;
int retry = MDFLD_DSI_READ_MAX_COUNT;
@@ -530,6 +530,8 @@ static int __read_panel_data(struct mdfld_dsi_pkg_sender
*sender, u8 data_type,
return -EINVAL;
}
+ dev = sender-dev;
+
/**
* do reading.
* 0) send out generic read request
--
1.7.1
Thanks
Maninder
[EDT][PATCH 1/1] dma/pl330.c : Initialize pl330 pointer after NULL check of pch pointer
EP-AA9D1F29B02341529D96C06444D8471D
Hi,
Subject: [PATCH 1/1] dma/pl330.c : Initialize pl330 pointer after NULL check of
pch pointer
Signed-off-by: Maninder Singh
Reviewed-By: Vaneet Narang
---
drivers/dma/pl330.c |4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/drivers/dma/pl330.c b/drivers/dma/pl330.c
index a7d9d30..7e27144 100644
--- a/drivers/dma/pl330.c
+++ b/drivers/dma/pl330.c
@@ -2581,12 +2581,14 @@ pl330_prep_dma_memcpy(struct dma_chan *chan, dma_addr_t
dst,
{
struct dma_pl330_desc *desc;
struct dma_pl330_chan *pch = to_pchan(chan);
- struct pl330_dmac *pl330 = pch->dmac;
+ struct pl330_dmac *pl330;
int burst;
if (unlikely(!pch || !len))
return NULL;
+ pl330 = pch->dmac;
+
desc = __pl330_prep_dma_memcpy(pch, dst, src, len);
if (!desc)
return NULL;
--
1.7.1
Thanks
Maninder Singh
[EDT][PATCH 1/1] dma/pl330.c : Initialize pl330 pointer after NULL check of pch pointer
EP-AA9D1F29B02341529D96C06444D8471D
Hi,
Subject: [PATCH 1/1] dma/pl330.c : Initialize pl330 pointer after NULL check of
pch pointer
Signed-off-by: Maninder Singh maninder...@samsung.com
Reviewed-By: Vaneet Narang v.nar...@samsung.com
---
drivers/dma/pl330.c |4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/drivers/dma/pl330.c b/drivers/dma/pl330.c
index a7d9d30..7e27144 100644
--- a/drivers/dma/pl330.c
+++ b/drivers/dma/pl330.c
@@ -2581,12 +2581,14 @@ pl330_prep_dma_memcpy(struct dma_chan *chan, dma_addr_t
dst,
{
struct dma_pl330_desc *desc;
struct dma_pl330_chan *pch = to_pchan(chan);
- struct pl330_dmac *pl330 = pch-dmac;
+ struct pl330_dmac *pl330;
int burst;
if (unlikely(!pch || !len))
return NULL;
+ pl330 = pch-dmac;
+
desc = __pl330_prep_dma_memcpy(pch, dst, src, len);
if (!desc)
return NULL;
--
1.7.1
Thanks
Maninder Singh
[EDT][PATCH 1/1] hw_breakpoint.c :cpu hotplug handling
EP-2DAD0AFA905A4ACB804C4F82A001242F
Subject: [PATCH 1/1] hw_breakpoint.c :cpu hotplug handling
This patch adds support for CPU hotplug, It re-installl all installed
watchpoints and breakpoints
back on H/W in case of cpu-hot plug.
Signed-off-by: Vaneet Narang
Signed-off-by: Maninder Singh
Reviewed-by: Amit Arora
Reviewed-by: Ajeet Yadav
---
arch/arm/kernel/hw_breakpoint.c | 56 +++
1 files changed, 56 insertions(+), 0 deletions(-)
diff --git a/arch/arm/kernel/hw_breakpoint.c b/arch/arm/kernel/hw_breakpoint.c
index dc7d0a9..172bfa8 100644
--- a/arch/arm/kernel/hw_breakpoint.c
+++ b/arch/arm/kernel/hw_breakpoint.c
@@ -388,6 +388,56 @@ int arch_install_hw_breakpoint(struct perf_event *bp)
return 0;
}
+/*
+ * reInstall a perf counter breakpoint.
+ */
+void arch_reinstall_hw_breakpoint(int index, int type)
+{
+ struct arch_hw_breakpoint *info;
+ struct perf_event **slots;
+ int ctrl_base, val_base;
+ u32 addr, ctrl;
+ struct perf_event *bp;
+
+ if (type == ARM_ENTRY_BREAKPOINT) {
+ /* Breakpoint */
+ ctrl_base = ARM_BASE_BCR;
+ val_base = ARM_BASE_BVR;
+ slots = (struct perf_event **)__get_cpu_var(bp_on_reg);
+ } else {
+ /* Watchpoint */
+ ctrl_base = ARM_BASE_WCR;
+ val_base = ARM_BASE_WVR;
+ slots = (struct perf_event **)__get_cpu_var(wp_on_reg);
+ }
+
+ bp = slots[index];
+ if (!bp)
+ return;
+
+ info = counter_arch_bp(bp);
+ addr = info->address;
+ ctrl = encode_ctrl_reg(info->ctrl) | 0x1;
+
+
+ /* Override the breakpoint data with the step data. */
+ if (info->step_ctrl.enabled) {
+ addr = info->trigger & ~0x3;
+ ctrl = encode_ctrl_reg(info->step_ctrl);
+ if (info->ctrl.type != ARM_BREAKPOINT_EXECUTE) {
+ index = 0;
+ ctrl_base = ARM_BASE_BCR + core_num_brps;
+ val_base = ARM_BASE_BVR + core_num_brps;
+ }
+ }
+
+ /* Setup the address register. */
+ write_wb_reg(val_base + index, addr);
+
+ /* Setup the control register. */
+ write_wb_reg(ctrl_base + index, ctrl);
+}
+
void arch_uninstall_hw_breakpoint(struct perf_event *bp)
{
struct arch_hw_breakpoint *info = counter_arch_bp(bp);
@@ -1019,6 +1069,12 @@ clear_vcr:
out_mdbgen:
if (enable_monitor_mode())
cpumask_or(_err_mask, _err_mask, cpumask_of(cpu));
+
+ for (i = 0; i < core_num_brps; ++i)
+ arch_reinstall_hw_breakpoint(i, ARM_ENTRY_BREAKPOINT);
+ for (i = 0; i < core_num_wrps; ++i)
+ arch_reinstall_hw_breakpoint(i, ARM_ENTRY_SYNC_WATCHPOINT);
+
}
static int dbg_reset_notify(struct notifier_block *self,
--
1.7.1
Thanks
Maninder SinghN‹§²æìr¸›yúèšØb²X¬¶Ç§vØ^–)Þº{.nÇ+‰·¥Š{±‘êçzX§¶›¡Ü¨}©ž²Æ
zÚ:+v‰¨¾«‘êçzZ+€Ê+zf£¢·hšˆ§~††Ûiÿûàz¹
®w¥¢¸?™¨èÚ&¢)ߢf”ù^jÇ«y§m…á@A«a¶Úÿ
0¶ìh®å’i
[EDT] [PATCH 1/1] Fix: hw watchpoint continually triggers callback
EP-2DAD0AFA905A4ACB804C4F82A001242F
On ARM, when a watchpoint is registered using register_wide_hw_breakpoint,
the callback handler endlessly runs until the watchpoint is unregistered.
The reason for this issue is debug interrupts gets raised before executing the
instruction,
and after interrupt handling ARM tries to execute the same instruction again ,
which results
in interrupt getting raised again.
This patch fixes this issue by using KPROBES (getting the instruction executed
and incrementing PC
to next instruction).
Signed-off-by: Vaneet Narang
Signed-off-by: Maninder Singh
Reviewed-by: Amit Arora
Reviewed-by: Ajeet Yadav
---
arch/arm/kernel/hw_breakpoint.c | 18 ++
1 files changed, 18 insertions(+), 0 deletions(-)
diff --git a/arch/arm/kernel/hw_breakpoint.c b/arch/arm/kernel/hw_breakpoint.c
index dc7d0a9..ec72f86 100644
--- a/arch/arm/kernel/hw_breakpoint.c
+++ b/arch/arm/kernel/hw_breakpoint.c
@@ -37,6 +37,9 @@
#include
#include
#include
+#ifdef CONFIG_KPROBES
+#include
+#endif
/* Breakpoint currently in use for each BRP. */
static DEFINE_PER_CPU(struct perf_event *, bp_on_reg[ARM_MAX_BRP]);
@@ -757,6 +760,21 @@ static void watchpoint_handler(unsigned long addr,
unsigned int fsr,
*/
if (!wp->overflow_handler)
enable_single_step(wp, instruction_pointer(regs));
+#ifdef CONFIG_KPROBES
+ else {
+ struct kprobe kp;
+ unsigned long flags;
+
+ arch_uninstall_hw_breakpoint(wp);
+ kp.addr = (kprobe_opcode_t *)instruction_pointer(regs);
+ if (!arch_prepare_kprobe()) {
+ local_irq_save(flags);
+ kp.ainsn.insn_singlestep(, regs);
+ local_irq_restore(flags);
+ }
+ arch_install_hw_breakpoint(wp);
+ }
+#endif
unlock:
rcu_read_unlock();
--
1.7.1
Thanks ,
Maninder SinghN‹§²æìr¸›yúèšØb²X¬¶Ç§vØ^–)Þº{.nÇ+‰·¥Š{±‘êçzX§¶›¡Ü¨}©ž²Æ
zÚ:+v‰¨¾«‘êçzZ+€Ê+zf£¢·hšˆ§~††Ûiÿûàz¹
®w¥¢¸?™¨èÚ&¢)ߢf”ù^jÇ«y§m…á@A«a¶Úÿ
0¶ìh®å’i
[EDT] [PATCH 1/1] Fix: hw watchpoint continually triggers callback
EP-2DAD0AFA905A4ACB804C4F82A001242F
On ARM, when a watchpoint is registered using register_wide_hw_breakpoint,
the callback handler endlessly runs until the watchpoint is unregistered.
The reason for this issue is debug interrupts gets raised before executing the
instruction,
and after interrupt handling ARM tries to execute the same instruction again ,
which results
in interrupt getting raised again.
This patch fixes this issue by using KPROBES (getting the instruction executed
and incrementing PC
to next instruction).
Signed-off-by: Vaneet Narang v.nar...@samsung.com
Signed-off-by: Maninder Singh maninder...@samsung.com
Reviewed-by: Amit Arora amit.ar...@samsung.com
Reviewed-by: Ajeet Yadav ajee...@samsung.com
---
arch/arm/kernel/hw_breakpoint.c | 18 ++
1 files changed, 18 insertions(+), 0 deletions(-)
diff --git a/arch/arm/kernel/hw_breakpoint.c b/arch/arm/kernel/hw_breakpoint.c
index dc7d0a9..ec72f86 100644
--- a/arch/arm/kernel/hw_breakpoint.c
+++ b/arch/arm/kernel/hw_breakpoint.c
@@ -37,6 +37,9 @@
#include asm/hw_breakpoint.h
#include asm/kdebug.h
#include asm/traps.h
+#ifdef CONFIG_KPROBES
+#include linux/kprobes.h
+#endif
/* Breakpoint currently in use for each BRP. */
static DEFINE_PER_CPU(struct perf_event *, bp_on_reg[ARM_MAX_BRP]);
@@ -757,6 +760,21 @@ static void watchpoint_handler(unsigned long addr,
unsigned int fsr,
*/
if (!wp-overflow_handler)
enable_single_step(wp, instruction_pointer(regs));
+#ifdef CONFIG_KPROBES
+ else {
+ struct kprobe kp;
+ unsigned long flags;
+
+ arch_uninstall_hw_breakpoint(wp);
+ kp.addr = (kprobe_opcode_t *)instruction_pointer(regs);
+ if (!arch_prepare_kprobe(kp)) {
+ local_irq_save(flags);
+ kp.ainsn.insn_singlestep(kp, regs);
+ local_irq_restore(flags);
+ }
+ arch_install_hw_breakpoint(wp);
+ }
+#endif
unlock:
rcu_read_unlock();
--
1.7.1
Thanks ,
Maninder SinghN‹§²æìr¸›yúèšØb²X¬¶Ç§vØ^–)Þº{.nÇ+‰·¥Š{±‘êçzX§¶›¡Ü¨}©ž²Æ
zÚj:+v‰¨¾«‘êçzZ+€Ê+zf£¢·hšˆ§~††Ûiÿûàz¹
®w¥¢¸?™¨èÚ¢)ߢf”ù^jÇ«y§m…á@A«a¶Úÿ
0¶ìh®å’i
[EDT][PATCH 1/1] hw_breakpoint.c :cpu hotplug handling
EP-2DAD0AFA905A4ACB804C4F82A001242F
Subject: [PATCH 1/1] hw_breakpoint.c :cpu hotplug handling
This patch adds support for CPU hotplug, It re-installl all installed
watchpoints and breakpoints
back on H/W in case of cpu-hot plug.
Signed-off-by: Vaneet Narang v.nar...@samsung.com
Signed-off-by: Maninder Singh maninder...@samsung.com
Reviewed-by: Amit Arora amit.ar...@samsung.com
Reviewed-by: Ajeet Yadav ajee...@samsung.com
---
arch/arm/kernel/hw_breakpoint.c | 56 +++
1 files changed, 56 insertions(+), 0 deletions(-)
diff --git a/arch/arm/kernel/hw_breakpoint.c b/arch/arm/kernel/hw_breakpoint.c
index dc7d0a9..172bfa8 100644
--- a/arch/arm/kernel/hw_breakpoint.c
+++ b/arch/arm/kernel/hw_breakpoint.c
@@ -388,6 +388,56 @@ int arch_install_hw_breakpoint(struct perf_event *bp)
return 0;
}
+/*
+ * reInstall a perf counter breakpoint.
+ */
+void arch_reinstall_hw_breakpoint(int index, int type)
+{
+ struct arch_hw_breakpoint *info;
+ struct perf_event **slots;
+ int ctrl_base, val_base;
+ u32 addr, ctrl;
+ struct perf_event *bp;
+
+ if (type == ARM_ENTRY_BREAKPOINT) {
+ /* Breakpoint */
+ ctrl_base = ARM_BASE_BCR;
+ val_base = ARM_BASE_BVR;
+ slots = (struct perf_event **)__get_cpu_var(bp_on_reg);
+ } else {
+ /* Watchpoint */
+ ctrl_base = ARM_BASE_WCR;
+ val_base = ARM_BASE_WVR;
+ slots = (struct perf_event **)__get_cpu_var(wp_on_reg);
+ }
+
+ bp = slots[index];
+ if (!bp)
+ return;
+
+ info = counter_arch_bp(bp);
+ addr = info-address;
+ ctrl = encode_ctrl_reg(info-ctrl) | 0x1;
+
+
+ /* Override the breakpoint data with the step data. */
+ if (info-step_ctrl.enabled) {
+ addr = info-trigger ~0x3;
+ ctrl = encode_ctrl_reg(info-step_ctrl);
+ if (info-ctrl.type != ARM_BREAKPOINT_EXECUTE) {
+ index = 0;
+ ctrl_base = ARM_BASE_BCR + core_num_brps;
+ val_base = ARM_BASE_BVR + core_num_brps;
+ }
+ }
+
+ /* Setup the address register. */
+ write_wb_reg(val_base + index, addr);
+
+ /* Setup the control register. */
+ write_wb_reg(ctrl_base + index, ctrl);
+}
+
void arch_uninstall_hw_breakpoint(struct perf_event *bp)
{
struct arch_hw_breakpoint *info = counter_arch_bp(bp);
@@ -1019,6 +1069,12 @@ clear_vcr:
out_mdbgen:
if (enable_monitor_mode())
cpumask_or(debug_err_mask, debug_err_mask, cpumask_of(cpu));
+
+ for (i = 0; i core_num_brps; ++i)
+ arch_reinstall_hw_breakpoint(i, ARM_ENTRY_BREAKPOINT);
+ for (i = 0; i core_num_wrps; ++i)
+ arch_reinstall_hw_breakpoint(i, ARM_ENTRY_SYNC_WATCHPOINT);
+
}
static int dbg_reset_notify(struct notifier_block *self,
--
1.7.1
Thanks
Maninder SinghN‹§²æìr¸›yúèšØb²X¬¶Ç§vØ^–)Þº{.nÇ+‰·¥Š{±‘êçzX§¶›¡Ü¨}©ž²Æ
zÚj:+v‰¨¾«‘êçzZ+€Ê+zf£¢·hšˆ§~††Ûiÿûàz¹
®w¥¢¸?™¨èÚ¢)ߢf”ù^jÇ«y§m…á@A«a¶Úÿ
0¶ìh®å’i
Re: [EDT][PATCH 1/1] msgsnd use freezable blocking call
EP-F6AA0618C49C4AEDA73BFF1B39950BAB >On Wed, 06 May 2015 11:29:57 + (GMT) Maninder Singh wrote: >> EP-F6AA0618C49C4AEDA73BFF1B39950BAB >> >> Hi , >> >> Recently shared a patch for using freezable_schedule instead of schedule in >> msgrcv, >> and after analysing message queuie implemntation we have realized even >> msgsnd can also block, if queue is full, >> So in this scenerio msgsnd sets task state as TASK_INTERRUPTIBLE and can >> schedule function, similar behaviour as msgrcv. >> This change is applicable for msgsnd as well. >> >> we have created patch for remotes/linux-next/akpm, because msgrcv patch is >> already applied at this branch. .> so we didnt include >> >This changelog is quite poor. It doesn't explain why the change is >being made, it doesn't explain the user-visible effects which are being >fixed, etc. >So I threw it away and copied text from "ipc/msg.c: use freezable >blocking call": >One thing which isn't clear to me: *why* do we want to "Avoid waking up >every thread sleeping in XXX during suspend and resume"? Suspend and >resume are rare operations. Why do we care if a few threads wake up >then go to sleep again? When any task is stuck in Interruptible or Uninterruptible state then waking up of that task fails. If wakeup fails, then suspend operation fails and all process send to frezeer state at this moment also gets wakeup. Correct implementation is that if suspend fails, then kernel would retry suspend operation again after some specific timeinterval for some fixed retry count. But as changes suggested by Mr Colin Cross on LKML https://lkml.org/lkml/2013/5/1/424, for the system calls for which issue has been faced process flag being appended with PF_FREEZER_SKIP. we are testing some scenerio in which we have to do multi suspend-resume scenario, and we faced the problem thats why suggested the change for msgsnd and msgrcv Signed-off-by: Vaneet narang Signed-off-by: Maninder Singh Cc: Yogesh Gaur Cc: Manjeet Pawar Cc: Ajeet Yadav Cc: Peter Zijlstra Cc: Tejun Heo Signed-off-by: Andrew Morton --- ipc/msg.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff -puN ipc/msg.c~ipc-msgc-msgsnd-use-freezable-blocking-call ipc/msg.c --- a/ipc/msg.c~ipc-msgc-msgsnd-use-freezable-blocking-call +++ a/ipc/msg.c @@ -673,7 +673,7 @@ long do_msgsnd(int msqid, long mtype, vo ipc_unlock_object(>q_perm); rcu_read_unlock(); - schedule(); + freezable_schedule(); rcu_read_lock(); ipc_lock_object(>q_perm); _
Re: [EDT][PATCH 1/1] msgsnd use freezable blocking call
EP-F6AA0618C49C4AEDA73BFF1B39950BAB On Wed, 06 May 2015 11:29:57 + (GMT) Maninder Singh wrote: EP-F6AA0618C49C4AEDA73BFF1B39950BAB Hi , Recently shared a patch for using freezable_schedule instead of schedule in msgrcv, and after analysing message queuie implemntation we have realized even msgsnd can also block, if queue is full, So in this scenerio msgsnd sets task state as TASK_INTERRUPTIBLE and can schedule function, similar behaviour as msgrcv. This change is applicable for msgsnd as well. we have created patch for remotes/linux-next/akpm, because msgrcv patch is already applied at this branch. . so we didnt include This changelog is quite poor. It doesn't explain why the change is being made, it doesn't explain the user-visible effects which are being fixed, etc. So I threw it away and copied text from ipc/msg.c: use freezable blocking call: One thing which isn't clear to me: *why* do we want to Avoid waking up every thread sleeping in XXX during suspend and resume? Suspend and resume are rare operations. Why do we care if a few threads wake up then go to sleep again? When any task is stuck in Interruptible or Uninterruptible state then waking up of that task fails. If wakeup fails, then suspend operation fails and all process send to frezeer state at this moment also gets wakeup. Correct implementation is that if suspend fails, then kernel would retry suspend operation again after some specific timeinterval for some fixed retry count. But as changes suggested by Mr Colin Cross on LKML https://lkml.org/lkml/2013/5/1/424, for the system calls for which issue has been faced process flag being appended with PF_FREEZER_SKIP. we are testing some scenerio in which we have to do multi suspend-resume scenario, and we faced the problem thats why suggested the change for msgsnd and msgrcv Signed-off-by: Vaneet narang v.nar...@samsung.com Signed-off-by: Maninder Singh maninder...@samsung.com Cc: Yogesh Gaur yn.g...@samsung.com Cc: Manjeet Pawar manjee...@samsung.com Cc: Ajeet Yadav ajee...@samsung.com Cc: Peter Zijlstra a.p.zijls...@chello.nl Cc: Tejun Heo t...@kernel.org Signed-off-by: Andrew Morton a...@linux-foundation.org --- ipc/msg.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff -puN ipc/msg.c~ipc-msgc-msgsnd-use-freezable-blocking-call ipc/msg.c --- a/ipc/msg.c~ipc-msgc-msgsnd-use-freezable-blocking-call +++ a/ipc/msg.c @@ -673,7 +673,7 @@ long do_msgsnd(int msqid, long mtype, vo ipc_unlock_object(msq-q_perm); rcu_read_unlock(); - schedule(); + freezable_schedule(); rcu_read_lock(); ipc_lock_object(msq-q_perm); _
[EDT][Patch 1/1] socket family check in netlabel APIs
EP-E68D5E24548545C9BBB607A98ADD61E6
Hi Paul,
>On Monday, March 30, 2015 11:09:00 AM Maninder Singh wrote:
>> Dear All,
>> we found One Kernel Crash issue in cipso_v4_sock_delattr :-
>> As Cipso supports only inet sockets so cipso_v4_sock_delattr will crash when
>> try to access any other socket type. cipso_v4_sock_delattr access
>> sk_inet->inet_opt which may contain not NULL but invalid address. we found
>> this issue with netlink socket.(reproducible by trinity using sendto system
>> call .)
>Hello,
>First, please go read the Documentation/SubmittingPatches from the kernel
>sources; your patch needs to be resubmitted and the instructions in that file
>will show you how to do it correctly next time.
>Second, this appears to only affect Smack based systems, yes? SELinux based
>systems should have the proper checking in place to prevent this (the checks
>are handled in the LSM). That said, it probably wouldn't hurt to add the
>extra checking to netlbl_sock_delattr(). If you properly resubmit your patch
>I'll ACK it.
>-Paul
>--
>paul moore
>www.paul-moore.com
As suggested resubmitting the patch .
Subject : socket family check in netlabel APIs
Adding check for socket family in netlbl_sock_delattr and netlbl_req_delattr as
check present
in netlbl_sock_setattr and netlbl_req_setattr respectively.
as we faced crash in cipso_v4_sock_delattr due to other socket type.
Crash Logs :
[0-182.2400] [] (cipso_v4_sock_delattr+0x0/0x74) from []
(netlbl_sock_delattr+0x18/0x1c)
[0-182.2497] r4: r3:c07872f8
[0-182.2531] [] (netlbl_sock_delattr+0x0/0x1c) from []
(smack_netlabel+0x88/0x9c)
[0-182.2622] [] (smack_netlabel+0x0/0x9c) from []
(smack_netlabel_send+0x12c/0x144)
[0-182.2714] r7 9ce9500 r6 7b67ef4 r5:c076f408 r4 8903dc0
[0-182.2770] [] (smack_netlabel_send+0x0/0x144) from []
(smack_socket_sendmsg+0x54/0x60)
[0-182.2866] [] (smack_socket_sendmsg+0x0/0x60) from []
(security_socket_sendmsg+0x28/0x2c)
[0-182.2966] [] (security_socket_sendmsg+0x0/0x2c) from []
(sock_sendmsg+0x68/0xc0)
[0-182.3058] [] (sock_sendmsg+0x0/0xc0) from []
(SyS_sendto+0xd8/0x110)
Signed-off-by: Vaneet Narang
Signed-off-by: Maninder Singh
Reviewed-by : Ajeet Yadav
---
net/netlabel/netlabel_kapi.c | 16 ++--
1 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
index 28cddc8..606a5ce 100644
--- a/net/netlabel/netlabel_kapi.c
+++ b/net/netlabel/netlabel_kapi.c
@@ -824,7 +824,13 @@ socket_setattr_return:
*/
void netlbl_sock_delattr(struct sock *sk)
{
- cipso_v4_sock_delattr(sk);
+ switch (sk->sk_family) {
+ case AF_INET:
+ cipso_v4_sock_delattr(sk);
+ break;
+ default:
+ }
+ return;
}
/**
@@ -987,7 +993,13 @@ req_setattr_return:
*/
void netlbl_req_delattr(struct request_sock *req)
{
- cipso_v4_req_delattr(req);
+ switch (req->rsk_ops->family) {
+ case AF_INET:
+ cipso_v4_req_delattr(req);
+ break;
+ default:
+ }
+ return;
}
/**
--
1.7.1
[EDT][PATCH 1/1] msgsnd use freezable blocking call
EP-F6AA0618C49C4AEDA73BFF1B39950BAB Hi , Recently shared a patch for using freezable_schedule instead of schedule in msgrcv, and after analysing message queuie implemntation we have realized even msgsnd can also block, if queue is full, So in this scenerio msgsnd sets task state as TASK_INTERRUPTIBLE and can schedule function, similar behaviour as msgrcv. This change is applicable for msgsnd as well. we have created patch for remotes/linux-next/akpm, because msgrcv patch is already applied at this branch. so we didnt include Signed-off-by: Vaneet narang Signed-off-by: Maninder Singh --- ipc/msg.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/ipc/msg.c b/ipc/msg.c index a7261d5..da5658e 100644 --- a/ipc/msg.c +++ b/ipc/msg.c @@ -674,7 +674,7 @@ long do_msgsnd(int msqid, long mtype, void __user *mtext, ipc_unlock_object(>q_perm); rcu_read_unlock(); - schedule(); + freezable_schedule(); rcu_read_lock(); ipc_lock_object(>q_perm); -- 1.7.1 Thanks and Regards, Maninder Singh
[EDT][PATCH 1/1] msgsnd use freezable blocking call
EP-F6AA0618C49C4AEDA73BFF1B39950BAB Hi , Recently shared a patch for using freezable_schedule instead of schedule in msgrcv, and after analysing message queuie implemntation we have realized even msgsnd can also block, if queue is full, So in this scenerio msgsnd sets task state as TASK_INTERRUPTIBLE and can schedule function, similar behaviour as msgrcv. This change is applicable for msgsnd as well. we have created patch for remotes/linux-next/akpm, because msgrcv patch is already applied at this branch. so we didnt include linux/freezer.h Signed-off-by: Vaneet narang v.nar...@samsung.com Signed-off-by: Maninder Singh maninder...@samsung.com --- ipc/msg.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/ipc/msg.c b/ipc/msg.c index a7261d5..da5658e 100644 --- a/ipc/msg.c +++ b/ipc/msg.c @@ -674,7 +674,7 @@ long do_msgsnd(int msqid, long mtype, void __user *mtext, ipc_unlock_object(msq-q_perm); rcu_read_unlock(); - schedule(); + freezable_schedule(); rcu_read_lock(); ipc_lock_object(msq-q_perm); -- 1.7.1 Thanks and Regards, Maninder Singh
[EDT][Patch 1/1] socket family check in netlabel APIs
EP-E68D5E24548545C9BBB607A98ADD61E6
Hi Paul,
On Monday, March 30, 2015 11:09:00 AM Maninder Singh wrote:
Dear All,
we found One Kernel Crash issue in cipso_v4_sock_delattr :-
As Cipso supports only inet sockets so cipso_v4_sock_delattr will crash when
try to access any other socket type. cipso_v4_sock_delattr access
sk_inet-inet_opt which may contain not NULL but invalid address. we found
this issue with netlink socket.(reproducible by trinity using sendto system
call .)
Hello,
First, please go read the Documentation/SubmittingPatches from the kernel
sources; your patch needs to be resubmitted and the instructions in that file
will show you how to do it correctly next time.
Second, this appears to only affect Smack based systems, yes? SELinux based
systems should have the proper checking in place to prevent this (the checks
are handled in the LSM). That said, it probably wouldn't hurt to add the
extra checking to netlbl_sock_delattr(). If you properly resubmit your patch
I'll ACK it.
-Paul
--
paul moore
www.paul-moore.com
As suggested resubmitting the patch .
Subject : socket family check in netlabel APIs
Adding check for socket family in netlbl_sock_delattr and netlbl_req_delattr as
check present
in netlbl_sock_setattr and netlbl_req_setattr respectively.
as we faced crash in cipso_v4_sock_delattr due to other socket type.
Crash Logs :
[0-182.2400] [c04c7fa4] (cipso_v4_sock_delattr+0x0/0x74) from [c0517b64]
(netlbl_sock_delattr+0x18/0x1c)
[0-182.2497] r4: r3:c07872f8
[0-182.2531] [c0517b4c] (netlbl_sock_delattr+0x0/0x1c) from [c027b2fc]
(smack_netlabel+0x88/0x9c)
[0-182.2622] [c027b274] (smack_netlabel+0x0/0x9c) from [c027b43c]
(smack_netlabel_send+0x12c/0x144)
[0-182.2714] r7 9ce9500 r6 7b67ef4 r5:c076f408 r4 8903dc0
[0-182.2770] [c027b310] (smack_netlabel_send+0x0/0x144) from [c027b4a8]
(smack_socket_sendmsg+0x54/0x60)
[0-182.2866] [c027b454] (smack_socket_sendmsg+0x0/0x60) from [c02789ec]
(security_socket_sendmsg+0x28/0x2c)
[0-182.2966] [c02789c4] (security_socket_sendmsg+0x0/0x2c) from [c04343b0]
(sock_sendmsg+0x68/0xc0)
[0-182.3058] [c0434348] (sock_sendmsg+0x0/0xc0) from [c04369e8]
(SyS_sendto+0xd8/0x110)
Signed-off-by: Vaneet Narang v.nar...@samsung.com
Signed-off-by: Maninder Singh maninder...@samsung.com
Reviewed-by : Ajeet Yadav ajee...@samsung.com
---
net/netlabel/netlabel_kapi.c | 16 ++--
1 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
index 28cddc8..606a5ce 100644
--- a/net/netlabel/netlabel_kapi.c
+++ b/net/netlabel/netlabel_kapi.c
@@ -824,7 +824,13 @@ socket_setattr_return:
*/
void netlbl_sock_delattr(struct sock *sk)
{
- cipso_v4_sock_delattr(sk);
+ switch (sk-sk_family) {
+ case AF_INET:
+ cipso_v4_sock_delattr(sk);
+ break;
+ default:
+ }
+ return;
}
/**
@@ -987,7 +993,13 @@ req_setattr_return:
*/
void netlbl_req_delattr(struct request_sock *req)
{
- cipso_v4_req_delattr(req);
+ switch (req-rsk_ops-family) {
+ case AF_INET:
+ cipso_v4_req_delattr(req);
+ break;
+ default:
+ }
+ return;
}
/**
--
1.7.1
Re: msgrcv: use freezable blocking call
Hi Andrew, Both patches looks fine to us. Thank You > On Wed, Apr 01, 2015 at 05:18:46AM +0000, Maninder Singh wrote: > > Hi Andrew, > > Thanks for making new patch, Actually there is some problem with our mail > > editor. > > It changes tabs with spaces and corrupts the patch, we are solving the same > > at our end. > > Thats why i am sending you signed -off by only for both patches. > > Sort it and resend, no real great hurry with these patches, right? I tend not to bother too much about occasional messy patches. These ones appear to be be the first patches from these contributors and fixing them up only takes a couple of minutes. If Maninder's team expects to send more patches in the future then yes, please fix this stuff. But for now, the important thing is to get these kernel problems sorted out. > > 1. For msgrcv: use freezable blocking call > > Signed-off-by: Yogesh Gaur > > Signed-off-by: Maninder Singh > > Signed-off-by: Manjeet Pawar > > Did you really pass around that patch through 3 people or did it take > all three of you to modify those two lines? > > Should some of those SoBs be a reviewed-by perhaps? > > > > > For Peter's Review comment:- This is what, no why mentioned > > > > This call was selected to be converted to a freezable call because > > it doesn't hold any locks or release any resources when interrupted > > that might be needed by another freezing task or a kernel driver > > during suspend, and is a common site where idle userspace tasks are > > blocked. > > Please put such things in the Changelog so that we can see you've > thought about things. I have made that change. Maninder, we currently have yourself as the primary author of "restart_syscall: use freezable blocking call". Is that correct, or should that be Yogesh Gaur? --> It is correct Below are my latest copies of these two patches. How do they look? -- > Looks fine, Thnaks for making patches. From: Yogesh Gaur Subject: ipc/msg.c: use freezable blocking call Avoid waking up every thread sleeping in a msgrcv call during suspend and resume by calling a freezable blocking call. Previous patches modified the freezer to avoid sending wakeups to threads that are blocked in freezable blocking calls. Ref: https://lkml.org/lkml/2013/5/1/424 Backtrace: [] (__schedule+0x0/0x5d8) from [] (schedule+0x8c/0x90) [] (schedule+0x0/0x90) from [] (do_msgrcv+0x2e0/0x368) [] (do_msgrcv+0x0/0x368) from [] (SyS_msgrcv+0x2c/0x38) [] (SyS_msgrcv+0x0/0x38) from [] (ret_fast_syscall+0x0/0x48) tPlay0Cb2 R running 0 297204 0x0001 This call was selected to be converted to a freezable call because it doesn't hold any locks or release any resources when interrupted that might be needed by another freezing task or a kernel driver during suspend, and is a common site where idle userspace tasks are blocked. Signed-off-by: Yogesh Gaur Signed-off-by: Manjeet Pawar Signed-off-by: Maninder Singh Reviewed-by : Ajeet Yadav Cc: Peter Zijlstra Cc: Tejun Heo Signed-off-by: Andrew Morton --- ipc/msg.c |3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff -puN ipc/msg.c~msgrcv-use-freezable-blocking-call ipc/msg.c --- a/ipc/msg.c~msgrcv-use-freezable-blocking-call +++ a/ipc/msg.c @@ -37,6 +37,7 @@ #include #include #include +#include #include #include @@ -915,7 +916,7 @@ long do_msgrcv(int msqid, void __user *b ipc_unlock_object(>q_perm); rcu_read_unlock(); - schedule(); + freezable_schedule(); /* Lockless receive, part 1: * Disable preemption. We don't hold a reference to the queue _ From: Maninder Singh Subject: kernel/time/hrtimer.c: restart_syscall: use freezable blocking call Avoid waking up every thread sleeping in a restart_syscall call during suspend and resume by calling a freezable blocking call. Previous patches modified the freezer to avoid sending wakeups to threads that are blocked in freezable blocking calls. Ref: https://lkml.org/lkml/2013/5/1/424 Backtrace: [] (__schedule+0x0/0x5d8) from [] (schedule+0x8c/0x90) [] (schedule+0x0/0x90) from [] (schedule_hrtimeout_range_clock+0xdc/0x110) [] (schedule_hrtimeout_range_clock+0x0/0x110) from [] (schedule_hrtimeout_range+0x1c/0x20) r9:d16c9be0 r8:8b7d9c2c r7: r6: r5:d16c8028 [] (schedule_hrtimeout_range+0x0/0x20) from [] (poll_schedule_timeout+0x48/0x6c) [] (poll_schedule_timeout+0x0/0x6c) from [] (do_sys_poll+0x2c8/0x378) r5:d16c9f78 r4: [] (do_sys_poll+0x0/0x378) from [] (do_restart_poll+0x40/0x5c) [] (do_restart_poll+0x0/0x5c) from [] (sys_restart_syscall+0x2c/0x30) r4:fe7a [] (sys_restart_syscall+0x0/0x30) from [] (ret_fast_syscall+0x0/0x48) This call was selected to be converted to a freezable call because i
Re: Re: [Fix kernel crash in cipso_v4_sock_delattr ]
We have run trinity tool on smack enable system. like below:- #./trinity -c sendto --dangerous After some time we are able to crash the kernel:- [] (cipso_v4_sock_delattr+0x0/0x74) from [] (netlbl_sock_delattr+0x18/0x1c) r4: r3:c07872f8 [] (netlbl_sock_delattr+0x0/0x1c) from [] (smack_netlabel+0x88/0x9c) [] (smack_netlabel+0x0/0x9c) from [] (smack_netlabel_send+0x12c/0x144) r7:d9cee3c0 r6:d7b01ef4 r5:c076f408 r4:d88c84c0 [] (smack_netlabel_send+0x0/0x144) from [] (smack_socket_sendmsg+0x54/0x60) [] (smack_socket_sendmsg+0x0/0x60) from [] (security_socket_sendmsg+0x28/0x2c) [] (security_socket_sendmsg+0x0/0x2c) from [] (sock_sendmsg+0x68/0xc0) [] (sock_sendmsg+0x0/0xc0) from [] (SyS_sendto+0xd8/0x110) r7:01400118 r6:007f r5:da308a00 r4:c076f408 [] (SyS_sendto+0x0/0x110) from [] (ret_fast_syscall+0x0/0x48) Code: e5903200 e1a04000 e353 089da818 (e5d33016) [SELP] while loop ... please attach T32... And after further debugging we find this crash always come with Netlink socket. And except thi API "netlbl_sock_delattr" all other related Netlabel APIs have check to validate socket family. Thats why we added socket family check for this API "netlbl_sock_delattr" and resolves our issue. Thanks Maninder Singh On 3/30/2015 10:09 PM, Maninder Singh wrote: > We are currently using 3.10.58 kernel and we are facing this issue for samck > enabled system. > and as we can check in other APIs like netlbl_sock_getattr and > netlbl_conn_setattr have this preventive check so we added this check for > netlbl_sock_delattr also. > > And regarding patch re-submission, actually we have run checkpatch.pl before > submission(successfull) But when we submit the patch our editor changes tabs > into space, we will resubmitt the patch ASAP. Further review shows that the Smack code in 3.10.72 (I don't believe it changed after 3.10.58) already checks for the address family being AF_INET. This would indicate that the netlink code is sending garbage to security_socket_sendmsg(). Can you provide a more specific test case? I would like to see if this problem is present in newer kernels. > > Maninder Singh > --- Original Message --- > Sender : Casey Schaufler > Date : Mar 31, 2015 02:25 (GMT+09:00) > Title : Re: [Fix kernel crash in cipso_v4_sock_delattr ] > > On 3/30/2015 4:32 AM, Paul Moore wrote: >> On Monday, March 30, 2015 11:09:00 AM Maninder Singh wrote: >>> Dear All, >>> we found One Kernel Crash issue in cipso_v4_sock_delattr :- >>> As Cipso supports only inet sockets so cipso_v4_sock_delattr will crash when >>> try to access any other socket type. cipso_v4_sock_delattr access >>> sk_inet->inet_opt which may contain not NULL but invalid address. we found >>> this issue with netlink socket.(reproducible by trinity using sendto system >>> call .) >> Hello, >> >> First, please go read the Documentation/SubmittingPatches from the kernel >> sources; your patch needs to be resubmitted and the instructions in that >> file >> will show you how to do it correctly next time. >> >> Second, this appears to only affect Smack based systems, yes? SELinux based >> systems should have the proper checking in place to prevent this (the checks >> are handled in the LSM). > This looks like a problem that was fixed some time ago. > The current Smack code clearly checks for this. What kernel > version are you testing against? > >> That said, it probably wouldn't hurt to add the >> extra checking to netlbl_sock_delattr(). If you properly resubmit your >> patch >> I'll ACK it. >> >> -Paul
Re: Re: [Fix kernel crash in cipso_v4_sock_delattr ]
We have run trinity tool on smack enable system. like below:- #./trinity -c sendto --dangerous After some time we are able to crash the kernel:- [c04c8084] (cipso_v4_sock_delattr+0x0/0x74) from [c0517c44] (netlbl_sock_delattr+0x18/0x1c) r4: r3:c07872f8 [c0517c2c] (netlbl_sock_delattr+0x0/0x1c) from [c027b3e0] (smack_netlabel+0x88/0x9c) [c027b358] (smack_netlabel+0x0/0x9c) from [c027b520] (smack_netlabel_send+0x12c/0x144) r7:d9cee3c0 r6:d7b01ef4 r5:c076f408 r4:d88c84c0 [c027b3f4] (smack_netlabel_send+0x0/0x144) from [c027b58c] (smack_socket_sendmsg+0x54/0x60) [c027b538] (smack_socket_sendmsg+0x0/0x60) from [c0278ad0] (security_socket_sendmsg+0x28/0x2c) [c0278aa8] (security_socket_sendmsg+0x0/0x2c) from [c0434490] (sock_sendmsg+0x68/0xc0) [c0434428] (sock_sendmsg+0x0/0xc0) from [c0436ac8] (SyS_sendto+0xd8/0x110) r7:01400118 r6:007f r5:da308a00 r4:c076f408 [c04369f0] (SyS_sendto+0x0/0x110) from [c0012280] (ret_fast_syscall+0x0/0x48) Code: e5903200 e1a04000 e353 089da818 (e5d33016) [SELP] while loop ... please attach T32... And after further debugging we find this crash always come with Netlink socket. And except thi API netlbl_sock_delattr all other related Netlabel APIs have check to validate socket family. Thats why we added socket family check for this API netlbl_sock_delattr and resolves our issue. Thanks Maninder Singh On 3/30/2015 10:09 PM, Maninder Singh wrote: We are currently using 3.10.58 kernel and we are facing this issue for samck enabled system. and as we can check in other APIs like netlbl_sock_getattr and netlbl_conn_setattr have this preventive check so we added this check for netlbl_sock_delattr also. And regarding patch re-submission, actually we have run checkpatch.pl before submission(successfull) But when we submit the patch our editor changes tabs into space, we will resubmitt the patch ASAP. Further review shows that the Smack code in 3.10.72 (I don't believe it changed after 3.10.58) already checks for the address family being AF_INET. This would indicate that the netlink code is sending garbage to security_socket_sendmsg(). Can you provide a more specific test case? I would like to see if this problem is present in newer kernels. Maninder Singh --- Original Message --- Sender : Casey Schaufler Date : Mar 31, 2015 02:25 (GMT+09:00) Title : Re: [Fix kernel crash in cipso_v4_sock_delattr ] On 3/30/2015 4:32 AM, Paul Moore wrote: On Monday, March 30, 2015 11:09:00 AM Maninder Singh wrote: Dear All, we found One Kernel Crash issue in cipso_v4_sock_delattr :- As Cipso supports only inet sockets so cipso_v4_sock_delattr will crash when try to access any other socket type. cipso_v4_sock_delattr access sk_inet-inet_opt which may contain not NULL but invalid address. we found this issue with netlink socket.(reproducible by trinity using sendto system call .) Hello, First, please go read the Documentation/SubmittingPatches from the kernel sources; your patch needs to be resubmitted and the instructions in that file will show you how to do it correctly next time. Second, this appears to only affect Smack based systems, yes? SELinux based systems should have the proper checking in place to prevent this (the checks are handled in the LSM). This looks like a problem that was fixed some time ago. The current Smack code clearly checks for this. What kernel version are you testing against? That said, it probably wouldn't hurt to add the extra checking to netlbl_sock_delattr(). If you properly resubmit your patch I'll ACK it. -Paul
Re: msgrcv: use freezable blocking call
Hi Andrew, Both patches looks fine to us. Thank You On Wed, Apr 01, 2015 at 05:18:46AM +, Maninder Singh wrote: Hi Andrew, Thanks for making new patch, Actually there is some problem with our mail editor. It changes tabs with spaces and corrupts the patch, we are solving the same at our end. Thats why i am sending you signed -off by only for both patches. Sort it and resend, no real great hurry with these patches, right? I tend not to bother too much about occasional messy patches. These ones appear to be be the first patches from these contributors and fixing them up only takes a couple of minutes. If Maninder's team expects to send more patches in the future then yes, please fix this stuff. But for now, the important thing is to get these kernel problems sorted out. 1. For msgrcv: use freezable blocking call Signed-off-by: Yogesh Gaur yn.g...@samsung.com Signed-off-by: Maninder Singh maninder...@samsung.com Signed-off-by: Manjeet Pawar manjee...@samsung.com Did you really pass around that patch through 3 people or did it take all three of you to modify those two lines? Should some of those SoBs be a reviewed-by perhaps? For Peter's Review comment:- This is what, no why mentioned This call was selected to be converted to a freezable call because it doesn't hold any locks or release any resources when interrupted that might be needed by another freezing task or a kernel driver during suspend, and is a common site where idle userspace tasks are blocked. Please put such things in the Changelog so that we can see you've thought about things. I have made that change. Maninder, we currently have yourself as the primary author of restart_syscall: use freezable blocking call. Is that correct, or should that be Yogesh Gaur? -- It is correct Below are my latest copies of these two patches. How do they look? -- Looks fine, Thnaks for making patches. From: Yogesh Gaur yn.g...@samsung.com Subject: ipc/msg.c: use freezable blocking call Avoid waking up every thread sleeping in a msgrcv call during suspend and resume by calling a freezable blocking call. Previous patches modified the freezer to avoid sending wakeups to threads that are blocked in freezable blocking calls. Ref: https://lkml.org/lkml/2013/5/1/424 Backtrace: [c03e3924] (__schedule+0x0/0x5d8) from [c03e3f88] (schedule+0x8c/0x90) [c03e3efc] (schedule+0x0/0x90) from [c01ef9f8] (do_msgrcv+0x2e0/0x368) [c01ef718] (do_msgrcv+0x0/0x368) from [c01efaac] (SyS_msgrcv+0x2c/0x38) [c01efa80] (SyS_msgrcv+0x0/0x38) from [c001a180] (ret_fast_syscall+0x0/0x48) tPlay0Cb2 R running 0 297204 0x0001 This call was selected to be converted to a freezable call because it doesn't hold any locks or release any resources when interrupted that might be needed by another freezing task or a kernel driver during suspend, and is a common site where idle userspace tasks are blocked. Signed-off-by: Yogesh Gaur yn.g...@samsung.com Signed-off-by: Manjeet Pawar manjee...@samsung.com Signed-off-by: Maninder Singh maninder...@samsung.com Reviewed-by : Ajeet Yadav ajee...@samsung.com Cc: Peter Zijlstra a.p.zijls...@chello.nl Cc: Tejun Heo t...@kernel.org Signed-off-by: Andrew Morton a...@linux-foundation.org --- ipc/msg.c |3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff -puN ipc/msg.c~msgrcv-use-freezable-blocking-call ipc/msg.c --- a/ipc/msg.c~msgrcv-use-freezable-blocking-call +++ a/ipc/msg.c @@ -37,6 +37,7 @@ #include linux/rwsem.h #include linux/nsproxy.h #include linux/ipc_namespace.h +#include linux/freezer.h #include asm/current.h #include linux/uaccess.h @@ -915,7 +916,7 @@ long do_msgrcv(int msqid, void __user *b ipc_unlock_object(msq-q_perm); rcu_read_unlock(); - schedule(); + freezable_schedule(); /* Lockless receive, part 1: * Disable preemption. We don't hold a reference to the queue _ From: Maninder Singh maninder...@samsung.com Subject: kernel/time/hrtimer.c: restart_syscall: use freezable blocking call Avoid waking up every thread sleeping in a restart_syscall call during suspend and resume by calling a freezable blocking call. Previous patches modified the freezer to avoid sending wakeups to threads that are blocked in freezable blocking calls. Ref: https://lkml.org/lkml/2013/5/1/424 Backtrace: [c03e3924] (__schedule+0x0/0x5d8) from [c03e3f88] (schedule+0x8c/0x90) [c03e3efc] (schedule+0x0/0x90) from [c03e3150] (schedule_hrtimeout_range_clock+0xdc/0x110) [c03e3074] (schedule_hrtimeout_range_clock+0x0/0x110) from [c03e31a0] (schedule_hrtimeout_range+0x1c/0x20) r9:d16c9be0 r8:8b7d9c2c r7: r6: r5:d16c8028 [c03e3184] (schedule_hrtimeout_range+0x0/0x20) from [c015778c] (poll_schedule_timeout+0x48/0x6c) [c0157744] (poll_schedule_timeout+0x0/0x6c) from [c0158994] (do_sys_poll+0x2c8/0x378) r5:d16c9f78 r4: [c01586cc
Re: Re: msgrcv: use freezable blocking call
Hi Andrew, Thanks for making new patch, Actually there is some problem with our mail editor. It changes tabs with spaces and corrupts the patch, we are solving the same at our end. Thats why i am sending you signed -off by only for both patches. 1. For msgrcv: use freezable blocking call Signed-off-by: Yogesh Gaur Signed-off-by: Maninder Singh Signed-off-by: Manjeet Pawar Reviewed-by : Ajeet Yadav Cc: Peter Zijlstra Cc: Tejun Heo Signed-off-by: Andrew Morton 2. For restart_syscall: use freezable blocking call Signed-off-by: Yogesh Gaur Signed-off-by: Maninder Singh Signed-off-by: Amit Arora Reviewed-by : Ajeet Yadav Cc: Peter Zijlstra Cc: Tejun Heo Signed-off-by: Andrew Morton > For Peter's Review comment:- This is what, no why mentioned This call was selected to be converted to a freezable call because it doesn't hold any locks or release any resources when interrupted that might be needed by another freezing task or a kernel driver during suspend, and is a common site where idle userspace tasks are blocked. Thanks Maninder Singh Presumably Peter's review comments for "restart_syscall: use freezable blocking call" also apply here. Please send your signed-off-by: for both patches, as detailed in Documentation/SubmittingPatches section 11, thanks. From: Yogesh Gaur Subject: ipc/msg.c: use freezable blocking call Avoid waking up every thread sleeping in a msgrcv call during suspend and resume by calling a freezable blocking call. Previous patches modified the freezer to avoid sending wakeups to threads that are blocked in freezable blocking calls. Ref: https://lkml.org/lkml/2013/5/1/424 Backtrace: [] (__schedule+0x0/0x5d8) from [] (schedule+0x8c/0x90) [] (schedule+0x0/0x90) from [] (do_msgrcv+0x2e0/0x368) [] (do_msgrcv+0x0/0x368) from [] (SyS_msgrcv+0x2c/0x38) [] (SyS_msgrcv+0x0/0x38) from [] (ret_fast_syscall+0x0/0x48) tPlay0Cb2 R running 0 297204 0x0001 Signed-off-by: Yogesh Gaur Signed-off-by: Manjeet Pawar Reviewed-by : Ajeet Yadav Cc: Peter Zijlstra Cc: Tejun Heo Signed-off-by: Andrew Morton --- ipc/msg.c |3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff -puN ipc/msg.c~msgrcv-use-freezable-blocking-call ipc/msg.c --- a/ipc/msg.c~msgrcv-use-freezable-blocking-call +++ a/ipc/msg.c @@ -37,6 +37,7 @@ #include #include #include +#include #include #include @@ -915,7 +916,7 @@ long do_msgrcv(int msqid, void __user *b ipc_unlock_object(>q_perm); rcu_read_unlock(); - schedule(); + freezable_schedule(); /* Lockless receive, part 1: * Disable preemption. We don't hold a reference to the queue _
Re: Re: msgrcv: use freezable blocking call
Hi Andrew, Thanks for making new patch, Actually there is some problem with our mail editor. It changes tabs with spaces and corrupts the patch, we are solving the same at our end. Thats why i am sending you signed -off by only for both patches. 1. For msgrcv: use freezable blocking call Signed-off-by: Yogesh Gaur yn.g...@samsung.com Signed-off-by: Maninder Singh maninder...@samsung.com Signed-off-by: Manjeet Pawar manjee...@samsung.com Reviewed-by : Ajeet Yadav ajee...@samsung.com Cc: Peter Zijlstra a.p.zijls...@chello.nl Cc: Tejun Heo t...@kernel.org Signed-off-by: Andrew Morton a...@linux-foundation.org 2. For restart_syscall: use freezable blocking call Signed-off-by: Yogesh Gaur yn.g...@samsung.com Signed-off-by: Maninder Singh maninder...@samsung.com Signed-off-by: Amit Arora amit.ar...@samsung.com Reviewed-by : Ajeet Yadav ajee...@samsung.com Cc: Peter Zijlstra a.p.zijls...@chello.nl Cc: Tejun Heo t...@kernel.org Signed-off-by: Andrew Morton a...@linux-foundation.org For Peter's Review comment:- This is what, no why mentioned This call was selected to be converted to a freezable call because it doesn't hold any locks or release any resources when interrupted that might be needed by another freezing task or a kernel driver during suspend, and is a common site where idle userspace tasks are blocked. Thanks Maninder Singh Presumably Peter's review comments for restart_syscall: use freezable blocking call also apply here. Please send your signed-off-by: for both patches, as detailed in Documentation/SubmittingPatches section 11, thanks. From: Yogesh Gaur yn.g...@samsung.com Subject: ipc/msg.c: use freezable blocking call Avoid waking up every thread sleeping in a msgrcv call during suspend and resume by calling a freezable blocking call. Previous patches modified the freezer to avoid sending wakeups to threads that are blocked in freezable blocking calls. Ref: https://lkml.org/lkml/2013/5/1/424 Backtrace: [c03e3924] (__schedule+0x0/0x5d8) from [c03e3f88] (schedule+0x8c/0x90) [c03e3efc] (schedule+0x0/0x90) from [c01ef9f8] (do_msgrcv+0x2e0/0x368) [c01ef718] (do_msgrcv+0x0/0x368) from [c01efaac] (SyS_msgrcv+0x2c/0x38) [c01efa80] (SyS_msgrcv+0x0/0x38) from [c001a180] (ret_fast_syscall+0x0/0x48) tPlay0Cb2 R running 0 297204 0x0001 Signed-off-by: Yogesh Gaur yn.g...@samsung.com Signed-off-by: Manjeet Pawar manjee...@samsung.com Reviewed-by : Ajeet Yadav ajee...@samsung.com Cc: Peter Zijlstra a.p.zijls...@chello.nl Cc: Tejun Heo t...@kernel.org Signed-off-by: Andrew Morton a...@linux-foundation.org --- ipc/msg.c |3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff -puN ipc/msg.c~msgrcv-use-freezable-blocking-call ipc/msg.c --- a/ipc/msg.c~msgrcv-use-freezable-blocking-call +++ a/ipc/msg.c @@ -37,6 +37,7 @@ #include linux/rwsem.h #include linux/nsproxy.h #include linux/ipc_namespace.h +#include linux/freezer.h #include asm/current.h #include linux/uaccess.h @@ -915,7 +916,7 @@ long do_msgrcv(int msqid, void __user *b ipc_unlock_object(msq-q_perm); rcu_read_unlock(); - schedule(); + freezable_schedule(); /* Lockless receive, part 1: * Disable preemption. We don't hold a reference to the queue _
Re: Re: [Fix kernel crash in cipso_v4_sock_delattr ]
We are currently using 3.10.58 kernel and we are facing this issue for samck enabled system. and as we can check in other APIs like netlbl_sock_getattr and netlbl_conn_setattr have this preventive check so we added this check for netlbl_sock_delattr also. And regarding patch re-submission, actually we have run checkpatch.pl before submission(successfull) But when we submit the patch our editor changes tabs into space, we will resubmitt the patch ASAP. Maninder Singh --- Original Message --- Sender : Casey Schaufler Date : Mar 31, 2015 02:25 (GMT+09:00) Title : Re: [Fix kernel crash in cipso_v4_sock_delattr ] On 3/30/2015 4:32 AM, Paul Moore wrote: > On Monday, March 30, 2015 11:09:00 AM Maninder Singh wrote: >> Dear All, >> we found One Kernel Crash issue in cipso_v4_sock_delattr :- >> As Cipso supports only inet sockets so cipso_v4_sock_delattr will crash when >> try to access any other socket type. cipso_v4_sock_delattr access >> sk_inet->inet_opt which may contain not NULL but invalid address. we found >> this issue with netlink socket.(reproducible by trinity using sendto system >> call .) > Hello, > > First, please go read the Documentation/SubmittingPatches from the kernel > sources; your patch needs to be resubmitted and the instructions in that file > will show you how to do it correctly next time. > > Second, this appears to only affect Smack based systems, yes? SELinux based > systems should have the proper checking in place to prevent this (the checks > are handled in the LSM). This looks like a problem that was fixed some time ago. The current Smack code clearly checks for this. What kernel version are you testing against? > That said, it probably wouldn't hurt to add the > extra checking to netlbl_sock_delattr(). If you properly resubmit your patch > I'll ACK it. > > -Paul >
[ARM: code clean up local_irq_disable]
Hi Subject: [PATCH] ARM: code clean up local_irq_disable Signed-off-by: Akhilesh Kumar --- arch/arm/kernel/process.c |1 - 1 files changed, 0 insertions(+), 1 deletions(-) diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c index 81ef686..18cfce4 100644 --- a/arch/arm/kernel/process.c +++ b/arch/arm/kernel/process.c @@ -195,7 +195,6 @@ void machine_halt(void) local_irq_disable(); smp_send_stop(); - local_irq_disable(); while (1); } -- 1.7.1 Thanks and Regards, Maninder Singh
[Fix kernel crash in cipso_v4_sock_delattr ]
Dear All,
we found One Kernel Crash issue in cipso_v4_sock_delattr :-
As Cipso supports only inet sockets so cipso_v4_sock_delattr will crash when
try to access
any other socket type. cipso_v4_sock_delattr access sk_inet->inet_opt which may
contain not NULL but invalid address. we found this issue with netlink
socket.(reproducible by trinity using sendto system call .)
Crash Logs :
[0-182.2400] [] (cipso_v4_sock_delattr+0x0/0x74) from []
(netlbl_sock_delattr+0x18/0x1c)
[0-182.2497] r4: r3:c07872f8
[0-182.2531] [] (netlbl_sock_delattr+0x0/0x1c) from []
(smack_netlabel+0x88/0x9c)
[0-182.2622] [] (smack_netlabel+0x0/0x9c) from []
(smack_netlabel_send+0x12c/0x144)
[0-182.2714] r7 9ce9500 r6 7b67ef4 r5:c076f408 r4 8903dc0
[0-182.2770] [] (smack_netlabel_send+0x0/0x144) from []
(smack_socket_sendmsg+0x54/0x60)
[0-182.2866] [] (smack_socket_sendmsg+0x0/0x60) from []
(security_socket_sendmsg+0x28/0x2c)
[0-182.2966] [] (security_socket_sendmsg+0x0/0x2c) from []
(sock_sendmsg+0x68/0xc0)
[0-182.3058] [] (sock_sendmsg+0x0/0xc0) from []
(SyS_sendto+0xd8/0x110)
Signed-off-by: Vaneet Narang
Signed-off-by: Maninder Singh
Reviewed-by : Ajeet Yadav
---
net/netlabel/netlabel_kapi.c |8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
index 7c94aed..7a2c6f5 100755
--- a/net/netlabel/netlabel_kapi.c
+++ b/net/netlabel/netlabel_kapi.c
@@ -700,7 +700,13 @@ socket_setattr_return:
*/
void netlbl_sock_delattr(struct sock *sk)
{
- cipso_v4_sock_delattr(sk);
+ switch (sk->sk_family) {
+ case AF_INET:
+ cipso_v4_sock_delattr(sk);
+ break;
+ default:
+ break;
+ }
}
/**
--
1.7.9.5
Thanks and Regards,
Maninder Singh
restart_syscall: use freezable blocking call
Hello All,
Avoid waking up every thread sleeping in a restart_syscall call during suspend
and resume by calling a freezable blocking call.
Previous patches modified the freezer to avoid sending wakeups to threads that
are blocked in freezable blocking calls.
Ref: https://lkml.org/lkml/2013/5/1/424
We have faced similiar issue of sleep fail when calling restart() system call
in stress testing.
Patch :-
Subject: restart_syscall: use freezable blocking call
Avoid waking up every thread sleeping in a restart_syscall call during
suspend and resume by calling a freezable blocking call. Previous
patches modified the freezer to avoid sending wakeups to threads
that are blocked in freezable blocking calls.
Ref: https://lkml.org/lkml/2013/5/1/424
Backtrace:
[] (__schedule+0x0/0x5d8) from [] (schedule+0x8c/0x90)
[] (schedule+0x0/0x90) from []
(schedule_hrtimeout_range_clock+0xdc/0x110)
[] (schedule_hrtimeout_range_clock+0x0/0x110) from []
(schedule_hrtimeout_range+0x1c/0x20)
r9:d16c9be0 r8:8b7d9c2c r7: r6: r5:d16c8028
[] (schedule_hrtimeout_range+0x0/0x20) from []
(poll_schedule_timeout+0x48/0x6c)
[] (poll_schedule_timeout+0x0/0x6c) from []
(do_sys_poll+0x2c8/0x378)
r5:d16c9f78 r4:
[] (do_sys_poll+0x0/0x378) from []
(do_restart_poll+0x40/0x5c)
[] (do_restart_poll+0x0/0x5c) from []
(sys_restart_syscall+0x2c/0x30)
r4:fe7a
[] (sys_restart_syscall+0x0/0x30) from []
(ret_fast_syscall+0x0/0x48)
esTask03R running 0 270204 0x0001
Signed-off-by: Yogesh Gaur samsung.com>
Signed-off-by: Amit Arora samsung.com>
Reviewed-by : Ajeet Yadav samsung.com>
---
kernel/time/hrtimer.c |4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c
index 37e50aa..75ebc3f 100644
--- a/kernel/time/hrtimer.c
+++ b/kernel/time/hrtimer.c
@@ -1775,7 +1775,7 @@ schedule_hrtimeout_range_clock(ktime_t *expires, unsigned
long delta,
* A NULL parameter means "infinite"
*/
if (!expires) {
- schedule();
+ freezable_schedule();
return -EINTR;
}
@@ -1789,7 +1789,7 @@ schedule_hrtimeout_range_clock(ktime_t *expires, unsigned
long delta,
t.task = NULL;
if (likely(t.task))
- schedule();
+ freezable_schedule();
hrtimer_cancel();
destroy_hrtimer_on_stack();
--
1.7.1
Thanks and Regards,
Maninder Singh
restart_syscall: use freezable blocking call
Hello All,
Avoid waking up every thread sleeping in a restart_syscall call during suspend
and resume by calling a freezable blocking call.
Previous patches modified the freezer to avoid sending wakeups to threads that
are blocked in freezable blocking calls.
Ref: https://lkml.org/lkml/2013/5/1/424
We have faced similiar issue of sleep fail when calling restart() system call
in stress testing.
Patch :-
Subject: restart_syscall: use freezable blocking call
Avoid waking up every thread sleeping in a restart_syscall call during
suspend and resume by calling a freezable blocking call. Previous
patches modified the freezer to avoid sending wakeups to threads
that are blocked in freezable blocking calls.
Ref: https://lkml.org/lkml/2013/5/1/424
Backtrace:
[c03e3924] (__schedule+0x0/0x5d8) from [c03e3f88] (schedule+0x8c/0x90)
[c03e3efc] (schedule+0x0/0x90) from [c03e3150]
(schedule_hrtimeout_range_clock+0xdc/0x110)
[c03e3074] (schedule_hrtimeout_range_clock+0x0/0x110) from [c03e31a0]
(schedule_hrtimeout_range+0x1c/0x20)
r9:d16c9be0 r8:8b7d9c2c r7: r6: r5:d16c8028
[c03e3184] (schedule_hrtimeout_range+0x0/0x20) from [c015778c]
(poll_schedule_timeout+0x48/0x6c)
[c0157744] (poll_schedule_timeout+0x0/0x6c) from [c0158994]
(do_sys_poll+0x2c8/0x378)
r5:d16c9f78 r4:
[c01586cc] (do_sys_poll+0x0/0x378) from [c0158a84]
(do_restart_poll+0x40/0x5c)
[c0158a44] (do_restart_poll+0x0/0x5c) from [c005710c]
(sys_restart_syscall+0x2c/0x30)
r4:fe7a
[c00570e0] (sys_restart_syscall+0x0/0x30) from [c001a180]
(ret_fast_syscall+0x0/0x48)
esTask03R running 0 270204 0x0001
Signed-off-by: Yogesh Gaur yn.gaur at samsung.com
Signed-off-by: Amit Arora amit.arora at samsung.com
Reviewed-by : Ajeet Yadav ajeet.y at samsung.com
---
kernel/time/hrtimer.c |4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c
index 37e50aa..75ebc3f 100644
--- a/kernel/time/hrtimer.c
+++ b/kernel/time/hrtimer.c
@@ -1775,7 +1775,7 @@ schedule_hrtimeout_range_clock(ktime_t *expires, unsigned
long delta,
* A NULL parameter means infinite
*/
if (!expires) {
- schedule();
+ freezable_schedule();
return -EINTR;
}
@@ -1789,7 +1789,7 @@ schedule_hrtimeout_range_clock(ktime_t *expires, unsigned
long delta,
t.task = NULL;
if (likely(t.task))
- schedule();
+ freezable_schedule();
hrtimer_cancel(t.timer);
destroy_hrtimer_on_stack(t.timer);
--
1.7.1
Thanks and Regards,
Maninder Singh
[Fix kernel crash in cipso_v4_sock_delattr ]
Dear All,
we found One Kernel Crash issue in cipso_v4_sock_delattr :-
As Cipso supports only inet sockets so cipso_v4_sock_delattr will crash when
try to access
any other socket type. cipso_v4_sock_delattr access sk_inet-inet_opt which may
contain not NULL but invalid address. we found this issue with netlink
socket.(reproducible by trinity using sendto system call .)
Crash Logs :
[0-182.2400] [c04c7fa4] (cipso_v4_sock_delattr+0x0/0x74) from [c0517b64]
(netlbl_sock_delattr+0x18/0x1c)
[0-182.2497] r4: r3:c07872f8
[0-182.2531] [c0517b4c] (netlbl_sock_delattr+0x0/0x1c) from [c027b2fc]
(smack_netlabel+0x88/0x9c)
[0-182.2622] [c027b274] (smack_netlabel+0x0/0x9c) from [c027b43c]
(smack_netlabel_send+0x12c/0x144)
[0-182.2714] r7 9ce9500 r6 7b67ef4 r5:c076f408 r4 8903dc0
[0-182.2770] [c027b310] (smack_netlabel_send+0x0/0x144) from [c027b4a8]
(smack_socket_sendmsg+0x54/0x60)
[0-182.2866] [c027b454] (smack_socket_sendmsg+0x0/0x60) from [c02789ec]
(security_socket_sendmsg+0x28/0x2c)
[0-182.2966] [c02789c4] (security_socket_sendmsg+0x0/0x2c) from [c04343b0]
(sock_sendmsg+0x68/0xc0)
[0-182.3058] [c0434348] (sock_sendmsg+0x0/0xc0) from [c04369e8]
(SyS_sendto+0xd8/0x110)
Signed-off-by: Vaneet Narang v.nar...@samsung.com
Signed-off-by: Maninder Singh maninder...@samsung.com
Reviewed-by : Ajeet Yadav ajee...@samsung.com
---
net/netlabel/netlabel_kapi.c |8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
index 7c94aed..7a2c6f5 100755
--- a/net/netlabel/netlabel_kapi.c
+++ b/net/netlabel/netlabel_kapi.c
@@ -700,7 +700,13 @@ socket_setattr_return:
*/
void netlbl_sock_delattr(struct sock *sk)
{
- cipso_v4_sock_delattr(sk);
+ switch (sk-sk_family) {
+ case AF_INET:
+ cipso_v4_sock_delattr(sk);
+ break;
+ default:
+ break;
+ }
}
/**
--
1.7.9.5
Thanks and Regards,
Maninder Singh
[ARM: code clean up local_irq_disable]
Hi Subject: [PATCH] ARM: code clean up local_irq_disable Signed-off-by: Akhilesh Kumar akhiles...@samsung.com --- arch/arm/kernel/process.c |1 - 1 files changed, 0 insertions(+), 1 deletions(-) diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c index 81ef686..18cfce4 100644 --- a/arch/arm/kernel/process.c +++ b/arch/arm/kernel/process.c @@ -195,7 +195,6 @@ void machine_halt(void) local_irq_disable(); smp_send_stop(); - local_irq_disable(); while (1); } -- 1.7.1 Thanks and Regards, Maninder Singh
Re: Re: [Fix kernel crash in cipso_v4_sock_delattr ]
We are currently using 3.10.58 kernel and we are facing this issue for samck enabled system. and as we can check in other APIs like netlbl_sock_getattr and netlbl_conn_setattr have this preventive check so we added this check for netlbl_sock_delattr also. And regarding patch re-submission, actually we have run checkpatch.pl before submission(successfull) But when we submit the patch our editor changes tabs into space, we will resubmitt the patch ASAP. Maninder Singh --- Original Message --- Sender : Casey Schauflerca...@schaufler-ca.com Date : Mar 31, 2015 02:25 (GMT+09:00) Title : Re: [Fix kernel crash in cipso_v4_sock_delattr ] On 3/30/2015 4:32 AM, Paul Moore wrote: On Monday, March 30, 2015 11:09:00 AM Maninder Singh wrote: Dear All, we found One Kernel Crash issue in cipso_v4_sock_delattr :- As Cipso supports only inet sockets so cipso_v4_sock_delattr will crash when try to access any other socket type. cipso_v4_sock_delattr access sk_inet-inet_opt which may contain not NULL but invalid address. we found this issue with netlink socket.(reproducible by trinity using sendto system call .) Hello, First, please go read the Documentation/SubmittingPatches from the kernel sources; your patch needs to be resubmitted and the instructions in that file will show you how to do it correctly next time. Second, this appears to only affect Smack based systems, yes? SELinux based systems should have the proper checking in place to prevent this (the checks are handled in the LSM). This looks like a problem that was fixed some time ago. The current Smack code clearly checks for this. What kernel version are you testing against? That said, it probably wouldn't hurt to add the extra checking to netlbl_sock_delattr(). If you properly resubmit your patch I'll ACK it. -Paul
