[PATCH] pid: Remove unneeded hash header file
Hash functions are not needed since idr is used now. Let's remove hash header file for cleanup. Signed-off-by: Timmy Li --- kernel/pid.c | 1 - 1 file changed, 1 deletion(-) diff --git a/kernel/pid.c b/kernel/pid.c index 20881598bdfa..89548d35eefb 100644 --- a/kernel/pid.c +++ b/kernel/pid.c @@ -32,7 +32,6 @@ #include #include #include -#include #include #include #include -- 2.17.1
Re: [PATCH] arm64: PCI: free all allocated memory in case of failure
Hi Lorenzo, Thanks for your review and sorry for the late reply. On 2017/5/12 18:28, Lorenzo Pieralisi wrote: > On Fri, May 12, 2017 at 05:57:47PM +0800, Timmy Li wrote: >> There are some memory allocations in pci_acpi_scan_root(). But >> ri, root_ops and ri->cfg are not freed properly in failure cases, >> which results in memory leaks. This patch fixes the potential >> memory leaks. >> >> Signed-off-by: Timmy Li <lixiaopi...@huawei.com> >> --- >> arch/arm64/kernel/pci.c | 22 ++ >> 1 file changed, 14 insertions(+), 8 deletions(-) >> >> diff --git a/arch/arm64/kernel/pci.c b/arch/arm64/kernel/pci.c >> index 4f0e3eb..e7e88ce 100644 >> --- a/arch/arm64/kernel/pci.c >> +++ b/arch/arm64/kernel/pci.c >> @@ -188,25 +188,22 @@ struct pci_bus *pci_acpi_scan_root(struct >> acpi_pci_root *root) >> >> ri = kzalloc_node(sizeof(*ri), GFP_KERNEL, node); >> if (!ri) >> -return NULL; >> +goto err_allocri; >> >> root_ops = kzalloc_node(sizeof(*root_ops), GFP_KERNEL, node); >> if (!root_ops) >> -return NULL; >> +goto err_allocops; I think it is still needed to free ri here When ri is allocated successfully and root_ops is not. Considering this is the only remain place that need to fix, a simple way to do this would be: if (!root_ops) { + kfree(ri); return NULL; } >> >> ri->cfg = pci_acpi_setup_ecam_mapping(root); >> -if (!ri->cfg) { >> -kfree(ri); >> -kfree(root_ops); >> -return NULL; >> -} >> +if (!ri->cfg) >> +goto err_ecam; >> >> root_ops->release_info = pci_acpi_generic_release_info; > > You are missing this ^ > >> root_ops->prepare_resources = pci_acpi_root_prepare_resources; >> root_ops->pci_ops = >cfg->ops->pci_ops; >> bus = acpi_pci_root_create(root, root_ops, >common, ri->cfg); >> if (!bus) > > And how it works if (bus == NULL) here. You are correct. There is no need to do anything When acpi_pci_root_create() fails. > > Lorenzo > >> -return NULL; >> +goto err_rootcreate; >> >> pci_bus_size_bridges(bus); >> pci_bus_assign_resources(bus); >> @@ -215,6 +212,15 @@ struct pci_bus *pci_acpi_scan_root(struct acpi_pci_root >> *root) >> pcie_bus_configure_settings(child); >> >> return bus; >> + >> +err_rootcreate: >> +pci_ecam_free(ri->cfg); >> +err_ecam: >> +kfree(root_ops); >> +err_allocops: >> +kfree(ri); >> +err_allocri: >> +return NULL; >> } >> >> void pcibios_add_bus(struct pci_bus *bus) >> -- >> 1.9.1 >> >> > > . >
Re: [PATCH] arm64: PCI: free all allocated memory in case of failure
Hi Lorenzo, Thanks for your review and sorry for the late reply. On 2017/5/12 18:28, Lorenzo Pieralisi wrote: > On Fri, May 12, 2017 at 05:57:47PM +0800, Timmy Li wrote: >> There are some memory allocations in pci_acpi_scan_root(). But >> ri, root_ops and ri->cfg are not freed properly in failure cases, >> which results in memory leaks. This patch fixes the potential >> memory leaks. >> >> Signed-off-by: Timmy Li >> --- >> arch/arm64/kernel/pci.c | 22 ++ >> 1 file changed, 14 insertions(+), 8 deletions(-) >> >> diff --git a/arch/arm64/kernel/pci.c b/arch/arm64/kernel/pci.c >> index 4f0e3eb..e7e88ce 100644 >> --- a/arch/arm64/kernel/pci.c >> +++ b/arch/arm64/kernel/pci.c >> @@ -188,25 +188,22 @@ struct pci_bus *pci_acpi_scan_root(struct >> acpi_pci_root *root) >> >> ri = kzalloc_node(sizeof(*ri), GFP_KERNEL, node); >> if (!ri) >> -return NULL; >> +goto err_allocri; >> >> root_ops = kzalloc_node(sizeof(*root_ops), GFP_KERNEL, node); >> if (!root_ops) >> -return NULL; >> +goto err_allocops; I think it is still needed to free ri here When ri is allocated successfully and root_ops is not. Considering this is the only remain place that need to fix, a simple way to do this would be: if (!root_ops) { + kfree(ri); return NULL; } >> >> ri->cfg = pci_acpi_setup_ecam_mapping(root); >> -if (!ri->cfg) { >> -kfree(ri); >> -kfree(root_ops); >> -return NULL; >> -} >> +if (!ri->cfg) >> +goto err_ecam; >> >> root_ops->release_info = pci_acpi_generic_release_info; > > You are missing this ^ > >> root_ops->prepare_resources = pci_acpi_root_prepare_resources; >> root_ops->pci_ops = >cfg->ops->pci_ops; >> bus = acpi_pci_root_create(root, root_ops, >common, ri->cfg); >> if (!bus) > > And how it works if (bus == NULL) here. You are correct. There is no need to do anything When acpi_pci_root_create() fails. > > Lorenzo > >> -return NULL; >> +goto err_rootcreate; >> >> pci_bus_size_bridges(bus); >> pci_bus_assign_resources(bus); >> @@ -215,6 +212,15 @@ struct pci_bus *pci_acpi_scan_root(struct acpi_pci_root >> *root) >> pcie_bus_configure_settings(child); >> >> return bus; >> + >> +err_rootcreate: >> +pci_ecam_free(ri->cfg); >> +err_ecam: >> +kfree(root_ops); >> +err_allocops: >> +kfree(ri); >> +err_allocri: >> +return NULL; >> } >> >> void pcibios_add_bus(struct pci_bus *bus) >> -- >> 1.9.1 >> >> > > . >
[PATCH] arm64: PCI: free all allocated memory in case of failure
There are some memory allocations in pci_acpi_scan_root(). But ri, root_ops and ri->cfg are not freed properly in failure cases, which results in memory leaks. This patch fixes the potential memory leaks. Signed-off-by: Timmy Li <lixiaopi...@huawei.com> --- arch/arm64/kernel/pci.c | 22 ++ 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/arch/arm64/kernel/pci.c b/arch/arm64/kernel/pci.c index 4f0e3eb..e7e88ce 100644 --- a/arch/arm64/kernel/pci.c +++ b/arch/arm64/kernel/pci.c @@ -188,25 +188,22 @@ struct pci_bus *pci_acpi_scan_root(struct acpi_pci_root *root) ri = kzalloc_node(sizeof(*ri), GFP_KERNEL, node); if (!ri) - return NULL; + goto err_allocri; root_ops = kzalloc_node(sizeof(*root_ops), GFP_KERNEL, node); if (!root_ops) - return NULL; + goto err_allocops; ri->cfg = pci_acpi_setup_ecam_mapping(root); - if (!ri->cfg) { - kfree(ri); - kfree(root_ops); - return NULL; - } + if (!ri->cfg) + goto err_ecam; root_ops->release_info = pci_acpi_generic_release_info; root_ops->prepare_resources = pci_acpi_root_prepare_resources; root_ops->pci_ops = >cfg->ops->pci_ops; bus = acpi_pci_root_create(root, root_ops, >common, ri->cfg); if (!bus) - return NULL; + goto err_rootcreate; pci_bus_size_bridges(bus); pci_bus_assign_resources(bus); @@ -215,6 +212,15 @@ struct pci_bus *pci_acpi_scan_root(struct acpi_pci_root *root) pcie_bus_configure_settings(child); return bus; + +err_rootcreate: + pci_ecam_free(ri->cfg); +err_ecam: + kfree(root_ops); +err_allocops: + kfree(ri); +err_allocri: + return NULL; } void pcibios_add_bus(struct pci_bus *bus) -- 1.9.1
[PATCH] arm64: PCI: free all allocated memory in case of failure
There are some memory allocations in pci_acpi_scan_root(). But ri, root_ops and ri->cfg are not freed properly in failure cases, which results in memory leaks. This patch fixes the potential memory leaks. Signed-off-by: Timmy Li --- arch/arm64/kernel/pci.c | 22 ++ 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/arch/arm64/kernel/pci.c b/arch/arm64/kernel/pci.c index 4f0e3eb..e7e88ce 100644 --- a/arch/arm64/kernel/pci.c +++ b/arch/arm64/kernel/pci.c @@ -188,25 +188,22 @@ struct pci_bus *pci_acpi_scan_root(struct acpi_pci_root *root) ri = kzalloc_node(sizeof(*ri), GFP_KERNEL, node); if (!ri) - return NULL; + goto err_allocri; root_ops = kzalloc_node(sizeof(*root_ops), GFP_KERNEL, node); if (!root_ops) - return NULL; + goto err_allocops; ri->cfg = pci_acpi_setup_ecam_mapping(root); - if (!ri->cfg) { - kfree(ri); - kfree(root_ops); - return NULL; - } + if (!ri->cfg) + goto err_ecam; root_ops->release_info = pci_acpi_generic_release_info; root_ops->prepare_resources = pci_acpi_root_prepare_resources; root_ops->pci_ops = >cfg->ops->pci_ops; bus = acpi_pci_root_create(root, root_ops, >common, ri->cfg); if (!bus) - return NULL; + goto err_rootcreate; pci_bus_size_bridges(bus); pci_bus_assign_resources(bus); @@ -215,6 +212,15 @@ struct pci_bus *pci_acpi_scan_root(struct acpi_pci_root *root) pcie_bus_configure_settings(child); return bus; + +err_rootcreate: + pci_ecam_free(ri->cfg); +err_ecam: + kfree(root_ops); +err_allocops: + kfree(ri); +err_allocri: + return NULL; } void pcibios_add_bus(struct pci_bus *bus) -- 1.9.1
[PATCH net v2] net: hns: fix ethtool_get_strings overflow in hns driver
hns_get_sset_count() returns HNS_NET_STATS_CNT and the data space allocated is not enough for ethtool_get_strings(), which will cause random memory corruption. When SLAB and DEBUG_SLAB are both enabled, memory corruptions like the the following can be observed without this patch: [ 43.115200] Slab corruption (Not tainted): Acpi-ParseExt start=801fb0b69030, len=80 [ 43.115206] Redzone: 0x9f911029d006462/0x5f78745f31657070. [ 43.115208] Last user: [<5f7272655f746b70>](0x5f7272655f746b70) [ 43.115214] 010: 70 70 65 31 5f 74 78 5f 70 6b 74 00 6b 6b 6b 6b ppe1_tx_pkt. [ 43.115217] 030: 70 70 65 31 5f 74 78 5f 70 6b 74 5f 6f 6b 00 6b ppe1_tx_pkt_ok.k [ 43.115218] Next obj: start=801fb0b69098, len=80 [ 43.115220] Redzone: 0x706d655f6f666966/0x9f911029d74e35b. [ 43.115229] Last user: [](acpi_os_release_object+0x28/0x38) [ 43.115231] 000: 74 79 00 6b 6b 6b 6b 6b 70 70 65 31 5f 74 78 5f ty.kppe1_tx_ [ 43.115232] 010: 70 6b 74 5f 65 72 72 5f 63 73 75 6d 5f 66 61 69 pkt_err_csum_fai Signed-off-by: Timmy Li <lixiaopi...@huawei.com> --- Changelog: v1 -> v2: * Remove unnecessary parenthesis --- drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c index 3382441..310cc92 100644 --- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c +++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c @@ -672,7 +672,7 @@ static void hns_gmac_get_strings(u32 stringset, u8 *data) static int hns_gmac_get_sset_count(int stringset) { - if (stringset == ETH_SS_STATS) + if (stringset == ETH_SS_STATS || stringset == ETH_SS_PRIV_FLAGS) return ARRAY_SIZE(g_gmac_stats_string); return 0; diff --git a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c index 6ea8722..4ecb809 100644 --- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c +++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c @@ -422,7 +422,7 @@ void hns_ppe_update_stats(struct hns_ppe_cb *ppe_cb) int hns_ppe_get_sset_count(int stringset) { - if (stringset == ETH_SS_STATS) + if (stringset == ETH_SS_STATS || stringset == ETH_SS_PRIV_FLAGS) return ETH_PPE_STATIC_NUM; return 0; } diff --git a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c index f0ed80d6..c176db0 100644 --- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c +++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c @@ -799,7 +799,7 @@ void hns_rcb_get_stats(struct hnae_queue *queue, u64 *data) */ int hns_rcb_get_ring_sset_count(int stringset) { - if (stringset == ETH_SS_STATS) + if (stringset == ETH_SS_STATS || stringset == ETH_SS_PRIV_FLAGS) return HNS_RING_STATIC_REG_NUM; return 0; diff --git a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c index aae830a..faacab8 100644 --- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c +++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c @@ -793,7 +793,7 @@ static void hns_xgmac_get_strings(u32 stringset, u8 *data) */ static int hns_xgmac_get_sset_count(int stringset) { - if (stringset == ETH_SS_STATS) + if (stringset == ETH_SS_STATS || stringset == ETH_SS_PRIV_FLAGS) return ARRAY_SIZE(g_xgmac_stats_string); return 0; -- 1.9.1
[PATCH net v2] net: hns: fix ethtool_get_strings overflow in hns driver
hns_get_sset_count() returns HNS_NET_STATS_CNT and the data space allocated is not enough for ethtool_get_strings(), which will cause random memory corruption. When SLAB and DEBUG_SLAB are both enabled, memory corruptions like the the following can be observed without this patch: [ 43.115200] Slab corruption (Not tainted): Acpi-ParseExt start=801fb0b69030, len=80 [ 43.115206] Redzone: 0x9f911029d006462/0x5f78745f31657070. [ 43.115208] Last user: [<5f7272655f746b70>](0x5f7272655f746b70) [ 43.115214] 010: 70 70 65 31 5f 74 78 5f 70 6b 74 00 6b 6b 6b 6b ppe1_tx_pkt. [ 43.115217] 030: 70 70 65 31 5f 74 78 5f 70 6b 74 5f 6f 6b 00 6b ppe1_tx_pkt_ok.k [ 43.115218] Next obj: start=801fb0b69098, len=80 [ 43.115220] Redzone: 0x706d655f6f666966/0x9f911029d74e35b. [ 43.115229] Last user: [](acpi_os_release_object+0x28/0x38) [ 43.115231] 000: 74 79 00 6b 6b 6b 6b 6b 70 70 65 31 5f 74 78 5f ty.kppe1_tx_ [ 43.115232] 010: 70 6b 74 5f 65 72 72 5f 63 73 75 6d 5f 66 61 69 pkt_err_csum_fai Signed-off-by: Timmy Li --- Changelog: v1 -> v2: * Remove unnecessary parenthesis --- drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c index 3382441..310cc92 100644 --- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c +++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c @@ -672,7 +672,7 @@ static void hns_gmac_get_strings(u32 stringset, u8 *data) static int hns_gmac_get_sset_count(int stringset) { - if (stringset == ETH_SS_STATS) + if (stringset == ETH_SS_STATS || stringset == ETH_SS_PRIV_FLAGS) return ARRAY_SIZE(g_gmac_stats_string); return 0; diff --git a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c index 6ea8722..4ecb809 100644 --- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c +++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c @@ -422,7 +422,7 @@ void hns_ppe_update_stats(struct hns_ppe_cb *ppe_cb) int hns_ppe_get_sset_count(int stringset) { - if (stringset == ETH_SS_STATS) + if (stringset == ETH_SS_STATS || stringset == ETH_SS_PRIV_FLAGS) return ETH_PPE_STATIC_NUM; return 0; } diff --git a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c index f0ed80d6..c176db0 100644 --- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c +++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c @@ -799,7 +799,7 @@ void hns_rcb_get_stats(struct hnae_queue *queue, u64 *data) */ int hns_rcb_get_ring_sset_count(int stringset) { - if (stringset == ETH_SS_STATS) + if (stringset == ETH_SS_STATS || stringset == ETH_SS_PRIV_FLAGS) return HNS_RING_STATIC_REG_NUM; return 0; diff --git a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c index aae830a..faacab8 100644 --- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c +++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c @@ -793,7 +793,7 @@ static void hns_xgmac_get_strings(u32 stringset, u8 *data) */ static int hns_xgmac_get_sset_count(int stringset) { - if (stringset == ETH_SS_STATS) + if (stringset == ETH_SS_STATS || stringset == ETH_SS_PRIV_FLAGS) return ARRAY_SIZE(g_xgmac_stats_string); return 0; -- 1.9.1
[PATCH net] net: hns: fix ethtool_get_strings overflow in hns driver
hns_get_sset_count() returns HNS_NET_STATS_CNT and the data space allocated is not enough for ethtool_get_strings(), which will cause random memory corruption. When SLAB and DEBUG_SLAB are both enabled, memory corruptions like the the following can be observed without this patch: [ 43.115200] Slab corruption (Not tainted): Acpi-ParseExt start=801fb0b69030, len=80 [ 43.115206] Redzone: 0x9f911029d006462/0x5f78745f31657070. [ 43.115208] Last user: [<5f7272655f746b70>](0x5f7272655f746b70) [ 43.115214] 010: 70 70 65 31 5f 74 78 5f 70 6b 74 00 6b 6b 6b 6b ppe1_tx_pkt. [ 43.115217] 030: 70 70 65 31 5f 74 78 5f 70 6b 74 5f 6f 6b 00 6b ppe1_tx_pkt_ok.k [ 43.115218] Next obj: start=801fb0b69098, len=80 [ 43.115220] Redzone: 0x706d655f6f666966/0x9f911029d74e35b. [ 43.115229] Last user: [](acpi_os_release_object+0x28/0x38) [ 43.115231] 000: 74 79 00 6b 6b 6b 6b 6b 70 70 65 31 5f 74 78 5f ty.kppe1_tx_ [ 43.115232] 010: 70 6b 74 5f 65 72 72 5f 63 73 75 6d 5f 66 61 69 pkt_err_csum_fai Signed-off-by: Timmy Li <lixiaopi...@huawei.com> --- drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c index 3382441..7faeb5b 100644 --- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c +++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c @@ -672,7 +672,7 @@ static void hns_gmac_get_strings(u32 stringset, u8 *data) static int hns_gmac_get_sset_count(int stringset) { - if (stringset == ETH_SS_STATS) + if ((stringset == ETH_SS_STATS) || (stringset == ETH_SS_PRIV_FLAGS)) return ARRAY_SIZE(g_gmac_stats_string); return 0; diff --git a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c index 6ea8722..e3e8772 100644 --- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c +++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c @@ -422,7 +422,7 @@ void hns_ppe_update_stats(struct hns_ppe_cb *ppe_cb) int hns_ppe_get_sset_count(int stringset) { - if (stringset == ETH_SS_STATS) + if ((stringset == ETH_SS_STATS) || (stringset == ETH_SS_PRIV_FLAGS)) return ETH_PPE_STATIC_NUM; return 0; } diff --git a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c index f0ed80d6..01a0a03 100644 --- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c +++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c @@ -799,7 +799,7 @@ void hns_rcb_get_stats(struct hnae_queue *queue, u64 *data) */ int hns_rcb_get_ring_sset_count(int stringset) { - if (stringset == ETH_SS_STATS) + if ((stringset == ETH_SS_STATS) || (stringset == ETH_SS_PRIV_FLAGS)) return HNS_RING_STATIC_REG_NUM; return 0; diff --git a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c index aae830a..f10b25c 100644 --- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c +++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c @@ -793,7 +793,7 @@ static void hns_xgmac_get_strings(u32 stringset, u8 *data) */ static int hns_xgmac_get_sset_count(int stringset) { - if (stringset == ETH_SS_STATS) + if ((stringset == ETH_SS_STATS) || (stringset == ETH_SS_PRIV_FLAGS)) return ARRAY_SIZE(g_xgmac_stats_string); return 0; -- 1.9.1
[PATCH net] net: hns: fix ethtool_get_strings overflow in hns driver
hns_get_sset_count() returns HNS_NET_STATS_CNT and the data space allocated is not enough for ethtool_get_strings(), which will cause random memory corruption. When SLAB and DEBUG_SLAB are both enabled, memory corruptions like the the following can be observed without this patch: [ 43.115200] Slab corruption (Not tainted): Acpi-ParseExt start=801fb0b69030, len=80 [ 43.115206] Redzone: 0x9f911029d006462/0x5f78745f31657070. [ 43.115208] Last user: [<5f7272655f746b70>](0x5f7272655f746b70) [ 43.115214] 010: 70 70 65 31 5f 74 78 5f 70 6b 74 00 6b 6b 6b 6b ppe1_tx_pkt. [ 43.115217] 030: 70 70 65 31 5f 74 78 5f 70 6b 74 5f 6f 6b 00 6b ppe1_tx_pkt_ok.k [ 43.115218] Next obj: start=801fb0b69098, len=80 [ 43.115220] Redzone: 0x706d655f6f666966/0x9f911029d74e35b. [ 43.115229] Last user: [](acpi_os_release_object+0x28/0x38) [ 43.115231] 000: 74 79 00 6b 6b 6b 6b 6b 70 70 65 31 5f 74 78 5f ty.kppe1_tx_ [ 43.115232] 010: 70 6b 74 5f 65 72 72 5f 63 73 75 6d 5f 66 61 69 pkt_err_csum_fai Signed-off-by: Timmy Li --- drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c | 2 +- drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c index 3382441..7faeb5b 100644 --- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c +++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c @@ -672,7 +672,7 @@ static void hns_gmac_get_strings(u32 stringset, u8 *data) static int hns_gmac_get_sset_count(int stringset) { - if (stringset == ETH_SS_STATS) + if ((stringset == ETH_SS_STATS) || (stringset == ETH_SS_PRIV_FLAGS)) return ARRAY_SIZE(g_gmac_stats_string); return 0; diff --git a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c index 6ea8722..e3e8772 100644 --- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c +++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c @@ -422,7 +422,7 @@ void hns_ppe_update_stats(struct hns_ppe_cb *ppe_cb) int hns_ppe_get_sset_count(int stringset) { - if (stringset == ETH_SS_STATS) + if ((stringset == ETH_SS_STATS) || (stringset == ETH_SS_PRIV_FLAGS)) return ETH_PPE_STATIC_NUM; return 0; } diff --git a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c index f0ed80d6..01a0a03 100644 --- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c +++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c @@ -799,7 +799,7 @@ void hns_rcb_get_stats(struct hnae_queue *queue, u64 *data) */ int hns_rcb_get_ring_sset_count(int stringset) { - if (stringset == ETH_SS_STATS) + if ((stringset == ETH_SS_STATS) || (stringset == ETH_SS_PRIV_FLAGS)) return HNS_RING_STATIC_REG_NUM; return 0; diff --git a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c index aae830a..f10b25c 100644 --- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c +++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c @@ -793,7 +793,7 @@ static void hns_xgmac_get_strings(u32 stringset, u8 *data) */ static int hns_xgmac_get_sset_count(int stringset) { - if (stringset == ETH_SS_STATS) + if ((stringset == ETH_SS_STATS) || (stringset == ETH_SS_PRIV_FLAGS)) return ARRAY_SIZE(g_xgmac_stats_string); return 0; -- 1.9.1