[PATCH v2] edac: fix the leak of mci->bus->name when bus_register fails
Also use goto labels for all failure paths in edac_create_sysfs_mci_device and
update meaningless labels.
Signed-off-by: Junjie Mao
---
drivers/edac/edac_mc_sysfs.c | 18 +-
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/drivers/edac/edac_mc_sysfs.c b/drivers/edac/edac_mc_sysfs.c
index 670d2829c547..8e48d32efe37 100644
--- a/drivers/edac/edac_mc_sysfs.c
+++ b/drivers/edac/edac_mc_sysfs.c
@@ -989,7 +989,7 @@ int edac_create_sysfs_mci_device(struct mem_ctl_info *mci)
err = bus_register(mci->bus);
if (err < 0)
- return err;
+ goto fail_free_name;
/* get the /sys/devices/system/edac subsys reference */
mci->dev.type = &mci_attr_type;
@@ -1005,9 +1005,7 @@ int edac_create_sysfs_mci_device(struct mem_ctl_info *mci)
err = device_add(&mci->dev);
if (err < 0) {
edac_dbg(1, "failure: create device %s\n", dev_name(&mci->dev));
- bus_unregister(mci->bus);
- kfree(mci->bus->name);
- return err;
+ goto fail_unregister_bus;
}
if (mci->set_sdram_scrub_rate || mci->get_sdram_scrub_rate) {
@@ -1023,7 +1021,7 @@ int edac_create_sysfs_mci_device(struct mem_ctl_info *mci)
&dev_attr_sdram_scrub_rate);
if (err) {
edac_dbg(1, "failure: create sdram_scrub_rate\n");
- goto fail2;
+ goto fail_unregister_dev;
}
}
/*
@@ -1048,14 +1046,14 @@ int edac_create_sysfs_mci_device(struct mem_ctl_info
*mci)
err = edac_create_dimm_object(mci, dimm, i);
if (err) {
edac_dbg(1, "failure: create dimm %d obj\n", i);
- goto fail;
+ goto fail_unregister_dimm;
}
}
#ifdef CONFIG_EDAC_LEGACY_SYSFS
err = edac_create_csrow_objects(mci);
if (err < 0)
- goto fail;
+ goto fail_unregister_dimm;
#endif
#ifdef CONFIG_EDAC_DEBUG
@@ -1063,16 +1061,18 @@ int edac_create_sysfs_mci_device(struct mem_ctl_info
*mci)
#endif
return 0;
-fail:
+fail_unregister_dimm:
for (i--; i >= 0; i--) {
struct dimm_info *dimm = mci->dimms[i];
if (dimm->nr_pages == 0)
continue;
device_unregister(&dimm->dev);
}
-fail2:
+fail_unregister_dev:
device_unregister(&mci->dev);
+fail_unregister_bus:
bus_unregister(mci->bus);
+fail_free_name:
kfree(mci->bus->name);
return err;
}
--
1.9.3
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH] x86, kaslr: Prevent .bss from overlaping initrd
When choosing a random address, the current implementation does not take into
account the reversed space for .bss and .brk sections. Thus the relocated kernel
may overlap other components in memory, e.g. the initrd image:
+---+
| decompressed|
| kernel |
| (relocated) |
+---+--
| | \
+---+ .bss and .brk section
| | /
| initrd |--
| |
+---+
Here is an example of the overlap from a x86_64 kernel in qemu (the ranges of
physical addresses are presented):
compressed kernel: [0x0449626e, 0x04e30aa3]
initrd: [0x13ce6000, 0x13fef373]
relocated kernel: [0x0fe0, 0x13c1c2bb]
.bss and .brk sections: [0x13c1c2bc, 0x148262bb]
The initrd image will then be overwritten by the memset during early
initialization:
[1.655204] Unpacking initramfs...
[1.662831] Initramfs unpacking failed: junk in compressed archive
This patch prevents the above situation by requiring a larger space when looking
for a random kernel base, so that existing logic can effectively avoids the
overlap.
Fixes: 82fa9637a2 ("x86, kaslr: Select random position from e820 maps")
Reported-by: Fengguang Wu
Signed-off-by: Junjie Mao
---
arch/x86/boot/compressed/Makefile | 3 ++-
arch/x86/boot/compressed/aslr.c| 5 +++--
arch/x86/boot/compressed/head_32.S | 3 ++-
arch/x86/boot/compressed/head_64.S | 3 +++
arch/x86/boot/compressed/misc.c| 6 --
arch/x86/boot/compressed/misc.h| 6 --
arch/x86/boot/compressed/mkpiggy.c | 8 ++--
arch/x86/tools/calc_reserved.awk | 21 +
8 files changed, 45 insertions(+), 10 deletions(-)
create mode 100644 arch/x86/tools/calc_reserved.awk
diff --git a/arch/x86/boot/compressed/Makefile
b/arch/x86/boot/compressed/Makefile
index 704f58aa79cd..419e12b203d9 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -76,8 +76,9 @@ suffix-$(CONFIG_KERNEL_XZ):= xz
suffix-$(CONFIG_KERNEL_LZO):= lzo
suffix-$(CONFIG_KERNEL_LZ4):= lz4
+RESERVED_SIZE = $(shell objdump -h vmlinux | awk -f
$(srctree)/arch/x86/tools/calc_reserved.awk)
quiet_cmd_mkpiggy = MKPIGGY $@
- cmd_mkpiggy = $(obj)/mkpiggy $< > $@ || ( rm -f $@ ; false )
+ cmd_mkpiggy = $(obj)/mkpiggy $< $(RESERVED_SIZE) > $@ || ( rm -f $@ ;
false )
targets += piggy.S
$(obj)/piggy.S: $(obj)/vmlinux.bin.$(suffix-y) $(obj)/mkpiggy FORCE
diff --git a/arch/x86/boot/compressed/aslr.c b/arch/x86/boot/compressed/aslr.c
index bb1376381985..d4695b022971 100644
--- a/arch/x86/boot/compressed/aslr.c
+++ b/arch/x86/boot/compressed/aslr.c
@@ -298,7 +298,8 @@ static unsigned long find_random_addr(unsigned long minimum,
unsigned char *choose_kernel_location(unsigned char *input,
unsigned long input_size,
unsigned char *output,
- unsigned long output_size)
+ unsigned long output_size,
+ unsigned long reserved_size)
{
unsigned long choice = (unsigned long)output;
unsigned long random;
@@ -320,7 +321,7 @@ unsigned char *choose_kernel_location(unsigned char *input,
(unsigned long)output, output_size);
/* Walk e820 and find a random address. */
- random = find_random_addr(choice, output_size);
+ random = find_random_addr(choice, output_size + reserved_size);
if (!random) {
debug_putstr("KASLR could not find suitable E820 region...\n");
goto out;
diff --git a/arch/x86/boot/compressed/head_32.S
b/arch/x86/boot/compressed/head_32.S
index cbed1407a5cd..06c18f6d1f13 100644
--- a/arch/x86/boot/compressed/head_32.S
+++ b/arch/x86/boot/compressed/head_32.S
@@ -207,6 +207,7 @@ relocated:
* Do the decompression, and jump to the new kernel..
*/
/* push arguments for decompress_kernel: */
+ pushl $reserved_size
pushl $z_output_len /* decompressed length */
lealz_extract_offset_negative(%ebx), %ebp
pushl %ebp/* output address */
@@ -217,7 +218,7 @@ relocated:
pushl %eax/* heap area */
pushl %esi/* real mode pointer */
calldecompress_kernel /* returns kernel location in %eax */
- addl$24, %esp
+ addl$28, %esp
/*
* Jump to the decompressed kernel.
diff --git a/arch/x86/boot/compressed/head_64.S
b/arch/x86/boot/compressed/head_64.S
index 2884e0c3e8a5..02c518f8aca5 100644
--- a/arch/x86/boot/compressed/head_64.S
+++ b/arch/x86/boot/compressed/head_64.S
@@ -402,6 +402,8 @@ relocated:
* Do the decompression, and jump to the new kernel..
*/
pushq %rsi/* Save the real mode argument */
+
[PATCH v3] x86, kaslr: Prevent .bss from overlaping initrd
When choosing a random address, the current implementation does not take into
account the reversed space for .bss and .brk sections. Thus the relocated kernel
may overlap other components in memory. Here is an example of the overlap from a
x86_64 kernel in qemu (the ranges of physical addresses are presented):
Physical Address
0x0fe0 --++ <-- randomized base
/ | relocated kernel |
vmlinux.bin| (from vmlinux.bin) |
0x1336d000(an ELF file) ++--
\ || \
0x1376d870 --++ |
|relocs table| |
0x13c1c2a8++ .bss and .brk
|| |
0x13ce6000++ |
|| /
0x13f77000| initrd |--
||
0x13fef374++
The initrd image will then be overwritten by the memset during early
initialization:
[1.655204] Unpacking initramfs...
[1.662831] Initramfs unpacking failed: junk in compressed archive
This patch prevents the above situation by requiring a larger space when looking
for a random kernel base, so that existing logic can effectively avoids the
overlap.
Fixes: 82fa9637a2 ("x86, kaslr: Select random position from e820 maps")
Reported-by: Fengguang Wu
Signed-off-by: Junjie Mao
[kees: switched to perl to avoid hex translation pain in mawk vs gawk]
[kees: calculated overlap without relocs table]
Signed-off-by: Kees Cook
Cc: sta...@vger.kernel.org
---
This version updates the commit log only.
Kees, please help review the documentation. Thanks!
Best Regards
Junjie Mao
---
arch/x86/boot/compressed/Makefile | 4 +++-
arch/x86/boot/compressed/head_32.S | 5 +++--
arch/x86/boot/compressed/head_64.S | 5 -
arch/x86/boot/compressed/misc.c| 13 ++---
arch/x86/boot/compressed/mkpiggy.c | 9 +++--
arch/x86/tools/calc_run_size.pl| 30 ++
6 files changed, 57 insertions(+), 9 deletions(-)
create mode 100644 arch/x86/tools/calc_run_size.pl
diff --git a/arch/x86/boot/compressed/Makefile
b/arch/x86/boot/compressed/Makefile
index 0fcd9133790c..14fe7cba21d1 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -75,8 +75,10 @@ suffix-$(CONFIG_KERNEL_XZ) := xz
suffix-$(CONFIG_KERNEL_LZO):= lzo
suffix-$(CONFIG_KERNEL_LZ4):= lz4
+RUN_SIZE = $(shell objdump -h vmlinux | \
+perl $(srctree)/arch/x86/tools/calc_run_size.pl)
quiet_cmd_mkpiggy = MKPIGGY $@
- cmd_mkpiggy = $(obj)/mkpiggy $< > $@ || ( rm -f $@ ; false )
+ cmd_mkpiggy = $(obj)/mkpiggy $< $(RUN_SIZE) > $@ || ( rm -f $@ ; false )
targets += piggy.S
$(obj)/piggy.S: $(obj)/vmlinux.bin.$(suffix-y) $(obj)/mkpiggy FORCE
diff --git a/arch/x86/boot/compressed/head_32.S
b/arch/x86/boot/compressed/head_32.S
index cbed1407a5cd..1d7fbbcc196d 100644
--- a/arch/x86/boot/compressed/head_32.S
+++ b/arch/x86/boot/compressed/head_32.S
@@ -207,7 +207,8 @@ relocated:
* Do the decompression, and jump to the new kernel..
*/
/* push arguments for decompress_kernel: */
- pushl $z_output_len /* decompressed length */
+ pushl $z_run_size /* size of kernel with .bss and .brk */
+ pushl $z_output_len /* decompressed length, end of relocs */
lealz_extract_offset_negative(%ebx), %ebp
pushl %ebp/* output address */
pushl $z_input_len/* input_len */
@@ -217,7 +218,7 @@ relocated:
pushl %eax/* heap area */
pushl %esi/* real mode pointer */
calldecompress_kernel /* returns kernel location in %eax */
- addl$24, %esp
+ addl$28, %esp
/*
* Jump to the decompressed kernel.
diff --git a/arch/x86/boot/compressed/head_64.S
b/arch/x86/boot/compressed/head_64.S
index 2884e0c3e8a5..6b1766c6c082 100644
--- a/arch/x86/boot/compressed/head_64.S
+++ b/arch/x86/boot/compressed/head_64.S
@@ -402,13 +402,16 @@ relocated:
* Do the decompression, and jump to the new kernel..
*/
pushq %rsi/* Save the real mode argument */
+ movq$z_run_size, %r9/* size of kernel with .bss and .brk */
+ pushq %r9
movq%rsi, %rdi /* real mode address */
leaqboot_heap(%rip), %rsi /* malloc area for uncompression */
leaqinput_data(%rip), %rdx /* input_data */
movl$z_input_len, %ecx /* input_len */
movq%rbp, %r8 /* output target address */
- m
[PATCH] mac80211_hwsim: release driver when ieee80211_register_hw fails
t_from_kernel_thread+0x20/0x30
[0.480479] [<79677b10>] ? rest_init+0xc0/0xc0
[0.480479] ---[ end trace ad8ac403ff8aef5d ]---
[0.495478] BUG: unable to handle kernel paging request at 00200200
[0.496257] IP: [<79682de5>] mutex_lock_nested+0x135/0x2a0
[0.496923] *pde =
[0.497290] Oops: 0002 [#1]
[0.497653] CPU: 0 PID: 1 Comm: swapper Tainted: GW
3.17.0-1-gdd46990-dirty #2
[0.498659] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[0.499321] task: 78028000 ti: 78024000 task.ti: 78024000
[0.499955] EIP: 0060:[<79682de5>] EFLAGS: 00010097 CPU: 0
[0.500620] EIP is at mutex_lock_nested+0x135/0x2a0
[0.501145] EAX: 00200200 EBX: 78397434 ECX: 78397460 EDX: 78025e70
[0.501816] ESI: 0246 EDI: 78028000 EBP: 78025e8c ESP: 78025e54
[0.502497] DS: 007b ES: 007b FS: GS: SS: 0068
[0.503076] CR0: 8005003b CR2: 00200200 CR3: 01b9d000 CR4: 0690
[0.503773] Stack:
[0.503998] 0001 7925b5e8 78397460 7925b5e8 78397474
78397460
[0.504944] 00200200 78025e70 78397000 79ac9d74 0001 78025ea0
7925b5e8
[0.505451] 79ac9d74 fffe 0001 78025ebc 7925a3ff 7a251398 78025ec8
7925bf80
[0.505451] Call Trace:
[0.505451] [<7925b5e8>] ? driver_detach+0x58/0xa0
[0.505451] [<7925b5e8>] ? driver_detach+0x58/0xa0
[0.505451] [<7925b5e8>] driver_detach+0x58/0xa0
[0.505451] [<7925a3ff>] bus_remove_driver+0x8f/0xb0
[0.505451] [<7925bf80>] ? class_unregister+0x40/0x80
[0.505451] [<7925bad7>] driver_unregister+0x47/0x50
[0.505451] [<7925c033>] ? class_destroy+0x13/0x20
[0.505451] [<7925d07b>] platform_driver_unregister+0xb/0x10
[0.505451] [<79b51ba0>] init_mac80211_hwsim+0x3e8/0x3f9
[0.505451] [<79b30c58>] do_one_initcall+0x106/0x1a9
[0.505451] [<79b517b8>] ? if_spi_init_module+0xac/0xac
[0.505451] [<79b517b8>] ? if_spi_init_module+0xac/0xac
[0.505451] [<79071935>] ? parse_args+0x2f5/0x480
[0.505451] [<7906b41e>] ? __usermodehelper_set_disable_depth+0x3e/0x50
[0.505451] [<79b30dd9>] kernel_init_freeable+0xde/0x17d
[0.505451] [<79b304d6>] ? do_early_param+0x7a/0x7a
[0.505451] [<79677b1b>] kernel_init+0xb/0xe0
[0.505451] [<79075f42>] ? schedule_tail+0x12/0x40
[0.505451] [<79686580>] ret_from_kernel_thread+0x20/0x30
[0.505451] [<79677b10>] ? rest_init+0xc0/0xc0
[0.505451] Code: 89 d8 e8 cf 9b 9f ff 8b 4f 04 8d 55 e4 89 d8 e8 72 9d 9f
ff 8d 43 2c 89 c1 89 45 d8 8b 43 30 8d 55 e4 89 53 30 89 4d e4 89 45 e8 <89> 10
8b 55 dc 8b 45 e0 89 7d ec e8 db af 9f ff eb 11 90 31 c0
[0.505451] EIP: [<79682de5>] mutex_lock_nested+0x135/0x2a0 SS:ESP
0068:78025e54
[0.505451] CR2: 00200200
[0.505451] ---[ end trace ad8ac403ff8aef5e ]---
[0.505451] Kernel panic - not syncing: Fatal exception
Fixes: 9ea927748ced ("mac80211_hwsim: Register and bind to driver")
Reported-by: Fengguang Wu
Signed-off-by: Junjie Mao
---
drivers/net/wireless/mac80211_hwsim.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/wireless/mac80211_hwsim.c
b/drivers/net/wireless/mac80211_hwsim.c
index babbdc1ce741..c9ad4cf1adfb 100644
--- a/drivers/net/wireless/mac80211_hwsim.c
+++ b/drivers/net/wireless/mac80211_hwsim.c
@@ -1987,7 +1987,7 @@ static int mac80211_hwsim_create_radio(int channels,
const char *reg_alpha2,
if (err != 0) {
printk(KERN_DEBUG "mac80211_hwsim: device_bind_driver failed
(%d)\n",
err);
- goto failed_hw;
+ goto failed_bind;
}
skb_queue_head_init(&data->pending);
@@ -2183,6 +2183,8 @@ static int mac80211_hwsim_create_radio(int channels,
const char *reg_alpha2,
return idx;
failed_hw:
+ device_release_driver(data->dev);
+failed_bind:
device_unregister(data->dev);
failed_drvdata:
ieee80211_free_hw(hw);
--
1.9.3
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] mac80211_hwsim: release driver when ieee80211_register_hw fails
I was not familiar with the acquiring/releasing API either, until I met with this bug... Perhaps we can use static checkers to avoid these issues as early as possible. Any suggestions? Best Regards Junjie Mao Martin Pitt writes: > Acked-By: Martin Pitt > > Hello Junjie, > > Junjie Mao [2014-10-28 9:31 +0800]: >> The driver is not released when ieee80211_register_hw fails in >> mac80211_hwsim_create_radio, leading to the access to the unregistered (and >> possibly freed) device in platform_driver_unregister: > > Many thanks for fixing this! Sorry about that, I don't know these bits > very well. > > Martin -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH] ASoC: Intel: fix runtime pm imbalance on error
pm_runtime_get_sync() increments the runtime PM usage counter even the
call returns an error code. Thus a pairing decrement is needed on the
error handling path to keep the counter balanced.
Signed-off-by: Junjie Mao
---
sound/soc/intel/atom/sst/sst_drv_interface.c | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/sound/soc/intel/atom/sst/sst_drv_interface.c
b/sound/soc/intel/atom/sst/sst_drv_interface.c
index 620da1d1b9e3..27a9653aa3d9 100644
--- a/sound/soc/intel/atom/sst/sst_drv_interface.c
+++ b/sound/soc/intel/atom/sst/sst_drv_interface.c
@@ -152,6 +152,7 @@ static int sst_power_control(struct device *dev, bool state)
dev_dbg(ctx->dev, "Enable: pm usage count: %d\n", usage_count);
if (ret < 0) {
+ pm_runtime_put_sync(dev);
dev_err(ctx->dev, "Runtime get failed with err: %d\n",
ret);
return ret;
}
@@ -204,8 +205,10 @@ static int sst_cdev_open(struct device *dev,
struct intel_sst_drv *ctx = dev_get_drvdata(dev);
retval = pm_runtime_get_sync(ctx->dev);
- if (retval < 0)
+ if (retval < 0) {
+ pm_runtime_put_sync(ctx->dev);
return retval;
+ }
str_id = sst_get_stream(ctx, str_params);
if (str_id > 0) {
@@ -672,8 +675,10 @@ static int sst_send_byte_stream(struct device *dev,
if (NULL == bytes)
return -EINVAL;
ret_val = pm_runtime_get_sync(ctx->dev);
- if (ret_val < 0)
+ if (ret_val < 0) {
+ pm_runtime_put_sync(ctx->dev);
return ret_val;
+ }
ret_val = sst_send_byte_stream_mrfld(ctx, bytes);
sst_pm_runtime_put(ctx);
--
1.9.3
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Need a pairing decrement if pm_runtime_get_sync() fails?
Hi all,
While analyzing the source, I notice that many drivers use
pm_runtime_get_sync() in the following pattern:
err = pm_runtime_get_sync(...)
if (err < 0) {
dev_err(...);
return err;
}
Can this lead to the imbalance of runtime PM usage counter, as the
counter is always incremented in __pm_runtime_resume() regardless of the
return value? Is a pairing decrement (e.g. pm_runtime_put_sync() or
pm_runtime_put_noidle()) a must on the error-handling path? If so, which
is a better fix, adding a pairing decrement to each call site, or
decrementing the usage counter in __pm_runtime_resume() if rpm_resume()
fails?
A quick grep in the source shows that there are 150 calls to
pm_runtime_get() or pm_runtime_get_sync() (I only search for call
sites where the return values are checked), and 102 of them lack the
pairing decrement on the error-handling path. A list of these 102 call
sites, along with their contexts, are attached below for reference.
Best Regards
Junjie Mao
arch/arm/common/edma.c: ret = pm_runtime_get_sync(dev);
arch/arm/common/edma.c- if (ret < 0) {
arch/arm/common/edma.c- dev_err(dev, "pm_runtime_get_sync() failed\n");
arch/arm/common/edma.c- return ret;
arch/arm/common/edma.c- }
--
drivers/hsi/controllers/omap_ssi.c: err =
pm_runtime_get_sync(ssi->device.parent);
drivers/hsi/controllers/omap_ssi.c- if (err < 0) {
drivers/hsi/controllers/omap_ssi.c- dev_err(&ssi->device, "runtime
PM failed %d\n", err);
drivers/hsi/controllers/omap_ssi.c- return err;
drivers/hsi/controllers/omap_ssi.c- }
--
drivers/usb/core/hub.c: status = pm_runtime_get_sync(&port_dev->dev);
drivers/usb/core/hub.c- if (status < 0) {
drivers/usb/core/hub.c- dev_dbg(&udev->dev, "can't resume usb
port, status %d\n",
drivers/usb/core/hub.c- status);
drivers/usb/core/hub.c- return status;
--
drivers/usb/musb/omap2430.c:status = pm_runtime_get_sync(dev);
drivers/usb/musb/omap2430.c-if (status < 0) {
drivers/usb/musb/omap2430.c-dev_err(dev, "pm_runtime_get_sync
FAILED %d\n", status);
drivers/usb/musb/omap2430.c-goto err1;
drivers/usb/musb/omap2430.c-}
--
drivers/usb/musb/musb_dsps.c: ret = pm_runtime_get_sync(&pdev->dev);
drivers/usb/musb/musb_dsps.c- if (ret < 0) {
drivers/usb/musb/musb_dsps.c- dev_err(&pdev->dev,
"pm_runtime_get_sync FAILED");
drivers/usb/musb/musb_dsps.c- goto err2;
drivers/usb/musb/musb_dsps.c- }
--
drivers/usb/dwc3/dwc3-omap.c: ret = pm_runtime_get_sync(dev);
drivers/usb/dwc3/dwc3-omap.c- if (ret < 0) {
drivers/usb/dwc3/dwc3-omap.c- dev_err(dev, "get_sync failed with err
%d\n", ret);
drivers/usb/dwc3/dwc3-omap.c- goto err0;
drivers/usb/dwc3/dwc3-omap.c- }
--
drivers/crypto/omap-sham.c: err = pm_runtime_get_sync(dd->dev);
drivers/crypto/omap-sham.c- if (err < 0) {
drivers/crypto/omap-sham.c- dev_err(dd->dev, "failed to get sync:
%d\n", err);
drivers/crypto/omap-sham.c- return err;
drivers/crypto/omap-sham.c- }
--
drivers/crypto/omap-sham.c: err = pm_runtime_get_sync(dev);
drivers/crypto/omap-sham.c- if (err < 0) {
drivers/crypto/omap-sham.c- dev_err(dev, "failed to get sync:
%d\n", err);
drivers/crypto/omap-sham.c- goto err_pm;
drivers/crypto/omap-sham.c- }
--
drivers/crypto/omap-sham.c: int err = pm_runtime_get_sync(dev);
drivers/crypto/omap-sham.c- if (err < 0) {
drivers/crypto/omap-sham.c- dev_err(dev, "failed to get sync:
%d\n", err);
drivers/crypto/omap-sham.c- return err;
drivers/crypto/omap-sham.c- }
--
drivers/crypto/omap-aes.c: err = pm_runtime_get_sync(dd->dev);
drivers/crypto/omap-aes.c- if (err < 0) {
drivers/crypto/omap-aes.c- dev_err(dd->dev, "%s: failed to
get_sync(%d)\n",
drivers/crypto/omap-aes.c- __func__, err);
drivers/crypto/omap-aes.c- return err;
--
drivers/crypto/omap-aes.c: err = pm_runtime_get_sync(dev);
drivers/crypto/omap-aes.c- if (err < 0) {
drivers/crypto/omap-aes.c- dev_err(dev, "%s: failed to
get_sync(%d)\n",
drivers/crypto/omap-aes.c- __func__, err);
drivers/crypto/omap-aes.c- goto err_res;
--
drivers/gpu/vga/vga_switcheroo.c: ret =
pm_runtime_get_sync(&client->pdev->dev);
drivers/gpu/vga/vga_switcheroo.c- if (ret) {
drivers/gpu/vga/vga_switcheroo.c- if (ret != 1)
drivers/gpu/vga/vga_switcheroo.c- return
r
[PATCH] edac: remove dev_attr_sdram_scrub_rate on failure
Signed-off-by: Junjie Mao --- drivers/edac/edac_mc_sysfs.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/edac/edac_mc_sysfs.c b/drivers/edac/edac_mc_sysfs.c index 8e48d32efe37..ab2963bdd0d5 100644 --- a/drivers/edac/edac_mc_sysfs.c +++ b/drivers/edac/edac_mc_sysfs.c @@ -1068,6 +1068,8 @@ fail_unregister_dimm: continue; device_unregister(&dimm->dev); } + if (mci->set_sdram_scrub_rate || mci->get_sdram_scrub_rate) + device_remove_file(&mci->dev, &dev_attr_sdram_scrub_rate); fail_unregister_dev: device_unregister(&mci->dev); fail_unregister_bus: -- 1.9.3 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH] i7core_edac: release resources on error in i7core_create_sysfs_devices
Signed-off-by: Junjie Mao
---
drivers/edac/i7core_edac.c | 39 +++
1 file changed, 27 insertions(+), 12 deletions(-)
diff --git a/drivers/edac/i7core_edac.c b/drivers/edac/i7core_edac.c
index 9cd0b301f81b..98911150411b 100644
--- a/drivers/edac/i7core_edac.c
+++ b/drivers/edac/i7core_edac.c
@@ -1167,17 +1167,17 @@ static int i7core_create_sysfs_devices(struct
mem_ctl_info *mci)
return rc;
rc = device_create_file(&mci->dev, &dev_attr_inject_type);
if (rc < 0)
- return rc;
+ goto fail_remove_inject_section;
rc = device_create_file(&mci->dev, &dev_attr_inject_eccmask);
if (rc < 0)
- return rc;
+ goto fail_remove_inject_type;
rc = device_create_file(&mci->dev, &dev_attr_inject_enable);
if (rc < 0)
- return rc;
+ goto fail_remove_inject_eccmask;
pvt->addrmatch_dev = kzalloc(sizeof(*pvt->addrmatch_dev), GFP_KERNEL);
if (!pvt->addrmatch_dev)
- return rc;
+ goto fail_remove_inject_enable;
pvt->addrmatch_dev->type = &addrmatch_type;
pvt->addrmatch_dev->bus = mci->dev.bus;
@@ -1190,16 +1190,13 @@ static int i7core_create_sysfs_devices(struct
mem_ctl_info *mci)
rc = device_add(pvt->addrmatch_dev);
if (rc < 0)
- return rc;
+ goto fail_free_addrmatch_dev;
if (!pvt->is_registered) {
pvt->chancounts_dev = kzalloc(sizeof(*pvt->chancounts_dev),
GFP_KERNEL);
- if (!pvt->chancounts_dev) {
- put_device(pvt->addrmatch_dev);
- device_del(pvt->addrmatch_dev);
- return rc;
- }
+ if (!pvt->chancounts_dev)
+ goto fail_del_addrmatch_dev;
pvt->chancounts_dev->type = &all_channel_counts_type;
pvt->chancounts_dev->bus = mci->dev.bus;
@@ -1211,10 +1208,28 @@ static int i7core_create_sysfs_devices(struct
mem_ctl_info *mci)
edac_dbg(1, "creating %s\n", dev_name(pvt->chancounts_dev));
rc = device_add(pvt->chancounts_dev);
- if (rc < 0)
- return rc;
+ if (rc < 0) {
+ put_device(pvt->chancounts_dev);
+ kfree(pvt->chancounts_dev);
+ goto fail_del_addrmatch_dev;
+ }
}
return 0;
+
+fail_del_addrmatch_dev:
+ device_del(pvt->addrmatch_dev);
+fail_free_addrmatch_dev:
+ put_device(pvt->addrmatch_dev);
+ kfree(pvt->addrmatch_dev);
+fail_remove_inject_enable:
+ device_create_file(&mci->dev, &dev_attr_inject_enable);
+fail_remove_inject_eccmask:
+ device_create_file(&mci->dev, &dev_attr_inject_eccmask);
+fail_remove_inject_type:
+ device_create_file(&mci->dev, &dev_attr_inject_type);
+fail_remove_inject_section:
+ device_create_file(&mci->dev, &dev_attr_inject_section);
+ return rc;
}
static void i7core_delete_sysfs_devices(struct mem_ctl_info *mci)
--
1.9.3
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH v2] i7core_edac: release resources on error in i7core_create_sysfs_devices
v2: do not call kfree on allocated devs after device_initialize is called
Signed-off-by: Junjie Mao
---
drivers/edac/i7core_edac.c | 37 +
1 file changed, 25 insertions(+), 12 deletions(-)
diff --git a/drivers/edac/i7core_edac.c b/drivers/edac/i7core_edac.c
index 9cd0b301f81b..f6a7b676d69c 100644
--- a/drivers/edac/i7core_edac.c
+++ b/drivers/edac/i7core_edac.c
@@ -1167,17 +1167,17 @@ static int i7core_create_sysfs_devices(struct
mem_ctl_info *mci)
return rc;
rc = device_create_file(&mci->dev, &dev_attr_inject_type);
if (rc < 0)
- return rc;
+ goto fail_remove_inject_section;
rc = device_create_file(&mci->dev, &dev_attr_inject_eccmask);
if (rc < 0)
- return rc;
+ goto fail_remove_inject_type;
rc = device_create_file(&mci->dev, &dev_attr_inject_enable);
if (rc < 0)
- return rc;
+ goto fail_remove_inject_eccmask;
pvt->addrmatch_dev = kzalloc(sizeof(*pvt->addrmatch_dev), GFP_KERNEL);
if (!pvt->addrmatch_dev)
- return rc;
+ goto fail_remove_inject_enable;
pvt->addrmatch_dev->type = &addrmatch_type;
pvt->addrmatch_dev->bus = mci->dev.bus;
@@ -1190,16 +1190,13 @@ static int i7core_create_sysfs_devices(struct
mem_ctl_info *mci)
rc = device_add(pvt->addrmatch_dev);
if (rc < 0)
- return rc;
+ goto fail_free_addrmatch_dev;
if (!pvt->is_registered) {
pvt->chancounts_dev = kzalloc(sizeof(*pvt->chancounts_dev),
GFP_KERNEL);
- if (!pvt->chancounts_dev) {
- put_device(pvt->addrmatch_dev);
- device_del(pvt->addrmatch_dev);
- return rc;
- }
+ if (!pvt->chancounts_dev)
+ goto fail_del_addrmatch_dev;
pvt->chancounts_dev->type = &all_channel_counts_type;
pvt->chancounts_dev->bus = mci->dev.bus;
@@ -1211,10 +1208,26 @@ static int i7core_create_sysfs_devices(struct
mem_ctl_info *mci)
edac_dbg(1, "creating %s\n", dev_name(pvt->chancounts_dev));
rc = device_add(pvt->chancounts_dev);
- if (rc < 0)
- return rc;
+ if (rc < 0) {
+ put_device(pvt->chancounts_dev);
+ goto fail_del_addrmatch_dev;
+ }
}
return 0;
+
+fail_del_addrmatch_dev:
+ device_del(pvt->addrmatch_dev);
+fail_free_addrmatch_dev:
+ put_device(pvt->addrmatch_dev);
+fail_remove_inject_enable:
+ device_create_file(&mci->dev, &dev_attr_inject_enable);
+fail_remove_inject_eccmask:
+ device_create_file(&mci->dev, &dev_attr_inject_eccmask);
+fail_remove_inject_type:
+ device_create_file(&mci->dev, &dev_attr_inject_type);
+fail_remove_inject_section:
+ device_create_file(&mci->dev, &dev_attr_inject_section);
+ return rc;
}
static void i7core_delete_sysfs_devices(struct mem_ctl_info *mci)
--
1.9.3
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH] i7core_edac: release resources on error in i7core_create_sysfs_devices
v3: call device_remove_file on failure
v2: do not call kfree on allocated devs after device_initialize is called
Signed-off-by: Junjie Mao
---
drivers/edac/i7core_edac.c | 37 +
1 file changed, 25 insertions(+), 12 deletions(-)
diff --git a/drivers/edac/i7core_edac.c b/drivers/edac/i7core_edac.c
index 9cd0b301f81b..240e9a3303c4 100644
--- a/drivers/edac/i7core_edac.c
+++ b/drivers/edac/i7core_edac.c
@@ -1167,17 +1167,17 @@ static int i7core_create_sysfs_devices(struct
mem_ctl_info *mci)
return rc;
rc = device_create_file(&mci->dev, &dev_attr_inject_type);
if (rc < 0)
- return rc;
+ goto fail_remove_inject_section;
rc = device_create_file(&mci->dev, &dev_attr_inject_eccmask);
if (rc < 0)
- return rc;
+ goto fail_remove_inject_type;
rc = device_create_file(&mci->dev, &dev_attr_inject_enable);
if (rc < 0)
- return rc;
+ goto fail_remove_inject_eccmask;
pvt->addrmatch_dev = kzalloc(sizeof(*pvt->addrmatch_dev), GFP_KERNEL);
if (!pvt->addrmatch_dev)
- return rc;
+ goto fail_remove_inject_enable;
pvt->addrmatch_dev->type = &addrmatch_type;
pvt->addrmatch_dev->bus = mci->dev.bus;
@@ -1190,16 +1190,13 @@ static int i7core_create_sysfs_devices(struct
mem_ctl_info *mci)
rc = device_add(pvt->addrmatch_dev);
if (rc < 0)
- return rc;
+ goto fail_free_addrmatch_dev;
if (!pvt->is_registered) {
pvt->chancounts_dev = kzalloc(sizeof(*pvt->chancounts_dev),
GFP_KERNEL);
- if (!pvt->chancounts_dev) {
- put_device(pvt->addrmatch_dev);
- device_del(pvt->addrmatch_dev);
- return rc;
- }
+ if (!pvt->chancounts_dev)
+ goto fail_del_addrmatch_dev;
pvt->chancounts_dev->type = &all_channel_counts_type;
pvt->chancounts_dev->bus = mci->dev.bus;
@@ -1211,10 +1208,26 @@ static int i7core_create_sysfs_devices(struct
mem_ctl_info *mci)
edac_dbg(1, "creating %s\n", dev_name(pvt->chancounts_dev));
rc = device_add(pvt->chancounts_dev);
- if (rc < 0)
- return rc;
+ if (rc < 0) {
+ put_device(pvt->chancounts_dev);
+ goto fail_del_addrmatch_dev;
+ }
}
return 0;
+
+fail_del_addrmatch_dev:
+ device_del(pvt->addrmatch_dev);
+fail_free_addrmatch_dev:
+ put_device(pvt->addrmatch_dev);
+fail_remove_inject_enable:
+ device_remove_file(&mci->dev, &dev_attr_inject_enable);
+fail_remove_inject_eccmask:
+ device_remove_file(&mci->dev, &dev_attr_inject_eccmask);
+fail_remove_inject_type:
+ device_remove_file(&mci->dev, &dev_attr_inject_type);
+fail_remove_inject_section:
+ device_remove_file(&mci->dev, &dev_attr_inject_section);
+ return rc;
}
static void i7core_delete_sysfs_devices(struct mem_ctl_info *mci)
--
1.9.3
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH v2] i7core_edac: release resources on error in i7core_create_sysfs_devices
Guenter Roeck writes:
> On Tue, Feb 03, 2015 at 10:40:14AM +0800, Junjie Mao wrote:
>> v2: do not call kfree on allocated devs after device_initialize is called
>>
>> Signed-off-by: Junjie Mao
>> ---
>> drivers/edac/i7core_edac.c | 37 +
>> 1 file changed, 25 insertions(+), 12 deletions(-)
>>
>> diff --git a/drivers/edac/i7core_edac.c b/drivers/edac/i7core_edac.c
>> index 9cd0b301f81b..f6a7b676d69c 100644
>> --- a/drivers/edac/i7core_edac.c
>> +++ b/drivers/edac/i7core_edac.c
>> @@ -1167,17 +1167,17 @@ static int i7core_create_sysfs_devices(struct
>> mem_ctl_info *mci)
>> return rc;
>> rc = device_create_file(&mci->dev, &dev_attr_inject_type);
>> if (rc < 0)
>> -return rc;
>> +goto fail_remove_inject_section;
>> rc = device_create_file(&mci->dev, &dev_attr_inject_eccmask);
>> if (rc < 0)
>> -return rc;
>> +goto fail_remove_inject_type;
>> rc = device_create_file(&mci->dev, &dev_attr_inject_enable);
>> if (rc < 0)
>> -return rc;
>> +goto fail_remove_inject_eccmask;
>>
>> pvt->addrmatch_dev = kzalloc(sizeof(*pvt->addrmatch_dev), GFP_KERNEL);
>> if (!pvt->addrmatch_dev)
>> -return rc;
>> +goto fail_remove_inject_enable;
>>
>> pvt->addrmatch_dev->type = &addrmatch_type;
>> pvt->addrmatch_dev->bus = mci->dev.bus;
>> @@ -1190,16 +1190,13 @@ static int i7core_create_sysfs_devices(struct
>> mem_ctl_info *mci)
>>
>> rc = device_add(pvt->addrmatch_dev);
>> if (rc < 0)
>> -return rc;
>> +goto fail_free_addrmatch_dev;
>>
>> if (!pvt->is_registered) {
>> pvt->chancounts_dev = kzalloc(sizeof(*pvt->chancounts_dev),
>>GFP_KERNEL);
>> -if (!pvt->chancounts_dev) {
>> -put_device(pvt->addrmatch_dev);
>> -device_del(pvt->addrmatch_dev);
>> -return rc;
>> -}
>> +if (!pvt->chancounts_dev)
>> +goto fail_del_addrmatch_dev;
>>
>> pvt->chancounts_dev->type = &all_channel_counts_type;
>> pvt->chancounts_dev->bus = mci->dev.bus;
>> @@ -1211,10 +1208,26 @@ static int i7core_create_sysfs_devices(struct
>> mem_ctl_info *mci)
>> edac_dbg(1, "creating %s\n", dev_name(pvt->chancounts_dev));
>>
>> rc = device_add(pvt->chancounts_dev);
>> -if (rc < 0)
>> -return rc;
>> +if (rc < 0) {
>> +put_device(pvt->chancounts_dev);
>> +goto fail_del_addrmatch_dev;
>> +}
>> }
>> return 0;
>> +
>> +fail_del_addrmatch_dev:
>> +device_del(pvt->addrmatch_dev);
>> +fail_free_addrmatch_dev:
>> +put_device(pvt->addrmatch_dev);
>> +fail_remove_inject_enable:
>> +device_create_file(&mci->dev, &dev_attr_inject_enable);
>> +fail_remove_inject_eccmask:
>> +device_create_file(&mci->dev, &dev_attr_inject_eccmask);
>> +fail_remove_inject_type:
>> +device_create_file(&mci->dev, &dev_attr_inject_type);
>> +fail_remove_inject_section:
>> +device_create_file(&mci->dev, &dev_attr_inject_section);
>
> I don't know the code, but calling device_create_file() on failures
> is quite unusual. Are you sure this is correct ?
>
> Guenter
I should call device_remove_file here. Terribly sorry for the
carelessness.
Best Regards
Junjie Mao
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH v2] edac: remove dev_attr_sdram_scrub_rate on failure and destory path
v2: also remove the sysfs node in edac_remove_sysfs_mci_device Signed-off-by: Junjie Mao --- drivers/edac/edac_mc_sysfs.c | 5 + 1 file changed, 5 insertions(+) diff --git a/drivers/edac/edac_mc_sysfs.c b/drivers/edac/edac_mc_sysfs.c index 8e48d32efe37..97eefc409cac 100644 --- a/drivers/edac/edac_mc_sysfs.c +++ b/drivers/edac/edac_mc_sysfs.c @@ -1068,6 +1068,8 @@ fail_unregister_dimm: continue; device_unregister(&dimm->dev); } + if (mci->set_sdram_scrub_rate || mci->get_sdram_scrub_rate) + device_remove_file(&mci->dev, &dev_attr_sdram_scrub_rate); fail_unregister_dev: device_unregister(&mci->dev); fail_unregister_bus: @@ -1100,6 +1102,9 @@ void edac_remove_sysfs_mci_device(struct mem_ctl_info *mci) edac_dbg(0, "removing device %s\n", dev_name(&dimm->dev)); device_unregister(&dimm->dev); } + + if (mci->set_sdram_scrub_rate || mci->get_sdram_scrub_rate) + device_remove_file(&mci->dev, &dev_attr_sdram_scrub_rate); } void edac_unregister_sysfs(struct mem_ctl_info *mci) -- 1.9.3 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH] Initialize iter->started in trace_init_global_iter()
iter->started will be used in test_cpu_buff_start() if
TRACE_FILE_ANNOTATE is set in iter->iter_flags, which can happen when the
ring buffer has overrun at the time trace_init_global_iter() is
called. A null pointer is then dereferenced under such
circumstances. Here is a call trace of this problem triggered by running
RCU torture and ftrace startup test at boot time.
[ 123.244095] -
[ 123.244670] BUG: unable to handle kernel NULL pointer dereference at
(null)
[ 123.245668] IP: [] print_trace_line+0x2c3/0x39b
[ 123.246450] PGD 12d14067 PUD 138b9067 PMD 0
[ 123.247056] Oops: [#1] PREEMPT SMP
[ 123.247618] CPU: 1 PID: 54 Comm: rcu_torture_sta Not tainted
3.17.0-1-gd3afe7f99dca-dirty #9
[ 123.248717] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 123.249433] task: 880007bc4000 ti: 880007bc8000 task.ti:
880007bc8000
[ 123.250022] RIP: 0010:[] []
print_trace_line+0x2c3/0x39b
[ 123.250022] RSP: 0018:880007bcbc98 EFLAGS: 00010097
[ 123.250022] RAX: 0001 RBX: 8fa6acc0 RCX:
[ 123.250022] RDX: 0001 RSI: 8d32d7a8 RDI: 0001
[ 123.250022] RBP: 880007bcbcc8 R08: 000a R09: fff4
[ 123.250022] R10: R11: R12: 03bd1201
[ 123.250022] R13: 8800122bc014 R14: 8fa6bdbc R15:
[ 123.250022] FS: () GS:88001260()
knlGS:
[ 123.250022] CS: 0010 DS: ES: CR0: 8005003b
[ 123.250022] CR2: CR3: 12cb3000 CR4: 06a0
[ 123.250022] DR0: 0068b000 DR1: DR2:
[ 123.250022] DR3: DR6: 0ff0 DR7: 0600
[ 123.250022] Stack:
[ 123.250022] 0001 0001 0282
8fa6bdbc
[ 123.250022] 880007bcbcf8
8bba4c30
[ 123.250022] 880012e6414c 8fa4ffec 880012e640ac
880012e6409e
[ 123.250022] Call Trace:
[ 123.250022] [] ftrace_dump+0x1a1/0x235
[ 123.250022] [] rcutorture_trace_dump+0x57/0x59
[ 123.250022] [] rcu_torture_printk+0x4af/0x4cd
[ 123.250022] [] ? rcu_torture_stats_print+0x83/0x83
[ 123.250022] [] rcu_torture_stats_print+0x65/0x83
[ 123.250022] [] rcu_torture_stats+0x4e/0x73
[ 123.250022] [] kthread+0xe6/0xee
[ 123.250022] [] ? __kthread_parkme+0x80/0x80
[ 123.250022] [] ret_from_fork+0x7c/0xb0
[ 123.250022] [] ? __kthread_parkme+0x80/0x80
[ 123.250022] Code: e9 e0 00 00 00 41 f7 c4 00 10 00 00 74 7c f6 83 d8 00 00
00 02 74 73 8b bb 20 21 00 00 4c 8b bb f0 10 00 00 e8 cd b2 ff ff 89 c0 <49> 0f
a3 07 19 c0 85 c0 75 55 8b bb 20 21 00 00 48 8b 43 10 48
[ 123.250022] RIP [] print_trace_line+0x2c3/0x39b
[ 123.250022] RSP
[ 123.250022] CR2:
[ 123.250022] ---[ end trace 96d7b02518a11e33 ]---
[ 123.250022] Kernel panic - not syncing: Fatal exception
[ 123.250022] Kernel Offset: 0xaa0 from 0x8100 (relocation
range: 0x8000-0xbfff)
This bug has been reported in http://lkml.org/lkml/2014/9/2/11.
Reported-by: Fengguang Wu
Signed-off-by: Junjie Mao
---
kernel/trace/trace.c | 23 +--
kernel/trace/trace.h | 3 ++-
kernel/trace/trace_kdb.c | 8 +++-
3 files changed, 30 insertions(+), 4 deletions(-)
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index 6e79408674aa..36c642154758 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -6940,13 +6940,22 @@ trace_printk_seq(struct trace_seq *s)
trace_seq_init(s);
}
-void trace_init_global_iter(struct trace_iterator *iter)
+int trace_init_global_iter(struct trace_iterator *iter)
{
iter->tr = &global_trace;
iter->trace = iter->tr->current_trace;
iter->cpu_file = RING_BUFFER_ALL_CPUS;
iter->trace_buffer = &global_trace.trace_buffer;
+ /*
+* iter->started will be used if the ring buffer has overrun.
+*
+* We allocate it with GFP_NOWAIT since this function can be called with
+* interrupt disabled.
+*/
+ if (!zalloc_cpumask_var(&iter->started, GFP_NOWAIT))
+ return -ENOMEM;
+
if (iter->trace && iter->trace->open)
iter->trace->open(iter);
@@ -6957,6 +6966,12 @@ void trace_init_global_iter(struct trace_iterator *iter)
/* Output in nanoseconds only if we are using a clock in nanoseconds. */
if (trace_clocks[iter->tr->clock_id].in_ns)
iter->iter_flags |= TRACE_FILE_TIME_IN_NS;
+
+ return 0;
+}
+
+void trace_finalize_global_iter(struct trace_iterator *iter) {
+ free_cpumask_var(iter->started);
}
void ftrace_dump(enum ftrace_dump_mode oops_dump_mode)
@@ -6987,7 +7002,10 @@
[PATCH] USB: idmouse.c: Put the interface on error
usb_autopm_put_interface() should be called regardless of what idmouse_create_image() returns. Signed-off-by: Junjie Mao --- drivers/usb/misc/idmouse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/misc/idmouse.c b/drivers/usb/misc/idmouse.c index 4e38683c653c..5105397e62fc 100644 --- a/drivers/usb/misc/idmouse.c +++ b/drivers/usb/misc/idmouse.c @@ -257,9 +257,9 @@ static int idmouse_open(struct inode *inode, struct file *file) if (result) goto error; result = idmouse_create_image (dev); + usb_autopm_put_interface(interface); if (result) goto error; - usb_autopm_put_interface(interface); /* increment our usage count for the driver */ ++dev->open; -- 1.9.3
[PATCH] btrfs: assign error values to the correct bio structs
Fixes: 4246a0b63bd8 ("block: add a bi_error field to struct bio")
Signed-off-by: Junjie Mao
---
fs/btrfs/compression.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/btrfs/compression.c b/fs/btrfs/compression.c
index ccc70d96958d..d4d8b7e36b2f 100644
--- a/fs/btrfs/compression.c
+++ b/fs/btrfs/compression.c
@@ -698,7 +698,7 @@ int btrfs_submit_compressed_read(struct inode *inode,
struct bio *bio,
ret = btrfs_map_bio(root, comp_bio, mirror_num, 0);
if (ret) {
- bio->bi_error = ret;
+ comp_bio->bi_error = ret;
bio_endio(comp_bio);
}
@@ -728,7 +728,7 @@ int btrfs_submit_compressed_read(struct inode *inode,
struct bio *bio,
ret = btrfs_map_bio(root, comp_bio, mirror_num, 0);
if (ret) {
- bio->bi_error = ret;
+ comp_bio->bi_error = ret;
bio_endio(comp_bio);
}
--
1.9.3
[tip:x86/urgent] x86, kaslr: Prevent .bss from overlaping initrd
Commit-ID: e6023367d779060fddc9a52d1f474085b2b36298
Gitweb: http://git.kernel.org/tip/e6023367d779060fddc9a52d1f474085b2b36298
Author: Junjie Mao
AuthorDate: Fri, 31 Oct 2014 21:40:38 +0800
Committer: Thomas Gleixner
CommitDate: Sat, 1 Nov 2014 22:20:50 +0100
x86, kaslr: Prevent .bss from overlaping initrd
When choosing a random address, the current implementation does not take into
account the reversed space for .bss and .brk sections. Thus the relocated kernel
may overlap other components in memory. Here is an example of the overlap from a
x86_64 kernel in qemu (the ranges of physical addresses are presented):
Physical Address
0x0fe0 --++ <-- randomized base
/ | relocated kernel |
vmlinux.bin| (from vmlinux.bin) |
0x1336d000(an ELF file) ++--
\ || \
0x1376d870 --++ |
|relocs table| |
0x13c1c2a8++ .bss and .brk
|| |
0x13ce6000++ |
|| /
0x13f77000| initrd |--
||
0x13fef374++
The initrd image will then be overwritten by the memset during early
initialization:
[1.655204] Unpacking initramfs...
[1.662831] Initramfs unpacking failed: junk in compressed archive
This patch prevents the above situation by requiring a larger space when looking
for a random kernel base, so that existing logic can effectively avoids the
overlap.
[kees: switched to perl to avoid hex translation pain in mawk vs gawk]
[kees: calculated overlap without relocs table]
Fixes: 82fa9637a2 ("x86, kaslr: Select random position from e820 maps")
Reported-by: Fengguang Wu
Signed-off-by: Junjie Mao
Signed-off-by: Kees Cook
Cc: Josh Triplett
Cc: Matt Fleming
Cc: Ard Biesheuvel
Cc: Vivek Goyal
Cc: Andi Kleen
Cc: sta...@vger.kernel.org
Link:
http://lkml.kernel.org/r/1414762838-13067-1-git-send-email-eternal@gmail.com
Signed-off-by: Thomas Gleixner
---
arch/x86/boot/compressed/Makefile | 4 +++-
arch/x86/boot/compressed/head_32.S | 5 +++--
arch/x86/boot/compressed/head_64.S | 5 -
arch/x86/boot/compressed/misc.c| 13 ++---
arch/x86/boot/compressed/mkpiggy.c | 9 +++--
arch/x86/tools/calc_run_size.pl| 30 ++
6 files changed, 57 insertions(+), 9 deletions(-)
diff --git a/arch/x86/boot/compressed/Makefile
b/arch/x86/boot/compressed/Makefile
index 704f58a..be1e07d 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
@@ -76,8 +76,10 @@ suffix-$(CONFIG_KERNEL_XZ) := xz
suffix-$(CONFIG_KERNEL_LZO):= lzo
suffix-$(CONFIG_KERNEL_LZ4):= lz4
+RUN_SIZE = $(shell objdump -h vmlinux | \
+perl $(srctree)/arch/x86/tools/calc_run_size.pl)
quiet_cmd_mkpiggy = MKPIGGY $@
- cmd_mkpiggy = $(obj)/mkpiggy $< > $@ || ( rm -f $@ ; false )
+ cmd_mkpiggy = $(obj)/mkpiggy $< $(RUN_SIZE) > $@ || ( rm -f $@ ; false )
targets += piggy.S
$(obj)/piggy.S: $(obj)/vmlinux.bin.$(suffix-y) $(obj)/mkpiggy FORCE
diff --git a/arch/x86/boot/compressed/head_32.S
b/arch/x86/boot/compressed/head_32.S
index cbed140..1d7fbbc 100644
--- a/arch/x86/boot/compressed/head_32.S
+++ b/arch/x86/boot/compressed/head_32.S
@@ -207,7 +207,8 @@ relocated:
* Do the decompression, and jump to the new kernel..
*/
/* push arguments for decompress_kernel: */
- pushl $z_output_len /* decompressed length */
+ pushl $z_run_size /* size of kernel with .bss and .brk */
+ pushl $z_output_len /* decompressed length, end of relocs */
lealz_extract_offset_negative(%ebx), %ebp
pushl %ebp/* output address */
pushl $z_input_len/* input_len */
@@ -217,7 +218,7 @@ relocated:
pushl %eax/* heap area */
pushl %esi/* real mode pointer */
calldecompress_kernel /* returns kernel location in %eax */
- addl$24, %esp
+ addl$28, %esp
/*
* Jump to the decompressed kernel.
diff --git a/arch/x86/boot/compressed/head_64.S
b/arch/x86/boot/compressed/head_64.S
index 2884e0c..6b1766c 100644
--- a/arch/x86/boot/compressed/head_64.S
+++ b/arch/x86/boot/compressed/head_64.S
@@ -402,13 +402,16 @@ relocated:
* Do the decompression, and jump to the new kernel..
*/
pushq %rsi/* Save the real mode argument */
+ movq$z_run_size, %r9/* size of kernel with .bss and .brk */
+ pushq %r9
