Skip to content

Instantly share code, notes, and snippets.

@dvyukov

dvyukov/gist:14f58a8955e08fdb3009

Created March 10, 2016 18:36
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save dvyukov/14f58a8955e08fdb3009 to your computer and use it in GitHub Desktop.
Save dvyukov/14f58a8955e08fdb3009 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index 6525e92..99cb866 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -170,6 +170,9 @@ int kvm_vcpu_ioctl_set_cpuid(struct kvm_vcpu *vcpu,
r = -E2BIG;
if (cpuid->nent > KVM_MAX_CPUID_ENTRIES)
goto out;
+ r = -EINVAL;
+ if (cpuid->nent == 0)
+ goto out;
r = -ENOMEM;
cpuid_entries = vmalloc(sizeof(struct kvm_cpuid_entry) * cpuid->nent);
if (!cpuid_entries)
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
index 36591fa..8f38a3a 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -2160,7 +2160,7 @@ void kvm_apic_accept_events(struct kvm_vcpu *vcpu)
* and delay processing of INIT until the next RSM.
*/
if (is_smm(vcpu)) {
- WARN_ON_ONCE(vcpu->arch.mp_state == KVM_MP_STATE_INIT_RECEIVED);
+ //WARN_ON(vcpu->arch.mp_state == KVM_MP_STATE_INIT_RECEIVED);
if (test_bit(KVM_APIC_SIPI, &apic->pending_events))
clear_bit(KVM_APIC_SIPI, &apic->pending_events);
return;
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 0ff4537..b53045b 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -8129,7 +8129,7 @@ static int vmx_handle_exit(struct kvm_vcpu *vcpu)
}
if (exit_reason & VMX_EXIT_REASONS_FAILED_VMENTRY) {
- dump_vmcs();
+ //dump_vmcs();
vcpu->run->exit_reason = KVM_EXIT_FAIL_ENTRY;
vcpu->run->fail_entry.hardware_entry_failure_reason
= exit_reason;
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index eaf6ee8..335efad 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -342,7 +342,7 @@ static int exception_type(int vector)
{
unsigned int mask;
- if (WARN_ON(vector > 31 || vector == NMI_VECTOR))
+ if (vector > 31 || vector == NMI_VECTOR)
return EXCPT_INTERRUPT;
mask = 1 << vector;
@@ -7780,7 +7780,7 @@ int __x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa, u32 size)
slot = id_to_memslot(slots, id);
if (size) {
- if (WARN_ON(slot->npages))
+ if (slot->npages)
return -EEXIST;
/*
diff --git a/drivers/base/core.c b/drivers/base/core.c
index 0a8bdad..addd440 100644
--- a/drivers/base/core.c
+++ b/drivers/base/core.c
@@ -1058,7 +1058,7 @@ int device_add(struct device *dev)
goto name_error;
}
- pr_debug("device: '%s': %s\n", dev_name(dev), __func__);
+ //pr_debug("device: '%s': %s\n", dev_name(dev), __func__);
parent = get_device(dev->parent);
kobj = get_device_parent(dev, parent);
@@ -1295,7 +1295,7 @@ EXPORT_SYMBOL_GPL(device_del);
*/
void device_unregister(struct device *dev)
{
- pr_debug("device: '%s': %s\n", dev_name(dev), __func__);
+ //pr_debug("device: '%s': %s\n", dev_name(dev), __func__);
device_del(dev);
put_device(dev);
}
@@ -1672,7 +1672,7 @@ EXPORT_SYMBOL_GPL(root_device_unregister);
static void device_create_release(struct device *dev)
{
- pr_debug("device: '%s': %s\n", dev_name(dev), __func__);
+ //pr_debug("device: '%s': %s\n", dev_name(dev), __func__);
kfree(dev);
}
diff --git a/drivers/base/power/main.c b/drivers/base/power/main.c
index 6e7c3cc..ab247ae 100644
--- a/drivers/base/power/main.c
+++ b/drivers/base/power/main.c
@@ -123,8 +123,8 @@ void device_pm_unlock(void)
*/
void device_pm_add(struct device *dev)
{
- pr_debug("PM: Adding info for %s:%s\n",
- dev->bus ? dev->bus->name : "No Bus", dev_name(dev));
+ //pr_debug("PM: Adding info for %s:%s\n",
+ // dev->bus ? dev->bus->name : "No Bus", dev_name(dev));
device_pm_check_callbacks(dev);
mutex_lock(&dpm_list_mtx);
if (dev->parent && dev->parent->power.is_prepared)
@@ -140,8 +140,8 @@ void device_pm_add(struct device *dev)
*/
void device_pm_remove(struct device *dev)
{
- pr_debug("PM: Removing info for %s:%s\n",
- dev->bus ? dev->bus->name : "No Bus", dev_name(dev));
+ //pr_debug("PM: Removing info for %s:%s\n",
+ // dev->bus ? dev->bus->name : "No Bus", dev_name(dev));
complete_all(&dev->power.completion);
mutex_lock(&dpm_list_mtx);
list_del_init(&dev->power.entry);
@@ -158,9 +158,9 @@ void device_pm_remove(struct device *dev)
*/
void device_pm_move_before(struct device *deva, struct device *devb)
{
- pr_debug("PM: Moving %s:%s before %s:%s\n",
- deva->bus ? deva->bus->name : "No Bus", dev_name(deva),
- devb->bus ? devb->bus->name : "No Bus", dev_name(devb));
+ //pr_debug("PM: Moving %s:%s before %s:%s\n",
+ // deva->bus ? deva->bus->name : "No Bus", dev_name(deva),
+ // devb->bus ? devb->bus->name : "No Bus", dev_name(devb));
/* Delete deva from dpm_list and reinsert before devb. */
list_move_tail(&deva->power.entry, &devb->power.entry);
}
@@ -172,9 +172,9 @@ void device_pm_move_before(struct device *deva, struct device *devb)
*/
void device_pm_move_after(struct device *deva, struct device *devb)
{
- pr_debug("PM: Moving %s:%s after %s:%s\n",
- deva->bus ? deva->bus->name : "No Bus", dev_name(deva),
- devb->bus ? devb->bus->name : "No Bus", dev_name(devb));
+ //pr_debug("PM: Moving %s:%s after %s:%s\n",
+ // deva->bus ? deva->bus->name : "No Bus", dev_name(deva),
+ // devb->bus ? devb->bus->name : "No Bus", dev_name(devb));
/* Delete deva from dpm_list and reinsert after devb. */
list_move(&deva->power.entry, &devb->power.entry);
}
@@ -185,8 +185,8 @@ void device_pm_move_after(struct device *deva, struct device *devb)
*/
void device_pm_move_last(struct device *dev)
{
- pr_debug("PM: Moving %s:%s to end of list\n",
- dev->bus ? dev->bus->name : "No Bus", dev_name(dev));
+ //pr_debug("PM: Moving %s:%s to end of list\n",
+ // dev->bus ? dev->bus->name : "No Bus", dev_name(dev));
list_move_tail(&dev->power.entry, &dpm_list);
}
diff --git a/drivers/gpu/vga/vgaarb.c b/drivers/gpu/vga/vgaarb.c
index f17cb04..d73b85b 100644
--- a/drivers/gpu/vga/vgaarb.c
+++ b/drivers/gpu/vga/vgaarb.c
@@ -923,7 +923,7 @@ static ssize_t vga_arb_write(struct file *file, const char __user *buf,
int i;
- kbuf = kmalloc(count + 1, GFP_KERNEL);
+ kbuf = kmalloc(count + 1, GFP_USER | __GFP_NOWARN);
if (!kbuf)
return -ENOMEM;
diff --git a/drivers/input/mousedev.c b/drivers/input/mousedev.c
index b604564..685f142 100644
--- a/drivers/input/mousedev.c
+++ b/drivers/input/mousedev.c
@@ -675,6 +675,8 @@ static ssize_t mousedev_write(struct file *file, const char __user *buffer,
unsigned char c;
unsigned int i;
+ if (count > 16)
+ count = 16;
for (i = 0; i < count; i++) {
if (get_user(c, buffer + i))
diff --git a/drivers/isdn/gigaset/common.c b/drivers/isdn/gigaset/common.c
index 7c78144..fafe6a1 100644
--- a/drivers/isdn/gigaset/common.c
+++ b/drivers/isdn/gigaset/common.c
@@ -427,7 +427,12 @@ exit:
static void free_cs(struct cardstate *cs)
{
- cs->flags = 0;
+ //cs->flags = 0;
+ unsigned long flags;
+ struct gigaset_driver *drv = cs->driver;
+ spin_lock_irqsave(&drv->lock, flags);
+ cs->flags &= ~VALID_MINOR;
+ spin_unlock_irqrestore(&drv->lock, flags);
}
static void make_valid(struct cardstate *cs, unsigned mask)
diff --git a/drivers/isdn/gigaset/ser-gigaset.c b/drivers/isdn/gigaset/ser-gigaset.c
index d1f8ab9..6d40800 100644
--- a/drivers/isdn/gigaset/ser-gigaset.c
+++ b/drivers/isdn/gigaset/ser-gigaset.c
@@ -507,10 +507,8 @@ gigaset_tty_open(struct tty_struct *tty)
/* allocate memory for our device state and initialize it */
cs = gigaset_initcs(driver, 1, 1, 0, cidmode, GIGASET_MODULENAME);
- if (!cs) {
- rc = -ENODEV;
- goto error;
- }
+ if (!cs)
+ return -ENODEV;
cs->dev = &cs->hw.ser->dev.dev;
cs->hw.ser->tty = tty;
diff --git a/drivers/net/irda/irtty-sir.c b/drivers/net/irda/irtty-sir.c
index 696852e..7a3f990 100644
--- a/drivers/net/irda/irtty-sir.c
+++ b/drivers/net/irda/irtty-sir.c
@@ -430,16 +430,6 @@ static int irtty_open(struct tty_struct *tty)
/* Module stuff handled via irda_ldisc.owner - Jean II */
- /* First make sure we're not already connected. */
- if (tty->disc_data != NULL) {
- priv = tty->disc_data;
- if (priv && priv->magic == IRTTY_MAGIC) {
- ret = -EEXIST;
- goto out;
- }
- tty->disc_data = NULL; /* ### */
- }
-
/* stop the underlying driver */
irtty_stop_receiver(tty, TRUE);
if (tty->ops->stop)
diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
index c3fe026..b0cda74 100644
--- a/drivers/tty/n_gsm.c
+++ b/drivers/tty/n_gsm.c
@@ -2045,7 +2045,8 @@ static void gsm_cleanup_mux(struct gsm_mux *gsm)
}
}
spin_unlock(&gsm_mux_lock);
- WARN_ON(i == MAX_MUX);
+ if (i == MAX_MUX)
+ return;
/* In theory disconnecting DLCI 0 is sufficient but for some
modems this is apparently not the case. */
diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c
index bd51bdd..2382810 100644
--- a/drivers/tty/vt/vt.c
+++ b/drivers/tty/vt/vt.c
@@ -871,7 +871,7 @@ static int vc_do_resize(struct tty_struct *tty, struct vc_data *vc,
if (new_cols == vc->vc_cols && new_rows == vc->vc_rows)
return 0;
- newscreen = kmalloc(new_screen_size, GFP_USER);
+ newscreen = kmalloc(new_screen_size, GFP_USER | __GFP_NOWARN);
if (!newscreen)
return -ENOMEM;
diff --git a/fs/btrfs/tests/btrfs-tests.c b/fs/btrfs/tests/btrfs-tests.c
index 0e1e61a..46f4855 100644
--- a/fs/btrfs/tests/btrfs-tests.c
+++ b/fs/btrfs/tests/btrfs-tests.c
@@ -131,7 +131,7 @@ struct btrfs_fs_info *btrfs_alloc_dummy_fs_info(void)
return fs_info;
}
-static void btrfs_free_dummy_fs_info(struct btrfs_fs_info *fs_info)
+void btrfs_free_dummy_fs_info(struct btrfs_fs_info *fs_info)
{
struct radix_tree_iter iter;
void **slot;
diff --git a/fs/btrfs/tests/btrfs-tests.h b/fs/btrfs/tests/btrfs-tests.h
index 054b8c7..9c2cd8b 100644
--- a/fs/btrfs/tests/btrfs-tests.h
+++ b/fs/btrfs/tests/btrfs-tests.h
@@ -36,6 +36,7 @@ int btrfs_init_test_fs(void);
void btrfs_destroy_test_fs(void);
struct inode *btrfs_new_test_inode(void);
struct btrfs_fs_info *btrfs_alloc_dummy_fs_info(void);
+void btrfs_free_dummy_fs_info(struct btrfs_fs_info *fs_info);
void btrfs_free_dummy_root(struct btrfs_root *root);
struct btrfs_block_group_cache *
btrfs_alloc_dummy_block_group(unsigned long length);
diff --git a/fs/btrfs/tests/free-space-tests.c b/fs/btrfs/tests/free-space-tests.c
index c9ad97b..4ab5ebb 100644
--- a/fs/btrfs/tests/free-space-tests.c
+++ b/fs/btrfs/tests/free-space-tests.c
@@ -849,6 +849,7 @@ int btrfs_test_free_space_cache(void)
goto out;
root->fs_info->extent_root = root;
+ btrfs_free_dummy_fs_info(cache->fs_info);
cache->fs_info = root->fs_info;
ret = test_extents(cache);
diff --git a/include/linux/dynamic_debug.h b/include/linux/dynamic_debug.h
index 4f1bbc6..ecadceb 100644
--- a/include/linux/dynamic_debug.h
+++ b/include/linux/dynamic_debug.h
@@ -74,7 +74,6 @@ void __dynamic_netdev_dbg(struct _ddebug *descriptor,
#define dynamic_pr_debug(fmt, ...) \
do { \
DEFINE_DYNAMIC_DEBUG_METADATA(descriptor, fmt); \
- if (unlikely(descriptor.flags & _DPRINTK_FLAGS_PRINT)) \
__dynamic_pr_debug(&descriptor, pr_fmt(fmt), \
##__VA_ARGS__); \
} while (0)
@@ -82,7 +81,6 @@ do { \
#define dynamic_dev_dbg(dev, fmt, ...) \
do { \
DEFINE_DYNAMIC_DEBUG_METADATA(descriptor, fmt); \
- if (unlikely(descriptor.flags & _DPRINTK_FLAGS_PRINT)) \
__dynamic_dev_dbg(&descriptor, dev, fmt, \
##__VA_ARGS__); \
} while (0)
@@ -90,7 +88,6 @@ do { \
#define dynamic_netdev_dbg(dev, fmt, ...) \
do { \
DEFINE_DYNAMIC_DEBUG_METADATA(descriptor, fmt); \
- if (unlikely(descriptor.flags & _DPRINTK_FLAGS_PRINT)) \
__dynamic_netdev_dbg(&descriptor, dev, fmt, \
##__VA_ARGS__); \
} while (0)
diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h
index 205630b..f816344 100644
--- a/include/net/sctp/structs.h
+++ b/include/net/sctp/structs.h
@@ -1098,7 +1098,7 @@ int sctp_bind_addr_dup(struct sctp_bind_addr *dest,
const struct sctp_bind_addr *src,
gfp_t gfp);
int sctp_add_bind_addr(struct sctp_bind_addr *, union sctp_addr *,
- __u8 addr_state, gfp_t gfp);
+ int new_size, __u8 addr_state, gfp_t gfp);
int sctp_del_bind_addr(struct sctp_bind_addr *, union sctp_addr *);
int sctp_bind_addr_match(struct sctp_bind_addr *, const union sctp_addr *,
struct sctp_sock *);
diff --git a/kernel/irq/handle.c b/kernel/irq/handle.c
index 57bff78..bb5926d 100644
--- a/kernel/irq/handle.c
+++ b/kernel/irq/handle.c
@@ -142,7 +142,15 @@ irqreturn_t handle_irq_event_percpu(struct irq_desc *desc)
while (action) {
irqreturn_t res;
+ if (action == NULL) {
+ pr_err("desc=%p name=%s action=%p count=%d irq=%d\n", desc, desc->name, desc->action, desc->irq_count, desc->irq_data.irq);
+ BUG();
+ }
trace_irq_handler_entry(irq, action);
+ if (action == NULL) {
+ pr_err("desc=%p name=%s action=%p count=%d irq=%d\n", desc, desc->name, desc->action, desc->irq_count, desc->irq_data.irq);
+ BUG();
+ }
res = action->handler(irq, action->dev_id);
trace_irq_handler_exit(irq, action, res);
diff --git a/kernel/locking/lockdep.c b/kernel/locking/lockdep.c
index 716547f..ed24a0b 100644
--- a/kernel/locking/lockdep.c
+++ b/kernel/locking/lockdep.c
@@ -4164,7 +4164,7 @@ void debug_show_all_locks(void)
int unlock = 1;
if (unlikely(!debug_locks)) {
- printk("INFO: lockdep is turned off.\n");
+ printk("lockdep is turned off.\n");
return;
}
printk("\nShowing all locks held in the system:\n");
@@ -4223,7 +4223,7 @@ EXPORT_SYMBOL_GPL(debug_show_all_locks);
void debug_show_held_locks(struct task_struct *task)
{
if (unlikely(!debug_locks)) {
- printk("INFO: lockdep is turned off.\n");
+ printk("lockdep is turned off.\n");
return;
}
lockdep_print_held_locks(task);
diff --git a/kernel/ptrace.c b/kernel/ptrace.c
index 2341efe..25c1656 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -73,11 +73,11 @@ void __ptrace_unlink(struct task_struct *child)
{
BUG_ON(!child->ptrace);
- child->ptrace = 0;
child->parent = child->real_parent;
list_del_init(&child->ptrace_entry);
spin_lock(&child->sighand->siglock);
+ child->ptrace = 0;
/*
* Clear all pending traps and TRAPPING. TRAPPING should be
diff --git a/kernel/workqueue.c b/kernel/workqueue.c
index 7ff5dc7..19b5345 100644
--- a/kernel/workqueue.c
+++ b/kernel/workqueue.c
@@ -48,6 +48,7 @@
#include <linux/nodemask.h>
#include <linux/moduleparam.h>
#include <linux/uaccess.h>
+#include <linux/nmi.h>
#include "workqueue_internal.h"
@@ -5355,6 +5356,8 @@ static void wq_watchdog_timer_fn(unsigned long data)
pr_cont_pool_info(pool);
pr_cont(" stuck for %us!\n",
jiffies_to_msecs(jiffies - pool_ts) / 1000);
+ trigger_all_cpu_backtrace();
+ debug_show_all_locks();
}
}
diff --git a/lib/debugobjects.c b/lib/debugobjects.c
index 519b5a1..0b7cd98 100644
--- a/lib/debugobjects.c
+++ b/lib/debugobjects.c
@@ -17,6 +17,7 @@
#include <linux/debugfs.h>
#include <linux/slab.h>
#include <linux/hash.h>
+#include <linux/kmemleak.h>
#define ODEBUG_HASH_BITS 14
#define ODEBUG_HASH_SIZE (1 << ODEBUG_HASH_BITS)
@@ -100,6 +101,7 @@ static void fill_pool(void)
if (!new)
return;
+ kmemleak_not_leak(new);
raw_spin_lock_irqsave(&pool_lock, flags);
hlist_add_head(&new->node, &obj_pool);
obj_pool_free++;
diff --git a/lib/dynamic_debug.c b/lib/dynamic_debug.c
index fe42b6e..69d96a4 100644
--- a/lib/dynamic_debug.c
+++ b/lib/dynamic_debug.c
@@ -543,6 +543,9 @@ void __dynamic_pr_debug(struct _ddebug *descriptor, const char *fmt, ...)
struct va_format vaf;
char buf[PREFIX_SIZE];
+ if (!unlikely(descriptor->flags & _DPRINTK_FLAGS_PRINT))
+ return;
+
BUG_ON(!descriptor);
BUG_ON(!fmt);
@@ -563,6 +566,9 @@ void __dynamic_dev_dbg(struct _ddebug *descriptor,
struct va_format vaf;
va_list args;
+ if (!unlikely(descriptor->flags & _DPRINTK_FLAGS_PRINT))
+ return;
+
BUG_ON(!descriptor);
BUG_ON(!fmt);
@@ -594,6 +600,9 @@ void __dynamic_netdev_dbg(struct _ddebug *descriptor,
struct va_format vaf;
va_list args;
+ if (!unlikely(descriptor->flags & _DPRINTK_FLAGS_PRINT))
+ return;
+
BUG_ON(!descriptor);
BUG_ON(!fmt);
diff --git a/lib/radix-tree.c b/lib/radix-tree.c
index 6b79e90..54929a8 100644
--- a/lib/radix-tree.c
+++ b/lib/radix-tree.c
@@ -34,6 +34,7 @@
#include <linux/bitops.h>
#include <linux/rcupdate.h>
#include <linux/preempt.h> /* in_interrupt() */
+#include <linux/kmemleak.h>
/*
@@ -264,6 +265,7 @@ static int __radix_tree_preload(gfp_t gfp_mask)
node = kmem_cache_alloc(radix_tree_node_cachep, gfp_mask);
if (node == NULL)
goto out;
+ kmemleak_not_leak(node);
preempt_disable();
rtp = this_cpu_ptr(&radix_tree_preloads);
if (rtp->nr < RADIX_TREE_PRELOAD_SIZE) {
diff --git a/mm/Makefile b/mm/Makefile
index cf751bb..a0af655 100644
--- a/mm/Makefile
+++ b/mm/Makefile
@@ -4,6 +4,9 @@
KASAN_SANITIZE_slab_common.o := n
KASAN_SANITIZE_slub.o := n
+KASAN_SANITIZE_debug-pagealloc.o := n
+KASAN_SANITIZE_kmemleak.o := n
+KASAN_SANITIZE_kmemcheck.o := n
# These files are disabled because they produce non-interesting and/or
# flaky coverage that is not a function of syscall inputs. E.g. slab is out of
diff --git a/mm/kasan/report.c b/mm/kasan/report.c
index 12f222d..6cc459e 100644
--- a/mm/kasan/report.c
+++ b/mm/kasan/report.c
@@ -209,6 +209,21 @@ static void kasan_report_error(struct kasan_access_info *info)
unsigned long flags;
const char *bug_type;
+
+ u8 *shadow_addr;
+ info->first_bad_addr = find_first_bad_addr(info->access_addr,
+ info->access_size);
+ shadow_addr = (u8 *)kasan_mem_to_shadow(info->first_bad_addr);
+ if (*shadow_addr > 0 && *shadow_addr <= KASAN_SHADOW_SCALE_SIZE - 1)
+ shadow_addr++;
+ switch (*shadow_addr) {
+ case KASAN_STACK_LEFT:
+ case KASAN_STACK_MID:
+ case KASAN_STACK_RIGHT:
+ case KASAN_STACK_PARTIAL:
+ return;
+ }
+
/*
* Make sure we don't end up in loop.
*/
diff --git a/mm/kmemleak.c b/mm/kmemleak.c
index 25c0ad3..fcde285 100644
--- a/mm/kmemleak.c
+++ b/mm/kmemleak.c
@@ -307,8 +307,10 @@ static void hex_dump_object(struct seq_file *seq,
len = min_t(size_t, object->size, HEX_MAX_LINES * HEX_ROW_SIZE);
seq_printf(seq, " hex dump (first %zu bytes):\n", len);
+ kasan_disable_current();
seq_hex_dump(seq, " ", DUMP_PREFIX_NONE, HEX_ROW_SIZE,
HEX_GROUP_SIZE, ptr, len, HEX_ASCII);
+ kasan_enable_current();
}
/*
diff --git a/mm/slub.c b/mm/slub.c
index d8fbd4a..9dfd8ff 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -196,7 +196,12 @@ struct track {
unsigned long when; /* When did the operation occur */
};
-enum track_item { TRACK_ALLOC, TRACK_FREE };
+enum track_item {
+ TRACK_ALLOC = 0,
+ TRACK_FREE,
+ TRACK_INDIRECT,
+ TRACK_NR,
+};
#ifdef CONFIG_SYSFS
static int sysfs_slab_add(struct kmem_cache *);
@@ -553,6 +558,7 @@ static void init_tracking(struct kmem_cache *s, void *object)
set_track(s, object, TRACK_FREE, 0UL);
set_track(s, object, TRACK_ALLOC, 0UL);
+ set_track(s, object, TRACK_INDIRECT, 0UL);
}
static void print_track(const char *s, struct track *t)
@@ -581,6 +587,7 @@ static void print_tracking(struct kmem_cache *s, void *object)
print_track("Allocated", get_track(s, object, TRACK_ALLOC));
print_track("Freed", get_track(s, object, TRACK_FREE));
+ print_track("Indirect", get_track(s, object, TRACK_INDIRECT));
}
static void print_page_info(struct page *page)
@@ -645,7 +652,7 @@ static void print_trailer(struct kmem_cache *s, struct page *page, u8 *p)
off = s->inuse;
if (s->flags & SLAB_STORE_USER)
- off += 2 * sizeof(struct track);
+ off += TRACK_NR * sizeof(struct track);
if (off != s->size)
/* Beginning of the filler is the free pointer */
@@ -654,6 +661,29 @@ static void print_trailer(struct kmem_cache *s, struct page *page, u8 *p)
dump_stack();
}
+void object_set_indirect(const void *addr)
+{
+ if ((addr >= (void *)PAGE_OFFSET) &&
+ (addr < high_memory)) {
+ struct page *page = virt_to_head_page(addr);
+
+ if (PageSlab(page)) {
+ void *object;
+ struct kmem_cache *cache = page->slab_cache;
+ void *last_object;
+
+ object = virt_to_obj(cache, page_address(page), addr);
+ last_object = page_address(page) +
+ page->objects * cache->size;
+
+ if (unlikely(object > last_object))
+ object = last_object; /* we hit into padding */
+
+ set_track(cache, object, TRACK_INDIRECT, (unsigned long)_RET_IP_);
+ }
+ }
+}
+
void object_err(struct kmem_cache *s, struct page *page,
u8 *object, char *reason)
{
@@ -769,7 +799,7 @@ static int check_pad_bytes(struct kmem_cache *s, struct page *page, u8 *p)
if (s->flags & SLAB_STORE_USER)
/* We also have user information there */
- off += 2 * sizeof(struct track);
+ off += TRACK_NR * sizeof(struct track);
if (s->size == off)
return 1;
@@ -3283,7 +3313,7 @@ static int calculate_sizes(struct kmem_cache *s, int forced_order)
* Need to store information about allocs and frees after
* the object.
*/
- size += 2 * sizeof(struct track);
+ size += TRACK_NR * sizeof(struct track);
if (flags & SLAB_RED_ZONE)
/*
diff --git a/net/nfc/llcp_commands.c b/net/nfc/llcp_commands.c
index 3621a90..5d94055 100644
--- a/net/nfc/llcp_commands.c
+++ b/net/nfc/llcp_commands.c
@@ -729,7 +729,7 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap,
if (local == NULL)
return -ENODEV;
- msg_data = kzalloc(len, GFP_KERNEL);
+ msg_data = kzalloc(len, GFP_USER | __GFP_NOWARN);
if (msg_data == NULL)
return -ENOMEM;
diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c
index ecf0a01..5a91997 100644
--- a/net/nfc/llcp_sock.c
+++ b/net/nfc/llcp_sock.c
@@ -500,7 +500,7 @@ static int llcp_sock_getname(struct socket *sock, struct sockaddr *uaddr,
struct nfc_llcp_sock *llcp_sock = nfc_llcp_sock(sk);
DECLARE_SOCKADDR(struct sockaddr_nfc_llcp *, llcp_addr, uaddr);
- if (llcp_sock == NULL || llcp_sock->dev == NULL)
+ if (llcp_sock == NULL || sk->sk_state == LLCP_CLOSED)
return -EBADFD;
pr_debug("%p %d %d %d\n", sk, llcp_sock->target_idx,
diff --git a/net/sctp/bind_addr.c b/net/sctp/bind_addr.c
index 871cdf9..80129d1 100644
--- a/net/sctp/bind_addr.c
+++ b/net/sctp/bind_addr.c
@@ -111,7 +111,8 @@ int sctp_bind_addr_dup(struct sctp_bind_addr *dest,
dest->port = src->port;
list_for_each_entry(addr, &src->address_list, list) {
- error = sctp_add_bind_addr(dest, &addr->a, 1, gfp);
+ error = sctp_add_bind_addr(dest, &addr->a, sizeof(addr->a),
+ 1, gfp);
if (error < 0)
break;
}
@@ -150,7 +151,7 @@ void sctp_bind_addr_free(struct sctp_bind_addr *bp)
/* Add an address to the bind address list in the SCTP_bind_addr structure. */
int sctp_add_bind_addr(struct sctp_bind_addr *bp, union sctp_addr *new,
- __u8 addr_state, gfp_t gfp)
+ int new_size, __u8 addr_state, gfp_t gfp)
{
struct sctp_sockaddr_entry *addr;
@@ -159,7 +160,7 @@ int sctp_add_bind_addr(struct sctp_bind_addr *bp, union sctp_addr *new,
if (!addr)
return -ENOMEM;
- memcpy(&addr->a, new, sizeof(*new));
+ memcpy(&addr->a, new, min_t(size_t, sizeof(*new), new_size));
/* Fix up the port if it has not yet been set.
* Both v4 and v6 have the port at the same offset.
@@ -291,7 +292,8 @@ int sctp_raw_to_bind_addrs(struct sctp_bind_addr *bp, __u8 *raw_addr_list,
}
af->from_addr_param(&addr, rawaddr, htons(port), 0);
- retval = sctp_add_bind_addr(bp, &addr, SCTP_ADDR_SRC, gfp);
+ retval = sctp_add_bind_addr(bp, &addr, sizeof(addr),
+ SCTP_ADDR_SRC, gfp);
if (retval) {
/* Can't finish building the list, clean up. */
sctp_bind_addr_clean(bp);
@@ -453,8 +455,8 @@ static int sctp_copy_one_addr(struct net *net, struct sctp_bind_addr *dest,
(((AF_INET6 == addr->sa.sa_family) &&
(flags & SCTP_ADDR6_ALLOWED) &&
(flags & SCTP_ADDR6_PEERSUPP))))
- error = sctp_add_bind_addr(dest, addr, SCTP_ADDR_SRC,
- gfp);
+ error = sctp_add_bind_addr(dest, addr, sizeof(addr),
+ SCTP_ADDR_SRC, gfp);
}
return error;
diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
index 1099e99..d3d50da 100644
--- a/net/sctp/protocol.c
+++ b/net/sctp/protocol.c
@@ -216,6 +216,7 @@ int sctp_copy_local_addr_list(struct net *net, struct sctp_bind_addr *bp,
(copy_flags & SCTP_ADDR6_ALLOWED) &&
(copy_flags & SCTP_ADDR6_PEERSUPP)))) {
error = sctp_add_bind_addr(bp, &addr->a,
+ sizeof(addr->a),
SCTP_ADDR_SRC, GFP_ATOMIC);
if (error)
goto end_copy;
diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c
index 5d6a03f..1b91e97 100644
--- a/net/sctp/sm_make_chunk.c
+++ b/net/sctp/sm_make_chunk.c
@@ -1830,7 +1830,7 @@ no_hmac:
/* Also, add the destination address. */
if (list_empty(&retval->base.bind_addr.address_list)) {
sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest,
- SCTP_ADDR_SRC, GFP_ATOMIC);
+ sizeof(chunk->dest), SCTP_ADDR_SRC, GFP_ATOMIC);
}
retval->next_tsn = retval->c.initial_tsn;
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index e878da0..ccc9f37 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -386,7 +386,8 @@ static int sctp_do_bind(struct sock *sk, union sctp_addr *addr, int len)
/* Add the address to the bind address list.
* Use GFP_ATOMIC since BHs will be disabled.
*/
- ret = sctp_add_bind_addr(bp, addr, SCTP_ADDR_SRC, GFP_ATOMIC);
+ ret = sctp_add_bind_addr(bp, addr, af->sockaddr_len,
+ SCTP_ADDR_SRC, GFP_ATOMIC);
/* Copy back into socket for getsockname() use. */
if (!ret) {
@@ -576,7 +577,7 @@ static int sctp_send_asconf_add_ip(struct sock *sk,
addr = addr_buf;
af = sctp_get_af_specific(addr->v4.sin_family);
memcpy(&saveaddr, addr, af->sockaddr_len);
- retval = sctp_add_bind_addr(bp, &saveaddr,
+ retval = sctp_add_bind_addr(bp, &saveaddr, sizeof(saveaddr),
SCTP_ADDR_NEW, GFP_ATOMIC);
addr_buf += af->sockaddr_len;
}
diff --git a/net/socket.c b/net/socket.c
index c044d1e..db13ae8 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -2240,31 +2240,31 @@ int __sys_recvmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen,
cond_resched();
}
-out_put:
- fput_light(sock->file, fput_needed);
-
if (err == 0)
- return datagrams;
+ goto out_put;
- if (datagrams != 0) {
+ if (datagrams == 0) {
+ datagrams = err;
+ goto out_put;
+ }
+
+ /*
+ * We may return less entries than requested (vlen) if the
+ * sock is non block and there aren't enough datagrams...
+ */
+ if (err != -EAGAIN) {
/*
- * We may return less entries than requested (vlen) if the
- * sock is non block and there aren't enough datagrams...
+ * ... or if recvmsg returns an error after we
+ * received some datagrams, where we record the
+ * error to return on the next call or if the
+ * app asks about it using getsockopt(SO_ERROR).
*/
- if (err != -EAGAIN) {
- /*
- * ... or if recvmsg returns an error after we
- * received some datagrams, where we record the
- * error to return on the next call or if the
- * app asks about it using getsockopt(SO_ERROR).
- */
- sock->sk->sk_err = -err;
- }
-
- return datagrams;
+ sock->sk->sk_err = -err;
}
+out_put:
+ fput_light(sock->file, fput_needed);
- return err;
+ return datagrams;
}
SYSCALL_DEFINE5(recvmmsg, int, fd, struct mmsghdr __user *, mmsg,
diff --git a/sound/core/control.c b/sound/core/control.c
index a85d455..2dbc189 100644
--- a/sound/core/control.c
+++ b/sound/core/control.c
@@ -665,7 +665,7 @@ struct snd_kcontrol *snd_ctl_find_numid(struct snd_card *card, unsigned int numi
{
struct snd_kcontrol *kctl;
- if (snd_BUG_ON(!card || !numid))
+ if (!card || !numid)
return NULL;
list_for_each_entry(kctl, &card->controls, list) {
if (kctl->id.numid <= numid && kctl->id.numid + kctl->count > numid)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment