Created
March 10, 2016 18:36
-
-
Save dvyukov/14f58a8955e08fdb3009 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c | |
index 6525e92..99cb866 100644 | |
--- a/arch/x86/kvm/cpuid.c | |
+++ b/arch/x86/kvm/cpuid.c | |
@@ -170,6 +170,9 @@ int kvm_vcpu_ioctl_set_cpuid(struct kvm_vcpu *vcpu, | |
r = -E2BIG; | |
if (cpuid->nent > KVM_MAX_CPUID_ENTRIES) | |
goto out; | |
+ r = -EINVAL; | |
+ if (cpuid->nent == 0) | |
+ goto out; | |
r = -ENOMEM; | |
cpuid_entries = vmalloc(sizeof(struct kvm_cpuid_entry) * cpuid->nent); | |
if (!cpuid_entries) | |
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c | |
index 36591fa..8f38a3a 100644 | |
--- a/arch/x86/kvm/lapic.c | |
+++ b/arch/x86/kvm/lapic.c | |
@@ -2160,7 +2160,7 @@ void kvm_apic_accept_events(struct kvm_vcpu *vcpu) | |
* and delay processing of INIT until the next RSM. | |
*/ | |
if (is_smm(vcpu)) { | |
- WARN_ON_ONCE(vcpu->arch.mp_state == KVM_MP_STATE_INIT_RECEIVED); | |
+ //WARN_ON(vcpu->arch.mp_state == KVM_MP_STATE_INIT_RECEIVED); | |
if (test_bit(KVM_APIC_SIPI, &apic->pending_events)) | |
clear_bit(KVM_APIC_SIPI, &apic->pending_events); | |
return; | |
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c | |
index 0ff4537..b53045b 100644 | |
--- a/arch/x86/kvm/vmx.c | |
+++ b/arch/x86/kvm/vmx.c | |
@@ -8129,7 +8129,7 @@ static int vmx_handle_exit(struct kvm_vcpu *vcpu) | |
} | |
if (exit_reason & VMX_EXIT_REASONS_FAILED_VMENTRY) { | |
- dump_vmcs(); | |
+ //dump_vmcs(); | |
vcpu->run->exit_reason = KVM_EXIT_FAIL_ENTRY; | |
vcpu->run->fail_entry.hardware_entry_failure_reason | |
= exit_reason; | |
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c | |
index eaf6ee8..335efad 100644 | |
--- a/arch/x86/kvm/x86.c | |
+++ b/arch/x86/kvm/x86.c | |
@@ -342,7 +342,7 @@ static int exception_type(int vector) | |
{ | |
unsigned int mask; | |
- if (WARN_ON(vector > 31 || vector == NMI_VECTOR)) | |
+ if (vector > 31 || vector == NMI_VECTOR) | |
return EXCPT_INTERRUPT; | |
mask = 1 << vector; | |
@@ -7780,7 +7780,7 @@ int __x86_set_memory_region(struct kvm *kvm, int id, gpa_t gpa, u32 size) | |
slot = id_to_memslot(slots, id); | |
if (size) { | |
- if (WARN_ON(slot->npages)) | |
+ if (slot->npages) | |
return -EEXIST; | |
/* | |
diff --git a/drivers/base/core.c b/drivers/base/core.c | |
index 0a8bdad..addd440 100644 | |
--- a/drivers/base/core.c | |
+++ b/drivers/base/core.c | |
@@ -1058,7 +1058,7 @@ int device_add(struct device *dev) | |
goto name_error; | |
} | |
- pr_debug("device: '%s': %s\n", dev_name(dev), __func__); | |
+ //pr_debug("device: '%s': %s\n", dev_name(dev), __func__); | |
parent = get_device(dev->parent); | |
kobj = get_device_parent(dev, parent); | |
@@ -1295,7 +1295,7 @@ EXPORT_SYMBOL_GPL(device_del); | |
*/ | |
void device_unregister(struct device *dev) | |
{ | |
- pr_debug("device: '%s': %s\n", dev_name(dev), __func__); | |
+ //pr_debug("device: '%s': %s\n", dev_name(dev), __func__); | |
device_del(dev); | |
put_device(dev); | |
} | |
@@ -1672,7 +1672,7 @@ EXPORT_SYMBOL_GPL(root_device_unregister); | |
static void device_create_release(struct device *dev) | |
{ | |
- pr_debug("device: '%s': %s\n", dev_name(dev), __func__); | |
+ //pr_debug("device: '%s': %s\n", dev_name(dev), __func__); | |
kfree(dev); | |
} | |
diff --git a/drivers/base/power/main.c b/drivers/base/power/main.c | |
index 6e7c3cc..ab247ae 100644 | |
--- a/drivers/base/power/main.c | |
+++ b/drivers/base/power/main.c | |
@@ -123,8 +123,8 @@ void device_pm_unlock(void) | |
*/ | |
void device_pm_add(struct device *dev) | |
{ | |
- pr_debug("PM: Adding info for %s:%s\n", | |
- dev->bus ? dev->bus->name : "No Bus", dev_name(dev)); | |
+ //pr_debug("PM: Adding info for %s:%s\n", | |
+ // dev->bus ? dev->bus->name : "No Bus", dev_name(dev)); | |
device_pm_check_callbacks(dev); | |
mutex_lock(&dpm_list_mtx); | |
if (dev->parent && dev->parent->power.is_prepared) | |
@@ -140,8 +140,8 @@ void device_pm_add(struct device *dev) | |
*/ | |
void device_pm_remove(struct device *dev) | |
{ | |
- pr_debug("PM: Removing info for %s:%s\n", | |
- dev->bus ? dev->bus->name : "No Bus", dev_name(dev)); | |
+ //pr_debug("PM: Removing info for %s:%s\n", | |
+ // dev->bus ? dev->bus->name : "No Bus", dev_name(dev)); | |
complete_all(&dev->power.completion); | |
mutex_lock(&dpm_list_mtx); | |
list_del_init(&dev->power.entry); | |
@@ -158,9 +158,9 @@ void device_pm_remove(struct device *dev) | |
*/ | |
void device_pm_move_before(struct device *deva, struct device *devb) | |
{ | |
- pr_debug("PM: Moving %s:%s before %s:%s\n", | |
- deva->bus ? deva->bus->name : "No Bus", dev_name(deva), | |
- devb->bus ? devb->bus->name : "No Bus", dev_name(devb)); | |
+ //pr_debug("PM: Moving %s:%s before %s:%s\n", | |
+ // deva->bus ? deva->bus->name : "No Bus", dev_name(deva), | |
+ // devb->bus ? devb->bus->name : "No Bus", dev_name(devb)); | |
/* Delete deva from dpm_list and reinsert before devb. */ | |
list_move_tail(&deva->power.entry, &devb->power.entry); | |
} | |
@@ -172,9 +172,9 @@ void device_pm_move_before(struct device *deva, struct device *devb) | |
*/ | |
void device_pm_move_after(struct device *deva, struct device *devb) | |
{ | |
- pr_debug("PM: Moving %s:%s after %s:%s\n", | |
- deva->bus ? deva->bus->name : "No Bus", dev_name(deva), | |
- devb->bus ? devb->bus->name : "No Bus", dev_name(devb)); | |
+ //pr_debug("PM: Moving %s:%s after %s:%s\n", | |
+ // deva->bus ? deva->bus->name : "No Bus", dev_name(deva), | |
+ // devb->bus ? devb->bus->name : "No Bus", dev_name(devb)); | |
/* Delete deva from dpm_list and reinsert after devb. */ | |
list_move(&deva->power.entry, &devb->power.entry); | |
} | |
@@ -185,8 +185,8 @@ void device_pm_move_after(struct device *deva, struct device *devb) | |
*/ | |
void device_pm_move_last(struct device *dev) | |
{ | |
- pr_debug("PM: Moving %s:%s to end of list\n", | |
- dev->bus ? dev->bus->name : "No Bus", dev_name(dev)); | |
+ //pr_debug("PM: Moving %s:%s to end of list\n", | |
+ // dev->bus ? dev->bus->name : "No Bus", dev_name(dev)); | |
list_move_tail(&dev->power.entry, &dpm_list); | |
} | |
diff --git a/drivers/gpu/vga/vgaarb.c b/drivers/gpu/vga/vgaarb.c | |
index f17cb04..d73b85b 100644 | |
--- a/drivers/gpu/vga/vgaarb.c | |
+++ b/drivers/gpu/vga/vgaarb.c | |
@@ -923,7 +923,7 @@ static ssize_t vga_arb_write(struct file *file, const char __user *buf, | |
int i; | |
- kbuf = kmalloc(count + 1, GFP_KERNEL); | |
+ kbuf = kmalloc(count + 1, GFP_USER | __GFP_NOWARN); | |
if (!kbuf) | |
return -ENOMEM; | |
diff --git a/drivers/input/mousedev.c b/drivers/input/mousedev.c | |
index b604564..685f142 100644 | |
--- a/drivers/input/mousedev.c | |
+++ b/drivers/input/mousedev.c | |
@@ -675,6 +675,8 @@ static ssize_t mousedev_write(struct file *file, const char __user *buffer, | |
unsigned char c; | |
unsigned int i; | |
+ if (count > 16) | |
+ count = 16; | |
for (i = 0; i < count; i++) { | |
if (get_user(c, buffer + i)) | |
diff --git a/drivers/isdn/gigaset/common.c b/drivers/isdn/gigaset/common.c | |
index 7c78144..fafe6a1 100644 | |
--- a/drivers/isdn/gigaset/common.c | |
+++ b/drivers/isdn/gigaset/common.c | |
@@ -427,7 +427,12 @@ exit: | |
static void free_cs(struct cardstate *cs) | |
{ | |
- cs->flags = 0; | |
+ //cs->flags = 0; | |
+ unsigned long flags; | |
+ struct gigaset_driver *drv = cs->driver; | |
+ spin_lock_irqsave(&drv->lock, flags); | |
+ cs->flags &= ~VALID_MINOR; | |
+ spin_unlock_irqrestore(&drv->lock, flags); | |
} | |
static void make_valid(struct cardstate *cs, unsigned mask) | |
diff --git a/drivers/isdn/gigaset/ser-gigaset.c b/drivers/isdn/gigaset/ser-gigaset.c | |
index d1f8ab9..6d40800 100644 | |
--- a/drivers/isdn/gigaset/ser-gigaset.c | |
+++ b/drivers/isdn/gigaset/ser-gigaset.c | |
@@ -507,10 +507,8 @@ gigaset_tty_open(struct tty_struct *tty) | |
/* allocate memory for our device state and initialize it */ | |
cs = gigaset_initcs(driver, 1, 1, 0, cidmode, GIGASET_MODULENAME); | |
- if (!cs) { | |
- rc = -ENODEV; | |
- goto error; | |
- } | |
+ if (!cs) | |
+ return -ENODEV; | |
cs->dev = &cs->hw.ser->dev.dev; | |
cs->hw.ser->tty = tty; | |
diff --git a/drivers/net/irda/irtty-sir.c b/drivers/net/irda/irtty-sir.c | |
index 696852e..7a3f990 100644 | |
--- a/drivers/net/irda/irtty-sir.c | |
+++ b/drivers/net/irda/irtty-sir.c | |
@@ -430,16 +430,6 @@ static int irtty_open(struct tty_struct *tty) | |
/* Module stuff handled via irda_ldisc.owner - Jean II */ | |
- /* First make sure we're not already connected. */ | |
- if (tty->disc_data != NULL) { | |
- priv = tty->disc_data; | |
- if (priv && priv->magic == IRTTY_MAGIC) { | |
- ret = -EEXIST; | |
- goto out; | |
- } | |
- tty->disc_data = NULL; /* ### */ | |
- } | |
- | |
/* stop the underlying driver */ | |
irtty_stop_receiver(tty, TRUE); | |
if (tty->ops->stop) | |
diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c | |
index c3fe026..b0cda74 100644 | |
--- a/drivers/tty/n_gsm.c | |
+++ b/drivers/tty/n_gsm.c | |
@@ -2045,7 +2045,8 @@ static void gsm_cleanup_mux(struct gsm_mux *gsm) | |
} | |
} | |
spin_unlock(&gsm_mux_lock); | |
- WARN_ON(i == MAX_MUX); | |
+ if (i == MAX_MUX) | |
+ return; | |
/* In theory disconnecting DLCI 0 is sufficient but for some | |
modems this is apparently not the case. */ | |
diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c | |
index bd51bdd..2382810 100644 | |
--- a/drivers/tty/vt/vt.c | |
+++ b/drivers/tty/vt/vt.c | |
@@ -871,7 +871,7 @@ static int vc_do_resize(struct tty_struct *tty, struct vc_data *vc, | |
if (new_cols == vc->vc_cols && new_rows == vc->vc_rows) | |
return 0; | |
- newscreen = kmalloc(new_screen_size, GFP_USER); | |
+ newscreen = kmalloc(new_screen_size, GFP_USER | __GFP_NOWARN); | |
if (!newscreen) | |
return -ENOMEM; | |
diff --git a/fs/btrfs/tests/btrfs-tests.c b/fs/btrfs/tests/btrfs-tests.c | |
index 0e1e61a..46f4855 100644 | |
--- a/fs/btrfs/tests/btrfs-tests.c | |
+++ b/fs/btrfs/tests/btrfs-tests.c | |
@@ -131,7 +131,7 @@ struct btrfs_fs_info *btrfs_alloc_dummy_fs_info(void) | |
return fs_info; | |
} | |
-static void btrfs_free_dummy_fs_info(struct btrfs_fs_info *fs_info) | |
+void btrfs_free_dummy_fs_info(struct btrfs_fs_info *fs_info) | |
{ | |
struct radix_tree_iter iter; | |
void **slot; | |
diff --git a/fs/btrfs/tests/btrfs-tests.h b/fs/btrfs/tests/btrfs-tests.h | |
index 054b8c7..9c2cd8b 100644 | |
--- a/fs/btrfs/tests/btrfs-tests.h | |
+++ b/fs/btrfs/tests/btrfs-tests.h | |
@@ -36,6 +36,7 @@ int btrfs_init_test_fs(void); | |
void btrfs_destroy_test_fs(void); | |
struct inode *btrfs_new_test_inode(void); | |
struct btrfs_fs_info *btrfs_alloc_dummy_fs_info(void); | |
+void btrfs_free_dummy_fs_info(struct btrfs_fs_info *fs_info); | |
void btrfs_free_dummy_root(struct btrfs_root *root); | |
struct btrfs_block_group_cache * | |
btrfs_alloc_dummy_block_group(unsigned long length); | |
diff --git a/fs/btrfs/tests/free-space-tests.c b/fs/btrfs/tests/free-space-tests.c | |
index c9ad97b..4ab5ebb 100644 | |
--- a/fs/btrfs/tests/free-space-tests.c | |
+++ b/fs/btrfs/tests/free-space-tests.c | |
@@ -849,6 +849,7 @@ int btrfs_test_free_space_cache(void) | |
goto out; | |
root->fs_info->extent_root = root; | |
+ btrfs_free_dummy_fs_info(cache->fs_info); | |
cache->fs_info = root->fs_info; | |
ret = test_extents(cache); | |
diff --git a/include/linux/dynamic_debug.h b/include/linux/dynamic_debug.h | |
index 4f1bbc6..ecadceb 100644 | |
--- a/include/linux/dynamic_debug.h | |
+++ b/include/linux/dynamic_debug.h | |
@@ -74,7 +74,6 @@ void __dynamic_netdev_dbg(struct _ddebug *descriptor, | |
#define dynamic_pr_debug(fmt, ...) \ | |
do { \ | |
DEFINE_DYNAMIC_DEBUG_METADATA(descriptor, fmt); \ | |
- if (unlikely(descriptor.flags & _DPRINTK_FLAGS_PRINT)) \ | |
__dynamic_pr_debug(&descriptor, pr_fmt(fmt), \ | |
##__VA_ARGS__); \ | |
} while (0) | |
@@ -82,7 +81,6 @@ do { \ | |
#define dynamic_dev_dbg(dev, fmt, ...) \ | |
do { \ | |
DEFINE_DYNAMIC_DEBUG_METADATA(descriptor, fmt); \ | |
- if (unlikely(descriptor.flags & _DPRINTK_FLAGS_PRINT)) \ | |
__dynamic_dev_dbg(&descriptor, dev, fmt, \ | |
##__VA_ARGS__); \ | |
} while (0) | |
@@ -90,7 +88,6 @@ do { \ | |
#define dynamic_netdev_dbg(dev, fmt, ...) \ | |
do { \ | |
DEFINE_DYNAMIC_DEBUG_METADATA(descriptor, fmt); \ | |
- if (unlikely(descriptor.flags & _DPRINTK_FLAGS_PRINT)) \ | |
__dynamic_netdev_dbg(&descriptor, dev, fmt, \ | |
##__VA_ARGS__); \ | |
} while (0) | |
diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h | |
index 205630b..f816344 100644 | |
--- a/include/net/sctp/structs.h | |
+++ b/include/net/sctp/structs.h | |
@@ -1098,7 +1098,7 @@ int sctp_bind_addr_dup(struct sctp_bind_addr *dest, | |
const struct sctp_bind_addr *src, | |
gfp_t gfp); | |
int sctp_add_bind_addr(struct sctp_bind_addr *, union sctp_addr *, | |
- __u8 addr_state, gfp_t gfp); | |
+ int new_size, __u8 addr_state, gfp_t gfp); | |
int sctp_del_bind_addr(struct sctp_bind_addr *, union sctp_addr *); | |
int sctp_bind_addr_match(struct sctp_bind_addr *, const union sctp_addr *, | |
struct sctp_sock *); | |
diff --git a/kernel/irq/handle.c b/kernel/irq/handle.c | |
index 57bff78..bb5926d 100644 | |
--- a/kernel/irq/handle.c | |
+++ b/kernel/irq/handle.c | |
@@ -142,7 +142,15 @@ irqreturn_t handle_irq_event_percpu(struct irq_desc *desc) | |
while (action) { | |
irqreturn_t res; | |
+ if (action == NULL) { | |
+ pr_err("desc=%p name=%s action=%p count=%d irq=%d\n", desc, desc->name, desc->action, desc->irq_count, desc->irq_data.irq); | |
+ BUG(); | |
+ } | |
trace_irq_handler_entry(irq, action); | |
+ if (action == NULL) { | |
+ pr_err("desc=%p name=%s action=%p count=%d irq=%d\n", desc, desc->name, desc->action, desc->irq_count, desc->irq_data.irq); | |
+ BUG(); | |
+ } | |
res = action->handler(irq, action->dev_id); | |
trace_irq_handler_exit(irq, action, res); | |
diff --git a/kernel/locking/lockdep.c b/kernel/locking/lockdep.c | |
index 716547f..ed24a0b 100644 | |
--- a/kernel/locking/lockdep.c | |
+++ b/kernel/locking/lockdep.c | |
@@ -4164,7 +4164,7 @@ void debug_show_all_locks(void) | |
int unlock = 1; | |
if (unlikely(!debug_locks)) { | |
- printk("INFO: lockdep is turned off.\n"); | |
+ printk("lockdep is turned off.\n"); | |
return; | |
} | |
printk("\nShowing all locks held in the system:\n"); | |
@@ -4223,7 +4223,7 @@ EXPORT_SYMBOL_GPL(debug_show_all_locks); | |
void debug_show_held_locks(struct task_struct *task) | |
{ | |
if (unlikely(!debug_locks)) { | |
- printk("INFO: lockdep is turned off.\n"); | |
+ printk("lockdep is turned off.\n"); | |
return; | |
} | |
lockdep_print_held_locks(task); | |
diff --git a/kernel/ptrace.c b/kernel/ptrace.c | |
index 2341efe..25c1656 100644 | |
--- a/kernel/ptrace.c | |
+++ b/kernel/ptrace.c | |
@@ -73,11 +73,11 @@ void __ptrace_unlink(struct task_struct *child) | |
{ | |
BUG_ON(!child->ptrace); | |
- child->ptrace = 0; | |
child->parent = child->real_parent; | |
list_del_init(&child->ptrace_entry); | |
spin_lock(&child->sighand->siglock); | |
+ child->ptrace = 0; | |
/* | |
* Clear all pending traps and TRAPPING. TRAPPING should be | |
diff --git a/kernel/workqueue.c b/kernel/workqueue.c | |
index 7ff5dc7..19b5345 100644 | |
--- a/kernel/workqueue.c | |
+++ b/kernel/workqueue.c | |
@@ -48,6 +48,7 @@ | |
#include <linux/nodemask.h> | |
#include <linux/moduleparam.h> | |
#include <linux/uaccess.h> | |
+#include <linux/nmi.h> | |
#include "workqueue_internal.h" | |
@@ -5355,6 +5356,8 @@ static void wq_watchdog_timer_fn(unsigned long data) | |
pr_cont_pool_info(pool); | |
pr_cont(" stuck for %us!\n", | |
jiffies_to_msecs(jiffies - pool_ts) / 1000); | |
+ trigger_all_cpu_backtrace(); | |
+ debug_show_all_locks(); | |
} | |
} | |
diff --git a/lib/debugobjects.c b/lib/debugobjects.c | |
index 519b5a1..0b7cd98 100644 | |
--- a/lib/debugobjects.c | |
+++ b/lib/debugobjects.c | |
@@ -17,6 +17,7 @@ | |
#include <linux/debugfs.h> | |
#include <linux/slab.h> | |
#include <linux/hash.h> | |
+#include <linux/kmemleak.h> | |
#define ODEBUG_HASH_BITS 14 | |
#define ODEBUG_HASH_SIZE (1 << ODEBUG_HASH_BITS) | |
@@ -100,6 +101,7 @@ static void fill_pool(void) | |
if (!new) | |
return; | |
+ kmemleak_not_leak(new); | |
raw_spin_lock_irqsave(&pool_lock, flags); | |
hlist_add_head(&new->node, &obj_pool); | |
obj_pool_free++; | |
diff --git a/lib/dynamic_debug.c b/lib/dynamic_debug.c | |
index fe42b6e..69d96a4 100644 | |
--- a/lib/dynamic_debug.c | |
+++ b/lib/dynamic_debug.c | |
@@ -543,6 +543,9 @@ void __dynamic_pr_debug(struct _ddebug *descriptor, const char *fmt, ...) | |
struct va_format vaf; | |
char buf[PREFIX_SIZE]; | |
+ if (!unlikely(descriptor->flags & _DPRINTK_FLAGS_PRINT)) | |
+ return; | |
+ | |
BUG_ON(!descriptor); | |
BUG_ON(!fmt); | |
@@ -563,6 +566,9 @@ void __dynamic_dev_dbg(struct _ddebug *descriptor, | |
struct va_format vaf; | |
va_list args; | |
+ if (!unlikely(descriptor->flags & _DPRINTK_FLAGS_PRINT)) | |
+ return; | |
+ | |
BUG_ON(!descriptor); | |
BUG_ON(!fmt); | |
@@ -594,6 +600,9 @@ void __dynamic_netdev_dbg(struct _ddebug *descriptor, | |
struct va_format vaf; | |
va_list args; | |
+ if (!unlikely(descriptor->flags & _DPRINTK_FLAGS_PRINT)) | |
+ return; | |
+ | |
BUG_ON(!descriptor); | |
BUG_ON(!fmt); | |
diff --git a/lib/radix-tree.c b/lib/radix-tree.c | |
index 6b79e90..54929a8 100644 | |
--- a/lib/radix-tree.c | |
+++ b/lib/radix-tree.c | |
@@ -34,6 +34,7 @@ | |
#include <linux/bitops.h> | |
#include <linux/rcupdate.h> | |
#include <linux/preempt.h> /* in_interrupt() */ | |
+#include <linux/kmemleak.h> | |
/* | |
@@ -264,6 +265,7 @@ static int __radix_tree_preload(gfp_t gfp_mask) | |
node = kmem_cache_alloc(radix_tree_node_cachep, gfp_mask); | |
if (node == NULL) | |
goto out; | |
+ kmemleak_not_leak(node); | |
preempt_disable(); | |
rtp = this_cpu_ptr(&radix_tree_preloads); | |
if (rtp->nr < RADIX_TREE_PRELOAD_SIZE) { | |
diff --git a/mm/Makefile b/mm/Makefile | |
index cf751bb..a0af655 100644 | |
--- a/mm/Makefile | |
+++ b/mm/Makefile | |
@@ -4,6 +4,9 @@ | |
KASAN_SANITIZE_slab_common.o := n | |
KASAN_SANITIZE_slub.o := n | |
+KASAN_SANITIZE_debug-pagealloc.o := n | |
+KASAN_SANITIZE_kmemleak.o := n | |
+KASAN_SANITIZE_kmemcheck.o := n | |
# These files are disabled because they produce non-interesting and/or | |
# flaky coverage that is not a function of syscall inputs. E.g. slab is out of | |
diff --git a/mm/kasan/report.c b/mm/kasan/report.c | |
index 12f222d..6cc459e 100644 | |
--- a/mm/kasan/report.c | |
+++ b/mm/kasan/report.c | |
@@ -209,6 +209,21 @@ static void kasan_report_error(struct kasan_access_info *info) | |
unsigned long flags; | |
const char *bug_type; | |
+ | |
+ u8 *shadow_addr; | |
+ info->first_bad_addr = find_first_bad_addr(info->access_addr, | |
+ info->access_size); | |
+ shadow_addr = (u8 *)kasan_mem_to_shadow(info->first_bad_addr); | |
+ if (*shadow_addr > 0 && *shadow_addr <= KASAN_SHADOW_SCALE_SIZE - 1) | |
+ shadow_addr++; | |
+ switch (*shadow_addr) { | |
+ case KASAN_STACK_LEFT: | |
+ case KASAN_STACK_MID: | |
+ case KASAN_STACK_RIGHT: | |
+ case KASAN_STACK_PARTIAL: | |
+ return; | |
+ } | |
+ | |
/* | |
* Make sure we don't end up in loop. | |
*/ | |
diff --git a/mm/kmemleak.c b/mm/kmemleak.c | |
index 25c0ad3..fcde285 100644 | |
--- a/mm/kmemleak.c | |
+++ b/mm/kmemleak.c | |
@@ -307,8 +307,10 @@ static void hex_dump_object(struct seq_file *seq, | |
len = min_t(size_t, object->size, HEX_MAX_LINES * HEX_ROW_SIZE); | |
seq_printf(seq, " hex dump (first %zu bytes):\n", len); | |
+ kasan_disable_current(); | |
seq_hex_dump(seq, " ", DUMP_PREFIX_NONE, HEX_ROW_SIZE, | |
HEX_GROUP_SIZE, ptr, len, HEX_ASCII); | |
+ kasan_enable_current(); | |
} | |
/* | |
diff --git a/mm/slub.c b/mm/slub.c | |
index d8fbd4a..9dfd8ff 100644 | |
--- a/mm/slub.c | |
+++ b/mm/slub.c | |
@@ -196,7 +196,12 @@ struct track { | |
unsigned long when; /* When did the operation occur */ | |
}; | |
-enum track_item { TRACK_ALLOC, TRACK_FREE }; | |
+enum track_item { | |
+ TRACK_ALLOC = 0, | |
+ TRACK_FREE, | |
+ TRACK_INDIRECT, | |
+ TRACK_NR, | |
+}; | |
#ifdef CONFIG_SYSFS | |
static int sysfs_slab_add(struct kmem_cache *); | |
@@ -553,6 +558,7 @@ static void init_tracking(struct kmem_cache *s, void *object) | |
set_track(s, object, TRACK_FREE, 0UL); | |
set_track(s, object, TRACK_ALLOC, 0UL); | |
+ set_track(s, object, TRACK_INDIRECT, 0UL); | |
} | |
static void print_track(const char *s, struct track *t) | |
@@ -581,6 +587,7 @@ static void print_tracking(struct kmem_cache *s, void *object) | |
print_track("Allocated", get_track(s, object, TRACK_ALLOC)); | |
print_track("Freed", get_track(s, object, TRACK_FREE)); | |
+ print_track("Indirect", get_track(s, object, TRACK_INDIRECT)); | |
} | |
static void print_page_info(struct page *page) | |
@@ -645,7 +652,7 @@ static void print_trailer(struct kmem_cache *s, struct page *page, u8 *p) | |
off = s->inuse; | |
if (s->flags & SLAB_STORE_USER) | |
- off += 2 * sizeof(struct track); | |
+ off += TRACK_NR * sizeof(struct track); | |
if (off != s->size) | |
/* Beginning of the filler is the free pointer */ | |
@@ -654,6 +661,29 @@ static void print_trailer(struct kmem_cache *s, struct page *page, u8 *p) | |
dump_stack(); | |
} | |
+void object_set_indirect(const void *addr) | |
+{ | |
+ if ((addr >= (void *)PAGE_OFFSET) && | |
+ (addr < high_memory)) { | |
+ struct page *page = virt_to_head_page(addr); | |
+ | |
+ if (PageSlab(page)) { | |
+ void *object; | |
+ struct kmem_cache *cache = page->slab_cache; | |
+ void *last_object; | |
+ | |
+ object = virt_to_obj(cache, page_address(page), addr); | |
+ last_object = page_address(page) + | |
+ page->objects * cache->size; | |
+ | |
+ if (unlikely(object > last_object)) | |
+ object = last_object; /* we hit into padding */ | |
+ | |
+ set_track(cache, object, TRACK_INDIRECT, (unsigned long)_RET_IP_); | |
+ } | |
+ } | |
+} | |
+ | |
void object_err(struct kmem_cache *s, struct page *page, | |
u8 *object, char *reason) | |
{ | |
@@ -769,7 +799,7 @@ static int check_pad_bytes(struct kmem_cache *s, struct page *page, u8 *p) | |
if (s->flags & SLAB_STORE_USER) | |
/* We also have user information there */ | |
- off += 2 * sizeof(struct track); | |
+ off += TRACK_NR * sizeof(struct track); | |
if (s->size == off) | |
return 1; | |
@@ -3283,7 +3313,7 @@ static int calculate_sizes(struct kmem_cache *s, int forced_order) | |
* Need to store information about allocs and frees after | |
* the object. | |
*/ | |
- size += 2 * sizeof(struct track); | |
+ size += TRACK_NR * sizeof(struct track); | |
if (flags & SLAB_RED_ZONE) | |
/* | |
diff --git a/net/nfc/llcp_commands.c b/net/nfc/llcp_commands.c | |
index 3621a90..5d94055 100644 | |
--- a/net/nfc/llcp_commands.c | |
+++ b/net/nfc/llcp_commands.c | |
@@ -729,7 +729,7 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap, | |
if (local == NULL) | |
return -ENODEV; | |
- msg_data = kzalloc(len, GFP_KERNEL); | |
+ msg_data = kzalloc(len, GFP_USER | __GFP_NOWARN); | |
if (msg_data == NULL) | |
return -ENOMEM; | |
diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c | |
index ecf0a01..5a91997 100644 | |
--- a/net/nfc/llcp_sock.c | |
+++ b/net/nfc/llcp_sock.c | |
@@ -500,7 +500,7 @@ static int llcp_sock_getname(struct socket *sock, struct sockaddr *uaddr, | |
struct nfc_llcp_sock *llcp_sock = nfc_llcp_sock(sk); | |
DECLARE_SOCKADDR(struct sockaddr_nfc_llcp *, llcp_addr, uaddr); | |
- if (llcp_sock == NULL || llcp_sock->dev == NULL) | |
+ if (llcp_sock == NULL || sk->sk_state == LLCP_CLOSED) | |
return -EBADFD; | |
pr_debug("%p %d %d %d\n", sk, llcp_sock->target_idx, | |
diff --git a/net/sctp/bind_addr.c b/net/sctp/bind_addr.c | |
index 871cdf9..80129d1 100644 | |
--- a/net/sctp/bind_addr.c | |
+++ b/net/sctp/bind_addr.c | |
@@ -111,7 +111,8 @@ int sctp_bind_addr_dup(struct sctp_bind_addr *dest, | |
dest->port = src->port; | |
list_for_each_entry(addr, &src->address_list, list) { | |
- error = sctp_add_bind_addr(dest, &addr->a, 1, gfp); | |
+ error = sctp_add_bind_addr(dest, &addr->a, sizeof(addr->a), | |
+ 1, gfp); | |
if (error < 0) | |
break; | |
} | |
@@ -150,7 +151,7 @@ void sctp_bind_addr_free(struct sctp_bind_addr *bp) | |
/* Add an address to the bind address list in the SCTP_bind_addr structure. */ | |
int sctp_add_bind_addr(struct sctp_bind_addr *bp, union sctp_addr *new, | |
- __u8 addr_state, gfp_t gfp) | |
+ int new_size, __u8 addr_state, gfp_t gfp) | |
{ | |
struct sctp_sockaddr_entry *addr; | |
@@ -159,7 +160,7 @@ int sctp_add_bind_addr(struct sctp_bind_addr *bp, union sctp_addr *new, | |
if (!addr) | |
return -ENOMEM; | |
- memcpy(&addr->a, new, sizeof(*new)); | |
+ memcpy(&addr->a, new, min_t(size_t, sizeof(*new), new_size)); | |
/* Fix up the port if it has not yet been set. | |
* Both v4 and v6 have the port at the same offset. | |
@@ -291,7 +292,8 @@ int sctp_raw_to_bind_addrs(struct sctp_bind_addr *bp, __u8 *raw_addr_list, | |
} | |
af->from_addr_param(&addr, rawaddr, htons(port), 0); | |
- retval = sctp_add_bind_addr(bp, &addr, SCTP_ADDR_SRC, gfp); | |
+ retval = sctp_add_bind_addr(bp, &addr, sizeof(addr), | |
+ SCTP_ADDR_SRC, gfp); | |
if (retval) { | |
/* Can't finish building the list, clean up. */ | |
sctp_bind_addr_clean(bp); | |
@@ -453,8 +455,8 @@ static int sctp_copy_one_addr(struct net *net, struct sctp_bind_addr *dest, | |
(((AF_INET6 == addr->sa.sa_family) && | |
(flags & SCTP_ADDR6_ALLOWED) && | |
(flags & SCTP_ADDR6_PEERSUPP)))) | |
- error = sctp_add_bind_addr(dest, addr, SCTP_ADDR_SRC, | |
- gfp); | |
+ error = sctp_add_bind_addr(dest, addr, sizeof(addr), | |
+ SCTP_ADDR_SRC, gfp); | |
} | |
return error; | |
diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c | |
index 1099e99..d3d50da 100644 | |
--- a/net/sctp/protocol.c | |
+++ b/net/sctp/protocol.c | |
@@ -216,6 +216,7 @@ int sctp_copy_local_addr_list(struct net *net, struct sctp_bind_addr *bp, | |
(copy_flags & SCTP_ADDR6_ALLOWED) && | |
(copy_flags & SCTP_ADDR6_PEERSUPP)))) { | |
error = sctp_add_bind_addr(bp, &addr->a, | |
+ sizeof(addr->a), | |
SCTP_ADDR_SRC, GFP_ATOMIC); | |
if (error) | |
goto end_copy; | |
diff --git a/net/sctp/sm_make_chunk.c b/net/sctp/sm_make_chunk.c | |
index 5d6a03f..1b91e97 100644 | |
--- a/net/sctp/sm_make_chunk.c | |
+++ b/net/sctp/sm_make_chunk.c | |
@@ -1830,7 +1830,7 @@ no_hmac: | |
/* Also, add the destination address. */ | |
if (list_empty(&retval->base.bind_addr.address_list)) { | |
sctp_add_bind_addr(&retval->base.bind_addr, &chunk->dest, | |
- SCTP_ADDR_SRC, GFP_ATOMIC); | |
+ sizeof(chunk->dest), SCTP_ADDR_SRC, GFP_ATOMIC); | |
} | |
retval->next_tsn = retval->c.initial_tsn; | |
diff --git a/net/sctp/socket.c b/net/sctp/socket.c | |
index e878da0..ccc9f37 100644 | |
--- a/net/sctp/socket.c | |
+++ b/net/sctp/socket.c | |
@@ -386,7 +386,8 @@ static int sctp_do_bind(struct sock *sk, union sctp_addr *addr, int len) | |
/* Add the address to the bind address list. | |
* Use GFP_ATOMIC since BHs will be disabled. | |
*/ | |
- ret = sctp_add_bind_addr(bp, addr, SCTP_ADDR_SRC, GFP_ATOMIC); | |
+ ret = sctp_add_bind_addr(bp, addr, af->sockaddr_len, | |
+ SCTP_ADDR_SRC, GFP_ATOMIC); | |
/* Copy back into socket for getsockname() use. */ | |
if (!ret) { | |
@@ -576,7 +577,7 @@ static int sctp_send_asconf_add_ip(struct sock *sk, | |
addr = addr_buf; | |
af = sctp_get_af_specific(addr->v4.sin_family); | |
memcpy(&saveaddr, addr, af->sockaddr_len); | |
- retval = sctp_add_bind_addr(bp, &saveaddr, | |
+ retval = sctp_add_bind_addr(bp, &saveaddr, sizeof(saveaddr), | |
SCTP_ADDR_NEW, GFP_ATOMIC); | |
addr_buf += af->sockaddr_len; | |
} | |
diff --git a/net/socket.c b/net/socket.c | |
index c044d1e..db13ae8 100644 | |
--- a/net/socket.c | |
+++ b/net/socket.c | |
@@ -2240,31 +2240,31 @@ int __sys_recvmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen, | |
cond_resched(); | |
} | |
-out_put: | |
- fput_light(sock->file, fput_needed); | |
- | |
if (err == 0) | |
- return datagrams; | |
+ goto out_put; | |
- if (datagrams != 0) { | |
+ if (datagrams == 0) { | |
+ datagrams = err; | |
+ goto out_put; | |
+ } | |
+ | |
+ /* | |
+ * We may return less entries than requested (vlen) if the | |
+ * sock is non block and there aren't enough datagrams... | |
+ */ | |
+ if (err != -EAGAIN) { | |
/* | |
- * We may return less entries than requested (vlen) if the | |
- * sock is non block and there aren't enough datagrams... | |
+ * ... or if recvmsg returns an error after we | |
+ * received some datagrams, where we record the | |
+ * error to return on the next call or if the | |
+ * app asks about it using getsockopt(SO_ERROR). | |
*/ | |
- if (err != -EAGAIN) { | |
- /* | |
- * ... or if recvmsg returns an error after we | |
- * received some datagrams, where we record the | |
- * error to return on the next call or if the | |
- * app asks about it using getsockopt(SO_ERROR). | |
- */ | |
- sock->sk->sk_err = -err; | |
- } | |
- | |
- return datagrams; | |
+ sock->sk->sk_err = -err; | |
} | |
+out_put: | |
+ fput_light(sock->file, fput_needed); | |
- return err; | |
+ return datagrams; | |
} | |
SYSCALL_DEFINE5(recvmmsg, int, fd, struct mmsghdr __user *, mmsg, | |
diff --git a/sound/core/control.c b/sound/core/control.c | |
index a85d455..2dbc189 100644 | |
--- a/sound/core/control.c | |
+++ b/sound/core/control.c | |
@@ -665,7 +665,7 @@ struct snd_kcontrol *snd_ctl_find_numid(struct snd_card *card, unsigned int numi | |
{ | |
struct snd_kcontrol *kctl; | |
- if (snd_BUG_ON(!card || !numid)) | |
+ if (!card || !numid) | |
return NULL; | |
list_for_each_entry(kctl, &card->controls, list) { | |
if (kctl->id.numid <= numid && kctl->id.numid + kctl->count > numid) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment