AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2025-03-11 23:27:42 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
8a1435880f
linux_dsm_epyc7002/drivers
History
Rabin Vincent 8a1435880f ubi: fastmap: Fix slab corruption 
Booting with UBI fastmap and SLUB debugging enabled results in the
following splats.  The problem is that ubi_scan_fastmap() moves the
fastmap blocks from the scan_ai (allocated in scan_fast()) to the ai
allocated in ubi_attach().  This results in two problems:

 - When the scan_ai is freed, aebs which were allocated from its slab
   cache are still in use.

 - When the other ai is being destroyed in destroy_ai(), the
   arguments to kmem_cache_free() call are incorrect since aebs on its
   ->fastmap list were allocated with a slab cache from a differnt ai.

Fix this by making a copy of the aebs in ubi_scan_fastmap() instead of
moving them.

 =============================================================================
 BUG ubi_aeb_slab_cache (Not tainted): Objects remaining in ubi_aeb_slab_cache on __kmem_cache_shutdown()
 -----------------------------------------------------------------------------

 INFO: Slab 0xbfd2da3c objects=17 used=1 fp=0xb33d7748 flags=0x40000080
 CPU: 1 PID: 118 Comm: ubiattach Tainted: G    B           4.9.15 #3
 [<80111910>] (unwind_backtrace) from [<8010d498>] (show_stack+0x18/0x1c)
 [<8010d498>] (show_stack) from [<804a3274>] (dump_stack+0xb4/0xe0)
 [<804a3274>] (dump_stack) from [<8026c47c>] (slab_err+0x78/0x88)
 [<8026c47c>] (slab_err) from [<802735bc>] (__kmem_cache_shutdown+0x180/0x3e0)
 [<802735bc>] (__kmem_cache_shutdown) from [<8024e13c>] (shutdown_cache+0x1c/0x60)
 [<8024e13c>] (shutdown_cache) from [<8024ed64>] (kmem_cache_destroy+0x19c/0x20c)
 [<8024ed64>] (kmem_cache_destroy) from [<8057cc14>] (destroy_ai+0x1dc/0x1e8)
 [<8057cc14>] (destroy_ai) from [<8057f04c>] (ubi_attach+0x3f4/0x450)
 [<8057f04c>] (ubi_attach) from [<8056fe70>] (ubi_attach_mtd_dev+0x60c/0xff8)
 [<8056fe70>] (ubi_attach_mtd_dev) from [<80571d78>] (ctrl_cdev_ioctl+0x110/0x2b8)
 [<80571d78>] (ctrl_cdev_ioctl) from [<8029c77c>] (do_vfs_ioctl+0xac/0xa00)
 [<8029c77c>] (do_vfs_ioctl) from [<8029d10c>] (SyS_ioctl+0x3c/0x64)
 [<8029d10c>] (SyS_ioctl) from [<80108860>] (ret_fast_syscall+0x0/0x1c)
 INFO: Object 0xb33d7e88 @offset=3720
 INFO: Allocated in scan_peb+0x608/0x81c age=72 cpu=1 pid=118
 	kmem_cache_alloc+0x3b0/0x43c
 	scan_peb+0x608/0x81c
 	ubi_attach+0x124/0x450
 	ubi_attach_mtd_dev+0x60c/0xff8
 	ctrl_cdev_ioctl+0x110/0x2b8
 	do_vfs_ioctl+0xac/0xa00
 	SyS_ioctl+0x3c/0x64
 	ret_fast_syscall+0x0/0x1c
 kmem_cache_destroy ubi_aeb_slab_cache: Slab cache still has objects
 CPU: 1 PID: 118 Comm: ubiattach Tainted: G    B           4.9.15 #3
 [<80111910>] (unwind_backtrace) from [<8010d498>] (show_stack+0x18/0x1c)
 [<8010d498>] (show_stack) from [<804a3274>] (dump_stack+0xb4/0xe0)
 [<804a3274>] (dump_stack) from [<8024ed80>] (kmem_cache_destroy+0x1b8/0x20c)
 [<8024ed80>] (kmem_cache_destroy) from [<8057cc14>] (destroy_ai+0x1dc/0x1e8)
 [<8057cc14>] (destroy_ai) from [<8057f04c>] (ubi_attach+0x3f4/0x450)
 [<8057f04c>] (ubi_attach) from [<8056fe70>] (ubi_attach_mtd_dev+0x60c/0xff8)
 [<8056fe70>] (ubi_attach_mtd_dev) from [<80571d78>] (ctrl_cdev_ioctl+0x110/0x2b8)
 [<80571d78>] (ctrl_cdev_ioctl) from [<8029c77c>] (do_vfs_ioctl+0xac/0xa00)
 [<8029c77c>] (do_vfs_ioctl) from [<8029d10c>] (SyS_ioctl+0x3c/0x64)
 [<8029d10c>] (SyS_ioctl) from [<80108860>] (ret_fast_syscall+0x0/0x1c)
 cache_from_obj: Wrong slab cache. ubi_aeb_slab_cache but object is from ubi_aeb_slab_cache
 ------------[ cut here ]------------
 WARNING: CPU: 1 PID: 118 at mm/slab.h:354 kmem_cache_free+0x39c/0x450
 Modules linked in:
 CPU: 1 PID: 118 Comm: ubiattach Tainted: G    B           4.9.15 #3
 [<80111910>] (unwind_backtrace) from [<8010d498>] (show_stack+0x18/0x1c)
 [<8010d498>] (show_stack) from [<804a3274>] (dump_stack+0xb4/0xe0)
 [<804a3274>] (dump_stack) from [<80120e40>] (__warn+0xf4/0x10c)
 [<80120e40>] (__warn) from [<80120f20>] (warn_slowpath_null+0x28/0x30)
 [<80120f20>] (warn_slowpath_null) from [<80271fe0>] (kmem_cache_free+0x39c/0x450)
 [<80271fe0>] (kmem_cache_free) from [<8057cb88>] (destroy_ai+0x150/0x1e8)
 [<8057cb88>] (destroy_ai) from [<8057ef1c>] (ubi_attach+0x2c4/0x450)
 [<8057ef1c>] (ubi_attach) from [<8056fe70>] (ubi_attach_mtd_dev+0x60c/0xff8)
 [<8056fe70>] (ubi_attach_mtd_dev) from [<80571d78>] (ctrl_cdev_ioctl+0x110/0x2b8)
 [<80571d78>] (ctrl_cdev_ioctl) from [<8029c77c>] (do_vfs_ioctl+0xac/0xa00)
 [<8029c77c>] (do_vfs_ioctl) from [<8029d10c>] (SyS_ioctl+0x3c/0x64)
 [<8029d10c>] (SyS_ioctl) from [<80108860>] (ret_fast_syscall+0x0/0x1c)
 ---[ end trace 2bd8396277fd0a0b ]---
 =============================================================================
 BUG ubi_aeb_slab_cache (Tainted: G    B   W      ): page slab pointer corrupt.
 -----------------------------------------------------------------------------

 INFO: Allocated in scan_peb+0x608/0x81c age=104 cpu=1 pid=118
 	kmem_cache_alloc+0x3b0/0x43c
 	scan_peb+0x608/0x81c
 	ubi_attach+0x124/0x450
 	ubi_attach_mtd_dev+0x60c/0xff8
 	ctrl_cdev_ioctl+0x110/0x2b8
 	do_vfs_ioctl+0xac/0xa00
 	SyS_ioctl+0x3c/0x64
 	ret_fast_syscall+0x0/0x1c
 INFO: Slab 0xbfd2da3c objects=17 used=1 fp=0xb33d7748 flags=0x40000081
 INFO: Object 0xb33d7e88 @offset=3720 fp=0xb33d7da0

 Redzone b33d7e80: cc cc cc cc cc cc cc cc                          ........
 Object b33d7e88: 02 00 00 00 01 00 00 00 00 f0 ff 7f ff ff ff ff  ................
 Object b33d7e98: 00 00 00 00 00 00 00 00 bd 16 00 00 00 00 00 00  ................
 Object b33d7ea8: 00 01 00 00 00 02 00 00 00 00 00 00 00 00 00 00  ................
 Redzone b33d7eb8: cc cc cc cc                                      ....
 Padding b33d7f60: 5a 5a 5a 5a 5a 5a 5a 5a                          ZZZZZZZZ
 CPU: 1 PID: 118 Comm: ubiattach Tainted: G    B   W       4.9.15 #3
 [<80111910>] (unwind_backtrace) from [<8010d498>] (show_stack+0x18/0x1c)
 [<8010d498>] (show_stack) from [<804a3274>] (dump_stack+0xb4/0xe0)
 [<804a3274>] (dump_stack) from [<80271770>] (free_debug_processing+0x320/0x3c4)
 [<80271770>] (free_debug_processing) from [<80271ad0>] (__slab_free+0x2bc/0x430)
 [<80271ad0>] (__slab_free) from [<80272024>] (kmem_cache_free+0x3e0/0x450)
 [<80272024>] (kmem_cache_free) from [<8057cb88>] (destroy_ai+0x150/0x1e8)
 [<8057cb88>] (destroy_ai) from [<8057ef1c>] (ubi_attach+0x2c4/0x450)
 [<8057ef1c>] (ubi_attach) from [<8056fe70>] (ubi_attach_mtd_dev+0x60c/0xff8)
 [<8056fe70>] (ubi_attach_mtd_dev) from [<80571d78>] (ctrl_cdev_ioctl+0x110/0x2b8)
 [<80571d78>] (ctrl_cdev_ioctl) from [<8029c77c>] (do_vfs_ioctl+0xac/0xa00)
 [<8029c77c>] (do_vfs_ioctl) from [<8029d10c>] (SyS_ioctl+0x3c/0x64)
 [<8029d10c>] (SyS_ioctl) from [<80108860>] (ret_fast_syscall+0x0/0x1c)
 FIX ubi_aeb_slab_cache: Object at 0xb33d7e88 not freed

Signed-off-by: Rabin Vincent <rabinv@axis.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
2017-05-08 20:48:33 +02:00
..
accessibility
acpi ACPI / power: Avoid maybe-uninitialized warning 2017-04-19 22:46:10 +02:00
amba
android
ata sata_via: Enable hotplug only on VT6421 2017-04-11 09:12:18 +09:00
atm
auxdisplay auxdisplay: img-ascii-lcd: add missing sentinel entry in img_ascii_lcd_matches 2017-03-16 16:59:55 +09:00
base drivers core: remove assert_held_device_hotplug() 2017-03-16 16:56:19 -07:00
bcma
block mtip32xx: pass BLK_MQ_F_NO_SCHED 2017-04-19 14:15:45 -06:00
bluetooth Bluetooth: btqcomsmd: fix compile-test dependency 2017-03-22 19:22:04 -07:00
bus
cdrom
char Fixes /dev/mem to read back zeros for System RAM areas in the 1MB exception 2017-04-14 08:57:20 -07:00
clk clk: sunxi-ng: always select CCU_GATE 2017-04-28 10:47:21 -07:00
clocksource Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-04-02 09:22:03 -07:00
connector
cpufreq cpufreq: Bring CPUs up even if cpufreq_online() failed 2017-04-13 03:38:44 +02:00
cpuidle cpuidle: powernv: Pass correct drv->cpumask for registration 2017-03-29 22:55:36 +02:00
crypto Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2017-04-10 09:37:43 -07:00
dax device-dax: switch to srcu, fix rcu_read_lock() vs pte allocation 2017-04-12 13:45:18 -07:00
dca
devfreq
dio
dma dmaengine: Fix array index out of bounds warning in __get_unmap_pool() 2017-03-14 10:11:27 +05:30
dma-buf
edac EDAC, pnd2_edac: Fix reported DIMM number 2017-03-26 09:36:28 +02:00
eisa
extcon extcon: int3496: Set the id pin to direction-input if necessary 2017-03-22 18:29:48 +09:00
firewire
firmware efi/libstub: Skip GOP with PIXEL_BLT_ONLY format 2017-04-05 09:20:18 +02:00
fmc
fpga
fsi
gpio ACPI / gpio: do not fall back to parsing _CRS when we get a deferral 2017-03-30 11:08:46 +02:00
gpu Merge branch 'linux-4.11' of git://github.com/skeggsb/linux into drm-fixes 2017-04-13 09:56:05 +10:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2017-04-20 12:26:10 -07:00
hsi
hv Drivers: hv: vmbus: Don't leak memory when a channel is rescinded 2017-03-16 16:42:33 +09:00
hwmon hwmon: (asus_atk0110) fix uninitialized data access 2017-03-23 12:01:57 -07:00
hwspinlock
hwtracing intel_th: pci: Add Gemini Lake support 2017-03-15 14:55:18 +02:00
i2c i2c: mux: pca954x: Add missing pca9546 definition to chip_desc 2017-03-24 12:22:18 +01:00
ide
idle
iio iio: hid-sensor-attributes: Fix sensor property setting failure. 2017-04-02 11:44:03 +01:00
infiniband Merge git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2017-04-11 23:51:58 -07:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2017-04-28 11:08:42 -07:00
iommu Merge branch 'for-joerg/arm-smmu/fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/will/linux into iommu/fixes 2017-03-22 23:59:56 +01:00
ipack
irqchip irqchip/irq-imx-gpcv2: Fix spinlock initialization 2017-04-14 10:55:05 +02:00
isdn isdn: kcapi: avoid uninitialized data 2017-03-28 17:59:33 -07:00
leds
lguest
lightnvm
macintosh powerpc/pmac: Fix crash in dma-mapping.h with NULL dma_ops 2017-03-10 14:17:23 +11:00
mailbox
mcb
md Merge branch 'for-linus' of git://git.kernel.dk/linux-block 2017-04-08 11:56:58 -07:00
media media fixes for v4.11-rc4 2017-03-24 13:34:16 -07:00
memory
memstick
message
mfd
misc Char/Misc driver fixes for 4.11-rc4 2017-03-26 11:15:54 -07:00
mmc mmc: sdhci-esdhc-imx: increase the pad I/O drive strength for DDR50 card 2017-04-20 14:41:05 +02:00
mtd ubi: fastmap: Fix slab corruption 2017-05-08 20:48:33 +02:00
net net: hso: register netdev later to avoid a race condition 2017-04-28 16:11:48 -04:00
nfc
ntb
nubus
nvdimm libnvdimm: band aid btt vs clear poison locking 2017-04-10 17:21:45 -07:00
nvme nvme: Quirk APST off on "THNSF5256GPUK TOSHIBA" 2017-04-20 14:42:10 -06:00
nvmem nvmem: core: Allow getting nvmem cell with a NULL cell id 2017-01-25 11:49:39 +01:00
of
oprofile
parisc
parport parport: fix attempt to write duplicate procfiles 2017-03-16 17:32:21 +09:00
pci PCI: hisi: Fix DT binding (hisi-pcie-almost-ecam) 2017-04-12 10:46:47 -05:00
pcmcia
perf
phy phy: qcom-usb-hs: Add depends on EXTCON 2017-03-09 15:29:57 +05:30
pinctrl pinctrl: cherryview: Add a quirk to make Acer Chromebook keyboard work again 2017-04-11 10:09:39 +02:00
platform platform-drivers-x86 for v4.11-2 2017-03-13 13:23:43 -07:00
pnp
power
powercap
pps
ps3
ptp PTP: fix ptr_ret.cocci warnings 2017-03-20 16:25:06 +01:00
pwm pwm: rockchip: State of PWM clock should synchronize with PWM enabled state 2017-04-06 15:08:52 +02:00
rapidio drivers/rapidio/devices/tsi721.c: make module parameter variable name unique 2017-03-31 17:13:30 -07:00
ras
regulator
remoteproc remoteproc: qcom: fix QCOM_SMD dependencies 2017-03-20 14:45:44 -07:00
reset reset: add exported __reset_control_get, return NULL if optional 2017-04-04 17:36:10 +02:00
rpmsg
rtc
s390 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-04-05 20:17:38 -07:00
sbus
scsi SCSI fixes on 20170424 2017-04-24 13:31:08 -07:00
sfi
sh
sn
soc
spi
spmi
ssb
staging staging: android: ashmem: lseek failed due to no FMODE_LSEEK. 2017-04-08 12:13:11 +02:00
target tcmu: Skip Data-Out blocks before gathering Data-In buffer for BIDI case 2017-04-02 16:18:51 -07:00
tc
thermal thermal: cpu_cooling: Check OPP for errors 2017-03-13 10:06:55 +08:00
thunderbolt
tty Revert "tty: don't panic on OOM in tty_set_ldisc()" 2017-04-14 10:59:56 +02:00
uio
usb Merge git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2017-04-11 23:51:58 -07:00
uwb uwb: i1480-dfu: fix NULL-deref at probe 2017-03-14 17:07:31 +08:00
vfio VFIO fixes for v4.11-rc4 2017-03-24 14:39:36 -07:00
vhost vhost-vsock: add pkt cancel capability 2017-03-21 14:41:46 -07:00
video backlight: pwm_bl: Fix GPIO out for unimplemented .get_direction() 2017-04-19 19:59:44 +01:00
virt
virtio virtio-pci: Remove affinity hint before freeing the interrupt 2017-04-11 00:30:20 +03:00
vlynq
vme
w1
watchdog
xen xenbus: remove transaction holder from list before freeing 2017-04-04 10:11:06 -04:00
zorro
Kconfig
Makefile