hollalinux
/
linux-sg2042
mirror of https://github.com/sophgo/linux-riscv.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux-sg2042/drivers
History
Nikolay Aleksandrov 7f109f7cc3 vrf: fix double free and memory corruption on register_netdevice failure 
When vrf's ->newlink is called, if register_netdevice() fails then it
does free_netdev(), but that's also done by rtnl_newlink() so a second
free happens and memory gets corrupted, to reproduce execute the
following line a couple of times (1 - 5 usually is enough):
$ for i in `seq 1 5`; do ip link add vrf: type vrf table 1; done;
This works because we fail in register_netdevice() because of the wrong
name "vrf:".

And here's a trace of one crash:
[   28.792157] ------------[ cut here ]------------
[   28.792407] kernel BUG at fs/namei.c:246!
[   28.792608] invalid opcode: 0000 [#1] SMP
[   28.793240] Modules linked in: vrf nfsd auth_rpcgss oid_registry
nfs_acl nfs lockd grace sunrpc crct10dif_pclmul crc32_pclmul
crc32c_intel qxl drm_kms_helper ttm drm aesni_intel aes_x86_64 psmouse
glue_helper lrw evdev gf128mul i2c_piix4 ablk_helper cryptd ppdev
parport_pc parport serio_raw pcspkr virtio_balloon virtio_console
i2c_core acpi_cpufreq button 9pnet_virtio 9p 9pnet fscache ipv6 autofs4
ext4 crc16 mbcache jbd2 virtio_blk virtio_net sg sr_mod cdrom
ata_generic ehci_pci uhci_hcd ehci_hcd e1000 usbcore usb_common ata_piix
libata virtio_pci virtio_ring virtio scsi_mod floppy
[   28.796016] CPU: 0 PID: 1148 Comm: ld-linux-x86-64 Not tainted
4.4.0-rc1+ #24
[   28.796016] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.8.1-20150318_183358- 04/01/2014
[   28.796016] task: ffff8800352561c0 ti: ffff88003592c000 task.ti:
ffff88003592c000
[   28.796016] RIP: 0010:[<ffffffff812187b3>]  [<ffffffff812187b3>]
putname+0x43/0x60
[   28.796016] RSP: 0018:ffff88003592fe88  EFLAGS: 00010246
[   28.796016] RAX: 0000000000000000 RBX: ffff8800352561c0 RCX:
0000000000000001
[   28.796016] RDX: 0000000000000000 RSI: 0000000000000000 RDI:
ffff88003784f000
[   28.796016] RBP: ffff88003592ff08 R08: 0000000000000001 R09:
0000000000000000
[   28.796016] R10: 0000000000000000 R11: 0000000000000001 R12:
0000000000000000
[   28.796016] R13: 000000000000047c R14: ffff88003784f000 R15:
ffff8800358c4a00
[   28.796016] FS:  0000000000000000(0000) GS:ffff88003fc00000(0000)
knlGS:0000000000000000
[   28.796016] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   28.796016] CR2: 00007ffd583bc2d9 CR3: 0000000035a99000 CR4:
00000000000406f0
[   28.796016] Stack:
[   28.796016]  ffffffff8121045d ffffffff812102d3 ffff8800352561c0
ffff880035a91660
[   28.796016]  ffff8800008a9880 0000000000000000 ffffffff81a49940
00ffffff81218684
[   28.796016]  ffff8800352561c0 000000000000047c 0000000000000000
ffff880035b36d80
[   28.796016] Call Trace:
[   28.796016]  [<ffffffff8121045d>] ?
do_execveat_common.isra.34+0x74d/0x930
[   28.796016]  [<ffffffff812102d3>] ?
do_execveat_common.isra.34+0x5c3/0x930
[   28.796016]  [<ffffffff8121066c>] do_execve+0x2c/0x30
[   28.796016]  [<ffffffff810939a0>]
call_usermodehelper_exec_async+0xf0/0x140
[   28.796016]  [<ffffffff810938b0>] ? umh_complete+0x40/0x40
[   28.796016]  [<ffffffff815cb1af>] ret_from_fork+0x3f/0x70
[   28.796016] Code: 48 8d 47 1c 48 89 e5 53 48 8b 37 48 89 fb 48 39 c6
74 1a 48 8b 3d 7e e9 8f 00 e8 49 fa fc ff 48 89 df e8 f1 01 fd ff 5b 5d
f3 c3 <0f> 0b 48 89 fe 48 8b 3d 61 e9 8f 00 e8 2c fa fc ff 5b 5d eb e9
[   28.796016] RIP  [<ffffffff812187b3>] putname+0x43/0x60
[   28.796016]  RSP <ffff88003592fe88>

Fixes: 193125dbd8 ("net: Introduce VRF device driver")
Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Acked-by: David Ahern <dsa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2015-11-23 17:52:46 -05:00
..
accessibility
acpi More power management and ACPI updates for v4.4-rc1 2015-11-12 11:50:33 -08:00
amba
android
ata SCSI misc on 20151113 2015-11-13 20:35:54 -08:00
atm
auxdisplay
base More power management and ACPI updates for v4.4-rc1 2015-11-12 11:50:33 -08:00
bcma
block Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2015-11-13 09:24:40 -08:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-11-10 18:11:41 -08:00
bus ARM: SoC driver updates for v4.4 2015-11-10 15:00:03 -08:00
cdrom
char Merge tag 'tpmdd-next-20151110' of https://github.com/jsakkine/linux-tpmdd into for-linus 2015-11-12 20:38:04 +11:00
clk h8300 update for v4.4 2015-11-12 15:26:39 -08:00
clocksource Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2015-11-15 09:10:53 -08:00
connector mm, page_alloc: distinguish between being unable to sleep, unwilling to sleep and avoiding waking kswapd 2015-11-06 17:50:42 -08:00
cpufreq More power management and ACPI updates for v4.4-rc1 2015-11-12 11:50:33 -08:00
cpuidle
crypto Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2015-11-17 09:40:05 -08:00
dca
devfreq
dio
dma dmaengine updates for 4.4-rc1 2015-11-10 10:05:17 -08:00
dma-buf dma-buf/fence: add fence_wait_any_timeout function v2 2015-10-30 01:16:16 -04:00
edac asm-generic cleanups 2015-11-06 14:22:15 -08:00
eisa
extcon
firewire IEEE 1394 subsystem patch: 2015-11-11 10:21:34 -08:00
firmware ARM: SoC driver updates for v4.4 2015-11-10 15:00:03 -08:00
fmc
fpga fpga: socfpga: Fix check of return value of devm_request_irq 2015-10-29 15:20:25 -07:00
gpio asm-generic cleanups 2015-11-06 14:22:15 -08:00
gpu Merge branch 'drm-next' of git://people.freedesktop.org/~airlied/linux 2015-11-13 09:12:38 -08:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2015-11-07 12:49:27 -08:00
hsi hsi: controllers:remove redundant code 2015-10-30 16:10:40 +01:00
hv drivers/hv: share Hyper-V SynIC constants with userspace 2015-11-04 16:24:33 +01:00
hwmon hwmon: (scpi) skip unsupported sensors properly 2015-11-16 09:59:50 -08:00
hwspinlock
hwtracing Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-11-13 20:04:17 -08:00
i2c Merge branch 'i2c/for-4.4' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2015-11-10 11:58:25 -08:00
ide mm, page_alloc: rename __GFP_WAIT to __GFP_RECLAIM 2015-11-06 17:50:42 -08:00
idle
iio spi: Updates for v4.4 2015-11-05 13:15:12 -08:00
infiniband SCSI misc on 20151113 2015-11-13 20:35:54 -08:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2015-11-13 21:41:14 -08:00
iommu s390/pci_dma: handle dma table failures 2015-11-09 09:10:49 +01:00
ipack
irqchip Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2015-11-15 09:10:53 -08:00
isdn TTY/Serial driver patches for 4.4-rc1 2015-11-04 21:35:12 -08:00
leds spi: Updates for v4.4 2015-11-05 13:15:12 -08:00
lguest
lightnvm block: change ->make_request_fn() and users to return a queue cookie 2015-11-07 10:40:46 -07:00
macintosh
mailbox mailbox: mailbox-test: avoid reading iomem twice 2015-11-04 14:03:04 +05:30
mcb mcb: Destroy IDA on module unload 2015-10-29 09:02:16 +09:00
md Merge branch 'for-4.4/io-poll' of git://git.kernel.dk/linux-block 2015-11-10 17:23:49 -08:00
media netup_unidvb: use pci_set_dma_mask insted of pci_dma_supported 2015-11-10 16:32:11 -08:00
memory ARM: SoC driver updates for v4.4 2015-11-10 15:00:03 -08:00
memstick
message SCSI queue for 4.4. 2015-11-12 07:06:18 -05:00
mfd asm-generic cleanups 2015-11-06 14:22:15 -08:00
misc Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-11-13 20:04:17 -08:00
mmc spi: Updates for v4.4 2015-11-05 13:15:12 -08:00
mtd This pull request includes the following UBI/UBIFS changes: 2015-11-10 16:35:06 -08:00
net vrf: fix double free and memory corruption on register_netdevice failure 2015-11-23 17:52:46 -05:00
nfc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-11-10 18:11:41 -08:00
ntb NTB: fix 32-bit compiler warning 2015-11-08 16:24:43 -05:00
nubus
nvdimm libnvdimm, pmem: fix size trim in pmem_direct_access() 2015-11-12 09:55:23 -08:00
nvme NVMe: add support for Apple NVMe controller 2015-11-11 09:36:57 -07:00
nvmem
of More power management and ACPI updates for v4.4-rc1 2015-11-12 11:50:33 -08:00
oprofile
parisc pci: remove pci_dma_supported 2015-11-10 16:32:11 -08:00
parport
pci More power management and ACPI updates for v4.4-rc1 2015-11-12 11:50:33 -08:00
pcmcia
perf arm64 updates for 4.4: 2015-11-04 14:47:13 -08:00
phy phy: qcom-ufs: fix build error when the component is built as a module 2015-11-09 17:44:24 -05:00
pinctrl This is the bulk of GPIO changes for v4.4: 2015-11-02 12:59:12 -08:00
platform platform/chrome: Branch for v4.4 2015-11-13 21:53:18 -08:00
pnp
power - New Device Support 2015-11-06 10:23:50 -08:00
powercap
pps
ps3
ptp
pwm pwm: Changes for v4.4-rc1 2015-11-11 09:16:10 -08:00
rapidio
ras
regulator spi: Updates for v4.4 2015-11-05 13:15:12 -08:00
remoteproc
reset
rpmsg
rtc RTC for 4.4 2015-11-10 10:01:21 -08:00
s390 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux 2015-11-18 08:59:29 -08:00
sbus
scsi SCSI misc on 20151113 2015-11-13 20:35:54 -08:00
sfi
sh
sn
soc ARM: SoC driver updates for v4.4 2015-11-10 15:00:03 -08:00
spi Merge remote-tracking branches 'spi/topic/s3c64xx', 'spi/topic/ti-qspi' and 'spi/topic/txx9' into spi-next 2015-11-04 11:02:16 +00:00
spmi char/misc drivers for 4.4-rc1 2015-11-04 22:15:15 -08:00
ssb ssb: add Kconfig entry for compiling SoC related code 2015-10-28 21:05:21 +02:00
staging Merge branch 'for-4.4/io-poll' of git://git.kernel.dk/linux-block 2015-11-10 17:23:49 -08:00
target SCSI misc on 20151113 2015-11-13 20:35:54 -08:00
tc
thermal thermal: rockchip: fix compile error 2015-11-11 19:52:39 -08:00
thunderbolt
tty asm-generic cleanups 2015-11-06 14:22:15 -08:00
uio
usb SCSI misc on 20151113 2015-11-13 20:35:54 -08:00
uwb driver core update for 4.4-rc1 2015-11-04 21:50:37 -08:00
vfio VFIO updates for v4.4-rc1 2015-11-13 17:05:32 -08:00
vhost Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-11-13 20:04:17 -08:00
video fbdev changes for 4.4 2015-11-10 10:00:09 -08:00
virt
virtio
vlynq
vme char/misc drivers for 4.4-rc1 2015-11-04 22:15:15 -08:00
w1 power supply and reset changes for the v4.4 series 2015-11-05 12:28:15 -08:00
watchdog Merge git://www.linux-watchdog.org/linux-watchdog 2015-11-10 10:11:12 -08:00
xen Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2015-11-13 20:04:17 -08:00
zorro
Kconfig char/misc drivers for 4.4-rc1 2015-11-04 22:15:15 -08:00
Makefile char/misc drivers for 4.4-rc1 2015-11-04 22:15:15 -08:00