~roxanan/ubuntu/+source/linux/+git/bionic:master-next
- Git
- lp:~roxanan/ubuntu/+source/linux/+git/bionic
- master-next
- Get this branch:
-
git clone
-b master-next
https://git.launchpad.net/~roxanan/ubuntu/+source/linux/+git/bionic
Branch merges
Related source package recipes
Branch information
- Name:
- master-next
- Repository:
- lp:~roxanan/ubuntu/+source/linux/+git/bionic
Recent commits
- 48827ed... by Kamal Mostafa
-
UBUNTU: Upstream stable to v4.14.302, v4.19.269
BugLink: https:/
/bugs.launchpad .net/bugs/ 2003596 Ignore: yes
Signed-off-by: Kamal Mostafa <email address hidden>
Signed-off-by: Roxana Nicolescu <email address hidden> - 2309098... by Frank Jungclaus <email address hidden>
-
can: esd_usb: Allow REC and TEC to return to zero
BugLink: https:/
/bugs.launchpad .net/bugs/ 2003596 [ Upstream commit 918ee4911f7a41f
b4505dff877c1d7 f9f64eb43e ] We don't get any further EVENT from an esd CAN USB device for changes
on REC or TEC while those counters converge to 0 (with ecc == 0). So
when handling the "Back to Error Active"-event force txerr = rxerr =
0, otherwise the berr-counters might stay on values like 95 forever.Also, to make life easier during the ongoing development a
netdev_dbg() has been introduced to allow dumping error events send by
an esd CAN USB device.Fixes: 96d8e90382dc ("can: Add driver for esd CAN-USB/2 device")
Signed-off-by: Frank Jungclaus <email address hidden>
Link: https://<email address hidden>
Cc: <email address hidden>
Signed-off-by: Marc Kleine-Budde <email address hidden>
Signed-off-by: Sasha Levin <email address hidden>
Signed-off-by: Kamal Mostafa <email address hidden>
Signed-off-by: Roxana Nicolescu <email address hidden> - 56d4631... by Pankaj Raghav <email address hidden>
-
nvme initialize core quirks before calling nvme_init_subsystem
BugLink: https:/
/bugs.launchpad .net/bugs/ 2003596 [ Upstream commit 6f2d71524bcfdeb
1fcbd22a4a92a5b 7b161ab224 ] A device might have a core quirk for NVME_QUIRK_
IGNORE_ DEV_SUBNQN
(such as Samsung X5) but it would still give a:"missing or invalid SUBNQN field"
warning as core quirks are filled after calling nvme_init_subnqn. Fill
ctrl->quirks from struct core_quirks before calling nvme_init_subsystem
to fix this.Tested on a Samsung X5.
Fixes: ab9e00cc72fa ("nvme: track subsystems")
Signed-off-by: Pankaj Raghav <email address hidden>
Signed-off-by: Christoph Hellwig <email address hidden>
Signed-off-by: Sasha Levin <email address hidden>
Signed-off-by: Kamal Mostafa <email address hidden>
Signed-off-by: Roxana Nicolescu <email address hidden> - a3b3e96... by Przemyslaw Patynowski <email address hidden>
-
i40e: Disallow ip4 and ip6 l4_4_bytes
BugLink: https:/
/bugs.launchpad .net/bugs/ 2003596 [ Upstream commit d64aaf3f7869f91
5fd120763d75f11 d6b116424d ] Return -EOPNOTSUPP, when user requests l4_4_bytes for raw IP4 or
IP6 flow director filters. Flow director does not support filtering
on l4 bytes for PCTYPEs used by IP4 and IP6 filters.
Without this patch, user could create filters with l4_4_bytes fields,
which did not do any filtering on L4, but only on L3 fields.Fixes: 36777d9fa24c ("i40e: check current configured input set when adding ntuple filters")
Signed-off-by: Przemyslaw Patynowski <email address hidden>
Signed-off-by: Kamil Maziarz <email address hidden>
Reviewed-by: Jacob Keller <email address hidden>
Tested-by: Gurucharan G <email address hidden> (A Contingent worker at Intel)
Signed-off-by: Tony Nguyen <email address hidden>
Signed-off-by: Sasha Levin <email address hidden>
Signed-off-by: Kamal Mostafa <email address hidden>
Signed-off-by: Roxana Nicolescu <email address hidden> - e925b75... by Sylwester Dziedziuch <email address hidden>
-
i40e: Fix for VF MAC address 0
BugLink: https:/
/bugs.launchpad .net/bugs/ 2003596 [ Upstream commit 08501970472077e
d5de346ad89943a 37d1692e9b ] After spawning max VFs on a PF, some VFs were not getting resources and
their MAC addresses were 0. This was caused by PF sleeping before flushing
HW registers which caused VIRTCHNL_VFR_VFACTIVE to not be set in time for
VF.Fix by adding a sleep after hw flush.
Fixes: e4b433f4a741 ("i40e: reset all VFs in parallel when rebuilding PF")
Signed-off-by: Sylwester Dziedziuch <email address hidden>
Signed-off-by: Jan Sokolowski <email address hidden>
Tested-by: Konrad Jankowski <email address hidden>
Signed-off-by: Tony Nguyen <email address hidden>
Signed-off-by: Sasha Levin <email address hidden>
Signed-off-by: Kamal Mostafa <email address hidden>
Signed-off-by: Roxana Nicolescu <email address hidden> - 5e03892... by Michal Jaron <email address hidden>
-
i40e: Fix not setting default xps_cpus after reset
BugLink: https:/
/bugs.launchpad .net/bugs/ 2003596 [ Upstream commit 82e0572b23029b3
80464fa9fdc125d b9c1506d0a ] During tx rings configuration default XPS queue config is set and
__I40E_TX_XPS_ INIT_DONE is locked. __I40E_ TX_XPS_ INIT_DONE state is
cleared and set again with default mapping only during queues build,
it means after first setup or reset with queues rebuild. (i.e.
ethtool -L <interface> combined <number>) After other resets (i.e.
ethtool -t <interface>) XPS_INIT_DONE is not cleared and those default
maps cannot be set again. It results in cleared xps_cpus mapping
until queues are not rebuild or mapping is not set by user.Add clearing __I40E_
TX_XPS_ INIT_DONE state during reset to let
the driver set xps_cpus to defaults again after it was cleared.Fixes: 6f853d4f8e93 ("i40e: allow XPS with QoS enabled")
Signed-off-by: Michal Jaron <email address hidden>
Signed-off-by: Kamil Maziarz <email address hidden>
Tested-by: Gurucharan <email address hidden> (A Contingent worker at Intel)
Signed-off-by: Tony Nguyen <email address hidden>
Signed-off-by: Sasha Levin <email address hidden>
Signed-off-by: Kamal Mostafa <email address hidden>
Signed-off-by: Roxana Nicolescu <email address hidden> - e6eb77f... by error27
-
net: mvneta: Prevent out of bounds read in mvneta_config_rss()
BugLink: https:/
/bugs.launchpad .net/bugs/ 2003596 [ Upstream commit e8b4fc13900b8e8
be48debffd0dfd3 91772501f7 ] The pp->indir[0] value comes from the user. It is passed to:
if (cpu_online(
pp->rxq_ def)) inside the mvneta_
percpu_ elect() function. It needs bounds checkeding
to ensure that it is not beyond the end of the cpu bitmap.Fixes: cad5d847a093 ("net: mvneta: Fix the CPU choice in mvneta_
percpu_ elect")
Signed-off-by: Dan Carpenter <email address hidden>
Signed-off-by: David S. Miller <email address hidden>
Signed-off-by: Sasha Levin <email address hidden>
Signed-off-by: Kamal Mostafa <email address hidden>
Signed-off-by: Roxana Nicolescu <email address hidden> - be10bb6... by error27
-
net: mvneta: Fix an out of bounds check
BugLink: https:/
/bugs.launchpad .net/bugs/ 2003596 [ Upstream commit cdd97383e19d4af
e29adc3376025a1 5ae3bab3a3 ] In an earlier commit, I added a bounds check to prevent an out of bounds
read and a WARN(). On further discussion and consideration that check
was probably too aggressive. Instead of returning -EINVAL, a better fix
would be to just prevent the out of bounds read but continue the process.Background: The value of "pp->rxq_def" is a number between 0-7 by default,
or even higher depending on the value of "rxq_number", which is a module
parameter. If the value is more than the number of available CPUs then
it will trigger the WARN() in cpu_max_bits_warn( ). Fixes: e8b4fc13900b ("net: mvneta: Prevent out of bounds read in mvneta_
config_ rss()")
Signed-off-by: Dan Carpenter <email address hidden>
Reviewed-by: Leon Romanovsky <email address hidden>
Link: https://lore.kernel. org/r/Y5A7d1E5c cwHTYPf@ kadam
Signed-off-by: Jakub Kicinski <email address hidden>
Signed-off-by: Sasha Levin <email address hidden>
Signed-off-by: Kamal Mostafa <email address hidden>
Signed-off-by: Roxana Nicolescu <email address hidden> - 8ba4dde... by Eric Dumazet <email address hidden>
-
ipv6: avoid use-after-free in ip6_fragment()
BugLink: https:/
/bugs.launchpad .net/bugs/ 2003596 [ Upstream commit 803e84867de59a1
e5d126666d25eb4 860cfd2ebe ] Blamed commit claimed rcu_read_lock() was held by ip6_fragment() callers.
It seems to not be always true, at least for UDP stack.
syzbot reported:
BUG: KASAN: use-after-free in ip6_dst_idev include/
net/ip6_ fib.h:245 [inline]
BUG: KASAN: use-after-free in ip6_fragment+0x2724/ 0x2770 net/ipv6/ ip6_output. c:951
Read of size 8 at addr ffff88801d403e80 by task syz-executor.3/7618CPU: 1 PID: 7618 Comm: syz-executor.3 Not tainted 6.1.0-rc6-
syzkaller- 00012-g4312098b af37 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xd1/ 0x138 lib/dump_ stack.c: 106
print_address_ description mm/kasan/ report. c:284 [inline]
print_report+ 0x15e/0x45d mm/kasan/ report. c:395
kasan_report+ 0xbf/0x1f0 mm/kasan/ report. c:495
ip6_dst_idev include/net/ip6_ fib.h:245 [inline]
ip6_fragment+0x2724/ 0x2770 net/ipv6/ ip6_output. c:951
__ip6_finish_ output net/ipv6/ ip6_output. c:193 [inline]
ip6_finish_output+ 0x9a3/0x1170 net/ipv6/ ip6_output. c:206
NF_HOOK_COND include/linux/netfilter .h:291 [inline]
ip6_output+0x1f1/0x540 net/ipv6/ ip6_output. c:227
dst_output include/net/dst. h:445 [inline]
ip6_local_out+0xb3/ 0x1a0 net/ipv6/ output_ core.c: 161
ip6_send_skb+0xbb/ 0x340 net/ipv6/ ip6_output. c:1966
udp_v6_send_skb+ 0x82a/0x18a0 net/ipv6/udp.c:1286
udp_v6_push_pending_ frames+ 0x140/0x200 net/ipv6/udp.c:1313
udpv6_sendmsg+ 0x18da/ 0x2c80 net/ipv6/udp.c:1606
inet6_sendmsg+ 0x9d/0xe0 net/ipv6/ af_inet6. c:665
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg+0xd3/0x120 net/socket.c:734
sock_write_iter+0x295/ 0x3d0 net/socket.c:1108
call_write_iter include/linux/fs. h:2191 [inline]
new_sync_write fs/read_write.c:491 [inline]
vfs_write+0x9ed/0xdd0 fs/read_write.c:584
ksys_write+0x1ec/0x250 fs/read_write.c:637
do_syscall_x64 arch/x86/entry/common. c:50 [inline]
do_syscall_64+0x39/ 0xb0 arch/x86/ entry/common. c:80
entry_SYSCALL_ 64_after_ hwframe+ 0x63/0xcd
RIP: 0033:0x7fde3588c0d9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fde365b6168 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007fde359ac050 RCX: 00007fde3588c0d9
RDX: 000000000000ffdc RSI: 00000000200000c0 RDI: 000000000000000a
RBP: 00007fde358e7ae9 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fde35acfb1f R14: 00007fde365b6300 R15: 0000000000022000
</TASK>Allocated by task 7618:
kasan_save_stack+ 0x22/0x40 mm/kasan/ common. c:45
kasan_set_track+ 0x25/0x30 mm/kasan/ common. c:52
__kasan_slab_alloc+ 0x82/0x90 mm/kasan/ common. c:325
kasan_slab_alloc include/linux/kasan. h:201 [inline]
slab_post_alloc_hook mm/slab.h:737 [inline]
slab_alloc_node mm/slub.c:3398 [inline]
slab_alloc mm/slub.c:3406 [inline]
__kmem_cache_alloc_ lru mm/slub.c:3413 [inline]
kmem_cache_alloc+0x2b4/ 0x3d0 mm/slub.c:3422
dst_alloc+0x14a/0x1f0 net/core/dst.c:92
ip6_dst_alloc+0x32/ 0xa0 net/ipv6/ route.c: 344
ip6_rt_pcpu_alloc net/ipv6/route.c: 1369 [inline]
rt6_make_pcpu_route net/ipv6/ route.c: 1417 [inline]
ip6_pol_route+0x901/ 0x1190 net/ipv6/ route.c: 2254
pol_lookup_func include/net/ip6_ fib.h:582 [inline]
fib6_rule_lookup+ 0x52e/0x6f0 net/ipv6/ fib6_rules. c:121
ip6_route_output_ flags_noref+ 0x2e6/0x380 net/ipv6/ route.c: 2625
ip6_route_output_ flags+0x76/ 0x320 net/ipv6/ route.c: 2638
ip6_route_output include/net/ip6_ route.h: 98 [inline]
ip6_dst_lookup_ tail+0x5ab/ 0x1620 net/ipv6/ ip6_output. c:1092
ip6_dst_lookup_ flow+0x90/ 0x1d0 net/ipv6/ ip6_output. c:1222
ip6_sk_dst_lookup_ flow+0x553/ 0x980 net/ipv6/ ip6_output. c:1260
udpv6_sendmsg+ 0x151d/ 0x2c80 net/ipv6/udp.c:1554
inet6_sendmsg+ 0x9d/0xe0 net/ipv6/ af_inet6. c:665
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg+0xd3/0x120 net/socket.c:734
__sys_sendto+ 0x23a/0x340 net/socket.c:2117
__do_sys_sendto net/socket.c:2129 [inline]
__se_sys_sendto net/socket.c:2125 [inline]
__x64_sys_sendto+ 0xe1/0x1b0 net/socket.c:2125
do_syscall_x64 arch/x86/entry/common. c:50 [inline]
do_syscall_64+0x39/ 0xb0 arch/x86/ entry/common. c:80
entry_SYSCALL_ 64_after_ hwframe+ 0x63/0xcd Freed by task 7599:
kasan_save_stack+ 0x22/0x40 mm/kasan/ common. c:45
kasan_set_track+ 0x25/0x30 mm/kasan/ common. c:52
kasan_save_free_ info+0x2e/ 0x40 mm/kasan/ generic. c:511
____kasan_slab_free mm/kasan/ common. c:236 [inline]
____kasan_slab_free+ 0x160/0x1c0 mm/kasan/ common. c:200
kasan_slab_free include/linux/kasan. h:177 [inline]
slab_free_hook mm/slub.c:1724 [inline]
slab_free_freelist_ hook+0x8b/ 0x1c0 mm/slub.c:1750
slab_free mm/slub.c:3661 [inline]
kmem_cache_free+0xee/ 0x5c0 mm/slub.c:3683
dst_destroy+0x2ea/0x400 net/core/dst.c:127
rcu_do_batch kernel/rcu/tree. c:2250 [inline]
rcu_core+0x81f/0x1980 kernel/ rcu/tree. c:2510
__do_softirq+0x1fb/0xadc kernel/ softirq. c:571 Last potentially related work creation:
kasan_save_stack+ 0x22/0x40 mm/kasan/ common. c:45
__kasan_record_ aux_stack+ 0xbc/0xd0 mm/kasan/ generic. c:481
call_rcu+0x9d/0x820 kernel/ rcu/tree. c:2798
dst_release net/core/dst.c:177 [inline]
dst_release+0x7d/0xe0 net/core/dst.c:167
refdst_drop include/net/dst. h:256 [inline]
skb_dst_drop include/net/dst. h:268 [inline]
skb_release_head_state+ 0x250/0x2a0 net/core/ skbuff. c:838
skb_release_all net/core/skbuff. c:852 [inline]
__kfree_skb net/core/skbuff. c:868 [inline]
kfree_skb_reason+ 0x151/0x4b0 net/core/ skbuff. c:891
kfree_skb_list_ reason+ 0x4b/0x70 net/core/ skbuff. c:901
kfree_skb_list include/linux/skbuff. h:1227 [inline]
ip6_fragment+0x2026/ 0x2770 net/ipv6/ ip6_output. c:949
__ip6_finish_ output net/ipv6/ ip6_output. c:193 [inline]
ip6_finish_output+ 0x9a3/0x1170 net/ipv6/ ip6_output. c:206
NF_HOOK_COND include/linux/netfilter .h:291 [inline]
ip6_output+0x1f1/0x540 net/ipv6/ ip6_output. c:227
dst_output include/net/dst. h:445 [inline]
ip6_local_out+0xb3/ 0x1a0 net/ipv6/ output_ core.c: 161
ip6_send_skb+0xbb/ 0x340 net/ipv6/ ip6_output. c:1966
udp_v6_send_skb+ 0x82a/0x18a0 net/ipv6/udp.c:1286
udp_v6_push_pending_ frames+ 0x140/0x200 net/ipv6/udp.c:1313
udpv6_sendmsg+ 0x18da/ 0x2c80 net/ipv6/udp.c:1606
inet6_sendmsg+ 0x9d/0xe0 net/ipv6/ af_inet6. c:665
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg+0xd3/0x120 net/socket.c:734
sock_write_iter+0x295/ 0x3d0 net/socket.c:1108
call_write_iter include/linux/fs. h:2191 [inline]
new_sync_write fs/read_write.c:491 [inline]
vfs_write+0x9ed/0xdd0 fs/read_write.c:584
ksys_write+0x1ec/0x250 fs/read_write.c:637
do_syscall_x64 arch/x86/entry/common. c:50 [inline]
do_syscall_64+0x39/ 0xb0 arch/x86/ entry/common. c:80
entry_SYSCALL_ 64_after_ hwframe+ 0x63/0xcd Second to last potentially related work creation:
kasan_save_stack+ 0x22/0x40 mm/kasan/ common. c:45
__kasan_record_ aux_stack+ 0xbc/0xd0 mm/kasan/ generic. c:481
call_rcu+0x9d/0x820 kernel/ rcu/tree. c:2798
dst_release net/core/dst.c:177 [inline]
dst_release+0x7d/0xe0 net/core/dst.c:167
refdst_drop include/net/dst. h:256 [inline]
skb_dst_drop include/net/dst. h:268 [inline]
__dev_queue_xmit+ 0x1b9d/ 0x3ba0 net/core/dev.c:4211
dev_queue_xmit include/linux/netdevice .h:3008 [inline]
neigh_resolve_ output net/core/ neighbour. c:1552 [inline]
neigh_resolve_ output+ 0x51b/0x840 net/core/ neighbour. c:1532
neigh_output include/net/neighbour. h:546 [inline]
ip6_finish_output2+ 0x56c/0x1530 net/ipv6/ ip6_output. c:134
__ip6_finish_ output net/ipv6/ ip6_output. c:195 [inline]
ip6_finish_output+ 0x694/0x1170 net/ipv6/ ip6_output. c:206
NF_HOOK_COND include/linux/netfilter .h:291 [inline]
ip6_output+0x1f1/0x540 net/ipv6/ ip6_output. c:227
dst_output include/net/dst. h:445 [inline]
NF_HOOK include/linux/netfilter .h:302 [inline]
NF_HOOK include/linux/netfilter .h:296 [inline]
mld_sendpack+0xa09/0xe70 net/ipv6/ mcast.c: 1820
mld_send_cr net/ipv6/mcast.c: 2121 [inline]
mld_ifc_work+0x720/ 0xdc0 net/ipv6/ mcast.c: 2653
process_one_work+ 0x9bf/0x1710 kernel/ workqueue. c:2289
worker_thread+ 0x669/0x1090 kernel/ workqueue. c:2436
kthread+0x2e8/0x3a0 kernel/ kthread. c:376
ret_from_fork+0x1f/ 0x30 arch/x86/ entry/entry_ 64.S:306 The buggy address belongs to the object at ffff88801d403dc0
which belongs to the cache ip6_dst_cache of size 240
The buggy address is located 192 bytes inside of
240-byte region [ffff88801d403dc0, ffff88801d403eb0)The buggy address belongs to the physical page:
page:ffffea00007500c0 refcount:1 mapcount:0 mapping: 000000000000000 0 index:0x0 pfn:0x1d403
memcg:ffff888022f49c81
flags: 0xfff00000000200(slab| node=0| zone=1| lastcpupid= 0x7ff)
raw: 00fff00000000200 ffffea0001ef6580 dead000000000002 ffff88814addf640
raw: 0000000000000000 00000000800c000c 00000001ffffffff ffff888022f49c81
page dumped because: kasan: bad access detected
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112a20(GFP_ATOMIC| __GFP_NOWARN| __GFP_NORETRY| __GFP_HARDWALL) , pid 3719, tgid 3719 (kworker/0:6), ts 136223432244, free_ts 136222971441
prep_new_page mm/page_alloc.c: 2539 [inline]
get_page_from_freelist+ 0x10b5/ 0x2d50 mm/page_ alloc.c: 4288
__alloc_pages+0x1cb/ 0x5b0 mm/page_ alloc.c: 5555
alloc_pages+0x1aa/ 0x270 mm/mempolicy.c:2285
alloc_slab_page mm/slub.c:1794 [inline]
allocate_slab+0x213/ 0x300 mm/slub.c:1939
new_slab mm/slub.c:1992 [inline]
___slab_alloc+0xa91/ 0x1400 mm/slub.c:3180
__slab_alloc.constprop .0+0x56/ 0xa0 mm/slub.c:3279
slab_alloc_node mm/slub.c:3364 [inline]
slab_alloc mm/slub.c:3406 [inline]
__kmem_cache_alloc_ lru mm/slub.c:3413 [inline]
kmem_cache_alloc+0x31a/ 0x3d0 mm/slub.c:3422
dst_alloc+0x14a/0x1f0 net/core/dst.c:92
ip6_dst_alloc+0x32/ 0xa0 net/ipv6/ route.c: 344
icmp6_dst_alloc+ 0x71/0x680 net/ipv6/ route.c: 3261
mld_sendpack+0x5de/0xe70 net/ipv6/ mcast.c: 1809
mld_send_cr net/ipv6/mcast.c: 2121 [inline]
mld_ifc_work+0x720/ 0xdc0 net/ipv6/ mcast.c: 2653
process_one_work+ 0x9bf/0x1710 kernel/ workqueue. c:2289
worker_thread+ 0x669/0x1090 kernel/ workqueue. c:2436
kthread+0x2e8/0x3a0 kernel/ kthread. c:376
ret_from_fork+0x1f/ 0x30 arch/x86/ entry/entry_ 64.S:306
page last free stack trace:
reset_page_owner include/linux/page_ owner.h: 24 [inline]
free_pages_prepare mm/page_alloc.c: 1459 [inline]
free_pcp_prepare+ 0x65c/0xd90 mm/page_ alloc.c: 1509
free_unref_page_prepare mm/page_ alloc.c: 3387 [inline]
free_unref_page+0x1d/ 0x4d0 mm/page_ alloc.c: 3483
__unfreeze_partials+ 0x17c/0x1a0 mm/slub.c:2586
qlink_free mm/kasan/quarantine. c:168 [inline]
qlist_free_all+ 0x6a/0x170 mm/kasan/ quarantine. c:187
kasan_quarantine_ reduce+ 0x184/0x210 mm/kasan/ quarantine. c:294
__kasan_slab_alloc+ 0x66/0x90 mm/kasan/ common. c:302
kasan_slab_alloc include/linux/kasan. h:201 [inline]
slab_post_alloc_hook mm/slab.h:737 [inline]
slab_alloc_node mm/slub.c:3398 [inline]
kmem_cache_alloc_node+ 0x304/0x410 mm/slub.c:3443
__alloc_skb+0x214/ 0x300 net/core/ skbuff. c:497
alloc_skb include/linux/skbuff. h:1267 [inline]
netlink_alloc_large_ skb net/netlink/ af_netlink. c:1191 [inline]
netlink_sendmsg+ 0x9a6/0xe10 net/netlink/ af_netlink. c:1896
sock_sendmsg_nosec net/socket.c:714 [inline]
sock_sendmsg+0xd3/0x120 net/socket.c:734
__sys_sendto+ 0x23a/0x340 net/socket.c:2117
__do_sys_sendto net/socket.c:2129 [inline]
__se_sys_sendto net/socket.c:2125 [inline]
__x64_sys_sendto+ 0xe1/0x1b0 net/socket.c:2125
do_syscall_x64 arch/x86/entry/common. c:50 [inline]
do_syscall_64+0x39/ 0xb0 arch/x86/ entry/common. c:80
entry_SYSCALL_ 64_after_ hwframe+ 0x63/0xcd Fixes: 1758fd4688eb ("ipv6: remove unnecessary dst_hold() in ip6_fragment()")
Reported-by: <email address hidden>
Signed-off-by: Eric Dumazet <email address hidden>
Cc: Wei Wang <email address hidden>
Cc: Martin KaFai Lau <email address hidden>
Link: https://<email address hidden>
Signed-off-by: Jakub Kicinski <email address hidden>
Signed-off-by: Sasha Levin <email address hidden>
Signed-off-by: Kamal Mostafa <email address hidden>
Signed-off-by: Roxana Nicolescu <email address hidden> - d01ae28... by Yang Yingliang <email address hidden>
-
net: plip: don't call kfree_skb/
dev_kfree_ skb() under spin_lock_irq() BugLink: https:/
/bugs.launchpad .net/bugs/ 2003596 [ Upstream commit 7d8c19bfc8ff3f7
8e5337107ca9246 327fcb6b45 ] It is not allowed to call kfree_skb() or consume_skb() from
hardware interrupt context or with interrupts being disabled.
So replace kfree_skb/dev_kfree_ skb() with dev_kfree_skb_irq()
and dev_consume_skb_irq( ) under spin_lock_irq(). Fixes: 1da177e4c3f4 ("Linux-
2.6.12- rc2")
Signed-off-by: Yang Yingliang <email address hidden>
Reviewed-by: Jiri Pirko <email address hidden>
Link: https://<email address hidden>
Signed-off-by: Jakub Kicinski <email address hidden>
Signed-off-by: Sasha Levin <email address hidden>
Signed-off-by: Kamal Mostafa <email address hidden>
Signed-off-by: Roxana Nicolescu <email address hidden>