Revision 910ba598c818243cf3de2f97e03c49948bbb0511 authored by Santosh Shilimkar on 21 February 2012, 09:24:22 UTC, committed by Russell King on 21 February 2012, 09:26:46 UTC
Current ARM local timer code registers CPUFREQ notifiers even in case the twd_timer_setup() isn't called. That seems to be wrong and would eventually lead to kernel crash on the CPU frequency transitions on the SOCs where the local timer doesn't exist or broken because of hardware BUG. Fix it by testing twd_evt and *__this_cpu_ptr(twd_evt). The issue was observed with v3.3-rc3 and building an OMAP2+ kernel on OMAP3 SOC which doesn't have TWD. Below is the dump for reference : Unable to handle kernel paging request at virtual address 007e900 pgd = cdc20000 [007e9000] *pgd=00000000 Internal error: Oops: 5 [#1] SMP Modules linked in: CPU: 0 Not tainted (3.3.0-rc3-pm+debug+initramfs #9) PC is at twd_update_frequency+0x34/0x48 LR is at twd_update_frequency+0x10/0x48 pc : [<c001382c>] lr : [<c0013808>] psr: 60000093 sp : ce311dd8 ip : 00000000 fp : 00000000 r10: 00000000 r9 : 00000001 r8 : ce310000 r7 : c0440458 r6 : c00137f8 r5 : 00000000 r4 : c0947a74 r3 : 00000000 r2 : 007e9000 r1 : 00000000 r0 : 00000000 Flags: nZCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment usr Control: 10c5387d Table: 8dc20019 DAC: 00000015 Process sh (pid: 599, stack limit = 0xce3102f8) Stack: (0xce311dd8 to 0xce312000) 1dc0: 6000c 1de0: 00000001 00000002 00000000 00000000 00000000 00000000 00000 1e00: ffffffff c093d8f0 00000000 ce311ebc 00000001 00000001 ce310 1e20: c001386c c0437c4c c0e95b60 c0e95ba8 00000001 c0e95bf8 ffff4 1e40: 00000000 00000000 c005ef74 ce310000 c0435cf0 ce311ebc 00000 1e60: ce352b40 0007a120 c08d5108 c08ba040 c08ba040 c005f030 00000 1e80: c08bc554 c032fe2c 0007a120 c08d4b64 ce352b40 c08d8618 ffff8 1ea0: c08ba040 c033364c ce311ecc c0433b50 00000002 ffffffea c0330 1ec0: 0007a120 0007a120 22222201 00000000 22222222 00000000 ce357 1ee0: ce3d6000 cdc2aed8 ce352ba0 c0470164 00000002 c032f47c 00034 1f00: c0331cac ce352b40 00000007 c032f6d0 ce352bbc 0003d090 c0930 1f20: c093d8bc c03306a4 00000007 ce311f80 00000007 cdc2aec0 ce358 1f40: ce8d20c0 00000007 b6fe5000 ce311f80 00000007 ce310000 0000c 1f60: c000de74 ce987400 ce8d20c0 b6fe5000 00000000 00000000 0000c 1f80: 00000000 00000000 001fbac8 00000000 00000007 001fbac8 00004 1fa0: c000df04 c000dd60 00000007 001fbac8 00000001 b6fe5000 00000 1fc0: 00000007 001fbac8 00000007 00000004 b6fe5000 00000000 00202 1fe0: 00000000 beb565f8 00101ffc 00008e8c 60000010 00000001 00000 [<c001382c>] (twd_update_frequency+0x34/0x48) from [<c008ac4c>] ) [<c008ac4c>] (smp_call_function_single+0x17c/0x1c8) from [<c0013) [<c0013890>] (twd_cpufreq_transition+0x24/0x30) from [<c0437c4c>) [<c0437c4c>] (notifier_call_chain+0x44/0x84) from [<c005efe4>] () [<c005efe4>] (__srcu_notifier_call_chain+0x70/0xa4) from [<c005f) [<c005f030>] (srcu_notifier_call_chain+0x18/0x20) from [<c032fe2) [<c032fe2c>] (cpufreq_notify_transition+0xc8/0x1b0) from [<c0333) [<c033364c>] (omap_target+0x1b4/0x28c) from [<c032f47c>] (__cpuf) [<c032f47c>] (__cpufreq_driver_target+0x50/0x64) from [<c0331d24) [<c0331d24>] (cpufreq_set+0x78/0x98) from [<c032f6d0>] (store_sc) [<c032f6d0>] (store_scaling_setspeed+0x5c/0x74) from [<c03306a4>) [<c03306a4>] (store+0x58/0x74) from [<c014d868>] (sysfs_write_fi) [<c014d868>] (sysfs_write_file+0x80/0xb4) from [<c00f2c2c>] (vfs) [<c00f2c2c>] (vfs_write+0xa8/0x138) from [<c00f2e9c>] (sys_write) [<c00f2e9c>] (sys_write+0x40/0x6c) from [<c000dd60>] (ret_fast_s) Code: e594300c e792210c e1a01000 e5840004 (e7930002) ---[ end trace 5da3b5167c1ecdda ]--- Reported-by: Kevin Hilman <khilman@ti.com> Acked-by: Marc Zyngier <marc.zyngier@arm.com> Tested-by: Kevin Hilman <khilman@ti.com> Signed-off-by: Santosh Shilimkar <santosh.shilimkar@ti.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
1 parent fee6a3c
lsm_audit.c
/*
* common LSM auditing functions
*
* Based on code written for SELinux by :
* Stephen Smalley, <sds@epoch.ncsc.mil>
* James Morris <jmorris@redhat.com>
* Author : Etienne Basset, <etienne.basset@ensta.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2,
* as published by the Free Software Foundation.
*/
#include <linux/types.h>
#include <linux/stddef.h>
#include <linux/kernel.h>
#include <linux/gfp.h>
#include <linux/fs.h>
#include <linux/init.h>
#include <net/sock.h>
#include <linux/un.h>
#include <net/af_unix.h>
#include <linux/audit.h>
#include <linux/ipv6.h>
#include <linux/ip.h>
#include <net/ip.h>
#include <net/ipv6.h>
#include <linux/tcp.h>
#include <linux/udp.h>
#include <linux/dccp.h>
#include <linux/sctp.h>
#include <linux/lsm_audit.h>
/**
* ipv4_skb_to_auditdata : fill auditdata from skb
* @skb : the skb
* @ad : the audit data to fill
* @proto : the layer 4 protocol
*
* return 0 on success
*/
int ipv4_skb_to_auditdata(struct sk_buff *skb,
struct common_audit_data *ad, u8 *proto)
{
int ret = 0;
struct iphdr *ih;
ih = ip_hdr(skb);
if (ih == NULL)
return -EINVAL;
ad->u.net.v4info.saddr = ih->saddr;
ad->u.net.v4info.daddr = ih->daddr;
if (proto)
*proto = ih->protocol;
/* non initial fragment */
if (ntohs(ih->frag_off) & IP_OFFSET)
return 0;
switch (ih->protocol) {
case IPPROTO_TCP: {
struct tcphdr *th = tcp_hdr(skb);
if (th == NULL)
break;
ad->u.net.sport = th->source;
ad->u.net.dport = th->dest;
break;
}
case IPPROTO_UDP: {
struct udphdr *uh = udp_hdr(skb);
if (uh == NULL)
break;
ad->u.net.sport = uh->source;
ad->u.net.dport = uh->dest;
break;
}
case IPPROTO_DCCP: {
struct dccp_hdr *dh = dccp_hdr(skb);
if (dh == NULL)
break;
ad->u.net.sport = dh->dccph_sport;
ad->u.net.dport = dh->dccph_dport;
break;
}
case IPPROTO_SCTP: {
struct sctphdr *sh = sctp_hdr(skb);
if (sh == NULL)
break;
ad->u.net.sport = sh->source;
ad->u.net.dport = sh->dest;
break;
}
default:
ret = -EINVAL;
}
return ret;
}
#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
/**
* ipv6_skb_to_auditdata : fill auditdata from skb
* @skb : the skb
* @ad : the audit data to fill
* @proto : the layer 4 protocol
*
* return 0 on success
*/
int ipv6_skb_to_auditdata(struct sk_buff *skb,
struct common_audit_data *ad, u8 *proto)
{
int offset, ret = 0;
struct ipv6hdr *ip6;
u8 nexthdr;
__be16 frag_off;
ip6 = ipv6_hdr(skb);
if (ip6 == NULL)
return -EINVAL;
ad->u.net.v6info.saddr = ip6->saddr;
ad->u.net.v6info.daddr = ip6->daddr;
ret = 0;
/* IPv6 can have several extension header before the Transport header
* skip them */
offset = skb_network_offset(skb);
offset += sizeof(*ip6);
nexthdr = ip6->nexthdr;
offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
if (offset < 0)
return 0;
if (proto)
*proto = nexthdr;
switch (nexthdr) {
case IPPROTO_TCP: {
struct tcphdr _tcph, *th;
th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
if (th == NULL)
break;
ad->u.net.sport = th->source;
ad->u.net.dport = th->dest;
break;
}
case IPPROTO_UDP: {
struct udphdr _udph, *uh;
uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
if (uh == NULL)
break;
ad->u.net.sport = uh->source;
ad->u.net.dport = uh->dest;
break;
}
case IPPROTO_DCCP: {
struct dccp_hdr _dccph, *dh;
dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
if (dh == NULL)
break;
ad->u.net.sport = dh->dccph_sport;
ad->u.net.dport = dh->dccph_dport;
break;
}
case IPPROTO_SCTP: {
struct sctphdr _sctph, *sh;
sh = skb_header_pointer(skb, offset, sizeof(_sctph), &_sctph);
if (sh == NULL)
break;
ad->u.net.sport = sh->source;
ad->u.net.dport = sh->dest;
break;
}
default:
ret = -EINVAL;
}
return ret;
}
#endif
static inline void print_ipv6_addr(struct audit_buffer *ab,
struct in6_addr *addr, __be16 port,
char *name1, char *name2)
{
if (!ipv6_addr_any(addr))
audit_log_format(ab, " %s=%pI6c", name1, addr);
if (port)
audit_log_format(ab, " %s=%d", name2, ntohs(port));
}
static inline void print_ipv4_addr(struct audit_buffer *ab, __be32 addr,
__be16 port, char *name1, char *name2)
{
if (addr)
audit_log_format(ab, " %s=%pI4", name1, &addr);
if (port)
audit_log_format(ab, " %s=%d", name2, ntohs(port));
}
/**
* dump_common_audit_data - helper to dump common audit data
* @a : common audit data
*
*/
static void dump_common_audit_data(struct audit_buffer *ab,
struct common_audit_data *a)
{
struct task_struct *tsk = current;
if (a->tsk)
tsk = a->tsk;
if (tsk && tsk->pid) {
audit_log_format(ab, " pid=%d comm=", tsk->pid);
audit_log_untrustedstring(ab, tsk->comm);
}
switch (a->type) {
case LSM_AUDIT_DATA_NONE:
return;
case LSM_AUDIT_DATA_IPC:
audit_log_format(ab, " key=%d ", a->u.ipc_id);
break;
case LSM_AUDIT_DATA_CAP:
audit_log_format(ab, " capability=%d ", a->u.cap);
break;
case LSM_AUDIT_DATA_PATH: {
struct inode *inode;
audit_log_d_path(ab, " path=", &a->u.path);
inode = a->u.path.dentry->d_inode;
if (inode) {
audit_log_format(ab, " dev=");
audit_log_untrustedstring(ab, inode->i_sb->s_id);
audit_log_format(ab, " ino=%lu", inode->i_ino);
}
break;
}
case LSM_AUDIT_DATA_DENTRY: {
struct inode *inode;
audit_log_format(ab, " name=");
audit_log_untrustedstring(ab, a->u.dentry->d_name.name);
inode = a->u.dentry->d_inode;
if (inode) {
audit_log_format(ab, " dev=");
audit_log_untrustedstring(ab, inode->i_sb->s_id);
audit_log_format(ab, " ino=%lu", inode->i_ino);
}
break;
}
case LSM_AUDIT_DATA_INODE: {
struct dentry *dentry;
struct inode *inode;
inode = a->u.inode;
dentry = d_find_alias(inode);
if (dentry) {
audit_log_format(ab, " name=");
audit_log_untrustedstring(ab,
dentry->d_name.name);
dput(dentry);
}
audit_log_format(ab, " dev=");
audit_log_untrustedstring(ab, inode->i_sb->s_id);
audit_log_format(ab, " ino=%lu", inode->i_ino);
break;
}
case LSM_AUDIT_DATA_TASK:
tsk = a->u.tsk;
if (tsk && tsk->pid) {
audit_log_format(ab, " pid=%d comm=", tsk->pid);
audit_log_untrustedstring(ab, tsk->comm);
}
break;
case LSM_AUDIT_DATA_NET:
if (a->u.net.sk) {
struct sock *sk = a->u.net.sk;
struct unix_sock *u;
int len = 0;
char *p = NULL;
switch (sk->sk_family) {
case AF_INET: {
struct inet_sock *inet = inet_sk(sk);
print_ipv4_addr(ab, inet->inet_rcv_saddr,
inet->inet_sport,
"laddr", "lport");
print_ipv4_addr(ab, inet->inet_daddr,
inet->inet_dport,
"faddr", "fport");
break;
}
case AF_INET6: {
struct inet_sock *inet = inet_sk(sk);
struct ipv6_pinfo *inet6 = inet6_sk(sk);
print_ipv6_addr(ab, &inet6->rcv_saddr,
inet->inet_sport,
"laddr", "lport");
print_ipv6_addr(ab, &inet6->daddr,
inet->inet_dport,
"faddr", "fport");
break;
}
case AF_UNIX:
u = unix_sk(sk);
if (u->dentry) {
struct path path = {
.dentry = u->dentry,
.mnt = u->mnt
};
audit_log_d_path(ab, " path=", &path);
break;
}
if (!u->addr)
break;
len = u->addr->len-sizeof(short);
p = &u->addr->name->sun_path[0];
audit_log_format(ab, " path=");
if (*p)
audit_log_untrustedstring(ab, p);
else
audit_log_n_hex(ab, p, len);
break;
}
}
switch (a->u.net.family) {
case AF_INET:
print_ipv4_addr(ab, a->u.net.v4info.saddr,
a->u.net.sport,
"saddr", "src");
print_ipv4_addr(ab, a->u.net.v4info.daddr,
a->u.net.dport,
"daddr", "dest");
break;
case AF_INET6:
print_ipv6_addr(ab, &a->u.net.v6info.saddr,
a->u.net.sport,
"saddr", "src");
print_ipv6_addr(ab, &a->u.net.v6info.daddr,
a->u.net.dport,
"daddr", "dest");
break;
}
if (a->u.net.netif > 0) {
struct net_device *dev;
/* NOTE: we always use init's namespace */
dev = dev_get_by_index(&init_net, a->u.net.netif);
if (dev) {
audit_log_format(ab, " netif=%s", dev->name);
dev_put(dev);
}
}
break;
#ifdef CONFIG_KEYS
case LSM_AUDIT_DATA_KEY:
audit_log_format(ab, " key_serial=%u", a->u.key_struct.key);
if (a->u.key_struct.key_desc) {
audit_log_format(ab, " key_desc=");
audit_log_untrustedstring(ab, a->u.key_struct.key_desc);
}
break;
#endif
case LSM_AUDIT_DATA_KMOD:
audit_log_format(ab, " kmod=");
audit_log_untrustedstring(ab, a->u.kmod_name);
break;
} /* switch (a->type) */
}
/**
* common_lsm_audit - generic LSM auditing function
* @a: auxiliary audit data
*
* setup the audit buffer for common security information
* uses callback to print LSM specific information
*/
void common_lsm_audit(struct common_audit_data *a)
{
struct audit_buffer *ab;
if (a == NULL)
return;
/* we use GFP_ATOMIC so we won't sleep */
ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_AVC);
if (ab == NULL)
return;
if (a->lsm_pre_audit)
a->lsm_pre_audit(ab, a);
dump_common_audit_data(ab, a);
if (a->lsm_post_audit)
a->lsm_post_audit(ab, a);
audit_log_end(ab);
}
Computing file changes ...
