leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
fb4696c395
linux/arch/powerpc/kernel
History
Vasant Hegde fb4696c395 powerpc/rtas_flash: Fix bad memory access 
We use kmem_cache_alloc() to allocate memory to hold the new firmware
which will be flashed. kmem_cache_alloc() calls rtas_block_ctor() to
set memory to NULL. But these constructor is called only for newly
allocated slabs.

If we run below command multiple time without rebooting, allocator may
allocate memory from the area which was free'd by kmem_cache_free and
it will not call constructor. In this situation we may hit kernel oops.

dd if=<fw image> of=/proc/ppc64/rtas/firmware_flash bs=4096

oops message:
-------------
[ 1602.399755] Oops: Kernel access of bad area, sig: 11 [#1]
[ 1602.399772] SMP NR_CPUS=1024 NUMA pSeries
[ 1602.399779] Modules linked in: rtas_flash nfsd lockd auth_rpcgss nfs_acl sunrpc fuse loop dm_mod sg ipv6 ses enclosure ehea ehci_pci ohci_hcd ehci_hcd usbcore sd_mod usb_common crc_t10dif scsi_dh_alua scsi_dh_emc scsi_dh_hp_sw scsi_dh_rdac scsi_dh ipr libata scsi_mod
[ 1602.399817] NIP: d00000000a170b9c LR: d00000000a170b64 CTR: c00000000079cd58
[ 1602.399823] REGS: c0000003b9937930 TRAP: 0300   Not tainted  (3.9.0-rc4-0.27-ppc64)
[ 1602.399828] MSR: 8000000000009032 <SF,EE,ME,IR,DR,RI>  CR: 22000428  XER: 20000000
[ 1602.399841] SOFTE: 1
[ 1602.399844] CFAR: c000000000005f24
[ 1602.399848] DAR: 8c2625a820631fef, DSISR: 40000000
[ 1602.399852] TASK = c0000003b4520760[3655] 'dd' THREAD: c0000003b9934000 CPU: 3
GPR00: 8c2625a820631fe7 c0000003b9937bb0 d00000000a179f28 d00000000a171f08
GPR04: 0000000010040000 0000000000001000 c0000003b9937df0 c0000003b5fb2080
GPR08: c0000003b58f7200 d00000000a179f28 c0000003b40058d4 c00000000079cd58
GPR12: d00000000a171450 c000000007f40900 0000000000000005 0000000010178d20
GPR16: 00000000100cb9d8 000000000000001d 0000000000000000 000000001003ffff
GPR20: 0000000000000001 0000000000000000 00003fffa0b50d30 000000001001f010
GPR24: 0000000010020888 0000000010040000 d00000000a171f08 d00000000a172808
GPR28: 0000000000001000 0000000010040000 c0000003b4005880 8c2625a820631fe7
[ 1602.399924] NIP [d00000000a170b9c] .rtas_flash_write+0x7c/0x1e8 [rtas_flash]
[ 1602.399930] LR [d00000000a170b64] .rtas_flash_write+0x44/0x1e8 [rtas_flash]
[ 1602.399934] Call Trace:
[ 1602.399939] [c0000003b9937bb0] [d00000000a170b64] .rtas_flash_write+0x44/0x1e8 [rtas_flash] (unreliable)
[ 1602.399948] [c0000003b9937c60] [c000000000282830] .proc_reg_write+0x90/0xe0
[ 1602.399955] [c0000003b9937ce0] [c0000000001ff374] .vfs_write+0x114/0x238
[ 1602.399961] [c0000003b9937d80] [c0000000001ff5d8] .SyS_write+0x70/0xe8
[ 1602.399968] [c0000003b9937e30] [c000000000009cdc] syscall_exit+0x0/0xa0
[ 1602.399973] Instruction dump:
[ 1602.399977] eb698010 801b0028 2f80dcd6 419e00a4 2fbc0000 419e009c ebfb0030 2fbf0000
[ 1602.399989] 409e0010 480000d8 60000000 7c1f0378 <e81f0008> 2fa00000 409efff4 e81f0000
[ 1602.400012] ---[ end trace b4136d115dc31dac ]---
[ 1602.402178]
[ 1602.402185] Sending IPI to other CPUs
[ 1602.403329] IPI complete

This patch uses kmem_cache_zalloc() instead of kmem_cache_alloc() to
allocate memory, which makes sure memory is set to 0 before using.
Also removes rtas_block_ctor(), which is no longer required.

Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
2013-04-30 15:59:28 +10:00
..
vdso32 powerpc: Add VDSO version of time 2013-04-23 16:05:05 +10:00
vdso64 powerpc: Add VDSO version of time 2013-04-23 16:05:05 +10:00
.gitignore
align.c
asm-offsets.c Merge tag 'kvm-3.9-1' of git://git.kernel.org/pub/scm/virt/kvm/kvm 2013-02-24 13:07:18 -08:00
audit.c
btext.c
cacheinfo.c
cacheinfo.h
clock.c
compat_audit.c
cpu_setup_6xx.S
cpu_setup_44x.S
cpu_setup_a2.S powerpc: Enforce usage of RA 0-R31 where possible 2012-07-10 19:18:35 +10:00
cpu_setup_fsl_booke.S powerpc/85xx: Add AltiVec support for e6500 2013-03-12 15:59:26 -05:00
cpu_setup_pa6t.S
cpu_setup_power.S powerpc: Initialise PMU related regs on Power8 2013-04-26 16:11:06 +10:00
cpu_setup_ppc970.S
cputable.c Merge remote-tracking branch 'kumar/next' into next 2013-04-30 11:10:09 +10:00
crash_dump.c
crash.c
dbell.c powerpc: Add accounting for Doorbell interrupts 2013-04-18 15:59:55 +10:00
dma-iommu.c powerpc/dma-iommu: Fix IOMMU window check 2012-08-24 20:26:07 +10:00
dma-swiotlb.c powerpc/swiotlb: Enable at early stage and disable if not necessary 2012-09-12 14:57:09 -05:00
dma.c powerpc/kernel: Remove uses of abs_to_virt() and virt_to_abs() 2012-09-05 15:19:30 +10:00
entry_32.S powerpc: Fix MAX_STACK_TRACE_ENTRIES too low warning for ppc32 2013-01-29 10:10:22 +11:00
entry_64.S powerpc: add a missing label in resume_kernel 2013-04-15 17:29:48 +10:00
epapr_hcalls.S powerpc: Add paravirt idle loop for 64-bit Book-E 2013-03-13 14:19:36 -05:00
epapr_paravirt.c powerpc: define the conditions where the ePAPR idle hcall can be supported 2013-03-26 08:47:27 +11:00
exceptions-64e.S powerpc/85xx: Add AltiVec support for e6500 2013-03-12 15:59:26 -05:00
exceptions-64s.S powerpc: Fix "attempt to move .org backwards" error 2013-04-26 16:08:27 +10:00
fadump.c powerpc: Change memory_limit from phys_addr_t to unsigned long long 2012-09-07 11:44:30 +10:00
firmware.c
fpu.S powerpc: Add FP/VSX and VMX register load functions for transactional memory 2013-02-15 16:58:52 +11:00
fsl_booke_entry_mapping.S
ftrace.c powerpc/ftrace: Trace function graph entry before updating index 2012-07-27 11:42:34 +10:00
head_8xx.S
head_32.S
head_40x.S powerpc: Enable the Watchdog vector for 405 2013-01-10 14:43:46 +11:00
head_44x.S
head_64.S powerpc: Add isync to copy_and_flush 2013-04-26 16:08:17 +10:00
head_booke.h
head_fsl_booke.S powepc/booke: Separate out E.HV check and ivor setup code. 2012-09-12 14:57:08 -05:00
hw_breakpoint.c powerpc: Change hardware breakpoint to allow longer ranges 2013-01-29 11:35:08 +11:00
ibmebus.c powerpc: Remove all includes of <asm/abs_addr.h> 2012-09-05 15:19:33 +10:00
idle_6xx.S powerpc: Use CURRENT_THREAD_INFO instead of open coded assembly 2012-07-11 14:18:22 +10:00
idle_book3e.S powerpc: Add paravirt idle loop for 64-bit Book-E 2013-03-13 14:19:36 -05:00
idle_e500.S powerpc: Use CURRENT_THREAD_INFO instead of open coded assembly 2012-07-11 14:18:22 +10:00
idle_power4.S powerpc: Use CURRENT_THREAD_INFO instead of open coded assembly 2012-07-11 14:18:22 +10:00
idle_power7.S powerpc/powernv: Always go into nap mode when CPU is offline 2012-09-05 16:05:20 +10:00
idle.c powerpc: Remove no longer used ppc_md.idle_loop() 2012-11-15 13:00:20 +11:00
io-workarounds.c POWERPC: drivers: remove __dev* attributes. 2013-01-03 15:57:04 -08:00
io.c
iomap.c
iommu.c powerpc: Use PTR_RET instead of IS_ERR/PTR_ERR 2013-04-18 13:03:48 +10:00
irq.c powerpc: Add accounting for Doorbell interrupts 2013-04-18 15:59:55 +10:00
isa-bridge.c POWERPC: drivers: remove __dev* attributes. 2013-01-03 15:57:04 -08:00
jump_label.c
kgdb.c powerpc/kgdb: Removed kmalloc returned value cast 2013-04-18 13:03:56 +10:00
kprobes.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
kvm_emul.S
kvm.c KVM: PPC: use definitions in epapr header for hcalls 2012-10-05 23:38:36 +02:00
l2cr_6xx.S
legacy_serial.c Fix misspellings of "whether" in comments. 2012-11-19 14:31:35 +01:00
lparcfg.c powerpc/pseries/lparcfg: Fix possible overflow are more than 1026 2013-04-23 16:39:35 +10:00
machine_kexec_32.c
machine_kexec_64.c powerpc/kexec: Disable hard IRQ before kexec 2013-02-24 03:49:28 +11:00
machine_kexec.c powerpc+of: Rename the drivers/of prom_* functions to of_* 2012-11-15 12:56:52 +11:00
Makefile powerpc: Add helper functions for transactional memory context switching 2013-02-15 16:58:52 +11:00
misc_32.S powerpc: split ret_from_fork 2012-09-30 23:31:19 -04:00
misc_64.S powerpc: split ret_from_fork 2012-09-30 23:31:19 -04:00
misc.S powerpc: switch to generic sys_execve()/kernel_execve() 2012-09-30 23:35:51 -04:00
module_32.c
module_64.c powerpc: Build kernel with -mcmodel=medium 2013-01-10 17:00:31 +11:00
module.c
msi.c
nvram_64.c powerpc: remove cast for kmalloc/kzalloc return value 2013-04-18 13:03:56 +10:00
of_platform.c powerpc/eeh: Fix crash when adding a device in a slot with DDW 2013-01-10 17:01:58 +11:00
paca.c powerpc: Move boot_paca into early_setup 2013-02-15 16:54:48 +11:00
pci_32.c POWERPC: drivers: remove __dev* attributes. 2013-01-03 15:57:04 -08:00
pci_64.c POWERPC: drivers: remove __dev* attributes. 2013-01-03 15:57:04 -08:00
pci_dn.c POWERPC: drivers: remove __dev* attributes. 2013-01-03 15:57:04 -08:00
pci_of_scan.c POWERPC: drivers: remove __dev* attributes. 2013-01-03 15:57:04 -08:00
pci-common.c powerpc: Set default VGA device 2013-04-18 15:59:58 +10:00
pmc.c
ppc32.h powerpc: switch to generic old sigaction() 2013-02-03 18:16:10 -05:00
ppc_ksyms.c Merge remote-tracking branch 'master' into queue 2012-10-29 19:15:32 -02:00
ppc_save_regs.S
proc_powerpc.c new helper: file_inode(file) 2013-02-22 23:31:31 -05:00
process.c Merge remote-tracking branch 'origin/master' into next 2013-04-24 14:43:36 +10:00
prom_init_check.sh powerpc: Relocate prom_init.c on 64bit 2013-01-10 17:00:25 +11:00
prom_init.c powerpc/pseries: Enable PRRN handling 2013-04-26 16:08:26 +10:00
prom_parse.c
prom.c Merge branch 'dt' into next 2012-11-15 15:02:44 +11:00
ptrace32.c powerpc: fixing ptrace_get_reg to return an error 2013-04-18 13:03:57 +10:00
ptrace.c powerpc/ptrace: Add DAWR debug feature info for userspace 2013-04-18 15:59:55 +10:00
reloc_32.S
reloc_64.S
rtas_flash.c powerpc/rtas_flash: Fix bad memory access 2013-04-30 15:59:28 +10:00
rtas_pci.c powerpc/kernel: Cleanup on rtas_pci.c 2013-04-18 13:03:48 +10:00
rtas-proc.c
rtas-rtc.c
rtas.c powerpc+of: Remove the pSeries_reconfig.h file 2012-11-15 12:56:55 +11:00
rtasd.c powerpc/pseries: Add /proc interface to control topology updates 2013-04-26 16:08:26 +10:00
setup_32.c powerpc/watchdog: move booke watchdog param related code to setup-common.c 2012-07-11 07:44:03 -05:00
setup_64.c powerpc: Apply early paca fixups to boot_paca and the boot cpu's paca 2013-02-15 16:55:06 +11:00
setup-common.c powerpc: remove PReP platform 2013-04-18 13:03:53 +10:00
setup.h
signal_32.c powerpc: fix compiling CONFIG_PPC_TRANSACTIONAL_MEM when CONFIG_ALTIVEC=n 2013-04-10 08:14:39 +10:00
signal_64.c powerpc: fix compiling CONFIG_PPC_TRANSACTIONAL_MEM when CONFIG_ALTIVEC=n 2013-04-10 08:14:39 +10:00
signal.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal 2013-02-23 18:50:11 -08:00
signal.h powerpc: Add new transactional memory state to the signal context 2013-02-15 17:02:23 +11:00
smp-tbsync.c POWERPC: drivers: remove __dev* attributes. 2013-01-03 15:57:04 -08:00
smp.c powerpc: fix ics_rtas_init and start_secondary section mismatch 2013-02-08 14:05:48 +11:00
softemu8xx.c
stacktrace.c
suspend.c
swsusp_32.S
swsusp_64.c
swsusp_asm64.S
swsusp_booke.S
swsusp.c
sys_ppc32.c fix compat truncate/ftruncate 2013-02-25 09:24:55 -05:00
syscalls.c powerpc: Fix personality handling in ppc64_personality() 2012-08-24 20:26:07 +10:00
sysfs.c numa: convert static memory to dynamically allocated memory for per node device 2012-12-11 17:22:23 -08:00
systbl_chk.c
systbl_chk.sh
systbl.S
tau_6xx.c
time.c powerpc: Use PTR_RET instead of IS_ERR/PTR_ERR 2013-04-18 13:03:48 +10:00
tm.S powerpc: fix compiling CONFIG_PPC_TRANSACTIONAL_MEM when CONFIG_ALTIVEC=n 2013-04-10 08:14:39 +10:00
traps.c The sweeping change is to make add_taint() explicitly indicate whether to disable 2013-02-25 15:41:43 -08:00
udbg_16550.c
udbg.c powerpc/udbg: Remove unused udbg_read() 2012-11-15 12:59:33 +11:00
uprobes.c uprobes/powerpc: Do not use arch_uprobe_*_step() helpers 2012-11-03 17:15:12 +01:00
vdso.c powerpc: Add VDSO version of time 2013-04-23 16:05:05 +10:00
vecemu.c
vector.S powerpc: Add FP/VSX and VMX register load functions for transactional memory 2013-02-15 16:58:52 +11:00
vio.c POWERPC: drivers: remove __dev* attributes. 2013-01-03 15:57:04 -08:00
vmlinux.lds.S powerpc: Relocate prom_init.c on 64bit 2013-01-10 17:00:25 +11:00