This repository has been archived by the owner on Aug 29, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 147
Configure kernel build with IP_NF_TARGET_TTL #17
Closed
Moris-Shalon
wants to merge
6
commits into
UtsavBalar1231:android12-stable
from
Moris-Shalon:android12-stable
Closed
Configure kernel build with IP_NF_TARGET_TTL #17
Moris-Shalon
wants to merge
6
commits into
UtsavBalar1231:android12-stable
from
Moris-Shalon:android12-stable
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add "TTL target support" module to kernel config. This module is required to bypass cellular operator's restrictions on Wi-Fi tethering. It makes possible to change TTL of all incoming and outgoing packets, so tracking Wi-Fi tethering becomes harder for cellular operator. Avoiding restrictions on LTE -> Wi-Fi/Bluetooth/USB tethering becomes easy with this module, using simple script through Magisk: \#!/system/bin/sh iptables -t mangle -A POSTROUTING -o rmnet_data+ -j TTL --ttl-set 64 iptables -t mangle -I PREROUTING -i rmnet_data+ -m ttl --ttl 1 -j TTL --ttl-inc 4 ip6tables -t mangle -A POSTROUTING ! -o rmnet_data+ -j HL --hl-set 64 ip6tables -t mangle -I PREROUTING ! -i rmnet_data+ -m hl --hl 1 -j HL --hl-inc 4 \# Check that everything is working \#iptables -t mangle -L -n | grep -i TTL
Please ,add "TTL target support" module to kernel config. This module is required to bypass cellular operator's restrictions on Wi-Fi tethering. It makes possible to change TTL of all incoming and outgoing packets, so tracking Wi-Fi tethering becomes harder for cellular operator. Avoiding restrictions on LTE -> Wi-Fi/Bluetooth/USB tethering becomes easy with this module, using simple script through Magisk: \#!/system/bin/sh iptables -t mangle -A POSTROUTING -o rmnet_data+ -j TTL --ttl-set 64 iptables -t mangle -I PREROUTING -i rmnet_data+ -m ttl --ttl 1 -j TTL --ttl-inc 4 ip6tables -t mangle -A POSTROUTING ! -o rmnet_data+ -j HL --hl-set 64 ip6tables -t mangle -I PREROUTING ! -i rmnet_data+ -m hl --hl 1 -j HL --hl-inc 4 \# Check that everything is working \#iptables -t mangle -L -n | grep -i TTL
Configure kernel build with IP_NF_TARGET_TTL
Configure kernel build with IP_NF_TARGET_TTL
Noted and will approve the support Instead you can add the config entry inside arch/arm64/configs/vendor/xiaomi/kona-custom.config |
Add "TTL target support" module to kernel config. This module is required to bypass cellular operator's restrictions on Wi-Fi tethering. It makes possible to change TTL of all incoming and outgoing packets, so tracking Wi-Fi tethering becomes harder for cellular operator. Avoiding restrictions on LTE -> Wi-Fi/Bluetooth/USB tethering becomes easy with this module, using simple script through Magisk: \#!/system/bin/sh iptables -t mangle -A POSTROUTING -o rmnet_data+ -j TTL --ttl-set 64 iptables -t mangle -I PREROUTING -i rmnet_data+ -m ttl --ttl 1 -j TTL --ttl-inc 4 ip6tables -t mangle -A POSTROUTING ! -o rmnet_data+ -j HL --hl-set 64 ip6tables -t mangle -I PREROUTING ! -i rmnet_data+ -m hl --hl 1 -j HL --hl-inc 4 \# Check that everything is working \#iptables -t mangle -L -n | grep -i TTL
Add "TTL target support" module to kernel config. This module is required to bypass cellular operator's restrictions on Wi-Fi tethering. It makes possible to change TTL of all incoming and outgoing packets, so tracking Wi-Fi tethering becomes harder for cellular operator. Avoiding restrictions on LTE -> Wi-Fi/Bluetooth/USB tethering becomes easy with this module, using simple script through Magisk: \#!/system/bin/sh iptables -t mangle -A POSTROUTING -o rmnet_data+ -j TTL --ttl-set 64 iptables -t mangle -I PREROUTING -i rmnet_data+ -m ttl --ttl 1 -j TTL --ttl-inc 4 ip6tables -t mangle -A POSTROUTING ! -o rmnet_data+ -j HL --hl-set 64 ip6tables -t mangle -I PREROUTING ! -i rmnet_data+ -m hl --hl 1 -j HL --hl-inc 4 \# Check that everything is working \#iptables -t mangle -L -n | grep -i TTL"
UtsavBalar1231
pushed a commit
that referenced
this pull request
Jul 7, 2022
In a low-memory situation, cc->fast_search_fail can keep increasing as it is unable to find an available page to isolate in fast_isolate_freepages(). As the result, it could trigger an error below, so just compare with the maximum bits can be shifted first. UBSAN: Undefined behaviour in mm/compaction.c:1160:30 shift exponent 64 is too large for 64-bit type 'unsigned long' CPU: 131 PID: 1308 Comm: kcompactd1 Kdump: loaded Tainted: G W L 5.0.0+ #17 Call trace: dump_backtrace+0x0/0x450 show_stack+0x20/0x2c dump_stack+0xc8/0x14c __ubsan_handle_shift_out_of_bounds+0x7e8/0x8c4 compaction_alloc+0x2344/0x2484 unmap_and_move+0xdc/0x1dbc migrate_pages+0x274/0x1310 compact_zone+0x26ec/0x43bc kcompactd+0x15b8/0x1a24 kthread+0x374/0x390 ret_from_fork+0x10/0x18 [akpm@linux-foundation.org: code cleanup] Link: http://lkml.kernel.org/r/20190320203338.53367-1-cai@lca.pw Fixes: 70b44595eafe ("mm, compaction: use free lists to quickly locate a migration source") Signed-off-by: Qian Cai <cai@lca.pw> Acked-by: Vlastimil Babka <vbabka@suse.cz> Acked-by: Mel Gorman <mgorman@techsingularity.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: UtsavBalar1231 <utsavbalar1231@gmail.com> Change-Id: I9efcb7cfcca586f3225365415560945ce8a37ffd
UtsavBalar1231
pushed a commit
that referenced
this pull request
Jul 7, 2022
In a low-memory situation, cc->fast_search_fail can keep increasing as it is unable to find an available page to isolate in fast_isolate_freepages(). As the result, it could trigger an error below, so just compare with the maximum bits can be shifted first. UBSAN: Undefined behaviour in mm/compaction.c:1160:30 shift exponent 64 is too large for 64-bit type 'unsigned long' CPU: 131 PID: 1308 Comm: kcompactd1 Kdump: loaded Tainted: G W L 5.0.0+ #17 Call trace: dump_backtrace+0x0/0x450 show_stack+0x20/0x2c dump_stack+0xc8/0x14c __ubsan_handle_shift_out_of_bounds+0x7e8/0x8c4 compaction_alloc+0x2344/0x2484 unmap_and_move+0xdc/0x1dbc migrate_pages+0x274/0x1310 compact_zone+0x26ec/0x43bc kcompactd+0x15b8/0x1a24 kthread+0x374/0x390 ret_from_fork+0x10/0x18 [akpm@linux-foundation.org: code cleanup] Link: http://lkml.kernel.org/r/20190320203338.53367-1-cai@lca.pw Fixes: 70b44595eafe ("mm, compaction: use free lists to quickly locate a migration source") Signed-off-by: Qian Cai <cai@lca.pw> Acked-by: Vlastimil Babka <vbabka@suse.cz> Acked-by: Mel Gorman <mgorman@techsingularity.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: UtsavBalar1231 <utsavbalar1231@gmail.com> Change-Id: I9efcb7cfcca586f3225365415560945ce8a37ffd
mesziman
pushed a commit
to mesziman/kernel_xiaomi_sm8250
that referenced
this pull request
Jan 19, 2023
…g the sock [ Upstream commit 3cf7203ca620682165706f70a1b12b5194607dce ] There is a race condition in vxlan that when deleting a vxlan device during receiving packets, there is a possibility that the sock is released after getting vxlan_sock vs from sk_user_data. Then in later vxlan_ecn_decapsulate(), vxlan_get_sk_family() we will got NULL pointer dereference. e.g. #0 [ffffa25ec6978a38] machine_kexec at ffffffff8c669757 UtsavBalar1231#1 [ffffa25ec6978a90] __crash_kexec at ffffffff8c7c0a4d UtsavBalar1231#2 [ffffa25ec6978b58] crash_kexec at ffffffff8c7c1c48 UtsavBalar1231#3 [ffffa25ec6978b60] oops_end at ffffffff8c627f2b UtsavBalar1231#4 [ffffa25ec6978b80] page_fault_oops at ffffffff8c678fcb UtsavBalar1231#5 [ffffa25ec6978bd8] exc_page_fault at ffffffff8d109542 UtsavBalar1231#6 [ffffa25ec6978c00] asm_exc_page_fault at ffffffff8d200b62 [exception RIP: vxlan_ecn_decapsulate+0x3b] RIP: ffffffffc1014e7b RSP: ffffa25ec6978cb0 RFLAGS: 00010246 RAX: 0000000000000008 RBX: ffff8aa000888000 RCX: 0000000000000000 RDX: 000000000000000e RSI: ffff8a9fc7ab803e RDI: ffff8a9fd1168700 RBP: ffff8a9fc7ab803e R8: 0000000000700000 R9: 00000000000010ae R10: ffff8a9fcb748980 R11: 0000000000000000 R12: ffff8a9fd1168700 R13: ffff8aa000888000 R14: 00000000002a0000 R15: 00000000000010ae ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 UtsavBalar1231#7 [ffffa25ec6978ce8] vxlan_rcv at ffffffffc10189cd [vxlan] UtsavBalar1231#8 [ffffa25ec6978d90] udp_queue_rcv_one_skb at ffffffff8cfb6507 UtsavBalar1231#9 [ffffa25ec6978dc0] udp_unicast_rcv_skb at ffffffff8cfb6e45 UtsavBalar1231#10 [ffffa25ec6978dc8] __udp4_lib_rcv at ffffffff8cfb8807 UtsavBalar1231#11 [ffffa25ec6978e20] ip_protocol_deliver_rcu at ffffffff8cf76951 UtsavBalar1231#12 [ffffa25ec6978e48] ip_local_deliver at ffffffff8cf76bde UtsavBalar1231#13 [ffffa25ec6978ea0] __netif_receive_skb_one_core at ffffffff8cecde9b UtsavBalar1231#14 [ffffa25ec6978ec8] process_backlog at ffffffff8cece139 UtsavBalar1231#15 [ffffa25ec6978f00] __napi_poll at ffffffff8ceced1a UtsavBalar1231#16 [ffffa25ec6978f28] net_rx_action at ffffffff8cecf1f3 UtsavBalar1231#17 [ffffa25ec6978fa0] __softirqentry_text_start at ffffffff8d4000ca UtsavBalar1231#18 [ffffa25ec6978ff0] do_softirq at ffffffff8c6fbdc3 Reproducer: https://github.com/Mellanox/ovs-tests/blob/master/test-ovs-vxlan-remove-tunnel-during-traffic.sh Fix this by waiting for all sk_user_data reader to finish before releasing the sock. Reported-by: Jianlin Shi <jishi@redhat.com> Suggested-by: Jakub Sitnicki <jakub@cloudflare.com> Fixes: 6a93cc9 ("udp-tunnel: Add a few more UDP tunnel APIs") Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> Reviewed-by: Jiri Pirko <jiri@nvidia.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org>
macka69
pushed a commit
to macka69/kernel_xiaomi_sm8250-1
that referenced
this pull request
Apr 28, 2023
[ Upstream commit 67d7d8ad99beccd9fe92d585b87f1760dc9018e3 ] Hulk Robot reported a issue: ================================================================== BUG: KASAN: use-after-free in ext4_xattr_set_entry+0x18ab/0x3500 Write of size 4105 at addr ffff8881675ef5f4 by task syz-executor.0/7092 CPU: 1 PID: 7092 Comm: syz-executor.0 Not tainted 4.19.90-dirty UtsavBalar1231#17 Call Trace: [...] memcpy+0x34/0x50 mm/kasan/kasan.c:303 ext4_xattr_set_entry+0x18ab/0x3500 fs/ext4/xattr.c:1747 ext4_xattr_ibody_inline_set+0x86/0x2a0 fs/ext4/xattr.c:2205 ext4_xattr_set_handle+0x940/0x1300 fs/ext4/xattr.c:2386 ext4_xattr_set+0x1da/0x300 fs/ext4/xattr.c:2498 __vfs_setxattr+0x112/0x170 fs/xattr.c:149 __vfs_setxattr_noperm+0x11b/0x2a0 fs/xattr.c:180 __vfs_setxattr_locked+0x17b/0x250 fs/xattr.c:238 vfs_setxattr+0xed/0x270 fs/xattr.c:255 setxattr+0x235/0x330 fs/xattr.c:520 path_setxattr+0x176/0x190 fs/xattr.c:539 __do_sys_lsetxattr fs/xattr.c:561 [inline] __se_sys_lsetxattr fs/xattr.c:557 [inline] __x64_sys_lsetxattr+0xc2/0x160 fs/xattr.c:557 do_syscall_64+0xdf/0x530 arch/x86/entry/common.c:298 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x459fe9 RSP: 002b:00007fa5e54b4c08 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd RAX: ffffffffffffffda RBX: 000000000051bf60 RCX: 0000000000459fe9 RDX: 00000000200003c0 RSI: 0000000020000180 RDI: 0000000020000140 RBP: 000000000051bf60 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000001009 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc73c93fc0 R14: 000000000051bf60 R15: 00007fa5e54b4d80 [...] ================================================================== Above issue may happen as follows: ------------------------------------- ext4_xattr_set ext4_xattr_set_handle ext4_xattr_ibody_find >> s->end < s->base >> no EXT4_STATE_XATTR >> xattr_check_inode is not executed ext4_xattr_ibody_set ext4_xattr_set_entry >> size_t min_offs = s->end - s->base >> UAF in memcpy we can easily reproduce this problem with the following commands: mkfs.ext4 -F /dev/sda mount -o debug_want_extra_isize=128 /dev/sda /mnt touch /mnt/file setfattr -n user.cat -v `seq -s z 4096|tr -d '[:digit:]'` /mnt/file In ext4_xattr_ibody_find, we have the following assignment logic: header = IHDR(inode, raw_inode) = raw_inode + EXT4_GOOD_OLD_INODE_SIZE + i_extra_isize is->s.base = IFIRST(header) = header + sizeof(struct ext4_xattr_ibody_header) is->s.end = raw_inode + s_inode_size In ext4_xattr_set_entry min_offs = s->end - s->base = s_inode_size - EXT4_GOOD_OLD_INODE_SIZE - i_extra_isize - sizeof(struct ext4_xattr_ibody_header) last = s->first free = min_offs - ((void *)last - s->base) - sizeof(__u32) = s_inode_size - EXT4_GOOD_OLD_INODE_SIZE - i_extra_isize - sizeof(struct ext4_xattr_ibody_header) - sizeof(__u32) In the calculation formula, all values except s_inode_size and i_extra_size are fixed values. When i_extra_size is the maximum value s_inode_size - EXT4_GOOD_OLD_INODE_SIZE, min_offs is -4 and free is -8. The value overflows. As a result, the preceding issue is triggered when memcpy is executed. Therefore, when finding xattr or setting xattr, check whether there is space for storing xattr in the inode to resolve this issue. Cc: stable@kernel.org Reported-by: Hulk Robot <hulkci@huawei.com> Signed-off-by: Baokun Li <libaokun1@huawei.com> Reviewed-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com> Reviewed-by: Jan Kara <jack@suse.cz> Link: https://lore.kernel.org/r/20220616021358.2504451-3-libaokun1@huawei.com Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Tudor Ambarus <tudor.ambarus@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
macka69
pushed a commit
to macka69/kernel_xiaomi_sm8250-1
that referenced
this pull request
Nov 4, 2023
[ Upstream commit 0b0747d507bffb827e40fc0f9fb5883fffc23477 ] The following processes run into a deadlock. CPU 41 was waiting for CPU 29 to handle a CSD request while holding spinlock "crashdump_lock", but CPU 29 was hung by that spinlock with IRQs disabled. PID: 17360 TASK: ffff95c1090c5c40 CPU: 41 COMMAND: "mrdiagd" !# 0 [ffffb80edbf37b58] __read_once_size at ffffffff9b871a40 include/linux/compiler.h:185:0 !# 1 [ffffb80edbf37b58] atomic_read at ffffffff9b871a40 arch/x86/include/asm/atomic.h:27:0 !# 2 [ffffb80edbf37b58] dump_stack at ffffffff9b871a40 lib/dump_stack.c:54:0 # 3 [ffffb80edbf37b78] csd_lock_wait_toolong at ffffffff9b131ad5 kernel/smp.c:364:0 # 4 [ffffb80edbf37b78] __csd_lock_wait at ffffffff9b131ad5 kernel/smp.c:384:0 # 5 [ffffb80edbf37bf8] csd_lock_wait at ffffffff9b13267a kernel/smp.c:394:0 # 6 [ffffb80edbf37bf8] smp_call_function_many at ffffffff9b13267a kernel/smp.c:843:0 # 7 [ffffb80edbf37c50] smp_call_function at ffffffff9b13279d kernel/smp.c:867:0 # 8 [ffffb80edbf37c50] on_each_cpu at ffffffff9b13279d kernel/smp.c:976:0 # 9 [ffffb80edbf37c78] flush_tlb_kernel_range at ffffffff9b085c4b arch/x86/mm/tlb.c:742:0 UtsavBalar1231#10 [ffffb80edbf37cb8] __purge_vmap_area_lazy at ffffffff9b23a1e0 mm/vmalloc.c:701:0 UtsavBalar1231#11 [ffffb80edbf37ce0] try_purge_vmap_area_lazy at ffffffff9b23a2cc mm/vmalloc.c:722:0 UtsavBalar1231#12 [ffffb80edbf37ce0] free_vmap_area_noflush at ffffffff9b23a2cc mm/vmalloc.c:754:0 UtsavBalar1231#13 [ffffb80edbf37cf8] free_unmap_vmap_area at ffffffff9b23bb3b mm/vmalloc.c:764:0 UtsavBalar1231#14 [ffffb80edbf37cf8] remove_vm_area at ffffffff9b23bb3b mm/vmalloc.c:1509:0 UtsavBalar1231#15 [ffffb80edbf37d18] __vunmap at ffffffff9b23bb8a mm/vmalloc.c:1537:0 UtsavBalar1231#16 [ffffb80edbf37d40] vfree at ffffffff9b23bc85 mm/vmalloc.c:1612:0 UtsavBalar1231#17 [ffffb80edbf37d58] megasas_free_host_crash_buffer [megaraid_sas] at ffffffffc020b7f2 drivers/scsi/megaraid/megaraid_sas_fusion.c:3932:0 UtsavBalar1231#18 [ffffb80edbf37d80] fw_crash_state_store [megaraid_sas] at ffffffffc01f804d drivers/scsi/megaraid/megaraid_sas_base.c:3291:0 UtsavBalar1231#19 [ffffb80edbf37dc0] dev_attr_store at ffffffff9b56dd7b drivers/base/core.c:758:0 UtsavBalar1231#20 [ffffb80edbf37dd0] sysfs_kf_write at ffffffff9b326acf fs/sysfs/file.c:144:0 UtsavBalar1231#21 [ffffb80edbf37de0] kernfs_fop_write at ffffffff9b325fd4 fs/kernfs/file.c:316:0 UtsavBalar1231#22 [ffffb80edbf37e20] __vfs_write at ffffffff9b29418a fs/read_write.c:480:0 UtsavBalar1231#23 [ffffb80edbf37ea8] vfs_write at ffffffff9b294462 fs/read_write.c:544:0 UtsavBalar1231#24 [ffffb80edbf37ee8] SYSC_write at ffffffff9b2946ec fs/read_write.c:590:0 UtsavBalar1231#25 [ffffb80edbf37ee8] SyS_write at ffffffff9b2946ec fs/read_write.c:582:0 UtsavBalar1231#26 [ffffb80edbf37f30] do_syscall_64 at ffffffff9b003ca9 arch/x86/entry/common.c:298:0 UtsavBalar1231#27 [ffffb80edbf37f58] entry_SYSCALL_64 at ffffffff9ba001b1 arch/x86/entry/entry_64.S:238:0 PID: 17355 TASK: ffff95c1090c3d80 CPU: 29 COMMAND: "mrdiagd" !# 0 [ffffb80f2d3c7d30] __read_once_size at ffffffff9b0f2ab0 include/linux/compiler.h:185:0 !# 1 [ffffb80f2d3c7d30] native_queued_spin_lock_slowpath at ffffffff9b0f2ab0 kernel/locking/qspinlock.c:368:0 # 2 [ffffb80f2d3c7d58] pv_queued_spin_lock_slowpath at ffffffff9b0f244b arch/x86/include/asm/paravirt.h:674:0 # 3 [ffffb80f2d3c7d58] queued_spin_lock_slowpath at ffffffff9b0f244b arch/x86/include/asm/qspinlock.h:53:0 # 4 [ffffb80f2d3c7d68] queued_spin_lock at ffffffff9b8961a6 include/asm-generic/qspinlock.h:90:0 # 5 [ffffb80f2d3c7d68] do_raw_spin_lock_flags at ffffffff9b8961a6 include/linux/spinlock.h:173:0 # 6 [ffffb80f2d3c7d68] __raw_spin_lock_irqsave at ffffffff9b8961a6 include/linux/spinlock_api_smp.h:122:0 # 7 [ffffb80f2d3c7d68] _raw_spin_lock_irqsave at ffffffff9b8961a6 kernel/locking/spinlock.c:160:0 # 8 [ffffb80f2d3c7d88] fw_crash_buffer_store [megaraid_sas] at ffffffffc01f8129 drivers/scsi/megaraid/megaraid_sas_base.c:3205:0 # 9 [ffffb80f2d3c7dc0] dev_attr_store at ffffffff9b56dd7b drivers/base/core.c:758:0 UtsavBalar1231#10 [ffffb80f2d3c7dd0] sysfs_kf_write at ffffffff9b326acf fs/sysfs/file.c:144:0 UtsavBalar1231#11 [ffffb80f2d3c7de0] kernfs_fop_write at ffffffff9b325fd4 fs/kernfs/file.c:316:0 UtsavBalar1231#12 [ffffb80f2d3c7e20] __vfs_write at ffffffff9b29418a fs/read_write.c:480:0 UtsavBalar1231#13 [ffffb80f2d3c7ea8] vfs_write at ffffffff9b294462 fs/read_write.c:544:0 UtsavBalar1231#14 [ffffb80f2d3c7ee8] SYSC_write at ffffffff9b2946ec fs/read_write.c:590:0 UtsavBalar1231#15 [ffffb80f2d3c7ee8] SyS_write at ffffffff9b2946ec fs/read_write.c:582:0 UtsavBalar1231#16 [ffffb80f2d3c7f30] do_syscall_64 at ffffffff9b003ca9 arch/x86/entry/common.c:298:0 UtsavBalar1231#17 [ffffb80f2d3c7f58] entry_SYSCALL_64 at ffffffff9ba001b1 arch/x86/entry/entry_64.S:238:0 The lock is used to synchronize different sysfs operations, it doesn't protect any resource that will be touched by an interrupt. Consequently it's not required to disable IRQs. Replace the spinlock with a mutex to fix the deadlock. Signed-off-by: Junxiao Bi <junxiao.bi@oracle.com> Link: https://lore.kernel.org/r/20230828221018.19471-1-junxiao.bi@oracle.com Reviewed-by: Mike Christie <michael.christie@oracle.com> Cc: stable@vger.kernel.org Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
macka69
pushed a commit
to macka69/kernel_xiaomi_sm8250-1
that referenced
this pull request
Nov 4, 2023
[ Upstream commit a154f5f643c6ecddd44847217a7a3845b4350003 ] The following call trace shows a deadlock issue due to recursive locking of mutex "device_mutex". First lock acquire is in target_for_each_device() and second in target_free_device(). PID: 148266 TASK: ffff8be21ffb5d00 CPU: 10 COMMAND: "iscsi_ttx" #0 [ffffa2bfc9ec3b18] __schedule at ffffffffa8060e7f #1 [ffffa2bfc9ec3ba0] schedule at ffffffffa8061224 UtsavBalar1231#2 [ffffa2bfc9ec3bb8] schedule_preempt_disabled at ffffffffa80615ee UtsavBalar1231#3 [ffffa2bfc9ec3bc8] __mutex_lock at ffffffffa8062fd7 UtsavBalar1231#4 [ffffa2bfc9ec3c40] __mutex_lock_slowpath at ffffffffa80631d3 UtsavBalar1231#5 [ffffa2bfc9ec3c50] mutex_lock at ffffffffa806320c UtsavBalar1231#6 [ffffa2bfc9ec3c68] target_free_device at ffffffffc0935998 [target_core_mod] UtsavBalar1231#7 [ffffa2bfc9ec3c90] target_core_dev_release at ffffffffc092f975 [target_core_mod] UtsavBalar1231#8 [ffffa2bfc9ec3ca0] config_item_put at ffffffffa79d250f UtsavBalar1231#9 [ffffa2bfc9ec3cd0] config_item_put at ffffffffa79d2583 UtsavBalar1231#10 [ffffa2bfc9ec3ce0] target_devices_idr_iter at ffffffffc0933f3a [target_core_mod] UtsavBalar1231#11 [ffffa2bfc9ec3d00] idr_for_each at ffffffffa803f6fc UtsavBalar1231#12 [ffffa2bfc9ec3d60] target_for_each_device at ffffffffc0935670 [target_core_mod] UtsavBalar1231#13 [ffffa2bfc9ec3d98] transport_deregister_session at ffffffffc0946408 [target_core_mod] UtsavBalar1231#14 [ffffa2bfc9ec3dc8] iscsit_close_session at ffffffffc09a44a6 [iscsi_target_mod] UtsavBalar1231#15 [ffffa2bfc9ec3df0] iscsit_close_connection at ffffffffc09a4a88 [iscsi_target_mod] UtsavBalar1231#16 [ffffa2bfc9ec3df8] finish_task_switch at ffffffffa76e5d07 UtsavBalar1231#17 [ffffa2bfc9ec3e78] iscsit_take_action_for_connection_exit at ffffffffc0991c23 [iscsi_target_mod] UtsavBalar1231#18 [ffffa2bfc9ec3ea0] iscsi_target_tx_thread at ffffffffc09a403b [iscsi_target_mod] UtsavBalar1231#19 [ffffa2bfc9ec3f08] kthread at ffffffffa76d8080 UtsavBalar1231#20 [ffffa2bfc9ec3f50] ret_from_fork at ffffffffa8200364 Fixes: 36d4cb4 ("scsi: target: Avoid that EXTENDED COPY commands trigger lock inversion") Signed-off-by: Junxiao Bi <junxiao.bi@oracle.com> Link: https://lore.kernel.org/r/20230918225848.66463-1-junxiao.bi@oracle.com Reviewed-by: Mike Christie <michael.christie@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
UtsavBalar1231
pushed a commit
that referenced
this pull request
Jun 6, 2024
[ Upstream commit f8bbc07ac535593139c875ffa19af924b1084540 ] vhost_worker will call tun call backs to receive packets. If too many illegal packets arrives, tun_do_read will keep dumping packet contents. When console is enabled, it will costs much more cpu time to dump packet and soft lockup will be detected. net_ratelimit mechanism can be used to limit the dumping rate. PID: 33036 TASK: ffff949da6f20000 CPU: 23 COMMAND: "vhost-32980" #0 [fffffe00003fce50] crash_nmi_callback at ffffffff89249253 #1 [fffffe00003fce58] nmi_handle at ffffffff89225fa3 #2 [fffffe00003fceb0] default_do_nmi at ffffffff8922642e #3 [fffffe00003fced0] do_nmi at ffffffff8922660d #4 [fffffe00003fcef0] end_repeat_nmi at ffffffff89c01663 [exception RIP: io_serial_in+20] RIP: ffffffff89792594 RSP: ffffa655314979e8 RFLAGS: 00000002 RAX: ffffffff89792500 RBX: ffffffff8af428a0 RCX: 0000000000000000 RDX: 00000000000003fd RSI: 0000000000000005 RDI: ffffffff8af428a0 RBP: 0000000000002710 R8: 0000000000000004 R9: 000000000000000f R10: 0000000000000000 R11: ffffffff8acbf64f R12: 0000000000000020 R13: ffffffff8acbf698 R14: 0000000000000058 R15: 0000000000000000 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 #5 [ffffa655314979e8] io_serial_in at ffffffff89792594 #6 [ffffa655314979e8] wait_for_xmitr at ffffffff89793470 #7 [ffffa65531497a08] serial8250_console_putchar at ffffffff897934f6 #8 [ffffa65531497a20] uart_console_write at ffffffff8978b605 #9 [ffffa65531497a48] serial8250_console_write at ffffffff89796558 #10 [ffffa65531497ac8] console_unlock at ffffffff89316124 #11 [ffffa65531497b10] vprintk_emit at ffffffff89317c07 #12 [ffffa65531497b68] printk at ffffffff89318306 #13 [ffffa65531497bc8] print_hex_dump at ffffffff89650765 #14 [ffffa65531497ca8] tun_do_read at ffffffffc0b06c27 [tun] #15 [ffffa65531497d38] tun_recvmsg at ffffffffc0b06e34 [tun] #16 [ffffa65531497d68] handle_rx at ffffffffc0c5d682 [vhost_net] #17 [ffffa65531497ed0] vhost_worker at ffffffffc0c644dc [vhost] #18 [ffffa65531497f10] kthread at ffffffff892d2e72 #19 [ffffa65531497f50] ret_from_fork at ffffffff89c0022f Fixes: ef3db4a ("tun: avoid BUG, dump packet on GSO errors") Signed-off-by: Lei Chen <lei.chen@smartx.com> Reviewed-by: Willem de Bruijn <willemb@google.com> Acked-by: Jason Wang <jasowang@redhat.com> Reviewed-by: Eric Dumazet <edumazet@google.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Link: https://lore.kernel.org/r/20240415020247.2207781-1-lei.chen@smartx.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
wcedla
pushed a commit
to wcedla/kernel_xiaomi_sm8250_immens1ty_mod
that referenced
this pull request
Aug 20, 2024
[ Upstream commit f8bbc07ac535593139c875ffa19af924b1084540 ] vhost_worker will call tun call backs to receive packets. If too many illegal packets arrives, tun_do_read will keep dumping packet contents. When console is enabled, it will costs much more cpu time to dump packet and soft lockup will be detected. net_ratelimit mechanism can be used to limit the dumping rate. PID: 33036 TASK: ffff949da6f20000 CPU: 23 COMMAND: "vhost-32980" #0 [fffffe00003fce50] crash_nmi_callback at ffffffff89249253 liyafe1997#1 [fffffe00003fce58] nmi_handle at ffffffff89225fa3 liyafe1997#2 [fffffe00003fceb0] default_do_nmi at ffffffff8922642e liyafe1997#3 [fffffe00003fced0] do_nmi at ffffffff8922660d liyafe1997#4 [fffffe00003fcef0] end_repeat_nmi at ffffffff89c01663 [exception RIP: io_serial_in+20] RIP: ffffffff89792594 RSP: ffffa655314979e8 RFLAGS: 00000002 RAX: ffffffff89792500 RBX: ffffffff8af428a0 RCX: 0000000000000000 RDX: 00000000000003fd RSI: 0000000000000005 RDI: ffffffff8af428a0 RBP: 0000000000002710 R8: 0000000000000004 R9: 000000000000000f R10: 0000000000000000 R11: ffffffff8acbf64f R12: 0000000000000020 R13: ffffffff8acbf698 R14: 0000000000000058 R15: 0000000000000000 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 liyafe1997#5 [ffffa655314979e8] io_serial_in at ffffffff89792594 liyafe1997#6 [ffffa655314979e8] wait_for_xmitr at ffffffff89793470 UtsavBalar1231#7 [ffffa65531497a08] serial8250_console_putchar at ffffffff897934f6 UtsavBalar1231#8 [ffffa65531497a20] uart_console_write at ffffffff8978b605 UtsavBalar1231#9 [ffffa65531497a48] serial8250_console_write at ffffffff89796558 UtsavBalar1231#10 [ffffa65531497ac8] console_unlock at ffffffff89316124 UtsavBalar1231#11 [ffffa65531497b10] vprintk_emit at ffffffff89317c07 UtsavBalar1231#12 [ffffa65531497b68] printk at ffffffff89318306 UtsavBalar1231#13 [ffffa65531497bc8] print_hex_dump at ffffffff89650765 UtsavBalar1231#14 [ffffa65531497ca8] tun_do_read at ffffffffc0b06c27 [tun] UtsavBalar1231#15 [ffffa65531497d38] tun_recvmsg at ffffffffc0b06e34 [tun] UtsavBalar1231#16 [ffffa65531497d68] handle_rx at ffffffffc0c5d682 [vhost_net] UtsavBalar1231#17 [ffffa65531497ed0] vhost_worker at ffffffffc0c644dc [vhost] UtsavBalar1231#18 [ffffa65531497f10] kthread at ffffffff892d2e72 UtsavBalar1231#19 [ffffa65531497f50] ret_from_fork at ffffffff89c0022f Fixes: ef3db4a ("tun: avoid BUG, dump packet on GSO errors") Signed-off-by: Lei Chen <lei.chen@smartx.com> Reviewed-by: Willem de Bruijn <willemb@google.com> Acked-by: Jason Wang <jasowang@redhat.com> Reviewed-by: Eric Dumazet <edumazet@google.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Link: https://lore.kernel.org/r/20240415020247.2207781-1-lei.chen@smartx.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
wcedla
pushed a commit
to wcedla/kernel_xiaomi_sm8250_immens1ty_mod
that referenced
this pull request
Aug 20, 2024
This patch is to fix a crash: liyafe1997#3 [ffffb6580689f898] oops_end at ffffffffa2835bc2 liyafe1997#4 [ffffb6580689f8b8] no_context at ffffffffa28766e7 liyafe1997#5 [ffffb6580689f920] async_page_fault at ffffffffa320135e [exception RIP: f2fs_is_compressed_page+34] RIP: ffffffffa2ba83a2 RSP: ffffb6580689f9d8 RFLAGS: 00010213 RAX: 0000000000000001 RBX: fffffc0f50b34bc0 RCX: 0000000000002122 RDX: 0000000000002123 RSI: 0000000000000c00 RDI: fffffc0f50b34bc0 RBP: ffff97e815a40178 R8: 0000000000000000 R9: ffff97e83ffc9000 R10: 0000000000032300 R11: 0000000000032380 R12: ffffb6580689fa38 R13: fffffc0f50b34bc0 R14: ffff97e825cbd000 R15: 0000000000000c00 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 liyafe1997#6 [ffffb6580689f9d8] __is_cp_guaranteed at ffffffffa2b7ea98 UtsavBalar1231#7 [ffffb6580689f9f0] f2fs_submit_page_write at ffffffffa2b81a69 UtsavBalar1231#8 [ffffb6580689fa30] f2fs_do_write_meta_page at ffffffffa2b99777 UtsavBalar1231#9 [ffffb6580689fae0] __f2fs_write_meta_page at ffffffffa2b75f1a UtsavBalar1231#10 [ffffb6580689fb18] f2fs_sync_meta_pages at ffffffffa2b77466 UtsavBalar1231#11 [ffffb6580689fc98] do_checkpoint at ffffffffa2b78e46 UtsavBalar1231#12 [ffffb6580689fd88] f2fs_write_checkpoint at ffffffffa2b79c29 UtsavBalar1231#13 [ffffb6580689fdd0] f2fs_sync_fs at ffffffffa2b69d95 UtsavBalar1231#14 [ffffb6580689fe20] sync_filesystem at ffffffffa2ad2574 UtsavBalar1231#15 [ffffb6580689fe30] generic_shutdown_super at ffffffffa2a9b582 UtsavBalar1231#16 [ffffb6580689fe48] kill_block_super at ffffffffa2a9b6d1 UtsavBalar1231#17 [ffffb6580689fe60] kill_f2fs_super at ffffffffa2b6abe1 UtsavBalar1231#18 [ffffb6580689fea0] deactivate_locked_super at ffffffffa2a9afb6 UtsavBalar1231#19 [ffffb6580689feb8] cleanup_mnt at ffffffffa2abcad4 UtsavBalar1231#20 [ffffb6580689fee0] task_work_run at ffffffffa28bca28 UtsavBalar1231#21 [ffffb6580689ff00] exit_to_usermode_loop at ffffffffa28050b7 UtsavBalar1231#22 [ffffb6580689ff38] do_syscall_64 at ffffffffa280560e UtsavBalar1231#23 [ffffb6580689ff50] entry_SYSCALL_64_after_hwframe at ffffffffa320008c This occurred when umount f2fs if enable F2FS_FS_COMPRESSION with F2FS_IO_TRACE. Fixes it by adding IS_IO_TRACED_PAGE to check validity of pid for page_private. Signed-off-by: Yu Changchun <yuchangchun1@huawei.com> Reviewed-by: Chao Yu <yuchao0@huawei.com> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Please, add "TTL target support" module to kernel config. This module is required to bypass cellular operator's restrictions on Wi-Fi tethering. It makes possible to change TTL of all incoming and outgoing packets, so tracking Wi-Fi tethering becomes harder for cellular operator.
Avoiding restrictions on LTE -> Wi-Fi/Bluetooth/USB tethering becomes easy with this module, using simple script through Magisk:
#!/system/bin/sh
iptables -t mangle -A POSTROUTING -o rmnet_data+ -j TTL --ttl-set 64
iptables -t mangle -I PREROUTING -i rmnet_data+ -m ttl --ttl 1 -j TTL --ttl-inc 4
ip6tables -t mangle -A POSTROUTING ! -o rmnet_data+ -j HL --hl-set 64
ip6tables -t mangle -I PREROUTING ! -i rmnet_data+ -m hl --hl 1 -j HL --hl-inc 4
# Check that everything is working
#iptables -t mangle -L -n | grep -i TTL