1. 19 Jul, 2023 2 commits
  2. 18 Jul, 2023 7 commits
  3. 17 Jul, 2023 8 commits
  4. 15 Jul, 2023 10 commits
  5. 14 Jul, 2023 11 commits
    • Michal Swiatkowski's avatar
      ice: prevent NULL pointer deref during reload · b3e7b3a6
      Michal Swiatkowski authored
      Calling ethtool during reload can lead to call trace, because VSI isn't
      configured for some time, but netdev is alive.
      
      To fix it add rtnl lock for VSI deconfig and config. Set ::num_q_vectors
      to 0 after freeing and add a check for ::tx/rx_rings in ring related
      ethtool ops.
      
      Add proper unroll of filters in ice_start_eth().
      
      Reproduction:
      $watch -n 0.1 -d 'ethtool -g enp24s0f0np0'
      $devlink dev reload pci/0000:18:00.0 action driver_reinit
      
      Call trace before fix:
      [66303.926205] BUG: kernel NULL pointer dereference, address: 0000000000000000
      [66303.926259] #PF: supervisor read access in kernel mode
      [66303.926286] #PF: error_code(0x0000) - not-present page
      [66303.926311] PGD 0 P4D 0
      [66303.926332] Oops: 0000 [#1] PREEMPT SMP PTI
      [66303.926358] CPU: 4 PID: 933821 Comm: ethtool Kdump: loaded Tainted: G           OE      6.4.0-rc5+ #1
      [66303.926400] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.00.01.0014.070920180847 07/09/2018
      [66303.926446] RIP: 0010:ice_get_ringparam+0x22/0x50 [ice]
      [66303.926649] Code: 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 48 8b 87 c0 09 00 00 c7 46 04 e0 1f 00 00 c7 46 10 e0 1f 00 00 48 8b 50 20 <48> 8b 12 0f b7 52 3a 89 56 14 48 8b 40 28 48 8b 00 0f b7 40 58 48
      [66303.926722] RSP: 0018:ffffad40472f39c8 EFLAGS: 00010246
      [66303.926749] RAX: ffff98a8ada05828 RBX: ffff98a8c46dd060 RCX: ffffad40472f3b48
      [66303.926781] RDX: 0000000000000000 RSI: ffff98a8c46dd068 RDI: ffff98a8b23c4000
      [66303.926811] RBP: ffffad40472f3b48 R08: 00000000000337b0 R09: 0000000000000000
      [66303.926843] R10: 0000000000000001 R11: 0000000000000100 R12: ffff98a8b23c4000
      [66303.926874] R13: ffff98a8c46dd060 R14: 000000000000000f R15: ffffad40472f3a50
      [66303.926906] FS:  00007f6397966740(0000) GS:ffff98b390900000(0000) knlGS:0000000000000000
      [66303.926941] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [66303.926967] CR2: 0000000000000000 CR3: 000000011ac20002 CR4: 00000000007706e0
      [66303.926999] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      [66303.927029] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      [66303.927060] PKRU: 55555554
      [66303.927075] Call Trace:
      [66303.927094]  <TASK>
      [66303.927111]  ? __die+0x23/0x70
      [66303.927140]  ? page_fault_oops+0x171/0x4e0
      [66303.927176]  ? exc_page_fault+0x7f/0x180
      [66303.927209]  ? asm_exc_page_fault+0x26/0x30
      [66303.927244]  ? ice_get_ringparam+0x22/0x50 [ice]
      [66303.927433]  rings_prepare_data+0x62/0x80
      [66303.927469]  ethnl_default_doit+0xe2/0x350
      [66303.927501]  genl_family_rcv_msg_doit.isra.0+0xe3/0x140
      [66303.927538]  genl_rcv_msg+0x1b1/0x2c0
      [66303.927561]  ? __pfx_ethnl_default_doit+0x10/0x10
      [66303.927590]  ? __pfx_genl_rcv_msg+0x10/0x10
      [66303.927615]  netlink_rcv_skb+0x58/0x110
      [66303.927644]  genl_rcv+0x28/0x40
      [66303.927665]  netlink_unicast+0x19e/0x290
      [66303.927691]  netlink_sendmsg+0x254/0x4d0
      [66303.927717]  sock_sendmsg+0x93/0xa0
      [66303.927743]  __sys_sendto+0x126/0x170
      [66303.927780]  __x64_sys_sendto+0x24/0x30
      [66303.928593]  do_syscall_64+0x5d/0x90
      [66303.929370]  ? __count_memcg_events+0x60/0xa0
      [66303.930146]  ? count_memcg_events.constprop.0+0x1a/0x30
      [66303.930920]  ? handle_mm_fault+0x9e/0x350
      [66303.931688]  ? do_user_addr_fault+0x258/0x740
      [66303.932452]  ? exc_page_fault+0x7f/0x180
      [66303.933193]  entry_SYSCALL_64_after_hwframe+0x72/0xdc
      
      Fixes: 5b246e53 ("ice: split probe into smaller functions")
      Reviewed-by: default avatarPrzemek Kitszel <przemyslaw.kitszel@intel.com>
      Signed-off-by: default avatarMichal Swiatkowski <michal.swiatkowski@linux.intel.com>
      Reviewed-by: default avatarSimon Horman <simon.horman@corigine.com>
      Tested-by: Pucha Himasekhar Reddy <himasekharx.reddy.pucha@intel.com> (A Contingent worker at Intel)
      Signed-off-by: default avatarTony Nguyen <anthony.l.nguyen@intel.com>
      b3e7b3a6
    • Petr Oros's avatar
      ice: Unregister netdev and devlink_port only once · 24a3298a
      Petr Oros authored
      Since commit 6624e780 ("ice: split ice_vsi_setup into smaller
      functions") ice_vsi_release does things twice. There is unregister
      netdev which is unregistered in ice_deinit_eth also.
      
      It also unregisters the devlink_port twice which is also unregistered
      in ice_deinit_eth(). This double deregistration is hidden because
      devl_port_unregister ignores the return value of xa_erase.
      
      [   68.642167] Call Trace:
      [   68.650385]  ice_devlink_destroy_pf_port+0xe/0x20 [ice]
      [   68.655656]  ice_vsi_release+0x445/0x690 [ice]
      [   68.660147]  ice_deinit+0x99/0x280 [ice]
      [   68.664117]  ice_remove+0x1b6/0x5c0 [ice]
      
      [  171.103841] Call Trace:
      [  171.109607]  ice_devlink_destroy_pf_port+0xf/0x20 [ice]
      [  171.114841]  ice_remove+0x158/0x270 [ice]
      [  171.118854]  pci_device_remove+0x3b/0xc0
      [  171.122779]  device_release_driver_internal+0xc7/0x170
      [  171.127912]  driver_detach+0x54/0x8c
      [  171.131491]  bus_remove_driver+0x77/0xd1
      [  171.135406]  pci_unregister_driver+0x2d/0xb0
      [  171.139670]  ice_module_exit+0xc/0x55f [ice]
      
      Fixes: 6624e780 ("ice: split ice_vsi_setup into smaller functions")
      Signed-off-by: default avatarPetr Oros <poros@redhat.com>
      Reviewed-by: default avatarMaciej Fijalkowski <maciej.fijalkowski@intel.com>
      Tested-by: Pucha Himasekhar Reddy <himasekharx.reddy.pucha@intel.com> (A Contingent worker at Intel)
      Signed-off-by: default avatarTony Nguyen <anthony.l.nguyen@intel.com>
      24a3298a
    • Yan Zhai's avatar
      gso: fix dodgy bit handling for GSO_UDP_L4 · 98400367
      Yan Zhai authored
      Commit 1fd54773 ("udp: allow header check for dodgy GSO_UDP_L4
      packets.") checks DODGY bit for UDP, but for packets that can be fed
      directly to the device after gso_segs reset, it actually falls through
      to fragmentation:
      
      https://lore.kernel.org/all/CAJPywTKDdjtwkLVUW6LRA2FU912qcDmQOQGt2WaDo28KzYDg+A@mail.gmail.com/
      
      This change restores the expected behavior of GSO_UDP_L4 packets.
      
      Fixes: 1fd54773 ("udp: allow header check for dodgy GSO_UDP_L4 packets.")
      Suggested-by: default avatarWillem de Bruijn <willemdebruijn.kernel@gmail.com>
      Signed-off-by: default avatarYan Zhai <yan@cloudflare.com>
      Reviewed-by: default avatarWillem de Bruijn <willemb@google.com>
      Acked-by: default avatarJason Wang <jasowang@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      98400367
    • Wang Ming's avatar
      net: ethernet: Remove repeating expression · a822551c
      Wang Ming authored
      Identify issues that arise by using the tests/doublebitand.cocci
      semantic patch. Need to remove duplicate expression in if statement.
      Signed-off-by: default avatarWang Ming <machel@vivo.com>
      Reviewed-by: default avatarJiawen Wu <jiawenwu@trustnetic.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a822551c
    • Wang Ming's avatar
      bna: Remove error checking for debugfs_create_dir() · 4ad23d23
      Wang Ming authored
      It is expected that most callers should _ignore_ the errors return by
      debugfs_create_dir() in bnad_debugfs_init().
      Signed-off-by: default avatarWang Ming <machel@vivo.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4ad23d23
    • Daniel Golle's avatar
      net: ethernet: mtk_eth_soc: handle probe deferral · 1d6d537d
      Daniel Golle authored
      Move the call to of_get_ethdev_address to mtk_add_mac which is part of
      the probe function and can hence itself return -EPROBE_DEFER should
      of_get_ethdev_address return -EPROBE_DEFER. This allows us to entirely
      get rid of the mtk_init function.
      
      The problem of of_get_ethdev_address returning -EPROBE_DEFER surfaced
      in situations in which the NVMEM provider holding the MAC address has
      not yet be loaded at the time mtk_eth_soc is initially probed. In this
      case probing of mtk_eth_soc should be deferred instead of falling back
      to use a random MAC address, so once the NVMEM provider becomes
      available probing can be repeated.
      
      Fixes: 656e7052 ("net-next: mediatek: add support for MT7623 ethernet")
      Signed-off-by: default avatarDaniel Golle <daniel@makrotopia.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1d6d537d
    • Kuniyuki Iwashima's avatar
      bridge: Add extack warning when enabling STP in netns. · 56a16035
      Kuniyuki Iwashima authored
      When we create an L2 loop on a bridge in netns, we will see packets storm
      even if STP is enabled.
      
        # unshare -n
        # ip link add br0 type bridge
        # ip link add veth0 type veth peer name veth1
        # ip link set veth0 master br0 up
        # ip link set veth1 master br0 up
        # ip link set br0 type bridge stp_state 1
        # ip link set br0 up
        # sleep 30
        # ip -s link show br0
        2: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
            link/ether b6:61:98:1c:1c:b5 brd ff:ff:ff:ff:ff:ff
            RX: bytes  packets  errors  dropped missed  mcast
            956553768  12861249 0       0       0       12861249  <-. Keep
            TX: bytes  packets  errors  dropped carrier collsns     |  increasing
            1027834    11951    0       0       0       0         <-'   rapidly
      
      This is because llc_rcv() drops all packets in non-root netns and BPDU
      is dropped.
      
      Let's add extack warning when enabling STP in netns.
      
        # unshare -n
        # ip link add br0 type bridge
        # ip link set br0 type bridge stp_state 1
        Warning: bridge: STP does not work in non-root netns.
      
      Note this commit will be reverted later when we namespacify the whole LLC
      infra.
      
      Fixes: e730c155 ("[NET]: Make packet reception network namespace safe")
      Suggested-by: default avatarHarry Coin <hcoin@quietfountain.com>
      Link: https://lore.kernel.org/netdev/0f531295-e289-022d-5add-5ceffa0df9bc@quietfountain.com/Suggested-by: default avatarIdo Schimmel <idosch@idosch.org>
      Signed-off-by: default avatarKuniyuki Iwashima <kuniyu@amazon.com>
      Acked-by: default avatarNikolay Aleksandrov <razor@blackwall.org>
      Reviewed-by: default avatarIdo Schimmel <idosch@nvidia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      56a16035
    • Tanmay Patil's avatar
      net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field() · b685f1a5
      Tanmay Patil authored
      CPSW ALE has 75 bit ALE entries which are stored within three 32 bit words.
      The cpsw_ale_get_field() and cpsw_ale_set_field() functions assume that the
      field will be strictly contained within one word. However, this is not
      guaranteed to be the case and it is possible for ALE field entries to span
      across up to two words at the most.
      
      Fix the methods to handle getting/setting fields spanning up to two words.
      
      Fixes: db82173f ("netdev: driver: ethernet: add cpsw address lookup engine support")
      Signed-off-by: default avatarTanmay Patil <t-patil@ti.com>
      [s-vadapalli@ti.com: rephrased commit message and added Fixes tag]
      Signed-off-by: default avatarSiddharth Vadapalli <s-vadapalli@ti.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b685f1a5
    • Mark Brown's avatar
      net: dsa: ar9331: Use explict flags for regmap single read/write · 9845217d
      Mark Brown authored
      The at9331 is only able to read or write a single register at once.  The
      driver has a custom regmap bus and chooses to tell the regmap core about
      this by reporting the maximum transfer sizes rather than the explicit
      flags that exist at the regmap level.  Since there are a number of
      problems with the raw transfer limits and the regmap level flags are
      better integrated anyway convert the driver to use the flags.
      
      No functional change.
      Signed-off-by: default avatarMark Brown <broonie@kernel.org>
      Reviewed-by: default avatarSimon Horman <simon.horman@corigine.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9845217d
    • Alan Stern's avatar
      net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb · 5e1627cb
      Alan Stern authored
      The syzbot fuzzer identified a problem in the usbnet driver:
      
      usb 1-1: BOGUS urb xfer, pipe 3 != type 1
      WARNING: CPU: 0 PID: 754 at drivers/usb/core/urb.c:504 usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504
      Modules linked in:
      CPU: 0 PID: 754 Comm: kworker/0:2 Not tainted 6.4.0-rc7-syzkaller-00014-g692b7dc8 #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/27/2023
      Workqueue: mld mld_ifc_work
      RIP: 0010:usb_submit_urb+0xed6/0x1880 drivers/usb/core/urb.c:504
      Code: 7c 24 18 e8 2c b4 5b fb 48 8b 7c 24 18 e8 42 07 f0 fe 41 89 d8 44 89 e1 4c 89 ea 48 89 c6 48 c7 c7 a0 c9 fc 8a e8 5a 6f 23 fb <0f> 0b e9 58 f8 ff ff e8 fe b3 5b fb 48 81 c5 c0 05 00 00 e9 84 f7
      RSP: 0018:ffffc9000463f568 EFLAGS: 00010086
      RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000
      RDX: ffff88801eb28000 RSI: ffffffff814c03b7 RDI: 0000000000000001
      RBP: ffff8881443b7190 R08: 0000000000000001 R09: 0000000000000000
      R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000003
      R13: ffff88802a77cb18 R14: 0000000000000003 R15: ffff888018262500
      FS:  0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 0000556a99c15a18 CR3: 0000000028c71000 CR4: 0000000000350ef0
      Call Trace:
       <TASK>
       usbnet_start_xmit+0xfe5/0x2190 drivers/net/usb/usbnet.c:1453
       __netdev_start_xmit include/linux/netdevice.h:4918 [inline]
       netdev_start_xmit include/linux/netdevice.h:4932 [inline]
       xmit_one net/core/dev.c:3578 [inline]
       dev_hard_start_xmit+0x187/0x700 net/core/dev.c:3594
      ...
      
      This bug is caused by the fact that usbnet trusts the bulk endpoint
      addresses its probe routine receives in the driver_info structure, and
      it does not check to see that these endpoints actually exist and have
      the expected type and directions.
      
      The fix is simply to add such a check.
      
      Reported-and-tested-by: syzbot+63ee658b9a100ffadbe2@syzkaller.appspotmail.com
      Closes: https://lore.kernel.org/linux-usb/000000000000a56e9105d0cec021@google.com/Signed-off-by: default avatarAlan Stern <stern@rowland.harvard.edu>
      CC: Oliver Neukum <oneukum@suse.com>
      Link: https://lore.kernel.org/r/ea152b6d-44df-4f8a-95c6-4db51143dcc1@rowland.harvard.eduSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      5e1627cb
    • Linus Walleij's avatar
      dsa: mv88e6xxx: Do a final check before timing out · 95ce158b
      Linus Walleij authored
      I get sporadic timeouts from the driver when using the
      MV88E6352. Reading the status again after the loop fixes the
      problem: the operation is successful but goes undetected.
      
      Some added prints show things like this:
      
      [   58.356209] mv88e6085 mdio_mux-0.1:00: Timeout while waiting
          for switch, addr 1b reg 0b, mask 8000, val 0000, data c000
      [   58.367487] mv88e6085 mdio_mux-0.1:00: Timeout waiting for
          ATU op 4000, fid 0001
      (...)
      [   61.826293] mv88e6085 mdio_mux-0.1:00: Timeout while waiting
          for switch, addr 1c reg 18, mask 8000, val 0000, data 9860
      [   61.837560] mv88e6085 mdio_mux-0.1:00: Timeout waiting
          for PHY command 1860 to complete
      
      The reason is probably not the commands: I think those are
      mostly fine with the 50+50ms timeout, but the problem
      appears when OpenWrt brings up several interfaces in
      parallel on a system with 7 populated ports: if one of
      them take more than 50 ms and waits one or more of the
      others can get stuck on the mutex for the switch and then
      this can easily multiply.
      
      As we sleep and wait, the function loop needs a final
      check after exiting the loop if we were successful.
      Suggested-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Cc: Tobias Waldekranz <tobias@waldekranz.com>
      Fixes: 35da1dfd ("net: dsa: mv88e6xxx: Improve performance of busy bit polling")
      Signed-off-by: default avatarLinus Walleij <linus.walleij@linaro.org>
      Reviewed-by: default avatarAndrew Lunn <andrew@lunn.ch>
      Link: https://lore.kernel.org/r/20230712223405.861899-1-linus.walleij@linaro.orgSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      95ce158b
  6. 13 Jul, 2023 2 commits
    • Linus Torvalds's avatar
      Merge tag 'net-6.5-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · b1983d42
      Linus Torvalds authored
      Pull networking fixes from Paolo Abeni:
       "Including fixes from netfilter, wireless and ebpf.
      
        Current release - regressions:
      
         - netfilter: conntrack: gre: don't set assured flag for clash entries
      
         - wifi: iwlwifi: remove 'use_tfh' config to fix crash
      
        Previous releases - regressions:
      
         - ipv6: fix a potential refcount underflow for idev
      
         - icmp6: ifix null-ptr-deref of ip6_null_entry->rt6i_idev in
           icmp6_dev()
      
         - bpf: fix max stack depth check for async callbacks
      
         - eth: mlx5e:
            - check for NOT_READY flag state after locking
            - fix page_pool page fragment tracking for XDP
      
         - eth: igc:
            - fix tx hang issue when QBV gate is closed
            - fix corner cases for TSN offload
      
         - eth: octeontx2-af: Move validation of ptp pointer before its usage
      
         - eth: ena: fix shift-out-of-bounds in exponential backoff
      
        Previous releases - always broken:
      
         - core: prevent skb corruption on frag list segmentation
      
         - sched:
            - cls_fw: fix improper refcount update leads to use-after-free
            - sch_qfq: account for stab overhead in qfq_enqueue
      
         - netfilter:
            - report use refcount overflow
            - prevent OOB access in nft_byteorder_eval
      
         - wifi: mt7921e: fix init command fail with enabled device
      
         - eth: ocelot: fix oversize frame dropping for preemptible TCs
      
         - eth: fec: recycle pages for transmitted XDP frames"
      
      * tag 'net-6.5-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (79 commits)
        selftests: tc-testing: add test for qfq with stab overhead
        net/sched: sch_qfq: account for stab overhead in qfq_enqueue
        selftests: tc-testing: add tests for qfq mtu sanity check
        net/sched: sch_qfq: reintroduce lmax bound check for MTU
        wifi: cfg80211: fix receiving mesh packets without RFC1042 header
        wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set()
        net: txgbe: fix eeprom calculation error
        net/sched: make psched_mtu() RTNL-less safe
        net: ena: fix shift-out-of-bounds in exponential backoff
        netdevsim: fix uninitialized data in nsim_dev_trap_fa_cookie_write()
        net/sched: flower: Ensure both minimum and maximum ports are specified
        MAINTAINERS: Add another mailing list for QUALCOMM ETHQOS ETHERNET DRIVER
        docs: netdev: update the URL of the status page
        wifi: iwlwifi: remove 'use_tfh' config to fix crash
        xdp: use trusted arguments in XDP hints kfuncs
        bpf: cpumap: Fix memory leak in cpu_map_update_elem
        wifi: airo: avoid uninitialized warning in airo_get_rate()
        octeontx2-pf: Add additional check for MCAM rules
        net: dsa: Removed unneeded of_node_put in felix_parse_ports_node
        net: fec: use netdev_err_once() instead of netdev_err()
        ...
      b1983d42
    • Linus Torvalds's avatar
      Merge tag 'trace-v6.5-rc1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace · ebc27aac
      Linus Torvalds authored
      Pull tracing fixes from Steven Rostedt:
      
       - Fix some missing-prototype warnings
      
       - Fix user events struct args (did not include size of struct)
      
         When creating a user event, the "struct" keyword is to denote that
         the size of the field will be passed in. But the parsing failed to
         handle this case.
      
       - Add selftest to struct sizes for user events
      
       - Fix sample code for direct trampolines.
      
         The sample code for direct trampolines attached to handle_mm_fault().
         But the prototype changed and the direct trampoline sample code was
         not updated. Direct trampolines needs to have the arguments correct
         otherwise it can fail or crash the system.
      
       - Remove unused ftrace_regs_caller_ret() prototype.
      
       - Quiet false positive of FORTIFY_SOURCE
      
         Due to backward compatibility, the structure used to save stack
         traces in the kernel had a fixed size of 8. This structure is
         exported to user space via the tracing format file. A change was made
         to allow more than 8 functions to be recorded, and user space now
         uses the size field to know how many functions are actually in the
         stack.
      
         But the structure still has size of 8 (even though it points into the
         ring buffer that has the required amount allocated to hold a full
         stack.
      
         This was fine until the fortifier noticed that the
         memcpy(&entry->caller, stack, size) was greater than the 8 functions
         and would complain at runtime about it.
      
         Hide this by using a pointer to the stack location on the ring buffer
         instead of using the address of the entry structure caller field.
      
       - Fix a deadloop in reading trace_pipe that was caused by a mismatch
         between ring_buffer_empty() returning false which then asked to read
         the data, but the read code uses rb_num_of_entries() that returned
         zero, and causing a infinite "retry".
      
       - Fix a warning caused by not using all pages allocated to store ftrace
         functions, where this can happen if the linker inserts a bunch of
         "NULL" entries, causing the accounting of how many pages needed to be
         off.
      
       - Fix histogram synthetic event crashing when the start event is
         removed and the end event is still using a variable from it
      
       - Fix memory leak in freeing iter->temp in tracing_release_pipe()
      
      * tag 'trace-v6.5-rc1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace:
        tracing: Fix memory leak of iter->temp when reading trace_pipe
        tracing/histograms: Add histograms to hist_vars if they have referenced variables
        tracing: Stop FORTIFY_SOURCE complaining about stack trace caller
        ftrace: Fix possible warning on checking all pages used in ftrace_process_locs()
        ring-buffer: Fix deadloop issue on reading trace_pipe
        tracing: arm64: Avoid missing-prototype warnings
        selftests/user_events: Test struct size match cases
        tracing/user_events: Fix struct arg size match check
        x86/ftrace: Remove unsued extern declaration ftrace_regs_caller_ret()
        arm64: ftrace: Add direct call trampoline samples support
        samples: ftrace: Save required argument registers in sample trampolines
      ebc27aac