1. 02 Dec, 2021 5 commits
    • Linus Torvalds's avatar
      Merge tag 'trace-v5.16-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace · 2b2c0f24
      Linus Torvalds authored
      Pull tracing fixes from Steven Rostedt:
       "Three tracing fixes:
      
         - Allow compares of strings when using signed and unsigned characters
      
         - Fix kmemleak false positive for histogram entries
      
         - Handle negative numbers for user defined kretprobe data sizes"
      
      * tag 'trace-v5.16-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
        kprobes: Limit max data_size of the kretprobe instances
        tracing: Fix a kmemleak false positive in tracing_map
        tracing/histograms: String compares should not care about signed values
      2b2c0f24
    • Linus Torvalds's avatar
      Merge tag 'for-linus-5.16-2' of git://github.com/cminyard/linux-ipmi · df365887
      Linus Torvalds authored
      Pull IPMI fixes from Corey Minyard:
       "Some changes that went in 5.16 had issues. When working on the design
        a piece was redesigned and things got missed. And the message type was
        not being initialized when it was allocated, resulting in crashes.
      
        In addition, the IPMI driver has had a shutdown issue where it could
        still have an item in a system workqueue after it had been shutdown.
        Move to a private workqueue to avoid that problem"
      
      * tag 'for-linus-5.16-2' of git://github.com/cminyard/linux-ipmi:
        ipmi:ipmb: Fix unknown command response
        ipmi: fix IPMI_SMI_MSG_TYPE_IPMB_DIRECT response length checking
        ipmi: fix oob access due to uninit smi_msg type
        ipmi: msghandler: Make symbol 'remove_work_wq' static
        ipmi: Move remove_work to dedicated workqueue
      df365887
    • Masami Hiramatsu's avatar
      kprobes: Limit max data_size of the kretprobe instances · 6bbfa441
      Masami Hiramatsu authored
      The 'kprobe::data_size' is unsigned, thus it can not be negative.  But if
      user sets it enough big number (e.g. (size_t)-8), the result of 'data_size
      + sizeof(struct kretprobe_instance)' becomes smaller than sizeof(struct
      kretprobe_instance) or zero. In result, the kretprobe_instance are
      allocated without enough memory, and kretprobe accesses outside of
      allocated memory.
      
      To avoid this issue, introduce a max limitation of the
      kretprobe::data_size. 4KB per instance should be OK.
      
      Link: https://lkml.kernel.org/r/163836995040.432120.10322772773821182925.stgit@devnote2
      
      Cc: stable@vger.kernel.org
      Fixes: f47cd9b5 ("kprobes: kretprobe user entry-handler")
      Reported-by: default avatarzhangyue <zhangyue1@kylinos.cn>
      Signed-off-by: default avatarMasami Hiramatsu <mhiramat@kernel.org>
      Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      6bbfa441
    • Chen Jun's avatar
      tracing: Fix a kmemleak false positive in tracing_map · f25667e5
      Chen Jun authored
      Doing the command:
        echo 'hist:key=common_pid.execname,common_timestamp' > /sys/kernel/debug/tracing/events/xxx/trigger
      
      Triggers many kmemleak reports:
      
      unreferenced object 0xffff0000c7ea4980 (size 128):
        comm "bash", pid 338, jiffies 4294912626 (age 9339.324s)
        hex dump (first 32 bytes):
          00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
          00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
        backtrace:
          [<00000000f3469921>] kmem_cache_alloc_trace+0x4c0/0x6f0
          [<0000000054ca40c3>] hist_trigger_elt_data_alloc+0x140/0x178
          [<00000000633bd154>] tracing_map_init+0x1f8/0x268
          [<000000007e814ab9>] event_hist_trigger_func+0xca0/0x1ad0
          [<00000000bf8520ed>] trigger_process_regex+0xd4/0x128
          [<00000000f549355a>] event_trigger_write+0x7c/0x120
          [<00000000b80f898d>] vfs_write+0xc4/0x380
          [<00000000823e1055>] ksys_write+0x74/0xf8
          [<000000008a9374aa>] __arm64_sys_write+0x24/0x30
          [<0000000087124017>] do_el0_svc+0x88/0x1c0
          [<00000000efd0dcd1>] el0_svc+0x1c/0x28
          [<00000000dbfba9b3>] el0_sync_handler+0x88/0xc0
          [<00000000e7399680>] el0_sync+0x148/0x180
      unreferenced object 0xffff0000c7ea4980 (size 128):
        comm "bash", pid 338, jiffies 4294912626 (age 9339.324s)
        hex dump (first 32 bytes):
          00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
          00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
        backtrace:
          [<00000000f3469921>] kmem_cache_alloc_trace+0x4c0/0x6f0
          [<0000000054ca40c3>] hist_trigger_elt_data_alloc+0x140/0x178
          [<00000000633bd154>] tracing_map_init+0x1f8/0x268
          [<000000007e814ab9>] event_hist_trigger_func+0xca0/0x1ad0
          [<00000000bf8520ed>] trigger_process_regex+0xd4/0x128
          [<00000000f549355a>] event_trigger_write+0x7c/0x120
          [<00000000b80f898d>] vfs_write+0xc4/0x380
          [<00000000823e1055>] ksys_write+0x74/0xf8
          [<000000008a9374aa>] __arm64_sys_write+0x24/0x30
          [<0000000087124017>] do_el0_svc+0x88/0x1c0
          [<00000000efd0dcd1>] el0_svc+0x1c/0x28
          [<00000000dbfba9b3>] el0_sync_handler+0x88/0xc0
          [<00000000e7399680>] el0_sync+0x148/0x180
      
      The reason is elts->pages[i] is alloced by get_zeroed_page.
      and kmemleak will not scan the area alloced by get_zeroed_page.
      The address stored in elts->pages will be regarded as leaked.
      
      That is, the elts->pages[i] will have pointers loaded onto it as well, and
      without telling kmemleak about it, those pointers will look like memory
      without a reference.
      
      To fix this, call kmemleak_alloc to tell kmemleak to scan elts->pages[i]
      
      Link: https://lkml.kernel.org/r/20211124140801.87121-1-chenjun102@huawei.comSigned-off-by: default avatarChen Jun <chenjun102@huawei.com>
      Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      f25667e5
    • Steven Rostedt (VMware)'s avatar
      tracing/histograms: String compares should not care about signed values · 450fec13
      Steven Rostedt (VMware) authored
      When comparing two strings for the "onmatch" histogram trigger, fields
      that are strings use string comparisons, which do not care about being
      signed or not.
      
      Do not fail to match two string fields if one is unsigned char array and
      the other is a signed char array.
      
      Link: https://lore.kernel.org/all/20211129123043.5cfd687a@gandalf.local.home/
      
      Cc: stable@vgerk.kernel.org
      Cc: Tom Zanussi <zanussi@kernel.org>
      Cc: Yafang Shao <laoar.shao@gmail.com>
      Fixes: b05e89ae ("tracing: Accept different type for synthetic event fields")
      Reviewed-by: default avatarMasami Hiramatsu <mhiramatsu@kernel.org>
      Reported-by: default avatarSven Schnelle <svens@linux.ibm.com>
      Signed-off-by: default avatarSteven Rostedt (VMware) <rostedt@goodmis.org>
      450fec13
  2. 01 Dec, 2021 1 commit
    • Linus Torvalds's avatar
      Merge tag 'sound-5.16-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · 4536579b
      Linus Torvalds authored
      Pull sound fixes from Takashi Iwai:
       "A collection of small fixes. A large series is found for ASoC tegra
        drivers to correct the control element handlings, while others are
        mostly for device-specific quirks and fix-ups"
      
      * tag 'sound-5.16-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (25 commits)
        ALSA: hda/hdmi: fix HDA codec entry table order for ADL-P
        ALSA: hda: Add Intel DG2 PCI ID and HDMI codec vid
        ALSA: hda/cs8409: Set PMSG_ON earlier inside cs8409 driver
        ASoC: SOF: hda: reset DAI widget before reconfiguring it
        ASoC: cs35l41: Set the max SPI speed for the whole device
        ALSA: intel-dsp-config: add quirk for CML devices based on ES8336 codec
        ASoC: Intel: soc-acpi: add entry for ESSX8336 on CML
        ASoC: rk817: Add module alias for rk817-codec
        ASoC: soc-acpi: Set mach->id field on comp_ids matches
        ASoC: tegra: Fix kcontrol put callback in Mixer
        ASoC: tegra: Fix kcontrol put callback in ADX
        ASoC: tegra: Fix kcontrol put callback in AMX
        ASoC: tegra: Fix kcontrol put callback in SFC
        ASoC: tegra: Fix kcontrol put callback in MVC
        ASoC: tegra: Fix kcontrol put callback in AHUB
        ASoC: tegra: Fix kcontrol put callback in DSPK
        ASoC: tegra: Fix kcontrol put callback in DMIC
        ASoC: tegra: Fix kcontrol put callback in I2S
        ASoC: tegra: Fix kcontrol put callback in ADMAIF
        ASoC: tegra: Fix wrong value type in MVC
        ...
      4536579b
  3. 30 Nov, 2021 24 commits
  4. 29 Nov, 2021 2 commits
  5. 28 Nov, 2021 8 commits