1. 13 May, 2023 6 commits
    • Tudor Ambarus's avatar
      ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum · 4f043518
      Tudor Ambarus authored
      When modifying the block device while it is mounted by the filesystem,
      syzbot reported the following:
      
      BUG: KASAN: slab-out-of-bounds in crc16+0x206/0x280 lib/crc16.c:58
      Read of size 1 at addr ffff888075f5c0a8 by task syz-executor.2/15586
      
      CPU: 1 PID: 15586 Comm: syz-executor.2 Not tainted 6.2.0-rc5-syzkaller-00205-gc9661827 #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
      Call Trace:
       <TASK>
       __dump_stack lib/dump_stack.c:88 [inline]
       dump_stack_lvl+0x1b1/0x290 lib/dump_stack.c:106
       print_address_description+0x74/0x340 mm/kasan/report.c:306
       print_report+0x107/0x1f0 mm/kasan/report.c:417
       kasan_report+0xcd/0x100 mm/kasan/report.c:517
       crc16+0x206/0x280 lib/crc16.c:58
       ext4_group_desc_csum+0x81b/0xb20 fs/ext4/super.c:3187
       ext4_group_desc_csum_set+0x195/0x230 fs/ext4/super.c:3210
       ext4_mb_clear_bb fs/ext4/mballoc.c:6027 [inline]
       ext4_free_blocks+0x191a/0x2810 fs/ext4/mballoc.c:6173
       ext4_remove_blocks fs/ext4/extents.c:2527 [inline]
       ext4_ext_rm_leaf fs/ext4/extents.c:2710 [inline]
       ext4_ext_remove_space+0x24ef/0x46a0 fs/ext4/extents.c:2958
       ext4_ext_truncate+0x177/0x220 fs/ext4/extents.c:4416
       ext4_truncate+0xa6a/0xea0 fs/ext4/inode.c:4342
       ext4_setattr+0x10c8/0x1930 fs/ext4/inode.c:5622
       notify_change+0xe50/0x1100 fs/attr.c:482
       do_truncate+0x200/0x2f0 fs/open.c:65
       handle_truncate fs/namei.c:3216 [inline]
       do_open fs/namei.c:3561 [inline]
       path_openat+0x272b/0x2dd0 fs/namei.c:3714
       do_filp_open+0x264/0x4f0 fs/namei.c:3741
       do_sys_openat2+0x124/0x4e0 fs/open.c:1310
       do_sys_open fs/open.c:1326 [inline]
       __do_sys_creat fs/open.c:1402 [inline]
       __se_sys_creat fs/open.c:1396 [inline]
       __x64_sys_creat+0x11f/0x160 fs/open.c:1396
       do_syscall_x64 arch/x86/entry/common.c:50 [inline]
       do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
       entry_SYSCALL_64_after_hwframe+0x63/0xcd
      RIP: 0033:0x7f72f8a8c0c9
      Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
      RSP: 002b:00007f72f97e3168 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
      RAX: ffffffffffffffda RBX: 00007f72f8bac050 RCX: 00007f72f8a8c0c9
      RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000280
      RBP: 00007f72f8ae7ae9 R08: 0000000000000000 R09: 0000000000000000
      R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
      R13: 00007ffd165348bf R14: 00007f72f97e3300 R15: 0000000000022000
      
      Replace
      	le16_to_cpu(sbi->s_es->s_desc_size)
      with
      	sbi->s_desc_size
      
      It reduces ext4's compiled text size, and makes the code more efficient
      (we remove an extra indirect reference and a potential byte
      swap on big endian systems), and there is no downside. It also avoids the
      potential KASAN / syzkaller failure, as a bonus.
      
      Reported-by: syzbot+fc51227e7100c9294894@syzkaller.appspotmail.com
      Reported-by: syzbot+8785e41224a3afd04321@syzkaller.appspotmail.com
      Link: https://syzkaller.appspot.com/bug?id=70d28d11ab14bd7938f3e088365252aa923cff42
      Link: https://syzkaller.appspot.com/bug?id=b85721b38583ecc6b5e72ff524c67302abbc30f3
      Link: https://lore.kernel.org/all/000000000000ece18705f3b20934@google.com/
      Fixes: 717d50e4 ("Ext4: Uninitialized Block Groups")
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarTudor Ambarus <tudor.ambarus@linaro.org>
      Link: https://lore.kernel.org/r/20230504121525.3275886-1-tudor.ambarus@linaro.orgSigned-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      4f043518
    • Jan Kara's avatar
      ext4: fix data races when using cached status extents · 492888df
      Jan Kara authored
      When using cached extent stored in extent status tree in tree->cache_es
      another process holding ei->i_es_lock for reading can be racing with us
      setting new value of tree->cache_es. If the compiler would decide to
      refetch tree->cache_es at an unfortunate moment, it could result in a
      bogus in_range() check. Fix the possible race by using READ_ONCE() when
      using tree->cache_es only under ei->i_es_lock for reading.
      
      Cc: stable@kernel.org
      Reported-by: syzbot+4a03518df1e31b537066@syzkaller.appspotmail.com
      Link: https://lore.kernel.org/all/000000000000d3b33905fa0fd4a6@google.comSuggested-by: default avatarDmitry Vyukov <dvyukov@google.com>
      Signed-off-by: default avatarJan Kara <jack@suse.cz>
      Link: https://lore.kernel.org/r/20230504125524.10802-1-jack@suse.czSigned-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      492888df
    • Jan Kara's avatar
      ext4: avoid deadlock in fs reclaim with page writeback · 00d873c1
      Jan Kara authored
      Ext4 has a filesystem wide lock protecting ext4_writepages() calls to
      avoid races with switching of journalled data flag or inode format. This
      lock can however cause a deadlock like:
      
      CPU0                            CPU1
      
      ext4_writepages()
        percpu_down_read(sbi->s_writepages_rwsem);
                                      ext4_change_inode_journal_flag()
                                        percpu_down_write(sbi->s_writepages_rwsem);
                                          - blocks, all readers block from now on
        ext4_do_writepages()
          ext4_init_io_end()
            kmem_cache_zalloc(io_end_cachep, GFP_KERNEL)
              fs_reclaim frees dentry...
                dentry_unlink_inode()
                  iput() - last ref =>
                    iput_final() - inode dirty =>
                      write_inode_now()...
                        ext4_writepages() tries to acquire sbi->s_writepages_rwsem
                          and blocks forever
      
      Make sure we cannot recurse into filesystem reclaim from writeback code
      to avoid the deadlock.
      
      Reported-by: syzbot+6898da502aef574c5f8a@syzkaller.appspotmail.com
      Link: https://lore.kernel.org/all/0000000000004c66b405fa108e27@google.com
      Fixes: c8585c6f ("ext4: fix races between changing inode journal mode and ext4_writepages")
      CC: stable@vger.kernel.org
      Signed-off-by: default avatarJan Kara <jack@suse.cz>
      Link: https://lore.kernel.org/r/20230504124723.20205-1-jack@suse.czSigned-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      00d873c1
    • Theodore Ts'o's avatar
      ext4: fix invalid free tracking in ext4_xattr_move_to_block() · b87c7cdf
      Theodore Ts'o authored
      In ext4_xattr_move_to_block(), the value of the extended attribute
      which we need to move to an external block may be allocated by
      kvmalloc() if the value is stored in an external inode.  So at the end
      of the function the code tried to check if this was the case by
      testing entry->e_value_inum.
      
      However, at this point, the pointer to the xattr entry is no longer
      valid, because it was removed from the original location where it had
      been stored.  So we could end up calling kvfree() on a pointer which
      was not allocated by kvmalloc(); or we could also potentially leak
      memory by not freeing the buffer when it should be freed.  Fix this by
      storing whether it should be freed in a separate variable.
      
      Cc: stable@kernel.org
      Link: https://lore.kernel.org/r/20230430160426.581366-1-tytso@mit.edu
      Link: https://syzkaller.appspot.com/bug?id=5c2aee8256e30b55ccf57312c16d88417adbd5e1
      Link: https://syzkaller.appspot.com/bug?id=41a6b5d4917c0412eb3b3c3c604965bed7d7420b
      Reported-by: syzbot+64b645917ce07d89bde5@syzkaller.appspotmail.com
      Reported-by: syzbot+0d042627c4f2ad332195@syzkaller.appspotmail.com
      Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      b87c7cdf
    • Theodore Ts'o's avatar
      ext4: remove a BUG_ON in ext4_mb_release_group_pa() · 463808f2
      Theodore Ts'o authored
      If a malicious fuzzer overwrites the ext4 superblock while it is
      mounted such that the s_first_data_block is set to a very large
      number, the calculation of the block group can underflow, and trigger
      a BUG_ON check.  Change this to be an ext4_warning so that we don't
      crash the kernel.
      
      Cc: stable@kernel.org
      Link: https://lore.kernel.org/r/20230430154311.579720-3-tytso@mit.edu
      Reported-by: syzbot+e2efa3efc15a1c9e95c3@syzkaller.appspotmail.com
      Link: https://syzkaller.appspot.com/bug?id=69b28112e098b070f639efb356393af3ffec4220Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      463808f2
    • Theodore Ts'o's avatar
      ext4: allow ext4_get_group_info() to fail · 5354b2af
      Theodore Ts'o authored
      Previously, ext4_get_group_info() would treat an invalid group number
      as BUG(), since in theory it should never happen.  However, if a
      malicious attaker (or fuzzer) modifies the superblock via the block
      device while it is the file system is mounted, it is possible for
      s_first_data_block to get set to a very large number.  In that case,
      when calculating the block group of some block number (such as the
      starting block of a preallocation region), could result in an
      underflow and very large block group number.  Then the BUG_ON check in
      ext4_get_group_info() would fire, resutling in a denial of service
      attack that can be triggered by root or someone with write access to
      the block device.
      
      For a quality of implementation perspective, it's best that even if
      the system administrator does something that they shouldn't, that it
      will not trigger a BUG.  So instead of BUG'ing, ext4_get_group_info()
      will call ext4_error and return NULL.  We also add fallback code in
      all of the callers of ext4_get_group_info() that it might NULL.
      
      Also, since ext4_get_group_info() was already borderline to be an
      inline function, un-inline it.  The results in a next reduction of the
      compiled text size of ext4 by roughly 2k.
      
      Cc: stable@kernel.org
      Link: https://lore.kernel.org/r/20230430154311.579720-2-tytso@mit.edu
      Reported-by: syzbot+e2efa3efc15a1c9e95c3@syzkaller.appspotmail.com
      Link: https://syzkaller.appspot.com/bug?id=69b28112e098b070f639efb356393af3ffec4220Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      Reviewed-by: default avatarJan Kara <jack@suse.cz>
      5354b2af
  2. 08 May, 2023 2 commits
    • Jan Kara's avatar
      ext4: fix lockdep warning when enabling MMP · 949f95ff
      Jan Kara authored
      When we enable MMP in ext4_multi_mount_protect() during mount or
      remount, we end up calling sb_start_write() from write_mmp_block(). This
      triggers lockdep warning because freeze protection ranks above s_umount
      semaphore we are holding during mount / remount. The problem is harmless
      because we are guaranteed the filesystem is not frozen during mount /
      remount but still let's fix the warning by not grabbing freeze
      protection from ext4_multi_mount_protect().
      
      Cc: stable@kernel.org
      Reported-by: syzbot+6b7df7d5506b32467149@syzkaller.appspotmail.com
      Link: https://syzkaller.appspot.com/bug?id=ab7e5b6f400b7778d46f01841422e5718fb81843Signed-off-by: default avatarJan Kara <jack@suse.cz>
      Reviewed-by: default avatarChristian Brauner <brauner@kernel.org>
      Link: https://lore.kernel.org/r/20230411121019.21940-1-jack@suse.czSigned-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      949f95ff
    • Ye Bin's avatar
      ext4: fix WARNING in mb_find_extent · fa08a7b6
      Ye Bin authored
      Syzbot found the following issue:
      
      EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
      EXT4-fs (loop0): orphan cleanup on readonly fs
      ------------[ cut here ]------------
      WARNING: CPU: 1 PID: 5067 at fs/ext4/mballoc.c:1869 mb_find_extent+0x8a1/0xe30
      Modules linked in:
      CPU: 1 PID: 5067 Comm: syz-executor307 Not tainted 6.2.0-rc1-syzkaller #0
      Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022
      RIP: 0010:mb_find_extent+0x8a1/0xe30 fs/ext4/mballoc.c:1869
      RSP: 0018:ffffc90003c9e098 EFLAGS: 00010293
      RAX: ffffffff82405731 RBX: 0000000000000041 RCX: ffff8880783457c0
      RDX: 0000000000000000 RSI: 0000000000000041 RDI: 0000000000000040
      RBP: 0000000000000040 R08: ffffffff82405723 R09: ffffed10053c9402
      R10: ffffed10053c9402 R11: 1ffff110053c9401 R12: 0000000000000000
      R13: ffffc90003c9e538 R14: dffffc0000000000 R15: ffffc90003c9e2cc
      FS:  0000555556665300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
      CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      CR2: 000056312f6796f8 CR3: 0000000022437000 CR4: 00000000003506e0
      DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
      DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
      Call Trace:
       <TASK>
       ext4_mb_complex_scan_group+0x353/0x1100 fs/ext4/mballoc.c:2307
       ext4_mb_regular_allocator+0x1533/0x3860 fs/ext4/mballoc.c:2735
       ext4_mb_new_blocks+0xddf/0x3db0 fs/ext4/mballoc.c:5605
       ext4_ext_map_blocks+0x1868/0x6880 fs/ext4/extents.c:4286
       ext4_map_blocks+0xa49/0x1cc0 fs/ext4/inode.c:651
       ext4_getblk+0x1b9/0x770 fs/ext4/inode.c:864
       ext4_bread+0x2a/0x170 fs/ext4/inode.c:920
       ext4_quota_write+0x225/0x570 fs/ext4/super.c:7105
       write_blk fs/quota/quota_tree.c:64 [inline]
       get_free_dqblk+0x34a/0x6d0 fs/quota/quota_tree.c:130
       do_insert_tree+0x26b/0x1aa0 fs/quota/quota_tree.c:340
       do_insert_tree+0x722/0x1aa0 fs/quota/quota_tree.c:375
       do_insert_tree+0x722/0x1aa0 fs/quota/quota_tree.c:375
       do_insert_tree+0x722/0x1aa0 fs/quota/quota_tree.c:375
       dq_insert_tree fs/quota/quota_tree.c:401 [inline]
       qtree_write_dquot+0x3b6/0x530 fs/quota/quota_tree.c:420
       v2_write_dquot+0x11b/0x190 fs/quota/quota_v2.c:358
       dquot_acquire+0x348/0x670 fs/quota/dquot.c:444
       ext4_acquire_dquot+0x2dc/0x400 fs/ext4/super.c:6740
       dqget+0x999/0xdc0 fs/quota/dquot.c:914
       __dquot_initialize+0x3d0/0xcf0 fs/quota/dquot.c:1492
       ext4_process_orphan+0x57/0x2d0 fs/ext4/orphan.c:329
       ext4_orphan_cleanup+0xb60/0x1340 fs/ext4/orphan.c:474
       __ext4_fill_super fs/ext4/super.c:5516 [inline]
       ext4_fill_super+0x81cd/0x8700 fs/ext4/super.c:5644
       get_tree_bdev+0x400/0x620 fs/super.c:1282
       vfs_get_tree+0x88/0x270 fs/super.c:1489
       do_new_mount+0x289/0xad0 fs/namespace.c:3145
       do_mount fs/namespace.c:3488 [inline]
       __do_sys_mount fs/namespace.c:3697 [inline]
       __se_sys_mount+0x2d3/0x3c0 fs/namespace.c:3674
       do_syscall_x64 arch/x86/entry/common.c:50 [inline]
       do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
       entry_SYSCALL_64_after_hwframe+0x63/0xcd
      
      Add some debug information:
      mb_find_extent: mb_find_extent block=41, order=0 needed=64 next=0 ex=0/41/1@3735929054 64 64 7
      block_bitmap: ff 3f 0c 00 fc 01 00 00 d2 3d 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
      
      Acctually, blocks per group is 64, but block bitmap indicate at least has
      128 blocks. Now, ext4_validate_block_bitmap() didn't check invalid block's
      bitmap if set.
      To resolve above issue, add check like fsck "Padding at end of block bitmap is
      not set".
      
      Cc: stable@kernel.org
      Reported-by: syzbot+68223fe9f6c95ad43bed@syzkaller.appspotmail.com
      Signed-off-by: default avatarYe Bin <yebin10@huawei.com>
      Reviewed-by: default avatarJan Kara <jack@suse.cz>
      Link: https://lore.kernel.org/r/20230116020015.1506120-1-yebin@huaweicloud.comSigned-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
      fa08a7b6
  3. 07 May, 2023 8 commits
    • Linus Torvalds's avatar
      Linux 6.4-rc1 · ac9a7868
      Linus Torvalds authored
      ac9a7868
    • Linus Torvalds's avatar
      Merge tag 'perf-tools-for-v6.4-3-2023-05-06' of... · f085df1b
      Linus Torvalds authored
      Merge tag 'perf-tools-for-v6.4-3-2023-05-06' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux
      
      Pull perf tool updates from Arnaldo Carvalho de Melo:
       "Third version of perf tool updates, with the build problems with with
        using a 'vmlinux.h' generated from the main build fixed, and the bpf
        skeleton build disabled by default.
      
        Build:
      
         - Require libtraceevent to build, one can disable it using
           NO_LIBTRACEEVENT=1.
      
           It is required for tools like 'perf sched', 'perf kvm', 'perf
           trace', etc.
      
           libtraceevent is available in most distros so installing
           'libtraceevent-devel' should be a one-time event to continue
           building perf as usual.
      
           Using NO_LIBTRACEEVENT=1 produces tooling that is functional and
           sufficient for lots of users not interested in those libtraceevent
           dependent features.
      
         - Allow Python support in 'perf script' when libtraceevent isn't
           linked, as not all features requires it, for instance Intel PT does
           not use tracepoints.
      
         - Error if the python interpreter needed for jevents to work isn't
           available and NO_JEVENTS=1 isn't set, preventing a build without
           support for JSON vendor events, which is a rare but possible
           condition. The two check error messages:
      
              $(error ERROR: No python interpreter needed for jevents generation. Install python or build with NO_JEVENTS=1.)
              $(error ERROR: Python interpreter needed for jevents generation too old (older than 3.6). Install a newer python or build with NO_JEVENTS=1.)
      
         - Make libbpf 1.0 the minimum required when building with out of
           tree, distro provided libbpf.
      
         - Use libsdtc++'s and LLVM's libcxx's __cxa_demangle, a portable C++
           demangler, add 'perf test' entry for it.
      
         - Make binutils libraries opt in, as distros disable building with it
           due to licensing, they were used for C++ demangling, for instance.
      
         - Switch libpfm4 to opt-out rather than opt-in, if libpfm-devel (or
           equivalent) isn't installed, we'll just have a build warning:
      
             Makefile.config:1144: libpfm4 not found, disables libpfm4 support. Please install libpfm4-dev
      
         - Add a feature test for scandirat(), that is not implemented so far
           in musl and uclibc, disabling features that need it, such as
           scanning for tracepoints in /sys/kernel/tracing/events.
      
        perf BPF filters:
      
         - New feature where BPF can be used to filter samples, for instance:
      
            $ sudo ./perf record -e cycles --filter 'period > 1000' true
            $ sudo ./perf script
                 perf-exec 2273949 546850.708501:       5029 cycles:  ffffffff826f9e25 finish_wait+0x5 ([kernel.kallsyms])
                 perf-exec 2273949 546850.708508:      32409 cycles:  ffffffff826f9e25 finish_wait+0x5 ([kernel.kallsyms])
                 perf-exec 2273949 546850.708526:     143369 cycles:  ffffffff82b4cdbf xas_start+0x5f ([kernel.kallsyms])
                 perf-exec 2273949 546850.708600:     372650 cycles:  ffffffff8286b8f7 __pagevec_lru_add+0x117 ([kernel.kallsyms])
                 perf-exec 2273949 546850.708791:     482953 cycles:  ffffffff829190de __mod_memcg_lruvec_state+0x4e ([kernel.kallsyms])
                      true 2273949 546850.709036:     501985 cycles:  ffffffff828add7c tlb_gather_mmu+0x4c ([kernel.kallsyms])
                      true 2273949 546850.709292:     503065 cycles:      7f2446d97c03 _dl_map_object_deps+0x973 (/usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2)
      
         - In addition to 'period' (PERF_SAMPLE_PERIOD), the other
           PERF_SAMPLE_ can be used for filtering, and also some other sample
           accessible values, from tools/perf/Documentation/perf-record.txt:
      
              Essentially the BPF filter expression is:
      
              <term> <operator> <value> (("," | "||") <term> <operator> <value>)*
      
           The <term> can be one of:
              ip, id, tid, pid, cpu, time, addr, period, txn, weight, phys_addr,
              code_pgsz, data_pgsz, weight1, weight2, weight3, ins_lat, retire_lat,
              p_stage_cyc, mem_op, mem_lvl, mem_snoop, mem_remote, mem_lock,
              mem_dtlb, mem_blk, mem_hops
      
           The <operator> can be one of:
              ==, !=, >, >=, <, <=, &
      
           The <value> can be one of:
              <number> (for any term)
              na, load, store, pfetch, exec (for mem_op)
              l1, l2, l3, l4, cxl, io, any_cache, lfb, ram, pmem (for mem_lvl)
              na, none, hit, miss, hitm, fwd, peer (for mem_snoop)
              remote (for mem_remote)
              na, locked (for mem_locked)
              na, l1_hit, l1_miss, l2_hit, l2_miss, any_hit, any_miss, walk, fault (for mem_dtlb)
              na, by_data, by_addr (for mem_blk)
              hops0, hops1, hops2, hops3 (for mem_hops)
      
        perf lock contention:
      
         - Show lock type with address.
      
         - Track and show mmap_lock, siglock and per-cpu rq_lock with address.
           This is done for mmap_lock by following the current->mm pointer:
      
            $ sudo ./perf lock con -abl -- sleep 10
             contended   total wait     max wait     avg wait            address   symbol
             ...
                 16344    312.30 ms      2.22 ms     19.11 us   ffff8cc702595640
                 17686    310.08 ms      1.49 ms     17.53 us   ffff8cc7025952c0
                     3     84.14 ms     45.79 ms     28.05 ms   ffff8cc78114c478   mmap_lock
                  3557     76.80 ms     68.75 us     21.59 us   ffff8cc77ca3af58
                     1     68.27 ms     68.27 ms     68.27 ms   ffff8cda745dfd70
                     9     54.53 ms      7.96 ms      6.06 ms   ffff8cc7642a48b8   mmap_lock
                 14629     44.01 ms     60.00 us      3.01 us   ffff8cc7625f9ca0
                  3481     42.63 ms    140.71 us     12.24 us   ffffffff937906ac   vmap_area_lock
                 16194     38.73 ms     42.15 us      2.39 us   ffff8cd397cbc560
                    11     38.44 ms     10.39 ms      3.49 ms   ffff8ccd6d12fbb8   mmap_lock
                     1      5.43 ms      5.43 ms      5.43 ms   ffff8cd70018f0d8
                  1674      5.38 ms    422.93 us      3.21 us   ffffffff92e06080   tasklist_lock
                   581      4.51 ms    130.68 us      7.75 us   ffff8cc9b1259058
                     5      3.52 ms      1.27 ms    703.23 us   ffff8cc754510070
                   112      3.47 ms     56.47 us     31.02 us   ffff8ccee38b3120
                   381      3.31 ms     73.44 us      8.69 us   ffffffff93790690   purge_vmap_area_lock
                   255      3.19 ms     36.35 us     12.49 us   ffff8d053ce30c80
      
         - Update default map size to 16384.
      
         - Allocate single letter option -M for --map-nr-entries, as it is
           proving being frequently used.
      
         - Fix struct rq lock access for older kernels with BPF's CO-RE
           (Compile once, run everywhere).
      
         - Fix problems found with MSAn.
      
        perf report/top:
      
         - Add inline information when using --call-graph=fp or lbr, as was
           already done to the --call-graph=dwarf callchain mode.
      
         - Improve the 'srcfile' sort key performance by really using an
           optimization introduced in 6.2 for the 'srcline' sort key that
           avoids calling addr2line for comparision with each sample.
      
        perf sched:
      
         - Make 'perf sched latency/map/replay' to use "sched:sched_waking"
           instead of "sched:sched_waking", consistent with 'perf record'
           since d566a9c2 ("perf sched: Prefer sched_waking event when it
           exists").
      
        perf ftrace:
      
         - Make system wide the default target for latency subcommand, run the
           following command then generate some network traffic and press
           control+C:
      
             # perf ftrace latency -T __kfree_skb
           ^C
               DURATION     |      COUNT | GRAPH                                          |
                0 - 1    us |         27 | #############                                  |
                1 - 2    us |         22 | ###########                                    |
                2 - 4    us |          8 | ####                                           |
                4 - 8    us |          5 | ##                                             |
                8 - 16   us |         24 | ############                                   |
               16 - 32   us |          2 | #                                              |
               32 - 64   us |          1 |                                                |
               64 - 128  us |          0 |                                                |
              128 - 256  us |          0 |                                                |
              256 - 512  us |          0 |                                                |
              512 - 1024 us |          0 |                                                |
                1 - 2    ms |          0 |                                                |
                2 - 4    ms |          0 |                                                |
                4 - 8    ms |          0 |                                                |
                8 - 16   ms |          0 |                                                |
               16 - 32   ms |          0 |                                                |
               32 - 64   ms |          0 |                                                |
               64 - 128  ms |          0 |                                                |
              128 - 256  ms |          0 |                                                |
              256 - 512  ms |          0 |                                                |
              512 - 1024 ms |          0 |                                                |
                1 - ...   s |          0 |                                                |
             #
      
        perf top:
      
         - Add --branch-history (LBR: Last Branch Record) option, just like
           already available for 'perf record'.
      
         - Fix segfault in thread__comm_len() where thread->comm was being
           used outside thread->comm_lock.
      
        perf annotate:
      
         - Allow configuring objdump and addr2line in ~/.perfconfig., so that
           you can use alternative binaries, such as llvm's.
      
        perf kvm:
      
         - Add TUI mode for 'perf kvm stat report'.
      
        Reference counting:
      
         - Add reference count checking infrastructure to check for use after
           free, done to the 'cpumap', 'namespaces', 'maps' and 'map' structs,
           more to come.
      
           To build with it use -DREFCNT_CHECKING=1 in the make command line
           to build tools/perf. Documented at:
      
             https://perf.wiki.kernel.org/index.php/Reference_Count_Checking
      
         - The above caught, for instance, fix, present in this series:
      
              - Fix maps use after put in 'perf test "Share thread maps"':
      
                'maps' is copied from leader, but the leader is put on line 79
                and then 'maps' is used to read the reference count below - so
                a use after put, with the put of maps happening within
                thread__put.
      
           Fixed by reversing the order of puts so that the leader is put
           last.
      
         - Also several fixes were made to places where reference counts were
           not being held.
      
         - Make this one of the tests in 'make -C tools/perf build-test' to
           regularly build test it and to make sure no direct access to the
           reference counted structs are made, doing that via accessors to
           check the validity of the struct pointer.
      
        ARM64:
      
         - Fix 'perf report' segfault when filtering coresight traces by
           sparse lists of CPUs.
      
         - Add support for 'simd' as a sort field for 'perf report', to show
           ARM's NEON SIMD's predicate flags: "partial" and "empty".
      
        arm64 vendor events:
      
         - Add N1 metrics.
      
        Intel vendor events:
      
         - Add graniterapids, grandridge and sierraforrest events.
      
         - Refresh events for: alderlake, aldernaken, broadwell, broadwellde,
           broadwellx, cascadelakx, haswell, haswellx, icelake, icelakex,
           jaketown, meteorlake, knightslanding, sandybridge, sapphirerapids,
           silvermont, skylake, tigerlake and westmereep-dp
      
         - Refresh metrics for alderlake-n, broadwell, broadwellde,
           broadwellx, haswell, haswellx, icelakex, ivybridge, ivytown and
           skylakex.
      
        perf stat:
      
         - Implement --topdown using JSON metrics.
      
         - Add TopdownL1 JSON metric as a default if present, but disable it
           for now for some Intel hybrid architectures, a series of patches
           addressing this is being reviewed and will be submitted for v6.5.
      
         - Use metrics for --smi-cost.
      
         - Update topdown documentation.
      
        Vendor events (JSON) infrastructure:
      
         - Add support for computing and printing metric threshold values. For
           instance, here is one found in thesapphirerapids json file:
      
             {
                 "BriefDescription": "Percentage of cycles spent in System Management Interrupts.",
                 "MetricExpr": "((msr@aperf@ - cycles) / msr@aperf@ if msr@smi@ > 0 else 0)",
                 "MetricGroup": "smi",
                 "MetricName": "smi_cycles",
                 "MetricThreshold": "smi_cycles > 0.1",
                 "ScaleUnit": "100%"
             },
      
         - Test parsing metric thresholds with the fake PMU in 'perf test
           pmu-events'.
      
         - Support for printing metric thresholds in 'perf list'.
      
         - Add --metric-no-threshold option to 'perf stat'.
      
         - Add rand (reverse and) and has_pmem (optane memory) support to
           metrics.
      
         - Sort list of input files to avoid depending on the order from
           readdir() helping in obtaining reproducible builds.
      
        S/390:
      
         - Add common metrics: - CPI (cycles per instruction), prbstate (ratio
           of instructions executed in problem state compared to total number
           of instructions), l1mp (Level one instruction and data cache misses
           per 100 instructions).
      
         - Add cache metrics for z13, z14, z15 and z16.
      
         - Add metric for TLB and cache.
      
        ARM:
      
         - Add raw decoding for SPE (Statistical Profiling Extension) v1.3 MTE
           (Memory Tagging Extension) and MOPS (Memory Operations) load/store.
      
        Intel PT hardware tracing:
      
         - Add event type names UINTR (User interrupt delivered) and UIRET
           (Exiting from user interrupt routine), documented in table 32-50
           "CFE Packet Type and Vector Fields Details" in the Intel Processor
           Trace chapter of The Intel SDM Volume 3 version 078.
      
         - Add support for new branch instructions ERETS and ERETU.
      
         - Fix CYC timestamps after standalone CBR
      
        ARM CoreSight hardware tracing:
      
         - Allow user to override timestamp and contextid settings.
      
         - Fix segfault in dso lookup.
      
         - Fix timeless decode mode detection.
      
         - Add separate decode paths for timeless and per-thread modes.
      
        auxtrace:
      
         - Fix address filter entire kernel size.
      
        Miscellaneous:
      
         - Fix use-after-free and unaligned bugs in the PLT handling routines.
      
         - Use zfree() to reduce chances of use after free.
      
         - Add missing 0x prefix for addresses printed in hexadecimal in 'perf
           probe'.
      
         - Suppress massive unsupported target platform errors in the unwind
           code.
      
         - Fix return incorrect build_id size in elf_read_build_id().
      
         - Fix 'perf scripts intel-pt-events.py' IPC output for Python 2 .
      
         - Add missing new parameter in kfree_skb tracepoint to the python
           scripts using it.
      
         - Add 'perf bench syscall fork' benchmark.
      
         - Add support for printing PERF_MEM_LVLNUM_UNC (Uncached access) in
           'perf mem'.
      
         - Fix wrong size expectation for perf test 'Setup struct
           perf_event_attr' caused by the patch adding
           perf_event_attr::config3.
      
         - Fix some spelling mistakes"
      
      * tag 'perf-tools-for-v6.4-3-2023-05-06' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux: (365 commits)
        Revert "perf build: Make BUILD_BPF_SKEL default, rename to NO_BPF_SKEL"
        Revert "perf build: Warn for BPF skeletons if endian mismatches"
        perf metrics: Fix SEGV with --for-each-cgroup
        perf bpf skels: Stop using vmlinux.h generated from BTF, use subset of used structs + CO-RE
        perf stat: Separate bperf from bpf_profiler
        perf test record+probe_libc_inet_pton: Fix call chain match on x86_64
        perf test record+probe_libc_inet_pton: Fix call chain match on s390
        perf tracepoint: Fix memory leak in is_valid_tracepoint()
        perf cs-etm: Add fix for coresight trace for any range of CPUs
        perf build: Fix unescaped # in perf build-test
        perf unwind: Suppress massive unsupported target platform errors
        perf script: Add new parameter in kfree_skb tracepoint to the python scripts using it
        perf script: Print raw ip instead of binary offset for callchain
        perf symbols: Fix return incorrect build_id size in elf_read_build_id()
        perf list: Modify the warning message about scandirat(3)
        perf list: Fix memory leaks in print_tracepoint_events()
        perf lock contention: Rework offset calculation with BPF CO-RE
        perf lock contention: Fix struct rq lock access
        perf stat: Disable TopdownL1 on hybrid
        perf stat: Avoid SEGV on counter->name
        ...
      f085df1b
    • Linus Torvalds's avatar
      Merge tag 'core-debugobjects-2023-05-06' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 17784de6
      Linus Torvalds authored
      Pull debugobjects fix from Thomas Gleixner:
       "A single fix for debugobjects:
      
        The recent fix to ensure atomicity of lookup and allocation
        inadvertently broke the pool refill mechanism, so that debugobject
        OOMs now in certain situations. The reason is that the functions which
        got updated no longer invoke debug_objecs_init(), which is now the
        only place to care about refilling the tracking object pool.
      
        Restore the original behaviour by adding explicit refill opportunities
        to those places"
      
      * tag 'core-debugobjects-2023-05-06' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        debugobject: Ensure pool refill (again)
      17784de6
    • Linus Torvalds's avatar
      Merge tag 'v6.4-p2' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · 6f69c981
      Linus Torvalds authored
      Pull crypto fixes from Herbert Xu:
      
       - A long-standing bug in crypto_engine
      
       - A buggy but harmless check in the sun8i-ss driver
      
       - A regression in the CRYPTO_USER interface
      
      * tag 'v6.4-p2' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
        crypto: api - Fix CRYPTO_USER checks for report function
        crypto: engine - fix crypto_queue backlog handling
        crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs()
      6f69c981
    • Linus Torvalds's avatar
      Merge tag '6.4-rc-smb3-client-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6 · 63342b1d
      Linus Torvalds authored
      Pull cifs fixes from Steve French:
       "smb3 client fixes, mostly DFS or reconnect related:
      
         - Two DFS connection sharing fixes
      
         - DFS refresh fix
      
         - Reconnect fix
      
         - Two potential use after free fixes
      
         - Also print prefix patch in mount debug msg
      
         - Two small cleanup fixes"
      
      * tag '6.4-rc-smb3-client-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6:
        cifs: Remove unneeded semicolon
        cifs: fix sharing of DFS connections
        cifs: avoid potential races when handling multiple dfs tcons
        cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath
        cifs: fix potential race when tree connecting ipc
        cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname
        cifs: print smb3_fs_context::source when mounting
        cifs: protect session status check in smb2_reconnect()
        SMB3.1.1: correct definition for app_instance_id create contexts
      63342b1d
    • Linus Torvalds's avatar
      Merge tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux · d6b8a8c4
      Linus Torvalds authored
      Pull clk fixes from Stephen Boyd:
       "A couple more patches that would be good to get into -rc1:
      
         - Revert an i.MX patch that's causing video failures because division
           math goes sideways
      
         - Fix a clang + W=1 build isue where FIELD_PREP() is taking a 32-bit
           variable instead of the usual u64 type
      
         - Fix a Kconfig bug in the StarFive JH7110 clk config that selects a
           reset controller when it can't be selected"
      
      * tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux:
        clk: starfive: Fix RESET_STARFIVE_JH7110 can't be selected in a specified case
        clk: sp7021: Adjust width of _m in HWM_FIELD_PREP()
        Revert "clk: imx: composite-8m: Add support to determine_rate"
      d6b8a8c4
    • Linus Torvalds's avatar
      Merge tag 'mailbox-v6.4' of git://git.linaro.org/landing-teams/working/fujitsu/integration · 1c1094e4
      Linus Torvalds authored
      Pull mailbox updates from Jassi Brar:
      
       - mailbox api: allow direct registration to a channel and convert omap
         and pcc to use mbox_bind_client
      
       - omap and hi6220 : use of_property_read_bool
      
       - test: fix double-free and use spinlock header
      
       - rockchip and bcm-pdc: drop of_match_ptr
      
       - mpfs: change config symbol
      
       - mediatek gce: support MT6795
      
       - qcom apcs: consolidate of_device_id and support IPQ9574
      
      * tag 'mailbox-v6.4' of git://git.linaro.org/landing-teams/working/fujitsu/integration:
        dt-bindings: mailbox: qcom: add compatible for IPQ9574 SoC
        mailbox: qcom-apcs-ipc: do not grow the of_device_id
        dt-bindings: mailbox: qcom,apcs-kpss-global: use fallbacks for few variants
        dt-bindings: mailbox: mediatek,gce-mailbox: Add support for MT6795
        mailbox: mpfs: convert SOC_MICROCHIP_POLARFIRE to ARCH_MICROCHIP_POLARFIRE
        mailbox: bcm-pdc: drop of_match_ptr for ID table
        mailbox: rockchip: drop of_match_ptr for ID table
        mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write()
        mailbox: mailbox-test: Explicitly include header for spinlock support
        mailbox: Use of_property_read_bool() for boolean properties
        mailbox: pcc: Use mbox_bind_client
        mailbox: omap: Use mbox_bind_client
        mailbox: Allow direct registration to a channel
      1c1094e4
    • Linus Torvalds's avatar
      Merge tag 'for-6.4/io_uring-2023-05-07' of git://git.kernel.dk/linux · 03e5cb7b
      Linus Torvalds authored
      Pull more io_uring updates from Jens Axboe:
       "Nothing major in here, just two different parts:
      
         - A small series from Breno that enables passing the full SQE down
           for ->uring_cmd().
      
           This is a prerequisite for enabling full network socket operations.
           Queued up a bit late because of some stylistic concerns that got
           resolved, would be nice to have this in 6.4-rc1 so the dependent
           work will be easier to handle for 6.5.
      
         - Fix for the huge page coalescing, which was a regression introduced
           in the 6.3 kernel release (Tobias)"
      
      * tag 'for-6.4/io_uring-2023-05-07' of git://git.kernel.dk/linux:
        io_uring: Remove unnecessary BUILD_BUG_ON
        io_uring: Pass whole sqe to commands
        io_uring: Create a helper to return the SQE size
        io_uring/rsrc: check for nonconsecutive pages
      03e5cb7b
  4. 06 May, 2023 24 commits