1. 14 Aug, 2021 4 commits
    • Vlastimil Babka's avatar
      mm: slub: fix slub_debug disabling for list of slabs · a7f1d485
      Vlastimil Babka authored
      Vijayanand Jitta reports:
      
        Consider the scenario where CONFIG_SLUB_DEBUG_ON is set and we would
        want to disable slub_debug for few slabs. Using boot parameter with
        slub_debug=-,slab_name syntax doesn't work as expected i.e; only
        disabling debugging for the specified list of slabs. Instead it
        disables debugging for all slabs, which is wrong.
      
      This patch fixes it by delaying the moment when the global slub_debug
      flags variable is updated.  In case a "slub_debug=-,slab_name" has been
      passed, the global flags remain as initialized (depending on
      CONFIG_SLUB_DEBUG_ON enabled or disabled) and are not simply reset to 0.
      
      Link: https://lkml.kernel.org/r/8a3d992a-473a-467b-28a0-4ad2ff60ab82@suse.czSigned-off-by: default avatarVlastimil Babka <vbabka@suse.cz>
      Reported-by: default avatarVijayanand Jitta <vjitta@codeaurora.org>
      Reviewed-by: default avatarVijayanand Jitta <vjitta@codeaurora.org>
      Acked-by: default avatarDavid Rientjes <rientjes@google.com>
      Cc: Christoph Lameter <cl@linux.com>
      Cc: Pekka Enberg <penberg@kernel.org>
      Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
      Cc: Vinayak Menon <vinmenon@codeaurora.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      a7f1d485
    • Shakeel Butt's avatar
      slub: fix kmalloc_pagealloc_invalid_free unit test · 1ed7ce57
      Shakeel Butt authored
      The unit test kmalloc_pagealloc_invalid_free makes sure that for the
      higher order slub allocation which goes to page allocator, the free is
      called with the correct address i.e.  the virtual address of the head
      page.
      
      Commit f227f0fa ("slub: fix unreclaimable slab stat for bulk free")
      unified the free code paths for page allocator based slub allocations
      but instead of using the address passed by the caller, it extracted the
      address from the page.  Thus making the unit test
      kmalloc_pagealloc_invalid_free moot.  So, fix this by using the address
      passed by the caller.
      
      Should we fix this? I think yes because dev expect kasan to catch these
      type of programming bugs.
      
      Link: https://lkml.kernel.org/r/20210802180819.1110165-1-shakeelb@google.com
      Fixes: f227f0fa ("slub: fix unreclaimable slab stat for bulk free")
      Signed-off-by: default avatarShakeel Butt <shakeelb@google.com>
      Reported-by: default avatarNathan Chancellor <nathan@kernel.org>
      Tested-by: default avatarNathan Chancellor <nathan@kernel.org>
      Acked-by: default avatarRoman Gushchin <guro@fb.com>
      Cc: Michal Hocko <mhocko@suse.com>
      Cc: Muchun Song <songmuchun@bytedance.com>
      Cc: Christoph Lameter <cl@linux.com>
      Cc: Pekka Enberg <penberg@kernel.org>
      Cc: David Rientjes <rientjes@google.com>
      Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      1ed7ce57
    • Kuan-Ying Lee's avatar
      kasan, slub: reset tag when printing address · 340caf17
      Kuan-Ying Lee authored
      The address still includes the tags when it is printed.  With hardware
      tag-based kasan enabled, we will get a false positive KASAN issue when
      we access metadata.
      
      Reset the tag before we access the metadata.
      
      Link: https://lkml.kernel.org/r/20210804090957.12393-3-Kuan-Ying.Lee@mediatek.com
      Fixes: aa1ef4d7 ("kasan, mm: reset tags when accessing metadata")
      Signed-off-by: default avatarKuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
      Reviewed-by: default avatarMarco Elver <elver@google.com>
      Reviewed-by: default avatarAndrey Konovalov <andreyknvl@gmail.com>
      Cc: Alexander Potapenko <glider@google.com>
      Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: Chinwen Chang <chinwen.chang@mediatek.com>
      Cc: Nicholas Tang <nicholas.tang@mediatek.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      340caf17
    • Kuan-Ying Lee's avatar
      kasan, kmemleak: reset tags when scanning block · 6c7a00b8
      Kuan-Ying Lee authored
      Patch series "kasan, slub: reset tag when printing address", v3.
      
      With hardware tag-based kasan enabled, we reset the tag when we access
      metadata to avoid from false alarm.
      
      This patch (of 2):
      
      Kmemleak needs to scan kernel memory to check memory leak.  With hardware
      tag-based kasan enabled, when it scans on the invalid slab and
      dereference, the issue will occur as below.
      
      Hardware tag-based KASAN doesn't use compiler instrumentation, we can not
      use kasan_disable_current() to ignore tag check.
      
      Based on the below report, there are 11 0xf7 granules, which amounts to
      176 bytes, and the object is allocated from the kmalloc-256 cache.  So
      when kmemleak accesses the last 256-176 bytes, it causes faults, as those
      are marked with KASAN_KMALLOC_REDZONE == KASAN_TAG_INVALID == 0xfe.
      
      Thus, we reset tags before accessing metadata to avoid from false positives.
      
        BUG: KASAN: out-of-bounds in scan_block+0x58/0x170
        Read at addr f7ff0000c0074eb0 by task kmemleak/138
        Pointer tag: [f7], memory tag: [fe]
      
        CPU: 7 PID: 138 Comm: kmemleak Not tainted 5.14.0-rc2-00001-g8cae8cd8-dirty #134
        Hardware name: linux,dummy-virt (DT)
        Call trace:
         dump_backtrace+0x0/0x1b0
         show_stack+0x1c/0x30
         dump_stack_lvl+0x68/0x84
         print_address_description+0x7c/0x2b4
         kasan_report+0x138/0x38c
         __do_kernel_fault+0x190/0x1c4
         do_tag_check_fault+0x78/0x90
         do_mem_abort+0x44/0xb4
         el1_abort+0x40/0x60
         el1h_64_sync_handler+0xb4/0xd0
         el1h_64_sync+0x78/0x7c
         scan_block+0x58/0x170
         scan_gray_list+0xdc/0x1a0
         kmemleak_scan+0x2ac/0x560
         kmemleak_scan_thread+0xb0/0xe0
         kthread+0x154/0x160
         ret_from_fork+0x10/0x18
      
        Allocated by task 0:
         kasan_save_stack+0x2c/0x60
         __kasan_kmalloc+0xec/0x104
         __kmalloc+0x224/0x3c4
         __register_sysctl_paths+0x200/0x290
         register_sysctl_table+0x2c/0x40
         sysctl_init+0x20/0x34
         proc_sys_init+0x3c/0x48
         proc_root_init+0x80/0x9c
         start_kernel+0x648/0x6a4
         __primary_switched+0xc0/0xc8
      
        Freed by task 0:
         kasan_save_stack+0x2c/0x60
         kasan_set_track+0x2c/0x40
         kasan_set_free_info+0x44/0x54
         ____kasan_slab_free.constprop.0+0x150/0x1b0
         __kasan_slab_free+0x14/0x20
         slab_free_freelist_hook+0xa4/0x1fc
         kfree+0x1e8/0x30c
         put_fs_context+0x124/0x220
         vfs_kern_mount.part.0+0x60/0xd4
         kern_mount+0x24/0x4c
         bdev_cache_init+0x70/0x9c
         vfs_caches_init+0xdc/0xf4
         start_kernel+0x638/0x6a4
         __primary_switched+0xc0/0xc8
      
        The buggy address belongs to the object at ffff0000c0074e00
         which belongs to the cache kmalloc-256 of size 256
        The buggy address is located 176 bytes inside of
         256-byte region [ffff0000c0074e00, ffff0000c0074f00)
        The buggy address belongs to the page:
        page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100074
        head:(____ptrval____) order:2 compound_mapcount:0 compound_pincount:0
        flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff|kasantag=0x0)
        raw: 0bfffc0000010200 0000000000000000 dead000000000122 f5ff0000c0002300
        raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000
        page dumped because: kasan: bad access detected
      
        Memory state around the buggy address:
         ffff0000c0074c00: f0 f0 f0 f0 f0 f0 f0 f0 f0 fe fe fe fe fe fe fe
         ffff0000c0074d00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
        >ffff0000c0074e00: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 fe fe fe fe fe
                                                            ^
         ffff0000c0074f00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
         ffff0000c0075000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
        ==================================================================
        Disabling lock debugging due to kernel taint
        kmemleak: 181 new suspected memory leaks (see /sys/kernel/debug/kmemleak)
      
      Link: https://lkml.kernel.org/r/20210804090957.12393-1-Kuan-Ying.Lee@mediatek.com
      Link: https://lkml.kernel.org/r/20210804090957.12393-2-Kuan-Ying.Lee@mediatek.comSigned-off-by: default avatarKuan-Ying Lee <Kuan-Ying.Lee@mediatek.com>
      Acked-by: default avatarCatalin Marinas <catalin.marinas@arm.com>
      Reviewed-by: default avatarAndrey Konovalov <andreyknvl@gmail.com>
      Cc: Marco Elver <elver@google.com>
      Cc: Nicholas Tang <nicholas.tang@mediatek.com>
      Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
      Cc: Alexander Potapenko <glider@google.com>
      Cc: Chinwen Chang <chinwen.chang@mediatek.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      6c7a00b8
  2. 13 Aug, 2021 3 commits
    • Linus Torvalds's avatar
      Merge tag 'net-5.14-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · f8e6dfc6
      Linus Torvalds authored
      Pull networking fixes from Jakub Kicinski:
       "Networking fixes, including fixes from netfilter, bpf, can and
        ieee802154.
      
        The size of this is pretty normal, but we got more fixes for 5.14
        changes this week than last week. Nothing major but the trend is the
        opposite of what we like. We'll see how the next week goes..
      
        Current release - regressions:
      
         - r8169: fix ASPM-related link-up regressions
      
         - bridge: fix flags interpretation for extern learn fdb entries
      
         - phy: micrel: fix link detection on ksz87xx switch
      
         - Revert "tipc: Return the correct errno code"
      
         - ptp: fix possible memory leak caused by invalid cast
      
        Current release - new code bugs:
      
         - bpf: add missing bpf_read_[un]lock_trace() for syscall program
      
         - bpf: fix potentially incorrect results with bpf_get_local_storage()
      
         - page_pool: mask the page->signature before the checking, avoid dma
           mapping leaks
      
         - netfilter: nfnetlink_hook: 5 fixes to information in netlink dumps
      
         - bnxt_en: fix firmware interface issues with PTP
      
         - mlx5: Bridge, fix ageing time
      
        Previous releases - regressions:
      
         - linkwatch: fix failure to restore device state across
           suspend/resume
      
         - bareudp: fix invalid read beyond skb's linear data
      
        Previous releases - always broken:
      
         - bpf: fix integer overflow involving bucket_size
      
         - ppp: fix issues when desired interface name is specified via
           netlink
      
         - wwan: mhi_wwan_ctrl: fix possible deadlock
      
         - dsa: microchip: ksz8795: fix number of VLAN related bugs
      
         - dsa: drivers: fix broken backpressure in .port_fdb_dump
      
         - dsa: qca: ar9331: make proper initial port defaults
      
        Misc:
      
         - bpf: add lockdown check for probe_write_user helper
      
         - netfilter: conntrack: remove offload_pickup sysctl before 5.14 is
           out
      
         - netfilter: conntrack: collect all entries in one cycle,
           heuristically slow down garbage collection scans on idle systems to
           prevent frequent wake ups"
      
      * tag 'net-5.14-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (87 commits)
        vsock/virtio: avoid potential deadlock when vsock device remove
        wwan: core: Avoid returning NULL from wwan_create_dev()
        net: dsa: sja1105: unregister the MDIO buses during teardown
        Revert "tipc: Return the correct errno code"
        net: mscc: Fix non-GPL export of regmap APIs
        net: igmp: increase size of mr_ifc_count
        MAINTAINERS: switch to my OMP email for Renesas Ethernet drivers
        tcp_bbr: fix u32 wrap bug in round logic if bbr_init() called after 2B packets
        net: pcs: xpcs: fix error handling on failed to allocate memory
        net: linkwatch: fix failure to restore device state across suspend/resume
        net: bridge: fix memleak in br_add_if()
        net: switchdev: zero-initialize struct switchdev_notifier_fdb_info emitted by drivers towards the bridge
        net: bridge: fix flags interpretation for extern learn fdb entries
        net: dsa: sja1105: fix broken backpressure in .port_fdb_dump
        net: dsa: lantiq: fix broken backpressure in .port_fdb_dump
        net: dsa: lan9303: fix broken backpressure in .port_fdb_dump
        net: dsa: hellcreek: fix broken backpressure in .port_fdb_dump
        bpf, core: Fix kernel-doc notation
        net: igmp: fix data-race in igmp_ifc_timer_expire()
        net: Fix memory leak in ieee802154_raw_deliver
        ...
      f8e6dfc6
    • Linus Torvalds's avatar
      Merge tag 'ceph-for-5.14-rc6' of git://github.com/ceph/ceph-client · 3a03c67d
      Linus Torvalds authored
      Pull ceph fixes from Ilya Dryomov:
       "A patch to avoid a soft lockup in ceph_check_delayed_caps() from Luis
        and a reference handling fix from Jeff that should address some memory
        corruption reports in the snaprealm area.
      
        Both marked for stable"
      
      * tag 'ceph-for-5.14-rc6' of git://github.com/ceph/ceph-client:
        ceph: take snap_empty_lock atomically with snaprealm refcount change
        ceph: reduce contention in ceph_check_delayed_caps()
      3a03c67d
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-2021-08-13' of git://anongit.freedesktop.org/drm/drm · 82cce5f4
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "Another week, another set of pretty regular fixes, nothing really
        stands out too much.
      
        amdgpu:
         - Yellow carp update
         - RAS EEPROM fixes
         - BACO/BOCO fixes
         - Fix a memory leak in an error path
         - Freesync fix
         - VCN harvesting fix
         - Display fixes
      
        i915:
         - GVT fix for Windows VM hang.
         - Display fix of 12 BPC bits for display 12 and newer.
         - Don't try to access some media register for fused off domains.
         - Fix kerneldoc build warnings.
      
        mediatek:
         - Fix dpi bridge bug.
         - Fix cursor plane no update.
      
        meson:
         - Fix colors when booting with HDR"
      
      * tag 'drm-fixes-2021-08-13' of git://anongit.freedesktop.org/drm/drm:
        drm/doc/rfc: drop lmem uapi section
        drm/i915: Only access SFC_DONE when media domain is not fused off
        drm/i915/display: Fix the 12 BPC bits for PIPE_MISC reg
        drm/amd/display: use GFP_ATOMIC in amdgpu_dm_irq_schedule_work
        drm/amd/display: Remove invalid assert for ODM + MPC case
        drm/amd/pm: bug fix for the runtime pm BACO
        drm/amdgpu: handle VCN instances when harvesting (v2)
        drm/meson: fix colour distortion from HDR set during vendor u-boot
        drm/i915/gvt: Fix cached atomics setting for Windows VM
        drm/amdgpu: Add preferred mode in modeset when freesync video mode's enabled.
        drm/amd/pm: Fix a memory leak in an error handling path in 'vangogh_tables_init()'
        drm/amdgpu: don't enable baco on boco platforms in runpm
        drm/amdgpu: set RAS EEPROM address from VBIOS
        drm/amd/pm: update smu v13.0.1 firmware header
        drm/mediatek: Fix cursor plane no update
        drm/mediatek: mtk-dpi: Set out_fmt from config if not the last bridge
        drm/mediatek: dpi: Fix NULL dereference in mtk_dpi_bridge_atomic_check
      82cce5f4
  3. 12 Aug, 2021 16 commits
  4. 11 Aug, 2021 9 commits
  5. 10 Aug, 2021 8 commits