Skip to content

L
linux
Switch branch/tag
  1. 05 Jan, 2024 1 commit
  3. 31 Dec, 2023 3 commits
  5. 30 Dec, 2023 5 commits
    • Linus Torvalds's avatar
      Merge tag 'trace-v6.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace · 453f5db0
      Linus Torvalds authored 
      Pull tracing fixes from Steven Rostedt:

 - Fix readers that are blocked on the ring buffer when buffer_percent
   is 100%. They are supposed to wake up when the buffer is full, but
   because the sub-buffer that the writer is on is never considered
   "dirty" in the calculation, dirty pages will never equal nr_pages.
   Add +1 to the dirty count in order to count for the sub-buffer that
   the writer is on.

 - When a reader is blocked on the "snapshot_raw" file, it is to be
   woken up when a snapshot is done and be able to read the snapshot
   buffer. But because the snapshot swaps the buffers (the main one with
   the snapshot one), and the snapshot reader is waiting on the old
   snapshot buffer, it was not woken up (because it is now on the main
   buffer after the swap). Worse yet, when it reads the buffer after a
   snapshot, it's not reading the snapshot buffer, it's reading the live
   active main buffer.

   Fix this by forcing a wakeup of all readers on the snapshot buffer
   when a new snapshot happens, and then update the buffer that the
   reader is reading to be back on the snapshot buffer.

 - Fix the modification of the direct_function hash. There was a race
   when new functions were added to the direct_function hash as when it
   moved function entries from the old hash to the new one, a direct
   function trace could be hit and not see its entry.

   This is fixed by allocating the new hash, copy all the old entries
   onto it as well as the new entries, and then use rcu_assign_pointer()
   to update the new direct_function hash with it.

   This also fixes a memory leak in that code.

 - Fix eventfs ownership

* tag 'trace-v6.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace:
  ftrace: Fix modification of direct_function hash while in use
  tracing: Fix blocked reader of snapshot buffer
  ring-buffer: Fix wake ups when buffer_percent is set to 100
  eventfs: Fix file and directory uid and gid ownership
      453f5db0
    • David Laight's avatar
      locking/osq_lock: Clarify osq_wait_next() · b106bcf0
      David Laight authored 
      Directly return NULL or 'next' instead of breaking out of the loop.
Signed-off-by: default avatarDavid Laight <david.laight@aculab.com>
[ Split original patch into two independent parts  - Linus ]
Link: https://lore.kernel.org/lkml/7c8828aec72e42eeb841ca0ee3397e9a@AcuMS.aculab.com/Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      b106bcf0
    • David Laight's avatar
      locking/osq_lock: Clarify osq_wait_next() calling convention · 563adbfc
      David Laight authored 
      osq_wait_next() is passed 'prev' from osq_lock() and NULL from
osq_unlock() but only needs the 'cpu' value to write to lock->tail.

Just pass prev->cpu or OSQ_UNLOCKED_VAL instead.

Should have no effect on the generated code since gcc manages to assume
that 'prev != NULL' due to an earlier dereference.
Signed-off-by: default avatarDavid Laight <david.laight@aculab.com>
[ Changed 'old' to 'old_cpu' by request from Waiman Long  - Linus ]
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      563adbfc
    • David Laight's avatar
      locking/osq_lock: Move the definition of optimistic_spin_node into osq_lock.c · 7c223098
      David Laight authored 
      struct optimistic_spin_node is private to the implementation.
Move it into the C file to ensure nothing is accessing it.
Signed-off-by: default avatarDavid Laight <david.laight@aculab.com>
Acked-by: default avatarWaiman Long <longman@redhat.com>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      7c223098
    • Steven Rostedt (Google)'s avatar
      ftrace: Fix modification of direct_function hash while in use · d05cb470
      Steven Rostedt (Google) authored 
      Masami Hiramatsu reported a memory leak in register_ftrace_direct() where
if the number of new entries are added is large enough to cause two
allocations in the loop:

        for (i = 0; i < size; i++) {
                hlist_for_each_entry(entry, &hash->buckets[i], hlist) {
                        new = ftrace_add_rec_direct(entry->ip, addr, &free_hash);
                        if (!new)
                                goto out_remove;
                        entry->direct = addr;
                }
        }

Where ftrace_add_rec_direct() has:

        if (ftrace_hash_empty(direct_functions) ||
            direct_functions->count > 2 * (1 << direct_functions->size_bits)) {
                struct ftrace_hash *new_hash;
                int size = ftrace_hash_empty(direct_functions) ? 0 :
                        direct_functions->count + 1;

                if (size < 32)
                        size = 32;

                new_hash = dup_hash(direct_functions, size);
                if (!new_hash)
                        return NULL;

                *free_hash = direct_functions;
                direct_functions = new_hash;
        }

The "*free_hash = direct_functions;" can happen twice, losing the previous
allocation of direct_functions.

But this also exposed a more serious bug.

The modification of direct_functions above is not safe. As
direct_functions can be referenced at any time to find what direct caller
it should call, the time between:

                new_hash = dup_hash(direct_functions, size);
 and
                direct_functions = new_hash;

can have a race with another CPU (or even this one if it gets interrupted),
and the entries being moved to the new hash are not referenced.

That's because the "dup_hash()" is really misnamed and is really a
"move_hash()". It moves the entries from the old hash to the new one.

Now even if that was changed, this code is not proper as direct_functions
should not be updated until the end. That is the best way to handle
function reference changes, and is the way other parts of ftrace handles
this.

The following is done:

 1. Change add_hash_entry() to return the entry it created and inserted
    into the hash, and not just return success or not.

 2. Replace ftrace_add_rec_direct() with add_hash_entry(), and remove
    the former.

 3. Allocate a "new_hash" at the start that is made for holding both the
    new hash entries as well as the existing entries in direct_functions.

 4. Copy (not move) the direct_function entries over to the new_hash.

 5. Copy the entries of the added hash to the new_hash.

 6. If everything succeeds, then use rcu_pointer_assign() to update the
    direct_functions with the new_hash.

This simplifies the code and fixes both the memory leak as well as the
race condition mentioned above.

Link: https://lore.kernel.org/all/170368070504.42064.8960569647118388081.stgit@devnote2/
Link: https://lore.kernel.org/linux-trace-kernel/20231229115134.08dd5174@gandalf.local.home

Cc: stable@vger.kernel.org
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Jiri Olsa <jolsa@kernel.org>
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: default avatarMasami Hiramatsu (Google) <mhiramat@kernel.org>
Fixes: 763e34e7 ("ftrace: Add register_ftrace_direct()")
Signed-off-by: default avatarSteven Rostedt (Google) <rostedt@goodmis.org>
      d05cb470
  7. 29 Dec, 2023 10 commits
  9. 28 Dec, 2023 5 commits
  11. 27 Dec, 2023 4 commits
  13. 26 Dec, 2023 2 commits
    • Edward Adam Davis's avatar
      keys, dns: Fix missing size check of V1 server-list header · 1997b3cb
      Edward Adam Davis authored 
      The dns_resolver_preparse() function has a check on the size of the
payload for the basic header of the binary-style payload, but is missing
a check for the size of the V1 server-list payload header after
determining that's what we've been given.

Fix this by getting rid of the the pointer to the basic header and just
assuming that we have a V1 server-list payload and moving the V1 server
list pointer inside the if-statement.  Dealing with other types and
versions can be left for when such have been defined.

This can be tested by doing the following with KASAN enabled:

    echo -n -e '\x0\x0\x1\x2' | keyctl padd dns_resolver foo @p

and produces an oops like the following:

    BUG: KASAN: slab-out-of-bounds in dns_resolver_preparse+0xc9f/0xd60 net/dns_resolver/dns_key.c:127
    Read of size 1 at addr ffff888028894084 by task syz-executor265/5069
    ...
    Call Trace:
      dns_resolver_preparse+0xc9f/0xd60 net/dns_resolver/dns_key.c:127
      __key_create_or_update+0x453/0xdf0 security/keys/key.c:842
      key_create_or_update+0x42/0x50 security/keys/key.c:1007
      __do_sys_add_key+0x29c/0x450 security/keys/keyctl.c:134
      do_syscall_x64 arch/x86/entry/common.c:52 [inline]
      do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83
      entry_SYSCALL_64_after_hwframe+0x62/0x6a

This patch was originally by Edward Adam Davis, but was modified by
Linus.

Fixes: b946001d3bb1 ("keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry")
Reported-and-tested-by: syzbot+94bbb75204a05da3d89f@syzkaller.appspotmail.com
Link: https://lore.kernel.org/r/0000000000009b39bc060c73e209@google.com/Suggested-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: default avatarEdward Adam Davis <eadavis@qq.com>
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Tested-by: default avatarDavid Howells <dhowells@redhat.com>
Cc: Edward Adam Davis <eadavis@qq.com>
Cc: Jarkko Sakkinen <jarkko@kernel.org>
Cc: Jeffrey E Altman <jaltman@auristor.com>
Cc: Wang Lei <wang840925@gmail.com>
Cc: Jeff Layton <jlayton@redhat.com>
Cc: Steve French <sfrench@us.ibm.com>
Cc: Marc Dionne <marc.dionne@auristor.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>
Reviewed-by: default avatarSimon Horman <horms@kernel.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      1997b3cb
    • Christoph Hellwig's avatar
      block: renumber QUEUE_FLAG_HW_WC · 02d374f3
      Christoph Hellwig authored 
      For the QUEUE_FLAG_HW_WC to actually work, it needs to have a separate
number from QUEUE_FLAG_FUA, doh.

Fixes: 43c9835b ("block: don't allow enabling a cache on devices that don't support it")
Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20231226081524.180289-1-hch@lst.deSigned-off-by: default avatarJens Axboe <axboe@kernel.dk>
      02d374f3
  15. 25 Dec, 2023 1 commit
  17. 24 Dec, 2023 2 commits
  19. 23 Dec, 2023 7 commits
    • Linus Torvalds's avatar
      Merge tag 'x86-urgent-2023-12-23' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 3f82f1c3
      Linus Torvalds authored 
      Pull x86 fixes from Ingo Molnar:

 - Fix a secondary CPUs enumeration regression caused by creative MADT
   APIC table entries on certain systems.

 - Fix a race in the NOP-patcher that can spuriously trigger crashes on
   bootup.

 - Fix a bootup failure regression caused by the parallel bringup code,
   caused by firmware inconsistency between the APIC initialization
   states of the boot and secondary CPUs, on certain systems.

* tag 'x86-urgent-2023-12-23' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/acpi: Handle bogus MADT APIC tables gracefully
  x86/alternatives: Disable interrupts and sync when optimizing NOPs in place
  x86/alternatives: Sync core before enabling interrupts
  x86/smpboot/64: Handle X2APIC BIOS inconsistency gracefully
      3f82f1c3
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · f969c914
      Linus Torvalds authored 
      Pull SCSI fixes from James Bottomley:
 "Four small fixes, three in drivers with the core one adding a batch
  indicator (for drivers which use it) to the error handler"

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  scsi: ufs: core: Let the sq_lock protect sq_tail_slot access
  scsi: ufs: qcom: Return ufs_qcom_clk_scale_*() errors in ufs_qcom_clk_scale_notify()
  scsi: core: Always send batch on reset or error handling command
  scsi: bnx2fc: Fix skb double free in bnx2fc_rcv()
      f969c914
    • Linus Torvalds's avatar
      Merge tag 'usb-6.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · 4b2ee6d2
      Linus Torvalds authored 
      Pull USB / Thunderbolt fixes from Greg KH:
 "Here are some small bugfixes and new device ids for USB and
  Thunderbolt drivers for 6.7-rc7. Included in here are:

   - new usb-serial device ids

   - thunderbolt driver fixes

   - typec driver fix

   - usb-storage driver quirk added

   - fotg210 driver fix

  All of these have been in linux-next with no reported issues"

* tag 'usb-6.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
  USB: serial: option: add Quectel EG912Y module support
  USB: serial: ftdi_sio: update Actisense PIDs constant names
  usb: fotg210-hcd: delete an incorrect bounds test
  usb-storage: Add quirk for incorrect WP on Kingston DT Ultimate 3.0 G3
  usb: typec: ucsi: fix gpio-based orientation detection
  net: usb: ax88179_178a: avoid failed operations when device is disconnected
  USB: serial: option: add Quectel RM500Q R13 firmware support
  USB: serial: option: add Foxconn T99W265 with new baseline
  thunderbolt: Fix minimum allocated USB 3.x and PCIe bandwidth
  thunderbolt: Fix memory leak in margining_port_remove()
      4b2ee6d2
    • Linus Torvalds's avatar
      Merge tag 'char-misc-6.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · a0652eb2
      Linus Torvalds authored 
      Pull char / misc driver fixes from Greg KH:
 "Here are a small number of various driver fixes for 6.7-rc7 that
  normally come through the char-misc tree, and one debugfs fix as well.

  Included in here are:

   - iio and hid sensor driver fixes for a number of small things

   - interconnect driver fixes

   - brcm_nvmem driver fixes

   - debugfs fix for previous fix

   - guard() definition in device.h so that many subsystems can start
     using it for 6.8-rc1 (requested by Dan Williams to make future
     merges easier)

  All of these have been in linux-next for a while with no reported
  issues"

* tag 'char-misc-6.7-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (21 commits)
  debugfs: initialize cancellations earlier
  Revert "iio: hid-sensor-als: Add light color temperature support"
  Revert "iio: hid-sensor-als: Add light chromaticity support"
  nvmem: brcm_nvram: store a copy of NVRAM content
  dt-bindings: nvmem: mxs-ocotp: Document fsl,ocotp
  driver core: Add a guard() definition for the device_lock()
  interconnect: qcom: icc-rpm: Fix peak rate calculation
  iio: adc: MCP3564: fix hardware identification logic
  iio: adc: MCP3564: fix calib_bias and calib_scale range checks
  iio: adc: meson: add separate config for axg SoC family
  iio: adc: imx93: add four channels for imx93 adc
  iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma()
  interconnect: qcom: sm8250: Enable sync_state
  iio: triggered-buffer: prevent possible freeing of wrong buffer
  iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw
  iio: imu: adis16475: use bit numbers in assign_bit()
  iio: imu: adis16475: add spi_device_id table
  iio: tmag5273: fix temperature offset
  interconnect: Treat xlate() returning NULL node as an error
  iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table
  ...
      a0652eb2
    • Linus Torvalds's avatar
      Merge tag 'input-for-v6.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input · fa655abe
      Linus Torvalds authored 
      Pull input updates from Dmitry Torokhov:

 - a quirk to AT keyboard driver to skip issuing "GET ID" command when
   8042 is in translated mode and the device is a laptop/portable,
   because the "GET ID" command makes a bunch of recent laptops unhappy

 - a quirk to i8042 to disable multiplexed mode on Acer P459-G2-M which
   causes issues on resume

 - psmouse will activate native RMI4 protocol support for touchpad on
   ThinkPad L14 G1

 - addition of Razer Wolverine V2 ID to xpad gamepad driver

 - mapping for airplane mode button in soc_button_array driver for
   TUXEDO laptops

 - improved error handling in ipaq-micro-keys driver

 - amimouse being prepared for platform remove callback returning void

* tag 'input-for-v6.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
  Input: soc_button_array - add mapping for airplane mode button
  Input: xpad - add Razer Wolverine V2 support
  Input: ipaq-micro-keys - add error handling for devm_kmemdup
  Input: amimouse - convert to platform remove callback returning void
  Input: i8042 - add nomux quirk for Acer P459-G2-M
  Input: atkbd - skip ATKBD_CMD_GETID in translated mode
  Input: psmouse - enable Synaptics InterTouch for ThinkPad L14 G1
      fa655abe
    • Masahiro Yamada's avatar
      kbuild: fix build ID symlinks to installed debug VDSO files · c1a86271
      Masahiro Yamada authored 
      Commit 56769ba4 ("kbuild: unify vdso_install rules") accidentally
dropped the '.debug' suffix from the build ID symlinks.

Fixes: 56769ba4 ("kbuild: unify vdso_install rules")
Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      c1a86271
    • Jialu Xu's avatar
      gen_compile_commands.py: fix path resolve with symlinks in it · 88094615
      Jialu Xu authored 
      When a path contains relative symbolic links, os.path.abspath() might
not follow the symlinks and instead return the absolute path with just
the relative paths resolved, resulting in an incorrect path.

1. Say "drivers/hdf/" has some symlinks:

    # ls -l drivers/hdf/
    total 364
    drwxrwxr-x 2 ...   4096 ... evdev
    lrwxrwxrwx 1 ...     44 ... framework -> ../../../../../../drivers/hdf_core/framework
    -rw-rw-r-- 1 ... 359010 ... hdf_macro_test.h
    lrwxrwxrwx 1 ...     55 ... inner_api -> ../../../../../../drivers/hdf_core/interfaces/inner_api
    lrwxrwxrwx 1 ...     53 ... khdf -> ../../../../../../drivers/hdf_core/adapter/khdf/linux
    -rw-r--r-- 1 ...     74 ... Makefile
    drwxrwxr-x 3 ...   4096 ... wifi

2. One .cmd file records that:

    # head -1 ./framework/core/manager/src/.devmgr_service.o.cmd
    cmd_drivers/hdf/khdf/manager/../../../../framework/core/manager/src/devmgr_service.o := ... \
    /path/to/src/drivers/hdf/khdf/manager/../../../../framework/core/manager/src/devmgr_service.c

3. os.path.abspath returns "/path/to/src/framework/core/manager/src/devmgr_service.c", not correct:

    # ./scripts/clang-tools/gen_compile_commands.py
    INFO: Could not add line from ./framework/core/manager/src/.devmgr_service.o.cmd: File \
        /path/to/src/framework/core/manager/src/devmgr_service.c not found

Use os.path.realpath(), which resolves the symlinks and normalizes the paths correctly.

    # cat compile_commands.json
    ...
    {
      "command": ...
      "directory": ...
      "file": "/path/to/bla/drivers/hdf_core/framework/core/manager/src/devmgr_service.c"
    },
    ...

Also fix it in parse_arguments().
Signed-off-by: default avatarJialu Xu <xujialu@vimux.org>
Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      88094615
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7