1. 21 Jul, 2021 1 commit
    • Yang Yingliang's avatar
      workqueue: fix UAF in pwq_unbound_release_workfn() · b42b0bdd
      Yang Yingliang authored
      I got a UAF report when doing fuzz test:
      
      [  152.880091][ T8030] ==================================================================
      [  152.881240][ T8030] BUG: KASAN: use-after-free in pwq_unbound_release_workfn+0x50/0x190
      [  152.882442][ T8030] Read of size 4 at addr ffff88810d31bd00 by task kworker/3:2/8030
      [  152.883578][ T8030]
      [  152.883932][ T8030] CPU: 3 PID: 8030 Comm: kworker/3:2 Not tainted 5.13.0+ #249
      [  152.885014][ T8030] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
      [  152.886442][ T8030] Workqueue: events pwq_unbound_release_workfn
      [  152.887358][ T8030] Call Trace:
      [  152.887837][ T8030]  dump_stack_lvl+0x75/0x9b
      [  152.888525][ T8030]  ? pwq_unbound_release_workfn+0x50/0x190
      [  152.889371][ T8030]  print_address_description.constprop.10+0x48/0x70
      [  152.890326][ T8030]  ? pwq_unbound_release_workfn+0x50/0x190
      [  152.891163][ T8030]  ? pwq_unbound_release_workfn+0x50/0x190
      [  152.891999][ T8030]  kasan_report.cold.15+0x82/0xdb
      [  152.892740][ T8030]  ? pwq_unbound_release_workfn+0x50/0x190
      [  152.893594][ T8030]  __asan_load4+0x69/0x90
      [  152.894243][ T8030]  pwq_unbound_release_workfn+0x50/0x190
      [  152.895057][ T8030]  process_one_work+0x47b/0x890
      [  152.895778][ T8030]  worker_thread+0x5c/0x790
      [  152.896439][ T8030]  ? process_one_work+0x890/0x890
      [  152.897163][ T8030]  kthread+0x223/0x250
      [  152.897747][ T8030]  ? set_kthread_struct+0xb0/0xb0
      [  152.898471][ T8030]  ret_from_fork+0x1f/0x30
      [  152.899114][ T8030]
      [  152.899446][ T8030] Allocated by task 8884:
      [  152.900084][ T8030]  kasan_save_stack+0x21/0x50
      [  152.900769][ T8030]  __kasan_kmalloc+0x88/0xb0
      [  152.901416][ T8030]  __kmalloc+0x29c/0x460
      [  152.902014][ T8030]  alloc_workqueue+0x111/0x8e0
      [  152.902690][ T8030]  __btrfs_alloc_workqueue+0x11e/0x2a0
      [  152.903459][ T8030]  btrfs_alloc_workqueue+0x6d/0x1d0
      [  152.904198][ T8030]  scrub_workers_get+0x1e8/0x490
      [  152.904929][ T8030]  btrfs_scrub_dev+0x1b9/0x9c0
      [  152.905599][ T8030]  btrfs_ioctl+0x122c/0x4e50
      [  152.906247][ T8030]  __x64_sys_ioctl+0x137/0x190
      [  152.906916][ T8030]  do_syscall_64+0x34/0xb0
      [  152.907535][ T8030]  entry_SYSCALL_64_after_hwframe+0x44/0xae
      [  152.908365][ T8030]
      [  152.908688][ T8030] Freed by task 8884:
      [  152.909243][ T8030]  kasan_save_stack+0x21/0x50
      [  152.909893][ T8030]  kasan_set_track+0x20/0x30
      [  152.910541][ T8030]  kasan_set_free_info+0x24/0x40
      [  152.911265][ T8030]  __kasan_slab_free+0xf7/0x140
      [  152.911964][ T8030]  kfree+0x9e/0x3d0
      [  152.912501][ T8030]  alloc_workqueue+0x7d7/0x8e0
      [  152.913182][ T8030]  __btrfs_alloc_workqueue+0x11e/0x2a0
      [  152.913949][ T8030]  btrfs_alloc_workqueue+0x6d/0x1d0
      [  152.914703][ T8030]  scrub_workers_get+0x1e8/0x490
      [  152.915402][ T8030]  btrfs_scrub_dev+0x1b9/0x9c0
      [  152.916077][ T8030]  btrfs_ioctl+0x122c/0x4e50
      [  152.916729][ T8030]  __x64_sys_ioctl+0x137/0x190
      [  152.917414][ T8030]  do_syscall_64+0x34/0xb0
      [  152.918034][ T8030]  entry_SYSCALL_64_after_hwframe+0x44/0xae
      [  152.918872][ T8030]
      [  152.919203][ T8030] The buggy address belongs to the object at ffff88810d31bc00
      [  152.919203][ T8030]  which belongs to the cache kmalloc-512 of size 512
      [  152.921155][ T8030] The buggy address is located 256 bytes inside of
      [  152.921155][ T8030]  512-byte region [ffff88810d31bc00, ffff88810d31be00)
      [  152.922993][ T8030] The buggy address belongs to the page:
      [  152.923800][ T8030] page:ffffea000434c600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10d318
      [  152.925249][ T8030] head:ffffea000434c600 order:2 compound_mapcount:0 compound_pincount:0
      [  152.926399][ T8030] flags: 0x57ff00000010200(slab|head|node=1|zone=2|lastcpupid=0x7ff)
      [  152.927515][ T8030] raw: 057ff00000010200 dead000000000100 dead000000000122 ffff888009c42c80
      [  152.928716][ T8030] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
      [  152.929890][ T8030] page dumped because: kasan: bad access detected
      [  152.930759][ T8030]
      [  152.931076][ T8030] Memory state around the buggy address:
      [  152.931851][ T8030]  ffff88810d31bc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
      [  152.932967][ T8030]  ffff88810d31bc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
      [  152.934068][ T8030] >ffff88810d31bd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
      [  152.935189][ T8030]                    ^
      [  152.935763][ T8030]  ffff88810d31bd80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
      [  152.936847][ T8030]  ffff88810d31be00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
      [  152.937940][ T8030] ==================================================================
      
      If apply_wqattrs_prepare() fails in alloc_workqueue(), it will call put_pwq()
      which invoke a work queue to call pwq_unbound_release_workfn() and use the 'wq'.
      The 'wq' allocated in alloc_workqueue() will be freed in error path when
      apply_wqattrs_prepare() fails. So it will lead a UAF.
      
      CPU0                                          CPU1
      alloc_workqueue()
      alloc_and_link_pwqs()
      apply_wqattrs_prepare() fails
      apply_wqattrs_cleanup()
      schedule_work(&pwq->unbound_release_work)
      kfree(wq)
                                                    worker_thread()
                                                    pwq_unbound_release_workfn() <- trigger uaf here
      
      If apply_wqattrs_prepare() fails, the new pwq are not linked, it doesn't
      hold any reference to the 'wq', 'wq' is invalid to access in the worker,
      so add check pwq if linked to fix this.
      
      Fixes: 2d5f0764 ("workqueue: split apply_workqueue_attrs() into 3 stages")
      Cc: stable@vger.kernel.org # v4.2+
      Reported-by: default avatarHulk Robot <hulkci@huawei.com>
      Suggested-by: default avatarLai Jiangshan <jiangshanlai@gmail.com>
      Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
      Reviewed-by: default avatarLai Jiangshan <jiangshanlai@gmail.com>
      Tested-by: default avatarPavel Skripkin <paskripkin@gmail.com>
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      b42b0bdd
  2. 20 Jul, 2021 1 commit
  3. 18 Jul, 2021 13 commits
    • Linus Torvalds's avatar
      Linux 5.14-rc2 · 2734d6c1
      Linus Torvalds authored
      2734d6c1
    • Linus Torvalds's avatar
      Merge tag 'perf-tools-fixes-for-v5.14-2021-07-18' of... · 8c25c447
      Linus Torvalds authored
      Merge tag 'perf-tools-fixes-for-v5.14-2021-07-18' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux
      
      Pull perf tools fixes from Arnaldo Carvalho de Melo:
      
       - Skip invalid hybrid PMU on hybrid systems when the atom (little) CPUs
         are offlined.
      
       - Fix 'perf test' problems related to the recently added hybrid
         (BIG/little) code.
      
       - Split ARM's coresight (hw tracing) decode by aux records to avoid
         fatal decoding errors.
      
       - Fix add event failure in 'perf probe' when running 32-bit perf in a
         64-bit kernel.
      
       - Fix 'perf sched record' failure when CONFIG_SCHEDSTATS is not set.
      
       - Fix memory and refcount leaks detected by ASAn when running 'perf
         test', should be clean of warnings now.
      
       - Remove broken definition of __LITTLE_ENDIAN from tools'
         linux/kconfig.h, which was breaking the build in some systems.
      
       - Cast PTHREAD_STACK_MIN to int as it may turn into 'long
         sysconf(__SC_THREAD_STACK_MIN_VALUE), breaking the build in some
         systems.
      
       - Fix libperf build error with LIBPFM4=1.
      
       - Sync UAPI files changed by the memfd_secret new syscall.
      
      * tag 'perf-tools-fixes-for-v5.14-2021-07-18' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux: (35 commits)
        perf sched: Fix record failure when CONFIG_SCHEDSTATS is not set
        perf probe: Fix add event failure when running 32-bit perf in a 64-bit kernel
        perf data: Close all files in close_dir()
        perf probe-file: Delete namelist in del_events() on the error path
        perf test bpf: Free obj_buf
        perf trace: Free strings in trace__parse_events_option()
        perf trace: Free syscall tp fields in evsel->priv
        perf trace: Free syscall->arg_fmt
        perf trace: Free malloc'd trace fields on exit
        perf lzma: Close lzma stream on exit
        perf script: Fix memory 'threads' and 'cpus' leaks on exit
        perf script: Release zstd data
        perf session: Cleanup trace_event
        perf inject: Close inject.output on exit
        perf report: Free generated help strings for sort option
        perf env: Fix memory leak of cpu_pmu_caps
        perf test maps__merge_in: Fix memory leak of maps
        perf dso: Fix memory leak in dso__new_map()
        perf test event_update: Fix memory leak of unit
        perf test event_update: Fix memory leak of evlist
        ...
      8c25c447
    • Linus Torvalds's avatar
      Merge tag 'xfs-5.14-fixes-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux · f0eb870a
      Linus Torvalds authored
      Pull xfs fixes from Darrick Wong:
       "A few fixes for issues in the new online shrink code, additional
        corrections for my recent bug-hunt w.r.t. extent size hints on
        realtime, and improved input checking of the GROWFSRT ioctl.
      
        IOW, the usual 'I somehow got bored during the merge window and
        resumed auditing the farther reaches of xfs':
      
         - Fix shrink eligibility checking when sparse inode clusters enabled
      
         - Reset '..' directory entries when unlinking directories to prevent
           verifier errors if fs is shrinked later
      
         - Don't report unusable extent size hints to FSGETXATTR
      
         - Don't warn when extent size hints are unusable because the sysadmin
           configured them that way
      
         - Fix insufficient parameter validation in GROWFSRT ioctl
      
         - Fix integer overflow when adding rt volumes to filesystem"
      
      * tag 'xfs-5.14-fixes-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
        xfs: detect misaligned rtinherit directory extent size hints
        xfs: fix an integer overflow error in xfs_growfs_rt
        xfs: improve FSGROWFSRT precondition checking
        xfs: don't expose misaligned extszinherit hints to userspace
        xfs: correct the narrative around misaligned rtinherit/extszinherit dirs
        xfs: reset child dir '..' entry when unlinking child
        xfs: check for sparse inode clusters that cross new EOAG when shrinking
      f0eb870a
    • Linus Torvalds's avatar
      Merge tag 'iomap-5.14-fixes-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux · fbf1bddc
      Linus Torvalds authored
      Pull iomap fixes from Darrick Wong:
       "A handful of bugfixes for the iomap code.
      
        There's nothing especially exciting here, just fixes for UBSAN (not
        KASAN as I erroneously wrote in the tag message) warnings about
        undefined behavior in the SEEK_DATA/SEEK_HOLE code, and some
        reshuffling of per-page block state info to fix some problems with
        gfs2.
      
         - Fix KASAN warnings due to integer overflow in SEEK_DATA/SEEK_HOLE
      
         - Fix assertion errors when using inlinedata files on gfs2"
      
      * tag 'iomap-5.14-fixes-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
        iomap: Don't create iomap_page objects in iomap_page_mkwrite_actor
        iomap: Don't create iomap_page objects for inline files
        iomap: Permit pages without an iop to enter writeback
        iomap: remove the length variable in iomap_seek_hole
        iomap: remove the length variable in iomap_seek_data
      fbf1bddc
    • Linus Torvalds's avatar
      Merge tag 'kbuild-fixes-v5.14' of... · 6750691a
      Linus Torvalds authored
      Merge tag 'kbuild-fixes-v5.14' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
      
      Pull Kbuild fixes from Masahiro Yamada:
      
       - Restore the original behavior of scripts/setlocalversion when
         LOCALVERSION is set to empty.
      
       - Show Kconfig prompts even for 'make -s'
      
       - Fix the combination of COFNIG_LTO_CLANG=y and CONFIG_MODVERSIONS=y
         for older GNU Make versions
      
      * tag 'kbuild-fixes-v5.14' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
        Documentation: Fix intiramfs script name
        Kbuild: lto: fix module versionings mismatch in GNU make 3.X
        kbuild: do not suppress Kconfig prompts for silent build
        scripts/setlocalversion: fix a bug when LOCALVERSION is empty
      6750691a
    • Robert Richter's avatar
      Documentation: Fix intiramfs script name · 5e60f363
      Robert Richter authored
      Documentation was not changed when renaming the script in commit
      80e715a0 ("initramfs: rename gen_initramfs_list.sh to
      gen_initramfs.sh"). Fixing this.
      
      Basically does:
      
       $ sed -i -e s/gen_initramfs_list.sh/gen_initramfs.sh/g $(git grep -l gen_initramfs_list.sh)
      
      Fixes: 80e715a0 ("initramfs: rename gen_initramfs_list.sh to gen_initramfs.sh")
      Signed-off-by: default avatarRobert Richter <rrichter@amd.com>
      Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      5e60f363
    • Lecopzer Chen's avatar
      Kbuild: lto: fix module versionings mismatch in GNU make 3.X · 1d11053d
      Lecopzer Chen authored
      When building modules(CONFIG_...=m), I found some of module versions
      are incorrect and set to 0.
      This can be found in build log for first clean build which shows
      
      WARNING: EXPORT symbol "XXXX" [drivers/XXX/XXX.ko] version generation failed,
      symbol will not be versioned.
      
      But in second build(incremental build), the WARNING disappeared and the
      module version becomes valid CRC and make someone who want to change
      modules without updating kernel image can't insert their modules.
      
      The problematic code is
      +	$(foreach n, $(filter-out FORCE,$^),				\
      +		$(if $(wildcard $(n).symversions),			\
      +			; cat $(n).symversions >> $@.symversions))
      
      For example:
        rm -f fs/notify/built-in.a.symversions    ; rm -f fs/notify/built-in.a; \
      llvm-ar cDPrST fs/notify/built-in.a fs/notify/fsnotify.o \
      fs/notify/notification.o fs/notify/group.o ...
      
      `foreach n` shows nothing to `cat` into $(n).symversions because
      `if $(wildcard $(n).symversions)` return nothing, but actually
      they do exist during this line was executed.
      
      -rw-r--r-- 1 root root 168580 Jun 13 19:10 fs/notify/fsnotify.o
      -rw-r--r-- 1 root root    111 Jun 13 19:10 fs/notify/fsnotify.o.symversions
      
      The reason is the $(n).symversions are generated at runtime, but
      Makefile wildcard function expends and checks the file exist or not
      during parsing the Makefile.
      
      Thus fix this by use `test` shell command to check the file
      existence in runtime.
      
      Rebase from both:
      1. [https://lore.kernel.org/lkml/20210616080252.32046-1-lecopzer.chen@mediatek.com/]
      2. [https://lore.kernel.org/lkml/20210702032943.7865-1-lecopzer.chen@mediatek.com/]
      
      Fixes: 38e89184 ("kbuild: lto: fix module versioning")
      Co-developed-by: default avatarSami Tolvanen <samitolvanen@google.com>
      Signed-off-by: default avatarLecopzer Chen <lecopzer.chen@mediatek.com>
      Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      1d11053d
    • Masahiro Yamada's avatar
      kbuild: do not suppress Kconfig prompts for silent build · d952cfaf
      Masahiro Yamada authored
      When a new CONFIG option is available, Kbuild shows a prompt to get
      the user input.
      
        $ make
        [ snip ]
        Core Scheduling for SMT (SCHED_CORE) [N/y/?] (NEW)
      
      This is the only interactive place in the build process.
      
      Commit 174a1dcc ("kbuild: sink stdout from cmd for silent build")
      suppressed Kconfig prompts as well because syncconfig is invoked by
      the 'cmd' macro. You cannot notice the fact that Kconfig is waiting
      for the user input.
      
      Use 'kecho' to show the equivalent short log without suppressing stdout
      from sub-make.
      
      Fixes: 174a1dcc ("kbuild: sink stdout from cmd for silent build")
      Reported-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      Tested-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
      d952cfaf
    • Mikulas Patocka's avatar
      scripts/setlocalversion: fix a bug when LOCALVERSION is empty · 5df99bec
      Mikulas Patocka authored
      The commit 042da426 ("scripts/setlocalversion: simplify the short
      version part") reduces indentation. Unfortunately, it also changes behavior
      in a subtle way - if the user has empty "LOCALVERSION" variable, the plus
      sign is appended to the kernel version. It wasn't appended before.
      
      This patch reverts to the old behavior - we append the plus sign only if
      the LOCALVERSION variable is not set.
      
      Fixes: 042da426 ("scripts/setlocalversion: simplify the short version part")
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      5df99bec
    • Yang Jihong's avatar
      perf sched: Fix record failure when CONFIG_SCHEDSTATS is not set · b0f00855
      Yang Jihong authored
      The tracepoints trace_sched_stat_{wait, sleep, iowait} are not exposed to user
      if CONFIG_SCHEDSTATS is not set, "perf sched record" records the three events.
      As a result, the command fails.
      
      Before:
      
        #perf sched record sleep 1
        event syntax error: 'sched:sched_stat_wait'
                             \___ unknown tracepoint
      
        Error:  File /sys/kernel/tracing/events/sched/sched_stat_wait not found.
        Hint:   Perhaps this kernel misses some CONFIG_ setting to enable this feature?.
      
        Run 'perf list' for a list of valid events
      
         Usage: perf record [<options>] [<command>]
            or: perf record [<options>] -- <command> [<options>]
      
            -e, --event <event>   event selector. use 'perf list' to list available events
      
      Solution:
        Check whether schedstat tracepoints are exposed. If no, these events are not recorded.
      
      After:
        # perf sched record sleep 1
        [ perf record: Woken up 1 times to write data ]
        [ perf record: Captured and wrote 0.163 MB perf.data (1091 samples) ]
        # perf sched report
        run measurement overhead: 4736 nsecs
        sleep measurement overhead: 9059979 nsecs
        the run test took 999854 nsecs
        the sleep test took 8945271 nsecs
        nr_run_events:        716
        nr_sleep_events:      785
        nr_wakeup_events:     0
        ...
        ------------------------------------------------------------
      
      Fixes: 2a09b5de ("sched/fair: do not expose some tracepoints to user if CONFIG_SCHEDSTATS is not set")
      Signed-off-by: default avatarYang Jihong <yangjihong1@huawei.com>
      Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
      Cc: Jiri Olsa <jolsa@redhat.com>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Steven Rostedt (VMware) <rostedt@goodmis.org>
      Cc: Yafang Shao <laoar.shao@gmail.com>
      Link: http://lore.kernel.org/lkml/20210713112358.194693-1-yangjihong1@huawei.comSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      b0f00855
    • Yang Jihong's avatar
      perf probe: Fix add event failure when running 32-bit perf in a 64-bit kernel · 22a66551
      Yang Jihong authored
      The "address" member of "struct probe_trace_point" uses long data type.
      If kernel is 64-bit and perf program is 32-bit, size of "address"
      variable is 32 bits.
      
      As a result, upper 32 bits of address read from kernel are truncated, an
      error occurs during address comparison in kprobe_warn_out_range().
      
      Before:
      
        # perf probe -a schedule
        schedule is out of .text, skip it.
          Error: Failed to add events.
      
      Solution:
        Change data type of "address" variable to u64 and change corresponding
      address printing and value assignment.
      
      After:
      
        # perf.new.new probe -a schedule
        Added new event:
          probe:schedule       (on schedule)
      
        You can now use it in all perf tools, such as:
      
                perf record -e probe:schedule -aR sleep 1
      
        # perf probe -l
          probe:schedule       (on schedule@kernel/sched/core.c)
        # perf record -e probe:schedule -aR sleep 1
        [ perf record: Woken up 1 times to write data ]
        [ perf record: Captured and wrote 0.156 MB perf.data (1366 samples) ]
        # perf report --stdio
        # To display the perf.data header info, please use --header/--header-only options.
        #
        #
        # Total Lost Samples: 0
        #
        # Samples: 1K of event 'probe:schedule'
        # Event count (approx.): 1366
        #
        # Overhead  Command          Shared Object      Symbol
        # ........  ...............  .................  ............
        #
             6.22%  migration/0      [kernel.kallsyms]  [k] schedule
             6.22%  migration/1      [kernel.kallsyms]  [k] schedule
             6.22%  migration/2      [kernel.kallsyms]  [k] schedule
             6.22%  migration/3      [kernel.kallsyms]  [k] schedule
             6.15%  migration/10     [kernel.kallsyms]  [k] schedule
             6.15%  migration/11     [kernel.kallsyms]  [k] schedule
             6.15%  migration/12     [kernel.kallsyms]  [k] schedule
             6.15%  migration/13     [kernel.kallsyms]  [k] schedule
             6.15%  migration/14     [kernel.kallsyms]  [k] schedule
             6.15%  migration/15     [kernel.kallsyms]  [k] schedule
             6.15%  migration/4      [kernel.kallsyms]  [k] schedule
             6.15%  migration/5      [kernel.kallsyms]  [k] schedule
             6.15%  migration/6      [kernel.kallsyms]  [k] schedule
             6.15%  migration/7      [kernel.kallsyms]  [k] schedule
             6.15%  migration/8      [kernel.kallsyms]  [k] schedule
             6.15%  migration/9      [kernel.kallsyms]  [k] schedule
             0.22%  rcu_sched        [kernel.kallsyms]  [k] schedule
        ...
        #
        # (Cannot load tips.txt file, please install perf!)
        #
      Signed-off-by: default avatarYang Jihong <yangjihong1@huawei.com>
      Acked-by: default avatarMasami Hiramatsu <mhiramat@kernel.org>
      Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
      Cc: Frank Ch. Eigler <fche@redhat.com>
      Cc: Ian Rogers <irogers@google.com>
      Cc: Jianlin Lv <jianlin.lv@arm.com>
      Cc: Jin Yao <yao.jin@linux.intel.com>
      Cc: Jiri Olsa <jolsa@redhat.com>
      Cc: Li Huafei <lihuafei1@huawei.com>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Ravi Bangoria <ravi.bangoria@linux.ibm.com>
      Cc: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
      Link: http://lore.kernel.org/lkml/20210715063723.11926-1-yangjihong1@huawei.comSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      22a66551
    • Riccardo Mancini's avatar
      perf data: Close all files in close_dir() · d4b3eedc
      Riccardo Mancini authored
      When using 'perf report' in directory mode, the first file is not closed
      on exit, causing a memory leak.
      
      The problem is caused by the iterating variable never reaching 0.
      
      Fixes: 14552063 ("perf data: Add perf_data__(create_dir|close_dir) functions")
      Signed-off-by: default avatarRiccardo Mancini <rickyman7@gmail.com>
      Acked-by: default avatarNamhyung Kim <namhyung@kernel.org>
      Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
      Cc: Ian Rogers <irogers@google.com>
      Cc: Jiri Olsa <jolsa@redhat.com>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Zhen Lei <thunder.leizhen@huawei.com>
      Link: http://lore.kernel.org/lkml/20210716141122.858082-1-rickyman7@gmail.comSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      d4b3eedc
    • Riccardo Mancini's avatar
      perf probe-file: Delete namelist in del_events() on the error path · e0fa7ab4
      Riccardo Mancini authored
      ASan reports some memory leaks when running:
      
        # perf test "42: BPF filter"
      
      This second leak is caused by a strlist not being dellocated on error
      inside probe_file__del_events.
      
      This patch adds a goto label before the deallocation and makes the error
      path jump to it.
      Signed-off-by: default avatarRiccardo Mancini <rickyman7@gmail.com>
      Fixes: e7895e42 ("perf probe: Split del_perf_probe_events()")
      Cc: Ian Rogers <irogers@google.com>
      Cc: Jiri Olsa <jolsa@redhat.com>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Link: http://lore.kernel.org/lkml/174963c587ae77fa108af794669998e4ae558338.1626343282.git.rickyman7@gmail.comSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      e0fa7ab4
  4. 17 Jul, 2021 9 commits
    • Linus Torvalds's avatar
      Merge tag 'soc-fixes-5.14-1' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc · 1d67c8d9
      Linus Torvalds authored
      Pull ARM SoC fixes from Arnd Bergmann:
       "Here are the patches for this week that came as the fallout of the
        merge window:
      
         - Two fixes for the NVidia memory controller driver
      
         - multiple defconfig files get patched to turn CONFIG_FB back on
           after that is no longer selected by CONFIG_DRM
      
         - ffa and scmpi firmware drivers fixes, mostly addressing compiler
           and documentation warnings
      
         - Platform specific fixes for device tree files on ASpeed, Renesas
           and NVidia SoC, mostly for recent regressions.
      
         - A workaround for a regression on the USB PHY with devlink when the
           usb-nop-xceiv driver is not available until the rootfs is mounted.
      
         - Device tree compiler warnings in Arm Versatile-AB"
      
      * tag 'soc-fixes-5.14-1' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: (35 commits)
        ARM: dts: versatile: Fix up interrupt controller node names
        ARM: multi_v7_defconfig: Make NOP_USB_XCEIV driver built-in
        ARM: configs: Update u8500_defconfig
        ARM: configs: Update Vexpress defconfig
        ARM: configs: Update Versatile defconfig
        ARM: configs: Update RealView defconfig
        ARM: configs: Update Integrator defconfig
        arm: Typo s/PCI_IXP4XX_LEGACY/IXP4XX_PCI_LEGACY/
        firmware: arm_scmi: Fix range check for the maximum number of pending messages
        firmware: arm_scmi: Avoid padding in sensor message structure
        firmware: arm_scmi: Fix kernel doc warnings about return values
        firmware: arm_scpi: Fix kernel doc warnings
        firmware: arm_scmi: Fix kernel doc warnings
        ARM: shmobile: defconfig: Restore graphical consoles
        firmware: arm_ffa: Fix a possible ffa_linux_errmap buffer overflow
        firmware: arm_ffa: Fix the comment style
        firmware: arm_ffa: Simplify probe function
        firmware: arm_ffa: Ensure drivers provide a probe function
        firmware: arm_scmi: Fix possible scmi_linux_errmap buffer overflow
        firmware: arm_scmi: Ensure drivers provide a probe function
        ...
      1d67c8d9
    • Linus Torvalds's avatar
      Revert "mm/slub: use stackdepot to save stack trace in objects" · ae14c63a
      Linus Torvalds authored
      This reverts commit 78869146.
      
      It's not clear why, but it causes unexplained problems in entirely
      unrelated xfs code.  The most likely explanation is some slab
      corruption, possibly triggered due to CONFIG_SLUB_DEBUG_ON.  See [1].
      
      It ends up having a few other problems too, like build errors on
      arch/arc, and Geert reporting it using much more memory on m68k [3] (it
      probably does so elsewhere too, but it is probably just more noticeable
      on m68k).
      
      The architecture issues (both build and memory use) are likely just
      because this change effectively force-enabled STACKDEPOT (along with a
      very bad default value for the stackdepot hash size).  But together with
      the xfs issue, this all smells like "this commit was not ready" to me.
      
      Link: https://lore.kernel.org/linux-xfs/YPE3l82acwgI2OiV@infradead.org/ [1]
      Link: https://lore.kernel.org/lkml/202107150600.LkGNb4Vb-lkp@intel.com/ [2]
      Link: https://lore.kernel.org/lkml/CAMuHMdW=eoVzM1Re5FVoEN87nKfiLmM2+Ah7eNu2KXEhCvbZyA@mail.gmail.com/ [3]
      Reported-by: default avatarChristoph Hellwig <hch@infradead.org>
      Reported-by: default avatarkernel test robot <lkp@intel.com>
      Reported-by: default avatarGeert Uytterhoeven <geert@linux-m68k.org>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Cc: Randy Dunlap <rdunlap@infradead.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      ae14c63a
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · 5d766d55
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "One core fix for an oops which can occur if the error handling thread
        fails to start for some reason and the driver is removed.
      
        The other fixes are all minor ones in drivers"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: ufs: core: Add missing host_lock in ufshcd_vops_setup_xfer_req()
        scsi: mpi3mr: Fix W=1 compilation warnings
        scsi: pm8001: Clean up kernel-doc and comments
        scsi: zfcp: Report port fc_security as unknown early during remote cable pull
        scsi: core: Fix bad pointer dereference when ehandler kthread is invalid
        scsi: fas216: Fix a build error
        scsi: core: Fix the documentation of the scsi_execute() time parameter
      5d766d55
    • Linus Torvalds's avatar
      Merge tag '5.14-rc1-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6 · 44cb60b4
      Linus Torvalds authored
      Pull cifs fixes from Steve French:
       "Eight cifs/smb3 fixes, including three for stable.
      
        Three are DFS related fixes, and two to fix problems pointed out by
        static checkers"
      
      * tag '5.14-rc1-smb3-fixes' of git://git.samba.org/sfrench/cifs-2.6:
        cifs: do not share tcp sessions of dfs connections
        SMB3.1.1: fix mount failure to some servers when compression enabled
        cifs: added WARN_ON for all the count decrements
        cifs: fix missing null session check in mount
        cifs: handle reconnect of tcon when there is no cached dfs referral
        cifs: fix the out of range assignment to bit fields in parse_server_interfaces
        cifs: Do not use the original cruid when following DFS links for multiuser mounts
        cifs: use the expiry output of dns_query to schedule next resolution
      44cb60b4
    • Linus Torvalds's avatar
      Merge tag 'linux-kselftest-kunit-fixes-5.14-rc2' of... · ccbb22b9
      Linus Torvalds authored
      Merge tag 'linux-kselftest-kunit-fixes-5.14-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest
      
      Pull kunit fixes from Shuah Khan:
       "Fixes to kunit tool and documentation:
      
         - fix asserts on older python versions
      
         - fixes to misleading error messages when TAP header format is
           incorrect or when file is missing
      
         - documentation fix: drop obsolete information about uml_abort
           coverage
      
         - remove unnecessary annotations"
      
      * tag 'linux-kselftest-kunit-fixes-5.14-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest:
        kunit: tool: Assert the version requirement
        kunit: tool: remove unnecessary "annotations" import
        Documentation: kunit: drop obsolete note about uml_abort for coverage
        kunit: tool: Fix error messages for cases of no tests and wrong TAP header
      ccbb22b9
    • Linus Torvalds's avatar
      Merge tag 'linux-kselftest-fixes-5.14-rc2' of... · 00397e74
      Linus Torvalds authored
      Merge tag 'linux-kselftest-fixes-5.14-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest
      
      Pull kselftest fix from Shuah Khan:
       "A fix to memory-hotplug hot-remove test to stop spamming logs with
        dump_page() entries and slowing the system down to a crawl"
      
      * tag 'linux-kselftest-fixes-5.14-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest:
        selftests: memory-hotplug: avoid spamming logs with dump_page(), ratio limit hot-remove error test
      00397e74
    • Linus Torvalds's avatar
      Merge tag 'trace-v5.14-5' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace · 3fdacf40
      Linus Torvalds authored
      Pull tracing fix from Steven Rostedt:
       "Fix the histogram logic from possibly crashing the kernel
      
        Working on the histogram code, I found that if you dereference a char
        pointer in a trace event that happens to point to user space, it can
        crash the kernel, as it does no checks of that pointer. I have code
        coming that will do this better, so just remove this ability to treat
        character pointers in trace events as stings in the histogram"
      
      * tag 'trace-v5.14-5' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
        tracing: Do not reference char * as a string in histograms
      3fdacf40
    • Linus Torvalds's avatar
      Merge tag 'devicetree-fixes-for-5.14-1' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux · d980cc06
      Linus Torvalds authored
      Pull devicetree fixes from Rob Herring:
      
       - Drop 'resets' as required on renesas,du
      
       - Moving of fixed string patterns for 'properties' instead of
         'patternProperties'
      
       - Drop more redundant minItems/maxItems that we merged in the merge
         window
      
       - Indentation warning fix for sja1105
      
      * tag 'devicetree-fixes-for-5.14-1' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux:
        dt-bindings: display: renesas,du: Make resets optional on R-Car H1
        dt-bindings: Move fixed string 'patternProperties' to 'properties'
        dt-bindings: More dropping redundant minItems/maxItems
        dt-bindings: net: dsa: sja1105: Fix indentation warnings
      d980cc06
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · 5f06a790
      Linus Torvalds authored
      Pull arm64 fixes from Will Deacon:
       "The bulk of the diffstat consists of changes to our uaccess routines
        so that they fall back to bytewise copying prior to reporting complete
        failure when the initial (multi-byte) access faults.
      
        However, the most disappointing change here is that we've had to bump
        ARCH_DMA_MINALIGN back to 128 bytes thanks to Qualcomm's "Kryo" CPU,
        which ended up in the MSM8996 mobile SoC. Still, at least we're now
        aware of this design and one of the hardware designers confirmed the
        L2 cacheline size for us.
      
        Summary:
      
         - Fix instrumentation annotations for entry code
      
         - Ensure kernel MTE state is restored correctly on resume from suspend
      
         - Fix MTE fault from new strlen() routine
      
         - Fallback to byte-wise accesses on initial uaccess fault
      
         - Bump Clang requirement for BTI
      
         - Revert ARCH_DMA_MINALIGN back to 128 bytes (shakes fist at Qualcomm)"
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64: entry: fix KCOV suppression
        arm64: entry: add missing noinstr
        arm64: mte: fix restoration of GCR_EL1 from suspend
        arm64: Avoid premature usercopy failure
        arm64: Restrict ARM64_BTI_KERNEL to clang 12.0.0 and newer
        Revert "arm64: cache: Lower ARCH_DMA_MINALIGN to 64 (L1_CACHE_BYTES)"
        arm64: Add missing header <asm/smp.h> in two files
        arm64: fix strlen() with CONFIG_KASAN_HW_TAGS
      5f06a790
  5. 16 Jul, 2021 16 commits