1. 07 Jul, 2019 2 commits
    • Jiri Olsa's avatar
      perf jvmti: Address gcc string overflow warning for strncpy() · dab0f4eb
      Jiri Olsa authored
      We are getting false positive gcc warning when we compile with gcc9 (9.1.1):
      
           CC       jvmti/libjvmti.o
         In file included from /usr/include/string.h:494,
                          from jvmti/libjvmti.c:5:
         In function ‘strncpy’,
             inlined from ‘copy_class_filename.constprop’ at jvmti/libjvmti.c:166:3:
         /usr/include/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ specified bound depends on the length of the source argument [-Werror=stringop-overflow=]
           106 |   return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
               |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         jvmti/libjvmti.c: In function ‘copy_class_filename.constprop’:
         jvmti/libjvmti.c:165:26: note: length computed here
           165 |   size_t file_name_len = strlen(file_name);
               |                          ^~~~~~~~~~~~~~~~~
         cc1: all warnings being treated as errors
      
      As per Arnaldo's suggestion use strlcpy(), which does the same thing and keeps
      gcc silent.
      Suggested-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      Signed-off-by: default avatarJiri Olsa <jolsa@kernel.org>
      Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
      Cc: Ben Gainey <ben.gainey@arm.com>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Stephane Eranian <eranian@google.com>
      Link: http://lkml.kernel.org/r/20190531131321.GB1281@kravaSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      dab0f4eb
    • Arnaldo Carvalho de Melo's avatar
      perf python: Remove -fstack-protector-strong if clang doesn't have it · c18ae632
      Arnaldo Carvalho de Melo authored
      Some distros put -fstack-protector-strong in the compiler flags to be
      used to build python extensions, but then, the clang version in that
      distro doesn't know about that, only gcc does.
      
      Check if that is the case and remove it from the set of options used to
      build the python binding with clang.
      
      Case at hand:
      
      oraclelinux:7
      
        $ head -2 /etc/os-release
        NAME="Oracle Linux Server"
        VERSION="7.6"
        $ grep stack-protector /usr/lib64/python2.7/_sysconfigdata.py | head -1 | cut -c-120
       'CFLAGS': '-fno-strict-aliasing -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --para
        $
        gcc version 4.8.5 20150623 (Red Hat 4.8.5-36.0.1) (GCC)
        clang version 3.4.2 (tags/RELEASE_34/dot2-final)
      
        clang: error: unknown argument: '-fstack-protector-strong'
        clang: error: unknown argument: '-fstack-protector-strong'
        error: command 'clang' failed with exit status 1
        cp: cannot stat '/tmp/build/perf/python_ext_build/lib/perf*.so': No such file or directory
        make[2]: *** [/tmp/build/perf/python/perf.so] Error 1
      
      Cc: Adrian Hunter <adrian.hunter@intel.com>
      Cc: Jiri Olsa <jolsa@kernel.org>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Link: https://lkml.kernel.org/n/tip-brmp2415zxpbhz45etkgjoma@git.kernel.orgSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      c18ae632
  2. 06 Jul, 2019 11 commits
    • Arnaldo Carvalho de Melo's avatar
      perf annotate TUI browser: Do not use member from variable within its own initialization · d5b2179d
      Arnaldo Carvalho de Melo authored
      Some compilers will complain when using a member of a struct to
      initialize another member, in the same struct initialization.
      
      For instance:
      
        debian:8      Debian clang version 3.5.0-10 (tags/RELEASE_350/final) (based on LLVM 3.5.0)
        oraclelinux:7 clang version 3.4.2 (tags/RELEASE_34/dot2-final)
      
      Produce:
      
        ui/browsers/annotate.c:104:12: error: variable 'ops' is uninitialized when used within its own initialization [-Werror,-Wuninitialized]
                                                    (!ops.current_entry ||
                                                      ^~~
        1 error generated.
      
      So use an extra variable, initialized just before that struct, to have
      the value used in the expressions used to init two of the struct
      members.
      
      Cc: Adrian Hunter <adrian.hunter@intel.com>
      Cc: Jiri Olsa <jolsa@kernel.org>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Fixes: c298304b ("perf annotate: Use a ops table for annotation_line__write()")
      Link: https://lkml.kernel.org/n/tip-f9nexro58q62l3o9hez8hr0i@git.kernel.orgSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      d5b2179d
    • Seeteena Thoufeek's avatar
      perf tests: Fix record+probe_libc_inet_pton.sh for powerpc64 · bff5a556
      Seeteena Thoufeek authored
      'probe libc's inet_pton & backtrace it with ping' testcase sometimes
      fails on powerpc because distro ping binary does not have symbol
      information and thus it prints "[unknown]" function name in the
      backtrace.
      
      Accept "[unknown]" as valid function name for powerpc as well.
      
       # perf test -v "probe libc's inet_pton & backtrace it with ping"
      
      Before:
      
        59: probe libc's inet_pton & backtrace it with ping       :
        --- start ---
        test child forked, pid 79695
        ping 79718 [077] 96483.787025: probe_libc:inet_pton: (7fff83a754c8)
        7fff83a754c8 __GI___inet_pton+0x8 (/usr/lib64/power9/libc-2.28.so)
        7fff83a2b7a0 gaih_inet.constprop.7+0x1020
        (/usr/lib64/power9/libc-2.28.so)
        7fff83a2c170 getaddrinfo+0x160 (/usr/lib64/power9/libc-2.28.so)
        1171830f4 [unknown] (/usr/bin/ping)
        FAIL: expected backtrace entry
        ".*\+0x[[:xdigit:]]+[[:space:]]\(.*/bin/ping.*\)$"
        got "1171830f4 [unknown] (/usr/bin/ping)"
        test child finished with -1
        ---- end ----
        probe libc's inet_pton & backtrace it with ping: FAILED!
      
      After:
      
        59: probe libc's inet_pton & backtrace it with ping       :
        --- start ---
        test child forked, pid 79085
        ping 79108 [045] 96400.214177: probe_libc:inet_pton: (7fffbb9654c8)
        7fffbb9654c8 __GI___inet_pton+0x8 (/usr/lib64/power9/libc-2.28.so)
        7fffbb91b7a0 gaih_inet.constprop.7+0x1020
        (/usr/lib64/power9/libc-2.28.so)
        7fffbb91c170 getaddrinfo+0x160 (/usr/lib64/power9/libc-2.28.so)
        132e830f4 [unknown] (/usr/bin/ping)
        test child finished with 0
        ---- end ----
        probe libc's inet_pton & backtrace it with ping: Ok
      Signed-off-by: default avatarSeeteena Thoufeek <s1seetee@linux.vnet.ibm.com>
      Reviewed-by: default avatarKim Phillips <kim.phillips@amd.com>
      Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
      Cc: Hendrik Brueckner <brueckner@linux.ibm.com>
      Cc: Jiri Olsa <jolsa@redhat.com>
      Cc: Michael Petlan <mpetlan@redhat.com>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Sandipan Das <sandipan@linux.ibm.com>
      Fixes: 16329364 ("perf tests: Fix record+probe_libc_inet_pton.sh without ping's debuginfo")
      Link: http://lkml.kernel.org/r/1561630614-3216-1-git-send-email-s1seetee@linux.vnet.ibm.comSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      bff5a556
    • Jiri Olsa's avatar
      perf evsel: Do not rely on errno values for precise_ip fallback · cd136189
      Jiri Olsa authored
      Konstantin reported problem with default perf record command, which
      fails on some AMD servers, because of the default maximum precise
      config.
      
      The current fallback mechanism counts on getting ENOTSUP errno for
      precise_ip fails, but that's not the case on some AMD servers.
      
      We can fix this by removing the errno check completely, because the
      precise_ip fallback is separated. We can just try  (if requested by
      evsel->precise_max) all possible precise_ip, and if one succeeds we win,
      if not, we continue with standard fallback.
      Reported-by: default avatarKonstantin Kharlamov <Hi-Angel@yandex.ru>
      Signed-off-by: default avatarJiri Olsa <jolsa@kernel.org>
      Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
      Cc: Andi Kleen <ak@linux.intel.com>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Quentin Monnet <quentin.monnet@netronome.com>
      Cc: Kim Phillips <kim.phillips@amd.com>
      Link: http://lkml.kernel.org/r/20190703080949.10356-1-jolsa@kernel.orgSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      cd136189
    • Arnaldo Carvalho de Melo's avatar
      perf thread: Allow references to thread objects after machine__exit() · 4c00af0e
      Arnaldo Carvalho de Melo authored
      Threads are created when we either synthesize PERF_RECORD_FORK events
      for pre-existing threads or when we receive PERF_RECORD_FORK events from
      the kernel as new threads get created.
      
      We then keep them in machine->threads[].entries rb trees till when we
      receive a PERF_RECORD_EXIT, i.e. that thread terminated.
      
      The thread object has a reference count that is grabbed when, for
      instance, we keep that thread referenced in struct hist_entry, in 'perf
      report' and 'perf top'.
      
      When we receive a PERF_RECORD_EXIT we remove the thread object from the
      rb tree and move it to the corresponding machine->threads[].dead list,
      then we do a thread__put(), dropping the reference we had for keeping it
      in the rb tree.
      
      In thread__put() we were assuming that when the reference count hit zero
      we should remove it from the dead list by simply doing a
      list_del_init(&thread->node).
      
      That works well when all the thread lifetime is during the machine that
      has the list heads lifetime, since we know that we can do the
      list_del_init() and it will update the 'dead' list_head.
      
      But in 'perf sched lat' we were doing:
      
          machine__new() (via perf_session__new)
      
          process events, grabbing refcounts to keep those thread objects
          in 'perf sched' local data structures.
      
          machine__exit() (via perf_session__delete) which would delete the
          'dead' list heads.
      
          And then doing the final thread__put() for the refcounts 'perf sched'
          rightfully obtained for keeping those thread object references.
      
          b00m, since thread__put() would do the list_del_init() touching
          a dead dead list head.
      
      Fix it by removing all the dead threads from machine->threads[].dead at
      machine__exit(), since whatever is there should have refcounts taken by
      things like 'perf sched lat', and make thread__put() check if the thread
      is in a linked list before removing it from that list.
      Reported-by: default avatarWei Li <liwei391@huawei.com>
      Link: https://lkml.kernel.org/r/20190508143648.8153-1-liwei391@huawei.com
      Cc: Adrian Hunter <adrian.hunter@intel.com>
      Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
      Cc: Jiri Olsa <jolsa@kernel.org>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Zhipeng Xie <xiezhipeng1@huawei.com>
      Link: https://lkml.kernel.org/r/20190704194355.GI10740@kernel.orgSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      4c00af0e
    • Song Liu's avatar
      perf header: Assign proper ff->ph in perf_event__synthesize_features() · c952b35f
      Song Liu authored
      bpf/btf write_* functions need ff->ph->env.
      
      With this missing, pipe-mode (perf record -o -)  would crash like:
      
      Program terminated with signal SIGSEGV, Segmentation fault.
      
      This patch assign proper ph value to ff.
      
      Committer testing:
      
        (gdb) run record -o -
        Starting program: /root/bin/perf record -o -
        PERFILE2
        <SNIP start of perf.data headers>
        Thread 1 "perf" received signal SIGSEGV, Segmentation fault.
        __do_write_buf (size=4, buf=0x160, ff=0x7fffffff8f80) at util/header.c:126
        126		memcpy(ff->buf + ff->offset, buf, size);
        (gdb) bt
        #0  __do_write_buf (size=4, buf=0x160, ff=0x7fffffff8f80) at util/header.c:126
        #1  do_write (ff=ff@entry=0x7fffffff8f80, buf=buf@entry=0x160, size=4) at util/header.c:137
        #2  0x00000000004eddba in write_bpf_prog_info (ff=0x7fffffff8f80, evlist=<optimized out>) at util/header.c:912
        #3  0x00000000004f69d7 in perf_event__synthesize_features (tool=tool@entry=0x97cc00 <record>, session=session@entry=0x7fffe9c6d010,
            evlist=0x7fffe9cae010, process=process@entry=0x4435d0 <process_synthesized_event>) at util/header.c:3695
        #4  0x0000000000443c79 in record__synthesize (tail=tail@entry=false, rec=0x97cc00 <record>) at builtin-record.c:1214
        #5  0x0000000000444ec9 in __cmd_record (rec=0x97cc00 <record>, argv=<optimized out>, argc=0) at builtin-record.c:1435
        #6  cmd_record (argc=0, argv=<optimized out>) at builtin-record.c:2450
        #7  0x00000000004ae3e9 in run_builtin (p=p@entry=0x98e058 <commands+216>, argc=argc@entry=3, argv=0x7fffffffd670) at perf.c:304
        #8  0x000000000042eded in handle_internal_command (argv=<optimized out>, argc=<optimized out>) at perf.c:356
        #9  run_argv (argcp=<optimized out>, argv=<optimized out>) at perf.c:400
        #10 main (argc=3, argv=<optimized out>) at perf.c:522
        (gdb)
      
      After the patch the SEGSEGV is gone.
      Reported-by: default avatarDavid Carrillo Cisneros <davidca@fb.com>
      Signed-off-by: default avatarSong Liu <songliubraving@fb.com>
      Tested-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      Cc: Jiri Olsa <jolsa@kernel.org>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: kernel-team@fb.com
      Cc: stable@vger.kernel.org # v5.1+
      Fixes: 606f972b ("perf bpf: Save bpf_prog_info information as headers to perf.data")
      Link: http://lkml.kernel.org/r/20190620010453.4118689-1-songliubraving@fb.comSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      c952b35f
    • Arnaldo Carvalho de Melo's avatar
      tools arch kvm: Sync kvm headers with the kernel sources · c499d1f4
      Arnaldo Carvalho de Melo authored
      To pick up the changes from:
      
        41040cf7 ("arm64/sve: Fix missing SVE/FPSIMD endianness conversions")
        6ca00dfa ("KVM: x86: Modify struct kvm_nested_state to have explicit fields for data")
      
      None entail changes in tooling.
      
      This silences these tools/perf build warnings:
      
        Warning: Kernel ABI header at 'tools/arch/x86/include/uapi/asm/kvm.h' differs from latest version at 'arch/x86/include/uapi/asm/kvm.h'
        diff -u tools/arch/x86/include/uapi/asm/kvm.h arch/x86/include/uapi/asm/kvm.h
        Warning: Kernel ABI header at 'tools/arch/arm64/include/uapi/asm/kvm.h' differs from latest version at 'arch/arm64/include/uapi/asm/kvm.h'
        diff -u tools/arch/arm64/include/uapi/asm/kvm.h arch/arm64/include/uapi/asm/kvm.h
      
      Cc: Adrian Hunter <adrian.hunter@intel.com>
      Cc: Dave Martin <Dave.Martin@arm.com>
      Cc: Jiri Olsa <jolsa@kernel.org>
      Cc: Liran Alon <liran.alon@oracle.com>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Link: https://lkml.kernel.org/n/tip-1cdbq5ulr4d6cx3iv2ye5wdv@git.kernel.orgSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      c499d1f4
    • Linus Torvalds's avatar
      Revert "mm: page cache: store only head pages in i_pages" · 69bf4b6b
      Linus Torvalds authored
      This reverts commit 5fd4ca2d.
      
      Mikhail Gavrilov reports that it causes the VM_BUG_ON_PAGE() in
      __delete_from_swap_cache() to trigger:
      
         page:ffffd6d34dff0000 refcount:1 mapcount:1 mapping:ffff97812323a689 index:0xfecec363
         anon
         flags: 0x17fffe00080034(uptodate|lru|active|swapbacked)
         raw: 0017fffe00080034 ffffd6d34c67c508 ffffd6d3504b8d48 ffff97812323a689
         raw: 00000000fecec363 0000000000000000 0000000100000000 ffff978433ace000
         page dumped because: VM_BUG_ON_PAGE(entry != page)
         page->mem_cgroup:ffff978433ace000
         ------------[ cut here ]------------
         kernel BUG at mm/swap_state.c:170!
         invalid opcode: 0000 [#1] SMP NOPTI
         CPU: 1 PID: 221 Comm: kswapd0 Not tainted 5.2.0-0.rc2.git0.1.fc31.x86_64 #1
         Hardware name: System manufacturer System Product Name/ROG STRIX X470-I GAMING, BIOS 2202 04/11/2019
         RIP: 0010:__delete_from_swap_cache+0x20d/0x240
         Code: 30 65 48 33 04 25 28 00 00 00 75 4a 48 83 c4 38 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 c7 c6 2f dc 0f 8a 48 89 c7 e8 93 1b fd ff <0f> 0b 48 c7 c6 a8 74 0f 8a e8 85 1b fd ff 0f 0b 48 c7 c6 a8 7d 0f
         RSP: 0018:ffffa982036e7980 EFLAGS: 00010046
         RAX: 0000000000000021 RBX: 0000000000000040 RCX: 0000000000000006
         RDX: 0000000000000000 RSI: 0000000000000086 RDI: ffff97843d657900
         RBP: 0000000000000001 R08: ffffa982036e7835 R09: 0000000000000535
         R10: ffff97845e21a46c R11: ffffa982036e7835 R12: ffff978426387120
         R13: 0000000000000000 R14: ffffd6d34dff0040 R15: ffffd6d34dff0000
         FS:  0000000000000000(0000) GS:ffff97843d640000(0000) knlGS:0000000000000000
         CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
         CR2: 00002cba88ef5000 CR3: 000000078a97c000 CR4: 00000000003406e0
         Call Trace:
          delete_from_swap_cache+0x46/0xa0
          try_to_free_swap+0xbc/0x110
          swap_writepage+0x13/0x70
          pageout.isra.0+0x13c/0x350
          shrink_page_list+0xc14/0xdf0
          shrink_inactive_list+0x1e5/0x3c0
          shrink_node_memcg+0x202/0x760
          shrink_node+0xe0/0x470
          balance_pgdat+0x2d1/0x510
          kswapd+0x220/0x420
          kthread+0xfb/0x130
          ret_from_fork+0x22/0x40
      
      and it's not immediately obvious why it happens.  It's too late in the
      rc cycle to do anything but revert for now.
      
      Link: https://lore.kernel.org/lkml/CABXGCsN9mYmBD-4GaaeW_NrDu+FDXLzr_6x+XNxfmFV6QkYCDg@mail.gmail.com/Reported-and-bisected-by: default avatarMikhail Gavrilov <mikhail.v.gavrilov@gmail.com>
      Suggested-by: default avatarJan Kara <jack@suse.cz>
      Cc: Michal Hocko <mhocko@kernel.org>
      Cc: Vlastimil Babka <vbabka@suse.cz>
      Cc: Matthew Wilcox <willy@infradead.org>
      Cc: Kirill Shutemov <kirill@shutemov.name>
      Cc: William Kucharski <william.kucharski@oracle.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      69bf4b6b
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 9fdb86c8
      Linus Torvalds authored
      Pull kvm fixes from Paolo Bonzini:
       "x86 bugfix patches and one compilation fix for ARM"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: arm64/sve: Fix vq_present() macro to yield a bool
        KVM: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC
        KVM: nVMX: Change KVM_STATE_NESTED_EVMCS to signal vmcs12 is copied from eVMCS
        KVM: nVMX: Allow restore nested-state to enable eVMCS when vCPU in SMM
        KVM: x86: degrade WARN to pr_warn_ratelimited
      9fdb86c8
    • Linus Torvalds's avatar
      Merge tag 'mtd/fixes-for-5.2-final' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux · 0e63665a
      Linus Torvalds authored
      Pull mtf fixes from Miquel Raynal:
      
       - Fix the memory organization structure of a Macronix SPI-NAND chip.
      
       - Fix a build dependency wrongly described.
      
       - Fix the sunxi NAND driver for A23/A33 SoCs by (a) reverting the
         faulty commit introducing broken DMA support and (b) applying another
         commit bringing working DMA support.
      
      * tag 'mtd/fixes-for-5.2-final' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux:
        mtd: rawnand: sunxi: Add A23/A33 DMA support with extra MBUS configuration
        Revert "mtd: rawnand: sunxi: Add A23/A33 DMA support"
        mtd: rawnand: ingenic: Fix ingenic_ecc dependency
        mtd: spinand: Fix max_bad_eraseblocks_per_lun info in memorg
      0e63665a
    • Linus Torvalds's avatar
      Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux · 881ed91f
      Linus Torvalds authored
      Pull i2c fixlet from Wolfram Sang:
       "I2C has a MAINTAINERS update which will be benfitial for developers,
        so let's add it right away"
      
      * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
        i2c: tegra: Add Dmitry as a reviewer
      881ed91f
    • Linus Torvalds's avatar
      Merge tag 'nfsd-5.2-2' of git://linux-nfs.org/~bfields/linux · a8f46b5a
      Linus Torvalds authored
      Pull nfsd fixes from Bruce Fields:
       "Two more quick bugfixes for nfsd: fixing a regression causing mount
        failures on high-memory machines and fixing the DRC over RDMA"
      
      * tag 'nfsd-5.2-2' of git://linux-nfs.org/~bfields/linux:
        nfsd: Fix overflow causing non-working mounts on 1 TB machines
        svcrdma: Ignore source port when computing DRC hash
      a8f46b5a
  3. 05 Jul, 2019 16 commits
  4. 04 Jul, 2019 9 commits
  5. 03 Jul, 2019 2 commits
    • Paul Menzel's avatar
      nfsd: Fix overflow causing non-working mounts on 1 TB machines · 3b2d4dcf
      Paul Menzel authored
      Since commit 10a68cdf (nfsd: fix performance-limiting session
      calculation) (Linux 5.1-rc1 and 4.19.31), shares from NFS servers with
      1 TB of memory cannot be mounted anymore. The mount just hangs on the
      client.
      
      The gist of commit 10a68cdf is the change below.
      
          -avail = clamp_t(int, avail, slotsize, avail/3);
          +avail = clamp_t(int, avail, slotsize, total_avail/3);
      
      Here are the macros.
      
          #define min_t(type, x, y)       __careful_cmp((type)(x), (type)(y), <)
          #define clamp_t(type, val, lo, hi) min_t(type, max_t(type, val, lo), hi)
      
      `total_avail` is 8,434,659,328 on the 1 TB machine. `clamp_t()` casts
      the values to `int`, which for 32-bit integers can only hold values
      −2,147,483,648 (−2^31) through 2,147,483,647 (2^31 − 1).
      
      `avail` (in the function signature) is just 65536, so that no overflow
      was happening. Before the commit the assignment would result in 21845,
      and `num = 4`.
      
      When using `total_avail`, it is causing the assignment to be
      18446744072226137429 (printed as %lu), and `num` is then 4164608182.
      
      My next guess is, that `nfsd_drc_mem_used` is then exceeded, and the
      server thinks there is no memory available any more for this client.
      
      Updating the arguments of `clamp_t()` and `min_t()` to `unsigned long`
      fixes the issue.
      
      Now, `avail = 65536` (before commit 10a68cdf `avail = 21845`), but
      `num = 4` remains the same.
      
      Fixes: c54f24e3 (nfsd: fix performance-limiting session calculation)
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarPaul Menzel <pmenzel@molgen.mpg.de>
      Signed-off-by: default avatarJ. Bruce Fields <bfields@redhat.com>
      3b2d4dcf
    • Eric Biggers's avatar
      crypto: user - prevent operating on larval algorithms · 21d4120e
      Eric Biggers authored
      Michal Suchanek reported [1] that running the pcrypt_aead01 test from
      LTP [2] in a loop and holding Ctrl-C causes a NULL dereference of
      alg->cra_users.next in crypto_remove_spawns(), via crypto_del_alg().
      The test repeatedly uses CRYPTO_MSG_NEWALG and CRYPTO_MSG_DELALG.
      
      The crash occurs when the instance that CRYPTO_MSG_DELALG is trying to
      unregister isn't a real registered algorithm, but rather is a "test
      larval", which is a special "algorithm" added to the algorithms list
      while the real algorithm is still being tested.  Larvals don't have
      initialized cra_users, so that causes the crash.  Normally pcrypt_aead01
      doesn't trigger this because CRYPTO_MSG_NEWALG waits for the algorithm
      to be tested; however, CRYPTO_MSG_NEWALG returns early when interrupted.
      
      Everything else in the "crypto user configuration" API has this same bug
      too, i.e. it inappropriately allows operating on larval algorithms
      (though it doesn't look like the other cases can cause a crash).
      
      Fix this by making crypto_alg_match() exclude larval algorithms.
      
      [1] https://lkml.kernel.org/r/20190625071624.27039-1-msuchanek@suse.de
      [2] https://github.com/linux-test-project/ltp/blob/20190517/testcases/kernel/crypto/pcrypt_aead01.cReported-by: default avatarMichal Suchanek <msuchanek@suse.de>
      Fixes: a38f7907 ("crypto: Add userspace configuration API")
      Cc: <stable@vger.kernel.org> # v3.2+
      Cc: Steffen Klassert <steffen.klassert@secunet.com>
      Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      21d4120e