1. 04 Sep, 2020 1 commit
    • Huang Ying's avatar
      x86, fakenuma: Fix invalid starting node ID · ccae0f36
      Huang Ying authored
      Commit:
      
        cc9aec03 ("x86/numa_emulation: Introduce uniform split capability")
      
      uses "-1" as the starting node ID, which causes the strange kernel log as
      follows, when "numa=fake=32G" is added to the kernel command line:
      
          Faking node -1 at [mem 0x0000000000000000-0x0000000893ffffff] (35136MB)
          Faking node 0 at [mem 0x0000001840000000-0x000000203fffffff] (32768MB)
          Faking node 1 at [mem 0x0000000894000000-0x000000183fffffff] (64192MB)
          Faking node 2 at [mem 0x0000002040000000-0x000000283fffffff] (32768MB)
          Faking node 3 at [mem 0x0000002840000000-0x000000303fffffff] (32768MB)
      
      And finally the kernel crashes:
      
          BUG: Bad page state in process swapper  pfn:00011
          page:(____ptrval____) refcount:0 mapcount:1 mapping:(____ptrval____) index:0x55cd7e44b270 pfn:0x11
          failed to read mapping contents, not a valid kernel address?
          flags: 0x5(locked|uptodate)
          raw: 0000000000000005 000055cd7e44af30 000055cd7e44af50 0000000100000006
          raw: 000055cd7e44b270 000055cd7e44b290 0000000000000000 000055cd7e44b510
          page dumped because: page still charged to cgroup
          page->mem_cgroup:000055cd7e44b510
          Modules linked in:
          CPU: 0 PID: 0 Comm: swapper Not tainted 5.9.0-rc2 #1
          Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019
          Call Trace:
           dump_stack+0x57/0x80
           bad_page.cold+0x63/0x94
           __free_pages_ok+0x33f/0x360
           memblock_free_all+0x127/0x195
           mem_init+0x23/0x1f5
           start_kernel+0x219/0x4f5
           secondary_startup_64+0xb6/0xc0
      
      Fix this bug via using 0 as the starting node ID.  This restores the
      original behavior before cc9aec03.
      
      [ mingo: Massaged the changelog. ]
      
      Fixes: cc9aec03 ("x86/numa_emulation: Introduce uniform split capability")
      Signed-off-by: default avatar"Huang, Ying" <ying.huang@intel.com>
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      Link: https://lore.kernel.org/r/20200904061047.612950-1-ying.huang@intel.com
      ccae0f36
  2. 03 Sep, 2020 2 commits
    • Joerg Roedel's avatar
      x86/mm/32: Bring back vmalloc faulting on x86_32 · 4819e15f
      Joerg Roedel authored
      One can not simply remove vmalloc faulting on x86-32. Upstream
      
      	commit: 7f0a002b ("x86/mm: remove vmalloc faulting")
      
      removed it on x86 alltogether because previously the
      arch_sync_kernel_mappings() interface was introduced. This interface
      added synchronization of vmalloc/ioremap page-table updates to all
      page-tables in the system at creation time and was thought to make
      vmalloc faulting obsolete.
      
      But that assumption was incredibly naive.
      
      It turned out that there is a race window between the time the vmalloc
      or ioremap code establishes a mapping and the time it synchronizes
      this change to other page-tables in the system.
      
      During this race window another CPU or thread can establish a vmalloc
      mapping which uses the same intermediate page-table entries (e.g. PMD
      or PUD) and does no synchronization in the end, because it found all
      necessary mappings already present in the kernel reference page-table.
      
      But when these intermediate page-table entries are not yet
      synchronized, the other CPU or thread will continue with a vmalloc
      address that is not yet mapped in the page-table it currently uses,
      causing an unhandled page fault and oops like below:
      
      	BUG: unable to handle page fault for address: fe80c000
      	#PF: supervisor write access in kernel mode
      	#PF: error_code(0x0002) - not-present page
      	*pde = 33183067 *pte = a8648163
      	Oops: 0002 [#1] SMP
      	CPU: 1 PID: 13514 Comm: cve-2017-17053 Tainted: G
      	...
      	Call Trace:
      	 ldt_dup_context+0x66/0x80
      	 dup_mm+0x2b3/0x480
      	 copy_process+0x133b/0x15c0
      	 _do_fork+0x94/0x3e0
      	 __ia32_sys_clone+0x67/0x80
      	 __do_fast_syscall_32+0x3f/0x70
      	 do_fast_syscall_32+0x29/0x60
      	 do_SYSENTER_32+0x15/0x20
      	 entry_SYSENTER_32+0x9f/0xf2
      	EIP: 0xb7eef549
      
      So the arch_sync_kernel_mappings() interface is racy, but removing it
      would mean to re-introduce the vmalloc_sync_all() interface, which is
      even more awful. Keep arch_sync_kernel_mappings() in place and catch
      the race condition in the page-fault handler instead.
      
      Do a partial revert of above commit to get vmalloc faulting on x86-32
      back in place.
      
      Fixes: 7f0a002b ("x86/mm: remove vmalloc faulting")
      Reported-by: default avatarNaresh Kamboju <naresh.kamboju@linaro.org>
      Signed-off-by: default avatarJoerg Roedel <jroedel@suse.de>
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      Link: https://lore.kernel.org/r/20200902155904.17544-1-joro@8bytes.org
      4819e15f
    • Arvind Sankar's avatar
      x86/cmdline: Disable jump tables for cmdline.c · aef0148f
      Arvind Sankar authored
      When CONFIG_RETPOLINE is disabled, Clang uses a jump table for the
      switch statement in cmdline_find_option (jump tables are disabled when
      CONFIG_RETPOLINE is enabled). This function is called very early in boot
      from sme_enable() if CONFIG_AMD_MEM_ENCRYPT is enabled. At this time,
      the kernel is still executing out of the identity mapping, but the jump
      table will contain virtual addresses.
      
      Fix this by disabling jump tables for cmdline.c when AMD_MEM_ENCRYPT is
      enabled.
      Signed-off-by: default avatarArvind Sankar <nivedita@alum.mit.edu>
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      Link: https://lore.kernel.org/r/20200903023056.3914690-1-nivedita@alum.mit.edu
      aef0148f
  3. 02 Sep, 2020 10 commits
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid · fc3abb53
      Linus Torvalds authored
      Pull HID fixes from Jiri Kosina:
      
       - data sanitization and validtion fixes for report descriptor parser
         from Marc Zyngier
      
       - memory leak fix for hid-elan driver from Dinghao Liu
      
       - two device-specific quirks
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid:
        HID: core: Sanitize event code and type when mapping input
        HID: core: Correctly handle ReportSize being zero
        HID: elan: Fix memleak in elan_input_configured
        HID: microsoft: Add rumble support for the 8bitdo SN30 Pro+ controller
        HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for all Saitek X52 devices
      fc3abb53
    • Linus Torvalds's avatar
      Merge tag 'for-5.9/dm-fixes' of... · c3a13095
      Linus Torvalds authored
      Merge tag 'for-5.9/dm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm
      
      Pull device mapper fixes from Mike Snitzer:
      
       - writecache fix to allow dax_direct_access() to partitioned pmem
         devices.
      
       - multipath fix to avoid any Path Group initialization if
         'pg_init_in_progress' isn't set.
      
       - crypt fix to use DECLARE_CRYPTO_WAIT() for onstack wait structures.
      
       - integrity fix to properly check integrity after device creation when
         in bitmap mode.
      
       - thinp and cache target __create_persistent_data_objects() fixes to
         reset the metadata's dm_block_manager pointer from PTR_ERR to NULL
         before returning from error path.
      
       - persistent-data block manager fix to guard against dm_block_manager
         NULL pointer dereference in dm_bm_is_read_only() and update various
         opencoded bm->read_only checks to use dm_bm_is_read_only() instead.
      
      * tag 'for-5.9/dm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
        dm thin metadata: Fix use-after-free in dm_bm_set_read_only
        dm thin metadata:  Avoid returning cmd->bm wild pointer on error
        dm cache metadata: Avoid returning cmd->bm wild pointer on error
        dm integrity: fix error reporting in bitmap mode after creation
        dm crypt: Initialize crypto wait structures
        dm mpath: fix racey management of PG initialization
        dm writecache: handle DAX to partitions on persistent memory correctly
      c3a13095
    • Linus Torvalds's avatar
      Merge tag 'xfs-5.9-fixes-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux · e1d0126c
      Linus Torvalds authored
      Pull xfs fixes from Darrick Wong:
       "Various small corruption fixes that have come in during the past
        month:
      
         - Avoid a log recovery failure for an insert range operation by
           rolling deferred ops incrementally instead of at the end.
      
         - Fix an off-by-one error when calculating log space reservations for
           anything involving an inode allocation or free.
      
         - Fix a broken shortform xattr verifier.
      
         - Ensure that the shortform xattr header padding is always
           initialized to zero"
      
      * tag 'xfs-5.9-fixes-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
        xfs: initialize the shortform attr header padding entry
        xfs: fix boundary test in xfs_attr_shortform_verify
        xfs: fix off-by-one in inode alloc block reservation calculation
        xfs: finish dfops on every insert range shift iteration
      e1d0126c
    • Linus Torvalds's avatar
      Merge branch 'work.epoll' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · 54e54d58
      Linus Torvalds authored
      Pull epoll fixup from Al Viro:
       "Fixup for epoll regression; there's a better solution longer term, but
        this is the least intrusive fix"
      
      * 'work.epoll' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        fix regression in "epoll: Keep a reference on files added to the check list"
      54e54d58
    • Ye Bin's avatar
      dm thin metadata: Fix use-after-free in dm_bm_set_read_only · 3a653b20
      Ye Bin authored
      The following error ocurred when testing disk online/offline:
      
      [  301.798344] device-mapper: thin: 253:5: aborting current metadata transaction
      [  301.848441] device-mapper: thin: 253:5: failed to abort metadata transaction
      [  301.849206] Aborting journal on device dm-26-8.
      [  301.850489] EXT4-fs error (device dm-26) in __ext4_new_inode:943: Journal has aborted
      [  301.851095] EXT4-fs (dm-26): Delayed block allocation failed for inode 398742 at logical offset 181 with max blocks 19 with error 30
      [  301.854476] BUG: KASAN: use-after-free in dm_bm_set_read_only+0x3a/0x40 [dm_persistent_data]
      
      Reason is:
      
       metadata_operation_failed
          abort_transaction
              dm_pool_abort_metadata
      	    __create_persistent_data_objects
      	        r = __open_or_format_metadata
      	        if (r) --> If failed will free pmd->bm but pmd->bm not set NULL
      		    dm_block_manager_destroy(pmd->bm);
          set_pool_mode
      	dm_pool_metadata_read_only(pool->pmd);
      	dm_bm_set_read_only(pmd->bm);  --> use-after-free
      
      Add checks to see if pmd->bm is NULL in dm_bm_set_read_only and
      dm_bm_set_read_write functions.  If bm is NULL it means creating the
      bm failed and so dm_bm_is_read_only must return true.
      Signed-off-by: default avatarYe Bin <yebin10@huawei.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      3a653b20
    • Ye Bin's avatar
      dm thin metadata: Avoid returning cmd->bm wild pointer on error · 219403d7
      Ye Bin authored
      Maybe __create_persistent_data_objects() caller will use PTR_ERR as a
      pointer, it will lead to some strange things.
      Signed-off-by: default avatarYe Bin <yebin10@huawei.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      219403d7
    • Ye Bin's avatar
      dm cache metadata: Avoid returning cmd->bm wild pointer on error · d16ff19e
      Ye Bin authored
      Maybe __create_persistent_data_objects() caller will use PTR_ERR as a
      pointer, it will lead to some strange things.
      Signed-off-by: default avatarYe Bin <yebin10@huawei.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      d16ff19e
    • Al Viro's avatar
      fix regression in "epoll: Keep a reference on files added to the check list" · 77f4689d
      Al Viro authored
      epoll_loop_check_proc() can run into a file already committed to destruction;
      we can't grab a reference on those and don't need to add them to the set for
      reverse path check anyway.
      Tested-by: default avatarMarc Zyngier <maz@kernel.org>
      Fixes: a9ed4a65 ("epoll: Keep a reference on files added to the check list")
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      77f4689d
    • Linus Torvalds's avatar
      Merge tag 'perf-tools-fixes-for-v5.9-2020-09-01' of... · 9c7d619b
      Linus Torvalds authored
      Merge tag 'perf-tools-fixes-for-v5.9-2020-09-01' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux
      
      Pull perf tools fixes from Arnaldo Carvalho de Melo:
      
       - Fix infinite loop in the TUI for grouped events in 'perf top/record',
         eg when using "perf top -e '{cycles,instructions,cache-misses}'".
      
       - Fix segfault by skipping side-band event setup if HAVE_LIBBPF_SUPPORT
         is not set.
      
       - Fix synthesized branch stacks generated from CoreSight ETM trace and
         Intel PT hardware traces.
      
       - Fix error when synthesizing events from ARM SPE hardware trace.
      
       - The SNOOPX and REMOTE offsets in the data_src bitmask in perf records
         were were both 37, SNOOPX is 38, fix it.
      
       - Fix use of CPU list with summary option in 'perf sched timehist'.
      
       - Avoid an uninitialized read when using fake PMUs.
      
       - Set perf_event_attr.exclude_guest=1 for user-space counting.
      
       - Don't order events when doing a 'perf report -D' raw dump of
         perf.data records.
      
       - Set NULL sentinel in pmu_events table in "Parse and process metrics"
         'perf test'
      
       - Fix basic bpf filtering 'perf test' on s390x.
      
       - Fix out of bounds array access in the 'perf stat' print_counters()
         evlist method.
      
       - Add mwait_idle_with_hints.constprop.0 to the list of idle symbols.
      
       - Use %zd for size_t printf formats on 32-bit.
      
       - Correct the help info of "perf record --no-bpf-event" option.
      
       - Add entries for CoreSight and Arm SPE tooling to MAINTAINERS.
      
      * tag 'perf-tools-fixes-for-v5.9-2020-09-01' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux:
        perf report: Disable ordered_events for raw dump
        perf tools: Correct SNOOPX field offset
        perf intel-pt: Fix corrupt data after perf inject from
        perf cs-etm: Fix corrupt data after perf inject from
        perf top/report: Fix infinite loop in the TUI for grouped events
        perf parse-events: Avoid an uninitialized read when using fake PMUs
        perf stat: Fix out of bounds array access in the print_counters() evlist method
        perf test: Set NULL sentinel in pmu_events table in "Parse and process metrics" test
        perf parse-events: Set exclude_guest=1 for user-space counting
        perf record: Correct the help info of option "--no-bpf-event"
        perf tools: Use %zd for size_t printf formats on 32-bit
        MAINTAINERS: Add entries for CoreSight and Arm SPE tooling
        perf: arm-spe: Fix check error when synthesizing events
        perf symbols: Add mwait_idle_with_hints.constprop.0 to the list of idle symbols
        perf top: Skip side-band event setup if HAVE_LIBBPF_SUPPORT is not set
        perf sched timehist: Fix use of CPU list with summary option
        perf test: Fix basic bpf filtering test
      9c7d619b
    • Linus Torvalds's avatar
      Merge tag 'for-5.9-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux · dcdfd9cc
      Linus Torvalds authored
      Pull btrfs fixes from David Sterba:
       "Two small fixes and a bunch of lockdep fixes for warnings that show up
        with an upcoming tree locking update but are valid with current locks
        as well"
      
      * tag 'for-5.9-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
        btrfs: tree-checker: fix the error message for transid error
        btrfs: set the lockdep class for log tree extent buffers
        btrfs: set the correct lockdep class for new nodes
        btrfs: allocate scrub workqueues outside of locks
        btrfs: fix potential deadlock in the search ioctl
        btrfs: drop path before adding new uuid tree entry
        btrfs: block-group: fix free-space bitmap threshold
      dcdfd9cc
  4. 01 Sep, 2020 19 commits
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · b765a32a
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "Three minor fixes, all in drivers"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: scsi_debug: Remove superfluous close zone in resp_open_zone()
        scsi: libcxgbi: Fix a use after free in cxgbi_conn_xmit_pdu()
        scsi: qedf: Fix null ptr reference in qedf_stag_change_work
      b765a32a
    • Mikulas Patocka's avatar
      dm integrity: fix error reporting in bitmap mode after creation · e27fec66
      Mikulas Patocka authored
      The dm-integrity target did not report errors in bitmap mode just after
      creation. The reason is that the function integrity_recalc didn't clean up
      ic->recalc_bitmap as it proceeded with recalculation.
      
      Fix this by updating the bitmap accordingly -- the double shift serves
      to rounddown.
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Fixes: 468dfca3 ("dm integrity: add a bitmap mode")
      Cc: stable@vger.kernel.org # v5.2+
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      e27fec66
    • Damien Le Moal's avatar
      dm crypt: Initialize crypto wait structures · 7785a9e4
      Damien Le Moal authored
      Use the DECLARE_CRYPTO_WAIT() macro to properly initialize the crypto
      wait structures declared on stack before their use with
      crypto_wait_req().
      
      Fixes: 39d13a1a ("dm crypt: reuse eboiv skcipher for IV generation")
      Fixes: bbb16584 ("dm crypt: Implement Elephant diffuser for Bitlocker compatibility")
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarDamien Le Moal <damien.lemoal@wdc.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      7785a9e4
    • Mike Snitzer's avatar
      dm mpath: fix racey management of PG initialization · c322ee93
      Mike Snitzer authored
      Commit 935fcc56 ("dm mpath: only flush workqueue when needed")
      changed flush_multipath_work() to avoid needless workqueue
      flushing (of a multipath global workqueue). But that change didn't
      realize the surrounding flush_multipath_work() code should also only
      run if 'pg_init_in_progress' is set.
      
      Fix this by only doing all of flush_multipath_work()'s PG init related
      work if 'pg_init_in_progress' is set.
      
      Otherwise multipath_wait_for_pg_init_completion() will run
      unconditionally but the preceeding flush_workqueue(kmpath_handlerd)
      may not. This could lead to deadlock (though only if kmpath_handlerd
      never runs a corresponding work to decrement 'pg_init_in_progress').
      
      It could also be, though highly unlikely, that the kmpath_handlerd
      work that does PG init completes before 'pg_init_in_progress' is set,
      and then an intervening DM table reload's multipath_postsuspend()
      triggers flush_multipath_work().
      
      Fixes: 935fcc56 ("dm mpath: only flush workqueue when needed")
      Cc: stable@vger.kernel.org
      Reported-by: default avatarBen Marzinski <bmarzins@redhat.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      c322ee93
    • Mikulas Patocka's avatar
      dm writecache: handle DAX to partitions on persistent memory correctly · f9e040ef
      Mikulas Patocka authored
      The function dax_direct_access doesn't take partitions into account,
      it always maps pages from the beginning of the device. Therefore,
      persistent_memory_claim() must get the partition offset using
      get_start_sect() and add it to the page offsets passed to
      dax_direct_access().
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Fixes: 48debafe ("dm: add writecache target")
      Cc: stable@vger.kernel.org # 4.18+
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      f9e040ef
    • Jiri Olsa's avatar
      perf report: Disable ordered_events for raw dump · 977f739b
      Jiri Olsa authored
      Disable ordered_events for report raw dump, because for raw dump we want
      to see events as they are stored in the perf.data file, not sorted by
      time.
      Signed-off-by: default avatarJiri Olsa <jolsa@kernel.org>
      Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
      Cc: Ian Rogers <irogers@google.com>
      Cc: Michael Petlan <mpetlan@redhat.com>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Link: http://lore.kernel.org/lkml/20200827134830.126721-1-jolsa@kernel.orgSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      977f739b
    • Al Grant's avatar
      perf tools: Correct SNOOPX field offset · 39c0a53b
      Al Grant authored
      perf_event.h has macros that define the field offsets in the data_src
      bitmask in perf records. The SNOOPX and REMOTE offsets were both 37.
      
      These are distinct fields, and the bitfield layout in perf_mem_data_src
      confirms that SNOOPX should be at offset 38.
      
      Committer notes:
      
      This was extracted from a larger patch that also contained kernel
      changes.
      
      Fixes: 52839e65 ("perf tools: Add support for printing new mem_info encodings")
      Signed-off-by: default avatarAl Grant <al.grant@arm.com>
      Reviewed-by: default avatarAndi Kleen <ak@linux.intel.com>
      Cc: Adrian Hunter <adrian.hunter@intel.com>
      Cc: Ian Rogers <irogers@google.com>
      Cc: Jiri Olsa <jolsa@kernel.org>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Link: http://lore.kernel.org/lkml/9974f2d0-bf7f-518e-d9f7-4520e5ff1bb0@foss.arm.comSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      39c0a53b
    • Al Grant's avatar
      perf intel-pt: Fix corrupt data after perf inject from · a347306f
      Al Grant authored
      Commit 42bbabed ("perf tools: Add hw_idx in struct branch_stack")
      changed the format of branch stacks in perf samples. When samples use
      this new format, a flag must be set in the corresponding event.
      
      Synthesized branch stacks generated from Intel PT were using the new
      format, but not setting the event attribute, leading to consumers
      seeing corrupt data. This patch fixes the issue by setting the event
      attribute to indicate use of the new format.
      
      Fixes: 42bbabed ("perf tools: Add hw_idx in struct branch_stack")
      Signed-off-by: default avatarAl Grant <al.grant@arm.com>
      Acked-by: default avatarAdrian Hunter <adrian.hunter@intel.com>
      Reviewed-by: default avatarMathieu Poirier <mathieu.poirier@linaro.org>
      Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
      Cc: Andi Kleen <ak@linux.intel.com>
      Cc: Jiri Olsa <jolsa@redhat.com>
      Cc: Kan Liang <kan.liang@linux.intel.com>
      Cc: Leo Yan <leo.yan@linaro.org>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Mike Leach <mike.leach@linaro.org>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Suzuki Poulouse <suzuki.poulose@arm.com>
      Cc: linux-arm-kernel@lists.infradead.org
      Link: http://lore.kernel.org/lkml/20200819084751.17686-2-leo.yan@linaro.orgSigned-off-by: default avatarLeo Yan <leo.yan@linaro.org>
      Signed-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      a347306f
    • Al Grant's avatar
      perf cs-etm: Fix corrupt data after perf inject from · f5f8e7e5
      Al Grant authored
      Commit 42bbabed ("perf tools: Add hw_idx in struct branch_stack")
      changed the format of branch stacks in perf samples. When samples use
      this new format, a flag must be set in the corresponding event.
      
      Synthesized branch stacks generated from CoreSight ETM trace were using
      the new format, but not setting the event attribute, leading to
      consumers seeing corrupt data. This patch fixes the issue by setting the
      event attribute to indicate use of the new format.
      
      Fixes: 42bbabed ("perf tools: Add hw_idx in struct branch_stack")
      Signed-off-by: default avatarAl Grant <al.grant@arm.com>
      Reviewed-by: default avatarAndrea Brunato <andrea.brunato@arm.com>
      Cc: Adrian Hunter <adrian.hunter@intel.com>
      Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
      Cc: Andi Kleen <ak@linux.intel.com>
      Cc: Jiri Olsa <jolsa@redhat.com>
      Cc: Kan Liang <kan.liang@linux.intel.com>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
      Cc: Mike Leach <mike.leach@linaro.org>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Suzuki Poulouse <suzuki.poulose@arm.com>
      Cc: linux-arm-kernel@lists.infradead.org
      Signed-off-by: default avatarLeo Yan <leo.yan@linaro.org>
      Link: http://lore.kernel.org/lkml/20200819084751.17686-1-leo.yan@linaro.orgSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      f5f8e7e5
    • Arnaldo Carvalho de Melo's avatar
      perf top/report: Fix infinite loop in the TUI for grouped events · d4ccbacb
      Arnaldo Carvalho de Melo authored
      For a while we need to have a dummy event for doing things like
      receiving PERF_RECORD_COMM, PERF_RECORD_EXEC, etc for threads being
      created and dying while we synthesize the pre-existing ones at tool
      start.
      
      This 'dummy' event is needed for keeping track of thread lifetime events
      early in the session but are uninteresting otherwise, i.e. no need to
      have it in a initial events menu for the non-grouped case, i.e. for:
      
       # perf top -e cycles,instructions
      
      or even for plain:
      
       # perf top
      
      When 'cycles' and that 'dummy' event are in place.
      
      The code to remove that 'dummy' event ended up creating an endless loop
      for the grouped case, i.e.:
      
       # perf top -e '{cycles,instructions}'
      
      Fix it.
      
      Fixes: bee9ca1c ("perf report TUI: Remove needless 'dummy' event from menu")
      Cc: Adrian Hunter <adrian.hunter@intel.com>
      Cc: Ian Rogers <irogers@google.com>
      Cc: Jiri Olsa <jolsa@kernel.org>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Signed-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      d4ccbacb
    • Ian Rogers's avatar
      perf parse-events: Avoid an uninitialized read when using fake PMUs · 33321a06
      Ian Rogers authored
      With a fake_pmu the pmu_info isn't populated by perf_pmu__check_alias.
      In this case, don't try to copy the uninitialized values to the evsel.
      Signed-off-by: default avatarIan Rogers <irogers@google.com>
      Acked-by: default avatarJiri Olsa <jolsa@redhat.com>
      Cc: Adrian Hunter <adrian.hunter@intel.com>
      Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
      Cc: Andi Kleen <ak@linux.intel.com>
      Cc: Jin Yao <yao.jin@linux.intel.com>
      Cc: Kajol Jain <kjain@linux.ibm.com>
      Cc: Kan Liang <kan.liang@linux.intel.com>
      Cc: Leo Yan <leo.yan@linaro.org>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Stephane Eranian <eranian@google.com>
      Link: http://lore.kernel.org/lkml/20200826042910.1902374-2-irogers@google.comSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      33321a06
    • Thomas Richter's avatar
      perf stat: Fix out of bounds array access in the print_counters() evlist method · 313146a8
      Thomas Richter authored
      Fix a compile error on F32 and gcc version 10.1 on s390 in file
      utils/stat-display.c.  The error does not show up with make DEBUG=y.  In
      fact the issue shows up when using both compiler options -O6 and
      -D_FORTIFY_SOURCE=2 (which are omitted with DEBUG=Y).
      
      This is the offending call chain:
      
      print_counter_aggr()
        printout(config, -1, 0, ...)  with 2nd parm id set to -1
          aggr_printout(config, x, id --> -1, ...) which leads to this code:
      		case AGGR_NONE:
                      if (evsel->percore && !config->percore_show_thread) {
                              ....
                      } else {
                              fprintf(config->output, "CPU%*d%s",
                                      config->csv_output ? 0 : -7,
                                      evsel__cpus(evsel)->map[id],
      				                        ^^ id is -1 !!!!
                                      config->csv_sep);
                      }
      
      This is a compiler inlining issue which is detected on s390 but not on
      other plattforms.
      
      Output before:
      
       # make util/stat-display.o
          .....
      
        util/stat-display.c: In function ‘perf_evlist__print_counters’:
        util/stat-display.c:121:4: error: array subscript -1 is below array
            bounds of ‘int[]’ [-Werror=array-bounds]
        121 |    fprintf(config->output, "CPU%*d%s",
            |    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        122 |     config->csv_output ? 0 : -7,
            |     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        123 |     evsel__cpus(evsel)->map[id],
            |     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        124 |     config->csv_sep);
            |     ~~~~~~~~~~~~~~~~
        In file included from util/evsel.h:13,
                       from util/evlist.h:13,
                       from util/stat-display.c:9:
        /root/linux/tools/lib/perf/include/internal/cpumap.h:10:7:
        note: while referencing ‘map’
         10 |  int  map[];
            |       ^~~
        cc1: all warnings being treated as errors
        mv: cannot stat 'util/.stat-display.o.tmp': No such file or directory
        make[3]: *** [/root/linux/tools/build/Makefile.build:97: util/stat-display.o]
        Error 1
        make[2]: *** [Makefile.perf:716: util/stat-display.o] Error 2
        make[1]: *** [Makefile.perf:231: sub-make] Error 2
        make: *** [Makefile:110: util/stat-display.o] Error 2
        [root@t35lp46 perf]#
      
      Output after:
      
        # make util/stat-display.o
          .....
        CC       util/stat-display.o
        [root@t35lp46 perf]#
      
      Committer notes:
      
      Removed the removal of {} enclosing the multiline else block, as pointed
      out by Jiri Olsa.
      Suggested-by: default avatarJiri Olsa <jolsa@redhat.com>
      Signed-off-by: default avatarThomas Richter <tmricht@linux.ibm.com>
      Acked-by: default avatarJiri Olsa <jolsa@redhat.com>
      Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
      Cc: Sumanth Korikkar <sumanthk@linux.ibm.com>
      Cc: Sven Schnelle <svens@linux.ibm.com>
      Cc: Vasily Gorbik <gor@linux.ibm.com>
      Link: http://lore.kernel.org/lkml/20200825063304.77733-1-tmricht@linux.ibm.comSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      313146a8
    • Thomas Richter's avatar
      perf test: Set NULL sentinel in pmu_events table in "Parse and process metrics" test · 492d4d87
      Thomas Richter authored
      Linux 5.9 introduced perf test case "Parse and process metrics" and
      on s390 this test case always dumps core:
      
        [root@t35lp67 perf]# ./perf test -vvvv -F 67
        67: Parse and process metrics                             :
        --- start ---
        metric expr inst_retired.any / cpu_clk_unhalted.thread for IPC
        parsing metric: inst_retired.any / cpu_clk_unhalted.thread
        Segmentation fault (core dumped)
        [root@t35lp67 perf]#
      
      I debugged this core dump and gdb shows this call chain:
      
        (gdb) where
         #0  0x000003ffabc3192a in __strnlen_c_1 () from /lib64/libc.so.6
         #1  0x000003ffabc293de in strcasestr () from /lib64/libc.so.6
         #2  0x0000000001102ba2 in match_metric(list=0x1e6ea20 "inst_retired.any",
                  n=<optimized out>)
             at util/metricgroup.c:368
         #3  find_metric (map=<optimized out>, map=<optimized out>,
                 metric=0x1e6ea20 "inst_retired.any")
            at util/metricgroup.c:765
         #4  __resolve_metric (ids=0x0, map=<optimized out>, metric_list=0x0,
                 metric_no_group=<optimized out>, m=<optimized out>)
            at util/metricgroup.c:844
         #5  resolve_metric (ids=0x0, map=0x0, metric_list=0x0,
                metric_no_group=<optimized out>)
            at util/metricgroup.c:881
         #6  metricgroup__add_metric (metric=<optimized out>,
              metric_no_group=metric_no_group@entry=false, events=<optimized out>,
              events@entry=0x3ffd84fb878, metric_list=0x0,
              metric_list@entry=0x3ffd84fb868, map=0x0)
            at util/metricgroup.c:943
         #7  0x00000000011034ae in metricgroup__add_metric_list (map=0x13f9828 <map>,
              metric_list=0x3ffd84fb868, events=0x3ffd84fb878,
              metric_no_group=<optimized out>, list=<optimized out>)
            at util/metricgroup.c:988
         #8  parse_groups (perf_evlist=perf_evlist@entry=0x1e70260,
                str=str@entry=0x12f34b2 "IPC", metric_no_group=<optimized out>,
                metric_no_merge=<optimized out>,
                fake_pmu=fake_pmu@entry=0x1462f18 <perf_pmu.fake>,
                metric_events=0x3ffd84fba58, map=0x1)
            at util/metricgroup.c:1040
         #9  0x0000000001103eb2 in metricgroup__parse_groups_test(
        	evlist=evlist@entry=0x1e70260, map=map@entry=0x13f9828 <map>,
        	str=str@entry=0x12f34b2 "IPC",
        	metric_no_group=metric_no_group@entry=false,
        	metric_no_merge=metric_no_merge@entry=false,
        	metric_events=0x3ffd84fba58)
            at util/metricgroup.c:1082
         #10 0x00000000010c84d8 in __compute_metric (ratio2=0x0, name2=0x0,
                ratio1=<synthetic pointer>, name1=0x12f34b2 "IPC",
        	vals=0x3ffd84fbad8, name=0x12f34b2 "IPC")
            at tests/parse-metric.c:159
         #11 compute_metric (ratio=<synthetic pointer>, vals=0x3ffd84fbad8,
        	name=0x12f34b2 "IPC")
            at tests/parse-metric.c:189
         #12 test_ipc () at tests/parse-metric.c:208
      .....
      ..... omitted many more lines
      
      This test case was added with
      commit 218ca91d ("perf tests: Add parse metric test for frontend metric").
      
      When I compile with make DEBUG=y it works fine and I do not get a core dump.
      
      It turned out that the above listed function call chain worked on a struct
      pmu_event array which requires a trailing element with zeroes which was
      missing. The marco map_for_each_event() loops over that array tests for members
      metric_expr/metric_name/metric_group being non-NULL. Adding this element fixes
      the issue.
      
      Output after:
      
        [root@t35lp46 perf]# ./perf test 67
        67: Parse and process metrics                             : Ok
        [root@t35lp46 perf]#
      
      Committer notes:
      
      As Ian remarks, this is not s390 specific:
      
      <quote Ian>
        This also shows up with address sanitizer on all architectures
        (perhaps change the patch title) and perhaps add a "Fixes: <commit>"
        tag.
      
        =================================================================
        ==4718==ERROR: AddressSanitizer: global-buffer-overflow on address
        0x55c93b4d59e8 at pc 0x55c93a1541e2 bp 0x7ffd24327c60 sp
        0x7ffd24327c58
        READ of size 8 at 0x55c93b4d59e8 thread T0
            #0 0x55c93a1541e1 in find_metric tools/perf/util/metricgroup.c:764:2
            #1 0x55c93a153e6c in __resolve_metric tools/perf/util/metricgroup.c:844:9
            #2 0x55c93a152f18 in resolve_metric tools/perf/util/metricgroup.c:881:9
            #3 0x55c93a1528db in metricgroup__add_metric
        tools/perf/util/metricgroup.c:943:9
            #4 0x55c93a151996 in metricgroup__add_metric_list
        tools/perf/util/metricgroup.c:988:9
            #5 0x55c93a1511b9 in parse_groups tools/perf/util/metricgroup.c:1040:8
            #6 0x55c93a1513e1 in metricgroup__parse_groups_test
        tools/perf/util/metricgroup.c:1082:9
            #7 0x55c93a0108ae in __compute_metric tools/perf/tests/parse-metric.c:159:8
            #8 0x55c93a010744 in compute_metric tools/perf/tests/parse-metric.c:189:9
            #9 0x55c93a00f5ee in test_ipc tools/perf/tests/parse-metric.c:208:2
            #10 0x55c93a00f1e8 in test__parse_metric
        tools/perf/tests/parse-metric.c:345:2
            #11 0x55c939fd7202 in run_test tools/perf/tests/builtin-test.c:410:9
            #12 0x55c939fd6736 in test_and_print tools/perf/tests/builtin-test.c:440:9
            #13 0x55c939fd58c3 in __cmd_test tools/perf/tests/builtin-test.c:661:4
            #14 0x55c939fd4e02 in cmd_test tools/perf/tests/builtin-test.c:807:9
            #15 0x55c939e4763d in run_builtin tools/perf/perf.c:313:11
            #16 0x55c939e46475 in handle_internal_command tools/perf/perf.c:365:8
            #17 0x55c939e4737e in run_argv tools/perf/perf.c:409:2
            #18 0x55c939e45f7e in main tools/perf/perf.c:539:3
      
        0x55c93b4d59e8 is located 0 bytes to the right of global variable
        'pme_test' defined in 'tools/perf/tests/parse-metric.c:17:25'
        (0x55c93b4d54a0) of size 1352
        SUMMARY: AddressSanitizer: global-buffer-overflow
        tools/perf/util/metricgroup.c:764:2 in find_metric
        Shadow bytes around the buggy address:
          0x0ab9a7692ae0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
          0x0ab9a7692af0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
          0x0ab9a7692b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
          0x0ab9a7692b10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
          0x0ab9a7692b20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        =>0x0ab9a7692b30: 00 00 00 00 00 00 00 00 00 00 00 00 00[f9]f9 f9
          0x0ab9a7692b40: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
          0x0ab9a7692b50: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
          0x0ab9a7692b60: f9 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
          0x0ab9a7692b70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
          0x0ab9a7692b80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
        Shadow byte legend (one shadow byte represents 8 application bytes):
          Addressable:           00
          Partially addressable: 01 02 03 04 05 06 07
          Heap left redzone:	   fa
          Freed heap region:	   fd
          Stack left redzone:	   f1
          Stack mid redzone:	   f2
          Stack right redzone:     f3
          Stack after return:	   f5
          Stack use after scope:   f8
          Global redzone:          f9
          Global init order:	   f6
          Poisoned by user:        f7
          Container overflow:	   fc
          Array cookie:            ac
          Intra object redzone:    bb
          ASan internal:           fe
          Left alloca redzone:     ca
          Right alloca redzone:    cb
          Shadow gap:              cc
      </quote>
      
      I'm also adding the missing "Fixes" tag and setting just .name to NULL,
      as doing it that way is more compact (the compiler will zero out
      everything else) and the table iterators look for .name being NULL as
      the sentinel marking the end of the table.
      
      Fixes: 0a507af9 ("perf tests: Add parse metric test for ipc metric")
      Signed-off-by: default avatarThomas Richter <tmricht@linux.ibm.com>
      Reviewed-by: default avatarSumanth Korikkar <sumanthk@linux.ibm.com>
      Acked-by: default avatarIan Rogers <irogers@google.com>
      Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
      Cc: Jiri Olsa <jolsa@kernel.org>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Sven Schnelle <svens@linux.ibm.com>
      Cc: Vasily Gorbik <gor@linux.ibm.com>
      Link: http://lore.kernel.org/lkml/20200825071211.16959-1-tmricht@linux.ibm.comSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      492d4d87
    • Jin Yao's avatar
      perf parse-events: Set exclude_guest=1 for user-space counting · 943b69ac
      Jin Yao authored
      Currently if we run 'perf record -e cycles:u', exclude_guest=0.
      
      But it doesn't make sense in most cases that we request for
      user-space counting but we also get the guest report.
      
      Of course, we also need to consider 'perf kvm' usage case that
      authorized perf users on the host may only want to count guest user
      space events. For example,
      
        # perf kvm --guest record -e cycles:u
      
      When we have 'exclude_guest=1' for 'perf kvm' usage, we may get nothing
      from guest events.
      
      To keep perf semantics consistent and clear, this patch sets
      exclude_guest=1 for user-space counting but except for 'perf kvm' usage.
      
      Before:
      
        perf record -e cycles:u ./div
        perf evlist -v
        cycles:u: ..., exclude_kernel: 1, exclude_hv: 1, ...
      
      After:
        perf record -e cycles:u ./div
        perf evlist -v
        cycles:u: ..., exclude_kernel: 1, exclude_hv: 1,  exclude_guest: 1, ...
      
      Before:
        perf kvm --guest record -e cycles:u -vvv
      
      perf_event_attr:
      
        size                             120
        { sample_period, sample_freq }   4000
        sample_type                      IP|TID|TIME|ID|CPU|PERIOD
        read_format                      ID
        disabled                         1
        inherit                          1
        exclude_kernel                   1
        exclude_hv                       1
        freq                             1
        sample_id_all                    1
      
      After:
      
        perf kvm --guest record -e cycles:u -vvv
      
      perf_event_attr:
        size                             120
        { sample_period, sample_freq }   4000
        sample_type                      IP|TID|TIME|ID|CPU|PERIOD
        read_format                      ID
        disabled                         1
        inherit                          1
        exclude_kernel                   1
        exclude_hv                       1
        freq                             1
        sample_id_all                    1
      
      For Before/After, exclude_guest are both 0 for perf kvm usage.
      
      perf test 6
      
       6: Parse event definition strings             : Ok
      Signed-off-by: default avatarJin Yao <yao.jin@linux.intel.com>
      Tested-by: default avatarLike Xu <like.xu@linux.intel.com>
      Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
      Cc: Andi Kleen <ak@linux.intel.com>
      Cc: Jin Yao <yao.jin@intel.com>
      Cc: Jiri Olsa <jolsa@kernel.org>
      Cc: Kan Liang <kan.liang@linux.intel.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Link: http://lore.kernel.org/lkml/20200814012120.16647-1-yao.jin@linux.intel.comSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      943b69ac
    • Wei Li's avatar
      perf record: Correct the help info of option "--no-bpf-event" · a060c1f1
      Wei Li authored
      The help info of option "--no-bpf-event" is wrongly described as "record
      bpf events", correct it.
      
      Committer testing:
      
        $ perf record -h bpf
      
         Usage: perf record [<options>] [<command>]
            or: perf record [<options>] -- <command> [<options>]
      
                --clang-opt <clang options>
                                  options passed to clang when compiling BPF scriptlets
                --clang-path <clang path>
                                  clang binary to use for compiling BPF scriptlets
                --no-bpf-event    do not record bpf events
      
        $
      
      Fixes: 71184c6a ("perf record: Replace option --bpf-event with --no-bpf-event")
      Signed-off-by: default avatarWei Li <liwei391@huawei.com>
      Acked-by: default avatarSong Liu <songliubraving@fb.com>
      Tested-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
      Cc: Hanjun Guo <guohanjun@huawei.com>
      Cc: Jiri Olsa <jolsa@redhat.com>
      Cc: Li Bin <huawei.libin@huawei.com>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Link: http://lore.kernel.org/lkml/20200819031947.12115-1-liwei391@huawei.comSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      a060c1f1
    • Chris Wilson's avatar
      perf tools: Use %zd for size_t printf formats on 32-bit · 20befbb1
      Chris Wilson authored
      A couple of trivial fixes for using %zd for size_t in the code
      supporting the ZSTD compression library.
      Signed-off-by: default avatarChris Wilson <chris@chris-wilson.co.uk>
      Acked-by: default avatarJiri Olsa <jolsa@redhat.com>
      Cc: Adrian Hunter <adrian.hunter@intel.com>
      Cc: Alexey Budankov <alexey.budankov@linux.intel.com>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Link: http://lore.kernel.org/lkml/20200820212501.24421-1-chris@chris-wilson.co.ukSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      20befbb1
    • Marc Zyngier's avatar
      HID: core: Sanitize event code and type when mapping input · 35556bed
      Marc Zyngier authored
      When calling into hid_map_usage(), the passed event code is
      blindly stored as is, even if it doesn't fit in the associated bitmap.
      
      This event code can come from a variety of sources, including devices
      masquerading as input devices, only a bit more "programmable".
      
      Instead of taking the event code at face value, check that it actually
      fits the corresponding bitmap, and if it doesn't:
      - spit out a warning so that we know which device is acting up
      - NULLify the bitmap pointer so that we catch unexpected uses
      
      Code paths that can make use of untrusted inputs can now check
      that the mapping was indeed correct and bail out if not.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarMarc Zyngier <maz@kernel.org>
      Signed-off-by: default avatarBenjamin Tissoires <benjamin.tissoires@gmail.com>
      35556bed
    • Marc Zyngier's avatar
      HID: core: Correctly handle ReportSize being zero · bce1305c
      Marc Zyngier authored
      It appears that a ReportSize value of zero is legal, even if a bit
      non-sensical. Most of the HID code seems to handle that gracefully,
      except when computing the total size in bytes. When fed as input to
      memset, this leads to some funky outcomes.
      
      Detect the corner case and correctly compute the size.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarMarc Zyngier <maz@kernel.org>
      Signed-off-by: default avatarBenjamin Tissoires <benjamin.tissoires@gmail.com>
      bce1305c
    • Dinghao Liu's avatar
      HID: elan: Fix memleak in elan_input_configured · b7429ea5
      Dinghao Liu authored
      When input_mt_init_slots() fails, input should be freed
      to prevent memleak. When input_register_device() fails,
      we should call input_mt_destroy_slots() to free memory
      allocated by input_mt_init_slots().
      Signed-off-by: default avatarDinghao Liu <dinghao.liu@zju.edu.cn>
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      b7429ea5
  5. 31 Aug, 2020 4 commits
    • Linus Torvalds's avatar
      Merge tag 'docs-5.9-3' of git://git.lwn.net/linux · b51594df
      Linus Torvalds authored
      Pull documentation fixes from Jonathan Corbet:
       "A handful of documentation fixes for 5.9"
      
      * tag 'docs-5.9-3' of git://git.lwn.net/linux:
        Documentation: laptops: thinkpad-acpi: fix underline length build warning
        Documentation: fix typo for abituguru documentation
        docs: Fix function name trailing double-()s
        devices.txt: fix typo of "ubd" as "udb"
        Documentation: add riscv entry in list of existing profiles
        MAINTAINERS: mention documentation maintainer entry profile
        Fpga: Documentation: Replace deprecated :c:func: Usage
        IIO: Documentation: Replace deprecated :c:func: Usage
        Documentation/locking/locktypes: fix local_locks documentation
      b51594df
    • Linus Torvalds's avatar
      Merge tag 'mmc-v5.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc · 59815d6d
      Linus Torvalds authored
      Pull MMC fixes from Ulf Hansson:
      
       - Fix HS400 tuning for ACPI ID AMDI0040
      
       - Fix reset of CQHCI for Intel GLK-based controllers
      
       - Use correct timeout clock for Tegra186/194/210
      
       - Fix eMMC mounting on mt7622/Bpi-64
      
      * tag 'mmc-v5.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
        sdhci: tegra: Add missing TMCLK for data timeout
        arm64: tegra: Add missing timeout clock to Tegra194 SDMMC nodes
        arm64: tegra: Add missing timeout clock to Tegra186 SDMMC nodes
        arm64: tegra: Add missing timeout clock to Tegra210 SDMMC
        dt-bindings: mmc: tegra: Add tmclk for Tegra210 and later
        sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra186
        sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra210
        arm64: dts: mt7622: add reset node for mmc device
        dt-bindings: mmc: Add missing description for clk_in/out_sd1
        mmc: mediatek: add optional module reset property
        mmc: dt-bindings: Add resets/reset-names for Mediatek MMC bindings
        mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers
        mmc: sdhci-acpi: Fix HS400 tuning for AMDI0040
      59815d6d
    • Nicholas Miell's avatar
      HID: microsoft: Add rumble support for the 8bitdo SN30 Pro+ controller · 724a419e
      Nicholas Miell authored
      When operating in XInput mode, the 8bitdo SN30 Pro+ requires the same
      quirk as the official Xbox One Bluetooth controllers for rumble to
      function.
      
      Other controllers like the N30 Pro 2, SF30 Pro, SN30 Pro, etc. probably
      also need this quirk, but I do not have the hardware to test.
      Signed-off-by: default avatarNicholas Miell <nmiell@gmail.com>
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      724a419e
    • Nirenjan Krishnan's avatar
      HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for all Saitek X52 devices · 77df710b
      Nirenjan Krishnan authored
      The Saitek X52 family of joysticks has a pair of axes that were
      originally (by the Windows driver) used as mouse pointer controls. The
      corresponding usage page is the Game Controls page, which is not
      recognized by the generic HID driver, and therefore, both axes get
      mapped to ABS_MISC. The quirk makes the second axis get mapped to
      ABS_MISC+1, and therefore made available separately.
      
      One Saitek X52 device is already fixed. This patch fixes the other two
      known devices with VID/PID 06a3:0255 and 06a3:0762.
      Signed-off-by: default avatarNirenjan Krishnan <nirenjan@gmail.com>
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      77df710b
  6. 30 Aug, 2020 4 commits
    • Linus Torvalds's avatar
      Linux 5.9-rc3 · f75aef39
      Linus Torvalds authored
      f75aef39
    • Linus Torvalds's avatar
      Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · e43327c7
      Linus Torvalds authored
      Pull crypto fixes from Herbert Xu:
      
       - fix regression in af_alg that affects iwd
      
       - restore polling delay in qat
      
       - fix double free in ingenic on error path
      
       - fix potential build failure in sa2ul due to missing Kconfig dependency
      
      * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
        crypto: af_alg - Work around empty control messages without MSG_MORE
        crypto: sa2ul - add Kconfig selects to fix build error
        crypto: ingenic - Drop kfree for memory allocated with devm_kzalloc
        crypto: qat - add delay before polling mailbox
      e43327c7
    • Linus Torvalds's avatar
      Merge tag 'x86-urgent-2020-08-30' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · dcc5c6f0
      Linus Torvalds authored
      Pull x86 fixes from Thomas Gleixner:
       "Three interrupt related fixes for X86:
      
         - Move disabling of the local APIC after invoking fixup_irqs() to
           ensure that interrupts which are incoming are noted in the IRR and
           not ignored.
      
         - Unbreak affinity setting.
      
           The rework of the entry code reused the regular exception entry
           code for device interrupts. The vector number is pushed into the
           errorcode slot on the stack which is then lifted into an argument
           and set to -1 because that's regs->orig_ax which is used in quite
           some places to check whether the entry came from a syscall.
      
           But it was overlooked that orig_ax is used in the affinity cleanup
           code to validate whether the interrupt has arrived on the new
           target. It turned out that this vector check is pointless because
           interrupts are never moved from one vector to another on the same
           CPU. That check is a historical leftover from the time where x86
           supported multi-CPU affinities, but not longer needed with the now
           strict single CPU affinity. Famous last words ...
      
         - Add a missing check for an empty cpumask into the matrix allocator.
      
           The affinity change added a warning to catch the case where an
           interrupt is moved on the same CPU to a different vector. This
           triggers because a condition with an empty cpumask returns an
           assignment from the allocator as the allocator uses for_each_cpu()
           without checking the cpumask for being empty. The historical
           inconsistent for_each_cpu() behaviour of ignoring the cpumask and
           unconditionally claiming that CPU0 is in the mask struck again.
           Sigh.
      
        plus a new entry into the MAINTAINER file for the HPE/UV platform"
      
      * tag 'x86-urgent-2020-08-30' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        genirq/matrix: Deal with the sillyness of for_each_cpu() on UP
        x86/irq: Unbreak interrupt affinity setting
        x86/hotplug: Silence APIC only after all interrupts are migrated
        MAINTAINERS: Add entry for HPE Superdome Flex (UV) maintainers
      dcc5c6f0
    • Linus Torvalds's avatar
      Merge tag 'irq-urgent-2020-08-30' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · d2283cdc
      Linus Torvalds authored
      Pull irq fixes from Thomas Gleixner:
       "A set of fixes for interrupt chip drivers:
      
         - Revert the platform driver conversion of interrupt chip drivers as
           it turned out to create more problems than it solves.
      
         - Fix a trivial typo in the new module helpers which made probing
           reliably fail.
      
         - Small fixes in the STM32 and MIPS Ingenic drivers
      
         - The TI firmware rework which had badly managed dependencies and had
           to wait post rc1"
      
      * tag 'irq-urgent-2020-08-30' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        irqchip/ingenic: Leave parent IRQ unmasked on suspend
        irqchip/stm32-exti: Avoid losing interrupts due to clearing pending bits by mistake
        irqchip: Revert modular support for drivers using IRQCHIP_PLATFORM_DRIVER helperse
        irqchip: Fix probing deferal when using IRQCHIP_PLATFORM_DRIVER helpers
        arm64: dts: k3-am65: Update the RM resource types
        arm64: dts: k3-am65: ti-sci-inta/intr: Update to latest bindings
        arm64: dts: k3-j721e: ti-sci-inta/intr: Update to latest bindings
        irqchip/ti-sci-inta: Add support for INTA directly connecting to GIC
        irqchip/ti-sci-inta: Do not store TISCI device id in platform device id field
        dt-bindings: irqchip: Convert ti, sci-inta bindings to yaml
        dt-bindings: irqchip: ti, sci-inta: Update docs to support different parent.
        irqchip/ti-sci-intr: Add support for INTR being a parent to INTR
        dt-bindings: irqchip: Convert ti, sci-intr bindings to yaml
        dt-bindings: irqchip: ti, sci-intr: Update bindings to drop the usage of gic as parent
        firmware: ti_sci: Add support for getting resource with subtype
        firmware: ti_sci: Drop unused structure ti_sci_rm_type_map
        firmware: ti_sci: Drop the device id to resource type translation
      d2283cdc