7bc3e32f7f
31910 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Changki Kim
|
0c7d745990 |
ANDROID: PM: sleep: export device_pm_callback_start/end trace event
Export the device_pm_callback_start/end tracepoint so it can be used in loadable modules. Bug: 158528747 Change-Id: I31b99032b351d6a548f6c0ee4e02655aefae647f Signed-off-by: Changki Kim <changki.kim@samsung.com> |
||
Maciej Żenczykowski
|
02830649e8 |
UPSTREAM: net: bpf: Make bpf_ktime_get_ns() available to non GPL programs
The entire implementation is in kernel/bpf/helpers.c:
BPF_CALL_0(bpf_ktime_get_ns) {
/* NMI safe access to clock monotonic */
return ktime_get_mono_fast_ns();
}
const struct bpf_func_proto bpf_ktime_get_ns_proto = {
.func = bpf_ktime_get_ns,
.gpl_only = false,
.ret_type = RET_INTEGER,
};
and this was presumably marked GPL due to kernel/time/timekeeping.c:
EXPORT_SYMBOL_GPL(ktime_get_mono_fast_ns);
and while that may make sense for kernel modules (although even that
is doubtful), there is currently AFAICT no other source of time
available to ebpf.
Furthermore this is really just equivalent to clock_gettime(CLOCK_MONOTONIC)
which is exposed to userspace (via vdso even to make it performant)...
As such, I see no reason to keep the GPL restriction.
(In the future I'd like to have access to time from Apache licensed ebpf code)
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
(cherry picked from commit 082b57e3eb09810d357083cca5ee2df02c16aec9)
Change-Id: I76f763c64fcd56e7149f94625146486ba00db6c1
|
||
Greg Kroah-Hartman
|
a200ad52ff |
Linux 5.4.50
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAl77nuMACgkQ3qZv95d3
LNw0EA//UhQOd/8ZlP33Iis58gUfuGU9sWmej6A8Tio2gdkG4g2c/dQjbxrMQT8b
Vr1DJCthisT7pBJpQbhejwsfl5qRsrjBYFyUomCjeM8/0fF0+8JX0tSXX0/JM5Bg
vOE4tV/kga+c5cbOD/FbLGH0vX4j20BnGXjHb9hyWY/gVp2gEcRzO3Ou0shZCXKJ
9NnhNB2gIm7BCRgz+cClPmZQjG59WazJu9I/Fk58ojdOp+E5gFibyBoeOylGR/W/
tjRm3Sz6D3uF0RSpGfAilqt2duwfjHTh0LxWlBX9C4OBWdJjYh1uUZ24tTvjxnCm
lbgL4BbkOsVMp02jWhDDCe+pEPfT7EpLD6USivj8XFDLh8FK0eoaRQZRQ/hGK/Yj
ZmVJRzNavf3xbz72Hz6aHdHmaxp180P8X8KtRDLT4ik+Kkf8gJVps3T5wTR9C60R
htFVTDxEF+jE/EUCRh3sD4MrV114lpoJ5LlTPzJ87WCMHMjTZ8As/Ty/PLPg7KO6
ngI3y72cnvW/UfLPmdtaLx40gzEAYnw9+E30ebyKU6b8kY5idhuzd0AZnidsmeZa
CzmZFZSCqqMO9vLo24VKxfKk3ufRiHxDU/nHqdGgOG18RlCmhWD0GXamsmeku3PB
1et/jXilpW9aIp/BJozeOdlGr82otk/4Ss+z/RtvvIkTbppgXlY=
=6X7m
-----END PGP SIGNATURE-----
Merge 5.4.50 into android-5.4-stable
Changes in 5.4.50
block/bio-integrity: don't free 'buf' if bio_integrity_add_page() failed
enetc: Fix tx rings bitmap iteration range, irq handling
geneve: allow changing DF behavior after creation
ibmveth: Fix max MTU limit
mld: fix memory leak in ipv6_mc_destroy_dev()
mvpp2: ethtool rxtx stats fix
net: bridge: enfore alignment for ethernet address
net: core: reduce recursion limit value
net: Do not clear the sock TX queue in sk_set_socket()
net: fix memleak in register_netdevice()
net: Fix the arp error in some cases
net: increment xmit_recursion level in dev_direct_xmit()
net: usb: ax88179_178a: fix packet alignment padding
openvswitch: take into account de-fragmentation/gso_size in execute_check_pkt_len
rocker: fix incorrect error handling in dma_rings_init
rxrpc: Fix notification call on completion of discarded calls
sctp: Don't advertise IPv4 addresses if ipv6only is set on the socket
tcp: don't ignore ECN CWR on pure ACK
tcp: grow window for OOO packets only for SACK flows
tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes
ip6_gre: fix use-after-free in ip6gre_tunnel_lookup()
net: phy: Check harder for errors in get_phy_id()
ip_tunnel: fix use-after-free in ip_tunnel_lookup()
sch_cake: don't try to reallocate or unshare skb unconditionally
sch_cake: don't call diffserv parsing code when it is not needed
sch_cake: fix a few style nits
tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT
Revert "i2c: tegra: Fix suspending in active runtime PM state"
btrfs: fix a block group ref counter leak after failure to remove block group
net: sched: export __netdev_watchdog_up()
fix a braino in "sparc32: fix register window handling in genregs32_[gs]et()"
ALSA: usb-audio: Fix potential use-after-free of streams
binder: fix null deref of proc->context
USB: ohci-sm501: Add missed iounmap() in remove
usb: dwc2: Postponed gadget registration to the udc class driver
usb: add USB_QUIRK_DELAY_INIT for Logitech C922
USB: ehci: reopen solution for Synopsys HC bug
usb: host: xhci-mtk: avoid runtime suspend when removing hcd
xhci: Poll for U0 after disabling USB2 LPM
usb: host: ehci-exynos: Fix error check in exynos_ehci_probe()
usb: typec: tcpci_rt1711h: avoid screaming irq causing boot hangs
ALSA: usb-audio: Add implicit feedback quirk for SSL2+.
ALSA: usb-audio: add quirk for Denon DCD-1500RE
ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG)
ALSA: usb-audio: Fix OOB access of mixer element list
usb: cdns3: trace: using correct dir value
usb: cdns3: ep0: fix the test mode set incorrectly
usb: cdns3: ep0: add spinlock for cdns3_check_new_setup
scsi: qla2xxx: Keep initiator ports after RSCN
scsi: zfcp: Fix panic on ERP timeout for previously dismissed ERP action
cifs: Fix cached_fid refcnt leak in open_shroot
cifs/smb3: Fix data inconsistent when punch hole
cifs/smb3: Fix data inconsistent when zero file range
xhci: Fix incorrect EP_STATE_MASK
xhci: Fix enumeration issue when setting max packet size for FS devices.
xhci: Return if xHCI doesn't support LPM
cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip
loop: replace kill_bdev with invalidate_bdev
IB/mad: Fix use after free when destroying MAD agent
IB/hfi1: Fix module use count flaw due to leftover module put calls
bus: ti-sysc: Flush posted write on enable and disable
bus: ti-sysc: Ignore clockactivity unless specified as a quirk
ARM: OMAP2+: Fix legacy mode dss_reset
xfrm: Fix double ESP trailer insertion in IPsec crypto offload.
ASoC: q6asm: handle EOS correctly
efi/tpm: Verify event log header before parsing
efi/esrt: Fix reference count leak in esre_create_sysfs_entry.
ASoc: q6afe: add support to get port direction
ASoC: qcom: common: set correct directions for dailinks
regualtor: pfuze100: correct sw1a/sw2 on pfuze3000
RDMA/siw: Fix pointer-to-int-cast warning in siw_rx_pbl()
ASoC: fsl_ssi: Fix bclk calculation for mono channel
samples/bpf: xdp_redirect_cpu: Set MAX_CPUS according to NR_CPUS
bpf, xdp, samples: Fix null pointer dereference in *_user code
ARM: dts: am335x-pocketbeagle: Fix mmc0 Write Protect
ARM: dts: Fix duovero smsc interrupt for suspend
x86/resctrl: Fix a NULL vs IS_ERR() static checker warning in rdt_cdp_peer_get()
regmap: Fix memory leak from regmap_register_patch
devmap: Use bpf_map_area_alloc() for allocating hash buckets
bpf: Don't return EINVAL from {get,set}sockopt when optlen > PAGE_SIZE
ARM: dts: NSP: Correct FA2 mailbox node
rxrpc: Fix handling of rwind from an ACK packet
RDMA/rvt: Fix potential memory leak caused by rvt_alloc_rq
RDMA/qedr: Fix KASAN: use-after-free in ucma_event_handler+0x532
RDMA/cma: Protect bind_list and listen_list while finding matching cm id
ASoC: rockchip: Fix a reference count leak.
s390/qeth: fix error handling for isolation mode cmds
RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads()
selftests/net: report etf errors correctly
iommu/vt-d: Enable PCI ACS for platform opt in hint
iommu/vt-d: Update scalable mode paging structure coherency
net: qed: fix left elements count calculation
net: qed: fix async event callbacks unregistering
net: qede: stop adding events on an already destroyed workqueue
net: qed: fix NVMe login fails over VFs
net: qed: fix excessive QM ILT lines consumption
net: qede: fix PTP initialization on recovery
net: qede: fix use-after-free on recovery and AER handling
cxgb4: move handling L2T ARP failures to caller
ARM: imx5: add missing put_device() call in imx_suspend_alloc_ocram()
scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset()
usb: gadget: udc: Potential Oops in error handling code
usb: renesas_usbhs: getting residue from callback_result
nvme: don't protect ns mutation with ns->head->lock
netfilter: ipset: fix unaligned atomic access
net: bcmgenet: use hardware padding of runt frames
clk: sifive: allocate sufficient memory for struct __prci_data
i2c: fsi: Fix the port number field in status register
i2c: core: check returned size of emulated smbus block read
afs: Fix storage of cell names
sched/deadline: Initialize ->dl_boosted
sched/core: Fix PI boosting between RT and DEADLINE tasks
sata_rcar: handle pm_runtime_get_sync failure cases
ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function
drm/amd/display: Use kfree() to free rgb_user in calculate_user_regamma_ramp()
riscv/atomic: Fix sign extension for RV64I
hwrng: ks-sa - Fix runtime PM imbalance on error
ibmvnic: Harden device login requests
net: alx: fix race condition in alx_remove
test_objagg: Fix potential memory leak in error handling
pinctrl: qcom: spmi-gpio: fix warning about irq chip reusage
pinctrl: tegra: Use noirq suspend/resume callbacks
s390/ptrace: pass invalid syscall numbers to tracing
s390/ptrace: fix setting syscall number
s390/vdso: Use $(LD) instead of $(CC) to link vDSO
s390/vdso: fix vDSO clock_getres()
arm64: sve: Fix build failure when ARM64_SVE=y and SYSCTL=n
kbuild: improve cc-option to clean up all temporary files
recordmcount: support >64k sections
kprobes: Suppress the suspicious RCU warning on kprobes
blktrace: break out of blktrace setup on concurrent calls
block: update hctx map when use multiple maps
RISC-V: Don't allow write+exec only page mapping request in mmap
ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table
ALSA: hda/realtek - Add quirk for MSI GE63 laptop
ALSA: hda/realtek: Add mute LED and micmute LED support for HP systems
ACPI: sysfs: Fix pm_profile_attr type
ACPI: configfs: Disallow loading ACPI tables when locked down
erofs: fix partially uninitialized misuse in z_erofs_onlinepage_fixup
KVM: X86: Fix MSR range of APIC registers in X2APIC mode
KVM: nVMX: Plumb L2 GPA through to PML emulation
KVM: VMX: Stop context switching MSR_IA32_UMWAIT_CONTROL
x86/cpu: Use pinning mask for CR4 bits needing to be 0
x86/asm/64: Align start of __clear_user() loop to 16-bytes
btrfs: fix bytes_may_use underflow when running balance and scrub in parallel
btrfs: fix data block group relocation failure due to concurrent scrub
btrfs: check if a log root exists before locking the log_mutex on unlink
btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof
mm/slab: use memzero_explicit() in kzfree()
ocfs2: avoid inode removal while nfsd is accessing it
ocfs2: load global_inode_alloc
ocfs2: fix value of OCFS2_INVALID_SLOT
ocfs2: fix panic on nfs server over ocfs2
mm/memcontrol.c: add missed css_put()
arm64: perf: Report the PC value in REGS_ABI_32 mode
arm64: dts: imx8mm-evk: correct ldo1/ldo2 voltage range
arm64: dts: imx8mn-ddr4-evk: correct ldo1/ldo2 voltage range
tracing: Fix event trigger to accept redundant spaces
ring-buffer: Zero out time extend if it is nested and not absolute
drm/amd: fix potential memleak in err branch
drm: rcar-du: Fix build error
drm/radeon: fix fb_div check in ni_init_smc_spll_table()
drm/amdgpu: add fw release for sdma v5_0
Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate()
sunrpc: fixed rollback in rpc_gssd_dummy_populate()
SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment()
pNFS/flexfiles: Fix list corruption if the mirror count changes
NFSv4 fix CLOSE not waiting for direct IO compeletion
xprtrdma: Fix handling of RDMA_ERROR replies
dm writecache: correct uncommitted_block when discarding uncommitted entry
dm writecache: add cond_resched to loop in persistent_memory_claim()
xfs: add agf freeblocks verify in xfs_agf_verify
Revert "tty: hvc: Fix data abort due to race in hvc_open"
Linux 5.4.50
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I3bfeaba86876d3c2f91979d3e98d894a2b70fe1a
|
||
Steven Rostedt (VMware)
|
0b3cc973f1 |
ring-buffer: Zero out time extend if it is nested and not absolute
commit 097350d1c6e1f5808cae142006f18a0bbc57018d upstream.
Currently the ring buffer makes events that happen in interrupts that preempt
another event have a delta of zero. (Hopefully we can change this soon). But
this is to deal with the races of updating a global counter with lockless
and nesting functions updating deltas.
With the addition of absolute time stamps, the time extend didn't follow
this rule. A time extend can happen if two events happen longer than 2^27
nanoseconds appart, as the delta time field in each event is only 27 bits.
If that happens, then a time extend is injected with 2^59 bits of
nanoseconds to use (18 years). But if the 2^27 nanoseconds happen between
two events, and as it is writing the event, an interrupt triggers, it will
see the 2^27 difference as well and inject a time extend of its own. But a
recent change made the time extend logic not take into account the nesting,
and this can cause two time extend deltas to happen moving the time stamp
much further ahead than the current time. This gets all reset when the ring
buffer moves to the next page, but that can cause time to appear to go
backwards.
This was observed in a trace-cmd recording, and since the data is saved in a
file, with trace-cmd report --debug, it was possible to see that this indeed
did happen!
bash-52501 110d... 81778.908247: sched_switch: bash:52501 [120] S ==> swapper/110:0 [120] [12770284:0x2e8:64]
<idle>-0 110d... 81778.908757: sched_switch: swapper/110:0 [120] R ==> bash:52501 [120] [509947:0x32c:64]
TIME EXTEND: delta:306454770 length:0
bash-52501 110.... 81779.215212: sched_swap_numa: src_pid=52501 src_tgid=52388 src_ngid=52501 src_cpu=110 src_nid=2 dst_pid=52509 dst_tgid=52388 dst_ngid=52501 dst_cpu=49 dst_nid=1 [0:0x378:48]
TIME EXTEND: delta:306458165 length:0
bash-52501 110dNh. 81779.521670: sched_wakeup: migration/110:565 [0] success=1 CPU:110 [0:0x3b4:40]
and at the next page, caused the time to go backwards:
bash-52504 110d... 81779.685411: sched_switch: bash:52504 [120] S ==> swapper/110:0 [120] [8347057:0xfb4:64]
CPU:110 [SUBBUFFER START] [81779379165886:0x1320000]
<idle>-0 110dN.. 81779.379166: sched_wakeup: bash:52504 [120] success=1 CPU:110 [0:0x10:40]
<idle>-0 110d... 81779.379167: sched_switch: swapper/110:0 [120] R ==> bash:52504 [120] [1168:0x3c:64]
Link: https://lkml.kernel.org/r/20200622151815.345d1bf5@oasis.local.home
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Tom Zanussi <zanussi@kernel.org>
Cc: stable@vger.kernel.org
Fixes:
|
||
Masami Hiramatsu
|
9a59a88b3d |
tracing: Fix event trigger to accept redundant spaces
commit 6784beada631800f2c5afd567e5628c843362cee upstream.
Fix the event trigger to accept redundant spaces in
the trigger input.
For example, these return -EINVAL
echo " traceon" > events/ftrace/print/trigger
echo "traceon if common_pid == 0" > events/ftrace/print/trigger
echo "disable_event:kmem:kmalloc " > events/ftrace/print/trigger
But these are hard to find what is wrong.
To fix this issue, use skip_spaces() to remove spaces
in front of actual tokens, and set NULL if there is no
token.
Link: http://lkml.kernel.org/r/159262476352.185015.5261566783045364186.stgit@devnote2
Cc: Tom Zanussi <zanussi@kernel.org>
Cc: stable@vger.kernel.org
Fixes:
|
||
Luis Chamberlain
|
72647ea377 |
blktrace: break out of blktrace setup on concurrent calls
[ Upstream commit 1b0b283648163dae2a214ca28ed5a99f62a77319 ] We use one blktrace per request_queue, that means one per the entire disk. So we cannot run one blktrace on say /dev/vda and then /dev/vda1, or just two calls on /dev/vda. We check for concurrent setup only at the very end of the blktrace setup though. If we try to run two concurrent blktraces on the same block device the second one will fail, and the first one seems to go on. However when one tries to kill the first one one will see things like this: The kernel will show these: ``` debugfs: File 'dropped' in directory 'nvme1n1' already present! debugfs: File 'msg' in directory 'nvme1n1' already present! debugfs: File 'trace0' in directory 'nvme1n1' already present! `` And userspace just sees this error message for the second call: ``` blktrace /dev/nvme1n1 BLKTRACESETUP(2) /dev/nvme1n1 failed: 5/Input/output error ``` The first userspace process #1 will also claim that the files were taken underneath their nose as well. The files are taken away form the first process given that when the second blktrace fails, it will follow up with a BLKTRACESTOP and BLKTRACETEARDOWN. This means that even if go-happy process #1 is waiting for blktrace data, we *have* been asked to take teardown the blktrace. This can easily be reproduced with break-blktrace [0] run_0005.sh test. Just break out early if we know we're already going to fail, this will prevent trying to create the files all over again, which we know still exist. [0] https://github.com/mcgrof/break-blktrace Signed-off-by: Luis Chamberlain <mcgrof@kernel.org> Signed-off-by: Jan Kara <jack@suse.cz> Reviewed-by: Bart Van Assche <bvanassche@acm.org> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Masami Hiramatsu
|
d14eb5d8f0 |
kprobes: Suppress the suspicious RCU warning on kprobes
[ Upstream commit 6743ad432ec92e680cd0d9db86cb17b949cf5a43 ] Anders reported that the lockdep warns that suspicious RCU list usage in register_kprobe() (detected by CONFIG_PROVE_RCU_LIST.) This is because get_kprobe() access kprobe_table[] by hlist_for_each_entry_rcu() without rcu_read_lock. If we call get_kprobe() from the breakpoint handler context, it is run with preempt disabled, so this is not a problem. But in other cases, instead of rcu_read_lock(), we locks kprobe_mutex so that the kprobe_table[] is not updated. So, current code is safe, but still not good from the view point of RCU. Joel suggested that we can silent that warning by passing lockdep_is_held() to the last argument of hlist_for_each_entry_rcu(). Add lockdep_is_held(&kprobe_mutex) at the end of the hlist_for_each_entry_rcu() to suppress the warning. Link: http://lkml.kernel.org/r/158927055350.27680.10261450713467997503.stgit@devnote2 Reported-by: Anders Roxell <anders.roxell@linaro.org> Suggested-by: Joel Fernandes <joel@joelfernandes.org> Reviewed-by: Joel Fernandes (Google) <joel@joelfernandes.org> Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org> Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Juri Lelli
|
83bdf7f8b7 |
sched/core: Fix PI boosting between RT and DEADLINE tasks
[ Upstream commit 740797ce3a124b7dd22b7fb832d87bc8fba1cf6f ]
syzbot reported the following warning:
WARNING: CPU: 1 PID: 6351 at kernel/sched/deadline.c:628
enqueue_task_dl+0x22da/0x38a0 kernel/sched/deadline.c:1504
At deadline.c:628 we have:
623 static inline void setup_new_dl_entity(struct sched_dl_entity *dl_se)
624 {
625 struct dl_rq *dl_rq = dl_rq_of_se(dl_se);
626 struct rq *rq = rq_of_dl_rq(dl_rq);
627
628 WARN_ON(dl_se->dl_boosted);
629 WARN_ON(dl_time_before(rq_clock(rq), dl_se->deadline));
[...]
}
Which means that setup_new_dl_entity() has been called on a task
currently boosted. This shouldn't happen though, as setup_new_dl_entity()
is only called when the 'dynamic' deadline of the new entity
is in the past w.r.t. rq_clock and boosted tasks shouldn't verify this
condition.
Digging through the PI code I noticed that what above might in fact happen
if an RT tasks blocks on an rt_mutex hold by a DEADLINE task. In the
first branch of boosting conditions we check only if a pi_task 'dynamic'
deadline is earlier than mutex holder's and in this case we set mutex
holder to be dl_boosted. However, since RT 'dynamic' deadlines are only
initialized if such tasks get boosted at some point (or if they become
DEADLINE of course), in general RT 'dynamic' deadlines are usually equal
to 0 and this verifies the aforementioned condition.
Fix it by checking that the potential donor task is actually (even if
temporary because in turn boosted) running at DEADLINE priority before
using its 'dynamic' deadline value.
Fixes:
|
||
|
Juri Lelli
|
3dc7138943 |
sched/deadline: Initialize ->dl_boosted
[ Upstream commit ce9bc3b27f2a21a7969b41ffb04df8cf61bd1592 ]
syzbot reported the following warning triggered via SYSC_sched_setattr():
WARNING: CPU: 0 PID: 6973 at kernel/sched/deadline.c:593 setup_new_dl_entity /kernel/sched/deadline.c:594 [inline]
WARNING: CPU: 0 PID: 6973 at kernel/sched/deadline.c:593 enqueue_dl_entity /kernel/sched/deadline.c:1370 [inline]
WARNING: CPU: 0 PID: 6973 at kernel/sched/deadline.c:593 enqueue_task_dl+0x1c17/0x2ba0 /kernel/sched/deadline.c:1441
This happens because the ->dl_boosted flag is currently not initialized by
__dl_clear_params() (unlike the other flags) and setup_new_dl_entity()
rightfully complains about it.
Initialize dl_boosted to 0.
Fixes:
|
||
Stanislav Fomichev
|
f1ee7d3a2c |
bpf: Don't return EINVAL from {get,set}sockopt when optlen > PAGE_SIZE
[ Upstream commit d8fe449a9c51a37d844ab607e14e2f5c657d3cf2 ]
Attaching to these hooks can break iptables because its optval is
usually quite big, or at least bigger than the current PAGE_SIZE limit.
David also mentioned some SCTP options can be big (around 256k).
For such optvals we expose only the first PAGE_SIZE bytes to
the BPF program. BPF program has two options:
1. Set ctx->optlen to 0 to indicate that the BPF's optval
should be ignored and the kernel should use original userspace
value.
2. Set ctx->optlen to something that's smaller than the PAGE_SIZE.
v5:
* use ctx->optlen == 0 with trimmed buffer (Alexei Starovoitov)
* update the docs accordingly
v4:
* use temporary buffer to avoid optval == optval_end == NULL;
this removes the corner case in the verifier that might assume
non-zero PTR_TO_PACKET/PTR_TO_PACKET_END.
v3:
* don't increase the limit, bypass the argument
v2:
* proper comments formatting (Jakub Kicinski)
Fixes:
|
||
Toke Høiland-Jørgensen
|
0f3aa6c6d6 |
devmap: Use bpf_map_area_alloc() for allocating hash buckets
[ Upstream commit 99c51064fb06146b3d494b745c947e438a10aaa7 ]
Syzkaller discovered that creating a hash of type devmap_hash with a large
number of entries can hit the memory allocator limit for allocating
contiguous memory regions. There's really no reason to use kmalloc_array()
directly in the devmap code, so just switch it to the existing
bpf_map_area_alloc() function that is used elsewhere.
Fixes:
|
||
|
Greg Kroah-Hartman
|
90dbaed65a |
This is the 5.4.49 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl7zdl0ACgkQONu9yGCS
aT4fAg/7Bg+JHOdJpdSb4FLMjpWHnjOMJ4ICMEfEPS9vJR41HpAaC8LdI3PBZdOZ
ujEdX3ia1p3N/bnnHwVPFaycWQ6Z9TItoj6gzCLqjzVzdKJKXEx8uQFY0KWt+w4R
0orn1acd+bqMLhnRrJqMEhmRG3Y6IrkWXYr/qDC6OuZDgigtHC46mX0IdQiUomFd
As9x1cr6+j27zOf8iwyNNXWo5AL2VFR7zDhlfR+sllN6Tn90AhumFoES8GL+ylfu
OybF5LH4l9gOiFwvI7gTeihJoJOyh/cKP0glnDzRIZVIFv96At3cDt5GiRxkqbYw
u1bo5X5xPxJogN9SLUi4O6pnrmQmuK27zJcI43TDfdRguSzXWzZclyNQ9d3zqmvJ
QCmCsQkZst4K4SGg4UE2Wb6Gi51lsmV4OKll7eh61I87e8J7t7r8I5HRDdNCLzuf
3biqYn8f6307ME59fniVlQSynMt8B9lxyTS6hkYN/iCf753jHKdJRy97JcXugiCo
DUoMCNchLDg5LH9TWq6k96rCklaVGPkp8HO/davMAc5Xn+YgPqE/ZpO7hH0nCLBE
Fc0bvddiebXI5NrxIXu20vajQWi5YuVw5JWUBvcK6aONluwRomCvTIPRT1SZZiaK
5Cm5lyDGK3yYC0Dz++QzATVtNEOAkUOWgLpgOenrUVPtCtgDOrk=
=cQWB
-----END PGP SIGNATURE-----
Merge 5.4.49 into android-5.4-stable
Changes in 5.4.49
power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select
clk: sunxi: Fix incorrect usage of round_down()
ASoC: tegra: tegra_wm8903: Support nvidia, headset property
i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets
ASoC: SOF: imx8: Fix randbuild error
iio: pressure: bmp280: Tolerate IRQ before registering
remoteproc: Fix IDR initialisation in rproc_alloc()
clk: qcom: msm8916: Fix the address location of pll->config_reg
ASoC: fsl_esai: Disable exception interrupt before scheduling tasklet
backlight: lp855x: Ensure regulators are disabled on probe failure
ARM: dts: renesas: Fix IOMMU device node names
ASoC: davinci-mcasp: Fix dma_chan refcnt leak when getting dma type
ARM: integrator: Add some Kconfig selections
ARM: dts: stm32: Add missing ethernet PHY reset on AV96
scsi: core: free sgtables in case command setup fails
scsi: qedi: Check for buffer overflow in qedi_set_path()
arm64: dts: meson: fixup SCP sram nodes
ALSA: hda/realtek - Introduce polarity for micmute LED GPIO
ALSA: isa/wavefront: prevent out of bounds write in ioctl
PCI: Allow pci_resize_resource() for devices on root bus
scsi: qla2xxx: Fix issue with adapter's stopping state
Input: edt-ft5x06 - fix get_default register write access
powerpc/kasan: Fix stack overflow by increasing THREAD_SHIFT
rtc: mc13xxx: fix a double-unlock issue
iio: bmp280: fix compensation of humidity
f2fs: report delalloc reserve as non-free in statfs for project quota
i2c: pxa: clear all master action bits in i2c_pxa_stop_message()
remoteproc: qcom_q6v5_mss: map/unmap mpss segments before/after use
clk: samsung: Mark top ISP and CAM clocks on Exynos542x as critical
usblp: poison URBs upon disconnect
serial: 8250: Fix max baud limit in generic 8250 port
misc: fastrpc: Fix an incomplete memory release in fastrpc_rpmsg_probe()
misc: fastrpc: fix potential fastrpc_invoke_ctx leak
dm mpath: switch paths in dm_blk_ioctl() code path
arm64: dts: armada-3720-turris-mox: forbid SDR104 on SDIO for FCC purposes
arm64: dts: armada-3720-turris-mox: fix SFP binding
arm64: dts: juno: Fix GIC child nodes
pinctrl: ocelot: Fix GPIO interrupt decoding on Jaguar2
clk: renesas: cpg-mssr: Fix STBCR suspend/resume handling
ASoC: SOF: Do nothing when DSP PM callbacks are not set
arm64: dts: fvp: Fix GIC child nodes
PCI: aardvark: Don't blindly enable ASPM L0s and don't write to read-only register
ps3disk: use the default segment boundary
arm64: dts: fvp/juno: Fix node address fields
vfio/pci: fix memory leaks in alloc_perm_bits()
coresight: tmc: Fix TMC mode read in tmc_read_prepare_etb()
RDMA/mlx5: Add init2init as a modify command
scsi: hisi_sas: Do not reset phy timer to wait for stray phy up
PCI: pci-bridge-emul: Fix PCIe bit conflicts
m68k/PCI: Fix a memory leak in an error handling path
gpio: dwapb: Call acpi_gpiochip_free_interrupts() on GPIO chip de-registration
usb: gadget: core: sync interrupt before unbind the udc
powerpc/ptdump: Add _PAGE_COHERENT flag
mfd: wm8994: Fix driver operation if loaded as modules
scsi: cxgb3i: Fix some leaks in init_act_open()
clk: zynqmp: fix memory leak in zynqmp_register_clocks
scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event
scsi: vhost: Notify TCM about the maximum sg entries supported per command
clk: clk-flexgen: fix clock-critical handling
IB/mlx5: Fix DEVX support for MLX5_CMD_OP_INIT2INIT_QP command
powerpc/perf/hv-24x7: Fix inconsistent output values incase multiple hv-24x7 events run
nfsd: Fix svc_xprt refcnt leak when setup callback client failed
PCI: vmd: Filter resource type bits from shadow register
RDMA/core: Fix several reference count leaks.
cifs: set up next DFS target before generic_ip_connect()
ASoC: qcom: q6asm-dai: kCFI fix
powerpc/crashkernel: Take "mem=" option into account
pwm: img: Call pm_runtime_put() in pm_runtime_get_sync() failed case
sparc32: mm: Don't try to free page-table pages if ctor() fails
yam: fix possible memory leak in yam_init_driver
NTB: ntb_pingpong: Choose doorbells based on port number
NTB: Fix the default port and peer numbers for legacy drivers
mksysmap: Fix the mismatch of '.L' symbols in System.map
apparmor: fix introspection of of task mode for unconfined tasks
net: dsa: lantiq_gswip: fix and improve the unsupported interface error
apparmor: check/put label on apparmor_sk_clone_security()
f2fs: handle readonly filesystem in f2fs_ioc_shutdown()
ASoC: meson: add missing free_irq() in error path
bpf, sockhash: Fix memory leak when unlinking sockets in sock_hash_free
scsi: sr: Fix sr_probe() missing deallocate of device minor
scsi: ibmvscsi: Don't send host info in adapter info MAD after LPM
apparmor: fix nnp subset test for unconfined
x86/purgatory: Disable various profiling and sanitizing options
staging: greybus: fix a missing-check bug in gb_lights_light_config()
arm64: dts: mt8173: fix unit name warnings
scsi: qedi: Do not flush offload work if ARP not resolved
arm64: dts: qcom: msm8916: remove unit name for thermal trip points
ARM: dts: sun8i-h2-plus-bananapi-m2-zero: Fix led polarity
RDMA/mlx5: Fix udata response upon SRQ creation
gpio: dwapb: Append MODULE_ALIAS for platform driver
scsi: qedf: Fix crash when MFW calls for protocol stats while function is still probing
pinctrl: rza1: Fix wrong array assignment of rza1l_swio_entries
virtiofs: schedule blocking async replies in separate worker
arm64: dts: qcom: fix pm8150 gpio interrupts
firmware: qcom_scm: fix bogous abuse of dma-direct internals
staging: gasket: Fix mapping refcnt leak when put attribute fails
staging: gasket: Fix mapping refcnt leak when register/store fails
ALSA: usb-audio: Improve frames size computation
ALSA: usb-audio: Fix racy list management in output queue
s390/qdio: put thinint indicator after early error
tty: hvc: Fix data abort due to race in hvc_open
slimbus: ngd: get drvdata from correct device
clk: meson: meson8b: Fix the first parent of vid_pll_in_sel
clk: meson: meson8b: Fix the polarity of the RESET_N lines
clk: meson: meson8b: Fix the vclk_div{1, 2, 4, 6, 12}_en gate bits
gpio: pca953x: fix handling of automatic address incrementing
thermal/drivers/ti-soc-thermal: Avoid dereferencing ERR_PTR
clk: meson: meson8b: Don't rely on u-boot to init all GP_PLL registers
ASoC: max98373: reorder max98373_reset() in resume
soundwire: slave: don't init debugfs on device registration error
HID: intel-ish-hid: avoid bogus uninitialized-variable warning
usb: dwc3: gadget: Properly handle ClearFeature(halt)
usb: dwc3: gadget: Properly handle failed kick_transfer
staging: wilc1000: Increase the size of wid_list array
staging: sm750fb: add missing case while setting FB_VISUAL
PCI: v3-semi: Fix a memory leak in v3_pci_probe() error handling paths
i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output
serial: amba-pl011: Make sure we initialize the port.lock spinlock
drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish
PCI: rcar: Fix incorrect programming of OB windows
PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges
scsi: qla2xxx: Fix warning after FC target reset
ALSA: firewire-lib: fix invalid assignment to union data for directional parameter
power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()'
power: supply: smb347-charger: IRQSTAT_D is volatile
ASoC: SOF: core: fix error return code in sof_probe_continue()
arm64: dts: msm8996: Fix CSI IRQ types
scsi: target: loopback: Fix READ with data and sensebytes
scsi: mpt3sas: Fix double free warnings
SoC: rsnd: add interrupt support for SSI BUSIF buffer
ASoC: ux500: mop500: Fix some refcounted resources issues
ASoC: ti: omap-mcbsp: Fix an error handling path in 'asoc_mcbsp_probe()'
pinctrl: rockchip: fix memleak in rockchip_dt_node_to_map
dlm: remove BUG() before panic()
USB: ohci-sm501: fix error return code in ohci_hcd_sm501_drv_probe()
clk: ti: composite: fix memory leak
PCI: Fix pci_register_host_bridge() device_register() error handling
powerpc/64: Don't initialise init_task->thread.regs
tty: n_gsm: Fix SOF skipping
tty: n_gsm: Fix waking up upper tty layer when room available
ALSA: usb-audio: Add duplex sound support for USB devices using implicit feedback
HID: Add quirks for Trust Panora Graphic Tablet
PCI/PM: Assume ports without DLL Link Active train links in 100 ms
habanalabs: increase timeout during reset
ipmi: use vzalloc instead of kmalloc for user creation
powerpc/64s/exception: Fix machine check no-loss idle wakeup
powerpc/pseries/ras: Fix FWNMI_VALID off by one
drivers: phy: sr-usb: do not use internal fsm for USB2 phy init
powerpc/ps3: Fix kexec shutdown hang
vfio-pci: Mask cap zero
usb/ohci-platform: Fix a warning when hibernating
drm/msm/mdp5: Fix mdp5_init error path for failed mdp5_kms allocation
ASoC: Intel: bytcr_rt5640: Add quirk for Toshiba Encore WT8-A tablet
USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe()
tty: n_gsm: Fix bogus i++ in gsm_data_kick
fpga: dfl: afu: Corrected error handling levels
clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1
RDMA/hns: Bugfix for querying qkey
RDMA/hns: Fix cmdq parameter of querying pf timer resource
scsi: target: tcmu: Userspace must not complete queued commands
firmware: imx: scu: Fix possible memory leak in imx_scu_probe()
fuse: fix copy_file_range cache issues
fuse: copy_file_range should truncate cache
arm64: tegra: Fix ethernet phy-mode for Jetson Xavier
arm64: tegra: Fix flag for 64-bit resources in 'ranges' property
powerpc/64s/pgtable: fix an undefined behaviour
dm zoned: return NULL if dmz_get_zone_for_reclaim() fails to find a zone
PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port
PCI: dwc: Fix inner MSI IRQ domain registration
PCI: amlogic: meson: Don't use FAST_LINK_MODE to set up link
IB/cma: Fix ports memory leak in cma_configfs
watchdog: da9062: No need to ping manually before setting timeout
usb: dwc2: gadget: move gadget resume after the core is in L0 state
USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke
usb: gadget: lpc32xx_udc: don't dereference ep pointer before null check
usb: gadget: fix potential double-free in m66592_probe.
usb: gadget: Fix issue with config_ep_by_speed function
scripts: headers_install: Exit with error on config leak
RDMA/iw_cxgb4: cleanup device debugfs entries on ULD remove
x86/apic: Make TSC deadline timer detection message visible
mfd: stmfx: Reset chip on resume as supply was disabled
mfd: stmfx: Fix stmfx_irq_init error path
mfd: stmfx: Disable IRQ in suspend to avoid spurious interrupt
powerpc/32s: Don't warn when mapping RO data ROX.
ASoC: fix incomplete error-handling in img_i2s_in_probe.
scsi: target: tcmu: Fix a use after free in tcmu_check_expired_queue_cmd()
clk: bcm2835: Fix return type of bcm2835_register_gate
scsi: ufs-qcom: Fix scheduling while atomic issue
KVM: PPC: Book3S HV: Ignore kmemleak false positives
KVM: PPC: Book3S: Fix some RCU-list locks
clk: sprd: return correct type of value for _sprd_pll_recalc_rate
clk: ast2600: Fix AHB clock divider for A1
misc: xilinx-sdfec: improve get_user_pages_fast() error handling
/dev/mem: Revoke mappings when a driver claims the region
net: sunrpc: Fix off-by-one issues in 'rpc_ntop6'
NFSv4.1 fix rpc_call_done assignment for BIND_CONN_TO_SESSION
of: Fix a refcounting bug in __of_attach_node_sysfs()
input: i8042 - Remove special PowerPC handling
powerpc/4xx: Don't unmap NULL mbase
extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()'
ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed
vfio/mdev: Fix reference count leak in add_mdev_supported_type
rtc: rv3028: Add missed check for devm_regmap_init_i2c()
mailbox: zynqmp-ipi: Fix NULL vs IS_ERR() check in zynqmp_ipi_mbox_probe()
rxrpc: Adjust /proc/net/rxrpc/calls to display call->debug_id not user_ID
openrisc: Fix issue with argument clobbering for clone/fork
drm/nouveau/disp/gm200-: fix NV_PDISP_SOR_HDMI2_CTRL(n) selection
ceph: don't return -ESTALE if there's still an open file
nfsd4: make drc_slab global, not per-net
gfs2: Allow lock_nolock mount to specify jid=X
scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj
scsi: ufs: Don't update urgent bkops level when toggling auto bkops
pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()'
pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()'
nfsd: safer handling of corrupted c_type
drm/amd/display: Revalidate bandwidth before commiting DC updates
crypto: omap-sham - add proper load balancing support for multicore
geneve: change from tx_error to tx_dropped on missing metadata
lib/zlib: remove outdated and incorrect pre-increment optimization
include/linux/bitops.h: avoid clang shift-count-overflow warnings
selftests/vm/pkeys: fix alloc_random_pkey() to make it really random
blktrace: use errno instead of bi_status
blktrace: fix endianness in get_pdu_int()
blktrace: fix endianness for blk_log_remap()
gfs2: fix use-after-free on transaction ail lists
net: marvell: Fix OF_MDIO config check
ntb_perf: pass correct struct device to dma_alloc_coherent
ntb_tool: pass correct struct device to dma_alloc_coherent
NTB: ntb_tool: reading the link file should not end in a NULL byte
NTB: Revert the change to use the NTB device dev for DMA allocations
NTB: perf: Don't require one more memory window than number of peers
NTB: perf: Fix support for hardware that doesn't have port numbers
NTB: perf: Fix race condition when run with ntb_test
NTB: ntb_test: Fix bug when counting remote files
i2c: icy: Fix build with CONFIG_AMIGA_PCMCIA=n
drivers/perf: hisi: Fix wrong value for all counters enable
selftests/net: in timestamping, strncpy needs to preserve null byte
f2fs: don't return vmalloc() memory from f2fs_kmalloc()
afs: Fix memory leak in afs_put_sysnames()
ASoC: core: only convert non DPCM link to DPCM link
ASoC: SOF: nocodec: conditionally set dpcm_capture/dpcm_playback flags
ASoC: Intel: bytcr_rt5640: Add quirk for Toshiba Encore WT10-A tablet
ASoC: rt5645: Add platform-data for Asus T101HA
bpf/sockmap: Fix kernel panic at __tcp_bpf_recvmsg
bpf, sockhash: Synchronize delete from bucket list on map free
tracing/probe: Fix bpf_task_fd_query() for kprobes and uprobes
drm/sun4i: hdmi ddc clk: Fix size of m divider
libbpf: Handle GCC noreturn-turned-volatile quirk
scsi: acornscsi: Fix an error handling path in acornscsi_probe()
x86/idt: Keep spurious entries unset in system_vectors
net/filter: Permit reading NET in load_bytes_relative when MAC not set
nvme-pci: use simple suspend when a HMB is enabled
nfs: set invalid blocks after NFSv4 writes
xdp: Fix xsk_generic_xmit errno
iavf: fix speed reporting over virtchnl
bpf: Fix memlock accounting for sock_hash
usb/xhci-plat: Set PM runtime as active on resume
usb: host: ehci-platform: add a quirk to avoid stuck
usb/ehci-platform: Set PM runtime as active on resume
perf report: Fix NULL pointer dereference in hists__fprintf_nr_sample_events()
perf stat: Fix NULL pointer dereference
ext4: stop overwrite the errcode in ext4_setup_super
bcache: fix potential deadlock problem in btree_gc_coalesce
powerpc: Fix kernel crash in show_instructions() w/DEBUG_VIRTUAL
afs: Fix non-setting of mtime when writing into mmap
afs: afs_write_end() should change i_size under the right lock
afs: Fix EOF corruption
afs: Always include dir in bulk status fetch from afs_do_lookup()
afs: Set error flag rather than return error from file status decode
afs: Fix the mapping of the UAEOVERFLOW abort code
bnxt_en: Return from timer if interface is not in open state.
scsi: ufs-bsg: Fix runtime PM imbalance on error
block: Fix use-after-free in blkdev_get()
mvpp2: remove module bugfix
arm64: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints
libata: Use per port sync for detach
drm: encoder_slave: fix refcouting error for modules
ext4: fix partial cluster initialization when splitting extent
ext4: avoid utf8_strncasecmp() with unstable name
drm/dp_mst: Reformat drm_dp_check_act_status() a bit
drm/qxl: Use correct notify port address when creating cursor ring
drm/amdgpu: Replace invalid device ID with a valid device ID
selinux: fix double free
jbd2: clean __jbd2_journal_abort_hard() and __journal_abort_soft()
ext4: avoid race conditions when remounting with options that change dax
drm/dp_mst: Increase ACT retry timeout to 3s
drm/amd/display: Use swap() where appropriate
x86/boot/compressed: Relax sed symbol type regex for LLVM ld.lld
block: nr_sects_write(): Disable preemption on seqcount write
net/mlx5: DR, Fix freeing in dr_create_rc_qp()
f2fs: split f2fs_d_compare() from f2fs_match_name()
f2fs: avoid utf8_strncasecmp() with unstable name
s390: fix syscall_get_error for compat processes
drm/i915: Fix AUX power domain toggling across TypeC mode resets
drm/msm: Check for powered down HW in the devfreq callbacks
drm/i915/gem: Avoid iterating an empty list
drm/i915: Whitelist context-local timestamp in the gen9 cmdparser
drm/connector: notify userspace on hotplug after register complete
drm/amd/display: Use kvfree() to free coeff in build_regamma()
drm/i915/icl+: Fix hotplug interrupt disabling after storm detection
Revert "drm/amd/display: disable dcn20 abm feature for bring up"
crypto: algif_skcipher - Cap recv SG list at ctx->used
crypto: algboss - don't wait during notifier callback
tracing/probe: Fix memleak in fetch_op_data operations
kprobes: Fix to protect kick_kprobe_optimizer() by kprobe_mutex
kretprobe: Prevent triggering kretprobe from within kprobe_flush_task
e1000e: Do not wake up the system via WOL if device wakeup is disabled
net: octeon: mgmt: Repair filling of RX ring
pwm: jz4740: Enhance precision in calculation of duty cycle
sched/rt, net: Use CONFIG_PREEMPTION.patch
net: core: device_rename: Use rwsem instead of a seqcount
Linux 5.4.49
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I93723d3c14b5de06aafb4e59a9e35a1d74389757
|
||
Jiri Olsa
|
3d390370d7 |
kretprobe: Prevent triggering kretprobe from within kprobe_flush_task
commit 9b38cc704e844e41d9cf74e647bff1d249512cb3 upstream.
Ziqian reported lockup when adding retprobe on _raw_spin_lock_irqsave.
My test was also able to trigger lockdep output:
============================================
WARNING: possible recursive locking detected
5.6.0-rc6+ #6 Not tainted
--------------------------------------------
sched-messaging/2767 is trying to acquire lock:
ffffffff9a492798 (&(kretprobe_table_locks[i].lock)){-.-.}, at: kretprobe_hash_lock+0x52/0xa0
but task is already holding lock:
ffffffff9a491a18 (&(kretprobe_table_locks[i].lock)){-.-.}, at: kretprobe_trampoline+0x0/0x50
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&(kretprobe_table_locks[i].lock));
lock(&(kretprobe_table_locks[i].lock));
*** DEADLOCK ***
May be due to missing lock nesting notation
1 lock held by sched-messaging/2767:
#0: ffffffff9a491a18 (&(kretprobe_table_locks[i].lock)){-.-.}, at: kretprobe_trampoline+0x0/0x50
stack backtrace:
CPU: 3 PID: 2767 Comm: sched-messaging Not tainted 5.6.0-rc6+ #6
Call Trace:
dump_stack+0x96/0xe0
__lock_acquire.cold.57+0x173/0x2b7
? native_queued_spin_lock_slowpath+0x42b/0x9e0
? lockdep_hardirqs_on+0x590/0x590
? __lock_acquire+0xf63/0x4030
lock_acquire+0x15a/0x3d0
? kretprobe_hash_lock+0x52/0xa0
_raw_spin_lock_irqsave+0x36/0x70
? kretprobe_hash_lock+0x52/0xa0
kretprobe_hash_lock+0x52/0xa0
trampoline_handler+0xf8/0x940
? kprobe_fault_handler+0x380/0x380
? find_held_lock+0x3a/0x1c0
kretprobe_trampoline+0x25/0x50
? lock_acquired+0x392/0xbc0
? _raw_spin_lock_irqsave+0x50/0x70
? __get_valid_kprobe+0x1f0/0x1f0
? _raw_spin_unlock_irqrestore+0x3b/0x40
? finish_task_switch+0x4b9/0x6d0
? __switch_to_asm+0x34/0x70
? __switch_to_asm+0x40/0x70
The code within the kretprobe handler checks for probe reentrancy,
so we won't trigger any _raw_spin_lock_irqsave probe in there.
The problem is in outside kprobe_flush_task, where we call:
kprobe_flush_task
kretprobe_table_lock
raw_spin_lock_irqsave
_raw_spin_lock_irqsave
where _raw_spin_lock_irqsave triggers the kretprobe and installs
kretprobe_trampoline handler on _raw_spin_lock_irqsave return.
The kretprobe_trampoline handler is then executed with already
locked kretprobe_table_locks, and first thing it does is to
lock kretprobe_table_locks ;-) the whole lockup path like:
kprobe_flush_task
kretprobe_table_lock
raw_spin_lock_irqsave
_raw_spin_lock_irqsave ---> probe triggered, kretprobe_trampoline installed
---> kretprobe_table_locks locked
kretprobe_trampoline
trampoline_handler
kretprobe_hash_lock(current, &head, &flags); <--- deadlock
Adding kprobe_busy_begin/end helpers that mark code with fake
probe installed to prevent triggering of another kprobe within
this code.
Using these helpers in kprobe_flush_task, so the probe recursion
protection check is hit and the probe is never set to prevent
above lockup.
Link: http://lkml.kernel.org/r/158927059835.27680.7011202830041561604.stgit@devnote2
Fixes:
|
||
|
Masami Hiramatsu
|
c19f0c3c9a |
kprobes: Fix to protect kick_kprobe_optimizer() by kprobe_mutex
commit 1a0aa991a6274161c95a844c58cfb801d681eb59 upstream.
In kprobe_optimizer() kick_kprobe_optimizer() is called
without kprobe_mutex, but this can race with other caller
which is protected by kprobe_mutex.
To fix that, expand kprobe_mutex protected area to protect
kick_kprobe_optimizer() call.
Link: http://lkml.kernel.org/r/158927057586.27680.5036330063955940456.stgit@devnote2
Fixes:
|
||
Vamshi K Sthambamkadi
|
f4748ee4fa |
tracing/probe: Fix memleak in fetch_op_data operations
commit 3aa8fdc37d16735e8891035becf25b3857d3efe0 upstream.
kmemleak report:
[<57dcc2ca>] __kmalloc_track_caller+0x139/0x2b0
[<f1c45d0f>] kstrndup+0x37/0x80
[<f9761eb0>] parse_probe_arg.isra.7+0x3cc/0x630
[<055bf2ba>] traceprobe_parse_probe_arg+0x2f5/0x810
[<655a7766>] trace_kprobe_create+0x2ca/0x950
[<4fc6a02a>] create_or_delete_trace_kprobe+0xf/0x30
[<6d1c8a52>] trace_run_command+0x67/0x80
[<be812cc0>] trace_parse_run_command+0xa7/0x140
[<aecfe401>] probes_write+0x10/0x20
[<2027641c>] __vfs_write+0x30/0x1e0
[<6a4aeee1>] vfs_write+0x96/0x1b0
[<3517fb7d>] ksys_write+0x53/0xc0
[<dad91db7>] __ia32_sys_write+0x15/0x20
[<da347f64>] do_syscall_32_irqs_on+0x3d/0x260
[<fd0b7e7d>] do_fast_syscall_32+0x39/0xb0
[<ea5ae810>] entry_SYSENTER_32+0xaf/0x102
Post parse_probe_arg(), the FETCH_OP_DATA operation type is overwritten
to FETCH_OP_ST_STRING, as a result memory is never freed since
traceprobe_free_probe_arg() iterates only over SYMBOL and DATA op types
Setup fetch string operation correctly after fetch_op_data operation.
Link: https://lkml.kernel.org/r/20200615143034.GA1734@cosmos
Cc: stable@vger.kernel.org
Fixes:
|
||
Jean-Philippe Brucker
|
c7c658ef51 |
tracing/probe: Fix bpf_task_fd_query() for kprobes and uprobes
[ Upstream commit 22d5bd6867364b41576a712755271a7d6161abd6 ] Commit |
||
Chaitanya Kulkarni
|
e782a45789 |
blktrace: fix endianness for blk_log_remap()
[ Upstream commit 5aec598c456fe3c1b71a1202cbb42bdc2a643277 ] The function blk_log_remap() can be simplified by removing the call to get_pdu_remap() that copies the values into extra variable to print the data, which also fixes the endiannness warning reported by sparse. Signed-off-by: Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Chaitanya Kulkarni
|
545bafecc0 |
blktrace: fix endianness in get_pdu_int()
[ Upstream commit 71df3fd82e7cccec7b749a8607a4662d9f7febdd ] In function get_pdu_len() replace variable type from __u64 to __be64. This fixes sparse warning. Signed-off-by: Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Chaitanya Kulkarni
|
d578f98fa7 |
blktrace: use errno instead of bi_status
[ Upstream commit 48bc3cd3e07a1486f45d9971c75d6090976c3b1b ] In blk_add_trace_spliti() blk_add_trace_bio_remap() use blk_status_to_errno() to pass the error instead of pasing the bi_status. This fixes the sparse warning. Signed-off-by: Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Dan Williams
|
ece3a3337c |
/dev/mem: Revoke mappings when a driver claims the region
[ Upstream commit 3234ac664a870e6ea69ae3a57d824cd7edbeacc5 ] Close the hole of holding a mapping over kernel driver takeover event of a given address range. Commit |
||
|
Greg Kroah-Hartman
|
fa46997961 |
This is the 5.4.48 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl7wXk8ACgkQONu9yGCS
aT5uyhAA1EoV9ROPRt8Vw1fzlDIrRA5X2T+FCGXskg2kKWehVHAvge4U76nZ16+i
aYcBX3lAmN7GGVw+/GiRHf9QpiwOUF5f3ZUQZ0KuLS1gcuaXx+VC1h5yyunx3tm1
CI01B2p+GQ3jABWopnhsujMVAeWjbD18NqY+a+xOzTn8CCyLAli+LiviWCR/apQp
p4r6++eevWo1yMDlJGNGoMYsFcxChWhtlnDQKWCsIDCN3I1cinGz8wopiv93WqRH
Sz3wb1YMuhXb10usNZcZFaSvDGf5XSaMxpRkyNSxN7CLv8LzbovXQOE+fFDGAYxd
lUCjRK0wFBMzRSeZ2iGYqqQf5xyYKb6hNmViGprdqwR2c3MBHN/Xs5aDLqJEgHkr
OXzZLyHUngRfp3GpagFGV6q06S6fgb9ca/7FuT4Hn8Z3tb5Xt7b/KlPcW3VymiSt
I37itASNA/Qs6Njl4tDd9GjwbcOAs+s/XabasU+pXscOkf3o8fYMy2krisy176D/
AXtRTLq4pc42I8c3tv5uCNz7Zje/qytKSPErNRBAedvOu5JX7ab6hgULPH4N7r0N
Di/LyKqYw+ZBa4AfzcsvlR3wJLWqni+aFj5yppSrNkH7kNzZGLmlw8xIo8v1CFYw
T86b13WmHPqvyFWQLpX5WCEYu0OCw5YCUyQXSsLZN5oC7gAwC7U=
=FSdI
-----END PGP SIGNATURE-----
Merge 5.4.48 into android-5.4-stable
Changes in 5.4.48
ACPI: GED: use correct trigger type field in _Exx / _Lxx handling
drm/amdgpu: fix and cleanup amdgpu_gem_object_close v4
ath10k: Fix the race condition in firmware dump work queue
drm: bridge: adv7511: Extend list of audio sample rates
media: staging: imgu: do not hold spinlock during freeing mmu page table
media: imx: imx7-mipi-csis: Cleanup and fix subdev pad format handling
crypto: ccp -- don't "select" CONFIG_DMADEVICES
media: vicodec: Fix error codes in probe function
media: si2157: Better check for running tuner in init
objtool: Ignore empty alternatives
spi: spi-mem: Fix Dual/Quad modes on Octal-capable devices
drm/amdgpu: Init data to avoid oops while reading pp_num_states.
arm64/kernel: Fix range on invalidating dcache for boot page tables
libbpf: Fix memory leak and possible double-free in hashmap__clear
spi: pxa2xx: Apply CS clk quirk to BXT
x86,smap: Fix smap_{save,restore}() alternatives
sched/fair: Refill bandwidth before scaling
net: atlantic: make hw_get_regs optional
net: ena: fix error returning in ena_com_get_hash_function()
efi/libstub/x86: Work around LLVM ELF quirk build regression
ath10k: remove the max_sched_scan_reqs value
arm64: cacheflush: Fix KGDB trap detection
media: staging: ipu3: Fix stale list entries on parameter queue failure
rtw88: fix an issue about leak system resources
spi: dw: Zero DMA Tx and Rx configurations on stack
ACPICA: Dispatcher: add status checks
block: alloc map and request for new hardware queue
arm64: insn: Fix two bugs in encoding 32-bit logical immediates
block: reset mapping if failed to update hardware queue count
drm: rcar-du: Set primary plane zpos immutably at initializing
lockdown: Allow unprivileged users to see lockdown status
ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K
platform/x86: dell-laptop: don't register micmute LED if there is no token
MIPS: Loongson: Build ATI Radeon GPU driver as module
Bluetooth: Add SCO fallback for invalid LMP parameters error
kgdb: Disable WARN_CONSOLE_UNLOCKED for all kgdb
kgdb: Prevent infinite recursive entries to the debugger
pmu/smmuv3: Clear IRQ affinity hint on device removal
ACPI/IORT: Fix PMCG node single ID mapping handling
mips: Fix cpu_has_mips64r1/2 activation for MIPS32 CPUs
spi: dw: Enable interrupts in accordance with DMA xfer mode
clocksource: dw_apb_timer: Make CPU-affiliation being optional
clocksource: dw_apb_timer_of: Fix missing clockevent timers
media: dvbdev: Fix tuner->demod media controller link
btrfs: account for trans_block_rsv in may_commit_transaction
btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums
ARM: 8978/1: mm: make act_mm() respect THREAD_SIZE
batman-adv: Revert "disable ethtool link speed detection when auto negotiation off"
ice: Fix memory leak
ice: Fix for memory leaks and modify ICE_FREE_CQ_BUFS
mmc: meson-mx-sdio: trigger a soft reset after a timeout or CRC error
Bluetooth: btmtkuart: Improve exception handling in btmtuart_probe()
spi: dw: Fix Rx-only DMA transfers
x86/kvm/hyper-v: Explicitly align hcall param for kvm_hyperv_exit
net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss()
x86: fix vmap arguments in map_irq_stack
staging: android: ion: use vmap instead of vm_map_ram
ath10k: fix kernel null pointer dereference
media: staging/intel-ipu3: Implement lock for stream on/off operations
spi: Respect DataBitLength field of SpiSerialBusV2() ACPI resource
brcmfmac: fix wrong location to get firmware feature
regulator: qcom-rpmh: Fix typos in pm8150 and pm8150l
tools api fs: Make xxx__mountpoint() more scalable
e1000: Distribute switch variables for initialization
dt-bindings: display: mediatek: control dpi pins mode to avoid leakage
drm/mediatek: set dpi pin mode to gpio low to avoid leakage current
audit: fix a net reference leak in audit_send_reply()
media: dvb: return -EREMOTEIO on i2c transfer failure.
media: platform: fcp: Set appropriate DMA parameters
MIPS: Make sparse_init() using top-down allocation
ath10k: add flush tx packets for SDIO chip
Bluetooth: btbcm: Add 2 missing models to subver tables
audit: fix a net reference leak in audit_list_rules_send()
Drivers: hv: vmbus: Always handle the VMBus messages on CPU0
dpaa2-eth: fix return codes used in ndo_setup_tc
netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported
selftests/bpf: Fix memory leak in extract_build_id()
net: bcmgenet: set Rx mode before starting netif
net: bcmgenet: Fix WoL with password after deep sleep
lib/mpi: Fix 64-bit MIPS build with Clang
exit: Move preemption fixup up, move blocking operations down
sched/core: Fix illegal RCU from offline CPUs
drivers/perf: hisi: Fix typo in events attribute array
iocost_monitor: drop string wrap around numbers when outputting json
net: lpc-enet: fix error return code in lpc_mii_init()
selinux: fix error return code in policydb_read()
drivers: net: davinci_mdio: fix potential NULL dereference in davinci_mdio_probe()
media: cec: silence shift wrapping warning in __cec_s_log_addrs()
net: allwinner: Fix use correct return type for ndo_start_xmit()
powerpc/spufs: fix copy_to_user while atomic
libertas_tf: avoid a null dereference in pointer priv
xfs: clean up the error handling in xfs_swap_extents
Crypto/chcr: fix for ccm(aes) failed test
MIPS: Truncate link address into 32bit for 32bit kernel
mips: cm: Fix an invalid error code of INTVN_*_ERR
kgdb: Fix spurious true from in_dbg_master()
xfs: reset buffer write failure state on successful completion
xfs: fix duplicate verification from xfs_qm_dqflush()
platform/x86: intel-vbtn: Use acpi_evaluate_integer()
platform/x86: intel-vbtn: Split keymap into buttons and switches parts
platform/x86: intel-vbtn: Do not advertise switches to userspace if they are not there
platform/x86: intel-vbtn: Also handle tablet-mode switch on "Detachable" and "Portable" chassis-types
iwlwifi: avoid debug max amsdu config overwriting itself
nvme: refine the Qemu Identify CNS quirk
nvme-pci: align io queue count with allocted nvme_queue in nvme_probe
nvme-tcp: use bh_lock in data_ready
ath10k: Remove msdu from idr when management pkt send fails
wcn36xx: Fix error handling path in 'wcn36xx_probe()'
net: qed*: Reduce RX and TX default ring count when running inside kdump kernel
drm/mcde: dsi: Fix return value check in mcde_dsi_bind()
mt76: avoid rx reorder buffer overflow
md: don't flush workqueue unconditionally in md_open
raid5: remove gfp flags from scribble_alloc()
iocost: don't let vrate run wild while there's no saturation signal
veth: Adjust hard_start offset on redirect XDP frames
net/mlx5e: IPoIB, Drop multicast packets that this interface sent
rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup()
mwifiex: Fix memory corruption in dump_station
kgdboc: Use a platform device to handle tty drivers showing up late
x86/boot: Correct relocation destination on old linkers
sched: Defend cfs and rt bandwidth quota against overflow
mips: MAAR: Use more precise address mask
mips: Add udelay lpj numbers adjustment
crypto: stm32/crc32 - fix ext4 chksum BUG_ON()
crypto: stm32/crc32 - fix run-time self test issue.
crypto: stm32/crc32 - fix multi-instance
drm/amd/powerpay: Disable gfxoff when setting manual mode on picasso and raven
drm/amdgpu: Sync with VM root BO when switching VM to CPU update mode
selftests/bpf: CONFIG_IPV6_SEG6_BPF required for test_seg6_loop.o
x86/mm: Stop printing BRK addresses
MIPS: tools: Fix resource leak in elf-entry.c
m68k: mac: Don't call via_flush_cache() on Mac IIfx
btrfs: improve global reserve stealing logic
btrfs: qgroup: mark qgroup inconsistent if we're inherting snapshot to a new qgroup
macvlan: Skip loopback packets in RX handler
PCI: Don't disable decoding when mmio_always_on is set
MIPS: Fix IRQ tracing when call handle_fpe() and handle_msa_fpe()
bcache: fix refcount underflow in bcache_device_free()
mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk
staging: greybus: sdio: Respect the cmd->busy_timeout from the mmc core
mmc: via-sdmmc: Respect the cmd->busy_timeout from the mmc core
ice: fix potential double free in probe unrolling
ixgbe: fix signed-integer-overflow warning
iwlwifi: mvm: fix aux station leak
mmc: sdhci-esdhc-imx: fix the mask for tuning start point
spi: dw: Return any value retrieved from the dma_transfer callback
cpuidle: Fix three reference count leaks
platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32()
platform/x86: intel-hid: Add a quirk to support HP Spectre X2 (2015)
platform/x86: intel-vbtn: Only blacklist SW_TABLET_MODE on the 9 / "Laptop" chasis-type
platform/x86: asus_wmi: Reserve more space for struct bias_args
libbpf: Fix perf_buffer__free() API for sparse allocs
bpf: Fix map permissions check
bpf: Refactor sockmap redirect code so its easy to reuse
bpf: Fix running sk_skb program types with ktls
selftests/bpf, flow_dissector: Close TAP device FD after the test
kasan: stop tests being eliminated as dead code with FORTIFY_SOURCE
string.h: fix incompatibility between FORTIFY_SOURCE and KASAN
btrfs: free alien device after device add
btrfs: include non-missing as a qualifier for the latest_bdev
btrfs: send: emit file capabilities after chown
btrfs: force chunk allocation if our global rsv is larger than metadata
btrfs: fix error handling when submitting direct I/O bio
btrfs: fix wrong file range cleanup after an error filling dealloc range
btrfs: fix space_info bytes_may_use underflow after nocow buffered write
btrfs: fix space_info bytes_may_use underflow during space cache writeout
powerpc/mm: Fix conditions to perform MMU specific management by blocks on PPC32.
mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked()
mm: initialize deferred pages with interrupts enabled
mm/pagealloc.c: call touch_nmi_watchdog() on max order boundaries in deferred init
mm: call cond_resched() from deferred_init_memmap()
ima: Fix ima digest hash table key calculation
ima: Switch to ima_hash_algo for boot aggregate
ima: Evaluate error in init_ima()
ima: Directly assign the ima_default_policy pointer to ima_rules
ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init()
ima: Remove __init annotation from ima_pcrread()
evm: Fix possible memory leak in evm_calc_hmac_or_hash()
ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max
ext4: fix error pointer dereference
ext4: fix race between ext4_sync_parent() and rename()
PCI: Avoid Pericom USB controller OHCI/EHCI PME# defect
PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0
PCI: Avoid FLR for AMD Starship USB 3.0
PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints
PCI: vmd: Add device id for VMD device 8086:9A0B
x86/amd_nb: Add Family 19h PCI IDs
PCI: Add Loongson vendor ID
serial: 8250_pci: Move Pericom IDs to pci_ids.h
x86/amd_nb: Add AMD family 17h model 60h PCI IDs
ima: Remove redundant policy rule set in add_rules()
ima: Set again build_ima_appraise variable
PCI: Program MPS for RCiEP devices
e1000e: Disable TSO for buffer overrun workaround
e1000e: Relax condition to trigger reset for ME workaround
carl9170: remove P2P_GO support
media: go7007: fix a miss of snd_card_free
media: cedrus: Program output format during each run
serial: 8250: Avoid error message on reprobe
Bluetooth: hci_bcm: fix freeing not-requested IRQ
b43legacy: Fix case where channel status is corrupted
b43: Fix connection problem with WPA3
b43_legacy: Fix connection problem with WPA3
media: ov5640: fix use of destroyed mutex
clk: mediatek: assign the initial value to clk_init_data of mtk_mux
igb: Report speed and duplex as unknown when device is runtime suspended
hwmon: (k10temp) Add AMD family 17h model 60h PCI match
EDAC/amd64: Add AMD family 17h model 60h PCI IDs
power: vexpress: add suppress_bind_attrs to true
power: supply: core: fix HWMON temperature labels
power: supply: core: fix memory leak in HWMON error path
pinctrl: samsung: Correct setting of eint wakeup mask on s5pv210
pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs
gnss: sirf: fix error return code in sirf_probe()
sparc32: fix register window handling in genregs32_[gs]et()
sparc64: fix misuses of access_process_vm() in genregs32_[sg]et()
dm crypt: avoid truncating the logical block size
alpha: fix memory barriers so that they conform to the specification
powerpc/fadump: use static allocation for reserved memory ranges
powerpc/fadump: consider reserved ranges while reserving memory
powerpc/fadump: Account for memory_limit while reserving memory
kernel/cpu_pm: Fix uninitted local in cpu_pm
ARM: tegra: Correct PL310 Auxiliary Control Register initialization
soc/tegra: pmc: Select GENERIC_PINCONF
ARM: dts: exynos: Fix GPIO polarity for thr GalaxyS3 CM36651 sensor's bus
ARM: dts: at91: sama5d2_ptc_ek: fix vbus pin
ARM: dts: s5pv210: Set keep-power-in-suspend for SDHCI1 on Aries
drivers/macintosh: Fix memleak in windfarm_pm112 driver
powerpc/32s: Fix another build failure with CONFIG_PPC_KUAP_DEBUG
powerpc/kasan: Fix issues by lowering KASAN_SHADOW_END
powerpc/kasan: Fix shadow pages allocation failure
powerpc/32: Disable KASAN with pages bigger than 16k
powerpc/64s: Don't let DT CPU features set FSCR_DSCR
powerpc/64s: Save FSCR to init_task.thread.fscr after feature init
kbuild: force to build vmlinux if CONFIG_MODVERSION=y
sunrpc: svcauth_gss_register_pseudoflavor must reject duplicate registrations.
sunrpc: clean up properly in gss_mech_unregister()
mtd: rawnand: Fix nand_gpio_waitrdy()
mtd: rawnand: onfi: Fix redundancy detection check
mtd: rawnand: brcmnand: fix hamming oob layout
mtd: rawnand: diskonchip: Fix the probe error path
mtd: rawnand: sharpsl: Fix the probe error path
mtd: rawnand: ingenic: Fix the probe error path
mtd: rawnand: xway: Fix the probe error path
mtd: rawnand: orion: Fix the probe error path
mtd: rawnand: socrates: Fix the probe error path
mtd: rawnand: oxnas: Fix the probe error path
mtd: rawnand: sunxi: Fix the probe error path
mtd: rawnand: plat_nand: Fix the probe error path
mtd: rawnand: pasemi: Fix the probe error path
mtd: rawnand: mtk: Fix the probe error path
mtd: rawnand: tmio: Fix the probe error path
w1: omap-hdq: cleanup to add missing newline for some dev_dbg
f2fs: fix checkpoint=disable:%u%%
perf probe: Do not show the skipped events
perf probe: Fix to check blacklist address correctly
perf probe: Check address correctness by map instead of _etext
perf symbols: Fix debuginfo search for Ubuntu
perf symbols: Fix kernel maps for kcore and eBPF
Linux 5.4.48
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I9954fb3f08956419e8586bcb9078e604df207fb9
|
||
Douglas Anderson
|
b5d2f71b98 |
kernel/cpu_pm: Fix uninitted local in cpu_pm
commit b5945214b76a1f22929481724ffd448000ede914 upstream.
cpu_pm_notify() is basically a wrapper of notifier_call_chain().
notifier_call_chain() doesn't initialize *nr_calls to 0 before it
starts incrementing it--presumably it's up to the callers to do this.
Unfortunately the callers of cpu_pm_notify() don't init *nr_calls.
This potentially means you could get too many or two few calls to
CPU_PM_ENTER_FAILED or CPU_CLUSTER_PM_ENTER_FAILED depending on the
luck of the stack.
Let's fix this.
Fixes:
|
||
Anton Protopopov
|
215a256bc8 |
bpf: Fix map permissions check
[ Upstream commit 1ea0f9120c8ce105ca181b070561df5cbd6bc049 ]
The map_lookup_and_delete_elem() function should check for both FMODE_CAN_WRITE
and FMODE_CAN_READ permissions because it returns a map element to user space.
Fixes:
|
||
Huaixin Chang
|
9fa3b0bd99 |
sched: Defend cfs and rt bandwidth quota against overflow
[ Upstream commit d505b8af58912ae1e1a211fabc9995b19bd40828 ] When users write some huge number into cpu.cfs_quota_us or cpu.rt_runtime_us, overflow might happen during to_ratio() shifts of schedulable checks. to_ratio() could be altered to avoid unnecessary internal overflow, but min_cfs_quota_period is less than 1 << BW_SHIFT, so a cutoff would still be needed. Set a cap MAX_BW for cfs_quota_us and rt_runtime_us to prevent overflow. Signed-off-by: Huaixin Chang <changhuaixin@linux.alibaba.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Reviewed-by: Ben Segall <bsegall@google.com> Link: https://lkml.kernel.org/r/20200425105248.60093-1-changhuaixin@linux.alibaba.com Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Peter Zijlstra
|
f7757368e0 |
sched/core: Fix illegal RCU from offline CPUs
[ Upstream commit bf2c59fce4074e55d622089b34be3a6bc95484fb ] In the CPU-offline process, it calls mmdrop() after idle entry and the subsequent call to cpuhp_report_idle_dead(). Once execution passes the call to rcu_report_dead(), RCU is ignoring the CPU, which results in lockdep complaining when mmdrop() uses RCU from either memcg or debugobjects below. Fix it by cleaning up the active_mm state from BP instead. Every arch which has CONFIG_HOTPLUG_CPU should have already called idle_task_exit() from AP. The only exception is parisc because it switches them to &init_mm unconditionally (see smp_boot_one_cpu() and smp_cpu_init()), but the patch will still work there because it calls mmgrab(&init_mm) in smp_cpu_init() and then should call mmdrop(&init_mm) in finish_cpu(). WARNING: suspicious RCU usage ----------------------------- kernel/workqueue.c:710 RCU or wq_pool_mutex should be held! other info that might help us debug this: RCU used illegally from offline CPU! Call Trace: dump_stack+0xf4/0x164 (unreliable) lockdep_rcu_suspicious+0x140/0x164 get_work_pool+0x110/0x150 __queue_work+0x1bc/0xca0 queue_work_on+0x114/0x120 css_release+0x9c/0xc0 percpu_ref_put_many+0x204/0x230 free_pcp_prepare+0x264/0x570 free_unref_page+0x38/0xf0 __mmdrop+0x21c/0x2c0 idle_task_exit+0x170/0x1b0 pnv_smp_cpu_kill_self+0x38/0x2e0 cpu_die+0x48/0x64 arch_cpu_idle_dead+0x30/0x50 do_idle+0x2f4/0x470 cpu_startup_entry+0x38/0x40 start_secondary+0x7a8/0xa80 start_secondary_resume+0x10/0x14 Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Signed-off-by: Qian Cai <cai@lca.pw> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Acked-by: Michael Ellerman <mpe@ellerman.id.au> (powerpc) Link: https://lkml.kernel.org/r/20200401214033.8448-1-cai@lca.pw Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Jann Horn
|
2e256dd5b0 |
exit: Move preemption fixup up, move blocking operations down
[ Upstream commit 586b58cac8b4683eb58a1446fbc399de18974e40 ]
With CONFIG_DEBUG_ATOMIC_SLEEP=y and CONFIG_CGROUPS=y, kernel oopses in
non-preemptible context look untidy; after the main oops, the kernel prints
a "sleeping function called from invalid context" report because
exit_signals() -> cgroup_threadgroup_change_begin() -> percpu_down_read()
can sleep, and that happens before the preempt_count_set(PREEMPT_ENABLED)
fixup.
It looks like the same thing applies to profile_task_exit() and
kcov_task_exit().
Fix it by moving the preemption fixup up and the calls to
profile_task_exit() and kcov_task_exit() down.
Fixes:
|
||
Paul Moore
|
51d2957b21 |
audit: fix a net reference leak in audit_list_rules_send()
[ Upstream commit 3054d06719079388a543de6adb812638675ad8f5 ] If audit_list_rules_send() fails when trying to create a new thread to send the rules it also fails to cleanup properly, leaking a reference to a net structure. This patch fixes the error patch and renames audit_send_list() to audit_send_list_thread() to better match its cousin, audit_send_reply_thread(). Reported-by: teroincn@gmail.com Reviewed-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Paul Moore
|
189ca174b8 |
audit: fix a net reference leak in audit_send_reply()
[ Upstream commit a48b284b403a4a073d8beb72d2bb33e54df67fb6 ] If audit_send_reply() fails when trying to create a new thread to send the reply it also fails to cleanup properly, leaking a reference to a net structure. This patch fixes the error path and makes a handful of other cleanups that came up while fixing the code. Reported-by: teroincn@gmail.com Reviewed-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Douglas Anderson
|
308c2095da |
kgdb: Prevent infinite recursive entries to the debugger
[ Upstream commit 3ca676e4ca60d1834bb77535dafe24169cadacef ] If we detect that we recursively entered the debugger we should hack our I/O ops to NULL so that the panic() in the next line won't actually cause another recursion into the debugger. The first line of kgdb_panic() will check this and return. Signed-off-by: Douglas Anderson <dianders@chromium.org> Reviewed-by: Daniel Thompson <daniel.thompson@linaro.org> Link: https://lore.kernel.org/r/20200507130644.v4.6.I89de39f68736c9de610e6f241e68d8dbc44bc266@changeid Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Douglas Anderson
|
1343e0a859 |
kgdb: Disable WARN_CONSOLE_UNLOCKED for all kgdb
[ Upstream commit 202164fbfa2b2ffa3e66b504e0f126ba9a745006 ] In commit |
||
|
Huaixin Chang
|
9f664eda61 |
sched/fair: Refill bandwidth before scaling
[ Upstream commit 5a6d6a6ccb5f48ca8cf7c6d64ff83fd9c7999390 ]
In order to prevent possible hardlockup of sched_cfs_period_timer()
loop, loop count is introduced to denote whether to scale quota and
period or not. However, scale is done between forwarding period timer
and refilling cfs bandwidth runtime, which means that period timer is
forwarded with old "period" while runtime is refilled with scaled
"quota".
Move do_sched_cfs_period_timer() before scaling to solve this.
Fixes:
|
||
|
Greg Kroah-Hartman
|
eaaa29ec5a |
This is the 5.4.47 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl7qK2gACgkQONu9yGCS aT4kaw/8Cknc9G64S1SWchxFj4LnSYzrpeFGXOZBlHBtcCyD12JNGjA6SG6DoGLY /s/1fjBwJWrWpkI36CGNZowNPYtzRMOhyBGj7QHTpEj0vjMTKYXhVieMquQSHwRP zcrYl8f/xWJKo6XNjR1YLh5PWeD6B9dWD1RcvBZ0jCez84jyVT1EyWMWGiodkLMx gmJITO2DBaekelU0yyZJIFePO5DJpcXspf5lrPgkPG9u/U4hZf94AAGMYbXJZ5Rn BDcqGEGQe+mtcG6lq6DGRDH5VVMG4k13MrZJBfrVAhkGU+g6nKQbOXCcdcRjoM6N 9NL8RbcpL0NhphNmrKwjNcYd4kZxYgTQb87FZi+qDxwGQIWIxcET6gL5t/vqAev1 v/uKFLlt5x/2tNtpC8aY8EwdyGcXfeBXEl9AjP7HUWC/KzB8I9vLnokcMvOMYDIg 3wNIsKMYLcLzuLL8oJ7FvDkBO+H/RjSvF4UvQyLOPOJtWSV5uKbLfKIU9sw90G3i t8qo3lNC/J4saJ+jx+O7XoHjFw6biJFATvs0+HtpCkwi0aJm2SGW+OvXuZCGZPnz TW2YsGFCCwL/RPtceJVkGfV3kr7SUB5AGXjueXdC+4QWfmi3POWojjgheQrleS+3 OLxRsUVbQ6hOqEgLAaV6HhzvykkTjDj2Gq8P3I+1Y/eiRHjlpdU= =WYnW -----END PGP SIGNATURE----- Merge 5.4.47 into android-5.4-stable Changes in 5.4.47 ipv6: fix IPV6_ADDRFORM operation logic mlxsw: core: Use different get_trend() callbacks for different thermal zones net_failover: fixed rollback in net_failover_open() tun: correct header offsets in napi frags mode bridge: Avoid infinite loop when suppressing NS messages with invalid options vxlan: Avoid infinite loop when suppressing NS messages with invalid options bpf: Support llvm-objcopy for vmlinux BTF elfnote: mark all .note sections SHF_ALLOC Input: mms114 - fix handling of mms345l ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook sched/fair: Don't NUMA balance for kthreads Input: synaptics - add a second working PNP_ID for Lenovo T470s csky: Fixup abiv2 syscall_trace break a4 & a5 gfs2: Even more gfs2_find_jhead fixes drivers/net/ibmvnic: Update VNIC protocol version reporting powerpc/xive: Clear the page tables for the ESB IO mapping spi: dw: Fix native CS being unset ath9k_htc: Silence undersized packet warnings smack: avoid unused 'sip' variable warning RDMA/uverbs: Make the event_queue fds return POLLERR when disassociated padata: add separate cpuhp node for CPUHP_PADATA_DEAD s390/pci: Log new handle in clp_disable_fh() x86/cpu/amd: Make erratum #1054 a legacy erratum KVM: x86: only do L1TF workaround on affected processors PCI/PM: Adjust pcie_wait_for_link_delay() for caller delay perf probe: Accept the instance number of kretprobe event mm: add kvfree_sensitive() for freeing sensitive data objects selftests: fix flower parent qdisc fanotify: fix ignore mask logic for events on child and on dir aio: fix async fsync creds ipv4: fix a RCU-list lock in fib_triestat_seq_show iwlwifi: mvm: fix NVM check for 3168 devices sctp: fix possibly using a bad saddr with a given dst sctp: fix refcount bug in sctp_wfree x86_64: Fix jiffies ODR violation x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs x86/speculation: Prevent rogue cross-process SSBD shutdown x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches. x86/reboot/quirks: Add MacBook6,1 reboot quirk perf/x86/intel: Add more available bits for OFFCORE_RESPONSE of Intel Tremont KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated KVM: x86: respect singlestep when emulating instruction KVM: x86: Fix APIC page invalidation race powerpc/ptdump: Properly handle non standard page size ASoC: max9867: fix volume controls io_uring: use kvfree() in io_sqe_buffer_register() efi/efivars: Add missing kobject_put() in sysfs entry creation error path smb3: fix incorrect number of credits when ioctl MaxOutputResponse > 64K smb3: add indatalen that can be a non-zero value to calculation of credit charge in smb2 ioctl watchdog: imx_sc_wdt: Fix reboot on crash ALSA: es1688: Add the missed snd_card_free() ALSA: fireface: fix configuration error for nominal sampling transfer frequency ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines ALSA: pcm: disallow linking stream to itself ALSA: pcm: fix snd_pcm_link() lockdep splat ALSA: usb-audio: Fix inconsistent card PM state after resume ALSA: usb-audio: Add vendor, product and profile name for HP Thunderbolt Dock ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() ACPI: GED: add support for _Exx / _Lxx handler methods ACPI: PM: Avoid using power resources if there are none for D0 arm64: acpi: fix UBSAN warning lib/lzo: fix ambiguous encoding bug in lzo-rle nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() spi: dw: Fix controller unregister order spi: Fix controller unregister order spi: pxa2xx: Fix controller unregister order spi: pxa2xx: Fix runtime PM ref imbalance on probe error spi: bcm2835: Fix controller unregister order spi: bcm2835aux: Fix controller unregister order spi: bcm-qspi: Handle clock probe deferral spi: bcm-qspi: when tx/rx buffer is NULL set to 0 PM: runtime: clk: Fix clk_pm_runtime_get() error path gup: document and work around "COW can break either way" issue crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated crypto: algapi - Avoid spurious modprobe on LOADED crypto: drbg - fix error return code in drbg_alloc_state() x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned firmware: imx: warn on unexpected RX firmware: imx-scu: Support one TX and one RX firmware: imx: scu: Fix corruption of header crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req() crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() dccp: Fix possible memleak in dccp_init and dccp_fini selftests/net: in rxtimestamp getopt_long needs terminating null entry net/mlx5: drain health workqueue in case of driver load error net/mlx5: Fix fatal error handling during device load net/mlx5e: Fix repeated XSK usage on one channel ovl: initialize error in ovl_copy_xattr proc: Use new_inode not new_inode_pseudo remoteproc: Fall back to using parent memory pool if no dedicated available remoteproc: Fix and restore the parenting hierarchy for vdev cpufreq: Fix up cpufreq_boost_set_sw() EDAC/skx: Use the mcmtr register to retrieve close_pg/bank_xor_enable video: vt8500lcdfb: fix fallthrough warning video: fbdev: w100fb: Fix a potential double free. KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 KVM: nSVM: fix condition for filtering async PF KVM: nSVM: leave ASID aside in copy_vmcb_control_area KVM: nVMX: Consult only the "basic" exit reason when routing nested exit KVM: MIPS: Define KVM_ENTRYHI_ASID to cpu_asid_mask(&boot_cpu_data) KVM: MIPS: Fix VPN2_MASK definition for variable cpu_vmbits KVM: arm64: Stop writing aarch32's CSSELR into ACTLR KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts scsi: megaraid_sas: TM command refire leads to controller firmware crash scsi: lpfc: Fix negation of else clause in lpfc_prep_node_fc4type selftests/ftrace: Return unsupported if no error_log file ath9k: Fix use-after-free Read in htc_connect_service ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx ath9k: Fix use-after-free Write in ath9k_htc_rx_msg ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb Smack: slab-out-of-bounds in vsscanf drm/vkms: Hold gem object while still in-use mm/slub: fix a memory leak in sysfs_slab_add() fat: don't allow to mount if the FAT length == 0 perf: Add cond_resched() to task_function_call() agp/intel: Reinforce the barrier after GTT updates mmc: sdhci-msm: Clear tuning done flag while hs400 tuning mmc: mmci_sdmmc: fix DMA API warning overlapping mappings mmc: tmio: Further fixup runtime PM management at remove mmc: uniphier-sd: call devm_request_irq() after tmio_mmc_host_probe() ARM: dts: at91: sama5d2_ptc_ek: fix sdmmc0 node description mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() mmc: sdio: Fix several potential memory leaks in mmc_sdio_init_card() block/floppy: fix contended case in floppy_queue_rq() xen/pvcalls-back: test for errors when calling backend_connect() KVM: arm64: Synchronize sysreg state on injecting an AArch32 exception KVM: arm64: Save the host's PtrAuth keys in non-preemptible context Linux 5.4.47 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I3fb3216abdbc080b4ac7b827b35ff6a813e28eb8 |
||
Barret Rhoden
|
e81b05e535 |
perf: Add cond_resched() to task_function_call()
commit 2ed6edd33a214bca02bd2b45e3fc3038a059436b upstream. Under rare circumstances, task_function_call() can repeatedly fail and cause a soft lockup. There is a slight race where the process is no longer running on the cpu we targeted by the time remote_function() runs. The code will simply try again. If we are very unlucky, this will continue to fail, until a watchdog fires. This can happen in a heavily loaded, multi-core virtual machine. Reported-by: syzbot+bb4935a5c09b5ff79940@syzkaller.appspotmail.com Signed-off-by: Barret Rhoden <brho@google.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Link: https://lkml.kernel.org/r/20200414222920.121401-1-brho@google.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Daniel Jordan
|
77db4e1d40 |
padata: add separate cpuhp node for CPUHP_PADATA_DEAD
[ Upstream commit 3c2214b6027ff37945799de717c417212e1a8c54 ]
Removing the pcrypt module triggers this:
general protection fault, probably for non-canonical
address 0xdead000000000122
CPU: 5 PID: 264 Comm: modprobe Not tainted 5.6.0+ #2
Hardware name: QEMU Standard PC
RIP: 0010:__cpuhp_state_remove_instance+0xcc/0x120
Call Trace:
padata_sysfs_release+0x74/0xce
kobject_put+0x81/0xd0
padata_free+0x12/0x20
pcrypt_exit+0x43/0x8ee [pcrypt]
padata instances wrongly use the same hlist node for the online and dead
states, so __padata_free()'s second cpuhp remove call chokes on the node
that the first poisoned.
cpuhp multi-instance callbacks only walk forward in cpuhp_step->list and
the same node is linked in both the online and dead lists, so the list
corruption that results from padata_alloc() adding the node to a second
list without removing it from the first doesn't cause problems as long
as no instances are freed.
Avoid the issue by giving each state its own node.
Fixes: 894c9ef9780c ("padata: validate cpumask without removed CPU during offline")
Signed-off-by: Daniel Jordan <daniel.m.jordan@oracle.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: stable@vger.kernel.org # v5.4+
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
Jens Axboe
|
53fed23f8c |
sched/fair: Don't NUMA balance for kthreads
[ Upstream commit 18f855e574d9799a0e7489f8ae6fd8447d0dd74a ] Stefano reported a crash with using SQPOLL with io_uring: BUG: kernel NULL pointer dereference, address: 00000000000003b0 CPU: 2 PID: 1307 Comm: io_uring-sq Not tainted 5.7.0-rc7 #11 RIP: 0010:task_numa_work+0x4f/0x2c0 Call Trace: task_work_run+0x68/0xa0 io_sq_thread+0x252/0x3d0 kthread+0xf9/0x130 ret_from_fork+0x35/0x40 which is task_numa_work() oopsing on current->mm being NULL. The task work is queued by task_tick_numa(), which checks if current->mm is NULL at the time of the call. But this state isn't necessarily persistent, if the kthread is using use_mm() to temporarily adopt the mm of a task. Change the task_tick_numa() check to exclude kernel threads in general, as it doesn't make sense to attempt ot balance for kthreads anyway. Reported-by: Stefano Garzarella <sgarzare@redhat.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Ingo Molnar <mingo@kernel.org> Acked-by: Peter Zijlstra <peterz@infradead.org> Link: https://lore.kernel.org/r/865de121-8190-5d30-ece5-3b097dc74431@kernel.dk Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Fangrui Song
|
f04d1e880f |
bpf: Support llvm-objcopy for vmlinux BTF
commit 90ceddcb495008ac8ba7a3dce297841efcd7d584 upstream.
Simplify gen_btf logic to make it work with llvm-objcopy. The existing
'file format' and 'architecture' parsing logic is brittle and does not
work with llvm-objcopy/llvm-objdump.
'file format' output of llvm-objdump>=11 will match GNU objdump, but
'architecture' (bfdarch) may not.
.BTF in .tmp_vmlinux.btf is non-SHF_ALLOC. Add the SHF_ALLOC flag
because it is part of vmlinux image used for introspection. C code
can reference the section via linker script defined __start_BTF and
__stop_BTF. This fixes a small problem that previous .BTF had the
SHF_WRITE flag (objcopy -I binary -O elf* synthesized .data).
Additionally, `objcopy -I binary` synthesized symbols
_binary__btf_vmlinux_bin_start and _binary__btf_vmlinux_bin_stop (not
used elsewhere) are replaced with more commonplace __start_BTF and
__stop_BTF.
Add 2>/dev/null because GNU objcopy (but not llvm-objcopy) warns
"empty loadable segment detected at vaddr=0xffffffff81000000, is this intentional?"
We use a dd command to change the e_type field in the ELF header from
ET_EXEC to ET_REL so that lld will accept .btf.vmlinux.bin.o. Accepting
ET_EXEC as an input file is an extremely rare GNU ld feature that lld
does not intend to support, because this is error-prone.
The output section description .BTF in include/asm-generic/vmlinux.lds.h
avoids potential subtle orphan section placement issues and suppresses
--orphan-handling=warn warnings.
Fixes: df786c9b9476 ("bpf: Force .BTF section start to zero when dumping from vmlinux")
Fixes: cb0cc635c7a9 ("powerpc: Include .BTF section")
Reported-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Fangrui Song <maskray@google.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Tested-by: Stanislav Fomichev <sdf@google.com>
Tested-by: Andrii Nakryiko <andriin@fb.com>
Reviewed-by: Stanislav Fomichev <sdf@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Acked-by: Andrii Nakryiko <andriin@fb.com>
Acked-by: Michael Ellerman <mpe@ellerman.id.au> (powerpc)
Link: https://github.com/ClangBuiltLinux/linux/issues/871
Link: https://lore.kernel.org/bpf/20200318222746.173648-1-maskray@google.com
Signed-off-by: Maria Teguiani <teguiani@google.com>
Tested-by: Matthias Maennich <maennich@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
34a7766e99 |
This is the 5.4.46 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl7hJXwACgkQONu9yGCS aT4XEg/+LgiOluf+/CBv29J9TTf47uUl8VrhhFY6w5nbrOL5h/QMJnkjfSGelXxO 3LFRXwUI4zdZQ4fdMhjuGdBBbALpzw0krkiLZ0v4uc4fDqPtBvqLBRxM6VQppKf2 YsqU9OpbdhVo4ioTVUvBjigeR50YfZBquSrnOxL6ntqsKRmc10ms3A9TvEhyXnFv G1Np+NYJwRX8oYTE0awte41lqfORrf9Xs92YeEc/xr9RDvWb4BkSJCZszba8povl 5+2yte9kQSE/S958gh1zT3UQ98FtIrYoJ4EJGfA0nNZDPvquYo3bgkXAlJyos1q1 3oJ+mNAyJFWViQTxRgOMOfxpn6JNXGzPIxmg9AsLCx9Qju5jYbSkgby0gRh0vf8y ym9TcrIXXfAVP7160anolZXRvsvkeGZUiulWraulhXvhOlUL2r+F4Ybh/2nsSWn4 6UGDahJAspPXj0RttJdjfcOEiOLVUgVywUW/j+vjTRURfvQC9CetjrPT1Yajn0Od x0YrlTS5jqHItglIwbotV8JdLBRMtkYwXO3tQrSdZ3McwfEm21zc0jwC4ZWhpNkX mV733TrTvx889lEUBE+B2zzUi6+BTv6904C7e2gncuWaT3ORfsoV4djsPqYNWwk3 8ty9MmxmLs6T6cUQ4dzoUwR51stp2S8ppW9Zl7TtSnvKaKsBlvw= =Pyeq -----END PGP SIGNATURE----- Merge 5.4.46 into android-5.4-stable Changes in 5.4.46 devinet: fix memleak in inetdev_init() l2tp: add sk_family checks to l2tp_validate_socket l2tp: do not use inet_hash()/inet_unhash() net/mlx5: Fix crash upon suspend/resume net: stmmac: enable timestamp snapshot for required PTP packets in dwmac v5.10a net: usb: qmi_wwan: add Telit LE910C1-EUX composition NFC: st21nfca: add missed kfree_skb() in an error path nfp: flower: fix used time of merge flow statistics vsock: fix timeout in vsock_accept() net: check untrusted gso_size at kernel entry net: be more gentle about silly gso requests coming from user USB: serial: qcserial: add DW5816e QDL support USB: serial: usb_wwan: do not resubmit rx urb on fatal errors USB: serial: option: add Telit LE910C1-EUX compositions USB: serial: ch341: add basis for quirk detection iio:chemical:sps30: Fix timestamp alignment iio: vcnl4000: Fix i2c swapped word reading. iio:chemical:pms7003: Fix timestamp alignment and prevent data leak. iio: adc: stm32-adc: fix a wrong error message when probing interrupts usb: musb: start session in resume for host port usb: musb: Fix runtime PM imbalance on error vt: keyboard: avoid signed integer overflow in k_ascii tty: hvc_console, fix crashes on parallel open/close staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK CDC-ACM: heed quirk also in error handling nvmem: qfprom: remove incorrect write support x86/speculation/spectre_v2: Exclude Zhaoxin CPUs from SPECTRE_V2 x86/cpu: Add a steppings field to struct x86_cpu_id x86/cpu: Add 'table' argument to cpu_matches() x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation x86/speculation: Add SRBDS vulnerability and mitigation documentation x86/speculation: Add Ivy Bridge to affected list uprobes: ensure that uprobe->offset and ->ref_ctr_offset are properly aligned Revert "net/mlx5: Annotate mutex destroy for root ns" Linux 5.4.46 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I58f55a0ee645d89fb91748a2d378bffea65e24dd |
||
Oleg Nesterov
|
c06c03bba0 |
uprobes: ensure that uprobe->offset and ->ref_ctr_offset are properly aligned
commit 013b2deba9a6b80ca02f4fafd7dedf875e9b4450 upstream. uprobe_write_opcode() must not cross page boundary; prepare_uprobe() relies on arch_uprobe_analyze_insn() which should validate "vaddr" but some architectures (csky, s390, and sparc) don't do this. We can remove the BUG_ON() check in prepare_uprobe() and validate the offset early in __uprobe_register(). The new IS_ALIGNED() check matches the alignment check in arch_prepare_kprobe() on supported architectures, so I think that all insns must be aligned to UPROBE_SWBP_INSN_SIZE. Another problem is __update_ref_ctr() which was wrong from the very beginning, it can read/write outside of kmap'ed page unless "vaddr" is aligned to sizeof(short), __uprobe_register() should check this too. Reported-by: Linus Torvalds <torvalds@linux-foundation.org> Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Oleg Nesterov <oleg@redhat.com> Reviewed-by: Srikar Dronamraju <srikar@linux.vnet.ibm.com> Acked-by: Christian Borntraeger <borntraeger@de.ibm.com> Tested-by: Sven Schnelle <svens@linux.ibm.com> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: stable@vger.kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Sami Tolvanen
|
e467b8c7db |
ANDROID: scs: fix recursive spinlock in scs_check_usage
Use cmpxchg instead of a spinlock in scs_check_usage() to avoid deadlocks. Bug: 157781894 Change-Id: I1701ccaf25fdbd34ce4798c6f93e220b1565fb34 (cherry picked from commit e929fb3f34326c669bff7863da32c90730fa7d72) Signed-off-by: Sami Tolvanen <samitolvanen@google.com> |
||
|
Greg Kroah-Hartman
|
a9a13eeea9 |
This is the 5.4.45 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl7czYMACgkQONu9yGCS aT4YHA//cHSv58LPIlq8k2VYd0PG7qqg5SCU42AAQRPJWG19DavGynEkLUI35eqZ bSqrciaQkkzeoPwawzVGKy1KOaKVnNAr5f9wsFK8XB86PlreRfQfvrR2MniRY33H 5OTfw1127UIWJYuhCB6+PTXNHGNa6VaeGwDjVVczY+Ggsh2fyokxC5kb/FUsjuCN IlK41/dmiDDcP33RSQ82PMjDkEmJZsGhibaliivgV6rDvZeWW8PYnLTP+c24wIeK 6E2+XlP807FljjBPaCgKuTHx9LRDhj9CnUUuuo1LRGDtGNlW1deZ+PFXFJJ3gY0G Ja8RzZUgS6aVsBCbloIOEOwuLzeuZQTvnm5OKxPomOwE+7UIJ4e0xihzrTqji+zv yWfNwA2cErjHWZ3krL+muxbAO7CSatE4OEmn8OPbqOvp9F78r6l8mngHnWNMWkkW gGki69hQ+L/HgcIUOSnErfo+jBGhhsm2RPubl0sb8N4n9eS9TJx5NNlmsCL+uC4c 4wndNES/rPoi80vsIMB1h2PDkkWpjUZx/M6jZ1NuAlTOXgSsa0ZSz3Jvapi7cg2U weFKwAN4l/vHs9sOHASefrtj3mcZwcTJV9a9x0qmaIHpmqSICoptB5H9BTJ/c7sm U4JZ03yQSwkPhxtfDYbngMePcLyYIizGLq+3PbGPOiM1EqLEY8M= =mtHa -----END PGP SIGNATURE----- Merge 5.4.45 into android-5.4-stable Changes in 5.4.45 Revert "cgroup: Add memory barriers to plug cgroup_rstat_updated() race window" mm: Fix mremap not considering huge pmd devmap HID: sony: Fix for broken buttons on DS3 USB dongles HID: multitouch: enable multi-input as a quirk for some devices HID: i2c-hid: add Schneider SCL142ALM to descriptor override p54usb: add AirVasT USB stick device-id mt76: mt76x02u: Add support for newer versions of the XBox One wifi adapter kernel/relay.c: handle alloc_percpu returning NULL in relay_open mmc: fix compilation of user API media: Revert "staging: imgu: Address a compiler warning on alignment" media: staging: ipu3-imgu: Move alignment attribute to field scsi: ufs: Release clock if DMA map fails net: dsa: mt7530: set CPU port to fallback mode airo: Fix read overflows sending packets drm/i915: fix port checks for MST support on gen >= 11 scsi: hisi_sas: Check sas_port before using it powerpc/powernv: Avoid re-registration of imc debugfs directory powerpc/xmon: Restrict when kernel is locked down spi: dw: use "smp_mb()" to avoid sending spi data error ASoC: intel - fix the card names s390/ftrace: save traced function caller RDMA/qedr: Fix qpids xarray api used RDMA/qedr: Fix synchronization methods and memory leaks in qedr ARC: Fix ICCM & DCCM runtime size checks ARC: [plat-eznps]: Restrict to CONFIG_ISA_ARCOMPACT evm: Fix RCU list related warnings scsi: pm: Balance pm_only counter of request queue during system resume i2c: altera: Fix race between xfer_msg and isr thread io_uring: initialize ctx->sqo_wait earlier x86/mmiotrace: Use cpumask_available() for cpumask_var_t variables net: bmac: Fix read of MAC address from ROM drm/edid: Add Oculus Rift S to non-desktop list s390/mm: fix set_huge_pte_at() for empty ptes null_blk: return error for invalid zone size net/ethernet/freescale: rework quiesce/activate for ucc_geth net: ethernet: stmmac: Enable interface clocks on probe for IPQ806x selftests: mlxsw: qos_mc_aware: Specify arping timeout as an integer net: smsc911x: Fix runtime PM imbalance on error Linux 5.4.45 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I31d3b6ccd9963bd8eb6aad70b2015cead1ec49e3 |
||
Daniel Axtens
|
1c44e6e09d |
kernel/relay.c: handle alloc_percpu returning NULL in relay_open
commit 54e200ab40fc14c863bcc80a51e20b7906608fce upstream.
alloc_percpu() may return NULL, which means chan->buf may be set to NULL.
In that case, when we do *per_cpu_ptr(chan->buf, ...), we dereference an
invalid pointer:
BUG: Unable to handle kernel data access at 0x7dae0000
Faulting instruction address: 0xc0000000003f3fec
...
NIP relay_open+0x29c/0x600
LR relay_open+0x270/0x600
Call Trace:
relay_open+0x264/0x600 (unreliable)
__blk_trace_setup+0x254/0x600
blk_trace_setup+0x68/0xa0
sg_ioctl+0x7bc/0x2e80
do_vfs_ioctl+0x13c/0x1300
ksys_ioctl+0x94/0x130
sys_ioctl+0x48/0xb0
system_call+0x5c/0x68
Check if alloc_percpu returns NULL.
This was found by syzkaller both on x86 and powerpc, and the reproducer
it found on powerpc is capable of hitting the issue as an unprivileged
user.
Fixes:
|
||
Tejun Heo
|
3209e3e812 |
Revert "cgroup: Add memory barriers to plug cgroup_rstat_updated() race window"
[ Upstream commit d8ef4b38cb69d907f9b0e889c44d05fc0f890977 ]
This reverts commit
|
||
|
Greg Kroah-Hartman
|
f7b4f375c7 |
This is the 5.4.43 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl7Oi20ACgkQONu9yGCS aT4ipBAA1Kqh2mLEcDBISubrU4CuOl/iHmkCXyF1FeF9+vJKz25whbfYO/FNYweP 2HYxGyuqLTQ0OnsfrXeEoImlxdAcWp3TjAFPgJdonLBvnVDmvlPe6Pzk1NRPhvce zU/Y1leE+LoQ7xDfICPJ9BwuwwYTRzRqMQHmIuVlsHLSiN+rextPj6vkzD+7h4ux i9VKoDvzmWuLrHmc9RYNoGxuZ5tGogBaCxI8tnzHGcm21bNVvsKZiANQ2J+6G2bJ sJwqq5tH2gZ6cJxmJ1tVyMbXLIJanNKLeBC5sDQN4rss9pU4gtyEARqVG+9RlglQ FeSlBuoaISJYYejo6aSH7nw81bTQrXexd0sH94qYqnqPlZo+OXN8vxHTaIapYEfd fjqyEblZXqpnMNVQcZOxbrYaefuIrZ9Q8pWUFTwVj34P8RNJLBIvg5gy2dlRvHbC PGLJewOXySZaXVpD5gFU349L32d4QPw9MmMU5php+LOl4idN8RlVY0pOaUuO0idH ewO+6vijLgHq/5HBO6BBToRlNUvLauoUeAaQwoHfPiuuYnGGFCZ9GEjPRsHnCBok IAKQ2Uj+IqlMy7gKVtG1ryekil7TVktrZQ1JBokRLWQPZiED84r7P1lQqPaH/4f4 GFFRhx3tekJs4LMMUEaUR019Q9ZcQMWkikT1/HpVOYUjQd55pc4= =jmiq -----END PGP SIGNATURE----- Merge 5.4.43 into android-5.4-stable Changes in 5.4.43 i2c: dev: Fix the race between the release of i2c_dev and cdev KVM: SVM: Fix potential memory leak in svm_cpu_init() ima: Set file->f_mode instead of file->f_flags in ima_calc_file_hash() evm: Check also if *tfm is an error pointer in init_desc() ima: Fix return value of ima_write_policy() ubifs: fix wrong use of crypto_shash_descsize() ACPI: EC: PM: Avoid flushing EC work when EC GPE is inactive mtd: spinand: Propagate ECC information to the MTD structure fix multiplication overflow in copy_fdtable() ubifs: remove broken lazytime support i2c: fix missing pm_runtime_put_sync in i2c_device_probe iommu/amd: Fix over-read of ACPI UID from IVRS table evm: Fix a small race in init_desc() i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()' ubi: Fix seq_file usage in detailed_erase_block_info debugfs file afs: Don't unlock fetched data pages until the op completes successfully mtd: Fix mtd not registered due to nvmem name collision kbuild: avoid concurrency issue in parallel building dtbs and dtbs_check net: drop_monitor: use IS_REACHABLE() to guard net_dm_hw_report() gcc-common.h: Update for GCC 10 HID: multitouch: add eGalaxTouch P80H84 support HID: alps: Add AUI1657 device ID HID: alps: ALPS_1657 is too specific; use U1_UNICORN_LEGACY instead scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV scsi: qla2xxx: Delete all sessions before unregister local nvme port configfs: fix config_item refcnt leak in configfs_rmdir() vhost/vsock: fix packet delivery order to monitoring devices aquantia: Fix the media type of AQC100 ethernet controller in the driver component: Silence bind error on -EPROBE_DEFER net/ena: Fix build warning in ena_xdp_set() scsi: ibmvscsi: Fix WARN_ON during event pool release HID: i2c-hid: reset Synaptics SYNA2393 on resume x86/mm/cpa: Flush direct map alias during cpa ibmvnic: Skip fatal error reset after passive init ftrace/selftest: make unresolved cases cause failure if --fail-unresolved set x86/apic: Move TSC deadline timer debug printk gtp: set NLM_F_MULTI flag in gtp_genl_dump_pdp() HID: quirks: Add HID_QUIRK_NO_INIT_REPORTS quirk for Dell K12A keyboard-dock ceph: fix double unlock in handle_cap_export() stmmac: fix pointer check after utilization in stmmac_interrupt USB: core: Fix misleading driver bug report platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA iommu/amd: Call domain_flush_complete() in update_domain() drm/amd/display: Prevent dpcd reads with passive dongles KVM: selftests: Fix build for evmcs.h ARM: futex: Address build warning scripts/gdb: repair rb_first() and rb_last() ALSA: hda - constify and cleanup static NodeID tables ALSA: hda: patch_realtek: fix empty macro usage in if block ALSA: hda: Manage concurrent reg access more properly ALSA: hda/realtek - Add supported new mute Led for HP ALSA: hda/realtek - Add HP new mute led supported for ALC236 ALSA: hda/realtek: Add quirk for Samsung Notebook ALSA: hda/realtek - Enable headset mic of ASUS GL503VM with ALC295 ALSA: hda/realtek - Enable headset mic of ASUS UX550GE with ALC295 ALSA: hda/realtek: Enable headset mic of ASUS UX581LV with ALC295 KVM: x86: Fix pkru save/restore when guest CR4.PKE=0, move it to x86.c ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option ALSA: pcm: fix incorrect hw_base increase ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Xtreme ALSA: hda/realtek - Add more fixup entries for Clevo machines scsi: qla2xxx: Do not log message when reading port speed via sysfs scsi: target: Put lun_ref at end of tmr processing arm64: Fix PTRACE_SYSEMU semantics drm/etnaviv: fix perfmon domain interation apparmor: Fix use-after-free in aa_audit_rule_init apparmor: fix potential label refcnt leak in aa_change_profile apparmor: Fix aa_label refcnt leak in policy_update dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()' drm/etnaviv: Fix a leak in submit_pin_objects() dmaengine: dmatest: Restore default for channel dmaengine: owl: Use correct lock in owl_dma_get_pchan() vsprintf: don't obfuscate NULL and error pointers drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of inheritance. drm/i915: Propagate error from completed fences powerpc: Remove STRICT_KERNEL_RWX incompatibility with RELOCATABLE powerpc/64s: Disable STRICT_KERNEL_RWX bpf: Avoid setting bpf insns pages read-only when prog is jited kbuild: Remove debug info from kallsyms linking Revert "gfs2: Don't demote a glock until its revokes are written" media: fdp1: Fix R-Car M3-N naming in debug message staging: iio: ad2s1210: Fix SPI reading staging: kpc2000: fix error return code in kp2000_pcie_probe() staging: greybus: Fix uninitialized scalar variable iio: sca3000: Remove an erroneous 'get_device()' iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()' iio: adc: ti-ads8344: Fix channel selection misc: rtsx: Add short delay after exit from ASPM tty: serial: add missing spin_lock_init for SiFive serial console mei: release me_cl object reference ipack: tpci200: fix error return code in tpci200_register() s390/pci: Fix s390_mmio_read/write with MIO s390/kaslr: add support for R_390_JMP_SLOT relocation type device-dax: don't leak kernel memory to user space after unloading kmem rapidio: fix an error in get_user_pages_fast() error handling kasan: disable branch tracing for core runtime rxrpc: Fix the excessive initial retransmission timeout rxrpc: Fix a memory leak in rxkad_verify_response() s390/kexec_file: fix initrd location for kdump kernel flow_dissector: Drop BPF flow dissector prog ref on netns cleanup x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks iio: adc: stm32-adc: Use dma_request_chan() instead dma_request_slave_channel() iio: adc: stm32-adc: fix device used to request dma iio: adc: stm32-dfsdm: Use dma_request_chan() instead dma_request_slave_channel() iio: adc: stm32-dfsdm: fix device used to request dma rxrpc: Trace discarded ACKs rxrpc: Fix ack discard tpm: check event log version before reading final events sched/fair: Reorder enqueue/dequeue_task_fair path sched/fair: Fix reordering of enqueue/dequeue_task_fair() sched/fair: Fix enqueue_task_fair() warning some more Linux 5.4.43 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I1582df67569f34c4455c482ed0eaf10fc1a34e03 |
||
Phil Auld
|
b510018602 |
sched/fair: Fix enqueue_task_fair() warning some more
[ Upstream commit b34cb07dde7c2346dec73d053ce926aeaa087303 ]
sched/fair: Fix enqueue_task_fair warning some more
The recent patch, fe61468b2cb (sched/fair: Fix enqueue_task_fair warning)
did not fully resolve the issues with the rq->tmp_alone_branch !=
&rq->leaf_cfs_rq_list warning in enqueue_task_fair. There is a case where
the first for_each_sched_entity loop exits due to on_rq, having incompletely
updated the list. In this case the second for_each_sched_entity loop can
further modify se. The later code to fix up the list management fails to do
what is needed because se does not point to the sched_entity which broke out
of the first loop. The list is not fixed up because the throttled parent was
already added back to the list by a task enqueue in a parallel child hierarchy.
Address this by calling list_add_leaf_cfs_rq if there are throttled parents
while doing the second for_each_sched_entity loop.
Fixes: fe61468b2cb ("sched/fair: Fix enqueue_task_fair warning")
Suggested-by: Vincent Guittot <vincent.guittot@linaro.org>
Signed-off-by: Phil Auld <pauld@redhat.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Dietmar Eggemann <dietmar.eggemann@arm.com>
Reviewed-by: Vincent Guittot <vincent.guittot@linaro.org>
Link: https://lkml.kernel.org/r/20200512135222.GC2201@lorien.usersys.redhat.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
Vincent Guittot
|
8b13f5657f |
sched/fair: Fix reordering of enqueue/dequeue_task_fair()
[ Upstream commit 5ab297bab984310267734dfbcc8104566658ebef ]
Even when a cgroup is throttled, the group se of a child cgroup can still
be enqueued and its gse->on_rq stays true. When a task is enqueued on such
child, we still have to update the load_avg and increase
h_nr_running of the throttled cfs. Nevertheless, the 1st
for_each_sched_entity() loop is skipped because of gse->on_rq == true and the
2nd loop because the cfs is throttled whereas we have to update both
load_avg with the old h_nr_running and increase h_nr_running in such case.
The same sequence can happen during dequeue when se moves to parent before
breaking in the 1st loop.
Note that the update of load_avg will effectively happen only once in order
to sync up to the throttled time. Next call for updating load_avg will stop
early because the clock stays unchanged.
Signed-off-by: Vincent Guittot <vincent.guittot@linaro.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Fixes: 6d4d22468dae ("sched/fair: Reorder enqueue/dequeue_task_fair path")
Link: https://lkml.kernel.org/r/20200306084208.12583-1-vincent.guittot@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Vincent Guittot
|
a2ad232aa6 |
sched/fair: Reorder enqueue/dequeue_task_fair path
[ Upstream commit 6d4d22468dae3d8757af9f8b81b848a76ef4409d ] The walk through the cgroup hierarchy during the enqueue/dequeue of a task is split in 2 distinct parts for throttled cfs_rq without any added value but making code less readable. Change the code ordering such that everything related to a cfs_rq (throttled or not) will be done in the same loop. In addition, the same steps ordering is used when updating a cfs_rq: - update_load_avg - update_cfs_group - update *h_nr_running This reordering enables the use of h_nr_running in PELT algorithm. No functional and performance changes are expected and have been noticed during tests. Signed-off-by: Vincent Guittot <vincent.guittot@linaro.org> Signed-off-by: Mel Gorman <mgorman@techsingularity.net> Signed-off-by: Ingo Molnar <mingo@kernel.org> Reviewed-by: "Dietmar Eggemann <dietmar.eggemann@arm.com>" Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Juri Lelli <juri.lelli@redhat.com> Cc: Valentin Schneider <valentin.schneider@arm.com> Cc: Phil Auld <pauld@redhat.com> Cc: Hillf Danton <hdanton@sina.com> Link: https://lore.kernel.org/r/20200224095223.13361-5-mgorman@techsingularity.net Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
a93d8ad9ba |
This is the 5.4.42 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl7EzDkACgkQONu9yGCS
aT6E0Q//dzSQiIdz+a06TLKzcXyxzY+FIIy/OVZAYSGxeM3Kt6GDUzUWnlAPOSbo
9UVcQdHllNKuJXXBOTkjEmFLEdJ+AFaJ2M7tjh5PKd7Y1am5xY2t7w4z5ohFaJto
lPxakRXXPh4Yrf8n+ANyR9Dz69uLC+qfHi2wbQ6v8ly07Fgr034X7Pl+BMewNYM8
QCcsS2a7+qmsvRGTheWhiFTZhEbHzEK5GB4EWIaYTEEsrTet1htwvtRLZ7TEvAma
2jnapJBQBGkxxMoo9D1GAzA9MI7p7XqUvCmRpMtXiMaPUhFmOgHYtGZ4x3Iu/TmK
dIeWOZjyHlosIHtbf7m2hrNPedaErjnZCM97gjOi9TjupndBveikYuynnbLthfbZ
1mrrXHJew/FjILFE1GL1zVI6LMsFRUyWA7H3R8xQkBUXBKhoIzGl4263bugSO2Hk
Gvn+cSTUBvou15yZPEm0WFqUiM0kBO3A1x9YcF9yKYuzGtpGF5GEQlriNCLLvfWf
kihgOM4yIaFFYVL+CCbN6uHBVFhfI+Ts9/7PzLgoGtwshw9EK2Gn/FBn2NJetC1Q
1wHlNlavLoYvI9RZ0kCuD/jcVxG2hvOjvo/RCYg+ETujjhkhWwcWZxhZQsG1Kel3
a2/DMrx52RnhNMVDGecgRGKIADtqI4x6XZzk0gvgDG1ib3u77Ng=
=dmPo
-----END PGP SIGNATURE-----
Merge 5.4.42 into android-5.4-stable
Changes in 5.4.42
net: dsa: Do not make user port errors fatal
shmem: fix possible deadlocks on shmlock_user_lock
net: phy: microchip_t1: add lan87xx_phy_init to initialize the lan87xx phy.
KVM: arm: vgic: Synchronize the whole guest on GIC{D,R}_I{S,C}ACTIVER read
gpio: pca953x: Fix pca953x_gpio_set_config
SUNRPC: Add "@len" parameter to gss_unwrap()
SUNRPC: Fix GSS privacy computation of auth->au_ralign
net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()'
net: moxa: Fix a potential double 'free_irq()'
ftrace/selftests: workaround cgroup RT scheduling issues
drop_monitor: work around gcc-10 stringop-overflow warning
virtio-blk: handle block_device_operations callbacks after hot unplug
sun6i: dsi: fix gcc-4.8
net_sched: fix tcm_parent in tc filter dump
scsi: sg: add sg_remove_request in sg_write
selftests/bpf: fix goto cleanup label not defined
mmc: sdhci-acpi: Add SDHCI_QUIRK2_BROKEN_64_BIT_DMA for AMDI0040
dpaa2-eth: properly handle buffer size restrictions
net: fix a potential recursive NETDEV_FEAT_CHANGE
netlabel: cope with NULL catmap
net: phy: fix aneg restart in phy_ethtool_set_eee
net: stmmac: fix num_por initialization
pppoe: only process PADT targeted at local interfaces
Revert "ipv6: add mtu lock check in __ip6_rt_update_pmtu"
tcp: fix error recovery in tcp_zerocopy_receive()
tcp: fix SO_RCVLOWAT hangs with fat skbs
virtio_net: fix lockdep warning on 32 bit
dpaa2-eth: prevent array underflow in update_cls_rule()
hinic: fix a bug of ndo_stop
net: dsa: loop: Add module soft dependency
net: ipv4: really enforce backoff for redirects
netprio_cgroup: Fix unlimited memory leak of v2 cgroups
net: tcp: fix rx timestamp behavior for tcp_recvmsg
nfp: abm: fix error return code in nfp_abm_vnic_alloc()
r8169: re-establish support for RTL8401 chip version
umh: fix memory leak on execve failure
riscv: fix vdso build with lld
dmaengine: pch_dma.c: Avoid data race between probe and irq handler
dmaengine: mmp_tdma: Do not ignore slave config validation errors
dmaengine: mmp_tdma: Reset channel error on release
selftests/ftrace: Check the first record for kprobe_args_type.tc
cpufreq: intel_pstate: Only mention the BIOS disabling turbo mode once
ALSA: hda/hdmi: fix race in monitor detection during probe
drm/amd/powerplay: avoid using pm_en before it is initialized revised
drm/amd/display: check if REFCLK_CNTL register is present
drm/amd/display: Update downspread percent to match spreadsheet for DCN2.1
drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper()
drm/amdgpu: simplify padding calculations (v2)
drm/amdgpu: invalidate L2 before SDMA IBs (v2)
ipc/util.c: sysvipc_find_ipc() incorrectly updates position index
ALSA: hda/realtek - Fix S3 pop noise on Dell Wyse
gfs2: Another gfs2_walk_metadata fix
mmc: sdhci-pci-gli: Fix no irq handler from suspend
IB/hfi1: Fix another case where pq is left on waitlist
ACPI: EC: PM: Avoid premature returns from acpi_s2idle_wake()
pinctrl: sunrisepoint: Fix PAD lock register offset for SPT-H
pinctrl: baytrail: Enable pin configuration setting for GPIO chip
pinctrl: qcom: fix wrong write in update_dual_edge
pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler
bpf: Fix error return code in map_lookup_and_delete_elem()
ALSA: firewire-lib: fix 'function sizeof not defined' error of tracepoints format
i40iw: Fix error handling in i40iw_manage_arp_cache()
drm/i915: Don't enable WaIncreaseLatencyIPCEnabled when IPC is disabled
bpf, sockmap: msg_pop_data can incorrecty set an sge length
bpf, sockmap: bpf_tcp_ingress needs to subtract bytes from sg.size
mmc: alcor: Fix a resource leak in the error path for ->probe()
mmc: sdhci-pci-gli: Fix can not access GL9750 after reboot from Windows 10
mmc: core: Check request type before completing the request
mmc: core: Fix recursive locking issue in CQE recovery path
mmc: block: Fix request completion in the CQE timeout path
gfs2: More gfs2_find_jhead fixes
fork: prevent accidental access to clone3 features
drm/amdgpu: force fbdev into vram
NFS: Fix fscache super_cookie index_key from changing after umount
nfs: fscache: use timespec64 in inode auxdata
NFSv4: Fix fscache cookie aux_data to ensure change_attr is included
netfilter: conntrack: avoid gcc-10 zero-length-bounds warning
drm/i915/gvt: Fix kernel oops for 3-level ppgtt guest
arm64: fix the flush_icache_range arguments in machine_kexec
nfs: fix NULL deference in nfs4_get_valid_delegation
SUNRPC: Signalled ASYNC tasks need to exit
netfilter: nft_set_rbtree: Introduce and use nft_rbtree_interval_start()
netfilter: nft_set_rbtree: Add missing expired checks
RDMA/rxe: Always return ERR_PTR from rxe_create_mmap_info()
IB/mlx4: Test return value of calls to ib_get_cached_pkey
IB/core: Fix potential NULL pointer dereference in pkey cache
RDMA/core: Fix double put of resource
RDMA/iw_cxgb4: Fix incorrect function parameters
hwmon: (da9052) Synchronize access with mfd
s390/ism: fix error return code in ism_probe()
mm, memcg: fix inconsistent oom event behavior
NFSv3: fix rpc receive buffer size for MOUNT call
pnp: Use list_for_each_entry() instead of open coding
net/rds: Use ERR_PTR for rds_message_alloc_sgs()
Stop the ad-hoc games with -Wno-maybe-initialized
gcc-10: disable 'zero-length-bounds' warning for now
gcc-10: disable 'array-bounds' warning for now
gcc-10: disable 'stringop-overflow' warning for now
gcc-10: disable 'restrict' warning for now
gcc-10 warnings: fix low-hanging fruit
gcc-10: mark more functions __init to avoid section mismatch warnings
gcc-10: avoid shadowing standard library 'free()' in crypto
usb: usbfs: correct kernel->user page attribute mismatch
USB: usbfs: fix mmap dma mismatch
ALSA: hda/realtek - Limit int mic boost for Thinkpad T530
ALSA: hda/realtek - Add COEF workaround for ASUS ZenBook UX431DA
ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
ALSA: usb-audio: Add control message quirk delay for Kingston HyperX headset
usb: core: hub: limit HUB_QUIRK_DISABLE_AUTOSUSPEND to USB5534B
usb: host: xhci-plat: keep runtime active when removing host
usb: cdns3: gadget: prev_req->trb is NULL for ep0
USB: gadget: fix illegal array access in binding with UDC
usb: xhci: Fix NULL pointer dereference when enqueuing trbs from urb sg list
Make the "Reducing compressed framebufer size" message be DRM_INFO_ONCE()
ARM: dts: dra7: Fix bus_dma_limit for PCIe
ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries
ARM: dts: imx6dl-yapp4: Fix Ursa board Ethernet connection
drm/amd/display: add basic atomic check for cursor plane
powerpc/32s: Fix build failure with CONFIG_PPC_KUAP_DEBUG
cifs: fix leaked reference on requeued write
x86: Fix early boot crash on gcc-10, third try
x86/unwind/orc: Fix error handling in __unwind_start()
exec: Move would_dump into flush_old_exec
clk: rockchip: fix incorrect configuration of rk3228 aclk_gpu* clocks
dwc3: Remove check for HWO flag in dwc3_gadget_ep_reclaim_trb_sg()
fanotify: fix merging marks masks with FAN_ONDIR
usb: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()'
usb: gadget: audio: Fix a missing error return value in audio_bind()
usb: gadget: legacy: fix error return code in gncm_bind()
usb: gadget: legacy: fix error return code in cdc_bind()
Revert "ALSA: hda/realtek: Fix pop noise on ALC225"
clk: Unlink clock if failed to prepare or enable
arm64: dts: meson-g12b-khadas-vim3: add missing frddr_a status property
arm64: dts: meson-g12-common: fix dwc2 clock names
arm64: dts: rockchip: Replace RK805 PMIC node name with "pmic" on rk3328 boards
arm64: dts: rockchip: Rename dwc3 device nodes on rk3399 to make dtc happy
arm64: dts: imx8mn: Change SDMA1 ahb clock for imx8mn
ARM: dts: r8a73a4: Add missing CMT1 interrupts
arm64: dts: renesas: r8a77980: Fix IPMMU VIP[01] nodes
ARM: dts: r8a7740: Add missing extal2 to CPG node
SUNRPC: Revert
|
||
Linus Torvalds
|
8f6a84167e |
Stop the ad-hoc games with -Wno-maybe-initialized
commit 78a5255ffb6a1af189a83e493d916ba1c54d8c75 upstream. We have some rather random rules about when we accept the "maybe-initialized" warnings, and when we don't. For example, we consider it unreliable for gcc versions < 4.9, but also if -O3 is enabled, or if optimizing for size. And then various kernel config options disabled it, because they know that they trigger that warning by confusing gcc sufficiently (ie PROFILE_ALL_BRANCHES). And now gcc-10 seems to be introducing a lot of those warnings too, so it falls under the same heading as 4.9 did. At the same time, we have a very straightforward way to _enable_ that warning when wanted: use "W=2" to enable more warnings. So stop playing these ad-hoc games, and just disable that warning by default, with the known and straight-forward "if you want to work on the extra compiler warnings, use W=123". Would it be great to have code that is always so obvious that it never confuses the compiler whether a variable is used initialized or not? Yes, it would. In a perfect world, the compilers would be smarter, and our source code would be simpler. That's currently not the world we live in, though. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Christian Brauner
|
e1b2b93243 |
fork: prevent accidental access to clone3 features
[ Upstream commit 3f2c788a13143620c5471ac96ac4f033fc9ac3f3 ]
Jan reported an issue where an interaction between sign-extending clone's
flag argument on ppc64le and the new CLONE_INTO_CGROUP feature causes
clone() to consistently fail with EBADF.
The whole story is a little longer. The legacy clone() syscall is odd in a
bunch of ways and here two things interact. First, legacy clone's flag
argument is word-size dependent, i.e. it's an unsigned long whereas most
system calls with flag arguments use int or unsigned int. Second, legacy
clone() ignores unknown and deprecated flags. The two of them taken
together means that users on 64bit systems can pass garbage for the upper
32bit of the clone() syscall since forever and things would just work fine.
Just try this on a 64bit kernel prior to v5.7-rc1 where this will succeed
and on v5.7-rc1 where this will fail with EBADF:
int main(int argc, char *argv[])
{
pid_t pid;
/* Note that legacy clone() has different argument ordering on
* different architectures so this won't work everywhere.
*
* Only set the upper 32 bits.
*/
pid = syscall(__NR_clone, 0xffffffff00000000 | SIGCHLD,
NULL, NULL, NULL, NULL);
if (pid < 0)
exit(EXIT_FAILURE);
if (pid == 0)
exit(EXIT_SUCCESS);
if (wait(NULL) != pid)
exit(EXIT_FAILURE);
exit(EXIT_SUCCESS);
}
Since legacy clone() couldn't be extended this was not a problem so far and
nobody really noticed or cared since nothing in the kernel ever bothered to
look at the upper 32 bits.
But once we introduced clone3() and expanded the flag argument in struct
clone_args to 64 bit we opened this can of worms. With the first flag-based
extension to clone3() making use of the upper 32 bits of the flag argument
we've effectively made it possible for the legacy clone() syscall to reach
clone3() only flags. The sign extension scenario is just the odd
corner-case that we needed to figure this out.
The reason we just realized this now and not already when we introduced
CLONE_CLEAR_SIGHAND was that CLONE_INTO_CGROUP assumes that a valid cgroup
file descriptor has been given. So the sign extension (or the user
accidently passing garbage for the upper 32 bits) caused the
CLONE_INTO_CGROUP bit to be raised and the kernel to error out when it
didn't find a valid cgroup file descriptor.
Let's fix this by always capping the upper 32 bits for all codepaths that
are not aware of clone3() features. This ensures that we can't reach
clone3() only features by accident via legacy clone as with the sign
extension case and also that legacy clone() works exactly like before, i.e.
ignoring any unknown flags. This solution risks no regressions and is also
pretty clean.
Fixes:
|
||
Wei Yongjun
|
5d47b3d6b4 |
bpf: Fix error return code in map_lookup_and_delete_elem()
[ Upstream commit 7f645462ca01d01abb94d75e6768c8b3ed3a188b ]
Fix to return negative error code -EFAULT from the copy_to_user() error
handling case instead of 0, as done elsewhere in this function.
Fixes:
|