- Linux-stable-mirror - lists.linaro.org

[PATCH] ptrace: reintroduce usage of subjective credentials in ptrace_has_cap()

by Christian Brauner

Commit 69f594a38967 ("ptrace: do not audit capability check when outputing /proc/pid/stat") introduced the ability to opt out of audit messages for accesses to various proc files since they are not violations of policy. While doing so it somehow switched the check from ns_capable() to has_ns_capability{_noaudit}(). That means it switched from checking the subjective credentials of the task to using the objective credentials. I couldn't find the original lkml thread and so I don't know why this switch was done. But it seems wrong since ptrace_has_cap() is currently only used in ptrace_may_access(). And it's used to check whether the calling task (subject) has the CAP_SYS_PTRACE capability in the provided user namespace to operate on the target task (object). According to the cred.h comments this would mean the subjective credentials of the calling task need to be used. This switches it to use security_capable() because we only call ptrace_has_cap() in ptrace_may_access() and in there we already have a stable reference to the calling tasks creds under cred_guard_mutex so there's no need to go through another series of dereferences and rcu locking done in ns_capable{_noaudit}(). Cc: Serge Hallyn <shallyn(a)cisco.com> Cc: Jann Horn <jannh(a)google.com> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Eric Paris <eparis(a)redhat.com> Cc: stable(a)vger.kernel.org Fixes: 69f594a38967 ("ptrace: do not audit capability check when outputing /proc/pid/stat") Signed-off-by: Christian Brauner <christian.brauner(a)ubuntu.com> --- kernel/ptrace.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/kernel/ptrace.c b/kernel/ptrace.c index cb9ddcc08119..b2fe800cae9a 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c @@ -264,12 +264,14 @@ static int ptrace_check_attach(struct task_struct *child, bool ignore_state) return ret; } -static int ptrace_has_cap(struct user_namespace *ns, unsigned int mode) +static int ptrace_has_cap(const struct cred *cred, struct user_namespace *ns, + unsigned int mode) { if (mode & PTRACE_MODE_NOAUDIT) - return has_ns_capability_noaudit(current, ns, CAP_SYS_PTRACE); + return security_capable(cred, ns, CAP_SYS_PTRACE, CAP_OPT_NONE); else - return has_ns_capability(current, ns, CAP_SYS_PTRACE); + return security_capable(cred, ns, CAP_SYS_PTRACE, + CAP_OPT_NOAUDIT); } /* Returns 0 on success, -errno on denial. */ @@ -321,7 +323,7 @@ static int __ptrace_may_access(struct task_struct *task, unsigned int mode) gid_eq(caller_gid, tcred->sgid) && gid_eq(caller_gid, tcred->gid)) goto ok; - if (ptrace_has_cap(tcred->user_ns, mode)) + if (ptrace_has_cap(cred, tcred->user_ns, mode)) goto ok; rcu_read_unlock(); return -EPERM; @@ -340,7 +342,7 @@ static int __ptrace_may_access(struct task_struct *task, unsigned int mode) mm = task->mm; if (mm && ((get_dumpable(mm) != SUID_DUMP_USER) && - !ptrace_has_cap(mm->user_ns, mode))) + !ptrace_has_cap(cred, mm->user_ns, mode))) return -EPERM; return security_ptrace_access_check(task, mode); base-commit: b3a987b0264d3ddbb24293ebff10eddfc472f653 -- 2.25.0

5 years, 11 months

4
8
0 0

[v3] x86/tsc: Unset TSC_KNOWN_FREQ and TSC_RELIABLE flags on Intel Bay Trail SoC

by Vipul Kumar

From: Vipul Kumar <vipul_kumar(a)mentor.com> commit f3a02ecebed7 ("x86/tsc: Set TSC_KNOWN_FREQ and TSC_RELIABLE flags on Intel Atom SoCs"), is setting TSC_KNOWN_FREQ and TSC_RELIABLE flags for Soc's which is causing time drift on Valleyview/Bay trail Soc. This patch introduces a new macro to skip these flags. Signed-off-by: Vipul Kumar <vipul_kumar(a)mentor.com> Cc: stable(a)vger.kernel.org --- Changes in V2: - Added linux-stable along with kernel version in CC Changes in V3: - Intead of cpuid-level, used macro to skip the flags Tested-on: SIEMENS-IPC227E board --- arch/x86/Kconfig | 10 ++++++++++ arch/x86/kernel/tsc_msr.c | 4 ++++ 2 files changed, 14 insertions(+) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 5e89499..f6c175d 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1155,6 +1155,16 @@ config X86_THERMAL_VECTOR def_bool y depends on X86_MCE_INTEL +config X86_FEATURE_TSC_UNKNOWN_FREQ + bool "Support to skip tsc known frequency flag" + help + Include support to skip X86_FEATURE_TSC_KNOWN_FREQ flag + + X86_FEATURE_TSC_KNOWN_FREQ flag is causing time-drift on Valleyview/ + Baytrail SoC. + By selecting this option, user can skip X86_FEATURE_TSC_KNOWN_FREQ + flag to use refine tsc freq calibration. + source "arch/x86/events/Kconfig" config X86_LEGACY_VM86 diff --git a/arch/x86/kernel/tsc_msr.c b/arch/x86/kernel/tsc_msr.c index e0cbe4f..60c3a4a 100644 --- a/arch/x86/kernel/tsc_msr.c +++ b/arch/x86/kernel/tsc_msr.c @@ -112,6 +112,10 @@ unsigned long cpu_khz_from_msr(void) lapic_timer_period = (freq * 1000) / HZ; #endif +#ifdef CONFIG_X86_FEATURE_TSC_UNKNOWN_FREQ + return res; +#endif + /* * TSC frequency determined by MSR is always considered "known" * because it is reported by HW. -- 1.9.1

5 years, 11 months

3
2
0 0

[PATCH v2] arm64: kbuild: remove compressed images on 'make ARCH=arm64 (dist)clean'

by Eugeniu Rosca

From: Dirk Behme <dirk.behme(a)de.bosch.com> Since v4.3-rc1 commit 0723c05fb75e44 ("arm64: enable more compressed Image formats"), it is possible to build Image.{bz2,lz4,lzma,lzo} AArch64 images. However, the commit missed adding support for removing those images on 'make ARCH=arm64 (dist)clean'. Fix this by adding them to the target list. Make sure to match the order of the recipes in the makefile. Cc: stable(a)vger.kernel.org # v4.3+ Fixes: 0723c05fb75e44 ("arm64: enable more compressed Image formats") Signed-off-by: Dirk Behme <dirk.behme(a)de.bosch.com> Signed-off-by: Eugeniu Rosca <erosca(a)de.adit-jv.com> Reviewed-by: Masahiro Yamada <yamada.masahiro(a)socionext.com> --- v2: - Added 'Fixes:', 'Cc: stable' and 'Reviewed-by' tags --- arch/arm64/boot/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/boot/Makefile b/arch/arm64/boot/Makefile index 1f012c506434..cd3414898d10 100644 --- a/arch/arm64/boot/Makefile +++ b/arch/arm64/boot/Makefile @@ -16,7 +16,7 @@ OBJCOPYFLAGS_Image :=-O binary -R .note -R .note.gnu.build-id -R .comment -S -targets := Image Image.gz +targets := Image Image.bz2 Image.gz Image.lz4 Image.lzma Image.lzo $(obj)/Image: vmlinux FORCE $(call if_changed,objcopy) -- 2.25.0

5 years, 11 months

2
1
0 0

[PATCH] drm/amdgpu: allow direct upload save restore list for raven2

by Alex Deucher

From: changzhu <Changfeng.Zhu(a)amd.com> It will cause modprobe atombios stuck problem in raven2 if it doesn't allow direct upload save restore list from gfx driver. So it needs to allow direct upload save restore list for raven2 temporarily. Bug: https://gitlab.freedesktop.org/drm/amd/issues/1013 Signed-off-by: changzhu <Changfeng.Zhu(a)amd.com> Reviewed-by: Huang Rui <ray.huang(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit eebc7f4d7ffa09f2a620bd1e2c67ddd579118af9) Cc: <stable(a)vger.kernel.org> # 5.4.x --- drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c b/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c index ab4a0d8545dc..0125ea7c4103 100644 --- a/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c +++ b/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c @@ -2923,7 +2923,9 @@ static void gfx_v9_0_init_pg(struct amdgpu_device *adev) * And it's needed by gfxoff feature. */ if (adev->gfx.rlc.is_rlc_v2_1) { - if (adev->asic_type == CHIP_VEGA12) + if (adev->asic_type == CHIP_VEGA12 || + (adev->asic_type == CHIP_RAVEN && + adev->rev_id >= 8)) gfx_v9_1_init_rlc_save_restore_list(adev); gfx_v9_0_enable_save_restore_machine(adev); } -- 2.24.1

5 years, 11 months

2
1
0 0

Linux 5.4.13

by Greg KH

I'm announcing the release of the 5.4.13 kernel. All users of the 5.4 kernel series must upgrade. The updated 5.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/stable/sysfs-driver-mlxreg-io | 13 Documentation/ABI/testing/sysfs-bus-mei | 2 Documentation/admin-guide/device-mapper/index.rst | 1 Documentation/devicetree/bindings/reset/brcm,brcmstb-reset.txt | 2 Documentation/devicetree/bindings/sound/mt8183-mt6358-ts3a227-max98357.txt | 4 Documentation/networking/j1939.rst | 2 Documentation/scsi/smartpqi.txt | 2 MAINTAINERS | 1 Makefile | 2 arch/arm/kernel/smp.c | 4 arch/arm/kernel/topology.c | 10 arch/arm64/boot/dts/qcom/apq8096-db820c.dtsi | 2 arch/arm64/crypto/aes-neonbs-glue.c | 2 arch/hexagon/include/asm/atomic.h | 8 arch/hexagon/include/asm/bitops.h | 8 arch/hexagon/include/asm/cmpxchg.h | 2 arch/hexagon/include/asm/futex.h | 6 arch/hexagon/include/asm/spinlock.h | 20 arch/hexagon/kernel/stacktrace.c | 4 arch/hexagon/kernel/vm_entry.S | 2 arch/mips/boot/compressed/Makefile | 3 arch/mips/include/asm/vdso/gettimeofday.h | 13 arch/mips/kernel/cacheinfo.c | 27 arch/mips/pci/pci-xtalk-bridge.c | 5 arch/mips/sgi-ip27/ip27-irq.c | 4 arch/mips/vdso/vgettimeofday.c | 20 arch/nds32/include/asm/cacheflush.h | 11 arch/powerpc/platforms/powernv/pci.c | 17 arch/riscv/mm/cacheflush.c | 1 arch/x86/entry/syscall_32.c | 8 arch/x86/entry/syscall_64.c | 14 arch/x86/entry/syscalls/syscall_32.tbl | 8 arch/x86/ia32/ia32_signal.c | 5 arch/x86/include/asm/syscall_wrapper.h | 53 + block/bio.c | 12 crypto/algif_skcipher.c | 2 drivers/clk/clk.c | 1 drivers/clk/imx/clk-pll14xx.c | 40 drivers/clk/meson/axg-audio.c | 2 drivers/clk/samsung/clk-exynos5420.c | 2 drivers/crypto/cavium/nitrox/nitrox_main.c | 9 drivers/crypto/geode-aes.c | 440 +++------- drivers/crypto/geode-aes.h | 15 drivers/crypto/hisilicon/Kconfig | 1 drivers/crypto/virtio/virtio_crypto_algs.c | 9 drivers/devfreq/Kconfig | 1 drivers/dma/dw/platform.c | 2 drivers/dma/ioat/dma.c | 3 drivers/dma/k3dma.c | 12 drivers/gpio/gpio-mpc8xxx.c | 1 drivers/gpio/gpio-zynq.c | 8 drivers/gpio/gpiolib.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.h | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 61 + drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c | 85 - drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 99 -- drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c | 15 drivers/gpu/drm/amd/include/discovery.h | 1 drivers/gpu/drm/arm/malidp_mw.c | 2 drivers/gpu/drm/tegra/drm.c | 14 drivers/gpu/drm/virtio/virtgpu_ioctl.c | 28 drivers/hid/hidraw.c | 7 drivers/hid/uhid.c | 5 drivers/i2c/busses/i2c-bcm2835.c | 17 drivers/iio/imu/adis16480.c | 6 drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_core.c | 7 drivers/infiniband/core/counters.c | 12 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 4 drivers/infiniband/hw/bnxt_re/qplib_fp.c | 12 drivers/infiniband/hw/hfi1/iowait.c | 4 drivers/infiniband/hw/hns/Kconfig | 17 drivers/infiniband/hw/hns/Makefile | 8 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 18 drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 4 drivers/infiniband/hw/hns/hns_roce_qp.c | 10 drivers/infiniband/hw/hns/hns_roce_restrack.c | 2 drivers/infiniband/hw/mlx5/mr.c | 2 drivers/infiniband/sw/siw/siw_cm.c | 9 drivers/infiniband/ulp/srpt/ib_srpt.c | 24 drivers/iommu/intel-iommu.c | 13 drivers/iommu/iommu.c | 1 drivers/iommu/mtk_iommu.c | 25 drivers/iommu/mtk_iommu.h | 1 drivers/media/i2c/ov6650.c | 79 + drivers/media/platform/aspeed-video.c | 3 drivers/media/platform/cadence/cdns-csi2rx.c | 2 drivers/media/platform/coda/coda-common.c | 4 drivers/media/platform/exynos4-is/fimc-isp-video.c | 2 drivers/media/platform/rcar-vin/rcar-v4l2.c | 3 drivers/memory/mtk-smi.c | 4 drivers/misc/enclosure.c | 3 drivers/mtd/nand/onenand/omap2.c | 3 drivers/mtd/nand/raw/stm32_fmc2_nand.c | 38 drivers/mtd/spi-nor/spi-nor.c | 4 drivers/net/wireless/ath/ath9k/ath9k_pci_owl_loader.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/fw.c | 20 drivers/net/wireless/intel/iwlwifi/mvm/rs-fw.c | 8 drivers/net/wireless/intel/iwlwifi/mvm/tx.c | 7 drivers/net/wireless/realtek/rtlwifi/regd.c | 2 drivers/net/wireless/rsi/rsi_91x_usb.c | 2 drivers/pci/controller/dwc/pci-meson.c | 6 drivers/pci/controller/dwc/pcie-designware-host.c | 11 drivers/pci/controller/pci-aardvark.c | 42 drivers/pci/hotplug/pciehp_core.c | 25 drivers/pci/pci-driver.c | 3 drivers/pci/pcie/ptm.c | 2 drivers/pci/probe.c | 1 drivers/phy/motorola/phy-mapphone-mdm6600.c | 11 drivers/pinctrl/cirrus/Kconfig | 1 drivers/pinctrl/intel/pinctrl-lewisburg.c | 171 +-- drivers/pinctrl/meson/pinctrl-meson.c | 1 drivers/pinctrl/sh-pfc/core.c | 16 drivers/pinctrl/sh-pfc/sh_pfc.h | 4 drivers/pinctrl/ti/pinctrl-ti-iodelay.c | 2 drivers/platform/mellanox/mlxbf-tmfifo.c | 19 drivers/platform/mips/cpu_hwmon.c | 2 drivers/platform/x86/asus-wmi.c | 8 drivers/platform/x86/gpd-pocket-fan.c | 25 drivers/reset/reset-brcmstb.c | 6 drivers/rtc/rtc-bd70528.c | 1 drivers/rtc/rtc-brcmstb-waketimer.c | 1 drivers/rtc/rtc-msm6242.c | 3 drivers/rtc/rtc-mt6397.c | 47 - drivers/s390/net/qeth_core_main.c | 29 drivers/s390/net/qeth_l2_main.c | 10 drivers/s390/net/qeth_l3_main.c | 2 drivers/s390/net/qeth_l3_sys.c | 40 drivers/scsi/cxgbi/libcxgbi.c | 3 drivers/scsi/mpt3sas/mpt3sas_base.c | 1 drivers/scsi/sd.c | 18 drivers/scsi/ufs/ufs_bsg.c | 2 drivers/spi/spi-atmel.c | 10 drivers/spi/spi-fsl-lpspi.c | 2 drivers/spi/spi-pxa2xx.c | 7 drivers/spi/spi-rspi.c | 8 drivers/spi/spi-sprd.c | 2 drivers/staging/media/hantro/hantro_g1_h264_dec.c | 2 drivers/staging/media/hantro/hantro_h264.c | 73 - drivers/staging/media/ipu3/include/intel-ipu3.h | 2 drivers/staging/media/sunxi/cedrus/cedrus_h264.c | 4 drivers/target/target_core_iblock.c | 4 drivers/tty/serial/imx.c | 2 drivers/tty/serial/pch_uart.c | 5 fs/affs/super.c | 6 fs/afs/dir.c | 18 fs/afs/super.c | 1 fs/btrfs/file.c | 5 fs/buffer.c | 8 fs/cifs/smb2file.c | 2 fs/f2fs/data.c | 2 fs/f2fs/file.c | 2 fs/gfs2/file.c | 30 fs/internal.h | 2 fs/mpage.c | 2 fs/nfs/nfs2xdr.c | 2 fs/nfs/nfs4proc.c | 38 fs/nfsd/Kconfig | 2 fs/nfsd/nfs4proc.c | 3 fs/nfsd/nfs4recover.c | 12 fs/ocfs2/journal.c | 8 fs/ubifs/journal.c | 2 fs/ubifs/orphan.c | 17 fs/ubifs/super.c | 4 include/asm-generic/cacheflush.h | 33 include/crypto/internal/skcipher.h | 30 include/crypto/skcipher.h | 30 include/linux/uaccess.h | 12 include/sound/simple_card_utils.h | 1 include/trace/events/afs.h | 12 include/trace/events/rpcrdma.h | 25 include/uapi/rdma/nes-abi.h | 115 -- kernel/bpf/cgroup.c | 11 kernel/cred.c | 4 kernel/trace/bpf_trace.c | 6 mm/maccess.c | 45 - net/core/skmsg.c | 13 net/hsr/hsr_debugfs.c | 36 net/hsr/hsr_device.c | 2 net/hsr/hsr_main.c | 5 net/hsr/hsr_main.h | 10 net/hsr/hsr_netlink.c | 1 net/netfilter/nf_tables_offload.c | 26 net/netfilter/nft_flow_offload.c | 3 net/netfilter/nft_meta.c | 10 net/rxrpc/ar-internal.h | 10 net/rxrpc/call_accept.c | 60 - net/rxrpc/conn_event.c | 16 net/rxrpc/conn_service.c | 4 net/rxrpc/input.c | 18 net/rxrpc/rxkad.c | 5 net/rxrpc/security.c | 70 - net/sched/sch_cake.c | 1 net/socket.c | 1 net/sunrpc/xprtrdma/frwr_ops.c | 4 net/sunrpc/xprtrdma/rpc_rdma.c | 1 net/sunrpc/xprtrdma/transport.c | 3 net/sunrpc/xprtrdma/verbs.c | 103 +- net/sunrpc/xprtrdma/xprt_rdma.h | 3 net/unix/af_unix.c | 19 scripts/link-vmlinux.sh | 7 scripts/package/mkdebian | 2 security/tomoyo/common.c | 9 security/tomoyo/domain.c | 15 security/tomoyo/group.c | 9 security/tomoyo/util.c | 6 sound/soc/fsl/fsl_esai.c | 12 sound/soc/intel/Kconfig | 3 sound/soc/sh/rcar/core.c | 20 sound/soc/soc-core.c | 2 sound/soc/soc-pcm.c | 2 sound/soc/sof/imx/imx8.c | 5 sound/soc/sof/intel/Kconfig | 10 sound/soc/stm/stm32_spdifrx.c | 40 tools/lib/bpf/Makefile | 2 tools/pci/pcitest.c | 1 tools/perf/pmu-events/arch/s390/cf_z14/extended.json | 2 tools/testing/selftests/firmware/fw_lib.sh | 6 tools/testing/selftests/net/forwarding/loopback.sh | 8 tools/testing/selftests/rseq/settings | 1 222 files changed, 1848 insertions(+), 1422 deletions(-) Alexander Usyskin (1): mei: fix modalias documentation Alexander.Barabash(a)dell.com (1): ioat: ioat_alloc_ring() failure handling. Alexandra Winter (3): s390/qeth: fix false reporting of VNIC CHAR config failure s390/qeth: Fix vnicc_is_in_use if rx_bcast not set s390/qeth: vnicc Fix init to default Alexandru Ardelean (1): iio: imu: adis16480: assign bias value only if operation succeeded Andrii Nakryiko (1): libbpf: Fix Makefile' libbpf symbol mismatch diagnostic Andy Lutomirski (1): syscalls/x86: Wire up COMPAT_SYSCALL_DEFINE0 Andy Shevchenko (3): MAINTAINERS: Append missed file to the database dmaengine: dw: platform: Mark 'hclk' clock optional pinctrl: lewisburg: Update pin list according to v1.1v6 Ard Biesheuvel (2): crypto: virtio - implement missing support for output IVs kbuild/deb-pkg: annotate libelf-dev dependency as :native Arnd Bergmann (8): pinctrl: lochnagar: select GPIOLIB PM / devfreq: tegra: Add COMMON_CLK dependency netfilter: nft_meta: use 64-bit time arithmetic RDMA/hns: Fix build error again scsi: sd: enable compat ioctls for sed-opal gfs2: add compat_ioctl support af_unix: add compat_ioctl support compat_ioctl: handle SIOCOUTQNSD Bart Van Assche (2): RDMA/siw: Fix port number endianness in a debug message RDMA/srpt: Report the SCSI residual to the initiator Ben Dooks (Codethink) (2): ubifs: Fixed missed le64_to_cpu() in journal drm/arm/mali: make malidp_mw_connector_helper_funcs static Bjorn Helgaas (2): PCI/PM: Clear PCIe PME Status even for legacy power management PCI/PTM: Remove spurious "d" from granularity message Boris Brezillon (1): media: hantro: h264: Fix the frame_num wraparound case Can Guo (1): scsi: ufs: Give an unique ID to each ufs-bsg Chao Yu (1): f2fs: fix potential overflow Christian König (1): drm/amdgpu: cleanup creating BOs at fixed location (v2) Christian Lamparter (1): ath9k: use iowrite32 over __raw_writel Christophe JAILLET (1): media: v4l: cadence: Fix how unsued lanes are handled in 'csi2rx_start()' Christophe Kerello (1): mtd: rawnand: stm32_fmc2: avoid to lock the CPU bus Chuck Lever (7): xprtrdma: Add unique trace points for posting Local Invalidate WRs xprtrdma: Connection becomes unstable after a reconnect xprtrdma: Fix MR list handling xprtrdma: Close window between waking RPC senders and posting Receives xprtrdma: Fix create_qp crash on device unload xprtrdma: Fix completion wait during device removal xprtrdma: Fix oops in Receive handler after device removal Chuhong Yuan (1): rtc: brcmstb-waketimer: add missed clk_disable_unprepare Colin Ian King (2): ASoC: SOF: imx8: fix memory allocation failure check on priv->pd_dev pinctl: ti: iodelay: fix error checking on pinctrl_count_index_with_args call Dan Carpenter (1): scsi: mpt3sas: Fix double free in attach error handling Daniel Baluta (3): ASoC: soc-core: Set dpcm_playback / dpcm_capture ASoC: SOF: imx8: Fix dsp_box offset ASoC: simple_card_utils.h: Add missing include Daniel Borkmann (2): uaccess: Add non-pagefault user-space write function bpf: Make use of probe_user_write in probe write helper Daniel Vetter (1): spi: pxa2xx: Set controller->max_transfer_size in dma mode David Howells (7): afs: Fix missing cell comparison in afs_test_super() afs: Fix use-after-loss-of-ref afs: Fix afs_lookup() to not clobber the version on a new dentry keys: Fix request_key() cache rxrpc: Unlock new call in rxrpc_new_incoming_call() rather than the caller rxrpc: Don't take call->user_mutex in rxrpc_new_incoming_call() rxrpc: Fix missing security check on incoming calls Denis Efremov (1): rsi: fix potential null dereference in rsi_probe() Diego Calleja (1): dm: add dm-clone to the documentation index Dietmar Eggemann (1): ARM: 8943/1: Fix topology setup in case of CPU hotplug for CONFIG_SCHED_MC Ed Maste (1): perf vendor events s390: Remove name from L1D_RO_EXCL_WRITES description Eric Biggers (1): crypto: geode-aes - convert to skcipher API and make thread-safe Florian Fainelli (2): dt-bindings: reset: Fix brcmstb-reset example reset: brcmstb: Remove resource checks Geert Uytterhoeven (3): gpio: Fix error message on out-of-range GPIO in lookup table pinctrl: sh-pfc: Do not use platform_get_irq() to count interrupts spi: rspi: Use platform_get_irq_byname_optional() for optional irqs Goldwyn Rodrigues (1): btrfs: simplify inode locking for RWF_NOWAIT Greg Kroah-Hartman (2): Revert "drm/virtio: switch virtio_gpu_wait_ioctl() to gem helper." Linux 5.4.13 Hangbin Liu (1): selftests: loopback.sh: skip this test if the driver does not support Hans de Goede (1): platform/x86: GPD pocket fan: Use default values when wrong modparams are given Herbert Xu (1): crypto: algif_skcipher - Use chunksize instead of blocksize Hewenliang (1): tools: PCI: Fix fd leakage Huanpeng Xin (1): spi: sprd: Fix the incorrect SPI register Israel Rukshin (1): scsi: target/iblock: Fix protection error with blocks greater than 512B James Bottomley (1): scsi: enclosure: Fix stale device oops with hot replug Janusz Krzysztofik (4): media: ov6650: Fix incorrect use of JPEG colorspace media: ov6650: Fix some format attributes not under control media: ov6650: Fix .get_fmt() V4L2_SUBDEV_FORMAT_TRY support media: ov6650: Fix default format not applied on device probe Jason Gunthorpe (2): RDMA/hns: Prevent undefined behavior in hns_roce_set_user_sq_size() rdma: Remove nes ABI header Jerome Brunet (1): clk: meson: axg-audio: fix regmap last register Jian-Hong Pan (1): platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0 Jiri Kosina (1): HID: hidraw, uhid: Always report EPOLLOUT John Fastabend (1): bpf: skmsg, fix potential psock NULL pointer dereference John Stultz (1): dmaengine: k3dma: Avoid null pointer traversal Johnson CH Chen (陳昭勳) (1): gpio: mpc8xxx: Add platform device to gpiochip->parent Jon Derrick (2): iommu/vt-d: Unlink device if failed to add to group iommu: Remove device link to group on failure Jonas Karlman (3): media: cedrus: Use correct H264 8x8 scaling list media: hantro: Do not reorder H264 scaling list media: hantro: Set H264 FIELDPIC_FLAG_E flag correctly Jouni Hogander (1): MIPS: Prevent link failure with kcov instrumentation Julian Wiedmann (3): s390/qeth: fix qdio teardown after early init error s390/qeth: fix initialization on old HW s390/qeth: lock the card while changing its hsuid Kai Li (1): ocfs2: call journal flush to mark journal as empty after journal recovery when mount Kaike Wan (1): IB/hfi1: Don't cancel unused work item Kars de Jong (1): rtc: msm6242: Fix reading of 10-hour digit Keiya Nobuta (1): pinctrl: sh-pfc: Fix PINMUX_IPSR_PHYS() to set GPSR Kishon Vijay Abraham I (1): clk: Fix memory leak in clk_unregister() Lang Cheng (1): RDMA/hns: Modify return value of restrack functions Leon Romanovsky (1): RDMA/mlx5: Return proper error value Leonard Crestez (1): clk: imx: pll14xx: Fix quick switch of S/K parameter Lijun Ou (1): RDMA/hns: Fix to support 64K page for srq Liming Sun (1): platform/mellanox: fix potential deadlock in the tmfifo driver Loic Poulain (1): arm64: dts: apq8096-db820c: Increase load on l21 for SDCARD Lorenzo Bianconi (1): iio: imu: st_lsm6dsx: fix gyro gain definitions for LSM9DS1 Luca Coelho (1): iwlwifi: mvm: fix support for single antenna diversity Mans Rullgard (1): spi: atmel: fix handling of cs_change set on non-last xfer Marc Kleine-Budde (1): can: j1939: fix address claim code example Marian Mihailescu (1): clk: samsung: exynos5420: Preserve CPU clocks configuration during suspend/resume Mark Zhang (1): RDMA/counter: Prevent QP counter manual binding in auto mode Mathieu Desnoyers (1): rseq/selftests: Turn off timeout setting Matti Vaittinen (1): rtc: bd70528: Add MODULE ALIAS to autoload module Mika Westerberg (1): PCI: pciehp: Do not disable interrupt twice on suspend Mike Rapoport (1): asm-generic/nds32: don't redefine cacheflush primitives Ming Lei (1): fs: move guard_bio_eod() after bio_set_op_attrs Mordechay Goodstein (1): iwlwifi: mvm: consider ieee80211 station max amsdu value Nathan Chancellor (2): cifs: Adjust indentation in smb2_open_file rtlwifi: Remove unnecessary NULL check in rtl_regd_init Navid Emamdoost (3): affs: fix a memory leak in affs_remount media: aspeed-video: Fix memory leaks in aspeed_video_probe spi: lpspi: fix memory leak in fsl_lpspi_probe Neil Armstrong (1): PCI: amlogic: Fix probed clock names Nick Desaulniers (2): hexagon: parenthesize registers in asm predicates hexagon: work around compiler crash Niklas Cassel (1): PCI: dwc: Fix find_next_bit() usage Niklas Söderlund (1): media: rcar-vin: Fix incorrect return statement in rvin_try_format() Nilkanth Ahirrao (1): ASoC: rsnd: fix DALIGN register for SSIU Olga Kornievskaia (1): NFSD fixing possible null pointer derefering in copy offload Oliver O'Halloran (1): powerpc/powernv: Disable native PCIe port management Olivier Moysan (3): ASoC: stm32: spdifrx: fix inconsistent lock state ASoC: stm32: spdifrx: fix race condition in irq handler ASoC: stm32: spdifrx: fix input pin state management Olof Johansson (1): riscv: export flush_icache_all to modules Pablo Neira Ayuso (1): netfilter: nf_tables_offload: release flow_rule on error from commit path Paul Menzel (1): scsi: smartpqi: Update attribute name to `driver_version` Peng Fan (2): tty: serial: imx: use the sg count from dma_map_sg tty: serial: pch_uart: correct usage of dma_unmap_sg Peter Ujfalusi (1): mtd: onenand: omap2: Pass correct flags for prep_dma_memcpy Phani Kiran Hemadri (1): crypto: cavium/nitrox - fix firmware assignment to AE cores Philipp Zabel (1): media: coda: fix deadlock between decoder picture run and start command Pierre-Louis Bossart (1): ASoC: SOF: Intel: Broadwell: clarify mutual exclusion with legacy driver Qianggui Song (1): pinctrl: meson: Fix wrong shift value when get drive-strength Ran Bi (1): rtc: mt6397: fix alarm register overwrite Remi Pommarel (2): PCI: aardvark: Use LTSSM state to build link training flag PCI: aardvark: Fix PCI_EXP_RTCTL register configuration Richard Weinberger (1): Revert "ubifs: Fix memory leak bug in alloc_ubifs_info() error path" Rob Herring (1): PCI: Fix missing bridge dma_ranges resource list cleanup Roman Gushchin (1): bpf: cgroup: prevent out-of-order release of cgroup bpf Sakari Ailus (1): media: intel-ipu3: Align struct ipu3_uapi_awb_fr_config_s to 32 bytes Sami Tolvanen (3): syscalls/x86: Use COMPAT_SYSCALL_DEFINE0 for IA32 (rt_)sigreturn syscalls/x86: Use the correct function type for sys_ni_syscall syscalls/x86: Fix function types in COND_SYSCALL Scott Mayhew (2): nfsd: Fix cld_net->cn_tfm initialization nfsd: v4 support requires CRYPTO_SHA256 Selvin Xavier (2): RDMA/bnxt_re: Avoid freeing MR resources if dereg fails RDMA/bnxt_re: Fix Send Work Entry state check while polling completions Sergei Shtylyov (2): mtd: spi-nor: fix silent truncation in spi_nor_read() mtd: spi-nor: fix silent truncation in spi_nor_read_raw() Seung-Woo Kim (1): media: exynos4-is: Fix recursive locking in isp_video_release() Shengjiu Wang (1): ASoC: fsl_esai: Add spin lock to protect reset, stop and start Shuah Khan (1): selftests: firmware: Fix it to do root uid check and skip Stanislav Fomichev (1): bpf: Support pre-2.25-binutils objcopy for vmlinux BTF Stefan Wahren (1): i2c: bcm2835: Store pointer to bus clock Swapna Manupati (1): gpio: zynq: Fix for bug in zynq_gpio_restore_context API Taehee Yoo (4): hsr: add hsr root debugfs directory hsr: rename debugfs file when interface name is changed hsr: reset network header when supervision frame is created hsr: fix slab-out-of-bounds Read in hsr_debugfs_rename() Takashi Iwai (1): ASoC: core: Fix compile warning with CONFIG_DEBUG_FS=n Tetsuo Handa (1): tomoyo: Suppress RCU warning at list_for_each_entry_rcu(). Thierry Reding (1): drm/tegra: Fix ordering of cleanup code Thomas Bogendoerfer (2): MIPS: PCI: remember nasid changed by set interrupt affinity MIPS: SGI-IP27: Fix crash, when CPUs are disabled via nr_cpus parameter Tiezhu Yang (1): MIPS: Loongson: Fix return value of loongson_hwmon_init Tony Lindgren (1): phy: mapphone-mdm6600: Fix uninitialized status value regression Trond Myklebust (3): NFSv2: Fix a typo in encode_sattr() NFSv4.x: Handle bad/dead sessions correctly in nfs41_sequence_process() NFSv4.x: Drop the slot if nfs4_delegreturn_prepare waits for layoutreturn Tzung-Bi Shih (1): ASoC: dt-bindings: mt8183: add missing update Vadim Pasternak (2): Documentation/ABI: Fix documentation inconsistency for mlxreg-io sysfs interfaces Documentation/ABI: Add missed attribute for mlxreg-io sysfs interfaces Varun Prakash (1): scsi: libcxgbi: fix NULL pointer dereference in cxgbi_device_destroy() Victorien Molle (1): sch_cake: Add missing NLA policy entry TCA_CAKE_SPLIT_GSO Vincenzo Frascino (1): mips: Fix gettimeofday() in the vdso library Vladimir Kondratiev (1): mips: cacheinfo: report shared CPU map Weihang Li (1): RDMA/hns: remove a redundant le16_to_cpu Xiang Chen (1): scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI Xiaojie Yuan (1): drm/amdgpu/discovery: reserve discovery data at the top of VRAM Yangyang Li (2): RDMA/hns: Release qp resources when failed to destroy qp RDMA/hns: Bugfix for qpc/cqc timer configuration Yong Wu (3): iommu/mediatek: Correct the flush_iotlb_all callback iommu/mediatek: Add a new tlb_lock for tlb_flush memory: mtk-smi: Add PM suspend and resume ops Yunfeng Ye (1): crypto: arm64/aes-neonbs - add return value of skcipher_walk_done() in __xts_crypt() Zhihao Cheng (1): ubifs: do_kill_orphans: Fix a memory leak bug Zhou Wang (1): crypto: hisilicon - select NEED_SG_DMA_LENGTH in qm Kconfig changzhu (1): drm/amdgpu: enable gfxoff for raven1 refresh wenxu (1): netfilter: nft_flow_offload: fix underflow in flowtable reference counter

5 years, 11 months

2
3
0 0

[PATCHES] Networking

by David Miller

Please queue up the following networking bug fixes for v4.19 and v5.4 -stable, respectively. Thank you!

5 years, 11 months

2
1
0 0

[for-linus][PATCH 5/5] tracing: Do not set trace clock if tracefs lockdown is in effect

by Steven Rostedt

From: Masami Ichikawa <masami256(a)gmail.com> When trace_clock option is not set and unstable clcok detected, tracing_set_default_clock() sets trace_clock(ThinkPad A285 is one of case). In that case, if lockdown is in effect, null pointer dereference error happens in ring_buffer_set_clock(). Link: http://lkml.kernel.org/r/20200116131236.3866925-1-masami256@gmail.com Cc: stable(a)vger.kernel.org Fixes: 17911ff38aa58 ("tracing: Add locked_down checks to the open calls of files created for tracefs") Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1788488 Signed-off-by: Masami Ichikawa <masami256(a)gmail.com> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- kernel/trace/trace.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index ddb7e7f5fe8d..5b6ee4aadc26 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -9420,6 +9420,11 @@ __init static int tracing_set_default_clock(void) { /* sched_clock_stable() is determined in late_initcall */ if (!trace_boot_clock && !sched_clock_stable()) { + if (security_locked_down(LOCKDOWN_TRACEFS)) { + pr_warn("Can not set tracing clock due to lockdown\n"); + return -EPERM; + } + printk(KERN_WARNING "Unstable clock detected, switching default tracing clock to \"global\"\n" "If you want to keep using the local clock, then add:\n" -- 2.24.1

5 years, 11 months

1
0
0 0

[for-linus][PATCH 4/5] tracing: Fix histogram code when expression has same var as value

by Steven Rostedt

From: "Steven Rostedt (VMware)" <rostedt(a)goodmis.org> While working on a tool to convert SQL syntex into the histogram language of the kernel, I discovered the following bug: # echo 'first u64 start_time u64 end_time pid_t pid u64 delta' >> synthetic_events # echo 'hist:keys=pid:start=common_timestamp' > events/sched/sched_waking/trigger # echo 'hist:keys=next_pid:delta=common_timestamp-$start,start2=$start:onmatch(sched.sched_waking).trace(first,$start2,common_timestamp,next_pid,$delta)' > events/sched/sched_switch/trigger Would not display any histograms in the sched_switch histogram side. But if I were to swap the location of "delta=common_timestamp-$start" with "start2=$start" Such that the last line had: # echo 'hist:keys=next_pid:start2=$start,delta=common_timestamp-$start:onmatch(sched.sched_waking).trace(first,$start2,common_timestamp,next_pid,$delta)' > events/sched/sched_switch/trigger The histogram works as expected. What I found out is that the expressions clear out the value once it is resolved. As the variables are resolved in the order listed, when processing: delta=common_timestamp-$start The $start is cleared. When it gets to "start2=$start", it errors out with "unresolved symbol" (which is silent as this happens at the location of the trace), and the histogram is dropped. When processing the histogram for variable references, instead of adding a new reference for a variable used twice, use the same reference. That way, not only is it more efficient, but the order will no longer matter in processing of the variables. >From Tom Zanussi: "Just to clarify some more about what the problem was is that without your patch, we would have two separate references to the same variable, and during resolve_var_refs(), they'd both want to be resolved separately, so in this case, since the first reference to start wasn't part of an expression, it wouldn't get the read-once flag set, so would be read normally, and then the second reference would do the read-once read and also be read but using read-once. So everything worked and you didn't see a problem: from: start2=$start,delta=common_timestamp-$start In the second case, when you switched them around, the first reference would be resolved by doing the read-once, and following that the second reference would try to resolve and see that the variable had already been read, so failed as unset, which caused it to short-circuit out and not do the trigger action to generate the synthetic event: to: delta=common_timestamp-$start,start2=$start With your patch, we only have the single resolution which happens correctly the one time it's resolved, so this can't happen." Link: https://lore.kernel.org/r/20200116154216.58ca08eb@gandalf.local.home Cc: stable(a)vger.kernel.org Fixes: 067fe038e70f6 ("tracing: Add variable reference handling to hist triggers") Reviewed-by: Tom Zanuss <zanussi(a)kernel.org> Tested-by: Tom Zanussi <zanussi(a)kernel.org> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- kernel/trace/trace_events_hist.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c index d33b046f985a..6ac35b9e195d 100644 --- a/kernel/trace/trace_events_hist.c +++ b/kernel/trace/trace_events_hist.c @@ -116,6 +116,7 @@ struct hist_field { struct ftrace_event_field *field; unsigned long flags; hist_field_fn_t fn; + unsigned int ref; unsigned int size; unsigned int offset; unsigned int is_signed; @@ -2427,8 +2428,16 @@ static int contains_operator(char *str) return field_op; } +static void get_hist_field(struct hist_field *hist_field) +{ + hist_field->ref++; +} + static void __destroy_hist_field(struct hist_field *hist_field) { + if (--hist_field->ref > 1) + return; + kfree(hist_field->var.name); kfree(hist_field->name); kfree(hist_field->type); @@ -2470,6 +2479,8 @@ static struct hist_field *create_hist_field(struct hist_trigger_data *hist_data, if (!hist_field) return NULL; + hist_field->ref = 1; + hist_field->hist_data = hist_data; if (flags & HIST_FIELD_FL_EXPR || flags & HIST_FIELD_FL_ALIAS) @@ -2665,6 +2676,17 @@ static struct hist_field *create_var_ref(struct hist_trigger_data *hist_data, { unsigned long flags = HIST_FIELD_FL_VAR_REF; struct hist_field *ref_field; + int i; + + /* Check if the variable already exists */ + for (i = 0; i < hist_data->n_var_refs; i++) { + ref_field = hist_data->var_refs[i]; + if (ref_field->var.idx == var_field->var.idx && + ref_field->var.hist_data == var_field->hist_data) { + get_hist_field(ref_field); + return ref_field; + } + } ref_field = create_hist_field(var_field->hist_data, NULL, flags, NULL); if (ref_field) { -- 2.24.1

5 years, 11 months

1
0
0 0

[for-linus][PATCH 3/5] tracing: trigger: Replace unneeded RCU-list traversals

by Steven Rostedt

From: Masami Hiramatsu <mhiramat(a)kernel.org> With CONFIG_PROVE_RCU_LIST, I had many suspicious RCU warnings when I ran ftracetest trigger testcases. ----- # dmesg -c > /dev/null # ./ftracetest test.d/trigger ... # dmesg | grep "RCU-list traversed" | cut -f 2 -d ] | cut -f 2 -d " " kernel/trace/trace_events_hist.c:6070 kernel/trace/trace_events_hist.c:1760 kernel/trace/trace_events_hist.c:5911 kernel/trace/trace_events_trigger.c:504 kernel/trace/trace_events_hist.c:1810 kernel/trace/trace_events_hist.c:3158 kernel/trace/trace_events_hist.c:3105 kernel/trace/trace_events_hist.c:5518 kernel/trace/trace_events_hist.c:5998 kernel/trace/trace_events_hist.c:6019 kernel/trace/trace_events_hist.c:6044 kernel/trace/trace_events_trigger.c:1500 kernel/trace/trace_events_trigger.c:1540 kernel/trace/trace_events_trigger.c:539 kernel/trace/trace_events_trigger.c:584 ----- I investigated those warnings and found that the RCU-list traversals in event trigger and hist didn't need to use RCU version because those were called only under event_mutex. I also checked other RCU-list traversals related to event trigger list, and found that most of them were called from event_hist_trigger_func() or hist_unregister_trigger() or register/unregister functions except for a few cases. Replace these unneeded RCU-list traversals with normal list traversal macro and lockdep_assert_held() to check the event_mutex is held. Link: http://lkml.kernel.org/r/157680910305.11685.15110237954275915782.stgit@devn… Cc: stable(a)vger.kernel.org Fixes: 30350d65ac567 ("tracing: Add variable support to hist triggers") Reviewed-by: Tom Zanussi <zanussi(a)kernel.org> Signed-off-by: Masami Hiramatsu <mhiramat(a)kernel.org> Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> --- kernel/trace/trace_events_hist.c | 41 +++++++++++++++++++++-------- kernel/trace/trace_events_trigger.c | 20 ++++++++++---- 2 files changed, 45 insertions(+), 16 deletions(-) diff --git a/kernel/trace/trace_events_hist.c b/kernel/trace/trace_events_hist.c index f62de5f43e79..d33b046f985a 100644 --- a/kernel/trace/trace_events_hist.c +++ b/kernel/trace/trace_events_hist.c @@ -1766,11 +1766,13 @@ static struct hist_field *find_var(struct hist_trigger_data *hist_data, struct event_trigger_data *test; struct hist_field *hist_field; + lockdep_assert_held(&event_mutex); + hist_field = find_var_field(hist_data, var_name); if (hist_field) return hist_field; - list_for_each_entry_rcu(test, &file->triggers, list) { + list_for_each_entry(test, &file->triggers, list) { if (test->cmd_ops->trigger_type == ETT_EVENT_HIST) { test_data = test->private_data; hist_field = find_var_field(test_data, var_name); @@ -1820,7 +1822,9 @@ static struct hist_field *find_file_var(struct trace_event_file *file, struct event_trigger_data *test; struct hist_field *hist_field; - list_for_each_entry_rcu(test, &file->triggers, list) { + lockdep_assert_held(&event_mutex); + + list_for_each_entry(test, &file->triggers, list) { if (test->cmd_ops->trigger_type == ETT_EVENT_HIST) { test_data = test->private_data; hist_field = find_var_field(test_data, var_name); @@ -3115,7 +3119,9 @@ static char *find_trigger_filter(struct hist_trigger_data *hist_data, { struct event_trigger_data *test; - list_for_each_entry_rcu(test, &file->triggers, list) { + lockdep_assert_held(&event_mutex); + + list_for_each_entry(test, &file->triggers, list) { if (test->cmd_ops->trigger_type == ETT_EVENT_HIST) { if (test->private_data == hist_data) return test->filter_str; @@ -3166,9 +3172,11 @@ find_compatible_hist(struct hist_trigger_data *target_hist_data, struct event_trigger_data *test; unsigned int n_keys; + lockdep_assert_held(&event_mutex); + n_keys = target_hist_data->n_fields - target_hist_data->n_vals; - list_for_each_entry_rcu(test, &file->triggers, list) { + list_for_each_entry(test, &file->triggers, list) { if (test->cmd_ops->trigger_type == ETT_EVENT_HIST) { hist_data = test->private_data; @@ -5528,7 +5536,7 @@ static int hist_show(struct seq_file *m, void *v) goto out_unlock; } - list_for_each_entry_rcu(data, &event_file->triggers, list) { + list_for_each_entry(data, &event_file->triggers, list) { if (data->cmd_ops->trigger_type == ETT_EVENT_HIST) hist_trigger_show(m, data, n++); } @@ -5921,7 +5929,9 @@ static int hist_register_trigger(char *glob, struct event_trigger_ops *ops, if (hist_data->attrs->name && !named_data) goto new; - list_for_each_entry_rcu(test, &file->triggers, list) { + lockdep_assert_held(&event_mutex); + + list_for_each_entry(test, &file->triggers, list) { if (test->cmd_ops->trigger_type == ETT_EVENT_HIST) { if (!hist_trigger_match(data, test, named_data, false)) continue; @@ -6005,10 +6015,12 @@ static bool have_hist_trigger_match(struct event_trigger_data *data, struct event_trigger_data *test, *named_data = NULL; bool match = false; + lockdep_assert_held(&event_mutex); + if (hist_data->attrs->name) named_data = find_named_trigger(hist_data->attrs->name); - list_for_each_entry_rcu(test, &file->triggers, list) { + list_for_each_entry(test, &file->triggers, list) { if (test->cmd_ops->trigger_type == ETT_EVENT_HIST) { if (hist_trigger_match(data, test, named_data, false)) { match = true; @@ -6026,10 +6038,12 @@ static bool hist_trigger_check_refs(struct event_trigger_data *data, struct hist_trigger_data *hist_data = data->private_data; struct event_trigger_data *test, *named_data = NULL; + lockdep_assert_held(&event_mutex); + if (hist_data->attrs->name) named_data = find_named_trigger(hist_data->attrs->name); - list_for_each_entry_rcu(test, &file->triggers, list) { + list_for_each_entry(test, &file->triggers, list) { if (test->cmd_ops->trigger_type == ETT_EVENT_HIST) { if (!hist_trigger_match(data, test, named_data, false)) continue; @@ -6051,10 +6065,12 @@ static void hist_unregister_trigger(char *glob, struct event_trigger_ops *ops, struct event_trigger_data *test, *named_data = NULL; bool unregistered = false; + lockdep_assert_held(&event_mutex); + if (hist_data->attrs->name) named_data = find_named_trigger(hist_data->attrs->name); - list_for_each_entry_rcu(test, &file->triggers, list) { + list_for_each_entry(test, &file->triggers, list) { if (test->cmd_ops->trigger_type == ETT_EVENT_HIST) { if (!hist_trigger_match(data, test, named_data, false)) continue; @@ -6080,7 +6096,9 @@ static bool hist_file_check_refs(struct trace_event_file *file) struct hist_trigger_data *hist_data; struct event_trigger_data *test; - list_for_each_entry_rcu(test, &file->triggers, list) { + lockdep_assert_held(&event_mutex); + + list_for_each_entry(test, &file->triggers, list) { if (test->cmd_ops->trigger_type == ETT_EVENT_HIST) { hist_data = test->private_data; if (check_var_refs(hist_data)) @@ -6323,7 +6341,8 @@ hist_enable_trigger(struct event_trigger_data *data, void *rec, struct enable_trigger_data *enable_data = data->private_data; struct event_trigger_data *test; - list_for_each_entry_rcu(test, &enable_data->file->triggers, list) { + list_for_each_entry_rcu(test, &enable_data->file->triggers, list, + lockdep_is_held(&event_mutex)) { if (test->cmd_ops->trigger_type == ETT_EVENT_HIST) { if (enable_data->enable) test->paused = false; diff --git a/kernel/trace/trace_events_trigger.c b/kernel/trace/trace_events_trigger.c index 2cd53ca21b51..40106fff06a4 100644 --- a/kernel/trace/trace_events_trigger.c +++ b/kernel/trace/trace_events_trigger.c @@ -501,7 +501,9 @@ void update_cond_flag(struct trace_event_file *file) struct event_trigger_data *data; bool set_cond = false; - list_for_each_entry_rcu(data, &file->triggers, list) { + lockdep_assert_held(&event_mutex); + + list_for_each_entry(data, &file->triggers, list) { if (data->filter || event_command_post_trigger(data->cmd_ops) || event_command_needs_rec(data->cmd_ops)) { set_cond = true; @@ -536,7 +538,9 @@ static int register_trigger(char *glob, struct event_trigger_ops *ops, struct event_trigger_data *test; int ret = 0; - list_for_each_entry_rcu(test, &file->triggers, list) { + lockdep_assert_held(&event_mutex); + + list_for_each_entry(test, &file->triggers, list) { if (test->cmd_ops->trigger_type == data->cmd_ops->trigger_type) { ret = -EEXIST; goto out; @@ -581,7 +585,9 @@ static void unregister_trigger(char *glob, struct event_trigger_ops *ops, struct event_trigger_data *data; bool unregistered = false; - list_for_each_entry_rcu(data, &file->triggers, list) { + lockdep_assert_held(&event_mutex); + + list_for_each_entry(data, &file->triggers, list) { if (data->cmd_ops->trigger_type == test->cmd_ops->trigger_type) { unregistered = true; list_del_rcu(&data->list); @@ -1497,7 +1503,9 @@ int event_enable_register_trigger(char *glob, struct event_trigger_data *test; int ret = 0; - list_for_each_entry_rcu(test, &file->triggers, list) { + lockdep_assert_held(&event_mutex); + + list_for_each_entry(test, &file->triggers, list) { test_enable_data = test->private_data; if (test_enable_data && (test->cmd_ops->trigger_type == @@ -1537,7 +1545,9 @@ void event_enable_unregister_trigger(char *glob, struct event_trigger_data *data; bool unregistered = false; - list_for_each_entry_rcu(data, &file->triggers, list) { + lockdep_assert_held(&event_mutex); + + list_for_each_entry(data, &file->triggers, list) { enable_data = data->private_data; if (enable_data && (data->cmd_ops->trigger_type == -- 2.24.1

5 years, 11 months

1
0
0 0

[PATCH 1/3] powerpc/tm: Clear the current thread's MSR[TS] after treclaim

by Gustavo Luiz Duarte

After a treclaim, we expect to be in non-transactional state. If we don't immediately clear the current thread's MSR[TS] and we get preempted, then tm_recheckpoint_new_task() will recheckpoint and we get rescheduled in suspended transaction state. When handling a signal caught in transactional state, handle_rt_signal64() calls get_tm_stackpointer() that treclaims the transaction using tm_reclaim_current() but without clearing the thread's MSR[TS]. This can cause the TM Bad Thing exception below if later we pagefault and get preempted trying to access the user's sigframe, using __put_user(). Afterwards, when we are rescheduled back into do_page_fault() (but now in suspended state since the thread's MSR[TS] was not cleared), upon executing 'rfid' after completion of the page fault handling, the exception is raised because a transition from suspended to non-transactional state is invalid. Unexpected TM Bad Thing exception at c00000000000de44 (msr 0x8000000302a03031) tm_scratch=800000010280b033 Oops: Unrecoverable exception, sig: 6 [#1] LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries Modules linked in: nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip6_tables ip_tables nft_compat ip_set nf_tables nfnetlink xts vmx_crypto sg virtio_balloon r_mod cdrom virtio_net net_failover virtio_blk virtio_scsi failover dm_mirror dm_region_hash dm_log dm_mod CPU: 25 PID: 15547 Comm: a.out Not tainted 5.4.0-rc2 #32 NIP: c00000000000de44 LR: c000000000034728 CTR: 0000000000000000 REGS: c00000003fe7bd70 TRAP: 0700 Not tainted (5.4.0-rc2) MSR: 8000000302a03031 <SF,VEC,VSX,FP,ME,IR,DR,LE,TM[SE]> CR: 44000884 XER: 00000000 CFAR: c00000000000dda4 IRQMASK: 0 PACATMSCRATCH: 800000010280b033 GPR00: c000000000034728 c000000f65a17c80 c000000001662800 00007fffacf3fd78 GPR04: 0000000000001000 0000000000001000 0000000000000000 c000000f611f8af0 GPR08: 0000000000000000 0000000078006001 0000000000000000 000c000000000000 GPR12: c000000f611f84b0 c00000003ffcb200 0000000000000000 0000000000000000 GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 GPR20: 0000000000000000 0000000000000000 0000000000000000 c000000f611f8140 GPR24: 0000000000000000 00007fffacf3fd68 c000000f65a17d90 c000000f611f7800 GPR28: c000000f65a17e90 c000000f65a17e90 c000000001685e18 00007fffacf3f000 NIP [c00000000000de44] fast_exception_return+0xf4/0x1b0 LR [c000000000034728] handle_rt_signal64+0x78/0xc50 Call Trace: [c000000f65a17c80] [c000000000034710] handle_rt_signal64+0x60/0xc50 (unreliable) [c000000f65a17d30] [c000000000023640] do_notify_resume+0x330/0x460 [c000000f65a17e20] [c00000000000dcc4] ret_from_except_lite+0x70/0x74 Instruction dump: 7c4ff120 e8410170 7c5a03a6 38400000 f8410060 e8010070 e8410080 e8610088 60000000 60000000 e8810090 e8210078 <4c000024> 48000000 e8610178 88ed0989 ---[ end trace 93094aa44b442f87 ]--- The simplified sequence of events that triggers the above exception is: ... # userspace in NON-TRANSACTIONAL state tbegin # userspace in TRANSACTIONAL state signal delivery # kernelspace in SUSPENDED state handle_rt_signal64() get_tm_stackpointer() treclaim # kernelspace in NON-TRANSACTIONAL state __put_user() page fault happens. We will never get back here because of the TM Bad Thing exception. page fault handling kicks in and we voluntarily preempt ourselves do_page_fault() __schedule() __switch_to(other_task) our task is rescheduled and we recheckpoint because the thread's MSR[TS] was not cleared __switch_to(our_task) switch_to_tm() tm_recheckpoint_new_task() trechkpt # kernelspace in SUSPENDED state The page fault handling resumes, but now we are in suspended transaction state do_page_fault() completes rfid <----- trying to get back where the page fault happened (we were non-transactional back then) TM Bad Thing # illegal transition from suspended to non-transactional This patch fixes that issue by clearing the current thread's MSR[TS] just after treclaim in get_tm_stackpointer() so that we stay in non-transactional state in case we are preempted. In order to make treclaim and clearing the thread's MSR[TS] atomic from a preemption perspective when CONFIG_PREEMPT is set, preempt_disable/enable() is used. It's also necessary to save the previous value of the thread's MSR before get_tm_stackpointer() is called so that it can be exposed to the signal handler later in setup_tm_sigcontexts() to inform the userspace MSR at the moment of the signal delivery. Found with tm-signal-context-force-tm kernel selftest on P8 KVM. Fixes: 2b0a576d15e0 ("powerpc: Add new transactional memory state to the signal context") Cc: stable(a)vger.kernel.org # v3.9 Signed-off-by: Gustavo Luiz Duarte <gustavold(a)linux.ibm.com> --- arch/powerpc/kernel/signal.c | 17 +++++++++++++++-- arch/powerpc/kernel/signal_32.c | 24 ++++++++++-------------- arch/powerpc/kernel/signal_64.c | 20 ++++++++------------ 3 files changed, 33 insertions(+), 28 deletions(-) diff --git a/arch/powerpc/kernel/signal.c b/arch/powerpc/kernel/signal.c index e6c30cee6abf..1660be1061ac 100644 --- a/arch/powerpc/kernel/signal.c +++ b/arch/powerpc/kernel/signal.c @@ -200,14 +200,27 @@ unsigned long get_tm_stackpointer(struct task_struct *tsk) * normal/non-checkpointed stack pointer. */ + unsigned long ret = tsk->thread.regs->gpr[1]; + #ifdef CONFIG_PPC_TRANSACTIONAL_MEM BUG_ON(tsk != current); if (MSR_TM_ACTIVE(tsk->thread.regs->msr)) { + preempt_disable(); tm_reclaim_current(TM_CAUSE_SIGNAL); if (MSR_TM_TRANSACTIONAL(tsk->thread.regs->msr)) - return tsk->thread.ckpt_regs.gpr[1]; + ret = tsk->thread.ckpt_regs.gpr[1]; + + /* If we treclaim, we must immediately clear the current + * thread's TM bits. Otherwise we might be preempted and have + * the live MSR[TS] changed behind our back + * (tm_recheckpoint_new_task() would recheckpoint). + * Besides, we enter the signal handler in non-transactional + * state. + */ + tsk->thread.regs->msr &= ~MSR_TS_MASK; + preempt_enable(); } #endif - return tsk->thread.regs->gpr[1]; + return ret; } diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c index 98600b276f76..132a092cd170 100644 --- a/arch/powerpc/kernel/signal_32.c +++ b/arch/powerpc/kernel/signal_32.c @@ -489,19 +489,11 @@ static int save_user_regs(struct pt_regs *regs, struct mcontext __user *frame, */ static int save_tm_user_regs(struct pt_regs *regs, struct mcontext __user *frame, - struct mcontext __user *tm_frame, int sigret) + struct mcontext __user *tm_frame, int sigret, + unsigned long msr) { - unsigned long msr = regs->msr; - WARN_ON(tm_suspend_disabled); - /* Remove TM bits from thread's MSR. The MSR in the sigcontext - * just indicates to userland that we were doing a transaction, but we - * don't want to return in transactional state. This also ensures - * that flush_fp_to_thread won't set TIF_RESTORE_TM again. - */ - regs->msr &= ~MSR_TS_MASK; - /* Save both sets of general registers */ if (save_general_regs(&current->thread.ckpt_regs, frame) || save_general_regs(regs, tm_frame)) @@ -912,6 +904,8 @@ int handle_rt_signal32(struct ksignal *ksig, sigset_t *oldset, int sigret; unsigned long tramp; struct pt_regs *regs = tsk->thread.regs; + /* Save the thread's msr before get_tm_stackpointer() changes it */ + unsigned long msr = regs->msr; BUG_ON(tsk != current); @@ -944,13 +938,13 @@ int handle_rt_signal32(struct ksignal *ksig, sigset_t *oldset, #ifdef CONFIG_PPC_TRANSACTIONAL_MEM tm_frame = &rt_sf->uc_transact.uc_mcontext; - if (MSR_TM_ACTIVE(regs->msr)) { + if (MSR_TM_ACTIVE(msr)) { if (__put_user((unsigned long)&rt_sf->uc_transact, &rt_sf->uc.uc_link) || __put_user((unsigned long)tm_frame, &rt_sf->uc_transact.uc_regs)) goto badframe; - if (save_tm_user_regs(regs, frame, tm_frame, sigret)) + if (save_tm_user_regs(regs, frame, tm_frame, sigret, msr)) goto badframe; } else @@ -1369,6 +1363,8 @@ int handle_signal32(struct ksignal *ksig, sigset_t *oldset, int sigret; unsigned long tramp; struct pt_regs *regs = tsk->thread.regs; + /* Save the thread's msr before get_tm_stackpointer() changes it */ + unsigned long msr = regs->msr; BUG_ON(tsk != current); @@ -1402,9 +1398,9 @@ int handle_signal32(struct ksignal *ksig, sigset_t *oldset, #ifdef CONFIG_PPC_TRANSACTIONAL_MEM tm_mctx = &frame->mctx_transact; - if (MSR_TM_ACTIVE(regs->msr)) { + if (MSR_TM_ACTIVE(msr)) { if (save_tm_user_regs(regs, &frame->mctx, &frame->mctx_transact, - sigret)) + sigret, msr)) goto badframe; } else diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c index 117515564ec7..e5b5f9738056 100644 --- a/arch/powerpc/kernel/signal_64.c +++ b/arch/powerpc/kernel/signal_64.c @@ -192,7 +192,8 @@ static long setup_sigcontext(struct sigcontext __user *sc, static long setup_tm_sigcontexts(struct sigcontext __user *sc, struct sigcontext __user *tm_sc, struct task_struct *tsk, - int signr, sigset_t *set, unsigned long handler) + int signr, sigset_t *set, unsigned long handler, + unsigned long msr) { /* When CONFIG_ALTIVEC is set, we _always_ setup v_regs even if the * process never used altivec yet (MSR_VEC is zero in pt_regs of @@ -207,12 +208,11 @@ static long setup_tm_sigcontexts(struct sigcontext __user *sc, elf_vrreg_t __user *tm_v_regs = sigcontext_vmx_regs(tm_sc); #endif struct pt_regs *regs = tsk->thread.regs; - unsigned long msr = tsk->thread.regs->msr; long err = 0; BUG_ON(tsk != current); - BUG_ON(!MSR_TM_ACTIVE(regs->msr)); + BUG_ON(!MSR_TM_ACTIVE(msr)); WARN_ON(tm_suspend_disabled); @@ -222,13 +222,6 @@ static long setup_tm_sigcontexts(struct sigcontext __user *sc, */ msr |= tsk->thread.ckpt_regs.msr & (MSR_FP | MSR_VEC | MSR_VSX); - /* Remove TM bits from thread's MSR. The MSR in the sigcontext - * just indicates to userland that we were doing a transaction, but we - * don't want to return in transactional state. This also ensures - * that flush_fp_to_thread won't set TIF_RESTORE_TM again. - */ - regs->msr &= ~MSR_TS_MASK; - #ifdef CONFIG_ALTIVEC err |= __put_user(v_regs, &sc->v_regs); err |= __put_user(tm_v_regs, &tm_sc->v_regs); @@ -824,6 +817,8 @@ int handle_rt_signal64(struct ksignal *ksig, sigset_t *set, unsigned long newsp = 0; long err = 0; struct pt_regs *regs = tsk->thread.regs; + /* Save the thread's msr before get_tm_stackpointer() changes it */ + unsigned long msr = regs->msr; BUG_ON(tsk != current); @@ -841,7 +836,7 @@ int handle_rt_signal64(struct ksignal *ksig, sigset_t *set, err |= __put_user(0, &frame->uc.uc_flags); err |= __save_altstack(&frame->uc.uc_stack, regs->gpr[1]); #ifdef CONFIG_PPC_TRANSACTIONAL_MEM - if (MSR_TM_ACTIVE(regs->msr)) { + if (MSR_TM_ACTIVE(msr)) { /* The ucontext_t passed to userland points to the second * ucontext_t (for transactional state) with its uc_link ptr. */ @@ -849,7 +844,8 @@ int handle_rt_signal64(struct ksignal *ksig, sigset_t *set, err |= setup_tm_sigcontexts(&frame->uc.uc_mcontext, &frame->uc_transact.uc_mcontext, tsk, ksig->sig, NULL, - (unsigned long)ksig->ka.sa.sa_handler); + (unsigned long)ksig->ka.sa.sa_handler, + msr); } else #endif { -- 2.21.0

5 years, 11 months

3
2
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror