Commit Graph

1137688 Commits

Author SHA1 Message Date
wuqiang 3b7ddab8a1 kprobes: kretprobe events missing on 2-core KVM guest
Default value of maxactive is set as num_possible_cpus() for nonpreemptable
systems. For a 2-core system, only 2 kretprobe instances would be allocated
in default, then these 2 instances for execve kretprobe are very likely to
be used up with a pipelined command.

Here's the testcase: a shell script was added to crontab, and the content
of the script is:

  #!/bin/sh
  do_something_magic `tr -dc a-z < /dev/urandom | head -c 10`

cron will trigger a series of program executions (4 times every hour). Then
events loss would be noticed normally after 3-4 hours of testings.

The issue is caused by a burst of series of execve requests. The best number
of kretprobe instances could be different case by case, and should be user's
duty to determine, but num_possible_cpus() as the default value is inadequate
especially for systems with small number of cpus.

This patch enables the logic for preemption as default, thus increases the
minimum of maxactive to 10 for nonpreemptable systems.

Link: https://lore.kernel.org/all/20221110081502.492289-1-wuqiang.matt@bytedance.com/

Signed-off-by: wuqiang <wuqiang.matt@bytedance.com>
Reviewed-by: Solar Designer <solar@openwall.com>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
2022-12-15 08:48:40 +09:00
Li Huafei 0c76ef3f26 kprobes: Fix check for probe enabled in kill_kprobe()
In kill_kprobe(), the check whether disarm_kprobe_ftrace() needs to be
called always fails. This is because before that we set the
KPROBE_FLAG_GONE flag for kprobe so that "!kprobe_disabled(p)" is always
false.

The disarm_kprobe_ftrace() call introduced by commit:

  0cb2f1372b ("kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler")

to fix the NULL pointer reference problem. When the probe is enabled, if
we do not disarm it, this problem still exists.

Fix it by putting the probe enabled check before setting the
KPROBE_FLAG_GONE flag.

Link: https://lore.kernel.org/all/20221126114316.201857-1-lihuafei1@huawei.com/

Fixes: 3031313eb3 ("kprobes: Fix to check probe enabled before disarm_kprobe_ftrace()")
Signed-off-by: Li Huafei <lihuafei1@huawei.com>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Reviewed-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
2022-11-28 21:20:47 +09:00
Li Hua 63a4dc0a0b test_kprobes: Fix implicit declaration error of test_kprobes
If KPROBES_SANITY_TEST and ARCH_CORRECT_STACKTRACE_ON_KRETPROBE is enabled, but
STACKTRACE is not set. Build failed as below:

lib/test_kprobes.c: In function ‘stacktrace_return_handler’:
lib/test_kprobes.c:228:8: error: implicit declaration of function ‘stack_trace_save’; did you mean ‘stacktrace_driver’? [-Werror=implicit-function-declaration]
  ret = stack_trace_save(stack_buf, STACK_BUF_SIZE, 0);
        ^~~~~~~~~~~~~~~~
        stacktrace_driver
cc1: all warnings being treated as errors
scripts/Makefile.build:250: recipe for target 'lib/test_kprobes.o' failed
make[2]: *** [lib/test_kprobes.o] Error 1

To fix this error, Select STACKTRACE if ARCH_CORRECT_STACKTRACE_ON_KRETPROBE is enabled.

Link: https://lore.kernel.org/all/20221121030620.63181-1-hucool.lihua@huawei.com/

Fixes: 1f6d3a8f5e ("kprobes: Add a test case for stacktrace from kretprobe handler")
Cc: stable@vger.kernel.org
Signed-off-by: Li Hua <hucool.lihua@huawei.com>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
2022-11-24 00:43:15 +09:00
Steven Rostedt (Google) d5f30a7da8 tracing: Fix race where eprobes can be called before the event
The flag that tells the event to call its triggers after reading the event
is set for eprobes after the eprobe is enabled. This leads to a race where
the eprobe may be triggered at the beginning of the event where the record
information is NULL. The eprobe then dereferences the NULL record causing
a NULL kernel pointer bug.

Test for a NULL record to keep this from happening.

Link: https://lore.kernel.org/linux-trace-kernel/20221116192552.1066630-1-rafaelmendsr@gmail.com/
Link: https://lore.kernel.org/all/20221117214249.2addbe10@gandalf.local.home/

Cc: stable@vger.kernel.org
Fixes: 7491e2c442 ("tracing: Add a probe that attaches to trace events")
Reported-by: Rafael Mendonca <rafaelmendsr@gmail.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
2022-11-24 00:42:18 +09:00
Masami Hiramatsu (Google) 40adaf51cb tracing/eprobe: Fix eprobe filter to make a filter correctly
Since the eprobe filter was defined based on the eprobe's trace event
itself, it doesn't work correctly. Use the original trace event of
the eprobe when making the filter so that the filter works correctly.

Without this fix:

 # echo 'e syscalls/sys_enter_openat \
	flags_rename=$flags:u32 if flags < 1000' >> dynamic_events
 # echo 1 > events/eprobes/sys_enter_openat/enable
[  114.551550] event trace: Could not enable event sys_enter_openat
-bash: echo: write error: Invalid argument

With this fix:
 # echo 'e syscalls/sys_enter_openat \
	flags_rename=$flags:u32 if flags < 1000' >> dynamic_events
 # echo 1 > events/eprobes/sys_enter_openat/enable
 # tail trace
cat-241     [000] ...1.   266.498449: sys_enter_openat: (syscalls.sys_enter_openat) flags_rename=0
cat-242     [000] ...1.   266.977640: sys_enter_openat: (syscalls.sys_enter_openat) flags_rename=0

Link: https://lore.kernel.org/all/166823166395.1385292.8931770640212414483.stgit@devnote3/

Fixes: 752be5c5c9 ("tracing/eprobe: Add eprobe filter support")
Reported-by: Rafael Mendonca <rafaelmendsr@gmail.com>
Tested-by: Rafael Mendonca <rafaelmendsr@gmail.com>
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
2022-11-18 10:15:34 +09:00
Rafael Mendonca 342a4a2f99 tracing/eprobe: Fix warning in filter creation
The filter pointer (filterp) passed to create_filter() function must be a
pointer that references a NULL pointer, otherwise, we get a warning when
adding a filter option to the event probe:

root@localhost:/sys/kernel/tracing# echo 'e:egroup/stat_runtime_4core sched/sched_stat_runtime \
        runtime=$runtime:u32 if cpu < 4' >> dynamic_events
[ 5034.340439] ------------[ cut here ]------------
[ 5034.341258] WARNING: CPU: 0 PID: 223 at kernel/trace/trace_events_filter.c:1939 create_filter+0x1db/0x250
[...] stripped
[ 5034.345518] RIP: 0010:create_filter+0x1db/0x250
[...] stripped
[ 5034.351604] Call Trace:
[ 5034.351803]  <TASK>
[ 5034.351959]  ? process_preds+0x1b40/0x1b40
[ 5034.352241]  ? rcu_read_lock_bh_held+0xd0/0xd0
[ 5034.352604]  ? kasan_set_track+0x29/0x40
[ 5034.352904]  ? kasan_save_alloc_info+0x1f/0x30
[ 5034.353264]  create_event_filter+0x38/0x50
[ 5034.353573]  __trace_eprobe_create+0x16f4/0x1d20
[ 5034.353964]  ? eprobe_dyn_event_release+0x360/0x360
[ 5034.354363]  ? mark_held_locks+0xa6/0xf0
[ 5034.354684]  ? _raw_spin_unlock_irqrestore+0x35/0x60
[ 5034.355105]  ? trace_hardirqs_on+0x41/0x120
[ 5034.355417]  ? _raw_spin_unlock_irqrestore+0x35/0x60
[ 5034.355751]  ? __create_object+0x5b7/0xcf0
[ 5034.356027]  ? lock_is_held_type+0xaf/0x120
[ 5034.356362]  ? rcu_read_lock_bh_held+0xb0/0xd0
[ 5034.356716]  ? rcu_read_lock_bh_held+0xd0/0xd0
[ 5034.357084]  ? kasan_set_track+0x29/0x40
[ 5034.357411]  ? kasan_save_alloc_info+0x1f/0x30
[ 5034.357715]  ? __kasan_kmalloc+0xb8/0xc0
[ 5034.357985]  ? write_comp_data+0x2f/0x90
[ 5034.358302]  ? __sanitizer_cov_trace_pc+0x25/0x60
[ 5034.358691]  ? argv_split+0x381/0x460
[ 5034.358949]  ? write_comp_data+0x2f/0x90
[ 5034.359240]  ? eprobe_dyn_event_release+0x360/0x360
[ 5034.359620]  trace_probe_create+0xf6/0x110
[ 5034.359940]  ? trace_probe_match_command_args+0x240/0x240
[ 5034.360376]  eprobe_dyn_event_create+0x21/0x30
[ 5034.360709]  create_dyn_event+0xf3/0x1a0
[ 5034.360983]  trace_parse_run_command+0x1a9/0x2e0
[ 5034.361297]  ? dyn_event_release+0x500/0x500
[ 5034.361591]  dyn_event_write+0x39/0x50
[ 5034.361851]  vfs_write+0x311/0xe50
[ 5034.362091]  ? dyn_event_seq_next+0x40/0x40
[ 5034.362376]  ? kernel_write+0x5b0/0x5b0
[ 5034.362637]  ? write_comp_data+0x2f/0x90
[ 5034.362937]  ? __sanitizer_cov_trace_pc+0x25/0x60
[ 5034.363258]  ? ftrace_syscall_enter+0x544/0x840
[ 5034.363563]  ? write_comp_data+0x2f/0x90
[ 5034.363837]  ? __sanitizer_cov_trace_pc+0x25/0x60
[ 5034.364156]  ? write_comp_data+0x2f/0x90
[ 5034.364468]  ? write_comp_data+0x2f/0x90
[ 5034.364770]  ksys_write+0x158/0x2a0
[ 5034.365022]  ? __ia32_sys_read+0xc0/0xc0
[ 5034.365344]  __x64_sys_write+0x7c/0xc0
[ 5034.365669]  ? syscall_enter_from_user_mode+0x53/0x70
[ 5034.366084]  do_syscall_64+0x60/0x90
[ 5034.366356]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 5034.366767] RIP: 0033:0x7ff0b43938f3
[...] stripped
[ 5034.371892]  </TASK>
[ 5034.374720] ---[ end trace 0000000000000000 ]---

Link: https://lore.kernel.org/all/20221108202148.1020111-1-rafaelmendsr@gmail.com/

Fixes: 752be5c5c9 ("tracing/eprobe: Add eprobe filter support")
Signed-off-by: Rafael Mendonca <rafaelmendsr@gmail.com>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
2022-11-18 10:15:34 +09:00
Li Huafei 5dd7caf0bd kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case
In __unregister_kprobe_top(), if the currently unregistered probe has
post_handler but other child probes of the aggrprobe do not have
post_handler, the post_handler of the aggrprobe is cleared. If this is
a ftrace-based probe, there is a problem. In later calls to
disarm_kprobe(), we will use kprobe_ftrace_ops because post_handler is
NULL. But we're armed with kprobe_ipmodify_ops. This triggers a WARN in
__disarm_kprobe_ftrace() and may even cause use-after-free:

  Failed to disarm kprobe-ftrace at kernel_clone+0x0/0x3c0 (error -2)
  WARNING: CPU: 5 PID: 137 at kernel/kprobes.c:1135 __disarm_kprobe_ftrace.isra.21+0xcf/0xe0
  Modules linked in: testKprobe_007(-)
  CPU: 5 PID: 137 Comm: rmmod Not tainted 6.1.0-rc4-dirty #18
  [...]
  Call Trace:
   <TASK>
   __disable_kprobe+0xcd/0xe0
   __unregister_kprobe_top+0x12/0x150
   ? mutex_lock+0xe/0x30
   unregister_kprobes.part.23+0x31/0xa0
   unregister_kprobe+0x32/0x40
   __x64_sys_delete_module+0x15e/0x260
   ? do_user_addr_fault+0x2cd/0x6b0
   do_syscall_64+0x3a/0x90
   entry_SYSCALL_64_after_hwframe+0x63/0xcd
   [...]

For the kprobe-on-ftrace case, we keep the post_handler setting to
identify this aggrprobe armed with kprobe_ipmodify_ops. This way we
can disarm it correctly.

Link: https://lore.kernel.org/all/20221112070000.35299-1-lihuafei1@huawei.com/

Fixes: 0bc11ed5ab ("kprobes: Allow kprobes coexist with livepatch")
Reported-by: Zhao Gongyi <zhaogongyi@huawei.com>
Suggested-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Li Huafei <lihuafei1@huawei.com>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
2022-11-18 10:15:34 +09:00
Yi Yang 0a1ebe35cb rethook: fix a potential memleak in rethook_alloc()
In rethook_alloc(), the variable rh is not freed or passed out
if handler is NULL, which could lead to a memleak, fix it.

Link: https://lore.kernel.org/all/20221110104438.88099-1-yiyang13@huawei.com/
[Masami: Add "rethook:" tag to the title.]

Fixes: 54ecbe6f1e ("rethook: Add a generic return hook")
Cc: stable@vger.kernel.org
Signed-off-by: Yi Yang <yiyang13@huawei.com>
Acke-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
2022-11-18 10:15:34 +09:00
Rafael Mendonca d1776c0202 tracing/eprobe: Fix memory leak of filter string
The filter string doesn't get freed when a dynamic event is deleted. If a
filter is set, then memory is leaked:

root@localhost:/sys/kernel/tracing# echo 'e:egroup/stat_runtime_4core \
        sched/sched_stat_runtime runtime=$runtime:u32 if cpu < 4' >> dynamic_events
root@localhost:/sys/kernel/tracing# echo "-:egroup/stat_runtime_4core"  >> dynamic_events
root@localhost:/sys/kernel/tracing# echo scan > /sys/kernel/debug/kmemleak
[  224.416373] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak)
root@localhost:/sys/kernel/tracing# cat /sys/kernel/debug/kmemleak
unreferenced object 0xffff88810156f1b8 (size 8):
  comm "bash", pid 224, jiffies 4294935612 (age 55.800s)
  hex dump (first 8 bytes):
    63 70 75 20 3c 20 34 00                          cpu < 4.
  backtrace:
    [<000000009f880725>] __kmem_cache_alloc_node+0x18e/0x720
    [<0000000042492946>] __kmalloc+0x57/0x240
    [<0000000034ea7995>] __trace_eprobe_create+0x1214/0x1d30
    [<00000000d70ef730>] trace_probe_create+0xf6/0x110
    [<00000000915c7b16>] eprobe_dyn_event_create+0x21/0x30
    [<000000000d894386>] create_dyn_event+0xf3/0x1a0
    [<00000000e9af57d5>] trace_parse_run_command+0x1a9/0x2e0
    [<0000000080777f18>] dyn_event_write+0x39/0x50
    [<0000000089f0ec73>] vfs_write+0x311/0xe50
    [<000000003da1bdda>] ksys_write+0x158/0x2a0
    [<00000000bb1e616e>] __x64_sys_write+0x7c/0xc0
    [<00000000e8aef1f7>] do_syscall_64+0x60/0x90
    [<00000000fe7fe8ba>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

Additionally, in __trace_eprobe_create() function, if an error occurs after
the call to trace_eprobe_parse_filter(), which allocates the filter string,
then memory is also leaked. That can be reproduced by creating the same
event probe twice:

root@localhost:/sys/kernel/tracing# echo 'e:egroup/stat_runtime_4core \
        sched/sched_stat_runtime runtime=$runtime:u32 if cpu < 4' >> dynamic_events
root@localhost:/sys/kernel/tracing# echo 'e:egroup/stat_runtime_4core \
        sched/sched_stat_runtime runtime=$runtime:u32 if cpu < 4' >> dynamic_events
-bash: echo: write error: File exists
root@localhost:/sys/kernel/tracing# echo scan > /sys/kernel/debug/kmemleak
[  207.871584] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak)
root@localhost:/sys/kernel/tracing# cat /sys/kernel/debug/kmemleak
unreferenced object 0xffff8881020d17a8 (size 8):
  comm "bash", pid 223, jiffies 4294938308 (age 31.000s)
  hex dump (first 8 bytes):
    63 70 75 20 3c 20 34 00                          cpu < 4.
  backtrace:
    [<000000000e4f5f31>] __kmem_cache_alloc_node+0x18e/0x720
    [<0000000024f0534b>] __kmalloc+0x57/0x240
    [<000000002930a28e>] __trace_eprobe_create+0x1214/0x1d30
    [<0000000028387903>] trace_probe_create+0xf6/0x110
    [<00000000a80d6a9f>] eprobe_dyn_event_create+0x21/0x30
    [<000000007168698c>] create_dyn_event+0xf3/0x1a0
    [<00000000f036bf6a>] trace_parse_run_command+0x1a9/0x2e0
    [<00000000014bde8b>] dyn_event_write+0x39/0x50
    [<0000000078a097f7>] vfs_write+0x311/0xe50
    [<00000000996cb208>] ksys_write+0x158/0x2a0
    [<00000000a3c2acb0>] __x64_sys_write+0x7c/0xc0
    [<0000000006b5d698>] do_syscall_64+0x60/0x90
    [<00000000780e8ecf>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

Fix both issues by releasing the filter string in
trace_event_probe_cleanup().

Link: https://lore.kernel.org/all/20221108235738.1021467-1-rafaelmendsr@gmail.com/

Fixes: 752be5c5c9 ("tracing/eprobe: Add eprobe filter support")
Signed-off-by: Rafael Mendonca <rafaelmendsr@gmail.com>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
2022-11-18 10:15:34 +09:00
Shang XiaoJing 22ea4ca963 tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit()
When test_gen_kprobe_cmd() failed after kprobe_event_gen_cmd_end(), it
will goto delete, which will call kprobe_event_delete() and release the
corresponding resource. However, the trace_array in gen_kretprobe_test
will point to the invalid resource. Set gen_kretprobe_test to NULL
after called kprobe_event_delete() to prevent null-ptr-deref.

BUG: kernel NULL pointer dereference, address: 0000000000000070
PGD 0 P4D 0
Oops: 0000 [#1] SMP PTI
CPU: 0 PID: 246 Comm: modprobe Tainted: G        W
6.1.0-rc1-00174-g9522dc5c87da-dirty #248
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014
RIP: 0010:__ftrace_set_clr_event_nolock+0x53/0x1b0
Code: e8 82 26 fc ff 49 8b 1e c7 44 24 0c ea ff ff ff 49 39 de 0f 84 3c
01 00 00 c7 44 24 18 00 00 00 00 e8 61 26 fc ff 48 8b 6b 10 <44> 8b 65
70 4c 8b 6d 18 41 f7 c4 00 02 00 00 75 2f
RSP: 0018:ffffc9000159fe00 EFLAGS: 00010293
RAX: 0000000000000000 RBX: ffff88810971d268 RCX: 0000000000000000
RDX: ffff8881080be600 RSI: ffffffff811b48ff RDI: ffff88810971d058
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000001
R10: ffffc9000159fe58 R11: 0000000000000001 R12: ffffffffa0001064
R13: ffffffffa000106c R14: ffff88810971d238 R15: 0000000000000000
FS:  00007f89eeff6540(0000) GS:ffff88813b600000(0000)
knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000070 CR3: 000000010599e004 CR4: 0000000000330ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __ftrace_set_clr_event+0x3e/0x60
 trace_array_set_clr_event+0x35/0x50
 ? 0xffffffffa0000000
 kprobe_event_gen_test_exit+0xcd/0x10b [kprobe_event_gen_test]
 __x64_sys_delete_module+0x206/0x380
 ? lockdep_hardirqs_on_prepare+0xd8/0x190
 ? syscall_enter_from_user_mode+0x1c/0x50
 do_syscall_64+0x3f/0x90
 entry_SYSCALL_64_after_hwframe+0x63/0xcd
RIP: 0033:0x7f89eeb061b7

Link: https://lore.kernel.org/all/20221108015130.28326-3-shangxiaojing@huawei.com/

Fixes: 64836248dd ("tracing: Add kprobe event command generation test module")
Signed-off-by: Shang XiaoJing <shangxiaojing@huawei.com>
Cc: stable@vger.kernel.org
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
2022-11-18 10:15:34 +09:00
Shang XiaoJing e0d75267f5 tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit()
When trace_get_event_file() failed, gen_kretprobe_test will be assigned
as the error code. If module kprobe_event_gen_test is removed now, the
null pointer dereference will happen in kprobe_event_gen_test_exit().
Check if gen_kprobe_test or gen_kretprobe_test is error code or NULL
before dereference them.

BUG: kernel NULL pointer dereference, address: 0000000000000012
PGD 0 P4D 0
Oops: 0000 [#1] SMP PTI
CPU: 3 PID: 2210 Comm: modprobe Not tainted
6.1.0-rc1-00171-g2159299a3b74-dirty #217
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014
RIP: 0010:kprobe_event_gen_test_exit+0x1c/0xb5 [kprobe_event_gen_test]
Code: Unable to access opcode bytes at 0xffffffff9ffffff2.
RSP: 0018:ffffc900015bfeb8 EFLAGS: 00010246
RAX: ffffffffffffffea RBX: ffffffffa0002080 RCX: 0000000000000000
RDX: ffffffffa0001054 RSI: ffffffffa0001064 RDI: ffffffffdfc6349c
RBP: ffffffffa0000000 R08: 0000000000000004 R09: 00000000001e95c0
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000800
R13: ffffffffa0002420 R14: 0000000000000000 R15: 0000000000000000
FS:  00007f56b75be540(0000) GS:ffff88813bc00000(0000)
knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffff9ffffff2 CR3: 000000010874a006 CR4: 0000000000330ee0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __x64_sys_delete_module+0x206/0x380
 ? lockdep_hardirqs_on_prepare+0xd8/0x190
 ? syscall_enter_from_user_mode+0x1c/0x50
 do_syscall_64+0x3f/0x90
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Link: https://lore.kernel.org/all/20221108015130.28326-2-shangxiaojing@huawei.com/

Fixes: 64836248dd ("tracing: Add kprobe event command generation test module")
Signed-off-by: Shang XiaoJing <shangxiaojing@huawei.com>
Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
2022-11-18 10:15:33 +09:00
Steven Rostedt (Google) 31029a8b2c ring-buffer: Include dropped pages in counting dirty patches
The function ring_buffer_nr_dirty_pages() was created to find out how many
pages are filled in the ring buffer. There's two running counters. One is
incremented whenever a new page is touched (pages_touched) and the other
is whenever a page is read (pages_read). The dirty count is the number
touched minus the number read. This is used to determine if a blocked task
should be woken up if the percentage of the ring buffer it is waiting for
is hit.

The problem is that it does not take into account dropped pages (when the
new writes overwrite pages that were not read). And then the dirty pages
will always be greater than the percentage.

This makes the "buffer_percent" file inaccurate, as the number of dirty
pages end up always being larger than the percentage, event when it's not
and this causes user space to be woken up more than it wants to be.

Add a new counter to keep track of lost pages, and include that in the
accounting of dirty pages so that it is actually accurate.

Link: https://lkml.kernel.org/r/20221021123013.55fb6055@gandalf.local.home

Fixes: 2c2b0a78b3 ("ring-buffer: Add percentage of ring buffer full to wake up reader")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
2022-11-16 18:08:29 -05:00
Steven Rostedt (Google) 42fb0a1e84 tracing/ring-buffer: Have polling block on watermark
Currently the way polling works on the ring buffer is broken. It will
return immediately if there's any data in the ring buffer whereas a read
will block until the watermark (defined by the tracefs buffer_percent file)
is hit.

That is, a select() or poll() will return as if there's data available,
but then the following read will block. This is broken for the way
select()s and poll()s are supposed to work.

Have the polling on the ring buffer also block the same way reads and
splice does on the ring buffer.

Link: https://lkml.kernel.org/r/20221020231427.41be3f26@gandalf.local.home

Cc: Linux Trace Kernel <linux-trace-kernel@vger.kernel.org>
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Primiano Tucci <primiano@google.com>
Cc: stable@vger.kernel.org
Fixes: 1e0d6714ac ("ring-buffer: Do not wake up a splice waiter when page is not full")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
2022-11-16 17:13:04 -05:00
Linus Torvalds 094226ad94 Linux 6.1-rc5 2022-11-13 13:12:55 -08:00
Linus Torvalds af7a056891 - fix jump label branch range check
- check kmalloc failures in Loongson64 kexec
 - fix builds with clang-14
 - fix char/int handling in pic32
 -----BEGIN PGP SIGNATURE-----
 
 iQJOBAABCAA4FiEEbt46xwy6kEcDOXoUeZbBVTGwZHAFAmNw8WkaHHRzYm9nZW5k
 QGFscGhhLmZyYW5rZW4uZGUACgkQeZbBVTGwZHCdPQ//a3bRPpetxO3Feg4ETBxd
 bsk4Zu9YEwwXzghBRAV09iAwuI/0sw79g8I49zAW1yOO5L0Y8UJGybpoxdhXEwhB
 yX5yWrh+oM4ktwX5uJGD0r+q1GH4bqM245L08g0Ry3u19aux9LdhH3rMC4XZOb+Q
 L6op6TALI+zv6O4+7RTY/kKxOds/So6D3ZuZUoy3DF0EYj8ij4eXQ8w/HNz/wYqo
 tmgoYM6JT+E6jDRGFoMtj4bUnC1tt3aTBMYSiHw+fMTRFn7p/pWnMBMbsfN8WY4Q
 qUTPTZj28s0azgWqar5yoGbVYqnDKEzTuSMxIScNlyf2jmOecC1WcEJIxqEOmRui
 fPrBNffeR88bG1qofUeBE9ctoOqf20pcCUQrFYdCA51R6dDa1Pamn3gwql2Df6/Y
 7AUSUSl/1mWQv4vt1+QQ87Jwi9nteJ7LomPspKBTRFE6okLa0XVVSViCDqrwS0lj
 QgGdkgzSHn2wDd4+tc5NNDMhjW4df/u52+MH62J8S4CnextNtfMKacPuwidARABn
 acT1oVkInUM5bBvEEuaK++tuFDixfse0eQSnUlq7FoIIjm0nKDUIYEWgClzFdJRT
 i5ErRIFPTcJd2UUM1d8dQ9F8A/5q54UBHvDiTtD3Fet2+YqaFww+6FYid8qXWYkg
 mW+DHzZaxyPrd8cV2v4Ka1M=
 =OtmI
 -----END PGP SIGNATURE-----

Merge tag 'mips-fixes_6.1_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux

Pull MIPS fixes from Thomas Bogendoerfer:

 - fix jump label branch range check

 - check kmalloc failures in Loongson64 kexec

 - fix builds with clang-14

 - fix char/int handling in pic32

* tag 'mips-fixes_6.1_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux:
  MIPS: pic32: treat port as signed integer
  MIPS: jump_label: Fix compat branch range check
  mips: alchemy: gpio: Include the right header
  MIPS: Loongson64: Add WARN_ON on kexec related kmalloc failed
  MIPS: fix duplicate definitions for exported symbols
  mips: boot/compressed: use __NO_FORTIFY
2022-11-13 07:57:33 -08:00
Linus Torvalds ab57bc6f02 Third batch of EFI fixes for v6.1
- Force the use of SetVirtualAddressMap() on Ampera Altra arm64
   machines, which crash in SetTime() if no virtual remapping is used
 - Drop a spurious warning on misaligned runtime regions when using 16k
   or 64k pages on arm64
 -----BEGIN PGP SIGNATURE-----
 
 iQGzBAABCgAdFiEE+9lifEBpyUIVN1cpw08iOZLZjyQFAmNvduwACgkQw08iOZLZ
 jySmkgv9GTFJUWJY1JWsQZf2OB+Ui2JAVCPJVbLGzDxWEFY/z+mgAcC6rJ6+T0Ju
 9fNNBnFXeSq5bOPqGFcBOsLxHcP1KpNQHNKHjFUv9RovQGiMD29Fl3kT8XiuqtsB
 SJcilTJs+J6umBOX+yQ1oho0P5eq/LkvDW3AFxzxrHAl/k9U0eePLIBAgIXS8Iuf
 wZP3b2Bqt0z9b6JBFBKmXlLTC1WGdoVPmcXc2n+6O3c4MxUrZnbDk9Ou8vA1sCy5
 JO4GlU0qvHercsZwcRRcdsKeQPpXIeDDOklUkicxsuYVhi7ipIfLdYsMwFkxGp22
 IhXfxfV8OyJm71uD4z7EJAIgZibG86UQlh3Lib5846xYAGbZiUx3CaiiPBgHXgeV
 PUy4FtYPlf0u8epC2QWKC3FGRIpkcAVwmZPnNvXV+NFg1wzd2B1dGFJajvCKfW93
 joBsdWLUZABj5bNtSyLlaswT6gHt58w6PkHaqwi3mQaZs0oNt01iLbZCMy33y4A+
 +jhAY/FE
 =sWO/
 -----END PGP SIGNATURE-----

Merge tag 'efi-fixes-for-v6.1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi

Pull EFI fixes from Ard Biesheuvel:

 - Force the use of SetVirtualAddressMap() on Ampera Altra arm64
   machines, which crash in SetTime() if no virtual remapping is used

   This is the first time we've added an SMBIOS based quirk on arm64,
   but fortunately, we can just call a EFI protocol to grab the type #1
   SMBIOS record when running in the stub, so we don't need all the
   machinery we have in the kernel proper to parse SMBIOS data.

 - Drop a spurious warning on misaligned runtime regions when using 16k
   or 64k pages on arm64

* tag 'efi-fixes-for-v6.1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi:
  arm64: efi: Fix handling of misaligned runtime regions and drop warning
  arm64: efi: Force the use of SetVirtualAddressMap() on Altra machines
2022-11-13 07:52:22 -08:00
Linus Torvalds fef7fd4892 SCSI fixes on 20221112
Three small fixes, all in drivers.  The sas one is in an unlikely
 error leg, the debug one is to make it more standards conformant and
 the ibmvfc one is to fix a user visible bug where a failover could
 lose all paths to the device.
 
 Signed-off-by: James E.J. Bottomley <jejb@linux.ibm.com>
 -----BEGIN PGP SIGNATURE-----
 
 iJwEABMIAEQWIQTnYEDbdso9F2cI+arnQslM7pishQUCY2+0+iYcamFtZXMuYm90
 dG9tbGV5QGhhbnNlbnBhcnRuZXJzaGlwLmNvbQAKCRDnQslM7pishXfTAQCxqdCV
 jb6MSs0IqB/EtTWYhq6znt6Tz4f544+esrtn+wEAxD5G8+6p7hbKi9GzPz4vLke4
 sTT3xTOd4I2iLaaM3p0=
 =v1jf
 -----END PGP SIGNATURE-----

Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi

Pull SCSI fixes from James Bottomley:
 "Three small fixes, all in drivers.

  The sas one is in an unlikely error leg, the debug one is to make it
  more standards conformant and the ibmvfc one is to fix a user visible
  bug where a failover could lose all paths to the device"

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC
  scsi: scsi_transport_sas: Fix error handling in sas_phy_add()
  scsi: ibmvfc: Avoid path failures during live migration
2022-11-12 09:27:15 -08:00
Linus Torvalds f95077acac Additional sound fix for 6.1-rc5
This contains a regression fix for the latest memalloc helper change.
 -----BEGIN PGP SIGNATURE-----
 
 iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAmNvXmoOHHRpd2FpQHN1
 c2UuZGUACgkQLtJE4w1nLE8xuw//fsXClcYR8PhY6TEMc1NvSJkVC0AsWNLQ3eMs
 YpiEBgzHn99YPGZx5cIiTES1e3HI0OgibnWEvF60rizjPeDELL1mJLAuupxjwRsE
 m1XsOuJ9AXDWdcwHZ/9Nh5A394El8fGo5au8IkOREMhHaMgwkWE7mVfl6h26qY8w
 0F6//MLuFNEuyWXAeZk9QqtYUpfIBf8xBGFkL0fa5dtTQ0NsqwGmoQx/WArk7E6U
 HrVL+x1mwZaK+8gSrbFdaAew8dxF1CAdk1XOVFiN8nvnN+Zvl7P1/WwU1u9FyAIC
 tcV7zqklv4oKGH2iRZzT+3TGDT5HN0ylzMKc0EAuBGKgveuw1BUIJo9QZ7frturh
 FCv/iOly1UP9lHFqoCrgBq4192gNwO2YNoLP3991iHVFliq9wS2Kk5QjGpVk49Z6
 6ujZlq8lvGgf+9/dEwfAxQmd2GjGU1fcg86e8trrgFaE5ESphyLWposLEPAxVQ+6
 EB1aeiLPrweS7IQ4qC6KHiS5tG6TZR3DUmKbjmwLB8+T/UALkcRY6wj8P0u9kUdH
 XWLrKmUv2ExysR0Pd2Hu2dMm2XX3fs5WgAtfRYrcNT2zKUemhbwIYubBkd9F6deb
 CMI8MomWOLC5KqEbNuOvMVOTavyPNFVh0LxVnwy2SK1rgxvwW1CfZaJFy1/noWqf
 GK4AdhY=
 =sSea
 -----END PGP SIGNATURE-----

Merge tag 'sound-fix-6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

Pull additional sound fix from Takashi Iwai:
 "A regression fix for the latest memalloc helper change"

* tag 'sound-fix-6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ALSA: memalloc: Try dma_alloc_noncontiguous() at first
2022-11-12 09:23:32 -08:00
Takashi Iwai 9d8e536d36 ALSA: memalloc: Try dma_alloc_noncontiguous() at first
The latest fix for the non-contiguous memalloc helper changed the
allocation method for a non-IOMMU system to use only the fallback
allocator.  This should have worked, but it caused a problem sometimes
when too many non-contiguous pages are allocated that can't be treated
by HD-audio controller.

As a quirk workaround, go back to the original strategy: use
dma_alloc_noncontiguous() at first, and apply the fallback only when
it fails, but only for non-IOMMU case.

We'll need a better fix in the fallback code as well, but this
workaround should paper over most cases.

Fixes: 9736a32513 ("ALSA: memalloc: Don't fall back for SG-buffer with IOMMU")
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Link: https://lore.kernel.org/r/CAHk-=wgSH5ubdvt76gNwa004ooZAEJL_1Q-Fyw5M2FDdqL==dg@mail.gmail.com
Link: https://lore.kernel.org/r/20221112084718.3305-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2022-11-12 09:48:51 +01:00
Linus Torvalds 8f2975c2bb ata fixes for 6.1-rc5
Several libata generic code fixes for rc5:
 
  - Add missing translation of the SYNCHRONIZE CACHE 16 scsi command as
    this command is mandatory for host-managed ZBC drives. The lack of
    support for it in libata-scsi was causing issues with some
    passthrough applications using ZBC drives (from Shin'ichiro).
 
  - Fix the error path of libata-transport host, port, link and device
    attributes initialization (from Yingliang).
 
  - Prevent issuing new commands to a drive that is in the NCQ error
    state and undergoing recovery (From Niklas). This bug went unnoticed
    for a long time as commands issued to a drive in error state are
    aborted immediately and retried by the scsi layer, hiding the useless
    abort-and-retry sequence.
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYKAB0WIQSRPv8tYSvhwAzJdzjdoc3SxdoYdgUCY2747wAKCRDdoc3SxdoY
 dto2APwMUungXAkvlc+GuvSxkgbu/0ERcaATs9l5doYAcQ2jPQD/fE6gpSaE5e3X
 RGm7egQrhkTUhoZnWmHtMdHCx2QgZQ4=
 =Cj/q
 -----END PGP SIGNATURE-----

Merge tag 'ata-6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/libata

Pull ata fixes from Damien Le Moal:
 "Several libata generic code fixes for rc5:

   - Add missing translation of the SYNCHRONIZE CACHE 16 scsi command as
     this command is mandatory for host-managed ZBC drives.

     The lack of support for it in libata-scsi was causing issues with
     some passthrough applications using ZBC drives (from Shin'ichiro).

   - Fix the error path of libata-transport host, port, link and device
     attributes initialization (from Yingliang).

   - Prevent issuing new commands to a drive that is in the NCQ error
     state and undergoing recovery (From Niklas).

     This bug went unnoticed for a long time as commands issued to a
     drive in error state are aborted immediately and retried by the
     scsi layer, hiding the useless abort-and-retry sequence"

* tag 'ata-6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/dlemoal/libata:
  ata: libata-core: do not issue non-internal commands once EH is pending
  ata: libata-transport: fix error handling in ata_tdev_add()
  ata: libata-transport: fix error handling in ata_tlink_add()
  ata: libata-transport: fix error handling in ata_tport_add()
  ata: libata-transport: fix double ata_host_put() in ata_tport_add()
  ata: libata-scsi: fix SYNCHRONIZE CACHE (16) command failure
2022-11-11 20:27:13 -08:00
Linus Torvalds d7c2b1f64e 22 hotfixes. 8 are cc:stable and the remainder address issues which were
introduced post-6.0 or which aren't considered serious enough to justify a
 -stable backport.
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYKAB0WIQTTMBEPP41GrTpTJgfdBJ7gKXxAjgUCY27xPAAKCRDdBJ7gKXxA
 juFXAP4tSmfNDrT6khFhV0l4cS43bluErVNLh32RfXBqse8GYgEA5EPvZkOssLqY
 86ejRXFgAArxYC4caiNURUQL+IASvQo=
 =YVOx
 -----END PGP SIGNATURE-----

Merge tag 'mm-hotfixes-stable-2022-11-11' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm

Pull misc hotfixes from Andrew Morton:
 "22 hotfixes.

  Eight are cc:stable and the remainder address issues which were
  introduced post-6.0 or which aren't considered serious enough to
  justify a -stable backport"

* tag 'mm-hotfixes-stable-2022-11-11' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm: (22 commits)
  docs: kmsan: fix formatting of "Example report"
  mm/damon/dbgfs: check if rm_contexts input is for a real context
  maple_tree: don't set a new maximum on the node when not reusing nodes
  maple_tree: fix depth tracking in maple_state
  arch/x86/mm/hugetlbpage.c: pud_huge() returns 0 when using 2-level paging
  fs: fix leaked psi pressure state
  nilfs2: fix use-after-free bug of ns_writer on remount
  x86/traps: avoid KMSAN bugs originating from handle_bug()
  kmsan: make sure PREEMPT_RT is off
  Kconfig.debug: ensure early check for KMSAN in CONFIG_KMSAN_WARN
  x86/uaccess: instrument copy_from_user_nmi()
  kmsan: core: kmsan_in_runtime() should return true in NMI context
  mm: hugetlb_vmemmap: include missing linux/moduleparam.h
  mm/shmem: use page_mapping() to detect page cache for uffd continue
  mm/memremap.c: map FS_DAX device memory as decrypted
  Partly revert "mm/thp: carry over dirty bit when thp splits on pmd"
  nilfs2: fix deadlock in nilfs_count_free_blocks()
  mm/mmap: fix memory leak in mmap_region()
  hugetlbfs: don't delete error page from pagecache
  maple_tree: reorganize testing to restore module testing
  ...
2022-11-11 17:18:42 -08:00
Linus Torvalds 5ad6e7ba98 arm64 fixes:
- Another fix for rodata=full. Since rodata= is not a simple boolean on
   arm64 (accepting 'full' as well), it got inadvertently broken by
   changes in the core code. If rodata=on is the default and rodata=off
   is passed on the kernel command line, rodata_full is never disabled.
 
 - Fix gcc compiler warning of shifting 0xc0 into bits 31:24 without an
   explicit conversion to u32 (triggered by the AMPERE1 MIDR definition).
 
 - Include asm/ptrace.h in asm/syscall_wrapper.h to fix an incomplete
   struct pt_regs type causing the BPF verifier to refuse to load a
   tracing program which accesses pt_regs.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEE5RElWfyWxS+3PLO2a9axLQDIXvEFAmNu1ZQACgkQa9axLQDI
 XvHdaQ/+NmdLFZuAbajhpV3NTmiC6oJmPZ9oGKxtBRGoHmH6WxoyB1X3Dj9ZMGBc
 qZ1mUohHHwf+xWtX85aPUx4aJKImFuqSOU4MF5gectzXFEr4jR2nx5CYBaRmG+0d
 axAUHIID4xWozid79KFUR46myG9GhTv8EGMlrY9VKY2GsFSD/EtNTQZhq+ISc05N
 SQAkHN3iiIJhitgTtxxA2jQ8sEOvq41N4VRj4trNUnAp5Gis4nnl9KGpcayN/60z
 8/9IGwcaLpnQnlf74E74y53Tfq8ZHSpiNcl3J5Mk1eMNrbkFePakyH/OtpHHYiZ0
 /Y1cqUqvK2oZODE1Ro4mBMFLq3+lFMedla5S0jZtjApYnJ8MmUqFQwvJHIn0K02h
 oH1OstQtYLUINTF3k1+TaYnmFjenx1eOJ/tdLjkcgI9WFbAYcqu1Z4bcO0HR0fqj
 7d7HKCElHg+KIQBTfDtLvO1lNRvdpZYWe5uN3ItzPpYqrah4haHPJXPxcxVChkMv
 A445kWMX5pV7CTNzlkrGgWjWkF8EwJ+lgr/xASrpHPxW80cZ7b+eg2lFkU0fptsz
 FoHdUduGDB91hHo/k0Adx2gaS37SNOcBczr/1xFcId1ZpcxWwuBM1JeEDz1ccRDR
 P9qKykOn6sQ8ykQGDIlyY9Hgaz8KgihT2VDixRyY0NNGq0XO4LM=
 =W6FH
 -----END PGP SIGNATURE-----

Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux

Pull arm64 fixes from Catalin Marinas:

 - Another fix for rodata=full. Since rodata= is not a simple boolean on
   arm64 (accepting 'full' as well), it got inadvertently broken by
   changes in the core code. If rodata=on is the default and rodata=off
   is passed on the kernel command line, rodata_full is never disabled

 - Fix gcc compiler warning of shifting 0xc0 into bits 31:24 without an
   explicit conversion to u32 (triggered by the AMPERE1 MIDR definition)

 - Include asm/ptrace.h in asm/syscall_wrapper.h to fix an incomplete
   struct pt_regs type causing the BPF verifier to refuse to load a
   tracing program which accesses pt_regs

* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
  arm64/syscall: Include asm/ptrace.h in syscall_wrapper header.
  arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro
  arm64: fix rodata=full again
2022-11-11 17:10:13 -08:00
Niklas Cassel e20e81a24a ata: libata-core: do not issue non-internal commands once EH is pending
While the ATA specification states that a device should return command
aborted for all commands queued after the device has entered error state,
since ATA only keeps the sense data for the latest command (in non-NCQ
case), we really don't want to send block layer commands to the device
after it has entered error state. (Only ATA EH commands should be sent,
to read the sense data etc.)

Currently, scsi_queue_rq() will check if scsi_host_in_recovery()
(state is SHOST_RECOVERY), and if so, it will _not_ issue a command via:
scsi_dispatch_cmd() -> host->hostt->queuecommand() (ata_scsi_queuecmd())
-> __ata_scsi_queuecmd() -> ata_scsi_translate() -> ata_qc_issue()

Before commit e494f6a728 ("[SCSI] improved eh timeout handler"),
when receiving a TFES error IRQ, the call chain looked like this:
ahci_error_intr() -> ata_port_abort() -> ata_do_link_abort() ->
ata_qc_complete() -> ata_qc_schedule_eh() -> blk_abort_request() ->
blk_rq_timed_out() -> q->rq_timed_out_fn() (scsi_times_out()) ->
scsi_eh_scmd_add() -> scsi_host_set_state(shost, SHOST_RECOVERY)

Which meant that as soon as an error IRQ was serviced, SHOST_RECOVERY
would be set.

However, after commit e494f6a728 ("[SCSI] improved eh timeout handler"),
scsi_times_out() will instead call scsi_abort_command() which will queue
delayed work, and the worker function scmd_eh_abort_handler() will call
scsi_eh_scmd_add(), which calls scsi_host_set_state(shost, SHOST_RECOVERY).

So now, after the TFES error IRQ has been serviced, we need to wait for
the SCSI workqueue to run its work before SHOST_RECOVERY gets set.

It is worth noting that, even before commit e494f6a728 ("[SCSI] improved
eh timeout handler"), we could receive an error IRQ from the time when
scsi_queue_rq() checks scsi_host_in_recovery(), to the time when
ata_scsi_queuecmd() is actually called.

In order to handle both the delayed setting of SHOST_RECOVERY and the
window where we can receive an error IRQ, add a check against
ATA_PFLAG_EH_PENDING (which gets set when servicing the error IRQ),
inside ata_scsi_queuecmd() itself, while holding the ap->lock.
(Since the ap->lock is held while servicing IRQs.)

Fixes: e494f6a728 ("[SCSI] improved eh timeout handler")
Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Tested-by: John Garry <john.g.garry@oracle.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
2022-11-12 07:51:06 +09:00
Linus Torvalds b0b6e2c9d3 block-6.1-2022-11-11
-----BEGIN PGP SIGNATURE-----
 
 iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmNuaacQHGF4Ym9lQGtl
 cm5lbC5kawAKCRD301j7KXHgpiHOD/wMxAiJcZfhTUakXuJnOOdNqgOzIkTOw1u9
 BHS23p8FwwaESevpTOEiGHh9DVRGBzDJknwsAf/YoHV5CA3BvhlW8I2zHp8ybzWD
 Mq9LLK/waifYo0/5eWdEG2b4cH1kXeK9n377RWi+LstL+C7X/+0w6Q0wBTV5SxNF
 mWHfhnomtTz1A0qcxgSkyIuJOoUQ5iH9LZvoOze+kIiJf0S7C2/oKfBKuXO8iPxI
 wt76qMlb1+uNTuTLVHpZDbF11df7wYSrTZIfYBH5hYZ5KefM3cHUSgedoBbOb3Gy
 2TdctzWyjxBhUKeeZxkWgV3kJ3ha0hQ5lRxvy8R9uYs8NMxfhe2lfoyJmU1NtEvm
 xNIs1sRRYQ8BpnVOdwPRPVqmpGCauGj9I7W8KEOEzvGdUFN1TIpEucIfRL3mg88w
 8/4JCDi10PNRpyc1G1bb/vqXF11iX2YI8Fr9M+R9oW8V28qdMFBob5MK+TTCBGDL
 2lQHx0wCZMK3dUiLLv0mqFPcrK9v1mxpBBwpPGkzGf/FvmB00aV1n02Bo8prCD/d
 tY/aghHviDPkpaR0MJ4+MHllloZR+gbcxYfGbpdDUrN8ZVYRMIzi8NrwwPb98zqB
 d6CX8BPevi3/azjORf/I/v7egTSTRhH/JHBw7derANhPd7OSWLQfjhIHDhZoYs/q
 wsuIlnJOyA==
 =lEq0
 -----END PGP SIGNATURE-----

Merge tag 'block-6.1-2022-11-11' of git://git.kernel.dk/linux

Pull block fixes from Jens Axboe:

 - NVMe pull request via Christoph:
        - Quiet user passthrough command errors (Keith Busch)
        - Fix memory leak in nvmet_subsys_attr_model_store_locked
        - Fix a memory leak in nvmet-auth (Sagi Grimberg)

 - Fix a potential NULL point deref in bfq (Yu)

 - Allocate command/response buffers separately for DMA for sed-opal,
   rather than rely on embedded alignment (Serge)

* tag 'block-6.1-2022-11-11' of git://git.kernel.dk/linux:
  nvmet: fix a memory leak
  nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked
  nvme: quiet user passthrough command errors
  block: sed-opal: kmalloc the cmd/resp buffers
  block, bfq: fix null pointer dereference in bfq_bio_bfqg()
2022-11-11 14:08:30 -08:00
Linus Torvalds 4e6b2b2e4f io_uring-6.1-2022-11-11
-----BEGIN PGP SIGNATURE-----
 
 iQJEBAABCAAuFiEEwPw5LcreJtl1+l5K99NY+ylx4KYFAmNuf4IQHGF4Ym9lQGtl
 cm5lbC5kawAKCRD301j7KXHgppvMD/9K2kFcAiD85QmRoIgwlIRM604KZ6aGXqk3
 BjTavxfB+3DJcb82FHywBF5DC0sUtrBOTn7+DJpf13lb4L2DZY1lfLkRL7SKHSs5
 o1z+1uLcBtZtGCq5M+yhpxbAzJ2kNWdRe+FutSA6wiz03ATXTwo2qE1MLaw1jxap
 DowK08DUtLNaFNoEGdpW8iub9ql1OVWWZdOaxZmVJkdPWeWMD6Zaqwi/MeyNv0aY
 KbVpYHa2AGxGY6+2krLpL09kqYlW++UvFsofM6RJrHTlLyBdYKvM2Z+Tv9I6w81s
 ZerVl5srC2pVj1K0isO7A25GTVIVzI9im/GCzStNTasFtlzW85CwLEcDS8T679bY
 I0P+Wl3ZoLJztChrcSufiAaOfJIichML7H3h/iEkSE51+9cBr42fqJO64dc+s/Bi
 OGmaFowYgJgOClzpAJ2upd2aNu4sLiR2DUb3qdHDpcio9bfpIme1Do1yB94kRR//
 yIFrs47PW+JumE90iKJPnDRHWrl3dVUK27MqkAWSBuvOkBjKxLBSVHIARs1lGWy1
 25y4atEMaEYnvjC3ATwM0WX0LY+5jCVqOXyfMPAMmEZ7WDbER7FfGxnnmw/pwka7
 D4CiSWn5H2Jp9Lq7HiblgYucXXNCPYgSx9JiXnY/KBpARaKUIXuTOq2PuJ/FW4UG
 dsJap0W2rw==
 =s8Z1
 -----END PGP SIGNATURE-----

Merge tag 'io_uring-6.1-2022-11-11' of git://git.kernel.dk/linux

Pull io_uring fixes from Jens Axboe:
 "Nothing major, just a few minor tweaks:

   - Tweak for the TCP zero-copy io_uring self test (Pavel)

   - Rather than use our internal cached value of number of CQ events
     available, use what the user can see (Dylan)

   - Fix a typo in a comment, added in this release (me)

   - Don't allow wrapping while adding provided buffers (me)

   - Fix a double poll race, and add a lockdep assertion for it too
     (Pavel)"

* tag 'io_uring-6.1-2022-11-11' of git://git.kernel.dk/linux:
  io_uring/poll: lockdep annote io_poll_req_insert_locked
  io_uring/poll: fix double poll req->flags races
  io_uring: check for rollover of buffer ID when providing buffers
  io_uring: calculate CQEs from the user visible value
  io_uring: fix typo in io_uring.h comment
  selftests/net: don't tests batched TCP io_uring zc
2022-11-11 14:02:44 -08:00
Linus Torvalds f5020a08b2 s390 updates for 6.1-rc5
- fix memcpy warning about field-spanning write in zcrypt driver.
 
 - minor updates to defconfigs.
 
 - Remove CONFIG_DEBUG_INFO_BTF from all defconfigs and add btf.config
   addon config file. It significantly decreases compile time and allows
   quickly enabling that option into the current kernel config.
 
 - Add kasan.config addon config file which allows to easily enable
   KASAN into the current kernel config.
 
 - binutils commit 906f69cf65da ("IBM zSystems: Issue error for *DBL
   relocs on misaligned symbols") caused several link errors.
   Always build relocatable kernel to avoid this problem.
 
 - Raise the minimum clang version to 15.0.0 to avoid silent generation
   of a corrupted code.
 -----BEGIN PGP SIGNATURE-----
 
 iI0EABYIADUWIQQrtrZiYVkVzKQcYivNdxKlNrRb8AUCY2566RccYWdvcmRlZXZA
 bGludXguaWJtLmNvbQAKCRDNdxKlNrRb8M0nAQDRrcyOb3BILKYNlYkb9H8Cw/0x
 TMl/zEqcjD14XBGXXAD+L6M9nNuWd8GKLYzE7AxEeQ80kAQLqUPGGxhjc09hqAI=
 =gkiM
 -----END PGP SIGNATURE-----

Merge tag 's390-6.1-4' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux

Pull s390 fixes from Alexander Gordeev:

 - fix memcpy warning about field-spanning write in zcrypt driver

 - minor updates to defconfigs

 - remove CONFIG_DEBUG_INFO_BTF from all defconfigs and add btf.config
   addon config file. It significantly decreases compile time and allows
   quickly enabling that option into the current kernel config

 - add kasan.config addon config file which allows to easily enable
   KASAN into the current kernel config

 - binutils commit 906f69cf65da ("IBM zSystems: Issue error for *DBL
   relocs on misaligned symbols") caused several link errors. Always
   build relocatable kernel to avoid this problem

 - raise the minimum clang version to 15.0.0 to avoid silent generation
   of a corrupted code

* tag 's390-6.1-4' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
  scripts/min-tool-version.sh: raise minimum clang version to 15.0.0 for s390
  s390: always build relocatable kernel
  s390/configs: add kasan.config addon config file
  s390/configs: move CONFIG_DEBUG_INFO_BTF into btf.config addon config
  s390: update defconfigs
  s390/zcrypt: fix warning about field-spanning write
2022-11-11 11:49:20 -08:00
Linus Torvalds df65494ffb kernel hardening fix for v6.1-rc5
- Fix !SMP placement of '.data..decrypted' section (Nathan Chancellor)
 -----BEGIN PGP SIGNATURE-----
 
 iQJKBAABCgA0FiEEpcP2jyKd1g9yPm4TiXL039xtwCYFAmNulf0WHGtlZXNjb29r
 QGNocm9taXVtLm9yZwAKCRCJcvTf3G3AJgwiEACzB6Fkfie23zwzgSNOOGKa4El6
 nGbkPFLrMgXDkndiLso6b4ZfNHJz6HplG3l2x1b/GVIWw81d7SH33nqCDqTISeTH
 1B1/mHtwsQH4oPbu2VX5IpRfAF9kHl3FpraYFUgBD3/uOXaSzsHHa3iogrWUsch4
 Q384VIGe9gzB7Lp44K0ZkS3bgaOjsmewYBpg2Nd5TPVSGuMp/zKDeOlDCZSkUPMJ
 za83iuuKfaIs8tsQiUZvYR5oZ4pU3gxe0SrwJGQ291TTlXBrRxH03gAjdbkdqkyw
 68Gg42BnItVKbGvl83slIVyqONStuxKdhWc74milebsecBKHzg8FKZPfaWBgA1ZR
 02aVpu4ibSgaOvKiq88WF6zqWG4kmaP4tgY5csvY8r4gM+JfBjqg+R5vEhieC7Li
 pTkhfQ5llsLwinWjrpKE5eK6BA/mxls92zLHeh2ZrCVXCC12cbUs12qurVjaHgO3
 5bbPStekBz+vQEvophOlQLFkQE1dIgJuQe0t5GtKGtF9p2bydSzhQXYWI2GhJj4+
 t5zLMkghL/1iZW+NDCu80crGMLUiTg5Vm/QXEkOAzBj54OY/RRJ2GwdBMQHNwtwB
 a+r9IoxDVv6FE3g3kP+pic+Xl3yJ2XAXROd7R+PuAnwFANDzVXvHM7T1K5ZsBTxN
 IY8blJJIOXFbU6LXEA==
 =faOj
 -----END PGP SIGNATURE-----

Merge tag 'hardening-v6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux

Pull kernel hardening fix from Kees Cook:

 - Fix !SMP placement of '.data..decrypted' section (Nathan Chancellor)

* tag 'hardening-v6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  vmlinux.lds.h: Fix placement of '.data..decrypted' section
2022-11-11 11:41:02 -08:00
Linus Torvalds f9bbe0c99e Fixes:
- Fix an export leak
 - Fix a potential tracepoint crash
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEKLLlsBKG3yQ88j7+M2qzM29mf5cFAmNuZA4ACgkQM2qzM29m
 f5fqphAAsxlP4niwGd9AQsQnHGymyutwCHetj0YIyYIyCP7alHVf69h4oEe4kp5H
 Xg9H996MySXEaHbjnvHQ4VtUmaQBvpLeSXpA5ChnOeU9V8WbvSBGxEYGWojQqO8k
 qk9wG2hNzAixh91IhICtnTEaIWwM1S6R/A8ytm2vz/PtWXzHcTtLKSZ30jayBXog
 svumLaD9PSMdhspVRsTFVRjbEReaQqcB588YPKylfv68DNfGRWAU+EhE0TJXkfoW
 32STWIxiSHPj9wv3xtWgel01L3IkhLlWiSALcN1m6Lk/5U5/NWF+LTNcBdrQU1rl
 /mMYwfz/pruie5w0TRAepdBq1tniY1RVtFr/h59uihdM844uL7xYtkpKgPvHQGeQ
 e8YroIhGFl5kJ93S9EtJLiJ768d71SFXymXa3YK5SW1YzaMBrDhpr6zWkmDIe4Fv
 Z5MFY3AENvsvADQKzPZqJXJLU+3Y81oVQknrUAJIkDxHMWO9a/Bxyv7u1Wk0jk+N
 A5nRiYfl0tL1ByRjhp60uKCYeE8XcTnrkwqCtLgDyKPt9Uu42MhSLtny8fF/1Aoh
 dmMh/XkaVAEE8PEDoS1q/UEspSe/22MBu9Qkum1eekBIRpSj+y6ydE+/X1aYD4Du
 dTaMewtlqloUWtw6At5VHz5wKgTLZfBLE0aNOPkY2+krHQ7gRwU=
 =QAjx
 -----END PGP SIGNATURE-----

Merge tag 'nfsd-6.1-4' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux

Pull nfsd fixes from Chuck Lever:

 - Fix an export leak

 - Fix a potential tracepoint crash

* tag 'nfsd-6.1-4' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux:
  nfsd: put the export reference in nfsd4_verify_deleg_dentry
  nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint
2022-11-11 11:28:26 -08:00
Linus Torvalds e2559b7912 \n
-----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEq1nRK9aeMoq1VSgcnJ2qBz9kQNkFAmNuXpMACgkQnJ2qBz9k
 QNl5Vwf/b33TuakZY+m8IwUpYeZDKmFEmo/zxWV8QApx4Mi5R3tOZghjox1GEa6K
 cmSCe8aQ830iYfuJN2Hy+bliRt0gQDZfzTS8HmJfdDmRHfp7RA8IepEKz+NjeHhI
 xgX0KuTvrK3pcHfK0eALHGcSJPm4Q4MEUGGgTn7PU8fix1oJR/TRUIQqYO5aJEqS
 rSoLGjlsr6a2k/RGDGSy2yRH3dw2wXE7nwL6Ria+N6vYa3bX/RjSAPG8whaSxyog
 xzPYY5ZLROW51zYEkF0gRcqfDLn3poYh8AocMqlRhJaKKtst7B4GO2+Mm03j8rlk
 XiJQrNo4lLfNLozRvWQwxzRNvrEYSg==
 =5xuL
 -----END PGP SIGNATURE-----

Merge tag 'fixes_for_v6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs

Pull UDF fix from Jan Kara:
 "Fix a possible memory corruption with UDF"

* tag 'fixes_for_v6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs:
  udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
2022-11-11 11:25:27 -08:00
Linus Torvalds eb037f16f7 perf tools fixes for v6.1: 2nd batch
- Fix 'perf stat' crash with --per-node --metric-only in CSV mode, due
   to the AGGR_NODE slot in the 'aggr_header_csv' array not being set.
 
 - Fix printing prefix in CSV output of 'perf stat' metrics in interval
   mode (-I), where an extra separator was being added to the start of
   some lines.
 
 - Fix skipping branch stack sampling 'perf test' entry, that was using
   both --branch-any and --branch-filter, which can't be used together.
 
 Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iHUEABYKAB0WIQR2GiIUctdOfX2qHhGyPKLppCJ+JwUCY20xXwAKCRCyPKLppCJ+
 J9bEAP4w0TRqn0f+ZGmw/7dxiNfwWqYGapP+2T4ZyYQ0UfexRAEAuqV8LwBh2+7j
 f6fZ0krLN7roRY4+VEsOUJCjppz4XwM=
 =ATWj
 -----END PGP SIGNATURE-----

Merge tag 'perf-tools-fixes-for-v6.1-2-2022-11-10' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux

Pull perf tools fixes from Arnaldo Carvalho de Melo:

 - Fix 'perf stat' crash with --per-node --metric-only in CSV mode, due
   to the AGGR_NODE slot in the 'aggr_header_csv' array not being set.

 - Fix printing prefix in CSV output of 'perf stat' metrics in interval
   mode (-I), where an extra separator was being added to the start of
   some lines.

 - Fix skipping branch stack sampling 'perf test' entry, that was using
   both --branch-any and --branch-filter, which can't be used together.

* tag 'perf-tools-fixes-for-v6.1-2-2022-11-10' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux:
  perf tools: Add the include/perf/ directory to .gitignore
  perf test: Fix skipping branch stack sampling test
  perf stat: Fix printing os->prefix in CSV metrics output
  perf stat: Fix crash with --per-node --metric-only in CSV mode
2022-11-11 09:45:30 -08:00
Linus Torvalds 991f173cd2 RISC-V Fixes for 6.1-rc5
* A fix to add the missing PWM LEDs into the  SiFive HiFive Unleashed
   device tree.
 * A fix to fully clear a task's registers on creation, as they end up in
   userspace and thus leak kernel memory.
 * A pair of VDSO-related build fixes that manifest on recent LLVM-based
   toolchains.
 * A fix to our early init to ensure the DT is adequately processed
   before reserved memory nodes are processed.
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCAAxFiEEKzw3R0RoQ7JKlDp6LhMZ81+7GIkFAmNuex4THHBhbG1lckBk
 YWJiZWx0LmNvbQAKCRAuExnzX7sYiUm5D/94ElBfEEH1Si2qwzfk5Vwxap0Jsjwj
 BA7GHito1P22P4yHlvXnMyPvjnl3f0/Cc7Q6O5+J8HvnR9FWeu97s84oBJU/Thkt
 D9pd68nknY/HPZ1P5eb4gzBUwo2D6WWn4ISk2uoa8XAJ9EKfhylnYbn32rzyRerj
 p8HFT1lP71mryLCr0FsxEOdqtBl7+41/Htd/jxEA+lwJtHJ3F3Yk+TnaeCzebGjT
 kg5vwTzNwgkl7o4rlLsBv3d/Oz8kvLZh7V9qsZ9Ta//ZNpCGw0PMOwzxCKSYS6C0
 ZK342BRThsqxAjc2y1QtKOzFBPzEECzbgSSixFiEVXY4qpDY4ZlojXEOxRLevMjl
 KpLJL4e3wXpfyknZXLeIPIh0tFzHnuWrgliBVwa5CO4hYXhxWRY+qzh6LTqypx/W
 ewvuQ1auxmFFB6U6RHEXWuUv5mtzymXVT8lcHltpGcpGvxcbvnSw9SYtXTM6Sz5d
 DzEtEpgCZTx9MEp981FJ+uMYs4mGtURRDqqKZzeLOiBmXe8r7wfqnTIyosW1/f8V
 aXYJB90yMX5QvVJPKJHocphaKbNl75ywF8z0JSdnilO8CKJMJ6elJ9KleiJGJGFc
 zFWyFVPt18Eg+w+r4vMGmH2tz+hlaaZ+sOOGFExeM7KRU18WhP4MMVLgJiaLtoul
 UUX63X1wx7S2JA==
 =EHH7
 -----END PGP SIGNATURE-----

Merge tag 'riscv-for-linus-6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux

Pull RISC-V fixes from Palmer Dabbelt:

 - A fix to add the missing PWM LEDs into the SiFive HiFive Unleashed
   device tree.

 - A fix to fully clear a task's registers on creation, as they end up
   in userspace and thus leak kernel memory.

 - A pair of VDSO-related build fixes that manifest on recent LLVM-based
   toolchains.

 - A fix to our early init to ensure the DT is adequately processed
   before reserved memory nodes are processed.

* tag 'riscv-for-linus-6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
  RISC-V: vdso: Do not add missing symbols to version section in linker script
  riscv: fix reserved memory setup
  riscv: vdso: fix build with llvm
  riscv: process: fix kernel info leakage
  riscv: dts: sifive unleashed: Add PWM controlled LEDs
2022-11-11 09:40:19 -08:00
Linus Torvalds 74bd160fd5 s390:
* PCI fix
 
 * PV clock fix
 
 x86:
 
 * Fix clash between PMU MSRs and other MSRs
 
 * Prepare SVM assembly trampoline for 6.2 retbleed mitigation
   and for...
 
 * ... tightening IBRS restore on vmexit, moving it before
   the first RET or indirect branch
 
 * Fix log level for VMSA dump
 
 * Block all page faults during kvm_zap_gfn_range()
 
 Tools:
 
 * kvm_stat: fix incorrect detection of debugfs
 
 * kvm_stat: update vmexit definitions
 -----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmNuVegUHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroOcvgf/aiIi5tyqvIHArlOxyltF8myCmebM
 vEDcyn9d+NNvApzRwIJNHfC8KBMgD2LYxVUuVtbor4A0pFl5P3ut7eypPbA8Veul
 yX4wNdG5dE4JHzaDOUiG3NSUSRTJVO0TyKSCFlndmNnSrPBjGWTwkKurHtL+XO3B
 AcqejhzDWiVZnnO90k7HcBTlVWZ8N1onupaA6zapIl8S3TdDIRi2qs63SnxUzDMf
 cHak8RB7gQgebGIAQ6WPDJAgOyT+OnF8PPUeBjLVqaFmK4JBCoL6A2+qOnzljt+s
 cajfJjFZYna4mNH5WuiXGmU5aKNwAn3+z0f4/3Jxl5ib+BcZ9gPuZeayLQ==
 =jqwO
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull kvm
 "This is a pretty large diffstat for this time of the release. The main
  culprit is a reorganization of the AMD assembly trampoline, allowing
  percpu variables to be accessed early.

  This is needed for the return stack depth tracking retbleed mitigation
  that will be in 6.2, but it also makes it possible to tighten the IBRS
  restore on vmexit. The latter change is a long tail of the
  spectrev2/retbleed patches (the corresponding Intel change was simpler
  and went in already last June), which is why I am including it right
  now instead of sharing a topic branch with tip.

  Being assembly and being rich in comments makes the line count balloon
  a bit, but I am pretty confident in the change (famous last words)
  because the reorganization actually makes everything simpler and more
  understandable than before. It has also had external review and has
  been tested on the aforementioned 6.2 changes, which explode quite
  brutally without the fix.

  Apart from this, things are pretty normal.

  s390:

   - PCI fix

   - PV clock fix

  x86:

   - Fix clash between PMU MSRs and other MSRs

   - Prepare SVM assembly trampoline for 6.2 retbleed mitigation and
     for...

   - ... tightening IBRS restore on vmexit, moving it before the first
     RET or indirect branch

   - Fix log level for VMSA dump

   - Block all page faults during kvm_zap_gfn_range()

  Tools:

   - kvm_stat: fix incorrect detection of debugfs

   - kvm_stat: update vmexit definitions"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: x86/mmu: Block all page faults during kvm_zap_gfn_range()
  KVM: x86/pmu: Limit the maximum number of supported AMD GP counters
  KVM: x86/pmu: Limit the maximum number of supported Intel GP counters
  KVM: x86/pmu: Do not speculatively query Intel GP PMCs that don't exist yet
  KVM: SVM: Only dump VMSA to klog at KERN_DEBUG level
  tools/kvm_stat: update exit reasons for vmx/svm/aarch64/userspace
  tools/kvm_stat: fix incorrect detection of debugfs
  x86, KVM: remove unnecessary argument to x86_virt_spec_ctrl and callers
  KVM: SVM: move MSR_IA32_SPEC_CTRL save/restore to assembly
  KVM: SVM: restore host save area from assembly
  KVM: SVM: move guest vmsave/vmload back to assembly
  KVM: SVM: do not allocate struct svm_cpu_data dynamically
  KVM: SVM: remove dead field from struct svm_cpu_data
  KVM: SVM: remove unused field from struct vcpu_svm
  KVM: SVM: retrieve VMCB from assembly
  KVM: SVM: adjust register allocation for __svm_vcpu_run()
  KVM: SVM: replace regs argument of __svm_vcpu_run() with vcpu_svm
  KVM: x86: use a separate asm-offsets.c file
  KVM: s390: pci: Fix allocation size of aift kzdev elements
  KVM: s390: pv: don't allow userspace to set the clock under PV
2022-11-11 09:32:57 -08:00
Linus Torvalds 5be07b3fb5 hyperv-fixes for v6.1-rc5
-----BEGIN PGP SIGNATURE-----
 
 iQFHBAABCAAxFiEEIbPD0id6easf0xsudhRwX5BBoF4FAmNtZ+UTHHdlaS5saXVA
 a2VybmVsLm9yZwAKCRB2FHBfkEGgXm67B/9qQtQbqYHoV6bJKqiAHgh3ZcS/V7sn
 iYc5egO84YZSTtkbLKeCixYD7i8Ltz+GzC7XgOwkvYKUkjOcs9keomKxhUnGl6jf
 Z7N66r8zBkR5LlkmmqTSMz90EDGz+WYj/4DaIcna70rSYp9aS4qbXr7AEv8CjGGl
 VZzt95L0nDx6VWdiP8NoQyqMwFXwgy2L2D4x4bDVlG7zihwl6f7VBvt4MYrunpjo
 P25ppR+yigAzhtO6LD19jq4MPSqQ2kyv/m5QR1mQvCqELc5ehn3OY70V5vWV7o4e
 y/qtngfowKeP0TynkWp3aScKwDbD5zSMvDf5obMPSvgbJpfXRi4dM0uA
 =SaCF
 -----END PGP SIGNATURE-----

Merge tag 'hyperv-fixes-signed-20221110' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux

Pull hyperv fixes from Wei Liu:

 - Fix TSC MSR write for root partition (Anirudh Rayabharam)

 - Fix definition of vector in pci-hyperv driver (Dexuan Cui)

 - A few other misc patches

* tag 'hyperv-fixes-signed-20221110' of git://git.kernel.org/pub/scm/linux/kernel/git/hyperv/linux:
  PCI: hv: Fix the definition of vector in hv_compose_msi_msg()
  MAINTAINERS: remove sthemmin
  x86/hyperv: fix invalid writes to MSRs during root partition kexec
  clocksource/drivers/hyperv: add data structure for reference TSC MSR
  Drivers: hv: fix repeated words in comments
  x86/hyperv: Remove BUG_ON() for kmap_local_page()
2022-11-11 09:24:03 -08:00
Linus Torvalds 91c77a6ec4 dmaengine fixes for v6.1
Driver fixes for:
  - Pile of at_hdmac driver rework which fixes many long standing issues
    for this driver.
  - couple of stm32 driver fixes for clearing structure and race fix
  - idxd fixes for RO device state and batch size
  - ti driver mem leak fix
  - apple fix for grabbing channels in xlate
  - resource leak fix in mv xor
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE+vs47OPLdNbVcHzyfBQHDyUjg0cFAmNt7eYACgkQfBQHDyUj
 g0dx3A/+NiVgApGZO1nvRCOFeBXSggZIzPYSDqS/ZqaYai63MoIB/em6CR36cYNm
 xztCv/5MfpH8xcztoDBA4TwxcKzHo6/QxvHli3T+gMa0Imz/JSr8wxz2wfMnJStL
 dcdCTQTRtUhdh8rlxAcGD4gWdhoZTrVoNSGQK3MgQC7GrcCET5K6hZB8JWOg9nd+
 gxpZu5a4DirWAWW/MFdtfhfHjff4SDhLpRi+kWknA8UHQb9jlsidqvVjRQNWAy4u
 QGhM4dxXsO+vSFxHcRZoxQjMQHoJ9v65Jh6cvADDpwa3/BbKFnljpCDA775hK2aL
 SLqdUXtV9KeGpMVs6D8tradc2MqFgs+UfbNApZM+NY7UPpV0fQZh4wF8SQcS3lAq
 1SIz5myxp1XLuac+TFR/nSlisdtEB/eVFcJKibJpc+RrEBZKIG0XzcBjTI1TrFz5
 7p//84SE2EKd7MGKVUGZ1gWRG46VYGTsvQQpZ1YDaXdd9JKBl6jzgAPEoLIPEUC/
 Pg60TIDXzM0pNtQUDIp6g4LPf6Q88poL8WxejsN2OS0Kxy+isYsY6S8GZIQB39Tw
 9Q0JuN0AkQv+wSx5GGbVEaosZhoR/Vk8DJiq22H9joTUSVjrMGFlT+/Kw3X+H6gF
 Pi3GcqIJeUbN+UPOMekR+UXS1U36/cB1Dh/ksLyEt3vAbm3U2NQ=
 =UR0f
 -----END PGP SIGNATURE-----

Merge tag 'dmaengine-fix-6.1' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/dmaengine

Pull dmaengine fixes from Vinod Koul:
 "Misc minor driver fixes and a big pile of at_hdmac driver fixes. More
  work on this driver is done and sitting in next:

   - Pile of at_hdmac driver rework which fixes many long standing
     issues for this driver.

   - couple of stm32 driver fixes for clearing structure and race fix

   - idxd fixes for RO device state and batch size

   - ti driver mem leak fix

   - apple fix for grabbing channels in xlate

   - resource leak fix in mv xor"

* tag 'dmaengine-fix-6.1' of git://git.kernel.org/pub/scm/linux/kernel/git/vkoul/dmaengine: (24 commits)
  dmaengine: at_hdmac: Check return code of dma_async_device_register
  dmaengine: at_hdmac: Fix impossible condition
  dmaengine: at_hdmac: Don't allow CPU to reorder channel enable
  dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors
  dmaengine: at_hdmac: Fix descriptor handling when issuing it to hardware
  dmaengine: at_hdmac: Fix concurrency over the active list
  dmaengine: at_hdmac: Free the memset buf without holding the chan lock
  dmaengine: at_hdmac: Fix concurrency over descriptor
  dmaengine: at_hdmac: Fix concurrency problems by removing atc_complete_all()
  dmaengine: at_hdmac: Protect atchan->status with the channel lock
  dmaengine: at_hdmac: Do not call the complete callback on device_terminate_all
  dmaengine: at_hdmac: Fix premature completion of desc in issue_pending
  dmaengine: at_hdmac: Start transfer for cyclic channels in issue_pending
  dmaengine: at_hdmac: Don't start transactions at tx_submit level
  dmaengine: at_hdmac: Fix at_lli struct definition
  dmaengine: stm32-dma: fix potential race between pause and resume
  dmaengine: ti: k3-udma-glue: fix memory leak when register device fail
  dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()
  dmaengine: apple-admac: Fix grabbing of channels in of_xlate
  dmaengine: idxd: fix RO device state error after been disabled/reset
  ...
2022-11-11 09:19:05 -08:00
Linus Torvalds a83e18ccc4 spi: Fixes for v6.1
A relatively large batch of fixes here but all device specific, plus an
 update to MAINTAINERS.  The summary print change to the STM32 driver is
 fixing an issue where the driver could easily end up spamming the logs
 with something that should be a debug message.
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEEreZoqmdXGLWf4p/qJNaLcl1Uh9AFAmNuPWkACgkQJNaLcl1U
 h9BZJQf/Rj3kjTdwjccp+QXTrXQZVMjkXYUuLHbUokO2Mzy+U3mNCkJuvLJjAvSw
 kqFBbJNYIm1jItRoqOkwlnNb0hw+QZAzBivi4DLPZJUwEeT6LxQdlYvepy6bEjCW
 XJpTMFxDDaWkFUftl+tLZFN2VxHaVHEVTJ5aMu2ija0mjG1M5vrYtgVemyJ+v2/o
 0nhXgnRe7Fq2+MqJazVzYs6ZxCvpIiU18a4WLD5BPGTIZhdfE0UXG+QGqWV4toHI
 uZWnV+NWEKNzMGS/QdcHZYQHWlcQBR/g5kPFQFCl2D+aK9CmakHc6Bk99H6tRdLn
 xYHjHafs6BwCG3eBfE/hxD8rsfTNmw==
 =UfdB
 -----END PGP SIGNATURE-----

Merge tag 'spi-fix-v6.1-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi

Pull spi fixes from Mark Brown:
 "A relatively large batch of fixes here but all device specific, plus
  an update to MAINTAINERS.

  The summary print change to the STM32 driver is fixing an issue where
  the driver could easily end up spamming the logs with something that
  should be a debug message"

* tag 'spi-fix-v6.1-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
  spi: amd: Fix SPI_SPD7 value
  spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run
  spi: meson-spicc: fix do_div build error on non-arm64
  spi: intel: Use correct mask for flash and protected regions
  spi: mediatek: Fix package division error
  spi: tegra210-quad: Don't initialise DMA if not supported
  MAINTAINERS: Update HiSilicon SFC Driver maintainer
  spi: meson-spicc: move wait completion in driver to take bursts delay in account
  spi: stm32: Print summary 'callbacks suppressed' message
2022-11-11 09:13:52 -08:00
Linus Torvalds 7c42d6f5e6 MMC host:
- cqhci: Provide helper for resetting both SDHCI and CQHCI
  - sdhci_am654: Fix reset for CQHCI
  - sdhci-brcmstb: Fix reset for CQHCI
  - sdhci-esdhc-imx: Fix reset for CQHCI
  - sdhci-esdhc-imx: Fixup support for MMC_CAP_8_BIT_DATA
  - sdhci-of-arasan: Fix reset for CQHCI
  - sdhci-tegra: Fix reset for CQHCI
 -----BEGIN PGP SIGNATURE-----
 
 iQJLBAABCgA1FiEEugLDXPmKSktSkQsV/iaEJXNYjCkFAmNuPrUXHHVsZi5oYW5z
 c29uQGxpbmFyby5vcmcACgkQ/iaEJXNYjClzKg//c6R96FHYGm087zGLMvx4MRlY
 jdtyQoaEIK7ABzgZ2W1wlW3ZrSRs9PnTUf4bcPA48G12KQMr2LG+9iE3bwAq+wL6
 NHPAMiazVk3qO3nuAMHZq67F9CPJ1teK/RGxpKAu3GIA21mTMdFMsjcrCyLg8ZLd
 KTzsPmogKX3N6gIcskHlVzMp13UQS/twbxvYDYMUEN8Krj5sAp1xqUtmdbn8GP+I
 6nLXM+Faq9eR6JozuOfCvQvoiuWcLlr2fTIzyYXw6FtcGnrsn+weq+Gd/NxMCMVD
 mcdDkWT6ZMSqnoP0VjqNPJdqBypsiH1wNUnZcWDf4j2RVWj7eXqnL5XPYZrpwOG5
 v2lHOsAUUBN3a2coSolf48yAkEUczx+04wtWYQjjEtmCiZvR6CJEAzbM+ZaWIVW8
 HcE7V6vu7IJA/enG2w0WU0lAf+EjGbjAEJO06ffCBw5cbzP+wntMTD+blu2f1SwR
 D2Nd/KYB7hLmCHWjRHdJ6Mvn4EpH64lLK8Pf3aNN/IRCTlgqqY3O7Qarf+9BUdo/
 6fDlwtTL15hTzp7F+kEKUfP95ShK7J4aAY95OQlWlxo0TSOLgwSo5iQP0Iy7vzEU
 ABS4q7ZmWjm44HNv9sodfe/rhYEJyR2U59F+IePHAaLactc2Ka+X14emkyTPHosz
 HLZ7CqmK0PxfBP27VTk=
 =2lk8
 -----END PGP SIGNATURE-----

Merge tag 'mmc-v6.1-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc

Pull MMC fixes from Ulf Hansson:

 - Provide helper for resetting both SDHCI and CQHCI

 - Fix reset for CQHCI (am654, brcmstb, esdhc-imx, of-arasan, tegra)

 - Fixup support for MMC_CAP_8_BIT_DATA (esdhc-imx)

* tag 'mmc-v6.1-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
  mmc: sdhci-esdhc-imx: use the correct host caps for MMC_CAP_8_BIT_DATA
  mmc: sdhci_am654: Fix SDHCI_RESET_ALL for CQHCI
  mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI
  mms: sdhci-esdhc-imx: Fix SDHCI_RESET_ALL for CQHCI
  mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI
  mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI
  mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI
2022-11-11 09:09:04 -08:00
Linus Torvalds 9c730fe104 for-linus-2022111101
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIVAwUAY24cL6Zi849r7WBJAQJ7wg//V0W+bJDu27oJWM5L3eOXx0MEcyxewdX0
 +kNCidfxWXVKDSXwXOm3e6rMX0Co+HN20MeZwAnjq6STVVG0btVhA3jAtl63/lT0
 uXwxNlmb5SyyffNu4IT8pBzNT0Nub6Hd2+ABlekPpTRtZTvEAIMmVN7D0RVw9CX/
 4a7uSZQQNbnjPsVZSS7zBN6dYsKu+iNlTlXs45Q+S/hwhCRRZzeRRd16UNZ4Ra0z
 hAcs0pa5mm6gGkvENh9nKUruaKpvutHc3Tses1MlwTwx0qcsLjKlder53ns8f7zJ
 Pn8BzIHYVUEnveSpA8P78iSQEzNj9w2vIk0cSjAFiNlvnNxiwUZnJ/GeGadERKq9
 mC6ogTjgKJNehLhmCWiAG4qeKYFdmEpSrGvIBjOvfonxra/WV26ZvnojjBKMZTcS
 Sh1+Sbj88K/C4kbPkzG4EjsMrZ4+9kLsxdbUR5hdTZMJzoa6qDxZ5BZNitB4vw94
 PULjS/d3GLZxLEfCpM9freGGjm57/tAu1zKtu/jQOe4+hSv1jxjl864MTLbtNdHH
 IvN9cbj9FYonRYnJS7PnU/EqqHKxf1ITU0TDoO9Yc1cmCsvxdZMia4RuuPmpAuuT
 oxp7IPKud9JCIIod3zIu0KztklB2yRml25Hx5K64pzdg6kL2Z4pI4w12NU0NX7/q
 rKmXWW0hD88=
 =YMm0
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-2022111101' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid

Pull HID fixes from Jiri Kosina:

 - fix for memory leak (on error path) in Hyper-V driver (Yang
   Yingliang)

 - regression fix for handling 3rd barrel switch emulation in Wacom
   driver (Jason Gerecke)

* tag 'for-linus-2022111101' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid:
  HID: wacom: Fix logic used for 3rd barrel switch emulation
  HID: hyperv: fix possible memory leak in mousevsc_probe()
  HID: asus: Remove unused variable in asus_report_tool_width()
2022-11-11 09:03:19 -08:00
Pavel Begunkov 5576035f15 io_uring/poll: lockdep annote io_poll_req_insert_locked
Add a lockdep annotation in io_poll_req_insert_locked().

Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/8115d8e702733754d0aea119e9b5bb63d1eb8b24.1668184658.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2022-11-11 09:59:27 -07:00
Pavel Begunkov 30a33669fa io_uring/poll: fix double poll req->flags races
io_poll_double_prepare()            | io_poll_wake()
                                    | poll->head = NULL
smp_load(&poll->head); /* NULL */   |
flags = req->flags;                 |
                                    | req->flags &= ~SINGLE_POLL;
req->flags = flags | DOUBLE_POLL    |

The idea behind io_poll_double_prepare() is to serialise with the
first poll entry by taking the wq lock. However, it's not safe to assume
that io_poll_wake() is not running when we can't grab the lock and so we
may race modifying req->flags.

Skip double poll setup if that happens. It's ok because the first poll
entry will only be removed when it's definitely completing, e.g.
pollfree or oneshot with a valid mask.

Fixes: 49f1c68e04 ("io_uring: optimise submission side poll_refs")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/b7fab2d502f6121a7d7b199fe4d914a43ca9cdfd.1668184658.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
2022-11-11 09:59:27 -07:00
Linus Torvalds 64b4aef17e sound fixes for 6.1-rc5
Things look calming down, as this contains only a few small fixes.
 
 - Fix for a corner-case bug with SG-buffer page allocation helper
 - A regression fix for Roland USB-audio device probe
 - A potential memory leak fix at the error path
 - Handful quirks and device-specific fixes for HD- and USB-audio
 -----BEGIN PGP SIGNATURE-----
 
 iQJCBAABCAAsFiEEIXTw5fNLNI7mMiVaLtJE4w1nLE8FAmNt/G8OHHRpd2FpQHN1
 c2UuZGUACgkQLtJE4w1nLE+t/Q//bmvq2YLb1RL0T0wIJQGGi3vuigxzx9J+r4ny
 5fNel816R9JVHnimA7J1GbFIj8l63qiUu/dHMOmNDjqdSZ1KLbu8DpAZu4tL+KKo
 XpmiXuFZlepgPGYY10kQG85EiuHriF7z1yKJ8QoP3ELIqBi/m77+qJ4JUk2XlPoT
 4o4FCit9UQwd4xJ4EmUw3N6bPUumb6Uw0as8Qdfrw5P14VB5ev882eW7iQaeMxhd
 S35IdXdqLGHVdPJXq38Wx8cvEyCFhS2SsG0QT5kul1Zg0ld5HSaN3V7rg0uKYcLQ
 +2JfW5wcZwmcYTLpvfdMF/HNWN8RbEoexCUIlWsd7xzlFpB8Z6/EOPGxy2tXIwVb
 rsElYlb9yeKTnyvTe2hRfHIWZH6s6eYqncv+/gpzxIwVBJ9Is8sMm7upxxki5bky
 QPwnjWU3iiyJ7sjA+kU25aTdjdHQawz2ds0GILkoi5EnfcAj1fz4FJ+3l4C+Epsf
 SL+OhcWxDeTggpK3p4lbJIIRY4k38VYXRXjE4gaYn7wdLlXS3SMQgFa6lU6uU286
 m4OU/6clOctbBtkX41bicZcG7RzLyb/ns8W0hIhxaJA/QQP/7Jg03PebYe0fyQhu
 wfMoeqnTHJaRfAOo8K7sEdmffHEJMifUzwNn7NoSxVsvPLWx/HvivdMx0hzGUgai
 eTqQcEg=
 =vmwO
 -----END PGP SIGNATURE-----

Merge tag 'sound-6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

Pull sound fixes from Takashi Iwai:
 "Things look calming down, as this contains only a few small fixes:

   - Fix for a corner-case bug with SG-buffer page allocation helper

   - A regression fix for Roland USB-audio device probe

   - A potential memory leak fix at the error path

   - Handful quirks and device-specific fixes for HD- and USB-audio"

* tag 'sound-6.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ALSA: hda: fix potential memleak in 'add_widget_node'
  ALSA: memalloc: Don't fall back for SG-buffer with IOMMU
  ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue
  ALSA: hda/realtek: Add Positivo C6300 model quirk
  ALSA: usb-audio: Add DSD support for Accuphase DAC-60
  ALSA: usb-audio: Add quirk entry for M-Audio Micro
  ALSA: hda/hdmi - enable runtime pm for more AMD display audio
  ALSA: usb-audio: Remove redundant workaround for Roland quirk
  ALSA: usb-audio: Yet more regression for for the delayed card registration
  ALSA: hda/ca0132: add quirk for EVGA Z390 DARK
  ALSA: hda: clarify comments on SCF changes
  ALSA: arm: pxa: pxa2xx-ac97-lib: fix return value check of platform_get_irq()
  ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41
2022-11-11 08:58:43 -08:00
Linus Torvalds fd979ca691 drm fixes for 6.1-rc5
amdgpu:
 - Fix s/r in amdgpu_vram_mgr_new
 - SMU 13.0.4 update
 - GPUVM TLB race fix
 - DCN 3.1.4 fixes
 - DCN 3.2.x fixes
 - Vega10 fan fix
 - BACO fix for Beige Goby board
 - PSR fix
 - GPU VM PT locking fixes
 
 amdkfd:
 - CRIU fixes
 
 vc4:
 - HDMI fixes to vc4.
 
 panfrost:
 - Make panfrost's uapi header compile with C++.
 - Handle 1 gb boundary correctly in panfrost mmu code.
 
 panel:
 - Add rotation quirks for 2 panels.
 
 rcar-du:
 - DSI Kconfig fix
 
 i915:
 - Fix sg_table handling in map_dma_buf
 - Send PSR update also on invalidate
 - Do not set cache_dirty for DGFX
 - Restore userptr probe_range behaviour
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEEKbZHaGwW9KfbeusDHTzWXnEhr4FAmNtrMsACgkQDHTzWXnE
 hr5EaRAApbJSzuhittt3I3WJ/w92+oyAmFo+gDuZ+IhXPNJm3QJ9pI92lWjKCi95
 15Y+h6ao+it/6o6f3MbuKlgb+STTNztMDDutLl1W4K0vLCO7HBH/8YEt8JZFjHz0
 l9TWmE/6fnHhLqBqdEtIn14kRaCrn9ALVsyKVhRMf5FIL4TamuTufLmY+SHvlVr7
 bduqzxzlEys6DP0KBhgklRXCdARkPuj8OEoRgyuDcjHELz02Y/XBv2n4VyiUe61f
 cs0iLxkzFm8s3CkZ4FAGhUFzNujQAeGHrdU37vbT0zL7OLLXap5EqSx6Iexm13Wv
 x55/rKarbpSUqxCBYzEMqytxk9OBCDSer7YP/Z/7MgEmcdReW5JDFqTTsL97rpJr
 AMegpz4jDmPSL0xRXlDqEpkCuvuVKOgZUpIacLg4kIdIN6/m+cK3LErWlGHJTlsx
 q4Qt4qB58esZLN66cMlbr1zkk47O+FUzoWiz3OkZmegysmVz9FOFyN6wHR33rkE8
 rmzjl7s0BKbxq34raGMwPtzEzvT9KaDZraHaVsZ11ucMiMAPUJHjIpgEc3hsSMSB
 rPOJUfTv8V+LMosiGEJWTGHXrrX69S01iLqHvwtC2ndLl+ZWpNtQ5lffV+mF4RA4
 fC4rfb+f3vnLEHVCsaRsF11Z5w0q+JgK6pb0PiLcRYAjZR6gtIg=
 =vcrG
 -----END PGP SIGNATURE-----

Merge tag 'drm-fixes-2022-11-11' of git://anongit.freedesktop.org/drm/drm

Pull drm fixes from Dave Airlie:
 "Weekly pull request for graphics, mostly amdgpu and i915, with a
  couple of fixes for vc4 and panfrost, panel quirks and a kconfig
  change for rcar-du. Nothing seems to be too strange at this stage.

  amdgpu:
   - Fix s/r in amdgpu_vram_mgr_new
   - SMU 13.0.4 update
   - GPUVM TLB race fix
   - DCN 3.1.4 fixes
   - DCN 3.2.x fixes
   - Vega10 fan fix
   - BACO fix for Beige Goby board
   - PSR fix
   - GPU VM PT locking fixes

  amdkfd:
   - CRIU fixes

  vc4:
   - HDMI fixes to vc4.

  panfrost:
   - Make panfrost's uapi header compile with C++.
   - Handle 1 gb boundary correctly in panfrost mmu code.

  panel:
   - Add rotation quirks for 2 panels.

  rcar-du:
   - DSI Kconfig fix

  i915:
   - Fix sg_table handling in map_dma_buf
   - Send PSR update also on invalidate
   - Do not set cache_dirty for DGFX
   - Restore userptr probe_range behaviour"

* tag 'drm-fixes-2022-11-11' of git://anongit.freedesktop.org/drm/drm: (29 commits)
  drm/amd/display: only fill dirty rectangles when PSR is enabled
  drm/amdgpu: disable BACO on special BEIGE_GOBY card
  drm/amdgpu: Drop eviction lock when allocating PT BO
  drm/amdgpu: Unlock bo_list_mutex after error handling
  Revert "drm/amdgpu: Revert "drm/amdgpu: getting fan speed pwm for vega10 properly""
  drm/amd/display: Enforce minimum prefetch time for low memclk on DCN32
  drm/amd/display: Fix gpio port mapping issue
  drm/amd/display: Fix reg timeout in enc314_enable_fifo
  drm/amd/display: Fix FCLK deviation and tool compile issues
  drm/amd/display: Zeromem mypipe heap struct before using it
  drm/amd/display: Update SR watermarks for DCN314
  drm/amdgpu: workaround for TLB seq race
  drm/amdkfd: Fix error handling in criu_checkpoint
  drm/amdkfd: Fix error handling in kfd_criu_restore_events
  drm/amd/pm: update SMU IP v13.0.4 msg interface header
  drm: rcar-du: Fix Kconfig dependency between RCAR_DU and RCAR_MIPI_DSI
  drm/panfrost: Split io-pgtable requests properly
  drm/amdgpu: Fix the lpfn checking condition in drm buddy
  drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017)
  drm: panel-orientation-quirks: Add quirk for Nanote UMPC-01
  ...
2022-11-11 08:50:36 -08:00
Jason A. Donenfeld 648060902a MIPS: pic32: treat port as signed integer
get_port_from_cmdline() returns an int, yet is assigned to a char, which
is wrong in its own right, but also, with char becoming unsigned, this
poses problems, because -1 is used as an error value. Further
complicating things, fw_init_early_console() is only ever called with a
-1 argument. Fix this up by removing the unused argument from
fw_init_early_console() and treating port as a proper signed integer.

Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
2022-11-11 15:53:58 +01:00
Jiaxun Yang 64ac0befe7 MIPS: jump_label: Fix compat branch range check
Cast upper bound of branch range to long to do signed compare,
avoid negative offset trigger this warning.

Fixes: 9b6584e35f ("MIPS: jump_label: Use compact branches for >= r6")
Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Cc: stable@vger.kernel.org
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
2022-11-11 15:46:03 +01:00
Linus Walleij 2a29615785 mips: alchemy: gpio: Include the right header
The local GPIO driver in the MIPS Alchemy is including the legacy
<linux/gpio.h> header but what it wants is to implement a GPIO
driver so include <linux/gpio/driver.h> instead.

Cc: Bartosz Golaszewski <brgl@bgdev.pl>
Cc: linux-gpio@vger.kernel.org
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
2022-11-11 15:45:37 +01:00
Liao Chang fa706927f4 MIPS: Loongson64: Add WARN_ON on kexec related kmalloc failed
Add WARN_ON on kexec related kmalloc failed, avoid to pass NULL pointer
to following memcpy and loongson_kexec_prepare.

Fixes: 6ce48897ce ("MIPS: Loongson64: Add kexec/kdump support")
Signed-off-by: Liao Chang <liaochang1@huawei.com>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
2022-11-11 15:45:06 +01:00
Rongwei Zhang 612d80784f MIPS: fix duplicate definitions for exported symbols
Building with clang-14 fails with:

AS      arch/mips/kernel/relocate_kernel.o
<unknown>:0: error: symbol 'kexec_args' is already defined
<unknown>:0: error: symbol 'secondary_kexec_args' is already defined
<unknown>:0: error: symbol 'kexec_start_address' is already defined
<unknown>:0: error: symbol 'kexec_indirection_page' is already defined
<unknown>:0: error: symbol 'relocate_new_kernel_size' is already defined

It turns out EXPORT defined in asm/asm.h expands to a symbol definition,
so there is no need to define these symbols again. Remove duplicated
symbol definitions.

Fixes: 7aa1c8f47e ("MIPS: kdump: Add support")
Signed-off-by: Rongwei Zhang <pudh4418@gmail.com>
Reviewed-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
2022-11-11 15:44:44 +01:00
John Thomson 62776e4378 mips: boot/compressed: use __NO_FORTIFY
In the mips CONFIG_SYS_SUPPORTS_ZBOOT kernel, fix the compile error
when using CONFIG_FORTIFY_SOURCE=y

LD      vmlinuz
mipsel-openwrt-linux-musl-ld: arch/mips/boot/compressed/decompress.o: in
function `decompress_kernel':
./include/linux/decompress/mm.h:(.text.decompress_kernel+0x177c):
undefined reference to `warn_slowpath_fmt'

kernel test robot helped identify this as related to fortify. The error
appeared with commit 54d9469bc5 ("fortify: Add run-time WARN for
cross-field memcpy()")
Link: https://lore.kernel.org/r/202209161144.x9xSqNQZ-lkp@intel.com/

Resolve this in the same style as commit cfecea6ead ("lib/string:
Move helper functions out of string.c")

Reported-by: kernel test robot <lkp@intel.com>
Fixes: 54d9469bc5 ("fortify: Add run-time WARN for cross-field memcpy()")
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
2022-11-11 15:43:26 +01:00
Sean Christopherson 6d3085e4d8 KVM: x86/mmu: Block all page faults during kvm_zap_gfn_range()
When zapping a GFN range, pass 0 => ALL_ONES for the to-be-invalidated
range to effectively block all page faults while the zap is in-progress.
The invalidation helpers take a host virtual address, whereas zapping a
GFN obviously provides a guest physical address and with the wrong unit
of measurement (frame vs. byte).

Alternatively, KVM could walk all memslots to get the associated HVAs,
but thanks to SMM, that would require multiple lookups.  And practically
speaking, kvm_zap_gfn_range() usage is quite rare and not a hot path,
e.g. MTRR and CR0.CD are almost guaranteed to be done only on vCPU0
during boot, and APICv inhibits are similarly infrequent operations.

Fixes: edb298c663 ("KVM: x86/mmu: bump mmu notifier count in kvm_zap_gfn_range")
Reported-by: Chao Peng <chao.p.peng@linux.intel.com>
Cc: stable@vger.kernel.org
Cc: Maxim Levitsky <mlevitsk@redhat.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20221111001841.2412598-1-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-11-11 07:19:46 -05:00
Yang Yingliang 1ff3635130 ata: libata-transport: fix error handling in ata_tdev_add()
In ata_tdev_add(), the return value of transport_add_device() is
not checked. As a result, it causes null-ptr-deref while removing
the module, because transport_remove_device() is called to remove
the device that was not added.

Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0
CPU: 13 PID: 13603 Comm: rmmod Kdump: loaded Tainted: G        W          6.1.0-rc3+ #36
pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : device_del+0x48/0x3a0
lr : device_del+0x44/0x3a0
Call trace:
 device_del+0x48/0x3a0
 attribute_container_class_device_del+0x28/0x40
 transport_remove_classdev+0x60/0x7c
 attribute_container_device_trigger+0x118/0x120
 transport_remove_device+0x20/0x30
 ata_tdev_delete+0x24/0x50 [libata]
 ata_tlink_delete+0x40/0xa0 [libata]
 ata_tport_delete+0x2c/0x60 [libata]
 ata_port_detach+0x148/0x1b0 [libata]
 ata_pci_remove_one+0x50/0x80 [libata]
 ahci_remove_one+0x4c/0x8c [ahci]

Fix this by checking and handling return value of transport_add_device()
in ata_tdev_add(). In the error path, device_del() is called to delete
the device which was added earlier in this function, and ata_tdev_free()
is called to free ata_dev.

Fixes: d9027470b8 ("[libata] Add ATA transport class")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
2022-11-11 17:26:05 +09:00
Yang Yingliang cf0816f632 ata: libata-transport: fix error handling in ata_tlink_add()
In ata_tlink_add(), the return value of transport_add_device() is
not checked. As a result, it causes null-ptr-deref while removing
the module, because transport_remove_device() is called to remove
the device that was not added.

Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0
CPU: 33 PID: 13850 Comm: rmmod Kdump: loaded Tainted: G        W          6.1.0-rc3+ #12
pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : device_del+0x48/0x39c
lr : device_del+0x44/0x39c
Call trace:
 device_del+0x48/0x39c
 attribute_container_class_device_del+0x28/0x40
 transport_remove_classdev+0x60/0x7c
 attribute_container_device_trigger+0x118/0x120
 transport_remove_device+0x20/0x30
 ata_tlink_delete+0x88/0xb0 [libata]
 ata_tport_delete+0x2c/0x60 [libata]
 ata_port_detach+0x148/0x1b0 [libata]
 ata_pci_remove_one+0x50/0x80 [libata]
 ahci_remove_one+0x4c/0x8c [ahci]

Fix this by checking and handling return value of transport_add_device()
in ata_tlink_add().

Fixes: d9027470b8 ("[libata] Add ATA transport class")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Damien Le Moal <damien.lemoal@opensource.wdc.com>
2022-11-11 17:26:03 +09:00