Evolution-X-Devices/kernel_google_b1c1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bka
kernel_google_b1c1/kernel/trace/trace_uprobe.c
Michael Bestas 43cdebbc57 Merge remote-tracking branch 'common/android-4.9-q' into android-msm-pixel-4.9 
* common/android-4.9-q:
  Linux 4.9.312
  block/compat_ioctl: fix range check in BLKGETSIZE
  ext4: force overhead calculation if the s_overhead_cluster makes no sense
  ext4: fix overhead calculation to account for the reserved gdt blocks
  ext4: limit length to bitmap_maxbytes - blocksize in punch_hole
  ARC: entry: fix syscall_trace_exit argument
  e1000e: Fix possible overflow in LTR decoding
  ASoC: soc-dapm: fix two incorrect uses of list iterator
  openvswitch: fix OOB access in reserve_sfa_size()
  dma: at_xdmac: fix a missing check on list iterator
  ata: pata_marvell: Check the 'bmdma_addr' beforing reading
  drm/msm/mdp5: check the return of kzalloc()
  brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant
  cifs: Check the IOCB_DIRECT flag, not O_DIRECT
  vxlan: fix error return code in vxlan_fdb_append
  ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant
  platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative
  ARM: vexpress/spc: Avoid negative array index when !SMP
  netlink: reset network and mac headers in netlink_dump()
  net/packet: fix packet_sock xmit return value checking
  dmaengine: imx-sdma: Fix error checking in sdma_event_remap
  ALSA: usb-audio: Clear MIDI port active flag after draining
  gfs2: assign rgrp glock before compute_bitstructs
  mm: page_alloc: fix building error on -Werror=array-compare
  etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead
  Linux 4.9.311
  gcc-plugins: latent_entropy: use /dev/urandom
  i2c: pasemi: Wait for write xfers to finish
  smp: Fix offline cpu check in flush_smp_call_function_queue()
  ARM: davinci: da850-evm: Avoid NULL pointer dereference
  ALSA: pcm: Test for "silence" field in struct "pcm_format_data"
  mm: kmemleak: take a full lowmem check in kmemleak_*_phys()
  mm, page_alloc: fix build_zonerefs_node()
  drivers: net: slip: fix NPD bug in sl_tx_timeout()
  scsi: mvsas: Add PCI ID of RocketRaid 2640
  gpu: ipu-v3: Fix dev_dbg frequency output
  net: micrel: fix KS8851_MLL Kconfig
  scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024
  drm/amdkfd: Check for potential null return of kmalloc_array()
  cifs: potential buffer overflow in handling symlinks
  nfc: nci: add flush_workqueue to prevent uaf
  net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link
  veth: Ensure eth header is in skb's linear part
  xfrm: policy: match with both mark and mask on user interfaces
  arm64: module: remove (NOLOAD) from linker script
  mm: don't skip swap entry even if zap_details specified
  dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error"
  tools build: Use $(shell ) instead of `` to get embedded libperl's ccopts
  arm64: patch_text: Fixup last cpu should be master
  x86/speculation: Restore speculation related MSRs during S3 resume
  x86/pm: Save the MSR validity status at context setup
  mm/mempolicy: fix mpol_new leak in shared_policy_replace
  mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0)
  drbd: Fix five use after free bugs in get_initial_state
  drm/imx: Fix memory leak in imx_pd_connector_get_modes
  net: stmmac: Fix unset max_speed difference between DT and non-DT platforms
  scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one()
  mm: fix race between MADV_FREE reclaim and blkdev direct IO read
  jfs: prevent NULL deref in diFree
  virtio_console: eliminate anonymous module_init & module_exit
  serial: samsung_tty: do not unlock port->lock for uart_write_wakeup()
  SUNRPC/call_alloc: async tasks mustn't block waiting for memory
  w1: w1_therm: fixes w1_seq for ds28ea00 sensors
  init/main.c: return 1 from handled __setup() functions
  Bluetooth: Fix use after free in hci_send_acl
  xtensa: fix DTC warning unit_address_format
  usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm
  scsi: libfc: Fix use after free in fc_exch_abts_resp()
  MIPS: fix fortify panic when copying asm exception handlers
  bnxt_en: Eliminate unintended link toggle during FW reset
  scsi: aha152x: Fix aha152x_setup() __setup handler return value
  scsi: pm8001: Fix pm8001_mpi_task_abort_resp()
  dm ioctl: prevent potential spectre v1 gadget
  iommu/arm-smmu-v3: fix event handling soft lockup
  scsi: bfa: Replace snprintf() with sysfs_emit()
  scsi: mvsas: Replace snprintf() with sysfs_emit()
  powerpc: dts: t104xrdb: fix phy type for FMAN 4/5
  ptp: replace snprintf with sysfs_emit
  ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111
  KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs
  ARM: 9187/1: JIVE: fix return value of __setup handler
  rtc: wm8350: Handle error for wm8350_register_irq
  KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated
  openvswitch: Fixed nd target mask field in the flow dump.
  ARM: dts: spear13xx: Update SPI dma properties
  ARM: dts: spear1340: Update serial node properties
  ASoC: topology: Allow TLV control to be either read or write
  ubi: fastmap: Return error code if memory allocation fails in add_aeb()
  mm/memcontrol: return 1 from cgroup.memory __setup() handler
  mm/mmap: return 1 from stack_guard_gap __setup() handler
  ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
  pinctrl: pinconf-generic: Print arguments for bias-pull-*
  gfs2: Make sure FITRIM minlen is rounded up to fs block size
  ubifs: setflags: Make dirtied_ino_d 8 bytes aligned
  ubifs: Add missing iput if do_tmpfile() failed in rename whiteout
  KVM: Prevent module exit until all VMs are freed
  scsi: qla2xxx: Fix incorrect reporting of task management failure
  mmc: host: Return an error when ->enable_sdio_irq() ops is missing
  media: hdpvr: initialize dev->worker at hdpvr_register_videodev
  video: fbdev: sm712fb: Fix crash in smtcfb_write()
  ARM: mmp: Fix failure to remove sram device
  ARM: tegra: tamonten: Fix I2C3 pad setting
  media: cx88-mpeg: clear interrupt status register before streaming video
  ASoC: soc-core: skip zero num_dai component in searching dai name
  video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf()
  video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf()
  ARM: dts: bcm2837: Add the missing L1/L2 cache information
  ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960
  video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit
  video: fbdev: cirrusfb: check pixclock to avoid divide by zero
  video: fbdev: w100fb: Reset global state
  video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow
  ntfs: add sanity check on allocation size
  ext4: don't BUG if someone dirty pages without asking ext4 first
  spi: tegra20: Use of_device_get_match_data()
  PM: core: keep irq flags in device_pm_check_callbacks()
  ACPI/APEI: Limit printable size of BERT table data
  ACPICA: Avoid walking the ACPI Namespace if it is not there
  irqchip/nvic: Release nvic_base upon failure
  Fix incorrect type in assignment of ipv6 port for audit
  loop: use sysfs_emit() in the sysfs xxx show()
  selinux: use correct type for context length
  net/x25: Fix null-ptr-deref caused by x25_disconnect
  qlcnic: dcb: default to returning -EOPNOTSUPP
  net: phy: broadcom: Fix brcm_fet_config_init()
  netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options
  jfs: fix divide error in dbNextAG
  kgdbts: fix return value of __setup handler
  kgdboc: fix return value of __setup handler
  tty: hvc: fix return value of __setup handler
  pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe
  pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe
  pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init
  NFS: remove unneeded check in decode_devicenotify_args()
  clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver
  clk: clps711x: Terminate clk_div_table with sentinel element
  clk: loongson1: Terminate clk_div_table with sentinel element
  remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region
  clk: qcom: clk-rcg2: Update the frac table for pixel clock
  iio: adc: Add check for devm_request_threaded_irq
  pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add()
  mxser: fix xmit_buf leak in activate when LSR == 0xff
  mfd: asic3: Add missing iounmap() on error asic3_mfd_probe
  i2c: mux: demux-pinctrl: do not deactivate a master that is not active
  af_netlink: Fix shift out of bounds in group mask calculation
  USB: storage: ums-realtek: fix error code in rts51x_read_mem()
  MIPS: RB532: fix return value of __setup handler
  mfd: mc13xxx: Add check for mc13xxx_irq_request
  powerpc/sysdev: fix incorrect use to determine if list is empty
  power: supply: wm8350-power: Add missing free in free_charger_irq
  power: supply: wm8350-power: Handle error for wm8350_register_irq
  i2c: xiic: Make bus names unique
  KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor()
  KVM: x86: Fix emulation in writing cr8
  drm/tegra: Fix reference leak in tegra_dsi_ganged_probe
  ext2: correct max file size computing
  TOMOYO: fix __setup handlers return values
  scsi: pm8001: Fix abort all task initialization
  scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config()
  scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req()
  scsi: pm8001: Fix command initialization in pm80XX_send_read_log()
  iwlwifi: Fix -EIO error code that is never returned
  HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports
  power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init
  ray_cs: Check ioremap return value
  ath9k_htc: fix uninit value bugs
  drm/edid: Don't clear formats if using deep color
  mtd: onenand: Check for error irq
  ASoC: imx-es8328: Fix error return code in imx_es8328_probe()
  ASoC: mxs: Fix error handling in mxs_sgtl5000_probe
  ASoC: dmaengine: do not use a NULL prepare_slave_config() callback
  video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of
  ASoC: fsi: Add check for clk_enable
  ASoC: wm8350: Handle error for wm8350_register_irq
  ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe
  ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction
  memory: emif: check the pointer temp in get_device_details()
  memory: emif: Add check for setup_interrupts
  ASoC: atmel_ssc_dai: Handle errors for clk_enable
  ASoC: mxs-saif: Handle errors for clk_enable
  printk: fix return value of printk.devkmsg __setup handler
  arm64: dts: broadcom: Fix sata nodename
  arm64: dts: ns2: Fix spi-cpol and spi-cpha property
  ALSA: spi: Add check for clk_enable()
  ASoC: ti: davinci-i2s: Add check for clk_enable()
  media: usb: go7007: s2250-board: fix leak in probe()
  soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe
  ARM: dts: qcom: ipq4019: fix sleep clock
  video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name()
  video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()
  perf/x86/intel/pt: Fix address filter config for 32-bit kernel
  perf/core: Fix address filter parser for multiple filters
  sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa
  clocksource: acpi_pm: fix return value of __setup handler
  hwmon: (pmbus) Add Vin unit off handling
  crypto: ccp - ccp_dmaengine_unregister release dma channels
  crypto: vmx - add missing dependencies
  PM: suspend: fix return value of __setup handler
  PM: hibernate: fix __setup handler error handling
  hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING
  hwmon: (pmbus) Add mutex to regulator ops
  selftests/x86: Add validity check and allow field splitting
  spi: tegra114: Add missing IRQ check in tegra_spi_probe
  crypto: mxs-dcp - Fix scatterlist processing
  crypto: authenc - Fix sleep in atomic context in decrypt_tail
  PCI: pciehp: Clear cmd_busy bit in polling mode
  brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio
  brcmfmac: firmware: Allocate space for default boardrev in nvram
  media: davinci: vpif: fix unbalanced runtime PM get
  DEC: Limit PMAX memory probing to R3k systems
  lib/raid6/test: fix multiple definition linking error
  thermal: int340x: Increase bitmap size
  carl9170: fix missing bit-wise or operator for tx_params
  ARM: dts: exynos: add missing HDMI supplies on SMDK5420
  ARM: dts: exynos: add missing HDMI supplies on SMDK5250
  ARM: dts: exynos: fix UART3 pins configuration in Exynos5250
  video: fbdev: atari: Atari 2 bpp (STe) palette bugfix
  video: fbdev: sm712fb: Fix crash in smtcfb_read()
  drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
  ALSA: cs4236: fix an incorrect NULL check on list iterator
  Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads"
  scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands
  mempolicy: mbind_range() set_policy() after vma_merge()
  mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node
  jffs2: fix memory leak in jffs2_scan_medium
  jffs2: fix memory leak in jffs2_do_mount_fs
  jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
  can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path
  NFSD: prevent underflow in nfssvc_decode_writeargs()
  SUNRPC: avoid race between mod_timer() and del_timer_sync()
  ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE
  clk: uniphier: Fix fixed-rate initialization
  iio: inkern: make a best effort on offset calculation
  iio: inkern: apply consumer scale on IIO_VAL_INT cases
  coresight: Fix TRCCONFIGR.QE sysfs interface
  USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c
  virtio-blk: Use blk_validate_block_size() to validate block size
  block: Add a helper to validate the block size
  af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register
  ethernet: sun: Free the coherent when failing in probing
  virtio_console: break out of buf poll on remove
  netdevice: add the case if dev is NULL
  USB: serial: simple: add Nokia phone driver
  USB: serial: pl2303: add IBM device IDs
  Linux 4.9.310
  arm64: Use the clearbhb instruction in mitigations
  arm64: add ID_AA64ISAR2_EL1 sys register
  KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated
  arm64: Mitigate spectre style branch history side channels
  KVM: arm64: Add templates for BHB mitigation sequences
  arm64: Add percpu vectors for EL1
  arm64: entry: Add macro for reading symbol addresses from the trampoline
  arm64: entry: Add vectors that have the bhb mitigation sequences
  arm64: Move arm64_update_smccc_conduit() out of SSBD ifdef
  arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations
  arm64: entry: Allow the trampoline text to occupy multiple pages
  arm64: entry: Make the kpti trampoline's kpti sequence optional
  arm64: entry: Move trampoline macros out of ifdef'd section
  arm64: entry: Don't assume tramp_vectors is the start of the vectors
  arm64: entry: Allow tramp_alias to access symbols after the 4K boundary
  arm64: entry: Move the trampoline data page before the text page
  arm64: entry: Free up another register on kpti's tramp_exit path
  arm64: entry: Make the trampoline cleanup optional
  arm64: entry.S: Add ventry overflow sanity checks
  arm64: Add helper to decode register from instruction
  arm64: Add Cortex-X2 CPU part definition
  arm64: Add Neoverse-N2, Cortex-A710 CPU part definition
  arm64: Add part number for Arm Cortex-A77
  arm64: Add part number for Neoverse N1
  arm64: Make ARM64_ERRATUM_1188873 depend on COMPAT
  arm64: Add silicon-errata.txt entry for ARM erratum 1188873
  arm64: arch_timer: avoid unused function warning
  arm64: arch_timer: Add workaround for ARM erratum 1188873
  arm64: arch_timer: Add erratum handler for CPU-specific capability
  arm64: arch_timer: Add infrastructure for multiple erratum detection methods
  clocksource/drivers/arm_arch_timer: Introduce generic errata handling infrastructure
  clocksource/drivers/arm_arch_timer: Remove fsl-a008585 parameter
  arm64: capabilities: Add support for checks based on a list of MIDRs
  arm64: Add helpers for checking CPU MIDR against a range
  arm64: capabilities: Clean up midr range helpers
  arm64: capabilities: Add flags to handle the conflicts on late CPU
  arm64: capabilities: Prepare for fine grained capabilities
  arm64: capabilities: Move errata processing code
  arm64: capabilities: Move errata work around check on boot CPU
  arm64: capabilities: Update prototype for enable call back
  arm64: Add MIDR encoding for Arm Cortex-A55 and Cortex-A35
  arm64: Remove useless UAO IPI and describe how this gets enabled
  arm64: errata: Provide macro for major and minor cpu revisions
  Linux 4.9.309
  llc: only change llc->dev when bind() succeeds
  mac80211: fix potential double free on mesh join
  crypto: qat - disable registration of algorithms
  ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU
  ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3
  ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board
  netfilter: nf_tables: initialize registers in nft_do_chain()
  ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec
  ALSA: cmipci: Restore aux vol on suspend/resume
  ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB
  ALSA: pcm: Add stream lock during PCM reset ioctl operations
  llc: fix netdevice reference leaks in llc_ui_bind()
  staging: fbtft: fb_st7789v: reset display before initialization
  net: ipv6: fix skb_over_panic in __ip6_append_data
  nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
  Linux 4.9.308
  Input: aiptek - properly check endpoint type
  usb: gadget: Fix use-after-free bug by not setting udc->dev.driver
  usb: gadget: rndis: prevent integer overflow in rndis_set_response()
  atm: eni: Add check for dma_map_single
  net/packet: fix slab-out-of-bounds access in packet_recvmsg()
  fs: sysfs_emit: Remove PAGE_SIZE alignment check
  kselftest/vm: fix tests build with old libc
  sfc: extend the locking on mcdi->seqno
  tcp: make tcp_read_sock() more robust
  nl80211: Update bss channel on channel switch for P2P_CLIENT
  atm: firestream: check the return value of ioremap() in fs_init()
  can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready
  ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE
  MIPS: smp: fill in sibling and core maps earlier
  ARM: dts: rockchip: fix a typo on rk3288 crypto-controller
  xfrm: Fix xfrm migrate issues when address family changes
  Linux 4.9.307
  btrfs: unlock newly allocated extent buffer after error
  ARM: fix Thumb2 regression with Spectre BHB
  batman-adv: Don't expect inter-netns unique iflink indices
  batman-adv: Request iflink once in batadv-on-batadv check
  staging: gdm724x: fix use after free in gdm_lte_rx()
  ARM: Spectre-BHB: provide empty stub for non-config
  selftests/memfd: clean up mapping in mfd_fail_write
  tracing: Ensure trace buffer is at least 4096 bytes large
  Revert "xen-netback: Check for hotplug-status existence before watching"
  net-sysfs: add check for netdevice being present to speed_show
  sctp: fix kernel-infoleak for SCTP sockets
  gpio: ts4900: Do not set DAT and OE together
  NFC: port100: fix use-after-free in port100_send_complete
  net/mlx5: Fix size field in bufferx_reg struct
  ax25: Fix NULL pointer dereference in ax25_kill_by_device
  net: ethernet: lpc_eth: Handle error for clk_enable
  ethernet: Fix error handling in xemaclite_of_probe
  qed: return status of qed_iov_get_link
  net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare()
  Linux 4.9.306
  xen/netfront: react properly to failing gnttab_end_foreign_access_ref()
  xen/gnttab: fix gnttab_end_foreign_access() without page specified
  xen: remove gnttab_query_foreign_access()
  xen/gntalloc: don't use gnttab_query_foreign_access()
  xen/scsifront: don't use gnttab_query_foreign_access() for mapped status
  xen/netfront: don't use gnttab_query_foreign_access() for mapped status
  xen/blkfront: don't use gnttab_query_foreign_access() for mapped status
  xen/grant-table: add gnttab_try_end_foreign_access()
  xen/xenbus: don't let xenbus_grant_ring() remove grants in error case
  ARM: fix build warning in proc-v7-bugs.c
  x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE
  x86/build: Fix compiler support check for CONFIG_RETPOLINE
  ARM: Do not use NOCROSSREFS directive with ld.lld
  ARM: fix co-processor register typo
  ARM: fix build error when BPF_SYSCALL is disabled
  ARM: include unprivileged BPF status in Spectre V2 reporting
  ARM: Spectre-BHB workaround
  ARM: use LOADADDR() to get load address of sections
  ARM: early traps initialisation
  ARM: report Spectre v2 status through sysfs
  arm/arm64: smccc/psci: add arm_smccc_1_1_get_conduit()
  arm/arm64: Provide a wrapper for SMCCC 1.1 calls
  x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT
  x86/speculation: Warn about Spectre v2 LFENCE mitigation
  x86/speculation: Update link to AMD speculation whitepaper
  x86/speculation: Use generic retpoline by default on AMD
  x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting
  Documentation/hw-vuln: Update spectre doc
  x86/speculation: Add eIBRS + Retpoline options
  x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
  x86,bugs: Unconditionally allow spectre_v2=retpoline,amd
  x86/speculation: Merge one test in spectre_v2_user_select_mitigation()
  Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization
  Documentation: Add swapgs description to the Spectre v1 documentation
  Documentation: Add section about CPU vulnerabilities for Spectre
  x86/retpoline: Remove minimal retpoline support
  x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support
  x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC variant
  Linux 4.9.305
  hamradio: fix macro redefine warning
  net: dcb: disable softirqs in dcbnl_flush_dev()
  memfd: fix F_SEAL_WRITE after shmem huge page allocated
  HID: add mapping for KEY_ALL_APPLICATIONS
  Input: elan_i2c - fix regulator enable count imbalance after suspend/resume
  Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power()
  net: chelsio: cxgb3: check the return value of pci_find_capability()
  soc: fsl: qe: Check of ioremap return value
  ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions
  can: gs_usb: change active_channels's type from atomic_t to u8
  efivars: Respect "block" flag in efivar_entry_set_safe()
  net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()
  net: sxgbe: fix return value of __setup handler
  net: stmmac: fix return value of __setup handler
  mac80211: fix forwarded mesh frames AC & queue selection
  firmware: qemu_fw_cfg: fix kobject leak in probe error path
  firmware: Fix a reference count leak.
  net: dcb: flush lingering app table entries for unregistered devices
  netfilter: nf_queue: fix possible use-after-free
  netfilter: nf_queue: don't assume sk is full socket
  xfrm: fix MTU regression
  ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min
  ata: pata_hpt37x: fix PCI clock detection
  usb: gadget: clear related members when goto fail
  usb: gadget: don't release an existing dev->buf
  net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
  i2c: qup: allow COMPILE_TEST
  dmaengine: shdma: Fix runtime PM imbalance on error
  cifs: fix double free race when mount fails in cifs_get_root()
  Input: clear BTN_RIGHT/MIDDLE on buttonpads
  i2c: bcm2835: Avoid clock stretching timeouts
  mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work
  mac80211_hwsim: report NOACK frames in tx_status
  Linux 4.9.304
  fget: clarify and improve __fget_files() implementation
  memblock: use kfree() to release kmalloced memblock regions
  tty: n_gsm: fix proper link termination after failed open
  tty: n_gsm: fix encoding of control signal octet bit DV
  xhci: Prevent futile URB re-submissions due to incorrect return value.
  usb: dwc3: gadget: Let the interrupt handler disable bottom halves.
  USB: serial: option: add Telit LE910R1 compositions
  USB: serial: option: add support for DW5829e
  tracefs: Set the group ownership in apply_options() not parse_options()
  USB: gadget: validate endpoint index for xilinx udc
  usb: gadget: rndis: add spinlock for rndis response list
  Revert "USB: serial: ch341: add new Product ID for CH341A"
  ata: pata_hpt37x: disable primary channel on HPT371
  iio: adc: men_z188_adc: Fix a resource leak in an error handling path
  RDMA/ib_srp: Fix a deadlock
  configfs: fix a race in configfs_{,un}register_subsystem()
  net/mlx5e: Fix wrong return value on ioctl EEPROM query failure
  drm/edid: Always set RGB444
  openvswitch: Fix setting ipv6 fields causing hw csum failure
  gso: do not skip outer ip header in case of ipip and net_failover
  net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends
  serial: 8250: of: Fix mapped region size when using reg-offset property
  serial: 8250: fix error handling in of_platform_serial_probe()
  USB: zaurus: support another broken Zaurus
  sr9700: sanity check for packet length
  parisc/unaligned: Fix ldw() and stw() unalignment handlers
  parisc/unaligned: Fix fldd and fstd unaligned handlers on 32-bit kernel
  vhost/vsock: don't check owner in vhost_vsock_stop() while releasing
  mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status
  Linux 4.9.303
  net: usb: qmi_wwan: Add support for Dell DW5829e
  tracing: Fix tp_printk option related with tp_printk_stop_on_boot
  ata: libata-core: Disable TRIM on M88V29
  NFS: Do not report writeback errors in nfs_getattr()
  KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW
  lib/iov_iter: initialize "flags" in new pipe_buffer
  i2c: brcmstb: fix support for DSL and CM variants
  EDAC: Fix calculation of returned address and next offset in edac_align_ptr()
  NFS: LOOKUP_DIRECTORY is also ok with symlinks
  ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range()
  ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw()
  ALSA: hda: Fix missing codec probe on Shenker Dock 15
  ALSA: hda: Fix regression on forced probe mask option
  libsubcmd: Fix use-after-free for realloc(..., 0)
  drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit
  iwlwifi: pcie: fix locking when "HW not ready"
  vsock: remove vsock from connected table when connect is interrupted by a signal
  vsock: correct removal of socket from the list
  taskstats: Cleanup the use of task->exit_code
  xfrm: Don't accidentally set RTO_ONLINK in decode_session4()
  drm/radeon: Fix backlight control on iMac 12,1
  quota: make dquot_quota_sync return errors from ->sync_fs
  vfs: make freeze_super abort when sync_filesystem returns error
  ax25: improve the incomplete fix to avoid UAF and NPD bugs
  selftests/zram: Adapt the situation that /dev/zram0 is being used
  selftests/zram01.sh: Fix compression ratio calculation
  selftests/zram: Skip max_comp_streams interface on newer kernel
  net: ieee802154: at86rf230: Stop leaking skb's
  btrfs: send: in case of IO error log it
  parisc: Fix sglist access in ccio-dma.c
  parisc: Fix data TLB miss in sba_unmap_sg
  serial: parisc: GSC: fix build when IOSAPIC is not set
  net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
  Makefile.extrawarn: Move -Wunaligned-access to W=1
  UPSTREAM: net: fix skb_panic to output real address
  UPSTREAM: xfrm: Make function xfrmi_get_link_net() static
  UPSTREAM: xfrm: fix gro_cells leak when remove virtual xfrm interfaces
  UPSTREAM: xfrm interface: fix memory leak on creation
  UPSTREAM: xfrm: clone XFRMA_SET_MARK in xfrm_do_migrate
  UPSTREAM: xfrm/compat: Translate by copying XFRMA_UNSPEC attribute
  UPSTREAM: xfrm/compat: memset(0) 64-bit padding at right place
  UPSTREAM: xfrm/compat: Don't allocate memory with __GFP_ZERO
  UPSTREAM: xfrm/compat: Cleanup WARN()s that can be user-triggered
  UPSTREAM: net: xfrm: fix memory leak in xfrm_user_rcv_msg
  UPSTREAM: arm64/vdso: don't leak kernel addresses
  UPSTREAM: tracing: make PREEMPTIRQ_EVENTS depend on TRACING
  UPSTREAM: trace_uprobe: Use %lx to display offset
  UPSTREAM: kprobes: Fix random address output of blacklist file
  UPSTREAM: mm/huge_memory.c: __split_huge_page() use atomic ClearPageDirty()
  UPSTREAM: x86/realmode: Don't leak the trampoline kernel address
  UPSTREAM: bpf: bpf_prog_array_alloc() should return a generic non-rcu pointer
  UPSTREAM: bpf: fix rcu annotations in compute_effective_progs()
  UPSTREAM: optee: add writeback to valid memory type
  UPSTREAM: lib/test_printf.c: accept "ptrval" as valid result for plain 'p' tests
  UPSTREAM: kdb: use correct pointer when 'btc' calls 'btt'
  UPSTREAM: kdb: print real address of pointers instead of hashed addresses
  UPSTREAM: powerpc/traps: Fix the message printed when stack overflows
  UPSTREAM: f2fs: should use GFP_NOFS for directory inodes
  UPSTREAM: zram: off by one in read_block_state()
  UPSTREAM: tee: fix put order in teedev_close_context()
  UPSTREAM: vsprintf: Replace memory barrier with static_key for random_ptr_key update
  UPSTREAM: ARM: 8896/1: VDSO: Don't leak kernel addresses
  UPSTREAM: parisc: Show unhashed hardware inventory
  UPSTREAM: parisc: Show initial kernel memory layout unhashed
  UPSTREAM: parisc: Show unhashed HPA of Dino chip
  UPSTREAM: parisc: Show unhashed EISA EEPROM address
  UPSTREAM: HID: input: throttle battery uevents
  UPSTREAM: HID: steam: select CONFIG_POWER_SUPPLY
  UPSTREAM: HID: sony: Fix for broken buttons on DS3 USB dongles
  UPSTREAM: HID: input: do not report stylus battery state as "full"
  Linux 4.9.302
  HID: wacom: add USB_HID dependency
  hwmon: (dell-smm) Speed up setting of fan speed
  USB: serial: cp210x: add CPI Bulk Coin Recycler id
  USB: serial: cp210x: add NCR Retail IO box id
  USB: serial: ch341: add support for GW Instek USB2.0-Serial devices
  USB: serial: option: add ZTE MF286D modem
  USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320
  usb: gadget: rndis: check size of RNDIS_MSG_SET command
  USB: gadget: validate interface OS descriptor requests
  usb: dwc3: gadget: Prevent core from processing stale TRBs
  n_tty: wake up poll(POLLRDNORM) on receiving data
  bpf: Add kconfig knob for disabling unpriv bpf by default
  vt_ioctl: add array_index_nospec to VT_ACTIVATE
  vt_ioctl: fix array_index_nospec in vt_setactivate
  tipc: rate limit warning for received illegal binding update
  net: fix a memleak when uncloning an skb dst and its metadata
  net: do not keep the dst cache when uncloning an skb dst and its metadata
  ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path
  bonding: pair enable_port with slave_arr_updates
  ARM: dts: imx6qdl-udoo: Properly describe the SD card detect
  staging: fbtft: Fix error path in fbtft_driver_module_init()
  ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group
  usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend
  scsi: target: iscsi: Make sure the np under each tpg is unique
  NFSv4 remove zero number of fs_locations entries error check
  nfs: nfs4clinet: check the return value of kstrdup()
  NFSv4 only print the label when its queried
  Revert "net: axienet: Wait for PhyRstCmplt after core reset"
  ALSA: line6: Fix misplaced backport of "Fix wrong altsetting for LINE6_PODHD500_1"
  serial: sh-sci: Fix misplaced backport of "Fix late enablement of AUTORTS"
  Input: i8042 - Fix misplaced backport of "add ASUS Zenbook Flip to noselftest list"
  NFSD: Clamp WRITE offsets
  NFS: Fix initialisation of nfs_client cl_flags field
  ima: Remove ima_policy file before directory
  integrity: check the return value of audit_log_start()
  Revert "tracefs: Have tracefs directories not set OTH permission bits by default"
  Linux 4.9.301
  tipc: improve size validations for received domain records
  moxart: fix potential use-after-free on remove path
  cgroup-v1: Require capabilities to set release_agent
  Linux 4.9.300
  ext4: fix error handling in ext4_restore_inline_data()
  EDAC/xgene: Fix deferred probing
  EDAC/altera: Fix deferred probing
  rtc: cmos: Evaluate century appropriate
  nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client.
  scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe
  ASoC: fsl: Add missing error handling in pcm030_fabric_probe
  net: macsec: Verify that send_sci is on when setting Tx sci explicitly
  net: ieee802154: Return meaningful error codes from the netlink helpers
  spi: mediatek: Avoid NULL pointer crash in interrupt
  spi: bcm-qspi: check for valid cs before applying chip select
  iommu/amd: Fix loop timeout issue in iommu_ga_log_enable()
  drm/nouveau: fix off by one in BIOS boundary checking
  ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx()
  ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx()
  ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()
  af_packet: fix data-race in packet_setsockopt / packet_setsockopt
  rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink()
  net: amd-xgbe: Fix skb data length underflow
  net: amd-xgbe: ensure to reset the tx_timer_active flag
  ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback
  netfilter: nat: limit port clash resolution attempts
  netfilter: nat: remove l4 protocol port rovers
  ipv4: tcp: send zero IPID in SYNACK messages
  ipv4: raw: lock the socket in raw_bind()
  hwmon: (lm90) Reduce maximum conversion rate for G781
  drm/msm: Fix wrong size calculation
  net-procfs: show net devices bound packet types
  NFSv4: nfs_atomic_open() can race when looking up a non-regular file
  NFSv4: Handle case where the lookup of a directory fails
  ipv4: avoid using shared IP generator for connected sockets
  net: fix information leakage in /proc/net/ptype
  ipv6_tunnel: Rate limit warning messages
  scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put()
  powerpc/32: Fix boot failure with GCC latent entropy plugin
  USB: core: Fix hang in usb_kill_urb by adding memory barriers
  usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS
  usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge
  tty: Add support for Brainboxes UC cards.
  tty: n_gsm: fix SW flow control encoding/handling
  serial: stm32: fix software flow control transfer
  PM: wakeup: simplify the output logic of pm_show_wakelocks()
  udf: Fix NULL ptr deref when converting from inline format
  udf: Restore i_lenAlloc when inode expansion fails
  scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices
  s390/hypfs: include z/VM guests with access control group set
  Bluetooth: refactor malicious adv data check
  can: bcm: fix UAF of bcm op
  BACKPORT: ipv6: Implement draft-ietf-6man-rfc4941bis
  Linux 4.9.299
  ion: Do not 'put' ION handle until after its final use
  ion: Protect kref from userspace manipulation
  ion: Fix use after free during ION_IOC_ALLOC
  ARM: 8800/1: use choice for kernel unwinders
  KVM: X86: MMU: Use the correct inherited permissions to get shadow page
  KVM: nVMX: fix EPT permissions as reported in exit qualification
  NFSv4: Initialise connection to the server in nfs4_alloc_client()
  media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()
  drm/i915: Flush TLBs before releasing backing store
  Linux 4.9.298
  KVM: do not allow mapping valid but non-reference-counted pages
  KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped()
  KVM: do not assume PTE is writable after follow_pfn
  mm: add follow_pte_pmd()
  lib/timerqueue: Rely on rbtree semantics for next timer
  rbtree: cache leftmost node internally
  cipso,calipso: resolve a number of problems with the DOI refcounts
  gianfar: fix jumbo packets+napi+rx overrun crash
  gianfar: simplify FCS handling and fix memory leak
  drm/ttm/nouveau: don't call tt destroy callback on alloc failure.
  gup: document and work around "COW can break either way" issue
  Revert "gup: document and work around "COW can break either way" issue"
  lib82596: Fix IRQ check in sni_82596_probe
  scripts/dtc: dtx_diff: remove broken example from help text
  bcmgenet: add WOL IRQ check
  net_sched: restore "mpu xxx" handling
  dmaengine: at_xdmac: Fix at_xdmac_lld struct definition
  dmaengine: at_xdmac: Fix lld view setting
  dmaengine: at_xdmac: Print debug message after realeasing the lock
  dmaengine: at_xdmac: Don't start transactions at tx_submit level
  libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route()
  netns: add schedule point in ops_exit_list()
  net: axienet: fix number of TX ring slots for available check
  net: axienet: Wait for PhyRstCmplt after core reset
  af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress
  parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries
  net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module
  powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses
  RDMA/rxe: Fix a typo in opcode name
  RDMA/hns: Modify the mapping attribute of doorbell to device
  drm/radeon: fix error handling in radeon_driver_open_kms
  fuse: fix live lock in fuse_iget()
  fuse: fix bad inode
  ext4: don't use the orphan list when migrating an inode
  ext4: Fix BUG_ON in ext4_bread when write quota data
  ext4: set csum seed in tmp inode while migrating to extents
  iwlwifi: mvm: Increase the scan timeout guard to 30 seconds
  ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers
  power: bq25890: Enable continuous conversion for ADC at charging
  ASoC: mediatek: mt8173: fix device_node leak
  scsi: sr: Don't use GFP_DMA
  MIPS: Octeon: Fix build errors using clang
  i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters
  ALSA: seq: Set upper limit of processed events
  w1: Misuse of get_user()/put_user() reported by sparse
  i2c: mpc: Correct I2C reset procedure
  powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING
  i2c: i801: Don't silently correct invalid transfer size
  powerpc/btext: add missing of_node_put
  powerpc/cell: add missing of_node_put
  powerpc/powernv: add missing of_node_put
  powerpc/6xx: add missing of_node_put
  parisc: Avoid calling faulthandler_disabled() twice
  serial: core: Keep mctrl register state and cached copy in sync
  serial: pl010: Drop CR register reset on set_termios
  dm space map common: add bounds check to sm_ll_lookup_bitmap()
  dm btree: add a defensive bounds check to insert_at()
  net: mdio: Demote probed message to debug print
  btrfs: remove BUG_ON(!eie) in find_parent_nodes
  btrfs: remove BUG_ON() in find_parent_nodes()
  ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R()
  ACPICA: Utilities: Avoid deleting the same object twice in a row
  jffs2: GC deadlock reading a page that is used in jffs2_write_begin()
  um: registers: Rename function names to avoid conflicts and build problems
  ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream
  usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0
  media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach()
  media: igorplugusb: receiver overflow should be reported
  net: bonding: debug: avoid printing debug logs when bond is not notifying peers
  ath10k: Fix tx hanging
  iwlwifi: mvm: synchronize with FW after multicast commands
  media: m920x: don't use stack on USB reads
  media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach()
  floppy: Add max size check for user space request
  mwifiex: Fix skb_over_panic in mwifiex_usb_recv()
  HSI: core: Fix return freed object in hsi_new_client
  gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use
  media: b2c2: Add missing check in flexcop_pci_isr:
  HID: apple: Do not reset quirks when the Fn key is not found
  usb: gadget: f_fs: Use stream_open() for endpoint files
  ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply
  fs: dlm: filter user dlm messages for kernel locks
  Bluetooth: Fix debugfs entry leak in hci_register_dev()
  RDMA/cxgb4: Set queue pair state when being queried
  mips: bcm63xx: add support for clk_set_parent()
  mips: lantiq: add support for clk_set_parent()
  misc: lattice-ecp3-config: Fix task hung when firmware load failed
  ASoC: samsung: idma: Check of ioremap return value
  dmaengine: pxa/mmp: stop referencing config->slave_id
  RDMA/core: Let ib_find_gid() continue search even after empty entry
  scsi: ufs: Fix race conditions related to driver data
  char/mwave: Adjust io port register size
  ALSA: oss: fix compile error when OSS_DEBUG is enabled
  powerpc/prom_init: Fix improper check of prom_getprop()
  RDMA/hns: Validate the pkey index
  ALSA: hda: Add missing rwsem around snd_ctl_remove() calls
  ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls
  ALSA: jack: Add missing rwsem around snd_ctl_remove() calls
  ext4: avoid trim error on fs with small groups
  net: mcs7830: handle usb read errors properly
  pcmcia: fix setting of kthread task states
  can: xilinx_can: xcan_probe(): check for error irq
  can: softing: softing_startstop(): fix set but not used variable warning
  spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe
  fsl/fman: Check for null pointer after calling devm_ioremap
  ppp: ensure minimum packet size in ppp_write()
  pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region()
  pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region()
  usb: ftdi-elan: fix memory leak on device disconnect
  media: msi001: fix possible null-ptr-deref in msi001_probe()
  media: si2157: Fix "warm" tuner state detection
  media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach()
  media: dib8000: Fix a memleak in dib8000_init()
  floppy: Fix hang in watchdog when disk is ejected
  serial: amba-pl011: do not request memory region twice
  drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms()
  drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode()
  arm64: dts: qcom: msm8916: fix MMC controller aliases
  netfilter: bridge: add support for pppoe filtering
  tty: serial: atmel: Call dma_async_issue_pending()
  tty: serial: atmel: Check return code of dmaengine_submit()
  crypto: qce - fix uaf on qce_ahash_register_one
  media: dmxdev: fix UAF when dvb_register_device() fails
  Bluetooth: stop proccessing malicious adv data
  wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND
  Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails
  shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode
  PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller
  can: softing_cs: softingcs_probe(): fix memleak on registration failure
  media: stk1160: fix control-message timeouts
  media: pvrusb2: fix control-message timeouts
  media: redrat3: fix control-message timeouts
  media: dib0700: fix undefined behavior in tuner shutdown
  media: s2255: fix control-message timeouts
  media: cpia2: fix control-message timeouts
  media: em28xx: fix control-message timeouts
  media: mceusb: fix control-message timeouts
  media: flexcop-usb: fix control-message timeouts
  rtc: cmos: take rtc_lock while reading from CMOS
  nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind()
  HID: wacom: Avoid using stale array indicies to read contact count
  HID: uhid: Fix worker destroying device without any protection
  rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled
  media: uvcvideo: fix division by zero at stream start
  drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk()
  staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn()
  random: fix data race on crng init time
  random: fix data race on crng_node_pool
  can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved}
  can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data
  mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe()
  USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status
  USB: core: Fix bug in resuming hub's handling of wakeup requests
  Bluetooth: bfusb: fix division by zero in send path
  Linux 4.9.297
  power: reset: ltc2952: Fix use of floating point literals
  mISDN: change function names to avoid conflicts
  net: udp: fix alignment problem in udp4_seq_show()
  ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate
  scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown()
  phonet: refcount leak in pep_sock_accep
  arm64: sysreg: Move to use definitions for all the SCTLR bits
  arm64: move !VHE work to end of el2_setup
  arm64: reduce el2_setup branching
  arm64: Remove a redundancy in sysreg.h
  bug: split BUILD_BUG stuff out into <linux/build_bug.h>
  rndis_host: support Hytera digital radios
  xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate
  sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc
  i40e: Fix incorrect netdev's real number of RX/TX queues
  mac80211: initialize variable have_higher_than_11mbit
  ieee802154: atusb: fix uninit value in atusb_set_extended_addr
  virtio_pci: Support surprise removal of virtio pci device
  tracing: Tag trace_percpu_buffer as a percpu pointer
  tracing: Fix check for trace_percpu_buffer validity in get_trace_buf()
  Bluetooth: btusb: Apply QCA Rome patches for some ATH3012 models
  Linux 4.9.296
  net: fix use-after-free in tw_timer_handler
  Input: spaceball - fix parsing of movement data packets
  Input: appletouch - initialize work before device registration
  scsi: vmw_pvscsi: Set residual data length conditionally
  usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear.
  xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set.
  uapi: fix linux/nfc.h userspace compilation errors
  nfc: uapi: use kernel size_t to fix user-space builds
  fsl/fman: Fix missing put_device() call in fman_port_probe
  selinux: initialize proto variable in selinux_ip_postroute_compat()
  recordmcount.pl: fix typo in s390 mcount regex
  platform/x86: apple-gmux: use resource_size() with res
  HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option
  Linux 4.9.295
  phonet/pep: refuse to enable an unbound pipe
  hamradio: improve the incomplete fix to avoid NPD
  hamradio: defer ax25 kfree after unregister_netdev
  ax25: NPD bug when detaching AX25 device
  hwmon: (lm90) Do not report 'busy' status bit as alarm
  ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling
  x86/pkey: Fix undefined behaviour with PKRU_WD_BIT
  ALSA: drivers: opl3: Fix incorrect use of vp->state
  ALSA: jack: Check the return value of kstrdup()
  hwmon: (lm90) Fix usage of CONFIG2 register in detect function
  drivers: net: smc911x: Check for error irq
  fjes: Check for error irq
  bonding: fix ad_actor_system option setting to default
  qlcnic: potential dereference null pointer of rx_queue->page_ring
  IB/qib: Fix memory leak in qib_user_sdma_queue_pkts()
  HID: holtek: fix mouse probing
  can: kvaser_usb: get CAN clock frequency from device
  net: usb: lan78xx: add Allied Telesis AT29M2-AF
  Linux 4.9.294
  xen/netback: don't queue unlimited number of packages
  xen/netback: fix rx queue stall detection
  xen/console: harden hvc_xen against event channel storms
  xen/netfront: harden netfront against event channel storms
  xen/blkfront: harden blkfront against event channel storms
  Input: touchscreen - avoid bitwise vs logical OR warning
  mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO
  ARM: 8805/2: remove unneeded naked function usage
  net: lan78xx: Avoid unnecessary self assignment
  scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select()
  fuse: annotate lock in fuse_reverse_inval_entry()
  firmware: arm_scpi: Fix string overflow in SCPI genpd driver
  net: systemport: Add global locking for descriptor lifecycle
  timekeeping: Really make sure wall_to_monotonic isn't positive
  USB: serial: option: add Telit FN990 compositions
  PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error
  USB: gadget: bRequestType is a bitfield, not a enum
  ixgbe: set X550 MDIO speed before talking to PHY
  igbvf: fix double free in `igbvf_probe`
  soc/tegra: fuse: Fix bitwise vs. logical OR warning
  nfsd: fix use-after-free due to delegation race
  dm btree remove: fix use after free in rebalance_children()
  recordmcount.pl: look for jgnop instruction as well as bcrl on s390
  mac80211: send ADDBA requests using the tid/queue of the aggregation session
  hwmon: (dell-smm) Fix warning on /proc/i8k creation error
  tracing: Fix a kmemleak false positive in tracing_map
  net: netlink: af_netlink: Prevent empty skb by adding a check on len.
  i2c: rk3x: Handle a spurious start completion interrupt flag
  parisc/agp: Annotate parisc agp init functions with __init
  net/mlx4_en: Update reported link modes for 1/10G
  nfc: fix segfault in nfc_genl_dump_devices_done
  FROMGIT: USB: gadget: bRequestType is a bitfield, not a enum
  Linux 4.9.293
  irqchip: nvic: Fix offset for Interrupt Priority Offsets
  irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL
  irqchip/armada-370-xp: Fix support for Multi-MSI interrupts
  irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc()
  iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove
  iio: itg3200: Call iio_trigger_notify_done() on error
  iio: kxsd9: Don't return error code in trigger handler
  iio: ltr501: Don't return error code in trigger handler
  iio: mma8452: Fix trigger reference couting
  iio: stk3310: Don't return error code in interrupt handler
  usb: core: config: using bit mask instead of individual bits
  usb: core: config: fix validation of wMaxPacketValue entries
  USB: gadget: zero allocate endpoint 0 buffers
  USB: gadget: detect too-big endpoint 0 requests
  net/qla3xxx: fix an error code in ql_adapter_up()
  net, neigh: clear whole pneigh_entry at alloc time
  net: fec: only clear interrupt of handling queue in fec_enet_rx_queue()
  net: altera: set a couple error code in probe()
  net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero
  block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2)
  tracefs: Set all files to the same group ownership as the mount option
  signalfd: use wake_up_pollfree()
  binder: use wake_up_pollfree()
  wait: add wake_up_pollfree()
  libata: add horkage for ASMedia 1092
  can: pch_can: pch_can_rx_normal: fix use after free
  tracefs: Have new files inherit the ownership of their parent
  ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*()
  ALSA: pcm: oss: Limit the period size to 16MB
  ALSA: pcm: oss: Fix negative period/buffer sizes
  ALSA: ctl: Fix copy of updated id with element read/write
  mm: bdi: initialize bdi_min_ratio when bdi is unregistered
  IB/hfi1: Correct guard on eager buffer deallocation
  nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done
  can: sja1000: fix use after free in ems_pcmcia_add_card()
  HID: check for valid USB device for many HID drivers
  HID: wacom: fix problems when device is not a valid USB device
  HID: add USB_HID dependancy on some USB HID drivers
  HID: add USB_HID dependancy to hid-chicony
  HID: add USB_HID dependancy to hid-prodikeys
  HID: add hid_is_usb() function to make it simpler for USB detection
  HID: introduce hid_is_using_ll_driver
  UPSTREAM: USB: gadget: zero allocate endpoint 0 buffers
  UPSTREAM: USB: gadget: detect too-big endpoint 0 requests

 Conflicts:
	arch/arm64/include/asm/cputype.h
	arch/arm64/kernel/bpi.S
	arch/arm64/kernel/cpu_errata.c
	arch/arm64/kernel/vdso.c
	drivers/clk/qcom/clk-rcg2.c
	drivers/media/dvb-core/dmxdev.c
	drivers/mmc/core/host.c
	drivers/net/usb/lan78xx.c
	drivers/staging/android/ion/ion-ioctl.c
	drivers/staging/android/ion/ion.c
	drivers/staging/android/ion/ion_priv.h
	drivers/usb/gadget/composite.c
	drivers/usb/gadget/function/rndis.c
	drivers/usb/gadget/function/rndis.h
	lib/vsprintf.c
	mm/memory.c
	net/ipv6/ip6_output.c

Change-Id: Ie8bf6aa5dac3ae822cef90decbba577cefedcb31
2022-05-09 16:57:36 +03:00

1366 lines
31 KiB
C
Raw Permalink Blame History

/*
* uprobes-based tracing events
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* Copyright (C) IBM Corporation, 2010-2012
* Author: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
*/
#include <linux/module.h>
#include <linux/uaccess.h>
#include <linux/uprobes.h>
#include <linux/namei.h>
#include <linux/string.h>
#include "trace_probe.h"
#define UPROBE_EVENT_SYSTEM "uprobes"
struct uprobe_trace_entry_head {
struct trace_entry ent;
unsigned long vaddr[];
};
#define SIZEOF_TRACE_ENTRY(is_return) \
(sizeof(struct uprobe_trace_entry_head) + \
sizeof(unsigned long) * (is_return ? 2 : 1))
#define DATAOF_TRACE_ENTRY(entry, is_return) \
((void*)(entry) + SIZEOF_TRACE_ENTRY(is_return))
struct trace_uprobe_filter {
rwlock_t rwlock;
int nr_systemwide;
struct list_head perf_events;
};
/*
* uprobe event core functions
*/
struct trace_uprobe {
struct list_head list;
struct trace_uprobe_filter filter;
struct uprobe_consumer consumer;
struct inode *inode;
char *filename;
unsigned long offset;
unsigned long nhit;
struct trace_probe tp;
};
#define SIZEOF_TRACE_UPROBE(n) \
(offsetof(struct trace_uprobe, tp.args) + \
(sizeof(struct probe_arg) * (n)))
static int register_uprobe_event(struct trace_uprobe *tu);
static int unregister_uprobe_event(struct trace_uprobe *tu);
static DEFINE_MUTEX(uprobe_lock);
static LIST_HEAD(uprobe_list);
struct uprobe_dispatch_data {
struct trace_uprobe *tu;
unsigned long bp_addr;
};
static int uprobe_dispatcher(struct uprobe_consumer *con, struct pt_regs *regs);
static int uretprobe_dispatcher(struct uprobe_consumer *con,
unsigned long func, struct pt_regs *regs);
#ifdef CONFIG_STACK_GROWSUP
static unsigned long adjust_stack_addr(unsigned long addr, unsigned int n)
{
return addr - (n * sizeof(long));
}
#else
static unsigned long adjust_stack_addr(unsigned long addr, unsigned int n)
{
return addr + (n * sizeof(long));
}
#endif
static unsigned long get_user_stack_nth(struct pt_regs *regs, unsigned int n)
{
unsigned long ret;
unsigned long addr = user_stack_pointer(regs);
addr = adjust_stack_addr(addr, n);
if (copy_from_user(&ret, (void __force __user *) addr, sizeof(ret)))
return 0;
return ret;
}
/*
* Uprobes-specific fetch functions
*/
#define DEFINE_FETCH_stack(type) \
static void FETCH_FUNC_NAME(stack, type)(struct pt_regs *regs, \
void *offset, void *dest) \
{ \
*(type *)dest = (type)get_user_stack_nth(regs, \
((unsigned long)offset)); \
}
DEFINE_BASIC_FETCH_FUNCS(stack)
/* No string on the stack entry */
#define fetch_stack_string NULL
#define fetch_stack_string_size NULL
#define DEFINE_FETCH_memory(type) \
static void FETCH_FUNC_NAME(memory, type)(struct pt_regs *regs, \
void *addr, void *dest) \
{ \
type retval; \
void __user *vaddr = (void __force __user *) addr; \
\
if (copy_from_user(&retval, vaddr, sizeof(type))) \
*(type *)dest = 0; \
else \
*(type *) dest = retval; \
}
DEFINE_BASIC_FETCH_FUNCS(memory)
/*
* Fetch a null-terminated string. Caller MUST set *(u32 *)dest with max
* length and relative data location.
*/
static void FETCH_FUNC_NAME(memory, string)(struct pt_regs *regs,
void *addr, void *dest)
{
long ret;
u32 rloc = *(u32 *)dest;
int maxlen = get_rloc_len(rloc);
u8 *dst = get_rloc_data(dest);
void __user *src = (void __force __user *) addr;
if (!maxlen)
return;
ret = strncpy_from_user(dst, src, maxlen);
if (ret == maxlen)
dst[ret - 1] = '\0';
else if (ret >= 0)
/*
* Include the terminating null byte. In this case it
* was copied by strncpy_from_user but not accounted
* for in ret.
*/
ret++;
if (ret < 0) { /* Failed to fetch string */
((u8 *)get_rloc_data(dest))[0] = '\0';
*(u32 *)dest = make_data_rloc(0, get_rloc_offs(rloc));
} else {
*(u32 *)dest = make_data_rloc(ret, get_rloc_offs(rloc));
}
}
static void FETCH_FUNC_NAME(memory, string_size)(struct pt_regs *regs,
void *addr, void *dest)
{
int len;
void __user *vaddr = (void __force __user *) addr;
len = strnlen_user(vaddr, MAX_STRING_SIZE);
if (len == 0 || len > MAX_STRING_SIZE) /* Failed to check length */
*(u32 *)dest = 0;
else
*(u32 *)dest = len;
}
static unsigned long translate_user_vaddr(void *file_offset)
{
unsigned long base_addr;
struct uprobe_dispatch_data *udd;
udd = (void *) current->utask->vaddr;
base_addr = udd->bp_addr - udd->tu->offset;
return base_addr + (unsigned long)file_offset;
}
#define DEFINE_FETCH_file_offset(type) \
static void FETCH_FUNC_NAME(file_offset, type)(struct pt_regs *regs, \
void *offset, void *dest)\
{ \
void *vaddr = (void *)translate_user_vaddr(offset); \
\
FETCH_FUNC_NAME(memory, type)(regs, vaddr, dest); \
}
DEFINE_BASIC_FETCH_FUNCS(file_offset)
DEFINE_FETCH_file_offset(string)
DEFINE_FETCH_file_offset(string_size)
/* Fetch type information table */
static const struct fetch_type uprobes_fetch_type_table[] = {
/* Special types */
[FETCH_TYPE_STRING] = __ASSIGN_FETCH_TYPE("string", string, string,
sizeof(u32), 1, "__data_loc char[]"),
[FETCH_TYPE_STRSIZE] = __ASSIGN_FETCH_TYPE("string_size", u32,
string_size, sizeof(u32), 0, "u32"),
/* Basic types */
ASSIGN_FETCH_TYPE(u8, u8, 0),
ASSIGN_FETCH_TYPE(u16, u16, 0),
ASSIGN_FETCH_TYPE(u32, u32, 0),
ASSIGN_FETCH_TYPE(u64, u64, 0),
ASSIGN_FETCH_TYPE(s8, u8, 1),
ASSIGN_FETCH_TYPE(s16, u16, 1),
ASSIGN_FETCH_TYPE(s32, u32, 1),
ASSIGN_FETCH_TYPE(s64, u64, 1),
ASSIGN_FETCH_TYPE_ALIAS(x8, u8, u8, 0),
ASSIGN_FETCH_TYPE_ALIAS(x16, u16, u16, 0),
ASSIGN_FETCH_TYPE_ALIAS(x32, u32, u32, 0),
ASSIGN_FETCH_TYPE_ALIAS(x64, u64, u64, 0),
ASSIGN_FETCH_TYPE_END
};
static inline void init_trace_uprobe_filter(struct trace_uprobe_filter *filter)
{
rwlock_init(&filter->rwlock);
filter->nr_systemwide = 0;
INIT_LIST_HEAD(&filter->perf_events);
}
static inline bool uprobe_filter_is_empty(struct trace_uprobe_filter *filter)
{
return !filter->nr_systemwide && list_empty(&filter->perf_events);
}
static inline bool is_ret_probe(struct trace_uprobe *tu)
{
return tu->consumer.ret_handler != NULL;
}
/*
* Allocate new trace_uprobe and initialize it (including uprobes).
*/
static struct trace_uprobe *
alloc_trace_uprobe(const char *group, const char *event, int nargs, bool is_ret)
{
struct trace_uprobe *tu;
if (!event || !is_good_name(event))
return ERR_PTR(-EINVAL);
if (!group || !is_good_name(group))
return ERR_PTR(-EINVAL);
tu = kzalloc(SIZEOF_TRACE_UPROBE(nargs), GFP_KERNEL);
if (!tu)
return ERR_PTR(-ENOMEM);
tu->tp.call.class = &tu->tp.class;
tu->tp.call.name = kstrdup(event, GFP_KERNEL);
if (!tu->tp.call.name)
goto error;
tu->tp.class.system = kstrdup(group, GFP_KERNEL);
if (!tu->tp.class.system)
goto error;
INIT_LIST_HEAD(&tu->list);
INIT_LIST_HEAD(&tu->tp.files);
tu->consumer.handler = uprobe_dispatcher;
if (is_ret)
tu->consumer.ret_handler = uretprobe_dispatcher;
init_trace_uprobe_filter(&tu->filter);
return tu;
error:
kfree(tu->tp.call.name);
kfree(tu);
return ERR_PTR(-ENOMEM);
}
static void free_trace_uprobe(struct trace_uprobe *tu)
{
int i;
for (i = 0; i < tu->tp.nr_args; i++)
traceprobe_free_probe_arg(&tu->tp.args[i]);
iput(tu->inode);
kfree(tu->tp.call.class->system);
kfree(tu->tp.call.name);
kfree(tu->filename);
kfree(tu);
}
static struct trace_uprobe *find_probe_event(const char *event, const char *group)
{
struct trace_uprobe *tu;
list_for_each_entry(tu, &uprobe_list, list)
if (strcmp(trace_event_name(&tu->tp.call), event) == 0 &&
strcmp(tu->tp.call.class->system, group) == 0)
return tu;
return NULL;
}
/* Unregister a trace_uprobe and probe_event: call with locking uprobe_lock */
static int unregister_trace_uprobe(struct trace_uprobe *tu)
{
int ret;
ret = unregister_uprobe_event(tu);
if (ret)
return ret;
list_del(&tu->list);
free_trace_uprobe(tu);
return 0;
}
/* Register a trace_uprobe and probe_event */
static int register_trace_uprobe(struct trace_uprobe *tu)
{
struct trace_uprobe *old_tu;
int ret;
mutex_lock(&uprobe_lock);
/* register as an event */
old_tu = find_probe_event(trace_event_name(&tu->tp.call),
tu->tp.call.class->system);
if (old_tu) {
/* delete old event */
ret = unregister_trace_uprobe(old_tu);
if (ret)
goto end;
}
ret = register_uprobe_event(tu);
if (ret) {
pr_warn("Failed to register probe event(%d)\n", ret);
goto end;
}
list_add_tail(&tu->list, &uprobe_list);
end:
mutex_unlock(&uprobe_lock);
return ret;
}
/*
* Argument syntax:
* - Add uprobe: p|r[:[GRP/]EVENT] PATH:OFFSET [FETCHARGS]
*
* - Remove uprobe: -:[GRP/]EVENT
*/
static int create_trace_uprobe(int argc, char **argv)
{
struct trace_uprobe *tu;
struct inode *inode;
char *arg, *event, *group, *filename;
char buf[MAX_EVENT_NAME_LEN];
struct path path;
unsigned long offset;
bool is_delete, is_return;
int i, ret;
inode = NULL;
ret = 0;
is_delete = false;
is_return = false;
event = NULL;
group = NULL;
/* argc must be >= 1 */
if (argv[0][0] == '-')
is_delete = true;
else if (argv[0][0] == 'r')
is_return = true;
else if (argv[0][0] != 'p') {
pr_info("Probe definition must be started with 'p', 'r' or '-'.\n");
return -EINVAL;
}
if (argv[0][1] == ':') {
event = &argv[0][2];
arg = strchr(event, '/');
if (arg) {
group = event;
event = arg + 1;
event[-1] = '\0';
if (strlen(group) == 0) {
pr_info("Group name is not specified\n");
return -EINVAL;
}
}
if (strlen(event) == 0) {
pr_info("Event name is not specified\n");
return -EINVAL;
}
}
if (!group)
group = UPROBE_EVENT_SYSTEM;
if (is_delete) {
int ret;
if (!event) {
pr_info("Delete command needs an event name.\n");
return -EINVAL;
}
mutex_lock(&uprobe_lock);
tu = find_probe_event(event, group);
if (!tu) {
mutex_unlock(&uprobe_lock);
pr_info("Event %s/%s doesn't exist.\n", group, event);
return -ENOENT;
}
/* delete an event */
ret = unregister_trace_uprobe(tu);
mutex_unlock(&uprobe_lock);
return ret;
}
if (argc < 2) {
pr_info("Probe point is not specified.\n");
return -EINVAL;
}
arg = strchr(argv[1], ':');
if (!arg) {
ret = -EINVAL;
goto fail_address_parse;
}
*arg++ = '\0';
filename = argv[1];
ret = kern_path(filename, LOOKUP_FOLLOW, &path);
if (ret)
goto fail_address_parse;
inode = igrab(d_inode(path.dentry));
path_put(&path);
if (!inode || !S_ISREG(inode->i_mode)) {
ret = -EINVAL;
goto fail_address_parse;
}
ret = kstrtoul(arg, 0, &offset);
if (ret)
goto fail_address_parse;
argc -= 2;
argv += 2;
/* setup a probe */
if (!event) {
char *tail;
char *ptr;
tail = kstrdup(kbasename(filename), GFP_KERNEL);
if (!tail) {
ret = -ENOMEM;
goto fail_address_parse;
}
ptr = strpbrk(tail, ".-_");
if (ptr)
*ptr = '\0';
snprintf(buf, MAX_EVENT_NAME_LEN, "%c_%s_0x%lx", 'p', tail, offset);
event = buf;
kfree(tail);
}
tu = alloc_trace_uprobe(group, event, argc, is_return);
if (IS_ERR(tu)) {
pr_info("Failed to allocate trace_uprobe.(%d)\n", (int)PTR_ERR(tu));
ret = PTR_ERR(tu);
goto fail_address_parse;
}
tu->offset = offset;
tu->inode = inode;
tu->filename = kstrdup(filename, GFP_KERNEL);
if (!tu->filename) {
pr_info("Failed to allocate filename.\n");
ret = -ENOMEM;
goto error;
}
/* parse arguments */
ret = 0;
for (i = 0; i < argc && i < MAX_TRACE_ARGS; i++) {
struct probe_arg *parg = &tu->tp.args[i];
/* Increment count for freeing args in error case */
tu->tp.nr_args++;
/* Parse argument name */
arg = strchr(argv[i], '=');
if (arg) {
*arg++ = '\0';
parg->name = kstrdup(argv[i], GFP_KERNEL);
} else {
arg = argv[i];
/* If argument name is omitted, set "argN" */
snprintf(buf, MAX_EVENT_NAME_LEN, "arg%d", i + 1);
parg->name = kstrdup(buf, GFP_KERNEL);
}
if (!parg->name) {
pr_info("Failed to allocate argument[%d] name.\n", i);
ret = -ENOMEM;
goto error;
}
if (!is_good_name(parg->name)) {
pr_info("Invalid argument[%d] name: %s\n", i, parg->name);
ret = -EINVAL;
goto error;
}
if (traceprobe_conflict_field_name(parg->name, tu->tp.args, i)) {
pr_info("Argument[%d] name '%s' conflicts with "
"another field.\n", i, argv[i]);
ret = -EINVAL;
goto error;
}
/* Parse fetch argument */
ret = traceprobe_parse_probe_arg(arg, &tu->tp.size, parg,
is_return, false,
uprobes_fetch_type_table);
if (ret) {
pr_info("Parse error at argument[%d]. (%d)\n", i, ret);
goto error;
}
}
ret = register_trace_uprobe(tu);
if (ret)
goto error;
return 0;
error:
free_trace_uprobe(tu);
return ret;
fail_address_parse:
iput(inode);
pr_info("Failed to parse address or file.\n");
return ret;
}
static int cleanup_all_probes(void)
{
struct trace_uprobe *tu;
int ret = 0;
mutex_lock(&uprobe_lock);
while (!list_empty(&uprobe_list)) {
tu = list_entry(uprobe_list.next, struct trace_uprobe, list);
ret = unregister_trace_uprobe(tu);
if (ret)
break;
}
mutex_unlock(&uprobe_lock);
return ret;
}
/* Probes listing interfaces */
static void *probes_seq_start(struct seq_file *m, loff_t *pos)
{
mutex_lock(&uprobe_lock);
return seq_list_start(&uprobe_list, *pos);
}
static void *probes_seq_next(struct seq_file *m, void *v, loff_t *pos)
{
return seq_list_next(v, &uprobe_list, pos);
}
static void probes_seq_stop(struct seq_file *m, void *v)
{
mutex_unlock(&uprobe_lock);
}
static int probes_seq_show(struct seq_file *m, void *v)
{
struct trace_uprobe *tu = v;
char c = is_ret_probe(tu) ? 'r' : 'p';
int i;
seq_printf(m, "%c:%s/%s", c, tu->tp.call.class->system,
trace_event_name(&tu->tp.call));
seq_printf(m, " %s:", tu->filename);
/* Don't print "0x (null)" when offset is 0 */
if (tu->offset) {
seq_printf(m, "0x%0*lx", (int)(sizeof(void *) * 2), tu->offset);
} else {
switch (sizeof(void *)) {
case 4:
seq_printf(m, "0x00000000");
break;
case 8:
default:
seq_printf(m, "0x0000000000000000");
break;
}
}
for (i = 0; i < tu->tp.nr_args; i++)
seq_printf(m, " %s=%s", tu->tp.args[i].name, tu->tp.args[i].comm);
seq_putc(m, '\n');
return 0;
}
static const struct seq_operations probes_seq_op = {
.start = probes_seq_start,
.next = probes_seq_next,
.stop = probes_seq_stop,
.show = probes_seq_show
};
static int probes_open(struct inode *inode, struct file *file)
{
int ret;
if ((file->f_mode & FMODE_WRITE) && (file->f_flags & O_TRUNC)) {
ret = cleanup_all_probes();
if (ret)
return ret;
}
return seq_open(file, &probes_seq_op);
}
static ssize_t probes_write(struct file *file, const char __user *buffer,
size_t count, loff_t *ppos)
{
return traceprobe_probes_write(file, buffer, count, ppos, create_trace_uprobe);
}
static const struct file_operations uprobe_events_ops = {
.owner = THIS_MODULE,
.open = probes_open,
.read = seq_read,
.llseek = seq_lseek,
.release = seq_release,
.write = probes_write,
};
/* Probes profiling interfaces */
static int probes_profile_seq_show(struct seq_file *m, void *v)
{
struct trace_uprobe *tu = v;
seq_printf(m, " %s %-44s %15lu\n", tu->filename,
trace_event_name(&tu->tp.call), tu->nhit);
return 0;
}
static const struct seq_operations profile_seq_op = {
.start = probes_seq_start,
.next = probes_seq_next,
.stop = probes_seq_stop,
.show = probes_profile_seq_show
};
static int profile_open(struct inode *inode, struct file *file)
{
return seq_open(file, &profile_seq_op);
}
static const struct file_operations uprobe_profile_ops = {
.owner = THIS_MODULE,
.open = profile_open,
.read = seq_read,
.llseek = seq_lseek,
.release = seq_release,
};
struct uprobe_cpu_buffer {
struct mutex mutex;
void *buf;
};
static struct uprobe_cpu_buffer __percpu *uprobe_cpu_buffer;
static int uprobe_buffer_refcnt;
static int uprobe_buffer_init(void)
{
int cpu, err_cpu;
uprobe_cpu_buffer = alloc_percpu(struct uprobe_cpu_buffer);
if (uprobe_cpu_buffer == NULL)
return -ENOMEM;
for_each_possible_cpu(cpu) {
struct page *p = alloc_pages_node(cpu_to_node(cpu),
GFP_KERNEL, 0);
if (p == NULL) {
err_cpu = cpu;
goto err;
}
per_cpu_ptr(uprobe_cpu_buffer, cpu)->buf = page_address(p);
mutex_init(&per_cpu_ptr(uprobe_cpu_buffer, cpu)->mutex);
}
return 0;
err:
for_each_possible_cpu(cpu) {
if (cpu == err_cpu)
break;
free_page((unsigned long)per_cpu_ptr(uprobe_cpu_buffer, cpu)->buf);
}
free_percpu(uprobe_cpu_buffer);
return -ENOMEM;
}
static int uprobe_buffer_enable(void)
{
int ret = 0;
BUG_ON(!mutex_is_locked(&event_mutex));
if (uprobe_buffer_refcnt++ == 0) {
ret = uprobe_buffer_init();
if (ret < 0)
uprobe_buffer_refcnt--;
}
return ret;
}
static void uprobe_buffer_disable(void)
{
int cpu;
BUG_ON(!mutex_is_locked(&event_mutex));
if (--uprobe_buffer_refcnt == 0) {
for_each_possible_cpu(cpu)
free_page((unsigned long)per_cpu_ptr(uprobe_cpu_buffer,
cpu)->buf);
free_percpu(uprobe_cpu_buffer);
uprobe_cpu_buffer = NULL;
}
}
static struct uprobe_cpu_buffer *uprobe_buffer_get(void)
{
struct uprobe_cpu_buffer *ucb;
int cpu;
cpu = raw_smp_processor_id();
ucb = per_cpu_ptr(uprobe_cpu_buffer, cpu);
/*
* Use per-cpu buffers for fastest access, but we might migrate
* so the mutex makes sure we have sole access to it.
*/
mutex_lock(&ucb->mutex);
return ucb;
}
static void uprobe_buffer_put(struct uprobe_cpu_buffer *ucb)
{
mutex_unlock(&ucb->mutex);
}
static void __uprobe_trace_func(struct trace_uprobe *tu,
unsigned long func, struct pt_regs *regs,
struct uprobe_cpu_buffer *ucb, int dsize,
struct trace_event_file *trace_file)
{
struct uprobe_trace_entry_head *entry;
struct ring_buffer_event *event;
struct ring_buffer *buffer;
void *data;
int size, esize;
struct trace_event_call *call = &tu->tp.call;
WARN_ON(call != trace_file->event_call);
if (WARN_ON_ONCE(tu->tp.size + dsize > PAGE_SIZE))
return;
if (trace_trigger_soft_disabled(trace_file))
return;
esize = SIZEOF_TRACE_ENTRY(is_ret_probe(tu));
size = esize + tu->tp.size + dsize;
event = trace_event_buffer_lock_reserve(&buffer, trace_file,
call->event.type, size, 0, 0);
if (!event)
return;
entry = ring_buffer_event_data(event);
if (is_ret_probe(tu)) {
entry->vaddr[0] = func;
entry->vaddr[1] = instruction_pointer(regs);
data = DATAOF_TRACE_ENTRY(entry, true);
} else {
entry->vaddr[0] = instruction_pointer(regs);
data = DATAOF_TRACE_ENTRY(entry, false);
}
memcpy(data, ucb->buf, tu->tp.size + dsize);
event_trigger_unlock_commit(trace_file, buffer, event, entry, 0, 0, 0);
}
/* uprobe handler */
static int uprobe_trace_func(struct trace_uprobe *tu, struct pt_regs *regs,
struct uprobe_cpu_buffer *ucb, int dsize)
{
struct event_file_link *link;
if (is_ret_probe(tu))
return 0;
rcu_read_lock();
list_for_each_entry_rcu(link, &tu->tp.files, list)
__uprobe_trace_func(tu, 0, regs, ucb, dsize, link->file);
rcu_read_unlock();
return 0;
}
static void uretprobe_trace_func(struct trace_uprobe *tu, unsigned long func,
struct pt_regs *regs,
struct uprobe_cpu_buffer *ucb, int dsize)
{
struct event_file_link *link;
rcu_read_lock();
list_for_each_entry_rcu(link, &tu->tp.files, list)
__uprobe_trace_func(tu, func, regs, ucb, dsize, link->file);
rcu_read_unlock();
}
/* Event entry printers */
static enum print_line_t
print_uprobe_event(struct trace_iterator *iter, int flags, struct trace_event *event)
{
struct uprobe_trace_entry_head *entry;
struct trace_seq *s = &iter->seq;
struct trace_uprobe *tu;
u8 *data;
int i;
entry = (struct uprobe_trace_entry_head *)iter->ent;
tu = container_of(event, struct trace_uprobe, tp.call.event);
if (is_ret_probe(tu)) {
trace_seq_printf(s, "%s: (0x%lx <- 0x%lx)",
trace_event_name(&tu->tp.call),
entry->vaddr[1], entry->vaddr[0]);
data = DATAOF_TRACE_ENTRY(entry, true);
} else {
trace_seq_printf(s, "%s: (0x%lx)",
trace_event_name(&tu->tp.call),
entry->vaddr[0]);
data = DATAOF_TRACE_ENTRY(entry, false);
}
for (i = 0; i < tu->tp.nr_args; i++) {
struct probe_arg *parg = &tu->tp.args[i];
if (!parg->type->print(s, parg->name, data + parg->offset, entry))
goto out;
}
trace_seq_putc(s, '\n');
out:
return trace_handle_return(s);
}
typedef bool (*filter_func_t)(struct uprobe_consumer *self,
enum uprobe_filter_ctx ctx,
struct mm_struct *mm);
static int
probe_event_enable(struct trace_uprobe *tu, struct trace_event_file *file,
filter_func_t filter)
{
bool enabled = trace_probe_is_enabled(&tu->tp);
struct event_file_link *link = NULL;
int ret;
if (file) {
if (tu->tp.flags & TP_FLAG_PROFILE)
return -EINTR;
link = kmalloc(sizeof(*link), GFP_KERNEL);
if (!link)
return -ENOMEM;
link->file = file;
list_add_tail_rcu(&link->list, &tu->tp.files);
tu->tp.flags |= TP_FLAG_TRACE;
} else {
if (tu->tp.flags & TP_FLAG_TRACE)
return -EINTR;
tu->tp.flags |= TP_FLAG_PROFILE;
}
WARN_ON(!uprobe_filter_is_empty(&tu->filter));
if (enabled)
return 0;
ret = uprobe_buffer_enable();
if (ret)
goto err_flags;
tu->consumer.filter = filter;
ret = uprobe_register(tu->inode, tu->offset, &tu->consumer);
if (ret)
goto err_buffer;
return 0;
err_buffer:
uprobe_buffer_disable();
err_flags:
if (file) {
list_del(&link->list);
kfree(link);
tu->tp.flags &= ~TP_FLAG_TRACE;
} else {
tu->tp.flags &= ~TP_FLAG_PROFILE;
}
return ret;
}
static void
probe_event_disable(struct trace_uprobe *tu, struct trace_event_file *file)
{
if (!trace_probe_is_enabled(&tu->tp))
return;
if (file) {
struct event_file_link *link;
link = find_event_file_link(&tu->tp, file);
if (!link)
return;
list_del_rcu(&link->list);
/* synchronize with u{,ret}probe_trace_func */
synchronize_rcu();
kfree(link);
if (!list_empty(&tu->tp.files))
return;
}
WARN_ON(!uprobe_filter_is_empty(&tu->filter));
uprobe_unregister(tu->inode, tu->offset, &tu->consumer);
tu->tp.flags &= file ? ~TP_FLAG_TRACE : ~TP_FLAG_PROFILE;
uprobe_buffer_disable();
}
static int uprobe_event_define_fields(struct trace_event_call *event_call)
{
int ret, i, size;
struct uprobe_trace_entry_head field;
struct trace_uprobe *tu = event_call->data;
if (is_ret_probe(tu)) {
DEFINE_FIELD(unsigned long, vaddr[0], FIELD_STRING_FUNC, 0);
DEFINE_FIELD(unsigned long, vaddr[1], FIELD_STRING_RETIP, 0);
size = SIZEOF_TRACE_ENTRY(true);
} else {
DEFINE_FIELD(unsigned long, vaddr[0], FIELD_STRING_IP, 0);
size = SIZEOF_TRACE_ENTRY(false);
}
/* Set argument names as fields */
for (i = 0; i < tu->tp.nr_args; i++) {
struct probe_arg *parg = &tu->tp.args[i];
ret = trace_define_field(event_call, parg->type->fmttype,
parg->name, size + parg->offset,
parg->type->size, parg->type->is_signed,
FILTER_OTHER);
if (ret)
return ret;
}
return 0;
}
#ifdef CONFIG_PERF_EVENTS
static bool
__uprobe_perf_filter(struct trace_uprobe_filter *filter, struct mm_struct *mm)
{
struct perf_event *event;
if (filter->nr_systemwide)
return true;
list_for_each_entry(event, &filter->perf_events, hw.tp_list) {
if (event->hw.target->mm == mm)
return true;
}
return false;
}
static inline bool
uprobe_filter_event(struct trace_uprobe *tu, struct perf_event *event)
{
return __uprobe_perf_filter(&tu->filter, event->hw.target->mm);
}
static int uprobe_perf_close(struct trace_uprobe *tu, struct perf_event *event)
{
bool done;
write_lock(&tu->filter.rwlock);
if (event->hw.target) {
list_del(&event->hw.tp_list);
done = tu->filter.nr_systemwide ||
(event->hw.target->flags & PF_EXITING) ||
uprobe_filter_event(tu, event);
} else {
tu->filter.nr_systemwide--;
done = tu->filter.nr_systemwide;
}
write_unlock(&tu->filter.rwlock);
if (!done)
return uprobe_apply(tu->inode, tu->offset, &tu->consumer, false);
return 0;
}
static int uprobe_perf_open(struct trace_uprobe *tu, struct perf_event *event)
{
bool done;
int err;
write_lock(&tu->filter.rwlock);
if (event->hw.target) {
/*
* event->parent != NULL means copy_process(), we can avoid
* uprobe_apply(). current->mm must be probed and we can rely
* on dup_mmap() which preserves the already installed bp's.
*
* attr.enable_on_exec means that exec/mmap will install the
* breakpoints we need.
*/
done = tu->filter.nr_systemwide ||
event->parent || event->attr.enable_on_exec ||
uprobe_filter_event(tu, event);
list_add(&event->hw.tp_list, &tu->filter.perf_events);
} else {
done = tu->filter.nr_systemwide;
tu->filter.nr_systemwide++;
}
write_unlock(&tu->filter.rwlock);
err = 0;
if (!done) {
err = uprobe_apply(tu->inode, tu->offset, &tu->consumer, true);
if (err)
uprobe_perf_close(tu, event);
}
return err;
}
static bool uprobe_perf_filter(struct uprobe_consumer *uc,
enum uprobe_filter_ctx ctx, struct mm_struct *mm)
{
struct trace_uprobe *tu;
int ret;
tu = container_of(uc, struct trace_uprobe, consumer);
read_lock(&tu->filter.rwlock);
ret = __uprobe_perf_filter(&tu->filter, mm);
read_unlock(&tu->filter.rwlock);
return ret;
}
static void __uprobe_perf_func(struct trace_uprobe *tu,
unsigned long func, struct pt_regs *regs,
struct uprobe_cpu_buffer *ucb, int dsize)
{
struct trace_event_call *call = &tu->tp.call;
struct uprobe_trace_entry_head *entry;
struct hlist_head *head;
void *data;
int size, esize;
int rctx;
if (bpf_prog_array_valid(call) && !trace_call_bpf(call, regs))
return;
esize = SIZEOF_TRACE_ENTRY(is_ret_probe(tu));
size = esize + tu->tp.size + dsize;
size = ALIGN(size + sizeof(u32), sizeof(u64)) - sizeof(u32);
if (WARN_ONCE(size > PERF_MAX_TRACE_SIZE, "profile buffer not large enough"))
return;
preempt_disable();
head = this_cpu_ptr(call->perf_events);
if (hlist_empty(head))
goto out;
entry = perf_trace_buf_alloc(size, NULL, &rctx);
if (!entry)
goto out;
if (is_ret_probe(tu)) {
entry->vaddr[0] = func;
entry->vaddr[1] = instruction_pointer(regs);
data = DATAOF_TRACE_ENTRY(entry, true);
} else {
entry->vaddr[0] = instruction_pointer(regs);
data = DATAOF_TRACE_ENTRY(entry, false);
}
memcpy(data, ucb->buf, tu->tp.size + dsize);
if (size - esize > tu->tp.size + dsize) {
int len = tu->tp.size + dsize;
memset(data + len, 0, size - esize - len);
}
perf_trace_buf_submit(entry, size, rctx, call->event.type, 1, regs,
head, NULL);
out:
preempt_enable();
}
/* uprobe profile handler */
static int uprobe_perf_func(struct trace_uprobe *tu, struct pt_regs *regs,
struct uprobe_cpu_buffer *ucb, int dsize)
{
if (!uprobe_perf_filter(&tu->consumer, 0, current->mm))
return UPROBE_HANDLER_REMOVE;
if (!is_ret_probe(tu))
__uprobe_perf_func(tu, 0, regs, ucb, dsize);
return 0;
}
static void uretprobe_perf_func(struct trace_uprobe *tu, unsigned long func,
struct pt_regs *regs,
struct uprobe_cpu_buffer *ucb, int dsize)
{
__uprobe_perf_func(tu, func, regs, ucb, dsize);
}
#endif /* CONFIG_PERF_EVENTS */
static int
trace_uprobe_register(struct trace_event_call *event, enum trace_reg type,
void *data)
{
struct trace_uprobe *tu = event->data;
struct trace_event_file *file = data;
switch (type) {
case TRACE_REG_REGISTER:
return probe_event_enable(tu, file, NULL);
case TRACE_REG_UNREGISTER:
probe_event_disable(tu, file);
return 0;
#ifdef CONFIG_PERF_EVENTS
case TRACE_REG_PERF_REGISTER:
return probe_event_enable(tu, NULL, uprobe_perf_filter);
case TRACE_REG_PERF_UNREGISTER:
probe_event_disable(tu, NULL);
return 0;
case TRACE_REG_PERF_OPEN:
return uprobe_perf_open(tu, data);
case TRACE_REG_PERF_CLOSE:
return uprobe_perf_close(tu, data);
#endif
default:
return 0;
}
return 0;
}
static int uprobe_dispatcher(struct uprobe_consumer *con, struct pt_regs *regs)
{
struct trace_uprobe *tu;
struct uprobe_dispatch_data udd;
struct uprobe_cpu_buffer *ucb;
int dsize, esize;
int ret = 0;
tu = container_of(con, struct trace_uprobe, consumer);
tu->nhit++;
udd.tu = tu;
udd.bp_addr = instruction_pointer(regs);
current->utask->vaddr = (unsigned long) &udd;
if (WARN_ON_ONCE(!uprobe_cpu_buffer))
return 0;
dsize = __get_data_size(&tu->tp, regs);
esize = SIZEOF_TRACE_ENTRY(is_ret_probe(tu));
ucb = uprobe_buffer_get();
store_trace_args(esize, &tu->tp, regs, ucb->buf, dsize);
if (tu->tp.flags & TP_FLAG_TRACE)
ret |= uprobe_trace_func(tu, regs, ucb, dsize);
#ifdef CONFIG_PERF_EVENTS
if (tu->tp.flags & TP_FLAG_PROFILE)
ret |= uprobe_perf_func(tu, regs, ucb, dsize);
#endif
uprobe_buffer_put(ucb);
return ret;
}
static int uretprobe_dispatcher(struct uprobe_consumer *con,
unsigned long func, struct pt_regs *regs)
{
struct trace_uprobe *tu;
struct uprobe_dispatch_data udd;
struct uprobe_cpu_buffer *ucb;
int dsize, esize;
tu = container_of(con, struct trace_uprobe, consumer);
udd.tu = tu;
udd.bp_addr = func;
current->utask->vaddr = (unsigned long) &udd;
if (WARN_ON_ONCE(!uprobe_cpu_buffer))
return 0;
dsize = __get_data_size(&tu->tp, regs);
esize = SIZEOF_TRACE_ENTRY(is_ret_probe(tu));
ucb = uprobe_buffer_get();
store_trace_args(esize, &tu->tp, regs, ucb->buf, dsize);
if (tu->tp.flags & TP_FLAG_TRACE)
uretprobe_trace_func(tu, func, regs, ucb, dsize);
#ifdef CONFIG_PERF_EVENTS
if (tu->tp.flags & TP_FLAG_PROFILE)
uretprobe_perf_func(tu, func, regs, ucb, dsize);
#endif
uprobe_buffer_put(ucb);
return 0;
}
static struct trace_event_functions uprobe_funcs = {
.trace = print_uprobe_event
};
static int register_uprobe_event(struct trace_uprobe *tu)
{
struct trace_event_call *call = &tu->tp.call;
int ret;
/* Initialize trace_event_call */
INIT_LIST_HEAD(&call->class->fields);
call->event.funcs = &uprobe_funcs;
call->class->define_fields = uprobe_event_define_fields;
if (set_print_fmt(&tu->tp, is_ret_probe(tu)) < 0)
return -ENOMEM;
ret = register_trace_event(&call->event);
if (!ret) {
kfree(call->print_fmt);
return -ENODEV;
}
call->flags = TRACE_EVENT_FL_UPROBE;
call->class->reg = trace_uprobe_register;
call->data = tu;
ret = trace_add_event_call(call);
if (ret) {
pr_info("Failed to register uprobe event: %s\n",
trace_event_name(call));
kfree(call->print_fmt);
unregister_trace_event(&call->event);
}
return ret;
}
static int unregister_uprobe_event(struct trace_uprobe *tu)
{
int ret;
/* tu->event is unregistered in trace_remove_event_call() */
ret = trace_remove_event_call(&tu->tp.call);
if (ret)
return ret;
kfree(tu->tp.call.print_fmt);
tu->tp.call.print_fmt = NULL;
return 0;
}
/* Make a trace interface for controling probe points */
static __init int init_uprobe_trace(void)
{
struct dentry *d_tracer;
d_tracer = tracing_init_dentry();
if (IS_ERR(d_tracer))
return 0;
trace_create_file("uprobe_events", 0644, d_tracer,
NULL, &uprobe_events_ops);
/* Profile interface */
trace_create_file("uprobe_profile", 0444, d_tracer,
NULL, &uprobe_profile_ops);
return 0;
}
fs_initcall(init_uprobe_trace);
Reference in New Issue View Git Blame Copy Permalink