16.0
1955 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Matt Mullins
|
a02a38a166 |
UPSTREAM: selftests: bpf: test writable buffers in raw tps
This tests that:
* a BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE cannot be attached if it
uses either:
* a variable offset to the tracepoint buffer, or
* an offset beyond the size of the tracepoint buffer
* a tracer can modify the buffer provided when attached to a writable
tracepoint in bpf_prog_test_run
Change-Id: I3fdf650c1d9a68d64d08b170b14e46a35d180dd7
Signed-off-by: Matt Mullins <mmullins@fb.com>
Acked-by: Yonghong Song <yhs@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
|
||
|
Toke Høiland-Jørgensen
|
6f3bf2ccbe |
UPSTREAM: xdp: Add devmap_hash map type for looking up devices by hashed index
A common pattern when using xdp_redirect_map() is to create a device map where the lookup key is simply ifindex. Because device maps are arrays, this leaves holes in the map, and the map has to be sized to fit the largest ifindex, regardless of how many devices actually are actually needed in the map. This patch adds a second type of device map where the key is looked up using a hashmap, instead of being used as an array index. This allows maps to be densely packed, so they can be smaller. Change-Id: Ibf2e0d0722ca22b53349df8019115ac1c263a286 Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com> Acked-by: Yonghong Song <yhs@fb.com> Acked-by: Jesper Dangaard Brouer <brouer@redhat.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org> |
||
|
Toke Høiland-Jørgensen
|
5f26812983 |
UPSTREAM: bpf_xdp_redirect_map: Perform map lookup in eBPF helper
The bpf_redirect_map() helper used by XDP programs doesn't return any indication of whether it can successfully redirect to the map index it was given. Instead, BPF programs have to track this themselves, leading to programs using duplicate maps to track which entries are populated in the devmap. This patch fixes this by moving the map lookup into the bpf_redirect_map() helper, which makes it possible to return failure to the eBPF program. The lower bits of the flags argument is used as the return code, which means that existing users who pass a '0' flag argument will get XDP_ABORTED. With this, a BPF program can check the return code from the helper call and react by, for instance, substituting a different redirect. This works for any type of map used for redirect. Change-Id: I5392fcb48de313d573b8d23e3c9f8e3a07bed5f1 Signed-off-by: Toke Høiland-Jørgensen <toke@redhat.com> Acked-by: Jonathan Lemon <jonathan.lemon@gmail.com> Acked-by: Andrii Nakryiko <andriin@fb.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> |
||
|
Toshiaki Makita
|
149d5aef5a |
UPSTREAM: xdp: Add tracepoint for bulk XDP_TX
This is introduced for admins to check what is happening on XDP_TX when bulk XDP_TX is in use, which will be first introduced in veth in next commit. v3: - Add act field to be in line with other XDP tracepoints. Change-Id: I0a8904ab72819428a34ad0225c2b094c15efb148 Signed-off-by: Toshiaki Makita <toshiaki.makita1@gmail.com> Acked-by: Jesper Dangaard Brouer <brouer@redhat.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> |
||
|
Jason A. Donenfeld
|
6dcdc94007 |
BACKPORT: timekeeping: Use proper clock specifier names in functions
This makes boot uniformly boottime and tai uniformly clocktai, to address the remaining oversights. Change-Id: I3463b9045bddeba00d6f9fcf78d63008459c1b9a Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Arnd Bergmann <arnd@arndb.de> Link: https://lkml.kernel.org/r/20190621203249.3909-2-Jason@zx2c4.com |
||
|
Matt Mullins
|
6ef8f48172 |
BACKPORT: bpf: add writable context for raw tracepoints
This is an opt-in interface that allows a tracepoint to provide a safe buffer that can be written from a BPF_PROG_TYPE_RAW_TRACEPOINT program. The size of the buffer must be a compile-time constant, and is checked before allowing a BPF program to attach to a tracepoint that uses this feature. The pointer to this buffer will be the first argument of tracepoints that opt in; the pointer is valid and can be bpf_probe_read() by both BPF_PROG_TYPE_RAW_TRACEPOINT and BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE programs that attach to such a tracepoint, but the buffer to which it points may only be written by the latter. Change-Id: I9f96e1c0e7ae90fe32795d537a100f26e388af2d Signed-off-by: Matt Mullins <mmullins@fb.com> Acked-by: Yonghong Song <yhs@fb.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org> |
||
|
Daniel Borkmann
|
ce39902965 |
UPSTREAM: bpf: fix redirect to map under tail calls
Commits |
||
|
Jesper Dangaard Brouer
|
775c180022 |
UPSTREAM: xdp/trace: extend tracepoint in devmap with an err
Extending tracepoint xdp:xdp_devmap_xmit in devmap with an err code allow people to easier identify the reason behind the ndo_xdp_xmit call to a given driver is failing. Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org> |
||
|
Jesper Dangaard Brouer
|
3b8bc50313 |
UPSTREAM: xdp: add tracepoint for devmap like cpumap have
Notice how this allow us get XDP statistic without affecting the XDP performance, as tracepoint is no-longer activated on a per packet basis. V5: Spotted by John Fastabend. Fix 'sent' also counted 'drops' in this patch, a later patch corrected this, but it was a mistake in this intermediate step. Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org> |
||
|
Jesper Dangaard Brouer
|
b953615376 |
BACKPORT: bpf: devmap introduce dev_map_enqueue
Functionality is the same, but the ndo_xdp_xmit call is now simply invoked from inside the devmap.c code. V2: Fix compile issue reported by kbuild test robot <lkp@intel.com> V5: Cleanups requested by Daniel - Newlines before func definition - Use BUILD_BUG_ON checks - Remove unnecessary use return value store in dev_map_enqueue Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org> |
||
|
Paolo Abeni
|
21a0040f88 |
UPSTREAM: ipv6: let trace_fib6_table_lookup() dereference the fib table
The perf traces for ipv6 routing code show a relevant cost around trace_fib6_table_lookup(), even if no trace is enabled. This is due to the fib6_table de-referencing currently performed by the caller. Let's the tracing code pay this overhead, passing to the trace helper the table pointer. This gives small but measurable performance improvement under UDP flood. Signed-off-by: Paolo Abeni <pabeni@redhat.com> Acked-by: Steven Rostedt (VMware) <rostedt@goodmis.org> Acked-by: David Ahern <dsa@cumulusnetworks.com> Acked-by: Martin KaFai Lau <kafai@fb.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Alexei Starovoitov
|
1164f3e68f |
BACKPORT: bpf: remove tracepoints from bpf core
tracepoints to bpf core were added as a way to provide introspection to bpf programs and maps, but after some time it became clear that this approach is inadequate, so prog_id, map_id and corresponding get_next_id, get_fd_by_id, get_info_by_fd, prog_query APIs were introduced and fully adopted by bpftool and other applications. The tracepoints in bpf core started to rot and causing syzbot warnings: WARNING: CPU: 0 PID: 3008 at kernel/trace/trace_event_perf.c:274 Kernel panic - not syncing: panic_on_warn set ... perf_trace_bpf_map_keyval+0x260/0xbd0 include/trace/events/bpf.h:228 trace_bpf_map_update_elem include/trace/events/bpf.h:274 [inline] map_update_elem kernel/bpf/syscall.c:597 [inline] SYSC_bpf kernel/bpf/syscall.c:1478 [inline] Hence this patch deletes tracepoints in bpf core. Reported-by: Eric Biggers <ebiggers3@gmail.com> Reported-by: syzbot <bot+a9dbb3c3e64b62536a4bc5ee7bbd4ca627566188@syzkaller.appspotmail.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org> Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> |
||
|
Alexei Starovoitov
|
beba6490af |
UPSTREAM: bpf: introduce BPF_RAW_TRACEPOINT
Introduce BPF_PROG_TYPE_RAW_TRACEPOINT bpf program type to access
kernel internal arguments of the tracepoints in their raw form.
>From bpf program point of view the access to the arguments look like:
struct bpf_raw_tracepoint_args {
__u64 args[0];
};
int bpf_prog(struct bpf_raw_tracepoint_args *ctx)
{
// program can read args[N] where N depends on tracepoint
// and statically verified at program load+attach time
}
kprobe+bpf infrastructure allows programs access function arguments.
This feature allows programs access raw tracepoint arguments.
Similar to proposed 'dynamic ftrace events' there are no abi guarantees
to what the tracepoints arguments are and what their meaning is.
The program needs to type cast args properly and use bpf_probe_read()
helper to access struct fields when argument is a pointer.
For every tracepoint __bpf_trace_##call function is prepared.
In assembler it looks like:
(gdb) disassemble __bpf_trace_xdp_exception
Dump of assembler code for function __bpf_trace_xdp_exception:
0xffffffff81132080 <+0>: mov %ecx,%ecx
0xffffffff81132082 <+2>: jmpq 0xffffffff811231f0 <bpf_trace_run3>
where
TRACE_EVENT(xdp_exception,
TP_PROTO(const struct net_device *dev,
const struct bpf_prog *xdp, u32 act),
The above assembler snippet is casting 32-bit 'act' field into 'u64'
to pass into bpf_trace_run3(), while 'dev' and 'xdp' args are passed as-is.
All of ~500 of __bpf_trace_*() functions are only 5-10 byte long
and in total this approach adds 7k bytes to .text.
This approach gives the lowest possible overhead
while calling trace_xdp_exception() from kernel C code and
transitioning into bpf land.
Since tracepoint+bpf are used at speeds of 1M+ events per second
this is valuable optimization.
The new BPF_RAW_TRACEPOINT_OPEN sys_bpf command is introduced
that returns anon_inode FD of 'bpf-raw-tracepoint' object.
The user space looks like:
// load bpf prog with BPF_PROG_TYPE_RAW_TRACEPOINT type
prog_fd = bpf_prog_load(...);
// receive anon_inode fd for given bpf_raw_tracepoint with prog attached
raw_tp_fd = bpf_raw_tracepoint_open("xdp_exception", prog_fd);
Ctrl-C of tracing daemon or cmdline tool that uses this feature
will automatically detach bpf program, unload it and
unregister tracepoint probe.
On the kernel side the __bpf_raw_tp_map section of pointers to
tracepoint definition and to __bpf_trace_*() probe function is used
to find a tracepoint with "xdp_exception" name and
corresponding __bpf_trace_xdp_exception() probe function
which are passed to tracepoint_probe_register() to connect probe
with tracepoint.
Addition of bpf_raw_tracepoint doesn't interfere with ftrace and perf
tracepoint mechanisms. perf_event_open() can be used in parallel
on the same tracepoint.
Multiple bpf_raw_tracepoint_open("xdp_exception", prog_fd) are permitted.
Each with its own bpf program. The kernel will execute
all tracepoint probes and all attached bpf programs.
In the future bpf_raw_tracepoints can be extended with
query/introspection logic.
__bpf_raw_tp_map section logic was contributed by Steven Rostedt
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Acked-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
||
|
Jesper Dangaard Brouer
|
385e77bccb |
UPSTREAM: bpf: cpumap add tracepoints
This adds two tracepoint to the cpumap. One for the enqueue side trace_xdp_cpumap_enqueue() and one for the kthread dequeue side trace_xdp_cpumap_kthread(). To mitigate the tracepoint overhead, these are invoked during the enqueue/dequeue bulking phases, thus amortizing the cost. The obvious use-cases are for debugging and monitoring. The non-intuitive use-case is using these as a feedback loop to know the system load. One can imagine auto-scaling by reducing, adding or activating more worker CPUs on demand. V4: tracepoint remove time_limit info, instead add sched info V8: intro struct bpf_cpu_map_entry members cpu+map_id in this patch Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Jesper Dangaard Brouer
|
4783bca8b1 |
BACKPORT: bpf: XDP_REDIRECT enable use of cpumap
This patch connects cpumap to the xdp_do_redirect_map infrastructure. Still no SKB allocation are done yet. The XDP frames are transferred to the other CPU, but they are simply refcnt decremented on the remote CPU. This served as a good benchmark for measuring the overhead of remote refcnt decrement. If driver page recycle cache is not efficient then this, exposes a bottleneck in the page allocator. A shout-out to MST's ptr_ring, which is the secret behind is being so efficient to transfer memory pointers between CPUs, without constantly bouncing cache-lines between CPUs. V3: Handle !CONFIG_BPF_SYSCALL pointed out by kbuild test robot. V4: Make Generic-XDP aware of cpumap type, but don't allow redirect yet, as implementation require a separate upstream discussion. V5: - Fix a maybe-uninitialized pointed out by kbuild test robot. - Restrict bpf-prog side access to cpumap, open when use-cases appear - Implement cpu_map_enqueue() as a more simple void pointer enqueue V6: - Allow cpumap type for usage in helper bpf_redirect_map, general bpf-prog side restriction moved to earlier patch. Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Steven Rostedt (VMware)
|
5a12f8e21a |
UPSTREAM: tracing: bpf: Hide bpf trace events when they are not used
All the trace events defined in include/trace/events/bpf.h are only used when CONFIG_BPF_SYSCALL is defined. But this file gets included by include/linux/bpf_trace.h which is included by the networking code with CREATE_TRACE_POINTS defined. If a trace event is created but not used it still has data structures and functions created for its use, even though nothing is using them. To not waste space, do not define the BPF trace events in bpf.h unless CONFIG_BPF_SYSCALL is defined. Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Tim Zimmermann
|
3996f04715 |
Squashed revert of BPF backports
Revert "Partially revert "fixup: add back code missed during BPF picking""
This reverts commit cc477455f73d317733850a9e4818dfd90be4d33d.
Revert "bpf: lpm_trie: check left child of last leftmost node for NULL"
This reverts commit e89007b7df49292c5ae52b3d165c0d815a61cd10.
Revert "BACKPORT: bpf: Fix out-of-bounds write in trie_get_next_key()"
This reverts commit a1c4f565bb00b05ab3734a64451c08b0b965ce42.
Revert "bpf: Fix exact match conditions in trie_get_next_key()"
This reverts commit 4356a64dad3d38372147457b3004930c6e2e9c51.
Revert "bpf: fix kernel page fault in lpm map trie_get_next_key"
This reverts commit df4649b5d6cb374edbb67e5a5ecbd102a2e6c897.
Revert "bpf: implement MAP_GET_NEXT_KEY command for LPM_TRIE map"
This reverts commit fe6656a5d48df6144fe9929399c648957166edd0.
Revert "bpf: allow helpers to return PTR_TO_SOCK_COMMON"
This reverts commit b24d1ae9ccbf3ebe6f4baa50d2d48c03be02bc17.
Revert "bpf: implement lookup-free direct value access for maps"
This reverts commit de1959fcd3df0629380894d9c47ebb253c920ad1.
Revert "bpf: Add bpf_verifier_vlog() and bpf_verifier_log_needed()"
This reverts commit b777824607bd3eb8c9130f4639d97d15bcac9af5.
Revert "bpf: Don't return EINVAL from {get,set}sockopt when optlen > PAGE_SIZE"
This reverts commit 4cfef728c1eac6cce34f4fff1fbab3e66dc430d9.
Revert "bpf: always allocate at least 16 bytes for setsockopt hook"
This reverts commit 59817f83c964c753e93a75128ecaad4eeaa769fc.
Revert "bpf, sockmap: convert to generic sk_msg interface"
This reverts commit fe4ef742e22924b21749de333211941d0205501e.
Revert "bpf: sockmap, convert bpf_compute_data_pointers to bpf_*_sk_skb"
This reverts commit d17c8c2c2f623e087d6c297de50c173a006e6e55.
Revert "bpf: sockmap: fix typos"
This reverts commit 07e31378d7795371cdbccce06b4125b27ffce536.
Revert "sockmap: convert refcnt to an atomic refcnt"
This reverts commit c1fa11ec9da5dc0e8cae4334c550264cff77eef9.
Revert "bpf: sockmap, add hash map support"
This reverts commit 3f43379c38e329e9a7d4b5a1640670de37ba317b.
Revert "bpf: sockmap, refactor sockmap routines to work with hashmap"
This reverts commit 41a2b6e925db031978eb2484835f60908de884d7.
Revert "bpf: implement getsockopt and setsockopt hooks"
This reverts commit 9526fe6ff3e06939c12bb781e0dda01a8f3017ec.
Revert "bpf: Introduce bpf sk local storage"
This reverts commit ffedc38a46ddaca40de672fafe78c45fbfae9839.
Revert "bpf: introduce BPF_F_LOCK flag"
This reverts commit e7f5758fbcb1674e17c645837f7bff3b1febbad5.
Revert "bpf: Introduce ARG_PTR_TO_{INT,LONG} arg types"
This reverts commit e29b4e3c2bdd3b5d0d34668836ae8e5115cb31af.
Revert "bpf/verifier: add ARG_PTR_TO_UNINIT_MAP_VALUE"
This reverts commit f25c66c27cd6a774fb73769d804f91e969dd5f7b.
Revert "bpf: allow map helpers access to map values directly"
This reverts commit 7af696635219d0c5cdf1a166bb7543cae9e50328.
Revert "bpf: add writable context for raw tracepoints"
This reverts commit a546d8f0433039cee0de6ce96d5d35c4033a7b98.
Revert "bpf: Add struct bpf_tcp_sock and BPF_FUNC_tcp_sock"
This reverts commit 03093478c52e79c94791a04f8138d5c019119087.
Revert "bpf: Support socket lookup in CGROUP_SOCK_ADDR progs"
This reverts commit 8047013945361fbff0e449c8a212cb6fc93a5245.
Revert "bpf: Extend the sk_lookup() helper to XDP hookpoint."
This reverts commit 8315368983086e70ccc6f103d710903c63cca7df.
Revert "xdp: generic XDP handling of xdp_rxq_info"
This reverts commit 11d9514e6e6801941abf1c0485fd4ef53082d970.
Revert "xdp: move struct xdp_buff from filter.h to xdp.h"
This reverts commit a1795f54e4d99e02d5cb84a46fac0240cf29e206.
Revert "net: avoid including xdp.h in filter.h"
This reverts commit a39c59398f3ab64de44e5953ee0bd23c5136bb48.
Revert "xdp: base API for new XDP rx-queue info concept"
This reverts commit 49fb5bae77ab2041a2ad9f9f87ad7e0a6e215fdf.
Revert "net: Add asynchronous callbacks for xfrm on layer 2."
This reverts commit d0656f64d7719993d5634a9fc6600026e9a805ee.
Revert "xfrm: Separate ESP handling from segmentation for GRO packets."
This reverts commit c8afadf7f5ed8786652d307558345ef90ea91726.
Revert "net: move secpath_exist helper to sk_buff.h"
This reverts commit 0e5483057121dad47567b01845c656955e51989e.
Revert "sk_buff: add skb extension infrastructure"
This reverts commit 3a9ae74b075757495c4becf4dd1eec056d364801.
Revert "fixup: add back code missed during BPF picking"
This reverts commit 74ec8cef7051b5af72f2a6d83ca8c51c3c61c444.
Revert "bpf: undo prog rejection on read-only lock failure"
This reverts commit af2dc6e4993c4221603dbe6e81a3d0c8269f3171.
Revert "bpf: Add helper to retrieve socket in BPF"
This reverts commit 53495e3bc33cb46d9961ea122f576faded058aa1.
Revert "SQUASH! bpf: Add a bpf_sock pointer to __sk_buff and a bpf_sk_fullsock helpe"
This reverts commit 3b25fbf81c041af954d9f5ac1c7867eb07c40b07.
Revert "bpf: introduce bpf_spin_lock"
This reverts commit 0095fb54160e4f8b326fa8df103e334f90c5ab56.
Revert "bpf: enable cgroup local storage map pretty print with kind_flag"
This reverts commit 3fe92cb79b5eae557b113c37b03e78efee2280db.
Revert "bpf: btf: fix struct/union/fwd types with kind_flag"
This reverts commit 2bd4856277f459974dd6234a849cbe20fd475b8f.
Revert "bpf: add bpffs pretty print for cgroup local storage maps"
This reverts commit e07d8c8279f37cee8471846a63acc51f1ab7ce03.
Revert "bpf: pass struct btf pointer to the map_check_btf() callback"
This reverts commit 78a8140faf32710799c19495db28d71693c98030.
Revert "bpf: Define cgroup_bpf_enabled for CONFIG_CGROUP_BPF=n"
This reverts commit aada945d89950c67099e490af1c4c25eef7f31e6.
Revert "bpf: introduce per-cpu cgroup local storage"
This reverts commit d37432968663559f06c7fd7df44197a807fb84ca.
Revert "bpf: btf: Rename btf_key_id and btf_value_id in bpf_map_info"
This reverts commit 063c5a25e5f47e8b82b6c43a44ed7be851884abb.
Revert "bpf: fix a compilation error when CONFIG_BPF_SYSCALL is not defined"
This reverts commit bcf5bfaf50bb6f1f981d5c538f87e6da7aab78f2.
Revert "bpf: Create a new btf_name_by_offset() for non type name use case"
This reverts commit 52b4739d0bdd763e1b00feb50bef8a821f5c7570.
Revert "bpf: reject any prog that failed read-only lock"
This reverts commit 30d1bfec06a3bcaa773213113904580e3046a57a.
Revert "bpf: Add bpf_line_info support"
This reverts commit 50b094eeeb1ced32c62b3a10045bbf43126de760.
Revert "bpf: don't leave partial mangled prog in jit_subprogs error path"
This reverts commit a466f85be89f5daab4bd748f92915ea713d63934.
Revert "bpf: btf: support proper non-jit func info"
This reverts commit 492a556de94c502376ec3b0d5a724ec9fe9f6996.
Revert "bpf: Introduce bpf_func_info"
This reverts commit 39cade88686b0d9b7befc1f14e9d2c2cad19a769.
Revert "bpf: btf: Add BTF_KIND_FUNC and BTF_KIND_FUNC_PROTO"
This reverts commit 2010b6bacc271a48e74942506f3cf45268b6c264.
Revert "bpf: fix bpf_prog_get_info_by_fd to return 0 func_lens for unpriv"
This reverts commit a0ea14ac88a0f5529a635fc6e20277942fc6bb99.
Revert "bpf: Expose check_uarg_tail_zero()"
This reverts commit 1190aaae686534c2854838b3d642dac45d26b1f4.
Revert "bpf: Append prog->aux->name in bpf_get_prog_name()"
This reverts commit 8b82528df4a11a8501393c854978662fc218014e.
Revert "bpf: get JITed image lengths of functions via syscall"
This reverts commit 0722dbc626915fcb9acb952ebc1fcb0c4554cb07.
Revert "bpf: get kernel symbol addresses via syscall"
This reverts commit 6736ec7558dd262fef6669eec02a9797c7c4ecb7.
Revert "bpf: Add gpl_compatible flag to struct bpf_prog_info"
This reverts commit b60c7a51fd3692259c93413f3e87150078be1dac.
Revert "bpf: centre subprog information fields"
This reverts commit b5186fdf6f3e1bb38d7e4abfed5bf7dd6f85a6c3.
Revert "bpf: unify main prog and subprog"
This reverts commit e8e2ad5d9ae98bc7b85b99c0712a5dfbfc151a41.
Revert "bpf: fix maximum stack depth tracking logic"
This reverts commit 10c7127615dc2c00b724069a1620b2232d905113.
Revert "bpf, x64: fix memleak when not converging on calls"
This reverts commit 6bc867f718ef2656266f984b605151971026cc98.
Revert "bpf: decouple btf from seq bpf fs dump and enable more maps"
This reverts commit 3036e2c4384d3f43c695b88c8a1cf97b8337e3bd.
Revert "bpf: Add reference tracking to verifier"
This reverts commit 3a4900a188ac4de817dc6f114f01159d7bdd2f3e.
Revert "bpf: properly enforce index mask to prevent out-of-bounds speculation"
This reverts commit ef85925d5c07b46f7447487605da601fc7be026e.
Revert "bpf, verifier: detect misconfigured mem, size argument pair"
This reverts commit c3853ee3cb96833e907f18bf90e78040fe4cf06f.
Revert "bpf: introduce ARG_PTR_TO_MEM_OR_NULL"
This reverts commit 58560e13f545f2a079bbce17ac1b731d8b94fec7.
Revert "bpf: Macrofy stack state copy"
This reverts commit 88d98d8c2ae320ab248150eb86e1c89427e5017c.
Revert "bpf: Generalize ptr_or_null regs check"
This reverts commit d2cbc2e57b8624699a1548e67b7b3ce992b396fc.
Revert "bpf: Add iterator for spilled registers"
This reverts commit d956e1ba51a7e5ce86bb35002e26d4c1e0a2497c.
Revert "bpf/verifier: refine retval R0 state for bpf_get_stack helper"
This reverts commit ceaf6d678ccb60da107b0455da64c7bf90c5102d.
Revert "bpf: Remove struct bpf_verifier_env argument from print_bpf_insn"
This reverts commit 058fd54c07a289f9b506f2d2326434e411fa65fe.
Revert "bpf: annotate bpf_insn_print_t with __printf"
This reverts commit 9b07d2ccf07855d62446e274d817672713f15be4.
Revert "bpf: allow for correlation of maps and helpers in dump"
This reverts commit af690c2e2d177352f7270f77d8a6bc9e9f60c98c.
Revert "bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h"
This reverts commit 8a2c588b3ab98916147fe4a449312ce8db70c471.
Revert "bpf: x64: add JIT support for multi-function programs"
This reverts commit 752f261e545f80942272c6becf82def1729f84be.
Revert "bpf: fix net.core.bpf_jit_enable race"
This reverts commit 4720901114c20204aa3ffa2076265d2c8cc9e81b.
Revert "bpf: add support for bpf_call to interpreter"
This reverts commit c79b2e547adc8e50dabc72244370cfd37ac6a6bd.
Revert "bpf: introduce function calls (verification)"
This reverts commit f779fda96c7d9e921525f48d67fa2e9c68b4bd48.
Revert "bpf: cleanup register_is_null()"
This reverts commit 1c81f751670b4feb3102e4de136e25fa24e303fe.
Revert "bpf: print liveness info to verifier log"
This reverts commit fdc851301b33b9d646bd1d37124cbd45cedcd62b.
Revert "bpf: also improve pattern matches for meta access"
This reverts commit 9aa150d07927b911f26e0db2af0efd6aa07b8707.
Revert "bpf: add meta pointer for direct access"
This reverts commit 94f3f502ef9ef150ed687113cfbd38e91b5edc44.
Revert "bpf: rename bpf_compute_data_end into bpf_compute_data_pointers"
This reverts commit 9573c6feb301346cd1493eea4e363c6d8345e899.
Revert "bpf: squash of log related commits"
This reverts commit b08f2111e030a72a92eec4ebd6201165d03a20b8.
Revert "bpf: move instruction printing into a separate file"
This reverts commit 8fcbd39afb58847914f3f84d9c076000e09d2fb9.
Revert "bpf: btf: Introduce BTF ID"
This reverts commit 423c40d67dfc783c3b0cb227d9da53e725e0f35c.
Revert "bpf: btf: Add pretty print support to the basic arraymap"
This reverts commit 6cd4d5bba662ca0d8980e5806ef37e0341eab929.
Revert "nsfs: clean-up ns_get_path() signature to return int"
This reverts commit ec1ce41701f411c5dee396cec2931fb651f447cc.
Revert "bpf_obj_do_pin(): switch to vfs_mkobj(), quit abusing ->mknod()"
This reverts commit 8fbcb4ebf5a751f4685cdd2757cff2264032a5d9.
Revert "bpf: offload: report device information about offloaded maps"
This reverts commit 1105e63f25a9db675671288b583a5ce2c7d10b1f.
Revert "bpf: offload: add map offload infrastructure"
This reverts commit 20cdf9df3d5bd010d799ea3c80219f625c998307.
Revert "bpf: add map_alloc_check callback"
This reverts commit 6feb4121ea083053ac9587ac426195efe9fb143d.
Revert "bpf: offload: factor out netdev checking at allocation time"
This reverts commit 1425fb5676b8fe9d761f2f6545e4be8880ce0ac8.
Revert "bpf: rename bpf_dev_offload -> bpf_prog_offload"
This reverts commit a03ae0ec508200433fd6c35b87e342df4de0b320.
Revert "bpf: offload: allow netdev to disappear while verifier is running"
This reverts commit f6cf7214fd1ff3a018009ba90c33eac1d8de21de.
Revert "bpf: offload: free program id when device disappears"
This reverts commit b12b5e56b799cfe900ab8f0ee4177c6c08a904c6.
Revert "bpf: offload: report device information for offloaded programs"
This reverts commit c73c9a0ffa332eeb49927a48780f5537597e2d42.
Revert "bpf: offload: don't require rtnl for dev list manipulation"
This reverts commit 1993f08662f07581a370899a2da209ba0c996dbb.
Revert "bpf: offload: ignore namespace moves"
This reverts commit 9fefb21d8aa2691019f9c4f0b8025fb45ba60b49.
Revert "bpf: Add PTR_TO_SOCKET verifier type"
This reverts commit 55fdbc844801cd4007237fa6c5842b46985a5c9a.
Revert "bpf: extend cgroup bpf core to allow multiple cgroup storage types"
This reverts commit a6d82e371ef32fb24d493cff32765b4607581dd4.
Revert "bpf: permit CGROUP_DEVICE programs accessing helper bpf_get_current_cgroup_id()"
This reverts commit 1bfd0a07a8317004a89d6de736e24861db8281b5.
Revert "bpf: implement bpf_get_current_cgroup_id() helper"
This reverts commit 23603ed6d7df86392701a7ea7d9a1dba66f28d4b.
Revert "bpf: introduce the bpf_get_local_storage() helper function"
This reverts commit 3d777256b1c9f34975c5230d836023ea3e0d4cfd.
Revert "bpf/verifier: introduce BPF_PTR_TO_MAP_VALUE"
This reverts commit 93c12733dc97984f7bf57a77160eacc480bfc3de.
Revert "bpf: extend bpf_prog_array to store pointers to the cgroup storage"
This reverts commit b26baff1fb34607938c9ac0e421e3f4b5fedad4d.
Revert "BACKPORT: bpf: allocate cgroup storage entries on attaching bpf programs"
This reverts commit 804605c21a3be3277c0031504dcd3fdd1be64290.
Revert "bpf: include errno.h from bpf-cgroup.h"
This reverts commit 6b4df332b357e9a5942ca4c6f985cd33dfc30e25.
Revert "bpf: pass a pointer to a cgroup storage using pcpu variable"
This reverts commit c8af92dc9fc00e49f06f6997969284ef5e5c5af5.
Revert "bpf: introduce cgroup storage maps"
This reverts commit c61c2271cb8a1e47678bddc8cdfae83035a07fec.
Revert "bpf: add ability to charge bpf maps memory dynamically"
This reverts commit 3a430745e9f675b450477fffead5568046432f29.
Revert "bpf: add helper for copying attrs to struct bpf_map"
This reverts commit 6d7be0ae93371692e564c00003ce184cbaefbb8d.
Revert "bpf: introduce new bpf cpu map type BPF_MAP_TYPE_CPUMAP"
This reverts commit 15f584d2d3d4814cfbd3059ab810db02af8773a0.
Revert "bpf/tracing: fix a deadlock in perf_event_detach_bpf_prog"
This reverts commit fc9bf5e48985f7c3a39bf34a27477a2607a5dc6d.
Revert "bpf: set maximum number of attached progs to 64 for a single perf tp"
This reverts commit 0d5fc9795d824fbca21b81c8d91748ba21313d4c.
Revert "bpf: avoid rcu_dereference inside bpf_event_mutex lock region"
This reverts commit 948e200e3173dd959de907e326f2a2c90eda4b28.
Revert "bpf: fix bpf_prog_array_copy_to_user() issues"
This reverts commit 66811698b8de9b3cf13c09730d287b6d1d5d3699.
Revert "bpf: fix pointer offsets in context for 32 bit"
This reverts commit 99661813c136c52e56b328a2a8ecd2bc0e187eba.
Revert "BACKPORT: bpf: create tcp_bpf_ulp allowing BPF to monitor socket TX/RX data"
This reverts commit 36f0ea00dd121b13f80617e5b2eb93ba160df85a.
Revert "BACKPORT: bpf: Sysctl hook"
This reverts commit 4a543990e03b5de4a2c23777abd0f77afd61cc2d.
Revert "BACKPORT: flow_dissector: implements flow dissector BPF hook"
This reverts commit de610a8a4324170a0deaf12e2e64c2ff068785fb.
Revert "BACKPORT: bpf: Add base proto function for cgroup-bpf programs"
This reverts commit f3ac0a6cbec3472ff2e3808a436891881f3cbf87.
Revert "FROMLIST: [net-next,v2,1/2] bpf: Allow CGROUP_SKB eBPF program to access sk_buff"
This reverts commit 6d4dcc0e3de628003d91075e4b1ab1a128b8892e.
Revert "BACKPORT: bpf: introduce BPF_RAW_TRACEPOINT"
This reverts commit b2a5c6b4958c8250e58ddb6c334018a5f7ee5437.
Revert "bpf/tracing: fix kernel/events/core.c compilation error"
This reverts commit 70249d4eb7359e9dc59e044951beb99d0d8725cd.
Revert "BACKPORT: bpf/tracing: allow user space to query prog array on the same tp"
This reverts commit 08a6d8c01372940bfec78fdc6cb8a47e08c745b0.
Revert "bpf: sockmap, add sock close() hook to remove socks"
This reverts commit e6b363b8d09d9740dff309fb4dc88e7a1e90726b.
Revert "BACKPORT: bpf: remove the verifier ops from program structure"
This reverts commit 94c2f61efa741bf6a97415f42cfbfb9ec83dfd8e.
Revert "bpf, cgroup: implement eBPF-based device controller for cgroup v2"
This reverts commit 22faa9c56550a34488e607ca3aca59c68b1f7938.
Revert "BACKPORT: bpf: split verifier and program ops"
This reverts commit d2b1388504c1129d5756bb9b20af9bd64e75d015.
Revert "bpf: btf: Break up btf_type_is_void()"
This reverts commit 052989c47b68feaf381d371ec1e6a169edc26d30.
Revert "bpf: btf: refactor btf_int_bits_seq_show()"
This reverts commit 8cc3fb30656cfab91205194a8ee7661bdd95e005.
Revert "BACKPORT: bpf: fix unconnected udp hooks"
This reverts commit b108e725aa70e39cfd37296d1a1d31e8896fa7b7.
Revert "BACKPORT: bpf: enforce return code for cgroup-bpf programs"
This reverts commit 10215080915bfbdaa9f666a95ffda02cc1ef7a29.
Revert "bpf: Hooks for sys_sendmsg"
This reverts commit cd847db1be8a37e0e7e9c813b5d8f93697dc5af0.
Revert "BACKPORT: devmap: Allow map lookups from eBPF"
This reverts commit 37da95fde647e8967b362e0769136bfbebc03628.
Revert "BACKPORT: xdp: Add devmap_hash map type for looking up devices by hashed index"
This reverts commit ae6a87f44c4ef20ac290ce68c4d5b542cf46f3d7.
Revert "kernel: bpf: devmap: Create __dev_map_alloc_node"
This reverts commit 15928a97ed93cf9f606a21bf869ff421b997a2c5.
Revert "BACKPORT: bpf: Post-hooks for sys_bind"
This reverts commit c221d44e76c3ab69285c9986680e5eb726cf157b.
Revert "BACKPORT: bpf: Hooks for sys_connect"
This reverts commit 003311ea43163c77e4e0c1921b81438286925baa.
Revert "BACKPORT: net: Introduce __inet_bind() and __inet6_bind"
This reverts commit 74f1eb60012c13bd606e4dc718e63aec7f8cce8f.
Revert "BACKPORT: bpf: Hooks for sys_bind"
This reverts commit cef0bd97f2fec8363c3ef58b2cb508deaa9bc5b2.
Revert "BACKPORT: bpf: introduce BPF_PROG_QUERY command"
This reverts commit a4ef81ce48cb25843ddb4d4331dacf2742215909.
Revert "BACKPORT: bpf: Check attach type at prog load time"
This reverts commit 750a3f976c75797e572a6dfdd2e8865b8b49964a.
Revert "bpf: offload: rename the ifindex field"
This reverts commit 921e6becfb28fbe505603bf927f195d1d72a0eea.
Revert "BACKPORT: bpf: offload: add infrastructure for loading programs for a specific netdev"
This reverts commit cb1607a58d026a4ac1d9e71f6c3cd1dc23820e2f.
Revert "BACKPORT: net: bpf: rename ndo_xdp to ndo_bpf"
This reverts commit 932d47ebc5910bb1ec954002206b1ce8749a9cd6.
Revert "bpf: btf: fix truncated last_member_type_id in btf_struct_resolve"
This reverts commit e7af669fe00a8e2030913088836189a9f65a04d8.
Revert "bpf/btf: Fix BTF verification of enum members in struct/union"
This reverts commit a098516b98fe35e8f0e89709443fff8b37eb04b8.
Revert "bpf: fix BTF limits"
This reverts commit 794ad07fab9540989f96351c11b039e2229c2a8e.
Revert "bpf, btf: fix a missing check bug in btf_parse"
This reverts commit 27c4178ecc8edbb2306fa479f275ffd35f5b57c9.
Revert "bpf: btf: Fix a missing check bug"
This reverts commit 71f5a7d140aa5a37d164e217b2fefcb2d409b894.
Revert "bpf: btf: Fix end boundary calculation for type section"
This reverts commit 549615befd671b6877677acb009b66cd374408d3.
Revert "bpf: fix bpf_skb_load_bytes_relative pkt length check"
This reverts commit 5f3d68c4da18dfbcde4c02cb34c63599709fcf3c.
Revert "bpf: btf: Ensure the member->offset is in the right order"
This reverts commit 4f9d26cbc747a4728c4944b7dc9725fc2737f892.
Revert "bpf: btf: Clean up BTF_INT_BITS() in uapi btf.h"
This reverts commit 480c6f80a14431f6d680a687363dcb0d9cd1d7a8.
Revert "bpf: btf: Fix bitfield extraction for big endian"
This reverts commit 0463c259aa21e99d1bf798c8cf54da18b5906938.
Revert "bpf: btf: Ensure t->type == 0 for BTF_KIND_FWD"
This reverts commit ecc54be6970a3484eb163ac09996856c9ece5727.
Revert "bpf: btf: Check array t->size"
This reverts commit 3cda848b9be9fbb6dfa8912a425801c263bcbff7.
Revert "bpf: btf: avoid -Wreturn-type warning"
This reverts commit fd7fede5952004dcacb39f318249c4cf8e5c51e0.
Revert "bpf: btf: Avoid variable length array"
This reverts commit 2826641eb171c705d0b2db86d8834eff33945d0e.
Revert "bpf: btf: Remove unused bits from uapi/linux/btf.h"
This reverts commit 2d9e7a574f7e47a027974ec616ac812ad6a2d086.
Revert "bpf: btf: Check array->index_type"
This reverts commit f9ee68f7e8a471450536a70b43bd96d4bdfbfb81.
Revert "bpf: btf: Change how section is supported in btf_header"
This reverts commit 63a4474da4bf56c8a700d542bcf3a57a4b737ed6.
Revert "bpf: Fix compiler warning on info.map_ids for 32bit platform"
This reverts commit a4f706ea7d2b874ef739168a12a30ae5454487a6.
Revert "BACKPORT: bpf: Use char in prog and map name"
This reverts commit 8d4ad88eabb5d1500814c5f5b76a11f80346669c.
Revert "bpf: Change bpf_obj_name_cpy() to better ensure map's name is init by 0"
This reverts commit c4acfd3c9f5a97123c240676750f3e4ae2a2c24c.
Revert "BACKPORT: bpf: Add map_name to bpf_map_info"
This reverts commit 0e03a4e584eabe3f4c448f06f271753cdaae3aab.
Revert "BACKPORT: bpf: Add name, load_time, uid and map_ids to bpf_prog_info"
This reverts commit 16872f60e6c1fc6b10e905ff18c14d8aaeb4e09d.
Revert "bpf: btf: Avoid WARN_ON when CONFIG_REFCOUNT_FULL=y"
This reverts commit 0b618ec6e162e650aaa583a31f4de4c4558148bf.
Revert "BACKPORT: bpf: btf: Clean up btf.h in uapi"
This reverts commit ea0c0ad08c18ddf62dbb6c8edc814c75cbb3e8b9.
Revert "bpf: btf: Add BPF_OBJ_GET_INFO_BY_FD support to BTF fd"
This reverts commit f51fe1d1edb742176c622bc93301e98a1cbf2e63.
Revert "BACKPORT: bpf: btf: Add BPF_BTF_LOAD command"
This reverts commit 85db8f764069f15d1b181bea67336ce4d66a58c1.
Revert "bpf: btf: Add pretty print capability for data with BTF type info"
This reverts commit 0a8aae433c53b1f441cab70979517660fb6a6038.
Revert "bpf: btf: Check members of struct/union"
This reverts commit ce2e8103ac1a977ce32db51ec042faea6f100a3d.
Revert "bpf: btf: Validate type reference"
This reverts commit a1aa96e6dae2b4c8c0b0a4dedab3006d3f697460.
Revert "bpf: Update logging functions to work with BTF"
This reverts commit b9289460f0a6b5c261ec0b6dcafa6fcd09d4957e.
Revert "BACKPORT: bpf: btf: Introduce BPF Type Format (BTF)"
This reverts commit ceebd58f6470e8ec6d9d694ab382fe88f43b998b.
Revert "BACKPORT: bpf: Rename bpf_verifer_log"
This reverts commit 50bdc7513d966811fb418d24a0e5797ffd8c907c.
Revert "BACKPORT: bpf: encapsulate verifier log state into a structure"
This reverts commit 0bcb397bde4675fdeb977d9debed20ed213f9ecd.
Change-Id: Iecaa276b078c6d2db773a8071e7da9e6195277d6
|
||
|
Samuel Pascua
|
622705f7c9 |
Merge tag 'v4.14.356-openela-rc1' of https://github.com/openela/kernel-lts
This is the 4.14.356 OpenELA-Extended LTS stable release candidate 1 Conflicts: arch/arm/include/asm/uaccess.h drivers/android/binder.c drivers/android/binder_alloc.c drivers/block/loop.c drivers/infiniband/ulp/srpt/ib_srpt.c drivers/mmc/core/mmc_test.c drivers/net/usb/usbnet.c fs/aio.c fs/f2fs/inode.c fs/f2fs/namei.c fs/f2fs/segment.c fs/f2fs/super.c fs/select.c include/linux/fs.h include/net/netns/ipv4.h kernel/power/swap.c mm/page_alloc.c net/core/filter.c net/ipv4/af_inet.c net/ipv4/sysctl_net_ipv4.c net/ipv4/tcp_ipv4.c net/ipv6/af_inet6.c net/qrtr/qrtr.c sound/usb/stream.c Change-Id: I016dabcf8f4fd90dae7083272b3465d184c07de8 |
||
|
Axel Rasmussen
|
da2308c8c8 |
BACKPORT: FROMGIT: userfaultfd: add minor fault registration mode
Patch series "userfaultfd: add minor fault handling", v9. Overview ======== This series adds a new userfaultfd feature, UFFD_FEATURE_MINOR_HUGETLBFS. When enabled (via the UFFDIO_API ioctl), this feature means that any hugetlbfs VMAs registered with UFFDIO_REGISTER_MODE_MISSING will *also* get events for "minor" faults. By "minor" fault, I mean the following situation: Let there exist two mappings (i.e., VMAs) to the same page(s) (shared memory). One of the mappings is registered with userfaultfd (in minor mode), and the other is not. Via the non-UFFD mapping, the underlying pages have already been allocated & filled with some contents. The UFFD mapping has not yet been faulted in; when it is touched for the first time, this results in what I'm calling a "minor" fault. As a concrete example, when working with hugetlbfs, we have huge_pte_none(), but find_lock_page() finds an existing page. We also add a new ioctl to resolve such faults: UFFDIO_CONTINUE. The idea is, userspace resolves the fault by either a) doing nothing if the contents are already correct, or b) updating the underlying contents using the second, non-UFFD mapping (via memcpy/memset or similar, or something fancier like RDMA, or etc...). In either case, userspace issues UFFDIO_CONTINUE to tell the kernel "I have ensured the page contents are correct, carry on setting up the mapping". Use Case ======== Consider the use case of VM live migration (e.g. under QEMU/KVM): 1. While a VM is still running, we copy the contents of its memory to a target machine. The pages are populated on the target by writing to the non-UFFD mapping, using the setup described above. The VM is still running (and therefore its memory is likely changing), so this may be repeated several times, until we decide the target is "up to date enough". 2. We pause the VM on the source, and start executing on the target machine. During this gap, the VM's user(s) will *see* a pause, so it is desirable to minimize this window. 3. Between the last time any page was copied from the source to the target, and when the VM was paused, the contents of that page may have changed - and therefore the copy we have on the target machine is out of date. Although we can keep track of which pages are out of date, for VMs with large amounts of memory, it is "slow" to transfer this information to the target machine. We want to resume execution before such a transfer would complete. 4. So, the guest begins executing on the target machine. The first time it touches its memory (via the UFFD-registered mapping), userspace wants to intercept this fault. Userspace checks whether or not the page is up to date, and if not, copies the updated page from the source machine, via the non-UFFD mapping. Finally, whether a copy was performed or not, userspace issues a UFFDIO_CONTINUE ioctl to tell the kernel "I have ensured the page contents are correct, carry on setting up the mapping". We don't have to do all of the final updates on-demand. The userfaultfd manager can, in the background, also copy over updated pages once it receives the map of which pages are up-to-date or not. Interaction with Existing APIs ============================== Because this is a feature, a registered VMA could potentially receive both missing and minor faults. I spent some time thinking through how the existing API interacts with the new feature: UFFDIO_CONTINUE cannot be used to resolve non-minor faults, as it does not allocate a new page. If UFFDIO_CONTINUE is used on a non-minor fault: - For non-shared memory or shmem, -EINVAL is returned. - For hugetlb, -EFAULT is returned. UFFDIO_COPY and UFFDIO_ZEROPAGE cannot be used to resolve minor faults. Without modifications, the existing codepath assumes a new page needs to be allocated. This is okay, since userspace must have a second non-UFFD-registered mapping anyway, thus there isn't much reason to want to use these in any case (just memcpy or memset or similar). - If UFFDIO_COPY is used on a minor fault, -EEXIST is returned. - If UFFDIO_ZEROPAGE is used on a minor fault, -EEXIST is returned (or -EINVAL in the case of hugetlb, as UFFDIO_ZEROPAGE is unsupported in any case). - UFFDIO_WRITEPROTECT simply doesn't work with shared memory, and returns -ENOENT in that case (regardless of the kind of fault). Future Work =========== This series only supports hugetlbfs. I have a second series in flight to support shmem as well, extending the functionality. This series is more mature than the shmem support at this point, and the functionality works fully on hugetlbfs, so this series can be merged first and then shmem support will follow. This patch (of 6): This feature allows userspace to intercept "minor" faults. By "minor" faults, I mean the following situation: Let there exist two mappings (i.e., VMAs) to the same page(s). One of the mappings is registered with userfaultfd (in minor mode), and the other is not. Via the non-UFFD mapping, the underlying pages have already been allocated & filled with some contents. The UFFD mapping has not yet been faulted in; when it is touched for the first time, this results in what I'm calling a "minor" fault. As a concrete example, when working with hugetlbfs, we have huge_pte_none(), but find_lock_page() finds an existing page. This commit adds the new registration mode, and sets the relevant flag on the VMAs being registered. In the hugetlb fault path, if we find that we have huge_pte_none(), but find_lock_page() does indeed find an existing page, then we have a "minor" fault, and if the VMA has the userfaultfd registration flag, we call into userfaultfd to handle it. This is implemented as a new registration mode, instead of an API feature. This is because the alternative implementation has significant drawbacks [1]. However, doing it this was requires we allocate a VM_* flag for the new registration mode. On 32-bit systems, there are no unused bits, so this feature is only supported on architectures with CONFIG_ARCH_USES_HIGH_VMA_FLAGS. When attempting to register a VMA in MINOR mode on 32-bit architectures, we return -EINVAL. [1] https://lore.kernel.org/patchwork/patch/1380226/ Link: https://lkml.kernel.org/r/20210301222728.176417-1-axelrasmussen@google.com Link: https://lkml.kernel.org/r/20210301222728.176417-2-axelrasmussen@google.com Signed-off-by: Axel Rasmussen <axelrasmussen@google.com> Reviewed-by: Peter Xu <peterx@redhat.com> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: Anshuman Khandual <anshuman.khandual@arm.com> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: Chinwen Chang <chinwen.chang@mediatek.com> Cc: Huang Ying <ying.huang@intel.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: Jann Horn <jannh@google.com> Cc: Jerome Glisse <jglisse@redhat.com> Cc: Lokesh Gidra <lokeshgidra@google.com> Cc: "Matthew Wilcox (Oracle)" <willy@infradead.org> Cc: Michael Ellerman <mpe@ellerman.id.au> Cc: "Michal Koutn" <mkoutny@suse.com> Cc: Michel Lespinasse <walken@google.com> Cc: Mike Kravetz <mike.kravetz@oracle.com> Cc: Mike Rapoport <rppt@linux.vnet.ibm.com> Cc: Nicholas Piggin <npiggin@gmail.com> Cc: Peter Xu <peterx@redhat.com> Cc: Shaohua Li <shli@fb.com> Cc: Shawn Anastasio <shawn@anastas.io> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Steven Price <steven.price@arm.com> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Adam Ruprecht <ruprecht@google.com> Cc: Axel Rasmussen <axelrasmussen@google.com> Cc: Cannon Matthews <cannonmatthews@google.com> Cc: "Dr . David Alan Gilbert" <dgilbert@redhat.com> Cc: David Rientjes <rientjes@google.com> Cc: Mina Almasry <almasrymina@google.com> Cc: Oliver Upton <oupton@google.com> Cc: Kirill A. Shutemov <kirill@shutemov.name> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au> (cherry picked from commit 82a150ec394f6b944e26786b907fc0deab5b2064 https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git akpm) Link: https://lore.kernel.org/patchwork/patch/1388132/ Conflicts: arch/x86/Kconfig fs/userfaultfd.c include/linux/userfaultfd_k.h include/uapi/linux/userfaultfd.h init/Kconfig mm/hugetlb.c (Lack of userfaultfd write-protect support in 5.4 lead to all conflicts. Resolved by carefully rebasing such that write-protect related code doesn't get added) Signed-off-by: Lokesh Gidra <lokeshgidra@google.com> Bug: 160737021 Bug: 169683130 Change-Id: I43b37272d531341439ceaa03213d0e2415e04688 |
||
|
Minchan Kim
|
22f22eacc8 |
Revert "mm: adding speculative page fault failure trace events"
This reverts commit
|
||
|
Matt Mullins
|
1c8f7c550e |
bpf: add writable context for raw tracepoints
This is an opt-in interface that allows a tracepoint to provide a safe buffer that can be written from a BPF_PROG_TYPE_RAW_TRACEPOINT program. The size of the buffer must be a compile-time constant, and is checked before allowing a BPF program to attach to a tracepoint that uses this feature. The pointer to this buffer will be the first argument of tracepoints that opt in; the pointer is valid and can be bpf_probe_read() by both BPF_PROG_TYPE_RAW_TRACEPOINT and BPF_PROG_TYPE_RAW_TRACEPOINT_WRITABLE programs that attach to such a tracepoint, but the buffer to which it points may only be written by the latter. Signed-off-by: Matt Mullins <mmullins@fb.com> Acked-by: Yonghong Song <yhs@fb.com> Signed-off-by: Alexei Starovoitov <ast@kernel.org> |
||
|
Alexei Starovoitov
|
56281ddce6 |
BACKPORT: bpf: introduce BPF_RAW_TRACEPOINT
Introduce BPF_PROG_TYPE_RAW_TRACEPOINT bpf program type to access
kernel internal arguments of the tracepoints in their raw form.
>From bpf program point of view the access to the arguments look like:
struct bpf_raw_tracepoint_args {
__u64 args[0];
};
int bpf_prog(struct bpf_raw_tracepoint_args *ctx)
{
// program can read args[N] where N depends on tracepoint
// and statically verified at program load+attach time
}
kprobe+bpf infrastructure allows programs access function arguments.
This feature allows programs access raw tracepoint arguments.
Similar to proposed 'dynamic ftrace events' there are no abi guarantees
to what the tracepoints arguments are and what their meaning is.
The program needs to type cast args properly and use bpf_probe_read()
helper to access struct fields when argument is a pointer.
For every tracepoint __bpf_trace_##call function is prepared.
In assembler it looks like:
(gdb) disassemble __bpf_trace_xdp_exception
Dump of assembler code for function __bpf_trace_xdp_exception:
0xffffffff81132080 <+0>: mov %ecx,%ecx
0xffffffff81132082 <+2>: jmpq 0xffffffff811231f0 <bpf_trace_run3>
where
TRACE_EVENT(xdp_exception,
TP_PROTO(const struct net_device *dev,
const struct bpf_prog *xdp, u32 act),
The above assembler snippet is casting 32-bit 'act' field into 'u64'
to pass into bpf_trace_run3(), while 'dev' and 'xdp' args are passed as-is.
All of ~500 of __bpf_trace_*() functions are only 5-10 byte long
and in total this approach adds 7k bytes to .text.
This approach gives the lowest possible overhead
while calling trace_xdp_exception() from kernel C code and
transitioning into bpf land.
Since tracepoint+bpf are used at speeds of 1M+ events per second
this is valuable optimization.
The new BPF_RAW_TRACEPOINT_OPEN sys_bpf command is introduced
that returns anon_inode FD of 'bpf-raw-tracepoint' object.
The user space looks like:
// load bpf prog with BPF_PROG_TYPE_RAW_TRACEPOINT type
prog_fd = bpf_prog_load(...);
// receive anon_inode fd for given bpf_raw_tracepoint with prog attached
raw_tp_fd = bpf_raw_tracepoint_open("xdp_exception", prog_fd);
Ctrl-C of tracing daemon or cmdline tool that uses this feature
will automatically detach bpf program, unload it and
unregister tracepoint probe.
On the kernel side the __bpf_raw_tp_map section of pointers to
tracepoint definition and to __bpf_trace_*() probe function is used
to find a tracepoint with "xdp_exception" name and
corresponding __bpf_trace_xdp_exception() probe function
which are passed to tracepoint_probe_register() to connect probe
with tracepoint.
Addition of bpf_raw_tracepoint doesn't interfere with ftrace and perf
tracepoint mechanisms. perf_event_open() can be used in parallel
on the same tracepoint.
Multiple bpf_raw_tracepoint_open("xdp_exception", prog_fd) are permitted.
Each with its own bpf program. The kernel will execute
all tracepoint probes and all attached bpf programs.
In the future bpf_raw_tracepoints can be extended with
query/introspection logic.
__bpf_raw_tp_map section logic was contributed by Steven Rostedt
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Acked-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
||
|
Roberto Sartori
|
875e8e6f08 |
f2fs: macro: Switch to COUNT_ARGS macro
Signed-off-by: Roberto Sartori <roberto.sartori.android@gmail.com> |
||
|
Alexei Starovoitov
|
a2878c15bb |
macro: introduce COUNT_ARGS() macro
move COUNT_ARGS() macro from apparmor to generic header and extend it to count till twelve. COUNT() was an alternative name for this logic, but it's used for different purpose in many other places. Similarly for CONCATENATE() macro. Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> |
||
|
Rob Clark
|
efd2f49ae3 |
kthread: add kthread_work tracepoints
[ Upstream commit f630c7c6f10546ebff15c3a856e7949feb7a2372 ] While migrating some code from wq to kthread_worker, I found that I missed the execute_start/end tracepoints. So add similar tracepoints for kthread_work. And for completeness, queue_work tracepoint (although this one differs slightly from the matching workqueue tracepoint). Link: https://lkml.kernel.org/r/20201010180323.126634-1-robdclark@gmail.com Signed-off-by: Rob Clark <robdclark@chromium.org> Cc: Rob Clark <robdclark@chromium.org> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Ingo Molnar <mingo@redhat.com> Cc: "Peter Zijlstra (Intel)" <peterz@infradead.org> Cc: Phil Auld <pauld@redhat.com> Cc: Valentin Schneider <valentin.schneider@arm.com> Cc: Thara Gopinath <thara.gopinath@linaro.org> Cc: Randy Dunlap <rdunlap@infradead.org> Cc: Vincent Donnefort <vincent.donnefort@arm.com> Cc: Mel Gorman <mgorman@techsingularity.net> Cc: Jens Axboe <axboe@kernel.dk> Cc: Marcelo Tosatti <mtosatti@redhat.com> Cc: Frederic Weisbecker <frederic@kernel.org> Cc: Ilias Stamatis <stamatis.iliass@gmail.com> Cc: Liang Chen <cl@rock-chips.com> Cc: Ben Dooks <ben.dooks@codethink.co.uk> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: "J. Bruce Fields" <bfields@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Stable-dep-of: e16c7b07784f ("kthread: fix task state in kthread worker if being frozen") Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 65c1957181a1e2cd5344e49d4e5b6e9f930092d1) Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com> Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com> |
||
|
Haky86
|
f01fa25d84 |
Merge branch 'deprecated/android-4.14-stable' of https://android.googlesource.com/kernel/common into lineage-21.0
Change-Id: I8750f4152cf3c402ef61f9266766128541dfa05c |
||
|
Steven Rostedt
|
8b76f73f51 |
ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value
[ Upstream commit 58300f8d6a48e58d1843199be743f819e2791ea3 ]
The string SND_SOC_DAPM_DIR_OUT is printed in the snd_soc_dapm_path trace
event instead of its value:
(((REC->path_dir) == SND_SOC_DAPM_DIR_OUT) ? "->" : "<-")
User space cannot parse this, as it has no idea what SND_SOC_DAPM_DIR_OUT
is. Use TRACE_DEFINE_ENUM() to convert it to its value:
(((REC->path_dir) == 1) ? "->" : "<-")
So that user space tools, such as perf and trace-cmd, can parse it
correctly.
Reported-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Fixes:
|
||
|
Haky86
|
1a16e98230 |
Import from SM-A715F_EUR_13_Opensource
* Taken from A715FXXUADWE1 source. Change-Id: Ife88f79141085bddd4537434c451245b52ac71ad |
||
|
Greg Kroah-Hartman
|
d764c607e6 |
Merge 4.14.314 into android-4.14-stable
Changes in 4.14.314 ARM: dts: rockchip: fix a typo error for rk3288 spdif node net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg virtio_net: bugfix overflow inside xdp_linearize_page() i40e: fix accessing vsi->active_filters without holding lock i40e: fix i40e_setup_misc_vector() error handling mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() e1000e: Disable TSO on i219-LM card to increase speed f2fs: Fix f2fs_truncate_partial_nodes ftrace event selftests: sigaltstack: fix -Wuninitialized scsi: megaraid_sas: Fix fw_crash_buffer_show() scsi: core: Improve scsi_vpd_inquiry() checks net: dsa: b53: mmap: add phy ops s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling xen/netback: use same error messages for same errors nilfs2: initialize unused bytes in segment summary blocks memstick: fix memory leak if card device is never registered x86/purgatory: Don't generate debug info for purgatory.ro Revert "ext4: fix use-after-free in ext4_xattr_set_entry" ext4: remove duplicate definition of ext4_xattr_ibody_inline_set() ext4: fix use-after-free in ext4_xattr_set_entry udp: Call inet6_destroy_sock() in setsockopt(IPV6_ADDRFORM). tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct(). inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy(). dccp: Call inet6_destroy_sock() via sk->sk_destruct(). sctp: Call inet6_destroy_sock() via sk->sk_destruct(). counter: 104-quad-8: Fix race condition between FLAG and CNTR reads iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() ASN.1: Fix check for strdup() success Linux 4.14.314 Change-Id: I8793bc8329f8c8b927a91686eaa4fa6bb556c3f1 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Douglas Raillard
|
fc4c7404ae |
f2fs: Fix f2fs_truncate_partial_nodes ftrace event
[ Upstream commit 0b04d4c0542e8573a837b1d81b94209e48723b25 ]
Fix the nid_t field so that its size is correctly reported in the text
format embedded in trace.dat files. As it stands, it is reported as
being of size 4:
field:nid_t nid[3]; offset:24; size:4; signed:0;
Instead of 12:
field:nid_t nid[3]; offset:24; size:12; signed:0;
This also fixes the reported offset of subsequent fields so that they
match with the actual struct layout.
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
Reviewed-by: Mukesh Ojha <quic_mojha@quicinc.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Greg Kroah-Hartman
|
334b33732c |
Merge 4.14.291 into android-4.14-stable
Changes in 4.14.291
Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put
ntfs: fix use-after-free in ntfs_ucsncmp()
s390/archrandom: prevent CPACF trng invocations in interrupt context
scsi: ufs: host: Hold reference returned by of_parse_phandle()
net: ping6: Fix memleak in ipv6_renew_options().
net: sungem_phy: Add of_node_put() for reference returned by of_get_parent()
netfilter: nf_queue: do not allow packet truncation below transport header offset
ARM: crypto: comment out gcc warning that breaks clang builds
mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle.
ACPI: video: Force backlight native for some TongFang devices
ACPI: video: Shortening quirk list by identifying Clevo by board_name only
macintosh/adb: fix oob read in do_adb_query() function
Makefile: link with -z noexecstack --no-warn-rwx-segments
x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments
ALSA: bcd2000: Fix a UAF bug on the error path of probing
add barriers to buffer_uptodate and set_buffer_uptodate
HID: wacom: Don't register pad_input for touch switch
KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0
KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks
KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP
ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model
ALSA: hda/cirrus - support for iMac 12,1 model
vfs: Check the truncate maximum size in inode_newsize_ok()
fs: Add missing umask strip in vfs_tmpfile
usbnet: Fix linkwatch use-after-free on disconnect
parisc: Fix device names in /proc/iomem
drm/nouveau: fix another off-by-one in nvbios_addr
drm/amdgpu: Check BO's requested pinning domains against its preferred_domains
iio: light: isl29028: Fix the warning in isl29028_remove()
fuse: limit nsec
md-raid10: fix KASAN warning
ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr()
PCI: Add defines for normal and subtractive PCI bridges
powerpc/fsl-pci: Fix Class Code of PCIe Root Port
powerpc/powernv: Avoid crashing if rng is NULL
MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
USB: HCD: Fix URB giveback issue in tasklet function
netfilter: nf_tables: fix null deref due to zeroed list head
arm64: Do not forget syscall when starting a new thread.
arm64: fix oops in concurrently setting insn_emulation sysctls
ext2: Add more validity checks for inode counts
ARM: dts: imx6ul: add missing properties for sram
ARM: dts: imx6ul: fix qspi node compatible
ARM: OMAP2+: display: Fix refcount leak bug
ACPI: PM: save NVS memory for Lenovo G40-45
ACPI: LPSS: Fix missing check in register_device_clock()
PM: hibernate: defer device probing when resuming from hibernation
selinux: Add boundary check in put_entry()
ARM: findbit: fix overflowing offset
ARM: bcm: Fix refcount leak in bcm_kona_smc_init
x86/pmem: Fix platform-device leak in error path
ARM: dts: ast2500-evb: fix board compatible
soc: fsl: guts: machine variable might be unset
cpufreq: zynq: Fix refcount leak in zynq_get_revision
ARM: dts: qcom: pm8841: add required thermal-sensor-cells
arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node
regulator: of: Fix refcount leak bug in of_get_regulation_constraints()
thermal/tools/tmon: Include pthread and time headers in tmon.h
dm: return early from dm_pr_call() if DM device is suspended
drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers()
drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function
i2c: Fix a potential use after free
ath9k: fix use-after-free in ath9k_hif_usb_rx_cb
wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd()
drm: bridge: adv7511: Add check for mipi_dsi_driver_register
media: hdpvr: fix error value returns in hdpvr_read
drm/vc4: dsi: Correct DSI divider calculations
drm/rockchip: vop: Don't crash for invalid duplicate_state()
drm/mediatek: dpi: Remove output format of YUV
drm: bridge: sii8620: fix possible off-by-one
media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment
tcp: make retransmitted SKB fit into the send window
selftests: timers: valid-adjtimex: build fix for newer toolchains
selftests: timers: clocksource-switch: fix passing errors from child
fs: check FMODE_LSEEK to control internal pipe splicing
wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()
wifi: p54: Fix an error handling path in p54spi_probe()
wifi: p54: add missing parentheses in p54_flush()
can: pch_can: do not report txerr and rxerr during bus-off
can: rcar_can: do not report txerr and rxerr during bus-off
can: sja1000: do not report txerr and rxerr during bus-off
can: hi311x: do not report txerr and rxerr during bus-off
can: sun4i_can: do not report txerr and rxerr during bus-off
can: usb_8dev: do not report txerr and rxerr during bus-off
can: error: specify the values of data[5..7] of CAN error frames
can: pch_can: pch_can_error(): initialize errc before using it
Bluetooth: hci_intel: Add check for platform_driver_register
i2c: cadence: Support PEC for SMBus block read
i2c: mux-gpmux: Add of_node_put() when breaking out of loop
wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()`
wifi: libertas: Fix possible refcount leak in if_usb_probe()
net: rose: fix netdev reference changes
dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock
mtd: maps: Fix refcount leak in of_flash_probe_versatile
mtd: maps: Fix refcount leak in ap_flash_init
mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release
mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path
fpga: altera-pr-ip: fix unsigned comparison with less than zero
usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe
usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe
misc: rtsx: Fix an error handling path in rtsx_pci_probe()
mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch
memstick/ms_block: Fix some incorrect memory allocation
memstick/ms_block: Fix a memory leak
mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R
scsi: smartpqi: Fix DMA direction for RAID requests
usb: gadget: udc: amd5536 depends on HAS_DMA
RDMA/hfi1: fix potential memory leak in setup_base_ctxt()
gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data()
mmc: cavium-octeon: Add of_node_put() when breaking out of loop
mmc: cavium-thunderx: Add of_node_put() when breaking out of loop
USB: serial: fix tty-port initialized comments
platform/olpc: Fix uninitialized data in debugfs write
mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region
RDMA/rxe: Fix error unwind in rxe_create_qp()
ext4: recover csum seed of tmp_inode after migrating to extents
jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted
ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe
ASoC: codecs: da7210: add check for i2c_add_driver
ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe
profiling: fix shift too large makes kernel panic
tty: n_gsm: fix non flow control frames during mux flow off
tty: n_gsm: fix packet re-transmission without open control channel
tty: n_gsm: fix race condition in gsmld_write()
remoteproc: qcom: wcnss: Fix handling of IRQs
vfio/ccw: Do not change FSM state in subchannel event
tty: n_gsm: fix wrong T1 retry count handling
tty: n_gsm: fix DM command
iommu/exynos: Handle failed IOMMU device registration properly
kfifo: fix kfifo_to_user() return type
mfd: t7l66xb: Drop platform disable callback
iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop
s390/zcore: fix race when reading from hardware system area
video: fbdev: amba-clcd: Fix refcount leak bugs
video: fbdev: sis: fix typos in SiS_GetModeID()
powerpc/pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and alias
powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader
powerpc/xive: Fix refcount leak in xive_get_max_prio
powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address
kprobes: Forbid probing on trampoline and BPF code areas
powerpc/pci: Fix PHB numbering when using opal-phbid
genelf: Use HAVE_LIBCRYPTO_SUPPORT, not the never defined HAVE_LIBCRYPTO
x86/numa: Use cpumask_available instead of hardcoded NULL check
video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock()
tools/thermal: Fix possible path truncations
video: fbdev: vt8623fb: Check the size of screen before memset_io()
video: fbdev: arkfb: Check the size of screen before memset_io()
video: fbdev: s3fb: Check the size of screen before memset_io()
scsi: zfcp: Fix missing auto port scan and thus missing target ports
x86/olpc: fix 'logical not is only applied to the left hand side'
spmi: trace: fix stack-out-of-bound access in SPMI tracing functions
ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
ext4: make sure ext4_append() always allocates new block
ext4: fix use-after-free in ext4_xattr_set_entry
ext4: update s_overhead_clusters in the superblock during an on-line resize
ext4: fix extent status tree race in writeback error recovery path
ext4: correct max_inline_xattr_value_size computing
ext4: correct the misjudgment in ext4_iget_extra_inode
intel_th: pci: Add Raptor Lake-S CPU support
intel_th: pci: Add Raptor Lake-S PCH support
intel_th: pci: Add Meteor Lake-P support
dm raid: fix address sanitizer warning in raid_resume
dm raid: fix address sanitizer warning in raid_status
net_sched: cls_route: remove from list when handle is 0
btrfs: reject log replay if there is unsupported RO compat flag
KVM: Add infrastructure and macro to mark VM as bugged
KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq
KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast()
tcp: fix over estimation in sk_forced_mem_schedule()
scsi: sg: Allow waiting for commands to complete on removed device
Revert "net: usb: ax88179_178a needs FLAG_SEND_ZLP"
Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression
net/9p: Initialize the iounit field during fid creation
net_sched: cls_route: disallow handle of 0
powerpc/ptdump: Fix display of RW pages on FSL_BOOK3E
ALSA: info: Fix llseek return value when using callback
rds: add missing barrier to release_refill
ata: libata-eh: Add missing command name
btrfs: fix lost error handling when looking up extended ref on log replay
can: ems_usb: fix clang's -Wunaligned-access warning
apparmor: fix quiet_denied for file rules
apparmor: Fix failed mount permission check error message
apparmor: fix aa_label_asxprint return check
apparmor: fix reference count leak in aa_pivotroot()
NFSv4: Fix races in the legacy idmapper upcall
NFSv4.1: RECLAIM_COMPLETE must handle EACCES
SUNRPC: Reinitialise the backchannel request buffers before reuse
pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map
pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed
ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool
geneve: do not use RT_TOS for IPv6 flowlabel
vsock: Fix memory leak in vsock_connect()
vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout()
tools build: Switch to new openssl API for test-libcrypto
xen/xenbus: fix return type in xenbus_file_read()
atm: idt77252: fix use-after-free bugs caused by tst_timer
nios2: page fault et.al. are *not* restartable syscalls...
nios2: don't leave NULLs in sys_call_table[]
nios2: traced syscall does need to check the syscall number
nios2: fix syscall restart checks
nios2: restarts apply only to the first sigframe we build...
nios2: add force_successful_syscall_return()
netfilter: nf_tables: really skip inactive sets when allocating name
powerpc/pci: Fix get_phb_number() locking
i40e: Fix to stop tx_timeout recovery if GLOBR fails
fec: Fix timer capture timing in `fec_ptp_enable_pps()`
igb: Add lock to avoid data race
kbuild: clear LDFLAGS in the top Makefile
btrfs: only write the sectors in the vertical stripe which has data stripes
btrfs: raid56: don't trust any cached sector in __raid56_parity_recover()
drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors()
PCI: Add ACS quirk for Broadcom BCM5750x NICs
irqchip/tegra: Fix overflow implicit truncation warnings
usb: host: ohci-ppc-of: Fix refcount leak bug
clk: qcom: ipq8074: dont disable gcc_sleep_clk_src
gadgetfs: ep_io - wait until IRQ finishes
cxl: Fix a memory leak in an error handling path
drivers:md:fix a potential use-after-free bug
ext4: avoid remove directory when directory is corrupted
ext4: avoid resizing to a partial cluster size
tty: serial: Fix refcount leak bug in ucc_uart.c
vfio: Clear the caps->buf to NULL after free
mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start
ALSA: core: Add async signal helpers
ALSA: timer: Use deferred fasync helper
smb3: check xattr value length earlier
powerpc/64: Init jump labels before parse_early_param()
video: fbdev: i740fb: Check the argument of i740_calc_vclk()
MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0
Linux 4.14.291
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I05ae298bdce8b81c6613d845a84158d74bb3cd8f
|
||
|
David Collins
|
dc6033a776 |
spmi: trace: fix stack-out-of-bound access in SPMI tracing functions
commit 2af28b241eea816e6f7668d1954f15894b45d7e3 upstream.
trace_spmi_write_begin() and trace_spmi_read_end() both call
memcpy() with a length of "len + 1". This leads to one extra
byte being read beyond the end of the specified buffer. Fix
this out-of-bound memory access by using a length of "len"
instead.
Here is a KASAN log showing the issue:
BUG: KASAN: stack-out-of-bounds in trace_event_raw_event_spmi_read_end+0x1d0/0x234
Read of size 2 at addr ffffffc0265b7540 by task thermal@2.0-ser/1314
...
Call trace:
dump_backtrace+0x0/0x3e8
show_stack+0x2c/0x3c
dump_stack_lvl+0xdc/0x11c
print_address_description+0x74/0x384
kasan_report+0x188/0x268
kasan_check_range+0x270/0x2b0
memcpy+0x90/0xe8
trace_event_raw_event_spmi_read_end+0x1d0/0x234
spmi_read_cmd+0x294/0x3ac
spmi_ext_register_readl+0x84/0x9c
regmap_spmi_ext_read+0x144/0x1b0 [regmap_spmi]
_regmap_raw_read+0x40c/0x754
regmap_raw_read+0x3a0/0x514
regmap_bulk_read+0x418/0x494
adc5_gen3_poll_wait_hs+0xe8/0x1e0 [qcom_spmi_adc5_gen3]
...
__arm64_sys_read+0x4c/0x60
invoke_syscall+0x80/0x218
el0_svc_common+0xec/0x1c8
...
addr ffffffc0265b7540 is located in stack of task thermal@2.0-ser/1314 at offset 32 in frame:
adc5_gen3_poll_wait_hs+0x0/0x1e0 [qcom_spmi_adc5_gen3]
this frame has 1 object:
[32, 33) 'status'
Memory state around the buggy address:
ffffffc0265b7400: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
ffffffc0265b7480: 04 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
>ffffffc0265b7500: 00 00 00 00 f1 f1 f1 f1 01 f3 f3 f3 00 00 00 00
^
ffffffc0265b7580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffffffc0265b7600: f1 f1 f1 f1 01 f2 07 f2 f2 f2 01 f3 00 00 00 00
==================================================================
Fixes:
|
||
|
Greg Kroah-Hartman
|
73f6c0fdd9 |
Merge 4.14.289 into android-4.14-stable
Changes in 4.14.289 ALSA: hda - Add fixup for Dell Latitidue E5430 ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer ARM: 9213/1: Print message about disabled Spectre workarounds only once ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction cgroup: Use separate src/dst nodes when preloading css_sets for migration nilfs2: fix incorrect masking of permission flags for symlinks net: dsa: bcm_sf2: force pause link settings xhci: bail out early if driver can't accress host in resume xhci: make xhci_handshake timeout for xhci_reset() adjustable ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle inetpeer: Fix data-races around sysctl. net: Fix data-races around sysctl_mem. cipso: Fix data-races around sysctl. icmp: Fix data-races around sysctl. ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero icmp: Fix a data-race around sysctl_icmp_ratelimit. icmp: Fix a data-race around sysctl_icmp_ratemask. ipv4: Fix data-races around sysctl_ip_dynaddr. sfc: fix use after free when disabling sriov seg6: fix skb checksum evaluation in SRH encapsulation/insertion seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors sfc: fix kernel panic when creating VF virtio_mmio: Add missing PM calls to freeze/restore virtio_mmio: Restore guest page size on resume netfilter: br_netfilter: do not skip all hooks with 0 priority cpufreq: pmac32-cpufreq: Fix refcount leak bug platform/x86: hp-wmi: Ignore Sanitization Mode event net: tipc: fix possible refcount leak in tipc_sk_create() NFC: nxp-nci: don't print header length mismatch on i2c error net: sfp: fix memory leak in sfp_probe() ASoC: ops: Fix off by one in range control validation ASoC: wm5110: Fix DRE control irqchip: or1k-pic: Undefine mask_ack for level triggered hardware x86: Clear .brk area at early boot signal handling: don't use BUG_ON() for debugging USB: serial: ftdi_sio: add Belimo device ids usb: dwc3: gadget: Fix event pending check tty: serial: samsung_tty: set dma burst_size to 1 serial: 8250: fix return error code in serial8250_request_std_resource() mm: invalidate hwpoison page cache page in fault path can: m_can: m_can_tx_handler(): fix use after free of skb Linux 4.14.289 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I1e9b12a81151982c15f4a71b01aff2f1ad2eb7e5 |
||
|
Steven Rostedt (Google)
|
98d0dcf81a |
net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer
commit 820b8963adaea34a87abbecb906d1f54c0aabfb7 upstream.
The trace event sock_exceed_buf_limit saves the prot->sysctl_mem pointer
and then dereferences it in the TP_printk() portion. This is unsafe as the
TP_printk() portion is executed at the time the buffer is read. That is,
it can be seconds, minutes, days, months, even years later. If the proto
is freed, then this dereference will can also lead to a kernel crash.
Instead, save the sysctl_mem array into the ring buffer and have the
TP_printk() reference that instead. This is the proper and safe way to
read pointers in trace events.
Link: https://lore.kernel.org/all/20220706052130.16368-12-kuniyu@amazon.com/
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Greg Kroah-Hartman
|
e1c62d43d5 |
Merge 4.14.286 into android-4.14-stable
Changes in 4.14.286 vt: drop old FONT ioctls random: schedule mix_interrupt_randomness() less often ata: libata: add qc->flags in ata_qc_complete_template tracepoint dm era: commit metadata in postsuspend after worker stops random: quiet urandom warning ratelimit suppression message USB: serial: option: add Telit LE910Cx 0x1250 composition USB: serial: option: add Quectel EM05-G modem USB: serial: option: add Quectel RM500K module support bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers x86/xen: Remove undefined behavior in setup_features() MIPS: Remove repetitive increase irq_err_count igb: Make DMA faster when CPU is active on the PCIe link iio: adc: vf610: fix conversion mode sysfs node name usb: chipidea: udc: check request status before setting device address iio:accel:bma180: rearrange iio trigger get and register iio: accel: mma8452: ignore the return value of reset operation iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() iio: trigger: sysfs: fix use-after-free on remove iio: adc: axp288: Override TS pin bias current for some models xtensa: xtfpga: Fix refcount leak bug in setup xtensa: Fix refcount leak bug in time.c powerpc: Enable execve syscall exit tracepoint powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address powerpc/powernv: wire up rng during setup_arch ARM: dts: imx6qdl: correct PU regulator ramp delay ARM: exynos: Fix refcount leak in exynos_map_pmu ARM: Fix refcount leak in axxia_boot_secondary ARM: cns3xxx: Fix refcount leak in cns3xxx_init modpost: fix section mismatch check for exported init/exit sections powerpc/pseries: wire up rng during setup_arch() drm: remove drm_fb_helper_modinit xen: unexport __init-annotated xen_xlate_map_ballooned_pages() fdt: Update CRC check for rng-seed kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] swiotlb: skip swiotlb_bounce when orig_addr is zero Linux 4.14.286 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ice28ce89388a656c20f3cc1f917c66d45466421a |
||
|
Edward Wu
|
42c75fc81f |
ata: libata: add qc->flags in ata_qc_complete_template tracepoint
commit 540a92bfe6dab7310b9df2e488ba247d784d0163 upstream.
Add flags value to check the result of ata completion
Fixes:
|
||
|
Eric Biggers
|
d73f58abbf |
Merge 4.14.285 into android-4.14-stable
Changes in 4.14.285
9p: missing chunk of "fs/9p: Don't update file type when updating file attributes"
crypto: chacha20 - Fix keystream alignment for chacha20_block()
random: always fill buffer in get_random_bytes_wait
random: optimize add_interrupt_randomness
drivers/char/random.c: remove unused dont_count_entropy
random: Fix whitespace pre random-bytes work
random: Return nbytes filled from hw RNG
random: add a config option to trust the CPU's hwrng
random: remove preempt disabled region
random: Make crng state queryable
random: make CPU trust a boot parameter
drivers/char/random.c: constify poolinfo_table
drivers/char/random.c: remove unused stuct poolinfo::poolbits
drivers/char/random.c: make primary_crng static
random: only read from /dev/random after its pool has received 128 bits
random: move rand_initialize() earlier
random: document get_random_int() family
latent_entropy: avoid build error when plugin cflags are not set
random: fix soft lockup when trying to read from an uninitialized blocking pool
random: Support freezable kthreads in add_hwgenerator_randomness()
fdt: add support for rng-seed
random: Use wait_event_freezable() in add_hwgenerator_randomness()
char/random: Add a newline at the end of the file
Revert "hwrng: core - Freeze khwrng thread during suspend"
crypto: Deduplicate le32_to_cpu_array() and cpu_to_le32_array()
crypto: blake2s - generic C library implementation and selftest
lib/crypto: blake2s: move hmac construction into wireguard
lib/crypto: sha1: re-roll loops to reduce code size
random: Don't wake crng_init_wait when crng_init == 1
random: Add a urandom_read_nowait() for random APIs that don't warn
random: add GRND_INSECURE to return best-effort non-cryptographic bytes
random: ignore GRND_RANDOM in getentropy(2)
random: make /dev/random be almost like /dev/urandom
char/random: silence a lockdep splat with printk()
random: fix crash on multiple early calls to add_bootloader_randomness()
random: remove the blocking pool
random: delete code to pull data into pools
random: remove kernel.random.read_wakeup_threshold
random: remove unnecessary unlikely()
random: convert to ENTROPY_BITS for better code readability
random: Add and use pr_fmt()
random: fix typo in add_timer_randomness()
random: remove some dead code of poolinfo
random: split primary/secondary crng init paths
random: avoid warnings for !CONFIG_NUMA builds
x86: Remove arch_has_random, arch_has_random_seed
powerpc: Remove arch_has_random, arch_has_random_seed
s390: Remove arch_has_random, arch_has_random_seed
linux/random.h: Remove arch_has_random, arch_has_random_seed
linux/random.h: Use false with bool
linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check
powerpc: Use bool in archrandom.h
random: add arch_get_random_*long_early()
random: avoid arch_get_random_seed_long() when collecting IRQ randomness
random: remove dead code left over from blocking pool
MAINTAINERS: co-maintain random.c
crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h>
crypto: blake2s - adjust include guard naming
random: document add_hwgenerator_randomness() with other input functions
random: remove unused irq_flags argument from add_interrupt_randomness()
random: use BLAKE2s instead of SHA1 in extraction
random: do not sign extend bytes for rotation when mixing
random: do not re-init if crng_reseed completes before primary init
random: mix bootloader randomness into pool
random: harmonize "crng init done" messages
random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs
random: initialize ChaCha20 constants with correct endianness
random: early initialization of ChaCha constants
random: avoid superfluous call to RDRAND in CRNG extraction
random: don't reset crng_init_cnt on urandom_read()
random: fix typo in comments
random: cleanup poolinfo abstraction
crypto: chacha20 - Fix chacha20_block() keystream alignment (again)
random: cleanup integer types
random: remove incomplete last_data logic
random: remove unused extract_entropy() reserved argument
random: try to actively add entropy rather than passively wait for it
random: rather than entropy_store abstraction, use global
random: remove unused OUTPUT_POOL constants
random: de-duplicate INPUT_POOL constants
random: prepend remaining pool constants with POOL_
random: cleanup fractional entropy shift constants
random: access input_pool_data directly rather than through pointer
random: simplify arithmetic function flow in account()
random: continually use hwgenerator randomness
random: access primary_pool directly rather than through pointer
random: only call crng_finalize_init() for primary_crng
random: use computational hash for entropy extraction
random: simplify entropy debiting
random: use linear min-entropy accumulation crediting
random: always wake up entropy writers after extraction
random: make credit_entropy_bits() always safe
random: remove use_input_pool parameter from crng_reseed()
random: remove batched entropy locking
random: fix locking in crng_fast_load()
random: use RDSEED instead of RDRAND in entropy extraction
random: inline leaves of rand_initialize()
random: ensure early RDSEED goes through mixer on init
random: do not xor RDRAND when writing into /dev/random
random: absorb fast pool into input pool after fast load
random: use hash function for crng_slow_load()
random: remove outdated INT_MAX >> 6 check in urandom_read()
random: zero buffer after reading entropy from userspace
random: tie batched entropy generation to base_crng generation
random: remove ifdef'd out interrupt bench
random: remove unused tracepoints
random: add proper SPDX header
random: deobfuscate irq u32/u64 contributions
random: introduce drain_entropy() helper to declutter crng_reseed()
random: remove useless header comment
random: remove whitespace and reorder includes
random: group initialization wait functions
random: group entropy extraction functions
random: group entropy collection functions
random: group userspace read/write functions
random: group sysctl functions
random: rewrite header introductory comment
random: defer fast pool mixing to worker
random: do not take pool spinlock at boot
random: unify early init crng load accounting
random: check for crng_init == 0 in add_device_randomness()
random: pull add_hwgenerator_randomness() declaration into random.h
random: clear fast pool, crng, and batches in cpuhp bring up
random: round-robin registers as ulong, not u32
random: only wake up writers after zap if threshold was passed
random: cleanup UUID handling
random: unify cycles_t and jiffies usage and types
random: do crng pre-init loading in worker rather than irq
random: give sysctl_random_min_urandom_seed a more sensible value
random: don't let 644 read-only sysctls be written to
random: replace custom notifier chain with standard one
random: use SipHash as interrupt entropy accumulator
random: make consistent usage of crng_ready()
random: reseed more often immediately after booting
random: check for signal and try earlier when generating entropy
random: skip fast_init if hwrng provides large chunk of entropy
random: treat bootloader trust toggle the same way as cpu trust toggle
random: re-add removed comment about get_random_{u32,u64} reseeding
random: mix build-time latent entropy into pool at init
random: do not split fast init input in add_hwgenerator_randomness()
random: do not allow user to keep crng key around on stack
random: check for signal_pending() outside of need_resched() check
random: check for signals every PAGE_SIZE chunk of /dev/[u]random
random: make random_get_entropy() return an unsigned long
random: document crng_fast_key_erasure() destination possibility
random: fix sysctl documentation nits
init: call time_init() before rand_initialize()
ia64: define get_cycles macro for arch-override
s390: define get_cycles macro for arch-override
parisc: define get_cycles macro for arch-override
alpha: define get_cycles macro for arch-override
powerpc: define get_cycles macro for arch-override
timekeeping: Add raw clock fallback for random_get_entropy()
m68k: use fallback for random_get_entropy() instead of zero
mips: use fallback for random_get_entropy() instead of just c0 random
arm: use fallback for random_get_entropy() instead of zero
nios2: use fallback for random_get_entropy() instead of zero
x86/tsc: Use fallback for random_get_entropy() instead of zero
um: use fallback for random_get_entropy() instead of zero
sparc: use fallback for random_get_entropy() instead of zero
xtensa: use fallback for random_get_entropy() instead of zero
random: insist on random_get_entropy() existing in order to simplify
random: do not use batches when !crng_ready()
random: do not pretend to handle premature next security model
random: order timer entropy functions below interrupt functions
random: do not use input pool from hard IRQs
random: help compiler out with fast_mix() by using simpler arguments
siphash: use one source of truth for siphash permutations
random: use symbolic constants for crng_init states
random: avoid initializing twice in credit race
random: remove ratelimiting for in-kernel unseeded randomness
random: use proper jiffies comparison macro
random: handle latent entropy and command line from random_init()
random: credit architectural init the exact amount
random: use static branch for crng_ready()
random: remove extern from functions in header
random: use proper return types on get_random_{int,long}_wait()
random: move initialization functions out of hot pages
random: move randomize_page() into mm where it belongs
random: convert to using fops->write_iter()
random: wire up fops->splice_{read,write}_iter()
random: check for signals after page of pool writes
Revert "random: use static branch for crng_ready()"
crypto: drbg - add FIPS 140-2 CTRNG for noise source
crypto: drbg - always seeded with SP800-90B compliant noise source
crypto: drbg - prepare for more fine-grained tracking of seeding state
crypto: drbg - track whether DRBG was seeded with !rng_is_initialized()
crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed()
crypto: drbg - always try to free Jitter RNG instance
crypto: drbg - make reseeding from get_random_bytes() synchronous
random: avoid checking crng_ready() twice in random_init()
random: mark bootloader randomness code as __init
random: account for arch randomness in bits
ASoC: cs42l52: Fix TLV scales for mixer controls
ASoC: cs53l30: Correct number of volume levels on SX controls
ASoC: cs42l52: Correct TLV for Bypass Volume
ASoC: cs42l56: Correct typo in minimum level for SX volume controls
ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()
ASoC: wm8962: Fix suspend while playing music
scsi: vmw_pvscsi: Expand vcpuHint to 16 bits
scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology
scsi: ipr: Fix missing/incorrect resource cleanup in error case
scsi: pmcraid: Fix missing resource cleanup in error case
virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed
nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred
ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg
net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag
random: credit cpu and bootloader seeds by default
pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE
i40e: Fix call trace in setup_tx_descriptors
tty: goldfish: Fix free_irq() on remove
misc: atmel-ssc: Fix IRQ check in ssc_probe
net: bgmac: Fix an erroneous kfree() in bgmac_remove()
arm64: ftrace: fix branch range checks
certs/blacklist_hashes.c: fix const confusion in certs blacklist
irqchip/gic/realview: Fix refcount leak in realview_gic_of_init
comedi: vmk80xx: fix expression for tx buffer size
USB: serial: option: add support for Cinterion MV31 with new baseline
USB: serial: io_ti: add Agilent E5805A support
usb: dwc2: Fix memory leak in dwc2_hcd_init
usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe
serial: 8250: Store to lsr_save_flags after lsr read
ext4: fix bug_on ext4_mb_use_inode_pa
ext4: make variable "count" signed
ext4: add reserved GDT blocks check
virtio-pci: Remove wrong address verification in vp_del_vqs()
l2tp: don't use inet_shutdown on ppp session destroy
l2tp: fix race in pppol2tp_release with session object destroy
s390/mm: use non-quiescing sske for KVM switch to keyed guest
usb: gadget: u_ether: fix regression in setting fixed MAC address
xprtrdma: fix incorrect header size calculations
tcp: add some entropy in __inet_hash_connect()
tcp: use different parts of the port_offset for index and offset
tcp: add small random increments to the source port
tcp: dynamically allocate the perturb table used by source ports
tcp: increase source port perturb table to 2^16
tcp: drop the hash_32() part from the index calculation
Linux 4.14.285
Conflicts:
crypto/chacha20_generic.c
drivers/char/random.c
drivers/of/fdt.c
include/crypto/chacha20.h
lib/chacha20.c
Merge resolution notes:
- Added CHACHA20_KEY_SIZE and CHACHA20_BLOCK_SIZE constants to
chacha.h, to minimize changes from the 4.14.285 version of random.c
- Updated lib/vsprintf.c for
"random: replace custom notifier chain with standard one".
Change-Id: I6a4ca9b12ed23f76bac6c4c9e6306e2b354e2752
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
||
|
Jason A. Donenfeld
|
707c01fe19 |
random: remove unused tracepoints
commit 14c174633f349cb41ea90c2c0aaddac157012f74 upstream. These explicit tracepoints aren't really used and show sign of aging. It's work to keep these up to date, and before I attempted to keep them up to date, they weren't up to date, which indicates that they're not really used. These days there are better ways of introspecting anyway. Cc: Theodore Ts'o <tytso@mit.edu> Reviewed-by: Dominik Brodowski <linux@dominikbrodowski.net> Reviewed-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Jason A. Donenfeld
|
acbf6f4851 |
random: use hash function for crng_slow_load()
commit 66e4c2b9541503d721e936cc3898c9f25f4591ff upstream. Since we have a hash function that's really fast, and the goal of crng_slow_load() is reportedly to "touch all of the crng's state", we can just hash the old state together with the new state and call it a day. This way we dont need to reason about another LFSR or worry about various attacks there. This code is only ever used at early boot and then never again. Cc: Theodore Ts'o <tytso@mit.edu> Reviewed-by: Dominik Brodowski <linux@dominikbrodowski.net> Reviewed-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Jason A. Donenfeld
|
62a2b4bd3e |
random: simplify entropy debiting
commit 9c07f57869e90140080cfc282cc628d123e27704 upstream. Our pool is 256 bits, and we only ever use all of it or don't use it at all, which is decided by whether or not it has at least 128 bits in it. So we can drastically simplify the accounting and cmpxchg loop to do exactly this. While we're at it, we move the minimum bit size into a constant so it can be shared between the two places where it matters. The reason we want any of this is for the case in which an attacker has compromised the current state, and then bruteforces small amounts of entropy added to it. By demanding a particular minimum amount of entropy be present before reseeding, we make that bruteforcing difficult. Note that this rationale no longer includes anything about /dev/random blocking at the right moment, since /dev/random no longer blocks (except for at ~boot), but rather uses the crng. In a former life, /dev/random was different and therefore required a more nuanced account(), but this is no longer. Behaviorally, nothing changes here. This is just a simplification of the code. Cc: Theodore Ts'o <tytso@mit.edu> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Reviewed-by: Eric Biggers <ebiggers@google.com> Reviewed-by: Dominik Brodowski <linux@dominikbrodowski.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Jason A. Donenfeld
|
55349296ba |
random: rather than entropy_store abstraction, use global
commit 90ed1e67e896cc8040a523f8428fc02f9b164394 upstream. Originally, the RNG used several pools, so having things abstracted out over a generic entropy_store object made sense. These days, there's only one input pool, and then an uneven mix of usage via the abstraction and usage via &input_pool. Rather than this uneasy mixture, just get rid of the abstraction entirely and have things always use the global. This simplifies the code and makes reading it a bit easier. Reviewed-by: Dominik Brodowski <linux@dominikbrodowski.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Eric Biggers
|
5ab8e04f6d |
random: remove dead code left over from blocking pool
commit 118a4417e14348b2e46f5e467da8444ec4757a45 upstream.
Remove some dead code that was left over following commit 90ea1c6436d2
("random: remove the blocking pool").
Cc: linux-crypto@vger.kernel.org
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Jann Horn <jannh@google.com>
Cc: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Andy Lutomirski <luto@kernel.org>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Theodore Ts'o
|
fd5e41d61e |
random: only read from /dev/random after its pool has received 128 bits
commit eb9d1bf079bb438d1a066d72337092935fc770f6 upstream. Immediately after boot, we allow reads from /dev/random before its entropy pool has been fully initialized. Fix this so that we don't allow this until the blocking pool has received 128 bits. We do this by repurposing the initialized flag in the entropy pool struct, and use the initialized flag in the blocking pool to indicate whether it is safe to pull from the blocking pool. To do this, we needed to rework when we decide to push entropy from the input pool to the blocking pool, since the initialized flag for the input pool was used for this purpose. To simplify things, we no longer use the initialized flag for that purpose, nor do we use the entropy_total field any more. Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
bc1a5b8c02 |
Merge 4.14.283 into android-4.14-stable
Changes in 4.14.283
binfmt_flat: do not stop relocating GOT entries prematurely on riscv
USB: serial: option: add Quectel BG95 modem
USB: new quirk for Dell Gen 2 devices
ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP
ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
btrfs: add "0x" prefix for unsupported optional features
btrfs: repair super block num_devices automatically
drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue
b43legacy: Fix assigning negative value to unsigned variable
b43: Fix assigning negative value to unsigned variable
ipw2x00: Fix potential NULL dereference in libipw_xmit()
ACPICA: Avoid cache flush inside virtual machines
ALSA: jack: Access input_dev under mutex
drm/amd/pm: fix double free in si_parse_power_table()
ath9k: fix QCA9561 PA bias level
media: venus: hfi: avoid null dereference in deinit
media: pci: cx23885: Fix the error handling in cx23885_initdev()
media: cx25821: Fix the warning when removing the module
scsi: megaraid: Fix error check return value of register_chrdev()
drm/amd/pm: fix the compile warning
ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL
ASoC: dapm: Don't fold register value changes into notifications
s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES
dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC
ipmi:ssif: Check for NULL msg when handling events and messages
rtlwifi: Use pr_warn instead of WARN_ONCE
openrisc: start CPU timer early in boot
nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags
ASoC: rt5645: Fix errorenous cleanup order
net: phy: micrel: Allow probing without .driver_data
media: exynos4-is: Fix compile warning
rxrpc: Return an error to sendmsg if call failed
eth: tg3: silence the GCC 12 array-bounds warning
ARM: dts: ox820: align interrupt controller node name with dtschema
fs: jfs: fix possible NULL pointer dereference in dbFree()
ARM: OMAP1: clock: Fix UART rate reporting algorithm
fat: add ratelimit to fat*_ent_bread()
ARM: versatile: Add missing of_node_put in dcscb_init
ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM
ARM: hisi: Add missing of_node_put after of_find_compatible_node
PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store()
tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate
powerpc/xics: fix refcount leak in icp_opal_init()
macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled
RDMA/hfi1: Prevent panic when SDMA is disabled
drm: fix EDID struct for old ARM OABI format
ath9k: fix ar9003_get_eepmisc
ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe
x86/delay: Fix the wrong asm constraint in delay_loop()
drm/mediatek: Fix mtk_cec_mask()
spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout
NFC: NULL out the dev->rfkill to prevent UAF
efi: Add missing prototype for efi_capsule_setup_info
HID: hid-led: fix maximum brightness for Dream Cheeky
spi: img-spfi: Fix pm_runtime_get_sync() error checking
ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix
inotify: show inotify mask flags in proc fdinfo
fsnotify: fix wrong lockdep annotations
x86/pm: Fix false positive kmemleak report in msr_build_context()
drm/msm/dsi: fix error checks and return values for DSI xmit functions
drm/msm/hdmi: check return value after calling platform_get_resource_byname()
drm/rockchip: vop: fix possible null-ptr-deref in vop_bind()
x86: Fix return value of __setup handlers
irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value
x86/mm: Cleanup the control_va_addr_alignment() __setup handler
drm/msm: return an error pointer in msm_gem_prime_get_sg_table()
media: uvcvideo: Fix missing check to determine if element is found in list
ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe
regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt
media: st-delta: Fix PM disable depth imbalance in delta_probe
media: exynos4-is: Change clk_disable to clk_disable_unprepare
media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init
Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
m68k: math-emu: Fix dependencies of math emulation support
sctp: read sk->sk_bound_dev_if once in sctp_rcv()
ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition()
rxrpc: Fix listen() setting the bar too high for the prealloc rings
rxrpc: Don't try to resend the request if we're receiving the reply
soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc
soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc
ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT
ARM: dts: bcm2835-rpi-b: Fix GPIO line names
mfd: ipaq-micro: Fix error check return value of platform_get_irq()
scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac()
pinctrl: mvebu: Fix irq_of_parse_and_map() return value
drivers/base/node.c: fix compaction sysfs file leak
powerpc/8xx: export 'cpm_setbrg' for modules
powerpc/idle: Fix return value of __setup() handler
powerpc/4xx/cpm: Fix return value of __setup() handler
tty: fix deadlock caused by calling printk() under tty_port->lock
Input: sparcspkr - fix refcount leak in bbc_beep_probe
powerpc/perf: Fix the threshold compare group constraint for power9
powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup
mailbox: forward the hrtimer if not queued and under a lock
iommu/mediatek: Add list_del in mtk_iommu_remove
video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup
iommu/amd: Increase timeout waiting for GA log enablement
perf c2c: Use stdio interface if slang is not supported
perf jevents: Fix event syntax error caused by ExtSel
wifi: mac80211: fix use-after-free in chanctx code
iwlwifi: mvm: fix assert 1F04 upon reconfig
fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages
ext4: fix use-after-free in ext4_rename_dir_prepare
ext4: fix bug_on in ext4_writepages
ext4: verify dir block before splitting it
ext4: avoid cycles in directory h-tree
dlm: fix plock invalid read
dlm: fix missing lkb refcount handling
ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock
scsi: dc395x: Fix a missing check on list iterator
scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled
drm/amdgpu/cs: make commands with 0 chunks illegal behaviour.
drm/nouveau/clk: Fix an incorrect NULL check on list iterator
drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX
md: fix an incorrect NULL check in does_sb_need_changing
md: fix an incorrect NULL check in md_reload_sb
RDMA/hfi1: Fix potential integer multiplication overflow errors
irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x
irqchip: irq-xtensa-mx: fix initial IRQ affinity
mac80211: upgrade passive scan to active scan on DFS channels after beacon rx
um: chan_user: Fix winch_tramp() return value
um: Fix out-of-bounds read in LDT setup
iommu/msm: Fix an incorrect NULL check on list iterator
nodemask.h: fix compilation error with GCC12
hugetlb: fix huge_pmd_unshare address update
rtl818x: Prevent using not initialized queues
ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control
carl9170: tx: fix an incorrect use of list iterator
gma500: fix an incorrect NULL check on list iterator
arm64: dts: qcom: ipq8074: fix the sleep clock frequency
phy: qcom-qmp: fix struct clk leak on probe errors
docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0
dt-bindings: gpio: altera: correct interrupt-cells
phy: qcom-qmp: fix reset-controller leak on probe errors
RDMA/rxe: Generate a completion for unsupported/invalid opcode
MIPS: IP27: Remove incorrect `cpu_has_fpu' override
netfilter: nf_tables: disallow non-stateful expression in sets earlier
pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards
staging: greybus: codecs: fix type confusion of list iterator variable
tty: goldfish: Use tty_port_destroy() to destroy port
usb: usbip: fix a refcount leak in stub_probe()
usb: usbip: add missing device lock on tweak configuration cmd
USB: storage: karma: fix rio_karma_init return
pwm: lp3943: Fix duty calculation in case period was clamped
rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value
coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier
soc: rockchip: Fix refcount leak in rockchip_grf_init
rtc: mt6397: check return value after calling platform_get_resource()
serial: meson: acquire port->lock in startup()
serial: digicolor-usart: Don't allow CS5-6
serial: txx9: Don't allow CS5-6
serial: sh-sci: Don't allow CS5-6
serial: st-asc: Sanitize CSIZE and correct PARENB for CS7
firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle
clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value
net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry()
net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register
modpost: fix removing numeric suffixes
jffs2: fix memory leak in jffs2_do_fill_super
ubi: ubi_create_volume: Fix use-after-free when volume creation failed
tcp: tcp_rtx_synack() can be called from process context
perf c2c: Fix sorting in percent_rmt_hitm_cmp()
mips: cpc: Fix refcount leak in mips_cpc_default_phys_base
tracing: Fix sleeping function called from invalid context on RT kernel
tracing: Avoid adding tracer option before update_tracer_options
i2c: cadence: Increase timeout per message if necessary
m68knommu: set ZERO_PAGE() to the allocated zeroed page
m68knommu: fix undefined reference to `_init_sp'
video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove()
xprtrdma: treat all calls not a bcall when bc_serv is NULL
ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe
net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure
SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer()
net: mdio: unexport __init-annotated mdio_bus_init()
net: xfrm: unexport __init-annotated xfrm4_protocol_init()
net: ipv6: unexport __init-annotated seg6_hmac_init()
net: altera: Fix refcount leak in altera_tse_mdio_create
drm: imx: fix compiler warning with gcc-12
iio: dummy: iio_simple_dummy: check the return value of kstrdup()
lkdtm/usercopy: Expand size of "out of frame" object
tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()
tty: Fix a possible resource leak in icom_probe
drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop()
USB: host: isp116x: check return value after calling platform_get_resource()
drivers: tty: serial: Fix deadlock in sa1100_set_termios()
drivers: usb: host: Fix deadlock in oxu_bus_suspend()
USB: hcd-pci: Fully suspend across freeze/thaw cycle
usb: dwc2: gadget: don't reset gadget's driver->bus
misc: rtsx: set NULL intfdata when probe fails
extcon: Modify extcon device to be created after driver data is set
clocksource/drivers/sp804: Avoid error on multiple instances
staging: rtl8712: fix uninit-value in r871xu_drv_init()
serial: msm_serial: disable interrupts in __msm_console_write()
kernfs: Separate kernfs_pr_cont_buf and rename_lock.
md: protect md_unregister_thread from reentrancy
Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process"
drm/radeon: fix a possible null pointer dereference
modpost: fix undefined behavior of is_arm_mapping_symbol()
nbd: call genl_unregister_family() first in nbd_cleanup()
nbd: fix race between nbd_alloc_config() and module removal
nbd: fix io hung while disconnecting device
nodemask: Fix return values to be unsigned
vringh: Fix loop descriptors check in the indirect cases
ALSA: hda/conexant - Fix loopback issue with CX20632
cifs: return errors during session setup during reconnects
ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files
nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION
nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling
ixgbe: fix bcast packets Rx on VF after promisc removal
ixgbe: fix unexpected VLAN Rx in promisc mode on VF
Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag
powerpc/32: Fix overread/overwrite of thread_struct via ptrace
md/raid0: Ignore RAID0 layout if the second zone has only one device
mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write
mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N
PCI: qcom: Fix unbalanced PHY init on probe errors
tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd
Linux 4.14.283
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ied22d0825be1474eb1388684d690c7c40d8fe891
|
||
|
Vasily Averin
|
232db3526c |
tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate
[ Upstream commit 2b132903de7124dd9a758be0c27562e91a510848 ] Fixes following sparse warnings: CHECK mm/vmscan.c mm/vmscan.c: note: in included file (through include/trace/trace_events.h, include/trace/define_trace.h, include/trace/events/vmscan.h): ./include/trace/events/vmscan.h:281:1: sparse: warning: cast to restricted isolate_mode_t ./include/trace/events/vmscan.h:281:1: sparse: warning: restricted isolate_mode_t degrades to integer Link: https://lkml.kernel.org/r/e85d7ff2-fd10-53f8-c24e-ba0458439c1b@openvz.org Signed-off-by: Vasily Averin <vvs@openvz.org> Acked-by: Steven Rostedt (Google) <rostedt@goodmis.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
c0303b0388 |
Merge 4.14.222 into android-4.14-stable
Changes in 4.14.222 fgraph: Initialize tracing_graph_pause at task creation remoteproc: qcom_q6v5_mss: Validate modem blob firmware size before load remoteproc: qcom_q6v5_mss: Validate MBA firmware size before load af_key: relax availability checks for skb size calculation pNFS/NFSv4: Try to return invalid layout in pnfs_layout_process() iwlwifi: mvm: take mutex for calling iwl_mvm_get_sync_time() iwlwifi: pcie: add a NULL check in iwl_pcie_txq_unmap iwlwifi: mvm: guard against device removal in reprobe SUNRPC: Move simple_get_bytes and simple_get_netobj into private header SUNRPC: Handle 0 length opaque XDR object data properly lib/string: Add strscpy_pad() function include/trace/events/writeback.h: fix -Wstringop-truncation warnings memcg: fix a crash in wb_workfn when a device disappears squashfs: add more sanity checks in id lookup squashfs: add more sanity checks in inode lookup squashfs: add more sanity checks in xattr id lookup tracing: Do not count ftrace events in top level enable output tracing: Check length before giving out the filter buffer arm/xen: Don't probe xenbus as part of an early initcall MIPS: BMIPS: Fix section mismatch warning arm64: dts: rockchip: Fix PCIe DT properties on rk3399 platform/x86: hp-wmi: Disable tablet-mode reporting by default ovl: perform vfs_getxattr() with mounter creds cap: fix conversions on getxattr ovl: skip getxattr of security labels ARM: dts: lpc32xx: Revert set default clock rate of HCLK PLL ARM: ensure the signal page contains defined contents memblock: do not start bottom-up allocations with kernel_end bpf: Check for integer overflow when using roundup_pow_of_two() netfilter: xt_recent: Fix attempt to update deleted entry xen/netback: avoid race in xenvif_rx_ring_slots_available() netfilter: conntrack: skip identical origin tuple in same zone only usb: dwc3: ulpi: fix checkpatch warning usb: dwc3: ulpi: Replace CPU-based busyloop with Protocol-based one net/vmw_vsock: improve locking in vsock_connect_timeout() net: watchdog: hold device global xmit lock during tx disable vsock/virtio: update credit only if socket is not closed vsock: fix locking in vsock_shutdown() i2c: stm32f7: fix configuration of the digital filter h8300: fix PREEMPTION build, TI_PRE_COUNT undefined x86/build: Disable CET instrumentation in the kernel for 32-bit too trace: Use -mcount-record for dynamic ftrace tracing: Fix SKIP_STACK_VALIDATION=1 build due to bad merge with -mrecord-mcount tracing: Avoid calling cc-option -mrecord-mcount for every Makefile Xen/x86: don't bail early from clear_foreign_p2m_mapping() Xen/x86: also check kernel mapping in set_foreign_p2m_mapping() Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages() Xen/gntdev: correct error checking in gntdev_map_grant_pages() xen/arm: don't ignore return errors from set_phys_to_machine xen-blkback: don't "handle" error by BUG() xen-netback: don't "handle" error by BUG() xen-scsiback: don't "handle" error by BUG() xen-blkback: fix error handling in xen_blkbk_map() scsi: qla2xxx: Fix crash during driver load on big endian machines USB: Gadget Ethernet: Re-enable Jumbo frames. usb: gadget: u_ether: Fix MTU size mismatch with RX packet size kvm: check tlbs_dirty directly Linux 4.14.222 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I22657377bcf9340798a60064ba3d5ebdf1165097 |
||
|
Theodore Ts'o
|
d24cf6d0d7 |
memcg: fix a crash in wb_workfn when a device disappears
[ Upstream commit 68f23b89067fdf187763e75a56087550624fdbee ] Without memcg, there is a one-to-one mapping between the bdi and bdi_writeback structures. In this world, things are fairly straightforward; the first thing bdi_unregister() does is to shutdown the bdi_writeback structure (or wb), and part of that writeback ensures that no other work queued against the wb, and that the wb is fully drained. With memcg, however, there is a one-to-many relationship between the bdi and bdi_writeback structures; that is, there are multiple wb objects which can all point to a single bdi. There is a refcount which prevents the bdi object from being released (and hence, unregistered). So in theory, the bdi_unregister() *should* only get called once its refcount goes to zero (bdi_put will drop the refcount, and when it is zero, release_bdi gets called, which calls bdi_unregister). Unfortunately, del_gendisk() in block/gen_hd.c never got the memo about the Brave New memcg World, and calls bdi_unregister directly. It does this without informing the file system, or the memcg code, or anything else. This causes the root wb associated with the bdi to be unregistered, but none of the memcg-specific wb's are shutdown. So when one of these wb's are woken up to do delayed work, they try to dereference their wb->bdi->dev to fetch the device name, but unfortunately bdi->dev is now NULL, thanks to the bdi_unregister() called by del_gendisk(). As a result, *boom*. Fortunately, it looks like the rest of the writeback path is perfectly happy with bdi->dev and bdi->owner being NULL, so the simplest fix is to create a bdi_dev_name() function which can handle bdi->dev being NULL. This also allows us to bulletproof the writeback tracepoints to prevent them from dereferencing a NULL pointer and crashing the kernel if one is tracing with memcg's enabled, and an iSCSI device dies or a USB storage stick is pulled. The most common way of triggering this will be hotremoval of a device while writeback with memcg enabled is going on. It was triggering several times a day in a heavily loaded production environment. Google Bug Id: 145475544 Link: https://lore.kernel.org/r/20191227194829.150110-1-tytso@mit.edu Link: http://lkml.kernel.org/r/20191228005211.163952-1-tytso@mit.edu Signed-off-by: Theodore Ts'o <tytso@mit.edu> Cc: Chris Mason <clm@fb.com> Cc: Tejun Heo <tj@kernel.org> Cc: Jens Axboe <axboe@kernel.dk> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Qian Cai
|
fe4c89150d |
include/trace/events/writeback.h: fix -Wstringop-truncation warnings
[ Upstream commit d1a445d3b86c9341ce7a0954c23be0edb5c9bec5 ]
There are many of those warnings.
In file included from ./arch/powerpc/include/asm/paca.h:15,
from ./arch/powerpc/include/asm/current.h:13,
from ./include/linux/thread_info.h:21,
from ./include/asm-generic/preempt.h:5,
from ./arch/powerpc/include/generated/asm/preempt.h:1,
from ./include/linux/preempt.h:78,
from ./include/linux/spinlock.h:51,
from fs/fs-writeback.c:19:
In function 'strncpy',
inlined from 'perf_trace_writeback_page_template' at
./include/trace/events/writeback.h:56:1:
./include/linux/string.h:260:9: warning: '__builtin_strncpy' specified
bound 32 equals destination size [-Wstringop-truncation]
return __builtin_strncpy(p, q, size);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fix it by using the new strscpy_pad() which was introduced in "lib/string:
Add strscpy_pad() function" and will always be NUL-terminated instead of
strncpy(). Also, change strlcpy() to use strscpy_pad() in this file for
consistency.
Link: http://lkml.kernel.org/r/1564075099-27750-1-git-send-email-cai@lca.pw
Fixes:
|
||
|
Jan Kara
|
5c846eee8b |
writeback: Drop I_DIRTY_TIME_EXPIRE
commit 5fcd57505c002efc5823a7355e21f48dd02d5a51 upstream. The only use of I_DIRTY_TIME_EXPIRE is to detect in __writeback_single_inode() that inode got there because flush worker decided it's time to writeback the dirty inode time stamps (either because we are syncing or because of age). However we can detect this directly in __writeback_single_inode() and there's no need for the strange propagation with I_DIRTY_TIME_EXPIRE flag. Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
9ddf99d35b |
Merge 4.14.203 into android-4.14-stable
Changes in 4.14.203 ibmveth: Switch order of ibmveth_helper calls. ibmveth: Identify ingress large send packets. ipv4: Restore flowi4_oif update before call to xfrm_lookup_route mlx4: handle non-napi callers to napi_poll net: usb: qmi_wwan: add Cellient MPL200 card tipc: fix the skb_unshare() in tipc_buf_append() net/ipv4: always honour route mtu during forwarding r8169: fix data corruption issue on RTL8402 binder: fix UAF when releasing todo list ALSA: bebob: potential info leak in hwdep_read() net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download() tcp: fix to update snd_wl1 in bulk receiver fast path icmp: randomize the global rate limiter cifs: remove bogus debug code cifs: Return the error from crypt_message when enc/dec key not found. KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages KVM: SVM: Initialize prev_ga_tag before use ima: Don't ignore errors from crypto_shash_update() crypto: algif_aead - Do not set MAY_BACKLOG on the async path EDAC/i5100: Fix error handling order in i5100_init_one() x86/fpu: Allow multiple bits in clearcpuid= parameter drivers/perf: xgene_pmu: Fix uninitialized resource struct crypto: algif_skcipher - EBUSY on aio should be an error crypto: mediatek - Fix wrong return value in mtk_desc_ring_alloc() crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call media: tuner-simple: fix regression in simple_set_radio_freq media: Revert "media: exynos4-is: Add missed check for pinctrl_lookup_state()" media: m5mols: Check function pointer in m5mols_sensor_power media: uvcvideo: Set media controller entity functions media: omap3isp: Fix memleak in isp_probe crypto: omap-sham - fix digcnt register handling with export/import cypto: mediatek - fix leaks in mtk_desc_ring_alloc media: mx2_emmaprp: Fix memleak in emmaprp_probe media: tc358743: initialize variable media: platform: fcp: Fix a reference count leak. media: s5p-mfc: Fix a reference count leak media: ti-vpe: Fix a missing check and reference count leak regulator: resolve supply after creating regulator ath10k: provide survey info as accumulated data Bluetooth: hci_uart: Cancel init work before unregistering ath6kl: prevent potential array overflow in ath6kl_add_new_sta() ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb() wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680 ASoC: qcom: lpass-platform: fix memory leak ASoC: qcom: lpass-cpu: fix concurrency issue brcmfmac: check ndev pointer mwifiex: Do not use GFP_KERNEL in atomic context drm/gma500: fix error check scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()' scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() backlight: sky81452-backlight: Fix refcount imbalance on error VMCI: check return value of get_user_pages_fast() for errors tty: serial: earlycon dependency tty: hvcs: Don't NULL tty->driver_data until hvcs_cleanup() pty: do tty_flip_buffer_push without port->lock in pty_write pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare() pwm: lpss: Add range limit check for the base_unit register value drivers/virt/fsl_hypervisor: Fix error handling path video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error video: fbdev: sis: fix null ptr dereference HID: roccat: add bounds checking in kone_sysfs_write_settings() pinctrl: mcp23s08: Fix mcp23x17_regmap initialiser pinctrl: mcp23s08: Fix mcp23x17 precious range ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd() misc: mic: scif: Fix error handling path ALSA: seq: oss: Avoid mutex lock for a long-time ioctl usb: dwc2: Fix parameter type in function pointer prototype quota: clear padding in v2r1_mem2diskdqb() HID: hid-input: fix stylus battery reporting qtnfmac: fix resource leaks on unsupported iftype error return path net: enic: Cure the enic api locking trainwreck mfd: sm501: Fix leaks in probe() iwlwifi: mvm: split a print to avoid a WARNING in ROC usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above. usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well nl80211: fix non-split wiphy information usb: dwc2: Fix INTR OUT transfers in DDMA mode. scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs() mwifiex: fix double free net: korina: fix kfree of rx/tx descriptor array mm/memcg: fix device private memcg accounting mm, oom_adj: don't loop through tasks in __set_oom_adj when not necessary IB/mlx4: Fix starvation in paravirt mux/demux IB/mlx4: Adjust delayed work when a dup is observed powerpc/pseries: Fix missing of_node_put() in rng_init() powerpc/icp-hv: Fix missing of_node_put() in success path mtd: lpddr: fix excessive stack usage with clang mtd: mtdoops: Don't write panic data twice ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT values arc: plat-hsdk: fix kconfig dependency warning when !RESET_CONTROLLER xfs: limit entries returned when counting fsmap records RDMA/qedr: Fix use of uninitialized field powerpc/tau: Use appropriate temperature sample interval powerpc/tau: Remove duplicated set_thresholds() call powerpc/tau: Disable TAU between measurements perf intel-pt: Fix "context_switch event has no tid" error RDMA/hns: Set the unsupported wr opcode kdb: Fix pager search for multi-line strings overflow: Include header file with SIZE_MAX declaration powerpc/perf: Exclude pmc5/6 from the irrelevant PMU group constraints powerpc/perf/hv-gpci: Fix starting index value cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_reboot_notifier IB/rdmavt: Fix sizeof mismatch f2fs: wait for sysfs kobject removal before freeing f2fs_sb_info lib/crc32.c: fix trivial typo in preprocessor condition ramfs: fix nommu mmap with gaps in the page cache rapidio: fix error handling path rapidio: fix the missed put_device() for rio_mport_add_riodev mailbox: avoid timer start from callback i2c: rcar: Auto select RESET_CONTROLLER PCI: iproc: Set affinity mask on MSI interrupts clk: at91: clk-main: update key before writing AT91_CKGR_MOR clk: bcm2835: add missing release if devm_clk_hw_register fails ext4: limit entries returned when counting fsmap records vfio/pci: Clear token on bypass registration failure vfio iommu type1: Fix memory leak in vfio_iommu_type1_pin_pages Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume() Input: stmfts - fix a & vs && typo Input: ep93xx_keypad - fix handling of platform_get_irq() error Input: omap4-keypad - fix handling of platform_get_irq() error Input: twl4030_keypad - fix handling of platform_get_irq() error Input: sun4i-ps2 - fix handling of platform_get_irq() error KVM: x86: emulating RDPID failure shall return #UD rather than #GP memory: omap-gpmc: Fix a couple off by ones memory: fsl-corenet-cf: Fix handling of platform_get_irq() error arm64: dts: qcom: msm8916: Fix MDP/DSI interrupts ARM: dts: owl-s500: Fix incorrect PPI interrupt specifiers arm64: dts: zynqmp: Remove additional compatible string for i2c IPs powerpc/powernv/dump: Fix race while processing OPAL dump nvmet: fix uninitialized work for zero kato NTB: hw: amd: fix an issue about leak system resources perf: correct SNOOPX field offset i2c: core: Restore acpi_walk_dep_device_list() getting called after registering the ACPI i2c devs crypto: ccp - fix error handling media: firewire: fix memory leak media: ati_remote: sanity check for both endpoints media: st-delta: Fix reference count leak in delta_run_work media: sti: Fix reference count leaks media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync media: exynos4-is: Fix a reference count leak media: vsp1: Fix runtime PM imbalance on error media: platform: s3c-camif: Fix runtime PM imbalance on error media: platform: sti: hva: Fix runtime PM imbalance on error media: bdisp: Fix runtime PM imbalance on error media: media/pci: prevent memory leak in bttv_probe media: uvcvideo: Ensure all probed info is returned to v4l2 mmc: sdio: Check for CISTPL_VERS_1 buffer size media: saa7134: avoid a shift overflow fs: dlm: fix configfs memory leak media: venus: core: Fix runtime PM imbalance in venus_probe ntfs: add check for mft record size in superblock mac80211: handle lack of sband->bitrates in rates PM: hibernate: remove the bogus call to get_gendisk() in software_resume() scsi: mvumi: Fix error return in mvumi_io_attach() scsi: target: core: Add CONTROL field for trace events mic: vop: copy data to kernel space then write to io memory misc: vop: add round_up(x,4) for vring_size to avoid kernel panic usb: gadget: function: printer: fix use-after-free in __lock_acquire udf: Limit sparing table size udf: Avoid accessing uninitialized data on failed inode read USB: cdc-acm: handle broken union descriptors can: flexcan: flexcan_chip_stop(): add error handling and propagate error value ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs() misc: rtsx: Fix memory leak in rtsx_pci_probe reiserfs: only call unlock_new_inode() if I_NEW xfs: make sure the rt allocator doesn't run off the end usb: ohci: Default to per-port over-current protection Bluetooth: Only mark socket zapped after unlocking scsi: ibmvfc: Fix error return in ibmvfc_probe() brcmsmac: fix memory leak in wlc_phy_attach_lcnphy rtl8xxxu: prevent potential memory leak Fix use after free in get_capset_info callback. scsi: qedi: Protect active command list to avoid list corruption scsi: qedi: Fix list_del corruption while removing active I/O tty: ipwireless: fix error handling ipvs: Fix uninit-value in do_ip_vs_set_ctl() reiserfs: Fix memory leak in reiserfs_parse_options() mwifiex: don't call del_timer_sync() on uninitialized timer brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach usb: core: Solve race condition in anchor cleanup functions scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config() ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n() net: korina: cast KSEG0 address to pointer in kfree tty: serial: fsl_lpuart: fix lpuart32_poll_get_char usb: cdc-acm: add quirk to blacklist ETAS ES58X devices USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync(). eeprom: at25: set minimum read/write access stride to 1 usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets. powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler Linux 4.14.203 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ia4c1c9fc1a8d03c662b37fbe1448b4fb1f88007a |