1. 06 Jan, 2023 3 commits
    • Linus Torvalds's avatar
      Merge tag 'perf-tools-fixes-for-v6.2-1-2023-01-06' of... · 56f81458
      Linus Torvalds authored
      Merge tag 'perf-tools-fixes-for-v6.2-1-2023-01-06' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux
      
      Pull perf tools fixes from Arnaldo Carvalho de Melo:
      
       - Fix segfault when trying to process tracepoints present in a
         perf.data file and not linked with libtraceevent.
      
       - Fix build on uClibc systems by adding missing sys/types.h include,
         that was being obtained indirectly which stopped being the case when
         tools/lib/traceevent was removed.
      
       - Don't show commands in 'perf help' that depend on linking with
         libtraceevent when not building with that library, which is now a
         possibility since we no longer ship a copy in tools/lib/traceevent.
      
       - Fix failure in 'perf test' entry testing the combination of 'perf
         probe' user space function + 'perf record' + 'perf script' where it
         expects a backtrace leading to glibc's inet_pton() from 'ping' that
         now happens more than once with glibc 2.35 for IPv6 addreses.
      
       - Fix for the inet_pton perf test on s/390 where
         'text_to_binary_address' now appears on the backtrace.
      
       - Fix build error on riscv due to missing header for 'struct
         perf_sample'.
      
       - Fix 'make -C tools perf_install' install variant by not propagating
         the 'subdir' to submakes for the 'install_headers' targets.
      
       - Fix handling of unsupported cgroup events when using BPF counters in
         'perf stat'.
      
       - Count all cgroups, not just the last one when using 'perf stat' and
         combining --for-each-cgroup with --bpf-counters.
      
         This makes the output using BPF counters match the output without
         using it, which was the intention all along, the output should be the
         same using --bpf-counters or not.
      
       - Fix 'perf lock contention' core dump related to not finding the
         "__sched_text_end" symbol on s/390.
      
       - Fix build failure when HEAD is signed: exclude the signature from the
         version string.
      
       - Add missing closedir() calls to in perf_data__open_dir(), plugging a
         fd leak.
      
      * tag 'perf-tools-fixes-for-v6.2-1-2023-01-06' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux:
        perf tools: Fix build on uClibc systems by adding missing sys/types.h include
        perf stat: Fix handling of --for-each-cgroup with --bpf-counters to match non BPF mode
        perf stat: Fix handling of unsupported cgroup events when using BPF counters
        perf test record_probe_libc_inet_pton: Fix test on s/390 where 'text_to_binary_address' now appears on the backtrace
        perf lock contention: Fix core dump related to not finding the "__sched_text_end" symbol on s/390
        perf build: Don't propagate subdir to submakes for install_headers
        perf test record_probe_libc_inet_pton: Fix failure due to extra inet_pton() backtrace in glibc >= 2.35
        perf tools: Fix segfault when trying to process tracepoints in perf.data and not linked with libtraceevent
        perf tools: Don't include signature in version strings
        perf help: Use HAVE_LIBTRACEEVENT to filter out unsupported commands
        perf tools riscv: Fix build error on riscv due to missing header for 'struct perf_sample'
        perf tools: Fix resources leak in perf_data__open_dir()
      56f81458
    • Linus Torvalds's avatar
      Merge tag 'perf-urgent-2023-01-06' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · d7a0853d
      Linus Torvalds authored
      Pull perf fix from Ingo Molnar:
       "Intel RAPL updates for new model IDs"
      
      * tag 'perf-urgent-2023-01-06' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        perf/x86/rapl: Add support for Intel Emerald Rapids
        perf/x86/rapl: Add support for Intel Meteor Lake
        perf/x86/rapl: Treat Tigerlake like Icelake
      d7a0853d
    • Linus Torvalds's avatar
      Merge tag 'v6.2-p2' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · 90bc52c5
      Linus Torvalds authored
      Pull crypto fixes from Herbert Xu:
       "This fixes a CFI crash in arm64/sm4 as well as a regression in the
        caam driver"
      
      * tag 'v6.2-p2' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
        crypto: arm64/sm4 - fix possible crash with CFI enabled
        crypto: caam - fix CAAM io mem access in blob_gen
      90bc52c5
  2. 05 Jan, 2023 11 commits
    • Linus Torvalds's avatar
      Merge tag 'thermal-6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · 1f5abbd7
      Linus Torvalds authored
      Pull thermal control fix from Rafael Wysocki:
       "Add a missing sysfs attribute to the int340x thermal driver (Srinivas
        Pandruvada)"
      
      * tag 'thermal-6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        thermal: int340x: Add missing attribute for data rate base
      1f5abbd7
    • Linus Torvalds's avatar
      Merge tag 'net-6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 50011c32
      Linus Torvalds authored
      Pull networking fixes from Jakub Kicinski:
       "Including fixes from bpf, wifi, and netfilter.
      
        Current release - regressions:
      
         - bpf: fix nullness propagation for reg to reg comparisons, avoid
           null-deref
      
         - inet: control sockets should not use current thread task_frag
      
         - bpf: always use maximal size for copy_array()
      
         - eth: bnxt_en: don't link netdev to a devlink port for VFs
      
        Current release - new code bugs:
      
         - rxrpc: fix a couple of potential use-after-frees
      
         - netfilter: conntrack: fix IPv6 exthdr error check
      
         - wifi: iwlwifi: fw: skip PPAG for JF, avoid FW crashes
      
         - eth: dsa: qca8k: various fixes for the in-band register access
      
         - eth: nfp: fix schedule in atomic context when sync mc address
      
         - eth: renesas: rswitch: fix getting mac address from device tree
      
         - mobile: ipa: use proper endpoint mask for suspend
      
        Previous releases - regressions:
      
         - tcp: add TIME_WAIT sockets in bhash2, fix regression caught by
           Jiri / python tests
      
         - net: tc: don't intepret cls results when asked to drop, fix
           oob-access
      
         - vrf: determine the dst using the original ifindex for multicast
      
         - eth: bnxt_en:
            - fix XDP RX path if BPF adjusted packet length
            - fix HDS (header placement) and jumbo thresholds for RX packets
      
         - eth: ice: xsk: do not use xdp_return_frame() on tx_buf->raw_buf,
           avoid memory corruptions
      
        Previous releases - always broken:
      
         - ulp: prevent ULP without clone op from entering the LISTEN status
      
         - veth: fix race with AF_XDP exposing old or uninitialized
           descriptors
      
         - bpf:
            - pull before calling skb_postpull_rcsum() (fix checksum support
              and avoid a WARN())
            - fix panic due to wrong pageattr of im->image (when livepatch and
              kretfunc coexist)
            - keep a reference to the mm, in case the task is dead
      
         - mptcp: fix deadlock in fastopen error path
      
         - netfilter:
            - nf_tables: perform type checking for existing sets
            - nf_tables: honor set timeout and garbage collection updates
            - ipset: fix hash:net,port,net hang with /0 subnet
            - ipset: avoid hung task warning when adding/deleting entries
      
         - selftests: net:
            - fix cmsg_so_mark.sh test hang on non-x86 systems
            - fix the arp_ndisc_evict_nocarrier test for IPv6
      
         - usb: rndis_host: secure rndis_query check against int overflow
      
         - eth: r8169: fix dmar pte write access during suspend/resume with
           WOL
      
         - eth: lan966x: fix configuration of the PCS
      
         - eth: sparx5: fix reading of the MAC address
      
         - eth: qed: allow sleep in qed_mcp_trace_dump()
      
         - eth: hns3:
            - fix interrupts re-initialization after VF FLR
            - fix handling of promisc when MAC addr table gets full
            - refine the handling for VF heartbeat
      
         - eth: mlx5:
            - properly handle ingress QinQ-tagged packets on VST
            - fix io_eq_size and event_eq_size params validation on big endian
            - fix RoCE setting at HCA level if not supported at all
            - don't turn CQE compression on by default for IPoIB
      
         - eth: ena:
            - fix toeplitz initial hash key value
            - account for the number of XDP-processed bytes in interface stats
            - fix rx_copybreak value update
      
        Misc:
      
         - ethtool: harden phy stat handling against buggy drivers
      
         - docs: netdev: convert maintainer's doc from FAQ to a normal
           document"
      
      * tag 'net-6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (112 commits)
        caif: fix memory leak in cfctrl_linkup_request()
        inet: control sockets should not use current thread task_frag
        net/ulp: prevent ULP without clone op from entering the LISTEN status
        qed: allow sleep in qed_mcp_trace_dump()
        MAINTAINERS: Update maintainers for ptp_vmw driver
        usb: rndis_host: Secure rndis_query check against int overflow
        net: dpaa: Fix dtsec check for PCS availability
        octeontx2-pf: Fix lmtst ID used in aura free
        drivers/net/bonding/bond_3ad: return when there's no aggregator
        netfilter: ipset: Rework long task execution when adding/deleting entries
        netfilter: ipset: fix hash:net,port,net hang with /0 subnet
        net: sparx5: Fix reading of the MAC address
        vxlan: Fix memory leaks in error path
        net: sched: htb: fix htb_classify() kernel-doc
        net: sched: cbq: dont intepret cls results when asked to drop
        net: sched: atm: dont intepret cls results when asked to drop
        dt-bindings: net: marvell,orion-mdio: Fix examples
        dt-bindings: net: sun8i-emac: Add phy-supply property
        net: ipa: use proper endpoint mask for suspend
        selftests: net: return non-zero for failures reported in arp_ndisc_evict_nocarrier
        ...
      50011c32
    • Linus Torvalds's avatar
      Merge tag 'gpio-fixes-for-v6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux · aa01a183
      Linus Torvalds authored
      Pull gpio fixes from Bartosz Golaszewski:
       "A reference leak fix, two fixes for using uninitialized variables and
        more drivers converted to using immutable irqchips:
      
         - fix a reference leak in gpio-sifive
      
         - fix a potential use of an uninitialized variable in core gpiolib
      
         - fix a potential use of an uninitialized variable in gpio-pca953x
      
         - make GPIO irqchips immutable in gpio-pmic-eic-sprd, gpio-eic-sprd
           and gpio-sprd"
      
      * tag 'gpio-fixes-for-v6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux:
        gpio: sifive: Fix refcount leak in sifive_gpio_probe
        gpio: sprd: Make the irqchip immutable
        gpio: pmic-eic-sprd: Make the irqchip immutable
        gpio: eic-sprd: Make the irqchip immutable
        gpio: pca953x: avoid to use uninitialized value pinctrl
        gpiolib: Fix using uninitialized lookup-flags on ACPI platforms
      aa01a183
    • Linus Torvalds's avatar
      Merge tag 'fbdev-for-6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev · 5e9af4b4
      Linus Torvalds authored
      Pull fbdev fixes from Helge Deller:
      
       - Fix Matrox G200eW initialization failure
      
       - Fix build failure of offb driver when built as module
      
       - Optimize stack usage in omapfb
      
      * tag 'fbdev-for-6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev:
        fbdev: omapfb: avoid stack overflow warning
        fbdev: matroxfb: G200eW: Increase max memory from 1 MB to 16 MB
        fbdev: atyfb: use strscpy() to instead of strncpy()
        fbdev: omapfb: use strscpy() to instead of strncpy()
        fbdev: make offb driver tristate
      5e9af4b4
    • Arnd Bergmann's avatar
      fbdev: omapfb: avoid stack overflow warning · 634cf6ea
      Arnd Bergmann authored
      The dsi_irq_stats structure is a little too big to fit on the
      stack of a 32-bit task, depending on the specific gcc options:
      
      fbdev/omap2/omapfb/dss/dsi.c: In function 'dsi_dump_dsidev_irqs':
      fbdev/omap2/omapfb/dss/dsi.c:1621:1: error: the frame size of 1064 bytes is larger than 1024 bytes [-Werror=frame-larger-than=]
      
      Since this is only a debugfs file, performance is not critical,
      so just dynamically allocate it, and print an error message
      in there in place of a failure code when the allocation fails.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarHelge Deller <deller@gmx.de>
      634cf6ea
    • Zhengchao Shao's avatar
      caif: fix memory leak in cfctrl_linkup_request() · fe69230f
      Zhengchao Shao authored
      When linktype is unknown or kzalloc failed in cfctrl_linkup_request(),
      pkt is not released. Add release process to error path.
      
      Fixes: b482cd20 ("net-caif: add CAIF core protocol stack")
      Fixes: 8d545c8f ("caif: Disconnect without waiting for response")
      Signed-off-by: default avatarZhengchao Shao <shaozhengchao@huawei.com>
      Reviewed-by: default avatarJiri Pirko <jiri@nvidia.com>
      Link: https://lore.kernel.org/r/20230104065146.1153009-1-shaozhengchao@huawei.comSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      fe69230f
    • Eric Dumazet's avatar
      inet: control sockets should not use current thread task_frag · 1ac88557
      Eric Dumazet authored
      Because ICMP handlers run from softirq contexts,
      they must not use current thread task_frag.
      
      Previously, all sockets allocated by inet_ctl_sock_create()
      would use the per-socket page fragment, with no chance of
      recursion.
      
      Fixes: 98123866 ("Treewide: Stop corrupting socket's task_frag")
      Reported-by: syzbot+bebc6f1acdf4cbb79b03@syzkaller.appspotmail.com
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Cc: Benjamin Coddington <bcodding@redhat.com>
      Acked-by: default avatarGuillaume Nault <gnault@redhat.com>
      Link: https://lore.kernel.org/r/20230103192736.454149-1-edumazet@google.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      1ac88557
    • Paolo Abeni's avatar
      net/ulp: prevent ULP without clone op from entering the LISTEN status · 2c02d41d
      Paolo Abeni authored
      When an ULP-enabled socket enters the LISTEN status, the listener ULP data
      pointer is copied inside the child/accepted sockets by sk_clone_lock().
      
      The relevant ULP can take care of de-duplicating the context pointer via
      the clone() operation, but only MPTCP and SMC implement such op.
      
      Other ULPs may end-up with a double-free at socket disposal time.
      
      We can't simply clear the ULP data at clone time, as TLS replaces the
      socket ops with custom ones assuming a valid TLS ULP context is
      available.
      
      Instead completely prevent clone-less ULP sockets from entering the
      LISTEN status.
      
      Fixes: 734942cc ("tcp: ULP infrastructure")
      Reported-by: default avatarslipper <slipper.alive@gmail.com>
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      Link: https://lore.kernel.org/r/4b80c3d1dbe3d0ab072f80450c202d9bc88b4b03.1672740602.git.pabeni@redhat.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      2c02d41d
    • Caleb Sander's avatar
      qed: allow sleep in qed_mcp_trace_dump() · 5401c3e0
      Caleb Sander authored
      By default, qed_mcp_cmd_and_union() delays 10us at a time in a loop
      that can run 500K times, so calls to qed_mcp_nvm_rd_cmd()
      may block the current thread for over 5s.
      We observed thread scheduling delays over 700ms in production,
      with stacktraces pointing to this code as the culprit.
      
      qed_mcp_trace_dump() is called from ethtool, so sleeping is permitted.
      It already can sleep in qed_mcp_halt(), which calls qed_mcp_cmd().
      Add a "can sleep" parameter to qed_find_nvram_image() and
      qed_nvram_read() so they can sleep during qed_mcp_trace_dump().
      qed_mcp_trace_get_meta_info() and qed_mcp_trace_read_meta(),
      called only by qed_mcp_trace_dump(), allow these functions to sleep.
      I can't tell if the other caller (qed_grc_dump_mcp_hw_dump()) can sleep,
      so keep b_can_sleep set to false when it calls these functions.
      
      An example stacktrace from a custom warning we added to the kernel
      showing a thread that has not scheduled despite long needing resched:
      [ 2745.362925,17] ------------[ cut here ]------------
      [ 2745.362941,17] WARNING: CPU: 23 PID: 5640 at arch/x86/kernel/irq.c:233 do_IRQ+0x15e/0x1a0()
      [ 2745.362946,17] Thread not rescheduled for 744 ms after irq 99
      [ 2745.362956,17] Modules linked in: ...
      [ 2745.363339,17] CPU: 23 PID: 5640 Comm: lldpd Tainted: P           O    4.4.182+ #202104120910+6d1da174272d.61x
      [ 2745.363343,17] Hardware name: FOXCONN MercuryB/Quicksilver Controller, BIOS H11P1N09 07/08/2020
      [ 2745.363346,17]  0000000000000000 ffff885ec07c3ed8 ffffffff8131eb2f ffff885ec07c3f20
      [ 2745.363358,17]  ffffffff81d14f64 ffff885ec07c3f10 ffffffff81072ac2 ffff88be98ed0000
      [ 2745.363369,17]  0000000000000063 0000000000000174 0000000000000074 0000000000000000
      [ 2745.363379,17] Call Trace:
      [ 2745.363382,17]  <IRQ>  [<ffffffff8131eb2f>] dump_stack+0x8e/0xcf
      [ 2745.363393,17]  [<ffffffff81072ac2>] warn_slowpath_common+0x82/0xc0
      [ 2745.363398,17]  [<ffffffff81072b4c>] warn_slowpath_fmt+0x4c/0x50
      [ 2745.363404,17]  [<ffffffff810d5a8e>] ? rcu_irq_exit+0xae/0xc0
      [ 2745.363408,17]  [<ffffffff817c99fe>] do_IRQ+0x15e/0x1a0
      [ 2745.363413,17]  [<ffffffff817c7ac9>] common_interrupt+0x89/0x89
      [ 2745.363416,17]  <EOI>  [<ffffffff8132aa74>] ? delay_tsc+0x24/0x50
      [ 2745.363425,17]  [<ffffffff8132aa04>] __udelay+0x34/0x40
      [ 2745.363457,17]  [<ffffffffa04d45ff>] qed_mcp_cmd_and_union+0x36f/0x7d0 [qed]
      [ 2745.363473,17]  [<ffffffffa04d5ced>] qed_mcp_nvm_rd_cmd+0x4d/0x90 [qed]
      [ 2745.363490,17]  [<ffffffffa04e1dc7>] qed_mcp_trace_dump+0x4a7/0x630 [qed]
      [ 2745.363504,17]  [<ffffffffa04e2556>] ? qed_fw_asserts_dump+0x1d6/0x1f0 [qed]
      [ 2745.363520,17]  [<ffffffffa04e4ea7>] qed_dbg_mcp_trace_get_dump_buf_size+0x37/0x80 [qed]
      [ 2745.363536,17]  [<ffffffffa04ea881>] qed_dbg_feature_size+0x61/0xa0 [qed]
      [ 2745.363551,17]  [<ffffffffa04eb427>] qed_dbg_all_data_size+0x247/0x260 [qed]
      [ 2745.363560,17]  [<ffffffffa0482c10>] qede_get_regs_len+0x30/0x40 [qede]
      [ 2745.363566,17]  [<ffffffff816c9783>] ethtool_get_drvinfo+0xe3/0x190
      [ 2745.363570,17]  [<ffffffff816cc152>] dev_ethtool+0x1362/0x2140
      [ 2745.363575,17]  [<ffffffff8109bcc6>] ? finish_task_switch+0x76/0x260
      [ 2745.363580,17]  [<ffffffff817c2116>] ? __schedule+0x3c6/0x9d0
      [ 2745.363585,17]  [<ffffffff810dbd50>] ? hrtimer_start_range_ns+0x1d0/0x370
      [ 2745.363589,17]  [<ffffffff816c1e5b>] ? dev_get_by_name_rcu+0x6b/0x90
      [ 2745.363594,17]  [<ffffffff816de6a8>] dev_ioctl+0xe8/0x710
      [ 2745.363599,17]  [<ffffffff816a58a8>] sock_do_ioctl+0x48/0x60
      [ 2745.363603,17]  [<ffffffff816a5d87>] sock_ioctl+0x1c7/0x280
      [ 2745.363608,17]  [<ffffffff8111f393>] ? seccomp_phase1+0x83/0x220
      [ 2745.363612,17]  [<ffffffff811e3503>] do_vfs_ioctl+0x2b3/0x4e0
      [ 2745.363616,17]  [<ffffffff811e3771>] SyS_ioctl+0x41/0x70
      [ 2745.363619,17]  [<ffffffff817c6ffe>] entry_SYSCALL_64_fastpath+0x1e/0x79
      [ 2745.363622,17] ---[ end trace f6954aa440266421 ]---
      
      Fixes: c965db44 ("qed: Add support for debug data collection")
      Signed-off-by: default avatarCaleb Sander <csander@purestorage.com>
      Acked-by: default avatarAlok Prasad <palok@marvell.com>
      Link: https://lore.kernel.org/r/20230103233021.1457646-1-csander@purestorage.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      5401c3e0
    • Jakub Kicinski's avatar
      Merge tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf · 49d9601b
      Jakub Kicinski authored
      Alexei Starovoitov says:
      
      ====================
      bpf 2023-01-04
      
      We've added 5 non-merge commits during the last 8 day(s) which contain
      a total of 5 files changed, 112 insertions(+), 18 deletions(-).
      
      The main changes are:
      
      1) Always use maximal size for copy_array in the verifier to fix
         KASAN tracking, from Kees.
      
      2) Fix bpf task iterator walking through dead tasks, from Kui-Feng.
      
      3) Make sure livepatch and bpf fexit can coexist, from Chuang.
      
      * tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf:
        bpf: Always use maximal size for copy_array()
        selftests/bpf: add a test for iter/task_vma for short-lived processes
        bpf: keep a reference to the mm, in case the task is dead.
        selftests/bpf: Temporarily disable part of btf_dump:var_data test.
        bpf: Fix panic due to wrong pageattr of im->image
      ====================
      
      Link: https://lore.kernel.org/r/20230104215500.79435-1-alexei.starovoitov@gmail.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      49d9601b
    • Linus Torvalds's avatar
      Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost · 41c03ba9
      Linus Torvalds authored
      Pull virtio updates from Michael Tsirkin:
       "Mostly fixes all over the place, a couple of cleanups"
      
      * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost: (32 commits)
        virtio_blk: Fix signedness bug in virtblk_prep_rq()
        vdpa_sim_net: should not drop the multicast/broadcast packet
        vdpasim: fix memory leak when freeing IOTLBs
        vdpa: conditionally fill max max queue pair for stats
        vdpa/vp_vdpa: fix kfree a wrong pointer in vp_vdpa_remove
        vduse: Validate vq_num in vduse_validate_config()
        tools/virtio: remove smp_read_barrier_depends()
        tools/virtio: remove stray characters
        vhost_vdpa: fix the crash in unmap a large memory
        virtio: Implementing attribute show with sysfs_emit
        virtio-crypto: fix memory leak in virtio_crypto_alg_skcipher_close_session()
        tools/virtio: Variable type completion
        vdpa_sim: fix vringh initialization in vdpasim_queue_ready()
        virtio_blk: use UINT_MAX instead of -1U
        vhost-vdpa: fix an iotlb memory leak
        vhost: fix range used in translate_desc()
        vringh: fix range used in iotlb_translate()
        vhost/vsock: Fix error handling in vhost_vsock_init()
        vdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init()
        tools: Delete the unneeded semicolon after curly braces
        ...
      41c03ba9
  3. 04 Jan, 2023 11 commits
  4. 03 Jan, 2023 15 commits
    • Thomas Richter's avatar
      perf lock contention: Fix core dump related to not finding the "__sched_text_end" symbol on s/390 · d8d85ce8
      Thomas Richter authored
      The test case perf lock contention dumps core on s390. Run the following
      commands:
      
        # ./perf lock record -- ./perf bench sched messaging
        # Running 'sched/messaging' benchmark:
        # 20 sender and receiver processes per group
        # 10 groups == 400 processes run
      
            Total time: 2.799 [sec]
        [ perf record: Woken up 1 times to write data ]
        [ perf record: Captured and wrote 0.073 MB perf.data (100 samples) ]
        #
        # ./perf lock contention
        Segmentation fault (core dumped)
        #
      
      The function call stack is lengthy, here are the top 5 functions:
      
        # gdb ./perf core.24048
        GNU gdb (GDB) Fedora Linux 12.1-6.fc37
        Core was generated by `./perf lock contention'.
        Program terminated with signal SIGSEGV, Segmentation fault.
        #0  0x00000000011dd25c in machine__is_lock_function (machine=0x3029e28, addr=1789230) at util/machine.c:3356
               3356 machine->sched.text_end = kmap->unmap_ip(kmap, sym->start);
      
       (gdb) where
        #0  0x00000000011dd25c in machine__is_lock_function (machine=0x3029e28, addr=1789230) at util/machine.c:3356
        #1  0x000000000109f244 in callchain_id (evsel=0x30313e0, sample=0x3ffea4f77d0) at builtin-lock.c:957
        #2  0x000000000109e094 in get_key_by_aggr_mode (key=0x3ffea4f7290, addr=27758136, evsel=0x30313e0, sample=0x3ffea4f77d0) at builtin-lock.c:586
        #3  0x000000000109f4d0 in report_lock_contention_begin_event (evsel=0x30313e0, sample=0x3ffea4f77d0) at builtin-lock.c:1004
        #4  0x00000000010a00ae in evsel__process_contention_begin (evsel=0x30313e0, sample=0x3ffea4f77d0) at builtin-lock.c:1254
        #5  0x00000000010a0e14 in process_sample_event (tool=0x3ffea4f8480, event=0x3ff85601ef8, sample=0x3ffea4f77d0, evsel=0x30313e0, machine=0x3029e28) at builtin-lock.c:1464
        .....
      
      The issue is in function machine__is_lock_function() in file
      ./util/machine.c lines 3355:
      
         /* should not fail from here */
         sym = machine__find_kernel_symbol_by_name(machine, "__sched_text_end", &kmap);
         machine->sched.text_end = kmap->unmap_ip(kmap, sym->start)
      
      On s390 the symbol __sched_text_end is *NOT* in the symbol list and the
      resulting pointer sym is set to NULL. The sym->start is then a NULL pointer
      access and generates the core dump.
      
      The reason why __sched_text_end is not in the symbol list on s390 is
      simple:
      
      When the symbol list is created at perf start up with function calls
      
        dso__load
        +--> dso__load_vmlinux_path
             +--> dso__load_vmlinux
                  +--> dso__load_sym
      	         +--> dso__load_sym_internal (reads kernel symbols)
      		 +--> symbols__fixup_end
      		 +--> symbols__fixup_duplicate
      
      The issue is in function symbols__fixup_duplicate(). It deletes all
      symbols with have the same address. On s390:
      
        # nm -g  ~/linux/vmlinux| fgrep c68390
        0000000000c68390 T __cpuidle_text_start
        0000000000c68390 T __sched_text_end
        #
      
      two symbols have identical addresses and __sched_text_end is considered
      duplicate (in ascending sort order) and removed from the symbol list.
      Therefore it is missing and an invalid pointer reference occurs.  The
      code checks for symbol __sched_text_start and when it exists assumes
      symbol __sched_text_end is also in the symbol table. However this is not
      the case on s390.
      
      Same situation exists for symbol __lock_text_start:
      
      0000000000c68770 T __cpuidle_text_end
      0000000000c68770 T __lock_text_start
      
      This symbol is also removed from the symbol table but used in function
      machine__is_lock_function().
      
      To fix this and keep duplicate symbols in the symbol table, set
      symbol_conf.allow_aliases to true. This prevents the removal of
      duplicate symbols in function symbols__fixup_duplicate().
      
      Output After:
      
       # ./perf lock contention
       contended total wait  max wait  avg wait    type   caller
      
              48   124.39 ms 123.99 ms   2.59 ms rwsem:W unlink_anon_vmas+0x24a
              47    83.68 ms  83.26 ms   1.78 ms rwsem:W free_pgtables+0x132
               5    41.22 us  10.55 us   8.24 us rwsem:W free_pgtables+0x140
               4    40.12 us  20.55 us  10.03 us rwsem:W copy_process+0x1ac8
       #
      
      Fixes: 0d2997f7 ("perf lock: Look up callchain for the contended locks")
      Signed-off-by: default avatarThomas Richter <tmricht@linux.ibm.com>
      Acked-by: default avatarNamhyung Kim <namhyung@kernel.org>
      Cc: Heiko Carstens <hca@linux.ibm.com>
      Cc: Sumanth Korikkar <sumanthk@linux.ibm.com>
      Cc: Sven Schnelle <svens@linux.ibm.com>
      Cc: Vasily Gorbik <gor@linux.ibm.com>
      Link: https://lore.kernel.org/r/20221230102627.2410847-1-tmricht@linux.ibm.comSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      d8d85ce8
    • Ian Rogers's avatar
      perf build: Don't propagate subdir to submakes for install_headers · f89fb557
      Ian Rogers authored
      subdir is added to the OUTPUT which fails as part of building
      install_headers when passed from "make -C tools perf_install".
      
      Committer testing:
      
      The original reporter (see the Link: below) had trouble with this:
      
      $ make -C tools perf_install
      
      That ended up with errors like this:
      
        /var/home/acme/git/perf-urgent/tools/scripts/Makefile.include:17: *** output directory "/var/home/acme/git/perf-urgent/tools/perf/libperf/perf/" does not exist.  Stop.
      
      With this patch applied we now get it installed at:
      
        INSTALL /var/home/acme/git/perf-urgent/tools/perf/libperf/include/perf/bpf_perf.h
      
      As expected:
      
        $ ls -la /var/home/acme/git/perf-urgent/tools/perf/libperf/include/perf/bpf_perf.h
        -rw-r--r--. 1 acme acme 1146 Jan  3 15:42 /var/home/acme/git/perf-urgent/tools/perf/libperf/include/perf/bpf_perf.h
      
      And if we clean tools with:
      
        $ make -C tools clean
      
      it gets cleaned up:
      
        $ ls -la /var/home/acme/git/perf-urgent/tools/perf/libperf/include/perf/bpf_perf.h
        ls: cannot access '/var/home/acme/git/perf-urgent/tools/perf/libperf/include/perf/bpf_perf.h': No such file or directory
        $
      
      Fixes: 746bd29e ("perf build: Use tools/lib headers from install path")
      Reported-by: default avatarTorsten Hilbrich <torsten.hilbrich@secunet.com>
      Signed-off-by: default avatarIan Rogers <irogers@google.com>
      Tested-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: Jiri Olsa <jolsa@kernel.org>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Link: https://lore.kernel.org/r/fa4b3115-d555-3d7f-54d1-018002e99350@secunet.comSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      f89fb557
    • Chris Wilson's avatar
      perf/x86/rapl: Treat Tigerlake like Icelake · c07311b5
      Chris Wilson authored
      Since Tigerlake seems to have inherited its cstates and other RAPL power
      caps from Icelake, assume it also follows Icelake for its RAPL events.
      Signed-off-by: default avatarChris Wilson <chris@chris-wilson.co.uk>
      Signed-off-by: default avatarRodrigo Vivi <rodrigo.vivi@intel.com>
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Stephane Eranian <eranian@google.com>
      Cc: Zhang Rui <rui.zhang@intel.com>
      Link: https://lore.kernel.org/r/20221228113454.1199118-1-rodrigo.vivi@intel.com
      c07311b5
    • Jason A. Donenfeld's avatar
      x86/insn: Avoid namespace clash by separating instruction decoder MMIO type from MMIO trace type · 72bb8f8c
      Jason A. Donenfeld authored
      Both <linux/mmiotrace.h> and <asm/insn-eval.h> define various MMIO_ enum constants,
      whose namespace overlaps.
      
      Rename the <asm/insn-eval.h> ones to have a INSN_ prefix, so that the headers can be
      used from the same source file.
      Signed-off-by: default avatarJason A. Donenfeld <Jason@zx2c4.com>
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      Link: https://lore.kernel.org/r/20230101162910.710293-2-Jason@zx2c4.com
      72bb8f8c
    • Jaegeuk Kim's avatar
      f2fs: let's avoid panic if extent_tree is not created · df9d44b6
      Jaegeuk Kim authored
      This patch avoids the below panic.
      
      pc : __lookup_extent_tree+0xd8/0x760
      lr : f2fs_do_write_data_page+0x104/0x87c
      sp : ffffffc010cbb3c0
      x29: ffffffc010cbb3e0 x28: 0000000000000000
      x27: ffffff8803e7f020 x26: ffffff8803e7ed40
      x25: ffffff8803e7f020 x24: ffffffc010cbb460
      x23: ffffffc010cbb480 x22: 0000000000000000
      x21: 0000000000000000 x20: ffffffff22e90900
      x19: 0000000000000000 x18: ffffffc010c5d080
      x17: 0000000000000000 x16: 0000000000000020
      x15: ffffffdb1acdbb88 x14: ffffff888759e2b0
      x13: 0000000000000000 x12: ffffff802da49000
      x11: 000000000a001200 x10: ffffff8803e7ed40
      x9 : ffffff8023195800 x8 : ffffff802da49078
      x7 : 0000000000000001 x6 : 0000000000000000
      x5 : 0000000000000006 x4 : ffffffc010cbba28
      x3 : 0000000000000000 x2 : ffffffc010cbb480
      x1 : 0000000000000000 x0 : ffffff8803e7ed40
      Call trace:
       __lookup_extent_tree+0xd8/0x760
       f2fs_do_write_data_page+0x104/0x87c
       f2fs_write_single_data_page+0x420/0xb60
       f2fs_write_cache_pages+0x418/0xb1c
       __f2fs_write_data_pages+0x428/0x58c
       f2fs_write_data_pages+0x30/0x40
       do_writepages+0x88/0x190
       __writeback_single_inode+0x48/0x448
       writeback_sb_inodes+0x468/0x9e8
       __writeback_inodes_wb+0xb8/0x2a4
       wb_writeback+0x33c/0x740
       wb_do_writeback+0x2b4/0x400
       wb_workfn+0xe4/0x34c
       process_one_work+0x24c/0x5bc
       worker_thread+0x3e8/0xa50
       kthread+0x150/0x1b4
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      df9d44b6
    • Jaegeuk Kim's avatar
      f2fs: should use a temp extent_info for lookup · 22a341b4
      Jaegeuk Kim authored
      Otherwise, __lookup_extent_tree() will override the given extent_info which will
      be used by caller.
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      22a341b4
    • Jaegeuk Kim's avatar
      f2fs: don't mix to use union values in extent_info · ed272476
      Jaegeuk Kim authored
      Let's explicitly use the defined values in block_age case only.
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      ed272476
    • Jaegeuk Kim's avatar
      f2fs: initialize extent_cache parameter · fe59109a
      Jaegeuk Kim authored
      This can avoid confusing tracepoint values.
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      fe59109a
    • Chao Yu's avatar
      f2fs: fix to avoid NULL pointer dereference in f2fs_issue_flush() · b3d83066
      Chao Yu authored
      With below two cases, it will cause NULL pointer dereference when
      accessing SM_I(sbi)->fcc_info in f2fs_issue_flush().
      
      a) If kthread_run() fails in f2fs_create_flush_cmd_control(), it will
      release SM_I(sbi)->fcc_info,
      
      - mount -o noflush_merge /dev/vda /mnt/f2fs
      - mount -o remount,flush_merge /dev/vda /mnt/f2fs  -- kthread_run() fails
      - dd if=/dev/zero of=/mnt/f2fs/file bs=4k count=1 conv=fsync
      
      b) we will never allocate memory for SM_I(sbi)->fcc_info w/ below
      testcase,
      
      - mount -o ro /dev/vda /mnt/f2fs
      - mount -o rw,remount /dev/vda /mnt/f2fs
      - dd if=/dev/zero of=/mnt/f2fs/file bs=4k count=1 conv=fsync
      
      In order to fix this issue, let change as below:
      - fix error path handling in f2fs_create_flush_cmd_control().
      - allocate SM_I(sbi)->fcc_info even if readonly is on.
      Signed-off-by: default avatarChao Yu <chao@kernel.org>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      b3d83066
    • Mikulas Patocka's avatar
      x86/asm: Fix an assembler warning with current binutils · 55d23536
      Mikulas Patocka authored
      Fix a warning: "found `movsd'; assuming `movsl' was meant"
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      Cc: linux-kernel@vger.kernel.org
      55d23536
    • Arnaldo Carvalho de Melo's avatar
      perf test record_probe_libc_inet_pton: Fix failure due to extra inet_pton()... · b963c1d6
      Arnaldo Carvalho de Melo authored
      perf test record_probe_libc_inet_pton: Fix failure due to extra inet_pton() backtrace in glibc >= 2.35
      
      Starting with glibc 2.35 there are extra inet_pton() calls when doing a
      IPv6 ping as in one of the 'perf test' entry, which makes it fail:
      
        # perf test inet_pton
        89: probe libc's inet_pton & backtrace it with ping   : FAILED!
        #
      
      If we look at what this script is expecting (commenting out the removal
      of the temporary files in it):
      
        # cat /tmp/expected.aT6
        ping[][0-9 \.:]+probe_libc:inet_pton: \([[:xdigit:]]+\)
        .*inet_pton\+0x[[:xdigit:]]+[[:space:]]\(/usr/lib64/libc.so.6|inlined\)$
        getaddrinfo\+0x[[:xdigit:]]+[[:space:]]\(/usr/lib64/libc.so.6\)$
        .*(\+0x[[:xdigit:]]+|\[unknown\])[[:space:]]\(.*/bin/ping.*\)$
        #
      
      And looking at what we are getting out of 'perf script', to match with
      the above:
      
        # cat /tmp/perf.script.IUC
        ping 623883 [006] 265438.471610: probe_libc:inet_pton: (7f32bcf314c0)
                          1314c0 __GI___inet_pton+0x0 (/usr/lib64/libc.so.6)
                           29510 __libc_start_call_main+0x80 (/usr/lib64/libc.so.6)
      
        ping 623883 [006] 265438.471664: probe_libc:inet_pton: (7f32bcf314c0)
                          1314c0 __GI___inet_pton+0x0 (/usr/lib64/libc.so.6)
                           fa6c6 getaddrinfo+0x126 (/usr/lib64/libc.so.6)
                            491e [unknown] (/usr/bin/ping)
        #
      
      We see that its just the first call to inet_pton() that didn't came thru
      getaddrinfo(), so if we ignore the first the script matches what it
      expects, testing that using 'perf probe' + 'perf record' + 'perf script'
      with callchains on userspace targets is producing the expected results.
      
      Since we don't have a 'perf script --skip' to help us here, use tac +
      grep to do that, resulting in a one liner that makes this script work on
      both older glibc versions as well as with 2.35.
      
      With it, on fedora 36, x86, glibc 2.35:
      
        # perf test inet_pton
         90: probe libc's inet_pton & backtrace it with ping                 : Ok
        # perf test -v inet_pton
         90: probe libc's inet_pton & backtrace it with ping                 :
        --- start ---
        test child forked, pid 627197
        ping 627220 1 267956.962402: probe_libc:inet_pton_1: (7f488bf314c0)
        1314c0 __GI___inet_pton+0x0 (/usr/lib64/libc.so.6)
        fa6c6 getaddrinfo+0x126 (/usr/lib64/libc.so.6)
        491e n (/usr/bin/ping)
        test child finished with 0
        ---- end ----
        probe libc's inet_pton & backtrace it with ping: Ok
        #
      
      And on Ubuntu 22.04.1 LTS on a Libre Computer ROC-RK3399-PC arm64 system:
      
      Before this patch it works (see that the script used has no 'tac' to
      remove the first event):
      
        root@roc-rk3399-pc:~# dpkg -l | grep libc-bin
        ii  libc-bin                                2.35-0ubuntu3.1                         arm64        GNU C Library: Binaries
        root@roc-rk3399-pc:~# grep -w tac ~acme/libexec/perf-core/tests/shell/record+probe_libc_inet_pton.sh
        root@roc-rk3399-pc:~# perf test inet_pton
         86: probe libc's inet_pton & backtrace it with ping                 : Ok
        root@roc-rk3399-pc:~# perf test -v inet_pton
         86: probe libc's inet_pton & backtrace it with ping                 :
        --- start ---
        test child forked, pid 1375
        ping 1399 [000] 4114.417450: probe_libc:inet_pton: (ffffb3e26120)
        106120 inet_pton+0x0 (/usr/lib/aarch64-linux-gnu/libc.so.6)
        d18bc getaddrinfo+0xec (/usr/lib/aarch64-linux-gnu/libc.so.6)
        2b68 [unknown] (/usr/bin/ping)
        test child finished with 0
        ---- end ----
        probe libc's inet_pton & backtrace it with ping: Ok
        root@roc-rk3399-pc:~#
      
      And after it continues to work:
      
        root@roc-rk3399-pc:~# grep -w tac ~acme/libexec/perf-core/tests/shell/record+probe_libc_inet_pton.sh
        	perf script -i $perf_data | tac | grep -m1 ^ping -B9 | tac > $perf_script
        root@roc-rk3399-pc:~# perf test inet_pton
         86: probe libc's inet_pton & backtrace it with ping                 : Ok
        root@roc-rk3399-pc:~# perf test -v inet_pton
         86: probe libc's inet_pton & backtrace it with ping                 :
        --- start ---
        test child forked, pid 6995
        ping 7019 [005] 4832.160741: probe_libc:inet_pton: (ffffa62e6120)
        106120 inet_pton+0x0 (/usr/lib/aarch64-linux-gnu/libc.so.6)
        d18bc getaddrinfo+0xec (/usr/lib/aarch64-linux-gnu/libc.so.6)
        2b68 [unknown] (/usr/bin/ping)
        test child finished with 0
        ---- end ----
        probe libc's inet_pton & backtrace it with ping: Ok
        root@roc-rk3399-pc:~#
      Reported-by: default avatarThomas Richter <tmricht@linux.ibm.com>
      Cc: Adrian Hunter <adrian.hunter@intel.com>
      Cc: Heiko Carstens <hca@linux.ibm.com>
      Cc: Ian Rogers <irogers@google.com>
      Cc: Jiri Olsa <jolsa@kernel.org>
      Cc: Masami Hiramatsu <mhiramat@kernel.org>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Sumanth Korikkar <sumanthk@linux.ibm.com>
      Cc: Sven Schnelle <svens@linux.ibm.com>
      Cc: Vasily Gorbik <gor@linux.ibm.com>
      Link: http://lore.kernel.org/lkml/Y7QyPkPlDYip3cZH@kernel.orgSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      b963c1d6
    • Szymon Heidrich's avatar
      usb: rndis_host: Secure rndis_query check against int overflow · c7dd1380
      Szymon Heidrich authored
      Variables off and len typed as uint32 in rndis_query function
      are controlled by incoming RNDIS response message thus their
      value may be manipulated. Setting off to a unexpectetly large
      value will cause the sum with len and 8 to overflow and pass
      the implemented validation step. Consequently the response
      pointer will be referring to a location past the expected
      buffer boundaries allowing information leakage e.g. via
      RNDIS_OID_802_3_PERMANENT_ADDRESS OID.
      
      Fixes: ddda0862 ("USB: rndis_host, various cleanups")
      Signed-off-by: default avatarSzymon Heidrich <szymon.heidrich@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      c7dd1380
    • Sean Anderson's avatar
      net: dpaa: Fix dtsec check for PCS availability · 7dc61838
      Sean Anderson authored
      We want to fail if the PCS is not available, not if it is available. Fix
      this condition.
      
      Fixes: 5d93cfcf ("net: dpaa: Convert to phylink")
      Reported-by: default avatarChristian Zigotzky <info@xenosoft.de>
      Signed-off-by: default avatarSean Anderson <seanga2@gmail.com>
      Reviewed-by: default avatarJiri Pirko <jiri@nvidia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7dc61838
    • Geetha sowjanya's avatar
      octeontx2-pf: Fix lmtst ID used in aura free · 4af1b64f
      Geetha sowjanya authored
      Current code uses per_cpu pointer to get the lmtst_id mapped to
      the core on which aura_free() is executed. Using per_cpu pointer
      without preemption disable causing mismatch between lmtst_id and
      core on which pointer gets freed. This patch fixes the issue by
      disabling preemption around aura_free.
      
      Fixes: ef6c8da7 ("octeontx2-pf: cn10K: Reserve LMTST lines per core")
      Signed-off-by: default avatarSunil Goutham <sgoutham@marvell.com>
      Signed-off-by: default avatarGeetha sowjanya <gakula@marvell.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4af1b64f
    • Daniil Tatianin's avatar
      drivers/net/bonding/bond_3ad: return when there's no aggregator · 9c807965
      Daniil Tatianin authored
      Otherwise we would dereference a NULL aggregator pointer when calling
      __set_agg_ports_ready on the line below.
      
      Found by Linux Verification Center (linuxtesting.org) with the SVACE
      static analysis tool.
      
      Fixes: 1da177e4 ("Linux-2.6.12-rc2")
      Signed-off-by: default avatarDaniil Tatianin <d-tatianin@yandex-team.ru>
      Reviewed-by: default avatarJiri Pirko <jiri@nvidia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9c807965