1. 29 Sep, 2022 4 commits
  2. 27 Sep, 2022 4 commits
    • Jiri Olsa's avatar
      bpf: Check flags for branch stack in bpf_read_branch_records helper · cce6a2d7
      Jiri Olsa authored
      Recent commit [1] changed branch stack data indication from
      br_stack pointer to sample_flags in perf_sample_data struct.
      
      We need to check sample_flags for PERF_SAMPLE_BRANCH_STACK
      bit for valid branch stack data.
      
      [1] a9a931e2 ("perf: Use sample_flags for branch stack")
      
      Fixes: a9a931e2 ("perf: Use sample_flags for branch stack")
      Signed-off-by: default avatarJiri Olsa <jolsa@kernel.org>
      Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
      Reviewed-by: default avatarKan Liang <kan.liang@linux.intel.com>
      Link: https://lore.kernel.org/r/20220927203259.590950-1-jolsa@kernel.org
      cce6a2d7
    • Marco Elver's avatar
      perf, hw_breakpoint: Fix use-after-free if perf_event_open() fails · 4674ffe2
      Marco Elver authored
      Local testing revealed that we can trigger a use-after-free during
      rhashtable lookup as follows:
      
       | BUG: KASAN: use-after-free in memcmp lib/string.c:757
       | Read of size 8 at addr ffff888107544dc0 by task perf-rhltable-n/1293
       |
       | CPU: 0 PID: 1293 Comm: perf-rhltable-n Not tainted 6.0.0-rc3-00014-g85260862789c #46
       | Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-4 04/01/2014
       | Call Trace:
       |  <TASK>
       |  memcmp			lib/string.c:757
       |  rhashtable_compare		include/linux/rhashtable.h:577 [inline]
       |  __rhashtable_lookup		include/linux/rhashtable.h:602 [inline]
       |  rhltable_lookup		include/linux/rhashtable.h:688 [inline]
       |  task_bp_pinned		kernel/events/hw_breakpoint.c:324
       |  toggle_bp_slot		kernel/events/hw_breakpoint.c:462
       |  __release_bp_slot		kernel/events/hw_breakpoint.c:631 [inline]
       |  release_bp_slot		kernel/events/hw_breakpoint.c:639
       |  register_perf_hw_breakpoint	kernel/events/hw_breakpoint.c:742
       |  hw_breakpoint_event_init	kernel/events/hw_breakpoint.c:976
       |  perf_try_init_event		kernel/events/core.c:11261
       |  perf_init_event		kernel/events/core.c:11325 [inline]
       |  perf_event_alloc		kernel/events/core.c:11619
       |  __do_sys_perf_event_open	kernel/events/core.c:12157
       |  do_syscall_x64 		arch/x86/entry/common.c:50 [inline]
       |  do_syscall_64		arch/x86/entry/common.c:80
       |  entry_SYSCALL_64_after_hwframe
       |  </TASK>
       |
       | Allocated by task 1292:
       |  perf_event_alloc		kernel/events/core.c:11505
       |  __do_sys_perf_event_open	kernel/events/core.c:12157
       |  do_syscall_x64		arch/x86/entry/common.c:50 [inline]
       |  do_syscall_64		arch/x86/entry/common.c:80
       |  entry_SYSCALL_64_after_hwframe
       |
       | Freed by task 1292:
       |  perf_event_alloc		kernel/events/core.c:11716
       |  __do_sys_perf_event_open	kernel/events/core.c:12157
       |  do_syscall_x64		arch/x86/entry/common.c:50 [inline]
       |  do_syscall_64		arch/x86/entry/common.c:80
       |  entry_SYSCALL_64_after_hwframe
       |
       | The buggy address belongs to the object at ffff888107544c00
       |  which belongs to the cache perf_event of size 1352
       | The buggy address is located 448 bytes inside of
       |  1352-byte region [ffff888107544c00, ffff888107545148)
      
      This happens because the first perf_event_open() managed to reserve a HW
      breakpoint slot, however, later fails for other reasons and returns. The
      second perf_event_open() runs concurrently, and during rhltable_lookup()
      looks up an entry which is being freed: since rhltable_lookup() may run
      concurrently (under the RCU read lock) with rhltable_remove(), we may
      end up with a stale entry, for which memory may also have already been
      freed when being accessed.
      
      To fix, only free the failed perf_event after an RCU grace period. This
      allows subsystems that store references to an event to always access it
      concurrently under the RCU read lock, even if initialization will fail.
      
      Given failure is unlikely and a slow-path, turning the immediate free
      into a call_rcu()-wrapped free does not affect performance elsewhere.
      
      Fixes: 0370dc31 ("perf/hw_breakpoint: Optimize list of per-task breakpoints")
      Reported-by: default avatarsyzkaller <syzkaller@googlegroups.com>
      Signed-off-by: default avatarMarco Elver <elver@google.com>
      Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
      Link: https://lkml.kernel.org/r/20220927172025.1636995-1-elver@google.com
      4674ffe2
    • Namhyung Kim's avatar
      perf: Use sample_flags for raw_data · 838d9bb6
      Namhyung Kim authored
      Use the new sample_flags to indicate whether the raw data field is
      filled by the PMU driver.  Although it could check with the NULL,
      follow the same rule with other fields.
      
      Remove the raw field from the perf_sample_data_init() to minimize
      the number of cache lines touched.
      Signed-off-by: default avatarNamhyung Kim <namhyung@kernel.org>
      Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
      Link: https://lkml.kernel.org/r/20220921220032.2858517-2-namhyung@kernel.org
      838d9bb6
    • Namhyung Kim's avatar
      perf: Use sample_flags for addr · 7b084630
      Namhyung Kim authored
      Use the new sample_flags to indicate whether the addr field is filled by
      the PMU driver.  As most PMU drivers pass 0, it can set the flag only if
      it has a non-zero value.  And use 0 in perf_sample_output() if it's not
      filled already.
      Signed-off-by: default avatarNamhyung Kim <namhyung@kernel.org>
      Signed-off-by: default avatarPeter Zijlstra (Intel) <peterz@infradead.org>
      Link: https://lkml.kernel.org/r/20220921220032.2858517-1-namhyung@kernel.org
      7b084630
  3. 25 Sep, 2022 8 commits
  4. 24 Sep, 2022 10 commits
  5. 23 Sep, 2022 14 commits
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · a63f2e7c
      Linus Torvalds authored
      Pull arm64 fixes from Will Deacon:
       "These are all very simple and self-contained, although the CFI
        jump-table fix touches the generic linker script as that's where the
        problematic macro lives.
      
         - Fix false positive "sleeping while atomic" warning resulting from
           the kPTI rework taking a mutex too early.
      
         - Fix possible overflow in AMU frequency calculation
      
         - Fix incorrect shift in CMN PMU driver which causes problems with
           newer versions of the IP
      
         - Reduce alignment of the CFI jump table to avoid huge kernel images
           and link errors with !4KiB page size configurations"
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        vmlinux.lds.h: CFI: Reduce alignment of jump-table to function alignment
        perf/arm-cmn: Add more bits to child node address offset field
        arm64: topology: fix possible overflow in amu_fie_setup()
        arm64: mm: don't acquire mutex when rewriting swapper
      a63f2e7c
    • Masahiro Yamada's avatar
      certs: make system keyring depend on built-in x509 parser · 2154aca2
      Masahiro Yamada authored
      Commit e9088629 ("certs: make system keyring depend on x509 parser")
      is not the right fix because x509_load_certificate_list() can be modular.
      
      The combination of CONFIG_SYSTEM_TRUSTED_KEYRING=y and
      CONFIG_X509_CERTIFICATE_PARSER=m still results in the following error:
      
          LD      .tmp_vmlinux.kallsyms1
        ld: certs/system_keyring.o: in function `load_system_certificate_list':
        system_keyring.c:(.init.text+0x8c): undefined reference to `x509_load_certificate_list'
        make: *** [Makefile:1169: vmlinux] Error 1
      
      Fixes: e9088629 ("certs: make system keyring depend on x509 parser")
      Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      Tested-by: default avatarAdam Borowski <kilobyte@angband.pl>
      2154aca2
    • Zeng Heng's avatar
      Kconfig: remove unused function 'menu_get_root_menu' · 03764b30
      Zeng Heng authored
      There is nowhere calling `menu_get_root_menu` function,
      so remove it.
      Signed-off-by: default avatarZeng Heng <zengheng4@huawei.com>
      Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      03764b30
    • yangxingwu's avatar
      scripts/clang-tools: remove unused module · 237fe727
      yangxingwu authored
      Remove unused imported 'os' module.
      Signed-off-by: default avataryangxingwu <xingwu.yang@gmail.com>
      Reviewed-by: default avatarNathan Chancellor <nathan@kernel.org>
      Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      237fe727
    • Ming Lei's avatar
      cgroup: cgroup_get_from_id() must check the looked-up kn is a directory · df02452f
      Ming Lei authored
      cgroup has to be one kernfs dir, otherwise kernel panic is caused,
      especially cgroup id is provide from userspace.
      Reported-by: default avatarMarco Patalano <mpatalan@redhat.com>
      Fixes: 6b658c48 ("scsi: cgroup: Add cgroup_get_from_id()")
      Cc: Muneendra <muneendra.kumar@broadcom.com>
      Signed-off-by: default avatarMing Lei <ming.lei@redhat.com>
      Acked-by: default avatarMukesh Ojha <quic_mojha@quicinc.com>
      Cc: stable@vger.kernel.org # v5.14+
      Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      df02452f
    • Linus Torvalds's avatar
      Merge tag 'driver-core-6.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core · 1707c39a
      Linus Torvalds authored
      Pull driver core fixes from Greg KH:
       "Here are two tiny driver core fixes for 6.0-rc7 that resolve some
        oft-reported problems.
      
        The first is a revert of the "fw_devlink.strict=1" default option that
        we keep trying to enable, but we keep finding platforms that this just
        breaks everything on. So again, we need it reverted and hopefully it
        can be worked on in future releases.
      
        The second is a sysfs file-size bugfix that resolves an issue that
        many people are starting to hit as the fix it is fixing also was
        backported to stable kernels. The util-linux developers are starting
        to get bugreports about sysfs files that contain no data because of
        this problem, and this fix which has been in linux-next in the
        bitfield tree for a long time, resolves it. I'm submitting it here as
        it needs to be merged for 6.0-final, not for 6.1-rc1.
      
        Both of these have been in linux-next with no reported issues, only
        reports were that these fixed problems"
      
      * tag 'driver-core-6.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
        drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES
        Revert "driver core: Set fw_devlink.strict=1 by default"
      1707c39a
    • Linus Torvalds's avatar
      Merge tag 'usb-6.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · 33a4e37e
      Linus Torvalds authored
      Pull USB / Thunderbolt driver fixes and ids from Greg KH:
       "Here are a few small USB and Thunderbolt driver fixes and new device
        ids for 6.0-rc7.
      
        They contain:
      
         - new usb-serial driver ids
      
         - documentation build warning fix in USB hub code
      
         - flexcop-usb long-posted bugfix (the v4l maintainer for this is MIA
           so I have finally picked this up as it is a fix for a reported
           problem.)
      
         - dwc3 64bit DMA bugfix
      
         - new thunderbolt device ids
      
         - typec build error fix
      
        All of these have been in linux-next with no reported issues"
      
      * tag 'usb-6.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
        usb: typec: anx7411: Fix build error without CONFIG_POWER_SUPPLY
        media: flexcop-usb: fix endpoint type check
        USB: serial: option: add Quectel RM520N
        USB: serial: option: add Quectel BG95 0x0203 composition
        thunderbolt: Add support for Intel Maple Ridge single port controller
        usb: dwc3: core: leave default DMA if the controller does not support 64-bit DMA
        USB: core: Fix RST error in hub.c
      33a4e37e
    • Linus Torvalds's avatar
      Merge tag 'landlock-6.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux · 9395cd7c
      Linus Torvalds authored
      Pull landlock fix from Mickaël Salaün:
       "Fix out-of-tree builds for Landlock tests"
      
      * tag 'landlock-6.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/mic/linux:
        selftests/landlock: Fix out-of-tree builds
      9395cd7c
    • Linus Torvalds's avatar
      Merge tag 'riscv-for-linus-6.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux · a7b7751a
      Linus Torvalds authored
      Pull RISC-V fixes from Palmer Dabbelt:
      
       - A handful of build fixes for the T-Head errata, including some
         functional issues the compilers found
      
       - A fix for a nasty sigreturn bug
      
      * tag 'riscv-for-linus-6.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
        RISC-V: Avoid coupling the T-Head CMOs and Zicbom
        riscv: fix a nasty sigreturn bug...
        riscv: make t-head erratas depend on MMU
        riscv: fix RISCV_ISA_SVPBMT kconfig dependency warning
        RISC-V: Clean up the Zicbom block size probing
      a7b7751a
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 317fab7e
      Linus Torvalds authored
      Pull kvm fixes from Paolo Bonzini:
       "As everyone back came back from conferences, here are the pending
        patches for Linux 6.0.
      
        ARM:
      
         - Fix for kmemleak with pKVM
      
        s390:
      
         - Fixes for VFIO with zPCI
      
         - smatch fix
      
        x86:
      
         - Ensure XSAVE-capable hosts always allow FP and SSE state to be
           saved and restored via KVM_{GET,SET}_XSAVE
      
         - Fix broken max_mmu_rmap_size stat
      
         - Fix compile error with old glibc that doesn't have gettid()"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: x86: Inject #UD on emulated XSETBV if XSAVES isn't enabled
        KVM: x86: Always enable legacy FP/SSE in allowed user XFEATURES
        KVM: x86: Reinstate kvm_vcpu_arch.guest_supported_xcr0
        KVM: x86/mmu: add missing update to max_mmu_rmap_size
        selftests: kvm: Fix a compile error in selftests/kvm/rseq_test.c
        KVM: s390: pci: register pci hooks without interpretation
        KVM: s390: pci: fix GAIT physical vs virtual pointers usage
        KVM: s390: Pass initialized arg even if unused
        KVM: s390: pci: fix plain integer as NULL pointer warnings
        KVM: arm64: Use kmemleak_free_part_phys() to unregister hyp_mem_base
      317fab7e
    • Linus Torvalds's avatar
      Merge tag 'for-linus-6.0-rc7-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip · 526e8262
      Linus Torvalds authored
      Pull xen fix from Juergen Gross:
       "A single fix for an issue in the xenbus driver (initialization of
        multi-page rings for Xen PV devices)"
      
      * tag 'for-linus-6.0-rc7-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
        xen/xenbus: fix xenbus_setup_ring()
      526e8262
    • Linus Torvalds's avatar
      Merge tag 'drm-fixes-2022-09-23-1' of git://anongit.freedesktop.org/drm/drm · 22565ae7
      Linus Torvalds authored
      Pull drm fixes from Dave Airlie:
       "Regular fixes for the week, i915, mediatek, hisilicon, mgag200 and
        panel have some small fixes.
      
        amdgpu has more stack size fixes for clang build, and fixes for new
        IPs, but all with low regression chances since they are for stuff new
        in v6.0.
      
        i915:
         - avoid a general protection failure when using perf/OA
         - avoid kernel warnings on driver release
      
        amdgpu:
         - SDMA 6.x fix
         - GPUVM TF fix
         - DCN 3.2.x fixes
         - DCN 3.1.x fixes
         - SMU 13.x fixes
         - Clang stack size fixes for recently enabled DML code
         - Fix drm dirty callback change on non-atomic cases
         - USB4 display fix
      
        mediatek:
         - dsi: Add atomic {destroy,duplicate}_state, reset callbacks
         - dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff()
         - Fix wrong dither settings
      
        hisilicon:
         - Depend on MMU
      
        mgag200:
         - Fix console on G200ER
      
        panel:
         - Fix innolux_g121i1_l01 bus format"
      
      * tag 'drm-fixes-2022-09-23-1' of git://anongit.freedesktop.org/drm/drm: (30 commits)
        MAINTAINERS: switch graphics to airlied other addresses
        drm/mediatek: dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff()
        drm/amd/display: Reduce number of arguments of dml314's CalculateFlipSchedule()
        drm/amd/display: Reduce number of arguments of dml314's CalculateWatermarksAndDRAMSpeedChangeSupport()
        drm/amdgpu: don't register a dirty callback for non-atomic
        drm/amd/pm: drop the pptable related workarounds for SMU 13.0.0
        drm/amd/pm: add support for 3794 pptable for SMU13.0.0
        drm/amd/display: correct num_dsc based on HW cap
        drm/amd/display: Disable OTG WA for the plane_state NULL case on DCN314
        drm/amd/display: Add shift and mask for ICH_RESET_AT_END_OF_LINE
        drm/amd/display: increase dcn315 pstate change latency
        drm/amd/display: Fix DP MST timeslot issue when fallback happened
        drm/amd/display: Display distortion after hotplug 5K tiled display
        drm/amd/display: Update dummy P-state search to use DCN32 DML
        drm/amd/display: skip audio setup when audio stream is enabled
        drm/amd/display: update gamut remap if plane has changed
        drm/amd/display: Assume an LTTPR is always present on fixed_vs links
        drm/amd/display: fix dcn315 memory channel count and width read
        drm/amd/display: Fix double cursor on non-video RGB MPO
        drm/amd/display: Only consider pixle rate div policy for DCN32+
        ...
      22565ae7
    • Paolo Bonzini's avatar
      Merge tag 'kvm-s390-master-6.0-2' of... · 69604fe7
      Paolo Bonzini authored
      Merge tag 'kvm-s390-master-6.0-2' of https://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux into HEAD
      
      More pci fixes
      Fix for a code analyser warning
      69604fe7
    • Will Deacon's avatar
      vmlinux.lds.h: CFI: Reduce alignment of jump-table to function alignment · 13b05669
      Will Deacon authored
      Due to undocumented, hysterical raisins on x86, the CFI jump-table
      sections in .text are needlessly aligned to PMD_SIZE in the vmlinux
      linker script. When compiling a CFI-enabled arm64 kernel with a 64KiB
      page-size, a PMD maps 512MiB of virtual memory and so the .text section
      increases to a whopping 940MiB and blows the final Image up to 960MiB.
      Others report a link failure.
      
      Since the CFI jump-table requires only instruction alignment, reduce the
      alignment directives to function alignment for parity with other parts
      of the .text section. This reduces the size of the .text section for the
      aforementioned 64KiB page size arm64 kernel to 19MiB for a much more
      reasonable total Image size of 39MiB.
      
      Cc: Sami Tolvanen <samitolvanen@google.com>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: "Mohan Rao .vanimina" <mailtoc.mohanrao@gmail.com>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Nathan Chancellor <nathan@kernel.org>
      Cc: <stable@vger.kernel.org>
      Link: https://lore.kernel.org/all/CAL_GTzigiNOMYkOPX1KDnagPhJtFNqSK=1USNbS0wUL4PW6-Uw@mail.gmail.com/
      Fixes: cf68fffb ("add support for Clang CFI")
      Reviewed-by: default avatarMark Rutland <mark.rutland@arm.com>
      Tested-by: default avatarMark Rutland <mark.rutland@arm.com>
      Reviewed-by: default avatarSami Tolvanen <samitolvanen@google.com>
      Reviewed-by: default avatarKees Cook <keescook@chromium.org>
      Link: https://lore.kernel.org/r/20220922215715.13345-1-will@kernel.orgSigned-off-by: default avatarWill Deacon <will@kernel.org>
      13b05669