1. 06 Jan, 2023 5 commits
    • Linus Torvalds's avatar
      Merge tag 'for-6.2-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux · fc7b76c4
      Linus Torvalds authored
      Pull btrfs fixes from David Sterba:
       "A few more regression and regular fixes:
      
         - regressions:
             - fix assertion condition using = instead of ==
             - fix false alert on bad tree level check
             - fix off-by-one error in delalloc search during lseek
      
         - fix compat ro feature check at read-write remount
      
         - handle case when read-repair happens with ongoing device replace
      
         - updated error messages"
      
      * tag 'for-6.2-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
        btrfs: fix compat_ro checks against remount
        btrfs: always report error in run_one_delayed_ref()
        btrfs: handle case when repair happens with dev-replace
        btrfs: fix off-by-one in delalloc search during lseek
        btrfs: fix false alert on bad tree level check
        btrfs: add error message for metadata level mismatch
        btrfs: fix ASSERT em->len condition in btrfs_get_extent
      fc7b76c4
    • Linus Torvalds's avatar
      Merge tag 'riscv-for-linus-6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux · a389e546
      Linus Torvalds authored
      Pull RISC-V fixes from Palmer Dabbelt:
      
       - use the correct mask for c.jr/c.jalr when decoding instructions
      
       - build fix for get_user() to avoid a sparse warning
      
      * tag 'riscv-for-linus-6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux:
        riscv: uaccess: fix type of 0 variable on error in get_user()
        riscv, kprobes: Stricter c.jr/c.jalr decoding
      a389e546
    • Linus Torvalds's avatar
      Merge tag 'perf-tools-fixes-for-v6.2-1-2023-01-06' of... · 56f81458
      Linus Torvalds authored
      Merge tag 'perf-tools-fixes-for-v6.2-1-2023-01-06' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux
      
      Pull perf tools fixes from Arnaldo Carvalho de Melo:
      
       - Fix segfault when trying to process tracepoints present in a
         perf.data file and not linked with libtraceevent.
      
       - Fix build on uClibc systems by adding missing sys/types.h include,
         that was being obtained indirectly which stopped being the case when
         tools/lib/traceevent was removed.
      
       - Don't show commands in 'perf help' that depend on linking with
         libtraceevent when not building with that library, which is now a
         possibility since we no longer ship a copy in tools/lib/traceevent.
      
       - Fix failure in 'perf test' entry testing the combination of 'perf
         probe' user space function + 'perf record' + 'perf script' where it
         expects a backtrace leading to glibc's inet_pton() from 'ping' that
         now happens more than once with glibc 2.35 for IPv6 addreses.
      
       - Fix for the inet_pton perf test on s/390 where
         'text_to_binary_address' now appears on the backtrace.
      
       - Fix build error on riscv due to missing header for 'struct
         perf_sample'.
      
       - Fix 'make -C tools perf_install' install variant by not propagating
         the 'subdir' to submakes for the 'install_headers' targets.
      
       - Fix handling of unsupported cgroup events when using BPF counters in
         'perf stat'.
      
       - Count all cgroups, not just the last one when using 'perf stat' and
         combining --for-each-cgroup with --bpf-counters.
      
         This makes the output using BPF counters match the output without
         using it, which was the intention all along, the output should be the
         same using --bpf-counters or not.
      
       - Fix 'perf lock contention' core dump related to not finding the
         "__sched_text_end" symbol on s/390.
      
       - Fix build failure when HEAD is signed: exclude the signature from the
         version string.
      
       - Add missing closedir() calls to in perf_data__open_dir(), plugging a
         fd leak.
      
      * tag 'perf-tools-fixes-for-v6.2-1-2023-01-06' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux:
        perf tools: Fix build on uClibc systems by adding missing sys/types.h include
        perf stat: Fix handling of --for-each-cgroup with --bpf-counters to match non BPF mode
        perf stat: Fix handling of unsupported cgroup events when using BPF counters
        perf test record_probe_libc_inet_pton: Fix test on s/390 where 'text_to_binary_address' now appears on the backtrace
        perf lock contention: Fix core dump related to not finding the "__sched_text_end" symbol on s/390
        perf build: Don't propagate subdir to submakes for install_headers
        perf test record_probe_libc_inet_pton: Fix failure due to extra inet_pton() backtrace in glibc >= 2.35
        perf tools: Fix segfault when trying to process tracepoints in perf.data and not linked with libtraceevent
        perf tools: Don't include signature in version strings
        perf help: Use HAVE_LIBTRACEEVENT to filter out unsupported commands
        perf tools riscv: Fix build error on riscv due to missing header for 'struct perf_sample'
        perf tools: Fix resources leak in perf_data__open_dir()
      56f81458
    • Linus Torvalds's avatar
      Merge tag 'perf-urgent-2023-01-06' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · d7a0853d
      Linus Torvalds authored
      Pull perf fix from Ingo Molnar:
       "Intel RAPL updates for new model IDs"
      
      * tag 'perf-urgent-2023-01-06' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        perf/x86/rapl: Add support for Intel Emerald Rapids
        perf/x86/rapl: Add support for Intel Meteor Lake
        perf/x86/rapl: Treat Tigerlake like Icelake
      d7a0853d
    • Linus Torvalds's avatar
      Merge tag 'v6.2-p2' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · 90bc52c5
      Linus Torvalds authored
      Pull crypto fixes from Herbert Xu:
       "This fixes a CFI crash in arm64/sm4 as well as a regression in the
        caam driver"
      
      * tag 'v6.2-p2' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
        crypto: arm64/sm4 - fix possible crash with CFI enabled
        crypto: caam - fix CAAM io mem access in blob_gen
      90bc52c5
  2. 05 Jan, 2023 13 commits
    • Linus Torvalds's avatar
      Merge tag 'thermal-6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · 1f5abbd7
      Linus Torvalds authored
      Pull thermal control fix from Rafael Wysocki:
       "Add a missing sysfs attribute to the int340x thermal driver (Srinivas
        Pandruvada)"
      
      * tag 'thermal-6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        thermal: int340x: Add missing attribute for data rate base
      1f5abbd7
    • Linus Torvalds's avatar
      Merge tag 'net-6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net · 50011c32
      Linus Torvalds authored
      Pull networking fixes from Jakub Kicinski:
       "Including fixes from bpf, wifi, and netfilter.
      
        Current release - regressions:
      
         - bpf: fix nullness propagation for reg to reg comparisons, avoid
           null-deref
      
         - inet: control sockets should not use current thread task_frag
      
         - bpf: always use maximal size for copy_array()
      
         - eth: bnxt_en: don't link netdev to a devlink port for VFs
      
        Current release - new code bugs:
      
         - rxrpc: fix a couple of potential use-after-frees
      
         - netfilter: conntrack: fix IPv6 exthdr error check
      
         - wifi: iwlwifi: fw: skip PPAG for JF, avoid FW crashes
      
         - eth: dsa: qca8k: various fixes for the in-band register access
      
         - eth: nfp: fix schedule in atomic context when sync mc address
      
         - eth: renesas: rswitch: fix getting mac address from device tree
      
         - mobile: ipa: use proper endpoint mask for suspend
      
        Previous releases - regressions:
      
         - tcp: add TIME_WAIT sockets in bhash2, fix regression caught by
           Jiri / python tests
      
         - net: tc: don't intepret cls results when asked to drop, fix
           oob-access
      
         - vrf: determine the dst using the original ifindex for multicast
      
         - eth: bnxt_en:
            - fix XDP RX path if BPF adjusted packet length
            - fix HDS (header placement) and jumbo thresholds for RX packets
      
         - eth: ice: xsk: do not use xdp_return_frame() on tx_buf->raw_buf,
           avoid memory corruptions
      
        Previous releases - always broken:
      
         - ulp: prevent ULP without clone op from entering the LISTEN status
      
         - veth: fix race with AF_XDP exposing old or uninitialized
           descriptors
      
         - bpf:
            - pull before calling skb_postpull_rcsum() (fix checksum support
              and avoid a WARN())
            - fix panic due to wrong pageattr of im->image (when livepatch and
              kretfunc coexist)
            - keep a reference to the mm, in case the task is dead
      
         - mptcp: fix deadlock in fastopen error path
      
         - netfilter:
            - nf_tables: perform type checking for existing sets
            - nf_tables: honor set timeout and garbage collection updates
            - ipset: fix hash:net,port,net hang with /0 subnet
            - ipset: avoid hung task warning when adding/deleting entries
      
         - selftests: net:
            - fix cmsg_so_mark.sh test hang on non-x86 systems
            - fix the arp_ndisc_evict_nocarrier test for IPv6
      
         - usb: rndis_host: secure rndis_query check against int overflow
      
         - eth: r8169: fix dmar pte write access during suspend/resume with
           WOL
      
         - eth: lan966x: fix configuration of the PCS
      
         - eth: sparx5: fix reading of the MAC address
      
         - eth: qed: allow sleep in qed_mcp_trace_dump()
      
         - eth: hns3:
            - fix interrupts re-initialization after VF FLR
            - fix handling of promisc when MAC addr table gets full
            - refine the handling for VF heartbeat
      
         - eth: mlx5:
            - properly handle ingress QinQ-tagged packets on VST
            - fix io_eq_size and event_eq_size params validation on big endian
            - fix RoCE setting at HCA level if not supported at all
            - don't turn CQE compression on by default for IPoIB
      
         - eth: ena:
            - fix toeplitz initial hash key value
            - account for the number of XDP-processed bytes in interface stats
            - fix rx_copybreak value update
      
        Misc:
      
         - ethtool: harden phy stat handling against buggy drivers
      
         - docs: netdev: convert maintainer's doc from FAQ to a normal
           document"
      
      * tag 'net-6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net: (112 commits)
        caif: fix memory leak in cfctrl_linkup_request()
        inet: control sockets should not use current thread task_frag
        net/ulp: prevent ULP without clone op from entering the LISTEN status
        qed: allow sleep in qed_mcp_trace_dump()
        MAINTAINERS: Update maintainers for ptp_vmw driver
        usb: rndis_host: Secure rndis_query check against int overflow
        net: dpaa: Fix dtsec check for PCS availability
        octeontx2-pf: Fix lmtst ID used in aura free
        drivers/net/bonding/bond_3ad: return when there's no aggregator
        netfilter: ipset: Rework long task execution when adding/deleting entries
        netfilter: ipset: fix hash:net,port,net hang with /0 subnet
        net: sparx5: Fix reading of the MAC address
        vxlan: Fix memory leaks in error path
        net: sched: htb: fix htb_classify() kernel-doc
        net: sched: cbq: dont intepret cls results when asked to drop
        net: sched: atm: dont intepret cls results when asked to drop
        dt-bindings: net: marvell,orion-mdio: Fix examples
        dt-bindings: net: sun8i-emac: Add phy-supply property
        net: ipa: use proper endpoint mask for suspend
        selftests: net: return non-zero for failures reported in arp_ndisc_evict_nocarrier
        ...
      50011c32
    • Ben Dooks's avatar
      riscv: uaccess: fix type of 0 variable on error in get_user() · b9b916ae
      Ben Dooks authored
      If the get_user(x, ptr) has x as a pointer, then the setting
      of (x) = 0 is going to produce the following sparse warning,
      so fix this by forcing the type of 'x' when access_ok() fails.
      
      fs/aio.c:2073:21: warning: Using plain integer as NULL pointer
      Signed-off-by: default avatarBen Dooks <ben-linux@fluff.org>
      Reviewed-by: default avatarPalmer Dabbelt <palmer@rivosinc.com>
      Link: https://lore.kernel.org/r/20221229170545.718264-1-ben-linux@fluff.org
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarPalmer Dabbelt <palmer@rivosinc.com>
      b9b916ae
    • Björn Töpel's avatar
      riscv, kprobes: Stricter c.jr/c.jalr decoding · b2d473a6
      Björn Töpel authored
      In the compressed instruction extension, c.jr, c.jalr, c.mv, and c.add
      is encoded the following way (each instruction is 16b):
      
      ---+-+-----------+-----------+--
      100 0 rs1[4:0]!=0       00000 10 : c.jr
      100 1 rs1[4:0]!=0       00000 10 : c.jalr
      100 0  rd[4:0]!=0 rs2[4:0]!=0 10 : c.mv
      100 1  rd[4:0]!=0 rs2[4:0]!=0 10 : c.add
      
      The following logic is used to decode c.jr and c.jalr:
      
        insn & 0xf007 == 0x8002 => instruction is an c.jr
        insn & 0xf007 == 0x9002 => instruction is an c.jalr
      
      When 0xf007 is used to mask the instruction, c.mv can be incorrectly
      decoded as c.jr, and c.add as c.jalr.
      
      Correct the decoding by changing the mask from 0xf007 to 0xf07f.
      
      Fixes: c22b0bcb ("riscv: Add kprobes supported")
      Signed-off-by: default avatarBjörn Töpel <bjorn@rivosinc.com>
      Reviewed-by: default avatarConor Dooley <conor.dooley@microchip.com>
      Reviewed-by: default avatarGuo Ren <guoren@kernel.org>
      Link: https://lore.kernel.org/r/20230102160748.1307289-1-bjorn@kernel.org
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarPalmer Dabbelt <palmer@rivosinc.com>
      b2d473a6
    • Linus Torvalds's avatar
      Merge tag 'gpio-fixes-for-v6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux · aa01a183
      Linus Torvalds authored
      Pull gpio fixes from Bartosz Golaszewski:
       "A reference leak fix, two fixes for using uninitialized variables and
        more drivers converted to using immutable irqchips:
      
         - fix a reference leak in gpio-sifive
      
         - fix a potential use of an uninitialized variable in core gpiolib
      
         - fix a potential use of an uninitialized variable in gpio-pca953x
      
         - make GPIO irqchips immutable in gpio-pmic-eic-sprd, gpio-eic-sprd
           and gpio-sprd"
      
      * tag 'gpio-fixes-for-v6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/brgl/linux:
        gpio: sifive: Fix refcount leak in sifive_gpio_probe
        gpio: sprd: Make the irqchip immutable
        gpio: pmic-eic-sprd: Make the irqchip immutable
        gpio: eic-sprd: Make the irqchip immutable
        gpio: pca953x: avoid to use uninitialized value pinctrl
        gpiolib: Fix using uninitialized lookup-flags on ACPI platforms
      aa01a183
    • Linus Torvalds's avatar
      Merge tag 'fbdev-for-6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev · 5e9af4b4
      Linus Torvalds authored
      Pull fbdev fixes from Helge Deller:
      
       - Fix Matrox G200eW initialization failure
      
       - Fix build failure of offb driver when built as module
      
       - Optimize stack usage in omapfb
      
      * tag 'fbdev-for-6.2-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev:
        fbdev: omapfb: avoid stack overflow warning
        fbdev: matroxfb: G200eW: Increase max memory from 1 MB to 16 MB
        fbdev: atyfb: use strscpy() to instead of strncpy()
        fbdev: omapfb: use strscpy() to instead of strncpy()
        fbdev: make offb driver tristate
      5e9af4b4
    • Arnd Bergmann's avatar
      fbdev: omapfb: avoid stack overflow warning · 634cf6ea
      Arnd Bergmann authored
      The dsi_irq_stats structure is a little too big to fit on the
      stack of a 32-bit task, depending on the specific gcc options:
      
      fbdev/omap2/omapfb/dss/dsi.c: In function 'dsi_dump_dsidev_irqs':
      fbdev/omap2/omapfb/dss/dsi.c:1621:1: error: the frame size of 1064 bytes is larger than 1024 bytes [-Werror=frame-larger-than=]
      
      Since this is only a debugfs file, performance is not critical,
      so just dynamically allocate it, and print an error message
      in there in place of a failure code when the allocation fails.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarHelge Deller <deller@gmx.de>
      634cf6ea
    • Zhengchao Shao's avatar
      caif: fix memory leak in cfctrl_linkup_request() · fe69230f
      Zhengchao Shao authored
      When linktype is unknown or kzalloc failed in cfctrl_linkup_request(),
      pkt is not released. Add release process to error path.
      
      Fixes: b482cd20 ("net-caif: add CAIF core protocol stack")
      Fixes: 8d545c8f ("caif: Disconnect without waiting for response")
      Signed-off-by: default avatarZhengchao Shao <shaozhengchao@huawei.com>
      Reviewed-by: default avatarJiri Pirko <jiri@nvidia.com>
      Link: https://lore.kernel.org/r/20230104065146.1153009-1-shaozhengchao@huawei.comSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      fe69230f
    • Eric Dumazet's avatar
      inet: control sockets should not use current thread task_frag · 1ac88557
      Eric Dumazet authored
      Because ICMP handlers run from softirq contexts,
      they must not use current thread task_frag.
      
      Previously, all sockets allocated by inet_ctl_sock_create()
      would use the per-socket page fragment, with no chance of
      recursion.
      
      Fixes: 98123866 ("Treewide: Stop corrupting socket's task_frag")
      Reported-by: syzbot+bebc6f1acdf4cbb79b03@syzkaller.appspotmail.com
      Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
      Cc: Benjamin Coddington <bcodding@redhat.com>
      Acked-by: default avatarGuillaume Nault <gnault@redhat.com>
      Link: https://lore.kernel.org/r/20230103192736.454149-1-edumazet@google.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      1ac88557
    • Paolo Abeni's avatar
      net/ulp: prevent ULP without clone op from entering the LISTEN status · 2c02d41d
      Paolo Abeni authored
      When an ULP-enabled socket enters the LISTEN status, the listener ULP data
      pointer is copied inside the child/accepted sockets by sk_clone_lock().
      
      The relevant ULP can take care of de-duplicating the context pointer via
      the clone() operation, but only MPTCP and SMC implement such op.
      
      Other ULPs may end-up with a double-free at socket disposal time.
      
      We can't simply clear the ULP data at clone time, as TLS replaces the
      socket ops with custom ones assuming a valid TLS ULP context is
      available.
      
      Instead completely prevent clone-less ULP sockets from entering the
      LISTEN status.
      
      Fixes: 734942cc ("tcp: ULP infrastructure")
      Reported-by: default avatarslipper <slipper.alive@gmail.com>
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      Link: https://lore.kernel.org/r/4b80c3d1dbe3d0ab072f80450c202d9bc88b4b03.1672740602.git.pabeni@redhat.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      2c02d41d
    • Caleb Sander's avatar
      qed: allow sleep in qed_mcp_trace_dump() · 5401c3e0
      Caleb Sander authored
      By default, qed_mcp_cmd_and_union() delays 10us at a time in a loop
      that can run 500K times, so calls to qed_mcp_nvm_rd_cmd()
      may block the current thread for over 5s.
      We observed thread scheduling delays over 700ms in production,
      with stacktraces pointing to this code as the culprit.
      
      qed_mcp_trace_dump() is called from ethtool, so sleeping is permitted.
      It already can sleep in qed_mcp_halt(), which calls qed_mcp_cmd().
      Add a "can sleep" parameter to qed_find_nvram_image() and
      qed_nvram_read() so they can sleep during qed_mcp_trace_dump().
      qed_mcp_trace_get_meta_info() and qed_mcp_trace_read_meta(),
      called only by qed_mcp_trace_dump(), allow these functions to sleep.
      I can't tell if the other caller (qed_grc_dump_mcp_hw_dump()) can sleep,
      so keep b_can_sleep set to false when it calls these functions.
      
      An example stacktrace from a custom warning we added to the kernel
      showing a thread that has not scheduled despite long needing resched:
      [ 2745.362925,17] ------------[ cut here ]------------
      [ 2745.362941,17] WARNING: CPU: 23 PID: 5640 at arch/x86/kernel/irq.c:233 do_IRQ+0x15e/0x1a0()
      [ 2745.362946,17] Thread not rescheduled for 744 ms after irq 99
      [ 2745.362956,17] Modules linked in: ...
      [ 2745.363339,17] CPU: 23 PID: 5640 Comm: lldpd Tainted: P           O    4.4.182+ #202104120910+6d1da174272d.61x
      [ 2745.363343,17] Hardware name: FOXCONN MercuryB/Quicksilver Controller, BIOS H11P1N09 07/08/2020
      [ 2745.363346,17]  0000000000000000 ffff885ec07c3ed8 ffffffff8131eb2f ffff885ec07c3f20
      [ 2745.363358,17]  ffffffff81d14f64 ffff885ec07c3f10 ffffffff81072ac2 ffff88be98ed0000
      [ 2745.363369,17]  0000000000000063 0000000000000174 0000000000000074 0000000000000000
      [ 2745.363379,17] Call Trace:
      [ 2745.363382,17]  <IRQ>  [<ffffffff8131eb2f>] dump_stack+0x8e/0xcf
      [ 2745.363393,17]  [<ffffffff81072ac2>] warn_slowpath_common+0x82/0xc0
      [ 2745.363398,17]  [<ffffffff81072b4c>] warn_slowpath_fmt+0x4c/0x50
      [ 2745.363404,17]  [<ffffffff810d5a8e>] ? rcu_irq_exit+0xae/0xc0
      [ 2745.363408,17]  [<ffffffff817c99fe>] do_IRQ+0x15e/0x1a0
      [ 2745.363413,17]  [<ffffffff817c7ac9>] common_interrupt+0x89/0x89
      [ 2745.363416,17]  <EOI>  [<ffffffff8132aa74>] ? delay_tsc+0x24/0x50
      [ 2745.363425,17]  [<ffffffff8132aa04>] __udelay+0x34/0x40
      [ 2745.363457,17]  [<ffffffffa04d45ff>] qed_mcp_cmd_and_union+0x36f/0x7d0 [qed]
      [ 2745.363473,17]  [<ffffffffa04d5ced>] qed_mcp_nvm_rd_cmd+0x4d/0x90 [qed]
      [ 2745.363490,17]  [<ffffffffa04e1dc7>] qed_mcp_trace_dump+0x4a7/0x630 [qed]
      [ 2745.363504,17]  [<ffffffffa04e2556>] ? qed_fw_asserts_dump+0x1d6/0x1f0 [qed]
      [ 2745.363520,17]  [<ffffffffa04e4ea7>] qed_dbg_mcp_trace_get_dump_buf_size+0x37/0x80 [qed]
      [ 2745.363536,17]  [<ffffffffa04ea881>] qed_dbg_feature_size+0x61/0xa0 [qed]
      [ 2745.363551,17]  [<ffffffffa04eb427>] qed_dbg_all_data_size+0x247/0x260 [qed]
      [ 2745.363560,17]  [<ffffffffa0482c10>] qede_get_regs_len+0x30/0x40 [qede]
      [ 2745.363566,17]  [<ffffffff816c9783>] ethtool_get_drvinfo+0xe3/0x190
      [ 2745.363570,17]  [<ffffffff816cc152>] dev_ethtool+0x1362/0x2140
      [ 2745.363575,17]  [<ffffffff8109bcc6>] ? finish_task_switch+0x76/0x260
      [ 2745.363580,17]  [<ffffffff817c2116>] ? __schedule+0x3c6/0x9d0
      [ 2745.363585,17]  [<ffffffff810dbd50>] ? hrtimer_start_range_ns+0x1d0/0x370
      [ 2745.363589,17]  [<ffffffff816c1e5b>] ? dev_get_by_name_rcu+0x6b/0x90
      [ 2745.363594,17]  [<ffffffff816de6a8>] dev_ioctl+0xe8/0x710
      [ 2745.363599,17]  [<ffffffff816a58a8>] sock_do_ioctl+0x48/0x60
      [ 2745.363603,17]  [<ffffffff816a5d87>] sock_ioctl+0x1c7/0x280
      [ 2745.363608,17]  [<ffffffff8111f393>] ? seccomp_phase1+0x83/0x220
      [ 2745.363612,17]  [<ffffffff811e3503>] do_vfs_ioctl+0x2b3/0x4e0
      [ 2745.363616,17]  [<ffffffff811e3771>] SyS_ioctl+0x41/0x70
      [ 2745.363619,17]  [<ffffffff817c6ffe>] entry_SYSCALL_64_fastpath+0x1e/0x79
      [ 2745.363622,17] ---[ end trace f6954aa440266421 ]---
      
      Fixes: c965db44 ("qed: Add support for debug data collection")
      Signed-off-by: default avatarCaleb Sander <csander@purestorage.com>
      Acked-by: default avatarAlok Prasad <palok@marvell.com>
      Link: https://lore.kernel.org/r/20230103233021.1457646-1-csander@purestorage.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      5401c3e0
    • Jakub Kicinski's avatar
      Merge tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf · 49d9601b
      Jakub Kicinski authored
      Alexei Starovoitov says:
      
      ====================
      bpf 2023-01-04
      
      We've added 5 non-merge commits during the last 8 day(s) which contain
      a total of 5 files changed, 112 insertions(+), 18 deletions(-).
      
      The main changes are:
      
      1) Always use maximal size for copy_array in the verifier to fix
         KASAN tracking, from Kees.
      
      2) Fix bpf task iterator walking through dead tasks, from Kui-Feng.
      
      3) Make sure livepatch and bpf fexit can coexist, from Chuang.
      
      * tag 'for-netdev' of https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf:
        bpf: Always use maximal size for copy_array()
        selftests/bpf: add a test for iter/task_vma for short-lived processes
        bpf: keep a reference to the mm, in case the task is dead.
        selftests/bpf: Temporarily disable part of btf_dump:var_data test.
        bpf: Fix panic due to wrong pageattr of im->image
      ====================
      
      Link: https://lore.kernel.org/r/20230104215500.79435-1-alexei.starovoitov@gmail.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      49d9601b
    • Linus Torvalds's avatar
      Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost · 41c03ba9
      Linus Torvalds authored
      Pull virtio updates from Michael Tsirkin:
       "Mostly fixes all over the place, a couple of cleanups"
      
      * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost: (32 commits)
        virtio_blk: Fix signedness bug in virtblk_prep_rq()
        vdpa_sim_net: should not drop the multicast/broadcast packet
        vdpasim: fix memory leak when freeing IOTLBs
        vdpa: conditionally fill max max queue pair for stats
        vdpa/vp_vdpa: fix kfree a wrong pointer in vp_vdpa_remove
        vduse: Validate vq_num in vduse_validate_config()
        tools/virtio: remove smp_read_barrier_depends()
        tools/virtio: remove stray characters
        vhost_vdpa: fix the crash in unmap a large memory
        virtio: Implementing attribute show with sysfs_emit
        virtio-crypto: fix memory leak in virtio_crypto_alg_skcipher_close_session()
        tools/virtio: Variable type completion
        vdpa_sim: fix vringh initialization in vdpasim_queue_ready()
        virtio_blk: use UINT_MAX instead of -1U
        vhost-vdpa: fix an iotlb memory leak
        vhost: fix range used in translate_desc()
        vringh: fix range used in iotlb_translate()
        vhost/vsock: Fix error handling in vhost_vsock_init()
        vdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init()
        tools: Delete the unneeded semicolon after curly braces
        ...
      41c03ba9
  3. 04 Jan, 2023 11 commits
  4. 03 Jan, 2023 11 commits
    • Thomas Richter's avatar
      perf lock contention: Fix core dump related to not finding the "__sched_text_end" symbol on s/390 · d8d85ce8
      Thomas Richter authored
      The test case perf lock contention dumps core on s390. Run the following
      commands:
      
        # ./perf lock record -- ./perf bench sched messaging
        # Running 'sched/messaging' benchmark:
        # 20 sender and receiver processes per group
        # 10 groups == 400 processes run
      
            Total time: 2.799 [sec]
        [ perf record: Woken up 1 times to write data ]
        [ perf record: Captured and wrote 0.073 MB perf.data (100 samples) ]
        #
        # ./perf lock contention
        Segmentation fault (core dumped)
        #
      
      The function call stack is lengthy, here are the top 5 functions:
      
        # gdb ./perf core.24048
        GNU gdb (GDB) Fedora Linux 12.1-6.fc37
        Core was generated by `./perf lock contention'.
        Program terminated with signal SIGSEGV, Segmentation fault.
        #0  0x00000000011dd25c in machine__is_lock_function (machine=0x3029e28, addr=1789230) at util/machine.c:3356
               3356 machine->sched.text_end = kmap->unmap_ip(kmap, sym->start);
      
       (gdb) where
        #0  0x00000000011dd25c in machine__is_lock_function (machine=0x3029e28, addr=1789230) at util/machine.c:3356
        #1  0x000000000109f244 in callchain_id (evsel=0x30313e0, sample=0x3ffea4f77d0) at builtin-lock.c:957
        #2  0x000000000109e094 in get_key_by_aggr_mode (key=0x3ffea4f7290, addr=27758136, evsel=0x30313e0, sample=0x3ffea4f77d0) at builtin-lock.c:586
        #3  0x000000000109f4d0 in report_lock_contention_begin_event (evsel=0x30313e0, sample=0x3ffea4f77d0) at builtin-lock.c:1004
        #4  0x00000000010a00ae in evsel__process_contention_begin (evsel=0x30313e0, sample=0x3ffea4f77d0) at builtin-lock.c:1254
        #5  0x00000000010a0e14 in process_sample_event (tool=0x3ffea4f8480, event=0x3ff85601ef8, sample=0x3ffea4f77d0, evsel=0x30313e0, machine=0x3029e28) at builtin-lock.c:1464
        .....
      
      The issue is in function machine__is_lock_function() in file
      ./util/machine.c lines 3355:
      
         /* should not fail from here */
         sym = machine__find_kernel_symbol_by_name(machine, "__sched_text_end", &kmap);
         machine->sched.text_end = kmap->unmap_ip(kmap, sym->start)
      
      On s390 the symbol __sched_text_end is *NOT* in the symbol list and the
      resulting pointer sym is set to NULL. The sym->start is then a NULL pointer
      access and generates the core dump.
      
      The reason why __sched_text_end is not in the symbol list on s390 is
      simple:
      
      When the symbol list is created at perf start up with function calls
      
        dso__load
        +--> dso__load_vmlinux_path
             +--> dso__load_vmlinux
                  +--> dso__load_sym
      	         +--> dso__load_sym_internal (reads kernel symbols)
      		 +--> symbols__fixup_end
      		 +--> symbols__fixup_duplicate
      
      The issue is in function symbols__fixup_duplicate(). It deletes all
      symbols with have the same address. On s390:
      
        # nm -g  ~/linux/vmlinux| fgrep c68390
        0000000000c68390 T __cpuidle_text_start
        0000000000c68390 T __sched_text_end
        #
      
      two symbols have identical addresses and __sched_text_end is considered
      duplicate (in ascending sort order) and removed from the symbol list.
      Therefore it is missing and an invalid pointer reference occurs.  The
      code checks for symbol __sched_text_start and when it exists assumes
      symbol __sched_text_end is also in the symbol table. However this is not
      the case on s390.
      
      Same situation exists for symbol __lock_text_start:
      
      0000000000c68770 T __cpuidle_text_end
      0000000000c68770 T __lock_text_start
      
      This symbol is also removed from the symbol table but used in function
      machine__is_lock_function().
      
      To fix this and keep duplicate symbols in the symbol table, set
      symbol_conf.allow_aliases to true. This prevents the removal of
      duplicate symbols in function symbols__fixup_duplicate().
      
      Output After:
      
       # ./perf lock contention
       contended total wait  max wait  avg wait    type   caller
      
              48   124.39 ms 123.99 ms   2.59 ms rwsem:W unlink_anon_vmas+0x24a
              47    83.68 ms  83.26 ms   1.78 ms rwsem:W free_pgtables+0x132
               5    41.22 us  10.55 us   8.24 us rwsem:W free_pgtables+0x140
               4    40.12 us  20.55 us  10.03 us rwsem:W copy_process+0x1ac8
       #
      
      Fixes: 0d2997f7 ("perf lock: Look up callchain for the contended locks")
      Signed-off-by: default avatarThomas Richter <tmricht@linux.ibm.com>
      Acked-by: default avatarNamhyung Kim <namhyung@kernel.org>
      Cc: Heiko Carstens <hca@linux.ibm.com>
      Cc: Sumanth Korikkar <sumanthk@linux.ibm.com>
      Cc: Sven Schnelle <svens@linux.ibm.com>
      Cc: Vasily Gorbik <gor@linux.ibm.com>
      Link: https://lore.kernel.org/r/20221230102627.2410847-1-tmricht@linux.ibm.comSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      d8d85ce8
    • Ian Rogers's avatar
      perf build: Don't propagate subdir to submakes for install_headers · f89fb557
      Ian Rogers authored
      subdir is added to the OUTPUT which fails as part of building
      install_headers when passed from "make -C tools perf_install".
      
      Committer testing:
      
      The original reporter (see the Link: below) had trouble with this:
      
      $ make -C tools perf_install
      
      That ended up with errors like this:
      
        /var/home/acme/git/perf-urgent/tools/scripts/Makefile.include:17: *** output directory "/var/home/acme/git/perf-urgent/tools/perf/libperf/perf/" does not exist.  Stop.
      
      With this patch applied we now get it installed at:
      
        INSTALL /var/home/acme/git/perf-urgent/tools/perf/libperf/include/perf/bpf_perf.h
      
      As expected:
      
        $ ls -la /var/home/acme/git/perf-urgent/tools/perf/libperf/include/perf/bpf_perf.h
        -rw-r--r--. 1 acme acme 1146 Jan  3 15:42 /var/home/acme/git/perf-urgent/tools/perf/libperf/include/perf/bpf_perf.h
      
      And if we clean tools with:
      
        $ make -C tools clean
      
      it gets cleaned up:
      
        $ ls -la /var/home/acme/git/perf-urgent/tools/perf/libperf/include/perf/bpf_perf.h
        ls: cannot access '/var/home/acme/git/perf-urgent/tools/perf/libperf/include/perf/bpf_perf.h': No such file or directory
        $
      
      Fixes: 746bd29e ("perf build: Use tools/lib headers from install path")
      Reported-by: default avatarTorsten Hilbrich <torsten.hilbrich@secunet.com>
      Signed-off-by: default avatarIan Rogers <irogers@google.com>
      Tested-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: Jiri Olsa <jolsa@kernel.org>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Link: https://lore.kernel.org/r/fa4b3115-d555-3d7f-54d1-018002e99350@secunet.comSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      f89fb557
    • Chris Wilson's avatar
      perf/x86/rapl: Treat Tigerlake like Icelake · c07311b5
      Chris Wilson authored
      Since Tigerlake seems to have inherited its cstates and other RAPL power
      caps from Icelake, assume it also follows Icelake for its RAPL events.
      Signed-off-by: default avatarChris Wilson <chris@chris-wilson.co.uk>
      Signed-off-by: default avatarRodrigo Vivi <rodrigo.vivi@intel.com>
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Stephane Eranian <eranian@google.com>
      Cc: Zhang Rui <rui.zhang@intel.com>
      Link: https://lore.kernel.org/r/20221228113454.1199118-1-rodrigo.vivi@intel.com
      c07311b5
    • Jason A. Donenfeld's avatar
      x86/insn: Avoid namespace clash by separating instruction decoder MMIO type from MMIO trace type · 72bb8f8c
      Jason A. Donenfeld authored
      Both <linux/mmiotrace.h> and <asm/insn-eval.h> define various MMIO_ enum constants,
      whose namespace overlaps.
      
      Rename the <asm/insn-eval.h> ones to have a INSN_ prefix, so that the headers can be
      used from the same source file.
      Signed-off-by: default avatarJason A. Donenfeld <Jason@zx2c4.com>
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      Link: https://lore.kernel.org/r/20230101162910.710293-2-Jason@zx2c4.com
      72bb8f8c
    • Jaegeuk Kim's avatar
      f2fs: let's avoid panic if extent_tree is not created · df9d44b6
      Jaegeuk Kim authored
      This patch avoids the below panic.
      
      pc : __lookup_extent_tree+0xd8/0x760
      lr : f2fs_do_write_data_page+0x104/0x87c
      sp : ffffffc010cbb3c0
      x29: ffffffc010cbb3e0 x28: 0000000000000000
      x27: ffffff8803e7f020 x26: ffffff8803e7ed40
      x25: ffffff8803e7f020 x24: ffffffc010cbb460
      x23: ffffffc010cbb480 x22: 0000000000000000
      x21: 0000000000000000 x20: ffffffff22e90900
      x19: 0000000000000000 x18: ffffffc010c5d080
      x17: 0000000000000000 x16: 0000000000000020
      x15: ffffffdb1acdbb88 x14: ffffff888759e2b0
      x13: 0000000000000000 x12: ffffff802da49000
      x11: 000000000a001200 x10: ffffff8803e7ed40
      x9 : ffffff8023195800 x8 : ffffff802da49078
      x7 : 0000000000000001 x6 : 0000000000000000
      x5 : 0000000000000006 x4 : ffffffc010cbba28
      x3 : 0000000000000000 x2 : ffffffc010cbb480
      x1 : 0000000000000000 x0 : ffffff8803e7ed40
      Call trace:
       __lookup_extent_tree+0xd8/0x760
       f2fs_do_write_data_page+0x104/0x87c
       f2fs_write_single_data_page+0x420/0xb60
       f2fs_write_cache_pages+0x418/0xb1c
       __f2fs_write_data_pages+0x428/0x58c
       f2fs_write_data_pages+0x30/0x40
       do_writepages+0x88/0x190
       __writeback_single_inode+0x48/0x448
       writeback_sb_inodes+0x468/0x9e8
       __writeback_inodes_wb+0xb8/0x2a4
       wb_writeback+0x33c/0x740
       wb_do_writeback+0x2b4/0x400
       wb_workfn+0xe4/0x34c
       process_one_work+0x24c/0x5bc
       worker_thread+0x3e8/0xa50
       kthread+0x150/0x1b4
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      df9d44b6
    • Jaegeuk Kim's avatar
      f2fs: should use a temp extent_info for lookup · 22a341b4
      Jaegeuk Kim authored
      Otherwise, __lookup_extent_tree() will override the given extent_info which will
      be used by caller.
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      22a341b4
    • Jaegeuk Kim's avatar
      f2fs: don't mix to use union values in extent_info · ed272476
      Jaegeuk Kim authored
      Let's explicitly use the defined values in block_age case only.
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      ed272476
    • Jaegeuk Kim's avatar
      f2fs: initialize extent_cache parameter · fe59109a
      Jaegeuk Kim authored
      This can avoid confusing tracepoint values.
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      fe59109a
    • Chao Yu's avatar
      f2fs: fix to avoid NULL pointer dereference in f2fs_issue_flush() · b3d83066
      Chao Yu authored
      With below two cases, it will cause NULL pointer dereference when
      accessing SM_I(sbi)->fcc_info in f2fs_issue_flush().
      
      a) If kthread_run() fails in f2fs_create_flush_cmd_control(), it will
      release SM_I(sbi)->fcc_info,
      
      - mount -o noflush_merge /dev/vda /mnt/f2fs
      - mount -o remount,flush_merge /dev/vda /mnt/f2fs  -- kthread_run() fails
      - dd if=/dev/zero of=/mnt/f2fs/file bs=4k count=1 conv=fsync
      
      b) we will never allocate memory for SM_I(sbi)->fcc_info w/ below
      testcase,
      
      - mount -o ro /dev/vda /mnt/f2fs
      - mount -o rw,remount /dev/vda /mnt/f2fs
      - dd if=/dev/zero of=/mnt/f2fs/file bs=4k count=1 conv=fsync
      
      In order to fix this issue, let change as below:
      - fix error path handling in f2fs_create_flush_cmd_control().
      - allocate SM_I(sbi)->fcc_info even if readonly is on.
      Signed-off-by: default avatarChao Yu <chao@kernel.org>
      Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
      b3d83066
    • Mikulas Patocka's avatar
      x86/asm: Fix an assembler warning with current binutils · 55d23536
      Mikulas Patocka authored
      Fix a warning: "found `movsd'; assuming `movsl' was meant"
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      Cc: linux-kernel@vger.kernel.org
      55d23536
    • Qu Wenruo's avatar
      btrfs: fix compat_ro checks against remount · 2ba48b20
      Qu Wenruo authored
      [BUG]
      Even with commit 81d5d614 ("btrfs: enhance unsupported compat RO
      flags handling"), btrfs can still mount a fs with unsupported compat_ro
      flags read-only, then remount it RW:
      
        # btrfs ins dump-super /dev/loop0 | grep compat_ro_flags -A 3
        compat_ro_flags		0x403
      			( FREE_SPACE_TREE |
      			  FREE_SPACE_TREE_VALID |
      			  unknown flag: 0x400 )
      
        # mount /dev/loop0 /mnt/btrfs
        mount: /mnt/btrfs: wrong fs type, bad option, bad superblock on /dev/loop0, missing codepage or helper program, or other error.
               dmesg(1) may have more information after failed mount system call.
        ^^^ RW mount failed as expected ^^^
      
        # dmesg -t | tail -n5
        loop0: detected capacity change from 0 to 1048576
        BTRFS: device fsid cb5b82f5-0fdd-4d81-9b4b-78533c324afa devid 1 transid 7 /dev/loop0 scanned by mount (1146)
        BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
        BTRFS info (device loop0): using free space tree
        BTRFS error (device loop0): cannot mount read-write because of unknown compat_ro features (0x403)
        BTRFS error (device loop0): open_ctree failed
      
        # mount /dev/loop0 -o ro /mnt/btrfs
        # mount -o remount,rw /mnt/btrfs
        ^^^ RW remount succeeded unexpectedly ^^^
      
      [CAUSE]
      Currently we use btrfs_check_features() to check compat_ro flags against
      our current mount flags.
      
      That function get reused between open_ctree() and btrfs_remount().
      
      But for btrfs_remount(), the super block we passed in still has the old
      mount flags, thus btrfs_check_features() still believes we're mounting
      read-only.
      
      [FIX]
      Replace the existing @sb argument with @is_rw_mount.
      
      As originally we only use @sb to determine if the mount is RW.
      
      Now it's callers' responsibility to determine if the mount is RW, and
      since there are only two callers, the check is pretty simple:
      
      - caller in open_ctree()
        Just pass !sb_rdonly().
      
      - caller in btrfs_remount()
        Pass !(*flags & SB_RDONLY), as our check should be against the new
        flags.
      
      Now we can correctly reject the RW remount:
      
        # mount /dev/loop0 -o ro /mnt/btrfs
        # mount -o remount,rw /mnt/btrfs
        mount: /mnt/btrfs: mount point not mounted or bad option.
               dmesg(1) may have more information after failed mount system call.
        # dmesg -t | tail -n 1
        BTRFS error (device loop0: state M): cannot mount read-write because of unknown compat_ro features (0x403)
      Reported-by: default avatarChung-Chiang Cheng <shepjeng@gmail.com>
      Fixes: 81d5d614 ("btrfs: enhance unsupported compat RO flags handling")
      CC: stable@vger.kernel.org # 5.15+
      Reviewed-by: default avatarAnand Jain <anand.jain@oracle.com>
      Signed-off-by: default avatarQu Wenruo <wqu@suse.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      2ba48b20