1. 04 Sep, 2020 3 commits
    • Linus Torvalds's avatar
      Merge branch 'gate-page-refcount' (patches from Dave Hansen) · 8381979d
      Linus Torvalds authored
      Merge gate page refcount fix from Dave Hansen:
       "During the conversion over to pin_user_pages(), gate pages were missed.
      
        The fix is pretty simple, and is accompanied by a new test from Andy
        which probably would have caught this earlier"
      
      * emailed patches from Dave Hansen <dave.hansen@linux.intel.com>:
        selftests/x86/test_vsyscall: Improve the process_vm_readv() test
        mm: fix pin vs. gup mismatch with gate pages
      8381979d
    • Andy Lutomirski's avatar
      selftests/x86/test_vsyscall: Improve the process_vm_readv() test · 8891adc6
      Andy Lutomirski authored
      The existing code accepted process_vm_readv() success or failure as long
      as it didn't return garbage.  This is too weak: if the vsyscall page is
      readable, then process_vm_readv() should succeed and, if the page is not
      readable, then it should fail.
      Signed-off-by: default avatarAndy Lutomirski <luto@kernel.org>
      Signed-off-by: default avatarDave Hansen <dave.hansen@linux.intel.com>
      Cc: x86@kernel.org
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Jann Horn <jannh@google.com>
      Cc: John Hubbard <jhubbard@nvidia.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      8891adc6
    • Dave Hansen's avatar
      mm: fix pin vs. gup mismatch with gate pages · 9fa2dd94
      Dave Hansen authored
      Gate pages were missed when converting from get to pin_user_pages().
      This can lead to refcount imbalances.  This is reliably and quickly
      reproducible running the x86 selftests when vsyscall=emulate is enabled
      (the default).  Fix by using try_grab_page() with appropriate flags
      passed.
      
      The long story:
      
      Today, pin_user_pages() and get_user_pages() are similar interfaces for
      manipulating page reference counts.  However, "pins" use a "bias" value
      and manipulate the actual reference count by 1024 instead of 1 used by
      plain "gets".
      
      That means that pin_user_pages() must be matched with unpin_user_pages()
      and can't be mixed with a plain put_user_pages() or put_page().
      
      Enter gate pages, like the vsyscall page.  They are pages usually in the
      kernel image, but which are mapped to userspace.  Userspace is allowed
      access to them, including interfaces using get/pin_user_pages().  The
      refcount of these kernel pages is manipulated just like a normal user
      page on the get/pin side so that the put/unpin side can work the same
      for normal user pages or gate pages.
      
      get_gate_page() uses try_get_page() which only bumps the refcount by
      1, not 1024, even if called in the pin_user_pages() path.  If someone
      pins a gate page, this happens:
      
      	pin_user_pages()
      		get_gate_page()
      			try_get_page() // bump refcount +1
      	... some time later
      	unpin_user_pages()
      		page_ref_sub_and_test(page, 1024))
      
      ... and boom, we get a refcount off by 1023.  This is reliably and
      quickly reproducible running the x86 selftests when booted with
      vsyscall=emulate (the default).  The selftests use ptrace(), but I
      suspect anything using pin_user_pages() on gate pages could hit this.
      
      To fix it, simply use try_grab_page() instead of try_get_page(), and
      pass 'gup_flags' in so that FOLL_PIN can be respected.
      
      This bug traces back to the very beginning of the FOLL_PIN support in
      commit 3faa52c0 ("mm/gup: track FOLL_PIN pages"), which showed up in
      the 5.7 release.
      Signed-off-by: default avatarDave Hansen <dave.hansen@linux.intel.com>
      Fixes: 3faa52c0 ("mm/gup: track FOLL_PIN pages")
      Reported-by: default avatarPeter Zijlstra <peterz@infradead.org>
      Reviewed-by: default avatarJohn Hubbard <jhubbard@nvidia.com>
      Acked-by: default avatarAndy Lutomirski <luto@kernel.org>
      Cc: x86@kernel.org
      Cc: Jann Horn <jannh@google.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      9fa2dd94
  2. 03 Sep, 2020 3 commits
  3. 02 Sep, 2020 10 commits
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid · fc3abb53
      Linus Torvalds authored
      Pull HID fixes from Jiri Kosina:
      
       - data sanitization and validtion fixes for report descriptor parser
         from Marc Zyngier
      
       - memory leak fix for hid-elan driver from Dinghao Liu
      
       - two device-specific quirks
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid:
        HID: core: Sanitize event code and type when mapping input
        HID: core: Correctly handle ReportSize being zero
        HID: elan: Fix memleak in elan_input_configured
        HID: microsoft: Add rumble support for the 8bitdo SN30 Pro+ controller
        HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for all Saitek X52 devices
      fc3abb53
    • Linus Torvalds's avatar
      Merge tag 'for-5.9/dm-fixes' of... · c3a13095
      Linus Torvalds authored
      Merge tag 'for-5.9/dm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm
      
      Pull device mapper fixes from Mike Snitzer:
      
       - writecache fix to allow dax_direct_access() to partitioned pmem
         devices.
      
       - multipath fix to avoid any Path Group initialization if
         'pg_init_in_progress' isn't set.
      
       - crypt fix to use DECLARE_CRYPTO_WAIT() for onstack wait structures.
      
       - integrity fix to properly check integrity after device creation when
         in bitmap mode.
      
       - thinp and cache target __create_persistent_data_objects() fixes to
         reset the metadata's dm_block_manager pointer from PTR_ERR to NULL
         before returning from error path.
      
       - persistent-data block manager fix to guard against dm_block_manager
         NULL pointer dereference in dm_bm_is_read_only() and update various
         opencoded bm->read_only checks to use dm_bm_is_read_only() instead.
      
      * tag 'for-5.9/dm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
        dm thin metadata: Fix use-after-free in dm_bm_set_read_only
        dm thin metadata:  Avoid returning cmd->bm wild pointer on error
        dm cache metadata: Avoid returning cmd->bm wild pointer on error
        dm integrity: fix error reporting in bitmap mode after creation
        dm crypt: Initialize crypto wait structures
        dm mpath: fix racey management of PG initialization
        dm writecache: handle DAX to partitions on persistent memory correctly
      c3a13095
    • Linus Torvalds's avatar
      Merge tag 'xfs-5.9-fixes-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux · e1d0126c
      Linus Torvalds authored
      Pull xfs fixes from Darrick Wong:
       "Various small corruption fixes that have come in during the past
        month:
      
         - Avoid a log recovery failure for an insert range operation by
           rolling deferred ops incrementally instead of at the end.
      
         - Fix an off-by-one error when calculating log space reservations for
           anything involving an inode allocation or free.
      
         - Fix a broken shortform xattr verifier.
      
         - Ensure that the shortform xattr header padding is always
           initialized to zero"
      
      * tag 'xfs-5.9-fixes-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
        xfs: initialize the shortform attr header padding entry
        xfs: fix boundary test in xfs_attr_shortform_verify
        xfs: fix off-by-one in inode alloc block reservation calculation
        xfs: finish dfops on every insert range shift iteration
      e1d0126c
    • Linus Torvalds's avatar
      Merge branch 'work.epoll' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · 54e54d58
      Linus Torvalds authored
      Pull epoll fixup from Al Viro:
       "Fixup for epoll regression; there's a better solution longer term, but
        this is the least intrusive fix"
      
      * 'work.epoll' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        fix regression in "epoll: Keep a reference on files added to the check list"
      54e54d58
    • Ye Bin's avatar
      dm thin metadata: Fix use-after-free in dm_bm_set_read_only · 3a653b20
      Ye Bin authored
      The following error ocurred when testing disk online/offline:
      
      [  301.798344] device-mapper: thin: 253:5: aborting current metadata transaction
      [  301.848441] device-mapper: thin: 253:5: failed to abort metadata transaction
      [  301.849206] Aborting journal on device dm-26-8.
      [  301.850489] EXT4-fs error (device dm-26) in __ext4_new_inode:943: Journal has aborted
      [  301.851095] EXT4-fs (dm-26): Delayed block allocation failed for inode 398742 at logical offset 181 with max blocks 19 with error 30
      [  301.854476] BUG: KASAN: use-after-free in dm_bm_set_read_only+0x3a/0x40 [dm_persistent_data]
      
      Reason is:
      
       metadata_operation_failed
          abort_transaction
              dm_pool_abort_metadata
      	    __create_persistent_data_objects
      	        r = __open_or_format_metadata
      	        if (r) --> If failed will free pmd->bm but pmd->bm not set NULL
      		    dm_block_manager_destroy(pmd->bm);
          set_pool_mode
      	dm_pool_metadata_read_only(pool->pmd);
      	dm_bm_set_read_only(pmd->bm);  --> use-after-free
      
      Add checks to see if pmd->bm is NULL in dm_bm_set_read_only and
      dm_bm_set_read_write functions.  If bm is NULL it means creating the
      bm failed and so dm_bm_is_read_only must return true.
      Signed-off-by: default avatarYe Bin <yebin10@huawei.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      3a653b20
    • Ye Bin's avatar
      dm thin metadata: Avoid returning cmd->bm wild pointer on error · 219403d7
      Ye Bin authored
      Maybe __create_persistent_data_objects() caller will use PTR_ERR as a
      pointer, it will lead to some strange things.
      Signed-off-by: default avatarYe Bin <yebin10@huawei.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      219403d7
    • Ye Bin's avatar
      dm cache metadata: Avoid returning cmd->bm wild pointer on error · d16ff19e
      Ye Bin authored
      Maybe __create_persistent_data_objects() caller will use PTR_ERR as a
      pointer, it will lead to some strange things.
      Signed-off-by: default avatarYe Bin <yebin10@huawei.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      d16ff19e
    • Al Viro's avatar
      fix regression in "epoll: Keep a reference on files added to the check list" · 77f4689d
      Al Viro authored
      epoll_loop_check_proc() can run into a file already committed to destruction;
      we can't grab a reference on those and don't need to add them to the set for
      reverse path check anyway.
      Tested-by: default avatarMarc Zyngier <maz@kernel.org>
      Fixes: a9ed4a65 ("epoll: Keep a reference on files added to the check list")
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      77f4689d
    • Linus Torvalds's avatar
      Merge tag 'perf-tools-fixes-for-v5.9-2020-09-01' of... · 9c7d619b
      Linus Torvalds authored
      Merge tag 'perf-tools-fixes-for-v5.9-2020-09-01' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux
      
      Pull perf tools fixes from Arnaldo Carvalho de Melo:
      
       - Fix infinite loop in the TUI for grouped events in 'perf top/record',
         eg when using "perf top -e '{cycles,instructions,cache-misses}'".
      
       - Fix segfault by skipping side-band event setup if HAVE_LIBBPF_SUPPORT
         is not set.
      
       - Fix synthesized branch stacks generated from CoreSight ETM trace and
         Intel PT hardware traces.
      
       - Fix error when synthesizing events from ARM SPE hardware trace.
      
       - The SNOOPX and REMOTE offsets in the data_src bitmask in perf records
         were were both 37, SNOOPX is 38, fix it.
      
       - Fix use of CPU list with summary option in 'perf sched timehist'.
      
       - Avoid an uninitialized read when using fake PMUs.
      
       - Set perf_event_attr.exclude_guest=1 for user-space counting.
      
       - Don't order events when doing a 'perf report -D' raw dump of
         perf.data records.
      
       - Set NULL sentinel in pmu_events table in "Parse and process metrics"
         'perf test'
      
       - Fix basic bpf filtering 'perf test' on s390x.
      
       - Fix out of bounds array access in the 'perf stat' print_counters()
         evlist method.
      
       - Add mwait_idle_with_hints.constprop.0 to the list of idle symbols.
      
       - Use %zd for size_t printf formats on 32-bit.
      
       - Correct the help info of "perf record --no-bpf-event" option.
      
       - Add entries for CoreSight and Arm SPE tooling to MAINTAINERS.
      
      * tag 'perf-tools-fixes-for-v5.9-2020-09-01' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux:
        perf report: Disable ordered_events for raw dump
        perf tools: Correct SNOOPX field offset
        perf intel-pt: Fix corrupt data after perf inject from
        perf cs-etm: Fix corrupt data after perf inject from
        perf top/report: Fix infinite loop in the TUI for grouped events
        perf parse-events: Avoid an uninitialized read when using fake PMUs
        perf stat: Fix out of bounds array access in the print_counters() evlist method
        perf test: Set NULL sentinel in pmu_events table in "Parse and process metrics" test
        perf parse-events: Set exclude_guest=1 for user-space counting
        perf record: Correct the help info of option "--no-bpf-event"
        perf tools: Use %zd for size_t printf formats on 32-bit
        MAINTAINERS: Add entries for CoreSight and Arm SPE tooling
        perf: arm-spe: Fix check error when synthesizing events
        perf symbols: Add mwait_idle_with_hints.constprop.0 to the list of idle symbols
        perf top: Skip side-band event setup if HAVE_LIBBPF_SUPPORT is not set
        perf sched timehist: Fix use of CPU list with summary option
        perf test: Fix basic bpf filtering test
      9c7d619b
    • Linus Torvalds's avatar
      Merge tag 'for-5.9-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux · dcdfd9cc
      Linus Torvalds authored
      Pull btrfs fixes from David Sterba:
       "Two small fixes and a bunch of lockdep fixes for warnings that show up
        with an upcoming tree locking update but are valid with current locks
        as well"
      
      * tag 'for-5.9-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
        btrfs: tree-checker: fix the error message for transid error
        btrfs: set the lockdep class for log tree extent buffers
        btrfs: set the correct lockdep class for new nodes
        btrfs: allocate scrub workqueues outside of locks
        btrfs: fix potential deadlock in the search ioctl
        btrfs: drop path before adding new uuid tree entry
        btrfs: block-group: fix free-space bitmap threshold
      dcdfd9cc
  4. 01 Sep, 2020 20 commits
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · b765a32a
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "Three minor fixes, all in drivers"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: scsi_debug: Remove superfluous close zone in resp_open_zone()
        scsi: libcxgbi: Fix a use after free in cxgbi_conn_xmit_pdu()
        scsi: qedf: Fix null ptr reference in qedf_stag_change_work
      b765a32a
    • Mikulas Patocka's avatar
      dm integrity: fix error reporting in bitmap mode after creation · e27fec66
      Mikulas Patocka authored
      The dm-integrity target did not report errors in bitmap mode just after
      creation. The reason is that the function integrity_recalc didn't clean up
      ic->recalc_bitmap as it proceeded with recalculation.
      
      Fix this by updating the bitmap accordingly -- the double shift serves
      to rounddown.
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Fixes: 468dfca3 ("dm integrity: add a bitmap mode")
      Cc: stable@vger.kernel.org # v5.2+
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      e27fec66
    • Damien Le Moal's avatar
      dm crypt: Initialize crypto wait structures · 7785a9e4
      Damien Le Moal authored
      Use the DECLARE_CRYPTO_WAIT() macro to properly initialize the crypto
      wait structures declared on stack before their use with
      crypto_wait_req().
      
      Fixes: 39d13a1a ("dm crypt: reuse eboiv skcipher for IV generation")
      Fixes: bbb16584 ("dm crypt: Implement Elephant diffuser for Bitlocker compatibility")
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarDamien Le Moal <damien.lemoal@wdc.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      7785a9e4
    • Mike Snitzer's avatar
      dm mpath: fix racey management of PG initialization · c322ee93
      Mike Snitzer authored
      Commit 935fcc56 ("dm mpath: only flush workqueue when needed")
      changed flush_multipath_work() to avoid needless workqueue
      flushing (of a multipath global workqueue). But that change didn't
      realize the surrounding flush_multipath_work() code should also only
      run if 'pg_init_in_progress' is set.
      
      Fix this by only doing all of flush_multipath_work()'s PG init related
      work if 'pg_init_in_progress' is set.
      
      Otherwise multipath_wait_for_pg_init_completion() will run
      unconditionally but the preceeding flush_workqueue(kmpath_handlerd)
      may not. This could lead to deadlock (though only if kmpath_handlerd
      never runs a corresponding work to decrement 'pg_init_in_progress').
      
      It could also be, though highly unlikely, that the kmpath_handlerd
      work that does PG init completes before 'pg_init_in_progress' is set,
      and then an intervening DM table reload's multipath_postsuspend()
      triggers flush_multipath_work().
      
      Fixes: 935fcc56 ("dm mpath: only flush workqueue when needed")
      Cc: stable@vger.kernel.org
      Reported-by: default avatarBen Marzinski <bmarzins@redhat.com>
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      c322ee93
    • Mikulas Patocka's avatar
      dm writecache: handle DAX to partitions on persistent memory correctly · f9e040ef
      Mikulas Patocka authored
      The function dax_direct_access doesn't take partitions into account,
      it always maps pages from the beginning of the device. Therefore,
      persistent_memory_claim() must get the partition offset using
      get_start_sect() and add it to the page offsets passed to
      dax_direct_access().
      Signed-off-by: default avatarMikulas Patocka <mpatocka@redhat.com>
      Fixes: 48debafe ("dm: add writecache target")
      Cc: stable@vger.kernel.org # 4.18+
      Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
      f9e040ef
    • Randy Dunlap's avatar
      ia64: fix min_low_pfn/max_low_pfn build errors · 5f7b81c1
      Randy Dunlap authored
      Fix min_low_pfn/max_low_pfn build errors for arch/ia64/: (e.g.)
      
       ERROR: "max_low_pfn" [drivers/rpmsg/virtio_rpmsg_bus.ko] undefined!
       ERROR: "min_low_pfn" [drivers/rpmsg/virtio_rpmsg_bus.ko] undefined!
       ERROR: "min_low_pfn" [drivers/hwtracing/intel_th/intel_th_msu.ko] undefined!
       ERROR: "max_low_pfn" [drivers/hwtracing/intel_th/intel_th_msu.ko] undefined!
       ERROR: "min_low_pfn" [drivers/crypto/cavium/nitrox/n5pf.ko] undefined!
       ERROR: "max_low_pfn" [drivers/crypto/cavium/nitrox/n5pf.ko] undefined!
       ERROR: "max_low_pfn" [drivers/md/dm-integrity.ko] undefined!
       ERROR: "min_low_pfn" [drivers/md/dm-integrity.ko] undefined!
       ERROR: "max_low_pfn" [crypto/tcrypt.ko] undefined!
       ERROR: "min_low_pfn" [crypto/tcrypt.ko] undefined!
       ERROR: "min_low_pfn" [security/keys/encrypted-keys/encrypted-keys.ko] undefined!
       ERROR: "max_low_pfn" [security/keys/encrypted-keys/encrypted-keys.ko] undefined!
       ERROR: "min_low_pfn" [arch/ia64/kernel/mca_recovery.ko] undefined!
       ERROR: "max_low_pfn" [arch/ia64/kernel/mca_recovery.ko] undefined!
      
      David suggested just exporting min_low_pfn & max_low_pfn in
      mm/memblock.c:
      https://lore.kernel.org/lkml/alpine.DEB.2.22.394.2006291911220.1118534@chino.kir.corp.google.com/Reported-by: default avatarkernel test robot <lkp@intel.com>
      Signed-off-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Acked-by: default avatarDavid Rientjes <rientjes@google.com>
      Acked-by: default avatarTony Luck <tony.luck@intel.com>
      Cc: linux-mm@kvack.org
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: David Rientjes <rientjes@google.com>
      Cc: Mike Rapoport <rppt@linux.ibm.com>
      Cc: Tony Luck <tony.luck@intel.com>
      Cc: Fenghua Yu <fenghua.yu@intel.com>
      Cc: linux-ia64@vger.kernel.org
      Signed-off-by: default avatarMike Rapoport <rppt@linux.ibm.com>
      5f7b81c1
    • Jiri Olsa's avatar
      perf report: Disable ordered_events for raw dump · 977f739b
      Jiri Olsa authored
      Disable ordered_events for report raw dump, because for raw dump we want
      to see events as they are stored in the perf.data file, not sorted by
      time.
      Signed-off-by: default avatarJiri Olsa <jolsa@kernel.org>
      Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
      Cc: Ian Rogers <irogers@google.com>
      Cc: Michael Petlan <mpetlan@redhat.com>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Link: http://lore.kernel.org/lkml/20200827134830.126721-1-jolsa@kernel.orgSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      977f739b
    • Al Grant's avatar
      perf tools: Correct SNOOPX field offset · 39c0a53b
      Al Grant authored
      perf_event.h has macros that define the field offsets in the data_src
      bitmask in perf records. The SNOOPX and REMOTE offsets were both 37.
      
      These are distinct fields, and the bitfield layout in perf_mem_data_src
      confirms that SNOOPX should be at offset 38.
      
      Committer notes:
      
      This was extracted from a larger patch that also contained kernel
      changes.
      
      Fixes: 52839e65 ("perf tools: Add support for printing new mem_info encodings")
      Signed-off-by: default avatarAl Grant <al.grant@arm.com>
      Reviewed-by: default avatarAndi Kleen <ak@linux.intel.com>
      Cc: Adrian Hunter <adrian.hunter@intel.com>
      Cc: Ian Rogers <irogers@google.com>
      Cc: Jiri Olsa <jolsa@kernel.org>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Link: http://lore.kernel.org/lkml/9974f2d0-bf7f-518e-d9f7-4520e5ff1bb0@foss.arm.comSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      39c0a53b
    • Al Grant's avatar
      perf intel-pt: Fix corrupt data after perf inject from · a347306f
      Al Grant authored
      Commit 42bbabed ("perf tools: Add hw_idx in struct branch_stack")
      changed the format of branch stacks in perf samples. When samples use
      this new format, a flag must be set in the corresponding event.
      
      Synthesized branch stacks generated from Intel PT were using the new
      format, but not setting the event attribute, leading to consumers
      seeing corrupt data. This patch fixes the issue by setting the event
      attribute to indicate use of the new format.
      
      Fixes: 42bbabed ("perf tools: Add hw_idx in struct branch_stack")
      Signed-off-by: default avatarAl Grant <al.grant@arm.com>
      Acked-by: default avatarAdrian Hunter <adrian.hunter@intel.com>
      Reviewed-by: default avatarMathieu Poirier <mathieu.poirier@linaro.org>
      Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
      Cc: Andi Kleen <ak@linux.intel.com>
      Cc: Jiri Olsa <jolsa@redhat.com>
      Cc: Kan Liang <kan.liang@linux.intel.com>
      Cc: Leo Yan <leo.yan@linaro.org>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Mike Leach <mike.leach@linaro.org>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Suzuki Poulouse <suzuki.poulose@arm.com>
      Cc: linux-arm-kernel@lists.infradead.org
      Link: http://lore.kernel.org/lkml/20200819084751.17686-2-leo.yan@linaro.orgSigned-off-by: default avatarLeo Yan <leo.yan@linaro.org>
      Signed-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      a347306f
    • Al Grant's avatar
      perf cs-etm: Fix corrupt data after perf inject from · f5f8e7e5
      Al Grant authored
      Commit 42bbabed ("perf tools: Add hw_idx in struct branch_stack")
      changed the format of branch stacks in perf samples. When samples use
      this new format, a flag must be set in the corresponding event.
      
      Synthesized branch stacks generated from CoreSight ETM trace were using
      the new format, but not setting the event attribute, leading to
      consumers seeing corrupt data. This patch fixes the issue by setting the
      event attribute to indicate use of the new format.
      
      Fixes: 42bbabed ("perf tools: Add hw_idx in struct branch_stack")
      Signed-off-by: default avatarAl Grant <al.grant@arm.com>
      Reviewed-by: default avatarAndrea Brunato <andrea.brunato@arm.com>
      Cc: Adrian Hunter <adrian.hunter@intel.com>
      Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
      Cc: Andi Kleen <ak@linux.intel.com>
      Cc: Jiri Olsa <jolsa@redhat.com>
      Cc: Kan Liang <kan.liang@linux.intel.com>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Mathieu Poirier <mathieu.poirier@linaro.org>
      Cc: Mike Leach <mike.leach@linaro.org>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Suzuki Poulouse <suzuki.poulose@arm.com>
      Cc: linux-arm-kernel@lists.infradead.org
      Signed-off-by: default avatarLeo Yan <leo.yan@linaro.org>
      Link: http://lore.kernel.org/lkml/20200819084751.17686-1-leo.yan@linaro.orgSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      f5f8e7e5
    • Arnaldo Carvalho de Melo's avatar
      perf top/report: Fix infinite loop in the TUI for grouped events · d4ccbacb
      Arnaldo Carvalho de Melo authored
      For a while we need to have a dummy event for doing things like
      receiving PERF_RECORD_COMM, PERF_RECORD_EXEC, etc for threads being
      created and dying while we synthesize the pre-existing ones at tool
      start.
      
      This 'dummy' event is needed for keeping track of thread lifetime events
      early in the session but are uninteresting otherwise, i.e. no need to
      have it in a initial events menu for the non-grouped case, i.e. for:
      
       # perf top -e cycles,instructions
      
      or even for plain:
      
       # perf top
      
      When 'cycles' and that 'dummy' event are in place.
      
      The code to remove that 'dummy' event ended up creating an endless loop
      for the grouped case, i.e.:
      
       # perf top -e '{cycles,instructions}'
      
      Fix it.
      
      Fixes: bee9ca1c ("perf report TUI: Remove needless 'dummy' event from menu")
      Cc: Adrian Hunter <adrian.hunter@intel.com>
      Cc: Ian Rogers <irogers@google.com>
      Cc: Jiri Olsa <jolsa@kernel.org>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Signed-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      d4ccbacb
    • Ian Rogers's avatar
      perf parse-events: Avoid an uninitialized read when using fake PMUs · 33321a06
      Ian Rogers authored
      With a fake_pmu the pmu_info isn't populated by perf_pmu__check_alias.
      In this case, don't try to copy the uninitialized values to the evsel.
      Signed-off-by: default avatarIan Rogers <irogers@google.com>
      Acked-by: default avatarJiri Olsa <jolsa@redhat.com>
      Cc: Adrian Hunter <adrian.hunter@intel.com>
      Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
      Cc: Andi Kleen <ak@linux.intel.com>
      Cc: Jin Yao <yao.jin@linux.intel.com>
      Cc: Kajol Jain <kjain@linux.ibm.com>
      Cc: Kan Liang <kan.liang@linux.intel.com>
      Cc: Leo Yan <leo.yan@linaro.org>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Stephane Eranian <eranian@google.com>
      Link: http://lore.kernel.org/lkml/20200826042910.1902374-2-irogers@google.comSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      33321a06
    • Thomas Richter's avatar
      perf stat: Fix out of bounds array access in the print_counters() evlist method · 313146a8
      Thomas Richter authored
      Fix a compile error on F32 and gcc version 10.1 on s390 in file
      utils/stat-display.c.  The error does not show up with make DEBUG=y.  In
      fact the issue shows up when using both compiler options -O6 and
      -D_FORTIFY_SOURCE=2 (which are omitted with DEBUG=Y).
      
      This is the offending call chain:
      
      print_counter_aggr()
        printout(config, -1, 0, ...)  with 2nd parm id set to -1
          aggr_printout(config, x, id --> -1, ...) which leads to this code:
      		case AGGR_NONE:
                      if (evsel->percore && !config->percore_show_thread) {
                              ....
                      } else {
                              fprintf(config->output, "CPU%*d%s",
                                      config->csv_output ? 0 : -7,
                                      evsel__cpus(evsel)->map[id],
      				                        ^^ id is -1 !!!!
                                      config->csv_sep);
                      }
      
      This is a compiler inlining issue which is detected on s390 but not on
      other plattforms.
      
      Output before:
      
       # make util/stat-display.o
          .....
      
        util/stat-display.c: In function ‘perf_evlist__print_counters’:
        util/stat-display.c:121:4: error: array subscript -1 is below array
            bounds of ‘int[]’ [-Werror=array-bounds]
        121 |    fprintf(config->output, "CPU%*d%s",
            |    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        122 |     config->csv_output ? 0 : -7,
            |     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        123 |     evsel__cpus(evsel)->map[id],
            |     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        124 |     config->csv_sep);
            |     ~~~~~~~~~~~~~~~~
        In file included from util/evsel.h:13,
                       from util/evlist.h:13,
                       from util/stat-display.c:9:
        /root/linux/tools/lib/perf/include/internal/cpumap.h:10:7:
        note: while referencing ‘map’
         10 |  int  map[];
            |       ^~~
        cc1: all warnings being treated as errors
        mv: cannot stat 'util/.stat-display.o.tmp': No such file or directory
        make[3]: *** [/root/linux/tools/build/Makefile.build:97: util/stat-display.o]
        Error 1
        make[2]: *** [Makefile.perf:716: util/stat-display.o] Error 2
        make[1]: *** [Makefile.perf:231: sub-make] Error 2
        make: *** [Makefile:110: util/stat-display.o] Error 2
        [root@t35lp46 perf]#
      
      Output after:
      
        # make util/stat-display.o
          .....
        CC       util/stat-display.o
        [root@t35lp46 perf]#
      
      Committer notes:
      
      Removed the removal of {} enclosing the multiline else block, as pointed
      out by Jiri Olsa.
      Suggested-by: default avatarJiri Olsa <jolsa@redhat.com>
      Signed-off-by: default avatarThomas Richter <tmricht@linux.ibm.com>
      Acked-by: default avatarJiri Olsa <jolsa@redhat.com>
      Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
      Cc: Sumanth Korikkar <sumanthk@linux.ibm.com>
      Cc: Sven Schnelle <svens@linux.ibm.com>
      Cc: Vasily Gorbik <gor@linux.ibm.com>
      Link: http://lore.kernel.org/lkml/20200825063304.77733-1-tmricht@linux.ibm.comSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      313146a8
    • Thomas Richter's avatar
      perf test: Set NULL sentinel in pmu_events table in "Parse and process metrics" test · 492d4d87
      Thomas Richter authored
      Linux 5.9 introduced perf test case "Parse and process metrics" and
      on s390 this test case always dumps core:
      
        [root@t35lp67 perf]# ./perf test -vvvv -F 67
        67: Parse and process metrics                             :
        --- start ---
        metric expr inst_retired.any / cpu_clk_unhalted.thread for IPC
        parsing metric: inst_retired.any / cpu_clk_unhalted.thread
        Segmentation fault (core dumped)
        [root@t35lp67 perf]#
      
      I debugged this core dump and gdb shows this call chain:
      
        (gdb) where
         #0  0x000003ffabc3192a in __strnlen_c_1 () from /lib64/libc.so.6
         #1  0x000003ffabc293de in strcasestr () from /lib64/libc.so.6
         #2  0x0000000001102ba2 in match_metric(list=0x1e6ea20 "inst_retired.any",
                  n=<optimized out>)
             at util/metricgroup.c:368
         #3  find_metric (map=<optimized out>, map=<optimized out>,
                 metric=0x1e6ea20 "inst_retired.any")
            at util/metricgroup.c:765
         #4  __resolve_metric (ids=0x0, map=<optimized out>, metric_list=0x0,
                 metric_no_group=<optimized out>, m=<optimized out>)
            at util/metricgroup.c:844
         #5  resolve_metric (ids=0x0, map=0x0, metric_list=0x0,
                metric_no_group=<optimized out>)
            at util/metricgroup.c:881
         #6  metricgroup__add_metric (metric=<optimized out>,
              metric_no_group=metric_no_group@entry=false, events=<optimized out>,
              events@entry=0x3ffd84fb878, metric_list=0x0,
              metric_list@entry=0x3ffd84fb868, map=0x0)
            at util/metricgroup.c:943
         #7  0x00000000011034ae in metricgroup__add_metric_list (map=0x13f9828 <map>,
              metric_list=0x3ffd84fb868, events=0x3ffd84fb878,
              metric_no_group=<optimized out>, list=<optimized out>)
            at util/metricgroup.c:988
         #8  parse_groups (perf_evlist=perf_evlist@entry=0x1e70260,
                str=str@entry=0x12f34b2 "IPC", metric_no_group=<optimized out>,
                metric_no_merge=<optimized out>,
                fake_pmu=fake_pmu@entry=0x1462f18 <perf_pmu.fake>,
                metric_events=0x3ffd84fba58, map=0x1)
            at util/metricgroup.c:1040
         #9  0x0000000001103eb2 in metricgroup__parse_groups_test(
        	evlist=evlist@entry=0x1e70260, map=map@entry=0x13f9828 <map>,
        	str=str@entry=0x12f34b2 "IPC",
        	metric_no_group=metric_no_group@entry=false,
        	metric_no_merge=metric_no_merge@entry=false,
        	metric_events=0x3ffd84fba58)
            at util/metricgroup.c:1082
         #10 0x00000000010c84d8 in __compute_metric (ratio2=0x0, name2=0x0,
                ratio1=<synthetic pointer>, name1=0x12f34b2 "IPC",
        	vals=0x3ffd84fbad8, name=0x12f34b2 "IPC")
            at tests/parse-metric.c:159
         #11 compute_metric (ratio=<synthetic pointer>, vals=0x3ffd84fbad8,
        	name=0x12f34b2 "IPC")
            at tests/parse-metric.c:189
         #12 test_ipc () at tests/parse-metric.c:208
      .....
      ..... omitted many more lines
      
      This test case was added with
      commit 218ca91d ("perf tests: Add parse metric test for frontend metric").
      
      When I compile with make DEBUG=y it works fine and I do not get a core dump.
      
      It turned out that the above listed function call chain worked on a struct
      pmu_event array which requires a trailing element with zeroes which was
      missing. The marco map_for_each_event() loops over that array tests for members
      metric_expr/metric_name/metric_group being non-NULL. Adding this element fixes
      the issue.
      
      Output after:
      
        [root@t35lp46 perf]# ./perf test 67
        67: Parse and process metrics                             : Ok
        [root@t35lp46 perf]#
      
      Committer notes:
      
      As Ian remarks, this is not s390 specific:
      
      <quote Ian>
        This also shows up with address sanitizer on all architectures
        (perhaps change the patch title) and perhaps add a "Fixes: <commit>"
        tag.
      
        =================================================================
        ==4718==ERROR: AddressSanitizer: global-buffer-overflow on address
        0x55c93b4d59e8 at pc 0x55c93a1541e2 bp 0x7ffd24327c60 sp
        0x7ffd24327c58
        READ of size 8 at 0x55c93b4d59e8 thread T0
            #0 0x55c93a1541e1 in find_metric tools/perf/util/metricgroup.c:764:2
            #1 0x55c93a153e6c in __resolve_metric tools/perf/util/metricgroup.c:844:9
            #2 0x55c93a152f18 in resolve_metric tools/perf/util/metricgroup.c:881:9
            #3 0x55c93a1528db in metricgroup__add_metric
        tools/perf/util/metricgroup.c:943:9
            #4 0x55c93a151996 in metricgroup__add_metric_list
        tools/perf/util/metricgroup.c:988:9
            #5 0x55c93a1511b9 in parse_groups tools/perf/util/metricgroup.c:1040:8
            #6 0x55c93a1513e1 in metricgroup__parse_groups_test
        tools/perf/util/metricgroup.c:1082:9
            #7 0x55c93a0108ae in __compute_metric tools/perf/tests/parse-metric.c:159:8
            #8 0x55c93a010744 in compute_metric tools/perf/tests/parse-metric.c:189:9
            #9 0x55c93a00f5ee in test_ipc tools/perf/tests/parse-metric.c:208:2
            #10 0x55c93a00f1e8 in test__parse_metric
        tools/perf/tests/parse-metric.c:345:2
            #11 0x55c939fd7202 in run_test tools/perf/tests/builtin-test.c:410:9
            #12 0x55c939fd6736 in test_and_print tools/perf/tests/builtin-test.c:440:9
            #13 0x55c939fd58c3 in __cmd_test tools/perf/tests/builtin-test.c:661:4
            #14 0x55c939fd4e02 in cmd_test tools/perf/tests/builtin-test.c:807:9
            #15 0x55c939e4763d in run_builtin tools/perf/perf.c:313:11
            #16 0x55c939e46475 in handle_internal_command tools/perf/perf.c:365:8
            #17 0x55c939e4737e in run_argv tools/perf/perf.c:409:2
            #18 0x55c939e45f7e in main tools/perf/perf.c:539:3
      
        0x55c93b4d59e8 is located 0 bytes to the right of global variable
        'pme_test' defined in 'tools/perf/tests/parse-metric.c:17:25'
        (0x55c93b4d54a0) of size 1352
        SUMMARY: AddressSanitizer: global-buffer-overflow
        tools/perf/util/metricgroup.c:764:2 in find_metric
        Shadow bytes around the buggy address:
          0x0ab9a7692ae0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
          0x0ab9a7692af0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
          0x0ab9a7692b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
          0x0ab9a7692b10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
          0x0ab9a7692b20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        =>0x0ab9a7692b30: 00 00 00 00 00 00 00 00 00 00 00 00 00[f9]f9 f9
          0x0ab9a7692b40: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
          0x0ab9a7692b50: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
          0x0ab9a7692b60: f9 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
          0x0ab9a7692b70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
          0x0ab9a7692b80: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
        Shadow byte legend (one shadow byte represents 8 application bytes):
          Addressable:           00
          Partially addressable: 01 02 03 04 05 06 07
          Heap left redzone:	   fa
          Freed heap region:	   fd
          Stack left redzone:	   f1
          Stack mid redzone:	   f2
          Stack right redzone:     f3
          Stack after return:	   f5
          Stack use after scope:   f8
          Global redzone:          f9
          Global init order:	   f6
          Poisoned by user:        f7
          Container overflow:	   fc
          Array cookie:            ac
          Intra object redzone:    bb
          ASan internal:           fe
          Left alloca redzone:     ca
          Right alloca redzone:    cb
          Shadow gap:              cc
      </quote>
      
      I'm also adding the missing "Fixes" tag and setting just .name to NULL,
      as doing it that way is more compact (the compiler will zero out
      everything else) and the table iterators look for .name being NULL as
      the sentinel marking the end of the table.
      
      Fixes: 0a507af9 ("perf tests: Add parse metric test for ipc metric")
      Signed-off-by: default avatarThomas Richter <tmricht@linux.ibm.com>
      Reviewed-by: default avatarSumanth Korikkar <sumanthk@linux.ibm.com>
      Acked-by: default avatarIan Rogers <irogers@google.com>
      Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
      Cc: Jiri Olsa <jolsa@kernel.org>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Sven Schnelle <svens@linux.ibm.com>
      Cc: Vasily Gorbik <gor@linux.ibm.com>
      Link: http://lore.kernel.org/lkml/20200825071211.16959-1-tmricht@linux.ibm.comSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      492d4d87
    • Jin Yao's avatar
      perf parse-events: Set exclude_guest=1 for user-space counting · 943b69ac
      Jin Yao authored
      Currently if we run 'perf record -e cycles:u', exclude_guest=0.
      
      But it doesn't make sense in most cases that we request for
      user-space counting but we also get the guest report.
      
      Of course, we also need to consider 'perf kvm' usage case that
      authorized perf users on the host may only want to count guest user
      space events. For example,
      
        # perf kvm --guest record -e cycles:u
      
      When we have 'exclude_guest=1' for 'perf kvm' usage, we may get nothing
      from guest events.
      
      To keep perf semantics consistent and clear, this patch sets
      exclude_guest=1 for user-space counting but except for 'perf kvm' usage.
      
      Before:
      
        perf record -e cycles:u ./div
        perf evlist -v
        cycles:u: ..., exclude_kernel: 1, exclude_hv: 1, ...
      
      After:
        perf record -e cycles:u ./div
        perf evlist -v
        cycles:u: ..., exclude_kernel: 1, exclude_hv: 1,  exclude_guest: 1, ...
      
      Before:
        perf kvm --guest record -e cycles:u -vvv
      
      perf_event_attr:
      
        size                             120
        { sample_period, sample_freq }   4000
        sample_type                      IP|TID|TIME|ID|CPU|PERIOD
        read_format                      ID
        disabled                         1
        inherit                          1
        exclude_kernel                   1
        exclude_hv                       1
        freq                             1
        sample_id_all                    1
      
      After:
      
        perf kvm --guest record -e cycles:u -vvv
      
      perf_event_attr:
        size                             120
        { sample_period, sample_freq }   4000
        sample_type                      IP|TID|TIME|ID|CPU|PERIOD
        read_format                      ID
        disabled                         1
        inherit                          1
        exclude_kernel                   1
        exclude_hv                       1
        freq                             1
        sample_id_all                    1
      
      For Before/After, exclude_guest are both 0 for perf kvm usage.
      
      perf test 6
      
       6: Parse event definition strings             : Ok
      Signed-off-by: default avatarJin Yao <yao.jin@linux.intel.com>
      Tested-by: default avatarLike Xu <like.xu@linux.intel.com>
      Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
      Cc: Andi Kleen <ak@linux.intel.com>
      Cc: Jin Yao <yao.jin@intel.com>
      Cc: Jiri Olsa <jolsa@kernel.org>
      Cc: Kan Liang <kan.liang@linux.intel.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Link: http://lore.kernel.org/lkml/20200814012120.16647-1-yao.jin@linux.intel.comSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      943b69ac
    • Wei Li's avatar
      perf record: Correct the help info of option "--no-bpf-event" · a060c1f1
      Wei Li authored
      The help info of option "--no-bpf-event" is wrongly described as "record
      bpf events", correct it.
      
      Committer testing:
      
        $ perf record -h bpf
      
         Usage: perf record [<options>] [<command>]
            or: perf record [<options>] -- <command> [<options>]
      
                --clang-opt <clang options>
                                  options passed to clang when compiling BPF scriptlets
                --clang-path <clang path>
                                  clang binary to use for compiling BPF scriptlets
                --no-bpf-event    do not record bpf events
      
        $
      
      Fixes: 71184c6a ("perf record: Replace option --bpf-event with --no-bpf-event")
      Signed-off-by: default avatarWei Li <liwei391@huawei.com>
      Acked-by: default avatarSong Liu <songliubraving@fb.com>
      Tested-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
      Cc: Hanjun Guo <guohanjun@huawei.com>
      Cc: Jiri Olsa <jolsa@redhat.com>
      Cc: Li Bin <huawei.libin@huawei.com>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Link: http://lore.kernel.org/lkml/20200819031947.12115-1-liwei391@huawei.comSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      a060c1f1
    • Chris Wilson's avatar
      perf tools: Use %zd for size_t printf formats on 32-bit · 20befbb1
      Chris Wilson authored
      A couple of trivial fixes for using %zd for size_t in the code
      supporting the ZSTD compression library.
      Signed-off-by: default avatarChris Wilson <chris@chris-wilson.co.uk>
      Acked-by: default avatarJiri Olsa <jolsa@redhat.com>
      Cc: Adrian Hunter <adrian.hunter@intel.com>
      Cc: Alexey Budankov <alexey.budankov@linux.intel.com>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Link: http://lore.kernel.org/lkml/20200820212501.24421-1-chris@chris-wilson.co.ukSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      20befbb1
    • Marc Zyngier's avatar
      HID: core: Sanitize event code and type when mapping input · 35556bed
      Marc Zyngier authored
      When calling into hid_map_usage(), the passed event code is
      blindly stored as is, even if it doesn't fit in the associated bitmap.
      
      This event code can come from a variety of sources, including devices
      masquerading as input devices, only a bit more "programmable".
      
      Instead of taking the event code at face value, check that it actually
      fits the corresponding bitmap, and if it doesn't:
      - spit out a warning so that we know which device is acting up
      - NULLify the bitmap pointer so that we catch unexpected uses
      
      Code paths that can make use of untrusted inputs can now check
      that the mapping was indeed correct and bail out if not.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarMarc Zyngier <maz@kernel.org>
      Signed-off-by: default avatarBenjamin Tissoires <benjamin.tissoires@gmail.com>
      35556bed
    • Marc Zyngier's avatar
      HID: core: Correctly handle ReportSize being zero · bce1305c
      Marc Zyngier authored
      It appears that a ReportSize value of zero is legal, even if a bit
      non-sensical. Most of the HID code seems to handle that gracefully,
      except when computing the total size in bytes. When fed as input to
      memset, this leads to some funky outcomes.
      
      Detect the corner case and correctly compute the size.
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarMarc Zyngier <maz@kernel.org>
      Signed-off-by: default avatarBenjamin Tissoires <benjamin.tissoires@gmail.com>
      bce1305c
    • Dinghao Liu's avatar
      HID: elan: Fix memleak in elan_input_configured · b7429ea5
      Dinghao Liu authored
      When input_mt_init_slots() fails, input should be freed
      to prevent memleak. When input_register_device() fails,
      we should call input_mt_destroy_slots() to free memory
      allocated by input_mt_init_slots().
      Signed-off-by: default avatarDinghao Liu <dinghao.liu@zju.edu.cn>
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      b7429ea5
  5. 31 Aug, 2020 4 commits
    • Linus Torvalds's avatar
      Merge tag 'docs-5.9-3' of git://git.lwn.net/linux · b51594df
      Linus Torvalds authored
      Pull documentation fixes from Jonathan Corbet:
       "A handful of documentation fixes for 5.9"
      
      * tag 'docs-5.9-3' of git://git.lwn.net/linux:
        Documentation: laptops: thinkpad-acpi: fix underline length build warning
        Documentation: fix typo for abituguru documentation
        docs: Fix function name trailing double-()s
        devices.txt: fix typo of "ubd" as "udb"
        Documentation: add riscv entry in list of existing profiles
        MAINTAINERS: mention documentation maintainer entry profile
        Fpga: Documentation: Replace deprecated :c:func: Usage
        IIO: Documentation: Replace deprecated :c:func: Usage
        Documentation/locking/locktypes: fix local_locks documentation
      b51594df
    • Linus Torvalds's avatar
      Merge tag 'mmc-v5.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc · 59815d6d
      Linus Torvalds authored
      Pull MMC fixes from Ulf Hansson:
      
       - Fix HS400 tuning for ACPI ID AMDI0040
      
       - Fix reset of CQHCI for Intel GLK-based controllers
      
       - Use correct timeout clock for Tegra186/194/210
      
       - Fix eMMC mounting on mt7622/Bpi-64
      
      * tag 'mmc-v5.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
        sdhci: tegra: Add missing TMCLK for data timeout
        arm64: tegra: Add missing timeout clock to Tegra194 SDMMC nodes
        arm64: tegra: Add missing timeout clock to Tegra186 SDMMC nodes
        arm64: tegra: Add missing timeout clock to Tegra210 SDMMC
        dt-bindings: mmc: tegra: Add tmclk for Tegra210 and later
        sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra186
        sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra210
        arm64: dts: mt7622: add reset node for mmc device
        dt-bindings: mmc: Add missing description for clk_in/out_sd1
        mmc: mediatek: add optional module reset property
        mmc: dt-bindings: Add resets/reset-names for Mediatek MMC bindings
        mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers
        mmc: sdhci-acpi: Fix HS400 tuning for AMDI0040
      59815d6d
    • Randy Dunlap's avatar
      microblaze: fix min_low_pfn/max_low_pfn build errors · 08134e79
      Randy Dunlap authored
      Fix min_low_pfn/max_low_pfn build errors for arch/microblaze/: (e.g.)
      
        ERROR: "min_low_pfn" [drivers/rpmsg/virtio_rpmsg_bus.ko] undefined!
        ERROR: "min_low_pfn" [drivers/hwtracing/intel_th/intel_th_msu_sink.ko] undefined!
        ERROR: "min_low_pfn" [drivers/hwtracing/intel_th/intel_th_msu.ko] undefined!
        ERROR: "min_low_pfn" [drivers/mmc/core/mmc_core.ko] undefined!
        ERROR: "min_low_pfn" [drivers/md/dm-crypt.ko] undefined!
        ERROR: "min_low_pfn" [drivers/net/wireless/ath/ath6kl/ath6kl_sdio.ko] undefined!
        ERROR: "min_low_pfn" [crypto/tcrypt.ko] undefined!
        ERROR: "min_low_pfn" [crypto/asymmetric_keys/asym_tpm.ko] undefined!
      
      Mike had/has an alternate patch for Microblaze:
      https://lore.kernel.org/lkml/20200630111519.GA1951986@linux.ibm.com/
      
      David suggested just exporting min_low_pfn & max_low_pfn in
      mm/memblock.c:
      https://lore.kernel.org/lkml/alpine.DEB.2.22.394.2006291911220.1118534@chino.kir.corp.google.com/Reported-by: default avatarkernel test robot <lkp@intel.com>
      Signed-off-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Acked-by: default avatarMichal Simek <monstr@monstr.eu>
      Acked-by: default avatarDavid Rientjes <rientjes@google.com>
      Cc: linux-mm@kvack.org
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: David Rientjes <rientjes@google.com>
      Cc: Mike Rapoport <rppt@linux.ibm.com>
      Cc: Michal Simek <monstr@monstr.eu>
      Cc: Michal Simek <michal.simek@xilinx.com>
      Signed-off-by: default avatarMike Rapoport <rppt@linux.ibm.com>
      08134e79
    • Max Staudt's avatar
      affs: fix basic permission bits to actually work · d3a84a8d
      Max Staudt authored
      The basic permission bits (protection bits in AmigaOS) have been broken
      in Linux' AFFS - it would only set bits, but never delete them.
      Also, contrary to the documentation, the Archived bit was not handled.
      
      Let's fix this for good, and set the bits such that Linux and classic
      AmigaOS can coexist in the most peaceful manner.
      
      Also, update the documentation to represent the current state of things.
      
      Fixes: 1da177e4 ("Linux-2.6.12-rc2")
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarMax Staudt <max@enpas.org>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      d3a84a8d