1. 09 Sep, 2024 2 commits
  2. 05 Sep, 2024 5 commits
    • Steven Rostedt's avatar
      tracing/timerlat: Add interface_lock around clearing of kthread in stop_kthread() · 5bfbcd1e
      Steven Rostedt authored
      The timerlat interface will get and put the task that is part of the
      "kthread" field of the osn_var to keep it around until all references are
      released. But here's a race in the "stop_kthread()" code that will call
      put_task_struct() on the kthread if it is not a kernel thread. This can
      race with the releasing of the references to that task struct and the
      put_task_struct() can be called twice when it should have been called just
      once.
      
      Take the interface_lock() in stop_kthread() to synchronize this change.
      But to do so, the function stop_per_cpu_kthreads() needs to change the
      loop from for_each_online_cpu() to for_each_possible_cpu() and remove the
      cpu_read_lock(), as the interface_lock can not be taken while the cpu
      locks are held. The only side effect of this change is that it may do some
      extra work, as the per_cpu variables of the offline CPUs would not be set
      anyway, and would simply be skipped in the loop.
      
      Remove unneeded "return;" in stop_kthread().
      
      Cc: stable@vger.kernel.org
      Cc: Masami Hiramatsu <mhiramat@kernel.org>
      Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
      Cc: Tomas Glozar <tglozar@redhat.com>
      Cc: John Kacur <jkacur@redhat.com>
      Cc: "Luis Claudio R. Goncalves" <lgoncalv@redhat.com>
      Link: https://lore.kernel.org/20240905113359.2b934242@gandalf.local.home
      Fixes: e88ed227 ("tracing/timerlat: Add user-space interface")
      Signed-off-by: default avatarSteven Rostedt (Google) <rostedt@goodmis.org>
      5bfbcd1e
    • Steven Rostedt's avatar
      tracing/timerlat: Only clear timer if a kthread exists · e6a53481
      Steven Rostedt authored
      The timerlat tracer can use user space threads to check for osnoise and
      timer latency. If the program using this is killed via a SIGTERM, the
      threads are shutdown one at a time and another tracing instance can start
      up resetting the threads before they are fully closed. That causes the
      hrtimer assigned to the kthread to be shutdown and freed twice when the
      dying thread finally closes the file descriptors, causing a use-after-free
      bug.
      
      Only cancel the hrtimer if the associated thread is still around. Also add
      the interface_lock around the resetting of the tlat_var->kthread.
      
      Note, this is just a quick fix that can be backported to stable. A real
      fix is to have a better synchronization between the shutdown of old
      threads and the starting of new ones.
      
      Link: https://lore.kernel.org/all/20240820130001.124768-1-tglozar@redhat.com/
      
      Cc: stable@vger.kernel.org
      Cc: Masami Hiramatsu <mhiramat@kernel.org>
      Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
      Cc: "Luis Claudio R. Goncalves" <lgoncalv@redhat.com>
      Link: https://lore.kernel.org/20240905085330.45985730@gandalf.local.home
      Fixes: e88ed227 ("tracing/timerlat: Add user-space interface")
      Reported-by: default avatarTomas Glozar <tglozar@redhat.com>
      Signed-off-by: default avatarSteven Rostedt (Google) <rostedt@goodmis.org>
      e6a53481
    • Steven Rostedt's avatar
      tracing/osnoise: Use a cpumask to know what threads are kthreads · 177e1cc2
      Steven Rostedt authored
      The start_kthread() and stop_thread() code was not always called with the
      interface_lock held. This means that the kthread variable could be
      unexpectedly changed causing the kthread_stop() to be called on it when it
      should not have been, leading to:
      
       while true; do
         rtla timerlat top -u -q & PID=$!;
         sleep 5;
         kill -INT $PID;
         sleep 0.001;
         kill -TERM $PID;
         wait $PID;
        done
      
      Causing the following OOPS:
      
       Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN PTI
       KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
       CPU: 5 UID: 0 PID: 885 Comm: timerlatu/5 Not tainted 6.11.0-rc4-test-00002-gbc754cc7-dirty #125 a533010b71dab205ad2f507188ce8c82203b0254
       Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
       RIP: 0010:hrtimer_active+0x58/0x300
       Code: 48 c1 ee 03 41 54 48 01 d1 48 01 d6 55 53 48 83 ec 20 80 39 00 0f 85 30 02 00 00 49 8b 6f 30 4c 8d 75 10 4c 89 f0 48 c1 e8 03 <0f> b6 3c 10 4c 89 f0 83 e0 07 83 c0 03 40 38 f8 7c 09 40 84 ff 0f
       RSP: 0018:ffff88811d97f940 EFLAGS: 00010202
       RAX: 0000000000000002 RBX: ffff88823c6b5b28 RCX: ffffed10478d6b6b
       RDX: dffffc0000000000 RSI: ffffed10478d6b6c RDI: ffff88823c6b5b28
       RBP: 0000000000000000 R08: ffff88823c6b5b58 R09: ffff88823c6b5b60
       R10: ffff88811d97f957 R11: 0000000000000010 R12: 00000000000a801d
       R13: ffff88810d8b35d8 R14: 0000000000000010 R15: ffff88823c6b5b28
       FS:  0000000000000000(0000) GS:ffff88823c680000(0000) knlGS:0000000000000000
       CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
       CR2: 0000561858ad7258 CR3: 000000007729e001 CR4: 0000000000170ef0
       Call Trace:
        <TASK>
        ? die_addr+0x40/0xa0
        ? exc_general_protection+0x154/0x230
        ? asm_exc_general_protection+0x26/0x30
        ? hrtimer_active+0x58/0x300
        ? __pfx_mutex_lock+0x10/0x10
        ? __pfx_locks_remove_file+0x10/0x10
        hrtimer_cancel+0x15/0x40
        timerlat_fd_release+0x8e/0x1f0
        ? security_file_release+0x43/0x80
        __fput+0x372/0xb10
        task_work_run+0x11e/0x1f0
        ? _raw_spin_lock+0x85/0xe0
        ? __pfx_task_work_run+0x10/0x10
        ? poison_slab_object+0x109/0x170
        ? do_exit+0x7a0/0x24b0
        do_exit+0x7bd/0x24b0
        ? __pfx_migrate_enable+0x10/0x10
        ? __pfx_do_exit+0x10/0x10
        ? __pfx_read_tsc+0x10/0x10
        ? ktime_get+0x64/0x140
        ? _raw_spin_lock_irq+0x86/0xe0
        do_group_exit+0xb0/0x220
        get_signal+0x17ba/0x1b50
        ? vfs_read+0x179/0xa40
        ? timerlat_fd_read+0x30b/0x9d0
        ? __pfx_get_signal+0x10/0x10
        ? __pfx_timerlat_fd_read+0x10/0x10
        arch_do_signal_or_restart+0x8c/0x570
        ? __pfx_arch_do_signal_or_restart+0x10/0x10
        ? vfs_read+0x179/0xa40
        ? ksys_read+0xfe/0x1d0
        ? __pfx_ksys_read+0x10/0x10
        syscall_exit_to_user_mode+0xbc/0x130
        do_syscall_64+0x74/0x110
        ? __pfx___rseq_handle_notify_resume+0x10/0x10
        ? __pfx_ksys_read+0x10/0x10
        ? fpregs_restore_userregs+0xdb/0x1e0
        ? fpregs_restore_userregs+0xdb/0x1e0
        ? syscall_exit_to_user_mode+0x116/0x130
        ? do_syscall_64+0x74/0x110
        ? do_syscall_64+0x74/0x110
        ? do_syscall_64+0x74/0x110
        entry_SYSCALL_64_after_hwframe+0x71/0x79
       RIP: 0033:0x7ff0070eca9c
       Code: Unable to access opcode bytes at 0x7ff0070eca72.
       RSP: 002b:00007ff006dff8c0 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
       RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007ff0070eca9c
       RDX: 0000000000000400 RSI: 00007ff006dff9a0 RDI: 0000000000000003
       RBP: 00007ff006dffde0 R08: 0000000000000000 R09: 00007ff000000ba0
       R10: 00007ff007004b08 R11: 0000000000000246 R12: 0000000000000003
       R13: 00007ff006dff9a0 R14: 0000000000000007 R15: 0000000000000008
        </TASK>
       Modules linked in: snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hwdep snd_hda_core
       ---[ end trace 0000000000000000 ]---
      
      This is because it would mistakenly call kthread_stop() on a user space
      thread making it "exit" before it actually exits.
      
      Since kthreads are created based on global behavior, use a cpumask to know
      when kthreads are running and that they need to be shutdown before
      proceeding to do new work.
      
      Link: https://lore.kernel.org/all/20240820130001.124768-1-tglozar@redhat.com/
      
      This was debugged by using the persistent ring buffer:
      
      Link: https://lore.kernel.org/all/20240823013902.135036960@goodmis.org/
      
      Note, locking was originally used to fix this, but that proved to cause too
      many deadlocks to work around:
      
        https://lore.kernel.org/linux-trace-kernel/20240823102816.5e55753b@gandalf.local.home/
      
      Cc: stable@vger.kernel.org
      Cc: Masami Hiramatsu <mhiramat@kernel.org>
      Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
      Cc: "Luis Claudio R. Goncalves" <lgoncalv@redhat.com>
      Link: https://lore.kernel.org/20240904103428.08efdf4c@gandalf.local.home
      Fixes: e88ed227 ("tracing/timerlat: Add user-space interface")
      Reported-by: default avatarTomas Glozar <tglozar@redhat.com>
      Signed-off-by: default avatarSteven Rostedt (Google) <rostedt@goodmis.org>
      177e1cc2
    • Steven Rostedt's avatar
      eventfs: Use list_del_rcu() for SRCU protected list variable · d2603279
      Steven Rostedt authored
      Chi Zhiling reported:
      
        We found a null pointer accessing in tracefs[1], the reason is that the
        variable 'ei_child' is set to LIST_POISON1, that means the list was
        removed in eventfs_remove_rec. so when access the ei_child->is_freed, the
        panic triggered.
      
        by the way, the following script can reproduce this panic
      
        loop1 (){
            while true
            do
                echo "p:kp submit_bio" > /sys/kernel/debug/tracing/kprobe_events
                echo "" > /sys/kernel/debug/tracing/kprobe_events
            done
        }
        loop2 (){
            while true
            do
                tree /sys/kernel/debug/tracing/events/kprobes/
            done
        }
        loop1 &
        loop2
      
        [1]:
        [ 1147.959632][T17331] Unable to handle kernel paging request at virtual address dead000000000150
        [ 1147.968239][T17331] Mem abort info:
        [ 1147.971739][T17331]   ESR = 0x0000000096000004
        [ 1147.976172][T17331]   EC = 0x25: DABT (current EL), IL = 32 bits
        [ 1147.982171][T17331]   SET = 0, FnV = 0
        [ 1147.985906][T17331]   EA = 0, S1PTW = 0
        [ 1147.989734][T17331]   FSC = 0x04: level 0 translation fault
        [ 1147.995292][T17331] Data abort info:
        [ 1147.998858][T17331]   ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
        [ 1148.005023][T17331]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0
        [ 1148.010759][T17331]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
        [ 1148.016752][T17331] [dead000000000150] address between user and kernel address ranges
        [ 1148.024571][T17331] Internal error: Oops: 0000000096000004 [#1] SMP
        [ 1148.030825][T17331] Modules linked in: team_mode_loadbalance team nlmon act_gact cls_flower sch_ingress bonding tls macvlan dummy ib_core bridge stp llc veth amdgpu amdxcp mfd_core gpu_sched drm_exec drm_buddy radeon crct10dif_ce video drm_suballoc_helper ghash_ce drm_ttm_helper sha2_ce ttm sha256_arm64 i2c_algo_bit sha1_ce sbsa_gwdt cp210x drm_display_helper cec sr_mod cdrom drm_kms_helper binfmt_misc sg loop fuse drm dm_mod nfnetlink ip_tables autofs4 [last unloaded: tls]
        [ 1148.072808][T17331] CPU: 3 PID: 17331 Comm: ls Tainted: G        W         ------- ----  6.6.43 #2
        [ 1148.081751][T17331] Source Version: 21b3b386e948bedd29369af66f3e98ab01b1c650
        [ 1148.088783][T17331] Hardware name: Greatwall GW-001M1A-FTF/GW-001M1A-FTF, BIOS KunLun BIOS V4.0 07/16/2020
        [ 1148.098419][T17331] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
        [ 1148.106060][T17331] pc : eventfs_iterate+0x2c0/0x398
        [ 1148.111017][T17331] lr : eventfs_iterate+0x2fc/0x398
        [ 1148.115969][T17331] sp : ffff80008d56bbd0
        [ 1148.119964][T17331] x29: ffff80008d56bbf0 x28: ffff001ff5be2600 x27: 0000000000000000
        [ 1148.127781][T17331] x26: ffff001ff52ca4e0 x25: 0000000000009977 x24: dead000000000100
        [ 1148.135598][T17331] x23: 0000000000000000 x22: 000000000000000b x21: ffff800082645f10
        [ 1148.143415][T17331] x20: ffff001fddf87c70 x19: ffff80008d56bc90 x18: 0000000000000000
        [ 1148.151231][T17331] x17: 0000000000000000 x16: 0000000000000000 x15: ffff001ff52ca4e0
        [ 1148.159048][T17331] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000
        [ 1148.166864][T17331] x11: 0000000000000000 x10: 0000000000000000 x9 : ffff8000804391d0
        [ 1148.174680][T17331] x8 : 0000000180000000 x7 : 0000000000000018 x6 : 0000aaab04b92862
        [ 1148.182498][T17331] x5 : 0000aaab04b92862 x4 : 0000000080000000 x3 : 0000000000000068
        [ 1148.190314][T17331] x2 : 000000000000000f x1 : 0000000000007ea8 x0 : 0000000000000001
        [ 1148.198131][T17331] Call trace:
        [ 1148.201259][T17331]  eventfs_iterate+0x2c0/0x398
        [ 1148.205864][T17331]  iterate_dir+0x98/0x188
        [ 1148.210036][T17331]  __arm64_sys_getdents64+0x78/0x160
        [ 1148.215161][T17331]  invoke_syscall+0x78/0x108
        [ 1148.219593][T17331]  el0_svc_common.constprop.0+0x48/0xf0
        [ 1148.224977][T17331]  do_el0_svc+0x24/0x38
        [ 1148.228974][T17331]  el0_svc+0x40/0x168
        [ 1148.232798][T17331]  el0t_64_sync_handler+0x120/0x130
        [ 1148.237836][T17331]  el0t_64_sync+0x1a4/0x1a8
        [ 1148.242182][T17331] Code: 54ffff6c f9400676 910006d6 f9000676 (b9405300)
        [ 1148.248955][T17331] ---[ end trace 0000000000000000 ]---
      
      The issue is that list_del() is used on an SRCU protected list variable
      before the synchronization occurs. This can poison the list pointers while
      there is a reader iterating the list.
      
      This is simply fixed by using list_del_rcu() that is specifically made for
      this purpose.
      
      Link: https://lore.kernel.org/linux-trace-kernel/20240829085025.3600021-1-chizhiling@163.com/
      
      Cc: stable@vger.kernel.org
      Cc: Masami Hiramatsu <mhiramat@kernel.org>
      Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
      Link: https://lore.kernel.org/20240904131605.640d42b1@gandalf.local.home
      Fixes: 43aa6f97 ("eventfs: Get rid of dentry pointers without refcounts")
      Reported-by: default avatarChi Zhiling <chizhiling@kylinos.cn>
      Tested-by: default avatarChi Zhiling <chizhiling@kylinos.cn>
      Signed-off-by: default avatarSteven Rostedt (Google) <rostedt@goodmis.org>
      d2603279
    • Zheng Yejian's avatar
      tracing: Avoid possible softlockup in tracing_iter_reset() · 49aa8a1f
      Zheng Yejian authored
      In __tracing_open(), when max latency tracers took place on the cpu,
      the time start of its buffer would be updated, then event entries with
      timestamps being earlier than start of the buffer would be skipped
      (see tracing_iter_reset()).
      
      Softlockup will occur if the kernel is non-preemptible and too many
      entries were skipped in the loop that reset every cpu buffer, so add
      cond_resched() to avoid it.
      
      Cc: stable@vger.kernel.org
      Fixes: 2f26ebd5 ("tracing: use timestamp to determine start of latency traces")
      Link: https://lore.kernel.org/20240827124654.3817443-1-zhengyejian@huaweicloud.comSuggested-by: default avatarSteven Rostedt <rostedt@goodmis.org>
      Signed-off-by: default avatarZheng Yejian <zhengyejian@huaweicloud.com>
      Signed-off-by: default avatarSteven Rostedt (Google) <rostedt@goodmis.org>
      49aa8a1f
  3. 21 Aug, 2024 2 commits
    • Masami Hiramatsu (Google)'s avatar
      tracing: Fix memory leak in fgraph storage selftest · bc754cc7
      Masami Hiramatsu (Google) authored
      With ftrace boot-time selftest, kmemleak reported some memory leaks in
      the new test case for function graph storage for multiple tracers.
      
      unreferenced object 0xffff888005060080 (size 32):
        comm "swapper/0", pid 1, jiffies 4294676440
        hex dump (first 32 bytes):
          00 00 00 00 00 00 00 00 20 10 06 05 80 88 ff ff  ........ .......
          54 0c 1e 81 ff ff ff ff 00 00 00 00 00 00 00 00  T...............
        backtrace (crc 7c93416c):
          [<000000000238ee6f>] __kmalloc_cache_noprof+0x11f/0x2a0
          [<0000000033d2b6c5>] enter_record+0xe8/0x150
          [<0000000054c38424>] match_records+0x1cd/0x230
          [<00000000c775b63d>] ftrace_set_hash+0xff/0x380
          [<000000007bf7208c>] ftrace_set_filter+0x70/0x90
          [<00000000a5c08dda>] test_graph_storage_multi+0x2e/0xf0
          [<000000006ba028ca>] trace_selftest_startup_function_graph+0x1e8/0x260
          [<00000000a715d3eb>] run_tracer_selftest+0x111/0x190
          [<00000000395cbf90>] register_tracer+0xdf/0x1f0
          [<0000000093e67f7b>] do_one_initcall+0x141/0x3b0
          [<00000000c591b682>] do_initcall_level+0x82/0xa0
          [<000000004e4c6600>] do_initcalls+0x43/0x70
          [<0000000034f3c4e4>] kernel_init_freeable+0x170/0x1f0
          [<00000000c7a5dab2>] kernel_init+0x1a/0x1a0
          [<00000000ea105947>] ret_from_fork+0x3a/0x50
          [<00000000a1932e84>] ret_from_fork_asm+0x1a/0x30
      ...
      
      This means filter hash allocated for the fixtures are not correctly
      released after the test.
      
      Free those hash lists after tests are done and split the loop for
      initialize fixture and register fixture for rollback.
      
      Fixes: dd120af2 ("ftrace: Add multiple fgraph storage selftest")
      Cc: stable@vger.kernel.org
      Link: https://lore.kernel.org/172411539857.28895.13119957560263401102.stgit@devnote2Signed-off-by: default avatarMasami Hiramatsu (Google) <mhiramat@kernel.org>
      Signed-off-by: default avatarSteven Rostedt (Google) <rostedt@goodmis.org>
      bc754cc7
    • Masami Hiramatsu (Google)'s avatar
      tracing: fgraph: Fix to add new fgraph_ops to array after ftrace_startup_subops() · a069a22f
      Masami Hiramatsu (Google) authored
      Since the register_ftrace_graph() assigns a new fgraph_ops to
      fgraph_array before registring it by ftrace_startup_subops(), the new
      fgraph_ops can be used in function_graph_enter().
      
      In most cases, it is still OK because those fgraph_ops's hashtable is
      already initialized by ftrace_set_filter*() etc.
      
      But if a user registers a new fgraph_ops which does not initialize the
      hash list, ftrace_ops_test() in function_graph_enter() causes a NULL
      pointer dereference BUG because fgraph_ops->ops.func_hash is NULL.
      
      This can be reproduced by the below commands because function profiler's
      fgraph_ops does not initialize the hash list;
      
       # cd /sys/kernel/tracing
       # echo function_graph > current_tracer
       # echo 1 > function_profile_enabled
      
      To fix this problem, add a new fgraph_ops to fgraph_array after
      ftrace_startup_subops(). Thus, until the new fgraph_ops is initialized,
      we will see fgraph_stub on the corresponding fgraph_array entry.
      
      Cc: Alexei Starovoitov <alexei.starovoitov@gmail.com>
      Cc: Florent Revest <revest@chromium.org>
      Cc: Martin KaFai Lau <martin.lau@linux.dev>
      Cc: bpf <bpf@vger.kernel.org>
      Cc: Sven Schnelle <svens@linux.ibm.com>
      Cc: Alexei Starovoitov <ast@kernel.org>
      Cc: Jiri Olsa <jolsa@kernel.org>
      Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
      Cc: Daniel Borkmann <daniel@iogearbox.net>
      Cc: Alan Maguire <alan.maguire@oracle.com>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Guo Ren <guoren@kernel.org>
      Link: https://lore.kernel.org/172398528350.293426.8347220120333730248.stgit@devnote2
      Fixes: c132be2c ("function_graph: Have the instances use their own ftrace_ops for filtering")
      Signed-off-by: default avatarMasami Hiramatsu (Google) <mhiramat@kernel.org>
      Signed-off-by: default avatarSteven Rostedt (Google) <rostedt@goodmis.org>
      a069a22f
  4. 18 Aug, 2024 9 commits
    • Linus Torvalds's avatar
      Linux 6.11-rc4 · 47ac09b9
      Linus Torvalds authored
      47ac09b9
    • Linus Torvalds's avatar
      Merge tag 'driver-core-6.11-rc4' of... · ccdbf91f
      Linus Torvalds authored
      Merge tag 'driver-core-6.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
      
      Pull driver core fixes from Greg KH:
       "Here are two driver fixes for regressions from 6.11-rc1 due to the
        driver core change making a structure in a driver core callback const.
      
        These were missed by all testing EXCEPT for what Bart happened to be
        running, so I appreciate the fixes provided here for some
        odd/not-often-used driver subsystems that nothing else happened to
        catch.
      
        Both of these fixes have been in linux-next all week with no reported
        issues"
      
      * tag 'driver-core-6.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
        mips: sgi-ip22: Fix the build
        ARM: riscpc: ecard: Fix the build
      ccdbf91f
    • Linus Torvalds's avatar
      Merge tag 'char-misc-6.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · e1bc1132
      Linus Torvalds authored
      Pull char / misc fixes from Greg KH:
       "Here are some small char/misc fixes for 6.11-rc4 to resolve reported
        problems. Included in here are:
      
         - fastrpc revert of a change that broke userspace
      
         - xillybus fixes for reported issues
      
        Half of these have been in linux-next this week with no reported
        problems, I don't know if the last bit of xillybus driver changes made
        it in, but they are 'obviously correct' so will be safe :)"
      
      * tag 'char-misc-6.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
        char: xillybus: Check USB endpoints when probing device
        char: xillybus: Refine workqueue handling
        Revert "misc: fastrpc: Restrict untrusted app to attach to privileged PD"
        char: xillybus: Don't destroy workqueue from work item running on it
      e1bc1132
    • Linus Torvalds's avatar
      Merge tag 'tty-6.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty · 394f33f9
      Linus Torvalds authored
      Pull tty / serial fixes from Greg KH:
       "Here are some small tty and serial driver fixes for 6.11-rc4 to
        resolve some reported problems. Included in here are:
      
         - conmakehash.c userspace build issues
      
         - fsl_lpuart driver fix
      
         - 8250_omap revert for reported regression
      
         - atmel_serial rts flag fix
      
        All of these have been in linux-next this week with no reported
        issues"
      
      * tag 'tty-6.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
        Revert "serial: 8250_omap: Set the console genpd always on if no console suspend"
        tty: atmel_serial: use the correct RTS flag.
        tty: vt: conmakehash: remove non-portable code printing comment header
        tty: serial: fsl_lpuart: mark last busy before uart_add_one_port
      394f33f9
    • Linus Torvalds's avatar
      Merge tag 'usb-6.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · 3d9061d2
      Linus Torvalds authored
      Pull USB / Thunderbolt driver fixes from Greg KH:
       "Here are some small USB and Thunderbolt driver fixes for 6.11-rc4 to
        resolve some reported issues. Included in here are:
      
         - thunderbolt driver fixes for reported problems
      
         - typec driver fixes
      
         - xhci fixes
      
         - new device id for ljca usb driver
      
        All of these have been in linux-next this week with no reported
        issues"
      
      * tag 'usb-6.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
        xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration
        usb: misc: ljca: Add Lunar Lake ljca GPIO HID to ljca_gpio_hids[]
        Revert "usb: typec: tcpm: clear pd_event queue in PORT_RESET"
        usb: typec: ucsi: Fix the return value of ucsi_run_command()
        usb: xhci: fix duplicate stall handling in handle_tx_event()
        usb: xhci: Check for xhci->interrupters being allocated in xhci_mem_clearup()
        thunderbolt: Mark XDomain as unplugged when router is removed
        thunderbolt: Fix memory leaks in {port|retimer}_sb_regs_write()
      3d9061d2
    • Linus Torvalds's avatar
      Merge tag 'for-6.11-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux · 57b14823
      Linus Torvalds authored
      Pull more btrfs fixes from David Sterba:
       "A more fixes. We got reports that shrinker added in 6.10 still causes
        latency spikes and the fixes don't handle all corner cases. Due to
        summer holidays we're taking a shortcut to disable it for release
        builds and will fix it in the near future.
      
         - only enable extent map shrinker for DEBUG builds, temporary quick
           fix to avoid latency spikes for regular builds
      
         - update target inode's ctime on unlink, mandated by POSIX
      
         - properly take lock to read/update block group's zoned variables
      
         - add counted_by() annotations"
      
      * tag 'for-6.11-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
        btrfs: only enable extent map shrinker for DEBUG builds
        btrfs: zoned: properly take lock to read/update block group's zoned variables
        btrfs: tree-checker: add dev extent item checks
        btrfs: update target inode's ctime on unlink
        btrfs: send: annotate struct name_cache_entry with __counted_by()
      57b14823
    • Jann Horn's avatar
      fuse: Initialize beyond-EOF page contents before setting uptodate · 3c0da3d1
      Jann Horn authored
      fuse_notify_store(), unlike fuse_do_readpage(), does not enable page
      zeroing (because it can be used to change partial page contents).
      
      So fuse_notify_store() must be more careful to fully initialize page
      contents (including parts of the page that are beyond end-of-file)
      before marking the page uptodate.
      
      The current code can leave beyond-EOF page contents uninitialized, which
      makes these uninitialized page contents visible to userspace via mmap().
      
      This is an information leak, but only affects systems which do not
      enable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the
      corresponding kernel command line parameter).
      
      Link: https://bugs.chromium.org/p/project-zero/issues/detail?id=2574
      Cc: stable@kernel.org
      Fixes: a1d75f25 ("fuse: add store request")
      Signed-off-by: default avatarJann Horn <jannh@google.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      3c0da3d1
    • Linus Torvalds's avatar
      Merge tag 'mm-hotfixes-stable-2024-08-17-19-34' of... · c3f2d783
      Linus Torvalds authored
      Merge tag 'mm-hotfixes-stable-2024-08-17-19-34' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
      
      Pull misc fixes from Andrew Morton:
       "16 hotfixes. All except one are for MM. 10 of these are cc:stable and
        the others pertain to post-6.10 issues.
      
        As usual with these merges, singletons and doubletons all over the
        place, no identifiable-by-me theme. Please see the lovingly curated
        changelogs to get the skinny"
      
      * tag 'mm-hotfixes-stable-2024-08-17-19-34' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm:
        mm/migrate: fix deadlock in migrate_pages_batch() on large folios
        alloc_tag: mark pages reserved during CMA activation as not tagged
        alloc_tag: introduce clear_page_tag_ref() helper function
        crash: fix riscv64 crash memory reserve dead loop
        selftests: memfd_secret: don't build memfd_secret test on unsupported arches
        mm: fix endless reclaim on machines with unaccepted memory
        selftests/mm: compaction_test: fix off by one in check_compaction()
        mm/numa: no task_numa_fault() call if PMD is changed
        mm/numa: no task_numa_fault() call if PTE is changed
        mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0
        mm/memory-failure: use raw_spinlock_t in struct memory_failure_cpu
        mm: don't account memmap per-node
        mm: add system wide stats items category
        mm: don't account memmap on failure
        mm/hugetlb: fix hugetlb vs. core-mm PT locking
        mseal: fix is_madv_discard()
      c3f2d783
    • Linus Torvalds's avatar
      Merge tag 'powerpc-6.11-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · 810996a3
      Linus Torvalds authored
      Pull powerpc fixes from Michael Ellerman:
      
       - Fix crashes on 85xx with some configs since the recent hugepd rework.
      
       - Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL on some
         platforms.
      
       - Don't enable offline cores when changing SMT modes, to match existing
         userspace behaviour.
      
      Thanks to Christophe Leroy, Dr. David Alan Gilbert, Guenter Roeck, Nysal
      Jan K.A, Shrikanth Hegde, Thomas Gleixner, and Tyrel Datwyler.
      
      * tag 'powerpc-6.11-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        powerpc/topology: Check if a core is online
        cpu/SMT: Enable SMT only if a core is online
        powerpc/mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL
        powerpc/mm: Fix size of allocated PGDIR
        soc: fsl: qbman: remove unused struct 'cgr_comp'
      810996a3
  5. 17 Aug, 2024 8 commits
    • Linus Torvalds's avatar
      Merge tag 'v6.11-rc3-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6 · e0fac5fc
      Linus Torvalds authored
      Pull smb client fixes from Steve French:
      
       - fix for clang warning - additional null check
      
       - fix for cached write with posix locks
      
       - flexible structure fix
      
      * tag 'v6.11-rc3-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6:
        smb: smb2pdu.h: Use static_assert() to check struct sizes
        smb3: fix lock breakage for cached writes
        smb/client: avoid possible NULL dereference in cifs_free_subrequest()
      e0fac5fc
    • Linus Torvalds's avatar
      Merge tag 'i2c-for-6.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux · 98a1b2d7
      Linus Torvalds authored
      Pull i2c fixes from Wolfram Sang:
       "I2C core fix replacing IS_ENABLED() with IS_REACHABLE()
      
        For host drivers, there are two fixes:
      
         - Tegra I2C Controller: Addresses a potential double-locking issue
           during probe. ACPI devices are not IRQ-safe when invoking runtime
           suspend and resume functions, so the irq_safe flag should not be
           set.
      
         - Qualcomm GENI I2C Controller: Fixes an oversight in the exit path
           of the runtime_resume() function, which was missed in the previous
           release"
      
      * tag 'i2c-for-6.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
        i2c: tegra: Do not mark ACPI devices as irq safe
        i2c: Use IS_REACHABLE() for substituting empty ACPI functions
        i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume
      98a1b2d7
    • Linus Torvalds's avatar
      Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi · df6cbc62
      Linus Torvalds authored
      Pull SCSI fixes from James Bottomley:
       "Two small fixes to the mpi3mr driver. One to avoid oversize
        allocations in tracing and the other to fix an uninitialized spinlock
        in the user to driver feature request code (used to trigger dumps and
        the like)"
      
      * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
        scsi: mpi3mr: Avoid MAX_PAGE_ORDER WARNING for buffer allocations
        scsi: mpi3mr: Add missing spin_lock_init() for mrioc->trigger_lock
      df6cbc62
    • Linus Torvalds's avatar
      Merge tag 'xfs-6.11-fixes-3' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux · d09840f8
      Linus Torvalds authored
      Pull xfs fixes from Chandan Babu:
      
       - Check for presence of only 'attr' feature before scrubbing an inode's
         attribute fork.
      
       - Restore the behaviour of setting AIL thread to TASK_INTERRUPTIBLE for
         long (i.e. 50ms) sleep durations to prevent high load averages.
      
       - Do not allow users to change the realtime flag of a file unless the
         datadev and rtdev both support fsdax access modes.
      
      * tag 'xfs-6.11-fixes-3' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
        xfs: conditionally allow FS_XFLAG_REALTIME changes if S_DAX is set
        xfs: revert AIL TASK_KILLABLE threshold
        xfs: attr forks require attr, not attr2
      d09840f8
    • Linus Torvalds's avatar
      Merge tag 'bcachefs-2024-08-16' of git://evilpiepirate.org/bcachefs · b7181758
      Linus Torvalds authored
      Pull bcachefs fixes from Kent OverstreetL
      
       - New on disk format version, bcachefs_metadata_version_disk_accounting_inum
      
         This adds one more disk accounting counter, which counts disk usage
         and number of extents per inode number. This lets us track
         fragmentation, for implementing defragmentation later, and it also
         counts disk usage per inode in all snapshots, which will be a useful
         thing to expose to users.
      
       - One performance issue we've observed is threads spinning when they
         should be waiting for dirty keys in the key cache to be flushed by
         journal reclaim, so we now have hysteresis for the waiting thread, as
         well as improving the tracepoint and a new time_stat, for tracking
         time blocked waiting on key cache flushing.
      
      ... and various assorted smaller fixes.
      
      * tag 'bcachefs-2024-08-16' of git://evilpiepirate.org/bcachefs:
        bcachefs: Fix locking in __bch2_trans_mark_dev_sb()
        bcachefs: fix incorrect i_state usage
        bcachefs: avoid overflowing LRU_TIME_BITS for cached data lru
        bcachefs: Fix forgetting to pass trans to fsck_err()
        bcachefs: Increase size of cuckoo hash table on too many rehashes
        bcachefs: bcachefs_metadata_version_disk_accounting_inum
        bcachefs: Kill __bch2_accounting_mem_mod()
        bcachefs: Make bkey_fsck_err() a wrapper around fsck_err()
        bcachefs: Fix warning in __bch2_fsck_err() for trans not passed in
        bcachefs: Add a time_stat for blocked on key cache flush
        bcachefs: Improve trans_blocked_journal_reclaim tracepoint
        bcachefs: Add hysteresis to waiting on btree key cache flush
        lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()
        bcachefs: Convert for_each_btree_node() to lockrestart_do()
        bcachefs: Add missing downgrade table entry
        bcachefs: disk accounting: ignore unknown types
        bcachefs: bch2_accounting_invalid() fixup
        bcachefs: Fix bch2_trigger_alloc when upgrading from old versions
        bcachefs: delete faulty fastpath in bch2_btree_path_traverse_cached()
      b7181758
    • Kent Overstreet's avatar
      bcachefs: Fix locking in __bch2_trans_mark_dev_sb() · 0e49d3ff
      Kent Overstreet authored
      We run this in full RW mode now, so we have to guard against the
      superblock buffer being reallocated.
      Signed-off-by: default avatarKent Overstreet <kent.overstreet@linux.dev>
      0e49d3ff
    • Linus Torvalds's avatar
      Merge tag 'pull-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · e5fa841a
      Linus Torvalds authored
      Pull memcg-v1 fix from Al Viro:
       "memcg_write_event_control() oops fix"
      
      * tag 'pull-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        memcg_write_event_control(): fix a user-triggerable oops
      e5fa841a
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · c2cdb13a
      Linus Torvalds authored
      Pull arm64 fixes from Catalin Marinas:
      
       - Fix the arm64 __get_mem_asm() to use the _ASM_EXTABLE_##type##ACCESS()
         macro instead of the *_ERR() one in order to avoid writing -EFAULT to
         the value register in case of a fault
      
       - Initialise all elements of the acpi_early_node_map[] to NUMA_NO_NODE.
         Prior to this fix, only the first element was initialised
      
       - Move the KASAN random tag seed initialisation after the per-CPU areas
         have been initialised (prng_state is __percpu)
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64: Fix KASAN random tag seed initialization
        arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to NUMA_NO_NODE
        arm64: uaccess: correct thinko in __get_mem_asm()
      c2cdb13a
  6. 16 Aug, 2024 14 commits