1. 03 Apr, 2023 4 commits
    • Daniel Bristot de Oliveira's avatar
      tracing/timerlat: Notify new max thread latency · b9f451a9
      Daniel Bristot de Oliveira authored
      timerlat is not reporting a new tracing_max_latency for the thread
      latency. The reason is that it is not calling notify_new_max_latency()
      function after the new thread latency is sampled.
      
      Call notify_new_max_latency() after computing the thread latency.
      
      Link: https://lkml.kernel.org/r/16e18d61d69073d0192ace07bf61e405cca96e9c.1680104184.git.bristot@kernel.org
      
      Cc: stable@vger.kernel.org
      Fixes: dae18134 ("tracing/osnoise: Support a list of trace_array *tr")
      Signed-off-by: default avatarDaniel Bristot de Oliveira <bristot@kernel.org>
      Signed-off-by: default avatarSteven Rostedt (Google) <rostedt@goodmis.org>
      b9f451a9
    • John Keeping's avatar
      ftrace: Mark get_lock_parent_ip() __always_inline · ea65b418
      John Keeping authored
      If the compiler decides not to inline this function then preemption
      tracing will always show an IP inside the preemption disabling path and
      never the function actually calling preempt_{enable,disable}.
      
      Link: https://lore.kernel.org/linux-trace-kernel/20230327173647.1690849-1-john@metanate.com
      
      Cc: Masami Hiramatsu <mhiramat@kernel.org>
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: stable@vger.kernel.org
      Fixes: f904f582 ("sched/debug: Fix preempt_disable_ip recording for preempt_disable()")
      Signed-off-by: default avatarJohn Keeping <john@metanate.com>
      Signed-off-by: default avatarSteven Rostedt (Google) <rostedt@goodmis.org>
      ea65b418
    • Zheng Yejian's avatar
      ring-buffer: Fix race while reader and writer are on the same page · 6455b616
      Zheng Yejian authored
      When user reads file 'trace_pipe', kernel keeps printing following logs
      that warn at "cpu_buffer->reader_page->read > rb_page_size(reader)" in
      rb_get_reader_page(). It just looks like there's an infinite loop in
      tracing_read_pipe(). This problem occurs several times on arm64 platform
      when testing v5.10 and below.
      
        Call trace:
         rb_get_reader_page+0x248/0x1300
         rb_buffer_peek+0x34/0x160
         ring_buffer_peek+0xbc/0x224
         peek_next_entry+0x98/0xbc
         __find_next_entry+0xc4/0x1c0
         trace_find_next_entry_inc+0x30/0x94
         tracing_read_pipe+0x198/0x304
         vfs_read+0xb4/0x1e0
         ksys_read+0x74/0x100
         __arm64_sys_read+0x24/0x30
         el0_svc_common.constprop.0+0x7c/0x1bc
         do_el0_svc+0x2c/0x94
         el0_svc+0x20/0x30
         el0_sync_handler+0xb0/0xb4
         el0_sync+0x160/0x180
      
      Then I dump the vmcore and look into the problematic per_cpu ring_buffer,
      I found that tail_page/commit_page/reader_page are on the same page while
      reader_page->read is obviously abnormal:
        tail_page == commit_page == reader_page == {
          .write = 0x100d20,
          .read = 0x8f9f4805,  // Far greater than 0xd20, obviously abnormal!!!
          .entries = 0x10004c,
          .real_end = 0x0,
          .page = {
            .time_stamp = 0x857257416af0,
            .commit = 0xd20,  // This page hasn't been full filled.
            // .data[0...0xd20] seems normal.
          }
       }
      
      The root cause is most likely the race that reader and writer are on the
      same page while reader saw an event that not fully committed by writer.
      
      To fix this, add memory barriers to make sure the reader can see the
      content of what is committed. Since commit a0fcaaed ("ring-buffer: Fix
      race between reset page and reading page") has added the read barrier in
      rb_get_reader_page(), here we just need to add the write barrier.
      
      Link: https://lore.kernel.org/linux-trace-kernel/20230325021247.2923907-1-zhengyejian1@huawei.com
      
      Cc: stable@vger.kernel.org
      Fixes: 77ae365e ("ring-buffer: make lockless")
      Suggested-by: default avatarSteven Rostedt (Google) <rostedt@goodmis.org>
      Signed-off-by: default avatarZheng Yejian <zhengyejian1@huawei.com>
      Signed-off-by: default avatarSteven Rostedt (Google) <rostedt@goodmis.org>
      6455b616
    • Tze-nan Wu's avatar
      tracing/synthetic: Fix races on freeing last_cmd · 4ccf11c4
      Tze-nan Wu authored
      Currently, the "last_cmd" variable can be accessed by multiple processes
      asynchronously when multiple users manipulate synthetic_events node
      at the same time, it could lead to use-after-free or double-free.
      
      This patch add "lastcmd_mutex" to prevent "last_cmd" from being accessed
      asynchronously.
      
      ================================================================
      
      It's easy to reproduce in the KASAN environment by running the two
      scripts below in different shells.
      
      script 1:
              while :
              do
                      echo -n -e '\x88' > /sys/kernel/tracing/synthetic_events
              done
      
      script 2:
              while :
              do
                      echo -n -e '\xb0' > /sys/kernel/tracing/synthetic_events
              done
      
      ================================================================
      double-free scenario:
      
          process A                       process B
      -------------------               ---------------
      1.kstrdup last_cmd
                                        2.free last_cmd
      3.free last_cmd(double-free)
      
      ================================================================
      use-after-free scenario:
      
          process A                       process B
      -------------------               ---------------
      1.kstrdup last_cmd
                                        2.free last_cmd
      3.tracing_log_err(use-after-free)
      
      ================================================================
      
      Appendix 1. KASAN report double-free:
      
      BUG: KASAN: double-free in kfree+0xdc/0x1d4
      Free of addr ***** by task sh/4879
      Call trace:
              ...
              kfree+0xdc/0x1d4
              create_or_delete_synth_event+0x60/0x1e8
              trace_parse_run_command+0x2bc/0x4b8
              synth_events_write+0x20/0x30
              vfs_write+0x200/0x830
              ...
      
      Allocated by task 4879:
              ...
              kstrdup+0x5c/0x98
              create_or_delete_synth_event+0x6c/0x1e8
              trace_parse_run_command+0x2bc/0x4b8
              synth_events_write+0x20/0x30
              vfs_write+0x200/0x830
              ...
      
      Freed by task 5464:
              ...
              kfree+0xdc/0x1d4
              create_or_delete_synth_event+0x60/0x1e8
              trace_parse_run_command+0x2bc/0x4b8
              synth_events_write+0x20/0x30
              vfs_write+0x200/0x830
              ...
      
      ================================================================
      Appendix 2. KASAN report use-after-free:
      
      BUG: KASAN: use-after-free in strlen+0x5c/0x7c
      Read of size 1 at addr ***** by task sh/5483
      sh: CPU: 7 PID: 5483 Comm: sh
              ...
              __asan_report_load1_noabort+0x34/0x44
              strlen+0x5c/0x7c
              tracing_log_err+0x60/0x444
              create_or_delete_synth_event+0xc4/0x204
              trace_parse_run_command+0x2bc/0x4b8
              synth_events_write+0x20/0x30
              vfs_write+0x200/0x830
              ...
      
      Allocated by task 5483:
              ...
              kstrdup+0x5c/0x98
              create_or_delete_synth_event+0x80/0x204
              trace_parse_run_command+0x2bc/0x4b8
              synth_events_write+0x20/0x30
              vfs_write+0x200/0x830
              ...
      
      Freed by task 5480:
              ...
              kfree+0xdc/0x1d4
              create_or_delete_synth_event+0x74/0x204
              trace_parse_run_command+0x2bc/0x4b8
              synth_events_write+0x20/0x30
              vfs_write+0x200/0x830
              ...
      
      Link: https://lore.kernel.org/linux-trace-kernel/20230321110444.1587-1-Tze-nan.Wu@mediatek.com
      
      Fixes: 27c888da ("tracing: Remove size restriction on synthetic event cmd error logging")
      Cc: stable@vger.kernel.org
      Cc: Masami Hiramatsu <mhiramat@kernel.org>
      Cc: Matthias Brugger <matthias.bgg@gmail.com>
      Cc: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
      Cc: "Tom Zanussi" <zanussi@kernel.org>
      Signed-off-by: default avatarTze-nan Wu <Tze-nan.Wu@mediatek.com>
      Signed-off-by: default avatarSteven Rostedt (Google) <rostedt@goodmis.org>
      4ccf11c4
  2. 02 Apr, 2023 5 commits
  3. 01 Apr, 2023 5 commits
    • Linus Torvalds's avatar
      Merge tag '6.3-rc4-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6 · f7772da6
      Linus Torvalds authored
      Pull cifs client fixes from Steve French:
       "Four cifs/smb3 client (reconnect and DFS related) fixes, including two
        for stable:
      
         - DFS oops fix
      
         - DFS reconnect recursion fix
      
         - An SMB1 parallel reconnect fix
      
         - Trivial dead code removal in smb2_reconnect"
      
      * tag '6.3-rc4-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6:
        cifs: get rid of dead check in smb2_reconnect()
        cifs: prevent infinite recursion in CIFSGetDFSRefer()
        cifs: avoid races in parallel reconnects in smb1
        cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL
      f7772da6
    • Linus Torvalds's avatar
      Merge tag 'input-for-v6.3-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input · 00c7b5f4
      Linus Torvalds authored
      Pull input fixes from Dmitry Torokhov:
      
       - fixes to ALPS and Focaltech PS/2 drivers dealing with the breakage of
         switching to -funsigned-char
      
       - quirks to i8042 to better handle Lifebook A574/H and TUXEDO devices
      
       - a quirk to Goodix touchscreen driver to handle Yoga Book X90F
      
       - a fix for incorrectly merged patch to xpad game controller driver
      
      * tag 'input-for-v6.3-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
        Input: i8042 - add TUXEDO devices to i8042 quirk tables for partial fix
        Input: alps - fix compatibility with -funsigned-char
        Input: focaltech - use explicitly signed char type
        Input: xpad - fix incorrectly applied patch for MAP_PROFILE_BUTTON
        Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table
        Input: i8042 - add quirk for Fujitsu Lifebook A574/H
      00c7b5f4
    • Linus Torvalds's avatar
      Merge tag 'pinctrl-v6.3-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl · 93e2b017
      Linus Torvalds authored
      Pull pin control fixes from Linus Walleij:
       "Some pin control fixes for the v6.3 series.
      
        The most notable and urgent one is probably the AMD fix which affects
        AMD laptops, found by the Chromium people.
      
        Summary:
      
         - Fix up the Kconfig options for MediaTek MT7981
      
         - Fix the irq domain name in the AT91-PIO4 driver
      
         - Fix some alternative muxing modes in the Ocelot driver
      
         - Allocate the GPIO numbers dynamically in the STM32 driver
      
         - Disable and mask interrupts on resume in the AMD driver
      
         - Fix a typo in the Qualcomm SM8550 pin control device tree bindings"
      
      * tag 'pinctrl-v6.3-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
        dt-bindings: pinctrl: qcom,sm8550-lpass-lpi: allow input-enabled and bias-bus-hold
        pinctrl: amd: Disable and mask interrupts on resume
        pinctrl: stm32: use dynamic allocation of GPIO base
        pinctrl: ocelot: Fix alt mode for ocelot
        pinctrl: at91-pio4: fix domain name assignment
        pinctrl: mediatek: fix naming inconsistency
        pinctrl: mediatek: add missing options to PINCTRL_MT7981
      93e2b017
    • Linus Torvalds's avatar
      Merge tag 'kbuild-fixes-v6.3-2' of... · ce0c2375
      Linus Torvalds authored
      Merge tag 'kbuild-fixes-v6.3-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
      
      Pull Kbuild fixes from Masahiro Yamada:
      
       - Fix linux-headers debian package
      
       - Fix a merge_config.sh error due to a misspelled variable
      
       - Fix modversion for 32-bit build machines
      
      * tag 'kbuild-fixes-v6.3-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
        modpost: Fix processing of CRCs on 32-bit build machines
        scripts: merge_config: Fix typo in variable name.
        kbuild: deb-pkg: set version for linux-headers paths
      ce0c2375
    • Linus Torvalds's avatar
      Merge tag 'iommu-fixes-6.3-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu · 92367fdf
      Linus Torvalds authored
      Pull iommu fixes from Joerg Roedel:
      
       - Maintainer update for S390 IOMMU driver
      
       - A fix for the set_platform_dma_ops() call-back in the Exynos
         IOMMU driver
      
       - Intel VT-d fixes from Lu Baolu:
          - Fix a lockdep splat
          - Fix a supplement of the specification
          - Fix a warning in perfmon code
      
      * tag 'iommu-fixes-6.3-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
        iommu/vt-d: Fix an IOMMU perfmon warning when CPU hotplug
        iommu/vt-d: Allow zero SAGAW if second-stage not supported
        iommu/vt-d: Remove unnecessary locking in intel_irq_remapping_alloc()
        iommu/exynos: Fix set_platform_dma_ops() callback
        MAINTAINERS: Update s390-iommu driver maintainer information
      92367fdf
  4. 31 Mar, 2023 19 commits
  5. 30 Mar, 2023 7 commits