From: Greg Kroah-Hartman Date: Wed, 20 Mar 2019 17:22:53 +0000 (+0100) Subject: 4.9-stable patches X-Git-Tag: v3.18.137~71 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=00cefa71d2852057b68e8a3d5f17f4cb407c6c0e;p=thirdparty%2Fkernel%2Fstable-queue.git 4.9-stable patches added patches: acpi-device_sysfs-avoid-of-modalias-creation-for-removed-device.patch cifs-do-not-reset-lease-state-to-none-on-lease-break.patch cifs-fix-read-after-write-for-files-with-read-caching.patch crypto-arm64-aes-ccm-fix-logical-bug-in-aad-mac-handling.patch crypto-hash-set-crypto_tfm_need_key-if-setkey-fails.patch tracing-do-not-free-iter-trace-in-fail-path-of-tracing_open_pipe.patch tracing-use-strncpy-instead-of-memcpy-for-string-keys-in-hist-triggers.patch --- diff --git a/queue-4.9/acpi-device_sysfs-avoid-of-modalias-creation-for-removed-device.patch b/queue-4.9/acpi-device_sysfs-avoid-of-modalias-creation-for-removed-device.patch new file mode 100644 index 00000000000..291acfa7695 --- /dev/null +++ b/queue-4.9/acpi-device_sysfs-avoid-of-modalias-creation-for-removed-device.patch @@ -0,0 +1,75 @@ +From f16eb8a4b096514ac06fb25bf599dcc792899b3d Mon Sep 17 00:00:00 2001 +From: Andy Shevchenko +Date: Mon, 11 Mar 2019 18:41:03 +0200 +Subject: ACPI / device_sysfs: Avoid OF modalias creation for removed device + +From: Andy Shevchenko + +commit f16eb8a4b096514ac06fb25bf599dcc792899b3d upstream. + +If SSDT overlay is loaded via ConfigFS and then unloaded the device, +we would like to have OF modalias for, already gone. Thus, acpi_get_name() +returns no allocated buffer for such case and kernel crashes afterwards: + + ACPI: Host-directed Dynamic ACPI Table Unload + ads7950 spi-PRP0001:00: Dropping the link to regulator.0 + BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 + #PF error: [normal kernel read fault] + PGD 80000000070d6067 P4D 80000000070d6067 PUD 70d0067 PMD 0 + Oops: 0000 [#1] SMP PTI + CPU: 0 PID: 40 Comm: kworker/u4:2 Not tainted 5.0.0+ #96 + Hardware name: Intel Corporation Merrifield/BODEGA BAY, BIOS 542 2015.01.21:18.19.48 + Workqueue: kacpi_hotplug acpi_device_del_work_fn + RIP: 0010:create_of_modalias.isra.1+0x4c/0x150 + Code: 00 00 48 89 44 24 18 31 c0 48 8d 54 24 08 48 c7 44 24 10 00 00 00 00 48 c7 44 24 08 ff ff ff ff e8 7a b0 03 00 48 8b 4c 24 10 <0f> b6 01 84 c0 74 27 48 c7 c7 00 09 f4 a5 0f b6 f0 8d 50 20 f6 04 + RSP: 0000:ffffa51040297c10 EFLAGS: 00010246 + RAX: 0000000000001001 RBX: 0000000000000785 RCX: 0000000000000000 + RDX: 0000000000001001 RSI: 0000000000000286 RDI: ffffa2163dc042e0 + RBP: ffffa216062b1196 R08: 0000000000001001 R09: ffffa21639873000 + R10: ffffffffa606761d R11: 0000000000000001 R12: ffffa21639873218 + R13: ffffa2163deb5060 R14: ffffa216063d1010 R15: 0000000000000000 + FS: 0000000000000000(0000) GS:ffffa2163e000000(0000) knlGS:0000000000000000 + CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + CR2: 0000000000000000 CR3: 0000000007114000 CR4: 00000000001006f0 + Call Trace: + __acpi_device_uevent_modalias+0xb0/0x100 + spi_uevent+0xd/0x40 + + ... + +In order to fix above let create_of_modalias() check the status returned +by acpi_get_name() and bail out in case of failure. + +Fixes: 8765c5ba1949 ("ACPI / scan: Rework modalias creation when "compatible" is present") +Link: https://bugzilla.kernel.org/show_bug.cgi?id=201381 +Reported-by: Ferry Toth +Tested-by: Ferry Toth +Signed-off-by: Andy Shevchenko +Reviewed-by: Mika Westerberg +Cc: 4.1+ # 4.1+ +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/acpi/device_sysfs.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/drivers/acpi/device_sysfs.c ++++ b/drivers/acpi/device_sysfs.c +@@ -202,11 +202,15 @@ static int create_of_modalias(struct acp + { + struct acpi_buffer buf = { ACPI_ALLOCATE_BUFFER }; + const union acpi_object *of_compatible, *obj; ++ acpi_status status; + int len, count; + int i, nval; + char *c; + +- acpi_get_name(acpi_dev->handle, ACPI_SINGLE_NAME, &buf); ++ status = acpi_get_name(acpi_dev->handle, ACPI_SINGLE_NAME, &buf); ++ if (ACPI_FAILURE(status)) ++ return -ENODEV; ++ + /* DT strings are all in lower case */ + for (c = buf.pointer; *c != '\0'; c++) + *c = tolower(*c); diff --git a/queue-4.9/cifs-do-not-reset-lease-state-to-none-on-lease-break.patch b/queue-4.9/cifs-do-not-reset-lease-state-to-none-on-lease-break.patch new file mode 100644 index 00000000000..d05325491b7 --- /dev/null +++ b/queue-4.9/cifs-do-not-reset-lease-state-to-none-on-lease-break.patch @@ -0,0 +1,114 @@ +From 7b9b9edb49ad377b1e06abf14354c227e9ac4b06 Mon Sep 17 00:00:00 2001 +From: Pavel Shilovsky +Date: Wed, 13 Feb 2019 15:43:08 -0800 +Subject: CIFS: Do not reset lease state to NONE on lease break + +From: Pavel Shilovsky + +commit 7b9b9edb49ad377b1e06abf14354c227e9ac4b06 upstream. + +Currently on lease break the client sets a caching level twice: +when oplock is detected and when oplock is processed. While the +1st attempt sets the level to the value provided by the server, +the 2nd one resets the level to None unconditionally. +This happens because the oplock/lease processing code was changed +to avoid races between page cache flushes and oplock breaks. +The commit c11f1df5003d534 ("cifs: Wait for writebacks to complete +before attempting write.") fixed the races for oplocks but didn't +apply the same changes for leases resulting in overwriting the +server granted value to None. Fix this by properly processing +lease breaks. + +Signed-off-by: Pavel Shilovsky +Signed-off-by: Steve French +CC: Stable +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/smb2misc.c | 17 ++++++++++++++--- + fs/cifs/smb2ops.c | 15 ++++++++++++--- + 2 files changed, 26 insertions(+), 6 deletions(-) + +--- a/fs/cifs/smb2misc.c ++++ b/fs/cifs/smb2misc.c +@@ -474,7 +474,6 @@ smb2_tcon_has_lease(struct cifs_tcon *tc + __u8 lease_state; + struct list_head *tmp; + struct cifsFileInfo *cfile; +- struct TCP_Server_Info *server = tcon->ses->server; + struct cifs_pending_open *open; + struct cifsInodeInfo *cinode; + int ack_req = le32_to_cpu(rsp->Flags & +@@ -494,13 +493,25 @@ smb2_tcon_has_lease(struct cifs_tcon *tc + cifs_dbg(FYI, "lease key match, lease break 0x%x\n", + le32_to_cpu(rsp->NewLeaseState)); + +- server->ops->set_oplock_level(cinode, lease_state, 0, NULL); +- + if (ack_req) + cfile->oplock_break_cancelled = false; + else + cfile->oplock_break_cancelled = true; + ++ set_bit(CIFS_INODE_PENDING_OPLOCK_BREAK, &cinode->flags); ++ ++ /* ++ * Set or clear flags depending on the lease state being READ. ++ * HANDLE caching flag should be added when the client starts ++ * to defer closing remote file handles with HANDLE leases. ++ */ ++ if (lease_state & SMB2_LEASE_READ_CACHING_HE) ++ set_bit(CIFS_INODE_DOWNGRADE_OPLOCK_TO_L2, ++ &cinode->flags); ++ else ++ clear_bit(CIFS_INODE_DOWNGRADE_OPLOCK_TO_L2, ++ &cinode->flags); ++ + queue_work(cifsoplockd_wq, &cfile->oplock_break); + kfree(lw); + return true; +--- a/fs/cifs/smb2ops.c ++++ b/fs/cifs/smb2ops.c +@@ -1377,6 +1377,15 @@ smb2_downgrade_oplock(struct TCP_Server_ + } + + static void ++smb21_downgrade_oplock(struct TCP_Server_Info *server, ++ struct cifsInodeInfo *cinode, bool set_level2) ++{ ++ server->ops->set_oplock_level(cinode, ++ set_level2 ? SMB2_LEASE_READ_CACHING_HE : ++ 0, 0, NULL); ++} ++ ++static void + smb2_set_oplock_level(struct cifsInodeInfo *cinode, __u32 oplock, + unsigned int epoch, bool *purge_cache) + { +@@ -1681,7 +1690,7 @@ struct smb_version_operations smb21_oper + .print_stats = smb2_print_stats, + .is_oplock_break = smb2_is_valid_oplock_break, + .handle_cancelled_mid = smb2_handle_cancelled_mid, +- .downgrade_oplock = smb2_downgrade_oplock, ++ .downgrade_oplock = smb21_downgrade_oplock, + .need_neg = smb2_need_neg, + .negotiate = smb2_negotiate, + .negotiate_wsize = smb2_negotiate_wsize, +@@ -1765,7 +1774,7 @@ struct smb_version_operations smb30_oper + .dump_share_caps = smb2_dump_share_caps, + .is_oplock_break = smb2_is_valid_oplock_break, + .handle_cancelled_mid = smb2_handle_cancelled_mid, +- .downgrade_oplock = smb2_downgrade_oplock, ++ .downgrade_oplock = smb21_downgrade_oplock, + .need_neg = smb2_need_neg, + .negotiate = smb2_negotiate, + .negotiate_wsize = smb2_negotiate_wsize, +@@ -1855,7 +1864,7 @@ struct smb_version_operations smb311_ope + .dump_share_caps = smb2_dump_share_caps, + .is_oplock_break = smb2_is_valid_oplock_break, + .handle_cancelled_mid = smb2_handle_cancelled_mid, +- .downgrade_oplock = smb2_downgrade_oplock, ++ .downgrade_oplock = smb21_downgrade_oplock, + .need_neg = smb2_need_neg, + .negotiate = smb2_negotiate, + .negotiate_wsize = smb2_negotiate_wsize, diff --git a/queue-4.9/cifs-fix-read-after-write-for-files-with-read-caching.patch b/queue-4.9/cifs-fix-read-after-write-for-files-with-read-caching.patch new file mode 100644 index 00000000000..485e48569d0 --- /dev/null +++ b/queue-4.9/cifs-fix-read-after-write-for-files-with-read-caching.patch @@ -0,0 +1,54 @@ +From 6dfbd84684700cb58b34e8602c01c12f3d2595c8 Mon Sep 17 00:00:00 2001 +From: Pavel Shilovsky +Date: Mon, 4 Mar 2019 17:48:01 -0800 +Subject: CIFS: Fix read after write for files with read caching + +From: Pavel Shilovsky + +commit 6dfbd84684700cb58b34e8602c01c12f3d2595c8 upstream. + +When we have a READ lease for a file and have just issued a write +operation to the server we need to purge the cache and set oplock/lease +level to NONE to avoid reading stale data. Currently we do that +only if a write operation succedeed thus not covering cases when +a request was sent to the server but a negative error code was +returned later for some other reasons (e.g. -EIOCBQUEUED or -EINTR). +Fix this by turning off caching regardless of the error code being +returned. + +The patches fixes generic tests 075 and 112 from the xfs-tests. + +Cc: +Signed-off-by: Pavel Shilovsky +Signed-off-by: Steve French +Reviewed-by: Ronnie Sahlberg +Signed-off-by: Greg Kroah-Hartman + +--- + fs/cifs/file.c | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +--- a/fs/cifs/file.c ++++ b/fs/cifs/file.c +@@ -2797,14 +2797,16 @@ cifs_strict_writev(struct kiocb *iocb, s + * these pages but not on the region from pos to ppos+len-1. + */ + written = cifs_user_writev(iocb, from); +- if (written > 0 && CIFS_CACHE_READ(cinode)) { ++ if (CIFS_CACHE_READ(cinode)) { + /* +- * Windows 7 server can delay breaking level2 oplock if a write +- * request comes - break it on the client to prevent reading +- * an old data. ++ * We have read level caching and we have just sent a write ++ * request to the server thus making data in the cache stale. ++ * Zap the cache and set oplock/lease level to NONE to avoid ++ * reading stale data from the cache. All subsequent read ++ * operations will read new data from the server. + */ + cifs_zap_mapping(inode); +- cifs_dbg(FYI, "Set no oplock for inode=%p after a write operation\n", ++ cifs_dbg(FYI, "Set Oplock/Lease to NONE for inode=%p after write\n", + inode); + cinode->oplock = 0; + } diff --git a/queue-4.9/crypto-arm64-aes-ccm-fix-logical-bug-in-aad-mac-handling.patch b/queue-4.9/crypto-arm64-aes-ccm-fix-logical-bug-in-aad-mac-handling.patch new file mode 100644 index 00000000000..2a724fd4f3f --- /dev/null +++ b/queue-4.9/crypto-arm64-aes-ccm-fix-logical-bug-in-aad-mac-handling.patch @@ -0,0 +1,47 @@ +From eaf46edf6ea89675bd36245369c8de5063a0272c Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Thu, 24 Jan 2019 17:33:45 +0100 +Subject: crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling + +From: Ard Biesheuvel + +commit eaf46edf6ea89675bd36245369c8de5063a0272c upstream. + +The NEON MAC calculation routine fails to handle the case correctly +where there is some data in the buffer, and the input fills it up +exactly. In this case, we enter the loop at the end with w8 == 0, +while a negative value is assumed, and so the loop carries on until +the increment of the 32-bit counter wraps around, which is quite +obviously wrong. + +So omit the loop altogether in this case, and exit right away. + +Reported-by: Eric Biggers +Fixes: a3fd82105b9d1 ("arm64/crypto: AES in CCM mode using ARMv8 Crypto ...") +Cc: stable@vger.kernel.org +Signed-off-by: Ard Biesheuvel +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/crypto/aes-ce-ccm-core.S | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/arch/arm64/crypto/aes-ce-ccm-core.S ++++ b/arch/arm64/crypto/aes-ce-ccm-core.S +@@ -74,12 +74,13 @@ ENTRY(ce_aes_ccm_auth_data) + beq 10f + ext v0.16b, v0.16b, v0.16b, #1 /* rotate out the mac bytes */ + b 7b +-8: mov w7, w8 ++8: cbz w8, 91f ++ mov w7, w8 + add w8, w8, #16 + 9: ext v1.16b, v1.16b, v1.16b, #1 + adds w7, w7, #1 + bne 9b +- eor v0.16b, v0.16b, v1.16b ++91: eor v0.16b, v0.16b, v1.16b + st1 {v0.16b}, [x0] + 10: str w8, [x3] + ret diff --git a/queue-4.9/crypto-hash-set-crypto_tfm_need_key-if-setkey-fails.patch b/queue-4.9/crypto-hash-set-crypto_tfm_need_key-if-setkey-fails.patch new file mode 100644 index 00000000000..2ade5a58c3b --- /dev/null +++ b/queue-4.9/crypto-hash-set-crypto_tfm_need_key-if-setkey-fails.patch @@ -0,0 +1,148 @@ +From ba7d7433a0e998c902132bd47330e355a1eaa894 Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Sun, 6 Jan 2019 18:47:42 -0800 +Subject: crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails + +From: Eric Biggers + +commit ba7d7433a0e998c902132bd47330e355a1eaa894 upstream. + +Some algorithms have a ->setkey() method that is not atomic, in the +sense that setting a key can fail after changes were already made to the +tfm context. In this case, if a key was already set the tfm can end up +in a state that corresponds to neither the old key nor the new key. + +It's not feasible to make all ->setkey() methods atomic, especially ones +that have to key multiple sub-tfms. Therefore, make the crypto API set +CRYPTO_TFM_NEED_KEY if ->setkey() fails and the algorithm requires a +key, to prevent the tfm from being used until a new key is set. + +Note: we can't set CRYPTO_TFM_NEED_KEY for OPTIONAL_KEY algorithms, so +->setkey() for those must nevertheless be atomic. That's fine for now +since only the crc32 and crc32c algorithms set OPTIONAL_KEY, and it's +not intended that OPTIONAL_KEY be used much. + +[Cc stable mainly because when introducing the NEED_KEY flag I changed + AF_ALG to rely on it; and unlike in-kernel crypto API users, AF_ALG + previously didn't have this problem. So these "incompletely keyed" + states became theoretically accessible via AF_ALG -- though, the + opportunities for causing real mischief seem pretty limited.] + +Fixes: 9fa68f620041 ("crypto: hash - prevent using keyed hashes without setting key") +Cc: stable@vger.kernel.org +Signed-off-by: Eric Biggers +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + crypto/ahash.c | 28 +++++++++++++++++++--------- + crypto/shash.c | 18 +++++++++++++----- + 2 files changed, 32 insertions(+), 14 deletions(-) + +--- a/crypto/ahash.c ++++ b/crypto/ahash.c +@@ -189,6 +189,21 @@ static int ahash_setkey_unaligned(struct + return ret; + } + ++static int ahash_nosetkey(struct crypto_ahash *tfm, const u8 *key, ++ unsigned int keylen) ++{ ++ return -ENOSYS; ++} ++ ++static void ahash_set_needkey(struct crypto_ahash *tfm) ++{ ++ const struct hash_alg_common *alg = crypto_hash_alg_common(tfm); ++ ++ if (tfm->setkey != ahash_nosetkey && ++ !(alg->base.cra_flags & CRYPTO_ALG_OPTIONAL_KEY)) ++ crypto_ahash_set_flags(tfm, CRYPTO_TFM_NEED_KEY); ++} ++ + int crypto_ahash_setkey(struct crypto_ahash *tfm, const u8 *key, + unsigned int keylen) + { +@@ -200,20 +215,16 @@ int crypto_ahash_setkey(struct crypto_ah + else + err = tfm->setkey(tfm, key, keylen); + +- if (err) ++ if (unlikely(err)) { ++ ahash_set_needkey(tfm); + return err; ++ } + + crypto_ahash_clear_flags(tfm, CRYPTO_TFM_NEED_KEY); + return 0; + } + EXPORT_SYMBOL_GPL(crypto_ahash_setkey); + +-static int ahash_nosetkey(struct crypto_ahash *tfm, const u8 *key, +- unsigned int keylen) +-{ +- return -ENOSYS; +-} +- + static inline unsigned int ahash_align_buffer_size(unsigned len, + unsigned long mask) + { +@@ -482,8 +493,7 @@ static int crypto_ahash_init_tfm(struct + + if (alg->setkey) { + hash->setkey = alg->setkey; +- if (!(alg->halg.base.cra_flags & CRYPTO_ALG_OPTIONAL_KEY)) +- crypto_ahash_set_flags(hash, CRYPTO_TFM_NEED_KEY); ++ ahash_set_needkey(hash); + } + if (alg->export) + hash->export = alg->export; +--- a/crypto/shash.c ++++ b/crypto/shash.c +@@ -52,6 +52,13 @@ static int shash_setkey_unaligned(struct + return err; + } + ++static void shash_set_needkey(struct crypto_shash *tfm, struct shash_alg *alg) ++{ ++ if (crypto_shash_alg_has_setkey(alg) && ++ !(alg->base.cra_flags & CRYPTO_ALG_OPTIONAL_KEY)) ++ crypto_shash_set_flags(tfm, CRYPTO_TFM_NEED_KEY); ++} ++ + int crypto_shash_setkey(struct crypto_shash *tfm, const u8 *key, + unsigned int keylen) + { +@@ -64,8 +71,10 @@ int crypto_shash_setkey(struct crypto_sh + else + err = shash->setkey(tfm, key, keylen); + +- if (err) ++ if (unlikely(err)) { ++ shash_set_needkey(tfm, shash); + return err; ++ } + + crypto_shash_clear_flags(tfm, CRYPTO_TFM_NEED_KEY); + return 0; +@@ -367,7 +376,8 @@ int crypto_init_shash_ops_async(struct c + crt->final = shash_async_final; + crt->finup = shash_async_finup; + crt->digest = shash_async_digest; +- crt->setkey = shash_async_setkey; ++ if (crypto_shash_alg_has_setkey(alg)) ++ crt->setkey = shash_async_setkey; + + crypto_ahash_set_flags(crt, crypto_shash_get_flags(shash) & + CRYPTO_TFM_NEED_KEY); +@@ -389,9 +399,7 @@ static int crypto_shash_init_tfm(struct + + hash->descsize = alg->descsize; + +- if (crypto_shash_alg_has_setkey(alg) && +- !(alg->base.cra_flags & CRYPTO_ALG_OPTIONAL_KEY)) +- crypto_shash_set_flags(hash, CRYPTO_TFM_NEED_KEY); ++ shash_set_needkey(hash, alg); + + return 0; + } diff --git a/queue-4.9/series b/queue-4.9/series index 918e15a90c8..6e417861966 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -45,3 +45,10 @@ stm-class-prevent-division-by-zero.patch libnvdimm-label-clear-updating-flag-after-label-set-update.patch libnvdimm-pmem-honor-force_raw-for-legacy-pmem-regions.patch libnvdimm-fix-altmap-reservation-size-calculation.patch +crypto-hash-set-crypto_tfm_need_key-if-setkey-fails.patch +crypto-arm64-aes-ccm-fix-logical-bug-in-aad-mac-handling.patch +cifs-do-not-reset-lease-state-to-none-on-lease-break.patch +cifs-fix-read-after-write-for-files-with-read-caching.patch +tracing-use-strncpy-instead-of-memcpy-for-string-keys-in-hist-triggers.patch +tracing-do-not-free-iter-trace-in-fail-path-of-tracing_open_pipe.patch +acpi-device_sysfs-avoid-of-modalias-creation-for-removed-device.patch diff --git a/queue-4.9/tracing-do-not-free-iter-trace-in-fail-path-of-tracing_open_pipe.patch b/queue-4.9/tracing-do-not-free-iter-trace-in-fail-path-of-tracing_open_pipe.patch new file mode 100644 index 00000000000..f7385969db7 --- /dev/null +++ b/queue-4.9/tracing-do-not-free-iter-trace-in-fail-path-of-tracing_open_pipe.patch @@ -0,0 +1,39 @@ +From e7f0c424d0806b05d6f47be9f202b037eb701707 Mon Sep 17 00:00:00 2001 +From: "zhangyi (F)" +Date: Wed, 13 Feb 2019 20:29:06 +0800 +Subject: tracing: Do not free iter->trace in fail path of tracing_open_pipe() + +From: zhangyi (F) + +commit e7f0c424d0806b05d6f47be9f202b037eb701707 upstream. + +Commit d716ff71dd12 ("tracing: Remove taking of trace_types_lock in +pipe files") use the current tracer instead of the copy in +tracing_open_pipe(), but it forget to remove the freeing sentence in +the error path. + +There's an error path that can call kfree(iter->trace) after the iter->trace +was assigned to tr->current_trace, which would be bad to free. + +Link: http://lkml.kernel.org/r/1550060946-45984-1-git-send-email-yi.zhang@huawei.com + +Cc: stable@vger.kernel.org +Fixes: d716ff71dd12 ("tracing: Remove taking of trace_types_lock in pipe files") +Signed-off-by: zhangyi (F) +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/trace/trace.c | 1 - + 1 file changed, 1 deletion(-) + +--- a/kernel/trace/trace.c ++++ b/kernel/trace/trace.c +@@ -5057,7 +5057,6 @@ out: + return ret; + + fail: +- kfree(iter->trace); + kfree(iter); + __trace_array_put(tr); + mutex_unlock(&trace_types_lock); diff --git a/queue-4.9/tracing-use-strncpy-instead-of-memcpy-for-string-keys-in-hist-triggers.patch b/queue-4.9/tracing-use-strncpy-instead-of-memcpy-for-string-keys-in-hist-triggers.patch new file mode 100644 index 00000000000..e47aa620595 --- /dev/null +++ b/queue-4.9/tracing-use-strncpy-instead-of-memcpy-for-string-keys-in-hist-triggers.patch @@ -0,0 +1,74 @@ +From 9f0bbf3115ca9f91f43b7c74e9ac7d79f47fc6c2 Mon Sep 17 00:00:00 2001 +From: Tom Zanussi +Date: Mon, 4 Feb 2019 15:07:24 -0600 +Subject: tracing: Use strncpy instead of memcpy for string keys in hist triggers + +From: Tom Zanussi + +commit 9f0bbf3115ca9f91f43b7c74e9ac7d79f47fc6c2 upstream. + +Because there may be random garbage beyond a string's null terminator, +it's not correct to copy the the complete character array for use as a +hist trigger key. This results in multiple histogram entries for the +'same' string key. + +So, in the case of a string key, use strncpy instead of memcpy to +avoid copying in the extra bytes. + +Before, using the gdbus entries in the following hist trigger as an +example: + + # echo 'hist:key=comm' > /sys/kernel/debug/tracing/events/sched/sched_waking/trigger + # cat /sys/kernel/debug/tracing/events/sched/sched_waking/hist + + ... + + { comm: ImgDecoder #4 } hitcount: 203 + { comm: gmain } hitcount: 213 + { comm: gmain } hitcount: 216 + { comm: StreamTrans #73 } hitcount: 221 + { comm: mozStorage #3 } hitcount: 230 + { comm: gdbus } hitcount: 233 + { comm: StyleThread#5 } hitcount: 253 + { comm: gdbus } hitcount: 256 + { comm: gdbus } hitcount: 260 + { comm: StyleThread#4 } hitcount: 271 + + ... + + # cat /sys/kernel/debug/tracing/events/sched/sched_waking/hist | egrep gdbus | wc -l + 51 + +After: + + # cat /sys/kernel/debug/tracing/events/sched/sched_waking/hist | egrep gdbus | wc -l + 1 + +Link: http://lkml.kernel.org/r/50c35ae1267d64eee975b8125e151e600071d4dc.1549309756.git.tom.zanussi@linux.intel.com + +Cc: Namhyung Kim +Cc: stable@vger.kernel.org +Fixes: 79e577cbce4c4 ("tracing: Support string type key properly") +Signed-off-by: Tom Zanussi +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/trace/trace_events_hist.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/kernel/trace/trace_events_hist.c ++++ b/kernel/trace/trace_events_hist.c +@@ -871,9 +871,10 @@ static inline void add_to_key(char *comp + /* ensure NULL-termination */ + if (size > key_field->size - 1) + size = key_field->size - 1; +- } + +- memcpy(compound_key + key_field->offset, key, size); ++ strncpy(compound_key + key_field->offset, (char *)key, size); ++ } else ++ memcpy(compound_key + key_field->offset, key, size); + } + + static void event_hist_trigger(struct event_trigger_data *data, void *rec)