From: Greg Kroah-Hartman Date: Sat, 2 Jun 2018 12:44:45 +0000 (+0200) Subject: 4.16-stable patches X-Git-Tag: v4.9.106~30 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3344bf479c9c79c89c9f84cdb82f64c906e6309d;p=thirdparty%2Fkernel%2Fstable-queue.git 4.16-stable patches added patches: input-elan_i2c_smbus-fix-corrupted-stack.patch input-synaptics-add-intertouch-support-on-x1-carbon-6th-and-x280.patch input-synaptics-add-lenovo-80-series-ids-to-smbus.patch input-synaptics-lenovo-carbon-x1-gen5-2017-devices-should-use-rmi.patch input-synaptics-lenovo-thinkpad-x1-carbon-g5-2017-with-elantech-trackpoints-should-use-rmi.patch nvme-fix-extended-data-lba-supported-setting.patch selinux-kasan-slab-out-of-bounds-in-xattr_getsecurity.patch tracing-fix-crash-when-freeing-instances-with-event-triggers.patch tracing-make-the-snapshot-trigger-work-with-instances.patch --- diff --git a/queue-4.16/input-elan_i2c_smbus-fix-corrupted-stack.patch b/queue-4.16/input-elan_i2c_smbus-fix-corrupted-stack.patch new file mode 100644 index 00000000000..5b55c973063 --- /dev/null +++ b/queue-4.16/input-elan_i2c_smbus-fix-corrupted-stack.patch @@ -0,0 +1,130 @@ +From 40f7090bb1b4ec327ea1e1402ff5783af5b35195 Mon Sep 17 00:00:00 2001 +From: Benjamin Tissoires +Date: Tue, 22 May 2018 17:19:57 -0700 +Subject: Input: elan_i2c_smbus - fix corrupted stack + +From: Benjamin Tissoires + +commit 40f7090bb1b4ec327ea1e1402ff5783af5b35195 upstream. + +New ICs (like the one on the Lenovo T480s) answer to +ETP_SMBUS_IAP_VERSION_CMD 4 bytes instead of 3. This corrupts the stack +as i2c_smbus_read_block_data() uses the values returned by the i2c +device to know how many data it need to return. + +i2c_smbus_read_block_data() can read up to 32 bytes (I2C_SMBUS_BLOCK_MAX) +and there is no safeguard on how many bytes are provided in the return +value. Ensure we always have enough space for any future firmware. +Also 0-initialize the values to prevent any access to uninitialized memory. + +Cc: # v4.4.x, v4.9.x, v4.14.x, v4.15.x, v4.16.x +Signed-off-by: Benjamin Tissoires +Acked-by: KT Liao +Signed-off-by: Dmitry Torokhov +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/input/mouse/elan_i2c_smbus.c | 22 +++++++++++----------- + 1 file changed, 11 insertions(+), 11 deletions(-) + +--- a/drivers/input/mouse/elan_i2c_smbus.c ++++ b/drivers/input/mouse/elan_i2c_smbus.c +@@ -130,7 +130,7 @@ static int elan_smbus_get_baseline_data( + bool max_baseline, u8 *value) + { + int error; +- u8 val[3]; ++ u8 val[I2C_SMBUS_BLOCK_MAX] = {0}; + + error = i2c_smbus_read_block_data(client, + max_baseline ? +@@ -149,7 +149,7 @@ static int elan_smbus_get_version(struct + bool iap, u8 *version) + { + int error; +- u8 val[3]; ++ u8 val[I2C_SMBUS_BLOCK_MAX] = {0}; + + error = i2c_smbus_read_block_data(client, + iap ? ETP_SMBUS_IAP_VERSION_CMD : +@@ -170,7 +170,7 @@ static int elan_smbus_get_sm_version(str + u8 *clickpad) + { + int error; +- u8 val[3]; ++ u8 val[I2C_SMBUS_BLOCK_MAX] = {0}; + + error = i2c_smbus_read_block_data(client, + ETP_SMBUS_SM_VERSION_CMD, val); +@@ -188,7 +188,7 @@ static int elan_smbus_get_sm_version(str + static int elan_smbus_get_product_id(struct i2c_client *client, u16 *id) + { + int error; +- u8 val[3]; ++ u8 val[I2C_SMBUS_BLOCK_MAX] = {0}; + + error = i2c_smbus_read_block_data(client, + ETP_SMBUS_UNIQUEID_CMD, val); +@@ -205,7 +205,7 @@ static int elan_smbus_get_checksum(struc + bool iap, u16 *csum) + { + int error; +- u8 val[3]; ++ u8 val[I2C_SMBUS_BLOCK_MAX] = {0}; + + error = i2c_smbus_read_block_data(client, + iap ? ETP_SMBUS_FW_CHECKSUM_CMD : +@@ -226,7 +226,7 @@ static int elan_smbus_get_max(struct i2c + { + int ret; + int error; +- u8 val[3]; ++ u8 val[I2C_SMBUS_BLOCK_MAX] = {0}; + + ret = i2c_smbus_read_block_data(client, ETP_SMBUS_RANGE_CMD, val); + if (ret != 3) { +@@ -246,7 +246,7 @@ static int elan_smbus_get_resolution(str + { + int ret; + int error; +- u8 val[3]; ++ u8 val[I2C_SMBUS_BLOCK_MAX] = {0}; + + ret = i2c_smbus_read_block_data(client, ETP_SMBUS_RESOLUTION_CMD, val); + if (ret != 3) { +@@ -267,7 +267,7 @@ static int elan_smbus_get_num_traces(str + { + int ret; + int error; +- u8 val[3]; ++ u8 val[I2C_SMBUS_BLOCK_MAX] = {0}; + + ret = i2c_smbus_read_block_data(client, ETP_SMBUS_XY_TRACENUM_CMD, val); + if (ret != 3) { +@@ -294,7 +294,7 @@ static int elan_smbus_iap_get_mode(struc + { + int error; + u16 constant; +- u8 val[3]; ++ u8 val[I2C_SMBUS_BLOCK_MAX] = {0}; + + error = i2c_smbus_read_block_data(client, ETP_SMBUS_IAP_CTRL_CMD, val); + if (error < 0) { +@@ -345,7 +345,7 @@ static int elan_smbus_prepare_fw_update( + int len; + int error; + enum tp_mode mode; +- u8 val[3]; ++ u8 val[I2C_SMBUS_BLOCK_MAX] = {0}; + u8 cmd[4] = {0x0F, 0x78, 0x00, 0x06}; + u16 password; + +@@ -419,7 +419,7 @@ static int elan_smbus_write_fw_block(str + struct device *dev = &client->dev; + int error; + u16 result; +- u8 val[3]; ++ u8 val[I2C_SMBUS_BLOCK_MAX] = {0}; + + /* + * Due to the limitation of smbus protocol limiting diff --git a/queue-4.16/input-synaptics-add-intertouch-support-on-x1-carbon-6th-and-x280.patch b/queue-4.16/input-synaptics-add-intertouch-support-on-x1-carbon-6th-and-x280.patch new file mode 100644 index 00000000000..3059b5f3ff3 --- /dev/null +++ b/queue-4.16/input-synaptics-add-intertouch-support-on-x1-carbon-6th-and-x280.patch @@ -0,0 +1,40 @@ +From 5717a09aeaf62d197deba1fc7ccd6bc45f3a9dcc Mon Sep 17 00:00:00 2001 +From: Aaron Ma +Date: Sat, 3 Feb 2018 11:49:22 -0800 +Subject: Input: synaptics - add Intertouch support on X1 Carbon 6th and X280 + +From: Aaron Ma + +commit 5717a09aeaf62d197deba1fc7ccd6bc45f3a9dcc upstream. + +Synaptics devices reported it has Intertouch support, +and it fails via PS/2 as following logs: + +psmouse serio2: Failed to reset mouse on synaptics-pt/serio0 +psmouse serio2: Failed to enable mouse on synaptics-pt/serio0 + +Set these new devices to use SMBus to fix this issue, then they report +SMBus version 3 is using, patch: +https://patchwork.kernel.org/patch/9989547/ enabled SMBus ver 3 and +makes synaptics devices work fine on SMBus mode. + +Signed-off-by: Aaron Ma +Cc: stable@vger.kernel.org +Signed-off-by: Dmitry Torokhov +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/input/mouse/synaptics.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/input/mouse/synaptics.c ++++ b/drivers/input/mouse/synaptics.c +@@ -174,6 +174,8 @@ static const char * const smbus_pnp_ids[ + "LEN004a", /* W541 */ + "LEN0072", /* X1 Carbon Gen 5 (2017) - Elan/ALPS trackpoint */ + "LEN0073", /* X1 Carbon G5 (Elantech) */ ++ "LEN0092", /* X1 Carbon 6 */ ++ "LEN0096", /* X280 */ + "LEN200f", /* T450s */ + NULL + }; diff --git a/queue-4.16/input-synaptics-add-lenovo-80-series-ids-to-smbus.patch b/queue-4.16/input-synaptics-add-lenovo-80-series-ids-to-smbus.patch new file mode 100644 index 00000000000..b84cda1925b --- /dev/null +++ b/queue-4.16/input-synaptics-add-lenovo-80-series-ids-to-smbus.patch @@ -0,0 +1,50 @@ +From ad8fb554f04e38f155c9bc34bbf521fc592ceee7 Mon Sep 17 00:00:00 2001 +From: Benjamin Tissoires +Date: Tue, 22 May 2018 17:16:08 -0700 +Subject: Input: synaptics - add Lenovo 80 series ids to SMBus + +From: Benjamin Tissoires + +commit ad8fb554f04e38f155c9bc34bbf521fc592ceee7 upstream. + +This time, Lenovo decided to go with different pieces in its latest +series of Thinkpads. + +For those we have been able to test: +- the T480 is using Synaptics with an IBM trackpoint + -> it behaves properly with or without intertouch, there is no point + not using RMI4 +- the X1 Carbon 6th gen is using Synaptics with an IBM trackpoint + -> the touchpad doesn't behave properly under PS/2 so we have to + switch it to RMI4 if we do not want to have disappointed users +- the X280 is using Synaptics with an ALPS trackpoint + -> the recent fixes in the trackpoint handling fixed it so upstream + now works fine with or without RMI4, and there is no point not + using RMI4 +- the T480s is using an Elan touchpad, so that's a different story + +Cc: # v4.14.x, v4.15.x, v4.16.x +Signed-off-by: Benjamin Tissoires +Acked-by: KT Liao +Signed-off-by: Dmitry Torokhov +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/input/mouse/synaptics.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/input/mouse/synaptics.c ++++ b/drivers/input/mouse/synaptics.c +@@ -172,10 +172,12 @@ static const char * const smbus_pnp_ids[ + "LEN0048", /* X1 Carbon 3 */ + "LEN0046", /* X250 */ + "LEN004a", /* W541 */ ++ "LEN0071", /* T480 */ + "LEN0072", /* X1 Carbon Gen 5 (2017) - Elan/ALPS trackpoint */ + "LEN0073", /* X1 Carbon G5 (Elantech) */ + "LEN0092", /* X1 Carbon 6 */ + "LEN0096", /* X280 */ ++ "LEN0097", /* X280 -> ALPS trackpoint */ + "LEN200f", /* T450s */ + NULL + }; diff --git a/queue-4.16/input-synaptics-lenovo-carbon-x1-gen5-2017-devices-should-use-rmi.patch b/queue-4.16/input-synaptics-lenovo-carbon-x1-gen5-2017-devices-should-use-rmi.patch new file mode 100644 index 00000000000..c97a573a9a3 --- /dev/null +++ b/queue-4.16/input-synaptics-lenovo-carbon-x1-gen5-2017-devices-should-use-rmi.patch @@ -0,0 +1,31 @@ +From 9b2071028f8def49971a3b213ab6efd02a7e56e8 Mon Sep 17 00:00:00 2001 +From: Dmitry Torokhov +Date: Fri, 18 Aug 2017 12:08:13 -0700 +Subject: Input: synaptics - Lenovo Carbon X1 Gen5 (2017) devices should use RMI + +From: Dmitry Torokhov + +commit 9b2071028f8def49971a3b213ab6efd02a7e56e8 upstream. + +The touchpad on Lenovo Carbon X1 Gen 5 (2017 - Kabylake) is accessible over +SMBUS/RMI, so let's activate it by default. + +Cc: stable@vger.kernel.org +Reviewed-by: Benjamin Tissoires +Signed-off-by: Dmitry Torokhov +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/input/mouse/synaptics.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/input/mouse/synaptics.c ++++ b/drivers/input/mouse/synaptics.c +@@ -172,6 +172,7 @@ static const char * const smbus_pnp_ids[ + "LEN0048", /* X1 Carbon 3 */ + "LEN0046", /* X250 */ + "LEN004a", /* W541 */ ++ "LEN0072", /* X1 Carbon Gen 5 (2017) - Elan/ALPS trackpoint */ + "LEN200f", /* T450s */ + NULL + }; diff --git a/queue-4.16/input-synaptics-lenovo-thinkpad-x1-carbon-g5-2017-with-elantech-trackpoints-should-use-rmi.patch b/queue-4.16/input-synaptics-lenovo-thinkpad-x1-carbon-g5-2017-with-elantech-trackpoints-should-use-rmi.patch new file mode 100644 index 00000000000..39b39ca75a6 --- /dev/null +++ b/queue-4.16/input-synaptics-lenovo-thinkpad-x1-carbon-g5-2017-with-elantech-trackpoints-should-use-rmi.patch @@ -0,0 +1,39 @@ +From 15e2cffec3aa0d47a8d75ae80e1b136bfb5dff30 Mon Sep 17 00:00:00 2001 +From: Edvard Holst +Date: Sat, 3 Feb 2018 11:46:15 -0800 +Subject: Input: synaptics - Lenovo Thinkpad X1 Carbon G5 (2017) with Elantech trackpoints should use RMI + +From: Edvard Holst + +commit 15e2cffec3aa0d47a8d75ae80e1b136bfb5dff30 upstream. + +Lenovo use two different trackpoints in the fifth generation Thinkpad X1 +Carbon. Both are accessible over SMBUS/RMI but the pnpIDs are missing. +This patch is for the Elantech trackpoint specifically which also +reports SMB version 3 so rmi_smbus needs to be updated in order to +handle it. + +For the record, I was not the first one to come up with this patch as it +has been floating around the internet for a while now. However, I have +spent significant time with testing and my efforts to find the original +author of the patch have been unsuccessful. + +Signed-off-by: Edvard Holst +Cc: stable@vger.kernel.org +Signed-off-by: Dmitry Torokhov +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/input/mouse/synaptics.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/input/mouse/synaptics.c ++++ b/drivers/input/mouse/synaptics.c +@@ -173,6 +173,7 @@ static const char * const smbus_pnp_ids[ + "LEN0046", /* X250 */ + "LEN004a", /* W541 */ + "LEN0072", /* X1 Carbon Gen 5 (2017) - Elan/ALPS trackpoint */ ++ "LEN0073", /* X1 Carbon G5 (Elantech) */ + "LEN200f", /* T450s */ + NULL + }; diff --git a/queue-4.16/nvme-fix-extended-data-lba-supported-setting.patch b/queue-4.16/nvme-fix-extended-data-lba-supported-setting.patch new file mode 100644 index 00000000000..16fb9b40417 --- /dev/null +++ b/queue-4.16/nvme-fix-extended-data-lba-supported-setting.patch @@ -0,0 +1,34 @@ +From c97f414c54a255f4f05a50a2625efaeee406e134 Mon Sep 17 00:00:00 2001 +From: Max Gurtovoy +Date: Sun, 27 May 2018 18:50:10 +0300 +Subject: nvme: fix extended data LBA supported setting + +From: Max Gurtovoy + +commit c97f414c54a255f4f05a50a2625efaeee406e134 upstream. + +This value depands on the metadata support value, so reorder the +initialization to fit. + +Fixes: b5be3b392 ("nvme: always unregister the integrity profile in __nvme_revalidate_disk") +Signed-off-by: Max Gurtovoy +Signed-off-by: Christoph Hellwig +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/nvme/host/core.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/nvme/host/core.c ++++ b/drivers/nvme/host/core.c +@@ -1446,8 +1446,8 @@ static void __nvme_revalidate_disk(struc + if (ns->lba_shift == 0) + ns->lba_shift = 9; + ns->noiob = le16_to_cpu(id->noiob); +- ns->ext = ns->ms && (id->flbas & NVME_NS_FLBAS_META_EXT); + ns->ms = le16_to_cpu(id->lbaf[id->flbas & NVME_NS_FLBAS_LBA_MASK].ms); ++ ns->ext = ns->ms && (id->flbas & NVME_NS_FLBAS_META_EXT); + /* the PI implementation requires metadata equal t10 pi tuple size */ + if (ns->ms == sizeof(struct t10_pi_tuple)) + ns->pi_type = id->dps & NVME_NS_DPS_PI_MASK; diff --git a/queue-4.16/selinux-kasan-slab-out-of-bounds-in-xattr_getsecurity.patch b/queue-4.16/selinux-kasan-slab-out-of-bounds-in-xattr_getsecurity.patch new file mode 100644 index 00000000000..f9986bff302 --- /dev/null +++ b/queue-4.16/selinux-kasan-slab-out-of-bounds-in-xattr_getsecurity.patch @@ -0,0 +1,52 @@ +From efe3de79e0b52ca281ef6691480c8c68c82a4657 Mon Sep 17 00:00:00 2001 +From: Sachin Grover +Date: Fri, 25 May 2018 14:01:39 +0530 +Subject: selinux: KASAN: slab-out-of-bounds in xattr_getsecurity + +From: Sachin Grover + +commit efe3de79e0b52ca281ef6691480c8c68c82a4657 upstream. + +Call trace: + [] dump_backtrace+0x0/0x428 + [] show_stack+0x28/0x38 + [] dump_stack+0xd4/0x124 + [] print_address_description+0x68/0x258 + [] kasan_report.part.2+0x228/0x2f0 + [] kasan_report+0x5c/0x70 + [] check_memory_region+0x12c/0x1c0 + [] memcpy+0x34/0x68 + [] xattr_getsecurity+0xe0/0x160 + [] vfs_getxattr+0xc8/0x120 + [] getxattr+0x100/0x2c8 + [] SyS_fgetxattr+0x64/0xa0 + [] el0_svc_naked+0x24/0x28 + +If user get root access and calls security.selinux setxattr() with an +embedded NUL on a file and then if some process performs a getxattr() +on that file with a length greater than the actual length of the string, +it would result in a panic. + +To fix this, add the actual length of the string to the security context +instead of the length passed by the userspace process. + +Signed-off-by: Sachin Grover +Cc: stable@vger.kernel.org +Signed-off-by: Paul Moore +Signed-off-by: Greg Kroah-Hartman + +--- + security/selinux/ss/services.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/security/selinux/ss/services.c ++++ b/security/selinux/ss/services.c +@@ -1448,7 +1448,7 @@ static int security_context_to_sid_core( + scontext_len, &context, def_sid); + if (rc == -EINVAL && force) { + context.str = str; +- context.len = scontext_len; ++ context.len = strlen(str) + 1; + str = NULL; + } else if (rc) + goto out_unlock; diff --git a/queue-4.16/series b/queue-4.16/series index 481f20c34d6..a6330ae4121 100644 --- a/queue-4.16/series +++ b/queue-4.16/series @@ -10,3 +10,12 @@ drm-vmwgfx-fix-host-logging-guestinfo-reading-error-paths.patch revert-pinctrl-msm-use-dynamic-gpio-numbering.patch xfs-convert-xfs_agfl_size-to-a-helper-function.patch xfs-detect-agfl-count-corruption-and-reset-agfl.patch +input-synaptics-lenovo-carbon-x1-gen5-2017-devices-should-use-rmi.patch +input-synaptics-lenovo-thinkpad-x1-carbon-g5-2017-with-elantech-trackpoints-should-use-rmi.patch +input-synaptics-add-intertouch-support-on-x1-carbon-6th-and-x280.patch +input-synaptics-add-lenovo-80-series-ids-to-smbus.patch +input-elan_i2c_smbus-fix-corrupted-stack.patch +tracing-fix-crash-when-freeing-instances-with-event-triggers.patch +tracing-make-the-snapshot-trigger-work-with-instances.patch +nvme-fix-extended-data-lba-supported-setting.patch +selinux-kasan-slab-out-of-bounds-in-xattr_getsecurity.patch diff --git a/queue-4.16/tracing-fix-crash-when-freeing-instances-with-event-triggers.patch b/queue-4.16/tracing-fix-crash-when-freeing-instances-with-event-triggers.patch new file mode 100644 index 00000000000..d0950fac072 --- /dev/null +++ b/queue-4.16/tracing-fix-crash-when-freeing-instances-with-event-triggers.patch @@ -0,0 +1,70 @@ +From 86b389ff22bd6ad8fd3cb98e41cd271886c6d023 Mon Sep 17 00:00:00 2001 +From: "Steven Rostedt (VMware)" +Date: Sun, 27 May 2018 20:54:44 -0400 +Subject: tracing: Fix crash when freeing instances with event triggers + +From: Steven Rostedt (VMware) + +commit 86b389ff22bd6ad8fd3cb98e41cd271886c6d023 upstream. + +If a instance has an event trigger enabled when it is freed, it could cause +an access of free memory. Here's the case that crashes: + + # cd /sys/kernel/tracing + # mkdir instances/foo + # echo snapshot > instances/foo/events/initcall/initcall_start/trigger + # rmdir instances/foo + +Would produce: + + general protection fault: 0000 [#1] PREEMPT SMP PTI + Modules linked in: tun bridge ... + CPU: 5 PID: 6203 Comm: rmdir Tainted: G W 4.17.0-rc4-test+ #933 + Hardware name: Hewlett-Packard HP Compaq Pro 6300 SFF/339A, BIOS K01 v03.03 07/14/2016 + RIP: 0010:clear_event_triggers+0x3b/0x70 + RSP: 0018:ffffc90003783de0 EFLAGS: 00010286 + RAX: 0000000000000000 RBX: 6b6b6b6b6b6b6b2b RCX: 0000000000000000 + RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8800c7130ba0 + RBP: ffffc90003783e00 R08: ffff8801131993f8 R09: 0000000100230016 + R10: ffffc90003783d80 R11: 0000000000000000 R12: ffff8800c7130ba0 + R13: ffff8800c7130bd8 R14: ffff8800cc093768 R15: 00000000ffffff9c + FS: 00007f6f4aa86700(0000) GS:ffff88011eb40000(0000) knlGS:0000000000000000 + CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + CR2: 00007f6f4a5aed60 CR3: 00000000cd552001 CR4: 00000000001606e0 + Call Trace: + event_trace_del_tracer+0x2a/0xc5 + instance_rmdir+0x15c/0x200 + tracefs_syscall_rmdir+0x52/0x90 + vfs_rmdir+0xdb/0x160 + do_rmdir+0x16d/0x1c0 + __x64_sys_rmdir+0x17/0x20 + do_syscall_64+0x55/0x1a0 + entry_SYSCALL_64_after_hwframe+0x49/0xbe + +This was due to the call the clears out the triggers when an instance is +being deleted not removing the trigger from the link list. + +Cc: stable@vger.kernel.org +Fixes: 85f2b08268c01 ("tracing: Add basic event trigger framework") +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/trace/trace_events_trigger.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/kernel/trace/trace_events_trigger.c ++++ b/kernel/trace/trace_events_trigger.c +@@ -482,9 +482,10 @@ clear_event_triggers(struct trace_array + struct trace_event_file *file; + + list_for_each_entry(file, &tr->events, list) { +- struct event_trigger_data *data; +- list_for_each_entry_rcu(data, &file->triggers, list) { ++ struct event_trigger_data *data, *n; ++ list_for_each_entry_safe(data, n, &file->triggers, list) { + trace_event_trigger_enable_disable(file, 0); ++ list_del_rcu(&data->list); + if (data->ops->free) + data->ops->free(data->ops, data); + } diff --git a/queue-4.16/tracing-make-the-snapshot-trigger-work-with-instances.patch b/queue-4.16/tracing-make-the-snapshot-trigger-work-with-instances.patch new file mode 100644 index 00000000000..4975508b40f --- /dev/null +++ b/queue-4.16/tracing-make-the-snapshot-trigger-work-with-instances.patch @@ -0,0 +1,169 @@ +From 2824f5033248600673e3e126a4d135363cbfd9ac Mon Sep 17 00:00:00 2001 +From: "Steven Rostedt (VMware)" +Date: Mon, 28 May 2018 10:56:36 -0400 +Subject: tracing: Make the snapshot trigger work with instances + +From: Steven Rostedt (VMware) + +commit 2824f5033248600673e3e126a4d135363cbfd9ac upstream. + +The snapshot trigger currently only affects the main ring buffer, even when +it is used by the instances. This can be confusing as the snapshot trigger +is listed in the instance. + + > # cd /sys/kernel/tracing + > # mkdir instances/foo + > # echo snapshot > instances/foo/events/syscalls/sys_enter_fchownat/trigger + > # echo top buffer > trace_marker + > # echo foo buffer > instances/foo/trace_marker + > # touch /tmp/bar + > # chown rostedt /tmp/bar + > # cat instances/foo/snapshot + # tracer: nop + # + # + # * Snapshot is freed * + # + # Snapshot commands: + # echo 0 > snapshot : Clears and frees snapshot buffer + # echo 1 > snapshot : Allocates snapshot buffer, if not already allocated. + # Takes a snapshot of the main buffer. + # echo 2 > snapshot : Clears snapshot buffer (but does not allocate or free) + # (Doesn't have to be '2' works with any number that + # is not a '0' or '1') + + > # cat snapshot + # tracer: nop + # + # _-----=> irqs-off + # / _----=> need-resched + # | / _---=> hardirq/softirq + # || / _--=> preempt-depth + # ||| / delay + # TASK-PID CPU# |||| TIMESTAMP FUNCTION + # | | | |||| | | + bash-1189 [000] .... 111.488323: tracing_mark_write: top buffer + +Not only did the snapshot occur in the top level buffer, but the instance +snapshot buffer should have been allocated, and it is still free. + +Cc: stable@vger.kernel.org +Fixes: 85f2b08268c01 ("tracing: Add basic event trigger framework") +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/trace/trace.c | 12 ++++++------ + kernel/trace/trace.h | 11 +++++++++++ + kernel/trace/trace_events_trigger.c | 10 ++++++++-- + 3 files changed, 25 insertions(+), 8 deletions(-) + +--- a/kernel/trace/trace.c ++++ b/kernel/trace/trace.c +@@ -892,7 +892,7 @@ int __trace_bputs(unsigned long ip, cons + EXPORT_SYMBOL_GPL(__trace_bputs); + + #ifdef CONFIG_TRACER_SNAPSHOT +-static void tracing_snapshot_instance(struct trace_array *tr) ++void tracing_snapshot_instance(struct trace_array *tr) + { + struct tracer *tracer = tr->current_trace; + unsigned long flags; +@@ -948,7 +948,7 @@ static int resize_buffer_duplicate_size( + struct trace_buffer *size_buf, int cpu_id); + static void set_buffer_entries(struct trace_buffer *buf, unsigned long val); + +-static int alloc_snapshot(struct trace_array *tr) ++int tracing_alloc_snapshot_instance(struct trace_array *tr) + { + int ret; + +@@ -994,7 +994,7 @@ int tracing_alloc_snapshot(void) + struct trace_array *tr = &global_trace; + int ret; + +- ret = alloc_snapshot(tr); ++ ret = tracing_alloc_snapshot_instance(tr); + WARN_ON(ret < 0); + + return ret; +@@ -5395,7 +5395,7 @@ static int tracing_set_tracer(struct tra + + #ifdef CONFIG_TRACER_MAX_TRACE + if (t->use_max_tr && !had_max_tr) { +- ret = alloc_snapshot(tr); ++ ret = tracing_alloc_snapshot_instance(tr); + if (ret < 0) + goto out; + } +@@ -6373,7 +6373,7 @@ tracing_snapshot_write(struct file *filp + } + #endif + if (!tr->allocated_snapshot) { +- ret = alloc_snapshot(tr); ++ ret = tracing_alloc_snapshot_instance(tr); + if (ret < 0) + break; + } +@@ -7094,7 +7094,7 @@ ftrace_trace_snapshot_callback(struct tr + return ret; + + out_reg: +- ret = alloc_snapshot(tr); ++ ret = tracing_alloc_snapshot_instance(tr); + if (ret < 0) + goto out; + +--- a/kernel/trace/trace.h ++++ b/kernel/trace/trace.h +@@ -1812,6 +1812,17 @@ static inline void __init trace_event_in + static inline void trace_event_eval_update(struct trace_eval_map **map, int len) { } + #endif + ++#ifdef CONFIG_TRACER_SNAPSHOT ++void tracing_snapshot_instance(struct trace_array *tr); ++int tracing_alloc_snapshot_instance(struct trace_array *tr); ++#else ++static inline void tracing_snapshot_instance(struct trace_array *tr) { } ++static inline int tracing_alloc_snapshot_instance(struct trace_array *tr) ++{ ++ return 0; ++} ++#endif ++ + extern struct trace_iterator *tracepoint_print_iter; + + #endif /* _LINUX_KERNEL_TRACE_H */ +--- a/kernel/trace/trace_events_trigger.c ++++ b/kernel/trace/trace_events_trigger.c +@@ -642,6 +642,7 @@ event_trigger_callback(struct event_comm + trigger_data->count = -1; + trigger_data->ops = trigger_ops; + trigger_data->cmd_ops = cmd_ops; ++ trigger_data->private_data = file; + INIT_LIST_HEAD(&trigger_data->list); + INIT_LIST_HEAD(&trigger_data->named_list); + +@@ -1042,7 +1043,12 @@ static struct event_command trigger_trac + static void + snapshot_trigger(struct event_trigger_data *data, void *rec) + { +- tracing_snapshot(); ++ struct trace_event_file *file = data->private_data; ++ ++ if (file) ++ tracing_snapshot_instance(file->tr); ++ else ++ tracing_snapshot(); + } + + static void +@@ -1064,7 +1070,7 @@ register_snapshot_trigger(char *glob, st + { + int ret = register_trigger(glob, ops, data, file); + +- if (ret > 0 && tracing_alloc_snapshot() != 0) { ++ if (ret > 0 && tracing_alloc_snapshot_instance(file->tr) != 0) { + unregister_trigger(glob, ops, data, file); + ret = 0; + }