From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 21 Apr 2022 10:03:15 +0000 (+0200)
Subject: 5.10-stable patches
X-Git-Tag: v4.9.312~81
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=eb8ba8fa6c1ec1214a4f261cb9197633c0e0e630;p=thirdparty%2Fkernel%2Fstable-queue.git

5.10-stable patches

added patches:
	perf-tools-fix-segfault-accessing-sample_id-xyarray.patch
	tracing-dump-stacktrace-trigger-to-the-corresponding-instance.patch
---

diff --git a/queue-5.10/perf-tools-fix-segfault-accessing-sample_id-xyarray.patch b/queue-5.10/perf-tools-fix-segfault-accessing-sample_id-xyarray.patch
new file mode 100644
index 00000000000..8a8205a0d49
--- /dev/null
+++ b/queue-5.10/perf-tools-fix-segfault-accessing-sample_id-xyarray.patch
@@ -0,0 +1,64 @@
+From a668cc07f990d2ed19424d5c1a529521a9d1cee1 Mon Sep 17 00:00:00 2001
+From: Adrian Hunter <adrian.hunter@intel.com>
+Date: Wed, 13 Apr 2022 14:42:32 +0300
+Subject: perf tools: Fix segfault accessing sample_id xyarray
+
+From: Adrian Hunter <adrian.hunter@intel.com>
+
+commit a668cc07f990d2ed19424d5c1a529521a9d1cee1 upstream.
+
+perf_evsel::sample_id is an xyarray which can cause a segfault when
+accessed beyond its size. e.g.
+
+  # perf record -e intel_pt// -C 1 sleep 1
+  Segmentation fault (core dumped)
+  #
+
+That is happening because a dummy event is opened to capture text poke
+events accross all CPUs, however the mmap logic is allocating according
+to the number of user_requested_cpus.
+
+In general, perf sometimes uses the evsel cpus to open events, and
+sometimes the evlist user_requested_cpus. However, it is not necessary
+to determine which case is which because the opened event file
+descriptors are also in an xyarray, the size of whch can be used
+to correctly allocate the size of the sample_id xyarray, because there
+is one ID per file descriptor.
+
+Note, in the affected code path, perf_evsel fd array is subsequently
+used to get the file descriptor for the mmap, so it makes sense for the
+xyarrays to be the same size there.
+
+Fixes: d1a177595b3a824c ("libperf: Adopt perf_evlist__mmap()/munmap() from tools/perf")
+Fixes: 246eba8e9041c477 ("perf tools: Add support for PERF_RECORD_TEXT_POKE")
+Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
+Acked-by: Ian Rogers <irogers@google.com>
+Cc: Adrian Hunter <adrian.hunter@intel.com>
+Cc: Jiri Olsa <jolsa@kernel.org>
+Cc: stable@vger.kernel.org # 5.5+
+Link: https://lore.kernel.org/r/20220413114232.26914-1-adrian.hunter@intel.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ tools/lib/perf/evlist.c |    3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/tools/lib/perf/evlist.c
++++ b/tools/lib/perf/evlist.c
+@@ -571,7 +571,6 @@ int perf_evlist__mmap_ops(struct perf_ev
+ {
+ 	struct perf_evsel *evsel;
+ 	const struct perf_cpu_map *cpus = evlist->cpus;
+-	const struct perf_thread_map *threads = evlist->threads;
+ 
+ 	if (!ops || !ops->get || !ops->mmap)
+ 		return -EINVAL;
+@@ -583,7 +582,7 @@ int perf_evlist__mmap_ops(struct perf_ev
+ 	perf_evlist__for_each_entry(evlist, evsel) {
+ 		if ((evsel->attr.read_format & PERF_FORMAT_ID) &&
+ 		    evsel->sample_id == NULL &&
+-		    perf_evsel__alloc_id(evsel, perf_cpu_map__nr(cpus), threads->nr) < 0)
++		    perf_evsel__alloc_id(evsel, evsel->fd->max_x, evsel->fd->max_y) < 0)
+ 			return -ENOMEM;
+ 	}
+ 
diff --git a/queue-5.10/series b/queue-5.10/series
index 74c2566da6a..3155bbd1dfd 100644
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -1,2 +1,4 @@
 etherdevice-adjust-ether_addr-prototypes-to-silence-wstringop-overead.patch
 mm-page_alloc-fix-building-error-on-werror-array-compare.patch
+tracing-dump-stacktrace-trigger-to-the-corresponding-instance.patch
+perf-tools-fix-segfault-accessing-sample_id-xyarray.patch
diff --git a/queue-5.10/tracing-dump-stacktrace-trigger-to-the-corresponding-instance.patch b/queue-5.10/tracing-dump-stacktrace-trigger-to-the-corresponding-instance.patch
new file mode 100644
index 00000000000..e8416e7ecdc
--- /dev/null
+++ b/queue-5.10/tracing-dump-stacktrace-trigger-to-the-corresponding-instance.patch
@@ -0,0 +1,47 @@
+From ce33c845b030c9cf768370c951bc699470b09fa7 Mon Sep 17 00:00:00 2001
+From: Daniel Bristot de Oliveira <bristot@kernel.org>
+Date: Sun, 20 Feb 2022 23:49:57 +0100
+Subject: tracing: Dump stacktrace trigger to the corresponding instance
+
+From: Daniel Bristot de Oliveira <bristot@kernel.org>
+
+commit ce33c845b030c9cf768370c951bc699470b09fa7 upstream.
+
+The stacktrace event trigger is not dumping the stacktrace to the instance
+where it was enabled, but to the global "instance."
+
+Use the private_data, pointing to the trigger file, to figure out the
+corresponding trace instance, and use it in the trigger action, like
+snapshot_trigger does.
+
+Link: https://lkml.kernel.org/r/afbb0b4f18ba92c276865bc97204d438473f4ebc.1645396236.git.bristot@kernel.org
+
+Cc: stable@vger.kernel.org
+Fixes: ae63b31e4d0e2 ("tracing: Separate out trace events from global variables")
+Reviewed-by: Tom Zanussi <zanussi@kernel.org>
+Tested-by: Tom Zanussi <zanussi@kernel.org>
+Signed-off-by: Daniel Bristot de Oliveira <bristot@kernel.org>
+Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/trace/trace_events_trigger.c |    9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+--- a/kernel/trace/trace_events_trigger.c
++++ b/kernel/trace/trace_events_trigger.c
+@@ -1219,7 +1219,14 @@ static void
+ stacktrace_trigger(struct event_trigger_data *data, void *rec,
+ 		   struct ring_buffer_event *event)
+ {
+-	trace_dump_stack(STACK_SKIP);
++	struct trace_event_file *file = data->private_data;
++	unsigned long flags;
++
++	if (file) {
++		local_save_flags(flags);
++		__trace_stack(file->tr, flags, STACK_SKIP, preempt_count());
++	} else
++		trace_dump_stack(STACK_SKIP);
+ }
+ 
+ static void