From 1192675f4ff52efdafb867c5f70793061c3b6356 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 23 Jun 2020 14:04:06 +0200 Subject: [PATCH] 5.7-stable patches added patches: crypto-algboss-don-t-wait-during-notifier-callback.patch crypto-algif_skcipher-cap-recv-sg-list-at-ctx-used.patch drm-i915-tgl-make-wa_14010229206-permanent.patch e1000e-do-not-wake-up-the-system-via-wol-if-device-wakeup-is-disabled.patch kprobes-fix-to-protect-kick_kprobe_optimizer-by-kprobe_mutex.patch kretprobe-prevent-triggering-kretprobe-from-within-kprobe_flush_task.patch net-core-device_rename-use-rwsem-instead-of-a-seqcount.patch net-octeon-mgmt-repair-filling-of-rx-ring.patch netfilter-nft_set_pipapo-disable-preemption-before-getting-per-cpu-pointer.patch netfilter-nft_set_rbtree-don-t-account-for-expired-elements-on-insertion.patch powerpc-64s-fix-kvm-interrupt-using-wrong-save-area.patch proc-bootconfig-fix-to-use-correct-quotes-for-value.patch revert-drm-amd-display-disable-dcn20-abm-feature-for-bring-up.patch sample-trace-array-fix-sleeping-function-called-from-invalid-context.patch sample-trace-array-remove-trace_array-sample-instance.patch tools-bootconfig-fix-to-return-0-if-succeeded-to-show-the-bootconfig.patch tools-bootconfig-fix-to-use-correct-quotes-for-value.patch tracing-make-ftrace-packed-events-have-align-of-1.patch tracing-probe-fix-memleak-in-fetch_op_data-operations.patch --- ...-don-t-wait-during-notifier-callback.patch | 58 +++++ ...kcipher-cap-recv-sg-list-at-ctx-used.patch | 42 ++++ ...15-tgl-make-wa_14010229206-permanent.patch | 56 +++++ ...via-wol-if-device-wakeup-is-disabled.patch | 65 +++++ ...ick_kprobe_optimizer-by-kprobe_mutex.patch | 53 ++++ ...tprobe-from-within-kprobe_flush_task.patch | 238 ++++++++++++++++++ ...name-use-rwsem-instead-of-a-seqcount.patch | 156 ++++++++++++ ...cteon-mgmt-repair-filling-of-rx-ring.patch | 43 ++++ ...ption-before-getting-per-cpu-pointer.patch | 99 ++++++++ ...nt-for-expired-elements-on-insertion.patch | 115 +++++++++ ...-kvm-interrupt-using-wrong-save-area.patch | 45 ++++ ...-fix-to-use-correct-quotes-for-value.patch | 87 +++++++ ...sable-dcn20-abm-feature-for-bring-up.patch | 59 +++++ ...function-called-from-invalid-context.patch | 90 +++++++ ...y-remove-trace_array-sample-instance.patch | 41 +++ queue-5.7/series | 19 ++ ...-if-succeeded-to-show-the-bootconfig.patch | 45 ++++ ...-fix-to-use-correct-quotes-for-value.patch | 62 +++++ ...ftrace-packed-events-have-align-of-1.patch | 154 ++++++++++++ ...-memleak-in-fetch_op_data-operations.patch | 59 +++++ 20 files changed, 1586 insertions(+) create mode 100644 queue-5.7/crypto-algboss-don-t-wait-during-notifier-callback.patch create mode 100644 queue-5.7/crypto-algif_skcipher-cap-recv-sg-list-at-ctx-used.patch create mode 100644 queue-5.7/drm-i915-tgl-make-wa_14010229206-permanent.patch create mode 100644 queue-5.7/e1000e-do-not-wake-up-the-system-via-wol-if-device-wakeup-is-disabled.patch create mode 100644 queue-5.7/kprobes-fix-to-protect-kick_kprobe_optimizer-by-kprobe_mutex.patch create mode 100644 queue-5.7/kretprobe-prevent-triggering-kretprobe-from-within-kprobe_flush_task.patch create mode 100644 queue-5.7/net-core-device_rename-use-rwsem-instead-of-a-seqcount.patch create mode 100644 queue-5.7/net-octeon-mgmt-repair-filling-of-rx-ring.patch create mode 100644 queue-5.7/netfilter-nft_set_pipapo-disable-preemption-before-getting-per-cpu-pointer.patch create mode 100644 queue-5.7/netfilter-nft_set_rbtree-don-t-account-for-expired-elements-on-insertion.patch create mode 100644 queue-5.7/powerpc-64s-fix-kvm-interrupt-using-wrong-save-area.patch create mode 100644 queue-5.7/proc-bootconfig-fix-to-use-correct-quotes-for-value.patch create mode 100644 queue-5.7/revert-drm-amd-display-disable-dcn20-abm-feature-for-bring-up.patch create mode 100644 queue-5.7/sample-trace-array-fix-sleeping-function-called-from-invalid-context.patch create mode 100644 queue-5.7/sample-trace-array-remove-trace_array-sample-instance.patch create mode 100644 queue-5.7/tools-bootconfig-fix-to-return-0-if-succeeded-to-show-the-bootconfig.patch create mode 100644 queue-5.7/tools-bootconfig-fix-to-use-correct-quotes-for-value.patch create mode 100644 queue-5.7/tracing-make-ftrace-packed-events-have-align-of-1.patch create mode 100644 queue-5.7/tracing-probe-fix-memleak-in-fetch_op_data-operations.patch diff --git a/queue-5.7/crypto-algboss-don-t-wait-during-notifier-callback.patch b/queue-5.7/crypto-algboss-don-t-wait-during-notifier-callback.patch new file mode 100644 index 00000000000..a2cb6c77dcc --- /dev/null +++ b/queue-5.7/crypto-algboss-don-t-wait-during-notifier-callback.patch @@ -0,0 +1,58 @@ +From 77251e41f89a813b4090f5199442f217bbf11297 Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Thu, 4 Jun 2020 11:52:53 -0700 +Subject: crypto: algboss - don't wait during notifier callback +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Eric Biggers + +commit 77251e41f89a813b4090f5199442f217bbf11297 upstream. + +When a crypto template needs to be instantiated, CRYPTO_MSG_ALG_REQUEST +is sent to crypto_chain. cryptomgr_schedule_probe() handles this by +starting a thread to instantiate the template, then waiting for this +thread to complete via crypto_larval::completion. + +This can deadlock because instantiating the template may require loading +modules, and this (apparently depending on userspace) may need to wait +for the crc-t10dif module (lib/crc-t10dif.c) to be loaded. But +crc-t10dif's module_init function uses crypto_register_notifier() and +therefore takes crypto_chain.rwsem for write. That can't proceed until +the notifier callback has finished, as it holds this semaphore for read. + +Fix this by removing the wait on crypto_larval::completion from within +cryptomgr_schedule_probe(). It's actually unnecessary because +crypto_alg_mod_lookup() calls crypto_larval_wait() itself after sending +CRYPTO_MSG_ALG_REQUEST. + +This only actually became a problem in v4.20 due to commit b76377543b73 +("crc-t10dif: Pick better transform if one becomes available"), but the +unnecessary wait was much older. + +BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=207159 +Reported-by: Mike Gerow +Fixes: 398710379f51 ("crypto: algapi - Move larval completion into algboss") +Cc: # v3.6+ +Cc: Martin K. Petersen +Signed-off-by: Eric Biggers +Reported-by: Kai Lüke +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + crypto/algboss.c | 2 -- + 1 file changed, 2 deletions(-) + +--- a/crypto/algboss.c ++++ b/crypto/algboss.c +@@ -178,8 +178,6 @@ static int cryptomgr_schedule_probe(stru + if (IS_ERR(thread)) + goto err_put_larval; + +- wait_for_completion_interruptible(&larval->completion); +- + return NOTIFY_STOP; + + err_put_larval: diff --git a/queue-5.7/crypto-algif_skcipher-cap-recv-sg-list-at-ctx-used.patch b/queue-5.7/crypto-algif_skcipher-cap-recv-sg-list-at-ctx-used.patch new file mode 100644 index 00000000000..04c5e258c0e --- /dev/null +++ b/queue-5.7/crypto-algif_skcipher-cap-recv-sg-list-at-ctx-used.patch @@ -0,0 +1,42 @@ +From 7cf81954705b7e5b057f7dc39a7ded54422ab6e1 Mon Sep 17 00:00:00 2001 +From: Herbert Xu +Date: Fri, 29 May 2020 14:54:43 +1000 +Subject: crypto: algif_skcipher - Cap recv SG list at ctx->used + +From: Herbert Xu + +commit 7cf81954705b7e5b057f7dc39a7ded54422ab6e1 upstream. + +Somewhere along the line the cap on the SG list length for receive +was lost. This patch restores it and removes the subsequent test +which is now redundant. + +Fixes: 2d97591ef43d ("crypto: af_alg - consolidation of...") +Cc: +Signed-off-by: Herbert Xu +Reviewed-by: Stephan Mueller +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman + +--- + crypto/algif_skcipher.c | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +--- a/crypto/algif_skcipher.c ++++ b/crypto/algif_skcipher.c +@@ -74,14 +74,10 @@ static int _skcipher_recvmsg(struct sock + return PTR_ERR(areq); + + /* convert iovecs of output buffers into RX SGL */ +- err = af_alg_get_rsgl(sk, msg, flags, areq, -1, &len); ++ err = af_alg_get_rsgl(sk, msg, flags, areq, ctx->used, &len); + if (err) + goto free; + +- /* Process only as much RX buffers for which we have TX data */ +- if (len > ctx->used) +- len = ctx->used; +- + /* + * If more buffers are to be expected to be processed, process only + * full block size buffers. diff --git a/queue-5.7/drm-i915-tgl-make-wa_14010229206-permanent.patch b/queue-5.7/drm-i915-tgl-make-wa_14010229206-permanent.patch new file mode 100644 index 00000000000..994fce4ebca --- /dev/null +++ b/queue-5.7/drm-i915-tgl-make-wa_14010229206-permanent.patch @@ -0,0 +1,56 @@ +From 63d0f3ea8ebb67160eca281320d255c72b0cb51a Mon Sep 17 00:00:00 2001 +From: Swathi Dhanavanthri +Date: Thu, 26 Mar 2020 16:49:55 -0700 +Subject: drm/i915/tgl: Make Wa_14010229206 permanent + +From: Swathi Dhanavanthri + +commit 63d0f3ea8ebb67160eca281320d255c72b0cb51a upstream. + +This workaround now applies to all steppings, not just A0. +Wa_1409085225 is a temporary A0-only W/A however it is +identical to Wa_14010229206 and hence the combined workaround +is made permanent. +Bspec: 52890 + +Signed-off-by: Swathi Dhanavanthri +Tested-by: Rafael Antognolli +Reviewed-by: Matt Roper +[mattrope: added missing blank line] +Signed-off-by: Matt Roper +Link: https://patchwork.freedesktop.org/patch/msgid/20200326234955.16155-1-swathi.dhanavanthri@intel.com +Signed-off-by: Rodrigo Vivi +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpu/drm/i915/gt/intel_workarounds.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +--- a/drivers/gpu/drm/i915/gt/intel_workarounds.c ++++ b/drivers/gpu/drm/i915/gt/intel_workarounds.c +@@ -1620,12 +1620,6 @@ rcs_engine_wa_init(struct intel_engine_c + GEN7_FF_THREAD_MODE, + GEN12_FF_TESSELATION_DOP_GATE_DISABLE); + +- /* +- * Wa_1409085225:tgl +- * Wa_14010229206:tgl +- */ +- wa_masked_en(wal, GEN9_ROW_CHICKEN4, GEN12_DISABLE_TDL_PUSH); +- + /* Wa_1408615072:tgl */ + wa_write_or(wal, UNSLICE_UNIT_LEVEL_CLKGATE2, + VSUNIT_CLKGATE_DIS_TGL); +@@ -1643,6 +1637,12 @@ rcs_engine_wa_init(struct intel_engine_c + wa_masked_en(wal, + GEN9_CS_DEBUG_MODE1, + FF_DOP_CLOCK_GATE_DISABLE); ++ ++ /* ++ * Wa_1409085225:tgl ++ * Wa_14010229206:tgl ++ */ ++ wa_masked_en(wal, GEN9_ROW_CHICKEN4, GEN12_DISABLE_TDL_PUSH); + } + + if (IS_GEN(i915, 11)) { diff --git a/queue-5.7/e1000e-do-not-wake-up-the-system-via-wol-if-device-wakeup-is-disabled.patch b/queue-5.7/e1000e-do-not-wake-up-the-system-via-wol-if-device-wakeup-is-disabled.patch new file mode 100644 index 00000000000..6389da79381 --- /dev/null +++ b/queue-5.7/e1000e-do-not-wake-up-the-system-via-wol-if-device-wakeup-is-disabled.patch @@ -0,0 +1,65 @@ +From 6bf6be1127f7e6d4bf39f84d56854e944d045d74 Mon Sep 17 00:00:00 2001 +From: Chen Yu +Date: Fri, 22 May 2020 01:59:00 +0800 +Subject: e1000e: Do not wake up the system via WOL if device wakeup is disabled + +From: Chen Yu + +commit 6bf6be1127f7e6d4bf39f84d56854e944d045d74 upstream. + +Currently the system will be woken up via WOL(Wake On LAN) even if the +device wakeup ability has been disabled via sysfs: + cat /sys/devices/pci0000:00/0000:00:1f.6/power/wakeup + disabled + +The system should not be woken up if the user has explicitly +disabled the wake up ability for this device. + +This patch clears the WOL ability of this network device if the +user has disabled the wake up ability in sysfs. + +Fixes: bc7f75fa9788 ("[E1000E]: New pci-express e1000 driver") +Reported-by: "Rafael J. Wysocki" +Reviewed-by: Andy Shevchenko +Cc: +Signed-off-by: Chen Yu +Tested-by: Aaron Brown +Signed-off-by: Jeff Kirsher +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/ethernet/intel/e1000e/netdev.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +--- a/drivers/net/ethernet/intel/e1000e/netdev.c ++++ b/drivers/net/ethernet/intel/e1000e/netdev.c +@@ -6518,11 +6518,17 @@ static int __e1000_shutdown(struct pci_d + struct net_device *netdev = pci_get_drvdata(pdev); + struct e1000_adapter *adapter = netdev_priv(netdev); + struct e1000_hw *hw = &adapter->hw; +- u32 ctrl, ctrl_ext, rctl, status; +- /* Runtime suspend should only enable wakeup for link changes */ +- u32 wufc = runtime ? E1000_WUFC_LNKC : adapter->wol; ++ u32 ctrl, ctrl_ext, rctl, status, wufc; + int retval = 0; + ++ /* Runtime suspend should only enable wakeup for link changes */ ++ if (runtime) ++ wufc = E1000_WUFC_LNKC; ++ else if (device_may_wakeup(&pdev->dev)) ++ wufc = adapter->wol; ++ else ++ wufc = 0; ++ + status = er32(STATUS); + if (status & E1000_STATUS_LU) + wufc &= ~E1000_WUFC_LNKC; +@@ -6579,7 +6585,7 @@ static int __e1000_shutdown(struct pci_d + if (adapter->hw.phy.type == e1000_phy_igp_3) { + e1000e_igp3_phy_powerdown_workaround_ich8lan(&adapter->hw); + } else if (hw->mac.type >= e1000_pch_lpt) { +- if (!(wufc & (E1000_WUFC_EX | E1000_WUFC_MC | E1000_WUFC_BC))) ++ if (wufc && !(wufc & (E1000_WUFC_EX | E1000_WUFC_MC | E1000_WUFC_BC))) + /* ULP does not support wake from unicast, multicast + * or broadcast. + */ diff --git a/queue-5.7/kprobes-fix-to-protect-kick_kprobe_optimizer-by-kprobe_mutex.patch b/queue-5.7/kprobes-fix-to-protect-kick_kprobe_optimizer-by-kprobe_mutex.patch new file mode 100644 index 00000000000..e9255401639 --- /dev/null +++ b/queue-5.7/kprobes-fix-to-protect-kick_kprobe_optimizer-by-kprobe_mutex.patch @@ -0,0 +1,53 @@ +From 1a0aa991a6274161c95a844c58cfb801d681eb59 Mon Sep 17 00:00:00 2001 +From: Masami Hiramatsu +Date: Tue, 12 May 2020 17:02:56 +0900 +Subject: kprobes: Fix to protect kick_kprobe_optimizer() by kprobe_mutex + +From: Masami Hiramatsu + +commit 1a0aa991a6274161c95a844c58cfb801d681eb59 upstream. + +In kprobe_optimizer() kick_kprobe_optimizer() is called +without kprobe_mutex, but this can race with other caller +which is protected by kprobe_mutex. + +To fix that, expand kprobe_mutex protected area to protect +kick_kprobe_optimizer() call. + +Link: http://lkml.kernel.org/r/158927057586.27680.5036330063955940456.stgit@devnote2 + +Fixes: cd7ebe2298ff ("kprobes: Use text_poke_smp_batch for optimizing") +Cc: Ingo Molnar +Cc: "Gustavo A . R . Silva" +Cc: Anders Roxell +Cc: "Naveen N . Rao" +Cc: Anil S Keshavamurthy +Cc: David Miller +Cc: Ingo Molnar +Cc: Peter Zijlstra +Cc: Ziqian SUN +Cc: stable@vger.kernel.org +Signed-off-by: Masami Hiramatsu +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/kprobes.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/kernel/kprobes.c ++++ b/kernel/kprobes.c +@@ -586,11 +586,12 @@ static void kprobe_optimizer(struct work + mutex_unlock(&module_mutex); + mutex_unlock(&text_mutex); + cpus_read_unlock(); +- mutex_unlock(&kprobe_mutex); + + /* Step 5: Kick optimizer again if needed */ + if (!list_empty(&optimizing_list) || !list_empty(&unoptimizing_list)) + kick_kprobe_optimizer(); ++ ++ mutex_unlock(&kprobe_mutex); + } + + /* Wait for completing optimization and unoptimization */ diff --git a/queue-5.7/kretprobe-prevent-triggering-kretprobe-from-within-kprobe_flush_task.patch b/queue-5.7/kretprobe-prevent-triggering-kretprobe-from-within-kprobe_flush_task.patch new file mode 100644 index 00000000000..21ed214328c --- /dev/null +++ b/queue-5.7/kretprobe-prevent-triggering-kretprobe-from-within-kprobe_flush_task.patch @@ -0,0 +1,238 @@ +From 9b38cc704e844e41d9cf74e647bff1d249512cb3 Mon Sep 17 00:00:00 2001 +From: Jiri Olsa +Date: Tue, 12 May 2020 17:03:18 +0900 +Subject: kretprobe: Prevent triggering kretprobe from within kprobe_flush_task + +From: Jiri Olsa + +commit 9b38cc704e844e41d9cf74e647bff1d249512cb3 upstream. + +Ziqian reported lockup when adding retprobe on _raw_spin_lock_irqsave. +My test was also able to trigger lockdep output: + + ============================================ + WARNING: possible recursive locking detected + 5.6.0-rc6+ #6 Not tainted + -------------------------------------------- + sched-messaging/2767 is trying to acquire lock: + ffffffff9a492798 (&(kretprobe_table_locks[i].lock)){-.-.}, at: kretprobe_hash_lock+0x52/0xa0 + + but task is already holding lock: + ffffffff9a491a18 (&(kretprobe_table_locks[i].lock)){-.-.}, at: kretprobe_trampoline+0x0/0x50 + + other info that might help us debug this: + Possible unsafe locking scenario: + + CPU0 + ---- + lock(&(kretprobe_table_locks[i].lock)); + lock(&(kretprobe_table_locks[i].lock)); + + *** DEADLOCK *** + + May be due to missing lock nesting notation + + 1 lock held by sched-messaging/2767: + #0: ffffffff9a491a18 (&(kretprobe_table_locks[i].lock)){-.-.}, at: kretprobe_trampoline+0x0/0x50 + + stack backtrace: + CPU: 3 PID: 2767 Comm: sched-messaging Not tainted 5.6.0-rc6+ #6 + Call Trace: + dump_stack+0x96/0xe0 + __lock_acquire.cold.57+0x173/0x2b7 + ? native_queued_spin_lock_slowpath+0x42b/0x9e0 + ? lockdep_hardirqs_on+0x590/0x590 + ? __lock_acquire+0xf63/0x4030 + lock_acquire+0x15a/0x3d0 + ? kretprobe_hash_lock+0x52/0xa0 + _raw_spin_lock_irqsave+0x36/0x70 + ? kretprobe_hash_lock+0x52/0xa0 + kretprobe_hash_lock+0x52/0xa0 + trampoline_handler+0xf8/0x940 + ? kprobe_fault_handler+0x380/0x380 + ? find_held_lock+0x3a/0x1c0 + kretprobe_trampoline+0x25/0x50 + ? lock_acquired+0x392/0xbc0 + ? _raw_spin_lock_irqsave+0x50/0x70 + ? __get_valid_kprobe+0x1f0/0x1f0 + ? _raw_spin_unlock_irqrestore+0x3b/0x40 + ? finish_task_switch+0x4b9/0x6d0 + ? __switch_to_asm+0x34/0x70 + ? __switch_to_asm+0x40/0x70 + +The code within the kretprobe handler checks for probe reentrancy, +so we won't trigger any _raw_spin_lock_irqsave probe in there. + +The problem is in outside kprobe_flush_task, where we call: + + kprobe_flush_task + kretprobe_table_lock + raw_spin_lock_irqsave + _raw_spin_lock_irqsave + +where _raw_spin_lock_irqsave triggers the kretprobe and installs +kretprobe_trampoline handler on _raw_spin_lock_irqsave return. + +The kretprobe_trampoline handler is then executed with already +locked kretprobe_table_locks, and first thing it does is to +lock kretprobe_table_locks ;-) the whole lockup path like: + + kprobe_flush_task + kretprobe_table_lock + raw_spin_lock_irqsave + _raw_spin_lock_irqsave ---> probe triggered, kretprobe_trampoline installed + + ---> kretprobe_table_locks locked + + kretprobe_trampoline + trampoline_handler + kretprobe_hash_lock(current, &head, &flags); <--- deadlock + +Adding kprobe_busy_begin/end helpers that mark code with fake +probe installed to prevent triggering of another kprobe within +this code. + +Using these helpers in kprobe_flush_task, so the probe recursion +protection check is hit and the probe is never set to prevent +above lockup. + +Link: http://lkml.kernel.org/r/158927059835.27680.7011202830041561604.stgit@devnote2 + +Fixes: ef53d9c5e4da ("kprobes: improve kretprobe scalability with hashed locking") +Cc: Ingo Molnar +Cc: "Gustavo A . R . Silva" +Cc: Anders Roxell +Cc: "Naveen N . Rao" +Cc: Anil S Keshavamurthy +Cc: David Miller +Cc: Ingo Molnar +Cc: Peter Zijlstra +Cc: stable@vger.kernel.org +Reported-by: "Ziqian SUN (Zamir)" +Acked-by: Masami Hiramatsu +Signed-off-by: Jiri Olsa +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kernel/kprobes/core.c | 16 +++------------- + include/linux/kprobes.h | 4 ++++ + kernel/kprobes.c | 24 ++++++++++++++++++++++++ + 3 files changed, 31 insertions(+), 13 deletions(-) + +--- a/arch/x86/kernel/kprobes/core.c ++++ b/arch/x86/kernel/kprobes/core.c +@@ -753,16 +753,11 @@ asm( + NOKPROBE_SYMBOL(kretprobe_trampoline); + STACK_FRAME_NON_STANDARD(kretprobe_trampoline); + +-static struct kprobe kretprobe_kprobe = { +- .addr = (void *)kretprobe_trampoline, +-}; +- + /* + * Called from kretprobe_trampoline + */ + __used __visible void *trampoline_handler(struct pt_regs *regs) + { +- struct kprobe_ctlblk *kcb; + struct kretprobe_instance *ri = NULL; + struct hlist_head *head, empty_rp; + struct hlist_node *tmp; +@@ -772,16 +767,12 @@ __used __visible void *trampoline_handle + void *frame_pointer; + bool skipped = false; + +- preempt_disable(); +- + /* + * Set a dummy kprobe for avoiding kretprobe recursion. + * Since kretprobe never run in kprobe handler, kprobe must not + * be running at this point. + */ +- kcb = get_kprobe_ctlblk(); +- __this_cpu_write(current_kprobe, &kretprobe_kprobe); +- kcb->kprobe_status = KPROBE_HIT_ACTIVE; ++ kprobe_busy_begin(); + + INIT_HLIST_HEAD(&empty_rp); + kretprobe_hash_lock(current, &head, &flags); +@@ -857,7 +848,7 @@ __used __visible void *trampoline_handle + __this_cpu_write(current_kprobe, &ri->rp->kp); + ri->ret_addr = correct_ret_addr; + ri->rp->handler(ri, regs); +- __this_cpu_write(current_kprobe, &kretprobe_kprobe); ++ __this_cpu_write(current_kprobe, &kprobe_busy); + } + + recycle_rp_inst(ri, &empty_rp); +@@ -873,8 +864,7 @@ __used __visible void *trampoline_handle + + kretprobe_hash_unlock(current, &flags); + +- __this_cpu_write(current_kprobe, NULL); +- preempt_enable(); ++ kprobe_busy_end(); + + hlist_for_each_entry_safe(ri, tmp, &empty_rp, hlist) { + hlist_del(&ri->hlist); +--- a/include/linux/kprobes.h ++++ b/include/linux/kprobes.h +@@ -350,6 +350,10 @@ static inline struct kprobe_ctlblk *get_ + return this_cpu_ptr(&kprobe_ctlblk); + } + ++extern struct kprobe kprobe_busy; ++void kprobe_busy_begin(void); ++void kprobe_busy_end(void); ++ + kprobe_opcode_t *kprobe_lookup_name(const char *name, unsigned int offset); + int register_kprobe(struct kprobe *p); + void unregister_kprobe(struct kprobe *p); +--- a/kernel/kprobes.c ++++ b/kernel/kprobes.c +@@ -1237,6 +1237,26 @@ __releases(hlist_lock) + } + NOKPROBE_SYMBOL(kretprobe_table_unlock); + ++struct kprobe kprobe_busy = { ++ .addr = (void *) get_kprobe, ++}; ++ ++void kprobe_busy_begin(void) ++{ ++ struct kprobe_ctlblk *kcb; ++ ++ preempt_disable(); ++ __this_cpu_write(current_kprobe, &kprobe_busy); ++ kcb = get_kprobe_ctlblk(); ++ kcb->kprobe_status = KPROBE_HIT_ACTIVE; ++} ++ ++void kprobe_busy_end(void) ++{ ++ __this_cpu_write(current_kprobe, NULL); ++ preempt_enable(); ++} ++ + /* + * This function is called from finish_task_switch when task tk becomes dead, + * so that we can recycle any function-return probe instances associated +@@ -1254,6 +1274,8 @@ void kprobe_flush_task(struct task_struc + /* Early boot. kretprobe_table_locks not yet initialized. */ + return; + ++ kprobe_busy_begin(); ++ + INIT_HLIST_HEAD(&empty_rp); + hash = hash_ptr(tk, KPROBE_HASH_BITS); + head = &kretprobe_inst_table[hash]; +@@ -1267,6 +1289,8 @@ void kprobe_flush_task(struct task_struc + hlist_del(&ri->hlist); + kfree(ri); + } ++ ++ kprobe_busy_end(); + } + NOKPROBE_SYMBOL(kprobe_flush_task); + diff --git a/queue-5.7/net-core-device_rename-use-rwsem-instead-of-a-seqcount.patch b/queue-5.7/net-core-device_rename-use-rwsem-instead-of-a-seqcount.patch new file mode 100644 index 00000000000..f48b26244d9 --- /dev/null +++ b/queue-5.7/net-core-device_rename-use-rwsem-instead-of-a-seqcount.patch @@ -0,0 +1,156 @@ +From 11d6011c2cf29f7c8181ebde6c8bc0c4d83adcd7 Mon Sep 17 00:00:00 2001 +From: "Ahmed S. Darwish" +Date: Wed, 3 Jun 2020 16:49:44 +0200 +Subject: net: core: device_rename: Use rwsem instead of a seqcount + +From: Ahmed S. Darwish + +commit 11d6011c2cf29f7c8181ebde6c8bc0c4d83adcd7 upstream. + +Sequence counters write paths are critical sections that must never be +preempted, and blocking, even for CONFIG_PREEMPTION=n, is not allowed. + +Commit 5dbe7c178d3f ("net: fix kernel deadlock with interface rename and +netdev name retrieval.") handled a deadlock, observed with +CONFIG_PREEMPTION=n, where the devnet_rename seqcount read side was +infinitely spinning: it got scheduled after the seqcount write side +blocked inside its own critical section. + +To fix that deadlock, among other issues, the commit added a +cond_resched() inside the read side section. While this will get the +non-preemptible kernel eventually unstuck, the seqcount reader is fully +exhausting its slice just spinning -- until TIF_NEED_RESCHED is set. + +The fix is also still broken: if the seqcount reader belongs to a +real-time scheduling policy, it can spin forever and the kernel will +livelock. + +Disabling preemption over the seqcount write side critical section will +not work: inside it are a number of GFP_KERNEL allocations and mutex +locking through the drivers/base/ :: device_rename() call chain. + +>From all the above, replace the seqcount with a rwsem. + +Fixes: 5dbe7c178d3f (net: fix kernel deadlock with interface rename and netdev name retrieval.) +Fixes: 30e6c9fa93cf (net: devnet_rename_seq should be a seqcount) +Fixes: c91f6df2db49 (sockopt: Change getsockopt() of SO_BINDTODEVICE to return an interface name) +Cc: +Reported-by: kbuild test robot [ v1 missing up_read() on error exit ] +Reported-by: Dan Carpenter [ v1 missing up_read() on error exit ] +Signed-off-by: Ahmed S. Darwish +Reviewed-by: Sebastian Andrzej Siewior +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + net/core/dev.c | 40 ++++++++++++++++++---------------------- + 1 file changed, 18 insertions(+), 22 deletions(-) + +--- a/net/core/dev.c ++++ b/net/core/dev.c +@@ -79,6 +79,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -194,7 +195,7 @@ static DEFINE_SPINLOCK(napi_hash_lock); + static unsigned int napi_gen_id = NR_CPUS; + static DEFINE_READ_MOSTLY_HASHTABLE(napi_hash, 8); + +-static seqcount_t devnet_rename_seq; ++static DECLARE_RWSEM(devnet_rename_sem); + + static inline void dev_base_seq_inc(struct net *net) + { +@@ -930,33 +931,28 @@ EXPORT_SYMBOL(dev_get_by_napi_id); + * @net: network namespace + * @name: a pointer to the buffer where the name will be stored. + * @ifindex: the ifindex of the interface to get the name from. +- * +- * The use of raw_seqcount_begin() and cond_resched() before +- * retrying is required as we want to give the writers a chance +- * to complete when CONFIG_PREEMPTION is not set. + */ + int netdev_get_name(struct net *net, char *name, int ifindex) + { + struct net_device *dev; +- unsigned int seq; ++ int ret; + +-retry: +- seq = raw_seqcount_begin(&devnet_rename_seq); ++ down_read(&devnet_rename_sem); + rcu_read_lock(); ++ + dev = dev_get_by_index_rcu(net, ifindex); + if (!dev) { +- rcu_read_unlock(); +- return -ENODEV; ++ ret = -ENODEV; ++ goto out; + } + + strcpy(name, dev->name); +- rcu_read_unlock(); +- if (read_seqcount_retry(&devnet_rename_seq, seq)) { +- cond_resched(); +- goto retry; +- } + +- return 0; ++ ret = 0; ++out: ++ rcu_read_unlock(); ++ up_read(&devnet_rename_sem); ++ return ret; + } + + /** +@@ -1228,10 +1224,10 @@ int dev_change_name(struct net_device *d + likely(!(dev->priv_flags & IFF_LIVE_RENAME_OK))) + return -EBUSY; + +- write_seqcount_begin(&devnet_rename_seq); ++ down_write(&devnet_rename_sem); + + if (strncmp(newname, dev->name, IFNAMSIZ) == 0) { +- write_seqcount_end(&devnet_rename_seq); ++ up_write(&devnet_rename_sem); + return 0; + } + +@@ -1239,7 +1235,7 @@ int dev_change_name(struct net_device *d + + err = dev_get_valid_name(net, dev, newname); + if (err < 0) { +- write_seqcount_end(&devnet_rename_seq); ++ up_write(&devnet_rename_sem); + return err; + } + +@@ -1254,11 +1250,11 @@ rollback: + if (ret) { + memcpy(dev->name, oldname, IFNAMSIZ); + dev->name_assign_type = old_assign_type; +- write_seqcount_end(&devnet_rename_seq); ++ up_write(&devnet_rename_sem); + return ret; + } + +- write_seqcount_end(&devnet_rename_seq); ++ up_write(&devnet_rename_sem); + + netdev_adjacent_rename_links(dev, oldname); + +@@ -1279,7 +1275,7 @@ rollback: + /* err >= 0 after dev_alloc_name() or stores the first errno */ + if (err >= 0) { + err = ret; +- write_seqcount_begin(&devnet_rename_seq); ++ down_write(&devnet_rename_sem); + memcpy(dev->name, oldname, IFNAMSIZ); + memcpy(oldname, newname, IFNAMSIZ); + dev->name_assign_type = old_assign_type; diff --git a/queue-5.7/net-octeon-mgmt-repair-filling-of-rx-ring.patch b/queue-5.7/net-octeon-mgmt-repair-filling-of-rx-ring.patch new file mode 100644 index 00000000000..eba5fd06866 --- /dev/null +++ b/queue-5.7/net-octeon-mgmt-repair-filling-of-rx-ring.patch @@ -0,0 +1,43 @@ +From 0c34bb598c510e070160029f34efeeb217000f8d Mon Sep 17 00:00:00 2001 +From: Alexander Sverdlin +Date: Fri, 29 May 2020 14:17:10 +0200 +Subject: net: octeon: mgmt: Repair filling of RX ring + +From: Alexander Sverdlin + +commit 0c34bb598c510e070160029f34efeeb217000f8d upstream. + +The removal of mips_swiotlb_ops exposed a problem in octeon_mgmt Ethernet +driver. mips_swiotlb_ops had an mb() after most of the operations and the +removal of the ops had broken the receive functionality of the driver. +My code inspection has shown no other places except +octeon_mgmt_rx_fill_ring() where an explicit barrier would be obviously +missing. The latter function however has to make sure that "ringing the +bell" doesn't happen before RX ring entry is really written. + +The patch has been successfully tested on Octeon II. + +Fixes: a999933db9ed ("MIPS: remove mips_swiotlb_ops") +Cc: stable@vger.kernel.org +Signed-off-by: Alexander Sverdlin +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/ethernet/cavium/octeon/octeon_mgmt.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/drivers/net/ethernet/cavium/octeon/octeon_mgmt.c ++++ b/drivers/net/ethernet/cavium/octeon/octeon_mgmt.c +@@ -234,6 +234,11 @@ static void octeon_mgmt_rx_fill_ring(str + + /* Put it in the ring. */ + p->rx_ring[p->rx_next_fill] = re.d64; ++ /* Make sure there is no reorder of filling the ring and ringing ++ * the bell ++ */ ++ wmb(); ++ + dma_sync_single_for_device(p->dev, p->rx_ring_handle, + ring_size_to_bytes(OCTEON_MGMT_RX_RING_SIZE), + DMA_BIDIRECTIONAL); diff --git a/queue-5.7/netfilter-nft_set_pipapo-disable-preemption-before-getting-per-cpu-pointer.patch b/queue-5.7/netfilter-nft_set_pipapo-disable-preemption-before-getting-per-cpu-pointer.patch new file mode 100644 index 00000000000..d5898448168 --- /dev/null +++ b/queue-5.7/netfilter-nft_set_pipapo-disable-preemption-before-getting-per-cpu-pointer.patch @@ -0,0 +1,99 @@ +From c3829285b2e6a0d5461078d7f6cbb2c2b4bf8c4e Mon Sep 17 00:00:00 2001 +From: Stefano Brivio +Date: Mon, 8 Jun 2020 10:50:29 +0200 +Subject: netfilter: nft_set_pipapo: Disable preemption before getting per-CPU pointer + +From: Stefano Brivio + +commit c3829285b2e6a0d5461078d7f6cbb2c2b4bf8c4e upstream. + +The lkp kernel test robot reports, with CONFIG_DEBUG_PREEMPT enabled: + + [ 165.316525] BUG: using smp_processor_id() in preemptible [00000000] code: nft/6247 + [ 165.319547] caller is nft_pipapo_insert+0x464/0x610 [nf_tables] + [ 165.321846] CPU: 1 PID: 6247 Comm: nft Not tainted 5.6.0-rc5-01595-ge32a4dc6512ce3 #1 + [ 165.332128] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 + [ 165.334892] Call Trace: + [ 165.336435] dump_stack+0x8f/0xcb + [ 165.338128] debug_smp_processor_id+0xb2/0xc0 + [ 165.340117] nft_pipapo_insert+0x464/0x610 [nf_tables] + [ 165.342290] ? nft_trans_alloc_gfp+0x1c/0x60 [nf_tables] + [ 165.344420] ? rcu_read_lock_sched_held+0x52/0x80 + [ 165.346460] ? nft_trans_alloc_gfp+0x1c/0x60 [nf_tables] + [ 165.348543] ? __mmu_interval_notifier_insert+0xa0/0xf0 + [ 165.350629] nft_add_set_elem+0x5ff/0xa90 [nf_tables] + [ 165.352699] ? __lock_acquire+0x241/0x1400 + [ 165.354573] ? __lock_acquire+0x241/0x1400 + [ 165.356399] ? reacquire_held_locks+0x12f/0x200 + [ 165.358384] ? nf_tables_valid_genid+0x1f/0x40 [nf_tables] + [ 165.360502] ? nla_strcmp+0x10/0x50 + [ 165.362199] ? nft_table_lookup+0x4f/0xa0 [nf_tables] + [ 165.364217] ? nla_strcmp+0x10/0x50 + [ 165.365891] ? nf_tables_newsetelem+0xd5/0x150 [nf_tables] + [ 165.367997] nf_tables_newsetelem+0xd5/0x150 [nf_tables] + [ 165.370083] nfnetlink_rcv_batch+0x4fd/0x790 [nfnetlink] + [ 165.372205] ? __lock_acquire+0x241/0x1400 + [ 165.374058] ? __nla_validate_parse+0x57/0x8a0 + [ 165.375989] ? cap_inode_getsecurity+0x230/0x230 + [ 165.377954] ? security_capable+0x38/0x50 + [ 165.379795] nfnetlink_rcv+0x11d/0x140 [nfnetlink] + [ 165.381779] netlink_unicast+0x1b2/0x280 + [ 165.383612] netlink_sendmsg+0x351/0x470 + [ 165.385439] sock_sendmsg+0x5b/0x60 + [ 165.387133] ____sys_sendmsg+0x200/0x280 + [ 165.388871] ? copy_msghdr_from_user+0xd9/0x160 + [ 165.390805] ___sys_sendmsg+0x88/0xd0 + [ 165.392524] ? __might_fault+0x3e/0x90 + [ 165.394273] ? sock_getsockopt+0x3d5/0xbb0 + [ 165.396021] ? __handle_mm_fault+0x545/0x6a0 + [ 165.397822] ? find_held_lock+0x2d/0x90 + [ 165.399593] ? __sys_sendmsg+0x5e/0xa0 + [ 165.401338] __sys_sendmsg+0x5e/0xa0 + [ 165.402979] do_syscall_64+0x60/0x280 + [ 165.404680] entry_SYSCALL_64_after_hwframe+0x49/0xbe + [ 165.406621] RIP: 0033:0x7ff1fa46e783 + [ 165.408299] Code: c7 c0 ff ff ff ff eb bb 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 55 c3 0f 1f 40 00 48 83 ec 28 89 54 24 1c 48 + [ 165.414163] RSP: 002b:00007ffedf59ea78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e + [ 165.416804] RAX: ffffffffffffffda RBX: 00007ffedf59fc60 RCX: 00007ff1fa46e783 + [ 165.419419] RDX: 0000000000000000 RSI: 00007ffedf59fb10 RDI: 0000000000000005 + [ 165.421886] RBP: 00007ffedf59fc10 R08: 00007ffedf59ea54 R09: 0000000000000001 + [ 165.424445] R10: 00007ff1fa630c6c R11: 0000000000000246 R12: 0000000000020000 + [ 165.426954] R13: 0000000000000280 R14: 0000000000000005 R15: 00007ffedf59ea90 + +Disable preemption before accessing the lookup scratch area in +nft_pipapo_insert(). + +Reported-by: kernel test robot +Analysed-by: Florian Westphal +Cc: # 5.6.x +Fixes: 3c4287f62044 ("nf_tables: Add set type for arbitrary concatenation of ranges") +Signed-off-by: Stefano Brivio +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman + +--- + net/netfilter/nft_set_pipapo.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/net/netfilter/nft_set_pipapo.c ++++ b/net/netfilter/nft_set_pipapo.c +@@ -1242,7 +1242,9 @@ static int nft_pipapo_insert(const struc + end += NFT_PIPAPO_GROUPS_PADDED_SIZE(f); + } + +- if (!*this_cpu_ptr(m->scratch) || bsize_max > m->bsize_max) { ++ if (!*get_cpu_ptr(m->scratch) || bsize_max > m->bsize_max) { ++ put_cpu_ptr(m->scratch); ++ + err = pipapo_realloc_scratch(m, bsize_max); + if (err) + return err; +@@ -1250,6 +1252,8 @@ static int nft_pipapo_insert(const struc + this_cpu_write(nft_pipapo_scratch_index, false); + + m->bsize_max = bsize_max; ++ } else { ++ put_cpu_ptr(m->scratch); + } + + *ext2 = &e->ext; diff --git a/queue-5.7/netfilter-nft_set_rbtree-don-t-account-for-expired-elements-on-insertion.patch b/queue-5.7/netfilter-nft_set_rbtree-don-t-account-for-expired-elements-on-insertion.patch new file mode 100644 index 00000000000..ad6ad37a36a --- /dev/null +++ b/queue-5.7/netfilter-nft_set_rbtree-don-t-account-for-expired-elements-on-insertion.patch @@ -0,0 +1,115 @@ +From 33d077996a87175b155fe88030e8fec7ca76327e Mon Sep 17 00:00:00 2001 +From: Stefano Brivio +Date: Wed, 3 Jun 2020 01:50:11 +0200 +Subject: netfilter: nft_set_rbtree: Don't account for expired elements on insertion + +From: Stefano Brivio + +commit 33d077996a87175b155fe88030e8fec7ca76327e upstream. + +While checking the validity of insertion in __nft_rbtree_insert(), +we currently ignore conflicting elements and intervals only if they +are not active within the next generation. + +However, if we consider expired elements and intervals as +potentially conflicting and overlapping, we'll return error for +entries that should be added instead. This is particularly visible +with garbage collection intervals that are comparable with the +element timeout itself, as reported by Mike Dillinger. + +Other than the simple issue of denying insertion of valid entries, +this might also result in insertion of a single element (opening or +closing) out of a given interval. With single entries (that are +inserted as intervals of size 1), this leads in turn to the creation +of new intervals. For example: + + # nft add element t s { 192.0.2.1 } + # nft list ruleset + [...] + elements = { 192.0.2.1-255.255.255.255 } + +Always ignore expired elements active in the next generation, while +checking for conflicts. + +It might be more convenient to introduce a new macro that covers +both inactive and expired items, as this type of check also appears +quite frequently in other set back-ends. This is however beyond the +scope of this fix and can be deferred to a separate patch. + +Other than the overlap detection cases introduced by commit +7c84d41416d8 ("netfilter: nft_set_rbtree: Detect partial overlaps +on insertion"), we also have to cover the original conflict check +dealing with conflicts between two intervals of size 1, which was +introduced before support for timeout was introduced. This won't +return an error to the user as -EEXIST is masked by nft if +NLM_F_EXCL is not given, but would result in a silent failure +adding the entry. + +Reported-by: Mike Dillinger +Cc: # 5.6.x +Fixes: 8d8540c4f5e0 ("netfilter: nft_set_rbtree: add timeout support") +Fixes: 7c84d41416d8 ("netfilter: nft_set_rbtree: Detect partial overlaps on insertion") +Signed-off-by: Stefano Brivio +Acked-by: Phil Sutter +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman + +--- + net/netfilter/nft_set_rbtree.c | 21 ++++++++++++++------- + 1 file changed, 14 insertions(+), 7 deletions(-) + +--- a/net/netfilter/nft_set_rbtree.c ++++ b/net/netfilter/nft_set_rbtree.c +@@ -271,12 +271,14 @@ static int __nft_rbtree_insert(const str + + if (nft_rbtree_interval_start(new)) { + if (nft_rbtree_interval_end(rbe) && +- nft_set_elem_active(&rbe->ext, genmask)) ++ nft_set_elem_active(&rbe->ext, genmask) && ++ !nft_set_elem_expired(&rbe->ext)) + overlap = false; + } else { + overlap = nft_rbtree_interval_end(rbe) && + nft_set_elem_active(&rbe->ext, +- genmask); ++ genmask) && ++ !nft_set_elem_expired(&rbe->ext); + } + } else if (d > 0) { + p = &parent->rb_right; +@@ -284,9 +286,11 @@ static int __nft_rbtree_insert(const str + if (nft_rbtree_interval_end(new)) { + overlap = nft_rbtree_interval_end(rbe) && + nft_set_elem_active(&rbe->ext, +- genmask); ++ genmask) && ++ !nft_set_elem_expired(&rbe->ext); + } else if (nft_rbtree_interval_end(rbe) && +- nft_set_elem_active(&rbe->ext, genmask)) { ++ nft_set_elem_active(&rbe->ext, genmask) && ++ !nft_set_elem_expired(&rbe->ext)) { + overlap = true; + } + } else { +@@ -294,15 +298,18 @@ static int __nft_rbtree_insert(const str + nft_rbtree_interval_start(new)) { + p = &parent->rb_left; + +- if (nft_set_elem_active(&rbe->ext, genmask)) ++ if (nft_set_elem_active(&rbe->ext, genmask) && ++ !nft_set_elem_expired(&rbe->ext)) + overlap = false; + } else if (nft_rbtree_interval_start(rbe) && + nft_rbtree_interval_end(new)) { + p = &parent->rb_right; + +- if (nft_set_elem_active(&rbe->ext, genmask)) ++ if (nft_set_elem_active(&rbe->ext, genmask) && ++ !nft_set_elem_expired(&rbe->ext)) + overlap = false; +- } else if (nft_set_elem_active(&rbe->ext, genmask)) { ++ } else if (nft_set_elem_active(&rbe->ext, genmask) && ++ !nft_set_elem_expired(&rbe->ext)) { + *ext = &rbe->ext; + return -EEXIST; + } else { diff --git a/queue-5.7/powerpc-64s-fix-kvm-interrupt-using-wrong-save-area.patch b/queue-5.7/powerpc-64s-fix-kvm-interrupt-using-wrong-save-area.patch new file mode 100644 index 00000000000..a428ec3f5bd --- /dev/null +++ b/queue-5.7/powerpc-64s-fix-kvm-interrupt-using-wrong-save-area.patch @@ -0,0 +1,45 @@ +From 0bdcfa182506526fbe4e088ff9ca86a31b81828d Mon Sep 17 00:00:00 2001 +From: Nicholas Piggin +Date: Mon, 15 Jun 2020 16:12:47 +1000 +Subject: powerpc/64s: Fix KVM interrupt using wrong save area + +From: Nicholas Piggin + +commit 0bdcfa182506526fbe4e088ff9ca86a31b81828d upstream. + +The CTR register reload in the KVM interrupt path used the wrong save +area for SLB (and NMI) interrupts. + +Fixes: 9600f261acaa ("powerpc/64s/exception: Move KVM test to common code") +Cc: stable@vger.kernel.org # v5.7+ +Reported-by: Christian Zigotzky +Signed-off-by: Nicholas Piggin +Tested-by: Christian Zigotzky +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20200615061247.1310763-1-npiggin@gmail.com +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/kernel/exceptions-64s.S | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/powerpc/kernel/exceptions-64s.S ++++ b/arch/powerpc/kernel/exceptions-64s.S +@@ -270,7 +270,7 @@ BEGIN_FTR_SECTION + END_FTR_SECTION_IFSET(CPU_FTR_CFAR) + .endif + +- ld r10,PACA_EXGEN+EX_CTR(r13) ++ ld r10,IAREA+EX_CTR(r13) + mtctr r10 + BEGIN_FTR_SECTION + ld r10,IAREA+EX_PPR(r13) +@@ -298,7 +298,7 @@ END_FTR_SECTION_IFSET(CPU_FTR_HAS_PPR) + + .if IKVM_SKIP + 89: mtocrf 0x80,r9 +- ld r10,PACA_EXGEN+EX_CTR(r13) ++ ld r10,IAREA+EX_CTR(r13) + mtctr r10 + ld r9,IAREA+EX_R9(r13) + ld r10,IAREA+EX_R10(r13) diff --git a/queue-5.7/proc-bootconfig-fix-to-use-correct-quotes-for-value.patch b/queue-5.7/proc-bootconfig-fix-to-use-correct-quotes-for-value.patch new file mode 100644 index 00000000000..b67491c679d --- /dev/null +++ b/queue-5.7/proc-bootconfig-fix-to-use-correct-quotes-for-value.patch @@ -0,0 +1,87 @@ +From 4e264ffd953463cd14c0720eaa9315ac052f5973 Mon Sep 17 00:00:00 2001 +From: Masami Hiramatsu +Date: Tue, 16 Jun 2020 19:14:08 +0900 +Subject: proc/bootconfig: Fix to use correct quotes for value + +From: Masami Hiramatsu + +commit 4e264ffd953463cd14c0720eaa9315ac052f5973 upstream. + +Fix /proc/bootconfig to select double or single quotes +corrctly according to the value. + +If a bootconfig value includes a double quote character, +we must use single-quotes to quote that value. + +This modifies if() condition and blocks for avoiding +double-quote in value check in 2 places. Anyway, since +xbc_array_for_each_value() can handle the array which +has a single node correctly. +Thus, + +if (vnode && xbc_node_is_array(vnode)) { + xbc_array_for_each_value(vnode) /* vnode->next != NULL */ + ... +} else { + snprintf(val); /* val is an empty string if !vnode */ +} + +is equivalent to + +if (vnode) { + xbc_array_for_each_value(vnode) /* vnode->next can be NULL */ + ... +} else { + snprintf(""); /* value is always empty */ +} + +Link: http://lkml.kernel.org/r/159230244786.65555.3763894451251622488.stgit@devnote2 + +Cc: stable@vger.kernel.org +Fixes: c1a3c36017d4 ("proc: bootconfig: Add /proc/bootconfig to show boot config list") +Signed-off-by: Masami Hiramatsu +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Greg Kroah-Hartman + +--- + fs/proc/bootconfig.c | 15 ++++++++++----- + 1 file changed, 10 insertions(+), 5 deletions(-) + +--- a/fs/proc/bootconfig.c ++++ b/fs/proc/bootconfig.c +@@ -26,8 +26,9 @@ static int boot_config_proc_show(struct + static int __init copy_xbc_key_value_list(char *dst, size_t size) + { + struct xbc_node *leaf, *vnode; +- const char *val; + char *key, *end = dst + size; ++ const char *val; ++ char q; + int ret = 0; + + key = kzalloc(XBC_KEYLEN_MAX, GFP_KERNEL); +@@ -41,16 +42,20 @@ static int __init copy_xbc_key_value_lis + break; + dst += ret; + vnode = xbc_node_get_child(leaf); +- if (vnode && xbc_node_is_array(vnode)) { ++ if (vnode) { + xbc_array_for_each_value(vnode, val) { +- ret = snprintf(dst, rest(dst, end), "\"%s\"%s", +- val, vnode->next ? ", " : "\n"); ++ if (strchr(val, '"')) ++ q = '\''; ++ else ++ q = '"'; ++ ret = snprintf(dst, rest(dst, end), "%c%s%c%s", ++ q, val, q, vnode->next ? ", " : "\n"); + if (ret < 0) + goto out; + dst += ret; + } + } else { +- ret = snprintf(dst, rest(dst, end), "\"%s\"\n", val); ++ ret = snprintf(dst, rest(dst, end), "\"\"\n"); + if (ret < 0) + break; + dst += ret; diff --git a/queue-5.7/revert-drm-amd-display-disable-dcn20-abm-feature-for-bring-up.patch b/queue-5.7/revert-drm-amd-display-disable-dcn20-abm-feature-for-bring-up.patch new file mode 100644 index 00000000000..2b66207d276 --- /dev/null +++ b/queue-5.7/revert-drm-amd-display-disable-dcn20-abm-feature-for-bring-up.patch @@ -0,0 +1,59 @@ +From 14ed1c908a7a623cc0cbf0203f8201d1b7d31d16 Mon Sep 17 00:00:00 2001 +From: Harry Wentland +Date: Thu, 28 May 2020 09:44:44 -0400 +Subject: Revert "drm/amd/display: disable dcn20 abm feature for bring up" + +From: Harry Wentland + +commit 14ed1c908a7a623cc0cbf0203f8201d1b7d31d16 upstream. + +This reverts commit 96cb7cf13d8530099c256c053648ad576588c387. + +This change was used for DCN2 bringup and is no longer desired. +In fact it breaks backlight on DCN2 systems. + +Cc: Alexander Monakov +Cc: Hersen Wu +Cc: Anthony Koo +Cc: Michael Chiu +Signed-off-by: Harry Wentland +Acked-by: Alex Deucher +Reviewed-by: Nicholas Kazlauskas +Reported-and-tested-by: Alexander Monakov +Signed-off-by: Alex Deucher +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 13 +++++-------- + 1 file changed, 5 insertions(+), 8 deletions(-) + +--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c ++++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +@@ -1334,7 +1334,7 @@ static int dm_late_init(void *handle) + unsigned int linear_lut[16]; + int i; + struct dmcu *dmcu = adev->dm.dc->res_pool->dmcu; +- bool ret = false; ++ bool ret; + + for (i = 0; i < 16; i++) + linear_lut[i] = 0xFFFF * i / 15; +@@ -1350,13 +1350,10 @@ static int dm_late_init(void *handle) + */ + params.min_abm_backlight = 0x28F; + +- /* todo will enable for navi10 */ +- if (adev->asic_type <= CHIP_RAVEN) { +- ret = dmcu_load_iram(dmcu, params); +- +- if (!ret) +- return -EINVAL; +- } ++ ret = dmcu_load_iram(dmcu, params); ++ ++ if (!ret) ++ return -EINVAL; + + return detect_mst_link_for_all_connectors(adev->ddev); + } diff --git a/queue-5.7/sample-trace-array-fix-sleeping-function-called-from-invalid-context.patch b/queue-5.7/sample-trace-array-fix-sleeping-function-called-from-invalid-context.patch new file mode 100644 index 00000000000..08afb8b0675 --- /dev/null +++ b/queue-5.7/sample-trace-array-fix-sleeping-function-called-from-invalid-context.patch @@ -0,0 +1,90 @@ +From e9b7b1c0c103a623be1a65c39f98719803440871 Mon Sep 17 00:00:00 2001 +From: Kefeng Wang +Date: Wed, 10 Jun 2020 01:12:44 +0000 +Subject: sample-trace-array: Fix sleeping function called from invalid context + +From: Kefeng Wang + +commit e9b7b1c0c103a623be1a65c39f98719803440871 upstream. + +BUG: sleeping function called from invalid context at kernel/locking/mutex.c:935 + in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 0, name: swapper/5 + 1 lock held by swapper/5/0: + #0: ffff80001002bd90 (samples/ftrace/sample-trace-array.c:38){+.-.}-{0:0}, at: call_timer_fn+0x8/0x3e0 + CPU: 5 PID: 0 Comm: swapper/5 Not tainted 5.7.0+ #8 + Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 + Call trace: + dump_backtrace+0x0/0x1a0 + show_stack+0x20/0x30 + dump_stack+0xe4/0x150 + ___might_sleep+0x160/0x200 + __might_sleep+0x58/0x90 + __mutex_lock+0x64/0x948 + mutex_lock_nested+0x3c/0x58 + __ftrace_set_clr_event+0x44/0x88 + trace_array_set_clr_event+0x24/0x38 + mytimer_handler+0x34/0x40 [sample_trace_array] + +mutex_lock() will be called in interrupt context, using workqueue to fix it. + +Link: https://lkml.kernel.org/r/20200610011244.2209486-1-wangkefeng.wang@huawei.com + +Cc: stable@vger.kernel.org +Fixes: 89ed42495ef4 ("tracing: Sample module to demonstrate kernel access to Ftrace instances.") +Reviewed-by: Divya Indi +Signed-off-by: Kefeng Wang +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Greg Kroah-Hartman + +--- + samples/ftrace/sample-trace-array.c | 18 +++++++++++++----- + 1 file changed, 13 insertions(+), 5 deletions(-) + +--- a/samples/ftrace/sample-trace-array.c ++++ b/samples/ftrace/sample-trace-array.c +@@ -6,6 +6,7 @@ + #include + #include + #include ++#include + + /* + * Any file that uses trace points, must include the header. +@@ -20,6 +21,16 @@ struct trace_array *tr; + static void mytimer_handler(struct timer_list *unused); + static struct task_struct *simple_tsk; + ++static void trace_work_fn(struct work_struct *work) ++{ ++ /* ++ * Disable tracing for event "sample_event". ++ */ ++ trace_array_set_clr_event(tr, "sample-subsystem", "sample_event", ++ false); ++} ++static DECLARE_WORK(trace_work, trace_work_fn); ++ + /* + * mytimer: Timer setup to disable tracing for event "sample_event". This + * timer is only for the purposes of the sample module to demonstrate access of +@@ -29,11 +40,7 @@ static DEFINE_TIMER(mytimer, mytimer_han + + static void mytimer_handler(struct timer_list *unused) + { +- /* +- * Disable tracing for event "sample_event". +- */ +- trace_array_set_clr_event(tr, "sample-subsystem", "sample_event", +- false); ++ schedule_work(&trace_work); + } + + static void simple_thread_func(int count) +@@ -76,6 +83,7 @@ static int simple_thread(void *arg) + simple_thread_func(count++); + + del_timer(&mytimer); ++ cancel_work_sync(&trace_work); + + /* + * trace_array_put() decrements the reference counter associated with diff --git a/queue-5.7/sample-trace-array-remove-trace_array-sample-instance.patch b/queue-5.7/sample-trace-array-remove-trace_array-sample-instance.patch new file mode 100644 index 00000000000..dac8c6a5646 --- /dev/null +++ b/queue-5.7/sample-trace-array-remove-trace_array-sample-instance.patch @@ -0,0 +1,41 @@ +From 9fbc01cdba66e988122ccdc6094cfd85d9587769 Mon Sep 17 00:00:00 2001 +From: Kefeng Wang +Date: Tue, 9 Jun 2020 13:52:00 +0000 +Subject: sample-trace-array: Remove trace_array 'sample-instance' + +From: Kefeng Wang + +commit 9fbc01cdba66e988122ccdc6094cfd85d9587769 upstream. + +Remove trace_array 'sample-instance' if kthread_run fails +in sample_trace_array_init(). + +Link: https://lkml.kernel.org/r/20200609135200.2206726-1-wangkefeng.wang@huawei.com + +Cc: stable@vger.kernel.org +Fixes: 89ed42495ef4a ("tracing: Sample module to demonstrate kernel access to Ftrace instances.") +Reviewed-by: Divya Indi +Signed-off-by: Kefeng Wang +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Greg Kroah-Hartman + +--- + samples/ftrace/sample-trace-array.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/samples/ftrace/sample-trace-array.c ++++ b/samples/ftrace/sample-trace-array.c +@@ -107,8 +107,12 @@ static int __init sample_trace_array_ini + trace_printk_init_buffers(); + + simple_tsk = kthread_run(simple_thread, NULL, "sample-instance"); +- if (IS_ERR(simple_tsk)) ++ if (IS_ERR(simple_tsk)) { ++ trace_array_put(tr); ++ trace_array_destroy(tr); + return -1; ++ } ++ + return 0; + } + diff --git a/queue-5.7/series b/queue-5.7/series index 1bba4235d83..9227af955d0 100644 --- a/queue-5.7/series +++ b/queue-5.7/series @@ -455,3 +455,22 @@ drm-i915-gt-move-snb-gt-workarounds-from-init_clock_gating-to-workarounds.patch drm-i915-gt-move-ilk-gt-workarounds-from-init_clock_gating-to-workarounds.patch drm-i915-gt-move-vlv-gt-workarounds-from-init_clock_gating-to-workarounds.patch drm-i915-gt-move-gen4-gt-workarounds-from-init_clock_gating-to-workarounds.patch +revert-drm-amd-display-disable-dcn20-abm-feature-for-bring-up.patch +drm-i915-tgl-make-wa_14010229206-permanent.patch +crypto-algif_skcipher-cap-recv-sg-list-at-ctx-used.patch +crypto-algboss-don-t-wait-during-notifier-callback.patch +tracing-make-ftrace-packed-events-have-align-of-1.patch +tracing-probe-fix-memleak-in-fetch_op_data-operations.patch +proc-bootconfig-fix-to-use-correct-quotes-for-value.patch +tools-bootconfig-fix-to-use-correct-quotes-for-value.patch +tools-bootconfig-fix-to-return-0-if-succeeded-to-show-the-bootconfig.patch +sample-trace-array-remove-trace_array-sample-instance.patch +sample-trace-array-fix-sleeping-function-called-from-invalid-context.patch +netfilter-nft_set_rbtree-don-t-account-for-expired-elements-on-insertion.patch +netfilter-nft_set_pipapo-disable-preemption-before-getting-per-cpu-pointer.patch +kprobes-fix-to-protect-kick_kprobe_optimizer-by-kprobe_mutex.patch +kretprobe-prevent-triggering-kretprobe-from-within-kprobe_flush_task.patch +powerpc-64s-fix-kvm-interrupt-using-wrong-save-area.patch +e1000e-do-not-wake-up-the-system-via-wol-if-device-wakeup-is-disabled.patch +net-octeon-mgmt-repair-filling-of-rx-ring.patch +net-core-device_rename-use-rwsem-instead-of-a-seqcount.patch diff --git a/queue-5.7/tools-bootconfig-fix-to-return-0-if-succeeded-to-show-the-bootconfig.patch b/queue-5.7/tools-bootconfig-fix-to-return-0-if-succeeded-to-show-the-bootconfig.patch new file mode 100644 index 00000000000..2d90c60993c --- /dev/null +++ b/queue-5.7/tools-bootconfig-fix-to-return-0-if-succeeded-to-show-the-bootconfig.patch @@ -0,0 +1,45 @@ +From f91cb5b7476a603068eae31e5b2cc170dd2b9b1b Mon Sep 17 00:00:00 2001 +From: Masami Hiramatsu +Date: Tue, 16 Jun 2020 19:14:25 +0900 +Subject: tools/bootconfig: Fix to return 0 if succeeded to show the bootconfig + +From: Masami Hiramatsu + +commit f91cb5b7476a603068eae31e5b2cc170dd2b9b1b upstream. + +Fix bootconfig to return 0 if succeeded to show the bootconfig +in initrd. Without this fix, "bootconfig INITRD" command +returns !0 even if the command succeeded to show the bootconfig. + +Link: http://lkml.kernel.org/r/159230246566.65555.11891772258543514487.stgit@devnote2 + +Cc: stable@vger.kernel.org +Fixes: 950313ebf79c ("tools: bootconfig: Add bootconfig command") +Signed-off-by: Masami Hiramatsu +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Greg Kroah-Hartman + +--- + tools/bootconfig/main.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +--- a/tools/bootconfig/main.c ++++ b/tools/bootconfig/main.c +@@ -207,11 +207,13 @@ int show_xbc(const char *path) + } + + ret = load_xbc_from_initrd(fd, &buf); +- if (ret < 0) ++ if (ret < 0) { + pr_err("Failed to load a boot config from initrd: %d\n", ret); +- else +- xbc_show_compact_tree(); +- ++ goto out; ++ } ++ xbc_show_compact_tree(); ++ ret = 0; ++out: + close(fd); + free(buf); + diff --git a/queue-5.7/tools-bootconfig-fix-to-use-correct-quotes-for-value.patch b/queue-5.7/tools-bootconfig-fix-to-use-correct-quotes-for-value.patch new file mode 100644 index 00000000000..4223c1a441d --- /dev/null +++ b/queue-5.7/tools-bootconfig-fix-to-use-correct-quotes-for-value.patch @@ -0,0 +1,62 @@ +From 272da3279df191f028fd63d1683e5ecd56fcb13b Mon Sep 17 00:00:00 2001 +From: Masami Hiramatsu +Date: Tue, 16 Jun 2020 19:14:17 +0900 +Subject: tools/bootconfig: Fix to use correct quotes for value + +From: Masami Hiramatsu + +commit 272da3279df191f028fd63d1683e5ecd56fcb13b upstream. + +Fix bootconfig tool to select double or single quotes +correctly according to the value. + +If a bootconfig value includes a double quote character, +we must use single-quotes to quote that value. + +Link: http://lkml.kernel.org/r/159230245697.65555.12444299015852932304.stgit@devnote2 + +Cc: stable@vger.kernel.org +Fixes: 950313ebf79c ("tools: bootconfig: Add bootconfig command") +Signed-off-by: Masami Hiramatsu +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Greg Kroah-Hartman + +--- + tools/bootconfig/main.c | 14 ++++++++------ + 1 file changed, 8 insertions(+), 6 deletions(-) + +--- a/tools/bootconfig/main.c ++++ b/tools/bootconfig/main.c +@@ -14,13 +14,18 @@ + #include + #include + +-static int xbc_show_array(struct xbc_node *node) ++static int xbc_show_value(struct xbc_node *node) + { + const char *val; ++ char q; + int i = 0; + + xbc_array_for_each_value(node, val) { +- printf("\"%s\"%s", val, node->next ? ", " : ";\n"); ++ if (strchr(val, '"')) ++ q = '\''; ++ else ++ q = '"'; ++ printf("%c%s%c%s", q, val, q, node->next ? ", " : ";\n"); + i++; + } + return i; +@@ -48,10 +53,7 @@ static void xbc_show_compact_tree(void) + continue; + } else if (cnode && xbc_node_is_value(cnode)) { + printf("%s = ", xbc_node_get_data(node)); +- if (cnode->next) +- xbc_show_array(cnode); +- else +- printf("\"%s\";\n", xbc_node_get_data(cnode)); ++ xbc_show_value(cnode); + } else { + printf("%s;\n", xbc_node_get_data(node)); + } diff --git a/queue-5.7/tracing-make-ftrace-packed-events-have-align-of-1.patch b/queue-5.7/tracing-make-ftrace-packed-events-have-align-of-1.patch new file mode 100644 index 00000000000..286893bbbbc --- /dev/null +++ b/queue-5.7/tracing-make-ftrace-packed-events-have-align-of-1.patch @@ -0,0 +1,154 @@ +From 4649079b9de1ad86be9f4c989373adb8235a8485 Mon Sep 17 00:00:00 2001 +From: "Steven Rostedt (VMware)" +Date: Tue, 9 Jun 2020 22:00:41 -0400 +Subject: tracing: Make ftrace packed events have align of 1 + +From: Steven Rostedt (VMware) + +commit 4649079b9de1ad86be9f4c989373adb8235a8485 upstream. + +When using trace-cmd on 5.6-rt for the function graph tracer, the output was +corrupted. It gave output like this: + + funcgraph_entry: func=0xffffffff depth=38982 + funcgraph_entry: func=0x1ffffffff depth=16044 + funcgraph_exit: func=0xffffffff overrun=0x92539aaf00000000 calltime=0x92539c9900000072 rettime=0x100000072 depth=11084 + funcgraph_exit: func=0xffffffff overrun=0x9253946e00000000 calltime=0x92539e2100000072 rettime=0x72 depth=26033702 + funcgraph_entry: func=0xffffffff depth=85798 + funcgraph_entry: func=0x1ffffffff depth=12044 + +The reason was because the tracefs/events/ftrace/funcgraph_entry/exit format +file was incorrect. The -rt kernel adds more common fields to the trace +events. Namely, common_migrate_disable and common_preempt_lazy_count. Each +is one byte in size. This changes the alignment of the normal payload. Most +events are aligned normally, but the function and function graph events are +defined with a "PACKED" macro, that packs their payload. As the offsets +displayed in the format files are now calculated by an aligned field, the +aligned field for function and function graph events should be 1, not their +normal alignment. + +With aligning of the funcgraph_entry event, the format file has: + + field:unsigned short common_type; offset:0; size:2; signed:0; + field:unsigned char common_flags; offset:2; size:1; signed:0; + field:unsigned char common_preempt_count; offset:3; size:1; signed:0; + field:int common_pid; offset:4; size:4; signed:1; + field:unsigned char common_migrate_disable; offset:8; size:1; signed:0; + field:unsigned char common_preempt_lazy_count; offset:9; size:1; signed:0; + + field:unsigned long func; offset:16; size:8; signed:0; + field:int depth; offset:24; size:4; signed:1; + +But the actual alignment is: + + field:unsigned short common_type; offset:0; size:2; signed:0; + field:unsigned char common_flags; offset:2; size:1; signed:0; + field:unsigned char common_preempt_count; offset:3; size:1; signed:0; + field:int common_pid; offset:4; size:4; signed:1; + field:unsigned char common_migrate_disable; offset:8; size:1; signed:0; + field:unsigned char common_preempt_lazy_count; offset:9; size:1; signed:0; + + field:unsigned long func; offset:12; size:8; signed:0; + field:int depth; offset:20; size:4; signed:1; + +Link: https://lkml.kernel.org/r/20200609220041.2a3b527f@oasis.local.home + +Cc: stable@vger.kernel.org +Fixes: 04ae87a52074e ("ftrace: Rework event_create_dir()") +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/trace/trace.h | 3 +++ + kernel/trace/trace_entries.h | 14 +++++++------- + kernel/trace/trace_export.c | 16 ++++++++++++++++ + 3 files changed, 26 insertions(+), 7 deletions(-) + +--- a/kernel/trace/trace.h ++++ b/kernel/trace/trace.h +@@ -61,6 +61,9 @@ enum trace_type { + #undef __field_desc + #define __field_desc(type, container, item) + ++#undef __field_packed ++#define __field_packed(type, container, item) ++ + #undef __array + #define __array(type, item, size) type item[size]; + +--- a/kernel/trace/trace_entries.h ++++ b/kernel/trace/trace_entries.h +@@ -78,8 +78,8 @@ FTRACE_ENTRY_PACKED(funcgraph_entry, ftr + + F_STRUCT( + __field_struct( struct ftrace_graph_ent, graph_ent ) +- __field_desc( unsigned long, graph_ent, func ) +- __field_desc( int, graph_ent, depth ) ++ __field_packed( unsigned long, graph_ent, func ) ++ __field_packed( int, graph_ent, depth ) + ), + + F_printk("--> %ps (%d)", (void *)__entry->func, __entry->depth) +@@ -92,11 +92,11 @@ FTRACE_ENTRY_PACKED(funcgraph_exit, ftra + + F_STRUCT( + __field_struct( struct ftrace_graph_ret, ret ) +- __field_desc( unsigned long, ret, func ) +- __field_desc( unsigned long, ret, overrun ) +- __field_desc( unsigned long long, ret, calltime) +- __field_desc( unsigned long long, ret, rettime ) +- __field_desc( int, ret, depth ) ++ __field_packed( unsigned long, ret, func ) ++ __field_packed( unsigned long, ret, overrun ) ++ __field_packed( unsigned long long, ret, calltime) ++ __field_packed( unsigned long long, ret, rettime ) ++ __field_packed( int, ret, depth ) + ), + + F_printk("<-- %ps (%d) (start: %llx end: %llx) over: %d", +--- a/kernel/trace/trace_export.c ++++ b/kernel/trace/trace_export.c +@@ -45,6 +45,9 @@ static int ftrace_event_register(struct + #undef __field_desc + #define __field_desc(type, container, item) type item; + ++#undef __field_packed ++#define __field_packed(type, container, item) type item; ++ + #undef __array + #define __array(type, item, size) type item[size]; + +@@ -85,6 +88,13 @@ static void __always_unused ____ftrace_c + .size = sizeof(_type), .align = __alignof__(_type), \ + is_signed_type(_type), .filter_type = _filter_type }, + ++ ++#undef __field_ext_packed ++#define __field_ext_packed(_type, _item, _filter_type) { \ ++ .type = #_type, .name = #_item, \ ++ .size = sizeof(_type), .align = 1, \ ++ is_signed_type(_type), .filter_type = _filter_type }, ++ + #undef __field + #define __field(_type, _item) __field_ext(_type, _item, FILTER_OTHER) + +@@ -94,6 +104,9 @@ static void __always_unused ____ftrace_c + #undef __field_desc + #define __field_desc(_type, _container, _item) __field_ext(_type, _item, FILTER_OTHER) + ++#undef __field_packed ++#define __field_packed(_type, _container, _item) __field_ext_packed(_type, _item, FILTER_OTHER) ++ + #undef __array + #define __array(_type, _item, _len) { \ + .type = #_type"["__stringify(_len)"]", .name = #_item, \ +@@ -129,6 +142,9 @@ static struct trace_event_fields ftrace_ + #undef __field_desc + #define __field_desc(type, container, item) + ++#undef __field_packed ++#define __field_packed(type, container, item) ++ + #undef __array + #define __array(type, item, len) + diff --git a/queue-5.7/tracing-probe-fix-memleak-in-fetch_op_data-operations.patch b/queue-5.7/tracing-probe-fix-memleak-in-fetch_op_data-operations.patch new file mode 100644 index 00000000000..b44590035d7 --- /dev/null +++ b/queue-5.7/tracing-probe-fix-memleak-in-fetch_op_data-operations.patch @@ -0,0 +1,59 @@ +From 3aa8fdc37d16735e8891035becf25b3857d3efe0 Mon Sep 17 00:00:00 2001 +From: Vamshi K Sthambamkadi +Date: Mon, 15 Jun 2020 20:00:38 +0530 +Subject: tracing/probe: Fix memleak in fetch_op_data operations + +From: Vamshi K Sthambamkadi + +commit 3aa8fdc37d16735e8891035becf25b3857d3efe0 upstream. + +kmemleak report: + [<57dcc2ca>] __kmalloc_track_caller+0x139/0x2b0 + [] kstrndup+0x37/0x80 + [] parse_probe_arg.isra.7+0x3cc/0x630 + [<055bf2ba>] traceprobe_parse_probe_arg+0x2f5/0x810 + [<655a7766>] trace_kprobe_create+0x2ca/0x950 + [<4fc6a02a>] create_or_delete_trace_kprobe+0xf/0x30 + [<6d1c8a52>] trace_run_command+0x67/0x80 + [] trace_parse_run_command+0xa7/0x140 + [] probes_write+0x10/0x20 + [<2027641c>] __vfs_write+0x30/0x1e0 + [<6a4aeee1>] vfs_write+0x96/0x1b0 + [<3517fb7d>] ksys_write+0x53/0xc0 + [] __ia32_sys_write+0x15/0x20 + [] do_syscall_32_irqs_on+0x3d/0x260 + [] do_fast_syscall_32+0x39/0xb0 + [] entry_SYSENTER_32+0xaf/0x102 + +Post parse_probe_arg(), the FETCH_OP_DATA operation type is overwritten +to FETCH_OP_ST_STRING, as a result memory is never freed since +traceprobe_free_probe_arg() iterates only over SYMBOL and DATA op types + +Setup fetch string operation correctly after fetch_op_data operation. + +Link: https://lkml.kernel.org/r/20200615143034.GA1734@cosmos + +Cc: stable@vger.kernel.org +Fixes: a42e3c4de964 ("tracing/probe: Add immediate string parameter support") +Acked-by: Masami Hiramatsu +Signed-off-by: Vamshi K Sthambamkadi +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/trace/trace_probe.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/kernel/trace/trace_probe.c ++++ b/kernel/trace/trace_probe.c +@@ -639,8 +639,8 @@ static int traceprobe_parse_probe_arg_bo + ret = -EINVAL; + goto fail; + } +- if ((code->op == FETCH_OP_IMM || code->op == FETCH_OP_COMM) || +- parg->count) { ++ if ((code->op == FETCH_OP_IMM || code->op == FETCH_OP_COMM || ++ code->op == FETCH_OP_DATA) || parg->count) { + /* + * IMM, DATA and COMM is pointing actual address, those + * must be kept, and if parg->count != 0, this is an -- 2.47.3