From 38b0126e871a43942f89c1bf89768ca774577709 Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Sat, 26 Aug 2023 09:50:19 -0400 Subject: [PATCH] Fixes for 4.14 Signed-off-by: Sasha Levin --- ...void-starting-unnecessary-workqueues.patch | 91 +++++++++++++ queue-4.14/series | 3 + ...ta-races-around-prot-memory_pressure.patch | 82 ++++++++++++ ...eak-due-to-race-between-current_trac.patch | 122 ++++++++++++++++++ 4 files changed, 298 insertions(+) create mode 100644 queue-4.14/igb-avoid-starting-unnecessary-workqueues.patch create mode 100644 queue-4.14/sock-annotate-data-races-around-prot-memory_pressure.patch create mode 100644 queue-4.14/tracing-fix-memleak-due-to-race-between-current_trac.patch diff --git a/queue-4.14/igb-avoid-starting-unnecessary-workqueues.patch b/queue-4.14/igb-avoid-starting-unnecessary-workqueues.patch new file mode 100644 index 00000000000..6f34b86500c --- /dev/null +++ b/queue-4.14/igb-avoid-starting-unnecessary-workqueues.patch @@ -0,0 +1,91 @@ +From a4444b62b6e03516f334232a522ce4e08e8451aa Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 21 Aug 2023 10:19:27 -0700 +Subject: igb: Avoid starting unnecessary workqueues + +From: Alessio Igor Bogani + +[ Upstream commit b888c510f7b3d64ca75fc0f43b4a4bd1a611312f ] + +If ptp_clock_register() fails or CONFIG_PTP isn't enabled, avoid starting +PTP related workqueues. + +In this way we can fix this: + BUG: unable to handle page fault for address: ffffc9000440b6f8 + #PF: supervisor read access in kernel mode + #PF: error_code(0x0000) - not-present page + PGD 100000067 P4D 100000067 PUD 1001e0067 PMD 107dc5067 PTE 0 + Oops: 0000 [#1] PREEMPT SMP + [...] + Workqueue: events igb_ptp_overflow_check + RIP: 0010:igb_rd32+0x1f/0x60 + [...] + Call Trace: + igb_ptp_read_82580+0x20/0x50 + timecounter_read+0x15/0x60 + igb_ptp_overflow_check+0x1a/0x50 + process_one_work+0x1cb/0x3c0 + worker_thread+0x53/0x3f0 + ? rescuer_thread+0x370/0x370 + kthread+0x142/0x160 + ? kthread_associate_blkcg+0xc0/0xc0 + ret_from_fork+0x1f/0x30 + +Fixes: 1f6e8178d685 ("igb: Prevent dropped Tx timestamps via work items and interrupts.") +Fixes: d339b1331616 ("igb: add PTP Hardware Clock code") +Signed-off-by: Alessio Igor Bogani +Tested-by: Arpana Arland (A Contingent worker at Intel) +Signed-off-by: Tony Nguyen +Reviewed-by: Simon Horman +Link: https://lore.kernel.org/r/20230821171927.2203644-1-anthony.l.nguyen@intel.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/intel/igb/igb_ptp.c | 24 ++++++++++++------------ + 1 file changed, 12 insertions(+), 12 deletions(-) + +diff --git a/drivers/net/ethernet/intel/igb/igb_ptp.c b/drivers/net/ethernet/intel/igb/igb_ptp.c +index 295d27f331042..179e1d74661d4 100644 +--- a/drivers/net/ethernet/intel/igb/igb_ptp.c ++++ b/drivers/net/ethernet/intel/igb/igb_ptp.c +@@ -1195,18 +1195,6 @@ void igb_ptp_init(struct igb_adapter *adapter) + return; + } + +- spin_lock_init(&adapter->tmreg_lock); +- INIT_WORK(&adapter->ptp_tx_work, igb_ptp_tx_work); +- +- if (adapter->ptp_flags & IGB_PTP_OVERFLOW_CHECK) +- INIT_DELAYED_WORK(&adapter->ptp_overflow_work, +- igb_ptp_overflow_check); +- +- adapter->tstamp_config.rx_filter = HWTSTAMP_FILTER_NONE; +- adapter->tstamp_config.tx_type = HWTSTAMP_TX_OFF; +- +- igb_ptp_reset(adapter); +- + adapter->ptp_clock = ptp_clock_register(&adapter->ptp_caps, + &adapter->pdev->dev); + if (IS_ERR(adapter->ptp_clock)) { +@@ -1216,6 +1204,18 @@ void igb_ptp_init(struct igb_adapter *adapter) + dev_info(&adapter->pdev->dev, "added PHC on %s\n", + adapter->netdev->name); + adapter->ptp_flags |= IGB_PTP_ENABLED; ++ ++ spin_lock_init(&adapter->tmreg_lock); ++ INIT_WORK(&adapter->ptp_tx_work, igb_ptp_tx_work); ++ ++ if (adapter->ptp_flags & IGB_PTP_OVERFLOW_CHECK) ++ INIT_DELAYED_WORK(&adapter->ptp_overflow_work, ++ igb_ptp_overflow_check); ++ ++ adapter->tstamp_config.rx_filter = HWTSTAMP_FILTER_NONE; ++ adapter->tstamp_config.tx_type = HWTSTAMP_TX_OFF; ++ ++ igb_ptp_reset(adapter); + } + } + +-- +2.40.1 + diff --git a/queue-4.14/series b/queue-4.14/series index 94a94ae4785..7931e178510 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -38,3 +38,6 @@ af_unix-fix-null-ptr-deref-in-unix_stream_sendpage.patch net-fix-the-rto-timer-retransmitting-skb-every-1ms-if-linear-option-is-enabled.patch net-xfrm-amend-xfrma_sec_ctx-nla_policy-structure.patch net-phy-broadcom-stub-c45-read-write-for-54810.patch +tracing-fix-memleak-due-to-race-between-current_trac.patch +sock-annotate-data-races-around-prot-memory_pressure.patch +igb-avoid-starting-unnecessary-workqueues.patch diff --git a/queue-4.14/sock-annotate-data-races-around-prot-memory_pressure.patch b/queue-4.14/sock-annotate-data-races-around-prot-memory_pressure.patch new file mode 100644 index 00000000000..0008c64a779 --- /dev/null +++ b/queue-4.14/sock-annotate-data-races-around-prot-memory_pressure.patch @@ -0,0 +1,82 @@ +From 3efd1e7b8cee513cedb9be461641dfc25ff16d01 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 18 Aug 2023 01:51:32 +0000 +Subject: sock: annotate data-races around prot->memory_pressure + +From: Eric Dumazet + +[ Upstream commit 76f33296d2e09f63118db78125c95ef56df438e9 ] + +*prot->memory_pressure is read/writen locklessly, we need +to add proper annotations. + +A recent commit added a new race, it is time to audit all accesses. + +Fixes: 2d0c88e84e48 ("sock: Fix misuse of sk_under_memory_pressure()") +Fixes: 4d93df0abd50 ("[SCTP]: Rewrite of sctp buffer management code") +Signed-off-by: Eric Dumazet +Cc: Abel Wu +Reviewed-by: Shakeel Butt +Link: https://lore.kernel.org/r/20230818015132.2699348-1-edumazet@google.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + include/net/sock.h | 7 ++++--- + net/sctp/socket.c | 2 +- + 2 files changed, 5 insertions(+), 4 deletions(-) + +diff --git a/include/net/sock.h b/include/net/sock.h +index 1937deba0849b..7b42ddca4decb 100644 +--- a/include/net/sock.h ++++ b/include/net/sock.h +@@ -1115,6 +1115,7 @@ struct proto { + /* + * Pressure flag: try to collapse. + * Technical note: it is used by multiple contexts non atomically. ++ * Make sure to use READ_ONCE()/WRITE_ONCE() for all reads/writes. + * All the __sk_mem_schedule() is of this nature: accounting + * is strict, actions are advisory and have some latency. + */ +@@ -1214,7 +1215,7 @@ static inline bool sk_has_memory_pressure(const struct sock *sk) + static inline bool sk_under_global_memory_pressure(const struct sock *sk) + { + return sk->sk_prot->memory_pressure && +- !!*sk->sk_prot->memory_pressure; ++ !!READ_ONCE(*sk->sk_prot->memory_pressure); + } + + static inline bool sk_under_memory_pressure(const struct sock *sk) +@@ -1226,7 +1227,7 @@ static inline bool sk_under_memory_pressure(const struct sock *sk) + mem_cgroup_under_socket_pressure(sk->sk_memcg)) + return true; + +- return !!*sk->sk_prot->memory_pressure; ++ return !!READ_ONCE(*sk->sk_prot->memory_pressure); + } + + static inline long +@@ -1280,7 +1281,7 @@ proto_memory_pressure(struct proto *prot) + { + if (!prot->memory_pressure) + return false; +- return !!*prot->memory_pressure; ++ return !!READ_ONCE(*prot->memory_pressure); + } + + +diff --git a/net/sctp/socket.c b/net/sctp/socket.c +index 9414dcb376d26..e5c3c37108e4e 100644 +--- a/net/sctp/socket.c ++++ b/net/sctp/socket.c +@@ -110,7 +110,7 @@ struct percpu_counter sctp_sockets_allocated; + + static void sctp_enter_memory_pressure(struct sock *sk) + { +- sctp_memory_pressure = 1; ++ WRITE_ONCE(sctp_memory_pressure, 1); + } + + +-- +2.40.1 + diff --git a/queue-4.14/tracing-fix-memleak-due-to-race-between-current_trac.patch b/queue-4.14/tracing-fix-memleak-due-to-race-between-current_trac.patch new file mode 100644 index 00000000000..26cb59e5642 --- /dev/null +++ b/queue-4.14/tracing-fix-memleak-due-to-race-between-current_trac.patch @@ -0,0 +1,122 @@ +From c3ec9f1a3a403530342b432ed7862cc260f5a665 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 17 Aug 2023 20:55:39 +0800 +Subject: tracing: Fix memleak due to race between current_tracer and trace + +From: Zheng Yejian + +[ Upstream commit eecb91b9f98d6427d4af5fdb8f108f52572a39e7 ] + +Kmemleak report a leak in graph_trace_open(): + + unreferenced object 0xffff0040b95f4a00 (size 128): + comm "cat", pid 204981, jiffies 4301155872 (age 99771.964s) + hex dump (first 32 bytes): + e0 05 e7 b4 ab 7d 00 00 0b 00 01 00 00 00 00 00 .....}.......... + f4 00 01 10 00 a0 ff ff 00 00 00 00 65 00 10 00 ............e... + backtrace: + [<000000005db27c8b>] kmem_cache_alloc_trace+0x348/0x5f0 + [<000000007df90faa>] graph_trace_open+0xb0/0x344 + [<00000000737524cd>] __tracing_open+0x450/0xb10 + [<0000000098043327>] tracing_open+0x1a0/0x2a0 + [<00000000291c3876>] do_dentry_open+0x3c0/0xdc0 + [<000000004015bcd6>] vfs_open+0x98/0xd0 + [<000000002b5f60c9>] do_open+0x520/0x8d0 + [<00000000376c7820>] path_openat+0x1c0/0x3e0 + [<00000000336a54b5>] do_filp_open+0x14c/0x324 + [<000000002802df13>] do_sys_openat2+0x2c4/0x530 + [<0000000094eea458>] __arm64_sys_openat+0x130/0x1c4 + [<00000000a71d7881>] el0_svc_common.constprop.0+0xfc/0x394 + [<00000000313647bf>] do_el0_svc+0xac/0xec + [<000000002ef1c651>] el0_svc+0x20/0x30 + [<000000002fd4692a>] el0_sync_handler+0xb0/0xb4 + [<000000000c309c35>] el0_sync+0x160/0x180 + +The root cause is descripted as follows: + + __tracing_open() { // 1. File 'trace' is being opened; + ... + *iter->trace = *tr->current_trace; // 2. Tracer 'function_graph' is + // currently set; + ... + iter->trace->open(iter); // 3. Call graph_trace_open() here, + // and memory are allocated in it; + ... + } + + s_start() { // 4. The opened file is being read; + ... + *iter->trace = *tr->current_trace; // 5. If tracer is switched to + // 'nop' or others, then memory + // in step 3 are leaked!!! + ... + } + +To fix it, in s_start(), close tracer before switching then reopen the +new tracer after switching. And some tracers like 'wakeup' may not update +'iter->private' in some cases when reopen, then it should be cleared +to avoid being mistakenly closed again. + +Link: https://lore.kernel.org/linux-trace-kernel/20230817125539.1646321-1-zhengyejian1@huawei.com + +Fixes: d7350c3f4569 ("tracing/core: make the read callbacks reentrants") +Signed-off-by: Zheng Yejian +Signed-off-by: Steven Rostedt (Google) +Signed-off-by: Sasha Levin +--- + kernel/trace/trace.c | 9 ++++++++- + kernel/trace/trace_irqsoff.c | 3 ++- + kernel/trace/trace_sched_wakeup.c | 2 ++ + 3 files changed, 12 insertions(+), 2 deletions(-) + +diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c +index f5d084b88228c..c851b6fe45b27 100644 +--- a/kernel/trace/trace.c ++++ b/kernel/trace/trace.c +@@ -3275,8 +3275,15 @@ static void *s_start(struct seq_file *m, loff_t *pos) + * will point to the same string as current_trace->name. + */ + mutex_lock(&trace_types_lock); +- if (unlikely(tr->current_trace && iter->trace->name != tr->current_trace->name)) ++ if (unlikely(tr->current_trace && iter->trace->name != tr->current_trace->name)) { ++ /* Close iter->trace before switching to the new current tracer */ ++ if (iter->trace->close) ++ iter->trace->close(iter); + *iter->trace = *tr->current_trace; ++ /* Reopen the new current tracer */ ++ if (iter->trace->open) ++ iter->trace->open(iter); ++ } + mutex_unlock(&trace_types_lock); + + #ifdef CONFIG_TRACER_MAX_TRACE +diff --git a/kernel/trace/trace_irqsoff.c b/kernel/trace/trace_irqsoff.c +index 2d9e12380dc3b..2e67aeb6aed37 100644 +--- a/kernel/trace/trace_irqsoff.c ++++ b/kernel/trace/trace_irqsoff.c +@@ -218,7 +218,8 @@ static void irqsoff_trace_open(struct trace_iterator *iter) + { + if (is_graph(iter->tr)) + graph_trace_open(iter); +- ++ else ++ iter->private = NULL; + } + + static void irqsoff_trace_close(struct trace_iterator *iter) +diff --git a/kernel/trace/trace_sched_wakeup.c b/kernel/trace/trace_sched_wakeup.c +index a5a4b56631630..ad458724bf960 100644 +--- a/kernel/trace/trace_sched_wakeup.c ++++ b/kernel/trace/trace_sched_wakeup.c +@@ -287,6 +287,8 @@ static void wakeup_trace_open(struct trace_iterator *iter) + { + if (is_graph(iter->tr)) + graph_trace_open(iter); ++ else ++ iter->private = NULL; + } + + static void wakeup_trace_close(struct trace_iterator *iter) +-- +2.40.1 + -- 2.47.3