From 83d0065763ff5ae2be60a854676ded72e614afd1 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 7 Nov 2022 16:35:13 +0100 Subject: [PATCH] 6.0-stable patches added patches: arm-dts-imx6dl-yapp4-do-not-allow-pm-to-switch-pu-regulator-off-on-q-qp.patch arm64-entry-avoid-kprobe-recursion.patch capabilities-fix-potential-memleak-on-error-path-from-vfs_getxattr_alloc.patch efi-efivars-fix-variable-writes-with-unsupported-query_variable_store.patch efi-random-reduce-seed-size-to-32-bytes.patch efi-random-use-acpi-reclaim-memory-for-random-seed.patch fprobe-check-rethook_alloc-return-in-rethook-initialization.patch fuse-add-file_modified-to-fallocate.patch fuse-fix-readdir-cache-race.patch kprobe-reverse-kp-flags-when-arm_kprobe-failed.patch net-also-flag-accepted-sockets-supporting-msghdr-originated-zerocopy.patch net-remove-sock_support_zc-from-sockmap.patch net-ulp-remove-sock_support_zc-from-tls-sockets.patch perf-x86-intel-add-cooper-lake-stepping-to-isolation_ucodes.patch perf-x86-intel-fix-pebs-event-constraints-for-icl.patch perf-x86-intel-fix-pebs-event-constraints-for-spr.patch ring-buffer-check-for-null-cpu_buffer-in-ring_buffer_wake_waiters.patch selftests-landlock-build-without-static-libraries.patch tools-nolibc-string-fix-memcmp-implementation.patch tracing-fprobe-fix-to-check-whether-fprobe-is-registered-correctly.patch tracing-histogram-update-document-for-keys_max-size.patch tracing-kprobe-fix-memory-leak-in-test_gen_kprobe-kretprobe_cmd.patch --- ...m-to-switch-pu-regulator-off-on-q-qp.patch | 65 ++++++++ .../arm64-entry-avoid-kprobe-recursion.patch | 129 +++++++++++++++ ...n-error-path-from-vfs_getxattr_alloc.patch | 51 ++++++ ...ith-unsupported-query_variable_store.patch | 149 ++++++++++++++++++ ...-random-reduce-seed-size-to-32-bytes.patch | 50 ++++++ ...-acpi-reclaim-memory-for-random-seed.patch | 59 +++++++ ...loc-return-in-rethook-initialization.patch | 37 +++++ .../fuse-add-file_modified-to-fallocate.patch | 33 ++++ queue-6.0/fuse-fix-readdir-cache-race.patch | 60 +++++++ ...erse-kp-flags-when-arm_kprobe-failed.patch | 41 +++++ ...upporting-msghdr-originated-zerocopy.patch | 37 +++++ ...-remove-sock_support_zc-from-sockmap.patch | 112 +++++++++++++ ...ove-sock_support_zc-from-tls-sockets.patch | 40 +++++ ...er-lake-stepping-to-isolation_ucodes.patch | 35 ++++ ...l-fix-pebs-event-constraints-for-icl.patch | 41 +++++ ...l-fix-pebs-event-constraints-for-spr.patch | 40 +++++ ...u_buffer-in-ring_buffer_wake_waiters.patch | 70 ++++++++ ...dlock-build-without-static-libraries.patch | 60 +++++++ queue-6.0/series | 22 +++ ...ibc-string-fix-memcmp-implementation.patch | 45 ++++++ ...ether-fprobe-is-registered-correctly.patch | 41 +++++ ...am-update-document-for-keys_max-size.patch | 33 ++++ ...eak-in-test_gen_kprobe-kretprobe_cmd.patch | 114 ++++++++++++++ 23 files changed, 1364 insertions(+) create mode 100644 queue-6.0/arm-dts-imx6dl-yapp4-do-not-allow-pm-to-switch-pu-regulator-off-on-q-qp.patch create mode 100644 queue-6.0/arm64-entry-avoid-kprobe-recursion.patch create mode 100644 queue-6.0/capabilities-fix-potential-memleak-on-error-path-from-vfs_getxattr_alloc.patch create mode 100644 queue-6.0/efi-efivars-fix-variable-writes-with-unsupported-query_variable_store.patch create mode 100644 queue-6.0/efi-random-reduce-seed-size-to-32-bytes.patch create mode 100644 queue-6.0/efi-random-use-acpi-reclaim-memory-for-random-seed.patch create mode 100644 queue-6.0/fprobe-check-rethook_alloc-return-in-rethook-initialization.patch create mode 100644 queue-6.0/fuse-add-file_modified-to-fallocate.patch create mode 100644 queue-6.0/fuse-fix-readdir-cache-race.patch create mode 100644 queue-6.0/kprobe-reverse-kp-flags-when-arm_kprobe-failed.patch create mode 100644 queue-6.0/net-also-flag-accepted-sockets-supporting-msghdr-originated-zerocopy.patch create mode 100644 queue-6.0/net-remove-sock_support_zc-from-sockmap.patch create mode 100644 queue-6.0/net-ulp-remove-sock_support_zc-from-tls-sockets.patch create mode 100644 queue-6.0/perf-x86-intel-add-cooper-lake-stepping-to-isolation_ucodes.patch create mode 100644 queue-6.0/perf-x86-intel-fix-pebs-event-constraints-for-icl.patch create mode 100644 queue-6.0/perf-x86-intel-fix-pebs-event-constraints-for-spr.patch create mode 100644 queue-6.0/ring-buffer-check-for-null-cpu_buffer-in-ring_buffer_wake_waiters.patch create mode 100644 queue-6.0/selftests-landlock-build-without-static-libraries.patch create mode 100644 queue-6.0/tools-nolibc-string-fix-memcmp-implementation.patch create mode 100644 queue-6.0/tracing-fprobe-fix-to-check-whether-fprobe-is-registered-correctly.patch create mode 100644 queue-6.0/tracing-histogram-update-document-for-keys_max-size.patch create mode 100644 queue-6.0/tracing-kprobe-fix-memory-leak-in-test_gen_kprobe-kretprobe_cmd.patch diff --git a/queue-6.0/arm-dts-imx6dl-yapp4-do-not-allow-pm-to-switch-pu-regulator-off-on-q-qp.patch b/queue-6.0/arm-dts-imx6dl-yapp4-do-not-allow-pm-to-switch-pu-regulator-off-on-q-qp.patch new file mode 100644 index 00000000000..5097b23b68c --- /dev/null +++ b/queue-6.0/arm-dts-imx6dl-yapp4-do-not-allow-pm-to-switch-pu-regulator-off-on-q-qp.patch @@ -0,0 +1,65 @@ +From 5e67d47d0b010f0704aca469d6d27637b1dcb2ce Mon Sep 17 00:00:00 2001 +From: Petr Benes +Date: Tue, 4 Oct 2022 17:39:20 +0200 +Subject: ARM: dts: imx6dl-yapp4: Do not allow PM to switch PU regulator off on Q/QP +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Petr Benes + +commit 5e67d47d0b010f0704aca469d6d27637b1dcb2ce upstream. + +Fix our design flaw in supply voltage distribution on the Quad and QuadPlus +based boards. + +The problem is that we supply the SoC cache (VDD_CACHE_CAP) from VDD_PU +instead of VDD_SOC. The VDD_PU internal regulator can be disabled by PM +if VPU or GPU is not used. If that happens the system freezes. To prevent +that configure the reg_pu regulator to be always on. + +Fixes: 0de4ab81ab26 ("ARM: dts: imx6dl-yapp4: Add Y Soft IOTA Crux/Crux+ board") +Cc: petrben@gmail.com +Cc: stable@vger.kernel.org +Signed-off-by: Petr Benes +Signed-off-by: Michal Vokáč +Signed-off-by: Shawn Guo +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm/boot/dts/imx6q-yapp4-crux.dts | 4 ++++ + arch/arm/boot/dts/imx6qp-yapp4-crux-plus.dts | 4 ++++ + 2 files changed, 8 insertions(+) + +diff --git a/arch/arm/boot/dts/imx6q-yapp4-crux.dts b/arch/arm/boot/dts/imx6q-yapp4-crux.dts +index 15f4824a5142..bddf3822ebf7 100644 +--- a/arch/arm/boot/dts/imx6q-yapp4-crux.dts ++++ b/arch/arm/boot/dts/imx6q-yapp4-crux.dts +@@ -33,6 +33,10 @@ &oled_1309 { + status = "okay"; + }; + ++®_pu { ++ regulator-always-on; ++}; ++ + ®_usb_h1_vbus { + status = "okay"; + }; +diff --git a/arch/arm/boot/dts/imx6qp-yapp4-crux-plus.dts b/arch/arm/boot/dts/imx6qp-yapp4-crux-plus.dts +index cea165f2161a..afaf4a6759d4 100644 +--- a/arch/arm/boot/dts/imx6qp-yapp4-crux-plus.dts ++++ b/arch/arm/boot/dts/imx6qp-yapp4-crux-plus.dts +@@ -33,6 +33,10 @@ &oled_1309 { + status = "okay"; + }; + ++®_pu { ++ regulator-always-on; ++}; ++ + ®_usb_h1_vbus { + status = "okay"; + }; +-- +2.38.1 + diff --git a/queue-6.0/arm64-entry-avoid-kprobe-recursion.patch b/queue-6.0/arm64-entry-avoid-kprobe-recursion.patch new file mode 100644 index 00000000000..40436d1d954 --- /dev/null +++ b/queue-6.0/arm64-entry-avoid-kprobe-recursion.patch @@ -0,0 +1,129 @@ +From 024f4b2e1f874934943eb2d3d288ebc52c79f55c Mon Sep 17 00:00:00 2001 +From: Mark Rutland +Date: Mon, 17 Oct 2022 10:01:57 +0100 +Subject: arm64: entry: avoid kprobe recursion + +From: Mark Rutland + +commit 024f4b2e1f874934943eb2d3d288ebc52c79f55c upstream. + +The cortex_a76_erratum_1463225_debug_handler() function is called when +handling debug exceptions (and synchronous exceptions from BRK +instructions), and so is called when a probed function executes. If the +compiler does not inline cortex_a76_erratum_1463225_debug_handler(), it +can be probed. + +If cortex_a76_erratum_1463225_debug_handler() is probed, any debug +exception or software breakpoint exception will result in recursive +exceptions leading to a stack overflow. This can be triggered with the +ftrace multiple_probes selftest, and as per the example splat below. + +This is a regression caused by commit: + + 6459b8469753e9fe ("arm64: entry: consolidate Cortex-A76 erratum 1463225 workaround") + +... which removed the NOKPROBE_SYMBOL() annotation associated with the +function. + +My intent was that cortex_a76_erratum_1463225_debug_handler() would be +inlined into its caller, el1_dbg(), which is marked noinstr and cannot +be probed. Mark cortex_a76_erratum_1463225_debug_handler() as +__always_inline to ensure this. + +Example splat prior to this patch (with recursive entries elided): + +| # echo p cortex_a76_erratum_1463225_debug_handler > /sys/kernel/debug/tracing/kprobe_events +| # echo p do_el0_svc >> /sys/kernel/debug/tracing/kprobe_events +| # echo 1 > /sys/kernel/debug/tracing/events/kprobes/enable +| Insufficient stack space to handle exception! +| ESR: 0x0000000096000047 -- DABT (current EL) +| FAR: 0xffff800009cefff0 +| Task stack: [0xffff800009cf0000..0xffff800009cf4000] +| IRQ stack: [0xffff800008000000..0xffff800008004000] +| Overflow stack: [0xffff00007fbc00f0..0xffff00007fbc10f0] +| CPU: 0 PID: 145 Comm: sh Not tainted 6.0.0 #2 +| Hardware name: linux,dummy-virt (DT) +| pstate: 604003c5 (nZCv DAIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) +| pc : arm64_enter_el1_dbg+0x4/0x20 +| lr : el1_dbg+0x24/0x5c +| sp : ffff800009cf0000 +| x29: ffff800009cf0000 x28: ffff000002c74740 x27: 0000000000000000 +| x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000 +| x23: 00000000604003c5 x22: ffff80000801745c x21: 0000aaaac95ac068 +| x20: 00000000f2000004 x19: ffff800009cf0040 x18: 0000000000000000 +| x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 +| x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 +| x11: 0000000000000010 x10: ffff800008c87190 x9 : ffff800008ca00d0 +| x8 : 000000000000003c x7 : 0000000000000000 x6 : 0000000000000000 +| x5 : 0000000000000000 x4 : 0000000000000000 x3 : 00000000000043a4 +| x2 : 00000000f2000004 x1 : 00000000f2000004 x0 : ffff800009cf0040 +| Kernel panic - not syncing: kernel stack overflow +| CPU: 0 PID: 145 Comm: sh Not tainted 6.0.0 #2 +| Hardware name: linux,dummy-virt (DT) +| Call trace: +| dump_backtrace+0xe4/0x104 +| show_stack+0x18/0x4c +| dump_stack_lvl+0x64/0x7c +| dump_stack+0x18/0x38 +| panic+0x14c/0x338 +| test_taint+0x0/0x2c +| panic_bad_stack+0x104/0x118 +| handle_bad_stack+0x34/0x48 +| __bad_stack+0x78/0x7c +| arm64_enter_el1_dbg+0x4/0x20 +| el1h_64_sync_handler+0x40/0x98 +| el1h_64_sync+0x64/0x68 +| cortex_a76_erratum_1463225_debug_handler+0x0/0x34 +... +| el1h_64_sync_handler+0x40/0x98 +| el1h_64_sync+0x64/0x68 +| cortex_a76_erratum_1463225_debug_handler+0x0/0x34 +... +| el1h_64_sync_handler+0x40/0x98 +| el1h_64_sync+0x64/0x68 +| cortex_a76_erratum_1463225_debug_handler+0x0/0x34 +| el1h_64_sync_handler+0x40/0x98 +| el1h_64_sync+0x64/0x68 +| do_el0_svc+0x0/0x28 +| el0t_64_sync_handler+0x84/0xf0 +| el0t_64_sync+0x18c/0x190 +| Kernel Offset: disabled +| CPU features: 0x0080,00005021,19001080 +| Memory Limit: none +| ---[ end Kernel panic - not syncing: kernel stack overflow ]--- + +With this patch, cortex_a76_erratum_1463225_debug_handler() is inlined +into el1_dbg(), and el1_dbg() cannot be probed: + +| # echo p cortex_a76_erratum_1463225_debug_handler > /sys/kernel/debug/tracing/kprobe_events +| sh: write error: No such file or directory +| # grep -w cortex_a76_erratum_1463225_debug_handler /proc/kallsyms | wc -l +| 0 +| # echo p el1_dbg > /sys/kernel/debug/tracing/kprobe_events +| sh: write error: Invalid argument +| # grep -w el1_dbg /proc/kallsyms | wc -l +| 1 + +Fixes: 6459b8469753 ("arm64: entry: consolidate Cortex-A76 erratum 1463225 workaround") +Cc: # 5.12.x +Signed-off-by: Mark Rutland +Cc: Will Deacon +Link: https://lore.kernel.org/r/20221017090157.2881408-1-mark.rutland@arm.com +Signed-off-by: Catalin Marinas +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm64/kernel/entry-common.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/arch/arm64/kernel/entry-common.c ++++ b/arch/arm64/kernel/entry-common.c +@@ -329,7 +329,8 @@ static void cortex_a76_erratum_1463225_s + __this_cpu_write(__in_cortex_a76_erratum_1463225_wa, 0); + } + +-static bool cortex_a76_erratum_1463225_debug_handler(struct pt_regs *regs) ++static __always_inline bool ++cortex_a76_erratum_1463225_debug_handler(struct pt_regs *regs) + { + if (!__this_cpu_read(__in_cortex_a76_erratum_1463225_wa)) + return false; diff --git a/queue-6.0/capabilities-fix-potential-memleak-on-error-path-from-vfs_getxattr_alloc.patch b/queue-6.0/capabilities-fix-potential-memleak-on-error-path-from-vfs_getxattr_alloc.patch new file mode 100644 index 00000000000..9066aec2c36 --- /dev/null +++ b/queue-6.0/capabilities-fix-potential-memleak-on-error-path-from-vfs_getxattr_alloc.patch @@ -0,0 +1,51 @@ +From 8cf0a1bc12870d148ae830a4ba88cfdf0e879cee Mon Sep 17 00:00:00 2001 +From: Gaosheng Cui +Date: Tue, 25 Oct 2022 21:33:57 +0800 +Subject: capabilities: fix potential memleak on error path from vfs_getxattr_alloc() + +From: Gaosheng Cui + +commit 8cf0a1bc12870d148ae830a4ba88cfdf0e879cee upstream. + +In cap_inode_getsecurity(), we will use vfs_getxattr_alloc() to +complete the memory allocation of tmpbuf, if we have completed +the memory allocation of tmpbuf, but failed to call handler->get(...), +there will be a memleak in below logic: + + |-- ret = (int)vfs_getxattr_alloc(mnt_userns, ...) + | /* ^^^ alloc for tmpbuf */ + |-- value = krealloc(*xattr_value, error + 1, flags) + | /* ^^^ alloc memory */ + |-- error = handler->get(handler, ...) + | /* error! */ + |-- *xattr_value = value + | /* xattr_value is &tmpbuf (memory leak!) */ + +So we will try to free(tmpbuf) after vfs_getxattr_alloc() fails to fix it. + +Cc: stable@vger.kernel.org +Fixes: 8db6c34f1dbc ("Introduce v3 namespaced file capabilities") +Signed-off-by: Gaosheng Cui +Acked-by: Serge Hallyn +[PM: subject line and backtrace tweaks] +Signed-off-by: Paul Moore +Signed-off-by: Greg Kroah-Hartman +--- + security/commoncap.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/security/commoncap.c ++++ b/security/commoncap.c +@@ -401,8 +401,10 @@ int cap_inode_getsecurity(struct user_na + &tmpbuf, size, GFP_NOFS); + dput(dentry); + +- if (ret < 0 || !tmpbuf) +- return ret; ++ if (ret < 0 || !tmpbuf) { ++ size = ret; ++ goto out_free; ++ } + + fs_ns = inode->i_sb->s_user_ns; + cap = (struct vfs_cap_data *) tmpbuf; diff --git a/queue-6.0/efi-efivars-fix-variable-writes-with-unsupported-query_variable_store.patch b/queue-6.0/efi-efivars-fix-variable-writes-with-unsupported-query_variable_store.patch new file mode 100644 index 00000000000..4a43c5be390 --- /dev/null +++ b/queue-6.0/efi-efivars-fix-variable-writes-with-unsupported-query_variable_store.patch @@ -0,0 +1,149 @@ +From f11a74b45d330ad1ab986852b099747161052526 Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Thu, 27 Oct 2022 15:52:31 +0200 +Subject: efi: efivars: Fix variable writes with unsupported query_variable_store() + +From: Ard Biesheuvel + +commit f11a74b45d330ad1ab986852b099747161052526 upstream. + +Commit 8a254d90a775 ("efi: efivars: Fix variable writes without +query_variable_store()") addressed an issue that was introduced during +the EFI variable store refactor, where alternative implementations of +the efivars layer that lacked query_variable_store() would no longer +work. + +Unfortunately, there is another case to consider here, which was missed: +if the efivars layer is backed by the EFI runtime services as usual, but +the EFI implementation predates the introduction of QueryVariableInfo(), +we will return EFI_UNSUPPORTED, and this is no longer being dealt with +correctly. + +So let's fix this, and while at it, clean up the code a bit, by merging +the check_var_size() routines as well as their callers. + +Cc: # v6.0 +Fixes: bbc6d2c6ef22 ("efi: vars: Switch to new wrapper layer") +Signed-off-by: Ard Biesheuvel +Tested-by: Aditya Garg +Signed-off-by: Greg Kroah-Hartman +--- + drivers/firmware/efi/vars.c | 68 +++++++++++-------------------------- + 1 file changed, 20 insertions(+), 48 deletions(-) + +diff --git a/drivers/firmware/efi/vars.c b/drivers/firmware/efi/vars.c +index 433b61587139..0ba9f18312f5 100644 +--- a/drivers/firmware/efi/vars.c ++++ b/drivers/firmware/efi/vars.c +@@ -21,29 +21,22 @@ static struct efivars *__efivars; + + static DEFINE_SEMAPHORE(efivars_lock); + +-static efi_status_t check_var_size(u32 attributes, unsigned long size) +-{ +- const struct efivar_operations *fops; +- +- fops = __efivars->ops; +- +- if (!fops->query_variable_store) +- return (size <= SZ_64K) ? EFI_SUCCESS : EFI_OUT_OF_RESOURCES; +- +- return fops->query_variable_store(attributes, size, false); +-} +- +-static +-efi_status_t check_var_size_nonblocking(u32 attributes, unsigned long size) ++static efi_status_t check_var_size(bool nonblocking, u32 attributes, ++ unsigned long size) + { + const struct efivar_operations *fops; ++ efi_status_t status; + + fops = __efivars->ops; + + if (!fops->query_variable_store) ++ status = EFI_UNSUPPORTED; ++ else ++ status = fops->query_variable_store(attributes, size, ++ nonblocking); ++ if (status == EFI_UNSUPPORTED) + return (size <= SZ_64K) ? EFI_SUCCESS : EFI_OUT_OF_RESOURCES; +- +- return fops->query_variable_store(attributes, size, true); ++ return status; + } + + /** +@@ -195,26 +188,6 @@ efi_status_t efivar_get_next_variable(unsigned long *name_size, + } + EXPORT_SYMBOL_NS_GPL(efivar_get_next_variable, EFIVAR); + +-/* +- * efivar_set_variable_blocking() - local helper function for set_variable +- * +- * Must be called with efivars_lock held. +- */ +-static efi_status_t +-efivar_set_variable_blocking(efi_char16_t *name, efi_guid_t *vendor, +- u32 attr, unsigned long data_size, void *data) +-{ +- efi_status_t status; +- +- if (data_size > 0) { +- status = check_var_size(attr, data_size + +- ucs2_strsize(name, 1024)); +- if (status != EFI_SUCCESS) +- return status; +- } +- return __efivars->ops->set_variable(name, vendor, attr, data_size, data); +-} +- + /* + * efivar_set_variable_locked() - set a variable identified by name/vendor + * +@@ -228,23 +201,21 @@ efi_status_t efivar_set_variable_locked(efi_char16_t *name, efi_guid_t *vendor, + efi_set_variable_t *setvar; + efi_status_t status; + +- if (!nonblocking) +- return efivar_set_variable_blocking(name, vendor, attr, +- data_size, data); ++ if (data_size > 0) { ++ status = check_var_size(nonblocking, attr, ++ data_size + ucs2_strsize(name, 1024)); ++ if (status != EFI_SUCCESS) ++ return status; ++ } + + /* + * If no _nonblocking variant exists, the ordinary one + * is assumed to be non-blocking. + */ +- setvar = __efivars->ops->set_variable_nonblocking ?: +- __efivars->ops->set_variable; ++ setvar = __efivars->ops->set_variable_nonblocking; ++ if (!setvar || !nonblocking) ++ setvar = __efivars->ops->set_variable; + +- if (data_size > 0) { +- status = check_var_size_nonblocking(attr, data_size + +- ucs2_strsize(name, 1024)); +- if (status != EFI_SUCCESS) +- return status; +- } + return setvar(name, vendor, attr, data_size, data); + } + EXPORT_SYMBOL_NS_GPL(efivar_set_variable_locked, EFIVAR); +@@ -264,7 +235,8 @@ efi_status_t efivar_set_variable(efi_char16_t *name, efi_guid_t *vendor, + if (efivar_lock()) + return EFI_ABORTED; + +- status = efivar_set_variable_blocking(name, vendor, attr, data_size, data); ++ status = efivar_set_variable_locked(name, vendor, attr, data_size, ++ data, false); + efivar_unlock(); + return status; + } +-- +2.38.1 + diff --git a/queue-6.0/efi-random-reduce-seed-size-to-32-bytes.patch b/queue-6.0/efi-random-reduce-seed-size-to-32-bytes.patch new file mode 100644 index 00000000000..e6f1ec59c9f --- /dev/null +++ b/queue-6.0/efi-random-reduce-seed-size-to-32-bytes.patch @@ -0,0 +1,50 @@ +From 161a438d730dade2ba2b1bf8785f0759aba4ca5f Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Thu, 20 Oct 2022 10:39:08 +0200 +Subject: efi: random: reduce seed size to 32 bytes + +From: Ard Biesheuvel + +commit 161a438d730dade2ba2b1bf8785f0759aba4ca5f upstream. + +We no longer need at least 64 bytes of random seed to permit the early +crng init to complete. The RNG is now based on Blake2s, so reduce the +EFI seed size to the Blake2s hash size, which is sufficient for our +purposes. + +While at it, drop the READ_ONCE(), which was supposed to prevent size +from being evaluated after seed was unmapped. However, this cannot +actually happen, so READ_ONCE() is unnecessary here. + +Cc: # v4.14+ +Signed-off-by: Ard Biesheuvel +Reviewed-by: Jason A. Donenfeld +Acked-by: Ilias Apalodimas +Signed-off-by: Greg Kroah-Hartman +--- + drivers/firmware/efi/efi.c | 2 +- + include/linux/efi.h | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/firmware/efi/efi.c ++++ b/drivers/firmware/efi/efi.c +@@ -608,7 +608,7 @@ int __init efi_config_parse_tables(const + + seed = early_memremap(efi_rng_seed, sizeof(*seed)); + if (seed != NULL) { +- size = READ_ONCE(seed->size); ++ size = min(seed->size, EFI_RANDOM_SEED_SIZE); + early_memunmap(seed, sizeof(*seed)); + } else { + pr_err("Could not map UEFI random seed!\n"); +--- a/include/linux/efi.h ++++ b/include/linux/efi.h +@@ -1192,7 +1192,7 @@ efi_status_t efi_random_get_seed(void); + arch_efi_call_virt_teardown(); \ + }) + +-#define EFI_RANDOM_SEED_SIZE 64U ++#define EFI_RANDOM_SEED_SIZE 32U // BLAKE2S_HASH_SIZE + + struct linux_efi_random_seed { + u32 size; diff --git a/queue-6.0/efi-random-use-acpi-reclaim-memory-for-random-seed.patch b/queue-6.0/efi-random-use-acpi-reclaim-memory-for-random-seed.patch new file mode 100644 index 00000000000..8f5fca61545 --- /dev/null +++ b/queue-6.0/efi-random-use-acpi-reclaim-memory-for-random-seed.patch @@ -0,0 +1,59 @@ +From 7d866e38c7e9ece8a096d0d098fa9d92b9d4f97e Mon Sep 17 00:00:00 2001 +From: Ard Biesheuvel +Date: Thu, 20 Oct 2022 10:39:09 +0200 +Subject: efi: random: Use 'ACPI reclaim' memory for random seed + +From: Ard Biesheuvel + +commit 7d866e38c7e9ece8a096d0d098fa9d92b9d4f97e upstream. + +EFI runtime services data is guaranteed to be preserved by the OS, +making it a suitable candidate for the EFI random seed table, which may +be passed to kexec kernels as well (after refreshing the seed), and so +we need to ensure that the memory is preserved without support from the +OS itself. + +However, runtime services data is intended for allocations that are +relevant to the implementations of the runtime services themselves, and +so they are unmapped from the kernel linear map, and mapped into the EFI +page tables that are active while runtime service invocations are in +progress. None of this is needed for the RNG seed. + +So let's switch to EFI 'ACPI reclaim' memory: in spite of the name, +there is nothing exclusively ACPI about it, it is simply a type of +allocation that carries firmware provided data which may or may not be +relevant to the OS, and it is left up to the OS to decide whether to +reclaim it after having consumed its contents. + +Given that in Linux, we never reclaim these allocations, it is a good +choice for the EFI RNG seed, as the allocation is guaranteed to survive +kexec reboots. + +One additional reason for changing this now is to align it with the +upcoming recommendation for EFI bootloader provided RNG seeds, which +must not use EFI runtime services code/data allocations. + +Cc: # v4.14+ +Signed-off-by: Ard Biesheuvel +Reviewed-by: Ilias Apalodimas +Signed-off-by: Greg Kroah-Hartman +--- + drivers/firmware/efi/libstub/random.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +--- a/drivers/firmware/efi/libstub/random.c ++++ b/drivers/firmware/efi/libstub/random.c +@@ -75,7 +75,12 @@ efi_status_t efi_random_get_seed(void) + if (status != EFI_SUCCESS) + return status; + +- status = efi_bs_call(allocate_pool, EFI_RUNTIME_SERVICES_DATA, ++ /* ++ * Use EFI_ACPI_RECLAIM_MEMORY here so that it is guaranteed that the ++ * allocation will survive a kexec reboot (although we refresh the seed ++ * beforehand) ++ */ ++ status = efi_bs_call(allocate_pool, EFI_ACPI_RECLAIM_MEMORY, + sizeof(*seed) + EFI_RANDOM_SEED_SIZE, + (void **)&seed); + if (status != EFI_SUCCESS) diff --git a/queue-6.0/fprobe-check-rethook_alloc-return-in-rethook-initialization.patch b/queue-6.0/fprobe-check-rethook_alloc-return-in-rethook-initialization.patch new file mode 100644 index 00000000000..1c1b9aeebc0 --- /dev/null +++ b/queue-6.0/fprobe-check-rethook_alloc-return-in-rethook-initialization.patch @@ -0,0 +1,37 @@ +From d05ea35e7eea14d32f29fd688d3daeb9089de1a5 Mon Sep 17 00:00:00 2001 +From: Rafael Mendonca +Date: Tue, 25 Oct 2022 00:12:08 -0300 +Subject: fprobe: Check rethook_alloc() return in rethook initialization + +From: Rafael Mendonca + +commit d05ea35e7eea14d32f29fd688d3daeb9089de1a5 upstream. + +Check if fp->rethook succeeded to be allocated. Otherwise, if +rethook_alloc() fails, then we end up dereferencing a NULL pointer in +rethook_add_node(). + +Link: https://lore.kernel.org/all/20221025031209.954836-1-rafaelmendsr@gmail.com/ + +Fixes: 5b0ab78998e3 ("fprobe: Add exit_handler support") +Cc: stable@vger.kernel.org +Signed-off-by: Rafael Mendonca +Acked-by: Steven Rostedt (Google) +Acked-by: Masami Hiramatsu (Google) +Signed-off-by: Masami Hiramatsu (Google) +Signed-off-by: Greg Kroah-Hartman +--- + kernel/trace/fprobe.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/kernel/trace/fprobe.c ++++ b/kernel/trace/fprobe.c +@@ -141,6 +141,8 @@ static int fprobe_init_rethook(struct fp + return -E2BIG; + + fp->rethook = rethook_alloc((void *)fp, fprobe_exit_handler); ++ if (!fp->rethook) ++ return -ENOMEM; + for (i = 0; i < size; i++) { + struct fprobe_rethook_node *node; + diff --git a/queue-6.0/fuse-add-file_modified-to-fallocate.patch b/queue-6.0/fuse-add-file_modified-to-fallocate.patch new file mode 100644 index 00000000000..97c1c4b0859 --- /dev/null +++ b/queue-6.0/fuse-add-file_modified-to-fallocate.patch @@ -0,0 +1,33 @@ +From 4a6f278d4827b59ba26ceae0ff4529ee826aa258 Mon Sep 17 00:00:00 2001 +From: Miklos Szeredi +Date: Fri, 28 Oct 2022 14:25:20 +0200 +Subject: fuse: add file_modified() to fallocate + +From: Miklos Szeredi + +commit 4a6f278d4827b59ba26ceae0ff4529ee826aa258 upstream. + +Add missing file_modified() call to fuse_file_fallocate(). Without this +fallocate on fuse failed to clear privileges. + +Fixes: 05ba1f082300 ("fuse: add FALLOCATE operation") +Cc: +Signed-off-by: Miklos Szeredi +Signed-off-by: Greg Kroah-Hartman +--- + fs/fuse/file.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/fs/fuse/file.c ++++ b/fs/fuse/file.c +@@ -3001,6 +3001,10 @@ static long fuse_file_fallocate(struct f + goto out; + } + ++ err = file_modified(file); ++ if (err) ++ goto out; ++ + if (!(mode & FALLOC_FL_KEEP_SIZE)) + set_bit(FUSE_I_SIZE_UNSTABLE, &fi->state); + diff --git a/queue-6.0/fuse-fix-readdir-cache-race.patch b/queue-6.0/fuse-fix-readdir-cache-race.patch new file mode 100644 index 00000000000..d1d6f6ba664 --- /dev/null +++ b/queue-6.0/fuse-fix-readdir-cache-race.patch @@ -0,0 +1,60 @@ +From 9fa248c65bdbf5af0a2f74dd38575acfc8dfd2bf Mon Sep 17 00:00:00 2001 +From: Miklos Szeredi +Date: Thu, 20 Oct 2022 17:18:58 +0200 +Subject: fuse: fix readdir cache race + +From: Miklos Szeredi + +commit 9fa248c65bdbf5af0a2f74dd38575acfc8dfd2bf upstream. + +There's a race in fuse's readdir cache that can result in an uninitilized +page being read. The page lock is supposed to prevent this from happening +but in the following case it doesn't: + +Two fuse_add_dirent_to_cache() start out and get the same parameters +(size=0,offset=0). One of them wins the race to create and lock the page, +after which it fills in data, sets rdc.size and unlocks the page. + +In the meantime the page gets evicted from the cache before the other +instance gets to run. That one also creates the page, but finds the +size to be mismatched, bails out and leaves the uninitialized page in the +cache. + +Fix by marking a filled page uptodate and ignoring non-uptodate pages. + +Reported-by: Frank Sorenson +Fixes: 5d7bc7e8680c ("fuse: allow using readdir cache") +Cc: # v4.20 +Signed-off-by: Miklos Szeredi +Signed-off-by: Greg Kroah-Hartman +--- + fs/fuse/readdir.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +--- a/fs/fuse/readdir.c ++++ b/fs/fuse/readdir.c +@@ -77,8 +77,10 @@ static void fuse_add_dirent_to_cache(str + goto unlock; + + addr = kmap_local_page(page); +- if (!offset) ++ if (!offset) { + clear_page(addr); ++ SetPageUptodate(page); ++ } + memcpy(addr + offset, dirent, reclen); + kunmap_local(addr); + fi->rdc.size = (index << PAGE_SHIFT) + offset + reclen; +@@ -516,6 +518,12 @@ retry_locked: + + page = find_get_page_flags(file->f_mapping, index, + FGP_ACCESSED | FGP_LOCK); ++ /* Page gone missing, then re-added to cache, but not initialized? */ ++ if (page && !PageUptodate(page)) { ++ unlock_page(page); ++ put_page(page); ++ page = NULL; ++ } + spin_lock(&fi->rdc.lock); + if (!page) { + /* diff --git a/queue-6.0/kprobe-reverse-kp-flags-when-arm_kprobe-failed.patch b/queue-6.0/kprobe-reverse-kp-flags-when-arm_kprobe-failed.patch new file mode 100644 index 00000000000..b42f892dd50 --- /dev/null +++ b/queue-6.0/kprobe-reverse-kp-flags-when-arm_kprobe-failed.patch @@ -0,0 +1,41 @@ +From 4a6f316d6855a434f56dbbeba05e14c01acde8f8 Mon Sep 17 00:00:00 2001 +From: Li Qiang +Date: Fri, 4 Nov 2022 08:49:31 +0900 +Subject: kprobe: reverse kp->flags when arm_kprobe failed + +From: Li Qiang + +commit 4a6f316d6855a434f56dbbeba05e14c01acde8f8 upstream. + +In aggregate kprobe case, when arm_kprobe failed, +we need set the kp->flags with KPROBE_FLAG_DISABLED again. +If not, the 'kp' kprobe will been considered as enabled +but it actually not enabled. + +Link: https://lore.kernel.org/all/20220902155820.34755-1-liq3ea@163.com/ + +Fixes: 12310e343755 ("kprobes: Propagate error from arm_kprobe_ftrace()") +Cc: stable@vger.kernel.org +Signed-off-by: Li Qiang +Acked-by: Masami Hiramatsu (Google) +Signed-off-by: Masami Hiramatsu (Google) +Signed-off-by: Greg Kroah-Hartman +--- + kernel/kprobes.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/kernel/kprobes.c ++++ b/kernel/kprobes.c +@@ -2425,8 +2425,11 @@ int enable_kprobe(struct kprobe *kp) + if (!kprobes_all_disarmed && kprobe_disabled(p)) { + p->flags &= ~KPROBE_FLAG_DISABLED; + ret = arm_kprobe(p); +- if (ret) ++ if (ret) { + p->flags |= KPROBE_FLAG_DISABLED; ++ if (p != kp) ++ kp->flags |= KPROBE_FLAG_DISABLED; ++ } + } + out: + mutex_unlock(&kprobe_mutex); diff --git a/queue-6.0/net-also-flag-accepted-sockets-supporting-msghdr-originated-zerocopy.patch b/queue-6.0/net-also-flag-accepted-sockets-supporting-msghdr-originated-zerocopy.patch new file mode 100644 index 00000000000..68d202d8554 --- /dev/null +++ b/queue-6.0/net-also-flag-accepted-sockets-supporting-msghdr-originated-zerocopy.patch @@ -0,0 +1,37 @@ +From 71b7786ea478f3c4611deff4d2b9676b0c17c56b Mon Sep 17 00:00:00 2001 +From: Stefan Metzmacher +Date: Thu, 27 Oct 2022 00:25:59 +0100 +Subject: net: also flag accepted sockets supporting msghdr originated zerocopy + +From: Stefan Metzmacher + +commit 71b7786ea478f3c4611deff4d2b9676b0c17c56b upstream. + +Without this only the client initiated tcp sockets have SOCK_SUPPORT_ZC. +The listening socket on the server also has it, but the accepted +connections didn't, which meant IORING_OP_SEND[MSG]_ZC will always +fails with -EOPNOTSUPP. + +Fixes: e993ffe3da4b ("net: flag sockets supporting msghdr originated zerocopy") +Cc: # 6.0 +CC: Jens Axboe +Link: https://lore.kernel.org/io-uring/20221024141503.22b4e251@kernel.org/T/#m38aa19b0b825758fb97860a38ad13122051f9dda +Signed-off-by: Stefan Metzmacher +Signed-off-by: Pavel Begunkov +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + net/ipv4/af_inet.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/net/ipv4/af_inet.c ++++ b/net/ipv4/af_inet.c +@@ -748,6 +748,8 @@ int inet_accept(struct socket *sock, str + (TCPF_ESTABLISHED | TCPF_SYN_RECV | + TCPF_CLOSE_WAIT | TCPF_CLOSE))); + ++ if (test_bit(SOCK_SUPPORT_ZC, &sock->flags)) ++ set_bit(SOCK_SUPPORT_ZC, &newsock->flags); + sock_graft(sk2, newsock); + + newsock->state = SS_CONNECTED; diff --git a/queue-6.0/net-remove-sock_support_zc-from-sockmap.patch b/queue-6.0/net-remove-sock_support_zc-from-sockmap.patch new file mode 100644 index 00000000000..1c25506bd26 --- /dev/null +++ b/queue-6.0/net-remove-sock_support_zc-from-sockmap.patch @@ -0,0 +1,112 @@ +From fee9ac06647e59a69fb7aec58f25267c134264b4 Mon Sep 17 00:00:00 2001 +From: Pavel Begunkov +Date: Thu, 27 Oct 2022 00:25:57 +0100 +Subject: net: remove SOCK_SUPPORT_ZC from sockmap + +From: Pavel Begunkov + +commit fee9ac06647e59a69fb7aec58f25267c134264b4 upstream. + +sockmap replaces ->sk_prot with its own callbacks, we should remove +SOCK_SUPPORT_ZC as the new proto doesn't support msghdr::ubuf_info. + +Cc: # 6.0 +Reported-by: Jakub Kicinski +Fixes: e993ffe3da4bc ("net: flag sockets supporting msghdr originated zerocopy") +Signed-off-by: Pavel Begunkov +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + include/net/sock.h | 7 +++++++ + net/ipv4/tcp_bpf.c | 4 ++-- + net/ipv4/udp_bpf.c | 4 ++-- + net/unix/unix_bpf.c | 8 ++++---- + 4 files changed, 15 insertions(+), 8 deletions(-) + +--- a/include/net/sock.h ++++ b/include/net/sock.h +@@ -1871,6 +1871,13 @@ void sock_kfree_s(struct sock *sk, void + void sock_kzfree_s(struct sock *sk, void *mem, int size); + void sk_send_sigurg(struct sock *sk); + ++static inline void sock_replace_proto(struct sock *sk, struct proto *proto) ++{ ++ if (sk->sk_socket) ++ clear_bit(SOCK_SUPPORT_ZC, &sk->sk_socket->flags); ++ WRITE_ONCE(sk->sk_prot, proto); ++} ++ + struct sockcm_cookie { + u64 transmit_time; + u32 mark; +--- a/net/ipv4/tcp_bpf.c ++++ b/net/ipv4/tcp_bpf.c +@@ -607,7 +607,7 @@ int tcp_bpf_update_proto(struct sock *sk + } else { + sk->sk_write_space = psock->saved_write_space; + /* Pairs with lockless read in sk_clone_lock() */ +- WRITE_ONCE(sk->sk_prot, psock->sk_proto); ++ sock_replace_proto(sk, psock->sk_proto); + } + return 0; + } +@@ -620,7 +620,7 @@ int tcp_bpf_update_proto(struct sock *sk + } + + /* Pairs with lockless read in sk_clone_lock() */ +- WRITE_ONCE(sk->sk_prot, &tcp_bpf_prots[family][config]); ++ sock_replace_proto(sk, &tcp_bpf_prots[family][config]); + return 0; + } + EXPORT_SYMBOL_GPL(tcp_bpf_update_proto); +--- a/net/ipv4/udp_bpf.c ++++ b/net/ipv4/udp_bpf.c +@@ -141,14 +141,14 @@ int udp_bpf_update_proto(struct sock *sk + + if (restore) { + sk->sk_write_space = psock->saved_write_space; +- WRITE_ONCE(sk->sk_prot, psock->sk_proto); ++ sock_replace_proto(sk, psock->sk_proto); + return 0; + } + + if (sk->sk_family == AF_INET6) + udp_bpf_check_v6_needs_rebuild(psock->sk_proto); + +- WRITE_ONCE(sk->sk_prot, &udp_bpf_prots[family]); ++ sock_replace_proto(sk, &udp_bpf_prots[family]); + return 0; + } + EXPORT_SYMBOL_GPL(udp_bpf_update_proto); +--- a/net/unix/unix_bpf.c ++++ b/net/unix/unix_bpf.c +@@ -145,12 +145,12 @@ int unix_dgram_bpf_update_proto(struct s + + if (restore) { + sk->sk_write_space = psock->saved_write_space; +- WRITE_ONCE(sk->sk_prot, psock->sk_proto); ++ sock_replace_proto(sk, psock->sk_proto); + return 0; + } + + unix_dgram_bpf_check_needs_rebuild(psock->sk_proto); +- WRITE_ONCE(sk->sk_prot, &unix_dgram_bpf_prot); ++ sock_replace_proto(sk, &unix_dgram_bpf_prot); + return 0; + } + +@@ -158,12 +158,12 @@ int unix_stream_bpf_update_proto(struct + { + if (restore) { + sk->sk_write_space = psock->saved_write_space; +- WRITE_ONCE(sk->sk_prot, psock->sk_proto); ++ sock_replace_proto(sk, psock->sk_proto); + return 0; + } + + unix_stream_bpf_check_needs_rebuild(psock->sk_proto); +- WRITE_ONCE(sk->sk_prot, &unix_stream_bpf_prot); ++ sock_replace_proto(sk, &unix_stream_bpf_prot); + return 0; + } + diff --git a/queue-6.0/net-ulp-remove-sock_support_zc-from-tls-sockets.patch b/queue-6.0/net-ulp-remove-sock_support_zc-from-tls-sockets.patch new file mode 100644 index 00000000000..ace6dc8ee93 --- /dev/null +++ b/queue-6.0/net-ulp-remove-sock_support_zc-from-tls-sockets.patch @@ -0,0 +1,40 @@ +From e276d62dcfdee6582486e8b8344dd869518e14be Mon Sep 17 00:00:00 2001 +From: Pavel Begunkov +Date: Thu, 27 Oct 2022 00:25:58 +0100 +Subject: net/ulp: remove SOCK_SUPPORT_ZC from tls sockets + +From: Pavel Begunkov + +commit e276d62dcfdee6582486e8b8344dd869518e14be upstream. + +Remove SOCK_SUPPORT_ZC when we're setting ulp as it might not support +msghdr::ubuf_info, e.g. like TLS replacing ->sk_prot with a new set of +handlers. + +Cc: # 6.0 +Reported-by: Jakub Kicinski +Fixes: e993ffe3da4bc ("net: flag sockets supporting msghdr originated zerocopy") +Signed-off-by: Pavel Begunkov +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + net/ipv4/tcp_ulp.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/net/ipv4/tcp_ulp.c b/net/ipv4/tcp_ulp.c +index 7c27aa629af1..9ae50b1bd844 100644 +--- a/net/ipv4/tcp_ulp.c ++++ b/net/ipv4/tcp_ulp.c +@@ -136,6 +136,9 @@ static int __tcp_set_ulp(struct sock *sk, const struct tcp_ulp_ops *ulp_ops) + if (icsk->icsk_ulp_ops) + goto out_err; + ++ if (sk->sk_socket) ++ clear_bit(SOCK_SUPPORT_ZC, &sk->sk_socket->flags); ++ + err = ulp_ops->init(sk); + if (err) + goto out_err; +-- +2.38.1 + diff --git a/queue-6.0/perf-x86-intel-add-cooper-lake-stepping-to-isolation_ucodes.patch b/queue-6.0/perf-x86-intel-add-cooper-lake-stepping-to-isolation_ucodes.patch new file mode 100644 index 00000000000..550784ee362 --- /dev/null +++ b/queue-6.0/perf-x86-intel-add-cooper-lake-stepping-to-isolation_ucodes.patch @@ -0,0 +1,35 @@ +From 6f8faf471446844bb9c318e0340221049d5c19f4 Mon Sep 17 00:00:00 2001 +From: Kan Liang +Date: Mon, 31 Oct 2022 08:45:50 -0700 +Subject: perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes[] + +From: Kan Liang + +commit 6f8faf471446844bb9c318e0340221049d5c19f4 upstream. + +The intel_pebs_isolation quirk checks both model number and stepping. +Cooper Lake has a different stepping (11) than the other Skylake Xeon. +It cannot benefit from the optimization in commit 9b545c04abd4f +("perf/x86/kvm: Avoid unnecessary work in guest filtering"). + +Add the stepping of Cooper Lake into the isolation_ucodes[] table. + +Signed-off-by: Kan Liang +Signed-off-by: Peter Zijlstra (Intel) +Cc: stable@vger.kernel.org +Link: https://lkml.kernel.org/r/20221031154550.571663-1-kan.liang@linux.intel.com +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/events/intel/core.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/x86/events/intel/core.c ++++ b/arch/x86/events/intel/core.c +@@ -4891,6 +4891,7 @@ static const struct x86_cpu_desc isolati + INTEL_CPU_DESC(INTEL_FAM6_SKYLAKE_X, 5, 0x00000000), + INTEL_CPU_DESC(INTEL_FAM6_SKYLAKE_X, 6, 0x00000000), + INTEL_CPU_DESC(INTEL_FAM6_SKYLAKE_X, 7, 0x00000000), ++ INTEL_CPU_DESC(INTEL_FAM6_SKYLAKE_X, 11, 0x00000000), + INTEL_CPU_DESC(INTEL_FAM6_SKYLAKE_L, 3, 0x0000007c), + INTEL_CPU_DESC(INTEL_FAM6_SKYLAKE, 3, 0x0000007c), + INTEL_CPU_DESC(INTEL_FAM6_KABYLAKE, 9, 0x0000004e), diff --git a/queue-6.0/perf-x86-intel-fix-pebs-event-constraints-for-icl.patch b/queue-6.0/perf-x86-intel-fix-pebs-event-constraints-for-icl.patch new file mode 100644 index 00000000000..09d94063184 --- /dev/null +++ b/queue-6.0/perf-x86-intel-fix-pebs-event-constraints-for-icl.patch @@ -0,0 +1,41 @@ +From acc5568b90c19ac6375508a93b9676cd18a92a35 Mon Sep 17 00:00:00 2001 +From: Kan Liang +Date: Mon, 31 Oct 2022 08:41:18 -0700 +Subject: perf/x86/intel: Fix pebs event constraints for ICL + +From: Kan Liang + +commit acc5568b90c19ac6375508a93b9676cd18a92a35 upstream. + +According to the latest event list, update the MEM_INST_RETIRED events +which support the DataLA facility. + +Fixes: 6017608936c1 ("perf/x86/intel: Add Icelake support") +Reported-by: Jannis Klinkenberg +Signed-off-by: Kan Liang +Signed-off-by: Peter Zijlstra (Intel) +Cc: stable@vger.kernel.org +Link: https://lkml.kernel.org/r/20221031154119.571386-1-kan.liang@linux.intel.com +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/events/intel/ds.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +--- a/arch/x86/events/intel/ds.c ++++ b/arch/x86/events/intel/ds.c +@@ -982,8 +982,13 @@ struct event_constraint intel_icl_pebs_e + INTEL_FLAGS_UEVENT_CONSTRAINT(0x0400, 0x800000000ULL), /* SLOTS */ + + INTEL_PLD_CONSTRAINT(0x1cd, 0xff), /* MEM_TRANS_RETIRED.LOAD_LATENCY */ +- INTEL_FLAGS_UEVENT_CONSTRAINT_DATALA_LD(0x1d0, 0xf), /* MEM_INST_RETIRED.LOAD */ +- INTEL_FLAGS_UEVENT_CONSTRAINT_DATALA_ST(0x2d0, 0xf), /* MEM_INST_RETIRED.STORE */ ++ INTEL_FLAGS_UEVENT_CONSTRAINT_DATALA_LD(0x11d0, 0xf), /* MEM_INST_RETIRED.STLB_MISS_LOADS */ ++ INTEL_FLAGS_UEVENT_CONSTRAINT_DATALA_ST(0x12d0, 0xf), /* MEM_INST_RETIRED.STLB_MISS_STORES */ ++ INTEL_FLAGS_UEVENT_CONSTRAINT_DATALA_LD(0x21d0, 0xf), /* MEM_INST_RETIRED.LOCK_LOADS */ ++ INTEL_FLAGS_UEVENT_CONSTRAINT_DATALA_LD(0x41d0, 0xf), /* MEM_INST_RETIRED.SPLIT_LOADS */ ++ INTEL_FLAGS_UEVENT_CONSTRAINT_DATALA_ST(0x42d0, 0xf), /* MEM_INST_RETIRED.SPLIT_STORES */ ++ INTEL_FLAGS_UEVENT_CONSTRAINT_DATALA_LD(0x81d0, 0xf), /* MEM_INST_RETIRED.ALL_LOADS */ ++ INTEL_FLAGS_UEVENT_CONSTRAINT_DATALA_ST(0x82d0, 0xf), /* MEM_INST_RETIRED.ALL_STORES */ + + INTEL_FLAGS_EVENT_CONSTRAINT_DATALA_LD_RANGE(0xd1, 0xd4, 0xf), /* MEM_LOAD_*_RETIRED.* */ + diff --git a/queue-6.0/perf-x86-intel-fix-pebs-event-constraints-for-spr.patch b/queue-6.0/perf-x86-intel-fix-pebs-event-constraints-for-spr.patch new file mode 100644 index 00000000000..370c02ba76b --- /dev/null +++ b/queue-6.0/perf-x86-intel-fix-pebs-event-constraints-for-spr.patch @@ -0,0 +1,40 @@ +From 0916886bb978e7eae1ca3955ba07f51c020da20c Mon Sep 17 00:00:00 2001 +From: Kan Liang +Date: Mon, 31 Oct 2022 08:41:19 -0700 +Subject: perf/x86/intel: Fix pebs event constraints for SPR + +From: Kan Liang + +commit 0916886bb978e7eae1ca3955ba07f51c020da20c upstream. + +According to the latest event list, update the MEM_INST_RETIRED events +which support the DataLA facility for SPR. + +Fixes: 61b985e3e775 ("perf/x86/intel: Add perf core PMU support for Sapphire Rapids") +Signed-off-by: Kan Liang +Signed-off-by: Peter Zijlstra (Intel) +Cc: stable@vger.kernel.org +Link: https://lkml.kernel.org/r/20221031154119.571386-2-kan.liang@linux.intel.com +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/events/intel/ds.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +--- a/arch/x86/events/intel/ds.c ++++ b/arch/x86/events/intel/ds.c +@@ -1009,8 +1009,13 @@ struct event_constraint intel_spr_pebs_e + INTEL_FLAGS_EVENT_CONSTRAINT(0xc0, 0xfe), + INTEL_PLD_CONSTRAINT(0x1cd, 0xfe), + INTEL_PSD_CONSTRAINT(0x2cd, 0x1), +- INTEL_FLAGS_UEVENT_CONSTRAINT_DATALA_LD(0x1d0, 0xf), +- INTEL_FLAGS_UEVENT_CONSTRAINT_DATALA_ST(0x2d0, 0xf), ++ INTEL_FLAGS_UEVENT_CONSTRAINT_DATALA_LD(0x11d0, 0xf), /* MEM_INST_RETIRED.STLB_MISS_LOADS */ ++ INTEL_FLAGS_UEVENT_CONSTRAINT_DATALA_ST(0x12d0, 0xf), /* MEM_INST_RETIRED.STLB_MISS_STORES */ ++ INTEL_FLAGS_UEVENT_CONSTRAINT_DATALA_LD(0x21d0, 0xf), /* MEM_INST_RETIRED.LOCK_LOADS */ ++ INTEL_FLAGS_UEVENT_CONSTRAINT_DATALA_LD(0x41d0, 0xf), /* MEM_INST_RETIRED.SPLIT_LOADS */ ++ INTEL_FLAGS_UEVENT_CONSTRAINT_DATALA_ST(0x42d0, 0xf), /* MEM_INST_RETIRED.SPLIT_STORES */ ++ INTEL_FLAGS_UEVENT_CONSTRAINT_DATALA_LD(0x81d0, 0xf), /* MEM_INST_RETIRED.ALL_LOADS */ ++ INTEL_FLAGS_UEVENT_CONSTRAINT_DATALA_ST(0x82d0, 0xf), /* MEM_INST_RETIRED.ALL_STORES */ + + INTEL_FLAGS_EVENT_CONSTRAINT_DATALA_LD_RANGE(0xd1, 0xd4, 0xf), + diff --git a/queue-6.0/ring-buffer-check-for-null-cpu_buffer-in-ring_buffer_wake_waiters.patch b/queue-6.0/ring-buffer-check-for-null-cpu_buffer-in-ring_buffer_wake_waiters.patch new file mode 100644 index 00000000000..675fb17a8e9 --- /dev/null +++ b/queue-6.0/ring-buffer-check-for-null-cpu_buffer-in-ring_buffer_wake_waiters.patch @@ -0,0 +1,70 @@ +From 7433632c9ff68a991bd0bc38cabf354e9d2de410 Mon Sep 17 00:00:00 2001 +From: "Steven Rostedt (Google)" +Date: Tue, 1 Nov 2022 19:10:09 -0400 +Subject: ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() + +From: Steven Rostedt (Google) + +commit 7433632c9ff68a991bd0bc38cabf354e9d2de410 upstream. + +On some machines the number of listed CPUs may be bigger than the actual +CPUs that exist. The tracing subsystem allocates a per_cpu directory with +access to the per CPU ring buffer via a cpuX file. But to save space, the +ring buffer will only allocate buffers for online CPUs, even though the +CPU array will be as big as the nr_cpu_ids. + +With the addition of waking waiters on the ring buffer when closing the +file, the ring_buffer_wake_waiters() now needs to make sure that the +buffer is allocated (with the irq_work allocated with it) before trying to +wake waiters, as it will cause a NULL pointer dereference. + +While debugging this, I added a NULL check for the buffer itself (which is +OK to do), and also NULL pointer checks against buffer->buffers (which is +not fine, and will WARN) as well as making sure the CPU number passed in +is within the nr_cpu_ids (which is also not fine if it isn't). + +Link: https://lore.kernel.org/all/87h6zklb6n.wl-tiwai@suse.de/ +Link: https://lore.kernel.org/all/CAM6Wdxc0KRJMXVAA0Y=u6Jh2V=uWB-_Fn6M4xRuNppfXzL1mUg@mail.gmail.com/ +Link: https://lkml.kernel.org/linux-trace-kernel/20221101191009.1e7378c8@rorschach.local.home + +Cc: stable@vger.kernel.org +Cc: Steven Noonan +Bugzilla: https://bugzilla.opensuse.org/show_bug.cgi?id=1204705 +Reported-by: Takashi Iwai +Reported-by: Roland Ruckerbauer +Fixes: f3ddb74ad079 ("tracing: Wake up ring buffer waiters on closing of the file") +Reviewed-by: Masami Hiramatsu (Google) +Signed-off-by: Steven Rostedt (Google) +Signed-off-by: Greg Kroah-Hartman +--- + kernel/trace/ring_buffer.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +--- a/kernel/trace/ring_buffer.c ++++ b/kernel/trace/ring_buffer.c +@@ -937,6 +937,9 @@ void ring_buffer_wake_waiters(struct tra + struct ring_buffer_per_cpu *cpu_buffer; + struct rb_irq_work *rbwork; + ++ if (!buffer) ++ return; ++ + if (cpu == RING_BUFFER_ALL_CPUS) { + + /* Wake up individual ones too. One level recursion */ +@@ -945,7 +948,15 @@ void ring_buffer_wake_waiters(struct tra + + rbwork = &buffer->irq_work; + } else { ++ if (WARN_ON_ONCE(!buffer->buffers)) ++ return; ++ if (WARN_ON_ONCE(cpu >= nr_cpu_ids)) ++ return; ++ + cpu_buffer = buffer->buffers[cpu]; ++ /* The CPU buffer may not have been initialized yet */ ++ if (!cpu_buffer) ++ return; + rbwork = &cpu_buffer->irq_work; + } + diff --git a/queue-6.0/selftests-landlock-build-without-static-libraries.patch b/queue-6.0/selftests-landlock-build-without-static-libraries.patch new file mode 100644 index 00000000000..144c55f93af --- /dev/null +++ b/queue-6.0/selftests-landlock-build-without-static-libraries.patch @@ -0,0 +1,60 @@ +From 091873e47ef700e935aa80079b63929af599a0b2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= +Date: Wed, 19 Oct 2022 22:05:36 +0200 +Subject: selftests/landlock: Build without static libraries +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Mickaël Salaün + +commit 091873e47ef700e935aa80079b63929af599a0b2 upstream. + +The only (forced) static test binary doesn't depend on libcap. Because +using -lcap on systems that don't have such static library would fail +(e.g. on Arch Linux), let's be more specific and require only dynamic +libcap linking. + +Fixes: a52540522c95 ("selftests/landlock: Fix out-of-tree builds") +Cc: Anders Roxell +Cc: Guillaume Tucker +Cc: Mark Brown +Cc: Shuah Khan +Cc: stable@vger.kernel.org +Signed-off-by: Mickaël Salaün +Link: https://lore.kernel.org/r/20221019200536.2771316-1-mic@digikod.net +Signed-off-by: Greg Kroah-Hartman +--- + tools/testing/selftests/landlock/Makefile | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/tools/testing/selftests/landlock/Makefile b/tools/testing/selftests/landlock/Makefile +index 6632bfff486b..348e2dbdb4e0 100644 +--- a/tools/testing/selftests/landlock/Makefile ++++ b/tools/testing/selftests/landlock/Makefile +@@ -3,7 +3,6 @@ + # First run: make -C ../../../.. headers_install + + CFLAGS += -Wall -O2 $(KHDR_INCLUDES) +-LDLIBS += -lcap + + LOCAL_HDRS += common.h + +@@ -13,10 +12,12 @@ TEST_GEN_PROGS := $(src_test:.c=) + + TEST_GEN_PROGS_EXTENDED := true + +-# Static linking for short targets: ++# Short targets: ++$(TEST_GEN_PROGS): LDLIBS += -lcap + $(TEST_GEN_PROGS_EXTENDED): LDFLAGS += -static + + include ../lib.mk + +-# Static linking for targets with $(OUTPUT)/ prefix: ++# Targets with $(OUTPUT)/ prefix: ++$(TEST_GEN_PROGS): LDLIBS += -lcap + $(TEST_GEN_PROGS_EXTENDED): LDFLAGS += -static +-- +2.38.1 + diff --git a/queue-6.0/series b/queue-6.0/series index 4104a121e2f..5516c2be964 100644 --- a/queue-6.0/series +++ b/queue-6.0/series @@ -138,3 +138,25 @@ cxl-region-fix-region-hpa-ordering-validation.patch cxl-region-fix-cxl_region-leak-cleanup-targets-at-region-delete.patch cxl-region-fix-distance-calculation-with-passthrough-ports.patch ftrace-fix-use-after-free-for-dynamic-ftrace_ops.patch +tracing-fprobe-fix-to-check-whether-fprobe-is-registered-correctly.patch +fprobe-check-rethook_alloc-return-in-rethook-initialization.patch +tracing-kprobe-fix-memory-leak-in-test_gen_kprobe-kretprobe_cmd.patch +kprobe-reverse-kp-flags-when-arm_kprobe-failed.patch +ring-buffer-check-for-null-cpu_buffer-in-ring_buffer_wake_waiters.patch +tools-nolibc-string-fix-memcmp-implementation.patch +tracing-histogram-update-document-for-keys_max-size.patch +capabilities-fix-potential-memleak-on-error-path-from-vfs_getxattr_alloc.patch +fuse-add-file_modified-to-fallocate.patch +fuse-fix-readdir-cache-race.patch +selftests-landlock-build-without-static-libraries.patch +efi-random-reduce-seed-size-to-32-bytes.patch +efi-random-use-acpi-reclaim-memory-for-random-seed.patch +efi-efivars-fix-variable-writes-with-unsupported-query_variable_store.patch +net-ulp-remove-sock_support_zc-from-tls-sockets.patch +arm64-entry-avoid-kprobe-recursion.patch +arm-dts-imx6dl-yapp4-do-not-allow-pm-to-switch-pu-regulator-off-on-q-qp.patch +perf-x86-intel-fix-pebs-event-constraints-for-icl.patch +perf-x86-intel-add-cooper-lake-stepping-to-isolation_ucodes.patch +perf-x86-intel-fix-pebs-event-constraints-for-spr.patch +net-remove-sock_support_zc-from-sockmap.patch +net-also-flag-accepted-sockets-supporting-msghdr-originated-zerocopy.patch diff --git a/queue-6.0/tools-nolibc-string-fix-memcmp-implementation.patch b/queue-6.0/tools-nolibc-string-fix-memcmp-implementation.patch new file mode 100644 index 00000000000..238e1a09425 --- /dev/null +++ b/queue-6.0/tools-nolibc-string-fix-memcmp-implementation.patch @@ -0,0 +1,45 @@ +From b3f4f51ea68a495f8a5956064c33dce711a2df91 Mon Sep 17 00:00:00 2001 +From: Rasmus Villemoes +Date: Fri, 21 Oct 2022 08:01:53 +0200 +Subject: tools/nolibc/string: Fix memcmp() implementation + +From: Rasmus Villemoes + +commit b3f4f51ea68a495f8a5956064c33dce711a2df91 upstream. + +The C standard says that memcmp() must treat the buffers as consisting +of "unsigned chars". If char happens to be unsigned, the casts are ok, +but then obviously the c1 variable can never contain a negative +value. And when char is signed, the casts are wrong, and there's still +a problem with using an 8-bit quantity to hold the difference, because +that can range from -255 to +255. + +For example, assuming char is signed, comparing two 1-byte buffers, +one containing 0x00 and another 0x80, the current implementation would +return -128 for both memcmp(a, b, 1) and memcmp(b, a, 1), whereas one +of those should of course return something positive. + +Signed-off-by: Rasmus Villemoes +Fixes: 66b6f755ad45 ("rcutorture: Import a copy of nolibc") +Cc: stable@vger.kernel.org # v5.0+ +Signed-off-by: Willy Tarreau +Signed-off-by: Paul E. McKenney +Signed-off-by: Greg Kroah-Hartman +--- + tools/include/nolibc/string.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/tools/include/nolibc/string.h ++++ b/tools/include/nolibc/string.h +@@ -19,9 +19,9 @@ static __attribute__((unused)) + int memcmp(const void *s1, const void *s2, size_t n) + { + size_t ofs = 0; +- char c1 = 0; ++ int c1 = 0; + +- while (ofs < n && !(c1 = ((char *)s1)[ofs] - ((char *)s2)[ofs])) { ++ while (ofs < n && !(c1 = ((unsigned char *)s1)[ofs] - ((unsigned char *)s2)[ofs])) { + ofs++; + } + return c1; diff --git a/queue-6.0/tracing-fprobe-fix-to-check-whether-fprobe-is-registered-correctly.patch b/queue-6.0/tracing-fprobe-fix-to-check-whether-fprobe-is-registered-correctly.patch new file mode 100644 index 00000000000..fe3576b8691 --- /dev/null +++ b/queue-6.0/tracing-fprobe-fix-to-check-whether-fprobe-is-registered-correctly.patch @@ -0,0 +1,41 @@ +From 61b304b73ab4b48b1cd7796efe42a570e2a0e0fc Mon Sep 17 00:00:00 2001 +From: "Masami Hiramatsu (Google)" +Date: Sun, 23 Oct 2022 11:11:43 +0900 +Subject: tracing/fprobe: Fix to check whether fprobe is registered correctly + +From: Masami Hiramatsu (Google) + +commit 61b304b73ab4b48b1cd7796efe42a570e2a0e0fc upstream. + +Since commit ab51e15d535e ("fprobe: Introduce FPROBE_FL_KPROBE_SHARED flag +for fprobe") introduced fprobe_kprobe_handler() for fprobe::ops::func, +unregister_fprobe() fails to unregister the registered if user specifies +FPROBE_FL_KPROBE_SHARED flag. +Moreover, __register_ftrace_function() is possible to change the +ftrace_ops::func, thus we have to check fprobe::ops::saved_func instead. + +To check it correctly, it should confirm the fprobe::ops::saved_func is +either fprobe_handler() or fprobe_kprobe_handler(). + +Link: https://lore.kernel.org/all/166677683946.1459107.15997653945538644683.stgit@devnote3/ + +Fixes: cad9931f64dc ("fprobe: Add ftrace based probe APIs") +Cc: stable@vger.kernel.org +Signed-off-by: Masami Hiramatsu (Google) +Signed-off-by: Greg Kroah-Hartman +--- + kernel/trace/fprobe.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/kernel/trace/fprobe.c ++++ b/kernel/trace/fprobe.c +@@ -301,7 +301,8 @@ int unregister_fprobe(struct fprobe *fp) + { + int ret; + +- if (!fp || fp->ops.func != fprobe_handler) ++ if (!fp || (fp->ops.saved_func != fprobe_handler && ++ fp->ops.saved_func != fprobe_kprobe_handler)) + return -EINVAL; + + /* diff --git a/queue-6.0/tracing-histogram-update-document-for-keys_max-size.patch b/queue-6.0/tracing-histogram-update-document-for-keys_max-size.patch new file mode 100644 index 00000000000..00e2179d879 --- /dev/null +++ b/queue-6.0/tracing-histogram-update-document-for-keys_max-size.patch @@ -0,0 +1,33 @@ +From a635beeacc6d56d2b71c39e6c0103f85b53d108e Mon Sep 17 00:00:00 2001 +From: Zheng Yejian +Date: Mon, 17 Oct 2022 10:38:06 +0000 +Subject: tracing/histogram: Update document for KEYS_MAX size + +From: Zheng Yejian + +commit a635beeacc6d56d2b71c39e6c0103f85b53d108e upstream. + +After commit 4f36c2d85ced ("tracing: Increase tracing map KEYS_MAX size"), +'keys' supports up to three fields. + +Signed-off-by: Zheng Yejian +Cc: stable@vger.kernel.org +Acked-by: Masami Hiramatsu (Google) +Link: https://lore.kernel.org/r/20221017103806.2479139-1-zhengyejian1@huawei.com +Signed-off-by: Jonathan Corbet +Signed-off-by: Greg Kroah-Hartman +--- + Documentation/trace/histogram.rst | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/Documentation/trace/histogram.rst ++++ b/Documentation/trace/histogram.rst +@@ -39,7 +39,7 @@ Documentation written by Tom Zanussi + will use the event's kernel stacktrace as the key. The keywords + 'keys' or 'key' can be used to specify keys, and the keywords + 'values', 'vals', or 'val' can be used to specify values. Compound +- keys consisting of up to two fields can be specified by the 'keys' ++ keys consisting of up to three fields can be specified by the 'keys' + keyword. Hashing a compound key produces a unique entry in the + table for each unique combination of component keys, and can be + useful for providing more fine-grained summaries of event data. diff --git a/queue-6.0/tracing-kprobe-fix-memory-leak-in-test_gen_kprobe-kretprobe_cmd.patch b/queue-6.0/tracing-kprobe-fix-memory-leak-in-test_gen_kprobe-kretprobe_cmd.patch new file mode 100644 index 00000000000..ac05821e2f8 --- /dev/null +++ b/queue-6.0/tracing-kprobe-fix-memory-leak-in-test_gen_kprobe-kretprobe_cmd.patch @@ -0,0 +1,114 @@ +From 66f0919c953ef7b55e5ab94389a013da2ce80a2c Mon Sep 17 00:00:00 2001 +From: Shang XiaoJing +Date: Wed, 2 Nov 2022 15:29:54 +0800 +Subject: tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd() + +From: Shang XiaoJing + +commit 66f0919c953ef7b55e5ab94389a013da2ce80a2c upstream. + +test_gen_kprobe_cmd() only free buf in fail path, hence buf will leak +when there is no failure. Move kfree(buf) from fail path to common path +to prevent the memleak. The same reason and solution in +test_gen_kretprobe_cmd(). + +unreferenced object 0xffff888143b14000 (size 2048): + comm "insmod", pid 52490, jiffies 4301890980 (age 40.553s) + hex dump (first 32 bytes): + 70 3a 6b 70 72 6f 62 65 73 2f 67 65 6e 5f 6b 70 p:kprobes/gen_kp + 72 6f 62 65 5f 74 65 73 74 20 64 6f 5f 73 79 73 robe_test do_sys + backtrace: + [<000000006d7b836b>] kmalloc_trace+0x27/0xa0 + [<0000000009528b5b>] 0xffffffffa059006f + [<000000008408b580>] do_one_initcall+0x87/0x2a0 + [<00000000c4980a7e>] do_init_module+0xdf/0x320 + [<00000000d775aad0>] load_module+0x3006/0x3390 + [<00000000e9a74b80>] __do_sys_finit_module+0x113/0x1b0 + [<000000003726480d>] do_syscall_64+0x35/0x80 + [<000000003441e93b>] entry_SYSCALL_64_after_hwframe+0x46/0xb0 + +Link: https://lore.kernel.org/all/20221102072954.26555-1-shangxiaojing@huawei.com/ + +Fixes: 64836248dda2 ("tracing: Add kprobe event command generation test module") +Cc: stable@vger.kernel.org +Signed-off-by: Shang XiaoJing +Acked-by: Masami Hiramatsu (Google) +Signed-off-by: Masami Hiramatsu (Google) +Signed-off-by: Greg Kroah-Hartman +--- + kernel/trace/kprobe_event_gen_test.c | 18 +++++++----------- + 1 file changed, 7 insertions(+), 11 deletions(-) + +--- a/kernel/trace/kprobe_event_gen_test.c ++++ b/kernel/trace/kprobe_event_gen_test.c +@@ -100,20 +100,20 @@ static int __init test_gen_kprobe_cmd(vo + KPROBE_GEN_TEST_FUNC, + KPROBE_GEN_TEST_ARG0, KPROBE_GEN_TEST_ARG1); + if (ret) +- goto free; ++ goto out; + + /* Use kprobe_event_add_fields to add the rest of the fields */ + + ret = kprobe_event_add_fields(&cmd, KPROBE_GEN_TEST_ARG2, KPROBE_GEN_TEST_ARG3); + if (ret) +- goto free; ++ goto out; + + /* + * This actually creates the event. + */ + ret = kprobe_event_gen_cmd_end(&cmd); + if (ret) +- goto free; ++ goto out; + + /* + * Now get the gen_kprobe_test event file. We need to prevent +@@ -136,13 +136,11 @@ static int __init test_gen_kprobe_cmd(vo + goto delete; + } + out: ++ kfree(buf); + return ret; + delete: + /* We got an error after creating the event, delete it */ + ret = kprobe_event_delete("gen_kprobe_test"); +- free: +- kfree(buf); +- + goto out; + } + +@@ -170,14 +168,14 @@ static int __init test_gen_kretprobe_cmd + KPROBE_GEN_TEST_FUNC, + "$retval"); + if (ret) +- goto free; ++ goto out; + + /* + * This actually creates the event. + */ + ret = kretprobe_event_gen_cmd_end(&cmd); + if (ret) +- goto free; ++ goto out; + + /* + * Now get the gen_kretprobe_test event file. We need to +@@ -201,13 +199,11 @@ static int __init test_gen_kretprobe_cmd + goto delete; + } + out: ++ kfree(buf); + return ret; + delete: + /* We got an error after creating the event, delete it */ + ret = kprobe_event_delete("gen_kretprobe_test"); +- free: +- kfree(buf); +- + goto out; + } + -- 2.47.3