--- /dev/null
+From 71c50f31eec27477c97287aa5a068c04e921be6b Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 2 Jun 2020 15:47:39 -0700
+Subject: kgdb: Avoid suspicious RCU usage warning
+
+From: Douglas Anderson <dianders@chromium.org>
+
+[ Upstream commit 440ab9e10e2e6e5fd677473ee6f9e3af0f6904d6 ]
+
+At times when I'm using kgdb I see a splat on my console about
+suspicious RCU usage. I managed to come up with a case that could
+reproduce this that looked like this:
+
+ WARNING: suspicious RCU usage
+ 5.7.0-rc4+ #609 Not tainted
+ -----------------------------
+ kernel/pid.c:395 find_task_by_pid_ns() needs rcu_read_lock() protection!
+
+ other info that might help us debug this:
+
+ rcu_scheduler_active = 2, debug_locks = 1
+ 3 locks held by swapper/0/1:
+ #0: ffffff81b6b8e988 (&dev->mutex){....}-{3:3}, at: __device_attach+0x40/0x13c
+ #1: ffffffd01109e9e8 (dbg_master_lock){....}-{2:2}, at: kgdb_cpu_enter+0x20c/0x7ac
+ #2: ffffffd01109ea90 (dbg_slave_lock){....}-{2:2}, at: kgdb_cpu_enter+0x3ec/0x7ac
+
+ stack backtrace:
+ CPU: 7 PID: 1 Comm: swapper/0 Not tainted 5.7.0-rc4+ #609
+ Hardware name: Google Cheza (rev3+) (DT)
+ Call trace:
+ dump_backtrace+0x0/0x1b8
+ show_stack+0x1c/0x24
+ dump_stack+0xd4/0x134
+ lockdep_rcu_suspicious+0xf0/0x100
+ find_task_by_pid_ns+0x5c/0x80
+ getthread+0x8c/0xb0
+ gdb_serial_stub+0x9d4/0xd04
+ kgdb_cpu_enter+0x284/0x7ac
+ kgdb_handle_exception+0x174/0x20c
+ kgdb_brk_fn+0x24/0x30
+ call_break_hook+0x6c/0x7c
+ brk_handler+0x20/0x5c
+ do_debug_exception+0x1c8/0x22c
+ el1_sync_handler+0x3c/0xe4
+ el1_sync+0x7c/0x100
+ rpmh_rsc_probe+0x38/0x420
+ platform_drv_probe+0x94/0xb4
+ really_probe+0x134/0x300
+ driver_probe_device+0x68/0x100
+ __device_attach_driver+0x90/0xa8
+ bus_for_each_drv+0x84/0xcc
+ __device_attach+0xb4/0x13c
+ device_initial_probe+0x18/0x20
+ bus_probe_device+0x38/0x98
+ device_add+0x38c/0x420
+
+If I understand properly we should just be able to blanket kgdb under
+one big RCU read lock and the problem should go away. We'll add it to
+the beast-of-a-function known as kgdb_cpu_enter().
+
+With this I no longer get any splats and things seem to work fine.
+
+Signed-off-by: Douglas Anderson <dianders@chromium.org>
+Link: https://lore.kernel.org/r/20200602154729.v2.1.I70e0d4fd46d5ed2aaf0c98a355e8e1b7a5bb7e4e@changeid
+Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ kernel/debug/debug_core.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/kernel/debug/debug_core.c b/kernel/debug/debug_core.c
+index 9c939c6bf21cb..321ccdbb73649 100644
+--- a/kernel/debug/debug_core.c
++++ b/kernel/debug/debug_core.c
+@@ -488,6 +488,7 @@ static int kgdb_cpu_enter(struct kgdb_state *ks, struct pt_regs *regs,
+ arch_kgdb_ops.disable_hw_break(regs);
+
+ acquirelock:
++ rcu_read_lock();
+ /*
+ * Interrupts will be restored by the 'trap return' code, except when
+ * single stepping.
+@@ -542,6 +543,7 @@ return_normal:
+ atomic_dec(&slaves_in_kgdb);
+ dbg_touch_watchdogs();
+ local_irq_restore(flags);
++ rcu_read_unlock();
+ return 0;
+ }
+ cpu_relax();
+@@ -560,6 +562,7 @@ return_normal:
+ raw_spin_unlock(&dbg_master_lock);
+ dbg_touch_watchdogs();
+ local_irq_restore(flags);
++ rcu_read_unlock();
+
+ goto acquirelock;
+ }
+@@ -677,6 +680,7 @@ kgdb_restore:
+ raw_spin_unlock(&dbg_master_lock);
+ dbg_touch_watchdogs();
+ local_irq_restore(flags);
++ rcu_read_unlock();
+
+ return kgdb_info[cpu].ret_state;
+ }
+--
+2.25.1
+
--- /dev/null
+From 04c79726c664ca61513372a820b82421e3427d28 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 1 Jun 2020 21:45:57 -0700
+Subject: mm/slub: fix stack overruns with SLUB_STATS
+
+From: Qian Cai <cai@lca.pw>
+
+[ Upstream commit a68ee0573991e90af2f1785db309206408bad3e5 ]
+
+There is no need to copy SLUB_STATS items from root memcg cache to new
+memcg cache copies. Doing so could result in stack overruns because the
+store function only accepts 0 to clear the stat and returns an error for
+everything else while the show method would print out the whole stat.
+
+Then, the mismatch of the lengths returns from show and store methods
+happens in memcg_propagate_slab_attrs():
+
+ else if (root_cache->max_attr_size < ARRAY_SIZE(mbuf))
+ buf = mbuf;
+
+max_attr_size is only 2 from slab_attr_store(), then, it uses mbuf[64]
+in show_stat() later where a bounch of sprintf() would overrun the stack
+variable. Fix it by always allocating a page of buffer to be used in
+show_stat() if SLUB_STATS=y which should only be used for debug purpose.
+
+ # echo 1 > /sys/kernel/slab/fs_cache/shrink
+ BUG: KASAN: stack-out-of-bounds in number+0x421/0x6e0
+ Write of size 1 at addr ffffc900256cfde0 by task kworker/76:0/53251
+
+ Hardware name: HPE ProLiant DL385 Gen10/ProLiant DL385 Gen10, BIOS A40 07/10/2019
+ Workqueue: memcg_kmem_cache memcg_kmem_cache_create_func
+ Call Trace:
+ number+0x421/0x6e0
+ vsnprintf+0x451/0x8e0
+ sprintf+0x9e/0xd0
+ show_stat+0x124/0x1d0
+ alloc_slowpath_show+0x13/0x20
+ __kmem_cache_create+0x47a/0x6b0
+
+ addr ffffc900256cfde0 is located in stack of task kworker/76:0/53251 at offset 0 in frame:
+ process_one_work+0x0/0xb90
+
+ this frame has 1 object:
+ [32, 72) 'lockdep_map'
+
+ Memory state around the buggy address:
+ ffffc900256cfc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ ffffc900256cfd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ >ffffc900256cfd80: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
+ ^
+ ffffc900256cfe00: 00 00 00 00 00 f2 f2 f2 00 00 00 00 00 00 00 00
+ ffffc900256cfe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ ==================================================================
+ Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: __kmem_cache_create+0x6ac/0x6b0
+ Workqueue: memcg_kmem_cache memcg_kmem_cache_create_func
+ Call Trace:
+ __kmem_cache_create+0x6ac/0x6b0
+
+Fixes: 107dab5c92d5 ("slub: slub-specific propagation changes")
+Signed-off-by: Qian Cai <cai@lca.pw>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Cc: Glauber Costa <glauber@scylladb.com>
+Cc: Christoph Lameter <cl@linux.com>
+Cc: Pekka Enberg <penberg@kernel.org>
+Cc: David Rientjes <rientjes@google.com>
+Cc: Joonsoo Kim <iamjoonsoo.kim@lge.com>
+Link: http://lkml.kernel.org/r/20200429222356.4322-1-cai@lca.pw
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ mm/slub.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/mm/slub.c b/mm/slub.c
+index bb5237c67cbc9..a3870034bfcc4 100644
+--- a/mm/slub.c
++++ b/mm/slub.c
+@@ -5305,7 +5305,8 @@ static void memcg_propagate_slab_attrs(struct kmem_cache *s)
+ */
+ if (buffer)
+ buf = buffer;
+- else if (root_cache->max_attr_size < ARRAY_SIZE(mbuf))
++ else if (root_cache->max_attr_size < ARRAY_SIZE(mbuf) &&
++ !IS_ENABLED(CONFIG_SLUB_STATS))
+ buf = mbuf;
+ else {
+ buffer = (char *) get_zeroed_page(GFP_KERNEL);
+--
+2.25.1
+
btrfs-fix-data-block-group-relocation-failure-due-to.patch
mm-fix-swap-cache-node-allocation-mask.patch
edac-amd64-read-back-the-scrub-rate-pci-register-on-.patch
+mm-slub-fix-stack-overruns-with-slub_stats.patch
+usb-usbtest-fix-missing-kfree-dev-buf-in-usbtest_dis.patch
+kgdb-avoid-suspicious-rcu-usage-warning.patch
--- /dev/null
+From ddc7b21efa57b9719ca0e7048763d066f5c4c763 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 12 Jun 2020 11:52:10 +0800
+Subject: usb: usbtest: fix missing kfree(dev->buf) in usbtest_disconnect
+
+From: Zqiang <qiang.zhang@windriver.com>
+
+[ Upstream commit 28ebeb8db77035e058a510ce9bd17c2b9a009dba ]
+
+BUG: memory leak
+unreferenced object 0xffff888055046e00 (size 256):
+ comm "kworker/2:9", pid 2570, jiffies 4294942129 (age 1095.500s)
+ hex dump (first 32 bytes):
+ 00 70 04 55 80 88 ff ff 18 bb 5a 81 ff ff ff ff .p.U......Z.....
+ f5 96 78 81 ff ff ff ff 37 de 8e 81 ff ff ff ff ..x.....7.......
+ backtrace:
+ [<00000000d121dccf>] kmemleak_alloc_recursive
+include/linux/kmemleak.h:43 [inline]
+ [<00000000d121dccf>] slab_post_alloc_hook mm/slab.h:586 [inline]
+ [<00000000d121dccf>] slab_alloc_node mm/slub.c:2786 [inline]
+ [<00000000d121dccf>] slab_alloc mm/slub.c:2794 [inline]
+ [<00000000d121dccf>] kmem_cache_alloc_trace+0x15e/0x2d0 mm/slub.c:2811
+ [<000000005c3c3381>] kmalloc include/linux/slab.h:555 [inline]
+ [<000000005c3c3381>] usbtest_probe+0x286/0x19d0
+drivers/usb/misc/usbtest.c:2790
+ [<000000001cec6910>] usb_probe_interface+0x2bd/0x870
+drivers/usb/core/driver.c:361
+ [<000000007806c118>] really_probe+0x48d/0x8f0 drivers/base/dd.c:551
+ [<00000000a3308c3e>] driver_probe_device+0xfc/0x2a0 drivers/base/dd.c:724
+ [<000000003ef66004>] __device_attach_driver+0x1b6/0x240
+drivers/base/dd.c:831
+ [<00000000eee53e97>] bus_for_each_drv+0x14e/0x1e0 drivers/base/bus.c:431
+ [<00000000bb0648d0>] __device_attach+0x1f9/0x350 drivers/base/dd.c:897
+ [<00000000838b324a>] device_initial_probe+0x1a/0x20 drivers/base/dd.c:944
+ [<0000000030d501c1>] bus_probe_device+0x1e1/0x280 drivers/base/bus.c:491
+ [<000000005bd7adef>] device_add+0x131d/0x1c40 drivers/base/core.c:2504
+ [<00000000a0937814>] usb_set_configuration+0xe84/0x1ab0
+drivers/usb/core/message.c:2030
+ [<00000000e3934741>] generic_probe+0x6a/0xe0 drivers/usb/core/generic.c:210
+ [<0000000098ade0f1>] usb_probe_device+0x90/0xd0
+drivers/usb/core/driver.c:266
+ [<000000007806c118>] really_probe+0x48d/0x8f0 drivers/base/dd.c:551
+ [<00000000a3308c3e>] driver_probe_device+0xfc/0x2a0 drivers/base/dd.c:724
+
+Acked-by: Alan Stern <stern@rowland.harvard.edu>
+Reported-by: Kyungtae Kim <kt0755@gmail.com>
+Signed-off-by: Zqiang <qiang.zhang@windriver.com>
+Link: https://lore.kernel.org/r/20200612035210.20494-1-qiang.zhang@windriver.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/usb/misc/usbtest.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/usb/misc/usbtest.c b/drivers/usb/misc/usbtest.c
+index bc92a498ec03d..9f19aa950bb19 100644
+--- a/drivers/usb/misc/usbtest.c
++++ b/drivers/usb/misc/usbtest.c
+@@ -2703,6 +2703,7 @@ static void usbtest_disconnect(struct usb_interface *intf)
+
+ usb_set_intfdata(intf, NULL);
+ dev_dbg(&intf->dev, "disconnect\n");
++ kfree(dev->buf);
+ kfree(dev);
+ }
+
+--
+2.25.1
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
