[pull] master from torvalds:master #75
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![pull[bot]](https://avatars.githubusercontent.com/in/12910?s=60&v=4){kind=small}
CONFIG_OF_DYNAMIC and CONFIG_ACPI allow adding SPI devices at runtime using a DeviceTree overlay or DSDT patch. CONFIG_SPI_SLAVE allows the same via sysfs. But there are no precautions to prevent adding a device below a controller that's being removed. Such a device is unusable and may not even be able to unbind cleanly as it becomes inaccessible once the controller has been torn down. E.g. it is then impossible to quiesce the device's interrupt. of_spi_notify() and acpi_spi_notify() do hold a ref on the controller, but otherwise run lockless against spi_unregister_controller(). Fix by holding the spi_add_lock in spi_unregister_controller() and bailing out of spi_add_device() if the controller has been unregistered concurrently. Fixes: ce79d54 ("spi/of: Add OF notifier handler") Signed-off-by: Lukas Wunner <lukas@wunner.de> Cc: stable@vger.kernel.org # v3.19+ Cc: Geert Uytterhoeven <geert+renesas@glider.be> Cc: Octavian Purdila <octavian.purdila@intel.com> Cc: Pantelis Antoniou <pantelis.antoniou@konsulko.com> Link: https://lore.kernel.org/r/a8c3205088a969dc8410eec1eba9aface60f36af.1596451035.git.lukas@wunner.de Signed-off-by: Mark Brown <broonie@kernel.org>
Previously the stm32h7 interrupt thread cleared all non-masked interrupts. If an interrupt was to occur during the handling of another interrupt its flag would be unset, resulting in a lost interrupt. This patches fixes the issue by clearing only the currently set interrupt flags. Signed-off-by: Tobias Schramm <t.schramm@manjaro.org> Link: https://lore.kernel.org/r/20200804195136.1485392-1-t.schramm@manjaro.org Signed-off-by: Mark Brown <broonie@kernel.org>
The caller of stm32_spi_transfer_one(), spi_transfer_one_message(), is waiting for us to call spi_finalize_current_transfer() and will eventually schedule a new transfer, if available. We should guarantee that the spi controller is really available before calling spi_finalize_current_transfer(). Move the call to spi_finalize_current_transfer() _after_ the call to stm32_spi_disable(). Signed-off-by: Antonio Borneo <antonio.borneo@st.com> Signed-off-by: Alain Volmat <alain.volmat@st.com> Link: https://lore.kernel.org/r/1597043558-29668-2-git-send-email-alain.volmat@st.com Signed-off-by: Mark Brown <broonie@kernel.org>
When transfer is shorter than half of the fifo, set the data packet size up to transfer size instead of up to half of the fifo. Check also that threshold is set at least to 1 data frame. Signed-off-by: Amelie Delaunay <amelie.delaunay@st.com> Signed-off-by: Alain Volmat <alain.volmat@st.com> Link: https://lore.kernel.org/r/1597043558-29668-3-git-send-email-alain.volmat@st.com Signed-off-by: Mark Brown <broonie@kernel.org>
Fix spi->clk_rate when it is odd to the nearest lowest even value because minimum SPI divider is 2. Signed-off-by: Amelie Delaunay <amelie.delaunay@st.com> Signed-off-by: Alain Volmat <alain.volmat@st.com> Link: https://lore.kernel.org/r/1597043558-29668-4-git-send-email-alain.volmat@st.com Signed-off-by: Mark Brown <broonie@kernel.org>
This patch adds pinctrl power management, and reconfigure spi controller in case of resume. Fixes: 038ac86 ("spi: stm32: add runtime PM support") Signed-off-by: Amelie Delaunay <amelie.delaunay@st.com> Signed-off-by: Alain Volmat <alain.volmat@st.com> Link: https://lore.kernel.org/r/1597043558-29668-5-git-send-email-alain.volmat@st.com Signed-off-by: Mark Brown <broonie@kernel.org>
SPI registers content may have been lost upon suspend/resume sequence. So, always compute and apply the necessary configuration in stm32_spi_transfer_one_setup routine. Signed-off-by: Alain Volmat <alain.volmat@st.com> Link: https://lore.kernel.org/r/1597043558-29668-6-git-send-email-alain.volmat@st.com Signed-off-by: Mark Brown <broonie@kernel.org>
…-sel
When running "make dt_binding_check" (even if restricted to an unrelated
binding document using DT_SCHEMA_FILES=...):
Documentation/devicetree/bindings/spi/spi-fsl-lpspi.yaml: ignoring, error in schema: properties: fsl,spi-only-use-cs1-sel
warning: no schema found in file: Documentation/devicetree/bindings/spi/spi-fsl-lpspi.yaml
Fix this by adding a proper type definition for the vendor-specific
fsl,spi-only-use-cs1-sel property.
Fixes: 7ac9bbf ("dt-bindings: lpspi: New property in document DT bindings for LPSPI")
Suggested-by: Rob Herring <robh+dt@kernel.org>
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Link: https://lore.kernel.org/r/20200807121057.14204-1-geert+renesas@glider.be
Signed-off-by: Mark Brown <broonie@kernel.org>
…ain.volmat@st.com>: This serie is a reduced version of the serie [spi: stm32: various driver enhancements] previously sent. Alain Volmat (1): spi: stm32: always perform registers configuration prior to transfer Amelie Delaunay (3): spi: stm32: fix fifo threshold level in case of short transfer spi: stm32: fix stm32_spi_prepare_mbr in case of odd clk_rate spi: stm32: fixes suspend/resume management Antonio Borneo (1): spi: stm32h7: fix race condition at end of transfer drivers/spi/spi-stm32.c | 98 ++++++++++++++++++++++++++++++------------------- 1 file changed, 61 insertions(+), 37 deletions(-) -- v2: fix conditional statement within [spi: stm32: fix fifo threshold level in case of short transfer] _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
IA-64 is special and treats pgd_offset_k() differently to pgd_offset(), using different formulae to calculate the indices into the kernel and user PGDs. The index into the user PGDs takes into account the region number, but the index into the kernel (init_mm) PGD always assumes a predefined kernel region number. Commit 974b9b2 ("mm: consolidate pte_index() and pte_offset_*() definitions") made IA-64 use a generic pgd_offset_k() which incorrectly used pgd_index() for kernel page tables. As a result, the index into the kernel PGD was going out of bounds and the kernel hung during early boot. Allow overrides of pgd_offset_k() and override it on IA-64 with the old implementation that will correctly index the kernel PGD. Fixes: 974b9b2 ("mm: consolidate pte_index() and pte_offset_*() definitions") Reported-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> Signed-off-by: Jessica Clarke <jrtc27@jrtc27.com> Tested-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de> Acked-by: Tony Luck <tony.luck@intel.com> Signed-off-by: Mike Rapoport <rppt@linux.ibm.com>
Recently we found regression when running will_it_scale/page_fault3 test on ARM64. Over 70% down for the multi processes cases and over 20% down for the multi threads cases. It turns out the regression is caused by commit 89b1533 ("mm: drop mmap_sem before calling balance_dirty_pages() in write fault"). The test mmaps a memory size file then write to the mapping, this would make all memory dirty and trigger dirty pages throttle, that upstream commit would release mmap_sem then retry the page fault. The retried page fault would see correct PTEs installed then just fall through to spurious TLB flush. The regression is caused by the excessive spurious TLB flush. It is fine on x86 since x86's spurious TLB flush is no-op. We could just skip the spurious TLB flush to mitigate the regression. Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> Reported-by: Xu Yu <xuyu@linux.alibaba.com> Debugged-by: Xu Yu <xuyu@linux.alibaba.com> Tested-by: Xu Yu <xuyu@linux.alibaba.com> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: Will Deacon <will.deacon@arm.com> Cc: <stable@vger.kernel.org> Signed-off-by: Yang Shi <shy828301@gmail.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
…rnel/git/rppt/memblock Pull ia64 page table fix from Mike Rapoport: "Fix regression in IA-64 caused by page table allocation refactoring The refactoring and consolidation of <asm/pgalloc.h> caused regression on parisc and ia64. The fix for parisc made it into v5.9-rc1 while the fix ia64 got delayed a bit and here it is" * tag 'fixes-2020-08-18' of git://git.kernel.org/pub/scm/linux/kernel/git/rppt/memblock: arch/ia64: Restore arch-specific pgd_offset_k implementation
…rnel/git/broonie/spi Pull spi fixes from Mark Brown: "A bunch of fixes that came in for SPI during the merge window. Some from ST and others for their controller, one from Lukas for a race between device addition and controller unregistration and one from fix from Geert for the DT bindings which unbreaks validation" * tag 'spi-fix-v5.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi: dt-bindings: lpspi: Add missing boolean type for fsl,spi-only-use-cs1-sel spi: stm32: always perform registers configuration prior to transfer spi: stm32: fixes suspend/resume management spi: stm32: fix stm32_spi_prepare_mbr in case of odd clk_rate spi: stm32: fix fifo threshold level in case of short transfer spi: stm32h7: fix race condition at end of transfer spi: stm32: clear only asserted irq flags on interrupt spi: Prevent adding devices below an unregistering controller
pull bot
pushed a commit
that referenced
this pull request
Dec 16, 2020
There are about 100,000 uses of 'static const <type>' but about 400 uses of 'static <type> const' in the kernel where type is not a pointer. The kernel almost always uses "static const" over "const static" as there is a compiler warning for that declaration style. But there is no compiler warning for "static <type> const". So add a checkpatch warning for the atypical declaration uses of. const static <type> <foo> and static <type> const <foo> For example: $ ./scripts/checkpatch.pl -f --emacs --quiet --nosummary -types=static_const arch/arm/crypto/aes-ce-glue.c arch/arm/crypto/aes-ce-glue.c:75: WARNING: Move const after static - use 'static const u8' #75: FILE: arch/arm/crypto/aes-ce-glue.c:75: + static u8 const rcon[] = { Link: https://lkml.kernel.org/r/4b863be68e679546b40d50b97a4a806c03056a1c.camel@perches.com Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
pull bot
pushed a commit
that referenced
this pull request
Jan 28, 2021
…abled When booting a kernel which has been built with CONFIG_AMD_MEM_ENCRYPT enabled as a Xen pv guest a warning is issued for each processor: [ 5.964347] ------------[ cut here ]------------ [ 5.968314] WARNING: CPU: 0 PID: 1 at /home/gross/linux/head/arch/x86/xen/enlighten_pv.c:660 get_trap_addr+0x59/0x90 [ 5.972321] Modules linked in: [ 5.976313] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W 5.11.0-rc5-default #75 [ 5.980313] Hardware name: Dell Inc. OptiPlex 9020/0PC5F7, BIOS A05 12/05/2013 [ 5.984313] RIP: e030:get_trap_addr+0x59/0x90 [ 5.988313] Code: 42 10 83 f0 01 85 f6 74 04 84 c0 75 1d b8 01 00 00 00 c3 48 3d 00 80 83 82 72 08 48 3d 20 81 83 82 72 0c b8 01 00 00 00 eb db <0f> 0b 31 c0 c3 48 2d 00 80 83 82 48 ba 72 1c c7 71 1c c7 71 1c 48 [ 5.992313] RSP: e02b:ffffc90040033d38 EFLAGS: 00010202 [ 5.996313] RAX: 0000000000000001 RBX: ffffffff82a141d0 RCX: ffffffff8222ec38 [ 6.000312] RDX: ffffffff8222ec38 RSI: 0000000000000005 RDI: ffffc90040033d40 [ 6.004313] RBP: ffff8881003984a0 R08: 0000000000000007 R09: ffff888100398000 [ 6.008312] R10: 0000000000000007 R11: ffffc90040246000 R12: ffff8884082182a8 [ 6.012313] R13: 0000000000000100 R14: 000000000000001d R15: ffff8881003982d0 [ 6.016316] FS: 0000000000000000(0000) GS:ffff888408200000(0000) knlGS:0000000000000000 [ 6.020313] CS: e030 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 6.024313] CR2: ffffc900020ef000 CR3: 000000000220a000 CR4: 0000000000050660 [ 6.028314] Call Trace: [ 6.032313] cvt_gate_to_trap.part.7+0x3f/0x90 [ 6.036313] ? asm_exc_double_fault+0x30/0x30 [ 6.040313] xen_convert_trap_info+0x87/0xd0 [ 6.044313] xen_pv_cpu_up+0x17a/0x450 [ 6.048313] bringup_cpu+0x2b/0xc0 [ 6.052313] ? cpus_read_trylock+0x50/0x50 [ 6.056313] cpuhp_invoke_callback+0x80/0x4c0 [ 6.060313] _cpu_up+0xa7/0x140 [ 6.064313] cpu_up+0x98/0xd0 [ 6.068313] bringup_nonboot_cpus+0x4f/0x60 [ 6.072313] smp_init+0x26/0x79 [ 6.076313] kernel_init_freeable+0x103/0x258 [ 6.080313] ? rest_init+0xd0/0xd0 [ 6.084313] kernel_init+0xa/0x110 [ 6.088313] ret_from_fork+0x1f/0x30 [ 6.092313] ---[ end trace be9ecf17dceeb4f3 ]--- Reason is that there is no Xen pv trap entry for X86_TRAP_VC. Fix that by adding a generic trap handler for unknown traps and wire all unknown bare metal handlers to this generic handler, which will just crash the system in case such a trap will ever happen. Fixes: 0786138 ("x86/sev-es: Add a Runtime #VC Exception Handler") Cc: <stable@vger.kernel.org> # v5.10 Signed-off-by: Juergen Gross <jgross@suse.com> Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com> Signed-off-by: Juergen Gross <jgross@suse.com>
pull bot
pushed a commit
that referenced
this pull request
Jul 3, 2021
The "auxtrace_info" and "auxtrace" functions are not set in "tool" member of
"annotate". As a result, perf annotate does not support parsing itrace data.
Before:
# perf record -e arm_spe_0/branch_filter=1/ -a sleep 1
[ perf record: Woken up 9 times to write data ]
[ perf record: Captured and wrote 20.874 MB perf.data ]
# perf annotate --stdio
Error:
The perf.data data has no samples!
Solution:
1. Add itrace options in help,
2. Set hook functions of "id_index", "auxtrace_info" and "auxtrace" in perf_tool.
After:
# perf record --all-user -e arm_spe_0/branch_filter=1/ ls
Couldn't synthesize bpf events.
perf.data
[ perf record: Woken up 1 times to write data ]
[ perf record: Captured and wrote 0.010 MB perf.data ]
# perf annotate --stdio
Percent | Source code & Disassembly of libc-2.28.so for branch-miss (1 samples, percent: local period)
------------------------------------------------------------------------------------------------------------
:
:
:
: Disassembly of section .text:
:
: 0000000000066180 <__getdelim@@GLIBC_2.17>:
0.00 : 66180: stp x29, x30, [sp, #-96]!
0.00 : 66184: cmp x0, #0x0
0.00 : 66188: ccmp x1, #0x0, #0x4, ne // ne = any
0.00 : 6618c: mov x29, sp
0.00 : 66190: stp x24, x25, [sp, #56]
0.00 : 66194: stp x26, x27, [sp, #72]
0.00 : 66198: str x28, [sp, #88]
0.00 : 6619c: b.eq 66450 <__getdelim@@GLIBC_2.17+0x2d0> // b.none
0.00 : 661a0: stp x22, x23, [x29, #40]
0.00 : 661a4: mov x22, x1
0.00 : 661a8: ldr w1, [x3]
0.00 : 661ac: mov w23, w2
0.00 : 661b0: stp x20, x21, [x29, #24]
0.00 : 661b4: mov x20, x3
0.00 : 661b8: mov x21, x0
0.00 : 661bc: tbnz w1, #15, 66360 <__getdelim@@GLIBC_2.17+0x1e0>
0.00 : 661c0: ldr x0, [x3, #136]
0.00 : 661c4: ldr x2, [x0, #8]
0.00 : 661c8: str x19, [x29, #16]
0.00 : 661cc: mrs x19, tpidr_el0
0.00 : 661d0: sub x19, x19, #0x700
0.00 : 661d4: cmp x2, x19
0.00 : 661d8: b.eq 663f0 <__getdelim@@GLIBC_2.17+0x270> // b.none
0.00 : 661dc: mov w1, #0x1 // #1
0.00 : 661e0: ldaxr w2, [x0]
0.00 : 661e4: cmp w2, #0x0
0.00 : 661e8: b.ne 661f4 <__getdelim@@GLIBC_2.17+0x74> // b.any
0.00 : 661ec: stxr w3, w1, [x0]
0.00 : 661f0: cbnz w3, 661e0 <__getdelim@@GLIBC_2.17+0x60>
0.00 : 661f4: b.ne 66448 <__getdelim@@GLIBC_2.17+0x2c8> // b.any
0.00 : 661f8: ldr x0, [x20, #136]
0.00 : 661fc: ldr w1, [x20]
0.00 : 66200: ldr w2, [x0, #4]
0.00 : 66204: str x19, [x0, #8]
0.00 : 66208: add w2, w2, #0x1
0.00 : 6620c: str w2, [x0, #4]
0.00 : 66210: tbnz w1, #5, 66388 <__getdelim@@GLIBC_2.17+0x208>
0.00 : 66214: ldr x19, [x29, #16]
0.00 : 66218: ldr x0, [x21]
0.00 : 6621c: cbz x0, 66228 <__getdelim@@GLIBC_2.17+0xa8>
0.00 : 66220: ldr x0, [x22]
0.00 : 66224: cbnz x0, 6623c <__getdelim@@GLIBC_2.17+0xbc>
0.00 : 66228: mov x0, #0x78 // #120
0.00 : 6622c: str x0, [x22]
0.00 : 66230: bl 20710 <malloc@plt>
0.00 : 66234: str x0, [x21]
0.00 : 66238: cbz x0, 66428 <__getdelim@@GLIBC_2.17+0x2a8>
0.00 : 6623c: ldr x27, [x20, #8]
0.00 : 66240: str x19, [x29, #16]
0.00 : 66244: ldr x19, [x20, #16]
0.00 : 66248: sub x19, x19, x27
0.00 : 6624c: cmp x19, #0x0
0.00 : 66250: b.le 66398 <__getdelim@@GLIBC_2.17+0x218>
0.00 : 66254: mov x25, #0x0 // #0
0.00 : 66258: b 662d8 <__getdelim@@GLIBC_2.17+0x158>
0.00 : 6625c: nop
0.00 : 66260: add x24, x19, x25
0.00 : 66264: ldr x3, [x22]
0.00 : 66268: add x26, x24, #0x1
0.00 : 6626c: ldr x0, [x21]
0.00 : 66270: cmp x3, x26
0.00 : 66274: b.cs 6629c <__getdelim@@GLIBC_2.17+0x11c> // b.hs, b.nlast
0.00 : 66278: lsl x3, x3, #1
0.00 : 6627c: cmp x3, x26
0.00 : 66280: csel x26, x3, x26, cs // cs = hs, nlast
0.00 : 66284: mov x1, x26
0.00 : 66288: bl 206f0 <realloc@plt>
0.00 : 6628c: cbz x0, 66438 <__getdelim@@GLIBC_2.17+0x2b8>
0.00 : 66290: str x0, [x21]
0.00 : 66294: ldr x27, [x20, #8]
0.00 : 66298: str x26, [x22]
0.00 : 6629c: mov x2, x19
0.00 : 662a0: mov x1, x27
0.00 : 662a4: add x0, x0, x25
0.00 : 662a8: bl 87390 <explicit_bzero@@GLIBC_2.25+0x50>
0.00 : 662ac: ldr x0, [x20, #8]
0.00 : 662b0: add x19, x0, x19
0.00 : 662b4: str x19, [x20, #8]
0.00 : 662b8: cbnz x28, 66410 <__getdelim@@GLIBC_2.17+0x290>
0.00 : 662bc: mov x0, x20
0.00 : 662c0: bl 73b80 <__underflow@@GLIBC_2.17>
0.00 : 662c4: cmn w0, #0x1
0.00 : 662c8: b.eq 66410 <__getdelim@@GLIBC_2.17+0x290> // b.none
0.00 : 662cc: ldp x27, x19, [x20, #8]
0.00 : 662d0: mov x25, x24
0.00 : 662d4: sub x19, x19, x27
0.00 : 662d8: mov x2, x19
0.00 : 662dc: mov w1, w23
0.00 : 662e0: mov x0, x27
0.00 : 662e4: bl 807b0 <memchr@@GLIBC_2.17>
0.00 : 662e8: cmp x0, #0x0
0.00 : 662ec: mov x28, x0
0.00 : 662f0: sub x0, x0, x27
0.00 : 662f4: csinc x19, x19, x0, eq // eq = none
0.00 : 662f8: mov x0, #0x7fffffffffffffff // #9223372036854775807
0.00 : 662fc: sub x0, x0, x25
0.00 : 66300: cmp x19, x0
0.00 : 66304: b.lt 66260 <__getdelim@@GLIBC_2.17+0xe0> // b.tstop
0.00 : 66308: adrp x0, 17f000 <sys_sigabbrev@@GLIBC_2.17+0x320>
0.00 : 6630c: ldr x0, [x0, #3624]
0.00 : 66310: mrs x2, tpidr_el0
0.00 : 66314: ldr x19, [x29, #16]
0.00 : 66318: mov w3, #0x4b // #75
0.00 : 6631c: ldr w1, [x20]
0.00 : 66320: mov x24, #0xffffffffffffffff // #-1
0.00 : 66324: str w3, [x2, x0]
0.00 : 66328: tbnz w1, #15, 66340 <__getdelim@@GLIBC_2.17+0x1c0>
0.00 : 6632c: ldr x0, [x20, #136]
0.00 : 66330: ldr w1, [x0, #4]
0.00 : 66334: sub w1, w1, #0x1
0.00 : 66338: str w1, [x0, #4]
0.00 : 6633c: cbz w1, 663b8 <__getdelim@@GLIBC_2.17+0x238>
0.00 : 66340: mov x0, x24
0.00 : 66344: ldr x28, [sp, #88]
0.00 : 66348: ldp x20, x21, [x29, #24]
0.00 : 6634c: ldp x22, x23, [x29, #40]
0.00 : 66350: ldp x24, x25, [sp, #56]
0.00 : 66354: ldp x26, x27, [sp, #72]
0.00 : 66358: ldp x29, x30, [sp], #96
0.00 : 6635c: ret
100.00 : 66360: tbz w1, #5, 66218 <__getdelim@@GLIBC_2.17+0x98>
0.00 : 66364: ldp x20, x21, [x29, #24]
0.00 : 66368: mov x24, #0xffffffffffffffff // #-1
0.00 : 6636c: ldp x22, x23, [x29, #40]
0.00 : 66370: mov x0, x24
0.00 : 66374: ldp x24, x25, [sp, #56]
0.00 : 66378: ldp x26, x27, [sp, #72]
0.00 : 6637c: ldr x28, [sp, #88]
0.00 : 66380: ldp x29, x30, [sp], #96
0.00 : 66384: ret
0.00 : 66388: mov x24, #0xffffffffffffffff // #-1
0.00 : 6638c: ldr x19, [x29, #16]
0.00 : 66390: b 66328 <__getdelim@@GLIBC_2.17+0x1a8>
0.00 : 66394: nop
0.00 : 66398: mov x0, x20
0.00 : 6639c: bl 73b80 <__underflow@@GLIBC_2.17>
0.00 : 663a0: cmn w0, #0x1
0.00 : 663a4: b.eq 66438 <__getdelim@@GLIBC_2.17+0x2b8> // b.none
0.00 : 663a8: ldp x27, x19, [x20, #8]
0.00 : 663ac: sub x19, x19, x27
0.00 : 663b0: b 66254 <__getdelim@@GLIBC_2.17+0xd4>
0.00 : 663b4: nop
0.00 : 663b8: str xzr, [x0, #8]
0.00 : 663bc: ldxr w2, [x0]
0.00 : 663c0: stlxr w3, w1, [x0]
0.00 : 663c4: cbnz w3, 663bc <__getdelim@@GLIBC_2.17+0x23c>
0.00 : 663c8: cmp w2, #0x1
0.00 : 663cc: b.le 66340 <__getdelim@@GLIBC_2.17+0x1c0>
0.00 : 663d0: mov x1, #0x81 // #129
0.00 : 663d4: mov x2, #0x1 // #1
0.00 : 663d8: mov x3, #0x0 // #0
0.00 : 663dc: mov x8, #0x62 // #98
0.00 : 663e0: svc #0x0
0.00 : 663e4: ldp x20, x21, [x29, #24]
0.00 : 663e8: ldp x22, x23, [x29, #40]
0.00 : 663ec: b 66370 <__getdelim@@GLIBC_2.17+0x1f0>
0.00 : 663f0: ldr w2, [x0, #4]
0.00 : 663f4: add w2, w2, #0x1
0.00 : 663f8: str w2, [x0, #4]
0.00 : 663fc: tbz w1, #5, 66214 <__getdelim@@GLIBC_2.17+0x94>
0.00 : 66400: mov x24, #0xffffffffffffffff // #-1
0.00 : 66404: ldr x19, [x29, #16]
0.00 : 66408: b 66330 <__getdelim@@GLIBC_2.17+0x1b0>
0.00 : 6640c: nop
0.00 : 66410: ldr x0, [x21]
0.00 : 66414: strb wzr, [x0, x24]
0.00 : 66418: ldr w1, [x20]
0.00 : 6641c: ldr x19, [x29, #16]
0.00 : 66420: b 66328 <__getdelim@@GLIBC_2.17+0x1a8>
0.00 : 66424: nop
0.00 : 66428: mov x24, #0xffffffffffffffff // #-1
0.00 : 6642c: ldr w1, [x20]
0.00 : 66430: b 66328 <__getdelim@@GLIBC_2.17+0x1a8>
0.00 : 66434: nop
0.00 : 66438: mov x24, #0xffffffffffffffff // #-1
0.00 : 6643c: ldr w1, [x20]
0.00 : 66440: ldr x19, [x29, #16]
0.00 : 66444: b 66328 <__getdelim@@GLIBC_2.17+0x1a8>
0.00 : 66448: bl e3ba0 <pthread_setcanceltype@@GLIBC_2.17+0x30>
0.00 : 6644c: b 661f8 <__getdelim@@GLIBC_2.17+0x78>
0.00 : 66450: adrp x0, 17f000 <sys_sigabbrev@@GLIBC_2.17+0x320>
0.00 : 66454: ldr x0, [x0, #3624]
0.00 : 66458: mrs x1, tpidr_el0
0.00 : 6645c: mov w2, #0x16 // #22
0.00 : 66460: mov x24, #0xffffffffffffffff // #-1
0.00 : 66464: str w2, [x1, x0]
0.00 : 66468: b 66370 <__getdelim@@GLIBC_2.17+0x1f0>
0.00 : 6646c: ldr w1, [x20]
0.00 : 66470: mov x4, x0
0.00 : 66474: tbnz w1, #15, 6648c <__getdelim@@GLIBC_2.17+0x30c>
0.00 : 66478: ldr x0, [x20, #136]
0.00 : 6647c: ldr w1, [x0, #4]
0.00 : 66480: sub w1, w1, #0x1
0.00 : 66484: str w1, [x0, #4]
0.00 : 66488: cbz w1, 66494 <__getdelim@@GLIBC_2.17+0x314>
0.00 : 6648c: mov x0, x4
0.00 : 66490: bl 20e40 <gnu_get_libc_version@@GLIBC_2.17+0x130>
0.00 : 66494: str xzr, [x0, #8]
0.00 : 66498: ldxr w2, [x0]
0.00 : 6649c: stlxr w3, w1, [x0]
0.00 : 664a0: cbnz w3, 66498 <__getdelim@@GLIBC_2.17+0x318>
0.00 : 664a4: cmp w2, #0x1
0.00 : 664a8: b.le 6648c <__getdelim@@GLIBC_2.17+0x30c>
0.00 : 664ac: mov x1, #0x81 // #129
0.00 : 664b0: mov x2, #0x1 // #1
0.00 : 664b4: mov x3, #0x0 // #0
0.00 : 664b8: mov x8, #0x62 // #98
0.00 : 664bc: svc #0x0
0.00 : 664c0: b 6648c <__getdelim@@GLIBC_2.17+0x30c>
Signed-off-by: Yang Jihong <yangjihong1@huawei.com>
Tested-by: Leo Yan <leo.yan@linaro.org>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Link: http://lore.kernel.org/lkml/20210615091704.259202-1-yangjihong1@huawei.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
pull bot
pushed a commit
that referenced
this pull request
Nov 18, 2021
…fails Check for a valid hv_vp_index array prior to derefencing hv_vp_index when setting Hyper-V's TSC change callback. If Hyper-V setup failed in hyperv_init(), the kernel will still report that it's running under Hyper-V, but will have silently disabled nearly all functionality. BUG: kernel NULL pointer dereference, address: 0000000000000010 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] SMP CPU: 4 PID: 1 Comm: swapper/0 Not tainted 5.15.0-rc2+ #75 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 RIP: 0010:set_hv_tscchange_cb+0x15/0xa0 Code: <8b> 04 82 8b 15 12 17 85 01 48 c1 e0 20 48 0d ee 00 01 00 f6 c6 08 ... Call Trace: kvm_arch_init+0x17c/0x280 kvm_init+0x31/0x330 vmx_init+0xba/0x13a do_one_initcall+0x41/0x1c0 kernel_init_freeable+0x1f2/0x23b kernel_init+0x16/0x120 ret_from_fork+0x22/0x30 Fixes: 9328626 ("x86/hyperv: Reenlightenment notifications support") Cc: stable@vger.kernel.org Cc: Vitaly Kuznetsov <vkuznets@redhat.com> Signed-off-by: Sean Christopherson <seanjc@google.com> Reviewed-by: Vitaly Kuznetsov <vkuznets@redhat.com> Link: https://lore.kernel.org/r/20211104182239.1302956-2-seanjc@google.com Signed-off-by: Wei Liu <wei.liu@kernel.org>
pull bot
pushed a commit
that referenced
this pull request
Dec 9, 2022
Syzkaller reports a NULL deref bug as follows: BUG: KASAN: null-ptr-deref in io_tctx_exit_cb+0x53/0xd3 Read of size 4 at addr 0000000000000138 by task file1/1955 CPU: 1 PID: 1955 Comm: file1 Not tainted 6.1.0-rc7-00103-gef4d3ea40565 #75 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0xcd/0x134 ? io_tctx_exit_cb+0x53/0xd3 kasan_report+0xbb/0x1f0 ? io_tctx_exit_cb+0x53/0xd3 kasan_check_range+0x140/0x190 io_tctx_exit_cb+0x53/0xd3 task_work_run+0x164/0x250 ? task_work_cancel+0x30/0x30 get_signal+0x1c3/0x2440 ? lock_downgrade+0x6e0/0x6e0 ? lock_downgrade+0x6e0/0x6e0 ? exit_signals+0x8b0/0x8b0 ? do_raw_read_unlock+0x3b/0x70 ? do_raw_spin_unlock+0x50/0x230 arch_do_signal_or_restart+0x82/0x2470 ? kmem_cache_free+0x260/0x4b0 ? putname+0xfe/0x140 ? get_sigframe_size+0x10/0x10 ? do_execveat_common.isra.0+0x226/0x710 ? lockdep_hardirqs_on+0x79/0x100 ? putname+0xfe/0x140 ? do_execveat_common.isra.0+0x238/0x710 exit_to_user_mode_prepare+0x15f/0x250 syscall_exit_to_user_mode+0x19/0x50 do_syscall_64+0x42/0xb0 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0023:0x0 Code: Unable to access opcode bytes at 0xffffffffffffffd6. RSP: 002b:00000000fffb7790 EFLAGS: 00000200 ORIG_RAX: 000000000000000b RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 </TASK> Kernel panic - not syncing: panic_on_warn set ... This happens because the adding of task_work from io_ring_exit_work() isn't synchronized with canceling all work items from eg exec. The execution of the two are ordered in that they are both run by the task itself, but if io_tctx_exit_cb() is queued while we're canceling all work items off exec AND gets executed when the task exits to userspace rather than in the main loop in io_uring_cancel_generic(), then we can find current->io_uring == NULL and hit the above crash. It's safe to add this NULL check here, because the execution of the two paths are done by the task itself. Cc: stable@vger.kernel.org Fixes: d56d938 ("io_uring: do ctx initiated file note removal") Reported-by: syzkaller <syzkaller@googlegroups.com> Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com> Link: https://lore.kernel.org/r/20221206093833.3812138-1-harshit.m.mogalapalli@oracle.com [axboe: add code comment and also put an explanation in the commit msg] Signed-off-by: Jens Axboe <axboe@kernel.dk>
pull bot
pushed a commit
that referenced
this pull request
Sep 8, 2023
With latest clang18, I hit test_progs failures for the following test: #13/2 bpf_cookie/multi_kprobe_link_api:FAIL #13/3 bpf_cookie/multi_kprobe_attach_api:FAIL #13 bpf_cookie:FAIL #75 fentry_fexit:FAIL #76/1 fentry_test/fentry:FAIL #76 fentry_test:FAIL #80/1 fexit_test/fexit:FAIL #80 fexit_test:FAIL #110/1 kprobe_multi_test/skel_api:FAIL #110/2 kprobe_multi_test/link_api_addrs:FAIL #110/3 kprobe_multi_test/link_api_syms:FAIL #110/4 kprobe_multi_test/attach_api_pattern:FAIL #110/5 kprobe_multi_test/attach_api_addrs:FAIL #110/6 kprobe_multi_test/attach_api_syms:FAIL #110 kprobe_multi_test:FAIL For example, for #13/2, the error messages are: [...] kprobe_multi_test_run:FAIL:kprobe_test7_result unexpected kprobe_test7_result: actual 0 != expected 1 [...] kprobe_multi_test_run:FAIL:kretprobe_test7_result unexpected kretprobe_test7_result: actual 0 != expected 1 clang17 does not have this issue. Further investigation shows that kernel func bpf_fentry_test7(), used in the above tests, is inlined by the compiler although it is marked as noinline. int noinline bpf_fentry_test7(struct bpf_fentry_test_t *arg) { return (long)arg; } It is known that for simple functions like the above (e.g. just returning a constant or an input argument), the clang compiler may still do inlining for a noinline function. Adding 'asm volatile ("")' in the beginning of the bpf_fentry_test7() can prevent inlining. Signed-off-by: Yonghong Song <yonghong.song@linux.dev> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Tested-by: Eduard Zingerman <eddyz87@gmail.com> Link: https://lore.kernel.org/bpf/20230826200843.2210074-1-yonghong.song@linux.dev
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]. Want to support this open source service? Please star it : )