1. 25 7月, 2018 2 次提交
    • M
      perf/core: Fix crash when using HW tracing kernel filters · 7f635ff1
      Mathieu Poirier 提交于
      In function perf_event_parse_addr_filter(), the path::dentry of each struct
      perf_addr_filter is left unassigned (as it should be) when the pattern
      being parsed is related to kernel space.  But in function
      perf_addr_filter_match() the same dentries are given to d_inode() where
      the value is not expected to be NULL, resulting in the following splat:
      
        Unable to handle kernel NULL pointer dereference at virtual address 0000000000000058
        pc : perf_event_mmap+0x2fc/0x5a0
        lr : perf_event_mmap+0x2c8/0x5a0
        Process uname (pid: 2860, stack limit = 0x000000001cbcca37)
        Call trace:
         perf_event_mmap+0x2fc/0x5a0
         mmap_region+0x124/0x570
         do_mmap+0x344/0x4f8
         vm_mmap_pgoff+0xe4/0x110
         vm_mmap+0x2c/0x40
         elf_map+0x60/0x108
         load_elf_binary+0x450/0x12c4
         search_binary_handler+0x90/0x290
         __do_execve_file.isra.13+0x6e4/0x858
         sys_execve+0x3c/0x50
         el0_svc_naked+0x30/0x34
      
      This patch is fixing the problem by introducing a new check in function
      perf_addr_filter_match() to see if the filter's dentry is NULL.
      Signed-off-by: NMathieu Poirier <mathieu.poirier@linaro.org>
      Signed-off-by: NPeter Zijlstra (Intel) <peterz@infradead.org>
      Acked-by: NAlexander Shishkin <alexander.shishkin@linux.intel.com>
      Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
      Cc: Jiri Olsa <jolsa@redhat.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Stephane Eranian <eranian@google.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Vince Weaver <vincent.weaver@maine.edu>
      Cc: acme@kernel.org
      Cc: miklos@szeredi.hu
      Cc: namhyung@kernel.org
      Cc: songliubraving@fb.com
      Fixes: 9511bce9 ("perf/core: Fix bad use of igrab()")
      Link: http://lkml.kernel.org/r/1531782831-1186-1-git-send-email-mathieu.poirier@linaro.orgSigned-off-by: NIngo Molnar <mingo@kernel.org>
      7f635ff1
    • P
      perf/x86/intel: Fix unwind errors from PEBS entries (mk-II) · 6cbc304f
      Peter Zijlstra 提交于
      Vince reported the perf_fuzzer giving various unwinder warnings and
      Josh reported:
      
      > Deja vu.  Most of these are related to perf PEBS, similar to the
      > following issue:
      >
      >   b8000586 ("perf/x86/intel: Cure bogus unwind from PEBS entries")
      >
      > This is basically the ORC version of that.  setup_pebs_sample_data() is
      > assembling a franken-pt_regs which ORC isn't happy about.  RIP is
      > inconsistent with some of the other registers (like RSP and RBP).
      
      And where the previous unwinder only needed BP,SP ORC also requires
      IP. But we cannot spoof IP because then the sample will get displaced,
      entirely negating the point of PEBS.
      
      So cure the whole thing differently by doing the unwind early; this
      does however require a means to communicate we did the unwind early.
      We (ab)use an unused sample_type bit for this, which we set on events
      that fill out the data->callchain before the normal
      perf_prepare_sample().
      Debugged-by: NJosh Poimboeuf <jpoimboe@redhat.com>
      Reported-by: NVince Weaver <vincent.weaver@maine.edu>
      Tested-by: NJosh Poimboeuf <jpoimboe@redhat.com>
      Tested-by: NPrashant Bhole <bhole_prashant_q7@lab.ntt.co.jp>
      Signed-off-by: NPeter Zijlstra (Intel) <peterz@infradead.org>
      Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
      Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
      Cc: Jiri Olsa <jolsa@redhat.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Stephane Eranian <eranian@google.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Signed-off-by: NIngo Molnar <mingo@kernel.org>
      6cbc304f
  2. 24 7月, 2018 2 次提交
    • A
      MAINTAINERS: Add Naveen N. Rao as kprobes co-maintainer · 4799f685
      Ananth N Mavinakayanahalli 提交于
      Naveen has been contributing consistently reviewing and hardening
      kprobes for some time now. I have not been able to do the same due
      to other commitments.
      Signed-off-by: NAnanth N Mavinakayanahalli <ananth@linux.vnet.ibm.com>
      Cc: Naveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com>
      Cc: "David S. Miller" <davem@davemloft.net>
      Cc: Masami Hiramatsu <mhiramat@kernel.org>
      Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Jiri Olsa <jolsa@redhat.com>
      Cc: akpm@linux-foundation.org
      Cc: mhiramat@kernel.org
      Link: http://lkml.kernel.org/r/153180735790.1914.15547706781664285286.stgit@thinktuxSigned-off-by: NIngo Molnar <mingo@kernel.org>
      4799f685
    • T
      perf/x86/amd/ibs: Don't access non-started event · d2753e6b
      Thomas Gleixner 提交于
      Paul Menzel reported the following bug:
      
      > Enabling the undefined behavior sanitizer and building GNU/Linux 4.18-rc5+
      > (with some unrelated commits) with GCC 8.1.0 from Debian Sid/unstable, the
      > warning below is shown.
      >
      > > [    2.111913]
      > > ================================================================================
      > > [    2.111917] UBSAN: Undefined behaviour in arch/x86/events/amd/ibs.c:582:24
      > > [    2.111919] member access within null pointer of type 'struct perf_event'
      > > [    2.111926] CPU: 0 PID: 144 Comm: udevadm Not tainted 4.18.0-rc5-00316-g4864b68cedf2 #104
      > > [    2.111928] Hardware name: ASROCK E350M1/E350M1, BIOS TIMELESS 01/01/1970
      > > [    2.111930] Call Trace:
      > > [    2.111943]  dump_stack+0x55/0x89
      > > [    2.111949]  ubsan_epilogue+0xb/0x33
      > > [    2.111953]  handle_null_ptr_deref+0x7f/0x90
      > > [    2.111958]  __ubsan_handle_type_mismatch_v1+0x55/0x60
      > > [    2.111964]  perf_ibs_handle_irq+0x596/0x620
      
      The code dereferences event before checking the STARTED bit. Patch
      below should cure the issue.
      
      The warning should not trigger, if I analyzed the thing correctly.
      (And Paul's testing confirms this.)
      Reported-by: NPaul Menzel <pmenzel@molgen.mpg.de>
      Tested-by: NPaul Menzel <pmenzel@molgen.mpg.de>
      Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
      Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
      Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Jiri Olsa <jolsa@redhat.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Paul Menzel <pmenzel+linux-x86@molgen.mpg.de>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Stephane Eranian <eranian@google.com>
      Cc: Vince Weaver <vincent.weaver@maine.edu>
      Link: http://lkml.kernel.org/r/alpine.DEB.2.21.1807200958390.1580@nanos.tec.linutronix.deSigned-off-by: NIngo Molnar <mingo@kernel.org>
      d2753e6b
  3. 23 7月, 2018 4 次提交
    • L
      Linux 4.18-rc6 · d72e90f3
      Linus Torvalds 提交于
      d72e90f3
    • L
      Merge tag 'nvme-for-4.18' of git://git.infradead.org/nvme · 74413084
      Linus Torvalds 提交于
      Pull NVMe fixes from Christoph Hellwig:
      
       - fix a regression in 4.18 that causes a memory leak on probe failure
         (Keith Bush)
      
       - fix a deadlock in the passthrough ioctl code (Scott Bauer)
      
       - don't enable AENs if not supported (Weiping Zhang)
      
       - fix an old regression in metadata handling in the passthrough ioctl
         code (Roland Dreier)
      
      * tag 'nvme-for-4.18' of git://git.infradead.org/nvme:
        nvme: fix handling of metadata_len for NVME_IOCTL_IO_CMD
        nvme: don't enable AEN if not supported
        nvme: ensure forward progress during Admin passthru
        nvme-pci: fix memory leak on probe failure
      74413084
    • L
      Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · 165ea0d1
      Linus Torvalds 提交于
      Pull vfs fixes from Al Viro:
       "Fix several places that screw up cleanups after failures halfway
        through opening a file (one open-coding filp_clone_open() and getting
        it wrong, two misusing alloc_file()). That part is -stable fodder from
        the 'work.open' branch.
      
        And Christoph's regression fix for uapi breakage in aio series;
        include/uapi/linux/aio_abi.h shouldn't be pulling in the kernel
        definition of sigset_t, the reason for doing so in the first place had
        been bogus - there's no need to expose struct __aio_sigset in
        aio_abi.h at all"
      
      * 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
        aio: don't expose __aio_sigset in uapi
        ocxlflash_getfile(): fix double-iput() on alloc_file() failures
        cxl_getfile(): fix double-iput() on alloc_file() failures
        drm_mode_create_lease_ioctl(): fix open-coded filp_clone_open()
      165ea0d1
    • A
      alpha: fix osf_wait4() breakage · f88a333b
      Al Viro 提交于
      kernel_wait4() expects a userland address for status - it's only
      rusage that goes as a kernel one (and needs a copyout afterwards)
      
      [ Also, fix the prototype of kernel_wait4() to have that __user
        annotation   - Linus ]
      
      Fixes: 92ebce5a ("osf_wait4: switch to kernel_wait4()")
      Cc: stable@kernel.org # v4.13+
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      f88a333b
  4. 22 7月, 2018 16 次提交
  5. 21 7月, 2018 10 次提交
  6. 20 7月, 2018 6 次提交